Donghwa Jeong
951665a30e
coverity: #1425779
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-08 11:12:52 +09:00
Donghwa Jeong
1b611563ca
coverity: #1425777
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-08 11:11:03 +09:00
Stéphane Graber
7b2352c76d
Merge pull request #2378 from brauner/2018-06-05/revert_seccomp_strict
...
Revert "seccomp: make do_resolve_add_rule() more strict"
2018-06-06 16:29:45 -04:00
Christian Brauner
8c26014b0c
seccomp: replace misleading warning messages
...
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-06 13:14:20 +02:00
Christian Brauner
1716351ab9
Merge pull request #2381 from stgraber/master
...
Fix typo
2018-06-05 23:15:46 +02:00
Stéphane Graber
46210729c5
Fix typo
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-06-05 17:13:57 -04:00
Christian Brauner
24b9874f79
Revert "seccomp: make do_resolve_add_rule() more strict"
...
This reverts commit dfddc8aa7eCloses #2376 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-05 11:21:23 +02:00
Christian Brauner
06b44d05bd
Merge pull request #2377 from 2xsec/bugfix
...
conf: change some logs to print errno
2018-06-05 10:53:16 +02:00
Donghwa Jeong
fea3b91d09
conf: change some logs to print errno
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-06-05 14:43:48 +09:00
Serge Hallyn
2095b6d83a
Merge pull request #2374 from brauner/2018-06-04/fix_remount_all_slave
...
conf: copy mountinfo for remount_all_slave()
2018-06-04 09:36:43 -05:00
Christian Brauner
fe96566a4b
Merge pull request #2362 from duguhaotian/work
...
support tls in cross-compile
2018-06-04 13:39:24 +02:00
duguhaotian
8d6aae92d3
support tls in cross-compile
...
AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>
2018-06-04 19:42:23 +08:00
Christian Brauner
6a49f05eb8
conf: copy mountinfo for remount_all_slave()
...
While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.
Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-04 13:15:16 +02:00
Christian Brauner
224d1fd25f
Merge pull request #2372 from flx42/more-seccomp-fixes
...
More seccomp fixes
2018-06-02 03:11:59 +02:00
Felix Abecassis
f42183e68c
seccomp: use a default value of 0 for the mask
...
The mask was unconditionally parsed, it failed if no mask was
provided.
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
2018-06-01 16:36:26 -07:00
Felix Abecassis
73e3cb9a16
seccomp: drop misleading argument name inherited from the OCI spec
...
The last (optional) argument was named "valueTwo", which seems to
originate from the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp
In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b".
However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ,
while the mask is supposed to be "datum_a".
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
2018-06-01 16:02:17 -07:00
Stéphane Graber
ef52e679dc
Merge pull request #2371 from brauner/2018-06-01/use_read_nointr
...
tree-wide: handle EINTR in some read()/write()
2018-06-01 14:55:58 -04:00
Christian Brauner
489f39bef7
tree-wide: handle EINTR in some read()/write()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-01 19:55:17 +02:00
Christian Brauner
e932b5c0bf
Merge pull request #2370 from jsurloppe/fix-lxc-update-config
...
Patch lxc-update-config
2018-06-01 15:50:30 +02:00
Julien Surloppe
49b8273ffc
Patch lxc-update-config
...
The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:
parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24
Signed-off-by: Julien Surloppe <julien@surloppe.fr>
2018-06-01 15:41:56 +02:00
Christian Brauner
30c8676e15
templates: fix download template
...
This patch fixes
commit 6e62213e02
2018-06-01 11:25:14 +02:00
Christian Brauner
4d6301a04a
Merge pull request #2369 from masselstine/master
...
templates: actually create DOWNLOAD_TEMP directory
2018-05-31 22:41:23 +02:00
Mark Asselstine
6e62213e02
templates: actually create DOWNLOAD_TEMP directory
...
The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:
ERROR: Failed to download http://....
Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>
2018-05-31 16:27:05 -04:00
Christian Brauner
ae8d875f89
Merge pull request #2367 from 2xsec/bugfix
...
confile_utils: apply strprint()
2018-05-31 13:57:58 +02:00
Donghwa Jeong
1396b61091
confile_utils: apply strprint()
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 20:39:46 +09:00
Christian Brauner
7af82fa828
tree-wide: fix mode of some files
...
commit 321db0260fb2a4850853
2018-05-31 12:24:08 +02:00
Christian Brauner
989ccdf1b7
Merge pull request #2366 from 2xsec/bugfix
...
change defines for return value of handlers
2018-05-31 12:22:21 +02:00
Christian Brauner
20993a9739
start: log unknown info.si_code
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-31 12:18:02 +02:00
Donghwa Jeong
321db0260f
start: fix waitpid() blocking issue
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 17:58:08 +09:00
Donghwa Jeong
b2a4850853
change defines for return value of handlers
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-31 14:54:43 +09:00
Stéphane Graber
ed40d791c4
Merge pull request #2365 from brauner/2018-05-30/improve_strprint
...
confile: improve strprint()
2018-05-30 11:35:32 -04:00
Christian Brauner
9496659c6b
confile: improve strprint()
...
POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."
But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.
[1]: The Open Group Base Specifications Issue 7, 2018 edition
IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-30 15:46:06 +02:00
Christian Brauner
9715e65c41
Merge pull request #2363 from 2xsec/master
...
conf: va_end was not called.
2018-05-30 05:37:13 +02:00
Stéphane Graber
81d7061549
Merge pull request #2360 from brauner/2018-05-29/conf_cleanup
...
conf: small cleanups
2018-05-29 15:15:46 -04:00
Donghwa Jeong
7b5a2435a2
conf: va_end was not called.
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-29 22:01:27 +09:00
Christian Brauner
32fd6cf390
conf: non-functional changes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-29 00:57:13 +02:00
Christian Brauner
7a0bcca310
conf: make tmp_umount_proc bool
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-29 00:54:16 +02:00
Christian Brauner
5173b71073
conf: make root idmap structs const
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-29 00:52:37 +02:00
Christian Brauner
80308d07b3
start: add reboot macros
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-29 00:48:15 +02:00
Stéphane Graber
5c478fb543
Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags
...
start: do not init ns_clone_flags to -1
2018-05-28 10:29:15 -04:00
Christian Brauner
386e676854
conf: ensure lxc_delete_tty() does not crash
...
We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-28 15:33:28 +02:00
Christian Brauner
f3815517f2
start: do not init ns_clone_flags to -1
...
ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-28 13:27:43 +02:00
Christian Brauner
b71841358e
Merge pull request #2355 from 2xsec/master
...
network: fix socket handle leak
2018-05-28 08:27:59 +02:00
Donghwa Jeong
87c6e5db2a
network: fix socket handle leak
...
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
2018-05-28 13:42:45 +09:00
Stéphane Graber
f1a571d669
Merge pull request #2354 from brauner/2018-05-26/config_cleanups
...
conf: cleanups, and bugfixes
2018-05-26 18:04:33 -04:00
Christian Brauner
573ad77fc2
utils: fix task_blocking_signal()
...
Closes #2342 .
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-26 21:47:46 +02:00
Christian Brauner
a2db71c041
conf: non-functional changes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-26 13:12:32 +02:00
Christian Brauner
e528c7356b
conf: pts -> pty_max
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-26 13:09:50 +02:00
Christian Brauner
885766f5d2
conf: simplify tty handling
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-26 13:05:24 +02:00
Christian Brauner
448d7b0c0f
conf: reshuffle mount members
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-26 12:53:12 +02:00
