[lxc-devel] [lxd/master] Bugfixes

stgraber on Github lxc-bot at linuxcontainers.org
Mon Mar 7 16:00:33 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160307/725b9126/attachment.bin>
-------------- next part --------------
From e709c4c8519cec840c1d8bb894ccd2863d9e0198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 7 Mar 2016 10:56:25 -0500
Subject: [PATCH 1/2] Only attempt to load containers AFTER the socket is setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As spawning containers starts a hook that requires LXD to be online, we
shouldn't run any code which may cause container startup until after the
sockets are setup.

Closes #1628
Closes #1708
Closes #1696

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/daemon.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index 83a3686..7843ff4 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -873,17 +873,9 @@ func (d *Daemon) Init() error {
 			return fmt.Errorf("Failed to setup storage: %s", err)
 		}
 
-		/* Restart containers */
-		go func() {
-			containersRestart(d)
-		}()
-
 		/* Start the scheduler */
 		go deviceEventListener(d)
 
-		/* Re-balance in case things changed while LXD was down */
-		deviceTaskBalance(d)
-
 		/* Setup the TLS authentication */
 		certf, keyf, err := readMyCert()
 		if err != nil {
@@ -1047,6 +1039,15 @@ func (d *Daemon) Init() error {
 		return nil
 	})
 
+	// Restore containers
+	if !d.IsMock {
+		/* Restart containers */
+		go containersRestart(d)
+
+		/* Re-balance in case things changed while LXD was down */
+		deviceTaskBalance(d)
+	}
+
 	return nil
 }
 

From 99edb9eee4856ad811e6b97310a31306c3fb8ac2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Mon, 7 Mar 2016 10:59:42 -0500
Subject: [PATCH 2/2] Restrict lxd init to root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1700

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/main.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lxd/main.go b/lxd/main.go
index 1c04543..d54b8da 100644
--- a/lxd/main.go
+++ b/lxd/main.go
@@ -517,6 +517,11 @@ func setupLXD() error {
 	var networkPort int       // Port
 	var trustPassword string  // Trust password
 
+	// Only root should run this
+	if os.Geteuid() != 0 {
+		return fmt.Errorf("This must be run as root")
+	}
+
 	backendsAvailable := []string{"dir"}
 	backendsSupported := []string{"dir", "zfs"}

More information about the lxc-devel mailing list