[lxc-devel] [lxc/lxc] e17260: af_unix: add lxc_abstract_unix_send_fds_iov
Christian Brauner
noreply at github.com
Tue Jul 9 15:50:46 UTC 2019
Branch: refs/heads/master
Home: https://github.com/lxc/lxc
Commit: e1726045d4ccd493e32e9b7c926ad8b6090734e2
https://github.com/lxc/lxc/commit/e1726045d4ccd493e32e9b7c926ad8b6090734e2
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/af_unix.c
M src/lxc/af_unix.h
Log Message:
-----------
af_unix: add lxc_abstract_unix_send_fds_iov
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: dc85e31eca140c9b760fc75e811d748e74f920d8
https://github.com/lxc/lxc/commit/dc85e31eca140c9b760fc75e811d748e74f920d8
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/af_unix.c
Log Message:
-----------
af_unix: add lxc_abstract_unix_recv_fds_iov()
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 970ef13dd2eed4c8dd24056045a1951d8c5f7696
https://github.com/lxc/lxc/commit/970ef13dd2eed4c8dd24056045a1951d8c5f7696
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/af_unix.c
M src/lxc/af_unix.h
Log Message:
-----------
af_unix: add lxc_unix_connect_type
we want to use SOCK_SEQPACKET and in the future perhaps
SOCK_DATAGRAM as well
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 99d03dec11e289d9be60a4ad3ea95d7397629a5f
https://github.com/lxc/lxc/commit/99d03dec11e289d9be60a4ad3ea95d7397629a5f
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/file_utils.c
M src/lxc/file_utils.h
Log Message:
-----------
file_utils: add lxc_recvmsg_nointr_iov
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 84cf6d259b24e4ad48e3f1fcbb92bf98713a2dbd
https://github.com/lxc/lxc/commit/84cf6d259b24e4ad48e3f1fcbb92bf98713a2dbd
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/confile.c
M src/lxc/lxcseccomp.h
Log Message:
-----------
conf: add lxc.seccomp.notify.cookie
This is an arbitrary string to to be included in proxied
seccomp notification messages.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 4a094eec4a69b74782cb7ff968b88b102468c2bc
https://github.com/lxc/lxc/commit/4a094eec4a69b74782cb7ff968b88b102468c2bc
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M configure.ac
M src/lxc/lxcseccomp.h
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: update notify api
The previous API doesn't reflect the fact that
`seccomp_notif` and `seccomp_notif_resp` are allocatd
dynamically with sizes figured out at runtime.
We now query the sizes via the seccomp(2) syscall and change
`struct seccomp_notify_proxy_msg` to contain the sizes
instead of the data, with the data following afterwards.
Additionally it did not provide a convenient way to identify
the container the message originated from, for which we now
include a cookie configured via `lxc.seccomp.notify.cookie`.
Since we currently always send exactly one request and await
the response immediately, verify the `id` in the client's
response.
Finally, the proxy message's "version" field is removed, and
we reserve 64 bits in its place.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: f910c9e526eb8fbc80d61d56786b80f1b0a0587a
https://github.com/lxc/lxc/commit/f910c9e526eb8fbc80d61d56786b80f1b0a0587a
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: assert that __reserved is 0 in notify responses
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 045ee7210dbe4ca1f250128e3ea4dc2cf7ec519c
https://github.com/lxc/lxc/commit/045ee7210dbe4ca1f250128e3ea4dc2cf7ec519c
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: use SOCK_SEQPACKET for the notify proxy
The seccomp notify API has a few variables: The struct sizes
are queried at runtime, and we now also have a user
configured cookie.
This means that with a SOCK_STREAM connection the proxy
needs to carefully read() the right amount of data based on
the contents of our proxy message struct to avoid ending up
in the middle of a packet.
While for now this may not be too tragic, since we currently
only ever send a single packet and then wait for the
response, we may at some point want to be able to handle
multiple processes simultaneously, hence it makes sense to
switch to a packet based connection.
So switch to using SOCK_SEQPACKET which is packet based,
(and also guarantees ordering). The `MSG_PEEK` flag can be
used with `recvmsg()` to figure out a packet's size on the
other end, and usually the size *should* not change after
that for an existing connection from a running container.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 8a99ab014aa5fc1c8d4830c00546e83e565cbb22
https://github.com/lxc/lxc/commit/8a99ab014aa5fc1c8d4830c00546e83e565cbb22
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: remove reconnect-loop
When we fail to send a message, we send a default seccomp
response and try to reconnect to the proxy. It doesn't
really make much sense to retry to send the request over the
new connection as the syscall has already been answered. The
same goes for receiving the response - after reconnecting to
the proxy, we're a new client to a potentially new proxy
process, so awaiting a response without having sent a
request doesn't make all too much sense either.
In the future we should probably have a timeout or retry
count for the entire proxy _transaction_ before sending a
response to seccomp at all (and probably handle requests
asynchronously).
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 5357b872f7052936a58748b7a338a42c86c2a4fc
https://github.com/lxc/lxc/commit/5357b872f7052936a58748b7a338a42c86c2a4fc
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: don't ignore syscalls when there's no proxy
The container process would just hang.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 3745ee0ec764367da195068dcea9dac0e4ba76e4
https://github.com/lxc/lxc/commit/3745ee0ec764367da195068dcea9dac0e4ba76e4
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: retry connecting to the proxy once
If the first sendmsg() fails, try to reconnect once before
failing. Otherwise if a proxy restarts while no syscall
happens, the next syscall always fails with ENOSYS.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 1370a882bcac001d8e61a152548cdbc3b0a600dd
https://github.com/lxc/lxc/commit/1370a882bcac001d8e61a152548cdbc3b0a600dd
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: send default response when there's no proxy
Particularly, when there's no proxy registered (iow. none
configured but the seccomp profile still had a 'notify'
rule), we don't want to leave them hanging.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: ed3a98c4c260fea0886da822fb5a11304cfa8d4d
https://github.com/lxc/lxc/commit/ed3a98c4c260fea0886da822fb5a11304cfa8d4d
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: keep retrying to reconnect to proxy
If a syscall happens after we already failed to communicate
with the proxy, proxy_fd was -1.
Before the previous commit we'd then be stuck in the state
where there was no proxy registered. With the previous
commit we'd send a default reply and only then try to
reconnect.
Improve this even further by trying to reconnect right at
the start.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 651e63a71980b7e778473f919df3d5580fb0073e
https://github.com/lxc/lxc/commit/651e63a71980b7e778473f919df3d5580fb0073e
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: defer reconnecting to the proxy
With the previous commit we now attempt to reconnect to the
proxy in the beginning of the notify handler if we had no
connection.
If the connection fails later on, we now don't really need
to immediately try to reconnect if we send a default
response anyway (particularly if the recv() fails). (This
also gives the proxy more time, for instance if it was just
restarted.)
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 214008eeb22f53c8d6c75853d240fc635fdb9fbc
https://github.com/lxc/lxc/commit/214008eeb22f53c8d6c75853d240fc635fdb9fbc
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M doc/lxc.container.conf.sgml.in
Log Message:
-----------
doc: document lxc.seccomp.notify.cookie
and fix a minor typo
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 87e547d9c790ccb5c6d8d59da96c9f3082c0e867
https://github.com/lxc/lxc/commit/87e547d9c790ccb5c6d8d59da96c9f3082c0e867
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: recvmsg with MSG_TRUNC
We only read the message without the cookie. For now assert
that the sender also didn't try to send more by letting
`recvmsg()` return the original size of the packet if it was
longer.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 637996a4c3c3597dd4c98ebac917f32af6f85e82
https://github.com/lxc/lxc/commit/637996a4c3c3597dd4c98ebac917f32af6f85e82
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/seccomp.c
Log Message:
-----------
seccomp: send caller pidfd along with proxied requests
On the one hand this should close the race between the
process exiting until the proxy reads the request.
On the other hand it'll help the proxy quickly access info
from /proc (such as ./cwd, ./ns/mnt, ...)
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: b9dab9ef8fa6d7c68b997972e14bcea5c406e8a9
https://github.com/lxc/lxc/commit/b9dab9ef8fa6d7c68b997972e14bcea5c406e8a9
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M src/lxc/af_unix.c
Log Message:
-----------
af_unix: remove unused variable
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 26077e91db1136db05d08d33f6642b783e7ef2f4
https://github.com/lxc/lxc/commit/26077e91db1136db05d08d33f6642b783e7ef2f4
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2019-07-09 (Tue, 09 Jul 2019)
Changed paths:
M configure.ac
M doc/lxc.container.conf.sgml.in
M src/lxc/af_unix.c
M src/lxc/af_unix.h
M src/lxc/confile.c
M src/lxc/file_utils.c
M src/lxc/file_utils.h
M src/lxc/lxcseccomp.h
M src/lxc/seccomp.c
Log Message:
-----------
Merge pull request #3080 from Blub/seccomp-notify-api
Seccomp notify api update
Compare: https://github.com/lxc/lxc/compare/cfc3b342090e...26077e91db11
More information about the lxc-devel
mailing list