Commit Graph

5727 Commits

Author SHA1 Message Date
Christian Brauner
a05a723f6a
console: remove dead assignments
non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-09 11:23:14 +02:00
Christian Brauner
5c05427a60
storage: use userns_exec_full()
Closes #1800.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-09 11:22:44 +02:00
Christian Brauner
94b0a3ac39
start: userns_exec_full()
Closes #1800.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-09 11:21:51 +02:00
Christian Brauner
ee484f7f68
lxccontainer: use userns_exec_full()
Closes #1800.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-09 11:21:16 +02:00
Christian Brauner
415a885148
conf: add userns_exec_full()
Closes #1800.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-09 11:20:57 +02:00
Stéphane Graber
1787265134 Merge pull request #1794 from brauner/2017-09-06/fix_config_update_script
tools: fix lxc-upate-config
2017-09-06 14:41:25 -04:00
Christian Brauner
64dec99fe1
tools: fix lxc-upate-config
- replace lxc.network.[i].ipv4 with lxc.net.[i].ipv4.address
- remove lxc.rootfs.backend lines

Closes #1790.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-06 20:27:23 +02:00
Christian Brauner
a00b86ac4a Merge pull request #1793 from tenforward/japanese
Update Japanese man pages
2017-09-06 12:48:25 +02:00
Christian Brauner
dc647c5803 Merge pull request #1791 from Blub/unnamed-vs-ovs-bridge
network: add missing checks for empty links
2017-09-06 12:47:57 +02:00
Christian Brauner
e8f614f2d9 Merge pull request #1792 from Blub/cleanups
cleanup: remove unnecessary zeroing
2017-09-06 12:17:21 +02:00
KATOH Yasufumi
78be8d75a5 doc: Add lxc.cgroup.dir to Japanese lxc.container.conf(5)
* and fix a typo in English man

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2017-09-06 19:17:00 +09:00
KATOH Yasufumi
35e2135268 doc: Translate lxc(7) into Japanese
* Update for commit 594d6e30d6
* and some improvements

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2017-09-06 19:03:27 +09:00
LiFeng
0b1e242ba3
console: clean tty state + return 0 on peer exit
In the past, if the console client exited, lxc_console_cb_con return 1. And
the lxc_poll will exit, the process will wait at waitpid. At this moment, the
process could not handle any command (For example get the container state
LXC_CMD_GET_STATE or stop the container LXC_CMD_STOP.).

I think we should clean the tty_state and return 0 in this case. So, we can use
the lxc-console to connect the console of the container. And we will not exit
the function lxc_polland we can handle the commands by lxc_cmd_process

Reproducer prior to this commit:
- open a new terminal, get the tty device name by command tty /dev/pts/6
- set lxc.console.path = /dev/pts/6
- start the container and the ouptut will print to /dev/pts/6
- close /dev/pts/6
- try an operation e.g. getting state with lxc-ls and lxc-ls will hang

Closes #1787.

Signed-off-by: LiFeng <lifeng68@huawei.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-06 11:57:17 +02:00
Wolfgang Bumiller
ed14a30f90 cleanup: remove unnecessary zeroing
The entire netdev is zeroed via memset() already. Unions and
all.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-09-06 11:57:03 +02:00
Wolfgang Bumiller
c869be2025 network: add missing checks for empty links
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2017-09-06 11:56:55 +02:00
Stéphane Graber
b737ac4c8c
Switch back to development
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2017-09-05 22:32:18 -04:00
Stéphane Graber
e94087c985
change version to 2.1.0 in configure.ac
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2017-09-05 22:31:20 -04:00
Stéphane Graber
2cf7a66ca1 Merge pull request #1789 from brauner/2017-09-06/fix_documentation
doc: adapt + update
2017-09-05 19:19:45 -04:00
Christian Brauner
bdcbb6b377
doc: bugfixes
- lxc.id_map -> lxc.idmap
- document lxc.cgroup.dir

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-06 01:03:38 +02:00
Christian Brauner
594d6e30d6
doc: lxc.sgml.in
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-06 01:03:37 +02:00
Stéphane Graber
e6ecdcbe17
Minimal kernel version is now 3.10
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2017-09-05 16:55:55 -04:00
Serge Hallyn
9f520fee36 Merge pull request #1788 from brauner/2017-09-05/fix_tty_creation
conf: bugfixes
2017-09-05 12:51:57 -05:00
Christian Brauner
954b7d9bba
conf: fix userns_exec_1()
A bit of context:
userns_exec_1() is only used to operate based on privileges for the user's own
{g,u}id on the host and for the container root's unmapped {g,u}id. This means
we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id

This function however was buggy. It relied on some pointer pointing to the same
memory, namely specific idmap entries in the idmap list in the container's
in-memory configuration. However, due to a stupid mistake of mine, the pointers
to be compared pointed to freshly allocated memory. They were never pointing to
the intended memory locations. To reproduce what I'm talking about prior to
this commit simply place:

    chb:999:1000000000
    chb:999:1
    chb:1000:1

in /etc/sub{g,u}id then create a container which requests the following
idmappings:

    lxc.idmap = u 0 999 999
    lxc.idmap = g 0 999 1000000000

and start the container. What we *would expect* is for liblxc to establish the
following mapping:

    newuidmap <pid> 0 999 999
    newgidmap <pid> 0 999 1000000000

since all required mappings are present. Due to the buggy pointer comparisons
what happened was:

    newuidmap <pid> 0 999 999 0 999 999
    newgidmap <pid> 0 999 1000000000 0 999 1000000000

Let's fix this.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 17:43:31 +02:00
Christian Brauner
da0f9977a1
conf: do not log uninitialized memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 13:46:53 +02:00
Christian Brauner
2187efd310
conf: fix tty creation
We allocate pty {master,slave} file descriptors in the childs namespaces after
we have setup devpts. After we have sent the pty file descriptors to the parent
and set up the pty file descriptors under /dev/tty* and before we exec the init
binary we need to delete these file descriptors in the child. However, one of
my commits made the deletion occur before setting up the file descriptors under
/dev/tty*. This caused a failures when trying to attach to the container's ttys
since they werent actually configured although the file descriptors were
available in the in-memory configuration of the parent.
This commit reworks setting up tty such that deletion occurs after all setup
has been performed. The commit is actually minimal but needs to also move all
the functions into one place since they well now be called from
"lxc_create_ttys()".

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 12:41:30 +02:00
Christian Brauner
73363c6134
conf: non-functional changes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 12:19:28 +02:00
Stéphane Graber
8a0c503344 Merge pull request #1785 from brauner/2017-09-05/record_idmap_in_log
conf: record idmap that gets written
2017-09-04 20:18:25 -04:00
Christian Brauner
54fbbeb573
conf: record idmap that gets written
This will serve us well in the future!

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 02:00:29 +02:00
Stéphane Graber
27b129202f Merge pull request #1784 from brauner/2017-09-05/document_handler_fields
start: document all handler fields
2017-09-04 18:45:32 -04:00
Christian Brauner
35a02107f2
start: document all handler fields
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-05 00:30:33 +02:00
Stéphane Graber
a753a7a931 Merge pull request #1783 from brauner/2017-09-04/criu_version
criu: add cmp_version()
2017-09-04 15:52:44 -04:00
Federico Briata
74ad36079c
criu: add cmp_version()
We cannot use strcmp(). Otherwise we incorrectly report e.g. that criu 2.12.1
is less than 2.8.

Signed-off-by: Federico Briata <federico-pietro.briata@cnhind.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-04 21:30:18 +02:00
Stéphane Graber
56c2d600a8 Merge pull request #1771 from brauner/2017-08-30/remove_executable_bit_from_console.c
console: non-functional change
2017-09-04 12:54:59 -04:00
Stéphane Graber
b41431e87d Merge pull request #1782 from brauner/2017-09-04/fix_tty_sending
conf: don't send ttys when none are configured
2017-09-04 11:54:23 -04:00
Christian Brauner
7729f8e519
start: don't let data_sock users close the fd
It is bad style to close an fd inside a function which didn't create it. Let's
rather close it transparently in start.c.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-04 14:48:37 +02:00
Christian Brauner
1f9bbd230c
conf: don't send ttys when none are configured
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-04 14:35:02 +02:00
Serge Hallyn
36259ede73 Merge pull request #1773 from brauner/2017-08-31/ensure_lxc_user_nic_tests_privilege_over_netns
network: improvements + bugfixes
2017-09-03 21:17:43 -05:00
Christian Brauner
b9f522c5b4
start: switch from SOCK_DGRAM to SOCK_STREAM
Writes < PIPE_BUF will be atomic. PIPE_BUF is guaranteed to be 512 by POSIX and
Linux guarantess 4096. Nothing we send around goes over this limit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-04 01:27:30 +02:00
Christian Brauner
672c1e5821
conf: send ttys in batches of 2
I thought we could send all ttys at once but this limits the number of ttys
users can use because of iovec_len restrictions. So let's sent them in batches
of 2.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-04 01:27:04 +02:00
Christian Brauner
cb5659e1cd
lxc-user-nic: simplify
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 20:49:54 +02:00
Christian Brauner
966e9f1fc8
network: remove allocation from lxc_mkifname()
lxc_mkifname() really doesn't need to allocate any memory.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 20:39:59 +02:00
Christian Brauner
2958919632
network: fix grammar
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 17:55:28 +02:00
Christian Brauner
a1ae535a4f
network: user send()/recv()
Also move all functions to network.{c,h}.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 17:55:28 +02:00
Christian Brauner
d0fbc7bab7
handler: root -> am_root
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 17:55:28 +02:00
Christian Brauner
6d8c277969
lxc-user-nic: bugfixes
Since find_line() was changed before count_entries() started counting lines
wrong. It would report maximum reached before you actually reached your alloted
maximum.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 17:55:28 +02:00
Christian Brauner
d75c14e262
utils: add lxc_nic_exists()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-03 16:35:48 +02:00
Christian Brauner
3231134523
lxc-user-nic: keep lines from other {users,links}
Assume the db contained the following entries:

    chb veth lxcbr0 veth1
    chb veth lxcbr0 veth2
    chb veth lxdbr0 veth3
    chb veth lxdbr0 veth2
    didi veth lxcbr0 veth4

And you request

    cull_entries("chb", "veth", "lxdbr0", "veth3");

lxc-user-nic would wipe any entries that did not match irrespective of whether
they existed or not. Let's fix that.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-02 19:44:10 +02:00
Christian Brauner
a92028b27f
lxc-user-nic: fix adding database entries
The code before inserted \0-bytes after every new line which made the db
basically unusable.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-02 02:26:28 +02:00
Christian Brauner
7ab1ba029b
network: remove netpipe
We use data_sock for all things we need to send around between parent and child
now. It doesn't make sense to have so many different pipes and sockets if one
will do just fine.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-01 23:51:44 +02:00
Dimitri John Ledkov
db3c8336ac Check that there is netplan binary, rather than just just a config directory.
Signed-off-by: Dimitri John Ledkov <xnox@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2017-09-01 21:49:03 +02:00