Skip to content

L
lxc
Switch branch/tag
  1. 24 Sep, 2017 25 commits
  3. 10 Sep, 2017 6 commits
  5. 06 Sep, 2017 1 commit
  7. 05 Sep, 2017 8 commits
    • Merge pull request #1789 from brauner/2017-09-06/fix_documentation · 2cf7a66c
      Stéphane Graber authored 
      doc: adapt + update
    • doc: bugfixes · bdcbb6b3
      Christian Brauner authored 
      - lxc.id_map -> lxc.idmap
- document lxc.cgroup.dir
Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • doc: lxc.sgml.in · 594d6e30
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • Minimal kernel version is now 3.10 · e6ecdcbe
      Stéphane Graber authored 
      Signed-off-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • Merge pull request #1788 from brauner/2017-09-05/fix_tty_creation · 9f520fee
      Serge Hallyn authored 
      conf: bugfixes
    • conf: fix userns_exec_1() · 954b7d9b
      Christian Brauner authored 
      A bit of context:
userns_exec_1() is only used to operate based on privileges for the user's own
{g,u}id on the host and for the container root's unmapped {g,u}id. This means
we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id

This function however was buggy. It relied on some pointer pointing to the same
memory, namely specific idmap entries in the idmap list in the container's
in-memory configuration. However, due to a stupid mistake of mine, the pointers
to be compared pointed to freshly allocated memory. They were never pointing to
the intended memory locations. To reproduce what I'm talking about prior to
this commit simply place:

    chb:999:1000000000
    chb:999:1
    chb:1000:1

in /etc/sub{g,u}id then create a container which requests the following
idmappings:

    lxc.idmap = u 0 999 999
    lxc.idmap = g 0 999 1000000000

and start the container. What we *would expect* is for liblxc to establish the
following mapping:

    newuidmap <pid> 0 999 999
    newgidmap <pid> 0 999 1000000000

since all required mappings are present. Due to the buggy pointer comparisons
what happened was:

    newuidmap <pid> 0 999 999 0 999 999
    newgidmap <pid> 0 999 1000000000 0 999 1000000000

Let's fix this.
Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • conf: do not log uninitialized memory · da0f9977
      Christian Brauner authored 
      Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>
    • conf: fix tty creation · 2187efd3
      Christian Brauner authored 
      We allocate pty {master,slave} file descriptors in the childs namespaces after
we have setup devpts. After we have sent the pty file descriptors to the parent
and set up the pty file descriptors under /dev/tty* and before we exec the init
binary we need to delete these file descriptors in the child. However, one of
my commits made the deletion occur before setting up the file descriptors under
/dev/tty*. This caused a failures when trying to attach to the container's ttys
since they werent actually configured although the file descriptors were
available in the in-memory configuration of the parent.
This commit reworks setting up tty such that deletion occurs after all setup
has been performed. The commit is actually minimal but needs to also move all
the functions into one place since they well now be called from
"lxc_create_ttys()".
Signed-off-by: 's avatarChristian Brauner <christian.brauner@ubuntu.com>