I really fail to see the point of this and git {blame, log -S} don't really
enlighten me on the reason for this as well. But I might be dense. The way I
see it the only thing this line achieves is causing trouble when the container
is started as root because the umount2() call will umount e.g.
/usr/lib/x86_64-linux-gnu/lxc in case it is a mountpoint on the host. Note,
this is because lxc_spawn() is still called in the hosts namespaces.
Closes https://github.com/lxc/lxd/#3255.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc_unstack_mountpoint() tries to clear all mountpoints from a given path.
It return the number of successful umounts on success and -errno on error.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The code in conf will bind-mount a /dev/pts/<n> device over a dummy regular
/dev/console file. If users really want /dev/console bind-mount from the host
they can request it explicitly in the containers config file. This change will
have no effect on current LX{C,D} behavior since we (as said above) overmount
the /dev/console bind-mount anyway.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the user specified
lxc.console = none
lxc.devttydir = bla
lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
move the mount under /dev/bla/console
If he requested a mknod()ed /dev/console rename it to /dev/bla/console.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the user did request a console to be set up unmount any prior
bind-mount for it.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Older version of liblxc only allowed for 105 bytes to be used for the abstract
unix domain socket name because the code for our abstract unix socket handling
performed invalid checks. Since we \0-terminate we could now have a maximum of
106 chars. But do not break backwards compatibility we keep the limit at 105.
Reported-by: 0x0916 w@laoqinren.net
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In case the lxc command socket is hashed and the socket was created for a
different path than the one we're currently querying
lxc_cmd_get_{lxcpath,name}() can return NULL. The command socket path is hashed
when len(lxcpath) > sizeof(sun_path) - 2.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc_cmd_get_lxcpath() and lxc_cmd_get_name() both pass a nil pointer to
fill_sock_name(). Make sure that they are not dereferenced.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Abstract unix sockets need not be \0-terminated. So you can effectively have
107 chars available. If you \0-terminate you'll have a 106. Don't enforce
\0-termination in these low-level functions. Enforce it higher up which we
already do.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This adds lxc_config_item_is_supported() as API extension. It allows to check
whether a given config item (e.g. lxc.autodev) is supported by this LXC
instance. The function is useful in the following scenarios:
1. Users have compiled liblxc from source and have removed a config items from
the corresponding struct in confile.c. (For example, embedded users might
decide to gut a bunch of options that they cannot use.)
2. Callers that want to check for a specific configuration item independent of
the version numbers exposed in our version.h header.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This left the file descriptor to the underlying /dev/ptmx file open which
confused the hell out of criu. Let's close it.
Closes https://github.com/lxc/lxd/issues/3243.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
