proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-15 13:47:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
11,279 Commits 6 Branches 17 Tags 29 MiB
df05cddc83
Commit Graph

11279 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
0b8e876fbd
attach: don't return early when calculating namespaces via pidfd 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-12 17:48:40 +02:00
Stéphane Graber
d32dcd01e7
Merge pull request #3778 from brauner/2021-04-12/fixes 
conf: idmaptool fixes
 2021-04-12 09:28:50 -04:00
Christian Brauner
a864a2e105
conf: don't report success when idmaptools lack all privilege 
Fixes: #3777
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-12 14:00:27 +02:00
Christian Brauner
83cb736218
conf: simplify idmaptool_on_path_and_privileged() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-12 09:44:40 +02:00
Evgeny Vereshchagin
5f850cf9d8 tests: pass on ASAN/UBSAN options to several tests 
to make it easier to run them under ASan/UBSan.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-12 02:21:07 +00:00
Evgeny Vereshchagin
11ead2c46a tests: stop cutting off right square brackets in share_ns 
Closes https://github.com/lxc/lxc/issues/3791

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-11 15:07:47 +00:00
Evgeny Vereshchagin
73dc93dbce tests: switch to the "busybox" template in lxc-test-checkpoint-restore 
criu can't seem to dump systemd-logind used in Ubuntu due to what appears to be
https://github.com/checkpoint-restore/criu/issues/1430.
Let's switch to busybox where all the processes hopefully can be dumped.

Closes https://github.com/lxc/lxc/issues/3792

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-11 10:40:10 +00:00
Evgeny Vereshchagin
621c7cc739 tests: fix a memory leak in attach 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-10 12:31:02 +00:00
Evgeny Vereshchagin
f80950eeef tests: fix a memory leak in cgpath 
```
==131188==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 568 byte(s) in 1 object(s) allocated from:
    #0 0x7f8918943bc8 in malloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10dbc8)
    #1 0x7f89181ee5a3 in lxc_container_new /home/vagrant/lxc/src/lxc/lxccontainer.c:5264
    #2 0x55ffc5022869 in test_container /home/vagrant/lxc/src/tests/cgpath.c:176
    #3 0x55ffc5023023 in main /home/vagrant/lxc/src/tests/cgpath.c:233
    #4 0x7f891709e0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-10 07:36:21 +00:00
Evgeny Vereshchagin
4cd72b693c tests: fix a memory leak in lxcpath 
```
$ sudo ./src/tests/lxc-test-lxcpath

=================================================================
==95911==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 39 byte(s) in 1 object(s) allocated from:
    #0 0x7effafc8d3dd in strdup (/lib/x86_64-linux-gnu/libasan.so.5+0x963dd)
    #1 0x7effaf5a2de6 in lxcapi_config_file_name /home/vagrant/lxc/src/lxc/lxccontainer.c:3190
    #2 0x562961680c30 in main /home/vagrant/lxc/src/tests/lxcpath.c:49
    #3 0x7effae5150b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Direct leak of 21 byte(s) in 1 object(s) allocated from:
    #0 0x7effafc8d3dd in strdup (/lib/x86_64-linux-gnu/libasan.so.5+0x963dd)
    #1 0x7effaf5a2de6 in lxcapi_config_file_name /home/vagrant/lxc/src/lxc/lxccontainer.c:3190
    #2 0x56296168115e in main /home/vagrant/lxc/src/tests/lxcpath.c:77
    #3 0x7effae5150b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Direct leak of 21 byte(s) in 1 object(s) allocated from:
    #0 0x7effafc8d3dd in strdup (/lib/x86_64-linux-gnu/libasan.so.5+0x963dd)
    #1 0x7effaf5a2de6 in lxcapi_config_file_name /home/vagrant/lxc/src/lxc/lxccontainer.c:3190
    #2 0x562961680f0a in main /home/vagrant/lxc/src/tests/lxcpath.c:63
    #3 0x7effae5150b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

SUMMARY: AddressSanitizer: 81 byte(s) leaked in 3 allocation(s).
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-10 04:45:46 +00:00
Evgeny Vereshchagin
5a9fae9e7f tests: fix a memory leak in cgpath 
```
$ sudo ./src/tests/lxc-test-cgpath
Container creation tests...Passed
Container creation with LXCPATH tests...Passed

=================================================================
==57206==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 296 byte(s) in 1 object(s) allocated from:
    #0 0x7fef22c27dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    #1 0x557c6e3ce3d9 in cgroup_ops_init cgroups/cgfsng.c:3347
    #2 0x557c6e3d6516 in cgroup_init cgroups/cgroup.c:33
    #3 0x557c6e3788e2 in test_running_container /home/vagrant/lxc/src/tests/cgpath.c:102
    #4 0x557c6e379c69 in test_container /home/vagrant/lxc/src/tests/cgpath.c:197
    #5 0x557c6e379e37 in main /home/vagrant/lxc/src/tests/cgpath.c:233
    #6 0x7fef2136c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)

Direct leak of 296 byte(s) in 1 object(s) allocated from:
    #0 0x7fef22c27dc6 in calloc (/lib/x86_64-linux-gnu/libasan.so.5+0x10ddc6)
    #1 0x557c6e3ce3d9 in cgroup_ops_init cgroups/cgfsng.c:3347
    #2 0x557c6e3d6516 in cgroup_init cgroups/cgroup.c:33
    #3 0x557c6e3788e2 in test_running_container /home/vagrant/lxc/src/tests/cgpath.c:102
    #4 0x557c6e379c69 in test_container /home/vagrant/lxc/src/tests/cgpath.c:197
    #5 0x557c6e379e61 in main /home/vagrant/lxc/src/tests/cgpath.c:237
    #6 0x7fef2136c0b2 in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x270b2)
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-10 02:09:09 +00:00
Stéphane Graber
965502a09c
Merge pull request #3775 from brauner/2021-04-07/fixes 
confile: make lxc_get_config() and lxc_get_config_net() always return…
 2021-04-07 12:06:02 -04:00
Christian Brauner
6773e10851
confile: make lxc_get_config() and lxc_get_config_net() always return non-NULL 
Introduce the concept of an unsupported config item.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-07 16:52:38 +02:00
Christian Brauner
33c0a5466e
Merge pull request #3774 from stgraber/master 
github: Try to fix action naming
 2021-04-07 16:34:52 +02:00
Stéphane Graber
7e8b9b04f2
github: Try to fix action naming 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-04-07 10:34:02 -04:00
Stéphane Graber
f0c6219acb
Merge pull request #3773 from brauner/2021-04-06/fixes_2 
confile & log: fixes
 2021-04-07 08:04:51 -04:00
Christian Brauner
ae393e1328
confile: enforce maximum subkey length 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-07 09:38:36 +02:00
Christian Brauner
c3cef319e3
log: add error_ret() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-07 09:38:36 +02:00
Christian Brauner
0a3b86f90c
macro: ensure ret_errno() always returns negative 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-07 09:38:27 +02:00
Christian Brauner
9d984c3fb5
Merge pull request #3763 from evverx/fuzz-lxc-define-load 
oss-fuzz: fuzz lxc_config_define_add and lxc_config_define_load
 2021-04-07 09:33:59 +02:00
Stéphane Graber
ace51ce88d
Merge pull request #3772 from merlin1991/master 
templates/*.in: fixed PATH handling with spaces
 2021-04-06 10:43:59 -04:00
Christian Ratzenhofer
655d10ed7f templates/*.in: fixed PATH handling with spaces 
if $PATH already contains a path with a space the append of the
default directories in all template scripts fails with an error
like the following:

/usr/share/lxc/templates/lxc-download: 69: export: (x86)/NVIDIA: bad
variable name

Signed-off-by: Christian Ratzenhofer <christian.ratzenhofer@cdnm.at>
 2021-04-06 14:43:11 +02:00
Stéphane Graber
093bfcc83c
Merge pull request #3771 from brauner/2021-04-06/fixes 
conf: fix setups where /dev is outside of LXC's control
 2021-04-06 08:18:32 -04:00
Christian Brauner
e2c8dbd8bc
log: ensure we always return negative errno 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-06 10:34:31 +02:00
Christian Brauner
1f0a3b6e48
conf: fix setups where /dev is outside of LXC's control 
Fixes: #3770
Suggested-by: Ruben Jenster <r.jenster@drachenfels.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-06 10:30:38 +02:00
Stéphane Graber
d75ddd9b1b
Merge pull request #3766 from brauner/2021-04-02/fixes_2 
lsm: fixes
 2021-04-02 12:03:41 -04:00
Christian Brauner
8f899a4a12
confile: complain when LXC is built without AppArmor support 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-02 16:32:54 +02:00
Christian Brauner
d6df2b8fdf
confile: complain when LXC is built without selinux support 
Link: https://github.com/lxc/lxc/issues/3765
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-02 16:18:29 +02:00
Stéphane Graber
6fde9fb187
Merge pull request #3764 from brauner/2021-04-02/fixes 
confile: fix lxc.namespace.share.[identifier]
 2021-04-02 08:47:53 -04:00
Christian Brauner
057d2caecb
confile: fix lxc.namespace.share.[identifier] 
Link: https://github.com/lxc/lxc/pull/3763/files#r606089660
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-02 12:05:58 +02:00
Stéphane Graber
8aa602556a
Merge pull request #3762 from brauner/2021-03-31/fixes 
fixes: Makefile, lxc-user-nic, simplify get_network_config_ops()
 2021-04-01 08:39:43 -04:00
Christian Brauner
7707b0e06e
confile: simplify get_network_config_ops() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 11:08:13 +02:00
Christian Brauner
59f5a10311
string_utils: use restrict for lxc_safe_int64_residual() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 11:08:13 +02:00
Christian Brauner
90e69d7178
string_utils: ensure that errno is set on return 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 11:08:11 +02:00
Christian Brauner
5fba37a134
string_utils: move to lxc-copy() sources 
It's the only place where it is still used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 10:27:40 +02:00
Christian Brauner
68dd0ea545
lxc_user_nic: cleanup get_alloted() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 10:27:40 +02:00
Christian Brauner
4c7de7c5ee
lxc_user_nic: cleanup append_alloted() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-04-01 10:27:38 +02:00
Christian Brauner
b405dec645
Merge pull request #3760 from evverx/reject-giant-configs 
oss-fuzz: reject giant configs early
 2021-04-01 08:01:59 +02:00
Evgeny Vereshchagin
55376ebd14 cifuzz: fuzz longer 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-01 01:25:26 +00:00
Evgeny Vereshchagin
1a46f8537e confile: fix a memory leak lxc_config_define_add 
```
2021-04-02T05:45:54.9410345Z ==13==ERROR: LeakSanitizer: detected memory leaks
2021-04-02T05:45:54.9410737Z
2021-04-02T05:45:54.9411488Z Direct leak of 16 byte(s) in 1 object(s) allocated from:
2021-04-02T05:45:54.9412556Z     #0 0x54d752 in calloc /src/llvm-project/compiler-rt/lib/asan/asan_malloc_linux.cpp:154:3
2021-04-02T05:45:54.9413360Z     #1 0x583795 in parse_new_conf_line /src/lxc/src/lxc/confile.c:3048:8
2021-04-02T05:45:54.9414057Z     #2 0x582f1a in lxc_config_define_add /src/lxc/src/lxc/confile.c:3090:15
2021-04-02T05:45:54.9415352Z     #3 0x5810fa in LLVMFuzzerTestOneInput /src/lxc/src/tests/fuzz-lxc-define-load.c:30:6
2021-04-02T05:45:54.9419212Z     #4 0x483b93 in fuzzer::Fuzzer::ExecuteCallback(unsigned char const*, unsigned long) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:599:15
2021-04-02T05:45:54.9421819Z     #5 0x48309a in fuzzer::Fuzzer::RunOne(unsigned char const*, unsigned long, bool, fuzzer::InputInfo*, bool, bool*) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:505:3
2021-04-02T05:45:54.9424205Z     #6 0x485474 in fuzzer::Fuzzer::ReadAndExecuteSeedCorpora(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:814:7
2021-04-02T05:45:54.9426658Z     #7 0x485689 in fuzzer::Fuzzer::Loop(std::__Fuzzer::vector<fuzzer::SizedFile, fuzzer::fuzzer_allocator<fuzzer::SizedFile> >&) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerLoop.cpp:845:3
2021-04-02T05:45:54.9428616Z     #8 0x473717 in fuzzer::FuzzerDriver(int*, char***, int (*)(unsigned char const*, unsigned long)) /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerDriver.cpp:906:6
2021-04-02T05:45:54.9429989Z     #9 0x49f572 in main /src/llvm-project/compiler-rt/lib/fuzzer/FuzzerMain.cpp:20:10
2021-04-02T05:45:54.9433312Z     #10 0x7fa96041b83f in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2083f)
2021-04-02T05:45:54.9433795Z
2021-04-02T05:45:54.9434661Z DEDUP_TOKEN: calloc--parse_new_conf_line--lxc_config_define_add
2021-04-02T05:45:54.9435483Z SUMMARY: AddressSanitizer: 16 byte(s) leaked in 1 allocation(s).
2021-04-02T05:45:54.9435958Z
2021-04-02T05:45:54.9436404Z INFO: a leak has been found in the initial corpus.
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-01 01:25:26 +00:00
Evgeny Vereshchagin
e8694d9a22 oss-fuzz: fuzz lxc_config_define_add and lxc_config_define_load 
Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-04-01 01:25:09 +00:00
Christian Brauner
f5312e35d3
Merge pull request #3759 from evverx/san-compatible 
build-system: make it compatible with ASan/UBsan/Msan
 2021-03-31 22:03:07 +02:00
Stéphane Graber
6dcd23e2bd
Merge pull request #3758 from brauner/2021-03-31/fixes 
confile: cap to last bit in set_config_net_ipv4_address()
 2021-03-31 13:36:04 -04:00
Christian Brauner
365136359f
confile: cap to last bit in set_config_net_ipv4_address() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32708
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-31 10:54:28 +02:00
Christian Brauner
ea35e2ccda
Merge pull request #3755 from evverx/lxc-net 
oss-fuzz.sh: put the "lxc.net" keys to the seed corpus as well
 2021-03-30 20:50:52 +02:00
Stéphane Graber
21e9bead12
Merge pull request #3756 from brauner/2021-03-30/fixes_3 
string_utils: switch to path_simplify()
 2021-03-30 12:58:28 -04:00
Christian Brauner
28e54be15f
string_utils: switch to path_simplify() 
Link: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=32689
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-30 17:20:51 +02:00
Stéphane Graber
ec6de2c3e7
Merge pull request #3754 from brauner/2021-03-30/fixes_2 
confile: don't jump into the global table twice
 2021-03-30 08:31:41 -04:00
Christian Brauner
0abcc213e2
confile: don't jump into the global table twice 
instead move networking keys into a subtable. This avoids even just the
remote danger of recursion and also speeds up config parsing.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-03-30 12:51:54 +02:00
Evgeny Vereshchagin
e7e0343fd9 oss-fuzz: reject giant configs early 
It should help the fuzzer to avoid running into timeouts
like https://oss-fuzz.com/testcase-detail/5132999948632064.
Hopefully, once this is merged OSS-Fuzz will report only
infinite loops as timeouts.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
 2021-03-30 07:26:39 +00:00