proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 22:12:36 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,680 Commits 6 Branches 17 Tags 29 MiB
14a22d62c8
Commit Graph

10680 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
b988c5c989
mainloop: port handlers to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:57 +02:00
Christian Brauner
c2c0105ca8
cgroups: port bpf devices to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:55 +02:00
Christian Brauner
222ae84c88
tree-wide: port network handling to new list type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:51 +02:00
Christian Brauner
a6926a0f6d
list: add new kernel-based list implementation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:50 +02:00
Maximilian Blenk
fe4704417a
tools: fix elevated privilege handler in lxc-attach 
Make sure to return an error when the user requests an LSM profile to be
set while also requesting that elevated LSM privileges are to be used.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:48 +02:00
Christian Brauner
4cbbd1ce28
confile: rework lxc_fill_elevated_privileges() 
Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:46 +02:00
Christian Brauner
4e4f2816ff
attach_options: add LXC_ATTACH_LSM_LABEL to LXC_ATTACH_LSM flags 
Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:44 +02:00
Christian Brauner
c87c0d4bcf
tools: align struct initialization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:43 +02:00
Christian Brauner
2cea425831
tools: fix variable declarations in lxc-attach 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:41 +02:00
Maximilian Blenk
bfcbb08223
attach: allow LSM attach without new mnt namespace 
Currently, the -c command (to set the selinux context) seems to be
broken because lxc-attach expects that also a new mount namespace
is specified via command line. This commit remove the check for the new
mount namespace to fix this issue. Please note that the
--elevated-privileges option is not affected by this issue.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:39 +02:00
Christian Brauner
251bd80cf3
confile: return negative errno everywhere 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:38 +02:00
Maximilian Blenk
61dd752523
config: enable seccomp profile only when compiled with libseccomp 
Make lxc fail if seccomp.profile is specified but lxc is compiled
without seccomp support. Currently, seccomp.profile is silently ignored
if is specified in such a scenario. This could lead to the false
impression that the seccomp filter is applied while it actually isn't.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
 2021-10-14 17:22:36 +02:00
Christian Brauner
58b6132d88
seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD 
[2021-08-18 05:48:26] [build-stdout] mv -f $depbase.Tpo $depbase.Po
[2021-08-18 05:48:26] [build-stderr] seccomp.c: In function ‘seccomp_notify_cleanup_handler’:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1367:25: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1367 |  if (fd == conf->seccomp.notifier.notify_fd)
[2021-08-18 05:48:26] [build-stderr]       |                         ^
[2021-08-18 05:48:26] [build-stderr] In file included from af_unix.h:12,
[2021-08-18 05:48:26] [build-stderr]                  from seccomp.c:14:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:655:26: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   655 |   int __internal_fd__ = (fd); \
[2021-08-18 05:48:26] [build-stderr]       |                          ^~
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:656:4: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   656 |   (fd) = -EBADF;              \
[2021-08-18 05:48:26] [build-stderr]       |    ^~
[2021-08-18 05:48:26] [build-stderr] make[3]: *** [Makefile:4496: seccomp.o] Error 1
[2021-08-18 05:48:26] [build-stdout] make[3]: Leaving directory '/opt/src/src/lxc'
[2021-08-18 05:48:26] [build-stdout] make[2]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stdout] make[1]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stderr] make[2]: *** [Makefile:440: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] make[1]: *** [Makefile:379: all] Error 2
[2021-08-18 05:48:26] [build-stderr] make: *** [Makefile:537: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] + '[' -f build.ninja ']'
[2021-08-18 05:48:26] [build-stdout] Semmle autobuild: no supported build system detected.
[2021-08-18 05:48:26] [build-stderr] + '[' -d ../_lgtm_build_dir ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build.sh ']'
[2021-08-18 05:48:26] [build-stderr] + '[' -f setup.py ']'
[2021-08-18 05:48:26] [build-stderr] + echo 'Semmle autobuild: no supported build system detected.'
[2021-08-18 05:48:26] [build-stderr] + exit 1
[2021-08-18 05:48:26] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/opt/dist/tools/linux64/preload_tracer, /opt/dist/cpp/tools/do-build])
[2021-08-18 05:48:26] [build-stderr] A fatal error occurred: Exit status 1 from command: [/opt/dist/cpp/tools/do-build]
[2021-08-18 05:48:26] [build-stderr] deptrace-server: received exit command
[2021-08-18 05:48:27] [ERROR] Spawned process exited abnormally (code 2; tried to run: [/opt/work/lgtm-workspace/lgtm/extract.sh])
A fatal error occurred: Exit status 2 from command: [/opt/work/lgtm-workspace/lgtm/extract.sh]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:35 +02:00
Christian Brauner
edd448515f
tests: use busybox in lxc-test-usernic.in 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:33 +02:00
Christian Brauner
efc14832b0
tests: use busybox in lxc-test-unpriv 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:32 +02:00
Christian Brauner
82b850ddaa
tests: use busybox in lxc-test-no-new-privs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:32 +02:00
Christian Brauner
e13b0012e8
test: use busybox in lxc-test-autostart 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:31 +02:00
Christian Brauner
5e1337c655
test: use busybox in lxc-test-apparmor-mount 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:29 +02:00
Christian Brauner
6292dde621
test: use busybox in lxc-test-apparmor-generated 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:28 +02:00
Christian Brauner
26580f0e16
tests: fix order in sys_mixed 
We need to set the config item after we loaded the config obviously.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:26 +02:00
Christian Brauner
729a423b45
conf: allow for tty allocation even when container did not request separate devpts instance 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:24 +02:00
Christian Brauner
c47e4b6ac0
busybox: simplify 
Start relying on autodev for busybox template and wipe all the device
creation.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:23 +02:00
Christian Brauner
79dc690fa7
busybox: mount sys:ro 
There's no udev so sys doesn't need to be read-write.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:22 +02:00
Christian Brauner
3d95eb893f
terminal: use /dev/ptmx when allocating pty devices from devpts instances we didn't mount ourselves 
When we aren't told what devpts instance to allocate from we assume it
is the one in the caller's mount namespace.
This poses a slight complication, a lot of distros will change
permissions on /dev/ptmx so it can be opened by unprivileged users but
will not change permissions on /dev/pts/ptmx itself. In addition,
/dev/ptmx can either be a symlink, a bind-mount, or a separate device
node. So we need to allow for fairly lax lookup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:18 +02:00
Christian Brauner
0f9f5ec0f7
file_utils: add same_device() helper 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:17 +02:00
Po-Hsu Lin
7381a5de50
tests: set lxc-test-automount/createconfig/snapdeps as executable 
The debian/tests/exercise script will skip those non-executable tests
in src/test, thus these three tests were never get tested.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
 2021-10-14 17:22:12 +02:00
Christian Brauner
65cb2231ad
cgroups: simplify offline and isolated cpu handling 
Don't create separate cpumask arrays for them. Just clear the ones that
are set in the original cpumask array.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:11 +02:00
Christian Brauner
23ef48f0d8
cgroups: use semantically clean check in cpuset1_cpus_initialize() 
The variable is a pointer not a integer.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:10 +02:00
Christian Brauner
7b8746b976
cgroups: fix cpumask handling 
Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:09 +02:00
Christian Brauner
b6907488b3
cgroups: fix comments in cpuset1_initialize() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:08 +02:00
Christian Brauner
0a5347ddbe
Revert "cgroups: fix cpu bitmasks" 
This reverts commit e0f7296a6d.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:07 +02:00
Christian Brauner
4bd5942f75
cgroups: s/calloc/zalloc/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:06 +02:00
Jim Ferrigno
38db899380
cgroups: fix cpu bitmasks 
Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:05 +02:00
Christian Brauner
eda2b7467e
mainloop: disable IORING_SETUP_SQPOLL for now 
It's a bit more complicated to use then I envisioned here.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:02 +02:00
Christian Brauner
3f3e75c4e2
mainloop: add comments about multishot and oneshot cleanup 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:02 +02:00
Christian Brauner
620f6c9caa
mainloop: s/handler_name/name/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:00 +02:00
Christian Brauner
1306659ecb
mainloop: move variables into tighter scope 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:59 +02:00
Christian Brauner
14f8022a59
memory_utils: make cleanup handler as unused 
They are sometimes used to just clean something up automatically at end
of scope but the variables themselves might not be actually used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:57 +02:00
Christian Brauner
502998699a
mainloop: fix io_uring cleanup handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:56 +02:00
Christian Brauner
4fc38d526e
mainloop: remove CANCEL_RAISE flag 
This is really not needed since we're not checking it anywhere anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:54 +02:00
Christian Brauner
771161376e
mainloop: minor fixes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:53 +02:00
Tycho Andersen
eb218b3943
mainloop: s,sys/poll,poll 
I get the following warning (which then fails the build because of
-Werror):

In file included from mainloop.c:11:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      |  ^~~~~~~

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
 2021-10-14 17:21:51 +02:00
Simon Deziel
2aad32dca2
lxc-download: add LXC version/compat level to user-agent 
Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
 2021-10-14 17:21:50 +02:00
Christian Brauner
b1f9aee5c4
mainloop: add io_uring support 
Users can choose to compile liblxc with io_uring support. This will
cause LXC to use io_uring instead of epoll.
We're using both, io_uring's one-shot and multi-shot poll mode depending
on the type of handler.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:46 +02:00
Thomas Parrott
aa96b8e35b
doc: Adds mention of ability to specify manual IPv4 broadcast address 
See also https://github.com/lxc/lxd/pull/9103

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 2021-10-14 17:21:42 +02:00
Christian Brauner
5210178135
tree-wide: s/lxc_epoll_descr/lxc_async_descr/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:39 +02:00
Christian Brauner
cff59253a0
conf: log session keyring failure on WARN level 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:37 +02:00
Christian Brauner
27217f7c54
cgroups: log at warning instead of error level 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:35 +02:00
Edênis Freindorfer Azevedo
983c0dd85a
Improve bash completion. 
Use as much as possible from each command `--help` for completion.

Some options require a long list of completions that should be dumped by
some command option. These are not added here yet.

Examples of those are: `lxc-info --config`, `lxc-execute --define` and
`lxc-start --define`.

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:32 +02:00
Edênis Freindorfer Azevedo
2d317f2596
Create rules to add/remove symlinks for bash completion. 
By default, there is no out-of-the-box bash completion for lxc tools.
This is due to dynamic loading of completions, that requires the
completion filename to be the same as the command (e.g. `lxc-start`
expects a completion filename `lxc-start`). But all commands are in file
`lxc`, which is not read.

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:29 +02:00