[lxc-devel] [lxc/lxc] a1a847: verify cgroup controller name
Christian Brauner
noreply at github.com
Mon Mar 30 18:19:07 UTC 2020
Branch: refs/heads/stable-4.0
Home: https://github.com/lxc/lxc
Commit: a1a847dbc3f15ad2e0096ad4072901b93ebb70c9
https://github.com/lxc/lxc/commit/a1a847dbc3f15ad2e0096ad4072901b93ebb70c9
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/commands.c
Log Message:
-----------
verify cgroup controller name
validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 2f232c5311cc5c84b1d8e71d24047041e464f131
https://github.com/lxc/lxc/commit/2f232c5311cc5c84b1d8e71d24047041e464f131
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
M src/lxc/conf.c
M src/lxc/conf.h
Log Message:
-----------
cgroups: handle older kernels (e.g. v4.9)
On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:
if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
!uid_eq(cred->euid, tcred->uid) &&
!uid_eq(cred->euid, tcred->suid))
ret = -EACCES;
which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.
Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 73e7bdfcdc106bbbc55b1d3f55a83b9251c9a0a1
https://github.com/lxc/lxc/commit/73e7bdfcdc106bbbc55b1d3f55a83b9251c9a0a1
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: log error when failing to create cgroup
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 7e6deea34170c0ce2d8d98b5da1bbb311fc0212a
https://github.com/lxc/lxc/commit/7e6deea34170c0ce2d8d98b5da1bbb311fc0212a
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: send two attach fds
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Commit: 179e2bf8e052b383eb495793c97f4eb6c43fa625
https://github.com/lxc/lxc/commit/179e2bf8e052b383eb495793c97f4eb6c43fa625
Author: Christian Brauner <christian.brauner at ubuntu.com>
Date: 2020-03-30 (Mon, 30 Mar 2020)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: send two fds to attach to unified cgroup
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
Compare: https://github.com/lxc/lxc/compare/d45c0d96583e...179e2bf8e052
More information about the lxc-devel
mailing list