commands: extend rsp_one_fd() to also handle additional data

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: actually open the file for reading

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: set rsp.ret to 0 for lxc_cmd_get_cgroup_ctx_callback()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/cgroup_layout/layout/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: add LXC_CMD_GET_CGROUP_FD and LXC_CMD_GET_LIMIT_CGROUP_FD

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: s/_LIMITING_/_LIMIT_/g and s/_limiting_/_limit_/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: simplify lxc_cmd_get_cgroup_ctx()

Instead of allowing individual hierarchy fd retrieval through
lxc_cmd_get_cgroup_ctx() let's add a dedicated method instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: fix alignment for lxc_cmd_get_cgroup_ctx()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: handle fallback gracefully

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: make use of ERRNO_IS_NOT_SUPPORTED()

This will hopefully prevent backwards compatibility fallback errors.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

error_utils: copy over Lennart's IN_SET()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: tweak return values

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

error_utils: move error helper to separate header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: simple variable reordering

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3692 from brauner/2021-02-23/fixes

build fix & cgroup braino

attach: be paranoid about file descriptors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix braino during controller list creation

Co-mounted controllers are conventionally separated by ",".

Fixes: https://jenkins.linuxcontainers.org/job/lxd-github-commit/1905/arch=amd64,backend=dir,compiler=golang-1.15/consoleFull
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove faulty use of access attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3691 from brauner/2021-02-23/fixes

Fix issues reported by Coverity

cgroups: fix error checking

Fixes: Coverity 1473310
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: prevent oob writes

Fixes: Coverity 1473309
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: only deref once

Fixes: Coverity 1473308
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3690 from brauner/2021-02-21/fixes

attach: improve attaching of new clients to old servers

commands: handle old clients for LXC_CMD_GET_CGROUP_CTX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: handle new and old clients

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: make fd sending more uniform

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: dumb logging down

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3689 from brauner/2021-02-21/fixes

cgroups: introduce fd-only cgroup attach via LXC_CMD_GET_CGROUP_CTX

attach: fix namespace preservation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: verify expected file descriptors were sent

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: handle older clients gracefully

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: remove additional newline

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: add comment about cast

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: fix unsupported namespaces

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: lxc_cmd_add_state_client_callback()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: handle older clients elegantly

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: send ENOSYS response

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: introduce fd-only cgroup attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: introduce LXC_CMD_GET_CGROUP_CTX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add copy_struct_to_client()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: add syswarn_set()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add copy_struct_from_client()

Which is our variant of copy_struct_from_user() that Aleksa and I added to the
kernel.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add min() macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: allow cgroup fd batch retrieval

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: add LXC_CMD_GET_CGROUP_FD

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: introduce rsp_many_fds()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: introduce rsp_one_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: introduce lxc_cmd_rsp_send_reap()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: be more explicit during command processing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

state: _never_ return NULL from lxc_state2str()

Cc: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add cgroup_fds() helper

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: improve SCM_RIGHTS file descriptor retrieval

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: tweak validate_string_request()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: explicitly number enums

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: close dfd_mon but keep dfd_con and dfd_lim open for all cgroup hierarchies

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: start stashing all fds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: skip and warn about invalid file descriptors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: fix close_equal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3688 from brauner/2021-02-19/fixes_2

cgroups: rework cgroup initialization

cgroups: handle lxc.cgroup.use global parameter

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix cg_legacy_freeze() return type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: tweak lxc_write_openat()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: improve utility controller handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/cgroup2_chown/delegate/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: move cgroup2 parameters into substruct

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/container_limit_path/path_lim/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/container_full_path/path_con/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/cgfd_limit/dfd_lim/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/cgfd_mon/dfd_mon/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/cgfd_con/dfd_con/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/mountpoint/at_mnt/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/container_base_path/at_base/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: rename cgroupfs mount fd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: simplify and fix mounting on non-cgroup namespace aware kernels

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: introduce cgroup hierarchy type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove unused helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/add_hierarchy()/cgroup_hierarchy_add()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: split delegation checks into separate helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: simplify string list handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: rework cgroup initialization

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: split out unified cgroup helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: adapt to new pointer error macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add pointer error encoding support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: add likely() and unlikely() support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/basecginfo/cgroup_info/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: simplify current cgroup retrieval on pure unified cgroup layouts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: tweak return values

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: tweak lxc.cgroup.use handling in __cgroup_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/must_copy_string()/strdup()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: avoid additional variable for single access

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix prune_init_scope()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: move lxc_iterate_parts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3684 from brauner/2021-02-18/fixes_2

bpf: device cgroup improvements

Merge pull request #3687 from brauner/2021-02-19/fixes

lsm: fixes

doc: tweak cgroup headline

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: epxlain eBPF-based device controller semantics

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: add missing ".[controller file] suffix to lxc.cgroup{2}. key explanations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

bpf: update device cgroup semantics

LXC has supported the bpf device controlller for a while now. A bpf device
program can be attached to the container's cgroup if this is a pure cgroup2
host.

The format for specifying device rules for the cgroup2 bpf device controller is
the same as for the legacy cgroup device controller; only the configuration key
prefix has to change. Specifically, device rules for the legacy cgroup device
controller are specified by via lxc.cgroup.devices.{allow,deny} whereas for the
cgroup2 bpf device controller lxc.cgroup2.devices.{allow,deny} must be used.

The following semantics apply:
1. The device rule "lxc.cgroup2.devices.deny = a" will cause LXC to instruct
   the kernel to block access to all devices by default. To grant access to
   devices "allow device rules" must be added via the
   "lxc.cgroup2.devices.allow" key. This is referred to as a "allowlist" device
   program.
2. The device rule "lxc.cgroup2.devices.allow = a" will cause LXC to instruct
   the kernel to allow access to all devices by default. To deny access to
   devices "deny device rules" must be added via "lxc.cgroup2.devices.deny"
   key. This is referred to as a "denylist" device program.
3. Specifying a rule as explained in 1. or 2. will cause all previous rules to
   be cleared, i.e. the device list will be reset.

For example the set of rules:

lxc.cgroup2.devices.deny = a
lxc.cgroup2.devices.allow = c *:* m
lxc.cgroup2.devices.allow = b *:* m
lxc.cgroup2.devices.allow = c 1:3 rwm

implements a "allowlist" device program, i.e. the kernel will block access to
all devices not specifically allowed in this list. This particular program
states that all character and block devices might be created but only /dev/null
might be read or written.

If we to switch to the set of rules to:

lxc.cgroup2.devices.allow = a
lxc.cgroup2.devices.deny = c *:* m
lxc.cgroup2.devices.deny = b *:* m
lxc.cgroup2.devices.deny = c 1:3 rwm

then LXC would instruct the kernel to implement a "denylist", i.e. the kernel
will allow access to all devices not specifically denied in this list. This
particular program states that no character devices or block devices might be
created and that /dev/null is not allow allowed to be read, written, or
created.

Consider the same program but followed by a rule as explained in 1. or 2.:

lxc.cgroup2.devices.allow = a
lxc.cgroup2.devices.deny = c *:* m
lxc.cgroup2.devices.deny = b *:* m
lxc.cgroup2.devices.deny = c 1:3 rwm
lxc.cgroup2.devices.allow = a

The last line will cause LXC to reset the device list without changing the type
of device program.

lxc.cgroup2.devices.allow = a
lxc.cgroup2.devices.deny = c *:* m
lxc.cgroup2.devices.deny = b *:* m
lxc.cgroup2.devices.deny = c 1:3 rwm
lxc.cgroup2.devices.deny = a

The last line will cause LXC to reset the device list and switch from a
"allowlist" program to a "denylist" program.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: tweak bpf_device_cgroup_prepare()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: expose lxc_clear_cgroup2_devices()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>