- 30 Sep, 2018 40 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
For setup, switch to the most privileged ids we can find. That is either nsuid 0 if a mapping has been established if not switch to the ids the init running in the container was started with. After setup, switch to the actual requested ids. Closes #2591. Signed-off-by: -
2xsec authored
Signed-off-by:2xsec <dh48.jeong@samsung.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Fabrice Fontaine authored
Fix #2592 by defining -Wvla -std=gnu11 even if --disable-werror is set As -std=gnu11 is always set, bump requirement on gcc from 4.6 to 4.7 (see https://gcc.gnu.org/projects/cxx-status.html#cxx11) Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
If caller passed the size of array not string length, it is possible to be accessed out of bounds. Reorder conditions can prevent access invalid index of array. Signed-off-by: -
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This reverts commit 2fb7cf0b. The problem wasn't caused by the reverted commit and was fixed in commit 0c9b1f82 ("macro: calculate buffer lengths correctly") The full explanation can be taken from the following irc excerpt from the #lxc-dev channel: │19:54:47 brauner | there was a bug in one of the standard macros we used │19:55:01 brauner | and the changes by INTTYPE_TO_STRLEN() caused the issue to surface │19:55:03 brauner | which is good │19:55:16 brauner | i sent a branch and stgraber merged it that fixes it │19:57:56 Blub\0 | so... │19:58:31 Blub\0 | still doesn't explain how it was the sizeof() patch │20:07:14 brauner | Blub\0: so here's the long explanation │20:07:35 brauner | Blub\0: stgraber bumped pid_max on our jenkins test builders │20:07:53 brauner | Blub\0: because we're running *a lot* of containers │20:07:56 brauner | in any case │20:08:06 brauner | there was a buffer │20:08:12 brauner | LXC_LSMATTRLEN │20:08:59 brauner | it used to be │20:09:03 brauner | -/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */ │20:09:03 brauner | -#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) │20:09:14 brauner | which one can see is wrong │20:09:21 brauner | before the INTTYPE patchset │20:09:40 brauner | INTTYPE_TO_STRLEN(pid_t) was LXC_NUMSTRLEN64 │20:09:45 brauner | which gave you 21 chars │20:09:57 brauner | so it accounted for the missing parts │20:10:03 brauner | because the correct macro should've been │20:10:17 brauner | +/* /proc/ = 6 │20:10:17 brauner | + * + │20:10:17 brauner | + * <pid-as-str> = INTTYPE_TO_STRLEN(pid_t) │20:10:17 brauner | + * + │20:10:17 brauner | + * /attr/ = 6 │20:10:17 brauner | + * + │20:10:17 brauner | + * /current = 8 │20:10:17 brauner | + * + │20:10:17 brauner | + * \0 = 1 │20:10:17 brauner | + */ │20:10:17 brauner | +#define LXC_LSMATTRLEN (6 + INTTYPE_TO_STRLEN(pid_t) + 6 + 8 + 1) │20:10:24 Blub\0 | still │20:10:31 brauner | the issue was only seen │20:10:39 brauner | when the pid number hit a specific maximum │20:10:50 Blub\0 | the sizeof patch only changed instances of actual char buf[A_FIXED_NUMBER] + snprintf(buf, A_FIXED_NUMBER, ...) │20:10:54 brauner | aka exceeded the newly shortened buffer │20:11:42 brauner | your patch was a red herring │20:12:03 Blub\0 | I guess │20:12:06 brauner | it didn't cause it │20:12:14 brauner | it just surfaced at the same time it was merged │20:12:25 Blub\0 | so we can revert the revert then? :) │20:12:35 brauner | yes, that was th eplan all along Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
This reverts commit 81a3bb64. This commit broke all builders running with pid_max > 32768. Reverting for now so we can bring the build farm back online. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Wolfgang Bumiller authored
Instead of duplicating their lengths in read/snprintf/... calls. Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Before this we only added ifaddrs.h to noinst_HEADERS when we were running on Android's bionic. That obviously doesn't make sense since it is possible that ifaddrs.h is not defined and we're also not running on Android's bionic. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
