- 07 Oct, 2015 8 commits
-
-
Wolfgang Bumiller authored
Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Christian Brauner authored
When users wanted to mount overlay directories with lxc.mount.entry they had to create upperdirs and workdirs beforehand in order to mount them. To create it for them we add the functions mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() which do this for them. User can now simply specify e.g.: lxc.mount.entry = /lower merged overlay lowerdir=/lower,upper=/upper,workdir=/workdir,create=dir and /upper and /workdir will be created for them. /upper and /workdir need to be absolute paths to directories which are created under the containerdir (e.g. under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the containerdir, and mountpoints within the container's rootfs are ignored. (The latter *might* change in the future should it be considered safe/useful.) Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower:/lower2,create=dir will lead to a read-only overlay mount in accordance with the kernel-documentation. Specifying lxc.mount.entry = /lower merged overlay lowerdir=/lower,create=dir will fail when no upperdir and workdir options are given. Signed-off-by:Christian Brauner <christianvanbrauner@gmail.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Serge Hallyn authored
The default_mounts[i].destination is never NULL except in the last 'stop here' entry. Coverity doesn't know about that and so is spewing a warning. In any case, let's add a more stringent check in case someone accidentally adds a NULL there later. Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 592fd47aSigned-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
Serge Hallyn authored
This would have caught the regression last night. Signed-off-by:
-
Bogdan Purcareata authored
Enable aarch64 seccomp support for LXC containers running on ARM64 architectures. Tested with libseccomp 2.2.0 and the default seccomp policy example files delivered with the LXC package. Signed-off-by:
Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by:
-
Colin Watson authored
On Ubuntu 15.04, lxc-start-ephemeral's call to pwd.getpwnam always fails. While I haven't been able to prove it or track down an exact cause, I strongly suspect that glibc does not guarantee that you can call NSS functions after a context switch without re-execing. (Running "id root" in a subprocess from the same point works fine.) It's safer to use getent to extract the relevant line from the passwd file and parse it directly. Signed-off-by:Colin Watson <cjwatson@ubuntu.com>
-
- 29 Sep, 2015 10 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Kaarle Ritvanen authored
Signed-off-by:
Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by:
-
Kaarle Ritvanen authored
Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Christian Brauner authored
CAP_BLOCK_SUSPEND (since Linux 3.5) Employ features that can block system suspend (epoll(7) EPOLLWAKEUP, /proc/sys/wake_lock). Signed-off-by: -
Christian Brauner authored
CAP_AUDIT_READ (since Linux 3.16) Allow reading the audit log via a multicast netlink socket. Signed-off-by: -
Stéphane Graber authored
The dpkg architecture isn't relevant to LXC, only the kernel arch is. Signed-off-by:
Gergely Szasz <szaszg@hu.inter.net> Acked-by:
-
Serge Hallyn authored
Don't proceed to try the mount if we failed to create the target if it didn't exist. Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
When a container starts up, lxc sets up the container's inital fstree by doing a bunch of mounting, guided by the container configuration file. The container config is owned by the admin or user on the host, so we do not try to guard against bad entries. However, since the mount target is in the container, it's possible that the container admin could divert the mount with symbolic links. This could bypass proper container startup (i.e. confinement of a root-owned container by the restrictive apparmor policy, by diverting the required write to /proc/self/attr/current), or bypass the (path-based) apparmor policy by diverting, say, /proc to /mnt in the container. To prevent this, 1. do not allow mounts to paths containing symbolic links 2. do not allow bind mounts from relative paths containing symbolic links. Details: Define safe_mount which ensures that the container has not inserted any symbolic links into any mount targets for mounts to be done during container setup. The host's mount path may contain symbolic links. As it is under the control of the administrator, that's ok. So safe_mount begins the check for symbolic links after the rootfs->mount, by opening that directory. It opens each directory along the path using openat() relative to the parent directory using O_NOFOLLOW. When the target is reached, it mounts onto /proc/self/fd/<targetfd>. Use safe_mount() in mount_entry(), when mounting container proc, and when needed. In particular, safe_mount() need not be used in any case where: 1. the mount is done in the container's namespace 2. the mount is for the container's rootfs 3. the mount is relative to a tmpfs or proc/sysfs which we have just safe_mount()ed ourselves Since we were using proc/net as a temporary placeholder for /proc/sys/net during container startup, and proc/net is a symbolic link, use proc/tty instead. Update the lxc.container.conf manpage with details about the new restrictions. Finally, add a testcase to test some symbolic link possibilities. Reported-by: Roman Fiedler Signed-off-by:
-
- 25 Sep, 2015 2 commits
-
-
Tycho Andersen authored
Since we want to use null-terminated abstract sockets, let's compute the length of them correctly. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
KATOH Yasufumi authored
* Remove '-P' option, and common options (including '-P' option) * Add long option for '-f' * Improve Japanese translation Signed-off-by:
-
- 21 Sep, 2015 9 commits
-
-
Stéphane Graber authored
I've noticed that a bunch of the code we've included over the past few weeks has been using 8-spaces rather than tabs, making it all very hard to read depending on your tabstop setting. This commit attempts to revert all of that back to proper tabs and fix a few more cases I've noticed here and there. No functional changes are included in this commit. Signed-off-by: -
Serge Hallyn authored
Otherwise the kernel will umount when it gets around to it, but that on lxc_destroy we may race with it and fail the rmdir of the overmounted (BUSY) rootfs. This makes lxc-test-snapshot pass for me again. Signed-off-by:
-
Serge Hallyn authored
(This *should* fix the lxc-test-snapshot testcase, but doesn't seem to by itself.) If it doesn't exist, we may as well start with an empty one. This is needed when creating an overlayfs snapshot. Signed-off-by:
-
Serge Hallyn authored
We're asked to delete it, don't fail if it doesn't exist. This stops lxc-destroy from failing when the container isn't fully built. Signed-off-by:
-
Tycho Andersen authored
Here's some more config options that we do actually require to be able to boot containers. Signed-off-by:
-
Serge Hallyn authored
Closes #655 We can't rsync the delta as unpriv user because we can't create the chardevs representing a whiteout. We can however rsync the rootfs and have the kernel create the whiteouts for us. do_rsync: pass --delete Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Serge Hallyn authored
Newer kernels have added a new restriction: if /proc or /sys on the host has files or non-empty directories which are over-mounted, and there is no /proc which fully visible, then it assumes there is a "security" reason for this. It prevents anyone in a non-initial user namespace from creating a new proc or sysfs mount. To work around this, this patch adds a new 'nesting.conf' which can be lxc.include'd from a container configuration file. It adds a non-overmounted mount of /proc and /sys under /dev/.lxc, so that the kernel can see that we're not trying to *hide* things like /proc/uptime. and /sys/devices/virtual/net. If the host adds this to the config file for container w1, then container w1 will support unprivileged child containers. The nesting.conf file also sets the apparmor profile to the with-nesting variant, since that is required anyway. This actually means that supporting nesting isn't really more work than it used to be, just different. Instead of adding lxc.aa_profile = lxc-container-default-with-nesting you now just need to lxc.include = /usr/share/lxc/config/nesting.conf (Look, fewer characters :) Finally, in order to maintain the current apparmor protections on proc and sys, we make /dev/.lxc/{proc,sys} non-read/writeable. We don't need to be able to use them, we're just showing the kernel what's what. Signed-off-by: -
KATOH Yasufumi authored
Add the description of optional, create=file/dir for lxc.mount.entry. This is update for commit f5b67b36. Signed-off-by:
-
- 15 Sep, 2015 3 commits
-
-
Serge Hallyn authored
First, fix use of uninitialized variable 'ret'. Then, actually use the value it returned in its caller. Signed-off-by: -
Major Hayden authored
On very busy systems, some virtual network devices won't be destroyed after a container halts. This patch uses the lxc_delete_network() method to ensure that network devices attached to the container are destroyed when the container halts. Without the patch, some virtual network devices are left over on the system and must be removed with `ip link del <device>`. This caused containers with lxc.network.veth.pair to not be able to start. For containers using randomly generated virtual network device names, the old devices will hang around on the bridge with their original MAC address. Signed-off-by:Major Hayden <major@mhtx.net>
-
Stéphane Graber authored
Signed-off-by:
-
- 28 Aug, 2015 8 commits
-
-
Christian Brauner authored
"NAME for name of the container" becomes "NAME of the container" Signed-off-by:
-
Christian Brauner authored
- Passing the LXC_CLONE_KEEPNAME flag to do_lxcapi_clone() was not respected and let to unexpected behaviour for e.g. lxc-clone. We wrap clear_unexp_config_line() and set_config_item_line() in an appropriate if-condition. Signed-off-by:
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <nicolac76@yahoo.fr>
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <ncornu@aldebaran.com>
-
Nicolas Cornu authored
Signed-off-by: -
Michal Grzedzicki authored
Signed-off-by:Michał Grzędzicki <lazy404@gmail.com>
-
Wolfgang Bumiller authored
When setting lxc.network.veth.pair to get a fixed interface name the recreation of it after a reboot caused an EEXIST. -) The reboot flag is now a three-state value. It's set to 1 to request a reboot, and 2 during a reboot until after lxc_spawn where it is reset to 0. -) If the reboot is set (!= 0) within instantiate_veth and a fixed name is used, the interface is now deleted before being recreated. Signed-off-by:
-
Stéphane Graber authored
This fixes some typos, missing newlines and unflushed output leading to duplicate entries when piped (similar to what we had in lxc-info). Reported-by: Marc Gariépy Signed-off-by:
-
