In the usual case the child runs in a separate pid namespace. So far we haven't
been able to reliably set the pdeath signal. When we set the pdeath signal we
need to verify that we haven't lost a race whereby we have been orphaned and
though we have set a pdeath signal it won't help us since, well, the parent is
dead.
We were able to correctly handle this case when we were in the same pidns since
getppid() will return a valid pid. When we are in a separate pidns 0 will be
returned since the parent doesn't exist in our pidns.
A while back, while Jann and I were discussing other things he came up with a
nifty idea: simply pass an fd for the parent's status file and check the
"State:" field. This is the implementation of that idea.
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
If SSL is enabled, utils will include function `do_sha1_hash()` to
generate a sha1 encrypted buffer. Last function argument of
`EVP_DigestFinal_ex()` requires a `unsigned int` but the current
parameter is an `integer` type.
See error:
utils.c:350:38: error: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign
[-Werror,-Wpointer-sign]
EVP_DigestFinal_ex(mdctx, md_value, md_len);
^~~~~~
/usr/include/openssl/evp.h:549:49: note: passing argument to parameter 's' here
unsigned int *s);
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
This allows us to use a bunch of macros in our static build for init.lxc.static
without having to link against all of utils.{c,h}.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Specifier %lli was insufficient for the type uint64_t, all values
between 2^63-1 and 2^64-1 were silently converted to 2^63-1.
We can't use %llu since it doesn't handle hexadecimal. Instead, we
parse the values as strings and then use strtoull(3).
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
Sigh, this is going to be fun. Essentially, dynamic memory allocation through
malloc() and friends is unsafe when fork()ing in threads. The locking state
that glibc maintains internally might get messed up when the process that
fork()ed calls malloc or calls functions that malloc() internally. Functions
that internally malloc() include fopen(). One solution here is to use open() +
mmap() instead of fopen() + getline().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Sometimes we want to know whether we are privileged wrt our
namespaces, and sometimes we want to know whether we are priv
wrt init_user_ns.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
In particular, if we are already in a user namespace we are unprivileged,
and doing things like moving the physical nics back to the host netns won't
work. Let's do the same thing LXD does if euid == 0: inspect
/proc/self/uid_map and see what that says.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
This is to avoid bad surprises caused by older glibc's pid cache (up to 2.25)
when using clone().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
