In the past, if the console client exited, lxc_console_cb_con return 1. And
the lxc_poll will exit, the process will wait at waitpid. At this moment, the
process could not handle any command (For example get the container state
LXC_CMD_GET_STATE or stop the container LXC_CMD_STOP.).
I think we should clean the tty_state and return 0 in this case. So, we can use
the lxc-console to connect the console of the container. And we will not exit
the function lxc_polland we can handle the commands by lxc_cmd_process
Reproducer prior to this commit:
- open a new terminal, get the tty device name by command tty /dev/pts/6
- set lxc.console.path = /dev/pts/6
- start the container and the ouptut will print to /dev/pts/6
- close /dev/pts/6
- try an operation e.g. getting state with lxc-ls and lxc-ls will hang
Closes#1787.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
A bit of context:
userns_exec_1() is only used to operate based on privileges for the user's own
{g,u}id on the host and for the container root's unmapped {g,u}id. This means
we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id
This function however was buggy. It relied on some pointer pointing to the same
memory, namely specific idmap entries in the idmap list in the container's
in-memory configuration. However, due to a stupid mistake of mine, the pointers
to be compared pointed to freshly allocated memory. They were never pointing to
the intended memory locations. To reproduce what I'm talking about prior to
this commit simply place:
chb:999:1000000000
chb:999:1
chb:1000:1
in /etc/sub{g,u}id then create a container which requests the following
idmappings:
lxc.idmap = u 0 999 999
lxc.idmap = g 0 999 1000000000
and start the container. What we *would expect* is for liblxc to establish the
following mapping:
newuidmap <pid> 0 999 999
newgidmap <pid> 0 999 1000000000
since all required mappings are present. Due to the buggy pointer comparisons
what happened was:
newuidmap <pid> 0 999 999 0 999 999
newgidmap <pid> 0 999 1000000000 0 999 1000000000
Let's fix this.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We allocate pty {master,slave} file descriptors in the childs namespaces after
we have setup devpts. After we have sent the pty file descriptors to the parent
and set up the pty file descriptors under /dev/tty* and before we exec the init
binary we need to delete these file descriptors in the child. However, one of
my commits made the deletion occur before setting up the file descriptors under
/dev/tty*. This caused a failures when trying to attach to the container's ttys
since they werent actually configured although the file descriptors were
available in the in-memory configuration of the parent.
This commit reworks setting up tty such that deletion occurs after all setup
has been performed. The commit is actually minimal but needs to also move all
the functions into one place since they well now be called from
"lxc_create_ttys()".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We cannot use strcmp(). Otherwise we incorrectly report e.g. that criu 2.12.1
is less than 2.8.
Signed-off-by: Federico Briata <federico-pietro.briata@cnhind.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
It is bad style to close an fd inside a function which didn't create it. Let's
rather close it transparently in start.c.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Writes < PIPE_BUF will be atomic. PIPE_BUF is guaranteed to be 512 by POSIX and
Linux guarantess 4096. Nothing we send around goes over this limit.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
I thought we could send all ttys at once but this limits the number of ttys
users can use because of iovec_len restrictions. So let's sent them in batches
of 2.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Since find_line() was changed before count_entries() started counting lines
wrong. It would report maximum reached before you actually reached your alloted
maximum.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Assume the db contained the following entries:
chb veth lxcbr0 veth1
chb veth lxcbr0 veth2
chb veth lxdbr0 veth3
chb veth lxdbr0 veth2
didi veth lxcbr0 veth4
And you request
cull_entries("chb", "veth", "lxdbr0", "veth3");
lxc-user-nic would wipe any entries that did not match irrespective of whether
they existed or not. Let's fix that.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The code before inserted \0-bytes after every new line which made the db
basically unusable.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We use data_sock for all things we need to send around between parent and child
now. It doesn't make sense to have so many different pipes and sockets if one
will do just fine.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>