The removed codepath was non-functional for a long time now. All mounting is
handled through bdev.{c,h} and if that fails the other codepath would
necessarily fail as well. So let's remove them. This makes it way clearer what
is going on and simplifies things massively.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
- Enable lxc_abstract_unix_{send,recv}_fd() to send and receive multiple fds at
once.
- lxc_abstract_unix_{send,recv}_fd() -> lxc_abstract_unix_{send,recv}_fds()
- Send tty fds from child to parent all at once.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This is a potentially security sensitive operation and I really want to keep an
eye on *when exactly* this is send. So add more logging on the TRACE() level.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This also fixes a bug where we caused a double mapping, when the {u,g}id for
the user was mapped to container root {g,u}id.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This adds confile_utils.{c,h} which will contain a helpers to parse lxc
configuration files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This adds a test that checks LXC's configuration jump table whether all methods
for a given configuration item are implemented. If it is not, we'll error out.
This should provide additional safety since a) the API can now be sure that
dereferencing the pointer for a given method in the config struct is safe and
b) when users implement new configuration keys and forget to implement a
required method we'll see it right away.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Afaict, userns_exec_1() is only used to operate based on privileges for the
user's own {g,u}id on the host and for the container root's unmapped {g,u}id.
This means we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id
The former we add, if the user did not specifiy a mapping. The latter we
retrieve from the ontainer's configured {g,u}id mappings.
Closes#1598.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Ever since 8eb62c2, systemd has not been able to cleanly stop lxc
containers (via lxc@) because it's still using SIGPWR for systemd-based
containers.
We should now use the nice logic in 330ae3d to stop the containers
instead.
Signed-off-by: JD Friedrikson <yours@decompo.site>
