PACKAGE=lxc-pve
-LXCVER=2.0.7
-DEBREL=500
+LXCVER=2.0.8
+DEBREL=1
SRCDIR=lxc
SRCTAR=${SRCDIR}.tgz
+lxc (2.0.8-1) unstable; urgency=medium
+
+ * update to lxc-2.0.8
+
+ -- Proxmox Support Team <support@proxmox.com> Fri, 12 May 2017 14:59:15 +0200
+
lxc (2.0.7-500) unstable; urgency=medium
* bump version for stretch
-From 10bc10054434f20870f812bb710eef5b5e22040b Mon Sep 17 00:00:00 2001
+From a070120ceba622b1834ad2693376256ba177f249 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 09:13:40 +0100
-Subject: [PATCH 1/9] lxc.service: start after a potential syslog.service
+Subject: [PATCH 1/8] lxc.service: start after a potential syslog.service
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
-index cd61996..7754191 100644
+index cd619967..77541917 100644
--- a/config/init/systemd/lxc.service.in
+++ b/config/init/systemd/lxc.service.in
@@ -1,6 +1,6 @@
Documentation=man:lxc-autostart man:lxc
--
-2.1.4
+2.11.0
-From e68a4291abec1c140fffbc8c954ff9596b17aad4 Mon Sep 17 00:00:00 2001
+From de03e2bff16699c10f1c3a80e4c84a44c0a32bc0 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 09:14:55 +0100
-Subject: [PATCH 2/9] jessie/systemd: remove Delegate flag to silence warnings
+Subject: [PATCH 2/8] jessie/systemd: remove Delegate flag to silence warnings
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
2 files changed, 2 deletions(-)
diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
-index 7754191..bdd5828 100644
+index 77541917..bdd58283 100644
--- a/config/init/systemd/lxc.service.in
+++ b/config/init/systemd/lxc.service.in
@@ -12,7 +12,6 @@ ExecStart=@LIBEXECDIR@/lxc/lxc-containers start
StandardError=syslog
diff --git a/config/init/systemd/lxc@.service.in b/config/init/systemd/lxc@.service.in
-index 44d11e8..6b8b5ff 100644
+index 44d11e8e..6b8b5ff1 100644
--- a/config/init/systemd/lxc@.service.in
+++ b/config/init/systemd/lxc@.service.in
@@ -13,7 +13,6 @@ TimeoutStopSec=120s
StandardError=syslog
--
-2.1.4
+2.11.0
-From 6b3de84e0654c3b0b13166d63af9961a3a757c6e Mon Sep 17 00:00:00 2001
+From 405bcb676e3eb07e2e2efab45b15cdc8b799b15c Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 09:15:37 +0100
-Subject: [PATCH 3/9] pve: run lxcnetaddbr when instantiating veths
+Subject: [PATCH 3/8] pve: run lxcnetaddbr when instantiating veths
FIXME: Why aren't we using regular up-scripts?
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
-index a93124b..c4079bb 100644
+index 923a4d90..3bedcf0f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
-@@ -2683,8 +2683,13 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
+@@ -2742,8 +2742,13 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
"veth", veth1, (char*) NULL);
if (err)
goto out_delete;
veth1, veth2, netdev->ifindex);
--
-2.1.4
+2.11.0
-From e7d6b0d2384070f2c34a46aaa20250ce31f96c9c Mon Sep 17 00:00:00 2001
+From 05337fbce533630e978904db57601eedf498b776 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
Date: Wed, 9 Nov 2016 09:14:26 +0100
-Subject: [PATCH 4/9] deny rw mounting of /sys and /proc
+Subject: [PATCH 4/8] deny rw mounting of /sys and /proc
this would allow root in a privileged container to change
the permissions of /sys on the host, which could lock out
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
-index 06290de..779aadd 100644
+index 06290de2..779aadd4 100644
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -84,7 +84,6 @@
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
-index 5bc9b28..5c8e441 100644
+index 5bc9b28b..5c8e441f 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -84,7 +84,6 @@
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
--
-2.1.4
+2.11.0
-From 6adbaea0d07553932f4cd78b5530cd5291c3b41f Mon Sep 17 00:00:00 2001
+From 5ceb26ec765edb81aba25b9db4fc5ede0d7a0375 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Tue, 15 Nov 2016 09:20:24 +0100
-Subject: [PATCH 5/9] separate the limiting from the namespaced cgroup root
+Subject: [PATCH 5/8] separate the limiting from the namespaced cgroup root
When cgroup namespaces are enabled a privileged container
with mixed cgroups has full write access to its own root
9 files changed, 219 insertions(+), 77 deletions(-)
diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c
-index 8499200..b78b78d 100644
+index 3bfa5239..f305a561 100644
--- a/src/lxc/cgroups/cgfs.c
+++ b/src/lxc/cgroups/cgfs.c
@@ -2383,12 +2383,15 @@ static void cgfs_destroy(void *hdata, struct lxc_conf *conf)
return false;
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
-index 2b772e2..f7df3cf 100644
+index ebd548b9..b26e1b27 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -72,6 +72,7 @@ struct hierarchy {
};
/*
-@@ -814,6 +815,7 @@ static void add_controller(char **clist, char *mountpoint, char *base_cgroup)
+@@ -820,6 +821,7 @@ static void add_controller(char **clist, char *mountpoint, char *base_cgroup)
new->mountpoint = mountpoint;
new->base_cgroup = base_cgroup;
new->fullcgpath = NULL;
newentry = append_null_to_list((void ***)&hierarchies);
hierarchies[newentry] = new;
-@@ -1286,6 +1288,8 @@ static void cgfsng_destroy(void *hdata, struct lxc_conf *conf)
+@@ -1304,6 +1306,8 @@ static void cgfsng_destroy(void *hdata, struct lxc_conf *conf)
free(h->fullcgpath);
h->fullcgpath = NULL;
}
}
}
-@@ -1299,18 +1303,25 @@ struct cgroup_ops *cgfsng_ops_init(void)
+@@ -1321,18 +1325,25 @@ struct cgroup_ops *cgfsng_ops_init(void)
return &cgfsng_ops;
}
}
static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
-@@ -1325,7 +1336,8 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
+@@ -1347,7 +1358,8 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
* Try to create the same cgroup in all hierarchies.
* Start with cgroup_pattern; next cgroup_pattern-1, -2, ..., -999
*/
{
struct cgfsng_handler_data *d = hdata;
char *tmp, *cgname, *offset;
-@@ -1335,9 +1347,15 @@ static inline bool cgfsng_create(void *hdata)
+@@ -1357,9 +1369,15 @@ static inline bool cgfsng_create(void *hdata)
if (!d)
return false;
if (d->container_cgroup) {
tmp = lxc_string_replace("%n", d->name, d->cgroup_pattern);
if (!tmp) {
-@@ -1358,7 +1376,7 @@ again:
+@@ -1380,7 +1398,7 @@ again:
if (idx)
snprintf(offset, 5, "-%d", idx);
for (i = 0; hierarchies[i]; i++) {
int j;
SYSERROR("Failed to create %s: %s", hierarchies[i]->fullcgpath, strerror(errno));
free(hierarchies[i]->fullcgpath);
-@@ -1378,7 +1396,24 @@ out_free:
+@@ -1400,7 +1418,24 @@ out_free:
return false;
}
{
char pidstr[25];
int i, len;
-@@ -1388,7 +1423,13 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
+@@ -1410,7 +1445,13 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
return false;
for (i = 0; hierarchies[i]; i++) {
"cgroup.procs", NULL);
if (lxc_write_to_file(fullpath, pidstr, len, false) != 0) {
SYSERROR("Failed to enter %s", fullpath);
-@@ -1404,6 +1445,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
+@@ -1426,6 +1467,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
struct chown_data {
struct cgfsng_handler_data *d;
uid_t origuid; // target uid in parent namespace
};
/*
-@@ -1432,13 +1474,20 @@ static int chown_cgroup_wrapper(void *data)
+@@ -1454,13 +1496,20 @@ static int chown_cgroup_wrapper(void *data)
for (i = 0; hierarchies[i]; i++) {
char *fullpath, *path = hierarchies[i]->fullcgpath;
return -1;
}
-@@ -1462,12 +1511,14 @@ static int chown_cgroup_wrapper(void *data)
+@@ -1484,12 +1533,14 @@ static int chown_cgroup_wrapper(void *data)
if (chmod(fullpath, 0664) < 0)
WARN("Error chmoding %s: %m", path);
free(fullpath);
{
struct cgfsng_handler_data *d = hdata;
struct chown_data wrap;
-@@ -1480,6 +1531,7 @@ static bool cgfsns_chown(void *hdata, struct lxc_conf *conf)
+@@ -1502,6 +1553,7 @@ static bool cgfsns_chown(void *hdata, struct lxc_conf *conf)
wrap.d = d;
wrap.origuid = geteuid();
if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap) < 0) {
ERROR("Error requesting cgroup chown in new namespace");
-@@ -1774,12 +1826,15 @@ static bool cgfsng_unfreeze(void *hdata)
+@@ -1796,12 +1848,15 @@ static bool cgfsng_unfreeze(void *hdata)
return true;
}
return h->fullcgpath ? h->fullcgpath + strlen(h->mountpoint) : NULL;
}
-@@ -1814,7 +1869,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
+@@ -1836,7 +1891,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
char *path, *fullpath;
struct hierarchy *h = hierarchies[i];
continue;
diff --git a/src/lxc/cgroups/cgmanager.c b/src/lxc/cgroups/cgmanager.c
-index f2756b0..ac966b6 100644
+index f2756b07..ac966b6f 100644
--- a/src/lxc/cgroups/cgmanager.c
+++ b/src/lxc/cgroups/cgmanager.c
@@ -609,7 +609,7 @@ static inline void cleanup_cgroups(char *path)
return false;
if (!cgm_dbus_connect()) {
diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
-index 78472d4..4d26e72 100644
+index 78472d4f..4d26e720 100644
--- a/src/lxc/cgroups/cgroup.c
+++ b/src/lxc/cgroups/cgroup.c
@@ -80,10 +80,10 @@ void cgroup_destroy(struct lxc_handler *handler)
}
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index 11b251e..f36c6f0 100644
+index 11b251e6..f36c6f02 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -28,6 +28,12 @@
extern int cgroup_num_hierarchies();
extern bool cgroup_get_hierarchies(int i, char ***out);
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
-index b17879b..5ef682f 100644
+index 27c8c084..0eb2741f 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
-@@ -128,15 +128,15 @@ static int fill_sock_name(char *path, int len, const char *name,
+@@ -133,15 +133,15 @@ static int fill_sock_name(char *path, int len, const char *lxcname,
static const char *lxc_cmd_str(lxc_cmd_t cmd)
{
static const char * const cmdname[LXC_CMD_MAX] = {
};
if (cmd >= LXC_CMD_MAX)
-@@ -429,30 +429,28 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
+@@ -437,30 +437,28 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
return lxc_cmd_rsp_send(fd, &rsp);
}
ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
if (ret < 0)
return NULL;
-@@ -471,16 +469,42 @@ char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
+@@ -479,16 +477,42 @@ char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
return cmd.rsp.data;
}
if (!path)
return -1;
rsp.datalen = strlen(path) + 1,
-@@ -491,6 +515,24 @@ static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
+@@ -499,6 +523,24 @@ static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
}
/*
* lxc_cmd_get_config_item: Get config item the running container
*
* @name : name of container to connect to
-@@ -841,16 +883,16 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
+@@ -849,16 +891,16 @@ static int lxc_cmd_process(int fd, struct lxc_cmd_req *req,
typedef int (*callback)(int, struct lxc_cmd_req *, struct lxc_handler *);
callback cb[LXC_CMD_MAX] = {
if (req->cmd >= LXC_CMD_MAX) {
diff --git a/src/lxc/commands.h b/src/lxc/commands.h
-index 184eefa..6430b33 100644
+index 184eefa0..6430b334 100644
--- a/src/lxc/commands.h
+++ b/src/lxc/commands.h
@@ -77,6 +77,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath);
extern char *lxc_cmd_get_name(const char *hashed_sock);
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
-index 8a0702f..5843f97 100644
+index d757bef6..64512193 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -283,7 +283,7 @@ static void exec_criu(struct criu_opts *opts)
if (!p) {
ERROR("failed to get cgroup path for %s", controllers[0]);
goto err;
-@@ -795,7 +795,7 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
+@@ -805,7 +805,7 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
goto out_fini_handler;
}
goto out_fini_handler;
}
diff --git a/src/lxc/start.c b/src/lxc/start.c
-index c2c14a7..e889421 100644
+index bca7f8eb..2d7df0e7 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
-@@ -1104,7 +1104,7 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1115,7 +1115,7 @@ static int lxc_spawn(struct lxc_handler *handler)
cgroups_connected = true;
ERROR("Failed creating cgroups.");
goto out_delete_net;
}
-@@ -1191,10 +1191,10 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1202,10 +1202,10 @@ static int lxc_spawn(struct lxc_handler *handler)
goto out_delete_net;
}
goto out_delete_net;
if (failed_before_rename)
-@@ -1237,6 +1237,21 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1248,6 +1248,21 @@ static int lxc_spawn(struct lxc_handler *handler)
goto out_delete_net;
}
cgroups_connected = false;
--
-2.1.4
+2.11.0
-From af72260927efd412210ec85842e1ef70ccc0c5e8 Mon Sep 17 00:00:00 2001
+From 2b4c8a851ae299a840af3e5e0cdf128ea205b5a4 Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Wed, 16 Nov 2016 09:53:42 +0100
-Subject: [PATCH 6/9] start/initutils: make cgroupns separation level
+Subject: [PATCH 6/8] start/initutils: make cgroupns separation level
configurable
Adds a new global config variable `lxc.cgroup.separate`
3 files changed, 26 insertions(+), 20 deletions(-)
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 8d9016c..0630293 100644
+index 8d9016cd..06302935 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -88,14 +88,15 @@ static char *copy_global_config_value(char *p)
};
diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
-index c021fd6..443ad02 100644
+index c021fd61..443ad026 100644
--- a/src/lxc/initutils.h
+++ b/src/lxc/initutils.h
@@ -43,6 +43,7 @@
extern void lxc_setup_fs(void);
extern const char *lxc_global_config_value(const char *option_name);
diff --git a/src/lxc/start.c b/src/lxc/start.c
-index e889421..4217c5d 100644
+index 2d7df0e7..a909c631 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
-@@ -1050,6 +1050,7 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1061,6 +1061,7 @@ static int lxc_spawn(struct lxc_handler *handler)
int saved_ns_fd[LXC_NS_MAX];
int preserve_mask = 0, i, flags;
int netpipepair[2], nveths;
netpipe = -1;
-@@ -1113,7 +1114,7 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1124,7 +1125,7 @@ static int lxc_spawn(struct lxc_handler *handler)
* it readonly.
* If the container is unprivileged then skip rootfs pinning.
*/
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
if (handler->pinfd == -1)
INFO("Failed to pin the rootfs for container \"%s\".", handler->name);
-@@ -1238,17 +1239,20 @@ static int lxc_spawn(struct lxc_handler *handler)
+@@ -1249,17 +1250,20 @@ static int lxc_spawn(struct lxc_handler *handler)
}
if (cgns_supported()) {
}
--
-2.1.4
+2.11.0
-From 3790507952f3cda5c6dd9bb6f87c80d9b0ddadf7 Mon Sep 17 00:00:00 2001
+From adf5f6720c85fe7059ff98942c136846b16880eb Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 23 Dec 2016 15:57:24 +0100
-Subject: [PATCH 7/9] rename cgroup namespace directory to ns
+Subject: [PATCH 7/8] rename cgroup namespace directory to ns
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index f36c6f0..2c504c8 100644
+index f36c6f02..2c504c81 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -32,7 +32,7 @@
struct lxc_handler;
struct lxc_conf;
--
-2.1.4
+2.11.0
-From 24af6aaf126f63229b3f9289b7dba58b3f07e847 Mon Sep 17 00:00:00 2001
+From eea36cafdc53b5ed2200ea0910f4222bc4e7891f Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
Date: Fri, 10 Feb 2017 10:23:36 +0100
-Subject: [PATCH 8/9] possibility to run lxc-monitord as a regular daemon
+Subject: [PATCH 8/8] possibility to run lxc-monitord as a regular daemon
This includes an lxc-monitord.service, required by
lxc@.service which is now of Type=forking.
create mode 100644 config/init/systemd/lxc-monitord.service.in
diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
-index c448850..4a4fde5 100644
+index c448850d..4a4fde5e 100644
--- a/config/init/systemd/Makefile.am
+++ b/config/init/systemd/Makefile.am
@@ -2,19 +2,21 @@ EXTRA_DIST = \
pkglibexec_SCRIPTS = lxc-apparmor-load
diff --git a/config/init/systemd/lxc-monitord.service.in b/config/init/systemd/lxc-monitord.service.in
new file mode 100644
-index 0000000..4063516
+index 00000000..40635168
--- /dev/null
+++ b/config/init/systemd/lxc-monitord.service.in
@@ -0,0 +1,12 @@
+[Install]
+WantedBy=multi-user.target
diff --git a/config/init/systemd/lxc@.service.in b/config/init/systemd/lxc@.service.in
-index 6b8b5ff..c35526b 100644
+index 6b8b5ff1..c35526b3 100644
--- a/config/init/systemd/lxc@.service.in
+++ b/config/init/systemd/lxc@.service.in
@@ -1,16 +1,17 @@
# Environment=CONSOLETYPE=serial
StandardOutput=syslog
diff --git a/configure.ac b/configure.ac
-index 42ece7a..c6b2a78 100644
+index bd2d82f6..fa3926a9 100644
--- a/configure.ac
+++ b/configure.ac
-@@ -694,6 +694,7 @@ AC_CONFIG_FILES([
+@@ -697,6 +697,7 @@ AC_CONFIG_FILES([
config/init/systemd/lxc.service
config/init/systemd/lxc@.service
config/init/systemd/lxc-net.service
config/init/sysvinit/lxc-containers
config/init/sysvinit/lxc-net
diff --git a/lxc.spec.in b/lxc.spec.in
-index 0e64907..f35d81c 100644
+index 0e64907e..f35d81ca 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -259,6 +259,7 @@ fi
%{_sysconfdir}/rc.d/init.d/lxc
%{_sysconfdir}/rc.d/init.d/lxc-net
diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c
-index 62e2121..ad40dbe 100644
+index 62e21211..ad40dbef 100644
--- a/src/lxc/lxc_monitord.c
+++ b/src/lxc/lxc_monitord.c
@@ -344,16 +344,43 @@ static void lxc_monitord_sig_handler(int sig)
NOTICE("No remaining clients. lxc-monitord is exiting.");
break;
--
-2.1.4
+2.11.0
+++ /dev/null
-From 8095074e1aa2b308d8134638999a0ffe25e12347 Mon Sep 17 00:00:00 2001
-From: Christian Brauner <christian.brauner@ubuntu.com>
-Date: Sat, 28 Jan 2017 13:02:34 +0100
-Subject: [PATCH 9/9] CVE-2017-5985: Ensure target netns is caller-owned
-
-Before this commit, lxc-user-nic could potentially have been tricked into
-operating on a network namespace over which the caller did not hold privilege.
-
-This commit ensures that the caller is privileged over the network namespace by
-temporarily dropping privilege.
-
-Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
-Reported-by: Jann Horn <jannh@google.com>
-Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
----
- src/lxc/lxc_user_nic.c | 119 ++++++++++++++++++++++++++++++++++++-------------
- 1 file changed, 87 insertions(+), 32 deletions(-)
-
-diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
-index 409a53a..96dc398 100644
---- a/src/lxc/lxc_user_nic.c
-+++ b/src/lxc/lxc_user_nic.c
-@@ -50,6 +50,14 @@
- #include "utils.h"
- #include "network.h"
-
-+#define usernic_debug_stream(stream, format, ...) \
-+ do { \
-+ fprintf(stream, "%s: %d: %s: " format, __FILE__, __LINE__, \
-+ __func__, __VA_ARGS__); \
-+ } while (false)
-+
-+#define usernic_error(format, ...) usernic_debug_stream(stderr, format, __VA_ARGS__)
-+
- static void usage(char *me, bool fail)
- {
- fprintf(stderr, "Usage: %s lxcpath name pid type bridge nicname\n", me);
-@@ -670,68 +678,115 @@ again:
- }
-
- #define VETH_DEF_NAME "eth%d"
--
- static int rename_in_ns(int pid, char *oldname, char **newnamep)
- {
-- int fd = -1, ofd = -1, ret, ifindex = -1;
-+ uid_t ruid, suid, euid;
-+ int fret = -1;
-+ int fd = -1, ifindex = -1, ofd = -1, ret;
- bool grab_newname = false;
-
- ofd = lxc_preserve_ns(getpid(), "net");
- if (ofd < 0) {
-- fprintf(stderr, "Failed opening network namespace path for '%d'.", getpid());
-- return -1;
-+ usernic_error("Failed opening network namespace path for '%d'.", getpid());
-+ return fret;
- }
-
- fd = lxc_preserve_ns(pid, "net");
- if (fd < 0) {
-- fprintf(stderr, "Failed opening network namespace path for '%d'.", pid);
-- return -1;
-+ usernic_error("Failed opening network namespace path for '%d'.", pid);
-+ goto do_partial_cleanup;
-+ }
-+
-+ ret = getresuid(&ruid, &euid, &suid);
-+ if (ret < 0) {
-+ usernic_error("Failed to retrieve real, effective, and saved "
-+ "user IDs: %s\n",
-+ strerror(errno));
-+ goto do_partial_cleanup;
-+ }
-+
-+ ret = setns(fd, CLONE_NEWNET);
-+ close(fd);
-+ fd = -1;
-+ if (ret < 0) {
-+ usernic_error("Failed to setns() to the network namespace of "
-+ "the container with PID %d: %s.\n",
-+ pid, strerror(errno));
-+ goto do_partial_cleanup;
- }
-
-- if (setns(fd, 0) < 0) {
-- fprintf(stderr, "setns to container network namespace\n");
-- goto out_err;
-+ ret = setresuid(ruid, ruid, 0);
-+ if (ret < 0) {
-+ usernic_error("Failed to drop privilege by setting effective "
-+ "user id and real user id to %d, and saved user "
-+ "ID to 0: %s.\n",
-+ ruid, strerror(errno));
-+ // COMMENT(brauner): It's ok to jump to do_full_cleanup here
-+ // since setresuid() will succeed when trying to set real,
-+ // effective, and saved to values they currently have.
-+ goto do_full_cleanup;
- }
-- close(fd); fd = -1;
-+
- if (!*newnamep) {
- grab_newname = true;
- *newnamep = VETH_DEF_NAME;
-- if (!(ifindex = if_nametoindex(oldname))) {
-- fprintf(stderr, "failed to get netdev index\n");
-- goto out_err;
-+
-+ ifindex = if_nametoindex(oldname);
-+ if (!ifindex) {
-+ usernic_error("Failed to get netdev index: %s.\n", strerror(errno));
-+ goto do_full_cleanup;
- }
- }
-- if ((ret = lxc_netdev_rename_by_name(oldname, *newnamep)) < 0) {
-- fprintf(stderr, "Error %d renaming netdev %s to %s in container\n", ret, oldname, *newnamep);
-- goto out_err;
-+
-+ ret = lxc_netdev_rename_by_name(oldname, *newnamep);
-+ if (ret < 0) {
-+ usernic_error("Error %d renaming netdev %s to %s in container.\n", ret, oldname, *newnamep);
-+ goto do_full_cleanup;
- }
-+
- if (grab_newname) {
-- char ifname[IFNAMSIZ], *namep = ifname;
-+ char ifname[IFNAMSIZ];
-+ char *namep = ifname;
-+
- if (!if_indextoname(ifindex, namep)) {
-- fprintf(stderr, "Failed to get new netdev name\n");
-- goto out_err;
-+ usernic_error("Failed to get new netdev name: %s.\n", strerror(errno));
-+ goto do_full_cleanup;
- }
-+
- *newnamep = strdup(namep);
- if (!*newnamep)
-- goto out_err;
-+ goto do_full_cleanup;
- }
-- if (setns(ofd, 0) < 0) {
-- fprintf(stderr, "Error returning to original netns\n");
-- close(ofd);
-- return -1;
-+
-+ fret = 0;
-+
-+do_full_cleanup:
-+ ret = setresuid(ruid, euid, suid);
-+ if (ret < 0) {
-+ usernic_error("Failed to restore privilege by setting effective "
-+ "user id to %d, real user id to %d, and saved user "
-+ "ID to %d: %s.\n",
-+ ruid, euid, suid, strerror(errno));
-+ fret = -1;
-+ // COMMENT(brauner): setns() should fail if setresuid() doesn't
-+ // succeed but there's no harm in falling through; keeps the
-+ // code cleaner.
- }
-- close(ofd);
-
-- return 0;
-+ ret = setns(ofd, CLONE_NEWNET);
-+ if (ret < 0) {
-+ usernic_error("Failed to setns() to original network namespace "
-+ "of PID %d: %s.\n",
-+ ofd, strerror(errno));
-+ fret = -1;
-+ }
-
--out_err:
-- if (ofd >= 0)
-- close(ofd);
-- if (setns(ofd, 0) < 0)
-- fprintf(stderr, "Error returning to original network namespace\n");
-+do_partial_cleanup:
- if (fd >= 0)
- close(fd);
-- return -1;
-+ close(ofd);
-+
-+ return fret;
- }
-
- /*
---
-2.1.4
-
0006-start-initutils-make-cgroupns-separation-level-confi.patch
0007-rename-cgroup-namespace-directory-to-ns.patch
0008-possibility-to-run-lxc-monitord-as-a-regular-daemon.patch
-0009-CVE-2017-5985-Ensure-target-netns-is-caller-owned.patch
projects / lxc.git / commitdiff