]>
git.proxmox.com Git - mirror_lxc.git/log
Stéphane Graber [Fri, 1 Jun 2018 17:54:31 +0000 (13:54 -0400)]
Release LXC 3.0.1
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Julien Surloppe [Fri, 1 Jun 2018 13:38:57 +0000 (15:38 +0200)]
Patch lxc-update-config
The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:
parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24
Signed-off-by: Julien Surloppe <julien@surloppe.fr>
Christian Brauner [Fri, 1 Jun 2018 09:25:14 +0000 (11:25 +0200)]
templates: fix download template
This patch fixes
commit
6e62213e0294 ("templates: actually create DOWNLOAD_TEMP directory".
To use mktemp -p correctly the directories need to exist. So call mkdir -p.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Mark Asselstine [Thu, 31 May 2018 20:21:45 +0000 (16:21 -0400)]
templates: actually create DOWNLOAD_TEMP directory
The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:
ERROR: Failed to download http://....
Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
Donghwa Jeong [Thu, 31 May 2018 11:39:46 +0000 (20:39 +0900)]
confile_utils: apply strprint()
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Thu, 31 May 2018 10:24:08 +0000 (12:24 +0200)]
tree-wide: fix mode of some files
commit
321db0260f6f ("start: fix waitpid() blocking issue") and
commit
b2a485085392 ("change defines for return value of handlers)
changed the mode of files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 31 May 2018 10:18:02 +0000 (12:18 +0200)]
start: log unknown info.si_code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Donghwa Jeong [Thu, 31 May 2018 08:58:08 +0000 (17:58 +0900)]
start: fix waitpid() blocking issue
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Thu, 31 May 2018 05:54:43 +0000 (14:54 +0900)]
change defines for return value of handlers
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Wed, 30 May 2018 13:34:03 +0000 (15:34 +0200)]
confile: improve strprint()
POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."
But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.
[1]: The Open Group Base Specifications Issue 7, 2018 edition
IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
Donghwa Jeong [Tue, 29 May 2018 13:01:27 +0000 (22:01 +0900)]
conf: va_end was not called.
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Mon, 28 May 2018 22:57:13 +0000 (00:57 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:54:16 +0000 (00:54 +0200)]
conf: make tmp_umount_proc bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:52:37 +0000 (00:52 +0200)]
conf: make root idmap structs const
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 22:48:15 +0000 (00:48 +0200)]
start: add reboot macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 13:10:19 +0000 (15:10 +0200)]
conf: ensure lxc_delete_tty() does not crash
We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 28 May 2018 11:27:43 +0000 (13:27 +0200)]
start: do not init ns_clone_flags to -1
ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Donghwa Jeong [Mon, 28 May 2018 04:42:45 +0000 (13:42 +0900)]
network: fix socket handle leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
Christian Brauner [Sat, 26 May 2018 12:22:51 +0000 (14:22 +0200)]
utils: fix task_blocking_signal()
Closes #2342.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 11:12:32 +0000 (13:12 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 11:09:13 +0000 (13:09 +0200)]
conf: pts -> pty_max
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:53:56 +0000 (12:53 +0200)]
conf: simplify tty handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:53:12 +0000 (12:53 +0200)]
conf: reshuffle mount members
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:52:09 +0000 (12:52 +0200)]
conf: make close_all_fds a boolean
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:50:53 +0000 (12:50 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:50:03 +0000 (12:50 +0200)]
conf: make is_execute a boolean
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 10:48:09 +0000 (12:48 +0200)]
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:25:20 +0000 (03:25 +0200)]
coverity: #
1435747
Dereference before null check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:22:58 +0000 (03:22 +0200)]
coverity: #
1435803
Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:21:05 +0000 (03:21 +0200)]
coverity: #
1435805
Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 26 May 2018 01:20:36 +0000 (03:20 +0200)]
coverity: #
1435806
Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 17:35:00 +0000 (19:35 +0200)]
tools: fix lxc-create with global config value II
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 13:43:59 +0000 (15:43 +0200)]
tools: fix lxc-create with global config value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:27:50 +0000 (13:27 +0200)]
seccomp: make do_resolve_add_rule() more strict
Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:26:25 +0000 (13:26 +0200)]
seccomp: parse_v2_rules()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 25 May 2018 11:16:31 +0000 (13:16 +0200)]
seccomp: lxc_read_seccomp_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Fri, 25 May 2018 10:07:12 +0000 (12:07 +0200)]
seccomp: error on unrecognized actions
Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:
kexec_load errrno 1
(note the extra 'r')
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Fri, 25 May 2018 10:04:13 +0000 (12:04 +0200)]
seccomp: refactor line handling of parse_config
Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba41c ("seccomp: parse_config_v2()")
Wolfgang Bumiller [Fri, 25 May 2018 09:44:42 +0000 (11:44 +0200)]
seccomp: re-add action parse error handling
This can happen when the 'errno' action can't parse its
supplied number.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a0d ("seccomp: parse_v2_rules()")
Wolfgang Bumiller [Fri, 25 May 2018 06:42:01 +0000 (08:42 +0200)]
seccomp: leak fixup
Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e430 ("seccomp: parse_config_v1()")
Christian Brauner [Thu, 24 May 2018 22:25:16 +0000 (00:25 +0200)]
start: log setns() failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 22:12:46 +0000 (00:12 +0200)]
confile: order architectures
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 22:00:50 +0000 (00:00 +0200)]
lxccontainer: fix fd leaks when sending signals
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 18:45:29 +0000 (20:45 +0200)]
utils: fix task_blocking_signal()
sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 18:29:48 +0000 (20:29 +0200)]
tree-wide: s/sigprocmask/pthread_sigmask()/g
The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:53:31 +0000 (16:53 +0200)]
seccomp: lxc_read_seccomp_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:49:28 +0000 (16:49 +0200)]
seccomp: parse_config()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:47:08 +0000 (16:47 +0200)]
seccomp: parse_config_v2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:35:21 +0000 (16:35 +0200)]
seccomp: do_resolve_add_rule()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:28:02 +0000 (16:28 +0200)]
seccomp: scmp_filter_ctx get_new_ctx()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:24:59 +0000 (16:24 +0200)]
seccomp: get_hostarch()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:24:09 +0000 (16:24 +0200)]
seccomp: move #ifdefines
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 14:22:58 +0000 (16:22 +0200)]
seccomp: parse_v2_rules()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:49:36 +0000 (13:49 +0200)]
seccomp: fix get_seccomp_arg_value()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:47:59 +0000 (13:47 +0200)]
seccomp: get_v2_action()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:46:06 +0000 (13:46 +0200)]
seccomp: get_action_name()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:42:47 +0000 (13:42 +0200)]
seccomp: get_v2_default_action()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:38:08 +0000 (13:38 +0200)]
utils: add remove_trailing_newlines()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:35:01 +0000 (13:35 +0200)]
seccomp: parse_config_v1()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 24 May 2018 11:34:49 +0000 (13:34 +0200)]
lxcseccomp: cleanup header
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Felix Abecassis [Thu, 24 May 2018 05:25:53 +0000 (22:25 -0700)]
seccomp: fix type mismatch when parsing syscall arguments filters
Specifier %lli was insufficient for the type uint64_t, all values
between 2^63-1 and 2^64-1 were silently converted to 2^63-1.
We can't use %llu since it doesn't handle hexadecimal. Instead, we
parse the values as strings and then use strtoull(3).
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Felix Abecassis [Thu, 24 May 2018 04:28:39 +0000 (21:28 -0700)]
seccomp: remove unnecessary memset
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Felix Abecassis [Thu, 24 May 2018 04:28:01 +0000 (21:28 -0700)]
seccomp: remove confusing comment line
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Felix Abecassis [Thu, 24 May 2018 03:51:42 +0000 (20:51 -0700)]
seccomp: fix off-by-one error in array allocation for sscanf
The maximum field width does not include the null terminator.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Christian Brauner [Wed, 23 May 2018 11:49:42 +0000 (13:49 +0200)]
tools: only create log file when requested
We used to initialize a log unconditionally before. This has led to scenarios
where users where left with container directories and an empty log file even
though they didn't request a log be created at all.
Switch all tools to only create a log file when the user explicitly requests
this.
Closes #1779.
Closes #2032.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Tycho Andersen [Tue, 22 May 2018 23:33:17 +0000 (23:33 +0000)]
execute: use execveat() syscall if supported
The execveat allows us to exec stuff via a fd so we don't have to bind mount
stuff in. See the comment about why we're using the syscall directly.
Closes #2339.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
[christian.brauner@ubuntu.com: adapt error message and whitespace fixes]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 22 May 2018 21:26:03 +0000 (23:26 +0200)]
lxc-init: skip signals that can't be caught
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 20 May 2018 12:05:51 +0000 (14:05 +0200)]
log: enable per-thread container name prefix
When using the LXC API multi-thread and users initialize a log:
struct lxc_log log;
log.name = "my-log";
lxc_log_init(&log);
all threads will have the same "my-log" prefix even though thy might call
lxc_container_new() in separate threads. There is currently no easy way to
handle per-thread container name prefixes.
To handle this carry a reference to the name of the container in struct
lxc_conf and if no log.name was set, use it by default. This way each thread
will get the container it is currently working on as a log-prefix.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: duguhaotian <duguhaotian@gmail.com>
Christian Brauner [Sat, 19 May 2018 20:51:29 +0000 (22:51 +0200)]
conf: simplify write_id_mapping()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 19 May 2018 19:47:39 +0000 (21:47 +0200)]
seccomp: #ifdef SCMP_ARCH_AARCH64
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 19 May 2018 19:28:12 +0000 (21:28 +0200)]
cgroups: remove freezer_state()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 18 May 2018 18:16:22 +0000 (20:16 +0200)]
cgroups: refactor cgroup handling
This replaces the constructor implementation of cgroup handling with a simpler,
thread-safe on-demand model of cgroup driver initialization.
Making the cgroup initialization code run in a constructor means that each time
the shared library gets mapped the cgroup parsing code gets run. That's
unnecessary overhead.
It also feels to me that this is only accidently thread-safe because
constructors are only run once. But should threads actually end up manipulating
or freeing memory that is file-global to cgfsng.c we'd be screwed. Now, I might
be wrong here but the cleaner implementation is to allocate a cgroup driver on
demand whenever we need it.
Take the chance and rework the cgroup_ops interface to make the functions it
wants to have implemented a lot cleaner.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Simos Xenitellis [Tue, 15 May 2018 11:34:38 +0000 (11:34 +0000)]
coverity: #
1425802
Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>
Christian Brauner [Tue, 15 May 2018 19:33:48 +0000 (21:33 +0200)]
capabilities: raise ambient capabilities
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>
Simos Xenitellis [Tue, 15 May 2018 00:05:13 +0000 (00:05 +0000)]
coverity: #
1248106
Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>
Simos Xenitellis [Tue, 15 May 2018 00:19:12 +0000 (00:19 +0000)]
coverity: #
1425836
Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>
Christian Brauner [Sun, 13 May 2018 13:02:09 +0000 (15:02 +0200)]
config: allow read-write /sys in user namespace
Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Simos Xenitellis [Tue, 15 May 2018 11:37:14 +0000 (11:37 +0000)]
coverity: #
1425844
Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>
Christian Brauner [Tue, 15 May 2018 10:35:34 +0000 (12:35 +0200)]
coverity: #
1435602
Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 15 May 2018 10:34:24 +0000 (12:34 +0200)]
coverity: #
1435603
Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 15 May 2018 10:33:22 +0000 (12:33 +0200)]
coverity: #
1435604
Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
KATOH Yasufumi [Tue, 15 May 2018 09:07:27 +0000 (18:07 +0900)]
doc: Fix size unit style in Japanese lxc.container.conf(5)
fix "kB" to "KB", and tweak description. Update for commit
6d276ed and
6d276ed .
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
KATOH Yasufumi [Tue, 15 May 2018 08:52:46 +0000 (17:52 +0900)]
doc: Add "-d/--daemon" option to Japanese lxc-execute(1)
Update for commit
4160ef0
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Christian Brauner [Fri, 11 May 2018 13:58:33 +0000 (15:58 +0200)]
tools: s/strncpy()/memcpy()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 13:56:58 +0000 (15:56 +0200)]
Revert "tools: s/strncpy()/strlcpy()/g"
This reverts commit
2ec47d5149e73db97f7877d06d67cb11421097bb .
First, I forgot to actually replace strncpy() with strlcpy(). Second, we don't
want to \0-terminate since this is an abstract unix socket and this is not
required. Instead, let's simply use memcpy() which is more correct and also
silences gcc-8.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 13:19:45 +0000 (15:19 +0200)]
tools: s/strncpy()/strlcpy()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 11:02:41 +0000 (13:02 +0200)]
CODING_STYLE: add section about using strlcpy()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 10:58:11 +0000 (12:58 +0200)]
tree-wide: s/strncpy()/strlcpy()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 10:57:51 +0000 (12:57 +0200)]
strlcpy: add strlcpy() implementation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 11 May 2018 11:08:20 +0000 (13:08 +0200)]
utils: fix parse_byte_size_string() coding style
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
l00355512 [Fri, 11 May 2018 01:47:49 +0000 (09:47 +0800)]
support case ignored suffix for sizes
suffix of console max size and console buffer max size
Signed-off-by: l00355512 <liuhao27@huawei.com>
Christian Brauner [Thu, 10 May 2018 22:54:47 +0000 (00:54 +0200)]
network: adhere to IFNAMSIZ limit
The additional \0-byte space added is not needed since IFNAMSIZ needs to
include the \0-byte.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 10 May 2018 22:52:33 +0000 (00:52 +0200)]
network: silence gcc-8
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 10 May 2018 22:16:41 +0000 (00:16 +0200)]
confile: satisfy gcc-8
Apparently -Werror=stringop-overflow will trigger an error here even though
this is completely valid since we now that we're definitely copying a \0-byte.
Work around this gcc-8 quirk by using memcpy(). This shouldn't trigger the
warning.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Thu, 10 May 2018 18:25:08 +0000 (20:25 +0200)]
utils: account for terminating \0 byte
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 1 May 2018 15:27:51 +0000 (17:27 +0200)]
coverity: #
1425744
Dereference after null check
userns_exec_{1,full} are called from functions that might not have a conf.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 1 May 2018 15:18:26 +0000 (17:18 +0200)]
coverity: #
1248105
Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 1 May 2018 15:17:03 +0000 (17:17 +0200)]
coverity: #
1248104
Argument cannot be negative
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 1 May 2018 14:59:19 +0000 (16:59 +0200)]
genl: remove
These files have never been used and as such have no dependencies in the
codebase whatsoever. So remove them. If we need them we can simply pull them
out of the git history.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Tycho Andersen [Wed, 9 May 2018 01:48:31 +0000 (01:48 +0000)]
execute: set init_path when existing init is found
I'm not really sure we should be looking in the rootfs for an existing
init, but I'll send a much more invasive patch to correct that. For now,
let's just make sure we set init_path when we find one, so that later in
execute_start() we don't bail.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>