Serge Hallyn [Sun, 31 Jan 2016 15:33:30 +0000 (16:33 +0100)]
cgfs: always handle named subsystems by default
Previously, name= controllers would be handled if lxc.cgroup.use=@all,
but not if lxc.cgroup.use was unspecified. Change that, since you cannot
run systemd in a container without it.
Fix message after {fedora|centos}container creation
If the backingstore is not 'dir', then lxc shouldn't ask the user
to change the password by performing a 'chroot'. Rather, the user
should start, attach, use the passwd command, and then stop the
container.
Serge Hallyn [Thu, 14 Jan 2016 07:48:57 +0000 (07:48 +0000)]
fork off a task to delete ovs ports when done
The new task waits until the container is STOPPED, then asks
openvswitch to delete the port.
This requires two new arguements to be sent to lxc-user-nic.
Since lxc-user-nic ships with lxc, this shouldn't be a problem.
Finally when calling lxc-user-nic, use execlp insteac of execvp
to preserve lxcpath's const-ness. Technically we are
guaranteed that execvp won't change the args, but it's worth
it to silence the warnings (and not hide real errors).
With this patch, container nics are cleaned up from openvswitch
bridges on shutdown.
- With the -g/--groups argument the user can give a comma-separated list of
groups MUST a container must have in order to be displayed. We receive
this list as a single string. ls_has_all_grps() is called to check if a
container has all the groups of MUST in its current list of groups HAS. I.e.
we determine whether MUST ⊆ HAS and only then do we record the container.
The original implementation was dumb in that it split the string MUST
everytime it needed to check whether MUST ⊆ HAS for a given container. That's
pointless work. Instead we split the string MUST only once in main() and pass
it to ls_get() which passes it along to ls_has_all_grps().
- Before doing any costly checking make sure that #MUST <= #HAS. If not bail
immediately.
- The linear search algorithm ls_has_all_grps() currently uses stays for now.
Binary search et al. do not seem to make sense since sorting the array HAS
for each container is probably too costly. Especially, since it seems
unlikely that a users specifies 50+ or so groups on the command line a
container must have to be displayed. If however there are a lot of use-cases
where users have a lot of containers each with 50-100 groups and regularly use
lxc-ls with -g/--groups to only show containers that have 50 specified groups
among their 50-100 groups we can revisit this issue and implement e.g. binary
search or a ternary search tree.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
In the Python implementation users could pass a regex without a parameter flag
as additional argument on the command line. The C implementation gained the
flag -r/--regex for this. To not irritate users we restore the old behaviour
and additionally rename -r/--regex to --filter to allow eplicitly passing the
regex.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
- If lxc_container_new() fails we check for ENOMEM and if so goto out. If
ENOMEM is not set we will simply continue. The same goes for the call to
regcomp() but instead of checking for ENOMEM we need to check for REG_ESPACE.
- Tweaking: Since lxc-ls might have to gather a lot of containers and I don't
know if compilers will always optimize this let's move *some* variable
declarations outside of the loop when it does not hinder readability
- Set ls_nesting to 0 initially. Otherwise users will always see nested
containers printed.
- ls_get() gains an argument char **lockpath which is a string pointing us to
the lock we put under /run/lxc/lock/.../... so that we can remove the lock
when we no longer need it. To avoid pointless memory allocation in each new
recursion level we share lockpath amongst all non-fork()ing recursive call to
ls_get(). As it is not guaranteed that realloc() does not do any memory
moving when newlen == len_lockpath, we give ls_get() an additional argument
size_t len_lockpath). Every time we have a non-fork()ing recursive call to
ls_get() we check if newlen > len_lockpath and only then do we
realloc(*lockpath, newlen * 2) a reasonable chunk of memory (as the path will
keep growing) and set len_lockpath = newlen * 2 to pass to the next
non-fork()ing recursive call to ls_get().
To avoid keeping a variable char *lockpath in main() which serves no purpose
whatsoever and might be abused later we use a compound literal
&(char *){NULL} which gives us an anonymous pointer which we can use for
memory allocation in ls_get() for lockpath. We can conveniently free() it in
ls_get() when the nesting level parameter lvl == 0 after exiting the loop.
The advantage is that the variable is only accessible within ls_get() and not
in main() while at the same time giving us an easy way to share lockpath
amongst all non-fork()ing recursive calls to ls_get().
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
In the Python implementation users could pass a regex without a parameter flag
as additional argument on the command line. The C implementation gained the
flag -r/--regex for this. To not irritate users we restore the old behaviour
and additionally rename -r/--regex to --filter to allow eplicitly passing the
regex.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
- If lxc_container_new() fails we check for ENOMEM and if so goto out. If
ENOMEM is not set we will simply continue. The same goes for the call to
regcomp() but instead of checking for ENOMEM we need to check for REG_ESPACE.
- Tweaking: Since lxc-ls might have to gather a lot of containers and I don't
know if compilers will always optimize this, let's move *some* variable
declarations outside of the loop when it does not hinder readability.
- Set ls_nesting to 0 initially. Otherwise users will always see nested
containers printed.
- ls_get() gains an argument char **lockpath which is a string pointing us to
the lock we put under /run/lxc/lock/.../... so that we can remove the lock
when we no longer need it. To avoid pointless memory allocation in each new
recursion level, we share lockpath amongst all non-fork()ing recursive calls
to ls_get(). As it is not guaranteed that realloc() does not do any memory
moving when newlen == len_lockpath, we give ls_get() an additional argument
size_t len_lockpath). Every time we have a non-fork()ing recursive call to
ls_get() we check if newlen > len_lockpath and only then do we
realloc(*lockpath, newlen * 2) a reasonable chunk of memory (as the path will
keep growing) and set len_lockpath = newlen * 2 to pass to the next
non-fork()ing recursive call to ls_get().
To avoid keeping a variable char *lockpath in main() which serves no purpose
whatsoever and might be abused later we use a compound literal
&(char *){NULL} which gives us an anonymous pointer. This pointer we can use
for memory allocation in ls_get() for lockpath. We can conveniently free() it
in ls_get() when the nesting level parameter lvl == 0 after exiting the loop.
The advantage is that the variable is only accessible within ls_get() and not
in main() while at the same time giving us an easy way to share lockpath
amongst all non-fork()ing recursive calls to ls_get().
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Do it in a safe way by using strstr() to check for the substring ":/" should
':' be part of a pathname. This should be a safer implementation than the one
originally suggested in #547.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
mount_proc_if_needed: only safe mount when rootfs is defined
The safe_mount function was introduced in order to address CVE-2015-1335,
one of the vulnerabilities being a mount with a symlink for the
destination path. In scenarios such as lxc-execute with no rootfs, the
destination path is the host /proc, which is previously mounted by the
host, and is unmounted and mounted again in a new set of namespaces,
therefore eliminating the need to check for it being a symlink.
Mount the rootfs normally if the rootfs is NULL, keep the safe mount
only for scenarios where a different rootfs is defined.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
- explain new numeric argument to --nesting
- include common options as lxc-ls now uses the standard lxc parser
- add history section and update authors
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Thomas Tanaka [Thu, 14 Jan 2016 22:42:31 +0000 (14:42 -0800)]
Fix btrfs bus error on sparc on snapshot delete
The following patch fixes memory alignment and endianness
issue while doing a snapshot deletion with btrfs as a
backing store on platform such as sparc.
The implementation is taken from btrfs-progs.
Changes since v1:
- include <byteswap.h> for bswap definition
- include defined function name as a comment above BTRFS_SETGET_STACK_FUNCS
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
lxc-ls: try to protect stack in recursive function
As ls_get() is non-tail recursive we face the inherent danger of blowing up the
stack at some level of nesting. To have at least some security we define
MAX_NESTLVL to be 5. That should be sufficient for most users. The argument lvl
to ls_get() can be used to keep track of the level of nesting we are at. If lvl
is greater than the allowed default level return (without error) and unwind the
stack.
--nesting gains an optional numeric argument. This allows the user to specify
the maximum level of nesting she/he wants to see. Fair warning: If your nesting
level is really deep and/or you have a lot of containers your might run into
trouble.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
lxc_setup_fs: Create /dev/shm folder if it doesn't exist
When running application containers with lxc-execute, /dev is
populated only with device entries. Since /dev is a tmpfs mount in
the container environment, the /dev/shm folder not being present is not
a sufficient reason for the /dev/shm mount to fail.
Create the /dev/shm directory if not present.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
open_without_symlink: Account when prefix is empty string
In the current implementation, the open_without_symlink function
will default to opening the root mount only if the passed rootfs
prefix is null. It doesn't account for the case where this prefix
is passed as an empty string.
Properly handle this second case as well.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 13 Jan 2016 18:05:18 +0000 (10:05 -0800)]
cgmanager: drop the cgm_supports_multiple_controllers bool
What we want is to make sure we dont' use controller 'all' if cgmanager
doesn't support, if all our cgroups aren't the same, or if we cannot
controll all our cgroups. We were mixing some of these conditions. Use
cgm_all_controllers_same for all. (Might want to rename it, but we want
to stick with just one).
This is a reimplementation of lxc-ls in C. It supports all features previously
supported by lxc-ls.
- All flags and parameters have the same name as before except when the user
specifies a regex to filter container names by. In the previous Python
implementation the regex was passed without paramter flag. The new
C-implementation has the parameter flag -r/--regex for this.
- Since we fork in lxc_attach() we need some form of IPC. Opening shared memory
in the parent (mmap()) seems to be impractical since we don't know the size
of the mapping beforehand. The other option is to open shared memory in the
child and then to attach the parent to it but then we would need to resort to
shm_open() or shmget(). Instead we go for a socketpair() here and wait for
the child.
- Note that we call lxc_attach() and pass ls_get() as exec function to it (To
be even more specific: We do not pass ls_get() directly but rather a wrapper
function for ls_get() which receives a few arguments to enable the
communication between child and parent.). This implementation has the
advantage that we do not depend on any lxc executables being present in the
container. The gist in code:
ls_get()
{
/* Gather all relevant information */
/* get nested containers */
if (args->ls_nested && running) {
/* set up some more stuff */
/*
* execute ls_get() in namespace of the container to
* get nested containers
*/
c->attach(c, ls_get_wrapper, &wrapargs, &aopt, &out)
/* do some cleaning up */
}
}
- When the user requests listing of nested containers without fancy-format
enabled we want him to easily recognize which container is nested in which.
So in this case we do not simply record the name but rather the name
prepended with all the parents of the container:
grand-grand-parent/grand-parent/parent/child
- Pretty-printing nested containers: Any call to list_*_containers() will
return a sorted array of container names. Furthermore, the recursive
implementation of lxc_ls() will automatically put the containers in the
correct order regarding their nesting. That is if we have the following
nesting:
A
A --> S
A --> T --> O
A --> T --> O --> L
A --> T --> O --> M
A --> U
A --> U --> P
A --> U --> Q
B
The array ls_get() will set up looks like this:
A S T O L M U P Q B
Hence, we only need to keep an additional variable nestlvl to indicate the
nesting level a container is at and use that to compute (a) the maximum field
width we need to print out the container names and (b) to correctly indent
each container according to its nesting level when printing it.
- add comments to make the ls_get() function more accessible
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
becomes static. It is called from nowhere else so far and never appeared in any
header.
Minor changes
- Avoid comparisons between int and size_t types. Use size_t where
possible else cast to size_t when it makes sense.
- insert missing spaces between operators
- put declarations for all static functions at the top
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
move from bdev.c to lxclvm.{c,h}. All functions previously declared as static
become public.
Adapt Makefile.am to include lxclvm.{c,h}.
The function:
- mount_unknown_fs();
becomes public.
Rationale: It is already called from different places and will be called by lvm,
and rdb. Also, it is defined twice exactly the same way. Once in conf.c
and once in bdev.c. Let's avoid that.
Defining the same function twice in different places just asks for
trouble.
become public as they will be called for loop, lvm, and or rdb.
Move the definition of:
- DEFAULT_FS_SIZE
- DEFAULT_FSTYPE
from bdev.c to bdev.h to grant other modules access to it.
Remove:
- find_fstype_cb();
from conf.c. It is defined static in bdev.c
Put:
- #define __STDC_FORMAT_MACROS
and include:
- #include <inttypes.h>
in lxclvm.c so that the format specifier PRIu64 is available.
The structs:
- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */
are forward declared/put as incomplete types into lxclvm.h as the functions
associated with lvm need access to it.
Take the chance to restructure bdev.c:
- put bdev structs which have already been split out into separate
modules at the top
- put declarations of all static functions at the top (This includes
all functions associated with modules that have not yet already been
put into a separate module.)
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Serge Hallyn [Tue, 12 Jan 2016 02:25:19 +0000 (18:25 -0800)]
Set the right variable to NULL when unsetting ipv6_gateway
We were freeing one and setting a different one to NULL, eventually
leading to a crash when closing the netdev (at container shutdown)
and freeing already-freed memory.
Peter Simons [Sat, 2 Jan 2016 16:53:07 +0000 (17:53 +0100)]
bash completion: the 'have' command was deprecated in favor of '_have'
`bash-completion` version 2.1 and later no longer include the `have` command,
and consequently the `lxc` competion file fails on such systems. The command is
now called `_have`.
projects / mirror_lxc.git / log