proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-06-02 18:21:25 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11,096 Commits 6 Branches 17 Tags 29 MiB
db4af8c57e
Commit Graph

204 Commits

Author SHA1 Message Date
Christian Brauner
db4af8c57e
build: improve meson build 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-09-23 14:05:24 +02:00
Christian Brauner
58db1a61c8
build: add src/include to build and simplify header inclusions 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-09-03 09:25:56 +02:00
Evgeny Vereshchagin
4a6af91855 log: create log files in "fuzzing" mode if it's called outside fuzz targets 
to make it possible to run the fuzzers along with the other tests

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-26 19:57:56 +00:00
Christian Brauner
9ec1d9db36
utils: add copy_struct_to_client() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-23 16:15:32 +01:00
Christian Brauner
d329cda71b
utils: add copy_struct_from_client() 
Which is our variant of copy_struct_from_user() that Aleksa and I added to the
kernel.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-23 16:15:31 +01:00
Christian Brauner
8cdbef77df
utils: add development helper to quickly dump a directories contents 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-15 12:29:47 +01:00
Christian Brauner
c988c8b1ce
cgroups: move cgns_supported() to cgroup utilities 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-15 11:51:11 +01:00
Christian Brauner
74ed30d721
mount_utils: move mount_at() and mount_from_at() over from utils.{c,h} 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-05 12:56:59 +01:00
Christian Brauner
5a7f1dc660
utils: rework lxc_setgroups() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-05 12:12:29 +01:00
Christian Brauner
8dd6f81e70
utils: add lxc_drop_groups() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-05 12:09:35 +01:00
Christian Brauner
977687db1c
utils: add mount_from_at() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-04 18:45:32 +01:00
Christian Brauner
315f8a4e42
cgroups: fix cgroup mounting 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-04 15:59:50 +01:00
Christian Brauner
e1b9d6af00
conf: make lxc_create_tmp_proc_mount() static 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-03 20:55:01 +01:00
Christian Brauner
a60d8c4ea7
file_utils: add fdopenat() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-02-01 11:32:46 +01:00
Christian Brauner
052535c865
macro: move MAX_GRBUF_SIZE 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-12-07 11:25:58 +01:00
Christian Brauner
d701d729f6
lsm: rework lsm handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-11 09:41:27 +02:00
Christian Brauner
43535b6d26
utils: introduce safe_mount_beneath_at() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-09 19:52:31 +02:00
Christian Brauner
65f0afdee2
utils: add safe_mount_beneath() based on openat2() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-08-09 19:52:30 +02:00
Christian Brauner
5f1b09866f
utils: hide unnecessary symbols 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-07-21 13:15:25 +02:00
Christian Brauner
07d1f84ab2
log: hide unnecessary symbols 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-07-20 17:11:50 +02:00
Christian Brauner
07f89c1e0e
confile: handle overflow in lxc.time.offset.{boot,monotonic} 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-06-26 10:08:32 +02:00
Christian Brauner
f40988c773
process_utils: introduce new process_utils.{c,h} 
This will be the central place for all process management helpers. This also
removes raw_syscalls.{c,h}.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-05-15 12:32:28 +02:00
Christian Brauner
234998b4f2
conf: introduce userns_exec_mapped_root() 
to avoid the overhead of calling to lxc-usernsexec whenever we can.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-05-04 10:56:05 +02:00
Christian Brauner
c353b0b950
utils: rework fix_stdio_permissions() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-04-02 11:50:27 +02:00
gaohuatao
6aff515722 fix non-root user cannot write /dev/stdout 
Signed-off-by: gaohuatao <gaohuatao@huawei.com>
 2020-04-01 09:36:44 -04:00
Christian Brauner
8408a9cc8d
tree-wide: s/recursive_destroy/lxc_rm_rf/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-28 15:06:55 +01:00
Christian Brauner
39293f2213
start: add ability to detect whether kernel supports pidfds 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-11 15:59:33 +01:00
Christian Brauner
5502253005
conf: cleanup 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-10 14:10:19 +01:00
Christian Brauner
4110345b7a
tree-wide: make files cloexec whenever possible 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2020-03-09 21:47:47 +01:00
Maximilian Blenk
4fef78bc33 container.conf: Add option to set keyring SELinux context 
lxc set's up a new session keyring for every container by default.
If executed on an SELinux enabled system, by default, the keyring
inherits the label of the creating process. If executed with the
currently available SELinux policy, this means that the keyring
is labeled with the lxc_t type. Applications inside the container,
however, might expect that the keyring is labeled with a certain
context (and will fail to access the keyring if it's not explicitly
allowed in the global policy). This patch introduces the config
option lxc.selinux.context.keyring which enables to specify the
label of the newly created keyring. That is, the keyring can be
labeled with the label expected by the started application.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
 2020-01-31 14:33:01 +01:00
Christian Brauner
8e64b6736f
cgroups/cgfsng: rework cgroup removal 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 22:55:44 +01:00
Christian Brauner
fe70edeee5
cgroups: flatten hierarchy 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-10 14:07:08 +01:00
Christian Brauner
cc73685dd0
lxc: switch to SPDX 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-12-04 13:48:46 +01:00
Christian Brauner
4d8bdfa030 start: handle setting pdeath signal in new pidns 
In the usual case the child runs in a separate pid namespace. So far we haven't
been able to reliably set the pdeath signal. When we set the pdeath signal we
need to verify that we haven't lost a race whereby we have been orphaned and
though we have set a pdeath signal it won't help us since, well, the parent is
dead.
We were able to correctly handle this case when we were in the same pidns since
getppid() will return a valid pid. When we are in a separate pidns 0 will be
returned since the parent doesn't exist in our pidns.
A while back, while Jann and I were discussing other things he came up with a
nifty idea: simply pass an fd for the parent's status file and check the
"State:" field. This is the implementation of that idea.

Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-10-04 07:31:37 -07:00
Julio Faracco
7c3d3976fa utils: Fix wrong integer of a function parameter. 
If SSL is enabled, utils will include function `do_sha1_hash()` to
generate a sha1 encrypted buffer. Last function argument of
`EVP_DigestFinal_ex()` requires a `unsigned int` but the current
parameter is an `integer` type.

See error:
utils.c:350:38: error: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign
      [-Werror,-Wpointer-sign]
        EVP_DigestFinal_ex(mdctx, md_value, md_len);
                                            ^~~~~~
/usr/include/openssl/evp.h:549:49: note: passing argument to parameter 's' here
                                  unsigned int *s);

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>
 2019-08-03 02:16:13 -03:00
Serge Hallyn
fa2bb6ba53 Switch from gnutls to openssl for sha1 
The reason for this is because openssl can be statically linked
against, gnutls cannot.

Signed-off-by: Serge Hallyn <shallyn@cisco.com>
 2019-06-13 22:19:27 -05:00
Alexander Kriventsov
b9f80409d7 getgrgid_r fails with ERANGE if buffer is too small. Retry with a larger buffer. 
Signed-off-by: Alexander Kriventsov <akriventsov@nic.ru>
 2019-06-03 18:11:56 +03:00
tomponline
99a8edfc3a lvm: Updates lvcreate to wipe signatures if supported, fallbacks to old command if not. 
Signed-off-by: tomponline <tomp@tomp.uk>
 2019-03-26 08:44:28 +00:00
Christian Brauner
ebf3a6af23
conf: remove fgets() from run_buffer() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2019-03-01 12:17:46 +01:00
Josh Soref
54d423b874 spelling: allocate 
Signed-off-by: Josh Soref <jsoref@gmail.com>
 2018-10-30 06:45:18 +00:00
Christian Brauner
07a50156ed
raw_syscalls: move lxc_raw_gettid() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 13:10:55 +02:00
Christian Brauner
303037d2f6
syscall_wrappers: move signalfd() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 13:08:51 +02:00
Christian Brauner
e8f764b6bc
syscall_wrappers: move unshare() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 13:03:30 +02:00
Christian Brauner
364932cfae
syscall_wrappers: move sethostname() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 13:00:21 +02:00
Christian Brauner
59524108dd
syscall_wrappers: move setns() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 12:57:32 +02:00
Christian Brauner
6a886ddf19
syscall_wrappers: move memfd_create() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-03 12:49:46 +02:00
Christian Brauner
c7f493aee0
utils: fix lxc_set_death_signal() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-10-02 21:00:59 +02:00
Christian Brauner
d7b58715b6
raw_syscalls: add lxc_raw_getpid() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-30 20:20:16 +02:00
Christian Brauner
b25291da14
utils: add lxc_setup_keyring() 
Allocate a new keyring if we can to prevent information leak.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-28 13:41:14 +02:00
Christian Brauner
d38dd64a51
tree-wide: fix includes to fix bionic builds 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-09-27 01:01:33 +02:00