Merge pull request #1768 from brauner/2017-08-29/stable_2.0_cherry_picks

stable 2.0: cherry picks

Merge pull request #1768 from brauner/2017-08-29/stable_2.0_cherry_picks
d3e7b8ad · Stéphane Graber · GitHub · d99d8dbc · 4d26f247 · d3e7b8ad
Commit d3e7b8ad authored Aug 29, 2017 by Stéphane Graber Committed by GitHub Aug 29, 2017
11 changed files
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
--- a/src/lxc/attach.h
+++ b/src/lxc/attach.h
@@ -24,8 +24,8 @@
 #ifndef __LXC_ATTACH_H
 #define __LXC_ATTACH_H

-#include <sys/types.h>
 #include <lxc/attach_options.h>
+#include <sys/types.h>

 struct lxc_conf;

@@ -36,6 +36,8 @@ struct lxc_proc_context_info {
 	unsigned long long capability_mask;
 };

-extern int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_function, void* exec_payload, lxc_attach_options_t* options, pid_t* attached_process);
+extern int lxc_attach(const char *name, const char *lxcpath,
+		      lxc_attach_exec_t exec_function, void *exec_payload,
+		      lxc_attach_options_t *options, pid_t *attached_process);

-#endif
+#endif /* __LXC_ATTACH_H */
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1176,6 +1176,7 @@ out_free:

 static int cgroup_rmdir(char *dirname)
 {
+	int ret;
 	struct dirent *direntp;
 	DIR *dir;
 	int r = 0;
@@ -1185,8 +1186,8 @@ static int cgroup_rmdir(char *dirname)
 		return -1;

 	while ((direntp = readdir(dir))) {
-		struct stat mystat;
 		char *pathname;
+		struct stat mystat;

 		if (!direntp)
 			break;
@@ -1197,32 +1198,40 @@ static int cgroup_rmdir(char *dirname)

 		pathname = must_make_path(dirname, direntp->d_name, NULL);

-		if (lstat(pathname, &mystat)) {
+		ret = lstat(pathname, &mystat);
+		if (ret < 0) {
 			if (!r)
-				WARN("failed to stat %s", pathname);
+				WARN("Failed to stat %s", pathname);
 			r = -1;
 			goto next;
 		}

 		if (!S_ISDIR(mystat.st_mode))
 			goto next;
-		if (cgroup_rmdir(pathname) < 0)
+
+		ret = cgroup_rmdir(pathname);
+		if (ret < 0)
 			r = -1;
 next:
 		free(pathname);
 	}

-	if (rmdir(dirname) < 0) {
+	ret = rmdir(dirname);
+	if (ret < 0) {
 		if (!r)
-			WARN("failed to delete %s: %s", dirname, strerror(errno));
+			WARN("Failed to delete \"%s\": %s", dirname,
+			     strerror(errno));
 		r = -1;
 	}

-	if (closedir(dir) < 0) {
+	ret = closedir(dir);
+	if (ret < 0) {
 		if (!r)
-			WARN("failed to delete %s: %s", dirname, strerror(errno));
+			WARN("Failed to delete \"%s\": %s", dirname,
+			     strerror(errno));
 		r = -1;
 	}
+
 	return r;
 }


--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -43,103 +43,6 @@ typedef void * scmp_filter_ctx;
 #define subuidfile "/etc/subuid"
 #define subgidfile "/etc/subgid"

-enum {
-	LXC_NET_EMPTY,
-	LXC_NET_VETH,
-	LXC_NET_MACVLAN,
-	LXC_NET_PHYS,
-	LXC_NET_VLAN,
-	LXC_NET_NONE,
-	LXC_NET_MAXCONFTYPE,
-};
-
-/*
- * Defines the structure to configure an ipv4 address
- * @address   : ipv4 address
- * @broadcast : ipv4 broadcast address
- * @mask      : network mask
- */
-struct lxc_inetdev {
-	struct in_addr addr;
-	struct in_addr bcast;
-	unsigned int prefix;
-};
-
-struct lxc_route {
-	struct in_addr addr;
-};
-
-/*
- * Defines the structure to configure an ipv6 address
- * @flags     : set the address up
- * @address   : ipv6 address
- * @broadcast : ipv6 broadcast address
- * @mask      : network mask
- */
-struct lxc_inet6dev {
-	struct in6_addr addr;
-	struct in6_addr mcast;
-	struct in6_addr acast;
-	unsigned int prefix;
-};
-
-struct lxc_route6 {
-	struct in6_addr addr;
-};
-
-struct ifla_veth {
-	char *pair; /* pair name */
-	char veth1[IFNAMSIZ]; /* needed for deconf */
-};
-
-struct ifla_vlan {
-	unsigned int   flags;
-	unsigned int   fmask;
-	unsigned short   vid;
-	unsigned short   pad;
-};
-
-struct ifla_macvlan {
-	int mode; /* private, vepa, bridge, passthru */
-};
-
-union netdev_p {
-	struct ifla_veth veth_attr;
-	struct ifla_vlan vlan_attr;
-	struct ifla_macvlan macvlan_attr;
-};
-
-/*
- * Defines a structure to configure a network device
- * @link       : lxc.network.link, name of bridge or host iface to attach if any
- * @name       : lxc.network.name, name of iface on the container side
- * @flags      : flag of the network device (IFF_UP, ... )
- * @ipv4       : a list of ipv4 addresses to be set on the network device
- * @ipv6       : a list of ipv6 addresses to be set on the network device
- * @upscript   : a script filename to be executed during interface configuration
- * @downscript : a script filename to be executed during interface destruction
- * @idx        : network counter
- */
-struct lxc_netdev {
-	unsigned int idx;
-	int type;
-	int flags;
-	int ifindex;
-	char *link;
-	char *name;
-	char *hwaddr;
-	char *mtu;
-	union netdev_p priv;
-	struct lxc_list ipv4;
-	struct lxc_list ipv6;
-	struct in_addr *ipv4_gateway;
-	bool ipv4_gateway_auto;
-	struct in6_addr *ipv6_gateway;
-	bool ipv6_gateway_auto;
-	char *upscript;
-	char *downscript;
-};
-
 /*
 * Defines a generic struct to configure the control group.
 * It is up to the programmer to specify the right subsystem.
@@ -282,16 +185,20 @@ enum {
 * @lsm_se_context : selinux type to switch to or NULL
 */
 enum lxchooks {
-	LXCHOOK_PRESTART, LXCHOOK_PREMOUNT, LXCHOOK_MOUNT, LXCHOOK_AUTODEV,
-	LXCHOOK_START, LXCHOOK_STOP, LXCHOOK_POSTSTOP, LXCHOOK_CLONE, LXCHOOK_DESTROY,
-	NUM_LXC_HOOKS};
-extern char *lxchook_names[NUM_LXC_HOOKS];
-
-struct saved_nic {
-	int ifindex;
-	char *orig_name;
+	LXCHOOK_PRESTART,
+	LXCHOOK_PREMOUNT,
+	LXCHOOK_MOUNT,
+	LXCHOOK_AUTODEV,
+	LXCHOOK_START,
+	LXCHOOK_STOP,
+	LXCHOOK_POSTSTOP,
+	LXCHOOK_CLONE,
+	LXCHOOK_DESTROY,
+	NUM_LXC_HOOKS
 };

+extern char *lxchook_names[NUM_LXC_HOOKS];
+
 struct lxc_conf {
 	int is_execute;
 	char *fstab;
@@ -400,15 +307,7 @@ extern struct lxc_conf *lxc_conf_init(void);
 extern void lxc_conf_free(struct lxc_conf *conf);

 extern int pin_rootfs(const char *rootfs);
-
-extern int lxc_requests_empty_network(struct lxc_handler *handler);
-extern int lxc_create_network(struct lxc_handler *handler);
-extern bool lxc_delete_network(struct lxc_handler *handler);
-extern int lxc_assign_network(const char *lxcpath, char *lxcname,
-			      struct lxc_list *networks, pid_t pid);
 extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid);
-extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
-
 extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
 extern void lxc_delete_tty(struct lxc_tty_info *tty_info);

@@ -435,9 +334,6 @@ extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,

 struct cgroup_process_info;
 extern int lxc_setup(struct lxc_handler *handler);
-
-extern void lxc_restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf);
-
 extern int find_unmapped_nsid(struct lxc_conf *conf, enum idtype idtype);
 extern int mapped_hostid(unsigned id, struct lxc_conf *conf, enum idtype idtype);
 extern int chown_mapped_root(char *path, struct lxc_conf *conf);
@@ -449,9 +345,11 @@ extern int parse_mntopts(const char *mntopts, unsigned long *mntflags,
 extern void tmp_proc_unmount(struct lxc_conf *lxc_conf);
 void remount_all_slave(void);
 extern void suggest_default_idmap(void);
-FILE *make_anonymous_mount_file(struct lxc_list *mount);
-struct lxc_list *sort_cgroup_settings(struct lxc_list* cgroup_settings);
-unsigned long add_required_remount_flags(const char *s, const char *d,
-		unsigned long flags);
-
-#endif
+extern FILE *make_anonymous_mount_file(struct lxc_list *mount);
+extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings);
+extern unsigned long add_required_remount_flags(const char *s, const char *d,
+						unsigned long flags);
+extern int run_script(const char *name, const char *section, const char *script,
+		      ...);
+
+#endif /* __LXC_CONF_H */
--- a/src/lxc/confile_utils.c
+++ b/src/lxc/confile_utils.c
@@ -29,6 +29,8 @@
 #include "error.h"
 #include "log.h"
 #include "list.h"
+#include "network.h"
+#include "parse.h"
 #include "utils.h"

 lxc_log_define(lxc_confile_utils, lxc);
@@ -253,7 +255,8 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf)
 	lxc_list_for_each(it, &conf->network) {
 		netdev = it->elem;

-		TRACE("index: %d", netdev->idx);
+		TRACE("index: %zd", netdev->idx);
+		TRACE("ifindex: %d", netdev->ifindex);
 		switch (netdev->type) {
 		case LXC_NET_VETH:
 			TRACE("type: veth");

--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -23,9 +23,121 @@
 #ifndef __LXC_NETWORK_H
 #define __LXC_NETWORK_H

+#include <stdbool.h>
+#include <stdio.h>
+#include <unistd.h>
+#include <arpa/inet.h>
+#include <sys/socket.h>
+
+#include "list.h"
+
+struct lxc_conf;
+struct lxc_handler;
+struct lxc_netdev;
+
+enum {
+	LXC_NET_EMPTY,
+	LXC_NET_VETH,
+	LXC_NET_MACVLAN,
+	LXC_NET_PHYS,
+	LXC_NET_VLAN,
+	LXC_NET_NONE,
+	LXC_NET_MAXCONFTYPE,
+};
+
 /*
- * Convert a string mac address to a socket structure
+ * Defines the structure to configure an ipv4 address
+ * @address   : ipv4 address
+ * @broadcast : ipv4 broadcast address
+ * @mask      : network mask
 */
+struct lxc_inetdev {
+	struct in_addr addr;
+	struct in_addr bcast;
+	unsigned int prefix;
+};
+
+struct lxc_route {
+	struct in_addr addr;
+};
+
+/*
+ * Defines the structure to configure an ipv6 address
+ * @flags     : set the address up
+ * @address   : ipv6 address
+ * @broadcast : ipv6 broadcast address
+ * @mask      : network mask
+ */
+struct lxc_inet6dev {
+	struct in6_addr addr;
+	struct in6_addr mcast;
+	struct in6_addr acast;
+	unsigned int prefix;
+};
+
+struct lxc_route6 {
+	struct in6_addr addr;
+};
+
+struct ifla_veth {
+	char *pair; /* pair name */
+	char veth1[IFNAMSIZ]; /* needed for deconf */
+};
+
+struct ifla_vlan {
+	unsigned int   flags;
+	unsigned int   fmask;
+	unsigned short   vid;
+	unsigned short   pad;
+};
+
+struct ifla_macvlan {
+	int mode; /* private, vepa, bridge, passthru */
+};
+
+union netdev_p {
+	struct ifla_veth veth_attr;
+	struct ifla_vlan vlan_attr;
+	struct ifla_macvlan macvlan_attr;
+};
+
+/*
+ * Defines a structure to configure a network device
+ * @link       : lxc.net.[i].link, name of bridge or host iface to attach if any
+ * @name       : lxc.net.[i].name, name of iface on the container side
+ * @flags      : flag of the network device (IFF_UP, ... )
+ * @ipv4       : a list of ipv4 addresses to be set on the network device
+ * @ipv6       : a list of ipv6 addresses to be set on the network device
+ * @upscript   : a script filename to be executed during interface configuration
+ * @downscript : a script filename to be executed during interface destruction
+ * @idx        : network counter
+ */
+struct lxc_netdev {
+	ssize_t idx;
+	int type;
+	int flags;
+	int ifindex;
+	char *link;
+	char *name;
+	char *hwaddr;
+	char *mtu;
+	union netdev_p priv;
+	struct lxc_list ipv4;
+	struct lxc_list ipv6;
+	struct in_addr *ipv4_gateway;
+	bool ipv4_gateway_auto;
+	struct in6_addr *ipv6_gateway;
+	bool ipv6_gateway_auto;
+	char *upscript;
+	char *downscript;
+};
+
+struct saved_nic {
+	int ifindex;
+	char *orig_name;
+};
+
+/* Convert a string mac address to a socket structure. */
 extern int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr);

 /*
@@ -109,7 +221,10 @@ extern int lxc_ipv6_gateway_add(int ifindex, struct in6_addr *gw);
 /*
 * Attach an interface to the bridge
 */
-extern int lxc_bridge_attach(const char *lxcpath, const char *name, const char *bridge, const char *ifname);
+extern int lxc_bridge_attach(const char *bridge, const char *ifname);
+extern int lxc_ovs_delete_port(const char *bridge, const char *nic);
+
+extern bool is_ovs_bridge(const char *bridge);

 /*
 * Create default gateway
@@ -133,12 +248,22 @@ extern int lxc_neigh_proxy_on(const char *name, int family);
 */
 extern int lxc_neigh_proxy_off(const char *name, int family);

-/*
- * Generate a new unique network interface name
+/* Generate a new unique network interface name.
+ * Allocated memory must be freed by caller.
 */
-extern char *lxc_mkifname(char *template);
+extern char *lxc_mkifname(const char *template);

 extern const char *lxc_net_type_to_str(int type);
 extern int setup_private_host_hw_addr(char *veth1);
 extern int netdev_get_mtu(int ifindex);
-#endif
+extern int lxc_create_network_priv(struct lxc_handler *handler);
+extern bool lxc_delete_network(struct lxc_handler *handler);
+extern int lxc_find_gateway_addresses(struct lxc_handler *handler);
+extern int lxc_create_network(const char *lxcpath, char *lxcname,
+			      struct lxc_list *network, pid_t pid);
+extern int lxc_requests_empty_network(struct lxc_handler *handler);
+extern void lxc_restore_phys_nics_to_netns(int netnsfd, struct lxc_conf *conf);
+extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf,
+						 struct lxc_list *network);
+
+#endif /* __LXC_NETWORK_H */
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -70,6 +70,7 @@
 #include "mainloop.h"
 #include "monitor.h"
 #include "namespace.h"
+#include "network.h"
 #include "start.h"
 #include "storage.h"
 #include "storage_utils.h"
@@ -1311,7 +1312,7 @@ static int lxc_spawn(struct lxc_handler *handler)
 			/* That should be done before the clone because we will
 			 * fill the netdev index and use them in the child.
 			 */
-			if (lxc_create_network(handler)) {
+			if (lxc_create_network_priv(handler)) {
 				ERROR("Failed to create the network.");
 				lxc_sync_fini(handler);
 				return -1;
@@ -1429,7 +1430,7 @@ static int lxc_spawn(struct lxc_handler *handler)

 	/* Create the network configuration. */
 	if (handler->clone_flags & CLONE_NEWNET) {
-		if (lxc_assign_network(handler->lxcpath, handler->name,
+		if (lxc_create_network(handler->lxcpath, handler->name,
 				       &handler->conf->network, handler->pid)) {
 			ERROR("Failed to create the configured network.");
 			goto out_delete_net;

--- a/src/tests/lxc-test-usernic.in
+++ b/src/tests/lxc-test-usernic.in
@@ -153,7 +153,7 @@ lxcpath=/home/usernic-user/.local/share/lxc
 lxcname=b1

 # Assign one veth, should fail as no allowed entries yet
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then
 	echo "FAIL: able to create nic with no entries"
 	exit 1
 fi
@@ -164,24 +164,24 @@ sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
 echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet

 # Assign one veth to second bridge, should fail
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then
 	echo "FAIL: able to create nic with no entries"
 	exit 1
 fi

 # Assign two veths, should succeed
-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then
 	echo "FAIL: unable to create first nic"
 	exit 1
 fi

-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then
 	echo "FAIL: unable to create second nic"
 	exit 1
 fi

 # Assign one more veth, should fail.
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then
 	echo "FAIL: able to create third nic"
 	exit 1
 fi
@@ -191,7 +191,7 @@ run_cmd "lxc-stop -n b1 -k"
 run_cmd "lxc-start -n b1 -d"
 p1=$(run_cmd "lxc-info -n b1 -p -H")

-if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
+if ! run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then
 	echo "FAIL: unable to create nic after destroying the old"
 	cleanup 1
 fi
@@ -204,7 +204,7 @@ lxc-start -n usernic-c1 -d
 p2=$(lxc-info -n usernic-c1 -p -H)

 # assign veth to it - should fail
-if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
+if run_cmd "$LXC_USER_NIC create $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then
 	echo "FAIL: able to attach nic to root-owned container"
 	cleanup 1
 fi