In order to facilitate this, the default mount list's
'destination' may now be NULL to mean that the source should
be unmounted instead.
Here's what we need to do:
1) Ensure the first sysfs mount point is writable.
2) Mount a read-only sysfs on /sys
3) Bind devices/virtual/net *writably* into /sys
We use /proc/sys as a staging directory for the first sysfs
mount in read-write mode, then mount /sys r/o. Afterwards we
bind the r/w devices/virtual/net and unmount the staging
/proc/sys mount point.
The staging directory would not be required with the new
mount API, but this way we can support the old API and keep
the general workflow in the `default_mounts`.
Once we drop support for the old mount API, the
default_mounts table could just get a subdirectory field to
mount subdirectories directly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
We need to investigate this in more detail but this commit is breaking
LXD, causing startup to fail with:
lxc foo 20211130202833.906 INFO conf - conf.c:run_script_argv:336 - Executing script "/bin/mount -t shiftfs -o passthrough=3 "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs" "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs"" for container "foo"
lxc foo 20211130202833.912 ERROR conf - conf.c:run_buffer:321 - Script exited with status 32
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup_rootfs_prepare_root:3947 - Failed to run pre-mount hooks
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup:4317 - Failed to setup rootfs
lxc foo 20211130202833.912 ERROR start - start.c:do_start:1275 - Failed to setup container "foo"
Not entirely sure why we're seeing things blow up as the directory
definitely exists (and contains a valid rootfs) but this was caused by
today's liblxc update.
Tycho Andersen [Mon, 29 Nov 2021 13:23:17 +0000 (08:23 -0500)]
api: ->save_config() doesn't need to create container dir
If we're saving the config file to somewhere that's *not* the container
dir, we don't need to create the container dir. Let's not do this and
thus not require its parent to exist, which can be confusing, especially in
light of the sparse logging through these functions.
Tycho Andersen [Mon, 29 Nov 2021 13:38:30 +0000 (08:38 -0500)]
cgroups: fix compiler warning
I get:
In file included from cgroups/cgfsng.c:42:
In function 'cpuset1_cpus_initialize',
inlined from 'cpuset1_initialize' at cgroups/cgfsng.c:658:7,
inlined from '__cgroup_tree_create.constprop' at cgroups/cgfsng.c:723:26:
./log.h:376:9: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./log.h:457:17: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
./log.h:491:17: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
cgroups/cgfsng.c:585:24: note: in expansion of macro 'log_error_errno'
585 | return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
| ^~~~~~~~~~~~~~~
it turns out here that fpath is not used, so let's get rid of it and just
render the dfd+pathname directly.
With vfork the child process modifies the parent's memory,
so the calls to `signal`, `fprintf` and regular `exit` may
be dangerous and might cause conflicting states in the
parent.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Joan Bruguera [Sun, 7 Nov 2021 11:38:15 +0000 (12:38 +0100)]
autotools: Avoid multiple liblxc.so with --enable-pam
When installing LXC with the default options, a single non-symlink liblxc.so*
(e.g. liblxc.so.1.7.0) file is created:
```
$ ./autogen.sh && ./configure && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.7.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
However, when automake>=1.16.5, and the `--enable-pam` option is used, two
non-symlink liblxc.so* (e.g. liblxc.so.1.0.0 and liblxc.so.1.7.0) are
erroneously created:
This is due to infighting between libtool's and LXC's versioning:
libtool creates liblxc.so.1.0.0, then LXC's `install-exec-local` hook in
`Makefile.am` moves it to liblxc.so.1.7.0. However, with `--enable-pam`, the
`install-libLTLIBRARIES` target is re-triggered after `install-pamLTLIBRARIES`,
which will create liblxc.so.1.0.0 again.
The bigger problem here is that the install for the pam_cgfs library is done on
the `data` phase of the automake install process instead of the `exec` phase
(https://www.gnu.org/software/automake/manual/html_node/The-Two-Parts-of-Install.html),
which gives `install-libLTLIBRARIES` a chance to run again after the
`install-exec-local` / `install-exec-hook` targets have already run.
To fix this, we add an "exec_" prefix to the pam_cgfs library to make it run
during the `exec` phase (see link above). We also consolidate the various hooks
in the `install-exec-hook` target, which runs after the whole install, avoiding
needing to manually specify the dependencies like in `install-exec-local`.
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
Diederik de Haas [Thu, 28 Oct 2021 17:30:05 +0000 (19:30 +0200)]
Replace deprecated backticks with $() construct
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Diederik de Haas [Thu, 28 Oct 2021 15:27:08 +0000 (17:27 +0200)]
Replace 'which' with 'command -v'
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
conf: verify that rootfs is stable after setting up mounts
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Tycho Andersen [Thu, 14 Oct 2021 16:40:08 +0000 (10:40 -0600)]
criu: fix error message
as of 59d8a539d106 ("criu: massage exec_criu()") I see:
In file included from criu.c:22:
criu.c: In function 'exec_criu':
log.h:376:2: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.h:457:3: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
log.h:491:3: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
criu.c:325:11: note: in expansion of macro 'log_error_errno'
325 | return log_error_errno(-ENOMEM, ENOMEM, "Failed to remove extraneous slashes from \"%s\"", tmp);
| ^~~~~~~~~~~~~~~
it looks like we should be logging the string that failed, vs. tmp here.
(my log was taken from stable-4.0, but the same issue exists on master it
seems.)
The lxc_devpts_terminal() helper is called in contexts where it can fail
due to various reasons but where we safely fallback to allocating
terminal devices on the host. Logging error messages irritates users so
just log warning messages.
projects / thirdparty / lxc.git / log
