[lxc-devel] [lxd/master] Bugfixes

stgraber on Github lxc-bot at linuxcontainers.org
Thu Mar 10 18:30:01 UTC 2016 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160310/22e2246c/attachment.bin>
-------------- next part --------------
From e4b1fc877d2c02d4002c3a76eb46d1f606e83adc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 10 Mar 2016 12:48:03 -0500
Subject: [PATCH 1/2] Don't generate client certificates whe calling NewClient
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1738

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 client.go | 42 +++++++++++++++++++++---------------------
 1 file changed, 21 insertions(+), 21 deletions(-)

diff --git a/client.go b/client.go
index 0479005..bb19b67 100644
--- a/client.go
+++ b/client.go
@@ -143,15 +143,6 @@ func HoistResponse(r *http.Response, rtype ResponseType) (*Response, error) {
 	return resp, nil
 }
 
-func ensureMyCert(configDir string) (string, string, error) {
-	certf := path.Join(configDir, "client.crt")
-	keyf := path.Join(configDir, "client.key")
-
-	err := shared.FindOrGenCert(certf, keyf)
-
-	return certf, keyf, err
-}
-
 // NewClient returns a new LXD client.
 func NewClient(config *Config, remote string) (*Client, error) {
 	if remote == "" {
@@ -173,20 +164,29 @@ func NewClient(config *Config, remote string) (*Client, error) {
 			info.RemoteConfig.Addr = fmt.Sprintf("unix:%s", shared.VarPath("unix.socket"))
 		}
 	} else {
-		certf, keyf, err := ensureMyCert(config.ConfigDir)
-		if err != nil {
-			return nil, err
-		}
-		certBytes, err := ioutil.ReadFile(certf)
-		if err != nil {
-			return nil, err
+		// Read the client certificate (if it exists)
+		clientCertPath := path.Join(config.ConfigDir, "client.crt")
+		if shared.PathExists(clientCertPath) {
+			certBytes, err := ioutil.ReadFile(clientCertPath)
+			if err != nil {
+				return nil, err
+			}
+
+			info.ClientPEMCert = string(certBytes)
 		}
-		keyBytes, err := ioutil.ReadFile(keyf)
-		if err != nil {
-			return nil, err
+
+		// Read the client key (if it exists)
+		clientKeyPath := path.Join(config.ConfigDir, "client.key")
+		if shared.PathExists(clientKeyPath) {
+			keyBytes, err := ioutil.ReadFile(clientKeyPath)
+			if err != nil {
+				return nil, err
+			}
+
+			info.ClientPEMKey = string(keyBytes)
 		}
-		info.ClientPEMCert = string(certBytes)
-		info.ClientPEMKey = string(keyBytes)
+
+		// Read the server certificate (if it exists)
 		serverCertPath := config.ServerCertPath(remote)
 		if shared.PathExists(serverCertPath) {
 			cert, err := shared.ReadCert(serverCertPath)

From 632d101450e7769fd8f3f2817aa37bbc219f7605 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Thu, 10 Mar 2016 13:29:25 -0500
Subject: [PATCH 2/2] Forward errors from forkgetfile and forkputfile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1740

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go |  8 ++++++++
 lxd/nsexec.go        | 36 ++++++++++++++++++++++--------------
 2 files changed, 30 insertions(+), 14 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 4a5e56f..017127d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -2714,6 +2714,10 @@ func (c *containerLXC) FilePull(srcpath string, dstpath string) error {
 
 	// Process forkgetfile response
 	if string(out) != "" {
+		if strings.HasPrefix(string(out), "error:") {
+			return fmt.Errorf(strings.TrimPrefix(strings.TrimSuffix(string(out), "\n"), "error: "))
+		}
+
 		for _, line := range strings.Split(strings.TrimRight(string(out), "\n"), "\n") {
 			shared.Debugf("forkgetfile: %s", line)
 		}
@@ -2773,6 +2777,10 @@ func (c *containerLXC) FilePush(srcpath string, dstpath string, uid int, gid int
 
 	// Process forkputfile response
 	if string(out) != "" {
+		if strings.HasPrefix(string(out), "error:") {
+			return fmt.Errorf(strings.TrimPrefix(strings.TrimSuffix(string(out), "\n"), "error: "))
+		}
+
 		for _, line := range strings.Split(strings.TrimRight(string(out), "\n"), "\n") {
 			shared.Debugf("forkgetfile: %s", line)
 		}
diff --git a/lxd/nsexec.go b/lxd/nsexec.go
index 481e27f..03d6a55 100644
--- a/lxd/nsexec.go
+++ b/lxd/nsexec.go
@@ -77,19 +77,19 @@ int copy(int target, int source)
 	char buf[1024];
 
 	if (ftruncate(target, 0) < 0) {
-		perror("truncate");
+		perror("error: truncate");
 		return -1;
 	}
 
 	while ((n = read(source, buf, 1024)) > 0) {
 		if (write(target, buf, n) != n) {
-			perror("write");
+			perror("error: write");
 			return -1;
 		}
 	}
 
 	if (n < 0) {
-		perror("read");
+		perror("error: read");
 		return -1;
 	}
 
@@ -103,12 +103,12 @@ int dosetns(int pid, char *nstype) {
 	sprintf(buf, "/proc/%d/ns/%s", pid, nstype);
 	mntns = open(buf, O_RDONLY);
 	if (mntns < 0) {
-		perror("open mntns");
+		perror("error: open mntns");
 		return -1;
 	}
 
 	if (setns(mntns, 0) < 0) {
-		perror("setns");
+		perror("error: setns");
 		close(mntns);
 		return -1;
 	}
@@ -124,7 +124,7 @@ int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is
 
 	host_fd = open(host, O_RDWR);
 	if (host_fd < 0) {
-		perror("open host");
+		perror("error: open");
 		return -1;
 	}
 
@@ -133,28 +133,36 @@ int manip_file_in_ns(char *rootfs, int pid, char *host, char *container, bool is
 		container_open_flags |= O_CREAT;
 
 	if (pid > 0) {
-		if (dosetns(pid, "mnt") < 0)
+		if (dosetns(pid, "mnt") < 0) {
+			perror("error: setns");
 			goto close_host;
+		}
 	} else {
-		if (chroot(rootfs) < 0)
+		if (chroot(rootfs) < 0) {
+			perror("error: chroot");
 			goto close_host;
+		}
 
-		if (chdir("/") < 0)
+		if (chdir("/") < 0) {
+			perror("error: chdir");
 			goto close_host;
+		}
 	}
 
 	container_fd = open(container, container_open_flags, mode);
 	if (container_fd < 0) {
-		fprintf(stderr, "%s\n", strerror(errno));
+		perror("error: open");
 		goto close_host;
 	}
 
 	if (is_put) {
-		if (copy(container_fd, host_fd) < 0)
+		if (copy(container_fd, host_fd) < 0) {
+			perror("error: copy");
 			goto close_container;
+		}
 
 		if (fchown(container_fd, uid, gid) < 0) {
-			perror("fchown");
+			perror("error: chown");
 			goto close_container;
 		}
 
@@ -366,14 +374,14 @@ __attribute__((constructor)) void init(void) {
 
 	cmdline = open("/proc/self/cmdline", O_RDONLY);
 	if (cmdline < 0) {
-		perror("open");
+		perror("error: open");
 		_exit(232);
 	}
 
 	memset(buf, 0, sizeof(buf));
 	if ((size = read(cmdline, buf, sizeof(buf)-1)) < 0) {
 		close(cmdline);
-		perror("read");
+		perror("error: read");
 		_exit(232);
 	}
 	close(cmdline);

More information about the lxc-devel mailing list