proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-22 16:30:38 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,318 Commits 6 Branches 17 Tags 29 MiB
60534030e4
Commit Graph

518 Commits

Author SHA1 Message Date
Liza Tretyakova
60534030e4
conf, lxccontainer: fix length checks in snprintf 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
 2018-07-22 15:35:21 +02:00
Liza Tretyakova
7a41e8578e
conf, confile, lxccontainer, start: nonfunctional changes 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
 2018-07-22 15:35:21 +02:00
Christian Brauner
1f5a90f946
lxccontainer: reword create_mount_target() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-07-22 15:35:21 +02:00
Christian Brauner
3340f44172
lxccontainer: do_lxcapi_mount() coding-style 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-07-22 15:34:06 +02:00
Liza Tretyakova
c6885c3f24
lxccontainer: add handling of file mounts 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
 2018-07-22 15:33:51 +02:00
Liza Tretyakova
d83da817b3
lxccontainer: add the umount API function 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
[christian@brauner.io: minor coding-style changes]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-07-22 15:32:42 +02:00
Liza Tretyakova
29df56cda5
lxccontainer: add container API function and structs for injecting a mount 
Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
 2018-07-22 15:25:16 +02:00
2xsec
a73846d893 lxccontainer: coding rules 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-07-20 23:41:10 +09:00
Christian Brauner
ac2cecc4b8
tree-wide: remove unneeded log prefixes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-07-03 12:48:13 +02:00
2xsec
6d1400b572
log: change ERROR macro using sterror to SYSERROR 
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
 2018-06-26 17:27:19 +09:00
Donghwa Jeong
cbb9c7c763
secure coding: strcpy => strlcpy 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-06-18 11:30:41 +09:00
Christian Brauner
dc509bf252
coverity: #1425789 
Unchecked return value from library

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-15 13:47:20 +02:00
Christian Brauner
02a0e184e6
coverity: #1425837 
String not null terminated

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-15 12:53:03 +02:00
Christian Brauner
2afdc31ff3
coverity: #1425793 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-15 12:38:14 +02:00
Christian Brauner
71261a5c3f
coverity: #1425789 
Unchecked return value from library

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-15 11:39:40 +02:00
Christian Brauner
4250ef64b3
coverity: #1425764 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-15 11:39:40 +02:00
Christian Brauner
1f080b1d66
coverity: #1425764 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-06-14 22:07:56 +02:00
Donghwa Jeong
8f55c74292
coverity: #1425747 
Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-06-11 11:24:46 +09:00
Donghwa Jeong
4b696f90fe
coverity: #1425821 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-06-08 11:18:25 +09:00
Donghwa Jeong
951665a30e
coverity: #1425779 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-06-08 11:12:52 +09:00
Donghwa Jeong
1b611563ca
coverity: #1425777 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-06-08 11:11:03 +09:00
Christian Brauner
80308d07b3
start: add reboot macros 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-29 00:48:15 +02:00
Christian Brauner
573ad77fc2
utils: fix task_blocking_signal() 
Closes #2342.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 21:47:46 +02:00
Christian Brauner
923929f612
coverity: #1435805 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:21:05 +02:00
Christian Brauner
a579fa51bf
coverity: #1435806 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:20:36 +02:00
Christian Brauner
9dd541531f
lxccontainer: fix fd leaks when sending signals 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:00:50 +02:00
Stéphane Graber
b3365b9346
Merge pull request #2347 from brauner/2018-05-24/seccomp_cleanups 
seccomp: cleanup
 2018-05-24 16:57:13 -04:00
Christian Brauner
eabf1ea9cd
utils: fix task_blocking_signal() 
sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 22:34:20 +02:00
Christian Brauner
7ad3767052
utils: add remove_trailing_newlines() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:38:08 +02:00
Stéphane Graber
cd7cf94be7
Merge pull request #2338 from brauner/2018-05-17/multi_threaded_logging 
log: enable per-thread container name prefix
 2018-05-23 11:26:43 -04:00
Christian Brauner
c7b1705112
log: enable per-thread container name prefix 
When using the LXC API multi-thread and users initialize a log:

struct lxc_log log;
log.name = "my-log";
lxc_log_init(&log);

all threads will have the same "my-log" prefix even though thy might call
lxc_container_new() in separate threads. There is currently no easy way to
handle per-thread container name prefixes.
To handle this carry a reference to the name of the container in struct
lxc_conf and if no log.name was set, use it by default. This way each thread
will get the container it is currently working on as a log-prefix.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: duguhaotian <duguhaotian@gmail.com>
 2018-05-20 14:05:51 +02:00
Christian Brauner
2202afc960
cgroups: refactor cgroup handling 
This replaces the constructor implementation of cgroup handling with a simpler,
thread-safe on-demand model of cgroup driver initialization.
Making the cgroup initialization code run in a constructor means that each time
the shared library gets mapped the cgroup parsing code gets run. That's
unnecessary overhead.
It also feels to me that this is only accidently thread-safe because
constructors are only run once. But should threads actually end up manipulating
or freeing memory that is file-global to cgfsng.c we'd be screwed. Now, I might
be wrong here but the cleaner implementation is to allocate a cgroup driver on
demand whenever we need it.
Take the chance and rework the cgroup_ops interface to make the functions it
wants to have implemented a lot cleaner.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-19 22:33:34 +02:00
Christian Brauner
9de31d5a13
tree-wide: s/strncpy()/strlcpy()/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-11 13:32:01 +02:00
Christian Brauner
2b2655a8c5
coverity: #1425744 
Dereference after null check

userns_exec_{1,full} are called from functions that might not have a conf.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-10 20:24:49 +02:00
Christian Brauner
cef701ede3
coverity: #1435263 
Use after free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-30 12:18:23 +02:00
Christian Brauner
e62fd16fff
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 16:58:06 +02:00
Christian Brauner
630ac7c61b
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 16:56:58 +02:00
Christian Brauner
9640c6a767
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 16:45:43 +02:00
Christian Brauner
7cea590585
lxccontainer: use thread-safe open() + write() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 16:42:44 +02:00
Christian Brauner
d630991d8f
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 15:08:46 +02:00
Christian Brauner
e898947399
lxccontainer: do_lxcapi_unfreeze() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 14:53:12 +02:00
Christian Brauner
5df46fad0c
lxccontainer: do_lxcapi_freeze() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 14:52:40 +02:00
Christian Brauner
9e6304187b
lxccontainer: do_lxcapi_is_running() 
There's no need to do string comparisons.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 14:49:36 +02:00
Christian Brauner
44619b6cd2
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 14:48:08 +02:00
Christian Brauner
5647455516
lxccontainer: use thread-safe *_OFD_* locks 
If they aren't available fallback to BSD flock()s.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 13:56:15 +02:00
Christian Brauner
0e14584db8
lxccontainer: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-04-29 13:39:16 +02:00
Christian Brauner
ad38dca193
Merge pull request #2279 from kunkku/create-umask 
do_lxcapi_create: set umask
 2018-04-28 23:23:27 +02:00
LiFeng
e07eafa839 Fix memory leak in list_active_containers 
Signed-off-by: LiFeng <lifeng68@huawei.com>
 2018-04-24 15:26:32 -04:00
Kaarle Ritvanen
51f0f73b4f do_lxcapi_create: set umask 
Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>
 2018-04-15 16:09:41 +03:00
Christian Brauner
10034af509
lxccontainer: truncate config file 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-03-23 20:30:38 +01:00