[lxc-devel] [lxc/lxc] e85898: command socket: use hash if needed

GitHub noreply at github.com
Mon Aug 18 03:41:25 UTC 2014


  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: e85898415c28e0467aed3851541e70678ad1688e
      https://github.com/lxc/lxc/commit/e85898415c28e0467aed3851541e70678ad1688e
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-08-17 (Sun, 17 Aug 2014)

  Changed paths:
    M src/lxc/commands.c

  Log Message:
  -----------
  command socket: use hash if needed

The container command socket is an abstract unix socket containing
the lxcpath and container name.  Those can be too long.  In that case,
use the hash of the lxcpath and lxcname.  Continue to use the path and
name if possible to avoid any back compat issues.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 073135baa78511c26e502362840f2c950cfddfe2
      https://github.com/lxc/lxc/commit/073135baa78511c26e502362840f2c950cfddfe2
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-08-17 (Sun, 17 Aug 2014)

  Changed paths:
    M src/lxc/monitor.c

  Log Message:
  -----------
  monitor: fix sockname calculation for long lxcpaths

A long enough lxcpath (and small PATH_MAX through crappy defines) can cause
the creation of the string to be hashed to fail.  So just use alloca to
get the size string we need.

More importantly, while I can't explain it, if lxcpath is too long, setting
sockname[sizeof(addr->sun_path)-2] to \0 simply doesn't seem to work.  So set
sockname[sizeof(addr->sun_path)-3] to \0, which does work.

With this, and with

lxc.lxcpath = /opt/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789

in /etc/lxc/lxc.conf, I can run lxc-wait just fine.  Without it, it fails
(as does lxc-start -d, which uses lxc_wait to verify the container started)

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 6fd5e7699f651ad16815f9f2bd56bc8dc4227224
      https://github.com/lxc/lxc/commit/6fd5e7699f651ad16815f9f2bd56bc8dc4227224
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-08-17 (Sun, 17 Aug 2014)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  do_mount_entry: add nexec, nosuid, nodev, rdonly flags if needed at remount

See http://lkml.org/lkml/2014/8/13/746 and its history.  The kernel now refuses
mounts if we don't add ro,nosuid,nodev,noexec flags if they were already there.

Also use the newly found info to skip remount if unneeded.  For background, if
you want to create a read-only bind mount, then you must first mount(2) with
MS_BIND to create the bind mount, then re-mount(2) again to get the new mount
options to apply.  So if this wasn't a bind mount, or no new mount options were
introduced, then we don't do the second mount(2).

null_endofword() and get_field() were not changed, only moved up in
the file.

(Note, while I can start containers inside a privileged container with
this patch, most of the lxc tests still fail with the kernel in question;
Andy's patch seems to still be needed - a kernel with which is available
at https://launchpad.net/~serge-hallyn/+archive/ubuntu/userns-natty
ppa:serge-hallyn/userns-natty)

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/da8c55e6ec2d...6fd5e7699f65


More information about the lxc-devel mailing list