Merge pull request #1829 from brauner/2017-09-24/stable_2.0_backports

stable 2.0: backports

Merge pull request #1829 from brauner/2017-09-24/stable_2.0_backports
d3cf9a1b · Stéphane Graber · GitHub · 7d9d482b · bab07a29 · d3cf9a1b
Commit d3cf9a1b authored Sep 24, 2017 by Stéphane Graber Committed by GitHub Sep 24, 2017
11 changed files
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1398,6 +1398,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
          <listitem><para> LXC_CONFIG_FILE: the path to the container configuration file. </para></listitem>
          <listitem><para> LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. </para></listitem>
          <listitem><para> LXC_ROOTFS_PATH: this is the lxc.rootfs entry for the container.  Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. </para></listitem>
+          <listitem><para> LXC_CGNS_AWARE: indicated whether the container is cgroup namespace aware.  </para></listitem>
+          <listitem><para> LXC_LOG_LEVEL: the container's log level.  </para></listitem>
        </itemizedlist>
      </para>
      <para>

--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1913,21 +1913,28 @@ static int cgfsng_set(const char *filename, const char *value, const char *name,
 */
 static int lxc_cgroup_set_data(const char *filename, const char *value, struct cgfsng_handler_data *d)
 {
-	char *subsystem = NULL, *p;
+	char *fullpath, *p;
-	int ret = -1;
 	struct hierarchy *h;
+	int ret = 0;
+	char *controller = NULL;
-	subsystem = alloca(strlen(filename) + 1);
+	controller = alloca(strlen(filename) + 1);
-	strcpy(subsystem, filename);
+	strcpy(controller, filename);
-	if ((p = strchr(subsystem, '.')) != NULL)
+	if ((p = strchr(controller, '.')) != NULL)
 		*p = '\0';
-	h = get_hierarchy(subsystem);
+	h = get_hierarchy(controller);
-	if (h) {
+	if (!h) {
-		char *fullpath = must_make_path(h->fullcgpath, filename, NULL);
+		ERROR("Failed to setup limits for the \"%s\" controller. "
+		      "The controller seems to be unused by \"cgfsng\" cgroup "
+		      "driver or not enabled on the cgroup hierarchy",
+		      controller);
+		return -1;
+	}
+	fullpath = must_make_path(h->fullcgpath, filename, NULL);
 	ret = lxc_write_to_file(fullpath, value, strlen(value), false);
 	free(fullpath);
-	}
 	return ret;
 }

--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -723,7 +723,7 @@ static const struct dev_symlinks dev_symlinks[] = {
 	{"/proc/self/fd/2",	"stderr"},
 };
-static int setup_dev_symlinks(const struct lxc_rootfs *rootfs)
+static int lxc_setup_dev_symlinks(const struct lxc_rootfs *rootfs)
 {
 	char path[MAXPATHLEN];
 	int ret,i;
@@ -3159,8 +3159,10 @@ int lxc_setup(struct lxc_handler *handler)
 		}
 	}
-	if (!lxc_conf->is_execute && lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console, lxc_conf->ttydir)) {
+	ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console,
-		ERROR("failed to setup the console for '%s'", name);
+				lxc_conf->ttydir);
+	if (ret < 0) {
+		ERROR("Failed to setup console");
 		return -1;
 	}
@@ -3169,8 +3171,9 @@ int lxc_setup(struct lxc_handler *handler)
 			ERROR("failed to setup kmsg for '%s'", name);
 	}
-	if (!lxc_conf->is_execute && setup_dev_symlinks(&lxc_conf->rootfs)) {
+	ret = lxc_setup_dev_symlinks(&lxc_conf->rootfs);
-		ERROR("failed to setup /dev symlinks for '%s'", name);
+	if (ret < 0) {
+		ERROR("Failed to setup /dev symlinks");
 		return -1;
 	}

--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2299,44 +2299,51 @@ struct parse_line_conf {
 static int parse_line(char *buffer, void *data)
 {
-	struct lxc_config_t *config;
 	char *dot, *key, *line, *linep, *value;
-	struct parse_line_conf *plc = data;
+	bool empty_line;
+	struct lxc_config_t *config;
 	int ret = 0;
+	char *dup = buffer;
+	struct parse_line_conf *plc = data;
-	if (lxc_is_line_empty(buffer))
+	/* If there are newlines in the config file we should keep them. */
-		return 0;
+	empty_line = lxc_is_line_empty(dup);
+	if (empty_line)
+		dup = "\n";
 	/* we have to dup the buffer otherwise, at the re-exec for
 	 * reboot we modified the original string on the stack by
 	 * replacing '=' by '\0' below
 	 */
 	linep = line = strdup(buffer);
-	if (!line) {
+	if (!line)
-		SYSERROR("failed to allocate memory for '%s'", buffer);
 		return -1;
+	if (!plc->from_include) {
+		ret = append_unexp_config_line(line, plc->conf);
+		if (ret < 0)
+			goto on_error;
 	}
-	if (!plc->from_include)
+	if (empty_line)
-		if ((ret = append_unexp_config_line(line, plc->conf)))
+		return 0;
-			goto out;
 	line += lxc_char_left_gc(line, strlen(line));
 	/* ignore comments */
 	if (line[0] == '#')
-		goto out;
+		goto on_error;
 	/* martian option - don't add it to the config itself */
 	if (strncmp(line, "lxc.", 4))
-		goto out;
+		goto on_error;
 	ret = -1;
-	dot = strstr(line, "=");
+	dot = strchr(line, '=');
 	if (!dot) {
-		ERROR("invalid configuration line: %s", line);
+		ERROR("Invalid configuration line: %s", line);
-		goto out;
+		goto on_error;
 	}
 	*dot = '\0';
@@ -2358,13 +2365,13 @@ static int parse_line(char *buffer, void *data)
 	config = lxc_getconfig(key);
 	if (!config) {
-		ERROR("unknown key %s", key);
+		ERROR("Unknown configuration key \"%s\"", key);
-		goto out;
+		goto on_error;
 	}
 	ret = config->set(key, value, plc->conf, data);
-out:
+on_error:
 	free(linep);
 	return ret;
 }

--- a/src/lxc/console.c
+++ b/src/lxc/console.c
@@ -228,11 +228,6 @@ extern int lxc_console_mainloop_add(struct lxc_epoll_descr *descr,
 {
 	struct lxc_console *console = &conf->console;
-	if (conf->is_execute) {
-		INFO("no console for lxc-execute.");
-		return 0;
-	}
 	if (!conf->rootfs.path) {
 		INFO("no rootfs, no console.");
 		return 0;
@@ -526,11 +521,6 @@ int lxc_console_create(struct lxc_conf *conf)
 	struct lxc_console *console = &conf->console;
 	int ret;
-	if (conf->is_execute) {
-		INFO("not allocating a console device for lxc-execute.");
-		return 0;
-	}
 	if (!conf->rootfs.path) {
 		INFO("container does not have a rootfs, console device will be shared with the host");
 		return 0;

--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -922,7 +922,6 @@ int netdev_get_mtu(int ifindex)
 			goto out;
 		recv_len = err;
-		err = 0;
 		/* Satisfy the typing for the netlink macros */
 		msg = answer->nlmsghdr;
@@ -1363,7 +1362,6 @@ int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr)
 	data = (unsigned char *)sockaddr->sa_data;
 	while ((*macaddr != '\0') && (i < ETH_ALEN)) {
-	    val = 0;
 	    c = *macaddr++;
 	    if (isdigit(c))
 		    val = c - '0';

--- a/src/lxc/storage/aufs.c
+++ b/src/lxc/storage/aufs.c
@@ -136,8 +136,8 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 		rdata.src = odelta;
 		rdata.dest = ndelta;
 		if (am_unpriv())
-			ret = userns_exec_1(conf, rsync_delta_wrapper, &rdata,
+			ret = userns_exec_full(conf, rsync_delta_wrapper,
-					    "rsync_delta_wrapper");
+					       &rdata, "rsync_delta_wrapper");
 		else
 			ret = rsync_delta(&rdata);
 		if (ret) {

--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -397,7 +397,7 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
 			return btrfs_snapshot(orig->dest, new->dest);
 		sdata.dest = new->dest;
 		sdata.src = orig->dest;
-		return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata,
+		return userns_exec_full(conf, btrfs_snapshot_wrapper, &sdata,
 					"btrfs_snapshot_wrapper");
 	}

--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -752,7 +752,7 @@ static int ovl_do_rsync(struct lxc_storage *orig, struct lxc_storage *new,
 	rdata.orig = orig;
 	rdata.new = new;
 	if (am_unpriv())
-		ret = userns_exec_1(conf, ovl_rsync_wrapper, &rdata,
+		ret = userns_exec_full(conf, ovl_rsync_wrapper, &rdata,
 				       "ovl_rsync_wrapper");
 	else
 		ret = ovl_rsync(&rdata);

--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -312,9 +312,14 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
 	const char *oldpath = c0->config_path;
 	struct rsync_data data;
-	/* if the container name doesn't show up in the rootfs path, then
+	/* If the container name doesn't show up in the rootfs path, then we
-	 * we don't know how to come up with a new name
+	 * don't know how to come up with a new name.
 	 */
+	if (!src) {
+		ERROR("No rootfs specified");
+		return NULL;
+	}
 	if (strstr(src, oldname) == NULL) {
 		ERROR(
 		    "original rootfs path %s doesn't include container name %s",
@@ -454,8 +459,8 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
 	data.orig = orig;
 	data.new = new;
 	if (am_unpriv())
-		ret = userns_exec_1(c0->lxc_conf, rsync_rootfs_wrapper, &data,
+		ret = userns_exec_full(c0->lxc_conf, rsync_rootfs_wrapper,
-				    "rsync_rootfs_wrapper");
+				       &data, "rsync_rootfs_wrapper");
 	else
 		ret = rsync_rootfs(&data);

--- a/src/lxc/storage/storage.h
+++ b/src/lxc/storage/storage.h
@@ -128,7 +128,6 @@ extern struct lxc_storage *storage_create(const char *dest, const char *type,
 extern void storage_put(struct lxc_storage *bdev);
 extern bool storage_destroy(struct lxc_conf *conf);
-/* callback function to be used with userns_exec_1() */
 extern int storage_destroy_wrapper(void *data);
 extern bool rootfs_is_blockdev(struct lxc_conf *conf);