Wolfgang Bumiller
4a094eec4a
seccomp: update notify api
...
The previous API doesn't reflect the fact that
`seccomp_notif` and `seccomp_notif_resp` are allocatd
dynamically with sizes figured out at runtime.
We now query the sizes via the seccomp(2) syscall and change
`struct seccomp_notify_proxy_msg` to contain the sizes
instead of the data, with the data following afterwards.
Additionally it did not provide a convenient way to identify
the container the message originated from, for which we now
include a cookie configured via `lxc.seccomp.notify.cookie`.
Since we currently always send exactly one request and await
the response immediately, verify the `id` in the client's
response.
Finally, the proxy message's "version" field is removed, and
we reserve 64 bits in its place.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-09 12:25:10 +02:00
Wolfgang Bumiller
84cf6d259b
conf: add lxc.seccomp.notify.cookie
...
This is an arbitrary string to to be included in proxied
seccomp notification messages.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-09 12:25:10 +02:00
Wolfgang Bumiller
99d03dec11
file_utils: add lxc_recvmsg_nointr_iov
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-09 12:25:10 +02:00
Wolfgang Bumiller
970ef13dd2
af_unix: add lxc_unix_connect_type
...
we want to use SOCK_SEQPACKET and in the future perhaps
SOCK_DATAGRAM as well
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-09 12:25:10 +02:00
Christian Brauner
dc85e31eca
af_unix: add lxc_abstract_unix_recv_fds_iov()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-09 12:25:10 +02:00
Wolfgang Bumiller
e1726045d4
af_unix: add lxc_abstract_unix_send_fds_iov
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-09 11:13:27 +02:00
Christian Brauner
cfc3b34209
Merge pull request #3085 from Blub/pidfd_send_signal-fixup
...
pidf_send_signal: fix return value
2019-07-08 23:33:58 +02:00
Wolfgang Bumiller
cf38fe06ac
pidf_send_signal: fix return value
...
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2019-07-08 18:12:29 +02:00
Stéphane Graber
aab6e3eb73
Merge pull request #3083 from brauner/2019-07-07/mount_api
...
lxccontainer: properly cleanup on mount injection failure
2019-07-07 12:39:49 -04:00
Christian Brauner
1f77c35ecb
lxccontainer: properly cleanup on mount injection failure
...
Closes : #3082
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-07 18:24:55 +02:00
Christian Brauner
9c238bc6bf
Merge pull request #3081 from brauner/2019-07-05/network_unification_fixes
...
start: call lxc_find_gateway_addresses early
2019-07-05 11:44:45 +02:00
Thomas Parrott
03ca4af8fa
start: call lxc_find_gateway_addresses early
...
This restores the lxc.net.x.ipv4.gateway = auto and
lxc.net.x.ipv6.gateway = auto functionality.
When the child is created the parent and child have different views of
struct lxc_handler since - obviously - virtual memory is duplicated. So any
changes to done by the parent that the child should see need to be IPCed to it.
For any non-actual device creation stuff this does not make much sense. This
includes finding gateway addresses. Move it back prior to clone().
Fixes #3078
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
[christian.brauner@ubuntu.com: non-functional changes and update commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-05 11:05:38 +02:00
Stéphane Graber
306ca14a29
Merge pull request #3077 from brauner/2019-07-03/network_fixes
...
network: simplify lxc_network_move_created_netdev_priv()
2019-07-03 18:13:20 -04:00
Christian Brauner
24190194c1
network: simplify lxc_network_move_created_netdev_priv()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 23:55:57 +02:00
Stéphane Graber
a70d78cdc8
Merge pull request #3076 from brauner/2019-07-03/network_fixes
...
network: fixes after unifying network creation
2019-07-03 17:43:54 -04:00
Christian Brauner
3c09b97cd5
network: send names for all non-trivial network types
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 23:28:58 +02:00
Christian Brauner
61302ef7dc
network: record created_name for instantiate_phys()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:48:20 +02:00
Christian Brauner
75b074eea0
network: simplify instantiate_phys()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:46:37 +02:00
Christian Brauner
83530dba89
network: record created_name for instantiate_vlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:44:52 +02:00
Christian Brauner
d4d684109c
network: simplify instantiate_vlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:44:19 +02:00
Christian Brauner
e7fdd504e9
network: record created_name for instantiate_ipvlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:43:19 +02:00
Christian Brauner
dd1192068d
network: simplify instantiate_ipvlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:42:59 +02:00
Christian Brauner
a9704f0521
network: stash created_name in instantiate_macvlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:39:54 +02:00
Christian Brauner
8021de2564
network: simplify instantiate_macvlan()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:39:24 +02:00
Christian Brauner
3ebffb9896
network: s/loDev/loop_device/g
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 21:37:37 +02:00
Stéphane Graber
113ca42933
Merge pull request #3075 from brauner/2019-07-03/cgroups
...
cgroups: hande cpuset initialization race
2019-07-03 12:23:50 -04:00
Christian Brauner
b28c281086
cgroups: hande cpuset initialization race
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 17:57:48 +02:00
Stéphane Graber
0f03b15592
Merge pull request #3074 from brauner/2019-07-03/fix_phys_network_creation
...
network: remove faulty restriction
2019-07-03 11:44:25 -04:00
Christian Brauner
e318f2c1a3
network: remove faulty restriction
...
Reported-by: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-03 15:48:09 +02:00
Stéphane Graber
4f71ecb85e
Merge pull request #3069 from brauner/2019-07-01/network_creation
...
start: unify network creation
2019-07-02 11:46:55 -04:00
Christian Brauner
1871e6465b
start: expose LXC_PID to network hooks too
...
Closes #3066 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-02 13:49:33 +02:00
Christian Brauner
e389f2afd8
start: unify and simplify network creation
...
Make sure that network creation happens at the same time for containers started
by privileged and unprivileged users. The only reason we didn't do this so far
was to avoid sending network device ifindices around in the privileged case.
Link: https://github.com/lxc/lxc/issues/3066
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-07-02 13:49:27 +02:00
Stéphane Graber
c83ad424ab
Merge pull request #3064 from brauner/2019-06-27/cleanup_macros
...
bugfixes
2019-07-01 22:06:23 -04:00
Stéphane Graber
dfce2c76be
Merge pull request #3059 from brauner/2019-06-21/seccomp_notify
...
lxccontainer: rework seccomp notify api function
2019-07-01 22:04:20 -04:00
Christian Brauner
33d7d28f45
Merge pull request #3067 from Rachid-Koucha/patch-1
...
Move code/variable in smaller scope
2019-06-30 18:13:30 +02:00
Rachid Koucha
2806a87dcc
Move code/variable in smaller scope
...
In start.c, do not fill path[] table if not necessary
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
2019-06-29 23:21:14 +02:00
Christian Brauner
9752e3a9e7
Merge pull request #3065 from lifeng68/fix_memory_leak
...
fix memory leak in do_storage_create
2019-06-28 11:53:52 +02:00
LiFeng
8ea91347b8
fix memory leak in do_storage_create
...
Signed-off-by: LiFeng <lifeng68@huawei.com>
2019-06-27 23:49:08 -04:00
Christian Brauner
6a720d7480
cgroups: move variable into tighter scope
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 16:08:21 +02:00
Christian Brauner
f6b54668ef
cgroups: correctly order variables
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 16:08:21 +02:00
Christian Brauner
dfa835ac21
cgroups: move variable into tighter scope
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 16:08:21 +02:00
Christian Brauner
3312a94ff4
cgroups: simplify cgfsng_nrtasks()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 16:08:21 +02:00
Christian Brauner
779b3d82e6
cgroups: move variable into tighter scope
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 16:08:18 +02:00
Christian Brauner
81b5d48a34
cgroups: move variable into tighter scope
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 14:27:58 +02:00
Christian Brauner
c05b17bd66
cgroups: use __do_free in cgfsng_attach()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 14:27:39 +02:00
Christian Brauner
6280d4c97d
cgroups: simplify cgfsng_setup_limits()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 14:26:38 +02:00
Christian Brauner
431e2c547f
cgroups: move variables into tighter scope
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 14:26:14 +02:00
Christian Brauner
a64edc1c8d
cgroups: use __do_free
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-06-27 14:25:53 +02:00
Christian Brauner
c121b3000f
Merge pull request #3063 from lifeng68/fix_memory_leak
...
cgfsng: fix memory leak in lxc_cpumask_to_cpulist
2019-06-27 09:40:55 +02:00
LiFeng
24cac6aff1
cgfsng: fix memory leak in lxc_cpumask_to_cpulist
...
Signed-off-by: LiFeng <lifeng68@huawei.com>
2019-06-27 00:00:09 -04:00