Commit Graph

10783 Commits

Author SHA1 Message Date
Christian Brauner
4915c91128
process_utils: add signal_name() helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-11-03 10:42:32 +01:00
Christian Brauner
78baec37d6
build: improve liburing support detection
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-11-02 10:41:35 +01:00
Christian Brauner
1a102b310f
mainloop: make ifdefs easier to follow
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-11-02 10:41:32 +01:00
Simon Deziel
cf931928f1
Replace last occurence of 'which' with 'command -v'
The later is builtin and POSIX compliant.

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
2021-10-29 10:07:09 +02:00
Diederik de Haas
1ec5939b4a
Replace deprecated backticks with $() construct
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2021-10-29 10:07:07 +02:00
Diederik de Haas
fdfb4a13de
Replace 'which' with 'command -v' in tests too
Forgot to modify and include the tests in previous PR, so do that now.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2021-10-29 10:07:06 +02:00
Christian Brauner
71743e8111
start: check event loop type before closing fd
Since this is a union we might otherwise stomp on io_uring mmap()ed
memory.

Fixes: #4016
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:07:05 +02:00
Christian Brauner
f69e6b4d3f
mainloop: make sure that descr->ring is allocated
This is future proofing more than anything else.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:07:04 +02:00
Diederik de Haas
1a8895855e
Replace 'which' with 'command -v'
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.

Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.

Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
2021-10-29 10:07:03 +02:00
Christian Brauner
9219277cc6
build: add io-uring-event-loop option
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:07:01 +02:00
Christian Brauner
d04eb166c6
build: add static libcap to output
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:06:59 +02:00
Christian Brauner
bc51048b79
confile: don't use path_simplify() on lxc.{execute,init}.cmd
Fixes: #4015
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:06:56 +02:00
Christian Brauner
48728e9880
conf: add cgroup2, cgroup2:ro, cgroup2:force, cgroup2:ro:force options
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-29 10:06:51 +02:00
Stéphane Graber
4d3aad49d6
AUTHORS: Update to point to git history
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2021-10-25 16:17:45 +02:00
Christian Brauner
e328a988e0
conf: handle kernels without or not using SMT
On kernel not enabling or not using SMT core scheduling will return with
ENODEV. Handle such kernels.

Link: https://github.com/lxc/lxd/issues/9419
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-25 16:17:40 +02:00
KATOH Yasufumi
d40b0deb45
doc: fix typo in English lxc.container.conf(5)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2021-10-25 16:17:37 +02:00
KATOH Yasufumi
49fab27fc5
doc: Add lxc.sched.core to Japanese lxc.container.conf(5)
Update for commit 09996a4

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2021-10-25 16:17:29 +02:00
KATOH Yasufumi
1ad1cab805
doc: add loglevels to ja and ko common options
Update for commit 44b87e8

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2021-10-25 16:17:22 +02:00
Christian Brauner
1505f07805
conf: make it more obvious how auto-mount flags are defined
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-25 16:16:59 +02:00
Christian Brauner
429233cf0e
criu: support restoring containers with pre-created veth devices
We did th CRIU and kernel work but for some reason we never did push the
LXC work.

Link: cdb0d42702
      commit cdb0d427020f ("net: allow restoring of precreated veth devices")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-20 17:44:11 +02:00
Stéphane Graber
48e079bf31
Release LXC 4.0.11
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2021-10-19 12:01:41 -04:00
Christian Brauner
42283e2275
conf: verify that rootfs is stable after setting up mounts
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:25:02 +02:00
Heinrich Schuchardt
edc2d1c776
README.md: mention RISC-V architecture
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-19 17:14:21 +02:00
Heinrich Schuchardt
0f892901b2
Add riscv64 to --arch parameter values
lxc-attach uses an --arch parameter. 'riscv64' should be a usable value.

Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
2021-10-19 17:14:17 +02:00
Christian Brauner
8f5f3daa24
conf: don't fail umount2()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:14:00 +02:00
Christian Brauner
4c95b15d83
conf: fix coding style
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:13:49 +02:00
Christian Brauner
33186c054f
caps: ensure \0-termination
Fixes: Coverity 1492865
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:13:46 +02:00
Christian Brauner
bc004c21f1
attach: improve error logging
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:13:39 +02:00
Christian Brauner
5f5144e1ce
af_unix: replace log_error_errno()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-19 17:13:34 +02:00
Tycho Andersen
f3c3987bb2
criu: fix error message
as of 59d8a539d1 ("criu: massage exec_criu()") I see:

In file included from criu.c:22:
criu.c: In function 'exec_criu':
log.h:376:2: error: '%s' directive argument is null [-Werror=format-overflow=]
  376 |  LXC_ERROR(&locinfo, format, ##__VA_ARGS__);   \
      |  ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.h:457:3: note: in expansion of macro 'ERROR'
  457 |   ERROR("%s - " format, ptr, ##__VA_ARGS__); \
      |   ^~~~~
log.h:491:3: note: in expansion of macro 'SYSERROR'
  491 |   SYSERROR(format, ##__VA_ARGS__);              \
      |   ^~~~~~~~
criu.c:325:11: note: in expansion of macro 'log_error_errno'
  325 |    return log_error_errno(-ENOMEM, ENOMEM, "Failed to remove extraneous slashes from \"%s\"", tmp);
      |           ^~~~~~~~~~~~~~~

it looks like we should be logging the string that failed, vs. tmp here.

(my log was taken from stable-4.0, but the same issue exists on master it
seems.)

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
2021-10-19 17:13:28 +02:00
Christian Brauner
5ac772d632
tests: remove trailing endifs
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:36:30 +02:00
Christian Brauner
ca93409772
lxc-monitord: fix integer comparisions
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:34:25 +02:00
Christian Brauner
1eebaf03aa
test: fix nested capability tests
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:47 +02:00
Christian Brauner
a5ac48c8d9
attach: improve error logging for drop_capabilities()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:46 +02:00
Christian Brauner
5f6c26723e
tests: expand capability tests
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:45 +02:00
Christian Brauner
21cc116e6c
tree-wide: use __u32 for capabilities
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:44 +02:00
Christian Brauner
388cccf6b8
cgroups: use __u32 for cpumasks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:43 +02:00
Christian Brauner
31d32b800f
conf: improve capability handling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:43 +02:00
Christian Brauner
2da153cc37
tests: add test for lxc.cap.keep
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:42 +02:00
Christian Brauner
87099b920a
conf: fix lxc.cap.keep behavior
Fixes: ##3993
Fixes: 20ab75789e ("conf: simplify and port caps to new list type")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:41 +02:00
Christian Brauner
b108edb744
terminal: log at warning message
The lxc_devpts_terminal() helper is called in contexts where it can fail
due to various reasons but where we safely fallback to allocating
terminal devices on the host. Logging error messages irritates users so
just log warning messages.

Link: https://discuss.linuxcontainers.org/t/lxc-attach-error-failed-to-open-terminal-multiplexer-device
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:40 +02:00
Christian Brauner
7a73fa9f2a
log: improve %m handling on musl
Fixes: #3961
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:40 +02:00
Christian Brauner
5eeb93f467
start: make failure to apply core scheduling fatal
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:39 +02:00
Christian Brauner
b95aacb77f
start: use core scheduling error helper
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:38 +02:00
Christian Brauner
c197f076da
start: don't fail when core scheduling isn't supported
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:37 +02:00
Christian Brauner
d753bc7715
syscall_wrappers: fix core scheduling creation helper naming
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:36 +02:00
Christian Brauner
4b79bd3cdc
tree-wide: cast to core scheduling cookie to llu
Link: https://launchpadlibrarian.net/561086365/buildlog_ubuntu-focal-ppc64el.lxc_1%3A4.0.10+master~20210930-1812-0ubuntu1~focal_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:36 +02:00
Christian Brauner
c396350c2a
attach: handle core scheduling
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:35 +02:00
Christian Brauner
23355c196c
lxc: add lxc.sched.core
Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.

The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:31 +02:00
Christian Brauner
0d13490294
initutils: add missing prctl include
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-10-14 17:30:31 +02:00