]>
git.proxmox.com Git - mirror_lxc.git/log
Christian Brauner [Wed, 12 Sep 2018 11:34:36 +0000 (13:34 +0200)]
Merge pull request #2609 from 2xsec/bugfix
remove unused variables & function
2xsec [Wed, 12 Sep 2018 08:31:40 +0000 (17:31 +0900)]
file_utils: remove unused function
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Wed, 12 Sep 2018 08:29:09 +0000 (17:29 +0900)]
remove unused variables
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Wolfgang Bumiller [Tue, 11 Sep 2018 12:18:04 +0000 (14:18 +0200)]
Merge pull request #2604 from brauner/2018-09-09/fix_pid_file
lxccontainer: use correct pid_t type
Christian Brauner [Tue, 11 Sep 2018 09:39:54 +0000 (11:39 +0200)]
Merge pull request #2601 from 2xsec/bugfix
log: support dlog
Christian Brauner [Tue, 11 Sep 2018 08:34:41 +0000 (10:34 +0200)]
lxccontainer: use correct pid_t type
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Tue, 11 Sep 2018 09:06:42 +0000 (11:06 +0200)]
Merge pull request #2596 from brauner/2018-09-05/attach_id
utils: allow lxc-attach to set uid / gid
Christian Brauner [Sun, 9 Sep 2018 14:34:50 +0000 (16:34 +0200)]
utils: make lxc_switch_uid_gid() return bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Sep 2018 14:30:20 +0000 (16:30 +0200)]
utils: make lxc_setgroups() return bool
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Sep 2018 11:58:53 +0000 (13:58 +0200)]
start: avoid unnecessary syscalls
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Sep 2018 11:22:58 +0000 (13:22 +0200)]
tools/lxc-attach: add -u and -g arguments
This lets users specify uids and gids to switch to.
Closes #2591.
Signed-off-by: Disassembler disassembler@dasm.cz
[christian.brauner@ubuntu.com: adapt coding style + commit message]
Christian Brauner [Sun, 9 Sep 2018 11:20:14 +0000 (13:20 +0200)]
attach: handle id switching smarter
For setup, switch to the most privileged ids we can find. That is either
nsuid 0 if a mapping has been established if not switch to the ids the
init running in the container was started with.
After setup, switch to the actual requested ids.
Closes #2591.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2xsec [Tue, 11 Sep 2018 07:04:25 +0000 (16:04 +0900)]
log: support dlog
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Christian Brauner [Sun, 9 Sep 2018 11:11:21 +0000 (13:11 +0200)]
utils: improve lxc_switch_uid_gid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 9 Sep 2018 10:46:00 +0000 (12:46 +0200)]
utils: improve get_ns_uid() and add get_ns_gid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 8 Sep 2018 19:39:05 +0000 (20:39 +0100)]
Merge pull request #2594 from ffontaine/master
lxc: fix build with --disable-werror
Fabrice Fontaine [Sat, 8 Sep 2018 19:05:58 +0000 (21:05 +0200)]
lxc: fix build with --disable-werror
Fix #2592 by defining -Wvla -std=gnu11 even if --disable-werror is set
As -std=gnu11 is always set, bump requirement on gcc from 4.6 to 4.7
(see https://gcc.gnu.org/projects/cxx-status.html#cxx11)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Christian Brauner [Fri, 7 Sep 2018 12:54:09 +0000 (13:54 +0100)]
Merge pull request #2589 from 2xsec/bugfix
lxccontainer: fix dereferenced pointer
2xsec [Thu, 6 Sep 2018 07:55:10 +0000 (16:55 +0900)]
lxccontainer: fix dereferenced pointer
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Wolfgang Bumiller [Tue, 4 Sep 2018 12:45:55 +0000 (14:45 +0200)]
Merge pull request #2584 from brauner/2018-09-03/bugfixes
commands: switch to setting errno and returning -1
Christian Brauner [Tue, 4 Sep 2018 11:59:49 +0000 (13:59 +0200)]
log: log_append_logfile() add new error path
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 21:16:13 +0000 (23:16 +0200)]
nl: save errno on lxc_netns_set_nsid()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 12:46:13 +0000 (14:46 +0200)]
tree-wide: s/send()/lxc_send_nointr()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 12:43:06 +0000 (14:43 +0200)]
file_utils: add lxc_send_nointr()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 12:41:48 +0000 (14:41 +0200)]
tree-wide: s/recv()/lxc_recv_nointr()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 12:19:06 +0000 (14:19 +0200)]
log: save errno on strerror_r()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 10:17:46 +0000 (12:17 +0200)]
log: do not clobber errno
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 00:53:57 +0000 (02:53 +0200)]
commands: switch to setting errno and returning -1
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Wolfgang Bumiller <w.bumiller@proxmox.com>
Christian Brauner [Mon, 3 Sep 2018 00:51:39 +0000 (02:51 +0200)]
file_utils: add lxc_recv_nointr()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Mon, 3 Sep 2018 00:44:40 +0000 (02:44 +0200)]
commands: better error message
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Tue, 4 Sep 2018 08:34:46 +0000 (10:34 +0200)]
Merge pull request #2585 from 2xsec/bugfix
caps: fix illegal access to array bound
2xsec [Tue, 4 Sep 2018 05:58:59 +0000 (14:58 +0900)]
syntax error: mismatch brace
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Tue, 4 Sep 2018 05:24:22 +0000 (14:24 +0900)]
nl: remove duplicated define
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Tue, 4 Sep 2018 02:10:18 +0000 (11:10 +0900)]
utils: defensive programming
If caller passed the size of array not string length, it is possible to be accessed out of bounds.
Reorder conditions can prevent access invalid index of array.
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2xsec [Mon, 3 Sep 2018 06:10:05 +0000 (15:10 +0900)]
caps: fix illegal access to array bound
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
Wolfgang Bumiller [Sun, 2 Sep 2018 08:03:16 +0000 (10:03 +0200)]
Merge pull request #2581 from brauner/2018-09-02/macro
macro: move MS_* macros
Christian Brauner [Sun, 2 Sep 2018 05:32:23 +0000 (07:32 +0200)]
macro: move MS_* macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Sat, 1 Sep 2018 18:53:32 +0000 (20:53 +0200)]
Merge pull request #2580 from brauner/2018-09-01/revert_blub_revert
Revert "Revert "tree-wide: use sizeof on static arrays""
Christian Brauner [Sat, 1 Sep 2018 18:25:07 +0000 (20:25 +0200)]
Revert "Revert "tree-wide: use sizeof on static arrays""
This reverts commit
2fb7cf0b325d2e34cd6faa2758cbaba6b6c3b99f .
The problem wasn't caused by the reverted commit and was fixed in
commit
0c9b1f826d3 ("macro: calculate buffer lengths correctly")
The full explanation can be taken from the following irc excerpt from
the #lxc-dev channel:
│19:54:47 brauner | there was a bug in one of the standard macros we used
│19:55:01 brauner | and the changes by INTTYPE_TO_STRLEN() caused the issue to surface
│19:55:03 brauner | which is good
│19:55:16 brauner | i sent a branch and stgraber merged it that fixes it
│19:57:56 Blub\0 | so...
│19:58:31 Blub\0 | still doesn't explain how it was the sizeof() patch
│20:07:14 brauner | Blub\0: so here's the long explanation
│20:07:35 brauner | Blub\0: stgraber bumped pid_max on our jenkins test builders
│20:07:53 brauner | Blub\0: because we're running *a lot* of containers
│20:07:56 brauner | in any case
│20:08:06 brauner | there was a buffer
│20:08:12 brauner | LXC_LSMATTRLEN
│20:08:59 brauner | it used to be
│20:09:03 brauner | -/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */
│20:09:03 brauner | -#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
│20:09:14 brauner | which one can see is wrong
│20:09:21 brauner | before the INTTYPE patchset
│20:09:40 brauner | INTTYPE_TO_STRLEN(pid_t) was LXC_NUMSTRLEN64
│20:09:45 brauner | which gave you 21 chars
│20:09:57 brauner | so it accounted for the missing parts
│20:10:03 brauner | because the correct macro should've been
│20:10:17 brauner | +/* /proc/ = 6
│20:10:17 brauner | + * +
│20:10:17 brauner | + * <pid-as-str> = INTTYPE_TO_STRLEN(pid_t)
│20:10:17 brauner | + * +
│20:10:17 brauner | + * /attr/ = 6
│20:10:17 brauner | + * +
│20:10:17 brauner | + * /current = 8
│20:10:17 brauner | + * +
│20:10:17 brauner | + * \0 = 1
│20:10:17 brauner | + */
│20:10:17 brauner | +#define LXC_LSMATTRLEN (6 + INTTYPE_TO_STRLEN(pid_t) + 6 + 8 + 1)
│20:10:24 Blub\0 | still
│20:10:31 brauner | the issue was only seen
│20:10:39 brauner | when the pid number hit a specific maximum
│20:10:50 Blub\0 | the sizeof patch only changed instances of actual char buf[A_FIXED_NUMBER] + snprintf(buf, A_FIXED_NUMBER, ...)
│20:10:54 brauner | aka exceeded the newly shortened buffer
│20:11:42 brauner | your patch was a red herring
│20:12:03 Blub\0 | I guess
│20:12:06 brauner | it didn't cause it
│20:12:14 brauner | it just surfaced at the same time it was merged
│20:12:25 Blub\0 | so we can revert the revert then? :)
│20:12:35 brauner | yes, that was th eplan all along
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 31 Aug 2018 23:52:23 +0000 (16:52 -0700)]
Merge pull request #2579 from brauner/2018-08-31/int64_t_pids
macro: calculate buffer lengths correctly
Christian Brauner [Fri, 31 Aug 2018 22:53:33 +0000 (00:53 +0200)]
macro: calculate buffer lengths correctly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 31 Aug 2018 22:14:06 +0000 (00:14 +0200)]
commands: assign before converting to pointer
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 31 Aug 2018 21:30:21 +0000 (14:30 -0700)]
Merge pull request #2578 from brauner/2018-08-31/int64_t_pids
commands: pass around intmax_t
Christian Brauner [Fri, 31 Aug 2018 19:25:45 +0000 (21:25 +0200)]
commands: pass around intmax_t
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Fri, 31 Aug 2018 18:58:17 +0000 (11:58 -0700)]
Revert "tree-wide: use sizeof on static arrays"
This reverts commit
81a3bb64b4147ac6da3087cb77ac67828a2f2b76 .
This commit broke all builders running with pid_max > 32768.
Reverting for now so we can bring the build farm back online.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Wolfgang Bumiller [Thu, 30 Aug 2018 06:28:08 +0000 (08:28 +0200)]
Merge pull request #2435 from brauner/2018-06-27/storage_managed
[RFC] conf: introduce lxc.rootfs.managed
Christian Brauner [Wed, 29 Aug 2018 20:26:46 +0000 (22:26 +0200)]
Merge pull request #2577 from Blub/inttype-lengths
tree-wide: use sizeof on static arrays
Wolfgang Bumiller [Wed, 29 Aug 2018 19:45:45 +0000 (21:45 +0200)]
tree-wide: use sizeof on static arrays
Instead of duplicating their lengths in read/snprintf/...
calls.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Wolfgang Bumiller [Wed, 29 Aug 2018 19:39:05 +0000 (21:39 +0200)]
Merge pull request #2572 from brauner/2018-08-24/musl_fixes
build: fix musl + add compiler.h
Stéphane Graber [Tue, 28 Aug 2018 18:29:02 +0000 (11:29 -0700)]
Merge pull request #2576 from brauner/2018-08-28/command_init_id
commands: always return -1 on lxc_cmd_get_init_pid() err
Christian Brauner [Sun, 26 Aug 2018 23:05:18 +0000 (01:05 +0200)]
string_utils: use UINT64_MAX macro
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 26 Aug 2018 23:01:47 +0000 (01:01 +0200)]
caps: move macros to macro header
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 26 Aug 2018 22:59:12 +0000 (00:59 +0200)]
start: remove duplicate macros
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 26 Aug 2018 15:24:27 +0000 (17:24 +0200)]
Makefile: correctly add ifaddrs to noinst_HEADERS
Before this we only added ifaddrs.h to noinst_HEADERS when we were running on
Android's bionic. That obviously doesn't make sense since it is possible that
ifaddrs.h is not defined and we're also not running on Android's bionic.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sun, 26 Aug 2018 10:34:11 +0000 (12:34 +0200)]
macro: coding style fixes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:30:50 +0000 (12:30 +0200)]
macro: final INTTYPE_TO_STRLEN() related cleanups
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:39:57 +0000 (12:39 +0200)]
tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:28:32 +0000 (12:28 +0200)]
conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:27:10 +0000 (12:27 +0200)]
tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:25:27 +0000 (12:25 +0200)]
utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:22:53 +0000 (12:22 +0200)]
string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:20:12 +0000 (12:20 +0200)]
network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:17:36 +0000 (12:17 +0200)]
monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:16:32 +0000 (12:16 +0200)]
lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:15:15 +0000 (12:15 +0200)]
macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:13:55 +0000 (12:13 +0200)]
lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:11:42 +0000 (12:11 +0200)]
log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:09:41 +0000 (12:09 +0200)]
confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:04:56 +0000 (12:04 +0200)]
cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 10:04:17 +0000 (12:04 +0200)]
caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 09:56:10 +0000 (11:56 +0200)]
macro: add INTTYPE_TO_STRLEN()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 09:31:36 +0000 (11:31 +0200)]
macro: add PTR_TO_INT() and INT_TO_PTR()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 09:30:39 +0000 (11:30 +0200)]
macro: move LXC_CMD_DATA_MAX from commands.h
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 05:24:37 +0000 (07:24 +0200)]
macro: add LXC_AUDS_ADDR_LEN
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 05:01:26 +0000 (07:01 +0200)]
commands: ensure -1 is sent on EPIPE for init pid
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 04:44:36 +0000 (06:44 +0200)]
tests: cleanup Makefile
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 04:36:12 +0000 (06:36 +0200)]
tests: add basic.c
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Sat, 25 Aug 2018 04:17:49 +0000 (06:17 +0200)]
commands: return -1 on lxc_cmd_get_init_pid() err
A while back the whole lxc_cmd() infrastructure was changed to return
meaningful negative error codes. But lxc_cmd_get_init_pid() should always
return -1. Make it so!
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Fri, 24 Aug 2018 14:07:07 +0000 (16:07 +0200)]
compiler: add compiler.h header
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 24 Aug 2018 10:44:21 +0000 (12:44 +0200)]
configure: reorder header checks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Fri, 24 Aug 2018 10:25:28 +0000 (12:25 +0200)]
build: fix musl
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Tue, 28 Aug 2018 18:06:40 +0000 (11:06 -0700)]
Merge pull request #2574 from brauner/2018-08-26/cgroup_keep
confile: add lxc.cgroup.keep
Christian Brauner [Sun, 26 Aug 2018 16:59:01 +0000 (18:59 +0200)]
cgroups: don't escape if lxc.cgroup.keep is true
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>
Christian Brauner [Fri, 18 May 2018 14:16:22 +0000 (16:16 +0200)]
confile: add lxc.cgroup.keep
This adds the new lxc.cgroup.keep config key. The key can be used to instruct
LXC to not escape to never escape to the root cgroup. This makes it easy for
users to adhere to restrictions enforced by cgroup2 and systemd. Specifically,
this makes it possible to run LXC containers as systemd services.
Note that cgroup v1 is considered legacy and will not see additional
controllers being added to it. This means that it is safe to use
lxc.cgroup.keep as config key since there is no "keep" controller. The only way
a conflict can be introduced is if the user is creating a named controller. I
think this case can be safely ignored since it is super rare and also the users
problem.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>
Christian Brauner [Sun, 26 Aug 2018 16:49:21 +0000 (18:49 +0200)]
start: do not initialize cgroup_ops twice
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Wolfgang Bumiller [Thu, 23 Aug 2018 15:58:43 +0000 (17:58 +0200)]
Merge pull request #2570 from brauner/2018-08-23/fix_privileged_logging
execute: pass /proc/self/fd/<nr>
Christian Brauner [Thu, 23 Aug 2018 15:35:40 +0000 (17:35 +0200)]
execute: pass /proc/self/fd/<nr>
Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't
the case when users use lxc.namespace.keep = pid to inherit pid namespaces.
Pass /proc/self/fd/<nr> instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>
Stéphane Graber [Thu, 23 Aug 2018 15:30:14 +0000 (11:30 -0400)]
Merge pull request #2569 from brauner/2018-08-23/fix_unpriv_execute_logging
execute: skip lxc-init logging when unprivileged
Christian Brauner [Thu, 23 Aug 2018 13:46:12 +0000 (15:46 +0200)]
execute: skip lxc-init logging when unprivileged
Unprivileged app containers will not be able to open the passed in
/proc/1/fd/<idx> log path and will thus currently fail completely as soon as
any log level or log file is passed.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>
Wolfgang Bumiller [Thu, 23 Aug 2018 12:26:42 +0000 (14:26 +0200)]
Merge pull request #2568 from brauner/2018-08-22/ifaddrs
include: add safe getifaddrs() version
Christian Brauner [Wed, 22 Aug 2018 18:28:52 +0000 (20:28 +0200)]
Makefile: conditionalize ifaddrs.h inclusion
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 15:29:33 +0000 (17:29 +0200)]
ifaddrs: add safe implementation of getifaddrs()
The old version was crazy. This replaces it with an internal version based on
musl.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Stéphane Graber [Wed, 22 Aug 2018 22:54:18 +0000 (18:54 -0400)]
Merge pull request #2565 from brauner/2018-08-22/more_fixes
remove last pam_cgfs special-casing
Christian Brauner [Wed, 22 Aug 2018 18:06:14 +0000 (20:06 +0200)]
Merge pull request #2567 from stgraber/master
Fix typo
Stéphane Graber [Wed, 22 Aug 2018 17:58:17 +0000 (13:58 -0400)]
Fix typo
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 13:52:18 +0000 (15:52 +0200)]
conf: add missing headers
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 13:45:54 +0000 (15:45 +0200)]
Makefile: remove last pam_cgfs special-casing
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 13:45:33 +0000 (15:45 +0200)]
string_utils: add remove_trailing_slashes()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 13:40:58 +0000 (15:40 +0200)]
string_utils: remove unused headers
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Christian Brauner [Wed, 22 Aug 2018 13:37:41 +0000 (15:37 +0200)]
string_utils: remove unnecessary include
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>