start: use correct prefix for includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{commands,start}: remove element from list first

First remove the client from the list then close the fd. Otherwise we open
ourselves to a race where another codepath might be writing to a bad file
descriptor.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: remove locking around openpty()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove duplicate lxc_monitor_send_state()

Closes #2177.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: use wait_for_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_legacy_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_set_data()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: convert_devpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_set()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_get()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: build_full_cgpath_from_monitorpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: mount_cgroup_full()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: remove_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: create_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_create_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_is_pure_unified()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_basecg_debuginfo()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: trim()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_string()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_in_clist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_to_eol()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_mountpoint()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: all_controllers_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_list_is_dup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_lists_intersect()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_handle_cpuset_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_parent_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_filter_and_set_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_max_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask_to_cpulist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_controller()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: string_in_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: append_null_to_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add me to authors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: move cg_legacy_must_prefix_named()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_must_prefix_named()

s/must_prefix_named/cg_legacy_must_prefix_named/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: free_string_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document remaining variables

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct cgfsng_handler_data

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: order includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2174 from brauner/2018-02-17/lxc-update-config_check_empty_args

cmd/lxc-update-config: check for empty arguments

cmd/lxc-update-config: check for empty arguments

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2173 from brauner/2018-02-17/add_coverity_status

README: add coverity

README: add coverity

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2171 from brauner/2018-02-16/rework_hooks

conf: fix run_script_argv()

console: ensure that fd is marked EBADF

If the handler closes the file descriptor for the peer or master fd it is
crucial that we mark it as -EBADF. This will prevent lxc_console_delete()
from calling close() on an already closed file descriptor again. I've
observed the double close in the attach code.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: don't call close on invalid file descriptor

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2172 from stgraber/master

Sabayon fixes

lxc-sabayon: Fix handling of eth0

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-sabayon: Remove broken/unused code

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

conf: s/argsin/argv/ in run_script_argv()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: use malloc() in run_script_argv()

It seems dangerous to use alloca() as the arguments can be of indeterminate
length and we might blow up the stack.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix run_script_argv()

Make sure that we allocate the buffer **after** we determined how much space we
need in total.
This fixes a SIGBUS/SIGSEGV Stéphane reported on aarch64 and armf.

Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2170 from brauner/2018-02-16/cgfsng_force_cgroup_mount

confile: add "force" to cgroup:{mixed,ro,rw}

utils: fix lxc_p{close,open}()

If a file descriptor fd is opened by fdopen() and associated with a stream f
will **not** have been dup()ed. This means that fclose(f) will also close the
fd. So never call close(fd) after fdopen(fd) succeeded.
This fixes a double close() Stéphane and I observed when debugging on aarch64
and armf.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: remove lxc-test-ubuntu

This is really taking a long time for not a lot of benefit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

CODING_STYLE: add section for str{n}cmp()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: add "force" to cgroup:{mixed,ro,rw}

This lets users specify

        lxc.mount.auto = cgroup:mixed:force
or
        lxc.mount.auto = cgroup:ro:force
or
        lxc.mount.auto = cgroup:rw:force

When cgroup namespaces are supported LXC will not mount cgroups for the
container since it assumes that the init system will mount cgroups itself if it
wants to. This assumption already broke when users wanted to run containers
without CAP_SYS_ADMIN. For example, systemd based containers wouldn't start
since systemd needs to mount cgroups (named systemd hierarchy for legacy
cgroups and the unified hierarchy for unified cgroups) to track processes. This
problem was solved by detecting whether the container had CAP_SYS_ADMIN. If it
didn't we performed the cgroup mounts for it.
However, there are more cases when we should be able to mount cgroups for the
container when cgroup namespaces are supported:
- init systems not mounting cgroups themselves:
  A init system that doesn't mount cgroups would not have cgroups available
  especially when combined with custom LSM profiles to prevent cgroup
  {u}mount()ing inside containers.
- application containers:
  Application containers will usually not mount by cgroups themselves.
- read-only cgroups:
  It is useful to be able to mount cgroups read-only to e.g. prevent
  changing cgroup limits from inside the container while at the same time
  allowing the applications to perform introspection on their own cgroups. This
  again is mostly useful for application containers. System containers running
  systemd will usually not work correctly when cgroups are mounted read-only.
To be fair, all of those use-cases could be covered by custom hooks or
lxc.mount.entry entries but exposing it through lxc.mount.auto takes care of
setting correct mount options and adding the necessary logic to e.g. mount
filesystem read-only correctly.

Currently we only extend this to cgroup:{mixed,ro,rw} but technically there's
no reason not to enable the same behavior for cgroup-full:{mixed,ro,rw} as
well. If someone requests this we can simply treat it as a bug and add "force"
for cgroup-full.

Replaces #2136.

Signed-off-by: Shukui Yang <yangshukui@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2166 from brauner/2018-02-15/fix_cgfsng_chown

cgroups: use correct mask for chmod()

cgroups: use correct mask for chmod()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2165 from brauner/2018-02-14/coding_style

CODING_STYLE: add coding style file

CODING_STYLE: add CODING_STYLE.md

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

CONTRIBUTING: update

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2163 from brauner/2018-02-13/fix_cgroup_chown

cgfsng: simplifications and fixes

start: s/||/&&/ when mapping ids

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: simplifications and fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2162 from brauner/2018-02-10/remove_openpty_lock

lxclock: remove atfork handlers

tree-wide: remove cgmanager

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: remove pthread_atfork_handlers

They shouldn't be needed anymore.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge branch 'tanyifeng-support_mount_propagation' into lxc/master

conf: support mount propagation

Closes #810.

Signed-off-by: Yifeng Tan <tanyifeng1@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2158 from lifeng68/Fix_lxc-console

Fix lxc-console hang

Fix lxc-console hang

The variable 'descr' is mistakenly covered with 'descr_console'.

Signed-off-by: LiFeng <lifeng68@huawei.com>

Merge pull request #2159 from lifeng68/modify_gitignore

Modify .gitignore

Modify .gitignore

add:
src/lxc/cmd/lxc-checkconfig
src/lxc/cmd/lxc-update-config

Signed-off-by: LiFeng <lifeng68@huawei.com>

Merge pull request #2155 from brauner/2018-02-10/remove_legacy_items

tree-wide: remove legacy codepaths

tree-wide: remove legacy codepaths

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2090 from brauner/2018-01-12/tools_remove_non_api_symbols

tools: remove non api symbols