When the interface used in the container is a physical
interface from the host, we keep the initial name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Reported-by: Sabdar <sabdar@wellspringsys.com>
The list is 'lifo', so when we create the network interfaces, we
do this in the reverse order of the expected one. That is confusing.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Some file systems do not support the file posix capabilities.
The following script set the setuid bit root on the different
cli.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
With the capabilities, the open of the log file can be done on any
file, making possible to modifify the content of the file.
Let's drop the privilege when opening the file, so we ensure that is
no longer possible.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Move the reset of the capabilities to the caps.c file and
initialize correctly the capabilities for lxc-init.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds the functions to drop the 'effective' capabilities and
restore them from the 'permitted' capabilities.
When the command is run as 'root' we do nothing.
When the command is run as 'lambda' user, we drop the effective capabilities
When the command is run as 'root' but real uid is not root, we keep the capabilies,
switch to real uid, and drop the effective capabilities.
This approach is compatible for root user, lambda + file capabilities
and lambda + setuid.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If lxc-init receives a SIGALRM, a timeout, it kills all the processes
of the container with SIGKILL. That will prevent the container to be
stuck when one process ignore the SIGTERM signal.
Each time a process exits, the timeout is resetted.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When lxc-init receives a SIGTERM, let's kill all the processes of
the pid namespace with kill -1. So the exit of the container will
happen gracefully with processes death cascade.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As pointed out by Dan Smith, when a container is being stopped, it must
also be unfrozen after posting the SIGKILL. Otherwise if the container
is frozen when the SIGKILL is posted, the SIGKILL will remain pending
and the lxc-stop command will block until lxc-unfreeze is explicitly
called).
(lxc-stop waits for the container to exit and close the socket but since
the container is frozen, lxc-stop will block).
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Acked-by: Matt Helsley <matthltc@us.ibm.com>
Acked-by: Dan Smith <danms@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
A write to the freezer.state file does not gurantee that the state has
changed. To ensure that the freezer state is either FROZEN or THAWED,
read the freezer state and if it has not changed, repeat the write.
Changelog[v2]:
- Minor reorg of code
- Comments from Daniel Lezcano:
- lseek() before each read/write of freezer.state
- Have lxc_freeze_unfreeze() return -1 on error
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If the pdeath signal is set after the synchro we have a window where
the parent exits with the pdeath signal not set.
In order to avoid that, we have to move the prctl before the synchro with
the parent so if the parent exits before we can set the pdeath signal, the
synchro will fail in any case and the container startup will be aborted.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hello all!
This bug stalked me for a while, but only now it bit me quite
badly... (Lost about an hour of work...)
So the culprit: inside the fstab file for the `lxc.mount` option I
can use options like `ro` together with `bind`. Unfortunately the
kernel just laughs in my face and ignores any options I've put in
there... :) But not any more: I've updated `./src/lxc/conf.c`
(`mount_file_entries` function) so that when it encounters a `bind`
option it executes it twice (one without any extra options, and a
second time with the remount flag set.)
I've marginally (as in my particular case) tested it and it works.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Fix default console output fall into the current tty.
Otherwise fall to /dev/null if no tty is available.
Fix at the same time, Xorg take 100% cpu.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We change the initial pointer when parsing the line, the address
we are trying to free is modified in case there are blanks before
an option.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Improve resiliency of utmp.c to removal of /var/run/utmp
Add shutdown timer as we transition to shutdown from running to check for the
number of tasks remaining. Improve container state handling. We can't rely on
the previous runlevel being maintained properly.
Signed-off-by: Andrew Phillips <Andrew.Phillips@lmax.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The mnt directory has a good chance to already exist in the new root
filesystem, so creation and removal can be avoided. This also eases
use of read only root filesystems (no configuration necessary).
Signed-off-by: Ferenc Wagner <wferi@niif.hu>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Pointer comparison is buggy as they are never null.
For an ipv6 address configuration, we always zeroed the structure,
hence the bcast and acast structure are equal to in6addr_any.
Any change of this value means the user specified something different
in the configuration file, so we fail gracefully.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
