[lxc/lxc] c222fb: gitignore: Simplify
3 views
Skip to first unread message
Aleksa Sarai
Dec 16, 2022, 11:45:03 AM12/16/22
to lxc-...@lists.linuxcontainers.org
Branch: refs/heads/stable-5.0
Home: https://github.com/lxc/lxc
Commit: c222fb5676aca4d0ad853d54cee339dd01b5076a
https://github.com/lxc/lxc/commit/c222fb5676aca4d0ad853d54cee339dd01b5076a
Author: Stéphane Graber <stgr...@ubuntu.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .gitignore
Log Message:
-----------
gitignore: Simplify
The move to meson has made it so that all rendered/built files are now
nicely self-contained. This lets us greatly simplify our gitignore,
effectively just ignoring release tarballs and the few usual temporary
files we may deal with during development.
Signed-off-by: Stéphane Graber <stgr...@ubuntu.com>
Commit: 02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
https://github.com/lxc/lxc/commit/02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/mount_utils.h
Log Message:
-----------
build: check for FS_CONFIG_* header symbol in sys/mount.h
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 497479ea3b8d13900a8f9427a5ade8a51facd7ab
https://github.com/lxc/lxc/commit/497479ea3b8d13900a8f9427a5ade8a51facd7ab
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/macro.h
M src/lxc/mount_utils.h
M src/lxc/syscall_wrappers.h
M src/lxc/utils.c
Log Message:
-----------
tree-wide: wipe direct or indirect linux/mount.h inclusion
It is incompatible with sys/mount.h and causes massive headaches.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: c9bca33263ed82190edc77960cdc19c3088167e6
https://github.com/lxc/lxc/commit/c9bca33263ed82190edc77960cdc19c3088167e6
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/process_utils.c
M src/lxc/process_utils.h
M src/lxc/start.c
M src/lxc/start.h
M src/tests/reboot.c
Log Message:
-----------
tree-wide: use struct clone_args directly
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87
https://github.com/lxc/lxc/commit/d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/file_utils.c
M src/lxc/mount_utils.c
M src/lxc/syscall_wrappers.h
M src/lxc/utils.c
Log Message:
-----------
tree-wide: use struct open_how directly
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: e2b8776bbb691914bcd88cfa29bf6b82d4276ef9
https://github.com/lxc/lxc/commit/e2b8776bbb691914bcd88cfa29bf6b82d4276ef9
Author: Cameron Nemo <c...@nohom.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
meson: fix docbook2x detection
docbook2man can sometimes be docbook2x and other times be docbook-utils.
Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <c...@nohom.org>
Commit: d5d7e2036ba9364386c9dc49bdda945bb0068be9
https://github.com/lxc/lxc/commit/d5d7e2036ba9364386c9dc49bdda945bb0068be9
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/macro.h
M src/lxc/mainloop.h
Log Message:
-----------
tree-wide: minimize liburing.h inclusion
because it brings in linux/fs.h and defines struct open_how.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 460243f406ad83cdd33a2502567adc3d81f87341
https://github.com/lxc/lxc/commit/460243f406ad83cdd33a2502567adc3d81f87341
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.h
M src/lxc/mount_utils.h
M src/lxc/syscall_wrappers.h
Log Message:
-----------
mount: move mount utilities from syscall_wrappers.h into mount_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 51b8763b030899a3c6b57f0326377b0d53a981ff
https://github.com/lxc/lxc/commit/51b8763b030899a3c6b57f0326377b0d53a981ff
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/mount_utils.c
Log Message:
-----------
mount_utils: remove conf.h include
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 02900160c8314c28b517b79c8ea11c290e57a133
https://github.com/lxc/lxc/commit/02900160c8314c28b517b79c8ea11c290e57a133
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
build: prevent the inclusion of linux/mount.h with a hack
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: ca863bd7226de92fa4c5865fabf12e131390c033
https://github.com/lxc/lxc/commit/ca863bd7226de92fa4c5865fabf12e131390c033
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/attach.c
M src/lxc/caps.c
M src/lxc/cgroups/cgfsng.c
M src/lxc/cgroups/cgroup.c
M src/lxc/cgroups/cgroup_utils.c
M src/lxc/cmd/meson.build
M src/lxc/conf.c
M src/lxc/file_utils.c
M src/lxc/file_utils.h
M src/lxc/lsm/apparmor.c
M src/lxc/lsm/selinux.c
M src/lxc/lxccontainer.c
M src/lxc/meson.build
M src/lxc/mount_utils.c
A src/lxc/open_utils.h
M src/lxc/pam/meson.build
M src/lxc/storage/dir.c
M src/lxc/syscall_wrappers.h
M src/lxc/terminal.c
M src/lxc/utils.c
Log Message:
-----------
tree-wide: split open helpers into open_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: f1a61a5f05332d7a8323d8be50cc88e1310173fd
https://github.com/lxc/lxc/commit/f1a61a5f05332d7a8323d8be50cc88e1310173fd
Author: Chen Qi <Qi....@windriver.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
use sd_bus_call_method_async to replace the asyncv one
The sd_bus_call_method_asyncv's 10th parameter is of type
va_list and supplying NULL when invoking it causes compilation
error. Just replace it with the async one.
Signed-off-by: Chen Qi <Qi....@windriver.com>
Commit: 0e9e64db86050c5c5dca5f07b31ff00d92e9c135
https://github.com/lxc/lxc/commit/0e9e64db86050c5c5dca5f07b31ff00d92e9c135
Author: Neil.wrz <wangr...@huawei.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/arguments.h
Log Message:
-----------
fix error message when use tools with -? option
Signed-off-by: Neil.wrz <wangr...@huawei.com>
Commit: e08c1b740d4a1b788dbcf8fa9622e1af390188d4
https://github.com/lxc/lxc/commit/e08c1b740d4a1b788dbcf8fa9622e1af390188d4
Author: Alex <93376818+...@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/cifuzz.yml
Log Message:
-----------
Update cifuzz.yml
Signed-off-by: sashashura <93376818+...@users.noreply.github.com>
Signed-off-by: Alex <93376818+...@users.noreply.github.com>
Commit: 8fa6d765a02ad3d75a9c71f08fa0381d7594e652
https://github.com/lxc/lxc/commit/8fa6d765a02ad3d75a9c71f08fa0381d7594e652
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
M .github/workflows/sanitizers.yml
M .github/workflows/static-analysis.yml
Log Message:
-----------
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: a6287882ec28b1579b686d201480cb0beb78576b
https://github.com/lxc/lxc/commit/a6287882ec28b1579b686d201480cb0beb78576b
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: allow cross-device links
Fixes: https://github.com/lxc/lxd/issues/10914
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 9316939459ba167299960fb28d1e9477736fc79b
https://github.com/lxc/lxc/commit/9316939459ba167299960fb28d1e9477736fc79b
Author: DarkGuySM <78262720+...@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M README.md
Log Message:
-----------
Update README.md
Corrected grammar in readme.
Signed-off-by: DarkGuySM <78262720+...@users.noreply.github.com>
Commit: 011faff362e0e7c1c86121937f284ac8c64aba9f
https://github.com/lxc/lxc/commit/011faff362e0e7c1c86121937f284ac8c64aba9f
Author: Mohammed Ajmal Siddiqui <ajmalsi...@gmail.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/lxc_attach.c
Log Message:
-----------
lxc-attach: Fix lost return codes of spawned processes that are killed
lxc-attach swallows the return codes of processes that are terminated
via a signal, and by default exits with a return code of 0 (i.e.
indicating success) even if the command it tried to execute was
terminated.
This patch fixes it by explicitly checking if the process was terminated
via a signal, and returning an appropriate exit code.
Note that we add 128 to the signal value to generate the exit code
because by convention the exit code is 128 + signal number. e.g. if a
process is killed via signal 9, then the error code is 9 + 128 = 137.
Signed-off-by: Mohammed Ajmal Siddiqui <ajmalsi...@gmail.com>
Commit: 9165ff1edf3ee289f265a378ac6744487184e7fc
https://github.com/lxc/lxc/commit/9165ff1edf3ee289f265a378ac6744487184e7fc
Author: Thomas Parrott <thomas....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
lxc/attach: Detect EACCES from execvp and convert to 126 exit status
Before:
sudo lxc-attach -n test /etc/passwd ; echo $?
lxc-attach: test: ../src/lxc/attach.c: lxc_attach_run_command: 1841 Permission denied - Failed to exec "/etc/passwd"
255
After:
sudo lxc-attach -n test /etc/passwd ; echo $?
lxc-attach: test: ../src/lxc/attach.c: lxc_attach_run_command: 1841 Permission denied - Failed to exec "/etc/passwd"
126
Which better aligns with bash:
/etc/passwd; echo $?
bash: /etc/passwd: Permission denied
126
Signed-off-by: Thomas Parrott <thomas....@canonical.com>
Commit: 77e08b88780d14861ad648647e118c6be283f736
https://github.com/lxc/lxc/commit/77e08b88780d14861ad648647e118c6be283f736
Author: Po-Hsu Lin <po-hs...@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/lxc_destroy.c
Log Message:
-----------
tools: lxc-destroy: update help message for --force
Looks like the --force is a flag to stop a running container before
destroying it.
Update the help message accordingly.
Signed-off-by: Po-Hsu Lin <po-hs...@canonical.com>
Commit: 495b1bbf45d558fa4f906500c9ab15dd1a877a1a
https://github.com/lxc/lxc/commit/495b1bbf45d558fa4f906500c9ab15dd1a877a1a
Author: Po-Hsu Lin <po-hs...@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/tests/lxc-test-checkpoint-restore
Log Message:
-----------
tests: lxc-test-checkpoint-restore: use trap to do cleanup
This test will fail on Jammy 5.15, and because of the "set -e" it
will never go through the lxc-stop and lxc-destroy code in the end
of this script. Thus the lxc-test-criu container will not be removed.
Compose a cleanup() and use TRAP to solve this problem.
Signed-off-by: Po-Hsu Lin <po-hs...@canonical.com>
Commit: 5749e2e209e0627a929a60f96f73919264a0dacc
https://github.com/lxc/lxc/commit/5749e2e209e0627a929a60f96f73919264a0dacc
Author: HisShadow <shadow...@gmail.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/commands.c
M src/lxc/conf.c
M src/lxc/error_utils.h
M src/lxc/file_utils.c
M src/lxc/network.c
M src/lxc/string_utils.c
Log Message:
-----------
Unroll IN_SET since the max usage is 2 elements check
Signed-off-by: HisShadow <shadow...@gmail.com>
Commit: 748720cebc7cd1710f8dfe277e69ab0ee4bd5e7c
https://github.com/lxc/lxc/commit/748720cebc7cd1710f8dfe277e69ab0ee4bd5e7c
Author: Mathias Gibbens <gib...@debian.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/tests/reboot.c
Log Message:
-----------
tests: lxc-test-reboot: Fix build on ia64
Add the prototype for __clone2(...) that is used on ia64, and adjust the
code to use it via macro tests.
Verified that the code compiles properly on Debian's ia64 porterbox
(yttrium), but was unable to actually run as lxc-test-reboot requires
root privileges.
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: 4dcc84c6b9db37661fefe1b37a4dd6fa3850406c
https://github.com/lxc/lxc/commit/4dcc84c6b9db37661fefe1b37a4dd6fa3850406c
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M README.md
Log Message:
-----------
README: remove lgtm
It's more or less dead. If we care about a service like this we should use
something else.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 2662959b8bba3657e5d02025932b0bf8a2f748e9
https://github.com/lxc/lxc/commit/2662959b8bba3657e5d02025932b0bf8a2f748e9
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: use userns_exec_full() during cgroup removal
When removing cgroups we can't always use the minimal idmap if the user has
specified a specific map for the container instead of just a simple one.
Execute cgroup removal under the full map.
Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 06b4612eecfdccb238612f51b7207441c1c23de0
https://github.com/lxc/lxc/commit/06b4612eecfdccb238612f51b7207441c1c23de0
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: only allocate user namespace if we have to
If the monitor runs as root we can assume it's able to remove the cgroups it
created when the container started.
Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 58e878209ca15fdfa7211d9e7097e4380fcc668a
https://github.com/lxc/lxc/commit/58e878209ca15fdfa7211d9e7097e4380fcc668a
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: create separate peer group for container's root
Finally, we turn the rootfs into a shared mount. Note, that this
doesn't reestablish mount propagation with the hosts mount
namespace. Instead we'll create a new peer group.
We're doing this because most workloads do rely on the rootfs being
a shared mount. For example, systemd daemon like sytemd-udevd run in
their own mount namespace. Their mount namespace has been made a
dependent mount (MS_SLAVE) with the host rootfs as it's dominating
mount. This means new mounts on the host propagate into the
respective services.
This is broken if we leave the container's rootfs a dependent mount.
In which case both the container's rootfs and the service's rootfs
will be dependent mounts with the host's rootfs as their dominating
mount. So if you were to mount over the rootfs from the host it
would not just propagate into the container's mount namespace it
would also propagate into the service. That's nonsense semantics for
nearly all relevant use-cases. Instead, establish the container's
rootfs as a separate peer group mirroring the behavior on the host.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 2ff447445b45e391ae7ee51d6ced43b065ec1e94
https://github.com/lxc/lxc/commit/2ff447445b45e391ae7ee51d6ced43b065ec1e94
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M config/apparmor/abstractions/start-container.in
Log Message:
-----------
apparmor: allow shared mounts in start-container.in
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 9e35b3ecd36bf1c86e135770b57958c2a5fb391c
https://github.com/lxc/lxc/commit/9e35b3ecd36bf1c86e135770b57958c2a5fb391c
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: ensure mount tunnel is a dependent mount
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: a1ead0dccd35810595c497561ee996a7c9f2152c
https://github.com/lxc/lxc/commit/a1ead0dccd35810595c497561ee996a7c9f2152c
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
Log Message:
-----------
github: fix coverity build
1. install meson (ninja is dependency)
2. run meson setup before ninja build
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: bd56c89ea3a02f50e8908316abe85f45cfa1c824
https://github.com/lxc/lxc/commit/bd56c89ea3a02f50e8908316abe85f45cfa1c824
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
Log Message:
-----------
github: fix coverity (add libpam-dev)
Should fix
meson.build:494:0: ERROR: C header 'security/pam_modules.h' not found
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 28a1591cd5730442e4504e4022a2ac7d4ea48eb1
https://github.com/lxc/lxc/commit/28a1591cd5730442e4504e4022a2ac7d4ea48eb1
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/lsm/apparmor.c
Log Message:
-----------
apparmor: properly check lxc_strmmap ret value
Reported-by: coverity (CID #1517320)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 4ce8345d68043482fcdd9acc99159c68d06b5a3c
https://github.com/lxc/lxc/commit/4ce8345d68043482fcdd9acc99159c68d06b5a3c
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/network.c
M src/lxc/nl.h
Log Message:
-----------
network: always initialize struct nl_handler
Despite the fact that struct nl_handler is filled zeros
in netlink_open() there are two cases where we have possible
exit paths from the function before netlink_open() is called.
At the same time we have cleaner registered:
call_cleaner(netlink_close)
Two cases:
- netdev_get_flag
- lxc_ipvlan_create
If we are exiting from these functions before netlink_open()
is called we will close random file descriptor by reading
it from (struct nl_handler)->fd.
Let's just properly initialize this structure in all cases
to prevent this bug in the future.
Reported-by: coverity (CID #1517319 and #1517316)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 0eca8d2ea7e73048ccd3c9b516e94fd4efbdf86e
https://github.com/lxc/lxc/commit/0eca8d2ea7e73048ccd3c9b516e94fd4efbdf86e
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: fix buffer out-of-bounds access in enable_controllers_delegation
Reported-by: coverity (CID #1517317)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 4b434bf52f696d1102cc140290aec76e193fef85
https://github.com/lxc/lxc/commit/4b434bf52f696d1102cc140290aec76e193fef85
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: check snprintf retval in unpriv_systemd_create_scope
Reported-by: coverity (CID #1517315)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 7802f3647ed52b1e856a6cd4ebdcf7e59690e67a
https://github.com/lxc/lxc/commit/7802f3647ed52b1e856a6cd4ebdcf7e59690e67a
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/state.c
Log Message:
-----------
state: additional check in lxc_wait to prevent OOB
I can't see a real problem here, but let's just add a check
just in case.
Reported-by: coverity (CID #1517314)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: c89be8325d767774879187a97402d8b2074933ed
https://github.com/lxc/lxc/commit/c89be8325d767774879187a97402d8b2074933ed
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: fix cgroup layout detection in __initialize_cgroups
It looks like we made a mistake while detecting cgroup layout,
we are always set CGFSNG_LAYOUT_UNIFIED bit.
Reported-by: coverity (CID #1497115)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: a330126b45c7c3b6fcf0f9ba6c1eda7bdb4e508a
https://github.com/lxc/lxc/commit/a330126b45c7c3b6fcf0f9ba6c1eda7bdb4e508a
Author: Aleksa Sarai <cyp...@cyphar.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
build: use cc.get_define to detect FS_CONFIG_* symbols
For some reason, openSUSE has a very strange layout in sys/mount.h where
the definition of all of the FS_CONFIG_* idents are present but are
ifdef'd out in such a way that they will never be defined in an actual
build:
#define FSOPEN_CLOEXEC 0x00000001
/* ... */
#ifndef FSOPEN_CLOEXEC
enum fsconfig_command
{
FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
# define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
/* ... */
};
#endif
Unfortunately, while cc.has_header_symbol is faster, it cannot handle
this which results in compilation errors on openSUSE because the
FS_CONFIG_* symbols are actually not defined when compiling even though
the ident is present in the header. Switching to cc.get_define fixes
this issue.
Fixes: cbabe8abf11e ("build: check for FS_CONFIG_* header symbol in sys/mount.h")
Signed-off-by: Aleksa Sarai <cyp...@cyphar.com>
Compare: https://github.com/lxc/lxc/compare/074b9fe66304...a330126b45c7
Home: https://github.com/lxc/lxc
Commit: c222fb5676aca4d0ad853d54cee339dd01b5076a
https://github.com/lxc/lxc/commit/c222fb5676aca4d0ad853d54cee339dd01b5076a
Author: Stéphane Graber <stgr...@ubuntu.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .gitignore
Log Message:
-----------
gitignore: Simplify
The move to meson has made it so that all rendered/built files are now
nicely self-contained. This lets us greatly simplify our gitignore,
effectively just ignoring release tarballs and the few usual temporary
files we may deal with during development.
Signed-off-by: Stéphane Graber <stgr...@ubuntu.com>
Commit: 02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
https://github.com/lxc/lxc/commit/02f4bd00f5b5648b7f71c266d36a961fe54dbfc6
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/mount_utils.h
Log Message:
-----------
build: check for FS_CONFIG_* header symbol in sys/mount.h
Fixes: #4176
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 497479ea3b8d13900a8f9427a5ade8a51facd7ab
https://github.com/lxc/lxc/commit/497479ea3b8d13900a8f9427a5ade8a51facd7ab
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/macro.h
M src/lxc/mount_utils.h
M src/lxc/syscall_wrappers.h
M src/lxc/utils.c
Log Message:
-----------
tree-wide: wipe direct or indirect linux/mount.h inclusion
It is incompatible with sys/mount.h and causes massive headaches.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: c9bca33263ed82190edc77960cdc19c3088167e6
https://github.com/lxc/lxc/commit/c9bca33263ed82190edc77960cdc19c3088167e6
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/process_utils.c
M src/lxc/process_utils.h
M src/lxc/start.c
M src/lxc/start.h
M src/tests/reboot.c
Log Message:
-----------
tree-wide: use struct clone_args directly
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87
https://github.com/lxc/lxc/commit/d1dfce9c59067aac0a22cdffe8b6d80f6bbdae87
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/file_utils.c
M src/lxc/mount_utils.c
M src/lxc/syscall_wrappers.h
M src/lxc/utils.c
Log Message:
-----------
tree-wide: use struct open_how directly
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: e2b8776bbb691914bcd88cfa29bf6b82d4276ef9
https://github.com/lxc/lxc/commit/e2b8776bbb691914bcd88cfa29bf6b82d4276ef9
Author: Cameron Nemo <c...@nohom.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
meson: fix docbook2x detection
docbook2man can sometimes be docbook2x and other times be docbook-utils.
Rather than compare paths, use version constraints to detect version.
Signed-off-by: Cameron Nemo <c...@nohom.org>
Commit: d5d7e2036ba9364386c9dc49bdda945bb0068be9
https://github.com/lxc/lxc/commit/d5d7e2036ba9364386c9dc49bdda945bb0068be9
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/macro.h
M src/lxc/mainloop.h
Log Message:
-----------
tree-wide: minimize liburing.h inclusion
because it brings in linux/fs.h and defines struct open_how.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 460243f406ad83cdd33a2502567adc3d81f87341
https://github.com/lxc/lxc/commit/460243f406ad83cdd33a2502567adc3d81f87341
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.h
M src/lxc/mount_utils.h
M src/lxc/syscall_wrappers.h
Log Message:
-----------
mount: move mount utilities from syscall_wrappers.h into mount_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 51b8763b030899a3c6b57f0326377b0d53a981ff
https://github.com/lxc/lxc/commit/51b8763b030899a3c6b57f0326377b0d53a981ff
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/mount_utils.c
Log Message:
-----------
mount_utils: remove conf.h include
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 02900160c8314c28b517b79c8ea11c290e57a133
https://github.com/lxc/lxc/commit/02900160c8314c28b517b79c8ea11c290e57a133
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
build: prevent the inclusion of linux/mount.h with a hack
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: ca863bd7226de92fa4c5865fabf12e131390c033
https://github.com/lxc/lxc/commit/ca863bd7226de92fa4c5865fabf12e131390c033
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/attach.c
M src/lxc/caps.c
M src/lxc/cgroups/cgfsng.c
M src/lxc/cgroups/cgroup.c
M src/lxc/cgroups/cgroup_utils.c
M src/lxc/cmd/meson.build
M src/lxc/conf.c
M src/lxc/file_utils.c
M src/lxc/file_utils.h
M src/lxc/lsm/apparmor.c
M src/lxc/lsm/selinux.c
M src/lxc/lxccontainer.c
M src/lxc/meson.build
M src/lxc/mount_utils.c
A src/lxc/open_utils.h
M src/lxc/pam/meson.build
M src/lxc/storage/dir.c
M src/lxc/syscall_wrappers.h
M src/lxc/terminal.c
M src/lxc/utils.c
Log Message:
-----------
tree-wide: split open helpers into open_utils.h
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: f1a61a5f05332d7a8323d8be50cc88e1310173fd
https://github.com/lxc/lxc/commit/f1a61a5f05332d7a8323d8be50cc88e1310173fd
Author: Chen Qi <Qi....@windriver.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
use sd_bus_call_method_async to replace the asyncv one
The sd_bus_call_method_asyncv's 10th parameter is of type
va_list and supplying NULL when invoking it causes compilation
error. Just replace it with the async one.
Signed-off-by: Chen Qi <Qi....@windriver.com>
Commit: 0e9e64db86050c5c5dca5f07b31ff00d92e9c135
https://github.com/lxc/lxc/commit/0e9e64db86050c5c5dca5f07b31ff00d92e9c135
Author: Neil.wrz <wangr...@huawei.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/arguments.h
Log Message:
-----------
fix error message when use tools with -? option
Signed-off-by: Neil.wrz <wangr...@huawei.com>
Commit: e08c1b740d4a1b788dbcf8fa9622e1af390188d4
https://github.com/lxc/lxc/commit/e08c1b740d4a1b788dbcf8fa9622e1af390188d4
Author: Alex <93376818+...@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/cifuzz.yml
Log Message:
-----------
Update cifuzz.yml
Signed-off-by: sashashura <93376818+...@users.noreply.github.com>
Signed-off-by: Alex <93376818+...@users.noreply.github.com>
Commit: 8fa6d765a02ad3d75a9c71f08fa0381d7594e652
https://github.com/lxc/lxc/commit/8fa6d765a02ad3d75a9c71f08fa0381d7594e652
Author: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
M .github/workflows/sanitizers.yml
M .github/workflows/static-analysis.yml
Log Message:
-----------
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <sup...@github.com>
Commit: a6287882ec28b1579b686d201480cb0beb78576b
https://github.com/lxc/lxc/commit/a6287882ec28b1579b686d201480cb0beb78576b
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: allow cross-device links
Fixes: https://github.com/lxc/lxd/issues/10914
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 9316939459ba167299960fb28d1e9477736fc79b
https://github.com/lxc/lxc/commit/9316939459ba167299960fb28d1e9477736fc79b
Author: DarkGuySM <78262720+...@users.noreply.github.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M README.md
Log Message:
-----------
Update README.md
Corrected grammar in readme.
Signed-off-by: DarkGuySM <78262720+...@users.noreply.github.com>
Commit: 011faff362e0e7c1c86121937f284ac8c64aba9f
https://github.com/lxc/lxc/commit/011faff362e0e7c1c86121937f284ac8c64aba9f
Author: Mohammed Ajmal Siddiqui <ajmalsi...@gmail.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/lxc_attach.c
Log Message:
-----------
lxc-attach: Fix lost return codes of spawned processes that are killed
lxc-attach swallows the return codes of processes that are terminated
via a signal, and by default exits with a return code of 0 (i.e.
indicating success) even if the command it tried to execute was
terminated.
This patch fixes it by explicitly checking if the process was terminated
via a signal, and returning an appropriate exit code.
Note that we add 128 to the signal value to generate the exit code
because by convention the exit code is 128 + signal number. e.g. if a
process is killed via signal 9, then the error code is 9 + 128 = 137.
Signed-off-by: Mohammed Ajmal Siddiqui <ajmalsi...@gmail.com>
Commit: 9165ff1edf3ee289f265a378ac6744487184e7fc
https://github.com/lxc/lxc/commit/9165ff1edf3ee289f265a378ac6744487184e7fc
Author: Thomas Parrott <thomas....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/attach.c
Log Message:
-----------
lxc/attach: Detect EACCES from execvp and convert to 126 exit status
Before:
sudo lxc-attach -n test /etc/passwd ; echo $?
lxc-attach: test: ../src/lxc/attach.c: lxc_attach_run_command: 1841 Permission denied - Failed to exec "/etc/passwd"
255
After:
sudo lxc-attach -n test /etc/passwd ; echo $?
lxc-attach: test: ../src/lxc/attach.c: lxc_attach_run_command: 1841 Permission denied - Failed to exec "/etc/passwd"
126
Which better aligns with bash:
/etc/passwd; echo $?
bash: /etc/passwd: Permission denied
126
Signed-off-by: Thomas Parrott <thomas....@canonical.com>
Commit: 77e08b88780d14861ad648647e118c6be283f736
https://github.com/lxc/lxc/commit/77e08b88780d14861ad648647e118c6be283f736
Author: Po-Hsu Lin <po-hs...@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/tools/lxc_destroy.c
Log Message:
-----------
tools: lxc-destroy: update help message for --force
Looks like the --force is a flag to stop a running container before
destroying it.
Update the help message accordingly.
Signed-off-by: Po-Hsu Lin <po-hs...@canonical.com>
Commit: 495b1bbf45d558fa4f906500c9ab15dd1a877a1a
https://github.com/lxc/lxc/commit/495b1bbf45d558fa4f906500c9ab15dd1a877a1a
Author: Po-Hsu Lin <po-hs...@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/tests/lxc-test-checkpoint-restore
Log Message:
-----------
tests: lxc-test-checkpoint-restore: use trap to do cleanup
This test will fail on Jammy 5.15, and because of the "set -e" it
will never go through the lxc-stop and lxc-destroy code in the end
of this script. Thus the lxc-test-criu container will not be removed.
Compose a cleanup() and use TRAP to solve this problem.
Signed-off-by: Po-Hsu Lin <po-hs...@canonical.com>
Commit: 5749e2e209e0627a929a60f96f73919264a0dacc
https://github.com/lxc/lxc/commit/5749e2e209e0627a929a60f96f73919264a0dacc
Author: HisShadow <shadow...@gmail.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/commands.c
M src/lxc/conf.c
M src/lxc/error_utils.h
M src/lxc/file_utils.c
M src/lxc/network.c
M src/lxc/string_utils.c
Log Message:
-----------
Unroll IN_SET since the max usage is 2 elements check
Signed-off-by: HisShadow <shadow...@gmail.com>
Commit: 748720cebc7cd1710f8dfe277e69ab0ee4bd5e7c
https://github.com/lxc/lxc/commit/748720cebc7cd1710f8dfe277e69ab0ee4bd5e7c
Author: Mathias Gibbens <gib...@debian.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/tests/reboot.c
Log Message:
-----------
tests: lxc-test-reboot: Fix build on ia64
Add the prototype for __clone2(...) that is used on ia64, and adjust the
code to use it via macro tests.
Verified that the code compiles properly on Debian's ia64 porterbox
(yttrium), but was unable to actually run as lxc-test-reboot requires
root privileges.
Signed-off-by: Mathias Gibbens <gib...@debian.org>
Commit: 4dcc84c6b9db37661fefe1b37a4dd6fa3850406c
https://github.com/lxc/lxc/commit/4dcc84c6b9db37661fefe1b37a4dd6fa3850406c
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M README.md
Log Message:
-----------
README: remove lgtm
It's more or less dead. If we care about a service like this we should use
something else.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 2662959b8bba3657e5d02025932b0bf8a2f748e9
https://github.com/lxc/lxc/commit/2662959b8bba3657e5d02025932b0bf8a2f748e9
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: use userns_exec_full() during cgroup removal
When removing cgroups we can't always use the minimal idmap if the user has
specified a specific map for the container instead of just a simple one.
Execute cgroup removal under the full map.
Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 06b4612eecfdccb238612f51b7207441c1c23de0
https://github.com/lxc/lxc/commit/06b4612eecfdccb238612f51b7207441c1c23de0
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: only allocate user namespace if we have to
If the monitor runs as root we can assume it's able to remove the cgroups it
created when the container started.
Fixes: https://github.com/lxc/lxd/issues/11108
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 58e878209ca15fdfa7211d9e7097e4380fcc668a
https://github.com/lxc/lxc/commit/58e878209ca15fdfa7211d9e7097e4380fcc668a
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: create separate peer group for container's root
Finally, we turn the rootfs into a shared mount. Note, that this
doesn't reestablish mount propagation with the hosts mount
namespace. Instead we'll create a new peer group.
We're doing this because most workloads do rely on the rootfs being
a shared mount. For example, systemd daemon like sytemd-udevd run in
their own mount namespace. Their mount namespace has been made a
dependent mount (MS_SLAVE) with the host rootfs as it's dominating
mount. This means new mounts on the host propagate into the
respective services.
This is broken if we leave the container's rootfs a dependent mount.
In which case both the container's rootfs and the service's rootfs
will be dependent mounts with the host's rootfs as their dominating
mount. So if you were to mount over the rootfs from the host it
would not just propagate into the container's mount namespace it
would also propagate into the service. That's nonsense semantics for
nearly all relevant use-cases. Instead, establish the container's
rootfs as a separate peer group mirroring the behavior on the host.
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 2ff447445b45e391ae7ee51d6ced43b065ec1e94
https://github.com/lxc/lxc/commit/2ff447445b45e391ae7ee51d6ced43b065ec1e94
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M config/apparmor/abstractions/start-container.in
Log Message:
-----------
apparmor: allow shared mounts in start-container.in
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: 9e35b3ecd36bf1c86e135770b57958c2a5fb391c
https://github.com/lxc/lxc/commit/9e35b3ecd36bf1c86e135770b57958c2a5fb391c
Author: Christian Brauner <bra...@kernel.org>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: ensure mount tunnel is a dependent mount
Signed-off-by: Christian Brauner (Microsoft) <christia...@ubuntu.com>
Commit: a1ead0dccd35810595c497561ee996a7c9f2152c
https://github.com/lxc/lxc/commit/a1ead0dccd35810595c497561ee996a7c9f2152c
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
Log Message:
-----------
github: fix coverity build
1. install meson (ninja is dependency)
2. run meson setup before ninja build
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: bd56c89ea3a02f50e8908316abe85f45cfa1c824
https://github.com/lxc/lxc/commit/bd56c89ea3a02f50e8908316abe85f45cfa1c824
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M .github/workflows/coverity.yml
Log Message:
-----------
github: fix coverity (add libpam-dev)
Should fix
meson.build:494:0: ERROR: C header 'security/pam_modules.h' not found
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 28a1591cd5730442e4504e4022a2ac7d4ea48eb1
https://github.com/lxc/lxc/commit/28a1591cd5730442e4504e4022a2ac7d4ea48eb1
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/lsm/apparmor.c
Log Message:
-----------
apparmor: properly check lxc_strmmap ret value
Reported-by: coverity (CID #1517320)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 4ce8345d68043482fcdd9acc99159c68d06b5a3c
https://github.com/lxc/lxc/commit/4ce8345d68043482fcdd9acc99159c68d06b5a3c
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/network.c
M src/lxc/nl.h
Log Message:
-----------
network: always initialize struct nl_handler
Despite the fact that struct nl_handler is filled zeros
in netlink_open() there are two cases where we have possible
exit paths from the function before netlink_open() is called.
At the same time we have cleaner registered:
call_cleaner(netlink_close)
Two cases:
- netdev_get_flag
- lxc_ipvlan_create
If we are exiting from these functions before netlink_open()
is called we will close random file descriptor by reading
it from (struct nl_handler)->fd.
Let's just properly initialize this structure in all cases
to prevent this bug in the future.
Reported-by: coverity (CID #1517319 and #1517316)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 0eca8d2ea7e73048ccd3c9b516e94fd4efbdf86e
https://github.com/lxc/lxc/commit/0eca8d2ea7e73048ccd3c9b516e94fd4efbdf86e
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: fix buffer out-of-bounds access in enable_controllers_delegation
Reported-by: coverity (CID #1517317)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 4b434bf52f696d1102cc140290aec76e193fef85
https://github.com/lxc/lxc/commit/4b434bf52f696d1102cc140290aec76e193fef85
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: check snprintf retval in unpriv_systemd_create_scope
Reported-by: coverity (CID #1517315)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: 7802f3647ed52b1e856a6cd4ebdcf7e59690e67a
https://github.com/lxc/lxc/commit/7802f3647ed52b1e856a6cd4ebdcf7e59690e67a
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/state.c
Log Message:
-----------
state: additional check in lxc_wait to prevent OOB
I can't see a real problem here, but let's just add a check
just in case.
Reported-by: coverity (CID #1517314)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: c89be8325d767774879187a97402d8b2074933ed
https://github.com/lxc/lxc/commit/c89be8325d767774879187a97402d8b2074933ed
Author: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: fix cgroup layout detection in __initialize_cgroups
It looks like we made a mistake while detecting cgroup layout,
we are always set CGFSNG_LAYOUT_UNIFIED bit.
Reported-by: coverity (CID #1497115)
Signed-off-by: Alexander Mikhalitsyn <aleksandr....@canonical.com>
Commit: a330126b45c7c3b6fcf0f9ba6c1eda7bdb4e508a
https://github.com/lxc/lxc/commit/a330126b45c7c3b6fcf0f9ba6c1eda7bdb4e508a
Author: Aleksa Sarai <cyp...@cyphar.com>
Date: 2022-12-16 (Fri, 16 Dec 2022)
Changed paths:
M meson.build
Log Message:
-----------
build: use cc.get_define to detect FS_CONFIG_* symbols
For some reason, openSUSE has a very strange layout in sys/mount.h where
the definition of all of the FS_CONFIG_* idents are present but are
ifdef'd out in such a way that they will never be defined in an actual
build:
#define FSOPEN_CLOEXEC 0x00000001
/* ... */
#ifndef FSOPEN_CLOEXEC
enum fsconfig_command
{
FSCONFIG_SET_FLAG = 0, /* Set parameter, supplying no value */
# define FSCONFIG_SET_FLAG FSCONFIG_SET_FLAG
/* ... */
};
#endif
Unfortunately, while cc.has_header_symbol is faster, it cannot handle
this which results in compilation errors on openSUSE because the
FS_CONFIG_* symbols are actually not defined when compiling even though
the ident is present in the header. Switching to cc.get_define fixes
this issue.
Fixes: cbabe8abf11e ("build: check for FS_CONFIG_* header symbol in sys/mount.h")
Signed-off-by: Aleksa Sarai <cyp...@cyphar.com>
Compare: https://github.com/lxc/lxc/compare/074b9fe66304...a330126b45c7
Reply all
Reply to author
Forward
0 new messages