Li Feng [Mon, 10 Jul 2017 09:19:52 +0000 (17:19 +0800)]
start: dup std{in,out,err} to pty slave
In the case the container has a console with a valid slave pty file descriptor
we duplicate std{in,out,err} to the slave file descriptor so console logging
works correctly. When the container does not have a valid slave pty file
descriptor for its console and is started daemonized we should dup to
/dev/null.
Closes #1646.
Signed-off-by: Li Feng <lifeng68@huawei.com> Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This adds a little more flexibility to the state server. The idea is to have a
command socket function "lxc_cmd_add_state_client()" whose only task is to add
a new state client to the container's in-memory handler. This function returns
either the state of the container if it is already in the requested state or it
will return the newly registered client's fd in one of its arguments to the
caller. We then provide a separate helper function "lxc_cmd_sock_rcv_state()"
which can be passed the returned client fd and listens on the fd for the
requested state.
This is useful when we want to first register a client, then send a signal to
the container and wait for a state. This ensure that the client fd is
registered before the signal can have any effect and can e.g. be used to catch
something like the "STOPPING" state that is very ephemeral.
Additionally we provide a convenience function "lxc_cmd_sock_get_state()" which
combines both tasks and is used in e.g. "lxc_wait()".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Add a test to see if we can start daemonized containers that have a very
short-lived init process. The point of this is to see whether we can correctly
retrieve the state.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Since we killed lxc-monitord we rely on the container's command socket to wait
for the container. This doesn't work nicely on daemonized startup since a
container's init process might be something that is so short-lived that we
won't even be able to add a state client before the mainloop closes. But the
container might still have been RUNNING and executed the init binary correctly.
In this case we would erroneously report that the container failed to start
when it actually started just fine.
This commit ensures that we really all cases where the container successfully
ran by switching to a short-lived per-container anonymous unix socket pair that
uses credentials to pass container states around. It is immediately closed once
the container has started successfully.
This should also make daemonized container start way more robust since we don't
rely on the command socket handler to be running.
For the experienced developer: Yes, I did think about utilizing the command
socket directly for this. The problem is that when the mainloop starts it may
end up end accept()ing the connection that we want
do_wait_on_daemonized_start() to accept() so this won't work and might cause us
to hang indefinitely. The same problem arises when the container fails to start
before the mainloop is created. In this case we would hang indefinitely as
well.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Long Wang [Sat, 8 Jul 2017 02:29:57 +0000 (10:29 +0800)]
af_unix: remove unlink operation
It is not necessary to unlink the abstract socket pathname when
we have finished using the socket. The abstract name is automatically
removed when the socket is closed.
This patch allows users to start containers in AppArmor namespaces.
Users can define their own profiles for their containers, but
lxc-start must be allowed to change to a namespace.
A container configuration file can wrap a container in an AppArmor
profile using lxc.aa_profile.
A process in an AppArmor namespace is restricted to view
or manage only the profiles belonging to this namespace, as if no
other profiles existed. A namespace can be created as follow:
sudo mkdir /sys/kernel/security/apparmor/policy/namespaces/$NAMESPACE
AppArmor can stack profiles so that the contained process is bound
by the intersection of all profiles of the stack. This is achieved
using the '//&' operator as follow:
In this case, even the guest process appears unconfined in the
namespace, it is still confined by $PROFILE.
A guest allowed to access "/sys/kernel/security/apparmor/** rwklix,"
will be able to manage its own profile set, while still being
enclosed in the topmost profile $PROFILE:
Different guests can be assigned the same namespace or different
namespaces. In the first case, they will share their profiles.
In the second case, they will have distinct sets of profiles.
use cppcheck tools `cppcheck --enable=warning .` on lxc source directory.
This patch fix the following warnning
```
[src/lxc/cgroups/cgfs.c:794]: (warning) %ld in format string (no. 3) requires 'long' but the argument type is 'unsigned long'.
[src/lxc/confile.c:4441]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int'.
[src/lxc/confile.c:4502]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int'.
[src/lxc/confile_legacy.c:921]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int'.
[src/lxc/confile_legacy.c:938]: (warning) %d in format string (no. 2) requires 'int' but the argument type is 'unsigned int'.
[src/lxc/lxclock.c:63]: (warning) %zd in format string (no. 1) requires 'ssize_t' but the argument type is 'size_t {aka unsigned long}'.
[src/lxc/tools/lxc_info.c:118]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_info.c:118]: (warning) %u in format string (no. 2) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_info.c:123]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_info.c:127]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_info.c:130]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_top.c:212]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_top.c:212]: (warning) %u in format string (no. 2) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_top.c:217]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_top.c:221]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
[src/lxc/tools/lxc_top.c:224]: (warning) %u in format string (no. 1) requires 'unsigned int' but the argument type is 'signed int'.
```
Added '--apt-conf' argument for ALTLinux template.
Added [-a|--apt-conf] parameter for selection of exact package
providing 'apt-conf'. By default 'apt-conf-sisyphus' is used for
Sisyphus and 'apt-conf-branch' for the rest of branches.
start: send state to legacy lxc-monitord state server even if no state clients registered
This pr https://github.com/lxc/lxc/pull/1618 kill lxc-monitord, for backwards compatibility,
we also send state to legacy lxc-monitord state server in function `lxc_set_state`.
we should also send state if there is no state clients registered, otherwise `lxc-monitor` client will
not get state change event if container changed state to `STARTING` or `RUNNING`.