[lxc-devel] [lxc/lxc] 94ac25: attach: simplify significantly

GitHub noreply at github.com
Thu Dec 21 21:56:56 UTC 2017 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 94ac256fbbd56063921a3d64910467d17c400f7b
      https://github.com/lxc/lxc/commit/94ac256fbbd56063921a3d64910467d17c400f7b
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-12-20 (Wed, 20 Dec 2017)

  Changed paths:
    M src/lxc/af_unix.c
    M src/lxc/attach.c
    M src/tests/attach.c

  Log Message:
  -----------
  attach: simplify significantly

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: a998454a2adac201728d3137869709710627ab19
      https://github.com/lxc/lxc/commit/a998454a2adac201728d3137869709710627ab19
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-12-21 (Thu, 21 Dec 2017)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: use lxc_raw_clone()

This let's us simplify the whole file a lot and makes things way clearer. It
also let's us avoid the infamous pid cache.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 57de839fd507c5bed57e563c92225b208e1c4324
      https://github.com/lxc/lxc/commit/57de839fd507c5bed57e563c92225b208e1c4324
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-12-21 (Thu, 21 Dec 2017)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  attach: handle /proc with hidepid={1,2} property

Receive fd for LSM security module before we set{g,u}id(). The reason is that
on set{g,u}id() the kernel will a) make us undumpable and b) we will change our
effective uid. This means our effective uid will be different from the
effective uid of the process that created us which means that this processs no
longer has capabilities in our namespace including CAP_SYS_PTRACE. This means
we will not be able to read and /proc/<pid> files for the process anymore when
/proc is mounted with hidepid={1,2}. So let's get the lsm label fd before the
set{g,u}id().

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: b5b200c6273182d70b738e592094f715613fc071
      https://github.com/lxc/lxc/commit/b5b200c6273182d70b738e592094f715613fc071
  Author: Serge Hallyn <serge at hallyn.com>
  Date:   2017-12-21 (Thu, 21 Dec 2017)

  Changed paths:
    M src/lxc/af_unix.c
    M src/lxc/attach.c
    M src/tests/attach.c

  Log Message:
  -----------
  Merge pull request #2047 from brauner/2017-12-18/attach_lsm_confinement

attach: simplify significantly


Compare: https://github.com/lxc/lxc/compare/6c049d3a2637...b5b200c62731

More information about the lxc-devel mailing list