mirror of
git://git.proxmox.com/git/lxc.git
synced 2025-03-16 10:50:38 +03:00
bump version to 3.0.0-1
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This commit is contained in:
parent
dc45ad08e4
commit
1513a0b50a
4
Makefile
4
Makefile
@ -1,6 +1,6 @@
|
||||
PACKAGE=lxc-pve
|
||||
LXCVER=2.1.1
|
||||
DEBREL=3
|
||||
LXCVER=3.0.0
|
||||
DEBREL=1
|
||||
|
||||
SRCDIR=lxc
|
||||
BUILDSRC := $(SRCDIR).tmp
|
||||
|
6
debian/changelog
vendored
6
debian/changelog
vendored
@ -1,3 +1,9 @@
|
||||
lxc (3.0.0-1) unstable; urgency=medium
|
||||
|
||||
* update to lxc-3.0.0
|
||||
|
||||
-- Proxmox Support Team <support@proxmox.com> Wed, 28 Mar 2018 13:52:08 +0200
|
||||
|
||||
lxc (2.1.1-3) unstable; urgency=medium
|
||||
|
||||
* add pinned AppArmor feature set for pve-kernel-4.13.13-6-pve
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 92f2489b28e79f7a67f45bc698f1d61785a6537d Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Fri, 10 Feb 2017 09:13:40 +0100
|
||||
Subject: [PATCH 01/13] lxc.service: start after a potential syslog.service
|
||||
Subject: [PATCH] lxc.service: start after a potential syslog.service
|
||||
|
||||
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
---
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 6aecf604cf28c5164f3d957b0ad33bf03527fa26 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Fri, 10 Feb 2017 09:15:37 +0100
|
||||
Subject: [PATCH 02/13] pve: run lxcnetaddbr when instantiating veths
|
||||
Subject: [PATCH] pve: run lxcnetaddbr when instantiating veths
|
||||
|
||||
FIXME: Why aren't we using regular up-scripts?
|
||||
|
||||
@ -11,12 +11,12 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
1 file changed, 5 insertions(+)
|
||||
|
||||
diff --git a/src/lxc/network.c b/src/lxc/network.c
|
||||
index 909b7e58..c9b510f6 100644
|
||||
index e31066cb..d136bad1 100644
|
||||
--- a/src/lxc/network.c
|
||||
+++ b/src/lxc/network.c
|
||||
@@ -208,6 +208,11 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
|
||||
"veth", veth1, (char*) NULL);
|
||||
if (err)
|
||||
@@ -216,6 +216,11 @@ static int instantiate_veth(struct lxc_handler *handler, struct lxc_netdev *netd
|
||||
netdev->upscript, "up", argv);
|
||||
if (err < 0)
|
||||
goto out_delete;
|
||||
+ } else if (netdev->link[0] == '\0') {
|
||||
+ err = run_script(handler->name, "net", "/usr/share/lxc/lxcnetaddbr", "up",
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 8c695baaff8d18a87233ffc119e8fd0495819dbe Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: =?UTF-8?q?Fabian=20Gr=C3=BCnbichler?= <f.gruenbichler@proxmox.com>
|
||||
Date: Wed, 9 Nov 2016 09:14:26 +0100
|
||||
Subject: [PATCH 03/13] deny rw mounting of /sys and /proc
|
||||
Subject: [PATCH] deny rw mounting of /sys and /proc
|
||||
|
||||
this would allow root in a privileged container to change
|
||||
the permissions of /sys on the host, which could lock out
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 6ebdc24c00b4dee75aebef3136469a5297e1d9ee Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Tue, 15 Nov 2016 09:20:24 +0100
|
||||
Subject: [PATCH 04/13] separate the limiting from the namespaced cgroup root
|
||||
Date: Wed, 28 Mar 2018 13:37:28 +0200
|
||||
Subject: [PATCH] separate the limiting from the namespaced cgroup root
|
||||
|
||||
When cgroup namespaces are enabled a privileged container
|
||||
with mixed cgroups has full write access to its own root
|
||||
@ -14,126 +14,72 @@ being used in order to combat this.
|
||||
|
||||
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
---
|
||||
src/lxc/cgroups/cgfs.c | 19 ++++++++---
|
||||
src/lxc/cgroups/cgfsng.c | 79 +++++++++++++++++++++++++++++++++++++--------
|
||||
src/lxc/cgroups/cgmanager.c | 19 ++++++++---
|
||||
src/lxc/cgroups/cgroup.c | 17 +++++-----
|
||||
src/lxc/cgroups/cgroup.h | 22 ++++++++-----
|
||||
src/lxc/commands.c | 76 ++++++++++++++++++++++++++++++++++---------
|
||||
src/lxc/commands.h | 2 ++
|
||||
src/lxc/criu.c | 4 +--
|
||||
src/lxc/start.c | 27 ++++++++++++----
|
||||
9 files changed, 204 insertions(+), 61 deletions(-)
|
||||
src/lxc/cgroups/cgfsng.c | 88 +++++++++++++++++++++++++++++++++++++++---------
|
||||
src/lxc/cgroups/cgroup.c | 17 +++++-----
|
||||
src/lxc/cgroups/cgroup.h | 23 ++++++++-----
|
||||
src/lxc/commands.c | 85 +++++++++++++++++++++++++++++++++++-----------
|
||||
src/lxc/commands.h | 2 ++
|
||||
src/lxc/criu.c | 4 +--
|
||||
src/lxc/start.c | 28 +++++++++++----
|
||||
7 files changed, 186 insertions(+), 61 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c
|
||||
index bcbd6613..573ccb25 100644
|
||||
--- a/src/lxc/cgroups/cgfs.c
|
||||
+++ b/src/lxc/cgroups/cgfs.c
|
||||
@@ -2387,12 +2387,15 @@ static void cgfs_destroy(void *hdata, struct lxc_conf *conf)
|
||||
free(d);
|
||||
}
|
||||
|
||||
-static inline bool cgfs_create(void *hdata)
|
||||
+static inline bool cgfs_create(void *hdata, bool inner)
|
||||
{
|
||||
struct cgfs_data *d = hdata;
|
||||
struct cgroup_process_info *i;
|
||||
struct cgroup_meta_data *md;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d)
|
||||
return false;
|
||||
md = d->meta;
|
||||
@@ -2403,12 +2406,15 @@ static inline bool cgfs_create(void *hdata)
|
||||
return true;
|
||||
}
|
||||
|
||||
-static inline bool cgfs_enter(void *hdata, pid_t pid)
|
||||
+static inline bool cgfs_enter(void *hdata, pid_t pid, bool inner)
|
||||
{
|
||||
struct cgfs_data *d = hdata;
|
||||
struct cgroup_process_info *i;
|
||||
int ret;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d)
|
||||
return false;
|
||||
i = d->info;
|
||||
@@ -2432,10 +2438,12 @@ static inline bool cgfs_create_legacy(void *hdata, pid_t pid)
|
||||
return true;
|
||||
}
|
||||
|
||||
-static const char *cgfs_get_cgroup(void *hdata, const char *subsystem)
|
||||
+static const char *cgfs_get_cgroup(void *hdata, const char *subsystem, bool inner)
|
||||
{
|
||||
struct cgfs_data *d = hdata;
|
||||
|
||||
+ (void)inner;
|
||||
+
|
||||
if (!d)
|
||||
return NULL;
|
||||
return lxc_cgroup_get_hierarchy_path_data(subsystem, d);
|
||||
@@ -2651,13 +2659,16 @@ static bool do_cgfs_chown(char *cgroup_path, struct lxc_conf *conf)
|
||||
return true;
|
||||
}
|
||||
|
||||
-static bool cgfs_chown(void *hdata, struct lxc_conf *conf)
|
||||
+static bool cgfs_chown(void *hdata, struct lxc_conf *conf, bool inner)
|
||||
{
|
||||
struct cgfs_data *d = hdata;
|
||||
struct cgroup_process_info *info_ptr;
|
||||
char *cgpath;
|
||||
bool r = true;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d)
|
||||
return false;
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
|
||||
index 897336f0..81c589e0 100644
|
||||
index 10c7ab2c..b48f997f 100644
|
||||
--- a/src/lxc/cgroups/cgfsng.c
|
||||
+++ b/src/lxc/cgroups/cgfsng.c
|
||||
@@ -77,6 +77,7 @@ struct hierarchy {
|
||||
@@ -101,6 +101,7 @@ struct hierarchy {
|
||||
char *mountpoint;
|
||||
char *base_cgroup;
|
||||
char *fullcgpath;
|
||||
+ char *innercgpath;
|
||||
bool is_cgroup_v2;
|
||||
int version;
|
||||
};
|
||||
|
||||
@@ -813,6 +814,7 @@ static void add_controller(char **clist, char *mountpoint, char *base_cgroup)
|
||||
@@ -955,6 +956,7 @@ static struct hierarchy *add_hierarchy(char **clist, char *mountpoint,
|
||||
new->mountpoint = mountpoint;
|
||||
new->base_cgroup = base_cgroup;
|
||||
new->fullcgpath = NULL;
|
||||
+ new->innercgpath = NULL;
|
||||
new->version = type;
|
||||
|
||||
/* record if this is the cgroup v2 hierarchy */
|
||||
if (!strcmp(base_cgroup, "cgroup2"))
|
||||
@@ -1302,6 +1304,8 @@ static void cgfsng_destroy(void *hdata, struct lxc_conf *conf)
|
||||
free(h->fullcgpath);
|
||||
h->fullcgpath = NULL;
|
||||
}
|
||||
+ free(h->innercgpath);
|
||||
+ h->innercgpath = NULL;
|
||||
}
|
||||
newentry = append_null_to_list((void ***)&hierarchies);
|
||||
@@ -1587,6 +1589,8 @@ static int cgroup_rmdir(char *container_cgroup)
|
||||
|
||||
free(h->fullcgpath);
|
||||
h->fullcgpath = NULL;
|
||||
+ free(h->innercgpath);
|
||||
+ h->innercgpath = NULL;
|
||||
}
|
||||
|
||||
@@ -1319,18 +1323,25 @@ struct cgroup_ops *cgfsng_ops_init(void)
|
||||
return &cgfsng_ops;
|
||||
return 0;
|
||||
@@ -1597,6 +1601,7 @@ struct generic_userns_exec_data {
|
||||
struct lxc_conf *conf;
|
||||
uid_t origuid; /* target uid in parent namespace */
|
||||
char *path;
|
||||
+ bool inner;
|
||||
};
|
||||
|
||||
static int cgroup_rmdir_wrapper(void *data)
|
||||
@@ -1641,6 +1646,7 @@ static void cgfsng_destroy(void *hdata, struct lxc_conf *conf)
|
||||
wrap.origuid = 0;
|
||||
wrap.d = hdata;
|
||||
wrap.conf = conf;
|
||||
+ wrap.inner = false;
|
||||
|
||||
if (conf && !lxc_list_empty(&conf->id_map))
|
||||
ret = userns_exec_1(conf, cgroup_rmdir_wrapper, &wrap,
|
||||
@@ -1730,22 +1736,29 @@ on_error:
|
||||
return bret;
|
||||
}
|
||||
|
||||
-static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname)
|
||||
+static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname, bool inner)
|
||||
{
|
||||
int ret;
|
||||
|
||||
- h->fullcgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname, NULL);
|
||||
- if (dir_exists(h->fullcgpath)) { /* it must not already exist */
|
||||
- ERROR("Path \"%s\" already existed.", h->fullcgpath);
|
||||
- if (dir_exists(h->fullcgpath)) {
|
||||
- ERROR("The cgroup \"%s\" already existed", h->fullcgpath);
|
||||
+ char *path;
|
||||
+ if (inner) {
|
||||
+ path = must_make_path(h->fullcgpath, CGROUP_NAMESPACE_SUBDIR, NULL);
|
||||
@ -146,17 +92,19 @@ index 897336f0..81c589e0 100644
|
||||
+ ERROR("Path \"%s\" already existed.", path);
|
||||
return false;
|
||||
}
|
||||
- if (!handle_cpuset_hierarchy(h, cgname)) {
|
||||
+ if (!inner && !handle_cpuset_hierarchy(h, cgname)) {
|
||||
ERROR("Failed to handle cgroupfs v1 cpuset controller.");
|
||||
|
||||
- if (!cg_legacy_handle_cpuset_hierarchy(h, cgname)) {
|
||||
+ if (!inner && !cg_legacy_handle_cpuset_hierarchy(h, cgname)) {
|
||||
ERROR("Failed to handle legacy cpuset controller");
|
||||
return false;
|
||||
}
|
||||
- return mkdir_p(h->fullcgpath, 0755) == 0;
|
||||
+ return mkdir_p(path, 0755) == 0;
|
||||
}
|
||||
|
||||
static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
|
||||
@@ -1341,11 +1352,27 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
|
||||
- ret = mkdir_p(h->fullcgpath, 0755);
|
||||
+ ret = mkdir_p(path, 0755);
|
||||
if (ret < 0) {
|
||||
ERROR("Failed to create cgroup \"%s\"", h->fullcgpath);
|
||||
return false;
|
||||
@@ -1766,10 +1779,26 @@ static void remove_path_for_hierarchy(struct hierarchy *h, char *cgname)
|
||||
h->fullcgpath = NULL;
|
||||
}
|
||||
|
||||
@ -176,16 +124,15 @@ index 897336f0..81c589e0 100644
|
||||
+ return ret;
|
||||
+}
|
||||
+
|
||||
/*
|
||||
* Try to create the same cgroup in all hierarchies.
|
||||
* Start with cgroup_pattern; next cgroup_pattern-1, -2, ..., -999
|
||||
/* Try to create the same cgroup in all hierarchies. Start with cgroup_pattern;
|
||||
* next cgroup_pattern-1, -2, ..., -999.
|
||||
*/
|
||||
-static inline bool cgfsng_create(void *hdata)
|
||||
+static inline bool cgfsng_create(void *hdata, bool inner)
|
||||
{
|
||||
int i;
|
||||
size_t len;
|
||||
@@ -1357,9 +1384,15 @@ static inline bool cgfsng_create(void *hdata)
|
||||
@@ -1781,10 +1810,17 @@ static inline bool cgfsng_create(void *hdata)
|
||||
return false;
|
||||
|
||||
if (d->container_cgroup) {
|
||||
@ -194,78 +141,82 @@ index 897336f0..81c589e0 100644
|
||||
WARN("cgfsng_create called a second time");
|
||||
return false;
|
||||
}
|
||||
|
||||
+ if (inner) {
|
||||
+ ERROR("cgfsng_create called twice for innner cgroup");
|
||||
+ return false;
|
||||
+ }
|
||||
|
||||
+
|
||||
if (d->cgroup_meta.dir)
|
||||
tmp = lxc_string_join("/", (const char *[]){d->cgroup_meta.dir, d->name, NULL}, false);
|
||||
@@ -1395,7 +1428,7 @@ again:
|
||||
}
|
||||
else
|
||||
@@ -1821,7 +1857,7 @@ again:
|
||||
}
|
||||
|
||||
for (i = 0; hierarchies[i]; i++) {
|
||||
- if (!create_path_for_hierarchy(hierarchies[i], cgname)) {
|
||||
+ if (!create_path_for_hierarchy(hierarchies[i], cgname, false)) {
|
||||
- if (!create_path_for_hierarchy(hierarchies[i], container_cgroup)) {
|
||||
+ if (!create_path_for_hierarchy(hierarchies[i], container_cgroup, false)) {
|
||||
int j;
|
||||
ERROR("Failed to create \"%s\"", hierarchies[i]->fullcgpath);
|
||||
ERROR("Failed to create cgroup \"%s\"", hierarchies[i]->fullcgpath);
|
||||
free(hierarchies[i]->fullcgpath);
|
||||
@@ -1415,7 +1448,7 @@ out_free:
|
||||
@@ -1843,7 +1879,7 @@ out_free:
|
||||
return false;
|
||||
}
|
||||
|
||||
-static bool cgfsng_enter(void *hdata, pid_t pid)
|
||||
+static bool cgfsng_enter(void *hdata, pid_t pid, bool inner)
|
||||
{
|
||||
char pidstr[25];
|
||||
int i, len;
|
||||
@@ -1425,7 +1458,13 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
|
||||
return false;
|
||||
char pidstr[25];
|
||||
@@ -1856,8 +1892,13 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
|
||||
int ret;
|
||||
char *fullpath;
|
||||
|
||||
for (i = 0; hierarchies[i]; i++) {
|
||||
- char *fullpath = must_make_path(hierarchies[i]->fullcgpath,
|
||||
+ char *fullpath;
|
||||
- fullpath = must_make_path(hierarchies[i]->fullcgpath,
|
||||
- "cgroup.procs", NULL);
|
||||
+ if (inner)
|
||||
+ fullpath = must_make_path(hierarchies[i]->fullcgpath,
|
||||
+ CGROUP_NAMESPACE_SUBDIR,
|
||||
+ "cgroup.procs", NULL);
|
||||
+ CGROUP_NAMESPACE_SUBDIR,
|
||||
+ "cgroup.procs", NULL);
|
||||
+ else
|
||||
+ fullpath = must_make_path(hierarchies[i]->fullcgpath,
|
||||
"cgroup.procs", NULL);
|
||||
if (lxc_write_to_file(fullpath, pidstr, len, false) != 0) {
|
||||
SYSERROR("Failed to enter %s", fullpath);
|
||||
@@ -1441,6 +1480,7 @@ static bool cgfsng_enter(void *hdata, pid_t pid)
|
||||
struct chown_data {
|
||||
struct cgfsng_handler_data *d;
|
||||
uid_t origuid; /* target uid in parent namespace */
|
||||
+ bool inner;
|
||||
};
|
||||
|
||||
/*
|
||||
@@ -1469,13 +1509,20 @@ static int chown_cgroup_wrapper(void *data)
|
||||
for (i = 0; hierarchies[i]; i++) {
|
||||
char *fullpath, *path = hierarchies[i]->fullcgpath;
|
||||
+ "cgroup.procs", NULL);
|
||||
ret = lxc_write_to_file(fullpath, pidstr, len, false);
|
||||
if (ret != 0) {
|
||||
SYSERROR("Failed to enter cgroup \"%s\"", fullpath);
|
||||
@@ -1933,9 +1974,15 @@ static int chown_cgroup_wrapper(void *data)
|
||||
char *fullpath;
|
||||
char *path = hierarchies[i]->fullcgpath;
|
||||
|
||||
+ if (arg->inner)
|
||||
+ path = must_make_path(path, CGROUP_NAMESPACE_SUBDIR, NULL);
|
||||
+
|
||||
if (chown(path, destuid, 0) < 0) {
|
||||
SYSERROR("Error chowning %s to %d", path, (int) destuid);
|
||||
ret = chowmod(path, destuid, nsgid, 0775);
|
||||
- if (ret < 0)
|
||||
+ if (ret < 0) {
|
||||
+ if (arg->inner)
|
||||
+ free(path);
|
||||
return -1;
|
||||
}
|
||||
+ }
|
||||
|
||||
if (chmod(path, 0775) < 0) {
|
||||
SYSERROR("Error chmoding %s", path);
|
||||
/* Failures to chown() these are inconvenient but not
|
||||
* detrimental We leave these owned by the container launcher,
|
||||
@@ -1954,8 +2001,11 @@ static int chown_cgroup_wrapper(void *data)
|
||||
(void)chowmod(fullpath, destuid, 0, 0664);
|
||||
free(fullpath);
|
||||
|
||||
- if (hierarchies[i]->version != CGROUP2_SUPER_MAGIC)
|
||||
+ if (hierarchies[i]->version != CGROUP2_SUPER_MAGIC) {
|
||||
+ if (arg->inner)
|
||||
+ free(path);
|
||||
return -1;
|
||||
}
|
||||
continue;
|
||||
+ }
|
||||
|
||||
@@ -1501,12 +1548,14 @@ static int chown_cgroup_wrapper(void *data)
|
||||
if (chmod(fullpath, 0664) < 0)
|
||||
WARN("Error chmoding %s: %s", path, strerror(errno));
|
||||
fullpath = must_make_path(path, "cgroup.subtree_control", NULL);
|
||||
(void)chowmod(fullpath, destuid, nsgid, 0664);
|
||||
@@ -1964,12 +2014,14 @@ static int chown_cgroup_wrapper(void *data)
|
||||
fullpath = must_make_path(path, "cgroup.threads", NULL);
|
||||
(void)chowmod(fullpath, destuid, nsgid, 0664);
|
||||
free(fullpath);
|
||||
+ if (arg->inner)
|
||||
+ free(path);
|
||||
@ -274,29 +225,31 @@ index 897336f0..81c589e0 100644
|
||||
return 0;
|
||||
}
|
||||
|
||||
-static bool cgfsns_chown(void *hdata, struct lxc_conf *conf)
|
||||
+static bool cgfsns_chown(void *hdata, struct lxc_conf *conf, bool inner)
|
||||
-static bool cgfsng_chown(void *hdata, struct lxc_conf *conf)
|
||||
+static bool cgfsng_chown(void *hdata, struct lxc_conf *conf, bool inner)
|
||||
{
|
||||
struct cgfsng_handler_data *d = hdata;
|
||||
struct chown_data wrap;
|
||||
@@ -1519,6 +1568,7 @@ static bool cgfsns_chown(void *hdata, struct lxc_conf *conf)
|
||||
|
||||
struct generic_userns_exec_data wrap;
|
||||
@@ -1984,6 +2036,7 @@ static bool cgfsng_chown(void *hdata, struct lxc_conf *conf)
|
||||
wrap.path = NULL;
|
||||
wrap.d = d;
|
||||
wrap.origuid = geteuid();
|
||||
wrap.conf = conf;
|
||||
+ wrap.inner = inner;
|
||||
|
||||
if (userns_exec_1(conf, chown_cgroup_wrapper, &wrap,
|
||||
"chown_cgroup_wrapper") < 0) {
|
||||
@@ -1815,12 +1865,15 @@ static bool cgfsng_unfreeze(void *hdata)
|
||||
@@ -2366,7 +2419,7 @@ static bool cgfsng_unfreeze(void *hdata)
|
||||
return true;
|
||||
}
|
||||
|
||||
-static const char *cgfsng_get_cgroup(void *hdata, const char *subsystem)
|
||||
+static const char *cgfsng_get_cgroup(void *hdata, const char *subsystem, bool inner)
|
||||
-static const char *cgfsng_get_cgroup(void *hdata, const char *controller)
|
||||
+static const char *cgfsng_get_cgroup(void *hdata, const char *controller, bool inner)
|
||||
{
|
||||
struct hierarchy *h = get_hierarchy(subsystem);
|
||||
if (!h)
|
||||
struct hierarchy *h;
|
||||
|
||||
@@ -2377,6 +2430,9 @@ static const char *cgfsng_get_cgroup(void *hdata, const char *controller)
|
||||
return NULL;
|
||||
}
|
||||
|
||||
+ if (inner && h->innercgpath)
|
||||
+ return h->innercgpath + strlen(h->mountpoint);
|
||||
@ -304,90 +257,20 @@ index 897336f0..81c589e0 100644
|
||||
return h->fullcgpath ? h->fullcgpath + strlen(h->mountpoint) : NULL;
|
||||
}
|
||||
|
||||
@@ -1848,7 +1901,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
|
||||
char *path, *fullpath;
|
||||
struct hierarchy *h = hierarchies[i];
|
||||
@@ -2408,7 +2464,7 @@ static int __cg_unified_attach(const struct hierarchy *h, const char *name,
|
||||
int fret = -1, idx = 0;
|
||||
char *base_path = NULL, *container_cgroup = NULL, *full_path = NULL;
|
||||
|
||||
- path = lxc_cmd_get_cgroup_path(name, lxcpath, h->controllers[0]);
|
||||
+ path = lxc_cmd_get_attach_cgroup_path(name, lxcpath, h->controllers[0]);
|
||||
if (!path) /* not running */
|
||||
continue;
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgmanager.c b/src/lxc/cgroups/cgmanager.c
|
||||
index 054eb171..04ae3a16 100644
|
||||
--- a/src/lxc/cgroups/cgmanager.c
|
||||
+++ b/src/lxc/cgroups/cgmanager.c
|
||||
@@ -610,7 +610,7 @@ static inline void cleanup_cgroups(char *path)
|
||||
cgm_remove_cgroup(slist[i], path);
|
||||
}
|
||||
|
||||
-static inline bool cgm_create(void *hdata)
|
||||
+static inline bool cgm_create(void *hdata, bool inner)
|
||||
{
|
||||
struct cgm_data *d = hdata;
|
||||
char **slist = subsystems;
|
||||
@@ -618,6 +618,9 @@ static inline bool cgm_create(void *hdata)
|
||||
int32_t existed;
|
||||
char result[MAXPATHLEN], *tmp, *cgroup_path;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d)
|
||||
return false;
|
||||
|
||||
@@ -710,13 +713,16 @@ static bool lxc_cgmanager_enter(pid_t pid, const char *controller,
|
||||
return true;
|
||||
}
|
||||
|
||||
-static inline bool cgm_enter(void *hdata, pid_t pid)
|
||||
+static inline bool cgm_enter(void *hdata, pid_t pid, bool inner)
|
||||
{
|
||||
struct cgm_data *d = hdata;
|
||||
char **slist = subsystems;
|
||||
bool ret = false;
|
||||
int i;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d || !d->cgroup_path)
|
||||
return false;
|
||||
|
||||
@@ -738,10 +744,12 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static const char *cgm_get_cgroup(void *hdata, const char *subsystem)
|
||||
+static const char *cgm_get_cgroup(void *hdata, const char *subsystem, bool inner)
|
||||
{
|
||||
struct cgm_data *d = hdata;
|
||||
|
||||
+ (void)inner;
|
||||
+
|
||||
if (!d || !d->cgroup_path)
|
||||
return NULL;
|
||||
return d->cgroup_path;
|
||||
@@ -1542,10 +1550,13 @@ out:
|
||||
return ret;
|
||||
}
|
||||
|
||||
-static bool cgm_chown(void *hdata, struct lxc_conf *conf)
|
||||
+static bool cgm_chown(void *hdata, struct lxc_conf *conf, bool inner)
|
||||
{
|
||||
struct cgm_data *d = hdata;
|
||||
|
||||
+ if (inner)
|
||||
+ return true;
|
||||
+
|
||||
if (!d || !d->cgroup_path)
|
||||
return false;
|
||||
if (!cgm_dbus_connect()) {
|
||||
- container_cgroup = lxc_cmd_get_cgroup_path(name, lxcpath, controller);
|
||||
+ container_cgroup = lxc_cmd_get_attach_cgroup_path(name, lxcpath, controller);
|
||||
/* not running */
|
||||
if (!container_cgroup)
|
||||
return 0;
|
||||
diff --git a/src/lxc/cgroups/cgroup.c b/src/lxc/cgroups/cgroup.c
|
||||
index 674e3090..6f0d2fe8 100644
|
||||
index 9e7b26e0..ec45dd39 100644
|
||||
--- a/src/lxc/cgroups/cgroup.c
|
||||
+++ b/src/lxc/cgroups/cgroup.c
|
||||
@@ -80,19 +80,19 @@ void cgroup_destroy(struct lxc_handler *handler)
|
||||
@@ -73,19 +73,19 @@ void cgroup_destroy(struct lxc_handler *handler)
|
||||
}
|
||||
|
||||
/* Create the container cgroups for all requested controllers. */
|
||||
@ -411,7 +294,7 @@ index 674e3090..6f0d2fe8 100644
|
||||
|
||||
return false;
|
||||
}
|
||||
@@ -106,10 +106,11 @@ bool cgroup_create_legacy(struct lxc_handler *handler)
|
||||
@@ -99,10 +99,11 @@ bool cgroup_create_legacy(struct lxc_handler *handler)
|
||||
}
|
||||
|
||||
const char *cgroup_get_cgroup(struct lxc_handler *handler,
|
||||
@ -425,7 +308,7 @@ index 674e3090..6f0d2fe8 100644
|
||||
|
||||
return NULL;
|
||||
}
|
||||
@@ -155,10 +156,10 @@ bool cgroup_setup_limits(struct lxc_handler *handler, bool with_devices)
|
||||
@@ -148,10 +149,10 @@ bool cgroup_setup_limits(struct lxc_handler *handler, bool with_devices)
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -439,7 +322,7 @@ index 674e3090..6f0d2fe8 100644
|
||||
return true;
|
||||
}
|
||||
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
|
||||
index f17a6abe..f05fda4e 100644
|
||||
index 0f04e8b7..3a63133d 100644
|
||||
--- a/src/lxc/cgroups/cgroup.h
|
||||
+++ b/src/lxc/cgroups/cgroup.h
|
||||
@@ -28,6 +28,12 @@
|
||||
@ -455,7 +338,7 @@ index f17a6abe..f05fda4e 100644
|
||||
struct lxc_handler;
|
||||
struct lxc_conf;
|
||||
struct lxc_list;
|
||||
@@ -43,10 +49,10 @@ struct cgroup_ops {
|
||||
@@ -45,10 +51,10 @@ struct cgroup_ops {
|
||||
|
||||
void *(*init)(struct lxc_handler *handler);
|
||||
void (*destroy)(void *hdata, struct lxc_conf *conf);
|
||||
@ -469,16 +352,16 @@ index f17a6abe..f05fda4e 100644
|
||||
bool (*escape)();
|
||||
int (*num_hierarchies)();
|
||||
bool (*get_hierarchies)(int n, char ***out);
|
||||
@@ -54,7 +60,7 @@ struct cgroup_ops {
|
||||
@@ -56,7 +62,7 @@ struct cgroup_ops {
|
||||
int (*get)(const char *filename, char *value, size_t len, const char *name, const char *lxcpath);
|
||||
bool (*unfreeze)(void *hdata);
|
||||
bool (*setup_limits)(void *hdata, struct lxc_list *cgroup_conf, bool with_devices);
|
||||
bool (*setup_limits)(void *hdata, struct lxc_conf *conf, bool with_devices);
|
||||
- bool (*chown)(void *hdata, struct lxc_conf *conf);
|
||||
+ bool (*chown)(void *hdata, struct lxc_conf *conf, bool inner);
|
||||
bool (*attach)(const char *name, const char *lxcpath, pid_t pid);
|
||||
bool (*mount_cgroup)(void *hdata, const char *root, int type);
|
||||
int (*nrtasks)(void *hdata);
|
||||
@@ -66,14 +72,14 @@ extern bool cgroup_attach(const char *name, const char *lxcpath, pid_t pid);
|
||||
@@ -67,15 +73,16 @@ extern bool cgroup_attach(const char *name, const char *lxcpath, pid_t pid);
|
||||
extern bool cgroup_mount(const char *root, struct lxc_handler *handler, int type);
|
||||
extern void cgroup_destroy(struct lxc_handler *handler);
|
||||
extern bool cgroup_init(struct lxc_handler *handler);
|
||||
@ -492,16 +375,18 @@ index f17a6abe..f05fda4e 100644
|
||||
extern void cgroup_cleanup(struct lxc_handler *handler);
|
||||
extern bool cgroup_create_legacy(struct lxc_handler *handler);
|
||||
extern int cgroup_nrtasks(struct lxc_handler *handler);
|
||||
-extern const char *cgroup_get_cgroup(struct lxc_handler *handler, const char *subsystem);
|
||||
+extern const char *cgroup_get_cgroup(struct lxc_handler *handler, const char *subsystem, bool inner);
|
||||
extern const char *cgroup_get_cgroup(struct lxc_handler *handler,
|
||||
- const char *subsystem);
|
||||
+ const char *subsystem,
|
||||
+ bool inner);
|
||||
extern bool cgroup_escape();
|
||||
extern int cgroup_num_hierarchies();
|
||||
extern bool cgroup_get_hierarchies(int i, char ***out);
|
||||
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
|
||||
index 68fbd387..ccdbeeba 100644
|
||||
index 54e9f75c..df5a9907 100644
|
||||
--- a/src/lxc/commands.c
|
||||
+++ b/src/lxc/commands.c
|
||||
@@ -410,30 +410,29 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
|
||||
@@ -426,20 +426,8 @@ static int lxc_cmd_get_clone_flags_callback(int fd, struct lxc_cmd_req *req,
|
||||
return lxc_cmd_rsp_send(fd, &rsp);
|
||||
}
|
||||
|
||||
@ -518,35 +403,34 @@ index 68fbd387..ccdbeeba 100644
|
||||
- * returned path.
|
||||
- */
|
||||
-char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
- const char *subsystem)
|
||||
+static char *do_lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
+ const char *subsystem,
|
||||
+ bool inner)
|
||||
- const char *subsystem)
|
||||
+char *do_lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
+ const char *subsystem, bool inner)
|
||||
{
|
||||
int ret, stopped;
|
||||
+ size_t subsyslen = strlen(subsystem);
|
||||
+
|
||||
struct lxc_cmd_rr cmd = {
|
||||
.req = {
|
||||
.cmd = LXC_CMD_GET_CGROUP,
|
||||
- .datalen = strlen(subsystem)+1,
|
||||
+ .datalen = subsyslen+1,
|
||||
.data = subsystem,
|
||||
},
|
||||
};
|
||||
@@ -452,8 +440,18 @@ char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
|
||||
+ if (inner) {
|
||||
+ char *data = alloca(subsyslen+2);
|
||||
+ memcpy(data, subsystem, subsyslen+1);
|
||||
+ data[subsyslen+1] = 1;
|
||||
+ cmd.req.datalen = subsyslen+2,
|
||||
+ cmd.req.data = data;
|
||||
cmd.req.data = subsystem;
|
||||
cmd.req.datalen = 0;
|
||||
- if (subsystem)
|
||||
- cmd.req.datalen = strlen(subsystem) + 1;
|
||||
+ if (subsystem) {
|
||||
+ size_t subsyslen = strlen(subsystem);
|
||||
+ if (inner) {
|
||||
+ char *data = alloca(subsyslen+2);
|
||||
+ memcpy(data, subsystem, subsyslen+1);
|
||||
+ data[subsyslen+1] = 1;
|
||||
+ cmd.req.datalen = subsyslen+2,
|
||||
+ cmd.req.data = data;
|
||||
+ } else {
|
||||
+ cmd.req.datalen = subsyslen+1;
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
|
||||
ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL);
|
||||
if (ret < 0) {
|
||||
TRACE("command %s failed for container \"%s\": %s.",
|
||||
@@ -458,16 +457,61 @@ char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
if (ret < 0)
|
||||
@@ -468,16 +466,63 @@ char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
return cmd.rsp.data;
|
||||
}
|
||||
|
||||
@ -585,35 +469,40 @@ index 68fbd387..ccdbeeba 100644
|
||||
+{
|
||||
+ return do_lxc_cmd_get_cgroup_path(name, lxcpath, subsystem, true);
|
||||
+}
|
||||
+
|
||||
+
|
||||
static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req,
|
||||
struct lxc_handler *handler)
|
||||
{
|
||||
struct lxc_cmd_rsp rsp;
|
||||
const char *path;
|
||||
+ const char *subsystem;
|
||||
+ size_t subsyslen;
|
||||
+ bool inner = false;
|
||||
struct lxc_cmd_rsp rsp;
|
||||
|
||||
if (req->datalen < 1)
|
||||
return -1;
|
||||
|
||||
- path = cgroup_get_cgroup(handler, req->data);
|
||||
+ subsystem = req->data;
|
||||
+ subsyslen = strlen(subsystem);
|
||||
+ if (req->datalen == subsyslen+2)
|
||||
+ inner = (subsystem[subsyslen+1] == 1);
|
||||
- if (req->datalen > 0)
|
||||
- path = cgroup_get_cgroup(handler, req->data);
|
||||
- else
|
||||
- path = cgroup_get_cgroup(handler, NULL);
|
||||
+ if (req->datalen > 0) {
|
||||
+ const char *subsystem;
|
||||
+ size_t subsyslen;
|
||||
+ bool inner = false;
|
||||
+ subsystem = req->data;
|
||||
+ subsyslen = strlen(subsystem);
|
||||
+ if (req->datalen == subsyslen+2)
|
||||
+ inner = (subsystem[subsyslen+1] == 1);
|
||||
+
|
||||
+ path = cgroup_get_cgroup(handler, req->data, inner);
|
||||
+ path = cgroup_get_cgroup(handler, req->data, inner);
|
||||
+ } else {
|
||||
+ // FIXME: cgroup separation for cgroup v2 cannot be handled
|
||||
+ // like we used to do v1 here... need to figure this out...
|
||||
+ path = cgroup_get_cgroup(handler, NULL, false);
|
||||
+ }
|
||||
if (!path)
|
||||
return -1;
|
||||
rsp.datalen = strlen(path) + 1,
|
||||
|
||||
diff --git a/src/lxc/commands.h b/src/lxc/commands.h
|
||||
index 28428c77..9557dcaa 100644
|
||||
index 816cd748..e16c0d79 100644
|
||||
--- a/src/lxc/commands.h
|
||||
+++ b/src/lxc/commands.h
|
||||
@@ -82,6 +82,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
|
||||
@@ -93,6 +93,8 @@ extern int lxc_cmd_console(const char *name, int *ttynum, int *fd,
|
||||
*/
|
||||
extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath,
|
||||
const char *subsystem);
|
||||
@ -623,7 +512,7 @@ index 28428c77..9557dcaa 100644
|
||||
extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath);
|
||||
extern char *lxc_cmd_get_name(const char *hashed_sock);
|
||||
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
|
||||
index 96688edc..539ae8bd 100644
|
||||
index f60a6e15..7c8a8aee 100644
|
||||
--- a/src/lxc/criu.c
|
||||
+++ b/src/lxc/criu.c
|
||||
@@ -324,7 +324,7 @@ static void exec_criu(struct criu_opts *opts)
|
||||
@ -635,7 +524,7 @@ index 96688edc..539ae8bd 100644
|
||||
if (!p) {
|
||||
ERROR("failed to get cgroup path for %s", controllers[0]);
|
||||
goto err;
|
||||
@@ -857,7 +857,7 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
|
||||
@@ -958,7 +958,7 @@ static void do_restore(struct lxc_container *c, int status_pipe, struct migrate_
|
||||
goto out_fini_handler;
|
||||
}
|
||||
|
||||
@ -645,19 +534,19 @@ index 96688edc..539ae8bd 100644
|
||||
goto out_fini_handler;
|
||||
}
|
||||
diff --git a/src/lxc/start.c b/src/lxc/start.c
|
||||
index a6a40c72..920f3c23 100644
|
||||
index f66f50a7..772eacc2 100644
|
||||
--- a/src/lxc/start.c
|
||||
+++ b/src/lxc/start.c
|
||||
@@ -1217,7 +1217,7 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
@@ -1556,7 +1556,7 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
|
||||
cgroups_connected = true;
|
||||
|
||||
- if (!cgroup_create(handler)) {
|
||||
+ if (!cgroup_create(handler, false)) {
|
||||
ERROR("Failed creating cgroups.");
|
||||
ERROR("Failed creating cgroups");
|
||||
goto out_delete_net;
|
||||
}
|
||||
@@ -1292,10 +1292,10 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
@@ -1650,10 +1650,10 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
goto out_delete_net;
|
||||
}
|
||||
|
||||
@ -669,19 +558,20 @@ index a6a40c72..920f3c23 100644
|
||||
+ if (!cgroup_chown(handler, false))
|
||||
goto out_delete_net;
|
||||
|
||||
handler->netnsfd = lxc_preserve_ns(handler->pid, "net");
|
||||
@@ -1338,15 +1338,30 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
goto out_delete_net;
|
||||
/* Now we're ready to preserve the network namespace */
|
||||
@@ -1714,16 +1714,30 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
}
|
||||
}
|
||||
|
||||
- if (lxc_sync_barrier_child(handler, LXC_SYNC_CGROUP_UNSHARE))
|
||||
- ret = lxc_sync_barrier_child(handler, LXC_SYNC_CGROUP_UNSHARE);
|
||||
- if (ret < 0)
|
||||
- goto out_delete_net;
|
||||
-
|
||||
if (!cgroup_setup_limits(handler, true)) {
|
||||
ERROR("Failed to setup the devices cgroup for container \"%s\".", name);
|
||||
ERROR("Failed to setup legacy device cgroup controller limits");
|
||||
goto out_delete_net;
|
||||
}
|
||||
TRACE("Set up cgroup device limits");
|
||||
TRACE("Set up legacy device cgroup controller limits");
|
||||
|
||||
+ if (cgns_supported()) {
|
||||
+ if (!cgroup_create(handler, true)) {
|
||||
|
@ -1,8 +1,7 @@
|
||||
From ef58cfcf70fbe666acee0c407f77a22eeb1eec4f Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Wed, 16 Nov 2016 09:53:42 +0100
|
||||
Subject: [PATCH 05/13] start/initutils: make cgroupns separation level
|
||||
configurable
|
||||
Date: Wed, 28 Mar 2018 13:41:46 +0200
|
||||
Subject: [PATCH] start/initutils: make cgroupns separation level configurable
|
||||
|
||||
Adds a new global config variable `lxc.cgroup.separate`
|
||||
which controls whether a separation directory for cgroup
|
||||
@ -17,10 +16,10 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
3 files changed, 24 insertions(+), 19 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/initutils.c b/src/lxc/initutils.c
|
||||
index c190d6d5..97650e67 100644
|
||||
index 56926fb5..c5f19ca8 100644
|
||||
--- a/src/lxc/initutils.c
|
||||
+++ b/src/lxc/initutils.c
|
||||
@@ -88,14 +88,15 @@ static char *copy_global_config_value(char *p)
|
||||
@@ -49,14 +49,15 @@ static char *copy_global_config_value(char *p)
|
||||
const char *lxc_global_config_value(const char *option_name)
|
||||
{
|
||||
static const char * const options[][2] = {
|
||||
@ -45,23 +44,23 @@ index c190d6d5..97650e67 100644
|
||||
};
|
||||
|
||||
diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h
|
||||
index c021fd61..443ad026 100644
|
||||
index ec44554e..6532f301 100644
|
||||
--- a/src/lxc/initutils.h
|
||||
+++ b/src/lxc/initutils.h
|
||||
@@ -43,6 +43,7 @@
|
||||
@@ -42,6 +42,7 @@
|
||||
#define DEFAULT_THIN_POOL "lxc"
|
||||
#define DEFAULT_ZFSROOT "lxc"
|
||||
#define DEFAULT_RBDPOOL "lxc"
|
||||
+#define DEFAULT_CGPROTECT "privileged"
|
||||
|
||||
extern void lxc_setup_fs(void);
|
||||
extern const char *lxc_global_config_value(const char *option_name);
|
||||
#ifndef PR_SET_MM
|
||||
#define PR_SET_MM 35
|
||||
diff --git a/src/lxc/start.c b/src/lxc/start.c
|
||||
index 920f3c23..89e9be96 100644
|
||||
index 772eacc2..ae13aae9 100644
|
||||
--- a/src/lxc/start.c
|
||||
+++ b/src/lxc/start.c
|
||||
@@ -1345,17 +1345,20 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
TRACE("Set up cgroup device limits");
|
||||
@@ -1721,17 +1721,20 @@ static int lxc_spawn(struct lxc_handler *handler)
|
||||
TRACE("Set up legacy device cgroup controller limits");
|
||||
|
||||
if (cgns_supported()) {
|
||||
- if (!cgroup_create(handler, true)) {
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 1341290e8af87aab15e844abb1a1451cb21ec275 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Fri, 23 Dec 2016 15:57:24 +0100
|
||||
Subject: [PATCH 06/13] rename cgroup namespace directory to ns
|
||||
Subject: [PATCH] rename cgroup namespace directory to ns
|
||||
|
||||
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
---
|
||||
@ -9,7 +9,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h
|
||||
index f05fda4e..34c9d89c 100644
|
||||
index 3a63133d..544742df 100644
|
||||
--- a/src/lxc/cgroups/cgroup.h
|
||||
+++ b/src/lxc/cgroups/cgroup.h
|
||||
@@ -32,7 +32,7 @@
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 6811fb42be10c4eaf026be35914c546a95520b9e Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Mon, 20 Nov 2017 10:49:41 +0100
|
||||
Subject: [PATCH 07/13] possibility to run lxc-monitord as a regular daemon
|
||||
Subject: [PATCH] possibility to run lxc-monitord as a regular daemon
|
||||
|
||||
lxc-monitord instances are spawned on demand and, if this
|
||||
happens from a service, the daemon is considered part of
|
||||
@ -14,7 +14,7 @@ Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
config/init/systemd/lxc-monitord.service.in | 12 ++++++
|
||||
configure.ac | 1 +
|
||||
lxc.spec.in | 1 +
|
||||
src/lxc/lxc_monitord.c | 60 +++++++++++++++++++++--------
|
||||
src/lxc/cmd/lxc_monitord.c | 60 +++++++++++++++++++++--------
|
||||
5 files changed, 63 insertions(+), 21 deletions(-)
|
||||
create mode 100644 config/init/systemd/lxc-monitord.service.in
|
||||
|
||||
@ -67,10 +67,10 @@ index 00000000..40635168
|
||||
+[Install]
|
||||
+WantedBy=multi-user.target
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 5566d298..31822e58 100644
|
||||
index 50c99836..efe56991 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -709,6 +709,7 @@ AC_CONFIG_FILES([
|
||||
@@ -658,6 +658,7 @@ AC_CONFIG_FILES([
|
||||
config/init/systemd/lxc.service
|
||||
config/init/systemd/lxc@.service
|
||||
config/init/systemd/lxc-net.service
|
||||
@ -79,10 +79,10 @@ index 5566d298..31822e58 100644
|
||||
config/init/sysvinit/lxc-containers
|
||||
config/init/sysvinit/lxc-net
|
||||
diff --git a/lxc.spec.in b/lxc.spec.in
|
||||
index e31115de..36ab7d9d 100644
|
||||
index 004ced26..1adbb6bd 100644
|
||||
--- a/lxc.spec.in
|
||||
+++ b/lxc.spec.in
|
||||
@@ -260,6 +260,7 @@ fi
|
||||
@@ -235,6 +235,7 @@ fi
|
||||
%{_unitdir}/lxc-net.service
|
||||
%{_unitdir}/lxc.service
|
||||
%{_unitdir}/lxc@.service
|
||||
@ -90,11 +90,11 @@ index e31115de..36ab7d9d 100644
|
||||
%else
|
||||
%{_sysconfdir}/rc.d/init.d/lxc
|
||||
%{_sysconfdir}/rc.d/init.d/lxc-net
|
||||
diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c
|
||||
index c4c2ba0d..c3534e3d 100644
|
||||
--- a/src/lxc/lxc_monitord.c
|
||||
+++ b/src/lxc/lxc_monitord.c
|
||||
@@ -345,17 +345,44 @@ static void lxc_monitord_sig_handler(int sig)
|
||||
diff --git a/src/lxc/cmd/lxc_monitord.c b/src/lxc/cmd/lxc_monitord.c
|
||||
index 99f2bdb8..2bc44dea 100644
|
||||
--- a/src/lxc/cmd/lxc_monitord.c
|
||||
+++ b/src/lxc/cmd/lxc_monitord.c
|
||||
@@ -346,17 +346,44 @@ static void lxc_monitord_sig_handler(int sig)
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
@ -143,7 +143,7 @@ index c4c2ba0d..c3534e3d 100644
|
||||
"NOTE: lxc-monitord is intended for use by lxc internally\n"
|
||||
" and does not need to be run by hand\n\n");
|
||||
exit(EXIT_FAILURE);
|
||||
@@ -377,9 +404,6 @@ int main(int argc, char *argv[])
|
||||
@@ -378,9 +405,6 @@ int main(int argc, char *argv[])
|
||||
INFO("Failed to open log file %s, log will be lost.", lxcpath);
|
||||
lxc_log_options_no_override();
|
||||
|
||||
@ -153,7 +153,7 @@ index c4c2ba0d..c3534e3d 100644
|
||||
if (sigfillset(&mask) ||
|
||||
sigdelset(&mask, SIGILL) ||
|
||||
sigdelset(&mask, SIGSEGV) ||
|
||||
@@ -411,15 +435,17 @@ int main(int argc, char *argv[])
|
||||
@@ -412,15 +436,17 @@ int main(int argc, char *argv[])
|
||||
goto on_error;
|
||||
monitord_created = true;
|
||||
|
||||
@ -180,9 +180,9 @@ index c4c2ba0d..c3534e3d 100644
|
||||
|
||||
if (lxc_monitord_mainloop_add(&mon)) {
|
||||
ERROR("Failed to add mainloop handlers.");
|
||||
@@ -429,7 +455,7 @@ int main(int argc, char *argv[])
|
||||
@@ -430,7 +456,7 @@ int main(int argc, char *argv[])
|
||||
NOTICE("lxc-monitord with pid %d is now monitoring lxcpath %s.",
|
||||
getpid(), mon.lxcpath);
|
||||
lxc_raw_getpid(), mon.lxcpath);
|
||||
for (;;) {
|
||||
- ret = lxc_mainloop(&mon.descr, 1000 * 30);
|
||||
+ ret = lxc_mainloop(&mon.descr, persistent ? -1 : 1000 * 30);
|
||||
|
@ -1,7 +1,7 @@
|
||||
From 2001f560675efca7d6dcabe8fb8b376442d5d6d0 Mon Sep 17 00:00:00 2001
|
||||
From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
|
||||
From: Wolfgang Bumiller <w.bumiller@proxmox.com>
|
||||
Date: Mon, 20 Nov 2017 10:51:36 +0100
|
||||
Subject: [PATCH 08/13] Make lxc@.service forking
|
||||
Subject: [PATCH] Make lxc@.service forking
|
||||
|
||||
Previously the init process' output was dumped into the log
|
||||
files since the service used Type=simple and
|
||||
|
@ -1,116 +0,0 @@
|
||||
From 105ec17dbcad4fc48183a824df13b825974848bb Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Mon, 23 Oct 2017 13:41:33 +0200
|
||||
Subject: [PATCH 09/13] console: non-functional changes
|
||||
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/console.c | 39 +++++++++++++++++++++++----------------
|
||||
1 file changed, 23 insertions(+), 16 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/console.c b/src/lxc/console.c
|
||||
index c8e545eb..3592662b 100644
|
||||
--- a/src/lxc/console.c
|
||||
+++ b/src/lxc/console.c
|
||||
@@ -498,9 +498,13 @@ out:
|
||||
|
||||
void lxc_console_delete(struct lxc_console *console)
|
||||
{
|
||||
- if (console->tios && console->peer >= 0 &&
|
||||
- tcsetattr(console->peer, TCSAFLUSH, console->tios))
|
||||
- WARN("failed to set old terminal settings");
|
||||
+ int ret;
|
||||
+
|
||||
+ if (console->tios && console->peer >= 0) {
|
||||
+ ret = tcsetattr(console->peer, TCSAFLUSH, console->tios);
|
||||
+ if (ret < 0)
|
||||
+ WARN("%s - Failed to set old terminal settings", strerror(errno));
|
||||
+ }
|
||||
free(console->tios);
|
||||
console->tios = NULL;
|
||||
|
||||
@@ -509,7 +513,6 @@ void lxc_console_delete(struct lxc_console *console)
|
||||
close(console->slave);
|
||||
if (console->log_fd >= 0)
|
||||
close(console->log_fd);
|
||||
-
|
||||
console->peer = -1;
|
||||
console->master = -1;
|
||||
console->slave = -1;
|
||||
@@ -518,57 +521,61 @@ void lxc_console_delete(struct lxc_console *console)
|
||||
|
||||
int lxc_console_create(struct lxc_conf *conf)
|
||||
{
|
||||
+ int ret, saved_errno;
|
||||
struct lxc_console *console = &conf->console;
|
||||
- int ret;
|
||||
|
||||
if (!conf->rootfs.path) {
|
||||
- INFO("container does not have a rootfs, console device will be shared with the host");
|
||||
+ INFO("Container does not have a rootfs. The console will be "
|
||||
+ "shared with the host");
|
||||
return 0;
|
||||
}
|
||||
|
||||
if (console->path && !strcmp(console->path, "none")) {
|
||||
- INFO("no console requested");
|
||||
+ INFO("No console was requested");
|
||||
return 0;
|
||||
}
|
||||
|
||||
process_lock();
|
||||
ret = openpty(&console->master, &console->slave, console->name, NULL, NULL);
|
||||
+ saved_errno = errno;
|
||||
process_unlock();
|
||||
if (ret < 0) {
|
||||
- SYSERROR("failed to allocate a pty");
|
||||
+ ERROR("%s - Failed to allocate a pty", strerror(saved_errno));
|
||||
return -1;
|
||||
}
|
||||
|
||||
- if (fcntl(console->master, F_SETFD, FD_CLOEXEC)) {
|
||||
- SYSERROR("failed to set console master to close-on-exec");
|
||||
+ ret = fcntl(console->master, F_SETFD, FD_CLOEXEC);
|
||||
+ if (ret < 0) {
|
||||
+ SYSERROR("Failed to set FD_CLOEXEC flag on console master");
|
||||
goto err;
|
||||
}
|
||||
|
||||
- if (fcntl(console->slave, F_SETFD, FD_CLOEXEC)) {
|
||||
- SYSERROR("failed to set console slave to close-on-exec");
|
||||
+ ret = fcntl(console->slave, F_SETFD, FD_CLOEXEC);
|
||||
+ if (ret < 0) {
|
||||
+ SYSERROR("Failed to set FD_CLOEXEC flag on console slave");
|
||||
goto err;
|
||||
}
|
||||
|
||||
ret = lxc_console_peer_default(console);
|
||||
if (ret < 0) {
|
||||
- ERROR("failed to allocate peer tty device");
|
||||
+ ERROR("Failed to allocate a peer pty device");
|
||||
goto err;
|
||||
}
|
||||
|
||||
if (console->log_path) {
|
||||
console->log_fd = lxc_unpriv(open(console->log_path, O_CLOEXEC | O_RDWR | O_CREAT | O_APPEND, 0600));
|
||||
if (console->log_fd < 0) {
|
||||
- SYSERROR("failed to open console log file \"%s\"", console->log_path);
|
||||
+ SYSERROR("Failed to open console log file \"%s\"", console->log_path);
|
||||
goto err;
|
||||
}
|
||||
- DEBUG("using \"%s\" as console log file", console->log_path);
|
||||
+ DEBUG("Using \"%s\" as console log file", console->log_path);
|
||||
}
|
||||
|
||||
return 0;
|
||||
|
||||
err:
|
||||
lxc_console_delete(console);
|
||||
- return -1;
|
||||
+ return -ENODEV;
|
||||
}
|
||||
|
||||
int lxc_console_set_stdfds(int fd)
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,135 +0,0 @@
|
||||
From 7394b5c772b562f239b4138b11ecc8493b4c30b4 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Thu, 26 Oct 2017 17:33:10 +0200
|
||||
Subject: [PATCH 10/13] console: non-functional changes
|
||||
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/console.c | 61 +++++++++++++++++++++++++++++--------------------------
|
||||
1 file changed, 32 insertions(+), 29 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/console.c b/src/lxc/console.c
|
||||
index 3592662b..eda5be62 100644
|
||||
--- a/src/lxc/console.c
|
||||
+++ b/src/lxc/console.c
|
||||
@@ -678,18 +678,16 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
istty = isatty(stdinfd);
|
||||
if (istty) {
|
||||
ret = lxc_setup_tios(stdinfd, &oldtios);
|
||||
- if (ret) {
|
||||
- ERROR("failed to setup terminal properties");
|
||||
+ if (ret < 0)
|
||||
return -1;
|
||||
- }
|
||||
} else {
|
||||
- INFO("fd %d does not refer to a tty device", stdinfd);
|
||||
+ INFO("File descriptor %d does not refer to a tty device", stdinfd);
|
||||
}
|
||||
|
||||
ttyfd = lxc_cmd_console(c->name, &ttynum, &masterfd, c->config_path);
|
||||
if (ttyfd < 0) {
|
||||
ret = ttyfd;
|
||||
- goto err1;
|
||||
+ goto restore_tios;
|
||||
}
|
||||
|
||||
fprintf(stderr, "\n"
|
||||
@@ -699,13 +697,13 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
ttynum, 'a' + escape - 1);
|
||||
|
||||
ret = setsid();
|
||||
- if (ret)
|
||||
- INFO("already group leader");
|
||||
+ if (ret < 0)
|
||||
+ TRACE("Process is already group leader");
|
||||
|
||||
ts = lxc_console_sigwinch_init(stdinfd, masterfd);
|
||||
if (!ts) {
|
||||
ret = -1;
|
||||
- goto err2;
|
||||
+ goto close_fds;
|
||||
}
|
||||
ts->escape = escape;
|
||||
ts->winch_proxy = c->name;
|
||||
@@ -719,52 +717,57 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
|
||||
ret = lxc_mainloop_open(&descr);
|
||||
if (ret) {
|
||||
- ERROR("failed to create mainloop");
|
||||
- goto err3;
|
||||
+ ERROR("Failed to create mainloop");
|
||||
+ goto sigwinch_fini;
|
||||
}
|
||||
|
||||
if (ts->sigfd != -1) {
|
||||
ret = lxc_mainloop_add_handler(&descr, ts->sigfd,
|
||||
- lxc_console_cb_sigwinch_fd, ts);
|
||||
- if (ret) {
|
||||
- ERROR("failed to add handler for SIGWINCH fd");
|
||||
- goto err4;
|
||||
+ lxc_console_cb_sigwinch_fd, ts);
|
||||
+ if (ret < 0) {
|
||||
+ ERROR("Failed to add SIGWINCH handler");
|
||||
+ goto close_mainloop;
|
||||
}
|
||||
}
|
||||
|
||||
ret = lxc_mainloop_add_handler(&descr, ts->stdinfd,
|
||||
lxc_console_cb_tty_stdin, ts);
|
||||
- if (ret) {
|
||||
- ERROR("failed to add handler for stdinfd");
|
||||
- goto err4;
|
||||
+ if (ret < 0) {
|
||||
+ ERROR("Failed to add stdin handler");
|
||||
+ goto close_mainloop;
|
||||
}
|
||||
|
||||
ret = lxc_mainloop_add_handler(&descr, ts->masterfd,
|
||||
lxc_console_cb_tty_master, ts);
|
||||
- if (ret) {
|
||||
- ERROR("failed to add handler for masterfd");
|
||||
- goto err4;
|
||||
+ if (ret < 0) {
|
||||
+ ERROR("Failed to add master handler");
|
||||
+ goto close_mainloop;
|
||||
}
|
||||
|
||||
ret = lxc_mainloop(&descr, -1);
|
||||
- if (ret) {
|
||||
- ERROR("mainloop returned an error");
|
||||
- goto err4;
|
||||
+ if (ret < 0) {
|
||||
+ ERROR("The mainloop returned an error");
|
||||
+ goto close_mainloop;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
-err4:
|
||||
+close_mainloop:
|
||||
lxc_mainloop_close(&descr);
|
||||
-err3:
|
||||
+
|
||||
+sigwinch_fini:
|
||||
lxc_console_sigwinch_fini(ts);
|
||||
-err2:
|
||||
+
|
||||
+close_fds:
|
||||
close(masterfd);
|
||||
close(ttyfd);
|
||||
-err1:
|
||||
+
|
||||
+restore_tios:
|
||||
if (istty) {
|
||||
- if (tcsetattr(stdinfd, TCSAFLUSH, &oldtios) < 0)
|
||||
- WARN("failed to reset terminal properties: %s.", strerror(errno));
|
||||
+ istty = tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
|
||||
+ if (istty < 0)
|
||||
+ WARN("%s - Failed to restore terminal properties",
|
||||
+ strerror(errno));
|
||||
}
|
||||
|
||||
return ret;
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,121 +0,0 @@
|
||||
From c8a9c9c9f6c189164a2eedd0d1e99905cb0a8672 Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Fri, 10 Nov 2017 19:07:38 +0100
|
||||
Subject: [PATCH 11/13] console: fix console info message
|
||||
|
||||
Now it will be displayed nicely formatted:
|
||||
|
||||
a1 login: chb@conventiont|~
|
||||
> lxc console a1
|
||||
|
||||
Connected to tty 0
|
||||
Type <Ctrl+a q> to exit the console, <Ctrl+a Ctrl+a> to enter Ctrl+a itself
|
||||
|
||||
Ubuntu 17.10 a1 console
|
||||
|
||||
a1 login:
|
||||
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/console.c | 54 ++++++++++++++++++++++++++----------------------------
|
||||
1 file changed, 26 insertions(+), 28 deletions(-)
|
||||
|
||||
diff --git a/src/lxc/console.c b/src/lxc/console.c
|
||||
index eda5be62..e95f5c54 100644
|
||||
--- a/src/lxc/console.c
|
||||
+++ b/src/lxc/console.c
|
||||
@@ -675,26 +675,9 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
struct lxc_tty_state *ts;
|
||||
int istty = 0;
|
||||
|
||||
- istty = isatty(stdinfd);
|
||||
- if (istty) {
|
||||
- ret = lxc_setup_tios(stdinfd, &oldtios);
|
||||
- if (ret < 0)
|
||||
- return -1;
|
||||
- } else {
|
||||
- INFO("File descriptor %d does not refer to a tty device", stdinfd);
|
||||
- }
|
||||
-
|
||||
ttyfd = lxc_cmd_console(c->name, &ttynum, &masterfd, c->config_path);
|
||||
- if (ttyfd < 0) {
|
||||
- ret = ttyfd;
|
||||
- goto restore_tios;
|
||||
- }
|
||||
-
|
||||
- fprintf(stderr, "\n"
|
||||
- "Connected to tty %1$d\n"
|
||||
- "Type <Ctrl+%2$c q> to exit the console, "
|
||||
- "<Ctrl+%2$c Ctrl+%2$c> to enter Ctrl+%2$c itself\n",
|
||||
- ttynum, 'a' + escape - 1);
|
||||
+ if (ttyfd < 0)
|
||||
+ return -1;
|
||||
|
||||
ret = setsid();
|
||||
if (ret < 0)
|
||||
@@ -710,9 +693,12 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
ts->winch_proxy_lxcpath = c->config_path;
|
||||
ts->stdoutfd = stdoutfd;
|
||||
|
||||
+ istty = isatty(stdinfd);
|
||||
if (istty) {
|
||||
lxc_console_winsz(stdinfd, masterfd);
|
||||
lxc_cmd_console_winch(ts->winch_proxy, ts->winch_proxy_lxcpath);
|
||||
+ } else {
|
||||
+ INFO("File descriptor %d does not refer to a tty device", stdinfd);
|
||||
}
|
||||
|
||||
ret = lxc_mainloop_open(&descr);
|
||||
@@ -744,14 +730,34 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
goto close_mainloop;
|
||||
}
|
||||
|
||||
+ fprintf(stderr, "\n"
|
||||
+ "Connected to tty %1$d\n"
|
||||
+ "Type <Ctrl+%2$c q> to exit the console, "
|
||||
+ "<Ctrl+%2$c Ctrl+%2$c> to enter Ctrl+%2$c itself\n",
|
||||
+ ttynum, 'a' + escape - 1);
|
||||
+
|
||||
+ if (istty) {
|
||||
+ ret = lxc_setup_tios(stdinfd, &oldtios);
|
||||
+ if (ret < 0)
|
||||
+ goto close_mainloop;
|
||||
+ }
|
||||
+
|
||||
ret = lxc_mainloop(&descr, -1);
|
||||
if (ret < 0) {
|
||||
ERROR("The mainloop returned an error");
|
||||
- goto close_mainloop;
|
||||
+ goto restore_tios;
|
||||
}
|
||||
|
||||
ret = 0;
|
||||
|
||||
+restore_tios:
|
||||
+ if (istty) {
|
||||
+ istty = tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
|
||||
+ if (istty < 0)
|
||||
+ WARN("%s - Failed to restore terminal properties",
|
||||
+ strerror(errno));
|
||||
+ }
|
||||
+
|
||||
close_mainloop:
|
||||
lxc_mainloop_close(&descr);
|
||||
|
||||
@@ -762,13 +768,5 @@ close_fds:
|
||||
close(masterfd);
|
||||
close(ttyfd);
|
||||
|
||||
-restore_tios:
|
||||
- if (istty) {
|
||||
- istty = tcsetattr(stdinfd, TCSAFLUSH, &oldtios);
|
||||
- if (istty < 0)
|
||||
- WARN("%s - Failed to restore terminal properties",
|
||||
- strerror(errno));
|
||||
- }
|
||||
-
|
||||
return ret;
|
||||
}
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,36 +0,0 @@
|
||||
From 1e47ecd9a9367e6cf166c872d3cec26eb4c77aba Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Fri, 10 Nov 2017 19:51:57 +0100
|
||||
Subject: [PATCH 12/13] console: report detach message on demand
|
||||
|
||||
When users pass -1 there's there won't be an escape sequence to exit the
|
||||
console so no need to print a misleading info message about how to detach.
|
||||
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/console.c | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lxc/console.c b/src/lxc/console.c
|
||||
index e95f5c54..8f6203f0 100644
|
||||
--- a/src/lxc/console.c
|
||||
+++ b/src/lxc/console.c
|
||||
@@ -730,11 +730,14 @@ int lxc_console(struct lxc_container *c, int ttynum,
|
||||
goto close_mainloop;
|
||||
}
|
||||
|
||||
- fprintf(stderr, "\n"
|
||||
+ if (ts->escape >= 1) {
|
||||
+ fprintf(stderr,
|
||||
+ "\n"
|
||||
"Connected to tty %1$d\n"
|
||||
"Type <Ctrl+%2$c q> to exit the console, "
|
||||
"<Ctrl+%2$c Ctrl+%2$c> to enter Ctrl+%2$c itself\n",
|
||||
ttynum, 'a' + escape - 1);
|
||||
+ }
|
||||
|
||||
if (istty) {
|
||||
ret = lxc_setup_tios(stdinfd, &oldtios);
|
||||
--
|
||||
2.11.0
|
||||
|
@ -1,26 +0,0 @@
|
||||
From b50f5a815258541b6da0c772388d93ea303a4f3d Mon Sep 17 00:00:00 2001
|
||||
From: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
Date: Sat, 11 Nov 2017 23:05:33 +0100
|
||||
Subject: [PATCH 13/13] console: use correct escape sequence check
|
||||
|
||||
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
|
||||
---
|
||||
src/lxc/console.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/lxc/console.c b/src/lxc/console.c
|
||||
index 8f6203f0..72c01b19 100644
|
||||
--- a/src/lxc/console.c
|
||||
+++ b/src/lxc/console.c
|
||||
@@ -616,7 +616,7 @@ int lxc_console_cb_tty_stdin(int fd, uint32_t events, void *cbdata,
|
||||
if (lxc_read_nointr(ts->stdinfd, &c, 1) <= 0)
|
||||
return 1;
|
||||
|
||||
- if (ts->escape != -1) {
|
||||
+ if (ts->escape >= 1) {
|
||||
/* we want to exit the console with Ctrl+a q */
|
||||
if (c == ts->escape && !ts->saw_escape) {
|
||||
ts->saw_escape = 1;
|
||||
--
|
||||
2.11.0
|
||||
|
5
debian/patches/series
vendored
5
debian/patches/series
vendored
@ -6,8 +6,3 @@
|
||||
0006-rename-cgroup-namespace-directory-to-ns.patch
|
||||
0007-possibility-to-run-lxc-monitord-as-a-regular-daemon.patch
|
||||
0008-Make-lxc-.service-forking.patch
|
||||
0009-console-non-functional-changes.patch
|
||||
0010-console-non-functional-changes.patch
|
||||
0011-console-fix-console-info-message.patch
|
||||
0012-console-report-detach-message-on-demand.patch
|
||||
0013-console-use-correct-escape-sequence-check.patch
|
||||
|
2
lxc
2
lxc
@ -1 +1 @@
|
||||
Subproject commit 31546ced8a4cbed1455568934b59e3ba64bfcb63
|
||||
Subproject commit 5b66b6ee3e3cd2575a4b9b2eb8190b2b05ab4b42
|
Loading…
x
Reference in New Issue
Block a user