[lxc-devel] [lxc/lxc] 7fd02e: api_extensions: fix wrong licensing
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 7fd02ed74da7d495a8a4bf5c797762d8ecab290c https://github.com/lxc/lxc/commit/7fd02ed74da7d495a8a4bf5c797762d8ecab290c Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/api_extensions.h Log Message: --- api_extensions: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: b80e01bda3f16b64b2fc42faada30577e88c629d https://github.com/lxc/lxc/commit/b80e01bda3f16b64b2fc42faada30577e88c629d Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/compiler.h Log Message: --- compiler: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: 6aae19f7c8cc3ab036e078172c735cf058054dcf https://github.com/lxc/lxc/commit/6aae19f7c8cc3ab036e078172c735cf058054dcf Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/file_utils.h Log Message: --- file_utils.h: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: 3877934c7af1edd982c5a01174ca2bdbb6f85d69 https://github.com/lxc/lxc/commit/3877934c7af1edd982c5a01174ca2bdbb6f85d69 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/macro.h Log Message: --- api_extensions: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: 2b3153a88274c70584d97758b6d487169217fcac https://github.com/lxc/lxc/commit/2b3153a88274c70584d97758b6d487169217fcac Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/rexec.c Log Message: --- rexec: fix wrong licensing /* Affected People */ Christian Brauner Aleksa Sarai Signed-off-by: Christian Brauner Acked-by: Aleksa Sarai Commit: cd4a865dd697ecb245b3e58e54d053af89730a75 https://github.com/lxc/lxc/commit/cd4a865dd697ecb245b3e58e54d053af89730a75 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/memory_utils.h Log Message: --- memory_utils: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: c423a0a7d88520b3253d07d4c3534ede3629b302 https://github.com/lxc/lxc/commit/c423a0a7d88520b3253d07d4c3534ede3629b302 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/ringbuf.h Log Message: --- ringbuf.h: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner Commit: 7043a15df390df43533eb1ff6fc8571e8a857206 https://github.com/lxc/lxc/commit/7043a15df390df43533eb1ff6fc8571e8a857206 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/syscall_wrappers.h Log Message: --- syscall_wrappers: fix wrong licensing /* Affected People */ Christian Brauner Aleksa Sarai Signed-off-by: Christian Brauner Commit: 9581e69761283aef300dbab37030846e0f7a5a28 https://github.com/lxc/lxc/commit/9581e69761283aef300dbab37030846e0f7a5a28 Author: Stéphane Graber Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/api_extensions.h M src/lxc/compiler.h M src/lxc/file_utils.h M src/lxc/macro.h M src/lxc/memory_utils.h M src/lxc/rexec.c M src/lxc/ringbuf.h M src/lxc/syscall_wrappers.h Log Message: --- Merge pull request #2843 from brauner/2019-02-11/fix_licensing_brauner fix licensing headers Compare: https://github.com/lxc/lxc/compare/9c63d38cec29...9581e6976128 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] string_utils.h: fix wrong licensing
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2844 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === /* Affected People */ Christian Brauner Fabrice Fontaine Josh Soref Signed-off-by: Christian Brauner Acked-by: Fabrice Fontaine Acked-by: Josh Soref From 67d35b42ea5f15e5fafca4954581946c035bc66b Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 22:13:34 +0100 Subject: [PATCH] string_utils.h: fix wrong licensing /* Affected People */ Christian Brauner Fabrice Fontaine Josh Soref Signed-off-by: Christian Brauner Acked-by: Fabrice Fontaine Acked-by: Josh Soref --- src/lxc/string_utils.h | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/lxc/string_utils.h b/src/lxc/string_utils.h index d4e633cc6..bf5b1c5e2 100644 --- a/src/lxc/string_utils.h +++ b/src/lxc/string_utils.h @@ -3,18 +3,19 @@ * Copyright © 2018 Christian Brauner . * Copyright © 2018 Canonical Ltd. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef __LXC_STRING_UTILS_H ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 233043: include: add fexecve() for Android's Bionic
Branch: refs/heads/stable-3.0 Home: https://github.com/lxc/lxc Commit: 233043af39fffcb50211020ebfddacc2b74bf1cb https://github.com/lxc/lxc/commit/233043af39fffcb50211020ebfddacc2b74bf1cb Author: Christian Brauner Date: 2019-02-12 (Tue, 12 Feb 2019) Changed paths: A src/include/fexecve.c A src/include/fexecve.h M src/lxc/Makefile.am M src/lxc/rexec.c Log Message: --- include: add fexecve() for Android's Bionic Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 5164df: fexecve: remove unnecessary #ifdef
Branch: refs/heads/stable-2.0 Home: https://github.com/lxc/lxc Commit: 5164df786b814064934cb22b9ca61064a1a29a2e https://github.com/lxc/lxc/commit/5164df786b814064934cb22b9ca61064a1a29a2e Author: Christian Brauner Date: 2019-02-12 (Tue, 12 Feb 2019) Changed paths: M src/include/fexecve.c Log Message: --- fexecve: remove unnecessary #ifdef Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 27bc47: include: add fexecve() for Android's Bionic
Branch: refs/heads/stable-2.0 Home: https://github.com/lxc/lxc Commit: 27bc47079fc20fa60e2df97d8b22c97bb83d3e3f https://github.com/lxc/lxc/commit/27bc47079fc20fa60e2df97d8b22c97bb83d3e3f Author: Christian Brauner Date: 2019-02-12 (Tue, 12 Feb 2019) Changed paths: A src/include/fexecve.c A src/include/fexecve.h M src/lxc/Makefile.am M src/lxc/rexec.c Log Message: --- include: add fexecve() for Android's Bionic Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] lxd: Fix snapshot expiry for scheduled snapshots
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/5481 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Thomas Hipp From 3b96180082594fbcdf9d66658b9ed31e00de972a Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 11 Feb 2019 09:33:52 +0100 Subject: [PATCH] lxd: Fix snapshot expiry for scheduled snapshots Signed-off-by: Thomas Hipp --- lxd/container.go | 7 +++ 1 file changed, 7 insertions(+) diff --git a/lxd/container.go b/lxd/container.go index 066d959169..1a04aa1874 100644 --- a/lxd/container.go +++ b/lxd/container.go @@ -1635,6 +1635,12 @@ func autoCreateContainerSnapshots(ctx context.Context, d *Daemon, containers []c snapshotName = fmt.Sprintf("%s%s%s", c.Name(), shared.SnapshotDelimiter, snapshotName) + expiry, err := shared.GetSnapshotExpiry(time.Now(), c.LocalConfig()["snapshots.expiry"]) + if err != nil { + logger.Error("Error getting expiry date", log.Ctx{"err": err, "container": c}) + return + } + args := db.ContainerArgs{ Architecture: c.Architecture(), Config: c.LocalConfig(), @@ -1645,6 +1651,7 @@ func autoCreateContainerSnapshots(ctx context.Context, d *Daemon, containers []c Profiles: c.Profiles(), Project: c.Project(), Stateful: false, + ExpiryDate: expiry, } _, err = containerCreateAsSnapshot(d.State(), args, c) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9d361e: include: add fexecve() for Android's Bionic
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9d361e0fd485941ddf098f9d6696bbd58e7e2d3a https://github.com/lxc/lxc/commit/9d361e0fd485941ddf098f9d6696bbd58e7e2d3a Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: A src/include/fexecve.c A src/include/fexecve.h M src/lxc/Makefile.am M src/lxc/rexec.c Log Message: --- include: add fexecve() for Android's Bionic Signed-off-by: Christian Brauner Commit: 9c63d38cec293f281cbbce0fc505d3aece6e4d09 https://github.com/lxc/lxc/commit/9c63d38cec293f281cbbce0fc505d3aece6e4d09 Author: Stéphane Graber Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: A src/include/fexecve.c A src/include/fexecve.h M src/lxc/Makefile.am M src/lxc/rexec.c Log Message: --- Merge pull request #2841 from brauner/2019-02-11/fix_android include: add fexecve() for Android's Bionic Compare: https://github.com/lxc/lxc/compare/6400238d08cd...9c63d38cec29 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] tree-wide: fix wrong copy-paste for licenses
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2842 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From 6b9e666f95fe2113d20a4084cf71d0b79fe0e9f3 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 16:34:54 +0100 Subject: [PATCH] tree-wide: fix wrong copy-paste for licenses Signed-off-by: Christian Brauner --- src/lxc/api_extensions.h | 23 --- src/lxc/cmd/lxc_user_nic.c | 23 --- src/lxc/commands_utils.c | 23 --- src/lxc/commands_utils.h | 23 --- src/lxc/compiler.h | 23 --- src/lxc/confile_utils.c| 23 --- src/lxc/confile_utils.h| 23 --- src/lxc/file_utils.c | 23 --- src/lxc/file_utils.h | 23 --- src/lxc/macro.h| 23 --- src/lxc/memory_utils.h | 23 --- src/lxc/raw_syscalls.c | 20 src/lxc/raw_syscalls.h | 23 --- src/lxc/rexec.c| 23 --- src/lxc/ringbuf.c | 23 --- src/lxc/ringbuf.h | 23 --- src/lxc/string_utils.c | 23 --- src/lxc/string_utils.h | 23 --- src/lxc/syscall_wrappers.h | 23 --- 19 files changed, 236 insertions(+), 198 deletions(-) diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h index 3ab5efa3b..03d4e25fd 100644 --- a/src/lxc/api_extensions.h +++ b/src/lxc/api_extensions.h @@ -3,18 +3,19 @@ * Copyright © 2018 Christian Brauner . * Copyright © 2018 Canonical Ltd. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef __LXC_API_EXTENSIONS_H diff --git a/src/lxc/cmd/lxc_user_nic.c b/src/lxc/cmd/lxc_user_nic.c index be6b395be..df444e5ee 100644 --- a/src/lxc/cmd/lxc_user_nic.c +++ b/src/lxc/cmd/lxc_user_nic.c @@ -3,18 +3,19 @@ * Copyright © 2013 Serge Hallyn . * Copyright © 2013 Canonical Ltd. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef _GNU_SOURCE diff
[lxc-devel] [lxc/lxc] 25de38: utils: add missing sealing flags
Branch: refs/heads/stable-2.0 Home: https://github.com/lxc/lxc Commit: 25de38e24f8ba0e572fe3e7d918e5a2a081c5b74 https://github.com/lxc/lxc/commit/25de38e24f8ba0e572fe3e7d918e5a2a081c5b74 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/utils.h Log Message: --- utils: add missing sealing flags Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] Fixed: lxc/lxc#6410 (stable-2.0 - 25de38e)
Build Update for lxc/lxc - Build: #6410 Status: Fixed Duration: 3 mins and 47 secs Commit: 25de38e (stable-2.0) Author: Christian Brauner Message: utils: add missing sealing flags Signed-off-by: Christian Brauner View the changeset: https://github.com/lxc/lxc/compare/c1f71af529d9...25de38e24f8b View the full build log and details: https://travis-ci.org/lxc/lxc/builds/491634487?utm_medium=notification_source=email -- You can unsubscribe from build emails from the lxc/lxc repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=1693277_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] f45ab7: CVE-2019-5736 (runC): rexec callers as memfd
Branch: refs/heads/stable-2.0 Home: https://github.com/lxc/lxc Commit: f45ab7937e5b2bf1c112dc39e38c05cf73573213 https://github.com/lxc/lxc/commit/f45ab7937e5b2bf1c112dc39e38c05cf73573213 Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M configure.ac M src/lxc/Makefile.am A src/lxc/rexec.c Log Message: --- CVE-2019-5736 (runC): rexec callers as memfd Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O. The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed - which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/ and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack. LXC is also impacted in a similar manner by this vulnerability, however as the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. Quoting from the https://linuxcontainers.org/lxc/security/ project's Security information page: "As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented." To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. Any compromising write operations from a privileged container to the host LXC binary will then write to the temporary in-memory binary and not to the host binary on-disk, preserving the integrity of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, writes to this will also fail. Note: memfd_create() was added to the Linux kernel in the 3.17 release. Signed-off-by: Christian Brauner Co-Developed-by: Aleksa Sarai Acked-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [distrobuilder/master] sources: Get latest Arch Linux release by default
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/distrobuilder/pull/127 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === If image.release is empty or not set, the latest release will be used. This resolves #126. Signed-off-by: Thomas Hipp From c5c899607dbaf9445413e28c9f0741f8b7514ec9 Mon Sep 17 00:00:00 2001 From: Thomas Hipp Date: Mon, 11 Feb 2019 14:26:13 +0100 Subject: [PATCH] sources: Get latest Arch Linux release by default If image.release is empty or not set, the latest release will be used. Signed-off-by: Thomas Hipp --- sources/archlinux-http.go | 36 ++ sources/archlinux-http_test.go | 16 +++ 2 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 sources/archlinux-http_test.go diff --git a/sources/archlinux-http.go b/sources/archlinux-http.go index 909f48e..f12ece2 100644 --- a/sources/archlinux-http.go +++ b/sources/archlinux-http.go @@ -7,10 +7,12 @@ import ( "os" "path" "path/filepath" - - lxd "github.com/lxc/lxd/shared" + "strings" "github.com/lxc/distrobuilder/shared" + + lxd "github.com/lxc/lxd/shared" + "gopkg.in/antchfx/htmlquery.v1" ) // ArchLinuxHTTP represents the Arch Linux downloader. @@ -23,10 +25,22 @@ func NewArchLinuxHTTP() *ArchLinuxHTTP { // Run downloads an Arch Linux tarball. func (s *ArchLinuxHTTP) Run(definition shared.Definition, rootfsDir string) error { + release := definition.Image.Release + + if release == "" { + var err error + + // Get latest release + release, err = s.getLatestRelease() + if err != nil { + return err + } + } + fname := fmt.Sprintf("archlinux-bootstrap-%s-%s.tar.gz", - definition.Image.Release, definition.Image.ArchitectureMapped) + release, definition.Image.ArchitectureMapped) tarball := fmt.Sprintf("%s/%s/%s", definition.Source.URL, - definition.Image.Release, fname) + release, fname) url, err := url.Parse(tarball) if err != nil { @@ -84,3 +98,17 @@ func (s *ArchLinuxHTTP) Run(definition shared.Definition, rootfsDir string) erro return os.RemoveAll(filepath.Join(rootfsDir, "root."+ definition.Image.ArchitectureMapped)) } + +func (s *ArchLinuxHTTP) getLatestRelease() (string, error) { + doc, err := htmlquery.LoadURL("https://www.archlinux.org/download/;) + if err != nil { + return "", err + } + + node := htmlquery.FindOne(doc, `//*[@id="arch-downloads"]/ul[1]/li[1]/text()`) + if node == nil { + return "", fmt.Errorf("Failed to determine latest release") + } + + return strings.TrimSpace(node.Data), nil +} diff --git a/sources/archlinux-http_test.go b/sources/archlinux-http_test.go new file mode 100644 index 000..6f9c3cb --- /dev/null +++ b/sources/archlinux-http_test.go @@ -0,0 +1,16 @@ +package sources + +import ( + "regexp" + "testing" + + "github.com/stretchr/testify/require" +) + +func TestArchLinuxGetLatestRelease(t *testing.T) { + var src ArchLinuxHTTP + + release, err := src.getLatestRelease() + require.NoError(t, err) + require.Regexp(t, regexp.MustCompile(`^\d{4}\.\d{2}\.\d{2}$`), release) +} ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] c1f71a: rexec: don't include non-existing header
Branch: refs/heads/stable-2.0 Home: https://github.com/lxc/lxc Commit: c1f71af529d9eb679c221cdae61ec60806e4863a https://github.com/lxc/lxc/commit/c1f71af529d9eb679c221cdae61ec60806e4863a Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M src/lxc/rexec.c Log Message: --- rexec: don't include non-existing header Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 640023: CVE-2019-5736 (runC): rexec callers as memfd
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 6400238d08cdf1ca20d49bafb85f4e224348bf9d https://github.com/lxc/lxc/commit/6400238d08cdf1ca20d49bafb85f4e224348bf9d Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M configure.ac M src/lxc/Makefile.am M src/lxc/file_utils.c M src/lxc/file_utils.h A src/lxc/rexec.c M src/lxc/syscall_wrappers.h Log Message: --- CVE-2019-5736 (runC): rexec callers as memfd Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O. The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed - which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/ and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack. LXC is also impacted in a similar manner by this vulnerability, however as the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. Quoting from the https://linuxcontainers.org/lxc/security/ project's Security information page: "As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented." To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. Any compromising write operations from a privileged container to the host LXC binary will then write to the temporary in-memory binary and not to the host binary on-disk, preserving the integrity of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, writes to this will also fail. Note: memfd_create() was added to the Linux kernel in the 3.17 release. Signed-off-by: Christian Brauner Co-Developed-by: Alesa Sarai Acked-by: Serge Hallyn Signed-off-by: Christian Brauner ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 113a05: CVE-2019-5736 (runC): rexec callers as memfd
Branch: refs/heads/stable-3.0 Home: https://github.com/lxc/lxc Commit: 113a0557d7651385d30e181a23c8e68e696ad67f https://github.com/lxc/lxc/commit/113a0557d7651385d30e181a23c8e68e696ad67f Author: Christian Brauner Date: 2019-02-11 (Mon, 11 Feb 2019) Changed paths: M configure.ac M src/lxc/Makefile.am M src/lxc/file_utils.c M src/lxc/file_utils.h A src/lxc/rexec.c M src/lxc/syscall_wrappers.h Log Message: --- CVE-2019-5736 (runC): rexec callers as memfd Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O. The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed - which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/ and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack. LXC is also impacted in a similar manner by this vulnerability, however as the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. Quoting from the https://linuxcontainers.org/lxc/security/ project's Security information page: "As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented." To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. Any compromising write operations from a privileged container to the host LXC binary will then write to the temporary in-memory binary and not to the host binary on-disk, preserving the integrity of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, writes to this will also fail. Note: memfd_create() was added to the Linux kernel in the 3.17 release. Signed-off-by: Christian Brauner Co-Developed-by: Aleksa Sarai Acked-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] Broken: lxc/lxc#6407 (stable-2.0 - f45ab79)
Build Update for lxc/lxc - Build: #6407 Status: Broken Duration: 2 mins and 3 secs Commit: f45ab79 (stable-2.0) Author: Christian Brauner Message: CVE-2019-5736 (runC): rexec callers as memfd Adam Iwaniuk and Borys Popławski discovered that an attacker can compromise the runC host binary from inside a privileged runC container. As a result, this could be exploited to gain root access on the host. runC is used as the default runtime for containers with Docker, containerd, Podman, and CRI-O. The attack can be made when attaching to a running container or when starting a container running a specially crafted image. For example, when runC attaches to a container the attacker can trick it into executing itself. This could be done by replacing the target binary inside the container with a custom binary pointing back at the runC binary itself. As an example, if the target binary was /bin/bash, this could be replaced with an executable script specifying the interpreter path #!/proc/self/exe (/proc/self/exec is a symbolic link created by the kernel for every process which points to the binary that was executed for that process). As such when /bin/bash is executed inside the container, instead the target of /proc/self/exe will be executed - which will point to the runc binary on the host. The attacker can then proceed to write to the target of /proc/self/exe to try and overwrite the runC binary on the host. However in general, this will not succeed as the kernel will not permit it to be overwritten whilst runC is executing. To overcome this, the attacker can instead open a file descriptor to /proc/self/exe using the O_PATH flag and then proceed to reopen the binary as O_WRONLY through /proc/self/fd/ and try to write to it in a busy loop from a separate process. Ultimately it will succeed when the runC binary exits. After this the runC binary is compromised and can be used to attack other containers or the host itself. This attack is only possible with privileged containers since it requires root privilege on the host to overwrite the runC binary. Unprivileged containers with a non-identity ID mapping do not have the permission to write to the host binary and therefore are unaffected by this attack. LXC is also impacted in a similar manner by this vulnerability, however as the LXC project considers privileged containers to be unsafe no CVE has been assigned for this issue for LXC. Quoting from the https://linuxcontainers.org/lxc/security/ project's Security information page: "As privileged containers are considered unsafe, we typically will not consider new container escape exploits to be security issues worthy of a CVE and quick fix. We will however try to mitigate those issues so that accidental damage to the host is prevented." To prevent this attack, LXC has been patched to create a temporary copy of the calling binary itself when it starts or attaches to containers. To do this LXC creates an anonymous, in-memory file using the memfd_create() system call and copies itself into the temporary in-memory file, which is then sealed to prevent further modifications. LXC then executes this sealed, in-memory file instead of the original on-disk binary. Any compromising write operations from a privileged container to the host LXC binary will then write to the temporary in-memory binary and not to the host binary on-disk, preserving the integrity of the host LXC binary. Also as the temporary, in-memory LXC binary is sealed, writes to this will also fail. Note: memfd_create() was added to the Linux kernel in the 3.17 release. Signed-off-by: Christian Brauner Co-Developed-by: Aleksa Sarai Acked-by: Serge Hallyn View the changeset: https://github.com/lxc/lxc/compare/5b3463907d74...f45ab7937e5b View the full build log and details: https://travis-ci.org/lxc/lxc/builds/491623827?utm_medium=notification_source=email -- You can unsubscribe from build emails from the lxc/lxc repository going to https://travis-ci.org/account/preferences/unsubscribe?repository=1693277_medium=notification_source=email. Or unsubscribe from *all* email updating your settings at https://travis-ci.org/account/preferences/unsubscribe?utm_medium=notification_source=email. Or configure specific recipients for build notifications in your .travis.yml file. See https://docs.travis-ci.com/user/notifications. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] include: add fexecve() for Android's Bionic
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2841 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From 8159340d4f56970bae783db1d6155ed93a71d9e4 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 14:35:50 +0100 Subject: [PATCH] include: add fexecve() for Android's Bionic Signed-off-by: Christian Brauner --- src/include/fexecve.c | 56 +++ src/include/fexecve.h | 26 src/lxc/Makefile.am | 6 +++-- 3 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 src/include/fexecve.c create mode 100644 src/include/fexecve.h diff --git a/src/include/fexecve.c b/src/include/fexecve.c new file mode 100644 index 0..de29da8c4 --- /dev/null +++ b/src/include/fexecve.c @@ -0,0 +1,56 @@ +/* liblxcapi + * + * Copyright © 2019 Christian Brauner . + * Copyright © 2019 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif + +#include +#include +#include + +#include "config.h" +#include "macro.h" +#include "raw_syscalls.h" + +int fexecve(int fd, char *const argv[], char *const envp[]) +{ + char procfd[LXC_PROC_PID_FD_LEN]; + int ret; + + if (fd < 0 || !argv || !envp) { + errno = EINVAL; + return -1; + } + +#ifdef __NR_execveat + lxc_raw_execveat(fd, "", argv, envp, AT_EMPTY_PATH); + if (errno != ENOSYS) + return -1; +#endif + + ret = snprintf(procfd, sizeof(procfd), "/proc/self/fd/%d", fd); + if (ret < 0 || (size_t)ret >= sizeof(procfd)) { + errno = ENAMETOOLONG; + return -1; + } + + execve(procfd, argv, envp); + return -1; +} diff --git a/src/include/fexecve.h b/src/include/fexecve.h new file mode 100644 index 0..78bda0695 --- /dev/null +++ b/src/include/fexecve.h @@ -0,0 +1,26 @@ +/* liblxcapi + * + * Copyright © 2019 Christian Brauner . + * Copyright © 2019 Canonical Ltd. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, as + * published by the Free Software Foundation. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License along + * with this program; if not, write to the Free Software Foundation, Inc., + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ + +#ifndef _LXC_FEXECVE_H +#define _LXC_FEXECVE_H + +#include +extern int fexecve(int fd, char *const argv[], char *const envp[]); + +#endif /* _LXC_FEXECVE_H */ diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index dc8aa3d77..e1499a7eb 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -47,7 +47,8 @@ noinst_HEADERS = api_extensions.h \ utils.h if IS_BIONIC -noinst_HEADERS += ../include/lxcmntent.h \ +noinst_HEADERS += ../include/fexecve.h \ + ../include/lxcmntent.h \ ../include/openpty.h endif @@ -145,7 +146,8 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \ $(LSM_SOURCES) if IS_BIONIC -liblxc_la_SOURCES += ../include/lxcmntent.c ../include/lxcmntent.h \ +liblxc_la_SOURCES += ../include/fexecve.c ../include/fexecve.h \ +../include/lxcmntent.c ../include/lxcmntent.h \ ../include/openpty.c ../include/openpty.h endif ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] fix licensing headers
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2843 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner These are files only I touched. Aleksa gave his Ack on the other files. From 7fd02ed74da7d495a8a4bf5c797762d8ecab290c Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 17:21:24 +0100 Subject: [PATCH 1/8] api_extensions: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner --- src/lxc/api_extensions.h | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/lxc/api_extensions.h b/src/lxc/api_extensions.h index 3ab5efa3b..03d4e25fd 100644 --- a/src/lxc/api_extensions.h +++ b/src/lxc/api_extensions.h @@ -3,18 +3,19 @@ * Copyright © 2018 Christian Brauner . * Copyright © 2018 Canonical Ltd. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef __LXC_API_EXTENSIONS_H From b80e01bda3f16b64b2fc42faada30577e88c629d Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 17:23:52 +0100 Subject: [PATCH 2/8] compiler: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner --- src/lxc/compiler.h | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/lxc/compiler.h b/src/lxc/compiler.h index e8c291ce5..65457cb31 100644 --- a/src/lxc/compiler.h +++ b/src/lxc/compiler.h @@ -3,18 +3,19 @@ * Copyright © 2018 Christian Brauner . * Copyright © 2018 Canonical Ltd. * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, + * This library is free software; you can redistribute it and/or + * modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either + * version 2.1 of the License, or (at your option) any later version. + + * This library is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + + * You should have received a copy of the GNU Lesser General Public License + * along with this library; if not, write to the Free Software Foundation, + * Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ #ifndef __LXC_COMPILER_H From 6aae19f7c8cc3ab036e078172c735cf058054dcf Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 11 Feb 2019 17:33:18 +0100 Subject: [PATCH 3/8] file_utils.h: fix wrong licensing /* Affected People */ Christian Brauner Signed-off-by: Christian Brauner --- src/lxc/file_utils.h | 23 --- 1 file changed, 12 insertions(+), 11 deletions(-) diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h index 518a61af3..fc2b7d8c1 100644 --- a/src/lxc/file_utils.h +++ b/src/lxc/file_utils.h @@ -3,18 +3,19 @@ * Copyright © 2018 Christian Brauner .