Donghwa Jeong
d1533cf86e
arguments: improve some operations
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:23 +02:00
harryoooooooooo
f91e737e1b
fix bug: unpriv lxc will run lxc.net.[i].script.up now
...
Signed-off-by: harryoooooooooo <ymsc27884@gmail.com>
2018-06-15 13:27:21 +02:00
Jonathan Calmels
ce57589dc5
conf: only use newuidmap and newgidmap when necessary
...
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
2018-06-15 13:27:19 +02:00
Jonathan Calmels
051ba0fcb1
terminal: enable local output processing
...
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
2018-06-15 13:27:17 +02:00
Donghwa Jeong
8292a70eef
coverity: #1425811
...
Resource leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:15 +02:00
Donghwa Jeong
4191221b91
coverity: #1425753
...
Copy into fixed size buffer
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:14 +02:00
Donghwa Jeong
7b035b61cf
coverity: #1425836
...
Resource leak
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:13 +02:00
Donghwa Jeong
1cbf9ec5b8
pam_cgfs: fix Logically dead code.
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:12 +02:00
Donghwa Jeong
a5fca5a443
coverity: #1425849
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:11 +02:00
Donghwa Jeong
d8b5bafc49
coverity: #1425841
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:10 +02:00
Donghwa Jeong
fde65d29cc
coverity: #1425821
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:09 +02:00
Donghwa Jeong
aa1e46fbce
coverity: #1425795
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:09 +02:00
Donghwa Jeong
1175de9748
coverity: #1425794
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:08 +02:00
Donghwa Jeong
f2a03085ab
coverity: #1425779
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:07 +02:00
Donghwa Jeong
e0716a8991
coverity: #1425777
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:27:06 +02:00
Christian Brauner
665814a750
seccomp: replace misleading warning messages
...
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-15 13:27:04 +02:00
Stéphane Graber
cec78f70d6
Fix typo
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-06-15 13:27:00 +02:00
Christian Brauner
18c13fe634
Revert "seccomp: make do_resolve_add_rule() more strict"
...
This reverts commit dfddc8aa7eCloses #2376 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-15 13:26:55 +02:00
Donghwa Jeong
70846c1bc2
conf: change some logs to print errno
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-15 13:26:53 +02:00
duguhaotian
23ca39efbb
support tls in cross-compile
...
AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
2018-06-15 13:26:51 +02:00
Christian Brauner
f1f2d7077b
conf: copy mountinfo for remount_all_slave()
...
While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.
Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-15 13:26:50 +02:00
Felix Abecassis
a21d44eb53
seccomp: use a default value of 0 for the mask
...
The mask was unconditionally parsed, it failed if no mask was
provided.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
2018-06-15 13:26:41 +02:00
Felix Abecassis
85db109eb5
seccomp: drop misleading argument name inherited from the OCI spec
...
The last (optional) argument was named "valueTwo", which seems to
originate from the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp
In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b".
However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ,
while the mask is supposed to be "datum_a".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
2018-06-15 13:26:39 +02:00
Christian Brauner
ce74ad2dbd
tree-wide: handle EINTR in some read()/write()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-15 13:26:32 +02:00
Stéphane Graber
d309c5d106
Release LXC 3.0.1
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-06-01 13:54:31 -04:00
Julien Surloppe
bfce0f6ee0
Patch lxc-update-config
...
The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:
parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24
Signed-off-by: Julien Surloppe <julien@surloppe.fr>
2018-06-01 16:45:31 +02:00
Christian Brauner
32b747ad7a
templates: fix download template
...
This patch fixes
commit 6e62213e02
2018-06-01 16:45:29 +02:00
Mark Asselstine
1aeaca8932
templates: actually create DOWNLOAD_TEMP directory
...
The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:
ERROR: Failed to download http://....
Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
2018-06-01 16:45:26 +02:00
Donghwa Jeong
2d7c634592
confile_utils: apply strprint()
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 14:02:50 +02:00
Christian Brauner
d7aaa23040
tree-wide: fix mode of some files
...
commit 321db0260fb2a4850853
2018-05-31 12:28:17 +02:00
Christian Brauner
d796b7e67f
start: log unknown info.si_code
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-31 12:28:16 +02:00
Donghwa Jeong
ebd0585341
start: fix waitpid() blocking issue
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 12:28:15 +02:00
Donghwa Jeong
61e585affa
change defines for return value of handlers
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 12:28:12 +02:00
Christian Brauner
91bc7fb0d3
confile: improve strprint()
...
POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."
But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.
[1]: The Open Group Base Specifications Issue 7, 2018 edition
IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-30 18:41:28 +02:00
Donghwa Jeong
dfd8ceba2d
conf: va_end was not called.
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-30 10:55:40 +02:00
Christian Brauner
8e50bbe613
conf: non-functional changes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-30 00:27:19 +02:00
Christian Brauner
61a53c326e
conf: make tmp_umount_proc bool
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-30 00:27:17 +02:00
Christian Brauner
c03d7a788a
conf: make root idmap structs const
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-30 00:27:16 +02:00
Christian Brauner
05ea6978bd
start: add reboot macros
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-30 00:27:03 +02:00
Christian Brauner
f5825bc922
conf: ensure lxc_delete_tty() does not crash
...
We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-28 17:10:10 +02:00
Christian Brauner
79616f3b5d
start: do not init ns_clone_flags to -1
...
ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-28 17:10:09 +02:00
Donghwa Jeong
20b88030f6
network: fix socket handle leak
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-28 17:10:06 +02:00
Christian Brauner
6bbfd89415
utils: fix task_blocking_signal()
...
Closes #2342 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:14 +02:00
Christian Brauner
9f154bb4f7
conf: non-functional changes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:12 +02:00
Christian Brauner
d5865e7e75
conf: pts -> pty_max
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:11 +02:00
Christian Brauner
dfb24c1534
conf: simplify tty handling
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:10 +02:00
Christian Brauner
e086062901
conf: reshuffle mount members
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:09 +02:00
Christian Brauner
35b6e9e7e3
conf: make close_all_fds a boolean
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:09 +02:00
Christian Brauner
443a29a872
conf: non-functional changes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:08 +02:00
Christian Brauner
b635dc4f73
conf: make is_execute a boolean
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-27 00:07:07 +02:00
