[lxc-devel] [lxc/lxc] 0887b0: console: non-functional change

GitHub noreply at github.com
Sun Sep 10 18:13:07 UTC 2017 

  Branch: refs/heads/stable-2.0
  Home:   https://github.com/lxc/lxc
  Commit: 0887b061420606f3ca5cf342d67a4cc2009c951b
      https://github.com/lxc/lxc/commit/0887b061420606f3ca5cf342d67a4cc2009c951b
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-09-10 (Sun, 10 Sep 2017)

  Changed paths:
    M src/lxc/console.c

  Log Message:
  -----------
  console: non-functional change

Remove executable bit.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: eb4664efdaacb6369dbc0f49d6f5da43fdede7e4
      https://github.com/lxc/lxc/commit/eb4664efdaacb6369dbc0f49d6f5da43fdede7e4
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-09-10 (Sun, 10 Sep 2017)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 8b51ccde69ab640dac747dc1703397d6080f5a7f
      https://github.com/lxc/lxc/commit/8b51ccde69ab640dac747dc1703397d6080f5a7f
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-09-10 (Sun, 10 Sep 2017)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: do not log uninitialized memory

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 989351a22878f280fdd26324e6488ed21f57fbae
      https://github.com/lxc/lxc/commit/989351a22878f280fdd26324e6488ed21f57fbae
  Author: Christian Brauner <christian.brauner at ubuntu.com>
  Date:   2017-09-10 (Sun, 10 Sep 2017)

  Changed paths:
    M src/lxc/conf.c

  Log Message:
  -----------
  conf: fix userns_exec_1()

A bit of context:
userns_exec_1() is only used to operate based on privileges for the user's own
{g,u}id on the host and for the container root's unmapped {g,u}id. This means
we require only to establish a mapping from:
- the container root {g,u}id as seen from the host -> user's host {g,u}id
- the container root -> some sub{g,u}id

This function however was buggy. It relied on some pointer pointing to the same
memory, namely specific idmap entries in the idmap list in the container's
in-memory configuration. However, due to a stupid mistake of mine, the pointers
to be compared pointed to freshly allocated memory. They were never pointing to
the intended memory locations. To reproduce what I'm talking about prior to
this commit simply place:

    chb:999:1000000000
    chb:999:1
    chb:1000:1

in /etc/sub{g,u}id then create a container which requests the following
idmappings:

    lxc.idmap = u 0 999 999
    lxc.idmap = g 0 999 1000000000

and start the container. What we *would expect* is for liblxc to establish the
following mapping:

    newuidmap <pid> 0 999 999
    newgidmap <pid> 0 999 1000000000

since all required mappings are present. Due to the buggy pointer comparisons
what happened was:

    newuidmap <pid> 0 999 999 0 999 999
    newgidmap <pid> 0 999 1000000000 0 999 1000000000

Let's fix this.

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>


  Commit: 44a43f52b4297d5b20f3f83f9119d87ee5b5efa0
      https://github.com/lxc/lxc/commit/44a43f52b4297d5b20f3f83f9119d87ee5b5efa0
  Author: LiFeng <lifeng68 at huawei.com>
  Date:   2017-09-10 (Sun, 10 Sep 2017)

  Changed paths:
    M src/lxc/console.c

  Log Message:
  -----------
  console: clean tty state + return 0 on peer exit

In the past, if the console client exited, lxc_console_cb_con return 1. And
the lxc_poll will exit, the process will wait at waitpid. At this moment, the
process could not handle any command (For example get the container state
LXC_CMD_GET_STATE or stop the container LXC_CMD_STOP.).

I think we should clean the tty_state and return 0 in this case. So, we can use
the lxc-console to connect the console of the container. And we will not exit
the function lxc_polland we can handle the commands by lxc_cmd_process

Reproducer prior to this commit:
- open a new terminal, get the tty device name by command tty /dev/pts/6
- set lxc.console.path = /dev/pts/6
- start the container and the ouptut will print to /dev/pts/6
- close /dev/pts/6
- try an operation e.g. getting state with lxc-ls and lxc-ls will hang

Closes #1787.

Signed-off-by: LiFeng <lifeng68 at huawei.com>
Acked-by: Christian Brauner <christian.brauner at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/f0ab9713f9d2...44a43f52b429

More information about the lxc-devel mailing list