- 09 Dec, 2020 1 commit
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
- 04 Dec, 2020 18 commits
-
-
Tycho Andersen authored
We have a case where we have a nested container with LXC_NET_NONE run inside a container that's *also* got no network namespace (run by lxc-usernsexec). The "am I root" check in this function then does not suffice, since the euid of the task is 0 but it does not have privilege over its network namespace, and thus cannot do any of the restore operations: lxc foo 20201201232059.271 TRACE network - network.c:lxc_restore_phys_nics_to_netns:3299 - Moving physical network devices back to parent network namespace lxc foo 20201201232059.271 ERROR network - network.c:lxc_restore_phys_nics_to_netns:3307 - Operation not permitted - Failed to enter network namespace lxc foo 20201201232059.271 ERROR start - start.c:__lxc_start:2045 - Failed to move physical network devices back to parent network namespace Let's check that we indeed did clone the network namespace, and thus have things to restore to their correct namespace before attempting to actually restore them. I suspect it's possible we can also get rid of some of the network namespace preservation stuff in start.c in the LXC_NET_NONE case. Signed-off-by:Tycho Andersen <tycho@tycho.pizza>
-
Christian Brauner authored
Closes: #3570 Fixes: 7792a5b6 ("commands: add additional check to lxc_cmd_sock_get_state()") Signed-off-by:
-
Christian Brauner authored
We accidently used the "bytes_to_write" variable after we've written all the bytes at which point it is guaranteed to be 0. Let's use the "bytes_read" variable instead. Signed-off-by: -
Christian Brauner authored
Closes: #3580. Link: https://bugzilla.kernel.org/show_bug.cgi?id=209971Suggested-by:
Joan Bruguera <joanbrugueram@gmail.com> Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
lifeng68 authored
Signed-off-by:lifeng68 <lifeng68@huawei.com>
-
Christian Brauner authored
Closes: #3576. Signed-off-by: -
Christian Brauner authored
Suggested-by:
Jann Horn <jann@thejh.net> Signed-off-by:
-
Christian Brauner authored
Suggested-by:
-
Christian Brauner authored
Fixes: Coverity 1465853 Signed-off-by: -
Christian Brauner authored
Fixes: Coverity 1465854 Signed-off-by: -
Christian Brauner authored
Fixes: Coverity 1465855 Signed-off-by: -
Christian Brauner authored
Fixes: Coverity 1465657 Signed-off-by: -
Ruben Jenster authored
Signed-off-by:Ruben Jenster <r.jenster@drachenfels.de>
-
Ruben Jenster authored
Use exact match instead of longest prefix match to check whether a config item is supported. Signed-off-by: -
Ruben Jenster authored
Signed-off-by: -
Ruben Jenster authored
Signed-off-by: -
KATOH Yasufumi authored
Update for commit b87ed83bSigned-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp>
-
- 21 Oct, 2020 3 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
When no devpts devices are requested we used to return early but did not send a response to the parent. This is a problem because the parent will be waiting for a devpts fd to be sent. Make sure to always send a response. Signed-off-by:
-
- 19 Oct, 2020 18 commits
-
-
Christian Brauner authored
Closes: #3549. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Ruben Jenster authored
Signed-off-by: -
Mingli Yu authored
The Standard output type "syslog" is obsolete, causing a warning since systemd version 246 [1]. Please consider using "journal" or "journal+console" [1] https://github.com/systemd/systemd/blob/master/NEWS#L202Signed-off-by:
Mingli Yu <mingli.yu@windriver.com>
-
Christian Brauner authored
FAIL: lxc-tests: lxc-test-usernsexec (1s) --- as test-userns executing /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec uid=1001 gid=1001 name=test-userns subuid=165536 subgid=165536 ver=1:4.0.4-0ubuntu3 lxc-utils=1:4.0.4-0ubuntu3 kver=5.8.0-19-generic USERNSEXEC=lxc-usernsexec nouidgid: PASS myuidgid: FAIL - runtest failed 1 $ lxc-usernsexec -mu:0:1001:1 -mg:0:1001:1 -- /tmp/autopkgtest.waGEXj/build.Hm3/src/src/tests/lxc-test-usernsexec inside f0 lxc 20200914222824.562 ERROR utils - utils.c:lxc_setgroups:1363 - Operation not permitted - Failed to setgroups() kid 73112 is gone 1 subuidgid: PASS bothsets: PASS mismatch: PASS ERRORS: myuidgid --- Reported-by:
Seth Forshee <seth.forshee@canonical.com> Signed-off-by:
-
Christian Brauner authored
We can e.g. fail the unfreeze because the freezer cgroup is not available and then we erronously report that stopping the container failed. Closes: #3471. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Scott Parlane authored
Seems to appear when stderr is a terminal and not stdin or stdout. Signed-off-by:Scott Parlane <scott.parlane@alliedtelesis.co.nz>
-
wujing authored
Signed-off-by:wujing <Jing.Woo@outlook.com>
-
Pranay Kr. Srivastava authored
When detecting if rootfs is on ramfs instead of checking "- rootfs rootfs" which is the " - <file_system> <device>" information only check the file system type. This is due to a change introduced in kernel where ramfs file system doesn't set the device to "rootfs" but instead mark it as "none". By making sure we only check for "rootfs" as the file system name we also offer backward compatibility with earlier kernels as well. The kernel commit that introduced this change was commit f32356261d44d580649a7abce1156d15d49cf20f Author: David Howells <dhowells@redhat.com> Date: Mon Mar 25 16:38:31 2019 +0000 vfs: Convert ramfs, shmem, tmpfs, devtmpfs, rootfs to use the new mount API Signed-off-by:Pranay Kr. Srivastava <pranay.srivastava@pantacor.com>
-
graysky authored
Signed-off-by:graysky <graysky@archlinux.us>
-
Christian Brauner authored
[01m[Kcgroups/cgfsng.c:[m[K In function ‘[01m[Kcgroup_attach_leaf.constprop[m[K’: [01m[Kcgroups/cgfsng.c:2221:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2221 | [01;31m[K*slash = '\0'[m[K; | [01;31m[K~~~~~~~^~~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 | char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; | [01;36m[K^~~~~~~~~~~~~[m[K [01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2229 | [01;31m[K*slash = '/'[m[K; | [01;31m[K~~~~~~~^~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 | char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; | [01;36m[K^~~~~~~~~~~~~[m[K [01m[Kcgroups/cgfsng.c:2229:10:[m[K [01;31m[Kerror: [m[Kwriting 1 byte into a region of size 0 [[01;31m[K-Werror=stringop-overflow=[m[K] 2229 | [01;31m[K*slash = '/'[m[K; | [01;31m[K~~~~~~~^~~~~[m[K [01m[Kcgroups/cgfsng.c:2213:8:[m[K [01;36m[Knote: [m[Kat offset -13 to object ‘[01m[Kattach_cgroup[m[K’ with size 23 declared here 2213 | char [01;36m[Kattach_cgroup[m[K[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; | [01;36m[K^~~~~~~~~~~~~[m[K Link: https://launchpadlibrarian.net/494354168/buildlog_ubuntu-groovy-armhf.lxc_1%3A4.0.4-0ubuntu1_BUILDING.txt.gzSigned-off-by:
-
