mir/lxc
2
0
Fork 0
mirror of git://github.com/lxc/lxc synced 2025-09-04 19:29:48 +00:00
Code Issues Releases Wiki Activity
10,668 Commits 8 Branches 122 Tags
30538e7aedf7d75b51a1742568ab286162e6474d
Commit Graph

10668 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Christian Brauner
58b6132d88 seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD 
[2021-08-18 05:48:26] [build-stdout] mv -f $depbase.Tpo $depbase.Po
[2021-08-18 05:48:26] [build-stderr] seccomp.c: In function ‘seccomp_notify_cleanup_handler’:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1367:25: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1367 |  if (fd == conf->seccomp.notifier.notify_fd)
[2021-08-18 05:48:26] [build-stderr]       |                         ^
[2021-08-18 05:48:26] [build-stderr] In file included from af_unix.h:12,
[2021-08-18 05:48:26] [build-stderr]                  from seccomp.c:14:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:655:26: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   655 |   int __internal_fd__ = (fd); \
[2021-08-18 05:48:26] [build-stderr]       |                          ^~
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:656:4: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   656 |   (fd) = -EBADF;              \
[2021-08-18 05:48:26] [build-stderr]       |    ^~
[2021-08-18 05:48:26] [build-stderr] make[3]: *** [Makefile:4496: seccomp.o] Error 1
[2021-08-18 05:48:26] [build-stdout] make[3]: Leaving directory '/opt/src/src/lxc'
[2021-08-18 05:48:26] [build-stdout] make[2]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stdout] make[1]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stderr] make[2]: *** [Makefile:440: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] make[1]: *** [Makefile:379: all] Error 2
[2021-08-18 05:48:26] [build-stderr] make: *** [Makefile:537: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] + '[' -f build.ninja ']'
[2021-08-18 05:48:26] [build-stdout] Semmle autobuild: no supported build system detected.
[2021-08-18 05:48:26] [build-stderr] + '[' -d ../_lgtm_build_dir ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build.sh ']'
[2021-08-18 05:48:26] [build-stderr] + '[' -f setup.py ']'
[2021-08-18 05:48:26] [build-stderr] + echo 'Semmle autobuild: no supported build system detected.'
[2021-08-18 05:48:26] [build-stderr] + exit 1
[2021-08-18 05:48:26] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/opt/dist/tools/linux64/preload_tracer, /opt/dist/cpp/tools/do-build])
[2021-08-18 05:48:26] [build-stderr] A fatal error occurred: Exit status 1 from command: [/opt/dist/cpp/tools/do-build]
[2021-08-18 05:48:26] [build-stderr] deptrace-server: received exit command
[2021-08-18 05:48:27] [ERROR] Spawned process exited abnormally (code 2; tried to run: [/opt/work/lgtm-workspace/lgtm/extract.sh])
A fatal error occurred: Exit status 2 from command: [/opt/work/lgtm-workspace/lgtm/extract.sh]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:35 +02:00
Christian Brauner
edd448515f tests: use busybox in lxc-test-usernic.in 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:33 +02:00
Christian Brauner
efc14832b0 tests: use busybox in lxc-test-unpriv 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:32 +02:00
Christian Brauner
82b850ddaa tests: use busybox in lxc-test-no-new-privs 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:32 +02:00
Christian Brauner
e13b0012e8 test: use busybox in lxc-test-autostart 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:31 +02:00
Christian Brauner
5e1337c655 test: use busybox in lxc-test-apparmor-mount 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:29 +02:00
Christian Brauner
6292dde621 test: use busybox in lxc-test-apparmor-generated 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:28 +02:00
Christian Brauner
26580f0e16 tests: fix order in sys_mixed 
We need to set the config item after we loaded the config obviously.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:26 +02:00
Christian Brauner
729a423b45 conf: allow for tty allocation even when container did not request separate devpts instance 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:24 +02:00
Christian Brauner
c47e4b6ac0 busybox: simplify 
Start relying on autodev for busybox template and wipe all the device
creation.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:23 +02:00
Christian Brauner
79dc690fa7 busybox: mount sys:ro 
There's no udev so sys doesn't need to be read-write.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:22 +02:00
Christian Brauner
3d95eb893f terminal: use /dev/ptmx when allocating pty devices from devpts instances we didn't mount ourselves 
When we aren't told what devpts instance to allocate from we assume it
is the one in the caller's mount namespace.
This poses a slight complication, a lot of distros will change
permissions on /dev/ptmx so it can be opened by unprivileged users but
will not change permissions on /dev/pts/ptmx itself. In addition,
/dev/ptmx can either be a symlink, a bind-mount, or a separate device
node. So we need to allow for fairly lax lookup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:18 +02:00
Christian Brauner
0f9f5ec0f7 file_utils: add same_device() helper 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:17 +02:00
Po-Hsu Lin
7381a5de50 tests: set lxc-test-automount/createconfig/snapdeps as executable 
The debian/tests/exercise script will skip those non-executable tests
in src/test, thus these three tests were never get tested.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>
 2021-10-14 17:22:12 +02:00
Christian Brauner
65cb2231ad cgroups: simplify offline and isolated cpu handling 
Don't create separate cpumask arrays for them. Just clear the ones that
are set in the original cpumask array.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:11 +02:00
Christian Brauner
23ef48f0d8 cgroups: use semantically clean check in cpuset1_cpus_initialize() 
The variable is a pointer not a integer.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:10 +02:00
Christian Brauner
7b8746b976 cgroups: fix cpumask handling 
Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:09 +02:00
Christian Brauner
b6907488b3 cgroups: fix comments in cpuset1_initialize() 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:08 +02:00
Christian Brauner
0a5347ddbe Revert "cgroups: fix cpu bitmasks" 
This reverts commit e0f7296a6d.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:07 +02:00
Christian Brauner
4bd5942f75 cgroups: s/calloc/zalloc/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:06 +02:00
Jim Ferrigno
38db899380 cgroups: fix cpu bitmasks 
Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:05 +02:00
Christian Brauner
eda2b7467e mainloop: disable IORING_SETUP_SQPOLL for now 
It's a bit more complicated to use then I envisioned here.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:02 +02:00
Christian Brauner
3f3e75c4e2 mainloop: add comments about multishot and oneshot cleanup 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:02 +02:00
Christian Brauner
620f6c9caa mainloop: s/handler_name/name/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:22:00 +02:00
Christian Brauner
1306659ecb mainloop: move variables into tighter scope 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:59 +02:00
Christian Brauner
14f8022a59 memory_utils: make cleanup handler as unused 
They are sometimes used to just clean something up automatically at end
of scope but the variables themselves might not be actually used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:57 +02:00
Christian Brauner
502998699a mainloop: fix io_uring cleanup handling 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:56 +02:00
Christian Brauner
4fc38d526e mainloop: remove CANCEL_RAISE flag 
This is really not needed since we're not checking it anywhere anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:54 +02:00
Christian Brauner
771161376e mainloop: minor fixes 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:53 +02:00
Tycho Andersen
eb218b3943 mainloop: s,sys/poll,poll 
I get the following warning (which then fails the build because of
-Werror):

In file included from mainloop.c:11:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      |  ^~~~~~~

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>
 2021-10-14 17:21:51 +02:00
Simon Deziel
2aad32dca2 lxc-download: add LXC version/compat level to user-agent 
Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
 2021-10-14 17:21:50 +02:00
Christian Brauner
b1f9aee5c4 mainloop: add io_uring support 
Users can choose to compile liblxc with io_uring support. This will
cause LXC to use io_uring instead of epoll.
We're using both, io_uring's one-shot and multi-shot poll mode depending
on the type of handler.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:46 +02:00
Thomas Parrott
aa96b8e35b doc: Adds mention of ability to specify manual IPv4 broadcast address 
See also https://github.com/lxc/lxd/pull/9103

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
 2021-10-14 17:21:42 +02:00
Christian Brauner
5210178135 tree-wide: s/lxc_epoll_descr/lxc_async_descr/g 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:39 +02:00
Christian Brauner
cff59253a0 conf: log session keyring failure on WARN level 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:37 +02:00
Christian Brauner
27217f7c54 cgroups: log at warning instead of error level 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-10-14 17:21:35 +02:00
Edênis Freindorfer Azevedo
983c0dd85a Improve bash completion. 
Use as much as possible from each command `--help` for completion.

Some options require a long list of completions that should be dumped by
some command option. These are not added here yet.

Examples of those are: `lxc-info --config`, `lxc-execute --define` and
`lxc-start --define`.

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:32 +02:00
Edênis Freindorfer Azevedo
2d317f2596 Create rules to add/remove symlinks for bash completion. 
By default, there is no out-of-the-box bash completion for lxc tools.
This is due to dynamic loading of completions, that requires the
completion filename to be the same as the command (e.g. `lxc-start`
expects a completion filename `lxc-start`). But all commands are in file
`lxc`, which is not read.

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:29 +02:00
Edênis Freindorfer Azevedo
ce97c9de05 Fix typo on documentation for lxc-{attach,execute}. 
According to `[1]`, `lxc-attach` uses `-u,-g` instead of `--u,--g`.
According to `[2]`, `lxc-execute` uses `-u,-g` instead of `--u,--g`.

- [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_attach.c#L131-L132
- [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_execute.c#L59-L60

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:23 +02:00
Edênis Freindorfer Azevedo
b8c4234ef1 Fix typo on documentation for lxc-autostart. 
According to `[1,2]`, this command has `--groups` instead of `--group`.

- [1] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L64
- [2] https://github.com/lxc/lxc/blob/stable-4.0/src/lxc/tools/lxc_autostart.c#L84

Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
 2021-10-14 17:21:18 +02:00
Stéphane Graber
cec7cb14b2 Merge pull request #3969 from brauner/2021-09-03.fixes.stable 
tests: fix config file tests
 2021-09-13 08:41:51 -04:00
Christian Brauner
671a65391f tests: fix config file tests 
Link: https://bugs.launchpad.net/bugs/1943441
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-09-13 14:11:05 +02:00
Stéphane Graber
5cbc29d1eb doc/api-extensions: Grammar fix 
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
 2021-08-09 19:42:00 +02:00
Christian Brauner
c9d9085b3f lsm/apparmor: use cleanup macro 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-09 17:38:41 +02:00
Christian Brauner
fcf3e60765 lsm/apparmor: log failure to write AppArmor profile 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-09 17:38:39 +02:00
Christian Brauner
a80856010c network: fix container with empty network namespaces 
Fixes: #3922
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-09 17:38:36 +02:00
Christian Brauner
60f6207ac2 tests: add test for rootfs mount options 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-03 16:18:11 +02:00
Christian Brauner
7997d7fb1c conf: allow mount options for rootfs when using new mount api 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-03 16:18:10 +02:00
Christian Brauner
c2c8a897a8 mount_utils: make some mount helpers static inline 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-03 16:18:09 +02:00
Christian Brauner
72acfa2795 conf: let parse_vfs_attr() handle legacy mount flags as well 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
 2021-08-03 16:18:09 +02:00