proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-05 01:42:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,883 Commits 6 Branches 17 Tags 29 MiB
2268c27754
Commit Graph

7883 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
2268c27754
autotools: compiler based hardening 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-20 00:22:18 +02:00
Christian Brauner
b8ab484943
Merge pull request #2703 from 2xsec/asan1 
cleanups
 2018-10-19 11:47:06 +02:00
2xsec
47903908f8
tree-wide: coding style fixes 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
[christian.brauner@ubuntu.com: cleanup if-branches in confile.c]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-19 11:21:36 +02:00
Christian Brauner
9de79b17c3
Merge pull request #2702 from 2xsec/asan1 
parse: fix uninitialized value
 2018-10-19 07:02:41 +02:00
2xsec
9c3f0f02f8
parse: fix uninitialized value 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-19 11:51:51 +09:00
Wolfgang Bumiller
5fb2bc71b6
Merge pull request #2696 from brauner/2018-10-17/fix_append_config_line 
confile: fix append_unexp_config_line()
 2018-10-18 21:55:44 +02:00
Wolfgang Bumiller
b37348d8f2
Merge pull request #2698 from brauner/2018-10-17/config_parsing 
parse: protect against config updates during parse
 2018-10-18 19:38:38 +02:00
Christian Brauner
7c4d9466ad
parse: protect against config updates during parse 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-18 17:38:51 +02:00
Christian Brauner
62a821f199
confile: fix append_unexp_config_line() 
Reported-by: 2xsec dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-18 15:56:29 +02:00
Wolfgang Bumiller
68c11e8b02
Merge pull request #2697 from brauner/2018-10-17/fix_disable_commands_build 
autotools: fix --disable-commands builds
 2018-10-18 15:43:30 +02:00
Wolfgang Bumiller
38e76fbb94
Merge pull request #2701 from brauner/2018-10-18/fix_raw_syscalls 
raw_syscalls: ensure function always returns value
 2018-10-18 15:08:42 +02:00
Wolfgang Bumiller
4665a84daf
Merge pull request #2700 from brauner/2018-10-18/simplify_strlcpy 
include: simplify strlcpy()
 2018-10-18 15:08:06 +02:00
Christian Brauner
e4767d470d
raw_syscalls: ensure function always returns value 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-18 14:38:09 +02:00
Christian Brauner
11e73a7925
Merge pull request #2699 from 2xsec/asan1 
string_utils: fix global buffer overflow issue
 2018-10-18 12:53:23 +02:00
Christian Brauner
27bd77920d
include: simplify strlcpy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-18 12:50:13 +02:00
2xsec
7cfde20f98
string_utils: fix global buffer overflow issue 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-18 15:16:54 +09:00
Christian Brauner
bb760b77df
autotools: fix --disable-commands builds 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-17 15:23:41 +02:00
Stéphane Graber
a542f5a713
Merge pull request #2694 from brauner/2018-10-14/lxc_init_logging 
lxc-init: log to /dev/console
 2018-10-15 10:44:04 -04:00
Christian Brauner
b30b7eea56
lxc-init: log to /dev/console 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-14 22:24:36 +02:00
Christian Brauner
519825b1f1
Merge pull request #2693 from stgraber/master 
checkconfig: Handle missing kernel version
 2018-10-13 07:47:34 +02:00
Stéphane Graber
c1e61eac48
checkconfig: Handle missing kernel version 
https://github.com/lxc/lxd/issues/5151

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2018-10-12 22:32:17 -04:00
Stéphane Graber
0bf2d4f723
Merge pull request #2692 from brauner/2018-10-12/no_strict_aliasing 
autools: use -fno-strict-aliasing
 2018-10-12 19:26:43 -04:00
Christian Brauner
a3bb6b8ed9
autools: use -fno-strict-aliasing 
The gcc implementation and the C standard are not to be considered sane
in this respect. We don't want to risk reordering of writes when the
compiler incorrectly *thinks* two types do not alias each other.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-12 21:23:07 +02:00
Christian Brauner
a22d1745d7
Merge pull request #2691 from 2xsec/bugfix 
Some redundancy codes of abstract unix socket are removed with log cleanups.
 2018-10-12 10:39:57 +02:00
2xsec
95e523c856
monitor: fix coding standard 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-12 16:05:31 +09:00
2xsec
5b46db1a63
commands_utils: improve code redundancy to make abstract unix socket name 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-12 15:05:43 +09:00
2xsec
2f1264995f
monitor: checking name too long to make monitor sock name 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-12 11:19:04 +09:00
2xsec
6dd32d35f9
monitor: log cleanups 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-12 10:36:42 +09:00
Christian Brauner
426b9f6148
Merge pull request #2690 from adrianreber/master 
checkpoint: fix running do_dump()
 2018-10-11 15:58:20 +02:00
Adrian Reber
e20f46f87f
checkpoint: fix running do_dump() 
Testing 'lxc <container> stop --stateful' crashed LXD:

fatal error: unexpected signal during runtime execution
[signal SIGSEGV: segmentation violation code=0x1 addr=0xe8 pc=0x7f3198ff0592]

runtime stack:
runtime.throw(0x117fe4a, 0x2a)
	/opt/rh/go-toolset-1.10/root/usr/lib/go-toolset-1.10-golang/src/runtime/panic.go:616 +0x81
runtime.sigpanic()
	/opt/rh/go-toolset-1.10/root/usr/lib/go-toolset-1.10-golang/src/runtime/signal_unix.go:372 +0x28e

goroutine 375 [syscall]:
runtime.cgocall(0xef38e3, 0xc420731630, 0x29)
	/opt/rh/go-toolset-1.10/root/usr/lib/go-toolset-1.10-golang/src/runtime/cgocall.go:128 +0x64 fp=0xc4207315f0 sp=0xc4207315b8 pc=0x410fc4
gopkg.in/lxc/go-lxc%2ev2._Cfunc_go_lxc_migrate(0x7f316c001220, 0xc400000001, 0xc420302460, 0xc4205d6080, 0x0)
	_cgo_gotypes.go:752 +0x4d fp=0xc420731630 sp=0xc4207315f0 pc=0x909d7d
gopkg.in/lxc/go-lxc%2ev2.(*Container).Migrate.func4(0x7f316c001220, 0xc400000001, 0xc420302460, 0xc4205d6080, 0x0)
	/share/go/src/gopkg.in/lxc/go-lxc.v2/container.go:1798 +0x160 fp=0xc420731668 sp=0xc420731630 pc=0x91b970
gopkg.in/lxc/go-lxc%2ev2.(*Container).Migrate(0xc4207a52f0, 0x1, 0xc42051ec00, 0x20, 0x0, 0x0, 0x0, 0x0, 0x101, 0x10000000, ...)
	/share/go/src/gopkg.in/lxc/go-lxc.v2/container.go:1798 +0x29f fp=0xc420731760 sp=0xc420731668 pc=0x9160ef

The commit 5a087e056f introduced a second parameter (conf) to the
cgroup escape() function which was never set in do_dump(). Instead of
taking it from opts->handler->conf it is now used from c->lxc_conf.

Fixes: 5a087e056f ("cgroups: don't escape if lxc.cgroup.keep is true")
Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Adrian Reber <areber@redhat.com>
 2018-10-11 15:30:01 +02:00
Stéphane Graber
d354a97d6a
Merge pull request #2687 from brauner/2018-10-10/fix_verify_start_hooks 
conf: verify_start_hooks() after lxc.mount.entry
 2018-10-10 11:04:42 -04:00
Christian Brauner
75193660db
conf: verify_start_hooks() after lxc.mount.entry 
Fixes: https://discuss.linuxcontainers.org/t/are-lxc-mount-entry-available-when-lxc-hook-start-is-validated/2906/3
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-10 16:40:10 +02:00
Stéphane Graber
8a2ae1647d
Merge pull request #2688 from brauner/2018-10-10/cgfsng_fix_monitor_cpuset_deletion 
cgfsng: ensure initialized cpuset controller
 2018-10-10 10:34:58 -04:00
Stéphane Graber
a41d704a24
Merge pull request #2689 from brauner/2018-10-10/log_prlimit 
conf: log prlimit setup
 2018-10-10 10:34:35 -04:00
Christian Brauner
2de12765e2
conf: log prlimit setup 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-10 13:53:00 +02:00
Christian Brauner
b5769f7026
Merge pull request #2686 from 2xsec/rpm 
fix rpm packaging error for static library
 2018-10-10 13:43:10 +02:00
Christian Brauner
ecedb5dee9
cgfsng: ensure initialized cpuset controller 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-10 13:27:45 +02:00
2xsec
3b15904166
fix post section script error for rpm install 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-10 18:51:26 +09:00
2xsec
7701a78d8f
fix rpm packaging error for static library 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-10 18:21:41 +09:00
2xsec
af5e7ee11b
parse: fix uninitialized pointer access 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-10 15:00:45 +09:00
2xsec
8392708ef3
confile: remove unused variable 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-10-10 14:50:32 +09:00
Stéphane Graber
d523cf5982
Merge pull request #2684 from brauner/2018-10-10/cgfsng_improve_logging 
cgfsng: improve deletion and logging
 2018-10-09 19:23:55 -04:00
Christian Brauner
d5fc4dd406
cgfsng: improve loggin on monitor cgroup destroy 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-10 00:03:13 +02:00
Christian Brauner
23e5c04580
cgfsng: fix lxc.pivot directory creation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-10 00:02:46 +02:00
Stéphane Graber
e2103b180a
Merge pull request #2681 from brauner/2018-10-08/adapt_netns_ifaddrs_to_new_kernel 
netns_ifaddrs: support NETLINK_DUMP_STRICT_CHK
 2018-10-08 17:06:58 -04:00
Stéphane Graber
373376b257
Merge pull request #2682 from brauner/2018-10-08/fix_config_parsing 
parse: do not mask failed parse
 2018-10-08 17:05:43 -04:00
Christian Brauner
646e6c8b46
test: test invalid config keys 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-08 22:53:16 +02:00
Christian Brauner
576fb366f8
parse: do not mask failed parse 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-08 22:49:57 +02:00
Christian Brauner
c6b647205d
netns_ifaddrs: check for NETLINK_DUMP_STRICT_CHK 
Make use of the new socket option, NETLINK_DUMP_STRICT_CHK, that
userspace can use via setsockopt to request strict checking of headers
and attributes on dump requests.

To get dump features such as kernel side filtering based on data in
the header or attributes appended to the dump request, userspace
must call setsockopt() for NETLINK_DUMP_STRICT_CHK and a non-zero
value. This is necessary to make use of the IFA_TARGET_NETNSID property.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-08 21:13:44 +02:00
Christian Brauner
d38f5b17b7
macro: add SOL_NETLINK 
This allows to set netlink socket properties.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-08 21:13:44 +02:00