proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 13:47:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,065 Commits 6 Branches 17 Tags 29 MiB
7635665611
Commit Graph

7065 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stéphane Graber
85f839ccb1
Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create 
tools: fix lxc-create with global config value II
 2018-05-25 23:48:10 -04:00
Christian Brauner
3ec12d39cd
coverity: #1435747 
Dereference before null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:29:32 +02:00
Christian Brauner
4c496daa33
coverity: #1435803 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:22:58 +02:00
Christian Brauner
923929f612
coverity: #1435805 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:21:05 +02:00
Christian Brauner
a579fa51bf
coverity: #1435806 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:20:36 +02:00
Christian Brauner
49938fbcd9
tools: fix lxc-create with global config value II 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 19:35:00 +02:00
Stéphane Graber
9acc50c1fe
Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes 
seccomp: more fixes
 2018-05-25 10:12:04 -04:00
Christian Brauner
78633423cd
tools: fix lxc-create with global config value 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 15:43:59 +02:00
Christian Brauner
dfddc8aa7e
seccomp: make do_resolve_add_rule() more strict 
Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:27:50 +02:00
Christian Brauner
54a051c166
seccomp: parse_v2_rules() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:26:25 +02:00
Christian Brauner
cf6624c1fe
seccomp: lxc_read_seccomp_config() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:16:31 +02:00
Christian Brauner
1ddc138272
Merge pull request #2351 from Blub/seccomp-fixup-2 
Seccomp fixup part 2
 2018-05-25 12:43:53 +02:00
Wolfgang Bumiller
7474b5b33f seccomp: error on unrecognized actions 
Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2018-05-25 12:14:12 +02:00
Wolfgang Bumiller
9dbd8ff383 seccomp: refactor line handling of parse_config 
Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba4 ("seccomp: parse_config_v2()")
 2018-05-25 12:14:12 +02:00
Wolfgang Bumiller
f858dd50cf seccomp: re-add action parse error handling 
This can happen when the 'errno' action can't parse its
supplied number.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a ("seccomp: parse_v2_rules()")
 2018-05-25 12:08:33 +02:00
Christian Brauner
8cd059dfdc
Merge pull request #2350 from Blub/seccomp-cleanup-fixup 
seccomp: leak fixup
 2018-05-25 09:13:29 +02:00
Wolfgang Bumiller
97a9b25848 seccomp: leak fixup 
Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e4 ("seccomp: parse_config_v1()")
 2018-05-25 08:58:30 +02:00
Stéphane Graber
1269738063
Merge pull request #2349 from brauner/2018-05-24/prevent_fd_leak 
lxccontainer: fix fd leaks when sending signals
 2018-05-24 20:22:28 -04:00
Christian Brauner
c0b48eff17
start: log setns() failure 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:25:16 +02:00
Christian Brauner
8f3e3c131b
confile: order architectures 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:12:46 +02:00
Christian Brauner
9dd541531f
lxccontainer: fix fd leaks when sending signals 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:00:50 +02:00
Stéphane Graber
b3365b9346
Merge pull request #2347 from brauner/2018-05-24/seccomp_cleanups 
seccomp: cleanup
 2018-05-24 16:57:13 -04:00
Stéphane Graber
a055735adb
Merge pull request #2348 from brauner/2018-05-24/pthread_sigmask 
tree-wide: s/sigprocmask/pthread_sigmask()/g
 2018-05-24 16:53:19 -04:00
Christian Brauner
eabf1ea9cd
utils: fix task_blocking_signal() 
sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 22:34:20 +02:00
Christian Brauner
b467714b33
tree-wide: s/sigprocmask/pthread_sigmask()/g 
The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 21:01:39 +02:00
Christian Brauner
47f6d547b2
seccomp: lxc_read_seccomp_config() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 19:50:35 +02:00
Christian Brauner
6ca8172db2
seccomp: parse_config() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 19:50:35 +02:00
Christian Brauner
9c3798eba4
seccomp: parse_config_v2() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
ad9a5b72a9
seccomp: do_resolve_add_rule() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
04263914e5
seccomp: scmp_filter_ctx get_new_ctx() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
0197fe2e5e
seccomp: get_hostarch() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
0b5c590dcc
seccomp: move #ifdefines 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
f67c94d00a
seccomp: parse_v2_rules() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 17:45:56 +02:00
Christian Brauner
63a49b03f4
seccomp: fix get_seccomp_arg_value() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 16:30:41 +02:00
Christian Brauner
1ab6b4a12e
seccomp: get_v2_action() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:47:59 +02:00
Christian Brauner
f0fd80ae3d
seccomp: get_action_name() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:46:06 +02:00
Christian Brauner
30448a13ab
seccomp: get_v2_default_action() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:42:47 +02:00
Christian Brauner
7ad3767052
utils: add remove_trailing_newlines() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:38:08 +02:00
Christian Brauner
ccf8d128e4
seccomp: parse_config_v1() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:35:01 +02:00
Christian Brauner
5fdc4e77a6
lxcseccomp: cleanup header 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-24 13:34:49 +02:00
Christian Brauner
73b5b70eb7
Merge pull request #2345 from flx42/seccomp-fixes 
Seccomp fixes
 2018-05-24 11:30:30 +02:00
Felix Abecassis
eacebcc3cb seccomp: fix type mismatch when parsing syscall arguments filters 
Specifier %lli was insufficient for the type uint64_t, all values
between 2^63-1 and 2^64-1 were silently converted to 2^63-1.

We can't use %llu since it doesn't handle hexadecimal. Instead, we
parse the values as strings and then use strtoull(3).

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
 2018-05-23 22:38:25 -07:00
Felix Abecassis
30adf868bf seccomp: remove unnecessary memset 
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
 2018-05-23 21:32:26 -07:00
Felix Abecassis
9c7423ce2f seccomp: remove confusing comment line 
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
 2018-05-23 21:28:01 -07:00
Felix Abecassis
3a2cd4b958 seccomp: fix off-by-one error in array allocation for sscanf 
The maximum field width does not include the null terminator.

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
 2018-05-23 20:54:32 -07:00
Stéphane Graber
f217dcd039
Merge pull request #2344 from brauner/2018-05-23/on_demand_log_file 
tools: only create log file when requested
 2018-05-23 11:28:01 -04:00
Stéphane Graber
f6c94d9a4c
Merge pull request #2340 from brauner/2018-05-22/fix_init_cmd 
lxc-init: skip signals that can't be caught
 2018-05-23 11:27:10 -04:00
Stéphane Graber
cd7cf94be7
Merge pull request #2338 from brauner/2018-05-17/multi_threaded_logging 
log: enable per-thread container name prefix
 2018-05-23 11:26:43 -04:00
Christian Brauner
f6d79ec119
tools: only create log file when requested 
We used to initialize a log unconditionally before. This has led to scenarios
where users where left with container directories and an empty log file even
though they didn't request a log be created at all.
Switch all tools to only create a log file when the user explicitly requests
this.

Closes #1779.
Closes #2032.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-23 13:49:42 +02:00
Christian Brauner
12ad9ba7a8
Merge pull request #2341 from tych0/optionally-execveat 
use execveat syscall to exec lxc-init if supported
 2018-05-23 12:25:42 +02:00