A change in kernel 4.2 caused btrfs_recursive_destroy to
fail to delete unprivileged containers. This patch restores
the pre-kernel-4.2 behaviour. Ref: Issue 935.
lxc-busybox: Remove warning for dynamically linked Busybox
The warning has been present since commit 32b37181ea (with no purpose stated).
Support for dynamically linked Busybox has been added since commit bf6cc73696.
Haven't encountered any issues with dynamically linked Busybox in my last
2 years' testing.
open_without_symlink: Don't SYSERROR on something else than ELOOP
The open_without_symlink routine has been specifically created to prevent
mounts with synlinks as source or destination. Keep SYSERROR'ing in that
particular scenario, but leave error handling to calling functions for the
other ones - e.g. optional bind mount when the source dir doesn't exist
throws a nasty error.
Serge Hallyn [Thu, 25 Feb 2016 19:01:12 +0000 (11:01 -0800)]
cgfs: make sure we use valid cgroup mountpoints
If lxcfs starts before cgroup-lite, then the first cgroup mountpoints in
/proc/self/mountinfo are /run/lxcfs/*. Unprivileged users cannot access
these. So privileged containers are ok, and unprivileged containers are ok
since they won't cache those to begin with. But unprivileged root-owned
containers cache /run/lxcfs/* and then try to use them.
So when doing cgroup automounting check whether the mountpoints we have
stored are accessible, and if not look for a new one to use.
Ubuntu [Sat, 20 Feb 2016 02:25:55 +0000 (02:25 +0000)]
lxc: cgfs: handle lxcfs
When containers have lxcfs mounted instead of cgroupfs, we have to
process /proc/self/mountinfo a bit differently. In particular, we
should look for fuse.lxcfs fstype, we need to look elsewhere for the
list of comounted controllers, and the mount_prefix is not a cgroup path
which was bind mounted, so we should ignore it, and named subsystems
show up without the 'name=' prefix.
With this patchset I can start containers inside a privileged lxd
container with lxcfs mounted (i.e. without cgroup namespaces).
Serge Hallyn [Fri, 19 Feb 2016 22:12:47 +0000 (14:12 -0800)]
cgroups: do not fail if setting devices cgroup fails due to EPERM
If we're trying to allow a device which was denied to our parent
container, just continue.
Cgmanager does not help us to distinguish between eperm and other
errors, so just always continue.
We may want to consider actually computing the range of devices
to which the container monitor has access, but OTOH that introduces
a whole new set of complexity to compute access sets.
Serge Hallyn [Mon, 15 Feb 2016 20:15:10 +0000 (12:15 -0800)]
log.c:__lxc_log_set_file: fname cannot be null
fname cannot be passed in as NULL by any of its current callers. If it
could, then build_dir() would crash as it doesn't check for it. So make
sure we are warned if in the future we pass in NULL.
Some systems need to be able to bind-mount /run to /var/run
and /run/lock to /var/run/lock. (Tested with opensuse 13.1
containers migrated from openvz.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
lxc_setup_fs: Create /dev/shm folder if it doesn't exist
When running application containers with lxc-execute, /dev is
populated only with device entries. Since /dev is a tmpfs mount in
the container environment, the /dev/shm folder not being present is not
a sufficient reason for the /dev/shm mount to fail.
Create the /dev/shm directory if not present.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
open_without_symlink: Account when prefix is empty string
In the current implementation, the open_without_symlink function
will default to opening the root mount only if the passed rootfs
prefix is null. It doesn't account for the case where this prefix
is passed as an empty string.
Properly handle this second case as well.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 12 Jan 2016 02:25:19 +0000 (18:25 -0800)]
Set the right variable to NULL when unsetting ipv6_gateway
We were freeing one and setting a different one to NULL, eventually
leading to a crash when closing the netdev (at container shutdown)
and freeing already-freed memory.
Peter Simons [Sat, 2 Jan 2016 16:53:07 +0000 (17:53 +0100)]
bash completion: the 'have' command was deprecated in favor of '_have'
`bash-completion` version 2.1 and later no longer include the `have` command,
and consequently the `lxc` competion file fails on such systems. The command is
now called `_have`.
Andre McCurdy [Fri, 11 Dec 2015 20:35:55 +0000 (12:35 -0800)]
lxc-checkconfig: remove zgrep dependency
zgrep is a script provided by the 'gzip' package, which may not be
installed on embedded systems etc which use busybox instead of the
standard full-featured utilities.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Serge Hallyn [Wed, 2 Dec 2015 22:42:36 +0000 (22:42 +0000)]
seccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64
Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.
Do that also for ppc64 and arm64. This allows seccomp-protected armhf
containers to run on arm64.
fli [Tue, 1 Dec 2015 11:17:29 +0000 (19:17 +0800)]
lxc: let lxc-start support wlan phys
The commit: e5848d395cb <netdev_move_by_index: support wlan> only
made netdev_move_by_name support wlan, instead of netdev_move_by_index.
Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
to let lxc-start support wlan phys.
Signed-off-by: fupan li <fupan.li@windriver.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 20 Nov 2015 05:34:09 +0000 (00:34 -0500)]
debian: Fix container creation on missing cache
This is currently breaking our daily image builds which happen in a
perfectly clean environment without a Debian keyring and without
anything in /var/cache/lxc
Serge Hallyn [Tue, 17 Nov 2015 18:59:05 +0000 (12:59 -0600)]
Better handle preserve_ns behavior
Commit b6b2b194a8 preserves the container's namespaces for
possible later use in stop hook. But some kernels don't have
/proc/pid/ns/ns for all the namespaces we may be interested in.
So warn but continue if this is the case.
Implement stgraber's suggested semantics.
- User requests some namespaces be preserved:
- If /proc/self/ns is missing => fail (saying kernel misses setns)
- If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>)
- User doesn't request some namespaces be preserved:
- If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue
- If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue
Virgil Dupras [Tue, 10 Nov 2015 02:23:51 +0000 (21:23 -0500)]
Fetch Debian archive GPG keyrings when they're not available
When running the debian template on a non-debian host, it's usual not to
have debian-archive-keyring.gpg. When that happens, we skip the
signature checking of the release, which is dangerous because it's made over
HTTP.
This commit adds automatic fetching of Debian release keys.
Stéphane Graber [Thu, 12 Nov 2015 17:44:38 +0000 (12:44 -0500)]
ubuntu-cloud: Various fixes
- Update list of supported releases
- Make the fallback release trusty
- Don't specify the compression algorithm (use auto-detection) so that
people passing tarballs to the template don't see regressions.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Jakub Sztandera [Fri, 30 Oct 2015 11:05:44 +0000 (12:05 +0100)]
arch template: Fix systemd-sysctl service
The systemd-sysctl service includes condition that /proc/sys/ has to be read-write.
In lxc only /proc/sys/net/ is read-write which causes the condition to fail and service not to run.
This patch changes the check to /proc/sys/net/ and makes the service apply only rules that are in net tree.
Instead of duplicating the cleanup-code, once for success and once for failure,
simply keep a variable fret which is -1 in the beginning and gets set to 0 on
success or stays -1 on failure.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The mount_entry_overlay_dirs() and mount_entry_aufs_dirs() functions create
workdirs and upperdirs for overlay and aufs lxc.mount.entry entries. They try
to make sure that the workdirs and upperdirs can only be created under the
containerdir (e.g. /path/to/the/container/CONTAINERNAME). In order to do this
the right hand side of
was thought to check if the rootfs->path is not present in the workdir and
upperdir mount options. But the current check is bogus since it will be
trivially true whenever the container is a block-dev or overlay or aufs backed
since the rootfs->path will then have a form like e.g.
overlayfs:/some/path:/some/other/path
This patch adds the function ovl_get_rootfs_dir() which parses rootfs->path by
searching backwards for the first occurrence of the delimiter pair ":/". We do
not simply search for ":" since it might be used in path names. If ":/" is not
found we assume the container is directory backed and simply return
strdup(rootfs->path).
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 15 Oct 2015 18:56:17 +0000 (18:56 +0000)]
Ignore trailing /init.scope in init cgroups
The lxc monitor does not store the container's cgroups, rather it
recalculates them whenever needed.
Systemd moves itself into a /init.scope cgroup for the systemd
controller.
It might be worth changing that (by storing all cgroup info in the
lxc_handler), but for now go the hacky route and chop off any
trailing /init.scope.
I definately thinkg we want to switch to storing as that will be
more bullet-proof, but for now we need a quick backportable fix
for systemd 226 guests.
The mount_entry_create_*_dirs() functions currently assume that the rootfs of
the container is actually named "rootfs". This has the consequence that
del = strstr(lxcpath, "/rootfs");
if (!del) {
free(lxcpath);
lxc_free_array((void **)opts, free);
return -1;
}
*del = '\0';
will return NULL when the rootfs of a container is not actually named "rootfs".
This means the we return -1 and do not create the necessary upperdir/workdir
directories required for the overlay/aufs mount to work. Hence, let's not make
that assumption. We now pass lxc_path and lxc_name to
mount_entry_create_*_dirs() and create the path directly. To prevent failure we
also have mount_entry_create_*_dirs() check that lxc_name and lxc_path are not
empty when they are passed in.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 7 Mar 2014 20:29:12 +0000 (15:29 -0500)]
lxc-create: Require --template be passed
It's often been reported that the behavior of lxc-create without -t is a
bit confusing. This change makes lxc-create require the --template
option and introduces a new "none" special value which when set will
fallback to the old template-less behavior.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 14 Oct 2015 20:50:14 +0000 (13:50 -0700)]
apparmor: Sync with current git master
This makes stable-1.0, stable-1.1 and master all be in sync with regard
to apparmor. This has the nice added benefit of fixing an apparmor
regression with /dev/pts handling in some older kernels.
When users wanted to mount overlay directories with lxc.mount.entry they had to
create upperdirs and workdirs beforehand in order to mount them. To create it
for them we add the functions mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() which do this for them. User can now simply
specify e.g.:
and /upper and /workdir will be created for them. /upper and /workdir need to
be absolute paths to directories which are created under the containerdir (e.g.
under $lxcpath/CONTAINERNAME/). Relative mountpoints, mountpoints outside the
containerdir, and mountpoints within the container's rootfs are ignored. (The
latter *might* change in the future should it be considered safe/useful.)
Serge Hallyn [Sat, 3 Oct 2015 21:52:16 +0000 (21:52 +0000)]
lxc_mount_auto_mounts: fix weirdness
The default_mounts[i].destination is never NULL except in the last
'stop here' entry. Coverity doesn't know about that and so is spewing
a warning. In any case, let's add a more stringent check in case someone
accidentally adds a NULL there later.
Enable aarch64 seccomp support for LXC containers running on ARM64
architectures. Tested with libseccomp 2.2.0 and the default seccomp
policy example files delivered with the LXC package.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Colin Watson [Wed, 30 Sep 2015 12:37:10 +0000 (13:37 +0100)]
lxc-start-ephemeral: Parse passwd directly
On Ubuntu 15.04, lxc-start-ephemeral's call to pwd.getpwnam always
fails. While I haven't been able to prove it or track down an exact
cause, I strongly suspect that glibc does not guarantee that you can
call NSS functions after a context switch without re-execing. (Running
"id root" in a subprocess from the same point works fine.)
It's safer to use getent to extract the relevant line from the passwd
file and parse it directly.
projects / thirdparty / lxc.git / log
