- 30 Sep, 2018 40 commits
-
-
2xsec authored
Signed-off-by:2xsec <dh48.jeong@samsung.com>
-
Christian Brauner authored
POSIX mandates that on ENOEXEC 126 and on ENOENT 127 is supposed to be reported. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
2xsec authored
Signed-off-by: -
Stephen Barber authored
shutdown() affects sockets even across forked processes. The attached child process doesn't have any interest in using the IPC socket, so just close it in the child process and let the intermediate process handle shutting it down. This fixes a bug seen with lxc exec in crbug.com/884244 Signed-off-by:Stephen Barber <smbarber@chromium.org>
-
2xsec authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
The extra bind-mount is not required. To succesfully remount read-only we just need MS_REMOUNT|MS_RDONLY. Closes #2602. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
For setup, switch to the most privileged ids we can find. That is either nsuid 0 if a mapping has been established if not switch to the ids the init running in the container was started with. After setup, switch to the actual requested ids. Closes #2591. Signed-off-by: -
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Fabrice Fontaine authored
Fix #2592 by defining -Wvla -std=gnu11 even if --disable-werror is set As -std=gnu11 is always set, bump requirement on gcc from 4.6 to 4.7 (see https://gcc.gnu.org/projects/cxx-status.html#cxx11) Signed-off-by:
Fabrice Fontaine <fontaine.fabrice@gmail.com>
-
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
Signed-off-by: -
2xsec authored
If caller passed the size of array not string length, it is possible to be accessed out of bounds. Reorder conditions can prevent access invalid index of array. Signed-off-by: -
2xsec authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This reverts commit 2fb7cf0b. The problem wasn't caused by the reverted commit and was fixed in commit 0c9b1f82 ("macro: calculate buffer lengths correctly") The full explanation can be taken from the following irc excerpt from the #lxc-dev channel: │19:54:47 brauner | there was a bug in one of the standard macros we used │19:55:01 brauner | and the changes by INTTYPE_TO_STRLEN() caused the issue to surface │19:55:03 brauner | which is good │19:55:16 brauner | i sent a branch and stgraber merged it that fixes it │19:57:56 Blub\0 | so... │19:58:31 Blub\0 | still doesn't explain how it was the sizeof() patch │20:07:14 brauner | Blub\0: so here's the long explanation │20:07:35 brauner | Blub\0: stgraber bumped pid_max on our jenkins test builders │20:07:53 brauner | Blub\0: because we're running *a lot* of containers │20:07:56 brauner | in any case │20:08:06 brauner | there was a buffer │20:08:12 brauner | LXC_LSMATTRLEN │20:08:59 brauner | it used to be │20:09:03 brauner | -/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */ │20:09:03 brauner | -#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) │20:09:14 brauner | which one can see is wrong │20:09:21 brauner | before the INTTYPE patchset │20:09:40 brauner | INTTYPE_TO_STRLEN(pid_t) was LXC_NUMSTRLEN64 │20:09:45 brauner | which gave you 21 chars │20:09:57 brauner | so it accounted for the missing parts │20:10:03 brauner | because the correct macro should've been │20:10:17 brauner | +/* /proc/ = 6 │20:10:17 brauner | + * + │20:10:17 brauner | + * <pid-as-str> = INTTYPE_TO_STRLEN(pid_t) │20:10:17 brauner | + * + │20:10:17 brauner | + * /attr/ = 6 │20:10:17 brauner | + * + │20:10:17 brauner | + * /current = 8 │20:10:17 brauner | + * + │20:10:17 brauner | + * \0 = 1 │20:10:17 brauner | + */ │20:10:17 brauner | +#define LXC_LSMATTRLEN (6 + INTTYPE_TO_STRLEN(pid_t) + 6 + 8 + 1) │20:10:24 Blub\0 | still │20:10:31 brauner | the issue was only seen │20:10:39 brauner | when the pid number hit a specific maximum │20:10:50 Blub\0 | the sizeof patch only changed instances of actual char buf[A_FIXED_NUMBER] + snprintf(buf, A_FIXED_NUMBER, ...) │20:10:54 brauner | aka exceeded the newly shortened buffer │20:11:42 brauner | your patch was a red herring │20:12:03 Blub\0 | I guess │20:12:06 brauner | it didn't cause it │20:12:14 brauner | it just surfaced at the same time it was merged │20:12:25 Blub\0 | so we can revert the revert then? :) │20:12:35 brauner | yes, that was th eplan all along Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
