Specifier %lli was insufficient for the type uint64_t, all values
between 2^63-1 and 2^64-1 were silently converted to 2^63-1.
We can't use %llu since it doesn't handle hexadecimal. Instead, we
parse the values as strings and then use strtoull(3).
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>
We used to initialize a log unconditionally before. This has led to scenarios
where users where left with container directories and an empty log file even
though they didn't request a log be created at all.
Switch all tools to only create a log file when the user explicitly requests
this.
Closes#1779.
Closes#2032.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The execveat allows us to exec stuff via a fd so we don't have to bind mount
stuff in. See the comment about why we're using the syscall directly.
Closes#2339.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>
[christian.brauner@ubuntu.com: adapt error message and whitespace fixes]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
When using the LXC API multi-thread and users initialize a log:
struct lxc_log log;
log.name = "my-log";
lxc_log_init(&log);
all threads will have the same "my-log" prefix even though thy might call
lxc_container_new() in separate threads. There is currently no easy way to
handle per-thread container name prefixes.
To handle this carry a reference to the name of the container in struct
lxc_conf and if no log.name was set, use it by default. This way each thread
will get the container it is currently working on as a log-prefix.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: duguhaotian <duguhaotian@gmail.com>
This replaces the constructor implementation of cgroup handling with a simpler,
thread-safe on-demand model of cgroup driver initialization.
Making the cgroup initialization code run in a constructor means that each time
the shared library gets mapped the cgroup parsing code gets run. That's
unnecessary overhead.
It also feels to me that this is only accidently thread-safe because
constructors are only run once. But should threads actually end up manipulating
or freeing memory that is file-global to cgfsng.c we'd be screwed. Now, I might
be wrong here but the cleaner implementation is to allocate a cgroup driver on
demand whenever we need it.
Take the chance and rework the cgroup_ops interface to make the functions it
wants to have implemented a lot cleaner.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This reverts commit 2ec47d5149.
First, I forgot to actually replace strncpy() with strlcpy(). Second, we don't
want to \0-terminate since this is an abstract unix socket and this is not
required. Instead, let's simply use memcpy() which is more correct and also
silences gcc-8.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
