summaryrefslogtreecommitdiff
path: root/src/nspawn/nspawn.c
AgeCommit message (Collapse)Author
2015-07-31tree-wide: introduce mfree()David Herrmann
Pretty trivial helper which wraps free() but returns NULL, so we can simplify this: free(foobar); foobar = NULL; to this: foobar = mfree(foobar);
2015-07-30tree-wide: use free_and_strdup()Daniel Mack
Use free_and_strdup() where appropriate and replace equivalent, open-coded versions.
2015-07-22nspawn: Don't pass uid mount option for devptsMike Gilbert
Mounting devpts with a uid breaks pty allocation with recent glibc versions, which expect that the kernel will set the correct owner for user-allocated ptys. The kernel seems to be smart enough to use the correct uid for root when we switch to a user namespace. This resolves #337.
2015-07-08Merge pull request #500 from zonque/fileioLennart Poettering
fileio: consolidate write_string_file*()
2015-07-07Remove repeated 'the'sZbigniew Jędrzejewski-Szmek
2015-07-06tree-wide: fix write_string_file() user that should not create filesDaniel Mack
The latest consolidation cleanup of write_string_file() revealed some users of that helper which should have used write_string_file_no_create() in the past but didn't. Basically, all existing users that write to files in /sys and /proc should not expect to write to a file which is not yet existant.
2015-07-06fileio: consolidate write_string_file*()Daniel Mack
Merge write_string_file(), write_string_file_no_create() and write_string_file_atomic() into write_string_file() and provide a flags mask that allows combinations of atomic writing, newline appending and automatic file creation. Change all users accordingly.
2015-07-06Merge pull request #492 from ↵Lennart Poettering
richardmaw-codethink/nspawn-automatic-uid-shift-fix-v2 nspawn: Communicate determined UID shift to parent version 2
2015-07-06nspawn: Communicate determined UID shift to parentRichard Maw
There is logic to determine the UID shift from the file-system, rather than having it be explicitly passed in. However, this needs to happen in the child process that sets up the mounts, as what's important is the UID of the mounted root, rather than the mount-point. Setting up the UID map needs to happen in the parent becuase the inner child needs to have been started, and the outer child is no longer able to access the uid_map file, since it lost access to it when setting up the mounts for the inner child. So we need to communicate the uid shift back out, along with the PID of the inner child process. Failing to communicate this means that the invalid UID shift, which is the value used to specify "this needs to be determined from the file system" is left invalid, so setting up the user namespace's UID shift fails.
2015-07-06nspawn: fix indentingLennart Poettering
2015-07-04Merge pull request #485 from poettering/sd-bus-flush-close-unrefDavid Herrmann
sd-bus: introduce new sd_bus_flush_close_unref() call
2015-07-03sd-bus: introduce new sd_bus_flush_close_unref() callLennart Poettering
sd_bus_flush_close_unref() is a call that simply combines sd_bus_flush() (which writes all unwritten messages out) + sd_bus_close() (which terminates the connection, releasing all unread messages) + sd_bus_unref() (which frees the connection). The combination of this call is used pretty frequently in systemd tools right before exiting, and should also be relevant for most external clients, and is hence useful to cover in a call of its own. Previously the combination of the three calls was already done in the _cleanup_bus_close_unref_ macro, but this was only available internally. Also see #327
2015-07-03Revert "nspawn: determine_uid_shift before forking"Lennart Poettering
2015-06-30Merge pull request #429 from ↵Tom Gundersen
richardmaw-codethink/nspawn-userns-uid-shift-autodetection-fix nspawn: determine_uid_shift before forking
2015-06-30nspawn: determine_uid_shift before forkingRichard Maw
It is needed in one branch of the fork, but calculated in another branch. Failing to do this means using --private-users without specifying a uid shift always fails because it tries to shift the uid to UID_INVALID.
2015-06-30nspawn: Don't remount with fewer optionsRichard Maw
When we do a MS_BIND mount, it inherits the flags of its parent mount. When we do a remount, it sets the flags to exactly what is specified. If we are in a user namespace then these mount points have their flags locked, so you can't reduce the protection. As a consequence, the default setup of mount_all doesn't work with user namespaces. However if we ensure we add the mount flags of the parent mount when remounting, then we aren't removing mount options, so we aren't trying to unlock an option that we aren't allowed to.
2015-06-18nspawn: suppress warning when /etc/resolv.conf is a valid symlinkLennart Poettering
In such a case let's suppress the warning (downgrade to LOG_DEBUG), under the assumption that the user has no config file to update in its place, but a symlink that points to something like resolved's automatically managed resolve.conf file. While we are at it, also stop complaining if we cannot write /etc/resolv.conf due to a read-only disk, given that there's little we could do about it.
2015-06-17nspawn: when exiting, flush all remaining bytes from the pty to stdoutLennart Poettering
This is a simpler fix for #210, it simply uses copy_bytes() for the copying.
2015-06-16nspawn: check if kernel supports userns as early as possibleDjalal Harouni
If the kernel do not support user namespace then one of the children created by nspawn parent will fail at clone(CLONE_NEWUSER) with the generic error EINVAL and without logging the error. At the same time the parent may also try to setup the user namespace and will fail with another error. To improve this, check if the kernel supports user namespace as early as possible.
2015-06-15Merge pull request #214 from poettering/signal-rework-2Lennart Poettering
everywhere: port everything to sigprocmask_many() and friends
2015-06-15everywhere: port everything to sigprocmask_many() and friendsLennart Poettering
This ports a lot of manual code over to sigprocmask_many() and friends. Also, we now consistly check for sigprocmask() failures with assert_se(), since the call cannot realistically fail unless there's a programming error. Also encloses a few sd_event_add_signal() calls with (void) when we ignore the return values for it knowingly.
2015-06-15tmpfiles: automatically remove old machine snapshots at bootLennart Poettering
Remove old temporary snapshots, but only at boot. Ideally we'd have "self-destroying" btrfs snapshots that go away if the last last reference to it does. To mimic a scheme like this at least remove the old snapshots on fresh boots, where we know they cannot be referenced anymore. Note that we actually remove all temporary files in /var/lib/machines/ at boot, which should be safe since the directory has defined semantics. In the root directory (where systemd-nspawn --ephemeral places snapshots) we are more strict, to avoid removing unrelated temporary files. This also splits out nspawn/container related tmpfiles bits into a new tmpfiles snippet to systemd-nspawn.conf
2015-06-15util: when creating temporary file names, allow including extra id string in itLennart Poettering
This adds a "char *extra" parameter to tempfn_xxxxxx(), tempfn_random(), tempfn_ranomd_child(). If non-NULL this string is included in the middle of the newly created file name. This is useful for being able to distuingish the kind of temporary file when we see one. This also adds tests for the three call. For now, we don't make use of this at all, but port all users over.
2015-06-15firewall: rename fw-util.[ch] → firewall-util.[ch]Daniel Mack
The names fw-util.[ch] are too ambiguous, better rename the files to firewall-util.[ch]. Also rename the test accordingly.
2015-06-15Merge pull request #205 from endocode/iaguis/seccomp-v2Lennart Poettering
nspawn: make seccomp loading errors non-fatal
2015-06-15nspawn: make seccomp loading errors non-fatalIago López Galeiras
seccomp_load returns -EINVAL when seccomp support is not enabled in the kernel [1]. This should be a debug log, not an error that interrupts nspawn. If the seccomp filter can't be set and audit is enabled, the user will get an error message anyway. [1]: http://man7.org/linux/man-pages/man2/prctl.2.html
2015-06-13sd-netlink: rename from sd-rtnlTom Gundersen
2015-06-11sd-rtnl: make joining broadcast groups implicitTom Gundersen
2015-06-10tree-wide: whenever we fork off a foreign child process reset signal ↵Lennart Poettering
mask/handlers Also, when the child is potentially long-running make sure to set a death signal. Also, ignore the result of the reset operations explicitly by casting them to (void).
2015-05-29util: split out signal-util.[ch] from util.[ch]Lennart Poettering
No functional changes.
2015-05-29path-util: Change path_is_mount_point() symlink arg from bool to flagsMartin Pitt
This makes path_is_mount_point() consistent with fd_is_mount_point() wrt. flags.
2015-05-25nspawn: fix memleakTom Gundersen
This was a typo, swapping prefix_root() in place of prefix_roota(). Fixes CID 1299640.
2015-05-25nspawn: avoid memleakTom Gundersen
Simplify the code a bit, at the cost of potentially duplicating some memory unneccessarily. Fixes CID 1299641.
2015-05-25nspawn: drop some debugging codeTom Gundersen
These have no effect. Fixes CID 1299643.
2015-05-25nspawn: make coverity happyTom Gundersen
Rather than checking the return of asprintf() we are checking if buf gets allocated, make it clear that it is ok to ignore the return value. Fixes CID 1299644.
2015-05-24nspawn: be verbose about interface namesUmut Tezduyar Lindskog
Allowed interface name is relatively small. Lets not make users go in to the source code to figure out what happened. --machine=debian-tree conflicts with --machine=debian-tree2 ex: Failed to add new veth \ interfaces (host0, vb-debian-tree): File exists
2015-05-21nspawn: prohibit access to the kernel log buffer by defaultLennart Poettering
Unless CAP_SYSLOG is explicitly passed block all access to kmg
2015-05-21util: introduce PERSONALITY_INVALID as macro for 0xffffffffLULennart Poettering
2015-05-21nspawn: finish user namespace supportLennart Poettering
2015-05-20core,nspawn: unify code that moves the root dirLennart Poettering
2015-05-18nspawn: close extra fds before execing initAlban Crequy
When systemd-nspawn gets exec*()ed, it inherits the followings file descriptors: - 0, 1, 2: stdin, stdout, stderr - SD_LISTEN_FDS_START, ... SD_LISTEN_FDS_START+LISTEN_FDS: file descriptors passed by the system manager (useful for socket activation). They are passed to the child process (process leader). - extra lock fd: rkt passes a locked directory as an extra fd, so the directory remains locked as long as the container is alive. systemd-nspawn used to close all open fds except 0, 1, 2 and the SD_LISTEN_FDS_START..SD_LISTEN_FDS_START+LISTEN_FDS. This patch delays the close just before the exec so the nspawn process (parent) keeps the extra fds open. This patch supersedes the previous attempt ("cloexec extraneous fds"): http://lists.freedesktop.org/archives/systemd-devel/2015-May/031608.html
2015-05-18util: split all hostname related calls into hostname-util.cLennart Poettering
2015-05-14nspawn: allow access to device nodes listed in --bind= and --bind-ro= switchesStefan Junker
https://bugs.freedesktop.org/show_bug.cgi?id=90385
2015-05-13nspawn: skip symlink to a combined cgroup hierarchy if it already existsIago López Galeiras
If a symlink to a combined cgroup hierarchy already exists and points to the right path, skip it. This avoids an error when the cgroups are set manually before calling nspawn.
2015-05-13nspawn: only mount the cgroup root if it's not already mountedIago López Galeiras
This allows the user to set the cgroups manually before calling nspawn.
2015-05-13nspawn: rework custom mount point order, and add support for overlayfsLennart Poettering
Previously all bind mount mounts were applied in the order specified, followed by all tmpfs mounts in the order specified. This is problematic, if bind mounts shall be placed within tmpfs mounts. This patch hence reworks the custom mount point logic, and alwas applies them in strict prefix-first order. This means the order of mounts specified on the command line becomes irrelevant, the right operation will always be executed. While we are at it this commit also adds native support for overlayfs mounts, as supported by recent kernels.
2015-05-11nspawn: pass on kill signal setting to contaner scopeLennart Poettering
Let's just pass on what the user set for us.
2015-04-28nspawn: when run as a service, don't ask machined for terminatin of ourselvesLennart Poettering
2015-04-28nspawn: make sure we install the device policy if nspawn is run as unit as ↵Lennart Poettering
on the command line
2015-04-22nspawn: don't inherit read-only flag from disk image if --ephemeral is usedLennart Poettering
When --ephemeral is used there's no need to keep the image read-only, so let's not do that then.