[lxc-devel] [lxd/master] Serialize network and storage pool creation
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4151 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === From 8d768562defe4800e2ab674547042f9a396adc3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 8 Jan 2018 21:31:58 -0500 Subject: [PATCH 1/2] network: Serialize network creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- lxd/networks.go | 7 +++ 1 file changed, 7 insertions(+) diff --git a/lxd/networks.go b/lxd/networks.go index 7e78acea2..fb7659955 100644 --- a/lxd/networks.go +++ b/lxd/networks.go @@ -11,6 +11,7 @@ import ( "os/exec" "strconv" "strings" + "sync" "github.com/gorilla/mux" log "github.com/lxc/lxd/shared/log15" @@ -24,6 +25,9 @@ import ( "github.com/lxc/lxd/shared/version" ) +// Lock to prevent concurent networks creation +var networkCreateLock sync.Mutex + // API endpoints func networksGet(d *Daemon, r *http.Request) Response { recursionStr := r.FormValue("recursion") @@ -59,6 +63,9 @@ func networksGet(d *Daemon, r *http.Request) Response { } func networksPost(d *Daemon, r *http.Request) Response { + networkCreateLock.Lock() + defer networkCreateLock.Unlock() + req := api.NetworksPost{} // Parse the request From d97262ce28a8660fdcbdd192c78a0df5f192960d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 8 Jan 2018 21:32:20 -0500 Subject: [PATCH 2/2] storage: Serialize storage pool creation MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Closes #4150 Signed-off-by: Stéphane Graber --- lxd/storage_pools.go | 7 +++ 1 file changed, 7 insertions(+) diff --git a/lxd/storage_pools.go b/lxd/storage_pools.go index 6d4d80bc8..a676cdcad 100644 --- a/lxd/storage_pools.go +++ b/lxd/storage_pools.go @@ -6,6 +6,7 @@ import ( "net/http" "strconv" "strings" + "sync" "github.com/gorilla/mux" "github.com/lxc/lxd/lxd/db" @@ -14,6 +15,9 @@ import ( "github.com/lxc/lxd/shared/version" ) +// Lock to prevent concurent storage pools creation +var storagePoolCreateLock sync.Mutex + // /1.0/storage-pools // List all storage pools. func storagePoolsGet(d *Daemon, r *http.Request) Response { @@ -60,6 +64,9 @@ func storagePoolsGet(d *Daemon, r *http.Request) Response { // /1.0/storage-pools // Create a storage pool. func storagePoolsPost(d *Daemon, r *http.Request) Response { + storagePoolCreateLock.Lock() + defer storagePoolCreateLock.Unlock() + req := api.StoragePoolsPost{} // Parse the request. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] drop \n from IdmapSet's ToLxcString
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4149 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === 1. We just strip the newline everywhere we use this anyways, so we can drop the stripping code too. 2. liblxc itself doesn't even accept this string with a newline on the end, so it's not even an LxcString :) Signed-off-by: Tycho Andersen From 422751d77dfa13363552caac756de46910ae780c Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 8 Jan 2018 17:01:48 -0700 Subject: [PATCH] drop \n from IdmapSet's ToLxcString 1. We just strip the newline everywhere we use this anyways, so we can drop the stripping code too. 2. liblxc itself doesn't even accept this string with a newline on the end, so it's not even an LxcString :) Signed-off-by: Tycho Andersen --- lxd/container_lxc.go | 2 +- lxd/util/sys.go| 4 ++-- shared/idmap/idmapset_linux.go | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go index 687363d6b..daf1d4d85 100644 --- a/lxd/container_lxc.go +++ b/lxd/container_lxc.go @@ -1135,7 +1135,7 @@ func (c *containerLXC) initLXC(config bool) error { if idmapset != nil { lines := idmapset.ToLxcString() for _, line := range lines { - err := lxcSetConfigItem(cc, "lxc.idmap", strings.TrimSuffix(line, "\n")) + err := lxcSetConfigItem(cc, "lxc.idmap", line) if err != nil { return err } diff --git a/lxd/util/sys.go b/lxd/util/sys.go index 5532f8704..9e40ea998 100644 --- a/lxd/util/sys.go +++ b/lxd/util/sys.go @@ -50,7 +50,7 @@ func GetIdmapSet() *idmap.IdmapSet { if err == nil { logger.Infof("Kernel uid/gid map:") for _, lxcmap := range kernelIdmapSet.ToLxcString() { - logger.Infof(strings.TrimRight(" - "+lxcmap, "\n")) + logger.Infof(" - " + lxcmap) } } @@ -68,7 +68,7 @@ func GetIdmapSet() *idmap.IdmapSet { } for _, lxcEntry := range lxcmap.ToLxcString() { - logger.Infof(" - %s%s", strings.TrimRight(lxcEntry, "\n"), suffix) + logger.Infof(" - %s%s", lxcEntry, suffix) } } diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go index d9edc8a97..b4f01e769 100644 --- a/shared/idmap/idmapset_linux.go +++ b/shared/idmap/idmapset_linux.go @@ -402,8 +402,8 @@ func (m IdmapSet) ToLxcString() []string { var lines []string for _, e := range m.Idmap { for _, l := range e.ToLxcString() { - if !shared.StringInSlice(l+"\n", lines) { - lines = append(lines, l+"\n") + if !shared.StringInSlice(l, lines) { + lines = append(lines, l) } } } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] add some idmap parsing error messages
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2080 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === otherwise, we just get a return value of false from setting config failure, with no indication as to what actually failed in the log. Signed-off-by: Tycho Andersen From a8b1ac78131ca089810f80adaccf3ba9a4c8eaa1 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Tue, 9 Jan 2018 00:07:50 + Subject: [PATCH] add some idmap parsing error messages otherwise, we just get a return value of false from setting config failure, with no indication as to what actually failed in the log. Signed-off-by: Tycho Andersen --- src/lxc/confile.c | 4 +++- src/lxc/confile_utils.c | 17 + 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 65f13ac56..4c9f27545 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1665,8 +1665,10 @@ static int set_config_idmaps(const char *key, const char *value, memset(idmap, 0, sizeof(*idmap)); ret = parse_idmaps(value, &type, &nsid, &hostid, &range); - if (ret < 0) + if (ret < 0) { + ERROR("error parsing id maps"); goto on_error; + } INFO("Read uid map: type %c nsid %lu hostid %lu range %lu", type, nsid, hostid, range); if (type == 'u') diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c index c2901116c..c7850f4aa 100644 --- a/src/lxc/confile_utils.c +++ b/src/lxc/confile_utils.c @@ -62,8 +62,11 @@ int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, goto on_error; /* Validate type. */ - if (*slide != 'u' && *slide != 'g') + if (*slide != 'u' && *slide != 'g') { + ERROR("invalid mapping type: %c", *slide); goto on_error; + } + /* Assign type. */ tmp_type = *slide; @@ -88,8 +91,10 @@ int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, *slide = '\0'; /* Parse nsuid. */ - if (lxc_safe_ulong(window, &tmp_nsid) < 0) + if (lxc_safe_ulong(window, &tmp_nsid) < 0) { + ERROR("couldn't parse nsuid: %s", window); goto on_error; + } /* Move beyond \0. */ slide++; @@ -112,8 +117,10 @@ int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, *slide = '\0'; /* Parse hostid. */ - if (lxc_safe_ulong(window, &tmp_hostid) < 0) + if (lxc_safe_ulong(window, &tmp_hostid) < 0) { + ERROR("couldn't parse hostid: %s", window); goto on_error; + } /* Move beyond \0. */ slide++; @@ -142,8 +149,10 @@ int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, *slide = '\0'; /* Parse range. */ - if (lxc_safe_ulong(window, &tmp_range) < 0) + if (lxc_safe_ulong(window, &tmp_range) < 0) { + ERROR("couldn't parse range: %s", window); goto on_error; + } *type = tmp_type; *nsid = tmp_nsid; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] allow arbitrary users to read idmaps
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4148 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Instead of hardcoding always using root's idmap, let's ask for the current user's idmap. This should have no effect for LXD, but may potentially be useful for downstream users of idmap :) Signed-off-by: Tycho Andersen From f0751d938ed8c11b2aa3b234984ae006da55f286 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 8 Jan 2018 10:06:34 -0700 Subject: [PATCH] allow arbitrary users to read idmaps Instead of hardcoding always using root's idmap, let's ask for the current user's idmap. This should have no effect for LXD, but may potentially be useful for downstream users of idmap :) Signed-off-by: Tycho Andersen --- shared/idmap/idmapset_linux.go | 10 -- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/shared/idmap/idmapset_linux.go b/shared/idmap/idmapset_linux.go index a85a74714..d9edc8a97 100644 --- a/shared/idmap/idmapset_linux.go +++ b/shared/idmap/idmapset_linux.go @@ -5,6 +5,7 @@ import ( "fmt" "os" "os/exec" + "os/user" "path" "path/filepath" "reflect" @@ -667,8 +668,13 @@ func DefaultIdmapSet() (*IdmapSet, error) { newuidmap, _ := exec.LookPath("newuidmap") newgidmap, _ := exec.LookPath("newgidmap") if newuidmap != "" && newgidmap != "" && shared.PathExists("/etc/subuid") && shared.PathExists("/etc/subgid") { + currentUser, err := user.Current() + if err != nil { + return nil, err + } + // Parse the shadow uidmap - entries, err := getFromShadow("/etc/subuid", "root") + entries, err := getFromShadow("/etc/subuid", currentUser.Username) if err != nil { return nil, err } @@ -687,7 +693,7 @@ func DefaultIdmapSet() (*IdmapSet, error) { } // Parse the shadow gidmap - entries, err = getFromShadow("/etc/subgid", "root") + entries, err = getFromShadow("/etc/subgid", currentUser.Username) if err != nil { return nil, err } ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] bugfixes
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2079 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Christian Brauner From 6c6953c1b340c8cca007f8203fb3db5fdad09462 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 8 Jan 2018 18:24:41 +0100 Subject: [PATCH 1/2] coverity: #1427191 Signed-off-by: Christian Brauner --- src/lxc/conf.c | 16 +--- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index affc41e16..6e3832f54 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2656,15 +2656,17 @@ int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, return -1; } - buflen = sizeof("deny\n") - 1; - errno = 0; - ret = lxc_write_nointr(fd, "deny\n", buflen); - if (ret != buflen) { - SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid); + if (fd >= 0) { + buflen = sizeof("deny\n") - 1; + errno = 0; + ret = lxc_write_nointr(fd, "deny\n", buflen); + if (ret != buflen) { + SYSERROR("Failed to write \"deny\" to \"/proc/%d/setgroups\"", pid); + close(fd); + return -1; + } close(fd); - return -1; } - close(fd); } ret = snprintf(path, MAXPATHLEN, "/proc/%d/%cid_map", pid, From 7e7846c57f84031350daaacbfb7a934c8f662e82 Mon Sep 17 00:00:00 2001 From: Christian Brauner Date: Mon, 8 Jan 2018 18:25:56 +0100 Subject: [PATCH 2/2] coverity: #1427190 Signed-off-by: Christian Brauner --- src/lxc/cgroups/cgfsng.c | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c index 2d1ad4ebb..5350ddcda 100644 --- a/src/lxc/cgroups/cgfsng.c +++ b/src/lxc/cgroups/cgfsng.c @@ -1221,9 +1221,6 @@ static int recursive_destroy(char *dirname) char *pathname; struct stat mystat; - if (!direntp) - break; - if (!strcmp(direntp->d_name, ".") || !strcmp(direntp->d_name, "..")) continue; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxd/master] scripts/vagrant: The LXD PPA is gone
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/4147 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === Signed-off-by: Stéphane Graber From b894f2709b41cb4001b4b96a8696415b449619af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Mon, 8 Jan 2018 12:01:55 -0500 Subject: [PATCH] scripts/vagrant: The LXD PPA is gone MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Stéphane Graber --- scripts/vagrant/install-go.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/scripts/vagrant/install-go.sh b/scripts/vagrant/install-go.sh index 33286cbdc..a1ca00e49 100644 --- a/scripts/vagrant/install-go.sh +++ b/scripts/vagrant/install-go.sh @@ -3,8 +3,6 @@ set -xe export DEBIAN_FRONTEND=noninteractive -which add-apt-repository || (sudo apt-get update ; sudo apt-get install -y software-properties-common) -sudo add-apt-repository ppa:ubuntu-lxc/lxd-git-master sudo apt-get update which go || sudo apt-get install -y golang ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] d8208d: fix up lxc-usernsexec's exit status
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: d8208db47785d93d8dcb96a83c0b015587a77448 https://github.com/lxc/lxc/commit/d8208db47785d93d8dcb96a83c0b015587a77448 Author: Tycho Andersen Date: 2018-01-08 (Mon, 08 Jan 2018) Changed paths: M src/lxc/tools/lxc_usernsexec.c Log Message: --- fix up lxc-usernsexec's exit status * exit(1) when there is an option parsing error * exit(0) when the user explicitly asks for help * exit(1) when the user specifies an invalid option Signed-off-by: Tycho Andersen Commit: 6ddb17ff99eb4a591e24483bc9ce93ee0fe789c7 https://github.com/lxc/lxc/commit/6ddb17ff99eb4a591e24483bc9ce93ee0fe789c7 Author: Christian Brauner Date: 2018-01-08 (Mon, 08 Jan 2018) Changed paths: M src/lxc/tools/lxc_usernsexec.c Log Message: --- Merge pull request #2078 from tych0/usernsexec-exit-status fix up lxc-usernsexec's exit status Compare: https://github.com/lxc/lxc/compare/9531b90aa206...6ddb17ff99eb___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] fix up lxc-usernsexec's exit status
The following pull request was submitted through Github. It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/2078 This e-mail was sent by the LXC bot, direct replies will not reach the author unless they happen to be subscribed to this list. === Description (from pull-request) === * exit(1) when there is an option parsing error * exit(0) when the user explicitly asks for help * exit(1) when the user specifies an invalid option Signed-off-by: Tycho Andersen From d8208db47785d93d8dcb96a83c0b015587a77448 Mon Sep 17 00:00:00 2001 From: Tycho Andersen Date: Mon, 8 Jan 2018 16:20:24 + Subject: [PATCH] fix up lxc-usernsexec's exit status * exit(1) when there is an option parsing error * exit(0) when the user explicitly asks for help * exit(1) when the user specifies an invalid option Signed-off-by: Tycho Andersen --- src/lxc/tools/lxc_usernsexec.c | 11 +-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/lxc/tools/lxc_usernsexec.c b/src/lxc/tools/lxc_usernsexec.c index 72d4a005b..766bd72e6 100644 --- a/src/lxc/tools/lxc_usernsexec.c +++ b/src/lxc/tools/lxc_usernsexec.c @@ -71,7 +71,6 @@ static void usage(const char *name) printf(" Note: This program uses newuidmap(2) and newgidmap(2).\n"); printf("As such, /etc/subuid and /etc/subgid must grant the\n"); printf("calling user permission to use the mapped ranges\n"); - exit(EXIT_SUCCESS); } static void opentty(const char * tty, int which) { @@ -300,10 +299,18 @@ int main(int argc, char *argv[]) while ((c = getopt(argc, argv, "m:h")) != EOF) { switch (c) { - case 'm': if (parse_map(optarg)) usage(argv[0]); break; + case 'm': + if (parse_map(optarg)) { + usage(argv[0]); + exit(EXIT_FAILURE); + } + break; case 'h': + usage(argv[0]); + exit(EXIT_SUCCESS); default: usage(argv[0]); + exit(EXIT_FAILURE); } }; ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] ee2d70: Add return check for 'lxc_cmd_get_name'
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ee2d7093f0ce36773500639e52605ca3f66f2136 https://github.com/lxc/lxc/commit/ee2d7093f0ce36773500639e52605ca3f66f2136 Author: LiFeng Date: 2018-01-08 (Mon, 08 Jan 2018) Changed paths: M src/lxc/lxccontainer.c Log Message: --- Add return check for 'lxc_cmd_get_name' If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault. Signed-off-by: LiFeng Commit: 9531b90aa2066398471f2fb77b0ac38c1079ca59 https://github.com/lxc/lxc/commit/9531b90aa2066398471f2fb77b0ac38c1079ca59 Author: Christian Brauner Date: 2018-01-08 (Mon, 08 Jan 2018) Changed paths: M src/lxc/lxccontainer.c Log Message: --- Merge pull request #2077 from lifeng68/Fix_segment_fault Add return check for 'lxc_cmd_get_name' Compare: https://github.com/lxc/lxc/compare/e749acdf319d...9531b90aa206___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel