summaryrefslogtreecommitdiffstats
path: root/src/nspawn (follow)
Commit message (Collapse)AuthorAgeFilesLines
* nspawn: Don't pass uid mount option for devptsMike Gilbert2015-07-231-4/+2
| | | | | | | | | | | Mounting devpts with a uid breaks pty allocation with recent glibc versions, which expect that the kernel will set the correct owner for user-allocated ptys. The kernel seems to be smart enough to use the correct uid for root when we switch to a user namespace. This resolves #337.
* Merge pull request #500 from zonque/fileioLennart Poettering2015-07-081-4/+4
|\ | | | | fileio: consolidate write_string_file*()
| * tree-wide: fix write_string_file() user that should not create filesDaniel Mack2015-07-071-3/+3
| | | | | | | | | | | | | | The latest consolidation cleanup of write_string_file() revealed some users of that helper which should have used write_string_file_no_create() in the past but didn't. Basically, all existing users that write to files in /sys and /proc should not expect to write to a file which is not yet existant.
| * fileio: consolidate write_string_file*()Daniel Mack2015-07-071-4/+4
| | | | | | | | | | | | | | Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.
* | Remove repeated 'the'sZbigniew Jędrzejewski-Szmek2015-07-071-3/+2
|/
* Merge pull request #492 from ↵Lennart Poettering2015-07-061-1/+39
|\ | | | | | | | | richardmaw-codethink/nspawn-automatic-uid-shift-fix-v2 nspawn: Communicate determined UID shift to parent version 2
| * nspawn: Communicate determined UID shift to parentRichard Maw2015-07-061-1/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
* | nspawn: fix indentingLennart Poettering2015-07-061-4/+4
|/
* Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann2015-07-041-2/+2
|\ | | | | sd-bus: introduce new sd_bus_flush_close_unref() call
| * sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering2015-07-031-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
* | Revert "nspawn: determine_uid_shift before forking"Lennart Poettering2015-07-031-4/+4
|/
* Merge pull request #429 from ↵Tom Gundersen2015-06-301-4/+4
|\ | | | | | | | | richardmaw-codethink/nspawn-userns-uid-shift-autodetection-fix nspawn: determine_uid_shift before forking
| * nspawn: determine_uid_shift before forkingRichard Maw2015-06-301-4/+4
| | | | | | | | | | | | | | | | It is needed in one branch of the fork, but calculated in another branch. Failing to do this means using --private-users without specifying a uid shift always fails because it tries to shift the uid to UID_INVALID.
* | nspawn: Don't remount with fewer optionsRichard Maw2015-06-301-11/+11
|/ | | | | | | | | | | | When we do a MS_BIND mount, it inherits the flags of its parent mount. When we do a remount, it sets the flags to exactly what is specified. If we are in a user namespace then these mount points have their flags locked, so you can't reduce the protection. As a consequence, the default setup of mount_all doesn't work with user namespaces. However if we ensure we add the mount flags of the parent mount when remounting, then we aren't removing mount options, so we aren't trying to unlock an option that we aren't allowed to.
* nspawn: suppress warning when /etc/resolv.conf is a valid symlinkLennart Poettering2015-06-181-1/+10
| | | | | | | | | | In such a case let's suppress the warning (downgrade to LOG_DEBUG), under the assumption that the user has no config file to update in its place, but a symlink that points to something like resolved's automatically managed resolve.conf file. While we are at it, also stop complaining if we cannot write /etc/resolv.conf due to a read-only disk, given that there's little we could do about it.
* nspawn: when exiting, flush all remaining bytes from the pty to stdoutLennart Poettering2015-06-171-0/+4
| | | | | This is a simpler fix for #210, it simply uses copy_bytes() for the copying.
* nspawn: check if kernel supports userns as early as possibleDjalal Harouni2015-06-161-0/+3
| | | | | | | | | | | If the kernel do not support user namespace then one of the children created by nspawn parent will fail at clone(CLONE_NEWUSER) with the generic error EINVAL and without logging the error. At the same time the parent may also try to setup the user namespace and will fail with another error. To improve this, check if the kernel supports user namespace as early as possible.
* Merge pull request #214 from poettering/signal-rework-2Lennart Poettering2015-06-151-4/+2
|\ | | | | everywhere: port everything to sigprocmask_many() and friends
| * everywhere: port everything to sigprocmask_many() and friendsLennart Poettering2015-06-151-4/+2
| | | | | | | | | | | | | | | | | | | | | | This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
* | tmpfiles: automatically remove old machine snapshots at bootLennart Poettering2015-06-151-2/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Remove old temporary snapshots, but only at boot. Ideally we'd have "self-destroying" btrfs snapshots that go away if the last last reference to it does. To mimic a scheme like this at least remove the old snapshots on fresh boots, where we know they cannot be referenced anymore. Note that we actually remove all temporary files in /var/lib/machines/ at boot, which should be safe since the directory has defined semantics. In the root directory (where systemd-nspawn --ephemeral places snapshots) we are more strict, to avoid removing unrelated temporary files. This also splits out nspawn/container related tmpfiles bits into a new tmpfiles snippet to systemd-nspawn.conf
* | util: when creating temporary file names, allow including extra id string in itLennart Poettering2015-06-151-3/+3
|/ | | | | | | | | | | This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.
* firewall: rename fw-util.[ch] → firewall-util.[ch]Daniel Mack2015-06-151-1/+1
| | | | | The names fw-util.[ch] are too ambiguous, better rename the files to firewall-util.[ch]. Also rename the test accordingly.
* Merge pull request #205 from endocode/iaguis/seccomp-v2Lennart Poettering2015-06-151-1/+8
|\ | | | | nspawn: make seccomp loading errors non-fatal
| * nspawn: make seccomp loading errors non-fatalIago López Galeiras2015-06-151-1/+8
| | | | | | | | | | | | | | | | | | seccomp_load returns -EINVAL when seccomp support is not enabled in the kernel [1]. This should be a debug log, not an error that interrupts nspawn. If the seccomp filter can't be set and audit is enabled, the user will get an error message anyway. [1]: http://man7.org/linux/man-pages/man2/prctl.2.html
* | sd-netlink: rename from sd-rtnlTom Gundersen2015-06-131-62/+62
|/
* sd-rtnl: make joining broadcast groups implicitTom Gundersen2015-06-111-6/+6
|
* tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering2015-06-101-3/+4
| | | | | | | | | | mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
* util: split out signal-util.[ch] from util.[ch]Lennart Poettering2015-05-291-0/+1
| | | | No functional changes.
* path-util: Change path_is_mount_point() symlink arg from bool to flagsMartin Pitt2015-05-291-5/+5
| | | | | This makes path_is_mount_point() consistent with fd_is_mount_point() wrt. flags.
* nspawn: fix memleakTom Gundersen2015-05-251-1/+1
| | | | | | This was a typo, swapping prefix_root() in place of prefix_roota(). Fixes CID 1299640.
* nspawn: avoid memleakTom Gundersen2015-05-251-11/+4
| | | | | | | Simplify the code a bit, at the cost of potentially duplicating some memory unneccessarily. Fixes CID 1299641.
* nspawn: drop some debugging codeTom Gundersen2015-05-251-10/+0
| | | | | | These have no effect. Fixes CID 1299643.
* nspawn: make coverity happyTom Gundersen2015-05-251-2/+2
| | | | | | | Rather than checking the return of asprintf() we are checking if buf gets allocated, make it clear that it is ok to ignore the return value. Fixes CID 1299644.
* nspawn: be verbose about interface namesUmut Tezduyar Lindskog2015-05-241-1/+1
| | | | | | | | | | | Allowed interface name is relatively small. Lets not make users go in to the source code to figure out what happened. --machine=debian-tree conflicts with --machine=debian-tree2 ex: Failed to add new veth \ interfaces (host0, vb-debian-tree): File exists
* nspawn: prohibit access to the kernel log buffer by defaultLennart Poettering2015-05-211-9/+10
| | | | Unless CAP_SYSLOG is explicitly passed block all access to kmg
* util: introduce PERSONALITY_INVALID as macro for 0xffffffffLULennart Poettering2015-05-211-3/+3
|
* nspawn: finish user namespace supportLennart Poettering2015-05-211-638/+890
|
* core,nspawn: unify code that moves the root dirLennart Poettering2015-05-201-17/+3
|
* nspawn: close extra fds before execing initAlban Crequy2015-05-181-3/+12
| | | | | | | | | | | | | | | | | | | When systemd-nspawn gets exec*()ed, it inherits the followings file descriptors: - 0, 1, 2: stdin, stdout, stderr - SD_LISTEN_FDS_START, ... SD_LISTEN_FDS_START+LISTEN_FDS: file descriptors passed by the system manager (useful for socket activation). They are passed to the child process (process leader). - extra lock fd: rkt passes a locked directory as an extra fd, so the directory remains locked as long as the container is alive. systemd-nspawn used to close all open fds except 0, 1, 2 and the SD_LISTEN_FDS_START..SD_LISTEN_FDS_START+LISTEN_FDS. This patch delays the close just before the exec so the nspawn process (parent) keeps the extra fds open. This patch supersedes the previous attempt ("cloexec extraneous fds"): http://lists.freedesktop.org/archives/systemd-devel/2015-May/031608.html
* util: split all hostname related calls into hostname-util.cLennart Poettering2015-05-181-1/+2
|
* nspawn: allow access to device nodes listed in --bind= and --bind-ro= switchesStefan Junker2015-05-141-0/+19
| | | | https://bugs.freedesktop.org/show_bug.cgi?id=90385
* nspawn: skip symlink to a combined cgroup hierarchy if it already existsIago López Galeiras2015-05-131-3/+7
| | | | | | If a symlink to a combined cgroup hierarchy already exists and points to the right path, skip it. This avoids an error when the cgroups are set manually before calling nspawn.
* nspawn: only mount the cgroup root if it's not already mountedIago López Galeiras2015-05-131-14/+13
| | | | This allows the user to set the cgroups manually before calling nspawn.
* nspawn: rework custom mount point order, and add support for overlayfsLennart Poettering2015-05-131-109/+336
| | | | | | | | | | | | | | Previously all bind mount mounts were applied in the order specified, followed by all tmpfs mounts in the order specified. This is problematic, if bind mounts shall be placed within tmpfs mounts. This patch hence reworks the custom mount point logic, and alwas applies them in strict prefix-first order. This means the order of mounts specified on the command line becomes irrelevant, the right operation will always be executed. While we are at it this commit also adds native support for overlayfs mounts, as supported by recent kernels.
* nspawn: pass on kill signal setting to contaner scopeLennart Poettering2015-05-111-1/+11
| | | | Let's just pass on what the user set for us.
* nspawn: when run as a service, don't ask machined for terminatin of ourselvesLennart Poettering2015-04-281-0/+5
|
* nspawn: make sure we install the device policy if nspawn is run as unit as ↵Lennart Poettering2015-04-281-0/+4
| | | | on the command line
* nspawn: don't inherit read-only flag from disk image if --ephemeral is usedLennart Poettering2015-04-221-1/+2
| | | | | When --ephemeral is used there's no need to keep the image read-only, so let's not do that then.
* tree-wide: get rid of more strerror() callsLennart Poettering2015-04-211-5/+6
|
* shared: add terminal-util.[ch]Ronny Chevalier2015-04-111-0/+1
|