- 10 Apr, 2019 35 commits
-
-
Christian Brauner authored
Warn if an old-style function definition is used. A warning is given even if there is a previous prototype. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Warn if a user-supplied include directory does not exist. This already surfaced a bug that is fixed by this commit. Signed-off-by: -
Christian Brauner authored
Warn about suspicious uses of logical operators in expressions. Signed-off-by: -
tomponline authored
Closed #1825 Signed-off-by:tomponline <tomp@tomp.uk>
-
Rachid Koucha authored
When calling lxc-create, if the template exists but is not executable, we end with the following error messages which make believe that the template file does not exist when it is merely a execute access problem: lxc-create: ctn00: utils.c: get_template_path: 918 No such file or directory - bad template: /.../lxc-busybox lxc-create: ctn00: lxccontainer.c: do_lxcapi_create: 1786 Unknown template "/.../lxc-busybox" lxc-create: ctn00: tools/lxc_create.c: main: 327 Failed to create container ctn00 Actually internally the errno is lost as the following code triggers a useless access to (strace output): access("/.../lxc-busybox", X_OK) = -1 ENOENT (No such file or directory) With the above fix, we get a more explicit error message when the template file is missing the "execute" bit: lxc-create: bbc: utils.c: get_template_path: 917 Permission denied - Bad template pathname: /tmp/azerty lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/azerty" lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc With the above fix, we get a more explicit error message when the pathname of the template file is incorrect: lxc-create: bbc: utils.c: get_template_path: 917 No such file or directory - Bad template pathname: /tmp/qwerty lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/qwerty" lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc Signed-off-by:Rachid Koucha <rachid.koucha@gmail.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Rachid Koucha authored
This file grows indefinitely : upon each DHCP lease renew, the "nameserver ..dns..." line is added at the end of the file. Make a "grep" in the file to make sure that the same line does not already exist. Signed-off-by: -
Rachid Koucha authored
Some programs like "who" need this directory to work (this permits the of /var/run/utmp file). Signed-off-by: -
Rachid Koucha authored
As "which busybox" is stored in BUSYBOX_EXE global variable at startup, use it wherever it is needed. Signed-off-by: -
Christian Brauner authored
Since liblxc is completely in control of the mount entry file we should only consider a parse successful when EOF is reached. Closes #2798. Signed-off-by: -
Rachid Koucha authored
The busybox template installs default.script in /usr/share/udhcpc/. But the pathname of "default.script" may vary from one busybox build to another. As the pathname is displayed in udhcpc's help, grab it from it. Signed-off-by: -
Rachid Koucha authored
As we call "lxc_add_state_client(fd, handler, (lxc_state_t *)req->data)" which supposes that the last parameter is a table of MAX_STATE entries when calling memcpy(): memcpy(newclient->states, states, sizeof(newclient->states)) Signed-off-by: -
ondra authored
Signed-off-by:ondra <ondrak@localhost.localdomain>
-
ondra authored
Signed-off-by: -
LiFeng authored
Add free memory pointed by struct cgroup_ops *ops Signed-off-by:LiFeng <lifeng68@huawei.com>
-
t00416110 authored
1. cleanup namespace memory 2. fix bug when ro mount not setted, mount propagation will be skipped. Signed-off-by:t00416110 <tanyifeng1@huawei.com>
-
Wolfgang Bumiller authored
This reverts commit 51a922ba. The above commit confuses the mountall unit of privileged Ubuntu 14.04 containers at startup so that they cannot finish booting. Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com>
-
hn authored
Signed-off-by:
Hajo Noerenberg <hajo-github@noerenberg.de> Signed-off-by:
-
Christian Brauner authored
If cgroup namespaces are not supported we should just record it in the log and move on. Cc: Ondrej Kubik <ondrej.kubik@canonical.com> Signed-off-by: -
Ondrej Kubik authored
Signed-off-by:Ondrej Kubik <ondrej.kubik@canonical.com>
-
hn authored
fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' character in the randomly generated device name part because for modulo one does not need to substract 1 from strlen(). Signed-off-by: -
Christian Brauner authored
We need to strip the prefix from the container's source path before trying to update the file. Closes #2380. Signed-off-by: -
S.Çağlar Onur authored
Signed-off-by:S.Çağlar Onur <caglar@10ur.org>
-
Wolfgang Bumiller authored
Signed-off-by: -
S.Çağlar Onur authored
Signed-off-by: -
Christian Brauner authored
SIGWINCH is handled in lxc_terminal_signalfd_cb(). I cannot for the life of me figure out what this is supposed to do. Afaict, it scans a global list that is totally unnecessary and also let's say you have 100 ttys and for a single one SIGWINCH is sent. In that case the whole list is walked and two ioctl()s are performed: one to get window size one to set window size. For 99 of them the window size hasn't changed. If we see issues we can revert! Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Oguz Bektas authored
lxc-cgroup fails to provide any output since the latest version, this should fix it Signed-off-by:Oguz Bektas <o.bektas@proxmox.com>
-
Christian Brauner authored
Signed-off-by: -
Fabrice Fontaine authored
Compiler based hardening (including -fstack-protector-strong) are enabled since version 3.0.3 and https://github.com/lxc/lxc/commit/2268c27754152aa538db2c9e3753d72d19bcd17a However, some compilers could missed the needed library (-lssp or -lssp_nonshared) at linking step so use ax_check_link_flag instead of ax_check_compile_flag Fixes: - http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
Fabrice Fontaine authored
Fixes: - http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86Signed-off-by:
-
Adam Kasztenny authored
Copied from the [manpage](https://github.com/lxc/lxc/blob/9e42c1e3f102be48be9014e1ecbacc2a57446e20/doc/lxc-create.sgml.in#L175). Signed-off-by:
Adam Kasztenny <adamkasztenny@gmail.com>
-
2xsec authored
Signed-off-by:2xsec <dh48.jeong@samsung.com>
-
Cameron Nemo authored
* Place NULL bytes at the end of strings so that lxc_safe_ulong() can parse them correctly * Only free the newly created id_map on error, to avoid passing garbage to lxc_map_ids() Signed-off-by:Cameron Nemo <camerontnorman@gmail.com>
-
- 18 Feb, 2019 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
- 12 Feb, 2019 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
- 11 Feb, 2019 1 commit
-
-
Christian Brauner authored
Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O. The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed - which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/<nr> and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack. LXC is also impacted in a similar manner by this vulnerability, however as the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. Quoting from the https://linuxcontainers.org/lxc/security/ project's Security information page: "As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented." To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. Any compromising write operations from a privileged container to the host LXC binary will then write to the temporary in-memory binary and not to the host binary on-disk, preserving the integrity of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, writes to this will also fail. Note: memfd_create() was added to the Linux kernel in the 3.17 release. Signed-off-by:
Aleksa Sarai <asarai@suse.de> Acked-by:
Serge Hallyn <serge@hallyn.com>
-
- 09 Feb, 2019 1 commit
-
-
Stéphane Graber authored
caps: check uid and euid
-
- 08 Feb, 2019 1 commit
-
-
Christian Brauner authored
When we are running inside of a user namespace getuid() will return a non-zero uid. So let's check euid as well to make sure we correctly drop capabilities Signed-off-by:
-
