[lxc-devel] [lxc/lxc] 2659c7: btrfs: support unprivileged create and clone

GitHub noreply at github.com
Wed May 7 03:54:51 UTC 2014 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 2659c7cbd55beee72b9b1740f48f48ad9d7d89da
      https://github.com/lxc/lxc/commit/2659c7cbd55beee72b9b1740f48f48ad9d7d89da
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-05-06 (Tue, 06 May 2014)

  Changed paths:
    M src/lxc/bdev.c
    M src/lxc/lxc_create.c
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  btrfs: support unprivileged create and clone

btrfs subvolume ioctls are usable by unprivileged users, so allow
unprivileged containers to reside on btrfs.

This patch does not yet enable destroy.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 44a706bdaf1471dbddb05e10269a0d413d224ab5
      https://github.com/lxc/lxc/commit/44a706bdaf1471dbddb05e10269a0d413d224ab5
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-05-06 (Tue, 06 May 2014)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  btrfs: support unprivileged destroy

Do this by calling the bdev->destroy() hook from a user namespace
configured as the container's.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: cbf0bae67ca5c285c8770d893dfa1924eb5abfe9
      https://github.com/lxc/lxc/commit/cbf0bae67ca5c285c8770d893dfa1924eb5abfe9
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-05-06 (Tue, 06 May 2014)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: also handle named subsystems (like name=systemd)

Read /proc/self/cgroup instead of /proc/cgroups, so as to catch
named subsystems.  Otherwise the contaienrs will not be fully
moved into the container cgroups.

Also free line which was being leaked.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 25c7531cf0bab45e06fb2ebf05ce2f37c5c0f649
      https://github.com/lxc/lxc/commit/25c7531cf0bab45e06fb2ebf05ce2f37c5c0f649
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2014-05-06 (Tue, 06 May 2014)

  Changed paths:
    M configure.ac
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: use absolute cgroup path to switch cgroups at attach

If an unprivileged user does 'lxc-start -n u1' in one
login session, followed by 'lxc-attach -n u1' in another
session, the attach will fail if the sessions are in different
cgroups.  The same is true of lxc-cgroup commands.

Address this by using the GetPidCgroupAbs and MovePidAbs
which work with the containers' cgroup path relative to
the cgproxy.

Since GetPidCgroupAbs is new to api version 3 in cgmanager,
use the old method if we are on an older cgmanager.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: "S.Çağlar Onur" <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/391260dcb2ae...25c7531cf0ba

More information about the lxc-devel mailing list