[lxc-devel] [lxc/lxc] 8dca61: conf: rework and fix leak in userns_exec_1()
Wolfgang Bumiller
noreply at github.com
Fri Mar 27 15:04:22 UTC 2020
Branch: refs/heads/stable-4.0
Home: https://github.com/lxc/lxc
Commit: 8dca61dec4ad34a5037d619ccb51869be11438a4
https://github.com/lxc/lxc/commit/8dca61dec4ad34a5037d619ccb51869be11438a4
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: rework and fix leak in userns_exec_1()
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c82fb6b3c72d8eec0d553a5a345d06d146203c0a
https://github.com/lxc/lxc/commit/c82fb6b3c72d8eec0d553a5a345d06d146203c0a
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/commands.c
Log Message:
-----------
commands: log actual errno when lxc_cmd_get_cgroup2_fd() fails
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 17b12f319bbe98e5fe561b18e55890ded111f14b
https://github.com/lxc/lxc/commit/17b12f319bbe98e5fe561b18e55890ded111f14b
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: move pointer dereference after check
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 2bc38e68ee68d3b773739a2497705bc5f592596f
https://github.com/lxc/lxc/commit/2bc38e68ee68d3b773739a2497705bc5f592596f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: rework __cg_unified_attach()
We didn't account for cgroup_attach() succeeding and just tried to attach to
the same cgroup again which doesn't make sense.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 54b4c137267b1c44ddfc0c50dc3adcd999e4c494
https://github.com/lxc/lxc/commit/54b4c137267b1c44ddfc0c50dc3adcd999e4c494
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
attach: use close_prot_errno_disarm()
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 04435b805c7af7f99a247d2891c05f29b3cbcacc
https://github.com/lxc/lxc/commit/04435b805c7af7f99a247d2891c05f29b3cbcacc
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: remove unused variable
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 5c70927b936c3c95754251c3c8279ece7f50cf5a
https://github.com/lxc/lxc/commit/5c70927b936c3c95754251c3c8279ece7f50cf5a
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: fix unified cgroup attach
There's a fundamental problem with futexes and setid calls and the go runtime.
POSIX requires that when one thread setids all threas must setids and it uses
futexes and signals to synchronize the state across threads. This causes
deadlocks which means we can't use the pretty solution I first implemented.
Instead we need to chown after we create the directory. I might come up with
something smarter later but for now this will do.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 3e9a732621d35354719d71435039fe7730878d81
https://github.com/lxc/lxc/commit/3e9a732621d35354719d71435039fe7730878d81
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2020-03-27 (Fri, 27 Mar 2020)
Changed paths:
M src/lxc/commands.c
M src/lxc/seccomp.c
M src/lxc/start.c
Log Message:
-----------
fixup i/o handler return values
Particularly important for lxc_cmd_handler() handles client
input and should not be capable of canceling the main loop,
some syscall return values leaked through overlapping with
LXC_MAINLOOP_ERROR, causing unauthorized clients connecting
to the command socket to shutdown the main loop.
In turn, signal_handler() receiving unexpected
`signalfd_siginfo` struct sizes seems like a reason to bail
(since it's a kernel interface).
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/d8d38da1cc56...3e9a732621d3
More information about the lxc-devel
mailing list