Commit Graph

6355 Commits

Author SHA1 Message Date
LiFeng
3dc035f1ab Adapt lxc_setup_console() to bind mount 'console'
Signed-off-by: LiFeng <lifeng68@huawei.com>
2018-01-19 11:23:35 -05:00
Michael McCracken
5757588f96 manpage: correct lxc.log.file conf option
lxc.log.file instead of just lxc.log

Signed-off-by: Michael McCracken <mikmccra@cisco.com>
2018-01-19 04:32:16 -08:00
Serge Hallyn
2c3a005d73
Merge pull request #2094 from tych0/propagate-exit-code
Propagate exit code for app containers
2018-01-18 22:26:32 -06:00
Tycho Andersen
55e1311e4b set exit status to 1 in the unknown si_code case
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 04:23:48 +00:00
Tycho Andersen
f9eff95053 lxc-execute: actually exit with the status of the spawned task
Now that we have things propagated through init and liblxc correctly, at
least in non-daemon mode, we can exit with the actual exit status of the
task, instead of always succeeding, which is not so helpful.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:44:24 +00:00
Tycho Andersen
eb8085399c start: don't return false when the container's init exits nonzero
This seems slightly counter-intuitive, but IMO it's what we want.
Basically, ->start() should succeed if the container is spawned correctly
(similar to how golang's exec.Cmd.Start() returns nil if the thing spawns
correctly), and users can check error_num (i.e. golang's exec.Cmd.Wait())
to see how it exited.

This preserves previous behavior, which basically was that start was always
successful if the thing actually launched. Since we never kept track of
exit codes, this would always succeed too. Now that we do, it doesn't, and
this change is required.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:44:24 +00:00
Tycho Andersen
cd5177e9e3 remember the exit code from the init process
error_num seems to be trying to remember the exit code of the init process,
except that nothing actually keeps track of it anywhere. So, let's add a
field to the handler, so that we can keep track of the process' exit
status, and the propagate it to error_num in struct lxc_container so that
people can use it.

Note that this is a slight behavior change, essentially instead of making
error_num always == the return code from start, now it contains slightly
more useful information (the actual exit status). But, there is only one
internal user of error_num which I'll fix in later in the series, so IMO
this is ok.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:44:24 +00:00
Tycho Andersen
4f4530faa7 lxc.init: correctly exit with the app's error code
Based on the comments in the code (and the have_status flag), the intent
here (and IMO, the desired behavior) should be for init.lxc to propagate
the actual exit code from the real application process up through.
Otherwise, it is swallowed and nobody can access it.

The bug being fixed here is that ret held the correct exit code, but when
it went around the loop again (to wait for other children) ret is
clobbered. Let's save the desired exit status somewhere else, so it can't
get clobbered, and we propagate things correctly.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:21:10 +00:00
Tycho Andersen
19cfa02c4c fix lxc_error_set_and_log to match the docs
The documentation for this function says if the task was killed by a
signal, the return code will be 128+n, where n is the signal number. Let's
make that actually true.

(We'll use this behavior in later patches.)

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:20:48 +00:00
Tycho Andersen
3a9e949f6d start: don't log stop/continue for non-init processes
This non-init forwarding check should really be before all the log messages
about "init continued" or "init stopped", since they will otherwise lie
about some process that wasn't init being stopped or continued.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-19 03:18:02 +00:00
LiFeng
7bc5a80bad Create console when the rootfs is NULL
Signed-off-by: LiFeng <lifeng68@huawei.com>
2018-01-18 18:06:46 -05:00
Serge Hallyn
dc4f8fb11a
Merge pull request #2089 from brauner/2018-01-17/restore_blocking_wait
lxccontainer: restore blocking wait()
2018-01-17 17:44:24 -06:00
Christian Brauner
974a8abaf3
commands: add LXC_CMD_SERVE_STATE_CLIENTS
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-18 00:43:58 +01:00
Christian Brauner
fd5838e506
freezer: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-18 00:43:57 +01:00
Christian Brauner
f577e0613c
lxccontainer: restore blocking wait()
Closes #2027.
Closes lxc/go-lxc#98.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-18 00:43:57 +01:00
Serge Hallyn
e08bdcbcb8
Merge pull request #2061 from brauner/2017-12-23/attach_allocate_pty_in_api
attach: add LXC_ATTACH_ALLOCATE_PTY
2018-01-17 17:42:57 -06:00
Christian Brauner
c2229b24f9
utils: check suffix length
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-17 12:21:09 +01:00
Christian Brauner
99eafdd4f7
test: log error on failure
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-17 11:50:54 +01:00
Christian Brauner
a13560af7e
utils: do not rely on unitialized variable
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-17 11:19:05 +01:00
Christian Brauner
e7d7dd73d2
Merge pull request #2086 from kunkku/alpine-ptrace
lxc-alpine: allow retaining sys_ptrace per container
2018-01-16 15:25:43 +01:00
Kaarle Ritvanen
ecef04af71 lxc-alpine: allow retaining sys_ptrace per container
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
2018-01-16 16:02:49 +02:00
Christian Brauner
fbf4cc9548
Merge pull request #2085 from duguhaotian/master
[console] return wrong console logsize
2018-01-16 10:50:11 +01:00
duguhaotian
dcea90a033 [console] return wrong console logsize
get_config_console_logsize want console.buffer_size not c->autodev

Signed-off-by: duguhaotian <duguhaotian@gmail.com>
2018-01-16 15:34:42 +08:00
Christian Brauner
060adc6137
tests: do not call close() on invalid fd
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-12 18:43:01 +01:00
Christian Brauner
dc5f6125d6
console: set SFD_CLOEXEC on signal fd
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:27 +01:00
Christian Brauner
df0795b1bd
start: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:25 +01:00
Christian Brauner
766a3b2ee9
tools: honor --console and --console-log
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:24 +01:00
Christian Brauner
ba2be1a8a6
attach: move pty allocation into api
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:23 +01:00
Christian Brauner
79bd76625d
attach_options: add log_fd argument
This will be used to log the output of attach to.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:22 +01:00
Christian Brauner
08ea927039
attach: minor tweaks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:20 +01:00
Christian Brauner
7cfeddd715
console: add lxc_pty_map_ids()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:18 +01:00
Christian Brauner
30a33fbd27
console: adapt lxc_console_mainloop_add()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:17 +01:00
Christian Brauner
b75c344c24
attach: cleanup attach_child_main()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:16 +01:00
Christian Brauner
e98affdaa8
console: add some pty helpers
- int lxc_make_controlling_pty()
- int lxc_login_pty()
- void lxc_pty_conf_free()
- void lxc_pty_info_init()
- void lxc_pty_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:14 +01:00
Christian Brauner
4d1ffb0abb
start: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:13 +01:00
Christian Brauner
24945df77b
conf: move ringbuffer members to anonymous struct
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:12 +01:00
Christian Brauner
5777fe9030
console: move pty creation to separate function
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 13:20:10 +01:00
Christian Brauner
f37d1c220e
confile: improve log messages
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-09 11:20:44 +01:00
Christian Brauner
fb9efed8af
Merge pull request #2080 from tych0/add-idmap-parse-error-message
add some idmap parsing error messages
2018-01-09 11:16:29 +01:00
Tycho Andersen
a8b1ac7813 add some idmap parsing error messages
otherwise, we just get a return value of false from setting config failure,
with no indication as to what actually failed in the log.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-09 00:07:50 +00:00
Christian Brauner
6ddb17ff99
Merge pull request #2078 from tych0/usernsexec-exit-status
fix up lxc-usernsexec's exit status
2018-01-08 17:36:32 +01:00
Tycho Andersen
d8208db477 fix up lxc-usernsexec's exit status
* exit(1) when there is an option parsing error
* exit(0) when the user explicitly asks for help
* exit(1) when the user specifies an invalid option

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
2018-01-08 16:20:24 +00:00
Christian Brauner
9531b90aa2
Merge pull request #2077 from lifeng68/Fix_segment_fault
Add return check for 'lxc_cmd_get_name'
2018-01-08 09:13:51 +01:00
LiFeng
ee2d7093f0 Add return check for 'lxc_cmd_get_name'
If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault.

Signed-off-by: LiFeng <lifeng68@huawei.com>
2018-01-08 14:26:00 -05:00
Christian Brauner
e749acdf31
Merge pull request #2075 from stgraber/master
lxc_get_version() should show the "-devel" suffix
2018-01-06 10:25:18 +01:00
Stéphane Graber
5f98011c3e
Include -devel suffix in version string
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-01-05 16:25:28 -05:00
Stéphane Graber
78c164840c
Fix broken indentation
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-01-05 15:19:30 -05:00
Serge Hallyn
a3f5fbb39a
Merge pull request #2067 from brauner/2018-01-03/allow_fully_unprivileged_containers
conf: write "deny" to /proc/[pid]/setgroups
2018-01-04 10:26:01 -06:00
Serge Hallyn
4f5e5b78c8
Merge pull request #2068 from brauner/2018-01-03/cleanup_command_after_revert
commands: fully revert set_running_config_item()
2018-01-04 10:21:17 -06:00
Christian Brauner
bd8ef4e4da
cgfsng: only establish mapping once
When we deleted cgroups for unprivileged containers we used to allocate a new
mapping and clone a new user namespace each time we delete a cgroup. This of
course meant - on a cgroup v1 system - doing this >= 10 times when all
controllers were used. Let's not to do this and only allocate and establish a
mapping once.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-01-04 15:28:12 +01:00