Dwight Engen [Wed, 5 Feb 2014 21:59:26 +0000 (16:59 -0500)]
split cgroup handling into discrete backends
- refactor cgroup into two backends, the classic cgfs driver and the new
cgmanager. Instead of lxc_handler knowing about the internals of each,
have it just store an opaque pointer to a struct that is private to
each backend.
- rename a couple of cgroup functions for consistency: those that are
considered an API (ie. exported by lxc.h) begin with lxc_ and those that
are not are just cgroup_*
- made as many backend routines static as possible, only cg*_ops_init is
exported
- made a nrtasks op which is needed by the utmp code for monitoring
container shutdown, currently only implemented for the cgfs backend
TAMUKI Shoichi [Thu, 6 Feb 2014 10:38:39 +0000 (19:38 +0900)]
templates: improve refusing to run unprivileged
For all templates except lxc-ubuntu-cloud and lxc-download, detect not
only --mapped-uid but also --mapped-gid and error out. Detecting will
not be done after -- parameter because of non-option parameters.
Also, change the mode of lxc-archlinux.in 100755 to 100644.
lxc.id_map bug when writing directly to /proc/pid/[ug]id_map [PATCH]
lxc.id_map bug when writing directly to /proc/pid/[ug]id_map
There's some code in src/lxc/conf.c that sets up the UID/GID mapping. It
can use the external newuidmap/newgidmap tools, or it can write to
/proc/pid/[ug]id_map directly. The latter case is broken: lines are written
without a newline (\n) at the end. This patch fixes that. Note that
I did not check if the newuidmap/newgidmap case still works. It should,
but I wasn't able to test it.
Signed-off-by: Miquel van Smoorenburg <mikevs@xs4all.net> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Feb 2014 18:03:05 +0000 (13:03 -0500)]
logging: Add lxc_log_options_no_override function
In current LXC, loglevel and logfile are write-once functions.
That behaviour was appropriate when those two were first introduced
(pre-API) but with current API, one would expect to be able to
set_config_item those multiple times.
So instead, introduce lxc_log_options_no_override which when called
turns those two config keys read-only and have all existing binaries
which use log_init call that function once they're done setting the
value requested by the user.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Feb 2014 16:16:07 +0000 (11:16 -0500)]
templates: Refuse to run unprivileged
Only the download and ubuntu-cloud templates work with unprivileged
containers, for all others, detect --mapped-uid and error out as early
as possible, recommending the use of the download template.
Harald Dunkel [Sun, 2 Feb 2014 20:33:15 +0000 (21:33 +0100)]
support a custom CentOS repository
This change introduces a flag --repo to the lxc-centos template
to allow using a local repository (e.g. a loop mounted installer
iso on your web server).
Signed-off-by: Harald Dunkel <harri@afaics.de> Acked-by: Michael H. Warfield <mhw@WittsEnd.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Mon, 3 Feb 2014 21:11:16 +0000 (15:11 -0600)]
cgmanager: have root escape to root cgroup before starting
If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1
should be started under /a/b/c/u1. However if he does
'sudo lxc-start -n u1', then that cgroup shoudl start under
/lxc/u1.
Stéphane Graber [Fri, 31 Jan 2014 13:56:55 +0000 (13:56 +0000)]
shutdown: Rework API and lxc-stop
With this change, shutdown() will no longer call stop() after the
timeout, instead it'll just return false and it's up to the caller to
then call stop() if appropriate.
This also updates the bindings, tests and other scripts.
lxc-stop is then updated to do proper option checking and use shutdown,
stop or reboot as appropriate.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 31 Jan 2014 13:03:44 +0000 (13:03 +0000)]
cgmanager: chmod the container's base directory 775
In order for attach to work, the container owner must be able to
write to the tasks file. Therefore we make the container's cgroup
owned by the container root group, but the container owner uid.
So for the container root to be allowed to create new cgroups, it
needs group write perms.
With this patch, an unprivileged container with an
lxc.mount.auto = cgroup entry entry can run the cgproxy and pass
all cgmanager tests.
Acls would have been another way to do this, but are not yet being
used/exported by cgmanager.
Serge Hallyn [Thu, 30 Jan 2014 14:18:30 +0000 (14:18 +0000)]
cgmanager: support lxc.mount.auto = cgroup
If it (or any variation thereof) is in the container configuration,
then mount /sys/fs/cgroup/cgmanager.lower (if it exists) or
/sys/fs/cgroup/cgmanager into the container so it can run a
cgproxy.
Also make sure to clear our groups when we start or attach to a
container. Else with unprivileged containers we end up with
lots of nogroups listed in /proc/1/status.
Serge Hallyn [Thu, 30 Jan 2014 12:15:32 +0000 (12:15 +0000)]
cgmanager: implement attach
The cgroupfs-specific code is moved from attach.c to cgroup.c.
lxc-cgmanager now only chgrps the container's cgroup, so that the
unprivileged user still owns the tasks file allowing him to enter
the container cgroup (for attach).
Some other changes rolled into the cgmanager update:
Make the list of subsystems not per-handler, as it will not change. As
a result, the only state we need to keep in the per-handler cgroup data
is the char *cgroup_path, so we can drop the cgm_data struct altogether.
Catch nih errors (as not doing so causes later crashes).
Stéphane Graber [Fri, 31 Jan 2014 09:34:03 +0000 (09:34 +0000)]
lxc-ubuntu-cloud: Update arm* cross
| host arch | arm64 | armhf | armel |
-------------------------------------
| arm64 | X | X | X |
| armhf | | X | X |
| armel | | X | X |
-------------------------------------
Although optional, all existing arm64 silicon supports 32bit instructions.
armel/armhf is only a userspace change, so they are interchangeable.
However armhf isn't supported on all armel platforms (e.g. armv6) but
all those we support have hard-float.
Scott Moser [Thu, 30 Jan 2014 16:21:08 +0000 (11:21 -0500)]
lxc-ubuntu-cloud: various small changes
* ppc64el images now exist and generally function.
Instead of failing because an arch isnt in the list,
let that check happen by ability to download something.
* update the hard coded ubuntu releases to know about 'trusty'
and drop no longer supported releases (consistent with behavior
when distro-info is available)
* shorten the logic that decides if host and container arch
are supported.
* support skipping "invalid arch" check entirely via undocumented
variable UCTEMPLATE_SKIP_ARCH_CHECK.
* update usage to reference 'tryreleased' as the default 'stream'
* give good error message if user tries 'released' and there
is no released version available.
Signed-off-by: Scott Moser <smoser@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:50 +0000 (14:23 +0000)]
Include config.h early for _GNU_SOURCE with uClibc
This fixes the following compile errors with uClibc:
lxc_snapshot.c: In function 'print_file':
lxc_snapshot.c:71:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &sz, f) != -1) {
^
cc1: all warnings being treated as errors
lxc_usernsexec.c: In function 'read_default_map':
lxc_usernsexec.c:181:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &sz, fin) != -1) {
^
cc1: all warnings being treated as errors
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:49 +0000 (14:23 +0000)]
Include config.h early for _GNU_SOURCE with musl libc
This fixes various compile errors when building with musl libc. For
example:
In file included from start.c:66:0:
monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
start.c: In function 'setup_signal_fd':
start.c:202:2: error: implicit declaration of function 'sigfillset' [-Werror=implicit-function-declaration]
if (sigfillset(&mask) ||
^
...
In file included from freezer.c:36:0:
monitor.h:39:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
...
In file included from cgroup.c:45:0:
conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function)
char veth1[IFNAMSIZ]; /* needed for deconf */
^
cgroup.c: In function 'find_cgroup_subsystems':
cgroup.c:230:3: error: implicit declaration of function 'strdup' [-Werror=implicit-function-declaration]
(*kernel_subsystems)[kernel_subsystems_count] = strdup(line);
^
...
In file included from conf.c:65:0:
conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function)
char veth1[IFNAMSIZ]; /* needed for deconf */
^
In file included from conf.c:66:0:
conf.c: In function 'run_buffer':
log.h:263:9: error: implicit declaration of function 'strsignal' [-Werror=implicit-function-declaration]
struct lxc_log_locinfo locinfo = LXC_LOG_LOCINFO_INIT; \
^
...
af_unix.c: In function 'lxc_abstract_unix_send_credential':
af_unix.c:208:9: error: variable 'cred' has initializer but incomplete type
struct ucred cred = {
^
af_unix.c:209:3: error: unknown field 'pid' specified in initializer
.pid = getpid(),
^
af_unix.c:209:3: error: excess elements in struct initializer [-Werror]
af_unix.c:209:3: error: (near initialization for 'cred') [-Werror]
af_unix.c:210:3: error: unknown field 'uid' specified in initializer
.uid = getuid(),
^
af_unix.c:210:3: error: excess elements in struct initializer [-Werror]
af_unix.c:210:3: error: (near initialization for 'cred') [-Werror]
af_unix.c:211:3: error: unknown field 'gid' specified in initializer
.gid = getgid(),
^
and more...
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:48 +0000 (14:23 +0000)]
Check for non-posix utmpxname in configure
utmpx.h is specified in POSIX but utmpxname is not so we check for
utmpxname in configure script.
This fixes the following compile error with musl libc:
lxcutmp.c: In function 'utmp_get_runlevel':
lxcutmp.c:249:2: error: implicit declaration of function 'utmpxname' [-Werror=implicit-function-declaration]
if (!access(path, F_OK) && !utmpxname(path))
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:47 +0000 (14:23 +0000)]
Don't include linux/if_bridge.h
Instead rely on struct ethhdr from net/ethernet.h
This fixes build error with musl libc:
In file included from /usr/include/linux/if_bridge.h:17:0,
from network.c:47:
/usr/include/linux/if_ether.h:133:8: error: redefinition of 'struct ethhdr'
struct ethhdr {
^
In file included from /usr/include/net/ethernet.h:10:0,
from network.c:42:
/usr/include/netinet/if_ether.h:93:8: note: originally defined here
struct ethhdr {
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:46 +0000 (14:23 +0000)]
Include limits.h for NAME_MAX
This fixes compile error with musl libc:
In file included from start.c:66:0:
monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:45 +0000 (14:23 +0000)]
Include strings.h for strcasecmp
This fixes the following error with musl libc:
In file included from start.c:59:0:
log.h: In function 'lxc_log_priority_to_int':
log.h:136:2: error: implicit declaration of function 'strcasecmp' [-Werror=implicit-function-declaration]
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Natanael Copa [Wed, 29 Jan 2014 14:23:43 +0000 (14:23 +0000)]
Include poll.h instead of sys/poll.h
poll.h is defined in POSIX:
http://pubs.opengroup.org/onlinepubs/009695399/functions/poll.html
This fixes a compile warning when building with musl libc:
In file included from start.c:46:0:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys
/poll.h> to <poll.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 29 Jan 2014 15:17:06 +0000 (15:17 +0000)]
userns_exec_1: catch errors in the spawned process.
lxc_map_ids can call system(3), which on error from the
spawned process returns > 0. No path should return > 0
when it meant success. So check the lxc_map_ids() value
to be != rather than just < 0.
lxc-monitord.log should not be created with mode 0666
lxc_monitord_spawn() in src/lxc/monitor.c contained "umask(0);", and
because of this, lxc-monitord created lxc-monitord.log with mode 0666.
World-writeable log files are bad, so remove this umask(0).
Serge Hallyn [Wed, 29 Jan 2014 09:40:39 +0000 (09:40 +0000)]
cgroups: adjust previous commit
Remove a memory leak on error path.
Only try to initialize cpuset if cgroup.clonechildren does not exist.
Bump the max value we read from cpuset.{cpus,mems} to 1024.
If cpuset.cpus or .mems is already initialized but is too long, don't fail.
If parent's cpuset.cpus or .mems is too long, record an error and fail.
If anyone actually runs into this, we can simply allocate the required
length as needed, but we don't expect anyone to run into this.
cgroupfs: cpuset support for kernels without cgroup.clone_children
Hi,
as promised last week, here's my patch for cpuset cgroup support for
kernels without the cgroup.clone_children feature.
My initial patch used "#include <linux/version.h>" and the macros defined
there to decide if cgroup.clone_children should be used or not. After
having seen Serge Hallyn's patch which he posted to the list last Wednesday,
where he used stat() to check if the cgroup.clone_children file is there,
I rewrote my patch to do the same.
The patch is against 1.0.0.beta3, and it is tested successfully with
RHEL-6's kernel version 2.6.32-431.3.1.el6, compiled without cgmanager
(I've so far not tried to use cgmanager in RHEL-6).
In addition to fixing the cpuset cgroup setup, this patch also fixes a
wrong argument in a call to handle_cgroup_settings() in the same context.
Robert
Signed-off-by: Robert Vogelgesang <vogel@users.sourceforge.net> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Sat, 25 Jan 2014 22:28:24 +0000 (16:28 -0600)]
lxcapi_clone: exit early on snapshot clones
If the user explicitly asks for a snapshot clone (in which
case maybe_snap is not set), we cannot abide this currently.
Rather than exit later with more cryptic error messages, exit
out early.
Serge Hallyn [Fri, 24 Jan 2014 05:56:15 +0000 (23:56 -0600)]
cgmanager: chown cgroups to the container root
After this patch, starting an unprivileged container using
cgmanager gets the cgroup chown to the container root, so
that it can install the cgmanager (proxy) and make cgroup
requests.
(Still desirable and not in this patch is the automatic setup of
/sys/fs/cgroup/manager/sock, which you can currently do with
two lxc.mount.entries)
Update CentOS and Fedora templates to support archtectures option.
Added code to the CentOS and Fedora templates so that x86 32 bit containers
may be built on x86_64 platforms. Like archectectures may also be trivially
used as well.
Option added is "-a {arch}".
Additionally cleaned up some bash specific logic.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Fri, 24 Jan 2014 04:23:24 +0000 (22:23 -0600)]
idmap_add_id: fix broken behavior
The geteuid() addition is being made the first element of the lxc_list,
but the first element is just a head whose entry is ignored. Therefore
userns_exec_1() was starting its tasks without the caller's uid mapped
into the namespace.