Commits · 4a094eec4a69b74782cb7ff968b88b102468c2bc · Chen Yisong / lxc

09 Jul, 2019 6 commits

authored Jul 05, 2019

The previous API doesn't reflect the fact that
`seccomp_notif` and `seccomp_notif_resp` are allocatd
dynamically with sizes figured out at runtime.

We now query the sizes via the seccomp(2) syscall and change
`struct seccomp_notify_proxy_msg` to contain the sizes
instead of the data, with the data following afterwards.

Additionally it did not provide a convenient way to identify
the container the message originated from, for which we now
include a cookie configured via `lxc.seccomp.notify.cookie`.

Since we currently always send exactly one request and await
the response immediately, verify the `id` in the client's
response.

Finally, the proxy message's "version" field is removed, and
we reserve 64 bits in its place.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

4a094eec

conf: add lxc.seccomp.notify.cookie · 84cf6d25

authored Jul 03, 2019

This is an arbitrary string to to be included in proxied
seccomp notification messages.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

84cf6d25

file_utils: add lxc_recvmsg_nointr_iov · 99d03dec
Wolfgang Bumiller authored Jul 04, 2019
```
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
99d03dec

af_unix: add lxc_unix_connect_type · 970ef13d

authored Jul 04, 2019

we want to use SOCK_SEQPACKET and in the future perhaps
SOCK_DATAGRAM as well
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

970ef13d

af_unix: add lxc_abstract_unix_recv_fds_iov() · dc85e31e
Christian Brauner authored Jul 09, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
dc85e31e
af_unix: add lxc_abstract_unix_send_fds_iov · e1726045
Wolfgang Bumiller authored Jul 04, 2019
```
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
e1726045

08 Jul, 2019 2 commits
- Merge pull request #3085 from Blub/pidfd_send_signal-fixup · cfc3b342
  Christian Brauner authored Jul 08, 2019
```
pidf_send_signal: fix return value
```
  cfc3b342
- pidf_send_signal: fix return value · cf38fe06
  Wolfgang Bumiller authored Jul 08, 2019
```
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  cf38fe06
07 Jul, 2019 2 commits
- Merge pull request #3083 from brauner/2019-07-07/mount_api · aab6e3eb
  Stéphane Graber authored Jul 07, 2019
```
lxccontainer: properly cleanup on mount injection failure
```
  aab6e3eb
- lxccontainer: properly cleanup on mount injection failure · 1f77c35e
  Christian Brauner authored Jul 07, 2019
```
Closes: #3082
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1f77c35e
05 Jul, 2019 2 commits

Merge pull request #3081 from brauner/2019-07-05/network_unification_fixes · 9c238bc6
Christian Brauner authored Jul 05, 2019
```
start: call lxc_find_gateway_addresses early
```
9c238bc6

start: call lxc_find_gateway_addresses early · 03ca4af8

authored Jul 04, 2019

This restores the lxc.net.x.ipv4.gateway = auto and
lxc.net.x.ipv6.gateway = auto functionality.

When the child is created the parent and child have different views of
struct lxc_handler since - obviously - virtual memory is duplicated. So any
changes to done by the parent that the child should see need to be IPCed to it.
For any non-actual device creation stuff this does not make much sense. This
includes finding gateway addresses. Move it back prior to clone().

Fixes #3078
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
[christian.brauner@ubuntu.com: non-functional changes and update commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

03ca4af8

03 Jul, 2019 17 commits
- Merge pull request #3077 from brauner/2019-07-03/network_fixes · 306ca14a
  Stéphane Graber authored Jul 03, 2019
```
network: simplify lxc_network_move_created_netdev_priv()
```
  306ca14a
- network: simplify lxc_network_move_created_netdev_priv() · 24190194
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  24190194
- Merge pull request #3076 from brauner/2019-07-03/network_fixes · a70d78cd
  Stéphane Graber authored Jul 03, 2019
```
network: fixes after unifying network creation
```
  a70d78cd
- network: send names for all non-trivial network types · 3c09b97c
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  3c09b97c
- network: record created_name for instantiate_phys() · 61302ef7
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  61302ef7
- network: simplify instantiate_phys() · 75b074ee
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  75b074ee
- network: record created_name for instantiate_vlan() · 83530dba
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  83530dba
- network: simplify instantiate_vlan() · d4d68410
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  d4d68410
- network: record created_name for instantiate_ipvlan() · e7fdd504
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  e7fdd504
- network: simplify instantiate_ipvlan() · dd119206
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  dd119206
- network: stash created_name in instantiate_macvlan() · a9704f05
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  a9704f05
- network: simplify instantiate_macvlan() · 8021de25
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8021de25
- network: s/loDev/loop_device/g · 3ebffb98
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  3ebffb98
- Merge pull request #3075 from brauner/2019-07-03/cgroups · 113ca429
  Stéphane Graber authored Jul 03, 2019
```
cgroups: hande cpuset initialization race
```
  113ca429
- cgroups: hande cpuset initialization race · b28c2810
  Christian Brauner authored Jul 03, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  b28c2810
- Merge pull request #3074 from brauner/2019-07-03/fix_phys_network_creation · 0f03b155
  Stéphane Graber authored Jul 03, 2019
```
network: remove faulty restriction
```
  0f03b155
- network: remove faulty restriction · e318f2c1
  Christian Brauner authored Jul 03, 2019
```
Reported-by: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  e318f2c1
02 Jul, 2019 5 commits
- Merge pull request #3069 from brauner/2019-07-01/network_creation · 4f71ecb8
  Stéphane Graber authored Jul 02, 2019
```
start: unify network creation
```
  4f71ecb8
- start: expose LXC_PID to network hooks too · 1871e646
  Christian Brauner authored Jul 02, 2019
```
Closes #3066.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  1871e646
- start: unify and simplify network creation · e389f2af
  Christian Brauner authored Jul 01, 2019
```
Make sure that network creation happens at the same time for containers started
by privileged and unprivileged users. The only reason we didn't do this so far
was to avoid sending network device ifindices around in the privileged case.

Link: https://github.com/lxc/lxc/issues/3066Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  e389f2af
- Merge pull request #3064 from brauner/2019-06-27/cleanup_macros · c83ad424
  Stéphane Graber authored Jul 01, 2019
```
bugfixes
```
  c83ad424
- Merge pull request #3059 from brauner/2019-06-21/seccomp_notify · dfce2c76
  Stéphane Graber authored Jul 01, 2019
```
lxccontainer: rework seccomp notify api function
```
  dfce2c76
30 Jun, 2019 1 commit
- Merge pull request #3067 from Rachid-Koucha/patch-1 · 33d7d28f
  Christian Brauner authored Jun 30, 2019
```
Move code/variable in smaller scope
```
  33d7d28f
29 Jun, 2019 1 commit

Move code/variable in smaller scope · 2806a87d

authored Jun 29, 2019

In start.c, do not fill path[] table if not necessary
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

2806a87d

28 Jun, 2019 2 commits
- Merge pull request #3065 from lifeng68/fix_memory_leak · 9752e3a9
  Christian Brauner authored Jun 28, 2019
```
fix memory leak in do_storage_create
```
  9752e3a9
- fix memory leak in do_storage_create · 8ea91347
  LiFeng authored Jun 27, 2019
```
Signed-off-by: LiFeng <lifeng68@huawei.com>
```
  8ea91347
27 Jun, 2019 2 commits
- cgroups: move variable into tighter scope · 6a720d74
  Christian Brauner authored Jun 27, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  6a720d74
- cgroups: correctly order variables · f6b54668
  Christian Brauner authored Jun 27, 2019
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f6b54668