Remove dead state clients from state client list. Consider the following
scenario:
01 start container
02 issue shutdown request
03 state_client_fd is added to lxc_handler
03 container doesn't respond to shutdown request
04 user aborts shutdown request
05 lxc_cmd_fd_cleanup() removes state_client_fd from lxc_mainloop
06 invalid state_client_fd is still recorded in the lxc_handler
07 user issues lxc_cmd_stop() request via SIGKILL
08 container reaches STOPPED state and sends message to state_client_fd
09 state_client_fd number has been reused by lxc_cmd_stop_callback()
10 invalid data gets dumped to lxc_cmd_stop()
Reproducer:
Set an invalid shutdown signal to which the init system does not respond with a
shutdown via lxc.signal.halt e.g. "lxc.signal.halt = SIGUSR1". Then do:
1. start container
root@conventiont|~
> lxc-start -n a1
2. try to shutdown container
root@conventiont|~
> lxc-stop -n a1
3. abort shutdown
^C
4. SIGKILL the container (lxc.signal.stop = SIGKILL)
root@conventiont|~
> lxc-stop -n a1 -k
lxc-stop: a1: commands.c: lxc_cmd_rsp_recv: 165 File too large - Response data for command "stop" is too long: 12641 bytes > 8192
To not let this happen we remove the state_client_fd from the lxc_handler when
we detect a cleanup event in lxc_cmd_fd_cleanup().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
When a "clear" request is sent to the console ringbuffer we should truncate the
console log file as well.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The lxc_console_create() function used to munge the ringbuffer setup and the
log file setup already. This made somewhat sense when we didn't have a separate
ringbuffer log file. Now it's just plain confusing. So split this into logical
helpers that future maintainers can understand:
- lxc_console_create_log_file()
- lxc_console_create_ringbuf(console);
- lxc_console_create_ringbuf_log_file(console);
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
If we do it unconditionally a request to only clear the ringbuffer and not read
or write anything will fail.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This allows cleanly exiting a console session without control sequences.
Relates to https://github.com/lxc/lxd/pull/4001 .
Note that the existence of a signal handler now doesn't guarantee that ts->node
is allocated. Instead, ts->node will now only be added to if stdinfd is a tty.
New checks need to take that into account.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This lets's users run daemonized application containers with our minimal init
as pid 1 and the requested program as pid 2.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This enables daemonized application containers with our minimal init running as
pid one and the requested program running as second pid.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
When users pass -1 there's there won't be an escape sequence to exit the
console so no need to print a misleading info message about how to detach.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Hi,
I try to create a Slackware container in a Slackware64 14.2 current and
find that wget depends on libunistring.
So I add libunistring to the package list.
Closes#1915
Signed-off-by: Chia-Chun Hsu a12321aabb@gmail.com
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Now it will be displayed nicely formatted:
a1 login: chb@conventiont|~
> lxc console a1
Connected to tty 0
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
Ubuntu 17.10 a1 console
a1 login:
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This patch fixes the missing workdir issue for the overlayfs mount command in
the lxc-test-unpriv test.
Bug link: https://bugs.launchpad.net/bugs/1730915
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
In order to enable proper unprivileged cgroup delegation on newer kernels we not
just need to delegate the "cgroup.procs" file but also "cgroup.threads". But
don't report an error in case it doesn't exist. Also delegate
"cgroup.subtree_control" to enable delegation of controllers to descendant
cgroups.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
If a console log file was specified this flag indicates whether the contents of
the ringbuffer should be written to the logfile when a request is sent to the
ringbuffer.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
When users request that the container keep a console ringbuffer we will not
continously write to the on-disk logfile as mirroring the contents of the
in-memory ringbuffer on-disk is costly and complicated. Instead, we dump the
ringbuffer contents on-disk when the container stops or fails to start. This
way users can still diagnose problems or retrieve the last contents of the
ringbuffer on-disk.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
