[lxc-devel] [lxd/master] Bugfixes

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1710

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===


From e709c4c8519cec840c1d8bb894ccd2863d9e0198 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Mon, 7 Mar 2016 10:56:25 -0500
Subject: [PATCH 1/2] Only attempt to load containers AFTER the socket is setup
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

As spawning containers starts a hook that requires LXD to be online, we
shouldn't run any code which may cause container startup until after the
sockets are setup.

Closes #1628
Closes #1708
Closes #1696

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/daemon.go | 17 +++++++++--------
 1 file changed, 9 insertions(+), 8 deletions(-)

diff --git a/lxd/daemon.go b/lxd/daemon.go
index 83a3686..7843ff4 100644
--- a/lxd/daemon.go
+++ b/lxd/daemon.go
@@ -873,17 +873,9 @@ func (d *Daemon) Init() error {
                        return fmt.Errorf("Failed to setup storage: %s", err)
                }
 
-               /* Restart containers */
-               go func() {
-                       containersRestart(d)
-               }()
-
                /* Start the scheduler */
                go deviceEventListener(d)
 
-               /* Re-balance in case things changed while LXD was down */
-               deviceTaskBalance(d)
-
                /* Setup the TLS authentication */
                certf, keyf, err := readMyCert()
                if err != nil {
@@ -1047,6 +1039,15 @@ func (d *Daemon) Init() error {
                return nil
        })
 
+       // Restore containers
+       if !d.IsMock {
+               /* Restart containers */
+               go containersRestart(d)
+
+               /* Re-balance in case things changed while LXD was down */
+               deviceTaskBalance(d)
+       }
+
        return nil
 }
 

From 99edb9eee4856ad811e6b97310a31306c3fb8ac2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgra...@ubuntu.com>
Date: Mon, 7 Mar 2016 10:59:42 -0500
Subject: [PATCH 2/2] Restrict lxd init to root
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Closes #1700

Signed-off-by: Stéphane Graber <stgra...@ubuntu.com>
---
 lxd/main.go | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/lxd/main.go b/lxd/main.go
index 1c04543..d54b8da 100644
--- a/lxd/main.go
+++ b/lxd/main.go
@@ -517,6 +517,11 @@ func setupLXD() error {
        var networkPort int       // Port
        var trustPassword string  // Trust password
 
+       // Only root should run this
+       if os.Geteuid() != 0 {
+               return fmt.Errorf("This must be run as root")
+       }
+
        backendsAvailable := []string{"dir"}
        backendsSupported := []string{"dir", "zfs"}
 

_______________________________________________
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel