This reverts commit f021584396.
Let's revert this change as it introduces 2 regressions:
1. it's not correct to do exit(2) from a signal handler in this case,
as we skip a proper cleaning procedures like restoring PTY configuration
state (see lxc_terminal_delete()) which leads to a problem with a PTY after lxc-attach exits.
[ hint: just try to use lxc-attach on a main branch with this change and you will
see it. After lxc-attach exits you won't be able to type anything in your
current terminal session as it's messed up. ]
2. this introduces race-condition in the code which leads to a
regression on LXD/(and I believe Incus too) which can be seen as
random "Failed to retrieve PID of executing child process" errors
on "lxc exec"/"incus exec" commands. It's extremely hard to reproduce,
but my guess is that we are getting a race condition here, because
by the time when we set a new signal handler for SIGCHLD, transient process
is still alive and when it exists it generates SIGCHLD which may lead to
exit().
3. This changes a behavior of lxc-attach which was there for *years*
and it's quite scary to be honest. I'm not against having this change, but
in a different form, for example we can add a new command line parameter for
lxc-attach command which will enable this behavior.
My first attempt was to fix that change to prevent race, but then
I've noticed that we also have a more serious problem described in (1),
this requires more work to do.
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>
The reason for this warning, is that the project will compile and when it does
not work, it's not clear from the logs what the reason might be.
Signed-off-by: Sotir Danailov <sndanailov@gmail.com>
Introduce a main "tests" workflow which runs the LXC testsuite on both
x86_64 and aarch64, on a variety of compilers and OS as well as handling
the santizer runs.
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
If a network namespace is shared by setting lxc.namespace.share.net and
the container is unprivileged, then the network namespace should be
entered before entering the user namespace. However, if an unprivileged
user started a container, then the network namespace should be entered
after entering the user namespace. To solve this, we try to enter the
network namespace before entering the user namespace. If it did not
succeed, it will be tried again inside the uder namespace.
Signed-off-by: Jef Steelant <jef.steelant_ext@softathome.com>
rootfs->storage not set by lxc_storage_prepare when using a shared
rootfs.
Fixes: https://github.com/lxc/lxc/issues/4476
Signed-off-by: Steven Galgano <sgalgano@adjacentlink.com>
It's ok that we don't free the malloc()d space since we're
immediately exec()ing.
Originally-by: Kurt Godwin <kgodwin@itron.com>
Reported-by: Kurt Godwin <kgodwin@itron.com>
Signed-off-by: Serge Hallyn <serge@hallyn.com>
PuzzleFS images (media type 'application/vnd.puzzlefs.image.rootfs.v1')
can be mounted in a similar way to squashfs images, we just have to
detect the type and reuse the existing code for providing a mount
helper. PuzzleFS is a next-generation container filesystem [1] with
several benefits, such as reduced duplication, reproducible image
builds, direct mounting support and memory safety guarantees.
Since PuzzleFS currently doesn't provide an image config, also add
support for empty image configs, they are supported by the OCI spec [2].
The MOUNT_HELPER is now passed a `--persist <upperdir>` flag, so it
knows that it needs to create an overlay. This is needed because LXC
expects a writable rootfs and both atomfs and puzzlefs are read-only
filesystems.
Example:
```
$ sudo env PATH=$PATH build/src/lxc/tools/lxc-create --name mycontainer -t \
oci -- --url oci:/$HOME/.local/share/puzzlefs/pfs_ubuntu:eg --no-cache
$ sudo build/src/lxc/tools/lxc-start --name mycontainer --foreground /bin/bash
```
--no-cache is needed for puzzlefs until [3] is solved
[1] https://github.com/project-machine/puzzlefs
[2] https://github.com/opencontainers/image-spec/blob/main/manifest.md#image-manifest
[3] https://github.com/project-machine/puzzlefs/issues/131
Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>
The suggest-attribute=noreturn option marks functions which will
never return, to give the compiler some hints. It catches all of
our src/lxc/tools/*.c *_main functions as follows:
error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn]
But if we mark those __noreturn, then the compiler complains that:
../src/lxc/tools/lxc_attach.c:320:53: warning: ‘main’ specifies less restrictive attribute than its target ‘lxc_attach_main’: ‘noreturn’ [-Wmissi
ng-attributes]
320 | int __attribute__((weak, alias("lxc_attach_main"))) main(int argc, char *argv[]);
This recommendation is really not very important, so let's not ask
the build to warn about it.
Signed-off-by: Serge Hallyn <serge@hallyn.com>
