Christian Brauner
0dd2e321c2
api-extension: add missing seccomp_proxy_send_notify_fd extension
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 17:33:09 +02:00
Stéphane Graber
2a35d949b8
Merge pull request #3508 from brauner/2020-08-06/fixes
...
seccomp: add seccomp_notify_fd_active api extension
2020-08-06 09:27:31 -04:00
Christian Brauner
ec49d30f57
seccomp: send notify fd as part of the message
...
Since we haven't made this official api yet: YOLO
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 15:09:12 +02:00
Christian Brauner
2140576960
seccomp: add seccomp_notify_fd_active api extension
...
which allows to retrieve an active seccomp notifier fd from a running
container.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 14:40:13 +02:00
Stéphane Graber
05af17d749
Merge pull request #3507 from brauner/2020-08-06/fixes
...
seccomp: don't close the mainloop, simply remove the handler
2020-08-06 08:38:06 -04:00
Christian Brauner
eb551cefed
seccomp: don't close the mainloop, simply remove the handler
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-06 14:14:10 +02:00
Stéphane Graber
c601840017
Merge pull request #3506 from brauner/2020-08-05/safe_native_terminal_allocation
...
macro: define TIOCGPTPEER if missing
2020-08-05 15:14:28 -04:00
Christian Brauner
cfca9ccddc
conf: use openat() instead of open_tree()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-05 20:50:27 +02:00
Christian Brauner
07002a08c1
macro: define TIOCGPTPEER if missing
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-05 16:44:53 +02:00
Stéphane Graber
1f15c1c3a2
Merge pull request #3505 from brauner/2020-08-05/safe_native_terminal_allocation
...
terminal: safely allocate pts devices from inside the container
2020-08-05 10:10:52 -04:00
Christian Brauner
f797f05e6e
terminal: safely allocate pts devices from inside the container
...
This was a year long journey which seems to finally have come to an end.
Closes : #1620 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-05 15:16:51 +02:00
Stéphane Graber
2d19c5e172
Merge pull request #3504 from brauner/2020-08-04/fixes
...
conf: ensure that the idmap pointer itself is freed
2020-08-03 20:53:01 -04:00
Christian Brauner
7e62126388
conf: ensure that the idmap pointer itself is freed
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-08-04 00:05:05 +02:00
Christian Brauner
f3bbb01f8a
Merge pull request #3501 from ffontaine/master
...
syscall: don't fail if __NR_signalfd is not defined
2020-07-28 13:25:48 +02:00
Fabrice Fontaine
3341e204dc
syscall: don't fail if __NR_signalfd is not defined
...
lxc fails to build if __NR_signalfd is not defined since version 4.0.0
and
bed09c9cc0
However, some architectures don't define __NR_signalfd but only
__NR_signalfd4. This is the case for example for nios2 or csky:
f9ac84f92f/sysdeps/unix/sysv/linux/nios2/arch-syscall.h
f9ac84f92f/sysdeps/unix/sysv/linux/csky/arch-syscall.h
Fixes:
- http://autobuild.buildroot.org/results/75096a48d2dbda57459523db3ed0952e63f93535
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-07-28 12:44:43 +02:00
Stéphane Graber
79c66a2af3
Merge pull request #3500 from brauner/2020-07-27/seccomp_notify_cleanup
...
seccomp: add missing header
2020-07-27 12:02:48 -04:00
Christian Brauner
e4353a7fc4
seccomp: add missing header
...
Fixes: https://launchpadlibrarian.net/490341075/buildlog_snap_ubuntu_bionic_amd64_lxd-latest-edge_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-27 17:26:42 +02:00
Stéphane Graber
64cbd48aa3
Merge pull request #3499 from brauner/2020-07-27/seccomp_notify_cleanup
...
seccomp: remove seccomp fd from event loop after task exited
2020-07-27 08:16:30 -04:00
Christian Brauner
b2acb9dce9
seccomp: remove seccomp fd from event loop after task exited
...
Linux v5.8 will land my patch where seccomp notifies when a filter goes unused,
i.e. when the last task using a given seccomp filter has exited. This wasn't
possible before and so we accumulated file descriptors in the container's event
loop whenever we attached to the container.
I'm not sure whether the task exiting before we could handle its syscall should
cause us to report and error or not. For now, let's simply close the event loop
and not report an error.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-27 10:15:20 +02:00
Stéphane Graber
aaab14d098
Merge pull request #3498 from brauner/master
...
selinux: remove security_context_t usage as it's deprecated
2020-07-25 12:49:14 -04:00
Christian Brauner
c18de5225b
selinux: remove security_context_t usage as it's deprecated
...
Link: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1888705
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-25 11:36:46 +02:00
Stéphane Graber
d312ef6849
Merge pull request #3497 from brauner/2020-07-23/fix_snap_compilation
...
autotools: fix Makefile
2020-07-23 12:52:37 -04:00
Stéphane Graber
c10c8a61e6
Merge pull request #3496 from brauner/2020-07-18/mount_pid
...
new mount api support: basics
2020-07-23 10:34:36 -04:00
Christian Brauner
7a7286393a
Makefile: fix Makefile
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:33:33 +02:00
Christian Brauner
18780b9068
log: don't break logging by hiding symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
657256e0b8
attach: use new mount api
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
14df702190
mount_utils: add mount_filesystem() helper
...
that translates between the two mount apis.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
7f88a1a2f6
mount_utils: add mount utils
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
7f1d397bbd
syscalls: add fsmount()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
9edfcaa822
syscalls: add fsconfig()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
749bc40479
syscalls: add fspick()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:50 +02:00
Christian Brauner
49b21cd7d9
syscalls: add fsopen()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-23 10:20:48 +02:00
Stéphane Graber
8bdacc22a4
Merge pull request #3492 from brauner/2020-07-18/visibility_hidden
...
tree-wide: hide unnecessary symbols
2020-07-22 14:39:53 -04:00
Stéphane Graber
07f25184e9
Merge pull request #3495 from siv0/boot_id_remount_apparmor_fix
...
apparmor: Allow ro remount of boot_id
2020-07-22 13:05:49 -04:00
Stoiko Ivanov
3646e8acef
apparmor: Allow ro remount of boot_id
...
The rule added in 863845075d
did not cover all
necessary mount calls for /proc/sys/kernel/random/boot_id
(in src/lxc/conf.c: lxc_setup_boot_id) - the ro remount is missing.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
2020-07-22 14:13:39 +02:00
Christian Brauner
945daa2406
start: simplify gotos
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-22 10:46:05 +02:00
Christian Brauner
59eac805a3
tree-wide: hide further unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 15:44:43 +02:00
Christian Brauner
2284f8a505
storage: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 14:01:31 +02:00
Christian Brauner
d6728cb356
arguments: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 13:45:37 +02:00
Christian Brauner
ebbde1732c
lsm: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 13:43:46 +02:00
Christian Brauner
c332ec90f0
cgroups: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 13:28:08 +02:00
Christian Brauner
78ad1eb09d
uuid: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 13:20:41 +02:00
Christian Brauner
5f1b09866f
utils: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 13:15:25 +02:00
Christian Brauner
cd6b82e44c
terminal: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 12:44:09 +02:00
Christian Brauner
bf1ca416a2
sync: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 12:37:28 +02:00
Christian Brauner
1bf5f8123e
state: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 12:30:53 +02:00
Christian Brauner
8c8cd08712
start: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-21 12:24:45 +02:00
Christian Brauner
f6fea47396
ringbuf: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-20 18:49:55 +02:00
Christian Brauner
0b07c6c162
rexec: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-20 18:46:13 +02:00
Christian Brauner
92a10958c9
process_utils: hide unnecessary symbols
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2020-07-20 18:45:02 +02:00