network: fix network device removal

We can't delete by netdev->ifindex since that's the ifindex of the device in
the container, not on the host. The correct thing is done below.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: log api reboot test failures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: fix typ and formatting in comment

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: improve veth device creation

This allows us to avoid having to move the network device. It also allows us to
work around a kernel bug that in combination with a recent change in systemd
244 causes uses of systemd-networkd to not get an ip address.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3249 from brauner/2020-01-09/bugfixes

handle kernel version <--> header incompatibility

start: handle kernel header and kernel incompatability

We might e.g. be compiled in a container with old kernel headers. In this
scenario CLONE_PIDFD will work but pidfd_send_signal() might not be detected
because __NR_pidfd_send_signal is not defined because the kernel headers don't
match the kernel version.

This explains and fixes test-suite hangs on Jenkins I've recently debugged.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: timeout after 60 seconds

That should be more than enough to reboot.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: add missing \n

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3241 from brauner/2019-12-25/remove_procfs_pidfd_support

start: remove procfs pidfd support

Merge pull request #3247 from Rachid-Koucha/patch-1

Suppress useless udhcpc directory

Suppress useless udhcpc directory

The udhcpc directory is created with "mkdir -p" at the place dynamically specified by "busybox udhcpc --help".

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #3244 from Rachid-Koucha/master

Adaptation to latest busybox

Merge pull request #3243 from Rachid-Koucha/patch-1

Word repetition in comment

Adaptation to latest busybox

In busybox 1.30, the help of udhcpc for "-s" option changed:
--> busybox v1.27.2: -s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
--> busybox v1.30.1: -s PROG Run PROG at DHCP events (default /etc/udhcpc/default.script)
So, I changed the command line which extracts the script name to make it work for both versions

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

start: remove procfs pidfd support

We'll only rely on proper anon-inode based pidfd support in the future.
There's no good reason to use the procfs fallback. All the fancy features we
might want to use are only available with anon-inode pidfds.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Word repetition in comment

create_run_template(): Double "will mount" in a comment

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #3238 from brauner/2019-12-23/travis

travis: enable -fsanitize=undefined

Merge pull request #3239 from vikaig/fix-shebang

cmd: fix shebang

cmd: fix shebang

Signed-off-by: vikaig <vikaig99@gmail.com>

travis: enable -fsanitize=undefined

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3235 from xinhua9569/master

fd: only add valid fd to mainloop

fd: only add valid fd to mainloop

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

Merge pull request #3233 from xinhua9569/master

seccomp: support s390 seccomp

Merge pull request #3232 from brauner/2019-12-17/cgroup2_api_extension

api_extensions: advertise cgroup2 support

seccomp: support s390 seccomp

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

api_extensions: advertise cgroup2 support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3229 from brauner/2019-12-12/cgroup_legacy_layout_regression

cgroups/cgfsng: do not prematurely close file descriptors

cgroups/cgfsng: do not prematurely close file descriptors

When adding the new improved cgroup setup logic I didn't account for the fact
that we need the hierarchy fds up until chown. Add a dedicated cleanup method
to fix this:

lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

Closes #3228.
Fixes: 1973b62aab41 ("cgroups/cgfsng: improve cgroup creation and removal")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3226 from brauner/cgroup_removal

cgroupfs: improve cgroup removal

cgroups/cgfsng: improve cgroup creation and removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3225 from brauner/cgroup_improvements

cgroups/cgfsng: rework legacy cpuset handling

cgroups/cgfsng: rework cgroup removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework legacy cpuset handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char *

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3223 from brauner/flatten_cgroup_hierarchy

cgroups: flatten hierarchy

cgroups: use explicit unsigned type for bitfield

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: flatten hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3222 from brauner/security

file_utils: use O_NOCTTY | O_NOFOLLOW

file_utils: use O_NOCTTY | O_NOFOLLOW

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3218 from brauner/bpf_devices_devpath

cgroups/devices: enable devpath semantics for cgroup2 device controller

cgroups/devices: enable devpath semantics for cgroup2 device controller

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3217 from brauner/rework_cgroups

cgroups, logging: fixes and improvements

cgroups/cgfsng: replace lxc_write_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{get,set}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_get_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_num_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/__unused/__lxc_unused/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: don't dereference NULL-pointer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: log chown_cgroup_wrapper()

It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup2 unprivileged delegation

We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: remove unused compiler attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: replace closing helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: add __unused attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{log, macro}: remove unused logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile_utils: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: rework return values of some functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup2_devices: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: replace logging helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add ret_errno()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: rearrange

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3215 from brauner/cgroup2_controller_delegation

cgroup2: rework controller delegation

cgroup2: rework controller delegation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3214 from Rachid-Koucha/patch-1

"busy" field init to -1 instead of 0

Merge pull request #3213 from blenk92/fix-mount-parsing

config: Fix parsing of mount options

"busy" field set to -1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

"busy" field set to 1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Init "busy" field to -1 as 0 is valid fd

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

config: Fix parsing of mount options

When parsing mount options e.g. from lxc.mount.entry the specified
options are mapped to the flags constants. To do so, the strings
are compared to the options contained in mount_opt. However,
when comparing the strings, the length of the string is not
checked. That entails that the option "rootcontext=selinux-context"
is mapped to the mount option read-only (ro). This commit fixes
this issue by checking if a '=' is contained in the specified option
and additionally comparing the length of the strings.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

Merge pull request #3204 from brauner/switch_to_spdx

lxc: switch to SPDX

Merge pull request #3207 from brauner/cgroup2_improvements_2

cgroups: improve container cgroup attaching

cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: improve container cgroup attaching

The current attach.c codepath which handles moving the attaching process into
the container's cgroups allocates a whole new struct cgroup_ops and goes
through the trouble of reparsing the whole cgroup layout.
That's costly and wasteful. My plan has always been to move this into the
command api by getting fds for attaching back but but it's not worth going
through that hazzle for non-unified hosts. On pure unified hosts however -
being the future - we can just attach through a single fd so there's no need to
allocate and setup struct cgroup_ops.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc: switch to SPDX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: use logging return helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>