proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-27 11:13:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,943 Commits 6 Branches 17 Tags 29 MiB
75b4629339
Commit Graph

7943 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
a3aba11021
netns_ifaddrs: fix missing include 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 18:14:46 +02:00
Stéphane Graber
323a7f1871
Merge pull request #2648 from brauner/2018-09-26/compiler_attributes 
compiler: add __hot attribute
 2018-09-26 10:44:51 -04:00
Stéphane Graber
6de0734bb1
Merge pull request #2647 from brauner/2018-09-23/noreturn_android 
compiler: fix __noreturn on bionic
 2018-09-26 10:44:36 -04:00
Christian Brauner
afeec9b739
compiler: add __hot attribute 
This instructs the compiler to better optimize the config parsing code.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:52:27 +02:00
Christian Brauner
d17947f8f3
compiler: fix __noreturn on bionic 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:38:41 +02:00
Christian Brauner
ebc10afe21
cgfsng: do not go into infinite loop 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:16:10 +02:00
Christian Brauner
a3650c0c4d
cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:13:05 +02:00
Christian Brauner
5ce03bc048
cgfsng: ensure no-reuse in cgfsng_monitor_create() 
The same way we need to ensure that no existing cgroups are reused for
the payload in cgfsng_payload_create() we need to ensure that no
existing cgroups are reused for the monitor. Technially this is less of
an issue since there currently is no logic for the monitor to apply
limits to its cgroup but it is still the proper way to do it.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:11:47 +02:00
Christian Brauner
625ad37b59
cgroups: introduce helper macros 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:11:47 +02:00
Christian Brauner
434c8e15c9
cgfsng: add cgfsng_monitor_destroy() 
Since we switched to the new cgroup scoping scheme that places the
container payload into lxc.payload/<container-name> and
lxc.monitor/<container-name> deletion becomes slightly more complicated.
The monitor will be able to rm_rf(lxc.payload/<container-name>) but will
not be able to rm_rf(lxc.monitor/<container-name>) since it will be
located in that cgroup and it will thus be populated.
My current solution to this is to create a lxc.pivot cgroup that only
exists so that the monitor process on container stop can pivot into it,
call rm_rf(lxc.monitor/<container-name>) and can then exit. This group
has not function whatsoever apart from this and can thus be shared by
all monitor processes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:11:47 +02:00
Christian Brauner
3999f50bd2
cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-26 14:08:26 +02:00
Stéphane Graber
810fd51c92
Merge pull request #2618 from CameronNemo/lxcmountroot 
apparmor: account for specified rootfs path (closes #2617)
 2018-09-25 14:46:21 -04:00
Stéphane Graber
34d66b6877
Merge pull request #2646 from brauner/2018-09-24/cgroup_tweaks 
cgfsng: set errno to ENOENT on get_hierarchy()
 2018-09-24 23:35:03 +02:00
Christian Brauner
27a5132c22
cgfsng: set errno to ENOENT on get_hierarchy() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-24 22:58:45 +02:00
Christian Brauner
084010482f
doc: tweak documentation a little 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-24 22:07:34 +02:00
Christian Brauner
f3672cf120
Merge pull request #2645 from stgraber/master 
stop: Only freeze if freezer is available
 2018-09-24 21:35:15 +02:00
Stéphane Graber
d18d43da89
stop: Only freeze if freezer is available 
Closes #2644

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2018-09-24 14:41:42 -04:00
Stéphane Graber
36be8e6c4a
Merge pull request #2640 from brauner/2018-09-23/netns_getifaddrs 
network: add netns_getifaddrs() implementation
 2018-09-24 00:35:21 +02:00
Christian Brauner
61204b93dd
autotools: fix lxc_user_nic build 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 21:19:35 +02:00
Christian Brauner
d3d5554a97
netns_ifaddrs: mark casts as safe 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 21:19:35 +02:00
Christian Brauner
b1e44ed125
tree_wide: switch to netns_getifaddrs() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 21:19:35 +02:00
Christian Brauner
cc6119a033
network: add netns_getifaddrs() implementation 
This commit introduces my concept of a network namespace aware
getifaddrs(), i.e. netns_getifaddrs(). This presupposes a kernel that
carries my IF{L}A_TARGET_NETNSID patches:

struct netns_ifaddrs {
        struct netns_ifaddrs *ifa_next;

        /* Can - but shouldn't be - NULL. */
        char *ifa_name;

        /* This field is not present struct ifaddrs. */
        int ifa_ifindex;

        unsigned ifa_flags;

        /* This field is not present struct ifaddrs. */
        int ifa_mtu;

        /* This field is not present struct ifaddrs. */
        int ifa_prefixlen;

        struct sockaddr *ifa_addr;
        struct sockaddr *ifa_netmask;
        union {
                struct sockaddr *ifu_broadaddr;
                struct sockaddr *ifu_dstaddr;
        } ifa_ifu;

        /* If you don't know what this is for don't touch it. */
        void *ifa_data;
};

which is a superset of struct ifaddrs. It contains additional
information such as the mtu, ifindex of the interface and the prefix
length of the address.
Note that the field ordering is different. So don't get any ideas of
using memcpy() to copy from an old struct ifaddrs into a struct
netns_ifaddrs.

int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, bool *netnsid_aware)

takes a network namespace identifier as argument which identifies the
target network namespace.
If successfull, i.e. netns_getifaddrs() returns 0, callers should check
the bool *netnsid_aware return argument. If it is true then
RTM_GET{ADDR,LINK} requests are fully netnsid aware. If it is false then
they are not and the information returned in struct netns_ifaddrs does
*not* contain correct information about the target network namespace
identified by netnsid.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 21:19:35 +02:00
Stéphane Graber
7e270c97f1
Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening 
compiler: compiler based hardening
 2018-09-23 20:43:56 +02:00
Stéphane Graber
e854e63b8b
Merge pull request #2642 from brauner/2018-09-23/android 
compiler: __attribute__((noreturn)) on bionic
 2018-09-23 20:43:46 +02:00
Christian Brauner
246736be38
autotools: support -Wstrict-prototypes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 20:22:41 +02:00
Christian Brauner
6ce39620fd
autotools: support -Wcast-align 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 20:22:41 +02:00
Christian Brauner
534aaf45d2
compiler: __attribute__((noreturn)) on bionic 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 20:16:12 +02:00
Stéphane Graber
e006ecbc9d
Merge pull request #2637 from brauner/2018-09-22/bugfixes 
macro: add STRLITERALLEN() and STRARRAYLEN()
 2018-09-23 19:31:05 +02:00
Stéphane Graber
854d13e22e
Merge pull request #2641 from brauner/2018-09-23/cgroup_scoping_fixes 
cgfsng: copy parent's cpu settings for monitor too
 2018-09-23 19:30:21 +02:00
Christian Brauner
f83903274e
cgfsng: copy parent's cpu settings for monitor too 
Closes https://github.com/lxc/lxd/issues/5060.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 16:26:31 +02:00
Christian Brauner
6333c91505
tree-wide: replace sizeof() with SIZEOF2STRLEN() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 12:56:13 +02:00
Christian Brauner
36dee4a2b6
macro: add STRLITERALLEN() and STRARRAYLEN() 
sizeof() implementation for string literals and string arrays that makes
it behave like strlen() for strings.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 12:56:13 +02:00
Christian Brauner
b857f4be4f
cgfsng: s/__cgfsng_ops__/__cgfsng_ops/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 12:37:43 +02:00
Christian Brauner
181a780fb6
compiler: s/__noreturn__/__noreturn/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 12:37:42 +02:00
Christian Brauner
cab25bd54d
compiler: s/__fallthrough__/__fallthrough/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-23 12:37:41 +02:00
Stéphane Graber
3c97aeb8f0
Merge pull request #2636 from brauner/2018-09-21/fix_implicit_fallthrough 
autotools: fix check for -Wimplicit-fallthrough
 2018-09-23 01:04:51 +02:00
Christian Brauner
62f2b7448d
Merge pull request #2627 from 2xsec/bugfix 
conf: realpath() uses null as second parameter to prevent buffer overflow
 2018-09-22 11:36:16 +02:00
Christian Brauner
23b44c365e
autotools: fix wrong AX_CHECK_COMPILE_FLAG test 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 23:45:33 +02:00
Serge Hallyn
ea0f0c849a
Merge pull request #2606 from brauner/2018-09-09/cgroup_escape 
cgroups: scoping for cgroup v2
 2018-09-21 09:54:25 -05:00
Christian Brauner
d28779d94c
cgfsng: add missing __cgfsng_ops__ attributes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
2d172fc734
tests: adapt cgroup tests to new layout 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
eeef32bbda
cgfsng: cgfsng_monitor_enter() 
brauner@wittgenstein|~
> sudo systemctl status lxc@c1
● lxc@c1.service - LXC Container: c1
   Loaded: loaded (/lib/systemd/system/lxc@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-09-11 10:42:22 CEST; 38s ago
     Docs: man:lxc-start
           man:lxc
  Process: 29855 ExecStart=/usr/bin/lxc-start -n c1 -p /run/lxc/c1.pid (code=exited, status=0/SUCCESS)
    Tasks: 18 (limit: 4915)
   Memory: 32.1M
   CGroup: /system.slice/system-lxc.slice/lxc@c1.service
           ├─lxc.monitor
           │ └─c1
           │   └─29870 [lxc monitor] /var/lib/lxc c1
           └─lxc.payload
             └─c1
               ├─init.scope
               │ └─29878 /sbin/init
               └─system.slice
                 ├─console-getty.service
                 │ └─30028 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
                 ├─cron.service
                 │ └─30019 /usr/sbin/cron -f
                 ├─dbus.service
                 │ └─30020 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                 ├─networkd-dispatcher.service
                 │ └─30016 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
                 ├─rsyslog.service
                 │ └─30017 /usr/sbin/rsyslogd -n
                 ├─system-container\x2dgetty.slice
                 │ ├─container-getty@0.service
                 │ │ └─30027 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/0 115200,38400,9600 vt220
                 │ ├─container-getty@1.service
                 │ │ └─30030 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
                 │ ├─container-getty@2.service
                 │ │ └─30026 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
                 │ └─container-getty@3.service
                 │   └─30029 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
                 ├─systemd-journald.service
                 │ └─29976 /lib/systemd/systemd-journald
                 ├─systemd-logind.service
                 │ └─30018 /lib/systemd/systemd-logind
                 ├─systemd-networkd.service
                 │ └─29996 /lib/systemd/systemd-networkd
                 ├─systemd-resolved.service
                 │ └─30014 /lib/systemd/systemd-resolved
                 └─systemd-udevd.service
                   └─29986 /lib/systemd/systemd-udevd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
634ab5ed7d
cgroups: add monitor_enter() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
72068e7470
cgfsng: add cgfsng_monitor_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
6439f06e78
cgroups: add monitor_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:52:25 +02:00
Christian Brauner
e09b62f943
cgroups: add monitor_full_path member 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:47:04 +02:00
Christian Brauner
d39e9d8b04
cgroups: add monitor_cgroup member 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:47:04 +02:00
Christian Brauner
bb221ad14f
cgroups: s/base_cgroup/container_base_path/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:47:04 +02:00
Christian Brauner
c72d45f71f
cgroups: add missing string.h include 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:47:04 +02:00
Christian Brauner
eb6971363b
cgroups: s/fullcgpath/container_full_path/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-21 16:47:03 +02:00