[lxc-devel] [distrobuilder/master] Handle architecture names properly
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/3 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Since distributions don't have common names for some architectures, e.g. x86_64 vs. amd64, we need to handle this. From 2424094b17fcc9854629b0b5635930cfbd0b643f Mon Sep 17 00:00:00 2001 From: Thomas HippDate: Wed, 7 Feb 2018 11:35:29 +0100 Subject: [PATCH 1/2] *: get correct arch Signed-off-by: Thomas Hipp --- distrobuilder/main.go | 2 +- shared/distro.go | 18 + shared/distro_test.go | 73 ++ sources/alpine-http.go | 8 +- sources/centos-http.go | 5 sources/ubuntu-http.go | 9 ++- 6 files changed, 95 insertions(+), 20 deletions(-) create mode 100644 shared/distro.go create mode 100644 shared/distro_test.go diff --git a/distrobuilder/main.go b/distrobuilder/main.go index c8187a4..c574b12 100644 --- a/distrobuilder/main.go +++ b/distrobuilder/main.go @@ -142,7 +142,7 @@ func run(c *cli.Context) error { } err = downloader.Run(def.Source.URL, def.Image.Release, def.Image.Variant, - def.Image.Arch, c.GlobalString("cache-dir")) + shared.GetArch(def.Image.Distribution, def.Image.Arch), c.GlobalString("cache-dir")) if err != nil { return fmt.Errorf("Error while downloading source: %s", err) } diff --git a/shared/distro.go b/shared/distro.go new file mode 100644 index 000..398b64e --- /dev/null +++ b/shared/distro.go @@ -0,0 +1,18 @@ +package shared + +// GetArch returns the correct architecture name used by the specified +// distribution. +func GetArch(distro, arch string) string { + switch distro { + case "alpinelinux", "archlinux", "centos": + if arch == "amd64" { + return "x86_64" + } + case "debian", "ubuntu": + if arch == "x86_64" { + return "amd64" + } + } + + return arch +} diff --git a/shared/distro_test.go b/shared/distro_test.go new file mode 100644 index 000..d0ee7af --- /dev/null +++ b/shared/distro_test.go @@ -0,0 +1,73 @@ +package shared + +import ( + "log" + "testing" +) + +func TestGetArch(t *testing.T) { + tests := []struct { + distro string + arch string + expected string + }{ + { + "alpinelinux", + "amd64", + "x86_64", + }, + { + "alpinelinux", + "x86_64", + "x86_64", + }, + { + "archlinux", + "amd64", + "x86_64", + }, + { + "archlinux", + "x86_64", + "x86_64", + }, + { + "centos", + "amd64", + "x86_64", + }, + { + "centos", + "x86_64", + "x86_64", + }, + { + "debian", + "amd64", + "amd64", + }, + { + "debian", + "x86_64", + "amd64", + }, + { + "ubuntu", + "amd64", + "amd64", + }, + { + "ubuntu", + "x86_64", + "amd64", + }, + } + + for i, tt := range tests { + log.Printf("Running test #%d: %s %s", i, tt.distro, tt.arch) + arch := GetArch(tt.distro, tt.arch) + if arch != tt.expected { + t.Fatalf("Wrong arch: Expected '%s', got '%s'", tt.expected, arch) + } + } +} diff --git a/sources/alpine-http.go b/sources/alpine-http.go index 487970c..f29c652 100644 --- a/sources/alpine-http.go +++ b/sources/alpine-http.go @@ -21,12 +21,6 @@ func NewAlpineLinuxHTTP() *AlpineLinuxHTTP { // Run runs debootstrap. func (s *AlpineLinuxHTTP) Run(URL, release, variant, arch, cacheDir string) error { - realArch := arch - - if arch == "amd64" { - realArch = "x86_64" - } - fname := fmt.Sprintf("alpine-minirootfs-%s-%s.tar.gz", release, arch) // Download @@ -34,7 +28,7 @@ func (s *AlpineLinuxHTTP) Run(URL, release,
[lxc-devel] [lxc/lxc] bd01b7: coverity: #1429139
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: bd01b7d552bdf20706dd01bc64cc3a55c7defe86 https://github.com/lxc/lxc/commit/bd01b7d552bdf20706dd01bc64cc3a55c7defe86 Author: Christian BraunerDate: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/cgroups/cgfsng.c Log Message: --- coverity: #1429139 Resource leak Signed-off-by: Christian Brauner Commit: fa456191d07b60109e625e6ce1984d6ff6f5cbb3 https://github.com/lxc/lxc/commit/fa456191d07b60109e625e6ce1984d6ff6f5cbb3 Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/monitor.c Log Message: --- coverity: #1426734 Argument cannot be negative Signed-off-by: Christian Brauner Commit: 5b7f756a67b94f846e05210dd1695c1bbabd155e https://github.com/lxc/lxc/commit/5b7f756a67b94f846e05210dd1695c1bbabd155e Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/start.c Log Message: --- coverity: #1426126 Unchecked return value Signed-off-by: Christian Brauner Commit: 341ed84c47c18771fbe0bfeb0ff6ad710de1fbdf https://github.com/lxc/lxc/commit/341ed84c47c18771fbe0bfeb0ff6ad710de1fbdf Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/start.c Log Message: --- start: use goto instead of simple return Signed-off-by: Christian Brauner Commit: cb8ff4d033397ff16fd4e75f99d40c1371370010 https://github.com/lxc/lxc/commit/cb8ff4d033397ff16fd4e75f99d40c1371370010 Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/lxccontainer.c Log Message: --- lxccontainer: satisfy coverity The container name can't be NULL so don't give coverity the impression that it could be. Silences coverity #1426123. Silences coverity #1426124. Signed-off-by: Christian Brauner Commit: f38cf5b8f4a916f356a74c709fe26aa2fde8d0d2 https://github.com/lxc/lxc/commit/f38cf5b8f4a916f356a74c709fe26aa2fde8d0d2 Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/tests/share_ns.c Log Message: --- coverity: #1426083 Dereference after null check Signed-off-by: Christian Brauner Commit: 287df277ff28bcc99384c84bf65b0ec81f2f6c3c https://github.com/lxc/lxc/commit/287df277ff28bcc99384c84bf65b0ec81f2f6c3c Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/cgroups/cgfs.c Log Message: --- coverity: #1425971 Dereference after null check Signed-off-by: Christian Brauner Commit: ba2861ff76511082dab587d22243deaa2532d692 https://github.com/lxc/lxc/commit/ba2861ff76511082dab587d22243deaa2532d692 Author: Stéphane Graber Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/cgroups/cgfs.c M src/lxc/cgroups/cgfsng.c M src/lxc/lxccontainer.c M src/lxc/monitor.c M src/lxc/start.c M src/tests/share_ns.c Log Message: --- Merge pull request #2144 from brauner/2018-02-08/coverity_bug_smash coverity: bug smash Compare: https://github.com/lxc/lxc/compare/056fec39f7eb...ba2861ff7651___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] Pretty rendering for lxc monitor
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4236 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From f591046a0622a19cd4aaf333510809502d4bed59 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?=Date: Fri, 9 Feb 2018 19:52:55 -0500 Subject: [PATCH 1/4] api: Include message format for events MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- shared/api/event.go | 20 1 file changed, 20 insertions(+) create mode 100644 shared/api/event.go diff --git a/shared/api/event.go b/shared/api/event.go new file mode 100644 index 0..8d755a535 --- /dev/null +++ b/shared/api/event.go @@ -0,0 +1,20 @@ +package api + +import ( + "encoding/json" + "time" +) + +// Event represents an event entry (over websocket) +type Event struct { + Type string `yaml:"type" json:"type"` + Timestamp time.Time `yaml:"timestamp" json:"timestamp"` + Metadata json.RawMessage `yaml:"metadata" json:"metadata"` +} + +// EventLogging represents a logging type event entry (admin only) +type EventLogging struct { + Message string`yaml:"message" json:"message"` + Level string`yaml:"level" json:"level"` + Context map[string]string `yaml:"context" json:"context"` +} From 0401a14987dbe9a9cf330dcf6e38a60b6c56 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 9 Feb 2018 19:53:15 -0500 Subject: [PATCH 2/4] events: Use api message type MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/events.go | 9 + 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/lxd/events.go b/lxd/events.go index f79b03fcc..dd6660327 100644 --- a/lxd/events.go +++ b/lxd/events.go @@ -13,6 +13,7 @@ import ( "github.com/pborman/uuid" "github.com/lxc/lxd/shared" + "github.com/lxc/lxd/shared/api" "github.com/lxc/lxd/shared/logger" ) @@ -36,10 +37,10 @@ func logContextMap(ctx []interface{}) map[string]string { } func (h eventsHandler) Log(r *log.Record) error { - eventSend("logging", shared.Jmap{ - "message": r.Msg, - "level": r.Lvl.String(), - "context": logContextMap(r.Ctx)}) + eventSend("logging", api.EventLogging{ + Message: r.Msg, + Level: r.Lvl.String(), + Context: logContextMap(r.Ctx)}) return nil } From ec8d0345ad903d63f934eac91fbd3f4c19c8a80a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 9 Feb 2018 20:00:13 -0500 Subject: [PATCH 3/4] lxc/monitor: Add pretty rendering of logs MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxc/monitor.go | 78 +++--- 1 file changed, 75 insertions(+), 3 deletions(-) diff --git a/lxc/monitor.go b/lxc/monitor.go index 41ec3ead3..318b42a92 100644 --- a/lxc/monitor.go +++ b/lxc/monitor.go @@ -1,13 +1,19 @@ package main import ( + "encoding/json" "fmt" + "os" "gopkg.in/yaml.v2" "github.com/lxc/lxd/lxc/config" + "github.com/lxc/lxd/shared" + "github.com/lxc/lxd/shared/api" "github.com/lxc/lxd/shared/gnuflag" "github.com/lxc/lxd/shared/i18n" + "github.com/lxc/lxd/shared/log15" + "github.com/lxc/lxd/shared/logging" ) type typeList []string @@ -31,6 +37,8 @@ func (f *typeList) Set(value string) error { type monitorCmd struct { typeArgs typeList + pretty bool + logLevel string } func (c *monitorCmd) showByDefault() bool { @@ -39,7 +47,7 @@ func (c *monitorCmd) showByDefault() bool { func (c *monitorCmd) usage() string { return i18n.G( - `Usage: lxc monitor [:] [--type=TYPE...] + `Usage: lxc monitor [:] [--type=TYPE...] [--pretty] Monitor a local or remote LXD server. @@ -49,11 +57,17 @@ Message types to listen for can be specified with --type. *Examples* lxc monitor --type=logging -Only show log message.`) +Only show log messages. + +lxc monitor --pretty --type=logging --loglevel=info +Show a pretty log of messages with info level or higher. +`) } func (c *monitorCmd) flags() { + gnuflag.BoolVar(, "pretty", false, i18n.G("Pretty rendering")) gnuflag.Var(, "type", i18n.G("Event type to listen for")) + gnuflag.StringVar(, "loglevel", "", i18n.G("Minimum level for log messages")) }
[lxc-devel] [lxd/master] shared/version: Include storage backends in agent
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4237 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This can be used by some image server to return a different set of images based on the storage backends in use and will also make it easier for us to know what storage backends to focus efforts on. Signed-off-by: Stéphane GraberFrom e905092c87560f5f6958662f34a7d5d72f16e968 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Fri, 9 Feb 2018 20:37:25 -0500 Subject: [PATCH] shared/version: Include storage backends in agent MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This can be used by some image server to return a different set of images based on the storage backends in use and will also make it easier for us to know what storage backends to focus efforts on. Signed-off-by: Stéphane Graber --- lxd/storage.go | 9 + shared/version/useragent.go | 25 - 2 files changed, 29 insertions(+), 5 deletions(-) diff --git a/lxd/storage.go b/lxd/storage.go index 4a651d70e..82d59c9b8 100644 --- a/lxd/storage.go +++ b/lxd/storage.go @@ -18,6 +18,7 @@ import ( "github.com/lxc/lxd/shared/idmap" "github.com/lxc/lxd/shared/ioprogress" "github.com/lxc/lxd/shared/logger" + "github.com/lxc/lxd/shared/version" ) // lxdStorageLockMap is a hashmap that allows functions to check whether the @@ -886,6 +887,14 @@ func storagePoolDriversCacheUpdate(dbNode *db.Node) { data[driver] = sCore.GetStorageTypeVersion() } + backends := []string{} + for k, v := range data { + backends = append(backends, fmt.Sprintf("%s %s", k, v)) + } + + // Update the agent + version.UserAgentStorageBackends(backends) + storagePoolDriversCacheLock.Lock() storagePoolDriversCacheVal.Store(data) storagePoolDriversCacheLock.Unlock() diff --git a/shared/version/useragent.go b/shared/version/useragent.go index 9c371cff5..300f5a645 100644 --- a/shared/version/useragent.go +++ b/shared/version/useragent.go @@ -9,19 +9,34 @@ import ( ) // UserAgent contains a string suitable as a user-agent -var UserAgent = getUserAgent() +var UserAgent = getUserAgent(nil) -func getUserAgent() string { +func getUserAgent(storageTokens []string) string { archID, err := osarch.ArchitectureId(runtime.GOARCH) if err != nil { panic(err) } + arch, err := osarch.ArchitectureName(archID) if err != nil { panic(err) } - tokens := []string{strings.Title(runtime.GOOS), arch} - tokens = append(tokens, getPlatformVersionStrings()...) - return fmt.Sprintf("LXD %s (%s)", Version, strings.Join(tokens, "; ")) + osTokens := []string{strings.Title(runtime.GOOS), arch} + osTokens = append(osTokens, getPlatformVersionStrings()...) + + agent := fmt.Sprintf("LXD %s", Version) + if len(osTokens) > 0 { + agent = fmt.Sprintf("%s (%s)", agent, strings.Join(osTokens, "; ")) + } + + if len(storageTokens) > 0 { + agent = fmt.Sprintf("%s (%s)", agent, strings.Join(storageTokens, "; ")) + } + + return agent +} + +func UserAgentStorageBackends(backends []string) { + UserAgent = getUserAgent(backends) } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] [log] wrong trace message
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2147 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === print wrong message Signed-off-by: duguhaotianFrom 3c1fb2e4c991f78b6feb298c868b2f2c09d66145 Mon Sep 17 00:00:00 2001 From: duguhaotian Date: Fri, 9 Feb 2018 18:50:51 +0800 Subject: [PATCH] [log] wrong trace message print wrong message Signed-off-by: duguhaotian --- src/lxc/conf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index affc41e16..82e0d62e3 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -396,7 +396,7 @@ int run_script_argv(const char *name, unsigned int hook_version, "LXC_HOOK_TYPE=%s", hookname); return -1; } - TRACE("Set environment variable: LXC_HOOK_TYPE=%s", section); + TRACE("Set environment variable: LXC_HOOK_TYPE=%s", hookname); ret = setenv("LXC_HOOK_SECTION", section, 1); if (ret < 0) { ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 90f204: conf: fix log message
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 90f2046676e99922495d91cae34187750f5d1c4d https://github.com/lxc/lxc/commit/90f2046676e99922495d91cae34187750f5d1c4d Author: duguhaotianDate: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/conf.c Log Message: --- conf: fix log message Signed-off-by: duguhaotian Commit: 2df70fba94aef9dc15462776f4f2d029d12706f6 https://github.com/lxc/lxc/commit/2df70fba94aef9dc15462776f4f2d029d12706f6 Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/conf.c Log Message: --- Merge branch 'duguhaotian-new' into lxc/master Compare: https://github.com/lxc/lxc/compare/17eba7a26f8a...2df70fba94ae___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] pam: create writable cgroups for unpriv users
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2148 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us to share a bunch of code between the cgroup backends and the pam module. The next step obviously is to share code. Closes #1307. Signed-off-by: Christian BraunerFrom 48d025ef5a5c115c588f2bf5c25f2a9d4c16fa9b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Fri, 9 Feb 2018 13:16:49 +0100 Subject: [PATCH] pam: create writable cgroups for unpriv users This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us to share a bunch of code between the cgroup backends and the pam module. The next step obviously is to share code. Closes #1307. Signed-off-by: Christian Brauner --- configure.ac | 32 + src/lxc/Makefile.am| 19 +- src/lxc/pam/pam_cgfs.c | 2595 3 files changed, 2644 insertions(+), 2 deletions(-) create mode 100644 src/lxc/pam/pam_cgfs.c diff --git a/configure.ac b/configure.ac index 6713539b4..c16a57cec 100644 --- a/configure.ac +++ b/configure.ac @@ -646,6 +646,35 @@ else fi AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"]) +AC_ARG_WITH( + [pamdir], + [AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM modules are stored, + or "none" if PAM modules are not to be built])], + [pamdir="${withval}"], + [ + if test "${prefix}" = "/usr"; then + pamdir="/lib${libdir##*/lib}/security" + else + pamdir="\$(libdir)/security" + fi + ] +) + +AM_CONDITIONAL([HAVE_PAM], [test x"$pamdir" != "xnone"]) +if test "z$pamdir" != "znone"; then + AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam]) + AC_ARG_VAR([PAM_LIBS], [linker flags for pam]) + AC_CHECK_LIB( + [pam], + [pam_authenticate], + [PAM_LIBS="-lpam"], + [AC_MSG_ERROR([*** libpam not found.]) + ]) + + AC_SUBST(PAM_LIBS) + AC_SUBST([pamdir]) +fi + # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ]) @@ -967,6 +996,9 @@ Security features: - SELinux: $enable_selinux - cgmanager: $enable_cgmanager +PAM: + - cgroup PAM module: $pamdir + Bindings: - lua: $enable_lua - python3: $enable_python diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 8f9a7ab29..eead742e4 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -317,6 +317,14 @@ init_lxc_static_LDADD = @CAP_LIBS@ init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF endif +if HAVE_PAM +pam_LTLIBRARIES = pam_cgfs.la +pam_cgfs_la_SOURCES = pam/pam_cgfs.c macro.h +pam_cgfs_la_CFLAGS = $(AM_CFLAGS) +pam_cgfs_la_LIBADD = $(AM_LIBS) $(PAM_LIBS) -L$(top_srcdir) +pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) -module -avoid-version -shared +endif + install-exec-local: install-libLTLIBRARIES mkdir -p $(DESTDIR)$(datadir)/lxc install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc @@ -325,9 +333,16 @@ install-exec-local: install-libLTLIBRARIES cd $(DESTDIR)$(libdir); \ ln -sf liblxc.so.@LXC_ABI@ liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)); \ ln -sf liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) liblxc.so - -install-exec-hook: +if HAVE_PAM chmod u+s $(DESTDIR)$(libexecdir)/lxc/lxc-user-nic +endif uninstall-local: $(RM) $(DESTDIR)$(libdir)/liblxc.so* +if HAVE_PAM + $(RM) $(DESTDIR)$(pamdir)/pam_cgfs.so* +endif + +install-data-hook: install-pamLTLIBRARIES + $(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.la" + $(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.a" diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c new file mode 100644 index 0..3df8daef3 --- /dev/null +++ b/src/lxc/pam/pam_cgfs.c @@ -0,0 +1,2595 @@ +/* pam-cgfs + * + * Copyright © 2016 Canonical, Inc + * Author: Serge Hallyn + * Author: Christian Brauner + * + * When a user logs in, this pam module will create cgroups which the user may + * administer. It handles both pure cgroupfs v1 and pure cgroupfs v2, as well as + * mixed mounts, where some controllers are mounted in a standard cgroupfs v1 + * hierarchy location (/sys/fs/cgroup/) and others are in the + * cgroupfs v2 hierarchy. + * Writeable cgroups are either created for all controllers or, if specified, + * for any controllers listed on the command line. + * The cgroup created will be "user/$user/0" for the first session, + *
[lxc-devel] [distrobuilder/master] Definition updates
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/2 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 3bd048b4b263a1f835a28a8a0aca6f64f287b60b Mon Sep 17 00:00:00 2001 From: Thomas HippDate: Wed, 7 Feb 2018 12:30:57 +0100 Subject: [PATCH 1/5] *: Add Definition defaults Signed-off-by: Thomas Hipp --- distrobuilder/main.go | 2 ++ shared/definition.go | 15 +++ 2 files changed, 17 insertions(+) diff --git a/distrobuilder/main.go b/distrobuilder/main.go index f5c7345..a52d418 100644 --- a/distrobuilder/main.go +++ b/distrobuilder/main.go @@ -195,5 +195,7 @@ func getDefinition(fname string) (shared.Definition, error) { return def, err } + shared.SetDefinitionDefaults() + return def, err } diff --git a/shared/definition.go b/shared/definition.go index d8df4a7..2a787b5 100644 --- a/shared/definition.go +++ b/shared/definition.go @@ -1,5 +1,7 @@ package shared +import "runtime" + // A DefinitionPackages list packages which are to be either installed or // removed. type DefinitionPackages struct { @@ -53,3 +55,16 @@ type Definition struct { Files[]DefinitionFile `yaml:"files,omitempty"` Packages DefinitionPackages `yaml:"packages,omitempty"` } + +// SetDefinitionDefaults sets some default values for the given Definition. +func SetDefinitionDefaults(def *Definition) { + // default to local arch + if def.Image.Arch == "" { + def.Image.Arch = runtime.GOARCH + } + + // set default expiry of 30 days + if def.Image.Expiry == "" { + def.Image.Expiry = "30d" + } +} From 4fe0c6a3a74ea71140a5bdd648391e66af94cffa Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Wed, 7 Feb 2018 13:12:43 +0100 Subject: [PATCH 2/5] shared: Update Definition Signed-off-by: Thomas Hipp --- shared/definition.go | 12 +++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/shared/definition.go b/shared/definition.go index 2a787b5..42b164d 100644 --- a/shared/definition.go +++ b/shared/definition.go @@ -19,6 +19,7 @@ type DefinitionImage struct { Arch string `yaml:"arch,omitempty"` Expiry string `yaml:"expiry,omitempty"` Variant string `yaml:"variant,omitempty"` + Name string `yaml:"name,omitempty"` } // A DefinitionSource specifies the download type and location @@ -41,12 +42,20 @@ type DefinitionTarget struct { // A DefinitionFile represents a file which is to be created inside to chroot. type DefinitionFile struct { - Name string `yaml:"name"` Generator string `yaml:"generator"` Path string `yaml:"path,omitempty"` Releases []string `yaml:"releases,omitempty"` } +// DefinitionActions specifies custom actions (scripts) which are to be run after +// certain actions. +type DefinitionActions struct { + PostUnpack string `yaml:"post-unpack,omitempty"` + PostUpdate string `yaml:"post-update,omitempty"` + PostPackages string `yaml:"post-packages,omitempty"` + PostFilesstring `yaml:"post-files,omitempty"` +} + // A Definition a definition. type Definition struct { ImageDefinitionImage`yaml:"image"` @@ -54,6 +63,7 @@ type Definition struct { Targets DefinitionTarget `yaml:"targets,omitempty"` Files[]DefinitionFile `yaml:"files,omitempty"` Packages DefinitionPackages `yaml:"packages,omitempty"` + Actions DefinitionActions `yaml:"actions,omitempty"` } // SetDefinitionDefaults sets some default values for the given Definition. From 1a15ac757f21b438c979fbb34db1774ec0ab1458 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Fri, 9 Feb 2018 14:25:27 +0100 Subject: [PATCH 3/5] *: Add Definition validation Signed-off-by: Thomas Hipp --- distrobuilder/main.go | 1 + shared/definition.go | 47 ++- 2 files changed, 47 insertions(+), 1 deletion(-) diff --git a/distrobuilder/main.go b/distrobuilder/main.go index a52d418..c8187a4 100644 --- a/distrobuilder/main.go +++ b/distrobuilder/main.go @@ -196,6 +196,7 @@ func getDefinition(fname string) (shared.Definition, error) { } shared.SetDefinitionDefaults() + err = shared.ValidateDefinition(def) return def, err } diff --git a/shared/definition.go b/shared/definition.go index 42b164d..e03def0 100644 --- a/shared/definition.go +++ b/shared/definition.go @@ -1,6 +1,13 @@ package shared -import "runtime" +import ( + "errors" + "fmt" + "runtime" + "strings" + +
[lxc-devel] [lxc/lxc] ee1b16: fix userns helper error handling
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e https://github.com/lxc/lxc/commit/ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e Author: Tycho AndersenDate: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/conf.c Log Message: --- fix userns helper error handling In both of these cases if there is actually an error, we won't close the pipe and the api call will hang. Instead, let's be sure to close the pipe before waiting, so that it doesn't hang. Signed-off-by: Tycho Andersen Commit: 056fec39f7eb92d512b8c42996a37b68592ee2a5 https://github.com/lxc/lxc/commit/056fec39f7eb92d512b8c42996a37b68592ee2a5 Author: Christian Brauner Date: 2018-02-09 (Fri, 09 Feb 2018) Changed paths: M src/lxc/conf.c Log Message: --- Merge pull request #2149 from tych0/fix-userns-error-handling fix userns helper error handling Compare: https://github.com/lxc/lxc/compare/2df70fba94ae...056fec39f7eb___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] fix userns helper error handling
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2149 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === In both of these cases if there is actually an error, we won't close the pipe and the api call will hang. Instead, let's be sure to close the pipe before waiting, so that it doesn't hang. Signed-off-by: Tycho AndersenFrom ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Fri, 9 Feb 2018 13:26:31 + Subject: [PATCH] fix userns helper error handling In both of these cases if there is actually an error, we won't close the pipe and the api call will hang. Instead, let's be sure to close the pipe before waiting, so that it doesn't hang. Signed-off-by: Tycho Andersen --- src/lxc/conf.c | 16 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 1035c6fef..7d2efa209 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -4003,14 +4003,14 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void *), void *data, } on_error: - /* Wait for child to finish. */ - if (pid > 0) - status = wait_for_pid(pid); - if (p[0] != -1) close(p[0]); close(p[1]); + /* Wait for child to finish. */ + if (pid > 0) + status = wait_for_pid(pid); + if (status < 0) ret = -1; @@ -4178,6 +4178,10 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data, } on_error: + if (p[0] != -1) + close(p[0]); + close(p[1]); + /* Wait for child to finish. */ if (pid > 0) ret = wait_for_pid(pid); @@ -4189,10 +4193,6 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data, if (host_gid_map && (host_gid_map != container_root_gid)) free(host_gid_map); - if (p[0] != -1) - close(p[0]); - close(p[1]); - return ret; } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel