[lxc-devel] [lxc/stable-2.0] stable 2.0: backports
brauner on Github
lxc-bot at linuxcontainers.org
Sun Sep 24 12:09:41 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 364 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170924/236e09b2/attachment.bin>
-------------- next part --------------
From f07355f9d003c8d704a838aeb959663f45fb7b9b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 24 Sep 2017 13:45:31 +0200
Subject: [PATCH 1/7] storage: use userns_exec_full()
Closes #1800.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/storage/aufs.c | 4 ++--
src/lxc/storage/btrfs.c | 4 ++--
src/lxc/storage/overlay.c | 4 ++--
src/lxc/storage/storage.c | 4 ++--
src/lxc/storage/storage.h | 1 -
5 files changed, 8 insertions(+), 9 deletions(-)
diff --git a/src/lxc/storage/aufs.c b/src/lxc/storage/aufs.c
index f3618150b..567a597f6 100644
--- a/src/lxc/storage/aufs.c
+++ b/src/lxc/storage/aufs.c
@@ -136,8 +136,8 @@ int aufs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
rdata.src = odelta;
rdata.dest = ndelta;
if (am_unpriv())
- ret = userns_exec_1(conf, rsync_delta_wrapper, &rdata,
- "rsync_delta_wrapper");
+ ret = userns_exec_full(conf, rsync_delta_wrapper,
+ &rdata, "rsync_delta_wrapper");
else
ret = rsync_delta(&rdata);
if (ret) {
diff --git a/src/lxc/storage/btrfs.c b/src/lxc/storage/btrfs.c
index b63ebba20..2537e9efc 100644
--- a/src/lxc/storage/btrfs.c
+++ b/src/lxc/storage/btrfs.c
@@ -397,8 +397,8 @@ int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new,
return btrfs_snapshot(orig->dest, new->dest);
sdata.dest = new->dest;
sdata.src = orig->dest;
- return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata,
- "btrfs_snapshot_wrapper");
+ return userns_exec_full(conf, btrfs_snapshot_wrapper, &sdata,
+ "btrfs_snapshot_wrapper");
}
if (rmdir(new->dest) < 0 && errno != ENOENT) {
diff --git a/src/lxc/storage/overlay.c b/src/lxc/storage/overlay.c
index d939b34f2..770821663 100644
--- a/src/lxc/storage/overlay.c
+++ b/src/lxc/storage/overlay.c
@@ -752,8 +752,8 @@ static int ovl_do_rsync(struct lxc_storage *orig, struct lxc_storage *new,
rdata.orig = orig;
rdata.new = new;
if (am_unpriv())
- ret = userns_exec_1(conf, ovl_rsync_wrapper, &rdata,
- "ovl_rsync_wrapper");
+ ret = userns_exec_full(conf, ovl_rsync_wrapper, &rdata,
+ "ovl_rsync_wrapper");
else
ret = ovl_rsync(&rdata);
if (ret)
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index adf5af8b2..820fd2407 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -454,8 +454,8 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
data.orig = orig;
data.new = new;
if (am_unpriv())
- ret = userns_exec_1(c0->lxc_conf, rsync_rootfs_wrapper, &data,
- "rsync_rootfs_wrapper");
+ ret = userns_exec_full(c0->lxc_conf, rsync_rootfs_wrapper,
+ &data, "rsync_rootfs_wrapper");
else
ret = rsync_rootfs(&data);
diff --git a/src/lxc/storage/storage.h b/src/lxc/storage/storage.h
index 655737759..6011574c0 100644
--- a/src/lxc/storage/storage.h
+++ b/src/lxc/storage/storage.h
@@ -128,7 +128,6 @@ extern struct lxc_storage *storage_create(const char *dest, const char *type,
extern void storage_put(struct lxc_storage *bdev);
extern bool storage_destroy(struct lxc_conf *conf);
-/* callback function to be used with userns_exec_1() */
extern int storage_destroy_wrapper(void *data);
extern bool rootfs_is_blockdev(struct lxc_conf *conf);
From d22c7f3609c86d19f3e6c947e65fc2eebff3f3a7 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 24 Sep 2017 13:51:03 +0200
Subject: [PATCH 2/7] network: remove dead assignments
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/network.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/lxc/network.c b/src/lxc/network.c
index 9561f70ec..121230762 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -922,7 +922,6 @@ int netdev_get_mtu(int ifindex)
goto out;
recv_len = err;
- err = 0;
/* Satisfy the typing for the netlink macros */
msg = answer->nlmsghdr;
@@ -1363,7 +1362,6 @@ int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr)
data = (unsigned char *)sockaddr->sa_data;
while ((*macaddr != '\0') && (i < ETH_ALEN)) {
- val = 0;
c = *macaddr++;
if (isdigit(c))
val = c - '0';
From e5540c9974f6942ca62a54a0251c6f03a7bd1e03 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 10 Sep 2017 09:38:57 +0200
Subject: [PATCH 3/7] confile: preserve newlines
Users were confused when the config file created during cloning or copying a
container suddenly missed all newlines. Let's keep them.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/confile.c | 41 ++++++++++++++++++++++++-----------------
1 file changed, 24 insertions(+), 17 deletions(-)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index d61e7b8f2..4adfeccc4 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -2299,44 +2299,51 @@ struct parse_line_conf {
static int parse_line(char *buffer, void *data)
{
- struct lxc_config_t *config;
char *dot, *key, *line, *linep, *value;
- struct parse_line_conf *plc = data;
+ bool empty_line;
+ struct lxc_config_t *config;
int ret = 0;
+ char *dup = buffer;
+ struct parse_line_conf *plc = data;
- if (lxc_is_line_empty(buffer))
- return 0;
+ /* If there are newlines in the config file we should keep them. */
+ empty_line = lxc_is_line_empty(dup);
+ if (empty_line)
+ dup = "\n";
/* we have to dup the buffer otherwise, at the re-exec for
* reboot we modified the original string on the stack by
* replacing '=' by '\0' below
*/
linep = line = strdup(buffer);
- if (!line) {
- SYSERROR("failed to allocate memory for '%s'", buffer);
+ if (!line)
return -1;
+
+ if (!plc->from_include) {
+ ret = append_unexp_config_line(line, plc->conf);
+ if (ret < 0)
+ goto on_error;
}
- if (!plc->from_include)
- if ((ret = append_unexp_config_line(line, plc->conf)))
- goto out;
+ if (empty_line)
+ return 0;
line += lxc_char_left_gc(line, strlen(line));
/* ignore comments */
if (line[0] == '#')
- goto out;
+ goto on_error;
/* martian option - don't add it to the config itself */
if (strncmp(line, "lxc.", 4))
- goto out;
+ goto on_error;
ret = -1;
- dot = strstr(line, "=");
+ dot = strchr(line, '=');
if (!dot) {
- ERROR("invalid configuration line: %s", line);
- goto out;
+ ERROR("Invalid configuration line: %s", line);
+ goto on_error;
}
*dot = '\0';
@@ -2358,13 +2365,13 @@ static int parse_line(char *buffer, void *data)
config = lxc_getconfig(key);
if (!config) {
- ERROR("unknown key %s", key);
- goto out;
+ ERROR("Unknown configuration key \"%s\"", key);
+ goto on_error;
}
ret = config->set(key, value, plc->conf, data);
-out:
+on_error:
free(linep);
return ret;
}
From e5131a3df8c2d0e0b998f4436f602caa94af2b79 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 10 Sep 2017 13:49:18 +0200
Subject: [PATCH 4/7] execute: enable console & standard /dev symlinks
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/conf.c | 13 ++++++++-----
src/lxc/console.c | 10 ----------
2 files changed, 8 insertions(+), 15 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 55e3a9e09..56d5cc080 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -723,7 +723,7 @@ static const struct dev_symlinks dev_symlinks[] = {
{"/proc/self/fd/2", "stderr"},
};
-static int setup_dev_symlinks(const struct lxc_rootfs *rootfs)
+static int lxc_setup_dev_symlinks(const struct lxc_rootfs *rootfs)
{
char path[MAXPATHLEN];
int ret,i;
@@ -3159,8 +3159,10 @@ int lxc_setup(struct lxc_handler *handler)
}
}
- if (!lxc_conf->is_execute && lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console, lxc_conf->ttydir)) {
- ERROR("failed to setup the console for '%s'", name);
+ ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console,
+ lxc_conf->ttydir);
+ if (ret < 0) {
+ ERROR("Failed to setup console");
return -1;
}
@@ -3169,8 +3171,9 @@ int lxc_setup(struct lxc_handler *handler)
ERROR("failed to setup kmsg for '%s'", name);
}
- if (!lxc_conf->is_execute && setup_dev_symlinks(&lxc_conf->rootfs)) {
- ERROR("failed to setup /dev symlinks for '%s'", name);
+ ret = lxc_setup_dev_symlinks(&lxc_conf->rootfs);
+ if (ret < 0) {
+ ERROR("Failed to setup /dev symlinks");
return -1;
}
diff --git a/src/lxc/console.c b/src/lxc/console.c
index c882b85c6..c8e545eb4 100644
--- a/src/lxc/console.c
+++ b/src/lxc/console.c
@@ -228,11 +228,6 @@ extern int lxc_console_mainloop_add(struct lxc_epoll_descr *descr,
{
struct lxc_console *console = &conf->console;
- if (conf->is_execute) {
- INFO("no console for lxc-execute.");
- return 0;
- }
-
if (!conf->rootfs.path) {
INFO("no rootfs, no console.");
return 0;
@@ -526,11 +521,6 @@ int lxc_console_create(struct lxc_conf *conf)
struct lxc_console *console = &conf->console;
int ret;
- if (conf->is_execute) {
- INFO("not allocating a console device for lxc-execute.");
- return 0;
- }
-
if (!conf->rootfs.path) {
INFO("container does not have a rootfs, console device will be shared with the host");
return 0;
From fc7b8d7ececc9380772145049d1aa9852943fa3c Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 24 Sep 2017 13:58:57 +0200
Subject: [PATCH 5/7] storage: avoid segfault
When the "lxc.rootfs.path" property is not set and users request a container
copy we would segfault since strstr() would be called on a NULL pointer.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/storage/storage.c | 9 +++++++--
1 file changed, 7 insertions(+), 2 deletions(-)
diff --git a/src/lxc/storage/storage.c b/src/lxc/storage/storage.c
index 820fd2407..90053152e 100644
--- a/src/lxc/storage/storage.c
+++ b/src/lxc/storage/storage.c
@@ -312,9 +312,14 @@ struct lxc_storage *storage_copy(struct lxc_container *c0, const char *cname,
const char *oldpath = c0->config_path;
struct rsync_data data;
- /* if the container name doesn't show up in the rootfs path, then
- * we don't know how to come up with a new name
+ /* If the container name doesn't show up in the rootfs path, then we
+ * don't know how to come up with a new name.
*/
+ if (!src) {
+ ERROR("No rootfs specified");
+ return NULL;
+ }
+
if (strstr(src, oldname) == NULL) {
ERROR(
"original rootfs path %s doesn't include container name %s",
From a51c14157863e7f2b14adb10aa98d6d05068a6dc Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 24 Sep 2017 14:01:44 +0200
Subject: [PATCH 6/7] doc: document missing env variables
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
doc/lxc.container.conf.sgml.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index df93674c5..84375b13e 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -1398,6 +1398,8 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<listitem><para> LXC_CONFIG_FILE: the path to the container configuration file. </para></listitem>
<listitem><para> LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. </para></listitem>
<listitem><para> LXC_ROOTFS_PATH: this is the lxc.rootfs entry for the container. Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. </para></listitem>
+ <listitem><para> LXC_CGNS_AWARE: indicated whether the container is cgroup namespace aware. </para></listitem>
+ <listitem><para> LXC_LOG_LEVEL: the container's log level. </para></listitem>
</itemizedlist>
</para>
<para>
From 74d8ec2fb6f4b84481341d1e720914c0c9834a7f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Sun, 24 Sep 2017 14:07:31 +0200
Subject: [PATCH 7/7] cgfsng: fail when limits fail to apply
So far, we silently skipped over limits that failed to be applied which is very
odd. Let's error on when cgroup limits fail to apply.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
src/lxc/cgroups/cgfsng.c | 27 +++++++++++++++++----------
1 file changed, 17 insertions(+), 10 deletions(-)
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index e1b2f61b6..a3f0ce381 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1913,21 +1913,28 @@ static int cgfsng_set(const char *filename, const char *value, const char *name,
*/
static int lxc_cgroup_set_data(const char *filename, const char *value, struct cgfsng_handler_data *d)
{
- char *subsystem = NULL, *p;
- int ret = -1;
+ char *fullpath, *p;
struct hierarchy *h;
+ int ret = 0;
+ char *controller = NULL;
- subsystem = alloca(strlen(filename) + 1);
- strcpy(subsystem, filename);
- if ((p = strchr(subsystem, '.')) != NULL)
+ controller = alloca(strlen(filename) + 1);
+ strcpy(controller, filename);
+ if ((p = strchr(controller, '.')) != NULL)
*p = '\0';
- h = get_hierarchy(subsystem);
- if (h) {
- char *fullpath = must_make_path(h->fullcgpath, filename, NULL);
- ret = lxc_write_to_file(fullpath, value, strlen(value), false);
- free(fullpath);
+ h = get_hierarchy(controller);
+ if (!h) {
+ ERROR("Failed to setup limits for the \"%s\" controller. "
+ "The controller seems to be unused by \"cgfsng\" cgroup "
+ "driver or not enabled on the cgroup hierarchy",
+ controller);
+ return -1;
}
+
+ fullpath = must_make_path(h->fullcgpath, filename, NULL);
+ ret = lxc_write_to_file(fullpath, value, strlen(value), false);
+ free(fullpath);
return ret;
}
More information about the lxc-devel
mailing list