proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-16 07:19:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
9,144 Commits 6 Branches 17 Tags 29 MiB
27f451e283
Commit Graph

9144 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Graber
cbeb79dd08
Merge pull request #3232 from brauner/2019-12-17/cgroup2_api_extension 
api_extensions: advertise cgroup2 support
 2019-12-16 20:33:58 -05:00
dongxinhua
3c3fab0004 seccomp: support s390 seccomp 
Signed-off-by: dongxinhua <dongxinhua@huawei.com>
 2019-12-17 09:11:24 +08:00
Christian Brauner
ad92bbcd81
api_extensions: advertise cgroup2 support 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-17 00:52:04 +01:00
Stéphane Graber
56cf2a5705
Merge pull request #3229 from brauner/2019-12-12/cgroup_legacy_layout_regression 
cgroups/cgfsng: do not prematurely close file descriptors
 2019-12-12 16:52:01 -05:00
Christian Brauner
78eb6aa6fa
cgroups/cgfsng: do not prematurely close file descriptors 
When adding the new improved cgroup setup logic I didn't account for the fact
that we need the hierarchy fds up until chown. Add a dedicated cleanup method
to fix this:

lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

Closes #3228.
Fixes: 1973b62aab ("cgroups/cgfsng: improve cgroup creation and removal")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-12 22:09:18 +01:00
Stéphane Graber
28a41fc269
Merge pull request #3226 from brauner/cgroup_removal 
cgroupfs: improve cgroup removal
 2019-12-11 08:59:36 -05:00
Christian Brauner
1973b62aab
cgroups/cgfsng: improve cgroup creation and removal 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-11 11:51:09 +01:00
Stéphane Graber
d09863400e
Merge pull request #3225 from brauner/cgroup_improvements 
cgroups/cgfsng: rework legacy cpuset handling
 2019-12-10 21:46:06 -05:00
Christian Brauner
8e64b6736f
cgroups/cgfsng: rework cgroup removal 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 22:55:44 +01:00
Christian Brauner
c5b8049ef4
cgroups/cgfsng: rework legacy cpuset handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 19:25:20 +01:00
Christian Brauner
f990d3bfde
cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char * 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 18:07:47 +01:00
Stéphane Graber
dc3cdf282e
Merge pull request #3223 from brauner/flatten_cgroup_hierarchy 
cgroups: flatten hierarchy
 2019-12-10 09:51:02 -05:00
Christian Brauner
aaa1ec28b0
cgroups: use explicit unsigned type for bitfield 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 14:07:08 +01:00
Christian Brauner
fe70edeee5
cgroups: flatten hierarchy 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 14:07:08 +01:00
Stéphane Graber
e340fefe18
Merge pull request #3222 from brauner/security 
file_utils: use O_NOCTTY | O_NOFOLLOW
 2019-12-09 10:37:53 -05:00
Christian Brauner
ef6d231f8b
file_utils: use O_NOCTTY | O_NOFOLLOW 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-09 11:20:29 +01:00
Stéphane Graber
2962359456
Merge pull request #3218 from brauner/bpf_devices_devpath 
cgroups/devices: enable devpath semantics for cgroup2 device controller
 2019-12-07 22:31:39 -05:00
Christian Brauner
cb3fc90ced
cgroups/devices: enable devpath semantics for cgroup2 device controller 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 02:23:35 +01:00
Stéphane Graber
7453799ad7
Merge pull request #3217 from brauner/rework_cgroups 
cgroups, logging: fixes and improvements
 2019-12-07 19:39:55 -05:00
Christian Brauner
c04a6d4e7f
cgroups/cgfsng: replace lxc_write_file() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 01:17:33 +01:00
Christian Brauner
e552bd1a34
cgroups/cgfsng: cgfsng_devices_activate() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:43:40 +01:00
Christian Brauner
1aae36a98f
cgroups/cgfsng: rework cgfsng_nrtasks() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:41:36 +01:00
Christian Brauner
9585ccb3f0
cgroups/cgfsng: rework cgfsng_mount() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:40:29 +01:00
Christian Brauner
c98bbf7106
cgroups/cgfsng: rework cgfsng_chown() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:38:16 +01:00
Christian Brauner
ab9a452ddb
cgroups/cgfsng: rework cgfsng_attach() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:35:19 +01:00
Christian Brauner
7e31931f10
cgroups/cgfsng: rework cgfsng_setup_limits() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:33:24 +01:00
Christian Brauner
92ca7eb54f
cgroups/cgfsng: rework cgfsng_setup_limits_legacy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:29:45 +01:00
Christian Brauner
a358028a7c
cgroups/cgfsng: rework cgfsng_{get,set}() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
6bdf969152
cgroups/cgfsng: rework cgfsng_unfreeze() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
aa48a34fac
cgroups/cgfsng: rework cgfsng_get_hierarchies() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:28:48 +01:00
Christian Brauner
e3ffb28bd0
cgroups/cgfsng: rework cgfsng_num_hierarchies() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:17:58 +01:00
Christian Brauner
52d08ab033
cgroups/cgfsng: rework cgfsng_escape() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:16:59 +01:00
Christian Brauner
4490328e59
cgroups/cgfsng: rework cgfsng_payload_enter() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
f3839f1225
cgroups/cgfsng: rework cgfsng_payload_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
53675a8d1f
tree-wide: s/__unused/__lxc_unused/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
ad275c1605
cgroups/cgfsng: rework cgroup attach 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
6e8703a411
cgroups/cgfsng: don't dereference NULL-pointer 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
803e41235f
cgroups/cgfsng: log chown_cgroup_wrapper() 
It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
d606c4e9d2
cgroups/cgfsng: rework cgroup2 unprivileged delegation 
We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
61fbc369f9
cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
797fa65e6d
cgroups/cgfsng: rework cgfsng_monitor_enter() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:13:37 +01:00
Christian Brauner
0d66e29ae6
cgroups/cgfsng: rework cgfsng_monitor_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-08 00:10:30 +01:00
Christian Brauner
b376d3d03a
cgroups/cgfsng: rework cgfsng_monitor_destroy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 18:08:25 +01:00
Christian Brauner
fc1c3af911
cgroups/cgfsng: rework cgfsng_payload_destroy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 18:04:17 +01:00
Christian Brauner
41ad3c9068
log: remove unused compiler attribute 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:40:32 +01:00
Christian Brauner
9ff57a5918
start: replace compiler attributes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:40:05 +01:00
Christian Brauner
47d8afa2a6
log: replace compiler attributes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:39:49 +01:00
Christian Brauner
8110276810
attach: replace closing helpers 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:39:03 +01:00
Christian Brauner
1a080cd740
compiler: add __unused attribute 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:38:42 +01:00
Christian Brauner
08e8091de8
{log, macro}: remove unused logging functions 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-07 17:31:50 +01:00