[lxc-devel] [lxc/lxc] 4eac99: lxc-download: Detect unpriv created by real root

Thu Feb 27 20:10:29 UTC 2014

  Branch: refs/heads/stable-1.0
  Home:   https://github.com/lxc/lxc
  Commit: 4eac99130e99e07a5ce133a8cfbfaf131e1dac9a
      https://github.com/lxc/lxc/commit/4eac99130e99e07a5ce133a8cfbfaf131e1dac9a
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M templates/lxc-download.in

  Log Message:
  -----------
  lxc-download: Detect unpriv created by real root

This adds yet another case in the in_userns function detecting the case
where an unprivileged container is created by the real uid 0, in which
case we want to share the system wide cache but still use the
unprivileged templates and unpack method.

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

  Commit: 3efa3bad761e3e766a6ad3dfcd3db1d23c4e0e82
      https://github.com/lxc/lxc/commit/3efa3bad761e3e766a6ad3dfcd3db1d23c4e0e82
  Author: Dwight Engen <dwight.engen at oracle.com>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M src/lxc/cgfs.c

  Log Message:
  -----------
  fix attach when cgroups mounted after container start

When booting an OL7 container on OL6, systemd in the OL7 container mounted
some extra cgroup controllers, which are then present in /proc/self/cgroups
of every task on the host. This is the list used by attach to determine
which cgroups to move the attached task into, but when it asks the container
over the command interface for the path to the subsystem this will fail
since the controller didn't exist when the container was first started.

Instead of failing, this change allows the attach to continue, warning that
those cgroups that could not be found won't be attached to.

The problem can be more simply reproduced by starting a busybox container,
mounting a cgroup that was not previously mounted, and then attempting
to attach to to the busybox container.

The problem will likely not manifest with cgmanager since it only requests
the path for the first controller, which is likely to always be mounted.

Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

  Commit: 469b6a6612137daef7cc051497cef039b5e0e152
      https://github.com/lxc/lxc/commit/469b6a6612137daef7cc051497cef039b5e0e152
  Author: Vitaly Lavrov <vel21ripn at gmail.com>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  fix realloc() error on reboot container

The container with "lxc.network.type=phys" halted with error on reboot.

Error message:
*** glibc detected *** lxc-start: realloc(): invalid pointer: 0x0948eed0 ***

We have a sequence:

1) conf->saved_nic = relloc(NULL) on start start.c:container save_phys_nics()
2) free(conf->saved_nics) after stop container
   conf.c:lxc_rename_phys_nics_on_shutdown()
3) conf->saved_nic = relloc(conf->saved_nics) on restart container
   start.c:save_phys_nics() -> error relloc()

free(conf->saved_nics) in lxc_rename_phys_nics_on_shutdown()
unnecessary, it will be called later in lxc_clear_saved_nics().

Signed-off-by: Vitaly Lavrov <vel21ripn at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>

  Commit: ead15156ba8fc00fac85e9828eead4aa33432047
      https://github.com/lxc/lxc/commit/ead15156ba8fc00fac85e9828eead4aa33432047
  Author: S.Çağlar Onur <caglar at 10ur.org>
  Date:   2014-02-27 (Thu, 27 Feb 2014)

  Changed paths:
    M src/lxc/bdev.c

  Log Message:
  -----------
  bdev: do not crash if specs is NULL

Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>

Compare: https://github.com/lxc/lxc/compare/4672c91a418c...ead15156ba8f