proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 07:52:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
7,645 Commits 6 Branches 17 Tags 29 MiB
ddd51fdb8e
Commit Graph

7645 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Donghwa Jeong
1396b61091 confile_utils: apply strprint() 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-31 20:39:46 +09:00
Christian Brauner
7af82fa828
tree-wide: fix mode of some files 
commit 321db0260f ("start: fix waitpid() blocking issue") and
commit b2a4850853 ("change defines for return value of handlers)
changed the mode of files.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-31 12:24:08 +02:00
Christian Brauner
989ccdf1b7
Merge pull request #2366 from 2xsec/bugfix 
change defines for return value of handlers
 2018-05-31 12:22:21 +02:00
Christian Brauner
20993a9739
start: log unknown info.si_code 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-31 12:18:02 +02:00
Donghwa Jeong
321db0260f start: fix waitpid() blocking issue 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-31 17:58:08 +09:00
Donghwa Jeong
b2a4850853 change defines for return value of handlers 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-31 14:54:43 +09:00
Stéphane Graber
ed40d791c4
Merge pull request #2365 from brauner/2018-05-30/improve_strprint 
confile: improve strprint()
 2018-05-30 11:35:32 -04:00
Christian Brauner
9496659c6b
confile: improve strprint() 
POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-30 15:46:06 +02:00
Christian Brauner
9715e65c41
Merge pull request #2363 from 2xsec/master 
conf: va_end was not called.
 2018-05-30 05:37:13 +02:00
Stéphane Graber
81d7061549
Merge pull request #2360 from brauner/2018-05-29/conf_cleanup 
conf: small cleanups
 2018-05-29 15:15:46 -04:00
Donghwa Jeong
7b5a2435a2 conf: va_end was not called. 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-29 22:01:27 +09:00
Christian Brauner
32fd6cf390
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-29 00:57:13 +02:00
Christian Brauner
7a0bcca310
conf: make tmp_umount_proc bool 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-29 00:54:16 +02:00
Christian Brauner
5173b71073
conf: make root idmap structs const 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-29 00:52:37 +02:00
Christian Brauner
80308d07b3
start: add reboot macros 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-29 00:48:15 +02:00
Stéphane Graber
5c478fb543
Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags 
start: do not init ns_clone_flags to -1
 2018-05-28 10:29:15 -04:00
Christian Brauner
386e676854
conf: ensure lxc_delete_tty() does not crash 
We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-28 15:33:28 +02:00
Christian Brauner
f3815517f2
start: do not init ns_clone_flags to -1 
ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-28 13:27:43 +02:00
Christian Brauner
b71841358e
Merge pull request #2355 from 2xsec/master 
network: fix socket handle leak
 2018-05-28 08:27:59 +02:00
Donghwa Jeong
87c6e5db2a network: fix socket handle leak 
Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>
 2018-05-28 13:42:45 +09:00
Stéphane Graber
f1a571d669
Merge pull request #2354 from brauner/2018-05-26/config_cleanups 
conf: cleanups, and bugfixes
 2018-05-26 18:04:33 -04:00
Christian Brauner
573ad77fc2
utils: fix task_blocking_signal() 
Closes #2342.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 21:47:46 +02:00
Christian Brauner
a2db71c041
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 13:12:32 +02:00
Christian Brauner
e528c7356b
conf: pts -> pty_max 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 13:09:50 +02:00
Christian Brauner
885766f5d2
conf: simplify tty handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 13:05:24 +02:00
Christian Brauner
448d7b0c0f
conf: reshuffle mount members 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 12:53:12 +02:00
Christian Brauner
b3187a814a
conf: make close_all_fds a boolean 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 12:52:09 +02:00
Christian Brauner
edd64e17dc
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 12:50:53 +02:00
Christian Brauner
07c4ea310d
conf: make is_execute a boolean 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 12:50:03 +02:00
Christian Brauner
3a0e314db5
conf: non-functional changes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 12:48:09 +02:00
Stéphane Graber
85f839ccb1
Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create 
tools: fix lxc-create with global config value II
 2018-05-25 23:48:10 -04:00
Christian Brauner
3ec12d39cd
coverity: #1435747 
Dereference before null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:29:32 +02:00
Christian Brauner
4c496daa33
coverity: #1435803 
Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:22:58 +02:00
Christian Brauner
923929f612
coverity: #1435805 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:21:05 +02:00
Christian Brauner
a579fa51bf
coverity: #1435806 
Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-26 03:20:36 +02:00
Christian Brauner
49938fbcd9
tools: fix lxc-create with global config value II 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 19:35:00 +02:00
Stéphane Graber
9acc50c1fe
Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes 
seccomp: more fixes
 2018-05-25 10:12:04 -04:00
Christian Brauner
78633423cd
tools: fix lxc-create with global config value 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 15:43:59 +02:00
Christian Brauner
dfddc8aa7e
seccomp: make do_resolve_add_rule() more strict 
Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:27:50 +02:00
Christian Brauner
54a051c166
seccomp: parse_v2_rules() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:26:25 +02:00
Christian Brauner
cf6624c1fe
seccomp: lxc_read_seccomp_config() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 13:16:31 +02:00
Christian Brauner
1ddc138272
Merge pull request #2351 from Blub/seccomp-fixup-2 
Seccomp fixup part 2
 2018-05-25 12:43:53 +02:00
Wolfgang Bumiller
7474b5b33f seccomp: error on unrecognized actions 
Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
 2018-05-25 12:14:12 +02:00
Wolfgang Bumiller
9dbd8ff383 seccomp: refactor line handling of parse_config 
Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba4 ("seccomp: parse_config_v2()")
 2018-05-25 12:14:12 +02:00
Wolfgang Bumiller
f858dd50cf seccomp: re-add action parse error handling 
This can happen when the 'errno' action can't parse its
supplied number.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a ("seccomp: parse_v2_rules()")
 2018-05-25 12:08:33 +02:00
Christian Brauner
8cd059dfdc
Merge pull request #2350 from Blub/seccomp-cleanup-fixup 
seccomp: leak fixup
 2018-05-25 09:13:29 +02:00
Wolfgang Bumiller
97a9b25848 seccomp: leak fixup 
Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e4 ("seccomp: parse_config_v1()")
 2018-05-25 08:58:30 +02:00
Stéphane Graber
1269738063
Merge pull request #2349 from brauner/2018-05-24/prevent_fd_leak 
lxccontainer: fix fd leaks when sending signals
 2018-05-24 20:22:28 -04:00
Christian Brauner
c0b48eff17
start: log setns() failure 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:25:16 +02:00
Christian Brauner
8f3e3c131b
confile: order architectures 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2018-05-25 00:12:46 +02:00