git.ipfire.org Git - thirdparty/lxc.git/log

]> git.ipfire.org Git - thirdparty/lxc.git/log

projects / thirdparty / lxc.git / log

commit | commitdiff | tree

Aaron Thompson [Sat, 1 May 2021 01:20:14 +0000 (01:20 +0000)]

conf: fix console chmod error log messages

Signed-off-by: Aaron Thompson <dev@aaront.org>

commit | commitdiff | tree

Stéphane Graber [Fri, 30 Apr 2021 14:03:58 +0000 (10:03 -0400)]

Merge pull request #3817 from brauner/2021-04-30.fixes

cgroups: fix fallback attach codepath

commit | commitdiff | tree

Christian Brauner [Fri, 30 Apr 2021 13:47:35 +0000 (15:47 +0200)]

cgroups: fix fallback attach codepath

When we attach to an old server the server can return ENOSYS instead of
ENOCGROUP2 which causes LXC to abort the attach unnecessary. Fix this!

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 30 Apr 2021 12:45:18 +0000 (08:45 -0400)]

Merge pull request #3816 from brauner/2021-04-30/fixes

storage: fix dup_cloexec() call

commit | commitdiff | tree

Christian Brauner [Fri, 30 Apr 2021 08:35:06 +0000 (10:35 +0200)]

storage: fix dup_cloexec() call

Fixes: Coverity 1477399
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 28 Apr 2021 13:52:30 +0000 (09:52 -0400)]

Merge pull request #3814 from brauner/2021-04-28.fixes

api-extensions: add entry for idmapped_mounts

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 13:38:48 +0000 (15:38 +0200)]

api-extensions: add entry for idmapped_mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Wed, 28 Apr 2021 12:57:16 +0000 (08:57 -0400)]

Merge pull request #3812 from brauner/2021-04-28.fixes

storage/dir: cleanup mount code

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:59:26 +0000 (11:59 +0200)]

Merge pull request #3802 from evverx/build-system-fuzzers

oss-fuzz: switch to --enable-fuzzers

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:33:37 +0000 (11:33 +0200)]

storage/dir: cleanup mount code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:27:58 +0000 (11:27 +0200)]

storage/dir: remove error handling down

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:26:59 +0000 (11:26 +0200)]

storage/dir: source can't be empty

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:26:11 +0000 (11:26 +0200)]

storage/dir: use "source" and "target" as terms

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:24:15 +0000 (11:24 +0200)]

storage/dir: retrieve proper source path later

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:23:03 +0000 (11:23 +0200)]

storage/dir: use clear error messages

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:21:03 +0000 (11:21 +0200)]

storage/dir: bdev->dest can't be empty

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 28 Apr 2021 09:19:47 +0000 (11:19 +0200)]

dir: use mnt_opts->data instead of mntdata

Fixes: https://launchpadlibrarian.net/535845165/buildlog_ubuntu-focal-s390x.lxc_1%3A4.0.6+master~20210427-2321-0ubuntu1~focal_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Tue, 27 Apr 2021 22:42:41 +0000 (18:42 -0400)]

Merge pull request #3811 from brauner/2021-04-25.idmapped_mounts.rootfs

rootfs rework

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 27 Apr 2021 00:03:39 +0000 (00:03 +0000)]

build-system: turn off lto=thin when building the fuzzers

With lto=thin the fuzzers fail as soon as they start with
```
ERROR: The size of coverage PC tables does not match the
number of instrumented PCs. This might be a compiler bug,
please contact the libFuzzer developers.
Also check https://bugs.llvm.org/show_bug.cgi?id=34636
for possible workarounds (tl;dr: don't use the old GNU ld)
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 26 Apr 2021 21:41:54 +0000 (21:41 +0000)]

tests: run the fuzzers along with the other tests

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Wed, 14 Apr 2021 18:37:08 +0000 (18:37 +0000)]

log: create log files in "fuzzing" mode if it's called outside fuzz targets

to make it possible to run the fuzzers along with the other tests

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Wed, 14 Apr 2021 09:22:51 +0000 (09:22 +0000)]

ci: switch to --enable-fuzzers

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Wed, 14 Apr 2021 09:20:31 +0000 (09:20 +0000)]

build-system: add --enable-fuzzers

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Christian Brauner [Sun, 25 Apr 2021 10:23:56 +0000 (12:23 +0200)]

conf: improve idmapped mounts support

Setting up a detached idmapped mount is a privileged operation, mounting
it doesn't have to be.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sun, 25 Apr 2021 09:02:15 +0000 (11:02 +0200)]

conf: s/lxc_rootfs_prepare/lxc_rootfs_init/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sun, 25 Apr 2021 08:24:17 +0000 (10:24 +0200)]

conf: move all mount options into struct lxc_mount_options

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sun, 25 Apr 2021 07:59:42 +0000 (09:59 +0200)]

conf: stash lxc_storage into lxc_rootfs and bind to its lifetime

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Sat, 24 Apr 2021 17:48:56 +0000 (13:48 -0400)]

Merge pull request #3810 from brauner/2021-04-24.fixes

configure: fix function detection

commit | commitdiff | tree

Christian Brauner [Sat, 24 Apr 2021 09:19:53 +0000 (11:19 +0200)]

configure: fix function detection

Fixes: #3809
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Fri, 23 Apr 2021 12:48:51 +0000 (08:48 -0400)]

Merge pull request #3808 from brauner/2021-04-23.fixes

dir: fix rootfs mounting

commit | commitdiff | tree

Christian Brauner [Fri, 23 Apr 2021 09:29:47 +0000 (11:29 +0200)]

dir: fix rootfs mounting

We need to be able to lookup symlinks and allow xdev.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 23 Apr 2021 04:58:33 +0000 (06:58 +0200)]

Merge pull request #3807 from evverx/seccom-leak

seccomp: init and destroy notifier.cookie

commit | commitdiff | tree

Stéphane Graber [Thu, 22 Apr 2021 20:40:27 +0000 (16:40 -0400)]

Merge pull request #3805 from brauner/2021-04-22.fixes.3

mntopt fixes

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 19:09:12 +0000 (21:09 +0200)]

conf: don't overrun dest buffer in parse_lxc_mntopts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 18:55:46 +0000 (20:55 +0200)]

conf: better naming

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 22 Apr 2021 12:59:16 +0000 (08:59 -0400)]

Merge pull request #3804 from brauner/2021-04-22.fixes.2

getsubopt: use correct include

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 11:43:27 +0000 (13:43 +0200)]

getsubopt: use correct include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 22 Apr 2021 11:40:21 +0000 (07:40 -0400)]

Merge pull request #3803 from brauner/2021-04-22.fixes

include fixes for Bionic

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 09:00:09 +0000 (11:00 +0200)]

Makefile: fix strchrnul() inclusion

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 07:45:13 +0000 (09:45 +0200)]

conf: include strchrnul for platforms that don't support it

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 22 Apr 2021 07:44:07 +0000 (09:44 +0200)]

strchrnul: include header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Thu, 22 Apr 2021 00:05:12 +0000 (20:05 -0400)]

Merge pull request #3709 from brauner/2021-03-17/idmapped_mounts_v2

Initial support for idmapped mounts

commit | commitdiff | tree

Christian Brauner [Sat, 20 Mar 2021 10:40:19 +0000 (11:40 +0100)]

conf: don't allow idmapped lxc.mount.{entry,fstab} just yet

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 18 Mar 2021 11:15:01 +0000 (12:15 +0100)]

conf: tweak parse_lxc_mntopts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 18 Mar 2021 10:24:18 +0000 (11:24 +0100)]

apparmor: handle on-exec

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 18 Mar 2021 09:40:43 +0000 (10:40 +0100)]

attach: use correct lxc_namespace_t type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 18 Mar 2021 09:40:13 +0000 (10:40 +0100)]

attach: visually separate pids from fds during initalization

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 15:43:15 +0000 (16:43 +0100)]

conf: verify that the rootfs can support idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 15:22:46 +0000 (16:22 +0100)]

start: documented idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 15:16:48 +0000 (16:16 +0100)]

mount_utils: add two detached mount helpers

They'll come in handy in the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 10:39:13 +0000 (11:39 +0100)]

conf: support idmapping directories

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 10:07:47 +0000 (11:07 +0100)]

mount_utils: add helper to determine whether new mount api supports bind mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 10:03:04 +0000 (11:03 +0100)]

storage: keep a reference to lxc_rootfs in lxc_storage

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 09:54:19 +0000 (10:54 +0100)]

mount_utils: add support for mount_setattr() syscall

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 09:45:29 +0000 (10:45 +0100)]

confile: parse idmap=<path> mount option for rootfs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 09:35:33 +0000 (10:35 +0100)]

conf: add first, trivial support for idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 17 Mar 2021 09:01:19 +0000 (10:01 +0100)]

conf: rework lxc specific mount option parsing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Wed, 21 Apr 2021 05:27:31 +0000 (07:27 +0200)]

Merge pull request #3801 from evverx/san-tweaks

ci: make use of --enable-sanitizers instead of CFLAGS

commit | commitdiff | tree

Christian Brauner [Mon, 19 Apr 2021 15:19:18 +0000 (17:19 +0200)]

Merge pull request #3800 from evverx/gh3796

Revert "ci: get around https://github.com/lxc/lxc/issues/3796"

commit | commitdiff | tree

Christian Brauner [Mon, 19 Apr 2021 11:46:14 +0000 (13:46 +0200)]

Merge pull request #3787 from evverx/san-build

ci: an attempt to run the tests under ASan/UBsan

commit | commitdiff | tree

Christian Brauner [Sun, 18 Apr 2021 18:00:10 +0000 (20:00 +0200)]

Merge pull request #3799 from evverx/apparmor-bytes

apparmor: turn bytes into null-terminated strings before calling strcspn

commit | commitdiff | tree

Stéphane Graber [Sat, 17 Apr 2021 16:58:09 +0000 (12:58 -0400)]

Merge pull request #3790 from brauner/2021-04-15.fixes

lxc_clone & configure fix

commit | commitdiff | tree

Christian Brauner [Sat, 17 Apr 2021 15:46:37 +0000 (17:46 +0200)]

commands: don't needlessly allocate

Fixes: #3796
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 17 Apr 2021 15:42:36 +0000 (17:42 +0200)]

Merge pull request #3797 from evverx/pass-on-asan

tests: pass on ASAN/UBSAN options to several tests

commit | commitdiff | tree

Christian Brauner [Thu, 15 Apr 2021 12:11:56 +0000 (14:11 +0200)]

process_utils: free stack after return

Fixes: #3789
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Thu, 15 Apr 2021 12:11:26 +0000 (14:11 +0200)]

configure: fix sanitizer compilation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Sat, 17 Apr 2021 15:25:46 +0000 (17:25 +0200)]

error_utils: add missing macro.h include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Fri, 16 Apr 2021 11:41:09 +0000 (13:41 +0200)]

Merge pull request #3794 from evverx/gh3791

tests: stop cutting off right square brackets in share_ns

commit | commitdiff | tree

Christian Brauner [Thu, 15 Apr 2021 22:13:15 +0000 (00:13 +0200)]

Merge pull request #3793 from evverx/busybox-test

tests: switch to the "busybox" template in lxc-test-checkpoint-restore

commit | commitdiff | tree

Evgeny Vereshchagin [Thu, 15 Apr 2021 07:09:10 +0000 (07:09 +0000)]

seccomp: init and destroy notifier.cookie

It's a follow-up to 84cf6d259b24e4ad48e

Closes https://github.com/lxc/lxc/issues/3806

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Stéphane Graber [Wed, 14 Apr 2021 15:05:53 +0000 (11:05 -0400)]

Merge pull request #3785 from brauner/2021-04-14.fixes

lxccontainer: fix container creation error paths

commit | commitdiff | tree

Christian Brauner [Wed, 14 Apr 2021 14:14:56 +0000 (16:14 +0200)]

Merge pull request #3784 from evverx/attach-memleak

tests: fix a memory leak in attach

commit | commitdiff | tree

Christian Brauner [Wed, 14 Apr 2021 14:12:45 +0000 (16:12 +0200)]

lxccontainer: fix container creation error paths

Fixes: #3782
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 23:55:23 +0000 (23:55 +0000)]

autoconf: stop passing -fsanitize=address via AM_LDFLAGS

The snippet is redundant because the build system automatically
passes the sanitizers flags set in AM_CFLAGS to the linker

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 23:33:44 +0000 (23:33 +0000)]

ci: get rid of the -static-libasan stopgap

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 22:55:53 +0000 (22:55 +0000)]

build-system: stop building init.lxc.static with sanitizers

`-static` isn't compatible with `-fsanitize=`:
```
gcc: error: cannot specify -static with -fsanitize=address
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 21:54:15 +0000 (21:54 +0000)]

autoconf: add AC_LANG_SOURCE to CC_CHECK_LDFLAGS

Inspired by https://lore.kernel.org/alsa-devel/18135209-abc9-ca1c-84e0-8ac3e75caaf1@perex.cz/t/

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Christian Brauner [Tue, 13 Apr 2021 15:20:47 +0000 (17:20 +0200)]

Merge pull request #3783 from evverx/cgpath-memleak2

tests: fix a memory leak in cgpath

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 14:45:29 +0000 (14:45 +0000)]

ci: make use of --enable-sanitizers instead of CFLAGS

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Christian Brauner [Tue, 13 Apr 2021 12:32:19 +0000 (14:32 +0200)]

Merge pull request #3781 from evverx/lxcpath-memleak

tests: fix a memory leak in lxcpath

commit | commitdiff | tree

Christian Brauner [Tue, 13 Apr 2021 12:14:30 +0000 (14:14 +0200)]

Merge pull request #3780 from evverx/cgpath-mem-leak

tests: fix a memory leak in cgpath

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 06:23:03 +0000 (06:23 +0000)]

tests: free the buffer filled by lxc_cmd_rsp_recv

Fixes https://github.com/lxc/lxc/issues/3796

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Tue, 13 Apr 2021 06:03:20 +0000 (06:03 +0000)]

Revert "ci: get around https://github.com/lxc/lxc/issues/3796"

This reverts commit 44818e893e68e6e76652323ff4f12c9214d2ffa7.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 22:40:35 +0000 (22:40 +0000)]

ci: build with -Wall -Werror

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 19:30:50 +0000 (19:30 +0000)]

ci: turn on strict_string_checks

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 18:03:50 +0000 (18:03 +0000)]

ci: get around https://github.com/lxc/lxc/issues/3796

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 17:38:11 +0000 (17:38 +0000)]

ci: prevent lxc-exercise from running indefinitely

and show all the commands it runs to make it easier to
debug potential issues.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 17:36:50 +0000 (17:36 +0000)]

ci: get around https://github.com/lxc/lxc/issues/3788

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 16:29:44 +0000 (16:29 +0000)]

ci: get around https://github.com/lxc/lxc/issues/3798

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 16:25:31 +0000 (16:25 +0000)]

ci: switch to lxc-exercise from the lxc-ci repository

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 04:19:11 +0000 (04:19 +0000)]

ci: link lib[au]san with init.lxc.static statically

init.lxc.static is run in arbitrary containers where the libasan library lxc has been built with
isn't always installed. To make it work let's override GCC's default and link both libasan
and libubsan statically. It should help to fix issues like
```
++ lxc-execute -n c1 -- sudo -u ubuntu /nnptest
lxc-init: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Sun, 11 Apr 2021 00:38:56 +0000 (00:38 +0000)]

ci: an attempt to run the tests under ASan/UBsan

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 20:39:48 +0000 (20:39 +0000)]

apparmor: turn bytes into null-terminated strings before calling strcspn

```
==70349==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000009fb at pc 0x000000433b70 bp 0x7ffcde087810 sp 0x7ffcde086fd0
READ of size 12 at 0x6020000009fb thread T0
    #0 0x433b6f in strcspn (/usr/bin/lxc-execute+0x433b6f)
    #1 0x7f720413a5cb in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:449:8
    #2 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
    #3 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
    #4 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
    #5 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
    #6 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
    #7 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
    #8 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
    #9 0x7f72034ac0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #10 0x41d93d in _start (/usr/bin/lxc-execute+0x41d93d)
+ echo ---

0x6020000009fb is located 0 bytes to the right of 11-byte region [0x6020000009f0,0x6020000009fb)
allocated by thread T0 here:
    #0 0x496399 in realloc (/usr/bin/lxc-execute+0x496399)
    #1 0x7f7203fcf85c in fd_to_buf /home/runner/work/lxc/lxc/src/lxc/file_utils.c:463:10
    #2 0x7f720413a52b in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:442:8
    #3 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
    #4 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
    #5 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
    #6 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
    #7 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
    #8 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
    #9 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

commit | commitdiff | tree

Stéphane Graber [Mon, 12 Apr 2021 17:20:03 +0000 (13:20 -0400)]

Merge pull request #3779 from brauner/2021-04-12/attach_fixes

attach: fixes

commit | commitdiff | tree

Christian Brauner [Mon, 12 Apr 2021 15:50:39 +0000 (17:50 +0200)]

Revert "rexec: mark all fds as close-on-exec if possible"

This reverts commit 531d36ad009325b74a105d9d6956e320f37b2937.

Callers might want to explicilty inhert file descriptors so we can't
close them behind their back when we exec.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 12 Apr 2021 15:23:24 +0000 (17:23 +0200)]

attach: don't return early when calculating namespaces via pidfd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Stéphane Graber [Mon, 12 Apr 2021 13:28:50 +0000 (09:28 -0400)]

Merge pull request #3778 from brauner/2021-04-12/fixes

conf: idmaptool fixes

commit | commitdiff | tree

Christian Brauner [Mon, 12 Apr 2021 07:47:59 +0000 (09:47 +0200)]

conf: don't report success when idmaptools lack all privilege

Fixes: #3777
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Christian Brauner [Mon, 12 Apr 2021 07:44:40 +0000 (09:44 +0200)]

conf: simplify idmaptool_on_path_and_privileged()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commit | commitdiff | tree

Evgeny Vereshchagin [Mon, 12 Apr 2021 01:41:27 +0000 (01:41 +0000)]

tests: pass on ASAN/UBSAN options to several tests

to make it easier to run them under ASan/UBSan.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Mirror of https://github.com/lxc/lxc.git

RSS Atom