- 15 Dec, 2017 40 commits
-
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
- the reboot2() API extension doesn't exist so the command socket fd needs to be closed unconditionally - fix bad cherry-pick that tried to take the lock on the state client list twice Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This is based on raw_clone in systemd but adapted to our needs. The main reason is that we need an implementation of fork()/clone() that does guarantee us that no pthread_atfork() handlers are run. While clone() in glibc currently doesn't run pthread_atfork() handlers we should be fine but there's no guarantee that this won't be the case in the future. So let's do the syscall directly - or as direct as we can. An additional nice feature is that we get fork() behavior, i.e. lxc_raw_clone() returns 0 in the child and the child pid in the parent. Our implementation tries to make sure that we cover all cases according to kernel sources. Note that we are not interested in any arguments that could be passed after the stack. Signed-off-by: -
Christian Brauner authored
When we report STOPPED to a caller and then close the command socket it is technically possible - and I've seen this happen on the test builders - that a container start() right after a wait() will receive ECONNREFUSED because it called open() before we close(). So for all new state clients simply close the command socket. This will inform all state clients that the container is STOPPED and also prevents a race between a open()/close() on the command socket causing a new process to get ECONNREFUSED because we haven't yet closed the command socket. Signed-off-by: -
Serge Hallyn authored
if user has lxc.rootfs.path = /some/path/foo, but can't access some piece of that path, then we'll get an unhelpful "failed to mount" without any indication of the problem. At least show that there is a permission problem. Signed-off-by:Serge Hallyn <shallyn@cisco.com>
-
Christian Brauner authored
Prior to this patch we raced with a very short-lived init process. Essentially, the init process could exit before we had time to record the cgroup namespace causing the container to abort and report ABORTING to the caller when it actually started just fine. Let's not do this. (This uses syscall(SYS_getpid) in the the child to retrieve the pid just in case we're on an older glibc version and we end up in the namespace sharing branch of the actual lxc_clone() call.) Additionally this fixes the shortlived tests. They were faulty so far and should have actually failed because of the cgroup namespace recording race but the ret variable used to return from the function was not correctly initialized. This fixes it. Furthermore, the shortlived tests used the c->error_num variable to determine success or failure but this is actually not correct when the container is started daemonized. Signed-off-by: -
Christian Brauner authored
The error_num value doesn't tell us anything since the container hasn't exited. Signed-off-by: -
Christian Brauner authored
Starting with commit commit c5b93afb Author: Li Feng <lifeng68@huawei.com> Date: Mon Jul 10 17:19:52 2017 +0800 start: dup std{in,out,err} to pty slave In the case the container has a console with a valid slave pty file descriptor we duplicate std{in,out,err} to the slave file descriptor so console logging works correctly. When the container does not have a valid slave pty file descriptor for its console and is started daemonized we should dup to /dev/null. Closes #1646. Signed-off-by:Li Feng <lifeng68@huawei.com> Signed-off-by:
Felix Abecassis <fabecassis@nvidia.com> Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
remove logically dead code Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
check return value of snprintf() Signed-off-by: -
Christian Brauner authored
remove logically dead code Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
initialize handler Signed-off-by: -
Christian Brauner authored
remove logically dead code Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
do not pass NULL pointer to chdir() Signed-off-by: -
Christian Brauner authored
do not unmap prematurely Signed-off-by: -
Christian Brauner authored
check snprintf() return value Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Detaching network namespaces as an unprivileged user is currently not possible and attaching to the user namespace will mean we are not allowed to move the network device into an ancestor network namespace. Signed-off-by: -
Christian Brauner authored
- check for memory allocation failure - free allocated memory - cleanup function Signed-off-by: -
Jonathan Calmels authored
Signed-off-by:Jonathan Calmels <jcalmels@nvidia.com>
-
Christian Brauner authored
Moving away from internal symbols we can't do hacks like we currently do in lxc-start and call internal functions like lxc_conf_init(). This is unsafe anyway. Instead, we should simply error out if the user didn't give us a configuration file to use. lxc-start refuses to start in that case already. Relates to discussion in https://github.com/lxc/go-lxc/pull/96#discussion_r155075560 . Closes #2023. Reported-by:
-
Jonathan Calmels authored
Signed-off-by: -
Christian Brauner authored
do not double close file descriptor Signed-off-by: -
Christian Brauner authored
ensure \0-termination Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
remove logically dead code Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
used calculated string length when copying into buffer Signed-off-by: -
Christian Brauner authored
fix use after free Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
This fixes a bug introduced by: commit 94f0035b Author: Christian Brauner <christian.brauner@ubuntu.com> Date: Thu Dec 7 15:07:26 2017 +0100 coverity: #1425924 remove logically dead condition Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Marcos Paulo de Souza authored
The same message exists in lxclock.c and cgmanager.c, so print the filename along with the message. Before this patch: lxc-destroy -n u1 pthread_mutex_unlock returned:1 Operation not permitted After this patch: xc-destroy -n u1 lxclock.c: pthread_mutex_unlock returned:1 Operation not permitted Signed-off-by:Marcos Paulo de Souza <marcos.souza.org@gmail.com>
-
Christian Brauner authored
check return value of getifaddrs() Signed-off-by: -
Christian Brauner authored
do not call close on bad file descriptor Signed-off-by:
-
