summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn.c
AgeCommit message (Collapse)Author
2015-06-15Merge pull request #214 from poettering/signal-rework-2Lennart Poettering
everywhere: port everything to sigprocmask_many() and friends
2015-06-15everywhere: port everything to sigprocmask_many() and friendsLennart Poettering
This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
2015-06-15tmpfiles: automatically remove old machine snapshots at bootLennart Poettering
Remove old temporary snapshots, but only at boot. Ideally we'd have "self-destroying" btrfs snapshots that go away if the last last reference to it does. To mimic a scheme like this at least remove the old snapshots on fresh boots, where we know they cannot be referenced anymore. Note that we actually remove all temporary files in /var/lib/machines/ at boot, which should be safe since the directory has defined semantics. In the root directory (where systemd-nspawn --ephemeral places snapshots) we are more strict, to avoid removing unrelated temporary files. This also splits out nspawn/container related tmpfiles bits into a new tmpfiles snippet to systemd-nspawn.conf
2015-06-15util: when creating temporary file names, allow including extra id string in itLennart Poettering
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.
2015-06-15firewall: rename fw-util.[ch] → firewall-util.[ch]Daniel Mack
The names fw-util.[ch] are too ambiguous, better rename the files to firewall-util.[ch]. Also rename the test accordingly.
2015-06-15Merge pull request #205 from endocode/iaguis/seccomp-v2Lennart Poettering
nspawn: make seccomp loading errors non-fatal
2015-06-15nspawn: make seccomp loading errors non-fatalIago López Galeiras
seccomp_load returns -EINVAL when seccomp support is not enabled in the kernel [1]. This should be a debug log, not an error that interrupts nspawn. If the seccomp filter can't be set and audit is enabled, the user will get an error message anyway. [1]: http://man7.org/linux/man-pages/man2/prctl.2.html
2015-06-13sd-netlink: rename from sd-rtnlTom Gundersen
2015-06-11sd-rtnl: make joining broadcast groups implicitTom Gundersen
2015-06-10tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering
mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
2015-05-29util: split out signal-util.[ch] from util.[ch]Lennart Poettering
No functional changes.
2015-05-29path-util: Change path_is_mount_point() symlink arg from bool to flagsMartin Pitt
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt. flags.
2015-05-25nspawn: fix memleakTom Gundersen
This was a typo, swapping prefix_root() in place of prefix_roota(). Fixes CID 1299640.
2015-05-25nspawn: avoid memleakTom Gundersen
Simplify the code a bit, at the cost of potentially duplicating some memory unneccessarily. Fixes CID 1299641.
2015-05-25nspawn: drop some debugging codeTom Gundersen
These have no effect. Fixes CID 1299643.
2015-05-25nspawn: make coverity happyTom Gundersen
Rather than checking the return of asprintf() we are checking if buf gets allocated, make it clear that it is ok to ignore the return value. Fixes CID 1299644.
2015-05-24nspawn: be verbose about interface namesUmut Tezduyar Lindskog
Allowed interface name is relatively small. Lets not make users go in to the source code to figure out what happened. --machine=debian-tree conflicts with --machine=debian-tree2 ex: Failed to add new veth \ interfaces (host0, vb-debian-tree): File exists
2015-05-21nspawn: prohibit access to the kernel log buffer by defaultLennart Poettering
Unless CAP_SYSLOG is explicitly passed block all access to kmg
2015-05-21util: introduce PERSONALITY_INVALID as macro for 0xffffffffLULennart Poettering
2015-05-21nspawn: finish user namespace supportLennart Poettering
2015-05-20core,nspawn: unify code that moves the root dirLennart Poettering
2015-05-18nspawn: close extra fds before execing initAlban Crequy
When systemd-nspawn gets exec*()ed, it inherits the followings file descriptors: - 0, 1, 2: stdin, stdout, stderr - SD_LISTEN_FDS_START, ... SD_LISTEN_FDS_START+LISTEN_FDS: file descriptors passed by the system manager (useful for socket activation). They are passed to the child process (process leader). - extra lock fd: rkt passes a locked directory as an extra fd, so the directory remains locked as long as the container is alive. systemd-nspawn used to close all open fds except 0, 1, 2 and the SD_LISTEN_FDS_START..SD_LISTEN_FDS_START+LISTEN_FDS. This patch delays the close just before the exec so the nspawn process (parent) keeps the extra fds open. This patch supersedes the previous attempt ("cloexec extraneous fds"): http://lists.freedesktop.org/archives/systemd-devel/2015-May/031608.html
2015-05-18util: split all hostname related calls into hostname-util.cLennart Poettering
2015-05-14nspawn: allow access to device nodes listed in --bind= and --bind-ro= switchesStefan Junker
https://bugs.freedesktop.org/show_bug.cgi?id=90385
2015-05-13nspawn: skip symlink to a combined cgroup hierarchy if it already existsIago López Galeiras
If a symlink to a combined cgroup hierarchy already exists and points to the right path, skip it. This avoids an error when the cgroups are set manually before calling nspawn.
2015-05-13nspawn: only mount the cgroup root if it's not already mountedIago López Galeiras
This allows the user to set the cgroups manually before calling nspawn.
2015-05-13nspawn: rework custom mount point order, and add support for overlayfsLennart Poettering
Previously all bind mount mounts were applied in the order specified, followed by all tmpfs mounts in the order specified. This is problematic, if bind mounts shall be placed within tmpfs mounts. This patch hence reworks the custom mount point logic, and alwas applies them in strict prefix-first order. This means the order of mounts specified on the command line becomes irrelevant, the right operation will always be executed. While we are at it this commit also adds native support for overlayfs mounts, as supported by recent kernels.
2015-05-11nspawn: pass on kill signal setting to contaner scopeLennart Poettering
Let's just pass on what the user set for us.
2015-04-28nspawn: when run as a service, don't ask machined for terminatin of ourselvesLennart Poettering
2015-04-28nspawn: make sure we install the device policy if nspawn is run as unit as ↵Lennart Poettering
on the command line
2015-04-22nspawn: don't inherit read-only flag from disk image if --ephemeral is usedLennart Poettering
When --ephemeral is used there's no need to keep the image read-only, so let's not do that then.
2015-04-21tree-wide: get rid of more strerror() callsLennart Poettering
2015-04-11shared: add terminal-util.[ch]Ronny Chevalier
2015-04-11shared: add random-util.[ch]Ronny Chevalier
2015-04-10shared: add process-util.[ch]Ronny Chevalier
2015-04-10shared: add formats-util.hRonny Chevalier
2015-04-07path-util: fix more path_is_mount e792e890f falloutLennart Poettering
2015-04-06btrfs: add support for recursive btrfs snapshottingLennart Poettering
2015-04-06btrfs: make btrfs_subvol_snapshot() parameters a flags fieldLennart Poettering
2015-04-06btrfs: support recursively removing btrfs snapshotsLennart Poettering
2015-04-06util: rework rm_rf() logicLennart Poettering
- Move to its own file rm-rf.c - Change parameters into a single flags parameter - Remove "honour sticky" logic, it's unused these days
2015-03-31nspawn: fallback on bind mount when mknod failsAlban Crequy
Some systems abusively restrict mknod, even when the device node already exists in /dev. This is unfortunate because it prevents systemd-nspawn from creating the basic devices in /dev in the container. This patch implements a workaround: when mknod fails, fallback on bind mounts. Additionally, /dev/console was created with a mknod with the same major/minor as /dev/null before bind mounting a pts on it. This patch removes the mknod and creates an empty regular file instead. In order to test this patch, I used the following configuration, which I think should replicate the system with the abusive restriction on mknod: # grep devices /proc/self/cgroup 4:devices:/user.slice/restrict # cat /sys/fs/cgroup/devices/user.slice/restrict/devices.list c 1:9 r c 5:2 rw c 136:* rw # systemd-nspawn --register=false -D . v2: - remove "bind", it is not needed since there is already MS_BIND v3: - fix error management when calling touch() - fix lowercase in error message
2015-03-31nspawn: drop sd_booted() checkLennart Poettering
We have no such check in any of the other tools, hence don't have one in nspawn either. (This should make things nicer for Rocket, among other things) Note: removing this check does not mean that we support running nspawn on non-systemd. We explicitly don't. It just means that we remove the check for running it like that. You are still on your own if you do...
2015-03-31nspawn: change filesystem type from "bind" to NULL in mount() syscallsIago López Galeiras
Try to keep syscalls as minimal as possible.
2015-03-13nspawn: tell coverity that we ignore return valueZbigniew Jędrzejewski-Szmek
CID #1271353.
2015-03-13tree-wide: there is no ENOTSUP on linuxDavid Herrmann
Replace ENOTSUP by EOPNOTSUPP as this is what linux actually uses.
2015-03-07nspawn: fix use-after-free and leak in error pathsZbigniew Jędrzejewski-Szmek
CID #1257765.
2015-03-04nspawn: Map all seccomp filters to capabilitiesJay Faulkner
This change makes it so all seccomp filters are mapped to the appropriate capability and are only added if that capability was not requested when running the container. This unbreaks the remaining use cases broken by the addition of seccomp filters without respecting requested capabilities. Co-Authored-By: Clif Houck <me@clifhouck.com> [zj: - adapt to our coding style, make struct anonymous]
2015-02-25nspawn: make kill signal to use for PID 1 configurableLennart Poettering
2015-02-23remove unused includesThomas Hindoe Paaboel Andersen
This patch removes includes that are not used. The removals were found with include-what-you-use which checks if any of the symbols from a header is in use.