[lxc-devel] [PATCH] remove redundent LXC_TTY_HANDLER
From: Jian Xiao
All the signals (except fatal ones) are redirected to signalfd at lxc_init,
so the LXC_TTY_HANDLERs are redundant. This patch removes them.
Signed-off-by: Jian Xiao
---
src/lxc/start.c |9 -
src/lxc/utils.h | 29 ++---
2 files changed, 2 insertions(+), 36 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 18f6878..2c92a17 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -129,9 +129,6 @@ int signalfd(int fd, const sigset_t *mask, int flags)
lxc_log_define(lxc_start, lxc);
-LXC_TTY_HANDLER(SIGINT);
-LXC_TTY_HANDLER(SIGQUIT);
-
static int match_fd(int fd)
{
return (fd == 0 || fd == 1 || fd == 2);
@@ -564,10 +561,6 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
goto out_fini;
}
- /* Avoid signals from terminal */
- LXC_TTY_ADD_HANDLER(SIGINT);
- LXC_TTY_ADD_HANDLER(SIGQUIT);
-
err = lxc_poll(name, handler);
if (err) {
ERROR("mainloop exited with an error");
@@ -579,8 +572,6 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
err = lxc_error_set_and_log(handler->pid, status);
out_fini:
- LXC_TTY_DEL_HANDLER(SIGQUIT);
- LXC_TTY_DEL_HANDLER(SIGINT);
lxc_cgroup_destroy(name);
lxc_fini(name, handler);
return err;
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index 114b668..d47c983 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -23,34 +23,9 @@
#ifndef _utils_h
#define _utils_h
-#define LXC_TTY_HANDLER(s) \
- static struct sigaction lxc_tty_sa_##s; \
- static void tty_##s##_handler(int sig, siginfo_t *info, void *ctx) \
- { \
- if (lxc_tty_sa_##s.sa_handler == SIG_DFL || \
- lxc_tty_sa_##s.sa_handler == SIG_IGN) \
- return; \
- (*lxc_tty_sa_##s.sa_sigaction)(sig, info, ctx); \
- }
-
-#define LXC_TTY_ADD_HANDLER(s) \
- do { \
- struct sigaction sa; \
- sa.sa_sigaction = tty_##s##_handler; \
- sa.sa_flags = SA_SIGINFO; \
- sigfillset(&sa.sa_mask); \
- /* No error expected with sigaction. */ \
- sigaction(s, &sa, &lxc_tty_sa_##s); \
- } while (0)
-
-#define LXC_TTY_DEL_HANDLER(s) \
- do { \
- sigaction(s, &lxc_tty_sa_##s, NULL); \
- } while (0)
-
-#endif
-
extern int lxc_copy_file(const char *src, const char *dst);
extern int lxc_setup_fs(void);
extern int get_u16(ushort *val, const char *arg, int base);
extern int mkdir_p(const char *dir, mode_t mode);
+
+#endif
--
1.7.1
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] correctly install signal handler for lxc-init
From: Jian Xiao
This patch is to correct the manipulation of signal masks when
installing signal handlers for lxc-init.
Signed-off-by: Jian Xiao
Signed-off-by: Greg Kurz
---
src/lxc/lxc_init.c | 22 +++---
1 files changed, 19 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index a534b51..0353dbc 100644
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -95,15 +95,31 @@ int main(int argc, char *argv[])
* signal handler and to fork
*/
sigfillset(&mask);
+ sigdelset(&mask, SIGILL);
+ sigdelset(&mask, SIGSEGV);
+ sigdelset(&mask, SIGBUS);
sigprocmask(SIG_SETMASK, &mask, &omask);
for (i = 1; i < NSIG; i++) {
struct sigaction act;
+ /* Exclude some signals: ILL, SEGV and BUS are likely to
+* reveal a bug and we want a core. STOP and KILL cannot be
+* handled anyway: they're here for documentation.
+*/
+ if (i == SIGILL ||
+ i == SIGSEGV ||
+ i == SIGBUS ||
+ i == SIGSTOP ||
+ i == SIGKILL)
+ continue;
+
sigfillset(&act.sa_mask);
- sigdelset(&mask, SIGILL);
- sigdelset(&mask, SIGSEGV);
- sigdelset(&mask, SIGBUS);
+ sigdelset(&act.sa_mask, SIGILL);
+ sigdelset(&act.sa_mask, SIGSEGV);
+ sigdelset(&act.sa_mask, SIGBUS);
+ sigdelset(&act.sa_mask, SIGSTOP);
+ sigdelset(&act.sa_mask, SIGKILL);
act.sa_flags = 0;
act.sa_handler = interrupt_handler;
sigaction(i, &act, NULL);
--
1.7.1
--
Keep Your Developer Skills Current with LearnDevNow!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 0/1] support shmmax/shmall KEY for lxc-execute
From: Jian Xiao Often system admin needs to change /proc/sys/kernel/shmmax and shmall values to run a job. These values are not inherited by container and needs to be passed to container when starting the job. This patch adds "lxc.shmmax" and "lxc.shmall" configuration variable for lxc-execute "-s" or "-r" option. With this, user could run a job in container with desired shmmax and shmall value. Jian Xiao (1): support shmmax/shmall KEY for lxc-execute src/lxc/conf.c| 123 + src/lxc/conf.h|2 + src/lxc/confile.c | 32 ++ 3 files changed, 157 insertions(+), 0 deletions(-) -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] support shmmax/shmall KEY for lxc-execute
From: Jian Xiao
Signed-off-by: Jian Xiao
---
src/lxc/conf.c| 123 +
src/lxc/conf.h|2 +
src/lxc/confile.c | 32 ++
3 files changed, 157 insertions(+), 0 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e8088bb..d59731c 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1285,6 +1285,119 @@ static int setup_caps(struct lxc_list *caps)
return 0;
}
+static int setup_shmmax(unsigned long shmmax)
+{
+ int rc, fd;
+ uid_t euid = geteuid();
+ char shmmax_str[64];
+
+ if (!shmmax)
+ return 0;
+
+ snprintf(shmmax_str, sizeof(shmmax_str), "%lu", shmmax);
+
+ /* Process has all the capabilities set, but cannot open shmmax
+* to write. Temporarily set euid to root to get around this.
+* This is only done for non-root uid.
+*/
+ if (euid && seteuid(0)) {
+ SYSERROR("failed to change euid to 0\n");
+ return -1;
+ }
+
+ fd = open("/proc/sys/kernel/shmmax", O_WRONLY);
+ if (fd < 0) {
+ SYSERROR("fail to open /proc/sys/kernel/shmmax");
+ return -1;
+}
+
+ rc = write(fd, shmmax_str, strlen(shmmax_str));
+if (rc < 0) {
+ SYSERROR("fail to write /proc/sys/kernel/shmmax");
+ close(fd);
+ return -1;
+ }
+
+ close(fd);
+
+ /* set euid back */
+ if (euid) {
+ if (seteuid(euid)) {
+ ERROR("failed to change euid to '%d': %m", euid);
+ return -1;
+ }
+
+ /* seteuid() to non-zero clears effective capabilities
+* so we need to restore them
+*/
+ if (lxc_caps_up()) {
+ ERROR("failed to restore capabilities: %m");
+ return -1;
+ }
+ }
+
+ DEBUG("shmmax has been setup to %lu\n", shmmax);
+
+ return 0;
+}
+
+static int setup_shmall(unsigned long shmall)
+{
+ int rc, fd;
+ uid_t euid = geteuid();
+ char shmall_str[64];
+
+ if (!shmall)
+ return 0;
+
+ snprintf(shmall_str, sizeof(shmall_str), "%lu", shmall);
+
+ /* Process has all the capabilities set, but cannot open shmall
+* to write. Temporarily set euid to root to get around this.
+* This is only done for non-root uid.
+*/
+ if (euid && seteuid(0)) {
+ SYSERROR("failed to change euid to 0\n");
+ return -1;
+ }
+
+ fd = open("/proc/sys/kernel/shmall", O_WRONLY);
+ if (fd < 0) {
+ SYSERROR("fail to open /proc/sys/kernel/shmall");
+ return -1;
+}
+
+ rc = write(fd, shmall_str, strlen(shmall_str));
+if (rc < 0) {
+ SYSERROR("fail to write /proc/sys/kernel/shmall");
+ close(fd);
+ return -1;
+ }
+
+ close(fd);
+
+ /* set euid back */
+ if (euid) {
+ if (seteuid(euid)) {
+ ERROR("failed to change euid to '%d': %m", euid);
+ return -1;
+ }
+
+ /* seteuid() to non-zero clears effective capabilities
+* so we need to restore them
+*/
+ if (lxc_caps_up()) {
+ ERROR("failed to restore capabilities: %m");
+ return -1;
+ }
+ }
+
+ DEBUG("shmall has been setup to %lu\n", shmall);
+
+ return 0;
+}
+
+
static int setup_hw_addr(char *hwaddr, const char *ifname)
{
struct sockaddr sockaddr;
@@ -2047,6 +2160,16 @@ int lxc_setup(const char *name, struct lxc_conf
*lxc_conf)
return -1;
}
+ if (setup_shmmax(lxc_conf->shmmax)) {
+ ERROR("failed to set shmmax");
+ return -1;
+ }
+
+ if (setup_shmall(lxc_conf->shmall)) {
+ ERROR("failed to set shmall");
+ return -1;
+ }
+
NOTICE("'%s' is setup.", name);
return 0;
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 09f55cb..347521e 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -216,6 +216,8 @@ struct lxc_conf {
struct lxc_rootfs rootfs;
char *ttydir;
int close_all_fds;
+ unsigned long shmmax;
+ unsigned long shmall;
};
/*
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index b305aef..f71f4c7 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -71,6 +71,8 @@ static int config_network_ipv6(const char *, char *, struct
lxc_conf *);
sta
[lxc-devel] [PATCH v2 1/1] support shmmax/shmall KEY for lxc-execute
From: Jian Xiao
Signed-off-by: Jian Xiao
---
src/lxc/conf.c| 77 +
src/lxc/conf.h|2 +
src/lxc/confile.c | 32 ++
3 files changed, 111 insertions(+), 0 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e8088bb..3988b2a 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1285,6 +1285,78 @@ static int setup_caps(struct lxc_list *caps)
return 0;
}
+static int shm_write(const char *pathname, unsigned long val)
+{
+ int rc, fd;
+ char val_str[64];
+
+ fd = open(pathname, O_WRONLY);
+ if (fd < 0) {
+ SYSERROR("fail to open %s", pathname);
+ return -1;
+}
+
+ snprintf(val_str, sizeof(val_str), "%lu", val);
+
+ rc = write(fd, val_str, strlen(val_str));
+if (rc < 0) {
+ SYSERROR("fail to write %s to %s", val_str, pathname);
+ close(fd);
+ return -1;
+ }
+
+ close(fd);
+
+ DEBUG("%s has been set to %lu\n", pathname, val);
+
+ return 0;
+
+}
+
+static int setup_shm(struct lxc_conf *lxc_conf)
+{
+ int rc = 0;
+ uid_t euid = geteuid();
+
+ if ((!lxc_conf->shmmax) && (!lxc_conf->shmall))
+ return 0;
+
+ /* Process has all the capabilities set, but cannot open shm*
+* to write. Temporarily set euid to root to get around this.
+* This is only done for non-root uid.
+*/
+ if (euid && seteuid(0)) {
+ SYSERROR("failed to change euid to 0\n");
+ return -1;
+ }
+
+ if (lxc_conf->shmmax &&
+ shm_write("/proc/sys/kernel/shmmax", lxc_conf->shmmax))
+ rc = -1;
+
+ if (lxc_conf->shmall &&
+ shm_write("/proc/sys/kernel/shmall", lxc_conf->shmall))
+ rc = -1;
+
+ /* set euid back */
+ if (euid) {
+ if (seteuid(euid)) {
+ ERROR("failed to change euid to '%d': %m", euid);
+ return -1;
+ }
+
+ /* seteuid() to non-zero clears effective capabilities
+* so we need to restore them
+*/
+ if (lxc_caps_up()) {
+ ERROR("failed to restore capabilities: %m");
+ return -1;
+ }
+ }
+
+ return rc;
+}
+
static int setup_hw_addr(char *hwaddr, const char *ifname)
{
struct sockaddr sockaddr;
@@ -2027,6 +2099,11 @@ int lxc_setup(const char *name, struct lxc_conf
*lxc_conf)
return -1;
}
+ if (setup_shm(lxc_conf)) {
+ ERROR("failed to set shm");
+ return -1;
+ }
+
if (setup_pivot_root(&lxc_conf->rootfs)) {
ERROR("failed to set rootfs for '%s'", name);
return -1;
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 09f55cb..b443326 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -216,6 +216,8 @@ struct lxc_conf {
struct lxc_rootfs rootfs;
char *ttydir;
int close_all_fds;
+ unsigned long shmmax;
+ unsigned long shmall;
};
/*
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index b305aef..f71f4c7 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -71,6 +71,8 @@ static int config_network_ipv6(const char *, char *, struct
lxc_conf *);
static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf
*);
static int config_cap_drop(const char *, char *, struct lxc_conf *);
static int config_console(const char *, char *, struct lxc_conf *);
+static int config_shmmax(const char *, char *, struct lxc_conf *);
+static int config_shmall(const char *, char *, struct lxc_conf *);
typedef int (*config_cb)(const char *, char *, struct lxc_conf *);
@@ -107,6 +109,8 @@ static struct config config[] = {
{ "lxc.network.ipv6", config_network_ipv6 },
{ "lxc.cap.drop", config_cap_drop },
{ "lxc.console", config_console },
+ { "lxc.shmmax", config_shmmax },
+ { "lxc.shmall", config_shmall },
};
static const size_t config_size = sizeof(config)/sizeof(struct config);
@@ -876,6 +880,34 @@ static int config_utsname(const char *key, char *value,
struct lxc_conf *lxc_con
return 0;
}
+static int config_shmmax(const char *key, char *value, struct lxc_conf
*lxc_conf)
+{
+ if (!strlen(value))
+ return -1;
+
+ errno = 0;
+ lxc_conf->shmmax = strtoul(value, NULL, 0);
+ if (errno) {
+ SYSERROR("fai
[lxc-devel] [PATCH v2 0/1] support shmmax/shmall KEY for lxc-execute
From: Jian Xiao Thanks Serge for the comments. Here is version 2. Often system admin needs to change /proc/sys/kernel/shmmax and shmall values to run a job. These values are not inherited by container and needs to be passed to container when starting the job. This patch adds "lxc.shmmax" and "lxc.shmall" configuration variable for lxc-execute "-s" or "-r" option. With this, user could run a job in container with desired shmmax and shmall value. Jian Xiao (1): support shmmax/shmall KEY for lxc-execute src/lxc/conf.c| 77 + src/lxc/conf.h|2 + src/lxc/confile.c | 32 ++ 3 files changed, 111 insertions(+), 0 deletions(-) -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
