- lxc-clone and lxc-start-ephemeral are marked deprecated. We add a
--enable-deprecated flag to configure.ac allowing us to enable these
deprecated executables
- update tests to use lxc-copy instead of lxc-clone
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- add deprecation not to man pages
- print deprecation info to stderr when the executables are invoked
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- add note to lxc-clone manpage that it is superseded by lxc-copy
- add note to lxc-start-ephemeral manpage that it is superseded by lxc-copy
- fix typo in lxc-attach manpage
- fix some of my comments in lxc_ls.c
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- The code required to prepare an fd to act as a login tty is shared among
pty_on_host_callback() and fork_pty(). This implements login_pty(), a
minimalistic login_tty() clone, to avoid code redundancy.
- Give pty_in_container() a slightly extended comment.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Because containers need to - and safely can - mount cgroufs in that
case.
Note that if cgns is enabled but the unshare fails, we fail the container
start, so checking whether they are enabled is enough.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
So far lxc-attach did not use a pty when attaching to a container. This made it
vulnerable to tty input faking via TIOCSTI when switching to a different user.
This patch makes lxc-attach use a pty in most cases. The only current exemption
is when stdin, stdout, and stderr are not referring to a pty.
There are two ways how lxc-attach can receive a pty:
1. get a pty in the container
2. get a pty on the host
This patch makes 1. the default and only opts for 2. when 1. fails before
giving up. The rationale behind this is as follows: If we create a pty on the
host (2.) and pass the fds to the container the container may report "no tty"
when the "tty" command is used. This could be irritating for users when they
expect that lxc-attach now always tries to use a pty. Hence, option 1. is the
default.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc_console_cb_tty_masterfd() unnecessarily reported a read/write error when
the fd was closed. This happens e.g. when we have allocated a tty in the
container with lxc-console and we shut the container down. lxc-console will
then exit with an error message. This patch introduces a test whether the
EPOLLHUP bit is set in the events mask. If so, we report no error.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Make lxc_console_set_stdfds useable by other callers that do not have access to
lxc_handler.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- lxc_console_cb_tty_stdin()
- lxc_console_cb_tty_master()
- lxc_setup_tios(int fd, struct termios *oldtios);
- lxc_console_winsz(int srcfd, int dstfd);
- lxc_console_cb_sigwinch_fd(int fd, uint32_t events, void *cbdata,
struct lxc_epoll_descr *descr);
- lxc_tty_state *lxc_console_sigwinch_init(int srcfd, int dstfd);
- lxc_console_sigwinch_fini(struct lxc_tty_state *ts);
We can make use these functions in other modules.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
When containers have lxcfs mounted instead of cgroupfs, we have to
process /proc/self/mountinfo a bit differently. In particular, we
should look for fuse.lxcfs fstype, we need to look elsewhere for the
list of comounted controllers, and the mount_prefix is not a cgroup path
which was bind mounted, so we should ignore it, and named subsystems
show up without the 'name=' prefix.
With this patchset I can start containers inside a privileged lxd
container with lxcfs mounted (i.e. without cgroup namespaces).
Closes#830
Signed-off-by: Ubuntu <ubuntu@localhost.localdomain>
If we're trying to allow a device which was denied to our parent
container, just continue.
Cgmanager does not help us to distinguish between eperm and other
errors, so just always continue.
We may want to consider actually computing the range of devices
to which the container monitor has access, but OTOH that introduces
a whole new set of complexity to compute access sets.
Closes#827
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
NULL pointers passed to execl*() functions must be cast to (char *)NULL since
they are variadic functions.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
fname cannot be passed in as NULL by any of its current callers. If it
could, then build_dir() would crash as it doesn't check for it. So make
sure we are warned if in the future we pass in NULL.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- Ephemeral containers are destroyed on shutdown so we do not destroy them.
- Destroy ephemeral containers with clones: first destroy all the clones, then
destroy the container.
- Ephemeral containers with snapshots cannot be easily handled but we can
probably trust that no one will try to make snapshots of an ephemeral
container.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Ideally a container configuration will specify 'unchanged' if
it wants the container to use the current (parent) profile. But
lxd passes its current label. Support that too.
Note that if/when stackable profiles exist, this behavior may
or may not be what we want. But the code to deal with aa
stacking will need some changes anyway so this is ok.
With this patch, I can create nested containers inside a
lxd xenial container both using
lxc launch x2
and unprivileged
lxc-start -n x2
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Comment rootfs.path and rootfs.mount so people can better figure
out which to use.
Remove the unused pivotdir argument from setup_rootfs_pivot_root().
Remove the unused pivot member of the lxc_rootfs struct. And just
return 0 (success) when someone passes a lxc.pivotdir entry. One
day we'll turn that into an error, but not yet...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Since we need fuse to run lxcfs, which is required by systemd, let's warn
about that as well.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
All lxc.mount.entry entries will be relative to the hosts / when a container
does not specify a lxc.rootfs.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
- The function mount_entry_create_aufs_dirs() moves from conf.c to
lxcaufs.{c,h} where it belongs.
- In accordance with the "aufs_" prefix naming scheme for functions associated
with lxcaufs.{c,h} mount_entry_create_aufs_dirs() becomes aufs_mkdir().
- Add aufs_get_rootfs() which returns the rootfs for an aufs lxc.rootfs.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
In mount_entry_on_generic() we dereferenced a NULL pointer whenever a container
without a rootfs was created. (Since mount_entry_on_systemfs() passes them with
NULL.) We have mount_entry_on_generic() check whether rootfs != NULL.
We also check whether rootfs != NULL in the functions ovl_mkdir() and
mount_entry_create_aufs_dirs() and bail immediately. Rationale: For overlay and
aufs lxc.mount.entry entries users give us absolute paths to e.g. workdir and
upperdir which we create for them. We currently use rootfs->path and the
lxcpath for the container to check that users give us a sane path to create
those directories under and refuse if they do not. If we want to allow overlay
mounts for containers without a rootfs they can easily be reworked.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Since we allow containers to be created without a rootfs most checks in conf.c
are not sane anymore. Instead of just checking if rootfs->path != NULL we need
to check whether rootfs != NULL.
Minor fixes:
- Have mount_autodev() always return -1 on failure: mount_autodev() returns 0
on success and -1 on failure. But when the return value of safe_mount() was
checked in mount_autodev() we returned false (instead of -1) which caused
mount_autodev() to return 0 (success) instead of the correct -1 (failure).
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc-ls nowadays is a C binary so there's no need to keep the python and
shell versions around anymore, remove them from the branch and cleanup
documentation and Makefiles.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
- make free_mnts() work directly on the globals mnt_table and mnt_table_size
- have free_mnts() set mnt_table = NULL and mnt_table_size = 0 when its done to
avoid double frees
- simplify error-handling in do_clone_ephemeral()
- do_clone_ephemeral(): when chmod() falls to set permissions on the temporary
folder we created for mkdtemp() remove the folder
- simplify error handling in main()
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Just as cgmanager does, if we are calculating a task's paths, drop
the trailing '/init.scope'. We don't want the container to sit under
there.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Previously, name= controllers would be handled if lxc.cgroup.use=@all,
but not if lxc.cgroup.use was unspecified. Change that, since you cannot
run systemd in a container without it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This allows cgfs to be used to create containers in a user namespace,
and have the container owner be able to use cgroups.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
* This are either '.', '..' or a hidden directory.
And this names should not be used for a container
in any case.
* Before this patch, if you created a git repository under lxc.lxcpath (it
can be useful to keep track of the configurations of your containers)
Then, when you run lxc-ls you will get the following output:
# lxc-ls
.git container1 container2 ....
This is because there is a 'config' file inside the '.git' directory.
It is where git stores the configuration of the repository.
And the test lxc-ls does to check if a directory contains a container
is just to check if the 'directory/config' file exists.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
The new task waits until the container is STOPPED, then asks
openvswitch to delete the port.
This requires two new arguements to be sent to lxc-user-nic.
Since lxc-user-nic ships with lxc, this shouldn't be a problem.
Finally when calling lxc-user-nic, use execlp insteac of execvp
to preserve lxcpath's const-ness. Technically we are
guaranteed that execvp won't change the args, but it's worth
it to silence the warnings (and not hide real errors).
With this patch, container nics are cleaned up from openvswitch
bridges on shutdown.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- With the -g/--groups argument the user can give a comma-separated list of
groups MUST a container must have in order to be displayed. We receive
this list as a single string. ls_has_all_grps() is called to check if a
container has all the groups of MUST in its current list of groups HAS. I.e.
we determine whether MUST ⊆ HAS and only then do we record the container.
The original implementation was dumb in that it split the string MUST
everytime it needed to check whether MUST ⊆ HAS for a given container. That's
pointless work. Instead we split the string MUST only once in main() and pass
it to ls_get() which passes it along to ls_has_all_grps().
- Before doing any costly checking make sure that #MUST <= #HAS. If not bail
immediately.
- The linear search algorithm ls_has_all_grps() currently uses stays for now.
Binary search et al. do not seem to make sense since sorting the array HAS
for each container is probably too costly. Especially, since it seems
unlikely that a users specifies 50+ or so groups on the command line a
container must have to be displayed. If however there are a lot of use-cases
where users have a lot of containers each with 50-100 groups and regularly use
lxc-ls with -g/--groups to only show containers that have 50 specified groups
among their 50-100 groups we can revisit this issue and implement e.g. binary
search or a ternary search tree.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
