[lxc-devel] [distrobuilder/master] Handle architecture names properly

[monstermunchkin on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/3

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Since distributions don't have common names for some architectures, e.g. x86_64 vs. amd64, we need to handle this.
From 2424094b17fcc9854629b0b5635930cfbd0b643f Mon Sep 17 00:00:00 2001
From: Thomas Hipp 
Date: Wed, 7 Feb 2018 11:35:29 +0100
Subject: [PATCH 1/2] *: get correct arch

Signed-off-by: Thomas Hipp 
---
 distrobuilder/main.go  |  2 +-
 shared/distro.go   | 18 +
 shared/distro_test.go  | 73 ++
 sources/alpine-http.go |  8 +-
 sources/centos-http.go |  5 
 sources/ubuntu-http.go |  9 ++-
 6 files changed, 95 insertions(+), 20 deletions(-)
 create mode 100644 shared/distro.go
 create mode 100644 shared/distro_test.go

diff --git a/distrobuilder/main.go b/distrobuilder/main.go
index c8187a4..c574b12 100644
--- a/distrobuilder/main.go
+++ b/distrobuilder/main.go
@@ -142,7 +142,7 @@ func run(c *cli.Context) error {
}
 
err = downloader.Run(def.Source.URL, def.Image.Release, 
def.Image.Variant,
-   def.Image.Arch, c.GlobalString("cache-dir"))
+   shared.GetArch(def.Image.Distribution, def.Image.Arch), 
c.GlobalString("cache-dir"))
if err != nil {
return fmt.Errorf("Error while downloading source: %s", err)
}
diff --git a/shared/distro.go b/shared/distro.go
new file mode 100644
index 000..398b64e
--- /dev/null
+++ b/shared/distro.go
@@ -0,0 +1,18 @@
+package shared
+
+// GetArch returns the correct architecture name used by the specified
+// distribution.
+func GetArch(distro, arch string) string {
+   switch distro {
+   case "alpinelinux", "archlinux", "centos":
+   if arch == "amd64" {
+   return "x86_64"
+   }
+   case "debian", "ubuntu":
+   if arch == "x86_64" {
+   return "amd64"
+   }
+   }
+
+   return arch
+}
diff --git a/shared/distro_test.go b/shared/distro_test.go
new file mode 100644
index 000..d0ee7af
--- /dev/null
+++ b/shared/distro_test.go
@@ -0,0 +1,73 @@
+package shared
+
+import (
+   "log"
+   "testing"
+)
+
+func TestGetArch(t *testing.T) {
+   tests := []struct {
+   distro   string
+   arch string
+   expected string
+   }{
+   {
+   "alpinelinux",
+   "amd64",
+   "x86_64",
+   },
+   {
+   "alpinelinux",
+   "x86_64",
+   "x86_64",
+   },
+   {
+   "archlinux",
+   "amd64",
+   "x86_64",
+   },
+   {
+   "archlinux",
+   "x86_64",
+   "x86_64",
+   },
+   {
+   "centos",
+   "amd64",
+   "x86_64",
+   },
+   {
+   "centos",
+   "x86_64",
+   "x86_64",
+   },
+   {
+   "debian",
+   "amd64",
+   "amd64",
+   },
+   {
+   "debian",
+   "x86_64",
+   "amd64",
+   },
+   {
+   "ubuntu",
+   "amd64",
+   "amd64",
+   },
+   {
+   "ubuntu",
+   "x86_64",
+   "amd64",
+   },
+   }
+
+   for i, tt := range tests {
+   log.Printf("Running test #%d: %s %s", i, tt.distro, tt.arch)
+   arch := GetArch(tt.distro, tt.arch)
+   if arch != tt.expected {
+   t.Fatalf("Wrong arch: Expected '%s', got '%s'", 
tt.expected, arch)
+   }
+   }
+}
diff --git a/sources/alpine-http.go b/sources/alpine-http.go
index 487970c..f29c652 100644
--- a/sources/alpine-http.go
+++ b/sources/alpine-http.go
@@ -21,12 +21,6 @@ func NewAlpineLinuxHTTP() *AlpineLinuxHTTP {
 
 // Run runs debootstrap.
 func (s *AlpineLinuxHTTP) Run(URL, release, variant, arch, cacheDir string) 
error {
-   realArch := arch
-
-   if arch == "amd64" {
-   realArch = "x86_64"
-   }
-
fname := fmt.Sprintf("alpine-minirootfs-%s-%s.tar.gz", release, arch)
 
// Download
@@ -34,7 +28,7 @@ func (s *AlpineLinuxHTTP) Run(URL, release, 

[lxc-devel] [lxc/lxc] bd01b7: coverity: #1429139

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: bd01b7d552bdf20706dd01bc64cc3a55c7defe86
  https://github.com/lxc/lxc/commit/bd01b7d552bdf20706dd01bc64cc3a55c7defe86
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/cgroups/cgfsng.c

  Log Message:
  ---
  coverity: #1429139

Resource leak

Signed-off-by: Christian Brauner 


  Commit: fa456191d07b60109e625e6ce1984d6ff6f5cbb3
  https://github.com/lxc/lxc/commit/fa456191d07b60109e625e6ce1984d6ff6f5cbb3
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/monitor.c

  Log Message:
  ---
  coverity: #1426734

Argument cannot be negative

Signed-off-by: Christian Brauner 


  Commit: 5b7f756a67b94f846e05210dd1695c1bbabd155e
  https://github.com/lxc/lxc/commit/5b7f756a67b94f846e05210dd1695c1bbabd155e
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/start.c

  Log Message:
  ---
  coverity: #1426126

Unchecked return value

Signed-off-by: Christian Brauner 


  Commit: 341ed84c47c18771fbe0bfeb0ff6ad710de1fbdf
  https://github.com/lxc/lxc/commit/341ed84c47c18771fbe0bfeb0ff6ad710de1fbdf
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/start.c

  Log Message:
  ---
  start: use goto instead of simple return

Signed-off-by: Christian Brauner 


  Commit: cb8ff4d033397ff16fd4e75f99d40c1371370010
  https://github.com/lxc/lxc/commit/cb8ff4d033397ff16fd4e75f99d40c1371370010
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/lxccontainer.c

  Log Message:
  ---
  lxccontainer: satisfy coverity

The container name can't be NULL so don't give coverity the impression that it
could be.

Silences coverity #1426123.
Silences coverity #1426124.

Signed-off-by: Christian Brauner 


  Commit: f38cf5b8f4a916f356a74c709fe26aa2fde8d0d2
  https://github.com/lxc/lxc/commit/f38cf5b8f4a916f356a74c709fe26aa2fde8d0d2
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/tests/share_ns.c

  Log Message:
  ---
  coverity: #1426083

Dereference after null check

Signed-off-by: Christian Brauner 


  Commit: 287df277ff28bcc99384c84bf65b0ec81f2f6c3c
  https://github.com/lxc/lxc/commit/287df277ff28bcc99384c84bf65b0ec81f2f6c3c
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/cgroups/cgfs.c

  Log Message:
  ---
  coverity: #1425971

Dereference after null check

Signed-off-by: Christian Brauner 


  Commit: ba2861ff76511082dab587d22243deaa2532d692
  https://github.com/lxc/lxc/commit/ba2861ff76511082dab587d22243deaa2532d692
  Author: Stéphane Graber 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/cgroups/cgfs.c
M src/lxc/cgroups/cgfsng.c
M src/lxc/lxccontainer.c
M src/lxc/monitor.c
M src/lxc/start.c
M src/tests/share_ns.c

  Log Message:
  ---
  Merge pull request #2144 from brauner/2018-02-08/coverity_bug_smash

coverity: bug smash


Compare: https://github.com/lxc/lxc/compare/056fec39f7eb...ba2861ff7651___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] Pretty rendering for lxc monitor

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4236

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===

From f591046a0622a19cd4aaf333510809502d4bed59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 9 Feb 2018 19:52:55 -0500
Subject: [PATCH 1/4] api: Include message format for events
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber 
---
 shared/api/event.go | 20 
 1 file changed, 20 insertions(+)
 create mode 100644 shared/api/event.go

diff --git a/shared/api/event.go b/shared/api/event.go
new file mode 100644
index 0..8d755a535
--- /dev/null
+++ b/shared/api/event.go
@@ -0,0 +1,20 @@
+package api
+
+import (
+   "encoding/json"
+   "time"
+)
+
+// Event represents an event entry (over websocket)
+type Event struct {
+   Type  string  `yaml:"type" json:"type"`
+   Timestamp time.Time   `yaml:"timestamp" json:"timestamp"`
+   Metadata  json.RawMessage `yaml:"metadata" json:"metadata"`
+}
+
+// EventLogging represents a logging type event entry (admin only)
+type EventLogging struct {
+   Message string`yaml:"message" json:"message"`
+   Level   string`yaml:"level" json:"level"`
+   Context map[string]string `yaml:"context" json:"context"`
+}

From 0401a14987dbe9a9cf330dcf6e38a60b6c56 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 9 Feb 2018 19:53:15 -0500
Subject: [PATCH 2/4] events: Use api message type
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber 
---
 lxd/events.go | 9 +
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/lxd/events.go b/lxd/events.go
index f79b03fcc..dd6660327 100644
--- a/lxd/events.go
+++ b/lxd/events.go
@@ -13,6 +13,7 @@ import (
"github.com/pborman/uuid"
 
"github.com/lxc/lxd/shared"
+   "github.com/lxc/lxd/shared/api"
"github.com/lxc/lxd/shared/logger"
 )
 
@@ -36,10 +37,10 @@ func logContextMap(ctx []interface{}) map[string]string {
 }
 
 func (h eventsHandler) Log(r *log.Record) error {
-   eventSend("logging", shared.Jmap{
-   "message": r.Msg,
-   "level":   r.Lvl.String(),
-   "context": logContextMap(r.Ctx)})
+   eventSend("logging", api.EventLogging{
+   Message: r.Msg,
+   Level:   r.Lvl.String(),
+   Context: logContextMap(r.Ctx)})
return nil
 }
 

From ec8d0345ad903d63f934eac91fbd3f4c19c8a80a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 9 Feb 2018 20:00:13 -0500
Subject: [PATCH 3/4] lxc/monitor: Add pretty rendering of logs
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber 
---
 lxc/monitor.go | 78 +++---
 1 file changed, 75 insertions(+), 3 deletions(-)

diff --git a/lxc/monitor.go b/lxc/monitor.go
index 41ec3ead3..318b42a92 100644
--- a/lxc/monitor.go
+++ b/lxc/monitor.go
@@ -1,13 +1,19 @@
 package main
 
 import (
+   "encoding/json"
"fmt"
+   "os"
 
"gopkg.in/yaml.v2"
 
"github.com/lxc/lxd/lxc/config"
+   "github.com/lxc/lxd/shared"
+   "github.com/lxc/lxd/shared/api"
"github.com/lxc/lxd/shared/gnuflag"
"github.com/lxc/lxd/shared/i18n"
+   "github.com/lxc/lxd/shared/log15"
+   "github.com/lxc/lxd/shared/logging"
 )
 
 type typeList []string
@@ -31,6 +37,8 @@ func (f *typeList) Set(value string) error {
 
 type monitorCmd struct {
typeArgs typeList
+   pretty   bool
+   logLevel string
 }
 
 func (c *monitorCmd) showByDefault() bool {
@@ -39,7 +47,7 @@ func (c *monitorCmd) showByDefault() bool {
 
 func (c *monitorCmd) usage() string {
return i18n.G(
-   `Usage: lxc monitor [:] [--type=TYPE...]
+   `Usage: lxc monitor [:] [--type=TYPE...] [--pretty]
 
 Monitor a local or remote LXD server.
 
@@ -49,11 +57,17 @@ Message types to listen for can be specified with --type.
 
 *Examples*
 lxc monitor --type=logging
-Only show log message.`)
+Only show log messages.
+
+lxc monitor --pretty --type=logging --loglevel=info
+Show a pretty log of messages with info level or higher.
+`)
 }
 
 func (c *monitorCmd) flags() {
+   gnuflag.BoolVar(, "pretty", false, i18n.G("Pretty rendering"))
gnuflag.Var(, "type", i18n.G("Event type to listen for"))
+   gnuflag.StringVar(, "loglevel", "", i18n.G("Minimum level 
for log messages"))
 }
 

[lxc-devel] [lxd/master] shared/version: Include storage backends in agent

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4237

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
This can be used by some image server to return a different set of
images based on the storage backends in use and will also make it easier
for us to know what storage backends to focus efforts on.

Signed-off-by: Stéphane Graber 
From e905092c87560f5f6958662f34a7d5d72f16e968 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 9 Feb 2018 20:37:25 -0500
Subject: [PATCH] shared/version: Include storage backends in agent
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This can be used by some image server to return a different set of
images based on the storage backends in use and will also make it easier
for us to know what storage backends to focus efforts on.

Signed-off-by: Stéphane Graber 
---
 lxd/storage.go  |  9 +
 shared/version/useragent.go | 25 -
 2 files changed, 29 insertions(+), 5 deletions(-)

diff --git a/lxd/storage.go b/lxd/storage.go
index 4a651d70e..82d59c9b8 100644
--- a/lxd/storage.go
+++ b/lxd/storage.go
@@ -18,6 +18,7 @@ import (
"github.com/lxc/lxd/shared/idmap"
"github.com/lxc/lxd/shared/ioprogress"
"github.com/lxc/lxd/shared/logger"
+   "github.com/lxc/lxd/shared/version"
 )
 
 // lxdStorageLockMap is a hashmap that allows functions to check whether the
@@ -886,6 +887,14 @@ func storagePoolDriversCacheUpdate(dbNode *db.Node) {
data[driver] = sCore.GetStorageTypeVersion()
}
 
+   backends := []string{}
+   for k, v := range data {
+   backends = append(backends, fmt.Sprintf("%s %s", k, v))
+   }
+
+   // Update the agent
+   version.UserAgentStorageBackends(backends)
+
storagePoolDriversCacheLock.Lock()
storagePoolDriversCacheVal.Store(data)
storagePoolDriversCacheLock.Unlock()
diff --git a/shared/version/useragent.go b/shared/version/useragent.go
index 9c371cff5..300f5a645 100644
--- a/shared/version/useragent.go
+++ b/shared/version/useragent.go
@@ -9,19 +9,34 @@ import (
 )
 
 // UserAgent contains a string suitable as a user-agent
-var UserAgent = getUserAgent()
+var UserAgent = getUserAgent(nil)
 
-func getUserAgent() string {
+func getUserAgent(storageTokens []string) string {
archID, err := osarch.ArchitectureId(runtime.GOARCH)
if err != nil {
panic(err)
}
+
arch, err := osarch.ArchitectureName(archID)
if err != nil {
panic(err)
}
 
-   tokens := []string{strings.Title(runtime.GOOS), arch}
-   tokens = append(tokens, getPlatformVersionStrings()...)
-   return fmt.Sprintf("LXD %s (%s)", Version, strings.Join(tokens, "; "))
+   osTokens := []string{strings.Title(runtime.GOOS), arch}
+   osTokens = append(osTokens, getPlatformVersionStrings()...)
+
+   agent := fmt.Sprintf("LXD %s", Version)
+   if len(osTokens) > 0 {
+   agent = fmt.Sprintf("%s (%s)", agent, strings.Join(osTokens, "; 
"))
+   }
+
+   if len(storageTokens) > 0 {
+   agent = fmt.Sprintf("%s (%s)", agent, 
strings.Join(storageTokens, "; "))
+   }
+
+   return agent
+}
+
+func UserAgentStorageBackends(backends []string) {
+   UserAgent = getUserAgent(backends)
 }
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] [log] wrong trace message

[duguhaotian on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2147

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
print wrong message

Signed-off-by: duguhaotian 
From 3c1fb2e4c991f78b6feb298c868b2f2c09d66145 Mon Sep 17 00:00:00 2001
From: duguhaotian 
Date: Fri, 9 Feb 2018 18:50:51 +0800
Subject: [PATCH] [log] wrong trace message

print wrong message

Signed-off-by: duguhaotian 
---
 src/lxc/conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index affc41e16..82e0d62e3 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -396,7 +396,7 @@ int run_script_argv(const char *name, unsigned int 
hook_version,
 "LXC_HOOK_TYPE=%s", hookname);
return -1;
}
-   TRACE("Set environment variable: LXC_HOOK_TYPE=%s", section);
+   TRACE("Set environment variable: LXC_HOOK_TYPE=%s", hookname);
 
ret = setenv("LXC_HOOK_SECTION", section, 1);
if (ret < 0) {
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] 90f204: conf: fix log message

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 90f2046676e99922495d91cae34187750f5d1c4d
  https://github.com/lxc/lxc/commit/90f2046676e99922495d91cae34187750f5d1c4d
  Author: duguhaotian 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/conf.c

  Log Message:
  ---
  conf: fix log message

Signed-off-by: duguhaotian 


  Commit: 2df70fba94aef9dc15462776f4f2d029d12706f6
  https://github.com/lxc/lxc/commit/2df70fba94aef9dc15462776f4f2d029d12706f6
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/conf.c

  Log Message:
  ---
  Merge branch 'duguhaotian-new' into lxc/master


Compare: https://github.com/lxc/lxc/compare/17eba7a26f8a...2df70fba94ae___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] pam: create writable cgroups for unpriv users

[brauner on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2148

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us
to share a bunch of code between the cgroup backends and the pam module. The
next step obviously is to share code.

Closes #1307.

Signed-off-by: Christian Brauner 
From 48d025ef5a5c115c588f2bf5c25f2a9d4c16fa9b Mon Sep 17 00:00:00 2001
From: Christian Brauner 
Date: Fri, 9 Feb 2018 13:16:49 +0100
Subject: [PATCH] pam: create writable cgroups for unpriv users

This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us
to share a bunch of code between the cgroup backends and the pam module. The
next step obviously is to share code.

Closes #1307.

Signed-off-by: Christian Brauner 
---
 configure.ac   |   32 +
 src/lxc/Makefile.am|   19 +-
 src/lxc/pam/pam_cgfs.c | 2595 
 3 files changed, 2644 insertions(+), 2 deletions(-)
 create mode 100644 src/lxc/pam/pam_cgfs.c

diff --git a/configure.ac b/configure.ac
index 6713539b4..c16a57cec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -646,6 +646,35 @@ else
 fi
 AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 
+AC_ARG_WITH(
+   [pamdir],
+   [AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM 
modules are stored,
+   or "none" if PAM modules are 
not to be built])],
+   [pamdir="${withval}"],
+   [
+   if test "${prefix}" = "/usr"; then
+   pamdir="/lib${libdir##*/lib}/security"
+   else
+   pamdir="\$(libdir)/security"
+   fi
+   ]
+)
+
+AM_CONDITIONAL([HAVE_PAM], [test x"$pamdir" != "xnone"])
+if test "z$pamdir" != "znone"; then
+   AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam])
+   AC_ARG_VAR([PAM_LIBS], [linker flags for pam])
+   AC_CHECK_LIB(
+   [pam],
+   [pam_authenticate],
+   [PAM_LIBS="-lpam"],
+   [AC_MSG_ERROR([*** libpam not found.])
+   ])
+
+   AC_SUBST(PAM_LIBS)
+   AC_SUBST([pamdir])
+fi
+
 # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
@@ -967,6 +996,9 @@ Security features:
  - SELinux: $enable_selinux
  - cgmanager: $enable_cgmanager
 
+PAM:
+ - cgroup PAM module: $pamdir
+
 Bindings:
  - lua: $enable_lua
  - python3: $enable_python
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 8f9a7ab29..eead742e4 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -317,6 +317,14 @@ init_lxc_static_LDADD = @CAP_LIBS@
 init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF
 endif
 
+if HAVE_PAM
+pam_LTLIBRARIES = pam_cgfs.la
+pam_cgfs_la_SOURCES = pam/pam_cgfs.c macro.h
+pam_cgfs_la_CFLAGS = $(AM_CFLAGS)
+pam_cgfs_la_LIBADD = $(AM_LIBS) $(PAM_LIBS) -L$(top_srcdir)
+pam_cgfs_la_LDFLAGS = $(AM_LDFLAGS) -module -avoid-version -shared
+endif
+
 install-exec-local: install-libLTLIBRARIES
mkdir -p $(DESTDIR)$(datadir)/lxc
install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
@@ -325,9 +333,16 @@ install-exec-local: install-libLTLIBRARIES
cd $(DESTDIR)$(libdir); \
ln -sf liblxc.so.@LXC_ABI@ liblxc.so.$(firstword $(subst ., 
,@LXC_ABI@)); \
ln -sf liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) liblxc.so
-
-install-exec-hook:
+if HAVE_PAM
chmod u+s $(DESTDIR)$(libexecdir)/lxc/lxc-user-nic
+endif
 
 uninstall-local:
$(RM) $(DESTDIR)$(libdir)/liblxc.so*
+if HAVE_PAM
+   $(RM) $(DESTDIR)$(pamdir)/pam_cgfs.so*
+endif
+
+install-data-hook: install-pamLTLIBRARIES
+   $(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.la"
+   $(RM) "$(DESTDIR)$(pamdir)/pam_cgfs.a"
diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
new file mode 100644
index 0..3df8daef3
--- /dev/null
+++ b/src/lxc/pam/pam_cgfs.c
@@ -0,0 +1,2595 @@
+/* pam-cgfs
+ *
+ * Copyright © 2016 Canonical, Inc
+ * Author: Serge Hallyn 
+ * Author: Christian Brauner 
+ *
+ * When a user logs in, this pam module will create cgroups which the user may
+ * administer. It handles both pure cgroupfs v1 and pure cgroupfs v2, as well 
as
+ * mixed mounts, where some controllers are mounted in a standard cgroupfs v1
+ * hierarchy location (/sys/fs/cgroup/) and others are in the
+ * cgroupfs v2 hierarchy.
+ * Writeable cgroups are either created for all controllers or, if specified,
+ * for any controllers listed on the command line.
+ * The cgroup created will be "user/$user/0" for the first session,
+ * 

[lxc-devel] [distrobuilder/master] Definition updates

[monstermunchkin on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/2

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===

From 3bd048b4b263a1f835a28a8a0aca6f64f287b60b Mon Sep 17 00:00:00 2001
From: Thomas Hipp 
Date: Wed, 7 Feb 2018 12:30:57 +0100
Subject: [PATCH 1/5] *: Add Definition defaults

Signed-off-by: Thomas Hipp 
---
 distrobuilder/main.go |  2 ++
 shared/definition.go  | 15 +++
 2 files changed, 17 insertions(+)

diff --git a/distrobuilder/main.go b/distrobuilder/main.go
index f5c7345..a52d418 100644
--- a/distrobuilder/main.go
+++ b/distrobuilder/main.go
@@ -195,5 +195,7 @@ func getDefinition(fname string) (shared.Definition, error) 
{
return def, err
}
 
+   shared.SetDefinitionDefaults()
+
return def, err
 }
diff --git a/shared/definition.go b/shared/definition.go
index d8df4a7..2a787b5 100644
--- a/shared/definition.go
+++ b/shared/definition.go
@@ -1,5 +1,7 @@
 package shared
 
+import "runtime"
+
 // A DefinitionPackages list packages which are to be either installed or
 // removed.
 type DefinitionPackages struct {
@@ -53,3 +55,16 @@ type Definition struct {
Files[]DefinitionFile   `yaml:"files,omitempty"`
Packages DefinitionPackages `yaml:"packages,omitempty"`
 }
+
+// SetDefinitionDefaults sets some default values for the given Definition.
+func SetDefinitionDefaults(def *Definition) {
+   // default to local arch
+   if def.Image.Arch == "" {
+   def.Image.Arch = runtime.GOARCH
+   }
+
+   // set default expiry of 30 days
+   if def.Image.Expiry == "" {
+   def.Image.Expiry = "30d"
+   }
+}

From 4fe0c6a3a74ea71140a5bdd648391e66af94cffa Mon Sep 17 00:00:00 2001
From: Thomas Hipp 
Date: Wed, 7 Feb 2018 13:12:43 +0100
Subject: [PATCH 2/5] shared: Update Definition

Signed-off-by: Thomas Hipp 
---
 shared/definition.go | 12 +++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/shared/definition.go b/shared/definition.go
index 2a787b5..42b164d 100644
--- a/shared/definition.go
+++ b/shared/definition.go
@@ -19,6 +19,7 @@ type DefinitionImage struct {
Arch string `yaml:"arch,omitempty"`
Expiry   string `yaml:"expiry,omitempty"`
Variant  string `yaml:"variant,omitempty"`
+   Name string `yaml:"name,omitempty"`
 }
 
 // A DefinitionSource specifies the download type and location
@@ -41,12 +42,20 @@ type DefinitionTarget struct {
 
 // A DefinitionFile represents a file which is to be created inside to chroot.
 type DefinitionFile struct {
-   Name  string   `yaml:"name"`
Generator string   `yaml:"generator"`
Path  string   `yaml:"path,omitempty"`
Releases  []string `yaml:"releases,omitempty"`
 }
 
+// DefinitionActions specifies custom actions (scripts) which are to be run 
after
+// certain actions.
+type DefinitionActions struct {
+   PostUnpack   string `yaml:"post-unpack,omitempty"`
+   PostUpdate   string `yaml:"post-update,omitempty"`
+   PostPackages string `yaml:"post-packages,omitempty"`
+   PostFilesstring `yaml:"post-files,omitempty"`
+}
+
 // A Definition a definition.
 type Definition struct {
ImageDefinitionImage`yaml:"image"`
@@ -54,6 +63,7 @@ type Definition struct {
Targets  DefinitionTarget   `yaml:"targets,omitempty"`
Files[]DefinitionFile   `yaml:"files,omitempty"`
Packages DefinitionPackages `yaml:"packages,omitempty"`
+   Actions  DefinitionActions  `yaml:"actions,omitempty"`
 }
 
 // SetDefinitionDefaults sets some default values for the given Definition.

From 1a15ac757f21b438c979fbb34db1774ec0ab1458 Mon Sep 17 00:00:00 2001
From: Thomas Hipp 
Date: Fri, 9 Feb 2018 14:25:27 +0100
Subject: [PATCH 3/5] *: Add Definition validation

Signed-off-by: Thomas Hipp 
---
 distrobuilder/main.go |  1 +
 shared/definition.go  | 47 ++-
 2 files changed, 47 insertions(+), 1 deletion(-)

diff --git a/distrobuilder/main.go b/distrobuilder/main.go
index a52d418..c8187a4 100644
--- a/distrobuilder/main.go
+++ b/distrobuilder/main.go
@@ -196,6 +196,7 @@ func getDefinition(fname string) (shared.Definition, error) 
{
}
 
shared.SetDefinitionDefaults()
+   err = shared.ValidateDefinition(def)
 
return def, err
 }
diff --git a/shared/definition.go b/shared/definition.go
index 42b164d..e03def0 100644
--- a/shared/definition.go
+++ b/shared/definition.go
@@ -1,6 +1,13 @@
 package shared
 
-import "runtime"
+import (
+   "errors"
+   "fmt"
+   "runtime"
+   "strings"
+
+   

[lxc-devel] [lxc/lxc] ee1b16: fix userns helper error handling

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e
  https://github.com/lxc/lxc/commit/ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e
  Author: Tycho Andersen 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/conf.c

  Log Message:
  ---
  fix userns helper error handling

In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.

Signed-off-by: Tycho Andersen 


  Commit: 056fec39f7eb92d512b8c42996a37b68592ee2a5
  https://github.com/lxc/lxc/commit/056fec39f7eb92d512b8c42996a37b68592ee2a5
  Author: Christian Brauner 
  Date:   2018-02-09 (Fri, 09 Feb 2018)

  Changed paths:
M src/lxc/conf.c

  Log Message:
  ---
  Merge pull request #2149 from tych0/fix-userns-error-handling

fix userns helper error handling


Compare: https://github.com/lxc/lxc/compare/2df70fba94ae...056fec39f7eb___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] fix userns helper error handling

[tych0 on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2149

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.

Signed-off-by: Tycho Andersen 
From ee1b16bcbd6d570bbfde9d7cefd960cddedbbf6e Mon Sep 17 00:00:00 2001
From: Tycho Andersen 
Date: Fri, 9 Feb 2018 13:26:31 +
Subject: [PATCH] fix userns helper error handling

In both of these cases if there is actually an error, we won't close the
pipe and the api call will hang. Instead, let's be sure to close the pipe
before waiting, so that it doesn't hang.

Signed-off-by: Tycho Andersen 
---
 src/lxc/conf.c | 16 
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 1035c6fef..7d2efa209 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4003,14 +4003,14 @@ int userns_exec_1(struct lxc_conf *conf, int (*fn)(void 
*), void *data,
}
 
 on_error:
-   /* Wait for child to finish. */
-   if (pid > 0)
-   status = wait_for_pid(pid);
-
if (p[0] != -1)
close(p[0]);
close(p[1]);
 
+   /* Wait for child to finish. */
+   if (pid > 0)
+   status = wait_for_pid(pid);
+
if (status < 0)
ret = -1;
 
@@ -4178,6 +4178,10 @@ int userns_exec_full(struct lxc_conf *conf, int 
(*fn)(void *), void *data,
}
 
 on_error:
+   if (p[0] != -1)
+   close(p[0]);
+   close(p[1]);
+
/* Wait for child to finish. */
if (pid > 0)
ret = wait_for_pid(pid);
@@ -4189,10 +4193,6 @@ int userns_exec_full(struct lxc_conf *conf, int 
(*fn)(void *), void *data,
if (host_gid_map && (host_gid_map != container_root_gid))
free(host_gid_map);
 
-   if (p[0] != -1)
-   close(p[0]);
-   close(p[1]);
-
return ret;
 }
 
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel