Commits · 514b0270ceae448e8e8ced95c69ae83c0619b4cf · Chen Yisong / lxc

03 Apr, 2020 2 commits
- Merge pull request #3352 from Blub/readd-cgroup-ops-check · 514b0270
  Christian Brauner authored Apr 03, 2020
```
Revert "start: remove unnecessary check for valid cgroup_ops"
```
  514b0270
- Revert "start: remove unnecessary check for valid cgroup_ops" · e2aed383
  Wolfgang Bumiller authored Apr 03, 2020
```
This reverts commit 52520e4f.

This can be NULL when there's a pre-start hook which fails.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  e2aed383
02 Apr, 2020 10 commits

Merge pull request #3350 from brauner/2020-04-02/fixes · 2235ad66
Stéphane Graber authored Apr 02, 2020
```
lxccontainer: poll takes millisecond not seconds
```
2235ad66
lxccontainer: poll takes millisecond not seconds · 908c75d2
Christian Brauner authored Apr 02, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
908c75d2
Merge pull request #3349 from cyphar/cgfsng-uninitialised-2 · 2862e55e
Christian Brauner authored Apr 02, 2020
```
cgroups: fix build warning on GCC 7
```
2862e55e

cgroups: fix build warning on GCC 7 · fdb0b8ab

authored Apr 03, 2020

GCC 7 appears to be clever enough to detect that transient_len is
uninitialised but not that it won't be used despite [1]. Just initialise
it to zero to stop the complaining, and allow LXC to build on openSUSE
Leap.

[1]: 34683042 ("cgroups: fix "uninitialized transient_len" warning")
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

fdb0b8ab

Merge pull request #3348 from brauner/2020-04-02/fixes · 9f6302e3
Stéphane Graber authored Apr 02, 2020
```
fixes
```
9f6302e3
utils: use setres{u,g}id() in lxc_switch_uid_gid() · 2ed0ea48
Christian Brauner authored Apr 02, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
2ed0ea48
utils: rework fix_stdio_permissions() · c353b0b9
Christian Brauner authored Apr 02, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
c353b0b9
Merge pull request #3344 from gaohuatao-1/master · 85ec52bd
Christian Brauner authored Apr 02, 2020
```
fix non-root user cannot write /dev/stdout
```
85ec52bd
Merge pull request #3347 from cyphar/cgfsng-uninitialised · 370a2284
Christian Brauner authored Apr 02, 2020
```
cgroups: fix "uninitialized transient_len" warning
```
370a2284

cgroups: fix "uninitialized transient_len" warning · 34683042

authored Apr 02, 2020

Without this change, a build error is triggered if you compile with
-Werror=maybe-uninitialized.

 cgroups/cgfsng.c: In function 'cgfsng_monitor_enter':
 groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function
    ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The issue is that if handler->transient_pid is 0, then transient_len is
uninitialised but lxc_writeat(..., transient_len) still gets called.
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

34683042

01 Apr, 2020 7 commits
- Merge pull request #3346 from stgraber/master · 5f2ed0c0
  Christian Brauner authored Apr 01, 2020
```
systemd: Add Documentation key
```
  5f2ed0c0
- Merge pull request #3345 from brauner/2020-03-30/fixes · 955ec68d
  Stéphane Graber authored Apr 01, 2020
```
fixes
```
  955ec68d
- systemd: Add Documentation key · 9409ea35
  Stéphane Graber authored Apr 01, 2020
```
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
```
  9409ea35
- autotools: don't install run-coccinelle.sh · f553c217
  Christian Brauner authored Apr 01, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  f553c217
- Merge pull request #3343 from Blub/apparmor-mount-rule-generation · 632dd634
  Christian Brauner authored Apr 01, 2020
```
apparmor: generate ro,bind,remount rule list
```
  632dd634
- apparmor: generate ro,bind,remount rule list · 8fddf007
  Wolfgang Bumiller authored Aug 02, 2019
```
and update to changes based on lxd
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  8fddf007
- fix non-root user cannot write /dev/stdout · 6aff5157
  gaohuatao authored Apr 01, 2020
```
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
```
  6aff5157
31 Mar, 2020 5 commits
- Merge pull request #3341 from Blub/upstream-exec-reload · f66fdf23
  Christian Brauner authored Mar 31, 2020
```
init: add ExecReload to lxc.service to only reload profiles
```
  f66fdf23
- Merge pull request #3342 from Blub/upstream-monitord-service · f7d85e98
  Christian Brauner authored Mar 31, 2020
```
allow running lxc-monitord as a system daemon
```
  f7d85e98
- allow running lxc-monitord as a system daemon · b6278254
  Wolfgang Bumiller authored Mar 31, 2020
```
lxc-monitord instances are spawned on demand and, if this
happens from a service, the daemon is considered part of
it by systemd, as it is running in the same cgroups. This
can be avoided by leaving it running permanently.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  b6278254
- init: add ExecReload to lxc.service to only reload profiles · 253f36f9
  Wolfgang Bumiller authored Mar 31, 2020
```
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
```
  253f36f9
- start: remove unnecessary check for valid cgroup_ops · 52520e4f
  Christian Brauner authored Mar 30, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  52520e4f
30 Mar, 2020 7 commits

Merge pull request #3340 from brauner/2020-03-30/fixes · c51c7570
Stéphane Graber authored Mar 30, 2020
```
cgroups: handle older kernels (e.g. v4.9)
```
c51c7570
cgroups: send two fds to attach to unified cgroup · 7d849163
Christian Brauner authored Mar 30, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
7d849163
cgroups: send two attach fds · 49df620b
Christian Brauner authored Mar 30, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
49df620b
start: log error when failing to create cgroup · b1ee458e
Christian Brauner authored Mar 30, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
b1ee458e

cgroups: handle older kernels (e.g. v4.9) · d1783ef4

authored Mar 30, 2020

On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:

if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
    !uid_eq(cred->euid, tcred->uid) &&
    !uid_eq(cred->euid, tcred->suid))
        ret = -EACCES;

which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.

Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

d1783ef4

Merge pull request #3339 from Blub/cmd-get-cgroup-string-termination · 4446e0fa
Christian Brauner authored Mar 30, 2020
```
verify cgroup controller name
```
4446e0fa

verify cgroup controller name · e6bc68d6

authored Mar 30, 2020

validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

e6bc68d6

28 Mar, 2020 7 commits
- Merge pull request #3338 from brauner/2020-03-28/fixes · 6821739c
  Stéphane Graber authored Mar 28, 2020
```
tree-wide: fixes
```
  6821739c
- tree-wide: s/recursive_destroy/lxc_rm_rf/g · 8408a9cc
  Christian Brauner authored Mar 28, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  8408a9cc
- cgroups: better helper naming · de6fe132
  Christian Brauner authored Mar 28, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  de6fe132
- cgroups: move check for valid monitor process up · c468e4d4
  Christian Brauner authored Mar 28, 2020
```
Cc: cenxianlong <cenxianlong@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  c468e4d4
- Merge pull request #3337 from bale-cen/master · 24e84b34
  Christian Brauner authored Mar 28, 2020
```
monitor process exited by signal SIGKILL, clean cgroup resource by th…
```
  24e84b34
- Merge pull request #3336 from brauner/2020-03-28/fixes · c396f8e6
  Stéphane Graber authored Mar 27, 2020
```
cgroups: please compilers
```
  c396f8e6
- monitor process exited by signal SIGKILL, clean cgroup resource by third party · 8fcb908d
  cenxianlong authored Mar 28, 2020
```
Writing the value 0 to a cgroup.procs file causes the
writing process to be moved to the corresponding cgroup
Signed-off-by: cenxianlong <cenxianlong@huawei.com>
```
  8fcb908d
27 Mar, 2020 2 commits
- cgroups: please compilers · 5045306b
  Christian Brauner authored Mar 28, 2020
```
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
```
  5045306b
- Merge pull request #3335 from brauner/2020-03-27/fixes · 3021b574
  Stéphane Graber authored Mar 27, 2020
```
cgroups: use hidden directory for attaching cgroup
```
  3021b574