See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Since this is a union we might otherwise stomp on io_uring mmap()ed
memory.
Fixes: #4016
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
On kernel not enabling or not using SMT core scheduling will return with
ENODEV. Handle such kernels.
Link: https://github.com/lxc/lxd/issues/9419
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Distribute traffic over cpu cores of container by configuring more
than 1 tx/rx queue.
Signed-off-by: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We did th CRIU and kernel work but for some reason we never did push the
LXC work.
Link: cdb0d42702
commit cdb0d427020f ("net: allow restoring of precreated veth devices")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
as of 59d8a539d1 ("criu: massage exec_criu()") I see:
In file included from criu.c:22:
criu.c: In function 'exec_criu':
log.h:376:2: error: '%s' directive argument is null [-Werror=format-overflow=]
376 | LXC_ERROR(&locinfo, format, ##__VA_ARGS__); \
| ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
log.h:457:3: note: in expansion of macro 'ERROR'
457 | ERROR("%s - " format, ptr, ##__VA_ARGS__); \
| ^~~~~
log.h:491:3: note: in expansion of macro 'SYSERROR'
491 | SYSERROR(format, ##__VA_ARGS__); \
| ^~~~~~~~
criu.c:325:11: note: in expansion of macro 'log_error_errno'
325 | return log_error_errno(-ENOMEM, ENOMEM, "Failed to remove extraneous slashes from \"%s\"", tmp);
| ^~~~~~~~~~~~~~~
it looks like we should be logging the string that failed, vs. tmp here.
(my log was taken from stable-4.0, but the same issue exists on master it
seems.)
Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
The lxc_devpts_terminal() helper is called in contexts where it can fail
due to various reasons but where we safely fallback to allocating
terminal devices on the host. Logging error messages irritates users so
just log warning messages.
Link: https://discuss.linuxcontainers.org/t/lxc-attach-error-failed-to-open-terminal-multiplexer-device
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Core scheduling defines if the container payload is marked as being
schedulable on the same core. Doing so will cause the kernel scheduler
to ensure that tasks that are not in the same group never run
simultaneously on a core. This can serve as an extra security measure to
prevent the container payload from using cross hyper thread attacks.
The only allowed values are 0 and 1. Set this to 1 to create a core
scheduling domain for the container or 0 to not create one. If not set
explicitly no core scheduling domain will be created for the container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
