2
0
mirror of git://github.com/lxc/lxc synced 2025-08-31 07:09:33 +00:00
Commit Graph

406 Commits

Author SHA1 Message Date
Christian Brauner
a30c52acb7 compiler: -Wdate-time hardening
Warn when macros __TIME__, __DATE__ or __TIMESTAMP__ are encountered as
they might prevent bit-wise-identical reproducible compilations.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:49:48 +01:00
Christian Brauner
fcfce08aba compiler: -Werror=shift-overflow=2 hardening
Warn about left shift overflows. This warning is enabled by default in
C99 and C++11 modes (and newer).

-Wshift-overflow=2
This warning level also warns about left-shifting 1 into the sign bit,
unless C++14 mode (or newer) is active.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:48:32 +01:00
Christian Brauner
463bee7b8d compiler: -Werror=shift-count-overflow hardening
Warn if shift count >= width of type.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:47:31 +01:00
Christian Brauner
3b5a0eebd4 compiler: fix -fstack-protector-strong
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:44:20 +01:00
Christian Brauner
64871d419d compiler: -fdiagnostics-show-option
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:26:13 +01:00
Christian Brauner
a703da6c84 compiler: -Werror=overflow hardening
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:26:00 +01:00
Christian Brauner
4ccb887813 compiler: -Wendif-labels hardening
Do not warn whenever an #else or an #endif are followed by text.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 23:15:05 +01:00
Christian Brauner
5573349673 compiler: set -Wimplicit-fallthrough to 5
-Wimplicit-fallthrough=5 doesn’t recognize any comments as fallthrough
comments, only attributes disable the warning.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:31 +01:00
Christian Brauner
d07545c7da compiler: -Wformat=2 hardening
Enable -Wformat plus additional format checks. Currently equivalent to
-Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:31 +01:00
Christian Brauner
42a2ab35f4 compiler: -Werror=incompatible-pointer-types
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:31 +01:00
Christian Brauner
13311d70fe compiler: -Werror=return-type hardening
Warn whenever a function is defined with a return type that defaults to
int. Also warn about any return statement with no return value in a
function whose return type is not void (falling off the end of the
function body is considered returning without a value).

For C only, warn about a return statement with an expression in a
function whose return type is void, unless the expression type is also
void. As a GNU extension, the latter case is accepted without a warning
unless -Wpedantic is used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:31 +01:00
Christian Brauner
e3b4674d44 compiler: -Wsuggest-attribute=noreturn hardening
Warn about functions that might be candidates for attributes pure, const
or noreturn or malloc.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Christian Brauner
30462b9144 compiler: -Wfloat-equal hardening
Warn if floating-point values are used in equality comparisons.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Christian Brauner
f03f7b5ce5 compiler: -Winit-self hardening
Warn about uninitialized variables that are initialized with themselves.
Note this option can only be used with the -Wuninitialized option.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Christian Brauner
11af5f2ba1 compiler: -Wold-style-definition hardening
Warn if an old-style function definition is used. A warning is given
even if there is a previous prototype.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Christian Brauner
cc0c3a0612 compiler: -Wmissing-include-dirs hardening
Warn if a user-supplied include directory does not exist.

This already surfaced a bug that is fixed by this commit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Christian Brauner
fb3b3ef484 compiler: -Wlogical-op hardening
Warn about suspicious uses of logical operators in expressions.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2019-02-05 22:36:30 +01:00
Stéphane Graber
8465a7f49e Re-enable lxc_devel
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-12-13 18:20:10 -05:00
Stéphane Graber
4dcd858b92 Release LXC 3.1.0
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-12-13 18:12:56 -05:00
Fabrice Fontaine
3aa7271157 configure.ac: fix build without stack-protector
Compiler based hardening (including -fstack-protector-strong) are
enabled since version 3.0.3 and
2268c27754

However, some compilers could missed the needed library (-lssp or
-lssp_nonshared) at linking step so use ax_check_link_flag instead of
ax_check_compile_flag

Fixes:
 - http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2018-12-04 21:13:47 +01:00
Christian Brauner
2268c27754 autotools: compiler based hardening
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-10-20 00:22:18 +02:00
Christian Brauner
a3bb6b8ed9 autools: use -fno-strict-aliasing
The gcc implementation and the C standard are not to be considered sane
in this respect. We don't want to risk reordering of writes when the
compiler incorrectly *thinks* two types do not alias each other.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-10-12 21:23:07 +02:00
Christian Brauner
da5efb6f76 netns_ifaddrs: handle IFLA_STATS{64} correctly
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-30 12:29:19 +02:00
Christian Brauner
e6fe24e134 autotools: support -z relro and -z now
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-28 22:58:20 +02:00
Christian Brauner
b25291da14 utils: add lxc_setup_keyring()
Allocate a new keyring if we can to prevent information leak.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-28 13:41:14 +02:00
Christian Brauner
c73fbad129 configure: fix -Wimplicit-fallthrough check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-28 13:41:14 +02:00
Stéphane Graber
810fd51c92 Merge pull request #2618 from CameronNemo/lxcmountroot
apparmor: account for specified rootfs path (closes #2617)
2018-09-25 14:46:21 -04:00
Christian Brauner
246736be38 autotools: support -Wstrict-prototypes
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-23 20:22:41 +02:00
Christian Brauner
6ce39620fd autotools: support -Wcast-align
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-23 20:22:41 +02:00
Christian Brauner
23b44c365e autotools: fix wrong AX_CHECK_COMPILE_FLAG test
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-21 23:45:33 +02:00
Christian Brauner
292b3910d5 cgroups: switch to lxc.payload as default pattern
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-21 16:47:03 +02:00
Christian Brauner
cf0fd972be autotools: add -Wimplicit-fallthrough
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-09-21 15:24:14 +02:00
Cameron Nemo
b19c5d1237 apparmor: account for specified rootfs path (closes #2617)
Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>
2018-09-20 15:56:05 -07:00
2xsec
5c7bfc0231 log: support dlog
Signed-off-by: 2xsec <dh48.jeong@samsung.com>
2018-09-11 16:04:25 +09:00
Fabrice Fontaine
218e814412 lxc: fix build with --disable-werror
Fix #2592 by defining -Wvla -std=gnu11 even if --disable-werror is set
As -std=gnu11 is always set, bump requirement on gcc from 4.6 to 4.7
(see https://gcc.gnu.org/projects/cxx-status.html#cxx11)

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2018-09-08 21:09:20 +02:00
Christian Brauner
8bc781b419 configure: reorder header checks
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-08-28 20:10:46 +02:00
Christian Brauner
d029e1defd Makefile: conditionalize ifaddrs.h inclusion
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-08-23 14:06:54 +02:00
Christian Brauner
81c76cff14 autotools: add --{disable,enable}-thread-safety
Fail the build if --enable-thread-safety is passed and the environment cannot
guarantee thread-safety.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-08-22 13:41:43 +02:00
Christian Brauner
607e3fcae1 log: handle strerror_r() versions
Closes #2563.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-08-22 13:41:41 +02:00
Christian Brauner
9b5724cd58 autotools: check if compiler is new enough
We line up with the Linux kernel and won't support any compiler under 4.6.
Additionally, we also require at least gnu99 so this is due anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-08-22 00:04:19 +02:00
Christian Brauner
81a56e8029 autotools: default to -Wvla -std=gnu11
We can't really support anything less than gcc-4.8 anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-07-26 16:38:42 +02:00
Wolfgang Bumiller
1800f92473 apparmor: profile generation
This copies lxd's apparmor profile generation. This tries to
detect features such as cgroup namespaces, apparmor
namespaces and stacking support, and has profile parts
conditionally for unprivileged containers.

This introduces the following changes to the configuration:
  lxc.apparmor.profile = generated
    The fixed value 'generated' will cause this
    functionality to be used, otherwise there should be no
    functional changes happening unless specifically
    requested with the next key:
  lxc.apparmor.allow_nesting
    This is a boolean which, if enabled, causes the
    following changes: When generated apparmor profiles are
    used, they will contain the necessary changes to allow
    creating a nested container. In addition to the usual
    mount points, /dev/.lxc/proc and /dev/.lxc/sys will
    contain procfs and sysfs mount points without the lxcfs
    overlays, which, if generated apparmor profiles are
    being used, will not be read/writable directly.
  lxc.apparmor.raw
    A list of raw apparmor profile lines to append to the
    profile. Only valid when using generated profiles.

The following apparmor profile lines have not been copied
from lxd:

  mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,
  mount none -> /var/lib/lxd/shmounts/,
  mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,

They should be added via lxc.apparmor.raw entries by lxd.

In order for apparmor_parser's cache to be of use, this adds
a --with-apparmor-cache-dir ./configure option.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
2018-07-25 14:37:32 +02:00
Christian Brauner
9a5e7ac4a9 include: add strlcat() implementation
CC: Donghwa Jeong <dh48.jeong@samsung.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-20 13:44:02 +02:00
Christian Brauner
477e62b618 include: add getgrgid_r()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-06-15 11:39:23 +02:00
Christian Brauner
91c272a571 strlcpy: add strlcpy() implementation
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2018-05-11 13:32:01 +02:00
Fabrice Fontaine
49bc916b1d Fix compilation with static libcap and shared gnutls
Commit c06ed219c4 has broken
compilation with a static libcap and a shared gnutls.
This results in a build failure on init_lxc_static if gnutls is
a shared library as init_lxc_static is built with -all-static option
(see src/lxc/Makefile.am) and AC_CHECK_LIB adds gnutls to LIBS.

This commit fix the issue by removing default behavior of AC_CHECK_LIB
and handling manually GNUTLS_LIBS and HAVE_LIBGNUTLS

Fixes:
 - http://autobuild.buildroot.net/results/b655d6853c25a195df28d91512b3ffb6c654fc90

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2018-04-07 18:12:12 +02:00
Stéphane Graber
5b66b6ee3e Release LXC 3.0.0
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-03-27 21:49:16 -04:00
Stéphane Graber
b195038dfc configure.ac: Support redhatenterpriseserver
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-03-27 15:21:51 -04:00
Stéphane Graber
769cf3c1cc Release LXC 3.0.0.beta4
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-03-26 23:38:01 -04:00
Stéphane Graber
b53a26168c Release LXC 3.0.0.beta3
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2018-03-23 16:22:00 -04:00