This patch add function `get_action_name`, so we can print action name
in the log file. for example:
```
lxc-start ubuntu 20170515095416.561 INFO lxc_seccomp - seccomp.c:parse_config_v2:613 - Adding compat rule for reject_force_umount action 0(kill).
lxc-start ubuntu 20170515095416.562 INFO lxc_seccomp - seccomp.c:parse_config_v2:613 - Adding compat rule for kexec_load action 327681(errno).
```
Signed-off-by: 0x0916 <w@laoqinren.net>
So far, we somehow always called lxc_map_ids(), even when no id map was
configured. Let's not do this.
Closes#1555.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
I really fail to see the point of this and git {blame, log -S} don't really
enlighten me on the reason for this as well. But I might be dense. The way I
see it the only thing this line achieves is causing trouble when the container
is started as root because the umount2() call will umount e.g.
/usr/lib/x86_64-linux-gnu/lxc in case it is a mountpoint on the host. Note,
this is because lxc_spawn() is still called in the hosts namespaces.
Closes https://github.com/lxc/lxd/#3255.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc_unstack_mountpoint() tries to clear all mountpoints from a given path.
It return the number of successful umounts on success and -errno on error.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The code in conf will bind-mount a /dev/pts/<n> device over a dummy regular
/dev/console file. If users really want /dev/console bind-mount from the host
they can request it explicitly in the containers config file. This change will
have no effect on current LX{C,D} behavior since we (as said above) overmount
the /dev/console bind-mount anyway.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the user specified
lxc.console = none
lxc.devttydir = bla
lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
move the mount under /dev/bla/console
If he requested a mknod()ed /dev/console rename it to /dev/bla/console.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the user did request a console to be set up unmount any prior
bind-mount for it.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Older version of liblxc only allowed for 105 bytes to be used for the abstract
unix domain socket name because the code for our abstract unix socket handling
performed invalid checks. Since we \0-terminate we could now have a maximum of
106 chars. But do not break backwards compatibility we keep the limit at 105.
Reported-by: 0x0916 w@laoqinren.net
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the lxc command socket is hashed and the socket was created for a
different path than the one we're currently querying
lxc_cmd_get_{lxcpath,name}() can return NULL. The command socket path is hashed
when len(lxcpath) > sizeof(sun_path) - 2.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc_cmd_get_lxcpath() and lxc_cmd_get_name() both pass a nil pointer to
fill_sock_name(). Make sure that they are not dereferenced.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Abstract unix sockets need not be \0-terminated. So you can effectively have
107 chars available. If you \0-terminate you'll have a 106. Don't enforce
\0-termination in these low-level functions. Enforce it higher up which we
already do.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
