[lxc-devel] [lxc/lxc] 8dc255: Make mount_entry_create_*_dirs() more robust
GitHub
noreply at github.com
Fri Nov 6 19:52:41 UTC 2015
Branch: refs/heads/stable-1.1
Home: https://github.com/lxc/lxc
Commit: 8dc25557dbc6fc95b7084cfcf3fd5bbeeb9266cf
https://github.com/lxc/lxc/commit/8dc25557dbc6fc95b7084cfcf3fd5bbeeb9266cf
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Make mount_entry_create_*_dirs() more robust
The mount_entry_create_*_dirs() functions currently assume that the rootfs of
the container is actually named "rootfs". This has the consequence that
del = strstr(lxcpath, "/rootfs");
if (!del) {
free(lxcpath);
lxc_free_array((void **)opts, free);
return -1;
}
*del = '\0';
will return NULL when the rootfs of a container is not actually named "rootfs".
This means the we return -1 and do not create the necessary upperdir/workdir
directories required for the overlay/aufs mount to work. Hence, let's not make
that assumption. We now pass lxc_path and lxc_name to
mount_entry_create_*_dirs() and create the path directly. To prevent failure we
also have mount_entry_create_*_dirs() check that lxc_name and lxc_path are not
empty when they are passed in.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: c66fc6e6f1619d5902672718d59d8ce1ff99c7fd
https://github.com/lxc/lxc/commit/c66fc6e6f1619d5902672718d59d8ce1ff99c7fd
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M templates/lxc-ubuntu-cloud.in
Log Message:
-----------
ubuntu-cloud: Replace .tar.gz by .tar.xz and don't auto-generate missing tarballs
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 9972fba5e250b155bb0a3bf6f4ba45149f8a8288
https://github.com/lxc/lxc/commit/9972fba5e250b155bb0a3bf6f4ba45149f8a8288
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/cgroup.c
M src/lxc/cgroup.h
Log Message:
-----------
Ignore trailing /init.scope in init cgroups
The lxc monitor does not store the container's cgroups, rather it
recalculates them whenever needed.
Systemd moves itself into a /init.scope cgroup for the systemd
controller.
It might be worth changing that (by storing all cgroup info in the
lxc_handler), but for now go the hacky route and chop off any
trailing /init.scope.
I definately thinkg we want to switch to storing as that will be
more bullet-proof, but for now we need a quick backportable fix
for systemd 226 guests.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: d6de0d238720be2636cce3e00d612d010b0c0b60
https://github.com/lxc/lxc/commit/d6de0d238720be2636cce3e00d612d010b0c0b60
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/lxc_usernsexec.c
Log Message:
-----------
lxc-usernsexec: reopen fds 0,1,2 separately
lxc-usernsexec was using fd 0 and reopening it as 0,1,2 for
the new task. If doing "lxc-usernsexec .. < script" this
will corrupt the file 'script'.
Reported-by: Fiedler Roman <Roman.Fiedler at ait.ac.at>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 6c351aeaeeaf383b02c107fa5327fa64c4f65c00
https://github.com/lxc/lxc/commit/6c351aeaeeaf383b02c107fa5327fa64c4f65c00
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M config/init/systemd/lxc-net.service.in
Log Message:
-----------
lxc-net: switch After target to network-online.target
Otherwise it may start too early and end up taking 10.0.3.1 even
though eth0 was eventually going to end up on 10.0.3.x.
https://bugs.launchpad.net/juju-core/+bug/1510619
Reported-by: Ryan Harper <ryan.harper at ubuntu.com>
Cc: Martin Pitt <martin.pitt at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: d6dddf6d895297f210b21e11b7b4b37938edb35d
https://github.com/lxc/lxc/commit/d6dddf6d895297f210b21e11b7b4b37938edb35d
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Parse rootfs->path
The mount_entry_overlay_dirs() and mount_entry_aufs_dirs() functions create
workdirs and upperdirs for overlay and aufs lxc.mount.entry entries. They try
to make sure that the workdirs and upperdirs can only be created under the
containerdir (e.g. /path/to/the/container/CONTAINERNAME). In order to do this
the right hand side of
if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfs->path, rootfslen) != 0))
was thought to check if the rootfs->path is not present in the workdir and
upperdir mount options. But the current check is bogus since it will be
trivially true whenever the container is a block-dev or overlay or aufs backed
since the rootfs->path will then have a form like e.g.
overlayfs:/some/path:/some/other/path
This patch adds the function ovl_get_rootfs_dir() which parses rootfs->path by
searching backwards for the first occurrence of the delimiter pair ":/". We do
not simply search for ":" since it might be used in path names. If ":/" is not
found we assume the container is directory backed and simply return
strdup(rootfs->path).
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: e1ff1a15ace2c36dfe3c3cb6269f64ea3a51daa9
https://github.com/lxc/lxc/commit/e1ff1a15ace2c36dfe3c3cb6269f64ea3a51daa9
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
Simplify function
Instead of duplicating the cleanup-code, once for success and once for failure,
simply keep a variable fret which is -1 in the beginning and gets set to 0 on
success or stays -1 on failure.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 5f73f449f88430ce4f29ec2f7be7d3824b2cb2a9
https://github.com/lxc/lxc/commit/5f73f449f88430ce4f29ec2f7be7d3824b2cb2a9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/lxc_usernsexec.c
Log Message:
-----------
don't close std* fd if opentty fails
We didn't do it before, and it makes testcases fail.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Commit: 2b014e0c156af1a85b5629f0229a340c7d2a3f8f
https://github.com/lxc/lxc/commit/2b014e0c156af1a85b5629f0229a340c7d2a3f8f
Author: Jakub Sztandera <kubuxu at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M templates/lxc-archlinux.in
Log Message:
-----------
arch template: Fix systemd-sysctl service
The systemd-sysctl service includes condition that /proc/sys/ has to be read-write.
In lxc only /proc/sys/net/ is read-write which causes the condition to fail and service not to run.
This patch changes the check to /proc/sys/net/ and makes the service apply only rules that are in net tree.
Signed-off-by: Jakub Sztandera <kubuxu at gmail.com>
Commit: eeac098000466cfd2582b9b276d96513077f4468
https://github.com/lxc/lxc/commit/eeac098000466cfd2582b9b276d96513077f4468
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M templates/lxc-ubuntu-cloud.in
Log Message:
-----------
lxc-ubuntu-cloud: Never exit 0 when no container is created
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 2263cbbfe26c500b0abd0f9414273e7619274f9e
https://github.com/lxc/lxc/commit/2263cbbfe26c500b0abd0f9414273e7619274f9e
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
Init error_num to 1
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 6b54308fc15dd5a3ad5b0c1b97d39debda8871e7
https://github.com/lxc/lxc/commit/6b54308fc15dd5a3ad5b0c1b97d39debda8871e7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/lxc_usernsexec.c
Log Message:
-----------
only re-open fds if stdin is a tty
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: 94fc8d505987c0ad7582f2fccfdb73cb148695c8
https://github.com/lxc/lxc/commit/94fc8d505987c0ad7582f2fccfdb73cb148695c8
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/confile.c
M src/lxc/confile.h
Log Message:
-----------
Add clone_update_unexp_ovl_paths() function
This functions updates absolute paths for overlay upper- and workdirs so users
can simply clone and start new containers without worrying about absolute paths
in lxc.mount.entry overlay entries.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: 108ab95109a64b52b758081a96dc6387ee69cdcb
https://github.com/lxc/lxc/commit/108ab95109a64b52b758081a96dc6387ee69cdcb
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
Update absolute paths for overlay and aufs mounts
When using overlay and aufs mounts with lxc.mount.entry users have to specify
absolute paths for upperdir and workdir which will then get created
automatically by mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() in conf.c. When we clone a container with
overlay or aufs lxc.mount.entry entries we need to update these absolute paths.
In order to do this we add the function update_ovl_paths() in
lxccontainer.c. The function updates the mounts in two locations:
1) lxc_conf->mount_list
and
2) lxc_conf->unexpanded_config (by calling clone_update_unexp_ovl_dir())
If we were to only update 2) we would end up with wrong upperdir and workdir
mounts as the absolute paths would still point to the container that serves as
the base for the clone. If we were to only update 1) we would end up with wrong
upperdir and workdir lxc.mount.entry entries in the clone's config as the
absolute paths in upperdir and workdir would still point to the container that
serves as the base for the clone. Updating both will get the job done.
NOTE: This function does not sanitize paths apart from removing trailing
slashes. (So when a user specifies //home//someone/// it will be cleaned to
//home//someone. This is the minimal path cleansing which is also done by
lxc_container_new().) But the mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() functions both try to be extremely strict about
when to create upperdirs and workdirs. They will only accept sanitized paths,
i.e. they require /home/someone. I think this is a (safety) virtue and we
should consider sanitizing paths in general. In short: update_ovl_paths() does
update all absolute paths to the new container but
mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() will still
refuse to create upperdir and workdir when the updated path is unclean. This
happens easily when e.g. a user calls lxc-clone -o OLD -n NEW -P
//home//chb///.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: ba35272e956fafe6098838f84b52c1b6b47529f8
https://github.com/lxc/lxc/commit/ba35272e956fafe6098838f84b52c1b6b47529f8
Author: Christian Brauner <christianvanbrauner at gmail.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/confile.c
Log Message:
-----------
Fix calculations in clone_update_unexp_hooks()
Changes v3:
(1) Fix typo (q --> p).
(1) This commit fixes the calculations when updating paths in lxc.hooks.*
entries. We now also update conf->unexpandend_alloced which hasn't been
done prior to this commit.
(2) Also we use the stricter check:
if (p >= lend)
continue;
This should deal better with invalid config files.
(3) Insert some spaces between operators to increase readability.
(4) Use gotos to simplify function and increase readability.
Signed-off-by: Christian Brauner <christianvanbrauner at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Commit: eac6837f7839d85a958636b395599a77e3763999
https://github.com/lxc/lxc/commit/eac6837f7839d85a958636b395599a77e3763999
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2015-11-06 (Fri, 06 Nov 2015)
Changed paths:
M src/lxc/utils.c
Log Message:
-----------
use PR_SET_MM_MAP instead of PR_SET_MM
PR_SET_MM_MAP can be called as non-root, which we are in the unprivileged
(or nested) case.
Also, let's not do the strcpy() for the new cmdline until after we're sure
the prctl succeeded. This means that even if it does fail, we won't
mutilate the command line like we did before, it just won't be as pretty.
v2: remember to chop off bits of the string that are too long
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/8cecbd386123...eac6837f7839
More information about the lxc-devel
mailing list