conf: remove unused variables

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: switch to parse_mount_attrs() even for legacy mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: support recursive propagation options properly

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: rework recursive mount option handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rootfs: remove "options" member

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove unused mountflags nember

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: port id_map to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: port cgroup settings to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: port procs to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: port sysctls to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: port rlimits to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3950 from brauner/2021-08-25.list

tree-wide: introduce new list type and port network handling to it

conf: port state_clients to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: port handlers to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: port bpf devices to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: port network handling to new list type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

list: add new kernel-based list implementation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3949 from brauner/2021-08-24.attach

tools: lxc-attach fixes

Merge pull request #3948 from brauner/2021-08-24.fixes

confile: return negative errno everywhere

tools: fix elevated privilege handler in lxc-attach

Make sure to return an error when the user requests an LSM profile to be
set while also requesting that elevated LSM privileges are to be used.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: rework lxc_fill_elevated_privileges()

Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach_options: add LXC_ATTACH_LSM_LABEL to LXC_ATTACH_LSM flags

Cc: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: align struct initialization

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix variable declarations in lxc-attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: allow LSM attach without new mnt namespace

Currently, the -c command (to set the selinux context) seems to be
broken because lxc-attach expects that also a new mount namespace
is specified via command line. This commit remove the check for the new
mount namespace to fix this issue. Please note that the
--elevated-privileges option is not affected by this issue.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: return negative errno everywhere

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3947 from blenk92/fix-missing-seccomp

config: enable seccomp profile only when compiled with libseccomp

config: enable seccomp profile only when compiled with libseccomp

Make lxc fail if seccomp.profile is specified but lxc is compiled
without seccomp support. Currently, seccomp.profile is silently ignored
if is specified in such a scenario. This could lead to the false
impression that the seccomp filter is applied while it actually isn't.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

Merge pull request #3943 from brauner/2021-08-19.fixes

seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD

seccomp: fix complication when !HAVE_DECL_SECCOMP_NOTIFY_FD

[2021-08-18 05:48:26] [build-stdout] mv -f $depbase.Tpo $depbase.Po
[2021-08-18 05:48:26] [build-stderr] seccomp.c: In function ‘seccomp_notify_cleanup_handler’:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1367:25: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1367 |  if (fd == conf->seccomp.notifier.notify_fd)
[2021-08-18 05:48:26] [build-stderr]       |                         ^
[2021-08-18 05:48:26] [build-stderr] In file included from af_unix.h:12,
[2021-08-18 05:48:26] [build-stderr]                  from seccomp.c:14:
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:655:26: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   655 |   int __internal_fd__ = (fd); \
[2021-08-18 05:48:26] [build-stderr]       |                          ^~
[2021-08-18 05:48:26] [build-stderr] seccomp.c:1368:29: error: ‘struct lxc_seccomp’ has no member named ‘notifier’
[2021-08-18 05:48:26] [build-stderr]  1368 |   fd = move_fd(conf->seccomp.notifier.notify_fd);
[2021-08-18 05:48:26] [build-stderr]       |                             ^
[2021-08-18 05:48:26] [build-stderr] macro.h:656:4: note: in definition of macro ‘move_fd’
[2021-08-18 05:48:26] [build-stderr]   656 |   (fd) = -EBADF;              \
[2021-08-18 05:48:26] [build-stderr]       |    ^~
[2021-08-18 05:48:26] [build-stderr] make[3]: *** [Makefile:4496: seccomp.o] Error 1
[2021-08-18 05:48:26] [build-stdout] make[3]: Leaving directory '/opt/src/src/lxc'
[2021-08-18 05:48:26] [build-stdout] make[2]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stdout] make[1]: Leaving directory '/opt/src/src'
[2021-08-18 05:48:26] [build-stderr] make[2]: *** [Makefile:440: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] make[1]: *** [Makefile:379: all] Error 2
[2021-08-18 05:48:26] [build-stderr] make: *** [Makefile:537: all-recursive] Error 1
[2021-08-18 05:48:26] [build-stderr] + '[' -f build.ninja ']'
[2021-08-18 05:48:26] [build-stdout] Semmle autobuild: no supported build system detected.
[2021-08-18 05:48:26] [build-stderr] + '[' -d ../_lgtm_build_dir ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build ']'
[2021-08-18 05:48:26] [build-stderr] + for f in build build.sh
[2021-08-18 05:48:26] [build-stderr] + '[' -x build.sh ']'
[2021-08-18 05:48:26] [build-stderr] + '[' -f setup.py ']'
[2021-08-18 05:48:26] [build-stderr] + echo 'Semmle autobuild: no supported build system detected.'
[2021-08-18 05:48:26] [build-stderr] + exit 1
[2021-08-18 05:48:26] [ERROR] Spawned process exited abnormally (code 1; tried to run: [/opt/dist/tools/linux64/preload_tracer, /opt/dist/cpp/tools/do-build])
[2021-08-18 05:48:26] [build-stderr] A fatal error occurred: Exit status 1 from command: [/opt/dist/cpp/tools/do-build]
[2021-08-18 05:48:26] [build-stderr] deptrace-server: received exit command
[2021-08-18 05:48:27] [ERROR] Spawned process exited abnormally (code 2; tried to run: [/opt/work/lgtm-workspace/lgtm/extract.sh])
A fatal error occurred: Exit status 2 from command: [/opt/work/lgtm-workspace/lgtm/extract.sh]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3940 from brauner/2021-08-16.fixes.2

tests: only rely on busybox template getting rid of all network dependencies; terminal: allow for tty allocation even when container did not request separate devpts instance

tests: use busybox in lxc-test-usernic.in

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: use busybox in lxc-test-unpriv

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: use busybox in lxc-test-no-new-privs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test: use busybox in lxc-test-autostart

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test: use busybox in lxc-test-apparmor-mount

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test: use busybox in lxc-test-apparmor-generated

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: fix order in sys_mixed

We need to set the config item after we loaded the config obviously.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: allow for tty allocation even when container did not request separate devpts instance

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

busybox: simplify

Start relying on autodev for busybox template and wipe all the device
creation.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

busybox: mount sys:ro

There's no udev so sys doesn't need to be read-write.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: use /dev/ptmx when allocating pty devices from devpts instances we didn't mount ourselves

When we aren't told what devpts instance to allocate from we assume it
is the one in the caller's mount namespace.
This poses a slight complication, a lot of distros will change
permissions on /dev/ptmx so it can be opened by unprivileged users but
will not change permissions on /dev/pts/ptmx itself. In addition,
/dev/ptmx can either be a symlink, a bind-mount, or a separate device
node. So we need to allow for fairly lax lookup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: add same_device() helper

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3938 from brauner/2021-08-16.fixes

cgroups: simplify offline and isolated cpumask handling

Merge pull request #3939 from Cypresslin/fix-test-exec-bit

tests: set lxc-test-automount/createconfig/snapdeps as executable

tests: set lxc-test-automount/createconfig/snapdeps as executable

The debian/tests/exercise script will skip those non-executable tests
in src/test, thus these three tests were never get tested.

Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

cgroups: simplify offline and isolated cpu handling

Don't create separate cpumask arrays for them. Just clear the ones that
are set in the original cpumask array.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: use semantically clean check in cpuset1_cpus_initialize()

The variable is a pointer not a integer.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3937 from brauner/2021-08-13.fixes

cgroups: cpumask fixes

cgroups: fix cpumask handling

Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix comments in cpuset1_initialize()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "cgroups: fix cpu bitmasks"

This reverts commit e0f7296a6d537f0d2eb5fbc6d7f9e007d11d516a.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3934 from brauner/2021-08-12.fixes

cgroups: cpumask fixes

cgroups: s/calloc/zalloc/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix cpu bitmasks

Link: https://discuss.linuxcontainers.org/t/lxc-4-0-9-lxc-start-sigabrt-on-systems-with-defined-offline-cpus-and-a-total-number-of-cpus-divisible-by-32
Signed-off-by: Jim Ferrigno <jim.ferrigno@oracle.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3899 from denisfa/master

Improve bash completion experience.

Merge pull request #3932 from brauner/2021-08-11.fixes

mainloop: further io_uring fixes

mainloop: disable IORING_SETUP_SQPOLL for now

It's a bit more complicated to use then I envisioned here.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: add comments about multishot and oneshot cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: s/handler_name/name/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3931 from brauner/2021-08-11.fixes

memory_utils: make cleanup handler as unused

mainloop: move variables into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: make cleanup handler as unused

They are sometimes used to just clean something up automatically at end
of scope but the variables themselves might not be actually used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3930 from brauner/2021-08-10.fixes

mainloop: io_uring cleanup handling fixes

mainloop: fix io_uring cleanup handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: remove CANCEL_RAISE flag

This is really not needed since we're not checking it anywhere anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: minor fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3928 from simondeziel/download-user-agent

lxc-download: customize the user-agent to include LXC package version and compat level

Merge pull request #3929 from tych0/fix-sys-poll-warning

mainloop: s,sys/poll,poll

mainloop: s,sys/poll,poll

I get the following warning (which then fails the build because of
-Werror):

In file included from mainloop.c:11:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys/poll.h> to <poll.h> [-Werror=cpp]
    1 | #warning redirecting incorrect #include <sys/poll.h> to <poll.h>
      |  ^~~~~~~

Signed-off-by: Tycho Andersen <tycho@tycho.pizza>

lxc-download: add LXC version/compat level to user-agent

Signed-off-by: Simon Deziel <simon.deziel@canonical.com>

Merge pull request #3924 from brauner/2021-06-04.io_uring

mainloop: io_uring support

mainloop: add io_uring support

Users can choose to compile liblxc with io_uring support. This will
cause LXC to use io_uring instead of epoll.
We're using both, io_uring's one-shot and multi-shot poll mode depending
on the type of handler.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3927 from tomponline/tp-nic-address-broadcast

doc: Adds mention of ability to specify manual IPv4 broadcast address

doc: Adds mention of ability to specify manual IPv4 broadcast address

See also https://github.com/lxc/lxd/pull/9103

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

tree-wide: s/lxc_epoll_descr/lxc_async_descr/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: log session keyring failure on WARN level

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: log at warning instead of error level

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3926 from stgraber/master

doc/api-extensions: Grammar fix

doc/api-extensions: Grammar fix

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #3925 from brauner/2021-08-09.fixes

lsm/apparmor: small fixes

lsm/apparmor: use cleanup macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lsm/apparmor: log failure to write AppArmor profile

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3923 from brauner/2021-08-05.fixes

network: fix container with empty network namespaces

network: fix container with empty network namespaces

Fixes: #3922
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3921 from brauner/2021-08-03.fixes

conf: rootfs mount option fixes

tests: add test for rootfs mount options

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: allow mount options for rootfs when using new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: make some mount helpers static inline

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: let parse_vfs_attr() handle legacy mount flags as well

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: log failure to create tty mountpoint

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3920 from brauner/2021-08-02.fixes

mount_utils: introduce mount_at()

conf: refactor lxc_recv_ttys_from_child()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix logging in lxc_idmapped_mounts_child()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: introduce mount_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3919 from brauner/2021-07-31.devpts

terminal: handle kernel without TIOCGPTPEER

terminal: fail on unknown error during TIOCGPTPEER

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: move native terminal allocation from error logging to info

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: handle kernels without TIOCGPTPEER

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3918 from brauner/2021-07-30.devpts

conf: rework console setup