[lxc-devel] [lxc/lxc] ddbb1d: [monitor] wrong statement of break
GitHub
noreply at github.com
Tue Jan 2 00:26:36 UTC 2018
Branch: refs/heads/stable-2.0
Home: https://github.com/lxc/lxc
Commit: ddbb1dbc0ce9cdd47f7306b279b59f59606e6955
https://github.com/lxc/lxc/commit/ddbb1dbc0ce9cdd47f7306b279b59f59606e6955
Author: 独孤昊天 <duguhaotian at users.noreply.github.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/monitor.c
Log Message:
-----------
[monitor] wrong statement of break
if lxc_abstract_unix_connect fail and return -1, this code never goto retry.
Signed-off-by: liuhao <liuhao27 at huawei.com>
Commit: a2f65700daba894566203c9e64c209aff3a705b4
https://github.com/lxc/lxc/commit/a2f65700daba894566203c9e64c209aff3a705b4
Author: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgfsng: Add new macro to print errors
At this point, macros such DEBUG or ERROR does not take effect because
this code is called from cgroup_ops_init(cgroup.c), which runs with
__attribute__((constructor)), before any log level is set form any tool
like lxc-start, so these messages are lost.
For now on, use the same LXC_DEBUG_CGFSNG environment variable to
control these messages.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
Commit: ad1ab9690c1482fd0afd7d4fc1ffba5a2646ca96
https://github.com/lxc/lxc/commit/ad1ab9690c1482fd0afd7d4fc1ffba5a2646ca96
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/af_unix.c
M src/lxc/attach.c
M src/tests/attach.c
Log Message:
-----------
attach: simplify significantly
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 00139de841611bae8ee8eae0a9832dfbdbe62636
https://github.com/lxc/lxc/commit/00139de841611bae8ee8eae0a9832dfbdbe62636
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
attach: use lxc_raw_clone()
This let's us simplify the whole file a lot and makes things way clearer. It
also let's us avoid the infamous pid cache.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 94aff6a446de056166483d0d41cd2a3cfba8fd1b
https://github.com/lxc/lxc/commit/94aff6a446de056166483d0d41cd2a3cfba8fd1b
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
attach: handle /proc with hidepid={1,2} property
Receive fd for LSM security module before we set{g,u}id(). The reason is that
on set{g,u}id() the kernel will a) make us undumpable and b) we will change our
effective uid. This means our effective uid will be different from the
effective uid of the process that created us which means that this processs no
longer has capabilities in our namespace including CAP_SYS_PTRACE. This means
we will not be able to read and /proc/<pid> files for the process anymore when
/proc is mounted with hidepid={1,2}. So let's get the lsm label fd before the
set{g,u}id().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 7831a82c45cdfcb7a0da6e908665a765f4e13228
https://github.com/lxc/lxc/commit/7831a82c45cdfcb7a0da6e908665a765f4e13228
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/tests/lxc_raw_clone.c
Log Message:
-----------
tests: expand lxc_raw_clone() tests
- test CLONE_VFORK
- test CLONE_FILES
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: d74dfbb09b3fbb5a9b5f4a6ddc24589dfe81936f
https://github.com/lxc/lxc/commit/d74dfbb09b3fbb5a9b5f4a6ddc24589dfe81936f
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/namespace.h
Log Message:
-----------
namespace: add lxc_raw_getpid()
Because of older glibc's pid cache (up to 2.25) whenever clone() is called the
child must must retrieve it's own pid via lxc_raw_getpid().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 0659cfa40a3536718ed9957ede102adba3219d2d
https://github.com/lxc/lxc/commit/0659cfa40a3536718ed9957ede102adba3219d2d
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/Makefile.am
M src/lxc/af_unix.c
M src/lxc/attach.c
M src/lxc/cgroups/cgfs.c
M src/lxc/cgroups/cgmanager.c
M src/lxc/console.c
M src/lxc/lsm/apparmor.c
M src/lxc/lxc_init.c
M src/lxc/lxc_monitord.c
M src/lxc/lxc_user_nic.c
M src/lxc/lxccontainer.c
M src/lxc/network.c
M src/lxc/start.c
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
tree-wide: s/getpid()/lxc_raw_getpid()/g
This is to avoid bad surprises caused by older glibc's pid cache (up to 2.25)
when using clone().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 3d3691a3a1da0490fc77ab634ff29ac24e9fafbc
https://github.com/lxc/lxc/commit/3d3691a3a1da0490fc77ab634ff29ac24e9fafbc
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/namespace.h
Log Message:
-----------
namespace: comment lxc_{raw_}clone()
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 14c678f1cb3d05c10e4b13d674c937384881aa11
https://github.com/lxc/lxc/commit/14c678f1cb3d05c10e4b13d674c937384881aa11
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/namespace.c
M src/lxc/namespace.h
Log Message:
-----------
namespace: add lxc_raw_clone_cb()
This is a copy-on-write (no stack passed) variant of lxc_clone().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 66fe662e73a4e8d317f3c4c646fb3ba44dc2da6c
https://github.com/lxc/lxc/commit/66fe662e73a4e8d317f3c4c646fb3ba44dc2da6c
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: use lxc_raw_clone_cb() where possible
This way we can rely on the kernel's copy-on-write support similar to fork().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: d9ef6641958bf73083b657b16b529e7f2afead4d
https://github.com/lxc/lxc/commit/d9ef6641958bf73083b657b16b529e7f2afead4d
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: log closing cmd socket and STOPPED state
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 25753d594f5f6b898153b6701335b2689cbf6e05
https://github.com/lxc/lxc/commit/25753d594f5f6b898153b6701335b2689cbf6e05
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: make us dumpable
When set set{u,g}id() the kernel will make us undumpable. This is unnecessary
since we can guarantee that whatever is running inside the child process at
this point this is fully trusted by the parent. Making us dumpable let's users
use debuggers on the child process before the exec as well and also allows us
to open /proc/<child-pid> files in lieu of the child.
Note, that we only need to perform the prctl(PR_SET_DUMPABLE, ...) if our
effective uid on the host is not 0. If our effective uid on the host is 0 then
we will keep all capabilities in the child user namespace across set{g,u}id().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: a2ffd2574a0311717e3fb8d911eaf2c5e6efd436
https://github.com/lxc/lxc/commit/a2ffd2574a0311717e3fb8d911eaf2c5e6efd436
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: simplify cgroup namespace preservation
Since we are now dumpable we can open /proc/<child-pid>/ns/cgroup so let's
avoid the overhead of sending around fds.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 869521255c27632ab498746339bafa1a5a297dc9
https://github.com/lxc/lxc/commit/869521255c27632ab498746339bafa1a5a297dc9
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: fix death signal
On set{g,u}id() the kernel does:
/* dumpability changes */
if (!uid_eq(old->euid, new->euid) ||
!gid_eq(old->egid, new->egid) ||
!uid_eq(old->fsuid, new->fsuid) ||
!gid_eq(old->fsgid, new->fsgid) ||
!cred_cap_issubset(old, new)) {
if (task->mm)
set_dumpable(task->mm, suid_dumpable);
task->pdeath_signal = 0;
smp_wmb();
}
which means we need to re-enable the deat signal after the set{g,u}id().
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: e8560f461950d0e38a02e1a54a5c8cdbb74b2683
https://github.com/lxc/lxc/commit/e8560f461950d0e38a02e1a54a5c8cdbb74b2683
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: handle setting death signal smarter
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: c56c715ce9b0c36f56b356555c96434218f6fedb
https://github.com/lxc/lxc/commit/c56c715ce9b0c36f56b356555c96434218f6fedb
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/console.c
M src/lxc/console.h
M src/lxc/mainloop.c
M src/lxc/mainloop.h
M src/lxc/start.h
Log Message:
-----------
mainloop: add mainloop macros
This makes it clearer why handlers return what value.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 452badd5cba0c57d27676e26f104c95227395d33
https://github.com/lxc/lxc/commit/452badd5cba0c57d27676e26f104c95227395d33
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/mainloop.c
M src/lxc/start.c
M src/lxc/start.h
Log Message:
-----------
mainloop: capture output of short-lived init procs
The handler for the signal fd will detect when the init process of a container
has exited and cause the mainloop to close. However, this can happen before the
console handlers - or any other events for that matter - are handled. So in the
case of init exiting we still need to allow for all buffered input to the
console to be handled before exiting. This allows us to capture output from
short-lived init processes.
This is conceptually equivalent to my implementation of ExecReaderToChannel()
https://github.com/lxc/lxd/blob/master/shared/util_linux.go#L527
Closes #1694.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: f811f7fd8b8fee2131e5e26b36a3fcb7cc378607
https://github.com/lxc/lxc/commit/f811f7fd8b8fee2131e5e26b36a3fcb7cc378607
Author: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/tools/lxc_config.c
Log Message:
-----------
lxc_config: Add -h and --help flags handler
As the other tools already handle, show usage message when -h or --help
are used.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org at gmail.com>
Commit: afa93cd319edf619c4f684d33e213bb7404cc0e3
https://github.com/lxc/lxc/commit/afa93cd319edf619c4f684d33e213bb7404cc0e3
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/mainloop.c
M src/lxc/start.c
Log Message:
-----------
start: properly cleanup mainloop
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 3a6b6e1db08f86e197db74478299bf1ac635c78e
https://github.com/lxc/lxc/commit/3a6b6e1db08f86e197db74478299bf1ac635c78e
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/console.c
Log Message:
-----------
console: do not allow non-pty devices on open()
We don't allow non-pty devices anyway so don't let open() create unneeded
files.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 20c4a521922713a90a9accec4fe9e2ed7933efdc
https://github.com/lxc/lxc/commit/20c4a521922713a90a9accec4fe9e2ed7933efdc
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2018-01-02 (Tue, 02 Jan 2018)
Changed paths:
M src/lxc/mainloop.c
Log Message:
-----------
mainloop: use epoll_create1(EPOLL_CLOEXEC)
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/457df41b186f...20c4a5219227
More information about the lxc-devel
mailing list