When lxc is installed inside an lxc container, trying to bring up
lxc-net with the default parameters will conflict with the networking
setup for lxc on the host. This breaks all networking inside the
container where lxc is installed.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
GPG has been a major source of issues over the years with various
attacks on the key network as well as client side issues making it hard
to retrieve our keys.
Back when we introduced the image server, SSL certificates were still
expensive and annoying to setup, so not something we'd have expected
potential mirrors to setup for us. They were also issued for multiple
years, making a compromise of such a certificate quite problematic.
But things have changed since, we now have completely free, very easily
deployable SSL certificates everywhere with the majority of those being
shortlived and with good reporting of issued certificates.
With that, we can now deprecate the GPG validation, disable the fallback
to non-HTTPS download and rely on our indices being accurate because
they've been downloaded from a server with a valid certificate.
This puts LXC more in line with what LXD has done since the beginning
and should offer a more reliable user experience.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
We can let attach detect that it is running on a cgroup layout without
writable cgroup hierarchies. In that case attach can finish early and
doesn't need to run the heavy-handed cgroup parsing code.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In order to facilitate this, the default mount list's
'destination' may now be NULL to mean that the source should
be unmounted instead.
Here's what we need to do:
1) Ensure the first sysfs mount point is writable.
2) Mount a read-only sysfs on /sys
3) Bind devices/virtual/net *writably* into /sys
We use /proc/sys as a staging directory for the first sysfs
mount in read-write mode, then mount /sys r/o. Afterwards we
bind the r/w devices/virtual/net and unmount the staging
/proc/sys mount point.
The staging directory would not be required with the new
mount API, but this way we can support the old API and keep
the general workflow in the `default_mounts`.
Once we drop support for the old mount API, the
default_mounts table could just get a subdirectory field to
mount subdirectories directly.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This reverts commit 2fde07c399.
We need to investigate this in more detail but this commit is breaking
LXD, causing startup to fail with:
lxc foo 20211130202833.906 INFO conf - conf.c:run_script_argv:336 - Executing script "/bin/mount -t shiftfs -o passthrough=3 "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs" "/lxc-ci/build/tmp.WemmpzWGYz/go/src/github.com/lxc/lxd/test/tmp.Cli/0To/containers/foo/rootfs"" for container "foo"
lxc foo 20211130202833.912 ERROR conf - conf.c:run_buffer:321 - Script exited with status 32
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup_rootfs_prepare_root:3947 - Failed to run pre-mount hooks
lxc foo 20211130202833.912 ERROR conf - conf.c:lxc_setup:4317 - Failed to setup rootfs
lxc foo 20211130202833.912 ERROR start - start.c:do_start:1275 - Failed to setup container "foo"
Not entirely sure why we're seeing things blow up as the directory
definitely exists (and contains a valid rootfs) but this was caused by
today's liblxc update.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
If we're saving the config file to somewhere that's *not* the container
dir, we don't need to create the container dir. Let's not do this and
thus not require its parent to exist, which can be confusing, especially in
light of the sparse logging through these functions.
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
I get:
In file included from cgroups/cgfsng.c:42:
In function 'cpuset1_cpus_initialize',
inlined from 'cpuset1_initialize' at cgroups/cgfsng.c:658:7,
inlined from '__cgroup_tree_create.constprop' at cgroups/cgfsng.c:723:26:
./log.h:376:9: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
./log.h:457:17: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
./log.h:491:17: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
cgroups/cgfsng.c:585:24: note: in expansion of macro 'log_error_errno'
585 | return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath);
| ^~~~~~~~~~~~~~~
it turns out here that fpath is not used, so let's get rid of it and just
render the dfd+pathname directly.
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
This reverts commit d65e5e492f.
With vfork the child process modifies the parent's memory,
so the calls to `signal`, `fprintf` and regular `exit` may
be dangerous and might cause conflicting states in the
parent.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
When installing LXC with the default options, a single non-symlink liblxc.so*
(e.g. liblxc.so.1.7.0) file is created:
```
$ ./autogen.sh && ./configure && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.7.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
However, when automake>=1.16.5, and the `--enable-pam` option is used, two
non-symlink liblxc.so* (e.g. liblxc.so.1.0.0 and liblxc.so.1.7.0) are
erroneously created:
```
$ ./autogen.sh && ./configure --enable-pam && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
This is due to infighting between libtool's and LXC's versioning:
libtool creates liblxc.so.1.0.0, then LXC's `install-exec-local` hook in
`Makefile.am` moves it to liblxc.so.1.7.0. However, with `--enable-pam`, the
`install-libLTLIBRARIES` target is re-triggered after `install-pamLTLIBRARIES`,
which will create liblxc.so.1.0.0 again.
The bigger problem here is that the install for the pam_cgfs library is done on
the `data` phase of the automake install process instead of the `exec` phase
(https://www.gnu.org/software/automake/manual/html_node/The-Two-Parts-of-Install.html),
which gives `install-libLTLIBRARIES` a chance to run again after the
`install-exec-local` / `install-exec-hook` targets have already run.
To fix this, we add an "exec_" prefix to the pam_cgfs library to make it run
during the `exec` phase (see link above). We also consolidate the various hooks
in the `install-exec-hook` target, which runs after the whole install, avoiding
needing to manually specify the dependencies like in `install-exec-local`.
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
When porting to the new list type we added an accidental ! when checking
whether the list is empty.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
