mirror_lxc

mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 21:26:57 +00:00

Author	SHA1	Message	Date
Christian Brauner	5129b2d3ed	attach: harden open calls Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 20:27:51 +01:00
Christian Brauner	cce677d168	syscall_wrappers: add PROTECT_LOOKUP, PROTECT_OPEN, PROTECT_LOOKUP_WITH_SYMLINKS, PROTECT_OPEN_WITH_TRAILING_SYMLINKS Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 19:02:28 +01:00
Christian Brauner	7166ab759e	file_utils: add open_at() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 17:03:59 +01:00
Stéphane Graber	42673edd05	Merge pull request #3642 from brauner/2021-02-01/fixes attach: rework id handling	2021-02-01 10:17:18 -05:00
Stéphane Graber	2b5259634a	Merge pull request #3643 from brauner/2021-02-01/fixes_2 cgroups: remove pointless NULL checks	2021-02-01 10:14:49 -05:00
Christian Brauner	ed75d76e70	cgroups: initialize variable Fixes: Coverity 1472651 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 15:44:59 +01:00
Christian Brauner	bb6dbaf0df	cgroups: remove pointless NULL checks We're already ensuring before that conf isn't NULL. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 15:24:05 +01:00
Christian Brauner	3ac4480a6c	attach: stash host uid and host gid in attach_context Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 15:16:56 +01:00
Christian Brauner	40301d4895	attach: fix error checking for dup2() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:51:41 +01:00
Christian Brauner	93b9960a09	attach: fix logging for stdfd replacement Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:50:55 +01:00
Christian Brauner	a7563434ac	attach: log failues to dup2() with SYSDEBUG() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:44:45 +01:00
Christian Brauner	7e90889dbd	utils: use SYSTRACE() when logging stdio permission fixup failures Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:41:18 +01:00
Christian Brauner	20718e3987	attach: document attach_context Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:41:09 +01:00
Christian Brauner	595798bbca	attach: simplify opening of /proc/self Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:41:09 +01:00
Christian Brauner	4475fabb0e	attach: move uid and gid handling to get_attach_context() the less we do in do_attach(), the better. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 14:41:08 +01:00
Christian Brauner	bac33ebdcb	attach: initialize init_pid field to -ESRCH Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 12:30:03 +01:00
Christian Brauner	9680e7b062	attach: unifiy /proc/<init-pid>/status parsing and move it out of do_attach(). The less we do in the container's context the better. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 12:29:59 +01:00
Christian Brauner	a60d8c4ea7	file_utils: add fdopenat() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-02-01 11:32:46 +01:00
Stéphane Graber	326bb02cbb	Merge pull request #3641 from brauner/2021-01-30/fixes attach: pidfd-based hardening and file-descriptor-only LSM interactions	2021-01-31 17:13:25 -05:00
Christian Brauner	fbf281d3f4	lsm/apparmor: cleanup apparmor_process_label_set() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-31 22:26:31 +01:00
Christian Brauner	d87640256f	attach: hardening through use of pidfds Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-31 22:26:28 +01:00
Christian Brauner	afc691a01a	attach: file descriptors based LSM handling Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-31 21:39:20 +01:00
Christian Brauner	ca76baed10	cgroups: align methods Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-31 20:38:40 +01:00
Stéphane Graber	ee4aad1e1f	Merge pull request #3639 from brauner/2021-01-28/fixes cgroups: fixes and improvements	2021-01-30 14:23:25 -05:00
Christian Brauner	7d2f7ae185	cgroups: use PTR_TO_U64() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 17:28:32 +01:00
Christian Brauner	640952e538	attach: don't needless check for NULL Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 17:07:55 +01:00
Christian Brauner	de96cd600c	log: add lxc_log_trace() helper Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 16:58:00 +01:00
Christian Brauner	4a888de15d	cgroups: use bpf log when logging at trace level Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 16:55:52 +01:00
Christian Brauner	25a8b256af	seccomp: use lxc_log_get_level() This will now enable LXD users to dump the seccomp filter in the log when logging at TRACE level. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:10:21 +01:00
Christian Brauner	09c8768a0b	log: rework lxc_log_get_level() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:10:09 +01:00
Christian Brauner	0450b7ce71	cgroups: use cleanup macro for consistency and to prevent future mishaps. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	d5d4b98e59	cgroups: vet parameters more strictly Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	0464dec30e	seccomp: use lxc_log_get_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	c422f3afa6	log: add lxc_log_get_fd() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	ef1a597f4b	log: remove pointless inline Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	6e214b7419	cgroups: tweak cgroup initialization Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	c5d0238a6d	cgroups: use zalloc Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:09 +01:00
Christian Brauner	954d61c53f	cgroups: ensure all memory is zeroed Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 12:02:08 +01:00
Christian Brauner	ca67978486	cgroups: don't initiliaze NULL log Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 02:23:05 +01:00
Christian Brauner	f3ef7e67c1	cgroups: coding style fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 02:23:05 +01:00
Christian Brauner	7af21d2962	croups: improve __do_bpf_program_free Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 02:23:05 +01:00
Christian Brauner	dcbb9e991e	cgroups: bpf fixes Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-30 02:23:02 +01:00
Stéphane Graber	0e24c5600d	Merge pull request #3638 from brauner/2021-01-28/fixes attach: improve attach codepaths	2021-01-29 19:58:40 -05:00
Christian Brauner	581b849a74	attach: init file descriptors to -EBADF Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 16:38:17 +01:00
Christian Brauner	25c659d500	attach: move to file descriptor only namespace interactions Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 16:34:56 +01:00
Christian Brauner	c538837d04	attach: move to file descriptor-only interactions Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 14:52:21 +01:00
Christian Brauner	39b3b69b21	attach: rework attaching to namespace fds Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 14:32:17 +01:00
Christian Brauner	3a24f14edf	attach: remove unneeded assignment Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 14:27:24 +01:00
Christian Brauner	5d2b46fbb8	attach: use STDIN_FILENO instead of hard-coding 0 Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 14:26:15 +01:00
Christian Brauner	26abd7eaca	attach: move new_cwd into tighter scope Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>	2021-01-29 14:24:31 +01:00

... 21 22 23 24 25 ...

10986 Commits