pty logging only works correctly when stdout and stderr refer to a pty. If they
do not, we do not dup2() them and lxc_console_cb_con() will never write to the
corresponding log file descriptor.
When redirection on stdout and stderr is used we can safely assume that the user
is already logging to a file or /dev/null and creating an additional pty log
doesn't seem to make sense.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
nicer date format and support for SOURCE_DATE_EPOCH in LXC_GENERATE_DATE
Using $(date) for LXC_GENERATE_DATE has various flaws:
* formating depends on the locale of the system we execute configure on
* the output is not really a date but more a timestamp
Let's use $(date --utc '+%Y-%m-%d') instead.
While at it, also support SOURCE_DATE_EPOCH [1] to make the build
reproducible
The current tests for lxc-attach pty allocation and I/O redirection rely on the
standard file descriptors of the test script to refer to a pty. If they do not
the tests are effectively useless with respect to pty allocation. We need a test
environment with the standard file descriptors refering to a pty as well. One
solution is to run this test under the script command.
This commit also adds a test whether pty logging works. This test is only
executed when all standard file descriptors refer to a pty.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
cgfsng: defer to cgfs if needed subsystems are not available
This requires us to check that at cgfsng_ops_init, rather than
cgfs_init. Cache the hierarchy and cgroup.use info globally
rather than putting it into the per-container info, as cgmanager
does. This is ok as both cgroup.use and the list of usable
hierarchies are in fact global to a lxc run.
lxc-attach allocated a pty in a manner that relied on ts->stdinfd and
ts->stdoutfd to be set. We had to resort to a trick to get it working when
output is redirected. The new implementation gets rid of the black magic and
also simplifies the code.
This commit also implements pty logging for lxc-attach. Users will now be able
to log commands and corresponding output to a file given that lxc-attach
allocates a pty.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc_console_create() calls lxc_console_peer_default() which in turn calls
lxc_console_sigwinch_init() which sets up the lxc_tty_state struct for the
current pty. Prior to this commit lxc_console_sigwinch_init() would consider
failures to install a SIGWINCH handler fatal and and return NULL. This commit
makes failures to install a SIGWINCH handler non-fatal. In such cases the
lxc_tty_state struct will still be set up but the sigfd member, which contains
the fd which receives SIGWINCH events, will be set to -1. (This also entails
that the sigset_t oldmaks field is meaningless.) Callers of
lxc_console_sigwinch_init() and lxc_console_sigwinch_fini() should thus make
sure that sigfd >= 0 or sigfd != -1 before trying to register a SIGWINCH handler
in e.g. an lxc_mainloop or resetting the sigmask (cf. lxc_attach.c).
These changes also imply that lxc_console_sigwinch_init() only fails with
ENOMEM. Thus, all cases where lxc_console_sigwinch_init() returns NULL are to be
considered fatal. This wasn't the case before this commit.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
All uses of netlink_open() assume that on error the
nl_handler doesn't need to be closed, but some error cases
happen after the socket was opened successfully and used to
simply return -errno.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Since specifying lxc.rootfs.backend can lead to performance improvements we
always set it during container creation.
This also fixes a bug. do_bdev_create() tried to be smart and retrieve the lower
directory when bdev->type == overlayfs or aufs thereby cutting the path.
However, this operation is done in ovl_mount() and aufs_mount() and both
functions need the full src path for this. The bug didn't show before because
when creating a overlayfs container with e.g.:
lxc-create -n c -t busybox -B overlayfs
still left bdev->type set to dir and so the code for retrieving the lower dir in
do_bdev_create() was skipped. But by setting lxc.rootfs.backend on container
creation we force bdev->type to be set to e.g. overlayfs and the code gets
executed thereby exposing the bug.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
A change in kernel 4.2 caused btrfs_recursive_destroy to
fail to delete unprivileged containers. This patch restores
the pre-kernel-4.2 behaviour. Ref: Issue 935.
Niklas Eiling [Wed, 30 Mar 2016 10:32:02 +0000 (12:32 +0200)]
c/r: support for the criu pageserver
this enables lxc to perform "disk-less migrations" where memory pages are sent directly to the destination machine instead of being written to the sources filesystem first.
For this, the migrate_opts struct has been added the strings "pageserver_address" and "pageserver_port" so that criu can be told where to look for a pageserver.
Niklas Eiling [Wed, 30 Mar 2016 18:10:21 +0000 (20:10 +0200)]
fix possible buffer overflow
strncat only returns its first argument and not the end of the written string.
Thus "buf-pos" is always 0 and consquently no range check is performed.
In order to do this we make use of the MAP_FIXED flag of mmap(). MAP_FIXED
should be safe to use when it replaces an already existing mapping. To this
end, we establish an anonymous mapping that is one byte larger than the
underlying file. The pages handed to us are zero filled. Now we establish a
fixed-address mapping starting at the address we received from our anonymous
mapping and replace all bytes excluding the additional \0-byte with the file.
This allows us to use normal string-handling function. The idea implemented
here is similar to how shared libraries are mapped.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Tycho Andersen [Tue, 29 Mar 2016 00:43:20 +0000 (18:43 -0600)]
start: only use host's /dev/null when absolutely necessary
See comments for details, but basically, only use the host's /dev/null when
absolutely necessary (i.e. there is no reasonable /dev/null in the
container).
lxc-busybox: Remove warning for dynamically linked Busybox
The warning has been present since commit 32b37181ea (with no purpose stated).
Support for dynamically linked Busybox has been added since commit bf6cc73696.
Haven't encountered any issues with dynamically linked Busybox in my last
2 years' testing.