lxc should not reboot the container when lxc.hook.post-stop fails. It should
simply shutdown. This makes the behavior of lxc.hook.post-stop and
lxc.hook.pre-start consistent. When lxc.hook.pre-start fails, the container
does not start.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc-attach: always allocate current controlling pty
lxc-attach uses lxc_console_create() to allocate a pty on the host.
lxc_console_create() in turn calls lxc_console_peer_default() which either
makes the current controlling pty our controlling pty for the container, or
uses whatever the user gave us (e.g. /dev/tty2 etc.). For lxc-attach we always
want the current controlling pty to be used. This commit ensures that we're in
fact always using the current controlling pty. The commit also fixes a segfault
when the user specified lxc.console.path = none.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Serge Hallyn [Fri, 26 Feb 2016 20:03:09 +0000 (20:03 +0000)]
fix cgfs failure for unpriv users
Cgmanager was taught awhile ago that only some cgroup controllers are
crucial. Teach cgfs the same thing.
This patch needs improvement, but will fix failure of lxc without cgmanager
for unprivileged users for now. In particular, needed improvements include:
1. the check for crucial subsystems needs to include lxc.use
2. we should keep a list of the actually used subsystems so we don't keep
trying to chmod and enter after create has found we couldn't use a particular
subsystem
This fixes unprivileged lxc use. It does not appear to suffice to fix
nested unprivilegd lxd usage.
Serge Hallyn [Thu, 25 Feb 2016 19:01:12 +0000 (11:01 -0800)]
cgfs: make sure we use valid cgroup mountpoints
If lxcfs starts before cgroup-lite, then the first cgroup mountpoints in
/proc/self/mountinfo are /run/lxcfs/*. Unprivileged users cannot access
these. So privileged containers are ok, and unprivileged containers are ok
since they won't cache those to begin with. But unprivileged root-owned
containers cache /run/lxcfs/* and then try to use them.
So when doing cgroup automounting check whether the mountpoints we have
stored are accessible, and if not look for a new one to use.
Serge Hallyn [Thu, 25 Feb 2016 01:00:35 +0000 (17:00 -0800)]
cgfs: do not automount if cgroup namespaces are supported
In that case containers will be able to mount cgroup filesystems
for themselves as they do on a host.
This fixes inability to start systemd based containers on cgns-enabled
kernels with cgmanager not running.
I've tested debian jessie, busybox, ubuntu trusty and xenial, all of
which booted ok. However if there are some setups which require
premounted cgroupfs (i.e. they don't mount if they detect being in
a container), this may cause trouble.
- lxc-clone and lxc-start-ephemeral are marked deprecated. We add a
--enable-deprecated flag to configure.ac allowing us to enable these
deprecated executables
- update tests to use lxc-copy instead of lxc-clone
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- add note to lxc-clone manpage that it is superseded by lxc-copy
- add note to lxc-start-ephemeral manpage that it is superseded by lxc-copy
- fix typo in lxc-attach manpage
- fix some of my comments in lxc_ls.c
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- explain rationale behind allocation of pty
- briefly explain how a pty is allocated
- add a short note that describes the changed behavior for lxc-attach when the
user is not placed in a writeable cgroup at login
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- The code required to prepare an fd to act as a login tty is shared among
pty_on_host_callback() and fork_pty(). This implements login_pty(), a
minimalistic login_tty() clone, to avoid code redundancy.
- Give pty_in_container() a slightly extended comment.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Serge Hallyn [Sun, 21 Feb 2016 23:38:11 +0000 (15:38 -0800)]
add lxc-default-cgns profile
This isn't safe for privileged containers which do not use cgroup
namespaces, but is required for systemd containers with cgroup
namespaces. So create a new profile for it which lxc will use as
the default when it knows it can.
So far lxc-attach did not use a pty when attaching to a container. This made it
vulnerable to tty input faking via TIOCSTI when switching to a different user.
This patch makes lxc-attach use a pty in most cases. The only current exemption
is when stdin, stdout, and stderr are not referring to a pty.
There are two ways how lxc-attach can receive a pty:
1. get a pty in the container
2. get a pty on the host
This patch makes 1. the default and only opts for 2. when 1. fails before
giving up. The rationale behind this is as follows: If we create a pty on the
host (2.) and pass the fds to the container the container may report "no tty"
when the "tty" command is used. This could be irritating for users when they
expect that lxc-attach now always tries to use a pty. Hence, option 1. is the
default.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc_console_cb_tty_masterfd() unnecessarily reported a read/write error when
the fd was closed. This happens e.g. when we have allocated a tty in the
container with lxc-console and we shut the container down. lxc-console will
then exit with an error message. This patch introduces a test whether the
EPOLLHUP bit is set in the events mask. If so, we report no error.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Nikolay Martynov [Sun, 21 Feb 2016 06:16:15 +0000 (01:16 -0500)]
Fix sshd template on systems with systemd
Systems with systemd have /sbin/init as a symlink pointing to real init.
Sshd template tries to bind-mount special init implementation.
The problem is that one cannot bind-mount to a location that is a symlink.
Fix this by deferencing /sbin/init symling and using that as bind-mount location.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
Ubuntu [Sat, 20 Feb 2016 02:25:55 +0000 (02:25 +0000)]
lxc: cgfs: handle lxcfs
When containers have lxcfs mounted instead of cgroupfs, we have to
process /proc/self/mountinfo a bit differently. In particular, we
should look for fuse.lxcfs fstype, we need to look elsewhere for the
list of comounted controllers, and the mount_prefix is not a cgroup path
which was bind mounted, so we should ignore it, and named subsystems
show up without the 'name=' prefix.
With this patchset I can start containers inside a privileged lxd
container with lxcfs mounted (i.e. without cgroup namespaces).
Serge Hallyn [Fri, 19 Feb 2016 22:12:47 +0000 (14:12 -0800)]
cgroups: do not fail if setting devices cgroup fails due to EPERM
If we're trying to allow a device which was denied to our parent
container, just continue.
Cgmanager does not help us to distinguish between eperm and other
errors, so just always continue.
We may want to consider actually computing the range of devices
to which the container monitor has access, but OTOH that introduces
a whole new set of complexity to compute access sets.
Serge Hallyn [Mon, 15 Feb 2016 20:15:10 +0000 (12:15 -0800)]
log.c:__lxc_log_set_file: fname cannot be null
fname cannot be passed in as NULL by any of its current callers. If it
could, then build_dir() would crash as it doesn't check for it. So make
sure we are warned if in the future we pass in NULL.
- Ephemeral containers are destroyed on shutdown so we do not destroy them.
- Destroy ephemeral containers with clones: first destroy all the clones, then
destroy the container.
- Ephemeral containers with snapshots cannot be easily handled but we can
probably trust that no one will try to make snapshots of an ephemeral
container.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>