In particular, only create /dev/console when it is set to "none".
Otherwise, we will bind mount a pts device later, so let's just leave it.
Also, when bind mounting the pts device, let's create /dev/console if it
doesn't exist, since it may not already exist due to the above :)
v2: s/ot/to
v3: add O_EXCL so we actually get EEXIST, use the right condition for
mount_console (we want to compare against console.path, not
console.name, and console.path can be null)
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
We need to pass nosuid+nexec+nodev to remount to stop the kernel
from denying it.
When remounting the container's path read-write, use the right dest
path.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If cgmanager is running, use it. This allows the admin to simply
stop cgmanager if they don't want to use it. The other way there
is no way to choose to use cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Prevent privileged containers from messing with the host's pci devices
directly. Refuse access under /proc/bus, and drop cap_sys_rawio. Some
containers may need to re-enable cap_sys_rawio (i.e. if they run an
X server).
It may be desirable to break some of this stuff into files which can be
separately included (or not included), but this patch isn't the right
place for that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The problem here is that dev_t on most platforms is `long unsigned`, but on
android (and ppc?) it's `long long unsigned`. Let's just upcast to `long
long unsigned` and use that format string to keep the compilers happy.
Safety first!
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
There are a few things going on in this patch.
1. /dev/console is an external mount since it is bind mounted from the
host. However, we don't want to use criu's --ext-mount-map auto handling
here, because that will bind mount exactly the same path from the host
on restore, but if the pts device is different on the target host, we'll
bind mount the wrong one, which is obviously wrong.
2. We need to tell CRIU how to restore the TTY. Since we declare the tty as
--external, we need to provide it via --inherit-fd (even though we've
already fixed up the environment).
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Various other functions/structures are now only used in criu.c, so let's
hide stuff there so as not to pollute headers.
This commit also bumps the required CRIU versions to 2.0. While we don't
*require* any features that aren't in 1.8 patchlevel 21 or above, 2.0 is a
vast improvement, and so we should use that instead.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Add a temporary workaround for talking to containers started with the
buggy monitor. We can remove it sometime after 2.0 release.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
cgroup_escape() is a slight abuse of the cgroup code: what we really want
here is to escape the *current* process, whether it happens to be the LXC
monitor or not, into the / cgroups.
In the case of dump, we can't do an lxc_init(), because:
lxc 20160310103501.547 ERROR lxc_commands - commands.c:lxc_cmd_init:993 - ##
lxc 20160310103501.547 ERROR lxc_commands - commands.c:lxc_cmd_init:994 - # The container appears to be already running!
lxc 20160310103501.547 ERROR lxc_commands - commands.c:lxc_cmd_init:995 - ##
We don't want to make this a command to send to the handler, because again,
cgroup_escape() is intended to escape the *current* task to the root
cgroups.
So, let's just have cgroup_escape() build its own handler when required.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
This is no longer needed outside of criu.c with the ->migrate API call, so
let's mark it that way.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Our mkdir_p ignore eexist, and of course we want that for
upper path components, but the final directory itself must
not already exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
read_file was using the wrong value for the string length. Also,
realloc on i386 is wonky with small sizes - so use a batch size
to avoid small reallocs.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Lxc only sets it on /lxc, not on /.
It's conceivable that we should really re-set this to the original
value, to prevent making later tests not fail when they should. I
didn't do that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Unprivileged containers cannot read it anyway, but also prevent root
owned containers from doing so. Sadly upstart's mountall won't run
if we try to prevent it from being mounted at all.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
