lxc-attach allocated a pty in a manner that relied on ts->stdinfd and
ts->stdoutfd to be set. We had to resort to a trick to get it working when
output is redirected. The new implementation gets rid of the black magic and
also simplifies the code.
This commit also implements pty logging for lxc-attach. Users will now be able
to log commands and corresponding output to a file given that lxc-attach
allocates a pty.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc_console_create() calls lxc_console_peer_default() which in turn calls
lxc_console_sigwinch_init() which sets up the lxc_tty_state struct for the
current pty. Prior to this commit lxc_console_sigwinch_init() would consider
failures to install a SIGWINCH handler fatal and and return NULL. This commit
makes failures to install a SIGWINCH handler non-fatal. In such cases the
lxc_tty_state struct will still be set up but the sigfd member, which contains
the fd which receives SIGWINCH events, will be set to -1. (This also entails
that the sigset_t oldmaks field is meaningless.) Callers of
lxc_console_sigwinch_init() and lxc_console_sigwinch_fini() should thus make
sure that sigfd >= 0 or sigfd != -1 before trying to register a SIGWINCH handler
in e.g. an lxc_mainloop or resetting the sigmask (cf. lxc_attach.c).
These changes also imply that lxc_console_sigwinch_init() only fails with
ENOMEM. Thus, all cases where lxc_console_sigwinch_init() returns NULL are to be
considered fatal. This wasn't the case before this commit.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
All uses of netlink_open() assume that on error the
nl_handler doesn't need to be closed, but some error cases
happen after the socket was opened successfully and used to
simply return -errno.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Since specifying lxc.rootfs.backend can lead to performance improvements we
always set it during container creation.
This also fixes a bug. do_bdev_create() tried to be smart and retrieve the lower
directory when bdev->type == overlayfs or aufs thereby cutting the path.
However, this operation is done in ovl_mount() and aufs_mount() and both
functions need the full src path for this. The bug didn't show before because
when creating a overlayfs container with e.g.:
lxc-create -n c -t busybox -B overlayfs
still left bdev->type set to dir and so the code for retrieving the lower dir in
do_bdev_create() was skipped. But by setting lxc.rootfs.backend on container
creation we force bdev->type to be set to e.g. overlayfs and the code gets
executed thereby exposing the bug.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
A change in kernel 4.2 caused btrfs_recursive_destroy to
fail to delete unprivileged containers. This patch restores
the pre-kernel-4.2 behaviour. Ref: Issue 935.
Niklas Eiling [Wed, 30 Mar 2016 10:32:02 +0000 (12:32 +0200)]
c/r: support for the criu pageserver
this enables lxc to perform "disk-less migrations" where memory pages are sent directly to the destination machine instead of being written to the sources filesystem first.
For this, the migrate_opts struct has been added the strings "pageserver_address" and "pageserver_port" so that criu can be told where to look for a pageserver.
Niklas Eiling [Wed, 30 Mar 2016 18:10:21 +0000 (20:10 +0200)]
fix possible buffer overflow
strncat only returns its first argument and not the end of the written string.
Thus "buf-pos" is always 0 and consquently no range check is performed.
In order to do this we make use of the MAP_FIXED flag of mmap(). MAP_FIXED
should be safe to use when it replaces an already existing mapping. To this
end, we establish an anonymous mapping that is one byte larger than the
underlying file. The pages handed to us are zero filled. Now we establish a
fixed-address mapping starting at the address we received from our anonymous
mapping and replace all bytes excluding the additional \0-byte with the file.
This allows us to use normal string-handling function. The idea implemented
here is similar to how shared libraries are mapped.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Tycho Andersen [Tue, 29 Mar 2016 00:43:20 +0000 (18:43 -0600)]
start: only use host's /dev/null when absolutely necessary
See comments for details, but basically, only use the host's /dev/null when
absolutely necessary (i.e. there is no reasonable /dev/null in the
container).
lxc-busybox: Remove warning for dynamically linked Busybox
The warning has been present since commit 32b37181ea (with no purpose stated).
Support for dynamically linked Busybox has been added since commit bf6cc73696.
Haven't encountered any issues with dynamically linked Busybox in my last
2 years' testing.
open_without_symlink: Don't SYSERROR on something else than ELOOP
The open_without_symlink routine has been specifically created to prevent
mounts with synlinks as source or destination. Keep SYSERROR'ing in that
particular scenario, but leave error handling to calling functions for the
other ones - e.g. optional bind mount when the source dir doesn't exist
throws a nasty error.
Tycho Andersen [Mon, 21 Mar 2016 22:52:02 +0000 (16:52 -0600)]
c/r: don't fail if there is no console_fd on restore
If we set lxc.console=none, this fd won't exist, so let's not fail if it
doesn't. We already partially handled this case correctly, so let's
actually handle it correctly :)
Tycho Andersen [Mon, 21 Mar 2016 22:50:39 +0000 (16:50 -0600)]
c/r: don't pass --ext-mount-map flag when console=none
We don't pass anything on the restore side since we didn't save anything,
but the restore side will expect something if we pass this. Instead, let's
not pass anything.
Tycho Andersen [Fri, 18 Mar 2016 19:13:17 +0000 (13:13 -0600)]
c/r: print criu's stdout when it fails
In particular, when CRIU fails before it has its log completely initialized
(e.g. if the log directory doesn't exist, or if the argument parser fails),
it prints this to stdout. Let's log that.
projects / thirdparty / lxc.git / log
