- We expect destroy to fail in zfs_clone() so try to silence it so users are
not irritated when they create zfs snapshots.
- Add -r recursive to zfs_destroy(). This code is only hit when a) the
container has no snapshots or b) the user calls destroy with snapshots. So
this should be safe. Without -r snapshots will remain.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
- When we detect that the container, we want to attach to, has been stared with
PR_SET_NO_NEW_PRIVS we attach with PR_SET_NO_NEW_PRIVS as well. (We might
relax this restriction later but let's be strict for now.)
- When LXC_ATTACH_NO_NEW_PRIVS is set in the flags passed to
lxc_attach()/attach_child_main() then we set PR_SET_NO_NEW_PRIVS irrespective
of whether the container was started with PR_SET_NO_NEW_PRIVS or not.
- Set no_new_privs before lsm and seccomp. We probably don't want attach() to
be able to change the lsm or seccomp policy if the container was started with
PR_SET_NO_NEW_PRIVS enabled.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
Set no_new_privs after setting the lsm label. If we do set it before we aren't
allowed to change the label anymore.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>
An incorrect quoting introduced in bf39edb caused a /{lib,etc} folder to
appear in Debian templates
The very next line :
mkdir -p "${rootfs}/etc/systemd/system/getty.target.wants
makes creating ${rootfs}/etc/systemd/system/ unnecessary in the first
place
Signed-off-by: Maxime Besson <maxime.besson@smile.fr>
Given commit 330ae3d350:
lxccontainer: detect if we should send SIGRTMIN+3
This is required by systemd to cleanly shutdown. Other init systems should not
have SIGRTMIN+3 in the blocked signals set.
we should stop symlinking halt.target to sigpwr.target for systemd.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
otherwise the generated docs have the full build path in them
and nonbody cares that the files were built in
/build/lxc-_BVY2u/lxc-2.0.4/src/lxc/
Signed-off-by: Evgeni Golov <evgeni@debian.org>
Previously, we write a "success" status but tried to parse the pid. This
meant that we wouldn't notice a successful restore but failure to parse the
pid, which was a little strange.
We still don't know the child pid, so we will end up with a restored
process tree and a running container, but at least in this case the API
will return false indicating that something failed.
We could kill(-1, 9) in this case, but since liblxc runs as root sometimes
(e.g. LXD), that would be a Very Bad Thing.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
All we really needed a unique temp file for was passing the pid. Since CRIU
opened this with O_EXCL | O_CREAT, this was "safe" (users could still
overwrite it afterwards, but the monitor would immediately die since the
only valid number in there was the init process).
In any case, we can just read /proc/self/tid/children, which lists the
child process.
Closes#1150
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
