rexec: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

monitor: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile_utils: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: convert to strnprintf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: add wrapper for snprintf()

This let's us avoid the tedious

if (ret < 0 || (size_t)ret >= sizeof(buf))

style of error checking.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3664 from brauner/2021-02-10/fixes

cgroups: fixes

cgroups: log container process entering

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: log monitor and transient process entering

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: do not return early when entering monitor cgroups

This will happen when restoring a container via criu.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: use brackets to have clear semantics for flags checking

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3663 from brauner/2021-02-10/fixes

criu: fixes

criu: handle new cgroup layout

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: lxc_init() already initializes cgroups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: warn about cgroup hierarchies without controllers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: rework init pid retrieval

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: use cleanup macro when parsing mount data

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: use cleanup macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: move logging under lxc_log_trace()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: massage exec_criu()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: mark cgroups methods specific to criu

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix memory leak

Fixes: Coverity 1472848
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3661 from blenk92/iw_error_msg

network: Add error message if iw couldn't be found

Merge pull request #3662 from brauner/2021-02-08/fixes

conf: expand fd-only setup codepaths

conf: kill PATH_MAX bytes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: kill PATH_MAX bytes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add logging to lxc-test-unpriv

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fd-only tty setup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: s/OPEN_TREE_CLONE | OPEN_TREE_CLONE/OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: rework rootfs pinning

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: Add error message if iw couldn't be found

When iw is not installed on the host, lxc fails to move wireless devices
into a container. Unfortunately there is no real error message yet
(other than that it didn't work), so its quite unobvious what causes
this. This commit adds a error message that clearly states the
application iw is missing.

Signed-off-by: Maximilian Blenk <blenkmax@gmail.com>

conf: kill PAT_MAX bytes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: kill PATH_MAX bytes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: don't pass struct lxc_conf

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: kill PATH_MAX bytes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/setup_mount()/setup_mount_fstab()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add locked flag helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3660 from brauner/2021-02-05/fixes_1

mount_utils: initialize fd

mount_utils: kill mount_filesystem()

We have way better helpers now.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: switch to simple mount()

At the point where we're remounging proc and sys we're in the container's
namespaces so there's no chance of escape so a simple mount() syscall will
suffice.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: initialize fd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3659 from brauner/2021-02-05/fixes

mount: extend support for the new mount api

tree-wide: make use of new_mount_api() where it makes sense

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: detect new mount api support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: kill mount_from_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: use fd_bind_mount() in lxc_fill_autodev()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add support for bind-mounts through the new mount api

fd_bind_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: kill mount_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: switch __cg_mount_direct() to use the new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: switch tmpfs mounting to new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: switch mount_autodev() to new mount api

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add extended helpers for new mount api

fs_prepare()
fs_set_property()
fs_attach()
fs_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: move mount_at() and mount_from_at() over from utils.{c,h}

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3657 from brauner/2021-02-05/init_groups

conf: implement lxc.init.groups

confile: make garbage groups an error

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: improve lxc.init.groups tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: handle appending init groups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: use lxc_groups_t directly

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach_options: use size_t for lxc_groups_t

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use brackets around flag check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach_options: use standard C pointer syntax

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach_options: initialize .groups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: Add groups option to keep additional group IDs.

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>

confile: add lxc.init.groups to keep additional groups

Signed-off-by: Ruben Jenster <r.jenster@drachenfels.de>

utils: rework lxc_setgroups()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: use lxc_drop_groups() instead of lxc_setgroups(0, NULL)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_drop_groups()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3655 from brauner/2021-02-04/fixes_1

Tiny fixes in attach and utils

utils: check for snprintf() error

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: improve logging and terminology

The term "intermediate process" is not very nice imho, "transient process" fits
better.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3651 from brauner/2021-02-04/fixes

cgroups: fix cgroup mounting

cgroups: check for correct error in __cg_unified_attach() from cgroup_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/dfd_root_host/dfd_host/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/mntpt_fd/dfd_mnt/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/dev_mntpt_fd/dfd_dev/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: fix PROTECT_OPEN_W macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: restricted fd-only lxc_fill_autodev()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: start stashing dfd to host's / during container setup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix lxc_setup_dev_console()

We were printing garbage on accident.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add mount_from_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: restrict open calls in cgroup_attach_create_leaf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: improve error handling and logging in cgroup_attach_leaf()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix argument vetting in cgroup_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: fix fallback logic when attaching to cgroups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: switch to fd-based cgroup mounting

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: restricted fd-only controller mountpoint creation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix cgroup mounting

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3650 from brauner/2021-02-03/fixes_1

conf: harden various mount paths

utils: harden __safe_mount_beneath_at()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: refactor transient procfs mounting

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>