Because containers need to - and safely can - mount cgroufs in that
case.
Note that if cgns is enabled but the unshare fails, we fail the container
start, so checking whether they are enabled is enough.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This isn't safe for privileged containers which do not use cgroup
namespaces, but is required for systemd containers with cgroup
namespaces. So create a new profile for it which lxc will use as
the default when it knows it can.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
So far lxc-attach did not use a pty when attaching to a container. This made it
vulnerable to tty input faking via TIOCSTI when switching to a different user.
This patch makes lxc-attach use a pty in most cases. The only current exemption
is when stdin, stdout, and stderr are not referring to a pty.
There are two ways how lxc-attach can receive a pty:
1. get a pty in the container
2. get a pty on the host
This patch makes 1. the default and only opts for 2. when 1. fails before
giving up. The rationale behind this is as follows: If we create a pty on the
host (2.) and pass the fds to the container the container may report "no tty"
when the "tty" command is used. This could be irritating for users when they
expect that lxc-attach now always tries to use a pty. Hence, option 1. is the
default.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc_console_cb_tty_masterfd() unnecessarily reported a read/write error when
the fd was closed. This happens e.g. when we have allocated a tty in the
container with lxc-console and we shut the container down. lxc-console will
then exit with an error message. This patch introduces a test whether the
EPOLLHUP bit is set in the events mask. If so, we report no error.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Make lxc_console_set_stdfds useable by other callers that do not have access to
lxc_handler.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- lxc_console_cb_tty_stdin()
- lxc_console_cb_tty_master()
- lxc_setup_tios(int fd, struct termios *oldtios);
- lxc_console_winsz(int srcfd, int dstfd);
- lxc_console_cb_sigwinch_fd(int fd, uint32_t events, void *cbdata,
struct lxc_epoll_descr *descr);
- lxc_tty_state *lxc_console_sigwinch_init(int srcfd, int dstfd);
- lxc_console_sigwinch_fini(struct lxc_tty_state *ts);
We can make use these functions in other modules.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Systems with systemd have /sbin/init as a symlink pointing to real init.
Sshd template tries to bind-mount special init implementation.
The problem is that one cannot bind-mount to a location that is a symlink.
Fix this by deferencing /sbin/init symling and using that as bind-mount location.
Signed-off-by: Nikolay Martynov <mar.kolya@gmail.com>
When containers have lxcfs mounted instead of cgroupfs, we have to
process /proc/self/mountinfo a bit differently. In particular, we
should look for fuse.lxcfs fstype, we need to look elsewhere for the
list of comounted controllers, and the mount_prefix is not a cgroup path
which was bind mounted, so we should ignore it, and named subsystems
show up without the 'name=' prefix.
With this patchset I can start containers inside a privileged lxd
container with lxcfs mounted (i.e. without cgroup namespaces).
Closes#830
Signed-off-by: Ubuntu <ubuntu@localhost.localdomain>
If we're trying to allow a device which was denied to our parent
container, just continue.
Cgmanager does not help us to distinguish between eperm and other
errors, so just always continue.
We may want to consider actually computing the range of devices
to which the container monitor has access, but OTOH that introduces
a whole new set of complexity to compute access sets.
Closes#827
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
NULL pointers passed to execl*() functions must be cast to (char *)NULL since
they are variadic functions.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
fname cannot be passed in as NULL by any of its current callers. If it
could, then build_dir() would crash as it doesn't check for it. So make
sure we are warned if in the future we pass in NULL.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- Ephemeral containers are destroyed on shutdown so we do not destroy them.
- Destroy ephemeral containers with clones: first destroy all the clones, then
destroy the container.
- Ephemeral containers with snapshots cannot be easily handled but we can
probably trust that no one will try to make snapshots of an ephemeral
container.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Ideally a container configuration will specify 'unchanged' if
it wants the container to use the current (parent) profile. But
lxd passes its current label. Support that too.
Note that if/when stackable profiles exist, this behavior may
or may not be what we want. But the code to deal with aa
stacking will need some changes anyway so this is ok.
With this patch, I can create nested containers inside a
lxd xenial container both using
lxc launch x2
and unprivileged
lxc-start -n x2
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Comment rootfs.path and rootfs.mount so people can better figure
out which to use.
Remove the unused pivotdir argument from setup_rootfs_pivot_root().
Remove the unused pivot member of the lxc_rootfs struct. And just
return 0 (success) when someone passes a lxc.pivotdir entry. One
day we'll turn that into an error, but not yet...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Since we need fuse to run lxcfs, which is required by systemd, let's warn
about that as well.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
All lxc.mount.entry entries will be relative to the hosts / when a container
does not specify a lxc.rootfs.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
