- 24 May, 2018 9 commits
-
-
Felix Abecassis authored
The maximum field width does not include the null terminator. Signed-off-by:Felix Abecassis <fabecassis@nvidia.com>
-
Christian Brauner authored
We used to initialize a log unconditionally before. This has led to scenarios where users where left with container directories and an empty log file even though they didn't request a log be created at all. Switch all tools to only create a log file when the user explicitly requests this. Closes #1779. Closes #2032. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Tycho Andersen authored
The execveat allows us to exec stuff via a fd so we don't have to bind mount stuff in. See the comment about why we're using the syscall directly. Closes #2339. Signed-off-by:
Tycho Andersen <tycho@tycho.ws> [christian.brauner@ubuntu.com: adapt error message and whitespace fixes] Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
When using the LXC API multi-thread and users initialize a log: struct lxc_log log; log.name = "my-log"; lxc_log_init(&log); all threads will have the same "my-log" prefix even though thy might call lxc_container_new() in separate threads. There is currently no easy way to handle per-thread container name prefixes. To handle this carry a reference to the name of the container in struct lxc_conf and if no log.name was set, use it by default. This way each thread will get the container it is currently working on as a log-prefix. Signed-off-by:
duguhaotian <duguhaotian@gmail.com>
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This replaces the constructor implementation of cgroup handling with a simpler, thread-safe on-demand model of cgroup driver initialization. Making the cgroup initialization code run in a constructor means that each time the shared library gets mapped the cgroup parsing code gets run. That's unnecessary overhead. It also feels to me that this is only accidently thread-safe because constructors are only run once. But should threads actually end up manipulating or freeing memory that is file-global to cgfsng.c we'd be screwed. Now, I might be wrong here but the cleaner implementation is to allocate a cgroup driver on demand whenever we need it. Take the chance and rework the cgroup_ops interface to make the functions it wants to have implemented a lot cleaner. Signed-off-by:
-
- 21 May, 2018 1 commit
-
-
Simos Xenitellis authored
Resource leak Signed-off-by:Simos Xenitellis <simos.lists@googlemail.com>
-
- 16 May, 2018 3 commits
-
-
Christian Brauner authored
Signed-off-by:
Jonathan Calmels <jcalmels@nvidia.com>
-
Simos Xenitellis authored
Resource leak Signed-off-by: -
Simos Xenitellis authored
Resource leak Signed-off-by:
-
- 15 May, 2018 7 commits
-
-
Christian Brauner authored
Unprivileged containers can safely mount /sys as read-write. This also allows systemd-udevd to be started in unprivileged containers. Signed-off-by: -
Simos Xenitellis authored
Resource leak Signed-off-by: -
Christian Brauner authored
Resource leak Signed-off-by: -
Christian Brauner authored
Resource leak Signed-off-by: -
Christian Brauner authored
Resource leak Signed-off-by: -
KATOH Yasufumi authored
fix "kB" to "KB", and tweak description. Update for commit 6d276edc and 6d276edc . Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp>
-
KATOH Yasufumi authored
Update for commit 4160ef02Signed-off-by:
-
- 12 May, 2018 20 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This reverts commit 2ec47d51. First, I forgot to actually replace strncpy() with strlcpy(). Second, we don't want to \0-terminate since this is an abstract unix socket and this is not required. Instead, let's simply use memcpy() which is more correct and also silences gcc-8. Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
l00355512 authored
suffix of console max size and console buffer max size Signed-off-by:l00355512 <liuhao27@huawei.com>
-
Christian Brauner authored
The additional \0-byte space added is not needed since IFNAMSIZ needs to include the \0-byte. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Apparently -Werror=stringop-overflow will trigger an error here even though this is completely valid since we now that we're definitely copying a \0-byte. Work around this gcc-8 quirk by using memcpy(). This shouldn't trigger the warning. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Dereference after null check userns_exec_{1,full} are called from functions that might not have a conf. Signed-off-by: -
Christian Brauner authored
Time of check time of use Signed-off-by: -
Christian Brauner authored
Argument cannot be negative Signed-off-by: -
Christian Brauner authored
These files have never been used and as such have no dependencies in the codebase whatsoever. So remove them. If we need them we can simply pull them out of the git history. Signed-off-by: -
Tycho Andersen authored
I'm not really sure we should be looking in the rootfs for an existing init, but I'll send a much more invasive patch to correct that. For now, let's just make sure we set init_path when we find one, so that later in execute_start() we don't bail. Signed-off-by: -
Tycho Andersen authored
This always works fine... until your exec() fails and you try to go and free it, you've overwritten the allocator's metadata (and potentially other stuff) and it fails. Signed-off-by: -
Tycho Andersen authored
The errors in execute_start are important because nothing actually prints out what error if any there was in these cases, so you're left with an empty log. The TRACE logs are simply to tell you which version of start lxc chose to invoke: exec or start. Signed-off-by: -
Christian Brauner authored
This is already done in do_lxcapi_start{l}() so a) no need to do it again here and b) this would close the state socket pair sockets, corrup the fd, and lead to EBADF. Signed-off-by:
-
