fix getpwnam() thread safe issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2395 from brauner/2018-06-11/restore_old_create_behavior

tools: restore lxc-create log behavior

tools: restore lxc-create log behavior

Older versions of lxc-create used to set log_file to "none" when a log priority
but no log file was specified on the command line. Let's restore this behavior.

Closes #2392.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2393 from 2xsec/bugfix

arguments: improve some operations

Merge pull request #2394 from 2xsec/coverity

coverity: #1425747

coverity: #1425801

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425781

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425747

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

arguments: improve some operations

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2389 from 3XX0/terminal-output-processing

terminal: enable local output processing

Merge pull request #2390 from 3XX0/conf-no-force-shadow

conf: only use newuidmap and newgidmap when necessary

Merge pull request #2391 from harryoooooooooo/master

fix bug: unpriv lxc will run lxc.net.[i].script.up now

fix bug: unpriv lxc will run lxc.net.[i].script.up now

Signed-off-by: harryoooooooooo <ymsc27884@gmail.com>

conf: only use newuidmap and newgidmap when necessary

Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

terminal: enable local output processing

Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

Merge pull request #2388 from 2xsec/coverity

coverity: #1425811

coverity: #1425811

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2387 from 2xsec/coverity

coverity: #1425753

coverity: #1425753

Copy into fixed size buffer

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2385 from 2xsec/coverity

coverity: #1425836

coverity: #1425836

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2384 from 2xsec/bugfix

pam_cgfs: fix Logically dead code.

Merge pull request #2383 from 2xsec/coverity

coverity: #1425849, #1425821, #1425794, #1425779, #1425777, #1425795, #1425841

pam_cgfs: fix Logically dead code.

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425849

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425841

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425821

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425795

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425794

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425779

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425777

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2378 from brauner/2018-06-05/revert_seccomp_strict

Revert "seccomp: make do_resolve_add_rule() more strict"

seccomp: replace misleading warning messages

Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2381 from stgraber/master

Fix typo

Fix typo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Revert "seccomp: make do_resolve_add_rule() more strict"

This reverts commit dfddc8aa7ef3362212f8394995088a5f525730dd.

Closes #2376.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2377 from 2xsec/bugfix

conf: change some logs to print errno

conf: change some logs to print errno

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2374 from brauner/2018-06-04/fix_remount_all_slave

conf: copy mountinfo for remount_all_slave()

Merge pull request #2362 from duguhaotian/work

support tls in cross-compile

support tls in cross-compile

AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.

Signed-off-by: duguhaotian <duguhaotian@gmail.com>

conf: copy mountinfo for remount_all_slave()

While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.

Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2372 from flx42/more-seccomp-fixes

More seccomp fixes

seccomp: use a default value of 0 for the mask

The mask was unconditionally parsed, it failed if no mask was
provided.

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

seccomp: drop misleading argument name inherited from the OCI spec

The last (optional) argument was named "valueTwo", which seems to
originate from the OCI runtime spec:
https://github.com/opencontainers/runtime-spec/blob/master/config-linux.md#seccomp

In proper seccomp terminology, "value" is "datum_a" and "valueTwo" is "datum_b".

However, LXC's "valueTwo" was used as the mask for SCMP_CMP_MASKED_EQ,
while the mask is supposed to be "datum_a".

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Merge pull request #2371 from brauner/2018-06-01/use_read_nointr

tree-wide: handle EINTR in some read()/write()

tree-wide: handle EINTR in some read()/write()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2370 from jsurloppe/fix-lxc-update-config

Patch lxc-update-config

Patch lxc-update-config

The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:

parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24

Signed-off-by: Julien Surloppe <julien@surloppe.fr>

templates: fix download template

This patch fixes
commit 6e62213e0294 ("templates: actually create DOWNLOAD_TEMP directory".
To use mktemp -p correctly the directories need to exist. So call mkdir -p.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2369 from masselstine/master

templates: actually create DOWNLOAD_TEMP directory

templates: actually create DOWNLOAD_TEMP directory

The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:

    ERROR: Failed to download http://....

Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.

Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>

Merge pull request #2367 from 2xsec/bugfix

confile_utils: apply strprint()

confile_utils: apply strprint()

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

tree-wide: fix mode of some files

commit 321db0260f6f ("start: fix waitpid() blocking issue") and
commit b2a485085392 ("change defines for return value of handlers)
changed the mode of files.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2366 from 2xsec/bugfix

change defines for return value of handlers

start: log unknown info.si_code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: fix waitpid() blocking issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

change defines for return value of handlers

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2365 from brauner/2018-05-30/improve_strprint

confile: improve strprint()

confile: improve strprint()

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2363 from 2xsec/master

conf: va_end was not called.

Merge pull request #2360 from brauner/2018-05-29/conf_cleanup

conf: small cleanups

conf: va_end was not called.

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make tmp_umount_proc bool

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make root idmap structs const

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: add reboot macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags

start: do not init ns_clone_flags to -1

conf: ensure lxc_delete_tty() does not crash

We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do not init ns_clone_flags to -1

ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2355 from 2xsec/master

network: fix socket handle leak

network: fix socket handle leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2354 from brauner/2018-05-26/config_cleanups

conf: cleanups, and bugfixes

utils: fix task_blocking_signal()

Closes #2342.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: pts -> pty_max

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: simplify tty handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: reshuffle mount members

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make close_all_fds a boolean

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make is_execute a boolean

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create

tools: fix lxc-create with global config value II

coverity: #1435747

Dereference before null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435803

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435805

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435806

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix lxc-create with global config value II

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes

seccomp: more fixes

tools: fix lxc-create with global config value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: make do_resolve_add_rule() more strict

Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_v2_rules()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: lxc_read_seccomp_config()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2351 from Blub/seccomp-fixup-2

Seccomp fixup part 2

seccomp: error on unrecognized actions

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: refactor line handling of parse_config

Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba41c ("seccomp: parse_config_v2()")

seccomp: re-add action parse error handling

This can happen when the 'errno' action can't parse its
supplied number.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a0d ("seccomp: parse_v2_rules()")

Merge pull request #2350 from Blub/seccomp-cleanup-fixup

seccomp: leak fixup

seccomp: leak fixup

Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e430 ("seccomp: parse_config_v1()")