- 29 Sep, 2015 6 commits
-
-
Christian Brauner authored
CAP_BLOCK_SUSPEND (since Linux 3.5) Employ features that can block system suspend (epoll(7) EPOLLWAKEUP, /proc/sys/wake_lock). Signed-off-by:Christian Brauner <christianvanbrauner@gmail.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Christian Brauner authored
CAP_AUDIT_READ (since Linux 3.16) Allow reading the audit log via a multicast netlink socket. Signed-off-by: -
Stéphane Graber authored
The dpkg architecture isn't relevant to LXC, only the kernel arch is. Signed-off-by:
Gergely Szasz <szaszg@hu.inter.net> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Serge Hallyn authored
Don't proceed to try the mount if we failed to create the target if it didn't exist. Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
When a container starts up, lxc sets up the container's inital fstree by doing a bunch of mounting, guided by the container configuration file. The container config is owned by the admin or user on the host, so we do not try to guard against bad entries. However, since the mount target is in the container, it's possible that the container admin could divert the mount with symbolic links. This could bypass proper container startup (i.e. confinement of a root-owned container by the restrictive apparmor policy, by diverting the required write to /proc/self/attr/current), or bypass the (path-based) apparmor policy by diverting, say, /proc to /mnt in the container. To prevent this, 1. do not allow mounts to paths containing symbolic links 2. do not allow bind mounts from relative paths containing symbolic links. Details: Define safe_mount which ensures that the container has not inserted any symbolic links into any mount targets for mounts to be done during container setup. The host's mount path may contain symbolic links. As it is under the control of the administrator, that's ok. So safe_mount begins the check for symbolic links after the rootfs->mount, by opening that directory. It opens each directory along the path using openat() relative to the parent directory using O_NOFOLLOW. When the target is reached, it mounts onto /proc/self/fd/<targetfd>. Use safe_mount() in mount_entry(), when mounting container proc, and when needed. In particular, safe_mount() need not be used in any case where: 1. the mount is done in the container's namespace 2. the mount is for the container's rootfs 3. the mount is relative to a tmpfs or proc/sysfs which we have just safe_mount()ed ourselves Since we were using proc/net as a temporary placeholder for /proc/sys/net during container startup, and proc/net is a symbolic link, use proc/tty instead. Update the lxc.container.conf manpage with details about the new restrictions. Finally, add a testcase to test some symbolic link possibilities. Reported-by: Roman Fiedler Signed-off-by:
-
- 25 Sep, 2015 2 commits
-
-
Tycho Andersen authored
Since we want to use null-terminated abstract sockets, let's compute the length of them correctly. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
KATOH Yasufumi authored
* Remove '-P' option, and common options (including '-P' option) * Add long option for '-f' * Improve Japanese translation Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
- 21 Sep, 2015 9 commits
-
-
Stéphane Graber authored
I've noticed that a bunch of the code we've included over the past few weeks has been using 8-spaces rather than tabs, making it all very hard to read depending on your tabstop setting. This commit attempts to revert all of that back to proper tabs and fix a few more cases I've noticed here and there. No functional changes are included in this commit. Signed-off-by: -
Serge Hallyn authored
Otherwise the kernel will umount when it gets around to it, but that on lxc_destroy we may race with it and fail the rmdir of the overmounted (BUSY) rootfs. This makes lxc-test-snapshot pass for me again. Signed-off-by:
-
Serge Hallyn authored
(This *should* fix the lxc-test-snapshot testcase, but doesn't seem to by itself.) If it doesn't exist, we may as well start with an empty one. This is needed when creating an overlayfs snapshot. Signed-off-by:
-
Serge Hallyn authored
We're asked to delete it, don't fail if it doesn't exist. This stops lxc-destroy from failing when the container isn't fully built. Signed-off-by:
-
Tycho Andersen authored
Here's some more config options that we do actually require to be able to boot containers. Signed-off-by:
-
Serge Hallyn authored
Closes #655 We can't rsync the delta as unpriv user because we can't create the chardevs representing a whiteout. We can however rsync the rootfs and have the kernel create the whiteouts for us. do_rsync: pass --delete Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Serge Hallyn authored
Newer kernels have added a new restriction: if /proc or /sys on the host has files or non-empty directories which are over-mounted, and there is no /proc which fully visible, then it assumes there is a "security" reason for this. It prevents anyone in a non-initial user namespace from creating a new proc or sysfs mount. To work around this, this patch adds a new 'nesting.conf' which can be lxc.include'd from a container configuration file. It adds a non-overmounted mount of /proc and /sys under /dev/.lxc, so that the kernel can see that we're not trying to *hide* things like /proc/uptime. and /sys/devices/virtual/net. If the host adds this to the config file for container w1, then container w1 will support unprivileged child containers. The nesting.conf file also sets the apparmor profile to the with-nesting variant, since that is required anyway. This actually means that supporting nesting isn't really more work than it used to be, just different. Instead of adding lxc.aa_profile = lxc-container-default-with-nesting you now just need to lxc.include = /usr/share/lxc/config/nesting.conf (Look, fewer characters :) Finally, in order to maintain the current apparmor protections on proc and sys, we make /dev/.lxc/{proc,sys} non-read/writeable. We don't need to be able to use them, we're just showing the kernel what's what. Signed-off-by: -
KATOH Yasufumi authored
Add the description of optional, create=file/dir for lxc.mount.entry. This is update for commit f5b67b36. Signed-off-by:
-
- 15 Sep, 2015 3 commits
-
-
Serge Hallyn authored
First, fix use of uninitialized variable 'ret'. Then, actually use the value it returned in its caller. Signed-off-by: -
Major Hayden authored
On very busy systems, some virtual network devices won't be destroyed after a container halts. This patch uses the lxc_delete_network() method to ensure that network devices attached to the container are destroyed when the container halts. Without the patch, some virtual network devices are left over on the system and must be removed with `ip link del <device>`. This caused containers with lxc.network.veth.pair to not be able to start. For containers using randomly generated virtual network device names, the old devices will hang around on the bridge with their original MAC address. Signed-off-by:Major Hayden <major@mhtx.net>
-
Stéphane Graber authored
Signed-off-by:
-
- 28 Aug, 2015 20 commits
-
-
Christian Brauner authored
"NAME for name of the container" becomes "NAME of the container" Signed-off-by:
-
Christian Brauner authored
- Passing the LXC_CLONE_KEEPNAME flag to do_lxcapi_clone() was not respected and let to unexpected behaviour for e.g. lxc-clone. We wrap clear_unexp_config_line() and set_config_item_line() in an appropriate if-condition. Signed-off-by:
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <nicolac76@yahoo.fr>
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <ncornu@aldebaran.com>
-
Nicolas Cornu authored
Signed-off-by: -
Michal Grzedzicki authored
Signed-off-by:Michał Grzędzicki <lazy404@gmail.com>
-
Wolfgang Bumiller authored
When setting lxc.network.veth.pair to get a fixed interface name the recreation of it after a reboot caused an EEXIST. -) The reboot flag is now a three-state value. It's set to 1 to request a reboot, and 2 during a reboot until after lxc_spawn where it is reset to 0. -) If the reboot is set (!= 0) within instantiate_veth and a fixed name is used, the interface is now deleted before being recreated. Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by:
-
Stéphane Graber authored
This fixes some typos, missing newlines and unflushed output leading to duplicate entries when piped (similar to what we had in lxc-info). Reported-by: Marc Gariépy Signed-off-by: -
Serge Hallyn authored
When starting a daemonized container, only the original parent thread should return to the caller. The first forked child immediately exits after forking, but the grandparent child was in some places returning on error - causing a second instance of the calling function. Signed-off-by:
-
Dennis Schridde authored
The dev/mqueue and dev/shm directories do not exist when using lxc.autodev, thus they have to be created upon mount. Signed-off-by:Dennis Schridde <devurandom@gmx.net>
-
有张纸 authored
-
Tycho Andersen authored
In various places throughout the code, we want to "nullify" the std fds, opening them to /dev/null or zero or so. Instead, let's unify this code and do it in such a way that Coverity (probably) won't complain. v2: use /dev/null for stdin as well v3: add a comment about use of C's short circuiting v4: axe comment, check errors on dup2, s/quiet/need_null_stdfds Reported-by: Coverity Signed-off-by:
-
Serge Hallyn authored
and don't use it if not. This fixes failure to build with older cgmanager. Signed-off-by:
-
Serge Hallyn authored
Doing this requires some btrfs functions from bdev to be used in utils.c Because utils.h is imported by lxc_init.c, I had to create a new initutils.[ch] which are used by both lxc_init.c and utils.c We could instead put the btrfs functions into utils.c, which would be a shorter patch, but it really doesn't belong there. So I went the other way figuring there may be more such cases coming up of fns in utils.c needing code from bdev.c which can't go into lxc_init. Currently, if we detect a btrfs subvolume we just remove it. The st_dev on that dir is different, so we cannot detect if this is bound in from another fs easily. If we care, we should check whether this is a mountpoint, this patch doesn't do that. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Kien Truong authored
We need to use lxc_list_for_each_safe, otherwise de-allocation will fail with a list size bigger than 2. The pointer to the head of the list also need freeing after we've freed all other elements of the list. Signed-off-by:Kien Truong <duckientruong@gmail.com>
-
Kien Truong authored
Signed-off-by: -
Kien Truong authored
Add a function to sort the cgroup settings before applying. Currently, the function will put memory.memsw.limit_in_bytes after memory.limit_in_bytes setting so the container will start regardless of the order specified in the input. Fix #453 Signed-off-by: -
Natanael Copa authored
This is needed for lxc.autodev=1 to work. Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Acked-by:
-
Stéphane Graber authored
If an unprivileged ephemeral container is started as follows, lxc-start-ephemeral -o trusty -n test_ephemeral Then an empty directory remains upon exit from the container, ~/.local/share/lxc/test_ephemeral/tmpfs/delta0 (The tmpfs filesystem is successfully unmounted, but we seem to lack permission to delete the delta0 directory). This issue arose following commits 4799a1e7 and dd2271e6 . The following patch resolves the issue. It has been tested on ubuntu 14.04 with the lxc-daily ppa. Since gmail screws up the formatting of the patch via line-wrapping etc, please copy the patch from the issue-tracker rather than from this email. Signed-off by: Oleg Freedholm <overlayfs@gmail.com> Acked-by:
-
