1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
-index cd619967..77541917 100644
+index cd6199671..77541917e 100644
--- a/config/init/systemd/lxc.service.in
+++ b/config/init/systemd/lxc.service.in
@@ -1,6 +1,6 @@
Documentation=man:lxc-autostart man:lxc
--
-2.11.0
+2.20.1
1 file changed, 5 insertions(+)
diff --git a/src/lxc/network.c b/src/lxc/network.c
-index d0f14e63..9337ad4d 100644
+index d0f14e632..9337ad4d9 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -195,6 +195,11 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
DEBUG("Instantiated veth \"%s/%s\", index is \"%d\"", veth1, veth2,
--
-2.11.0
+2.20.1
2 files changed, 10 insertions(+), 2 deletions(-)
diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base
-index 07747655..fbd70fdf 100644
+index 077476559..fbd70fdf5 100644
--- a/config/apparmor/abstractions/container-base
+++ b/config/apparmor/abstractions/container-base
@@ -82,7 +82,6 @@
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in
-index 1a3ead89..39abf348 100644
+index 1a3ead89a..39abf348c 100644
--- a/config/apparmor/abstractions/container-base.in
+++ b/config/apparmor/abstractions/container-base.in
@@ -82,7 +82,6 @@
# FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.
# mount options=(rw,make-slave) -> **,
--
-2.11.0
+2.20.1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
- src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++++++++---------
- src/lxc/cgroups/cgroup.h | 18 +++++++---
- src/lxc/commands.c | 87 +++++++++++++++++++++++++++++++++-----------
- src/lxc/commands.h | 2 ++
- src/lxc/criu.c | 4 +--
- src/lxc/start.c | 28 +++++++++++----
+ src/lxc/cgroups/cgfsng.c | 94 +++++++++++++++++++++++++++++++++-------
+ src/lxc/cgroups/cgroup.h | 18 ++++++--
+ src/lxc/commands.c | 87 ++++++++++++++++++++++++++++---------
+ src/lxc/commands.h | 2 +
+ src/lxc/criu.c | 4 +-
+ src/lxc/start.c | 28 +++++++++---
6 files changed, 183 insertions(+), 50 deletions(-)
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
-index ab99b47c..ac8f469b 100644
+index ab99b47c5..ac8f469bb 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -818,6 +818,7 @@ static struct hierarchy *add_hierarchy(struct hierarchy ***h, char **clist, char
if (!path)
continue;
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index d4dcd506..59445b5a 100644
+index d4dcd506b..59445b5a5 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -32,6 +32,12 @@
const char *lxcpath, pid_t pid);
bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler,
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
-index 133384d7..b41a7600 100644
+index 133384d72..b41a76000 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -427,20 +427,8 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
if (cgroup_ops->unfreeze(cgroup_ops))
diff --git a/src/lxc/commands.h b/src/lxc/commands.h
-index 2c024b65..7c4c00b1 100644
+index 2c024b65d..7c4c00b1e 100644
--- a/src/lxc/commands.h
+++ b/src/lxc/commands.h
@@ -88,6 +88,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath);
extern char *lxc_cmd_get_name(const char *hashed_sock);
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
-index 3d857b54..ec9bcb7e 100644
+index 3d857b541..ec9bcb7e4 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -332,7 +332,7 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
goto out_fini_handler;
}
diff --git a/src/lxc/start.c b/src/lxc/start.c
-index dae3bcfe..f3b29d6c 100644
+index dae3bcfe5..f3b29d6cd 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1649,7 +1649,7 @@ static int lxc_spawn(struct lxc_handler *handler)
/* Now we're ready to preserve the cgroup namespace */
ret = lxc_try_preserve_ns(handler->pid, "cgroup");
--
-2.11.0
+2.20.1
3 files changed, 24 insertions(+), 19 deletions(-)
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
-index 11c80866..8b5e2542 100644
+index 11c808662..8b5e2542a 100644
--- a/src/lxc/initutils.c
+++ b/src/lxc/initutils.c
@@ -63,14 +63,15 @@ static char *copy_global_config_value(char *p)
};
diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
-index 6bf23a70..b542e601 100644
+index 6bf23a706..b542e6015 100644
--- a/src/lxc/initutils.h
+++ b/src/lxc/initutils.h
@@ -42,6 +42,7 @@
#ifndef PR_SET_MM
#define PR_SET_MM 35
diff --git a/src/lxc/start.c b/src/lxc/start.c
-index f3b29d6c..1cf792aa 100644
+index f3b29d6cd..1cf792aa2 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1820,17 +1820,20 @@ static int lxc_spawn(struct lxc_handler *handler)
}
--
-2.11.0
+2.20.1
2 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
-index 59445b5a..7d6135c1 100644
+index 59445b5a5..7d6135c19 100644
--- a/src/lxc/cgroups/cgroup.h
+++ b/src/lxc/cgroups/cgroup.h
@@ -36,7 +36,7 @@
struct lxc_handler;
struct lxc_conf;
diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
-index b542e601..78d3f2b1 100644
+index b542e6015..78d3f2b10 100644
--- a/src/lxc/initutils.h
+++ b/src/lxc/initutils.h
@@ -42,7 +42,7 @@
#ifndef PR_SET_MM
#define PR_SET_MM 35
--
-2.11.0
+2.20.1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
---
.gitignore | 1 +
- config/init/systemd/Makefile.am | 10 +++--
- config/init/systemd/lxc-monitord.service.in | 12 ++++++
+ config/init/systemd/Makefile.am | 10 ++--
+ config/init/systemd/lxc-monitord.service.in | 12 +++++
configure.ac | 1 +
lxc.spec.in | 1 +
- src/lxc/cmd/lxc_monitord.c | 60 +++++++++++++++++++++--------
+ src/lxc/cmd/lxc_monitord.c | 60 +++++++++++++++------
6 files changed, 64 insertions(+), 21 deletions(-)
create mode 100644 config/init/systemd/lxc-monitord.service.in
diff --git a/.gitignore b/.gitignore
-index 45377714..69e6e7ff 100644
+index 45377714c..69e6e7ffe 100644
--- a/.gitignore
+++ b/.gitignore
@@ -116,6 +116,7 @@ config/bash/lxc
config/init/systemd/lxc.service
config/init/systemd/lxc@.service
diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
-index c448850d..4a4fde5e 100644
+index c448850d1..4a4fde5e7 100644
--- a/config/init/systemd/Makefile.am
+++ b/config/init/systemd/Makefile.am
@@ -2,19 +2,21 @@ EXTRA_DIST = \
pkglibexec_SCRIPTS = lxc-apparmor-load
diff --git a/config/init/systemd/lxc-monitord.service.in b/config/init/systemd/lxc-monitord.service.in
new file mode 100644
-index 00000000..40635168
+index 000000000..406351688
--- /dev/null
+++ b/config/init/systemd/lxc-monitord.service.in
@@ -0,0 +1,12 @@
+[Install]
+WantedBy=multi-user.target
diff --git a/configure.ac b/configure.ac
-index 9a6ba83c..9f3b8fb3 100644
+index 9a6ba83c2..9f3b8fb3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -747,6 +747,7 @@ AC_CONFIG_FILES([
config/init/sysvinit/lxc-containers
config/init/sysvinit/lxc-net
diff --git a/lxc.spec.in b/lxc.spec.in
-index 7fcd811f..59597f46 100644
+index 7fcd811ff..59597f469 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -247,6 +247,7 @@ fi
%{_sysconfdir}/rc.d/init.d/lxc
%{_sysconfdir}/rc.d/init.d/lxc-net
diff --git a/src/lxc/cmd/lxc_monitord.c b/src/lxc/cmd/lxc_monitord.c
-index 3b931b36..d3cc3597 100644
+index 3b931b361..d3cc35978 100644
--- a/src/lxc/cmd/lxc_monitord.c
+++ b/src/lxc/cmd/lxc_monitord.c
@@ -359,17 +359,44 @@ static void lxc_monitord_sig_handler(int sig)
ERROR("mainloop returned an error");
break;
--
-2.11.0
+2.20.1
1 file changed, 9 insertions(+), 9 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
-index 1cf792aa..24f387de 100644
+index 1cf792aa2..24f387de6 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -1954,15 +1954,15 @@ int __lxc_start(const char *name, struct lxc_handler *handler,
if (geteuid() == 0 && !lxc_list_empty(&conf->id_map)) {
/* If the backing store is a device, mount it here and now. */
--
-2.11.0
+2.20.1
--- /dev/null
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Wolfgang Bumiller <w.bumiller@proxmox.com>
+Date: Tue, 13 Aug 2019 13:57:22 +0200
+Subject: [PATCH] PVE: [Config] attach: always use getent
+
+In debian buster, some libnss plugins (if installed) can
+cause getpwent to segfault instead of erroring out cleanly.
+To avoid this, stick to always using getent.
+
+Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
+---
+ src/lxc/attach.c | 29 ++---------------------------
+ 1 file changed, 2 insertions(+), 27 deletions(-)
+
+diff --git a/src/lxc/attach.c b/src/lxc/attach.c
+index 117e3778f..8b34a412e 100644
+--- a/src/lxc/attach.c
++++ b/src/lxc/attach.c
+@@ -1548,11 +1548,7 @@ int lxc_attach_run_command(void *payload)
+ int lxc_attach_run_shell(void* payload)
+ {
+ uid_t uid;
+- struct passwd pwent;
+- struct passwd *pwentp = NULL;
+ char *user_shell;
+- char *buf;
+- size_t bufsize;
+ int ret;
+
+ /* Ignore payload parameter. */
+@@ -1560,32 +1556,13 @@ int lxc_attach_run_shell(void* payload)
+
+ uid = getuid();
+
+- bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
+- if (bufsize == -1)
+- bufsize = 1024;
+-
+- buf = malloc(bufsize);
+- if (buf) {
+- ret = getpwuid_r(uid, &pwent, buf, bufsize, &pwentp);
+- if (!pwentp) {
+- if (ret == 0)
+- WARN("Could not find matched password record");
+-
+- WARN("Failed to get password record - %u", uid);
+- }
+- }
+-
+ /* This probably happens because of incompatible nss implementations in
+ * host and container (remember, this code is still using the host's
+ * glibc but our mount namespace is in the container) we may try to get
+ * the information by spawning a [getent passwd uid] process and parsing
+ * the result.
+ */
+- if (!pwentp)
+- user_shell = lxc_attach_getpwshell(uid);
+- else
+- user_shell = pwent.pw_shell;
+-
++ user_shell = lxc_attach_getpwshell(uid);
+ if (user_shell)
+ execlp(user_shell, user_shell, (char *)NULL);
+
+@@ -1595,9 +1572,7 @@ int lxc_attach_run_shell(void* payload)
+ execlp("/bin/sh", "/bin/sh", (char *)NULL);
+
+ SYSERROR("Failed to execute shell");
+- if (!pwentp)
+- free(user_shell);
++ free(user_shell);
+
+- free(buf);
+ return -1;
+ }
+--
+2.20.1
+
pve/0007-PVE-Up-possibility-to-run-lxc-monitord-as-a-regular-.patch
pve/0008-PVE-Config-Disable-lxc.monitor-cgroup.patch
pve/0009-init-add-ExecReload-to-lxc.service-to-only-reload-pr.patch
+pve/0010-PVE-Config-attach-always-use-getent.patch
extra/0001-conf-use-SYSERROR-on-lxc_write_to_file-errors.patch
extra/0002-Revert-conf-remove-extra-MS_BIND-with-sysfs-mixed.patch
extra/0003-CVE-2019-5736-runC-rexec-callers-as-memfd.patch
projects / lxc.git / commitdiff