]> git.ipfire.org Git - thirdparty/lxc.git/log
thirdparty/lxc.git
4 years agomainloop: s/handler_name/name/g
Christian Brauner [Wed, 11 Aug 2021 13:58:58 +0000 (15:58 +0200)] 
mainloop: s/handler_name/name/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3931 from brauner/2021-08-11.fixes
Stéphane Graber [Wed, 11 Aug 2021 14:58:21 +0000 (10:58 -0400)] 
Merge pull request #3931 from brauner/2021-08-11.fixes

memory_utils: make cleanup handler as unused

4 years agomainloop: move variables into tighter scope 3931/head
Christian Brauner [Wed, 11 Aug 2021 13:52:12 +0000 (15:52 +0200)] 
mainloop: move variables into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomemory_utils: make cleanup handler as unused
Christian Brauner [Wed, 11 Aug 2021 13:43:18 +0000 (15:43 +0200)] 
memory_utils: make cleanup handler as unused

They are sometimes used to just clean something up automatically at end
of scope but the variables themselves might not be actually used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3930 from brauner/2021-08-10.fixes
Stéphane Graber [Wed, 11 Aug 2021 13:08:09 +0000 (09:08 -0400)] 
Merge pull request #3930 from brauner/2021-08-10.fixes

mainloop: io_uring cleanup handling fixes

4 years agomainloop: fix io_uring cleanup handling 3930/head
Christian Brauner [Wed, 11 Aug 2021 09:03:13 +0000 (11:03 +0200)] 
mainloop: fix io_uring cleanup handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomainloop: remove CANCEL_RAISE flag
Christian Brauner [Tue, 10 Aug 2021 15:57:26 +0000 (17:57 +0200)] 
mainloop: remove CANCEL_RAISE flag

This is really not needed since we're not checking it anywhere anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomainloop: minor fixes
Christian Brauner [Tue, 10 Aug 2021 15:42:41 +0000 (17:42 +0200)] 
mainloop: minor fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3928 from simondeziel/download-user-agent
Christian Brauner [Tue, 10 Aug 2021 15:09:06 +0000 (17:09 +0200)] 
Merge pull request #3928 from simondeziel/download-user-agent

lxc-download: customize the user-agent to include LXC package version and compat level

4 years agoMerge pull request #3929 from tych0/fix-sys-poll-warning
Christian Brauner [Tue, 10 Aug 2021 15:07:19 +0000 (17:07 +0200)] 
Merge pull request #3929 from tych0/fix-sys-poll-warning

mainloop: s,sys/poll,poll

4 years agomainloop: s,sys/poll,poll 3929/head
Tycho Andersen [Tue, 10 Aug 2021 14:45:21 +0000 (08:45 -0600)] 
mainloop: s,sys/poll,poll

I get the following warning (which then fails the build because of
-Werror):

In file included from mainloop.c:11:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      |  ^~~~~~~

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
4 years agolxc-download: add LXC version/compat level to user-agent 3928/head
Simon Deziel [Tue, 10 Aug 2021 14:35:12 +0000 (10:35 -0400)] 
lxc-download: add LXC version/compat level to user-agent

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
4 years agoMerge pull request #3924 from brauner/2021-06-04.io_uring
Stéphane Graber [Tue, 10 Aug 2021 14:01:55 +0000 (10:01 -0400)] 
Merge pull request #3924 from brauner/2021-06-04.io_uring

mainloop: io_uring support

4 years agomainloop: add io_uring support 3924/head
Christian Brauner [Fri, 4 Jun 2021 16:21:04 +0000 (18:21 +0200)] 
mainloop: add io_uring support

Users can choose to compile liblxc with io_uring support. This will
cause LXC to use io_uring instead of epoll.
We're using both, io_uring's one-shot and multi-shot poll mode depending
on the type of handler.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3927 from tomponline/tp-nic-address-broadcast
Christian Brauner [Tue, 10 Aug 2021 11:03:10 +0000 (13:03 +0200)] 
Merge pull request #3927 from tomponline/tp-nic-address-broadcast

doc: Adds mention of ability to specify manual IPv4 broadcast address

4 years agodoc: Adds mention of ability to specify manual IPv4 broadcast address 3927/head
Thomas Parrott [Tue, 10 Aug 2021 10:32:30 +0000 (11:32 +0100)] 
doc: Adds mention of ability to specify manual IPv4 broadcast address

See also https://github.com/lxc/lxd/pull/9103

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
4 years agotree-wide: s/lxc_epoll_descr/lxc_async_descr/g
Christian Brauner [Fri, 4 Jun 2021 13:13:14 +0000 (15:13 +0200)] 
tree-wide: s/lxc_epoll_descr/lxc_async_descr/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: log session keyring failure on WARN level
Christian Brauner [Fri, 6 Aug 2021 07:45:33 +0000 (09:45 +0200)] 
conf: log session keyring failure on WARN level

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agocgroups: log at warning instead of error level
Christian Brauner [Wed, 4 Aug 2021 10:31:07 +0000 (12:31 +0200)] 
cgroups: log at warning instead of error level

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3926 from stgraber/master
Christian Brauner [Mon, 9 Aug 2021 17:41:40 +0000 (19:41 +0200)] 
Merge pull request #3926 from stgraber/master

doc/api-extensions: Grammar fix

4 years agodoc/api-extensions: Grammar fix 3926/head
Stéphane Graber [Mon, 9 Aug 2021 17:18:44 +0000 (13:18 -0400)] 
doc/api-extensions: Grammar fix

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
4 years agoMerge pull request #3925 from brauner/2021-08-09.fixes
Stéphane Graber [Mon, 9 Aug 2021 14:25:07 +0000 (10:25 -0400)] 
Merge pull request #3925 from brauner/2021-08-09.fixes

lsm/apparmor: small fixes

4 years agolsm/apparmor: use cleanup macro 3925/head
Christian Brauner [Mon, 9 Aug 2021 13:59:26 +0000 (15:59 +0200)] 
lsm/apparmor: use cleanup macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agolsm/apparmor: log failure to write AppArmor profile
Christian Brauner [Mon, 9 Aug 2021 13:58:53 +0000 (15:58 +0200)] 
lsm/apparmor: log failure to write AppArmor profile

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3923 from brauner/2021-08-05.fixes
Stéphane Graber [Thu, 5 Aug 2021 15:41:23 +0000 (11:41 -0400)] 
Merge pull request #3923 from brauner/2021-08-05.fixes

network: fix container with empty network namespaces

4 years agonetwork: fix container with empty network namespaces 3923/head
Christian Brauner [Thu, 5 Aug 2021 14:16:33 +0000 (16:16 +0200)] 
network: fix container with empty network namespaces

Fixes: #3922
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3921 from brauner/2021-08-03.fixes
Stéphane Graber [Tue, 3 Aug 2021 14:02:27 +0000 (10:02 -0400)] 
Merge pull request #3921 from brauner/2021-08-03.fixes

conf: rootfs mount option fixes

4 years agotests: add test for rootfs mount options 3921/head
Christian Brauner [Tue, 3 Aug 2021 12:40:28 +0000 (14:40 +0200)] 
tests: add test for rootfs mount options

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: allow mount options for rootfs when using new mount api
Christian Brauner [Tue, 3 Aug 2021 11:16:45 +0000 (13:16 +0200)] 
conf: allow mount options for rootfs when using new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomount_utils: make some mount helpers static inline
Christian Brauner [Tue, 3 Aug 2021 10:51:24 +0000 (12:51 +0200)] 
mount_utils: make some mount helpers static inline

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: let parse_vfs_attr() handle legacy mount flags as well
Christian Brauner [Tue, 3 Aug 2021 10:13:01 +0000 (12:13 +0200)] 
conf: let parse_vfs_attr() handle legacy mount flags as well

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: log failure to create tty mountpoint
Christian Brauner [Tue, 3 Aug 2021 07:22:46 +0000 (09:22 +0200)] 
conf: log failure to create tty mountpoint

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3920 from brauner/2021-08-02.fixes
Stéphane Graber [Mon, 2 Aug 2021 18:33:37 +0000 (14:33 -0400)] 
Merge pull request #3920 from brauner/2021-08-02.fixes

mount_utils: introduce mount_at()

4 years agoconf: refactor lxc_recv_ttys_from_child() 3920/head
Christian Brauner [Mon, 2 Aug 2021 17:16:54 +0000 (19:16 +0200)] 
conf: refactor lxc_recv_ttys_from_child()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: fix logging in lxc_idmapped_mounts_child()
Christian Brauner [Mon, 2 Aug 2021 16:47:44 +0000 (18:47 +0200)] 
conf: fix logging in lxc_idmapped_mounts_child()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomount_utils: introduce mount_at()
Christian Brauner [Mon, 2 Aug 2021 13:30:03 +0000 (15:30 +0200)] 
mount_utils: introduce mount_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3919 from brauner/2021-07-31.devpts
Stéphane Graber [Sat, 31 Jul 2021 14:54:25 +0000 (10:54 -0400)] 
Merge pull request #3919 from brauner/2021-07-31.devpts

terminal: handle kernel without TIOCGPTPEER

4 years agoterminal: fail on unknown error during TIOCGPTPEER 3919/head
Christian Brauner [Sat, 31 Jul 2021 08:19:57 +0000 (10:19 +0200)] 
terminal: fail on unknown error during TIOCGPTPEER

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: move native terminal allocation from error logging to info
Christian Brauner [Sat, 31 Jul 2021 08:17:36 +0000 (10:17 +0200)] 
terminal: move native terminal allocation from error logging to info

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: handle kernels without TIOCGPTPEER
Christian Brauner [Sat, 31 Jul 2021 08:14:39 +0000 (10:14 +0200)] 
conf: handle kernels without TIOCGPTPEER

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3918 from brauner/2021-07-30.devpts
Stéphane Graber [Fri, 30 Jul 2021 14:42:39 +0000 (10:42 -0400)] 
Merge pull request #3918 from brauner/2021-07-30.devpts

conf: rework console setup

4 years agostart: allow containers to use a native console 3918/head
Christian Brauner [Fri, 30 Jul 2021 12:28:17 +0000 (14:28 +0200)] 
start: allow containers to use a native console

After all of the previous rework we can make it possible for a container
to use a console allocated from the container's devpts instance.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: remove unused argument from lxc_devpts_terminal()
Christian Brauner [Fri, 30 Jul 2021 11:49:15 +0000 (13:49 +0200)] 
terminal: remove unused argument from lxc_devpts_terminal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: rework console setup
Christian Brauner [Fri, 30 Jul 2021 11:13:28 +0000 (13:13 +0200)] 
conf: rework console setup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agofile_utils: add open_at_same()
Christian Brauner [Fri, 30 Jul 2021 11:02:01 +0000 (13:02 +0200)] 
file_utils: add open_at_same()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: use mount_fd() during console mounting
Christian Brauner [Fri, 30 Jul 2021 07:40:40 +0000 (09:40 +0200)] 
conf: use mount_fd() during console mounting

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: use mount_fd() in lxc_setup_dev_console()
Christian Brauner [Fri, 30 Jul 2021 07:27:54 +0000 (09:27 +0200)] 
conf: use mount_fd() in lxc_setup_dev_console()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: use mount_fd() helper when mounting ttys
Christian Brauner [Fri, 30 Jul 2021 07:20:22 +0000 (09:20 +0200)] 
conf: use mount_fd() helper when mounting ttys

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agomount_utils: add mount_fd()
Christian Brauner [Fri, 30 Jul 2021 07:15:14 +0000 (09:15 +0200)] 
mount_utils: add mount_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: stash pty_nr in struct lxc_terminal
Christian Brauner [Fri, 30 Jul 2021 07:07:50 +0000 (09:07 +0200)] 
conf: stash pty_nr in struct lxc_terminal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3916 from brauner/2021-07-29.fixes
Stéphane Graber [Thu, 29 Jul 2021 17:26:19 +0000 (13:26 -0400)] 
Merge pull request #3916 from brauner/2021-07-29.fixes

conf: move remaining setup before pivot root

4 years agoconf: move lxc_create_ttys() before pivot root 3916/head
Christian Brauner [Thu, 29 Jul 2021 17:00:32 +0000 (19:00 +0200)] 
conf: move lxc_create_ttys() before pivot root

This is the last setup step that occured after pivot root.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: split out lxc_devpts_terminal() helper
Christian Brauner [Thu, 29 Jul 2021 16:39:26 +0000 (18:39 +0200)] 
terminal: split out lxc_devpts_terminal() helper

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3915 from brauner/2021-07-29.fixes
Stéphane Graber [Thu, 29 Jul 2021 16:42:39 +0000 (12:42 -0400)] 
Merge pull request #3915 from brauner/2021-07-29.fixes

string_utils: cast __s64 to long long signed int

4 years agostring_utils: cast __s64 to long long signed int 3915/head
Christian Brauner [Thu, 29 Jul 2021 16:25:19 +0000 (18:25 +0200)] 
string_utils: cast __s64 to long long signed int

Link: https://launchpadlibrarian.net/550723147/buildlog_snap_ubuntu_focal_ppc64el_lxd-latest-edge_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3914 from brauner/2021-07-29.devpts
Stéphane Graber [Thu, 29 Jul 2021 16:20:23 +0000 (12:20 -0400)] 
Merge pull request #3914 from brauner/2021-07-29.devpts

devpts: move setup before pivot root

4 years agoconf: merge devpts setup and move before pivot root 3914/head
Christian Brauner [Thu, 29 Jul 2021 13:52:52 +0000 (15:52 +0200)] 
conf: merge devpts setup and move before pivot root

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: don't use ttyname_r() for native terminal allocation
Christian Brauner [Thu, 29 Jul 2021 13:46:17 +0000 (15:46 +0200)] 
terminal: don't use ttyname_r() for native terminal allocation

Since we can call that function from another mount namespace we need to
do this manually.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: add and use mount_beneath_fd()
Christian Brauner [Thu, 29 Jul 2021 12:32:21 +0000 (14:32 +0200)] 
conf: add and use mount_beneath_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: update comment
Christian Brauner [Thu, 29 Jul 2021 12:16:39 +0000 (14:16 +0200)] 
conf: update comment

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: use a relative path in symlinkat()
Christian Brauner [Thu, 29 Jul 2021 12:15:51 +0000 (14:15 +0200)] 
conf: use a relative path in symlinkat()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: s/lxc_setup_devpts_parent/lxc_recv_devpts_from_child/g
Christian Brauner [Thu, 29 Jul 2021 09:00:51 +0000 (11:00 +0200)] 
conf: s/lxc_setup_devpts_parent/lxc_recv_devpts_from_child/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: attach devpts mount directly when new mount api can be used
Christian Brauner [Thu, 29 Jul 2021 08:46:59 +0000 (10:46 +0200)] 
conf: attach devpts mount directly when new mount api can be used

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: set source property for devpts
Christian Brauner [Thu, 29 Jul 2021 13:39:04 +0000 (15:39 +0200)] 
conf: set source property for devpts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: surface failures to setup console
Christian Brauner [Thu, 29 Jul 2021 13:26:17 +0000 (15:26 +0200)] 
conf: surface failures to setup console

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3912 from brauner/2021-07-28.devpts
Stéphane Graber [Wed, 28 Jul 2021 20:48:18 +0000 (16:48 -0400)] 
Merge pull request #3912 from brauner/2021-07-28.devpts

conf: devpts rework

4 years agoMerge pull request #3913 from stgraber/master
Christian Brauner [Wed, 28 Jul 2021 19:49:14 +0000 (21:49 +0200)] 
Merge pull request #3913 from stgraber/master

Fix typos

4 years agoFix typos 3913/head
Stéphane Graber [Wed, 28 Jul 2021 19:13:52 +0000 (15:13 -0400)] 
Fix typos

This fixes all typos identified by lintian.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
4 years agoconf: ensure devpts_fd is set to -EBADF 3912/head
Christian Brauner [Wed, 28 Jul 2021 16:39:31 +0000 (18:39 +0200)] 
conf: ensure devpts_fd is set to -EBADF

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: ttyname_r() returns an error number on failure
Christian Brauner [Wed, 28 Jul 2021 15:25:38 +0000 (17:25 +0200)] 
terminal: ttyname_r() returns an error number on failure

In other words, how inconsistent can an API be?

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconf: use new mount api for devpts setup
Christian Brauner [Wed, 28 Jul 2021 14:38:36 +0000 (16:38 +0200)] 
conf: use new mount api for devpts setup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3910 from petris/tty_enxio
Christian Brauner [Thu, 22 Jul 2021 07:24:15 +0000 (09:24 +0200)] 
Merge pull request #3910 from petris/tty_enxio

lxc_setup_ttys: Handle existing ttyN file without underlying device

4 years agoMerge pull request #3909 from petris/bpf_enosys_warn
Christian Brauner [Wed, 21 Jul 2021 13:25:36 +0000 (15:25 +0200)] 
Merge pull request #3909 from petris/bpf_enosys_warn

bpf: simplify detection if BPF is supported

4 years agoMerge pull request #3911 from siv0/fix_legacy_cgroup_devices
Christian Brauner [Tue, 20 Jul 2021 15:57:42 +0000 (17:57 +0200)] 
Merge pull request #3911 from siv0/fix_legacy_cgroup_devices

Fix legacy cgroup devices

4 years agobpf: bpf_devices_cgroup_supported() should check if bpf() is available 3909/head
Petr Malat [Mon, 19 Jul 2021 10:28:45 +0000 (12:28 +0200)] 
bpf: bpf_devices_cgroup_supported() should check if bpf() is available

bpf_devices_cgroup_supported() tries to load a simple BPF program to
test if BPF works. This is problematic because the function used to load
the program - bpf_program_load_kernel() - emits an error to the log if
BPF is not enabled in the kernel although device controller is not
requested in the configuration. Users could interpret that as a problem.

Make bpf_devices_cgroup_supported() check if the BPF syscall is available
before calling bpf_program_load_kernel(). We can do it by passing a NULL
pointer instead of the syscall argument as the kernel returns either
ENOSYS, when the syscall is not implemented or EFAULT, when it is
implemented.

Signed-off-by: Petr Malat <oss@malat.biz>
4 years agolxc_setup_ttys: Handle existing ttyN file without underlying device 3910/head
Petr Malat [Mon, 19 Jul 2021 19:51:25 +0000 (21:51 +0200)] 
lxc_setup_ttys: Handle existing ttyN file without underlying device

If a device file is opened and there isn't the underlying device,
the open call fails with ENXIO, but the path can be opened with
O_PATH, which is enough for mounting over the device file.

Generalize this idea and use O_PATH for all cases when the file
is there. One still must check for both ENXIO and EEXIST as it's
unspecified what error is reported if multiple error conditions
occur at the same time.

Signed-off-by: Petr Malat <oss@malat.biz>
4 years agocgroups: remove unneeded variables from cgroup_tree_create 3911/head
Stoiko Ivanov [Tue, 20 Jul 2021 08:30:36 +0000 (10:30 +0200)] 
cgroups: remove unneeded variables from cgroup_tree_create

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 years agocgroups: populate hierarchy for device cgroup
Stoiko Ivanov [Mon, 19 Jul 2021 14:55:43 +0000 (16:55 +0200)] 
cgroups: populate hierarchy for device cgroup

With the changes introduced in:
b7b1e3a34ce28b01206c48227930ff83d399e7b6
the hierarchy-struct did not have the path_lim set anymore, which is
needed by setup_limits_legacy (->cg_legacy_set_data->lxc_write_openat)
to actually access the cgroup directory.

The issue can be reproduced with a container config having
```
lxc.cgroup.devices.deny = a
```
(or any lxc.cgroup.devices entry) set on a system booted with
systemd.unified_cgroup_hierarchy=0.

This affects all privileged containers on PVE (due to the default
devices.deny entry).

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
4 years agoMerge pull request #3908 from brauner/2021-07-15.fixes.4
Stéphane Graber [Thu, 15 Jul 2021 20:14:07 +0000 (16:14 -0400)] 
Merge pull request #3908 from brauner/2021-07-15.fixes.4

terminal: fix error handling

4 years agoterminal: fix error handling 3908/head
Christian Brauner [Thu, 15 Jul 2021 20:09:31 +0000 (22:09 +0200)] 
terminal: fix error handling

Fixes: f382bcc6d820 ("terminal: log TIOCGPTPEER failure less alarmingly")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3907 from brauner/2021-07-15.fixes.3
Stéphane Graber [Thu, 15 Jul 2021 17:19:26 +0000 (13:19 -0400)] 
Merge pull request #3907 from brauner/2021-07-15.fixes.3

terminal: log TIOCGPTPEER failure less alarmingly

4 years agoMerge pull request #3906 from brauner/2021-07-15.fixes.2
Stéphane Graber [Thu, 15 Jul 2021 16:48:14 +0000 (12:48 -0400)] 
Merge pull request #3906 from brauner/2021-07-15.fixes.2

grammar fixes

4 years agoaf_unix: report error when no fd is to be sent 3907/head
Christian Brauner [Thu, 15 Jul 2021 16:47:27 +0000 (18:47 +0200)] 
af_unix: report error when no fd is to be sent

Fixes: #3624
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoterminal: log TIOCGPTPEER failure less alarmingly
Christian Brauner [Thu, 15 Jul 2021 16:37:22 +0000 (18:37 +0200)] 
terminal: log TIOCGPTPEER failure less alarmingly

This is not a fatal error and the fallback codepath is equally safe.
When we use TIOCGPTPEER we're using a stashed fd to the container's
devpts mount's ptmx device and allocating a new fd non-path based
through this ioctl. If this ioctl can't be used we're falling back to
allocating a pts device from the host's devpts mount's ptmx device which
is path-based but is not under control of the container and so that's
safe. The difference is just that the first method gets you a nice
native terminal with all the pleasantries of having tty and friends
working whereas the latter method does not.

Fixes: #3625
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agosync: fix log message 3906/head
Christian Brauner [Thu, 15 Jul 2021 16:18:25 +0000 (18:18 +0200)] 
sync: fix log message

Fixes: #3875
Suggested-by: Hank.shi <shk242673@163.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agostart: fix logging message
Christian Brauner [Thu, 15 Jul 2021 16:16:39 +0000 (18:16 +0200)] 
start: fix logging message

Fixes: #3875
Suggested-by: Hank.shi <shk242673@163.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3905 from brauner/2021-07-15.fixes
Stéphane Graber [Thu, 15 Jul 2021 12:58:57 +0000 (08:58 -0400)] 
Merge pull request #3905 from brauner/2021-07-15.fixes

initutils: include pthread.h

4 years agoinitutils: include pthread.h 3905/head
Christian Brauner [Thu, 15 Jul 2021 08:37:47 +0000 (10:37 +0200)] 
initutils: include pthread.h

Otherwise we might end up with implicit function declaration warnings.

Link: https://jenkins.linuxcontainers.org/job/lxc-build-android/8915/console
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3904 from hallyn/2021-07-14/mantypo
Stéphane Graber [Thu, 15 Jul 2021 04:47:44 +0000 (00:47 -0400)] 
Merge pull request #3904 from hallyn/2021-07-14/mantypo

doc/common_options: add trace and alert loglevels

4 years agodoc/common_options: add trace and alert loglevels 3904/head
Serge Hallyn [Thu, 15 Jul 2021 03:17:40 +0000 (22:17 -0500)] 
doc/common_options: add trace and alert loglevels

Signed-off-by: Serge Hallyn <serge@hallyn.com>
4 years agoMerge pull request #3900 from brauner/2021-07-08.fixes
Stéphane Graber [Thu, 8 Jul 2021 16:10:00 +0000 (12:10 -0400)] 
Merge pull request #3900 from brauner/2021-07-08.fixes

file_utils: surface ENOENT when falling back to openat()

4 years agofile_utils: surface ENOENT when falling back to openat() 3900/head
Christian Brauner [Thu, 8 Jul 2021 12:49:26 +0000 (14:49 +0200)] 
file_utils: surface ENOENT when falling back to openat()

Link: https://discuss.linuxcontainers.org/t/error-failed-to-retrieve-pid-of-executing-child-process
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoMerge pull request #3896 from Blub/include-userns-config-dir
Christian Brauner [Mon, 5 Jul 2021 15:25:24 +0000 (17:25 +0200)] 
Merge pull request #3896 from Blub/include-userns-config-dir

RFC: conf: userns.conf: include userns.conf.d

4 years agoMerge pull request #3897 from brauner/2021-07-05.fixes
Stéphane Graber [Mon, 5 Jul 2021 12:49:08 +0000 (08:49 -0400)] 
Merge pull request #3897 from brauner/2021-07-05.fixes

lxc-unshare: fixes

4 years agolxc_unshare: fix network device handling 3897/head
Christian Brauner [Mon, 5 Jul 2021 10:19:31 +0000 (12:19 +0200)] 
lxc_unshare: fix network device handling

We were passing the wrong PID. Fix this!

Link: https://discuss.linuxcontainers.org/t/problem-with-moving-interface-new-network-namespace-in-lxc-unshare
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agolxc_unshare: make mount table private
Christian Brauner [Mon, 5 Jul 2021 10:11:42 +0000 (12:11 +0200)] 
lxc_unshare: make mount table private

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
4 years agoconfile: allow including nonexisting directories 3896/head
Wolfgang Bumiller [Mon, 5 Jul 2021 08:53:41 +0000 (10:53 +0200)] 
confile: allow including nonexisting directories

If an include directive ends with a trailing slash, we now
always assume it is a directory and do not treat the
non-existence as an error.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 years agoconf: userns.conf: include userns.conf.d
Wolfgang Bumiller [Mon, 5 Jul 2021 07:02:36 +0000 (09:02 +0200)] 
conf: userns.conf: include userns.conf.d

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
4 years agoMerge pull request #3895 from tenforward/japanese
Stéphane Graber [Mon, 5 Jul 2021 03:36:01 +0000 (23:36 -0400)] 
Merge pull request #3895 from tenforward/japanese

Update Japanese lxc.container.conf(5)

4 years agodoc: Fix typo in English lxc.container.conf(5) 3895/head
KATOH Yasufumi [Mon, 5 Jul 2021 03:00:32 +0000 (12:00 +0900)] 
doc: Fix typo in English lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>