summaryrefslogtreecommitdiff
path: root/src/nspawn
Commit message (Collapse)AuthorAgeFilesLines
* nspawn: make sure the device type survives when setting device modeFrantisek Sumsal2023-05-161-1/+1
|
* nspawn: fix a global-buffer-overflowFrantisek Sumsal2023-05-161-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Whoopsie. ================================================================= ==3789231==ERROR: AddressSanitizer: global-buffer-overflow on address 0x00000051d0b8 at pc 0x7f70850bc904 bp 0x7ffd9bbdf660 sp 0x7ffd9bbdf658 READ of size 8 at 0x00000051d0b8 thread T0 #0 0x7f70850bc903 in json_dispatch ../src/shared/json.c:4347 #1 0x4a5b54 in oci_seccomp_syscalls ../src/nspawn/nspawn-oci.c:1838 #2 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #3 0x4a668c in oci_seccomp ../src/nspawn/nspawn-oci.c:1905 #4 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #5 0x4a7d8c in oci_linux ../src/nspawn/nspawn-oci.c:2030 #6 0x7f70850bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4aa31c in oci_load ../src/nspawn/nspawn-oci.c:2198 #8 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #9 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #10 0x4552fb in main ../src/nspawn/nspawn.c:5920 #11 0x7f7083a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #12 0x7f7083a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #13 0x40d284 in _start (/home/fsumsal/repos/@systemd/systemd/build-san/systemd-nspawn+0x40d284) 0x00000051d0b8 is located 40 bytes to the left of global variable 'bus_standard_errors_copy_0' defined in '../src/libsystemd/sd-bus/bus-error.h:57:1' (0x51d0e0) of size 8 0x00000051d0b8 is located 0 bytes to the right of global variable 'table' defined in '../src/nspawn/nspawn-oci.c:1829:43' (0x51d040) of size 120 SUMMARY: AddressSanitizer: global-buffer-overflow ../src/shared/json.c:4347 in json_dispatch Shadow bytes around the buggy address: 0x00008009b9c0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009b9d0: 00 00 00 00 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9e0: 00 00 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 0x00008009b9f0: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba00: 00 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 =>0x00008009ba10: 00 00 00 00 00 00 00[f9]f9 f9 f9 f9 00 f9 f9 f9 0x00008009ba20: f9 f9 f9 f9 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba30: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba40: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba50: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0x00008009ba60: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==3789231==ABORTING
* nspawn: fix inverted conditionFrantisek Sumsal2023-05-161-1/+1
|
* nspawn: call json_dispatch() with a correct pointerFrantisek Sumsal2023-05-161-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Otherwise hilarity ensues: AddressSanitizer:DEADLYSIGNAL ================================================================= ==722==ERROR: AddressSanitizer: SEGV on unknown address 0xffffffff00000000 (pc 0x7f8d50ca9ffb bp 0x7fff11b0d4a0 sp 0x7fff11b0cc30 T0) ==722==The signal is caused by a READ memory access. #0 0x7f8d50ca9ffb in __interceptor_strcmp.part.0 (/lib64/libasan.so.8+0xa9ffb) #1 0x7f8d4f9cf5a1 in strcmp_ptr ../src/fundamental/string-util-fundamental.h:33 #2 0x7f8d4f9cf5f8 in streq_ptr ../src/fundamental/string-util-fundamental.h:46 #3 0x7f8d4f9d74d2 in free_and_strdup ../src/basic/string-util.c:948 #4 0x49139a in free_and_strdup_warn ../src/basic/string-util.h:197 #5 0x4923eb in oci_absolute_path ../src/nspawn/nspawn-oci.c:139 #6 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #7 0x4a8831 in oci_hooks_array ../src/nspawn/nspawn-oci.c:2089 #8 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #9 0x4a8b56 in oci_hooks ../src/nspawn/nspawn-oci.c:2112 #10 0x7f8d4f6bd359 in json_dispatch ../src/shared/json.c:4395 #11 0x4aa298 in oci_load ../src/nspawn/nspawn-oci.c:2197 #12 0x446cec in load_oci_bundle ../src/nspawn/nspawn.c:4744 #13 0x44ffa7 in run ../src/nspawn/nspawn.c:5477 #14 0x4552fb in main ../src/nspawn/nspawn.c:5920 #15 0x7f8d4e04a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #16 0x7f8d4e04a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #17 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) AddressSanitizer can not provide additional info. SUMMARY: AddressSanitizer: SEGV (/lib64/libasan.so.8+0xa9ffb) in __interceptor_strcmp.part.0 ==722==ABORTING
* nspawn: all hooks should be arrays of objects, not just objectsFrantisek Sumsal2023-05-161-3/+3
| | | | See: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config.md#posix-platform-hooks
* nspawn: use the just returned errno in the log messageFrantisek Sumsal2023-05-161-1/+1
| | | | | | | Use the returned errno even though we are going to ignore it, otherwise the log message is just confusing: config.json:119:13: Failed to resolve device node 4:2, ignoring: Success
* nspawn: disableOOMKiller should be boolean, not intFrantisek Sumsal2023-05-161-7/+7
| | | | See: https://github.com/opencontainers/runtime-spec/blob/v1.0.0/config-linux.md#memory
* nspawn: modernize the cleanup functions a bitFrantisek Sumsal2023-05-161-16/+12
|
* nspawn: avoid NULL pointer dereferenceFrantisek Sumsal2023-05-162-0/+3
| | | | | | | | | | | | | | | | | | | | | | When merging the settings we take the pointer to the array of extra devices, but don't reset the array counter to zero. This later leads to a NULL pointer dereference, where device_node_array_free() attempts to loop over a NULL pointer: + systemd-nspawn --oci-bundle=/var/lib/machines/testsuite-13.oci-bundle.Npo ../src/nspawn/nspawn-settings.c:118:29: runtime error: member access within null pointer of type 'struct DeviceNode' #0 0x4b91ee in device_node_array_free ../src/nspawn/nspawn-settings.c:118 #1 0x4ba42a in settings_free ../src/nspawn/nspawn-settings.c:161 #2 0x410b79 in settings_freep ../src/nspawn/nspawn-settings.h:249 #3 0x446ce8 in load_oci_bundle ../src/nspawn/nspawn.c:4733 #4 0x44ff42 in run ../src/nspawn/nspawn.c:5476 #5 0x455296 in main ../src/nspawn/nspawn.c:5919 #6 0x7f0cb7a4a50f in __libc_start_call_main (/lib64/libc.so.6+0x2750f) #7 0x7f0cb7a4a5c8 in __libc_start_main@GLIBC_2.2.5 (/lib64/libc.so.6+0x275c8) #8 0x40d284 in _start (/usr/bin/systemd-nspawn+0x40d284) SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior ../src/nspawn/nspawn-settings.c:118:29 in Also, add an appropriate assert to catch such issues in the future.
* nspawn: file system namespace -> mount namespaceFrantisek Sumsal2023-05-151-1/+1
|
* nspawn: fix a typo in an error messageFrantisek Sumsal2023-05-151-1/+1
|
* nspawn: simplify error handlingFrantisek Sumsal2023-05-141-6/+4
|
* nspawn: port over to /supervisor/ subcgroup being delegated to nspawnLennart Poettering2023-04-271-5/+16
| | | | | | Let's make use of the new DelegateSubgroup= feature and delegate the /supervisor/ subcgroup already to nspawn, so that moving the supervisor process there is unnecessary.
* nspawn: Don't follow /etc/resolv.conf symlinksDaan De Meyer2023-04-241-1/+1
| | | | | | | | When we're checking if /etc/resolv.conf exists so we can bind mount on top of it, we care about whether the symlink itself exists if /etc/resolv.conf exists and not the file it points to, so add CHASE_NOFOLLOW to make sure we check existence of the symlink and not the file it points to.
* tree-wide: use TAKE_STRUCTDavid Tardon2023-04-141-2/+1
|
* image-policy: introduce parse_image_policy_argument() helperYu Watanabe2023-04-131-9/+3
| | | | | | | | | Addresses https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1060130312, https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067927293, and https://github.com/systemd/systemd/pull/25608/commits/84be0c710d9d562f6d2cf986cc2a8ff4c98a138b#r1067926416. Follow-up for 84be0c710d9d562f6d2cf986cc2a8ff4c98a138b.
* nspawn: container network interface namingThierry Martin2023-04-126-66/+194
| | | | | | | | systemd-nspawn now optionally supports colon-separated pair of host interface name and container interface name for --network-macvlan, --network-ipvlan and --network-interface options. Also supported in .nspawn configuration files (i.e Interface=, MACVLAN=, IPVLAN= parameters). man page changed for ntwk interface naming
* Merge pull request #25608 from poettering/dissect-moarLennart Poettering2023-04-121-1/+19
|\ | | | | dissect: add dissection policies
| * tree-wide: hook up image dissection policy logic everywhereLennart Poettering2023-04-051-1/+19
| |
* | Merge pull request #26887 from yuwata/proc-cmdline-filter-argumentsZbigniew Jędrzejewski-Szmek2023-04-071-0/+3
|\ \ | |/ |/| proc-cmdline: filter PID1 arguments on container
| * tree-wide: reset optind to 0 when GNU extensions in optstring are usedYu Watanabe2023-03-291-0/+3
| | | | | | | | | | | | | | | | | | | | Otherwise, if getopt() and friends are used before parse_argv(), then the GNU extensions may be ignored. This should not change any behavior at least now, as we usually use getopt_long() only once per invocation. But in the next commit, getopt_long() will be used for other arrays, hence this change will become necessary.
* | nspawn: ignore NULL machine ID in the containerYu Watanabe2023-04-051-11/+1
| | | | | | | | | | | | | | | | Previously, when the NULL (all zero) machine ID is configured in the container, nspawn refused to execute. Now id128_get_machine() is used, so NULL machine ID is refused with -ENOMEDIUM, and fallback to specified UUID or randomly generated one.
* | Revert "sd-id128: make id128_read() optionally take root directory"Yu Watanabe2023-04-041-1/+4
|/ | | | This reverts commit 830e52caa2bf1a29f56cb93e7ed85acb1bda11c3.
* sd-id128: make id128_read() optionally take root directoryYu Watanabe2023-03-271-4/+1
|
* chase-symlinks: Rename chase_symlinks() to chase()Daan De Meyer2023-03-243-23/+23
| | | | | | | | | Chasing symlinks is a core function that's used in a lot of places so it deservers a less verbose names so let's rename it to chase() and chaseat(). We also slightly change the pattern used for the chaseat() helpers so we get chase_and_openat() and similar.
* core: Settle log target if we're going to be closing all fdsDaan De Meyer2023-03-221-0/+1
| | | | | | | | | | | Whenever we're going to close all file descriptors, we tend to close the log and set it into open when needed mode. When this is done with the logging target set to LOG_TARGET_AUTO, we run into issues because for every logging call, we'll check if stderr is connected to the journal to determine where to send the logging message. This check obviously stops working when we close stderr, so we settle the log target before we do that so that we keep using the same logging target even after stderr is closed.
* copy: Move chattr arguments to full function signaturesDaan De Meyer2023-03-211-4/+7
| | | | | These are almost never used, so let's move them to the _full() functions signatures.
* tree-wide: simplify x ? x : y to x ?: y where applicableFrantisek Sumsal2023-03-181-1/+1
|
* chase-symlinks: Remove unused ret_fd argumentsDaan De Meyer2023-03-141-1/+1
|
* Merge pull request #26641 from medhefgo/boot-elf2efiYu Watanabe2023-03-111-1/+2
|\ | | | | boot: Drop gnu-efi / Add elf2efi.py
| * meson: Introduce userspace depJan Janssen2023-03-101-1/+2
| | | | | | | | This will help in a later commit to separate userspace from EFI builds.
* | lockfile-util: Rename to lock-utilDaan De Meyer2023-03-101-1/+1
|/
* nspawn: disable propagation for selected host API bind mountsLennart Poettering2023-03-031-0/+4
| | | | | | | | | We bind mount two selected inodes from the host into our container. Let's turn off propagation for that, since we just want those inodes, nothing else. With this change "grep master: /proc/self/mountinfo" should list only the mount propagation "tunnel" dir, and nothing else anymore.
* nspawn: disconnect mounts propagation from host on our container dirLennart Poettering2023-03-031-5/+13
| | | | | | | | | | | | | | @brauner noticed that in invoked containers the root directory is set to still receive mounts from the host. We should disable that, and guarantee we live in our own world, because that's what an (nspawn-style) container *is* after all: a whole new world. This hence mounts the container subtree to MS_PRIVATE after getting the root dir in place. Note that this will later be set to MS_SHARED again. The MS_PRIVATE disconnects mounts from the host, the MS_SHARED then establishes a new peer group for mount propagation events, so that payload service managers (such as systemd) can take benefit of propagation further down the tree.
* nspawn: drop unused argLennart Poettering2023-03-021-3/+1
|
* Merge pull request #26632 from poettering/dissect-arch-nspawnLuca Boccassi2023-03-011-10/+13
|\ | | | | dissect: determine arch from DDI and use it for nspawn
| * nspawn: fix DDI arch → personality() propagationLennart Poettering2023-03-011-10/+13
| | | | | | | | | | | | Since quite a while the propagation from the DDI arch into the personality() wasn't hooked up anymore. Let's fix that: when the DDI has a determined arch, automatically propagate this into the personality.
* | tree-wide: error handling modernizationsLennart Poettering2023-03-011-2/+2
|/
* nspawn: hook up memory pressure + sigrtmin+18Lennart Poettering2023-03-011-1/+8
|
* Merge pull request #26203 from medhefgo/mesonYu Watanabe2023-02-221-24/+38
|\ | | | | meson: Use dicts for test/fuzzer definitions
| * meson: Use dicts for fuzzer definitionsJan Janssen2023-02-211-9/+13
| |
| * meson: Use dicts for test definitionsJan Janssen2023-02-211-15/+25
| | | | | | | | | | | | | | Although this slightly more verbose it makes it much easier to reason about. The code that produces the tests heavily benefits from this. Test lists are also now sorted by test name.
* | tree-wide: use FORK_REARRANGE_STDIO and FORK_CLOSE_ALL_FDSYu Watanabe2023-02-211-12/+6
|/
* treewide: fix a few typos in NEWS, docs and commentsDmitry V. Levin2023-02-151-1/+1
|
* src: fix several typos in log messagesDmitry V. Levin2023-02-151-1/+1
|
* nspawn: fix directory in logged errorml2023-02-121-1/+1
|
* tree-wide: set FORK_RLIMIT_NOFILE_SAFE flagYu Watanabe2023-02-071-4/+1
| | | | No functional changes, just refactoring.
* id128: introduce ERRNO_IS_MACHINE_ID_UNSET() helper macroLennart Poettering2023-02-011-1/+1
|
* nspawn: Make sure we create bind mount points as the correct UID/GIDDaan De Meyer2023-01-291-1/+4
| | | | | | When using --private-users, we have to create bind mount points as the user that will become root in the user namespace, so let's take that into account.
* nspawn: Drop CAP_NET_BIND_SERVICE when in userns but not in netnsDaan De Meyer2023-01-261-1/+10
| | | | | | | If we're in a user namespace but not unsharing the network namespace, we won't be able to bind any privileged ports even with CAP_NET_BIND_SERVICE, so let's drop it from the retained capabilities so services can condition themselves on that.
View Lorry Controller Status