Stéphane Graber
2fb7cf0b32
Revert "tree-wide: use sizeof on static arrays"
...
This reverts commit 81a3bb64b4stgraber@ubuntu.com >
2018-08-31 11:58:17 -07:00
Wolfgang Bumiller
6b28940591
Merge pull request #2435 from brauner/2018-06-27/storage_managed
...
[RFC] conf: introduce lxc.rootfs.managed
2018-08-30 08:28:08 +02:00
Christian Brauner
7cba1a2729
Merge pull request #2577 from Blub/inttype-lengths
...
tree-wide: use sizeof on static arrays
2018-08-29 22:26:46 +02:00
Wolfgang Bumiller
81a3bb64b4
tree-wide: use sizeof on static arrays
...
Instead of duplicating their lengths in read/snprintf/...
calls.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com >
2018-08-29 21:46:39 +02:00
Wolfgang Bumiller
f288e10a59
Merge pull request #2572 from brauner/2018-08-24/musl_fixes
...
build: fix musl + add compiler.h
2018-08-29 21:39:05 +02:00
Stéphane Graber
de2c63143a
Merge pull request #2576 from brauner/2018-08-28/command_init_id
...
commands: always return -1 on lxc_cmd_get_init_pid() err
2018-08-28 11:29:02 -07:00
Christian Brauner
62fc84030b
string_utils: use UINT64_MAX macro
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
1f207a5cd9
caps: move macros to macro header
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
3ef9b3d30f
start: remove duplicate macros
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
9978b4d342
Makefile: correctly add ifaddrs to noinst_HEADERS
...
Before this we only added ifaddrs.h to noinst_HEADERS when we were running on
Android's bionic. That obviously doesn't make sense since it is possible that
ifaddrs.h is not defined and we're also not running on Android's bionic.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
ba2b6354b2
macro: coding style fixes
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
0c5ea884e8
macro: final INTTYPE_TO_STRLEN() related cleanups
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
84226232fb
tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
d33968ade3
conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
9d6ade4ace
tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
40464e8ac6
utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
f1eacafbc8
string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
8335fd40ef
network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:22:24 +02:00
Christian Brauner
397a8d30a8
monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
da07fe61fc
lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
2955a58ab4
macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
c6de4db4f6
lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
3a2c65f877
log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
c77aee6475
confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
c19ad94b0a
cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
69623bfc3d
caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
f246d9b89f
macro: add INTTYPE_TO_STRLEN()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
245532a2ad
macro: add PTR_TO_INT() and INT_TO_PTR()
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
9b8d4c58d4
macro: move LXC_CMD_DATA_MAX from commands.h
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
b1234129fb
macro: add LXC_AUDS_ADDR_LEN
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:14:52 +02:00
Christian Brauner
e8cd120886
commands: ensure -1 is sent on EPIPE for init pid
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Reported-by: Stéphane Graber <stgraber@ubuntu.com >
2018-08-28 20:12:42 +02:00
Christian Brauner
691544a0e4
tests: cleanup Makefile
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:12:42 +02:00
Christian Brauner
c8208ff034
tests: add basic.c
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:12:42 +02:00
Christian Brauner
8ed8a6265b
commands: return -1 on lxc_cmd_get_init_pid() err
...
A while back the whole lxc_cmd() infrastructure was changed to return
meaningful negative error codes. But lxc_cmd_get_init_pid() should always
return -1. Make it so!
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Reported-by: Stéphane Graber <stgraber@ubuntu.com >
2018-08-28 20:12:42 +02:00
Christian Brauner
d7f19646df
compiler: add compiler.h header
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:10:47 +02:00
Christian Brauner
8bc781b419
configure: reorder header checks
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:10:46 +02:00
Christian Brauner
2259663ca0
build: fix musl
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-28 20:10:44 +02:00
Stéphane Graber
7ee4b4b8f0
Merge pull request #2574 from brauner/2018-08-26/cgroup_keep
...
confile: add lxc.cgroup.keep
2018-08-28 11:06:40 -07:00
Christian Brauner
5a087e056f
cgroups: don't escape if lxc.cgroup.keep is true
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Cc: Felix Abecassis <fabecassis@nvidia.com >
Cc: Jonathan Calmels <jcalmels@nvidia.com >
2018-08-27 03:16:41 +02:00
Christian Brauner
76f0e2e739
confile: add lxc.cgroup.keep
...
This adds the new lxc.cgroup.keep config key. The key can be used to instruct
LXC to not escape to never escape to the root cgroup. This makes it easy for
users to adhere to restrictions enforced by cgroup2 and systemd. Specifically,
this makes it possible to run LXC containers as systemd services.
Note that cgroup v1 is considered legacy and will not see additional
controllers being added to it. This means that it is safe to use
lxc.cgroup.keep as config key since there is no "keep" controller. The only way
a conflict can be introduced is if the user is creating a named controller. I
think this case can be safely ignored since it is super rare and also the users
problem.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Cc: Felix Abecassis <fabecassis@nvidia.com >
Cc: Jonathan Calmels <jcalmels@nvidia.com >
2018-08-27 03:07:51 +02:00
Christian Brauner
a7c4ddea9f
start: do not initialize cgroup_ops twice
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-26 19:01:36 +02:00
Wolfgang Bumiller
40a6212ec9
Merge pull request #2570 from brauner/2018-08-23/fix_privileged_logging
...
execute: pass /proc/self/fd/<nr>
2018-08-23 17:58:43 +02:00
Christian Brauner
bf58a98013
execute: pass /proc/self/fd/<nr>
...
Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't
the case when users use lxc.namespace.keep = pid to inherit pid namespaces.
Pass /proc/self/fd/<nr> instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Reported-by: Mrinal Dhillon <mdhillon@juniper.net >
2018-08-23 17:43:03 +02:00
Stéphane Graber
f24e4d0046
Merge pull request #2569 from brauner/2018-08-23/fix_unpriv_execute_logging
...
execute: skip lxc-init logging when unprivileged
2018-08-23 11:30:14 -04:00
Christian Brauner
5c61824350
execute: skip lxc-init logging when unprivileged
...
Unprivileged app containers will not be able to open the passed in
/proc/1/fd/<idx> log path and will thus currently fail completely as soon as
any log level or log file is passed.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
Reported-by: Mrinal Dhillon <mdhillon@juniper.net >
2018-08-23 16:34:20 +02:00
Wolfgang Bumiller
c5dc704ae5
Merge pull request #2568 from brauner/2018-08-22/ifaddrs
...
include: add safe getifaddrs() version
2018-08-23 14:26:42 +02:00
Christian Brauner
d029e1defd
Makefile: conditionalize ifaddrs.h inclusion
...
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-23 14:06:54 +02:00
Christian Brauner
59e9eabe0d
ifaddrs: add safe implementation of getifaddrs()
...
The old version was crazy. This replaces it with an internal version based on
musl.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com >
2018-08-23 14:06:54 +02:00
Stéphane Graber
898b34e658
Merge pull request #2565 from brauner/2018-08-22/more_fixes
...
remove last pam_cgfs special-casing
2018-08-22 18:54:18 -04:00
Christian Brauner
95552b1b5c
Merge pull request #2567 from stgraber/master
...
Fix typo
2018-08-22 20:06:14 +02:00
