proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-18 20:49:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
10,981 Commits 6 Branches 17 Tags 29 MiB
4a0d9c9972
Commit Graph

10981 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
8e05f35018
conf: tweak parse_lxc_mntopts() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:07:35 +02:00
Christian Brauner
389eb7c6da
apparmor: handle on-exec 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:07:34 +02:00
Christian Brauner
2533995e79
attach: use correct lxc_namespace_t type 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:07:34 +02:00
Christian Brauner
f620ed4433
attach: visually separate pids from fds during initalization 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:07:32 +02:00
Christian Brauner
657ed14a98
conf: verify that the rootfs can support idmapped mounts 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
26ad2c6f3a
start: documented idmapped mounts 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
d347d35633
mount_utils: add two detached mount helpers 
They'll come in handy in the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
e26cf56313
conf: support idmapping directories 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
d4e07569bb
mount_utils: add helper to determine whether new mount api supports bind mounts 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
79defd8833
storage: keep a reference to lxc_rootfs in lxc_storage 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:59 +02:00
Christian Brauner
031e0285fa
mount_utils: add support for mount_setattr() syscall 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:58 +02:00
Christian Brauner
16fcdacc24
confile: parse idmap=<path> mount option for rootfs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:58 +02:00
Christian Brauner
f6815906a1
conf: add first, trivial support for idmapped mounts 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:58 +02:00
Christian Brauner
0b932f9ded
conf: rework lxc specific mount option parsing 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-21 10:05:58 +02:00
Christian Brauner
12cf9f5a56
Merge pull request #3801 from evverx/san-tweaks 
ci: make use of --enable-sanitizers instead of CFLAGS
 2021-04-21 07:27:31 +02:00
Christian Brauner
6622f6514c
Merge pull request #3800 from evverx/gh3796 
Revert "ci: get around https://github.com/lxc/lxc/issues/3796"
 2021-04-19 17:19:18 +02:00
Christian Brauner
77d2bd1a44
Merge pull request #3787 from evverx/san-build 
ci: an attempt to run the tests under ASan/UBsan
 2021-04-19 13:46:14 +02:00
Christian Brauner
dc117b6ba9
Merge pull request #3799 from evverx/apparmor-bytes 
apparmor: turn bytes into null-terminated strings before calling strcspn
 2021-04-18 20:00:10 +02:00
Stéphane Graber
44990884f5
Merge pull request #3790 from brauner/2021-04-15.fixes 
lxc_clone & configure fix
 2021-04-17 12:58:09 -04:00
Christian Brauner
3698c4914d
commands: don't needlessly allocate 
Fixes: #3796
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-17 18:28:42 +02:00
Christian Brauner
95dfbd4272
Merge pull request #3797 from evverx/pass-on-asan 
tests: pass on ASAN/UBSAN options to several tests
 2021-04-17 17:42:36 +02:00
Christian Brauner
431c1c05e6
process_utils: free stack after return 
Fixes: #3789
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-17 17:26:30 +02:00
Christian Brauner
cdfa8f13f2
configure: fix sanitizer compilation 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-17 17:26:30 +02:00
Christian Brauner
6f527abc65
error_utils: add missing macro.h include 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-17 17:26:30 +02:00
Christian Brauner
00f224bbbf
Merge pull request #3794 from evverx/gh3791 
tests: stop cutting off right square brackets in share_ns
 2021-04-16 13:41:09 +02:00
Christian Brauner
d5ec7f1eba
Merge pull request #3793 from evverx/busybox-test 
tests: switch to the "busybox" template in lxc-test-checkpoint-restore
 2021-04-16 00:13:15 +02:00
Evgeny Vereshchagin
5dd07023cb seccomp: init and destroy notifier.cookie 
It's a follow-up to 84cf6d259b

Closes https://github.com/lxc/lxc/issues/3806

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-15 07:09:10 +00:00
Stéphane Graber
fdc56afe56
Merge pull request #3785 from brauner/2021-04-14.fixes 
lxccontainer: fix container creation error paths
 2021-04-14 11:05:53 -04:00
Christian Brauner
ff3f956a5e
Merge pull request #3784 from evverx/attach-memleak 
tests: fix a memory leak in attach
 2021-04-14 16:14:56 +02:00
Christian Brauner
190f83db41
lxccontainer: fix container creation error paths 
Fixes: #3782
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-14 16:12:45 +02:00
Evgeny Vereshchagin
d480165a4b autoconf: stop passing -fsanitize=address via AM_LDFLAGS 
The snippet is redundant because the build system automatically
passes the sanitizers flags set in AM_CFLAGS to the linker

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-14 00:47:46 +00:00
Evgeny Vereshchagin
a0befb8416 ci: get rid of the -static-libasan stopgap 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-14 00:47:45 +00:00
Evgeny Vereshchagin
bab29e095d build-system: stop building init.lxc.static with sanitizers 
`-static` isn't compatible with `-fsanitize=`:
```
gcc: error: cannot specify -static with -fsanitize=address
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-13 23:03:47 +00:00
Evgeny Vereshchagin
9a31ce8632 autoconf: add AC_LANG_SOURCE to CC_CHECK_LDFLAGS 
Inspired by https://lore.kernel.org/alsa-devel/18135209-abc9-ca1c-84e0-8ac3e75caaf1@perex.cz/t/

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-13 23:03:47 +00:00
Christian Brauner
c4142ec2a0
Merge pull request #3783 from evverx/cgpath-memleak2 
tests: fix a memory leak in cgpath
 2021-04-13 17:20:47 +02:00
Evgeny Vereshchagin
b421532e51 ci: make use of --enable-sanitizers instead of CFLAGS 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-13 14:45:29 +00:00
Christian Brauner
ca52b7ff13
Merge pull request #3781 from evverx/lxcpath-memleak 
tests: fix a memory leak in lxcpath
 2021-04-13 14:32:19 +02:00
Christian Brauner
274615f9e3
Merge pull request #3780 from evverx/cgpath-mem-leak 
tests: fix a memory leak in cgpath
 2021-04-13 14:14:30 +02:00
Evgeny Vereshchagin
940195775d tests: free the buffer filled by lxc_cmd_rsp_recv 
Fixes https://github.com/lxc/lxc/issues/3796

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-13 06:23:03 +00:00
Evgeny Vereshchagin
03478622cb Revert "ci: get around https://github.com/lxc/lxc/issues/3796" 
This reverts commit 44818e893e.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-13 06:06:29 +00:00
Evgeny Vereshchagin
a1093fdeda ci: build with -Wall -Werror 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
2a5b9cd6a2 ci: turn on strict_string_checks 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
44818e893e ci: get around https://github.com/lxc/lxc/issues/3796 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
935dc9a046 ci: prevent lxc-exercise from running indefinitely 
and show all the commands it runs to make it easier to
debug potential issues.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
335a140542 ci: get around https://github.com/lxc/lxc/issues/3788 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
02c7e7afe2 ci: get around https://github.com/lxc/lxc/issues/3798 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
8f1500a92a ci: switch to lxc-exercise from the lxc-ci repository 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:38 +00:00
Evgeny Vereshchagin
7b8b83572b ci: link lib[au]san with init.lxc.static statically 
init.lxc.static is run in arbitrary containers where the libasan library lxc has been built with
isn't always installed. To make it work let's override GCC's default and link both libasan
and libubsan statically. It should help to fix issues like
```
++ lxc-execute -n c1 -- sudo -u ubuntu /nnptest
lxc-init: error while loading shared libraries: libasan.so.5: cannot open shared object file: No such file or directory
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 23:20:29 +00:00
Evgeny Vereshchagin
5a0720a91e ci: an attempt to run the tests under ASan/UBsan 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 22:14:15 +00:00
Evgeny Vereshchagin
699e7f889f apparmor: turn bytes into null-terminated strings before calling strcspn 
```
==70349==ERROR: AddressSanitizer: heap-buffer-overflow on address 0x6020000009fb at pc 0x000000433b70 bp 0x7ffcde087810 sp 0x7ffcde086fd0
READ of size 12 at 0x6020000009fb thread T0
    #0 0x433b6f in strcspn (/usr/bin/lxc-execute+0x433b6f)
    #1 0x7f720413a5cb in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:449:8
    #2 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
    #3 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
    #4 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
    #5 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
    #6 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
    #7 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
    #8 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
    #9 0x7f72034ac0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
    #10 0x41d93d in _start (/usr/bin/lxc-execute+0x41d93d)
+ echo ---

0x6020000009fb is located 0 bytes to the right of 11-byte region [0x6020000009f0,0x6020000009fb)
allocated by thread T0 here:
    #0 0x496399 in realloc (/usr/bin/lxc-execute+0x496399)
    #1 0x7f7203fcf85c in fd_to_buf /home/runner/work/lxc/lxc/src/lxc/file_utils.c:463:10
    #2 0x7f720413a52b in apparmor_process_label_get /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:442:8
    #3 0x7f720413bc2a in apparmor_prepare /home/runner/work/lxc/lxc/src/lxc/lsm/apparmor.c:1104:13
    #4 0x7f720409b6e9 in lxc_init /home/runner/work/lxc/lxc/src/lxc/start.c:848:8
    #5 0x7f72040a395a in __lxc_start /home/runner/work/lxc/lxc/src/lxc/start.c:2009:8
    #6 0x7f7203fc7186 in lxc_execute /home/runner/work/lxc/lxc/src/lxc/execute.c:99:9
    #7 0x7f7204000e44 in do_lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1112:9
    #8 0x7f7203ff0c07 in lxcapi_start /home/runner/work/lxc/lxc/src/lxc/lxccontainer.c:1149:8
    #9 0x4c6912 in main /home/runner/work/lxc/lxc/src/lxc/tools/lxc_execute.c:224:9
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 21:39:28 +00:00