Merge pull request #2500 from akosiaris/patch-1

Unprivileged's incompatibility with type=none docs

Unprivileged's incompatibility with type=none docs

Unprivileged containers are not compatible with sharing the
host namespace due to an inability to mount sysfs. Add docs
in lxc.container.conf to document that out.

Refs #2463

Signed-off-by: Alexandros Kosiaris <akosiaris@gmail.com>

Merge pull request #2497 from brauner/2018-07-29/nl_fix

nl: avoid NULL pointer dereference

nl: avoid NULL pointer dereference

It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
the nla_put_attr().

There has to be a check for data in nla_put() as passing NULL to the memcpy()
is not allowed. Even if length is 0, both pointers have to be valid.

For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
such a call shall still have valid values".

Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[christian.brauner@ubuntu.com: adapted commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2496 from flx42/nvidia-hook-lgpl

Fix license of the nvidia hook

Fix license of the nvidia hook

Fixes: #2494
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Merge pull request #2493 from brauner/2018-07-26/bugfixes

utils: add lxc_iterate_parts(), compile with -Wvla and -std=gnu11

autotools: default to -Wvla -std=gnu11

We can't really support anything less than gcc-4.8 anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

include: remove VLAs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: remove VLAs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Makefile: add missing lxctest.h

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

state: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

parse: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

namespace: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/strtok_r()/lxc_iterate_parts()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/strtok_r()/lxc_iterate_parts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_iterate_parts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2479 from Blub/apparmor-profiles

RFC: Generated Apparmor profiles, namespaces, stacking

tests: add test for generated apparmor profiles

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

apparmor: allow start-container to change to lxc-**

For generated profiles with apparmor namespaces we get
profile names with slashes in them. To match those, we need
to allow changing to lxc-**, not just lxc-*.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

apparmor: profile generation

This copies lxd's apparmor profile generation. This tries to
detect features such as cgroup namespaces, apparmor
namespaces and stacking support, and has profile parts
conditionally for unprivileged containers.

This introduces the following changes to the configuration:
  lxc.apparmor.profile = generated
    The fixed value 'generated' will cause this
    functionality to be used, otherwise there should be no
    functional changes happening unless specifically
    requested with the next key:
  lxc.apparmor.allow_nesting
    This is a boolean which, if enabled, causes the
    following changes: When generated apparmor profiles are
    used, they will contain the necessary changes to allow
    creating a nested container. In addition to the usual
    mount points, /dev/.lxc/proc and /dev/.lxc/sys will
    contain procfs and sysfs mount points without the lxcfs
    overlays, which, if generated apparmor profiles are
    being used, will not be read/writable directly.
  lxc.apparmor.raw
    A list of raw apparmor profile lines to append to the
    profile. Only valid when using generated profiles.

The following apparmor profile lines have not been copied
from lxd:

  mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,
  mount none -> /var/lib/lxd/shmounts/,
  mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,

They should be added via lxc.apparmor.raw entries by lxd.

In order for apparmor_parser's cache to be of use, this adds
a --with-apparmor-cache-dir ./configure option.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

apparmor: update current profiles

remove cgmanager rules and add fstype=cgroup2 variants for
the existing fstype=cgroup rules

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

utils: add must_concat helper

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

apparmor: use fopen_cloexec

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #2492 from brauner/2018-07-14/fix_indendation

lxccontainer: fix indendation

lxccontainer: fix indendation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lsm: fixup lsm_process_label_set_at return values

Always return -1 on error (some code paths returned -1, some
returned negative error codes), don't assume 'errno' is set
afterwards, as the function already prints errors and not
all code paths will have a usable errno value.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

tests: lxc-test-apparmor-mount: check environment early

don't kill all my processes when running it as user...

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

tests: lxc-test-apparmor-mount: show a log on error

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #2489 from 2xsec/bugfix

change log macro of error case from lxc_ambient_caps_up/down

Merge pull request #2300 from LizaTretyakova/mount_injection

Mount injection API

confile: add missing header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: coding style fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: coding style fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: add strdup failure check

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
[christian.brauner@ubuntu.com: coding style]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf, lxccontainer: fix length checks in snprintf

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

conf, confile, lxccontainer, start: nonfunctional changes

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

lxccontainer: reword create_mount_target()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_mount() coding-style

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add filesystem and char device tests

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

lxccontainer: add handling of file mounts

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

tests: tweak mount injection tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add tests for umount

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

lxccontainer: add the umount API function

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>
[christian@brauner.io: minor coding-style changes]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add mount injection tests

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

lxccontainer: add container API function and structs for injecting a mount

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

start: add shmount setup on container start

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

utils: add shared mount point detection

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

conf, confile: add parsing of a shmounts config parameter

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

conf, confile: introduce basic structs for shared mount point

Signed-off-by: Liza Tretyakova <elizabet.tretyakova@gmail.com>

change log macro of error case from lxc_ambient_caps_up/down

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2488 from 2xsec/bugfix

docs: tools: -d/--daemonize for lxc-execute

docs: tools: -d/--daemonize for lxc-execute

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2486 from 2xsec/bugfix

thread safe: rand() => rand_r()

coverity: #1438067

Explicit null dereferenced

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

thread safe: rand() => rand_r()

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2484 from 2xsec/bugfix

attach: fix return value & cleanups

attach: move errno handling

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2485 from 2xsec/docs

docs: add long options of lxc-unshare

docs: add long options of lxc-unshare

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

attach: fix return value & cleanups

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2482 from 2xsec/bugfix

error handling cleanups #2471

af_unix: fix return value & cleanups

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

lxccontainer: coding rules

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

confile_utils: fix return value & cleanups

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2480 from brauner/2018-07-18/add_required_mount_flags

conf: the atime flags are locked in userns

Merge pull request #2481 from hwoarang/fix-apparmor-paths

apparmor: Allow /usr/lib* paths for mount and pivot_root

apparmor: Allow /usr/lib* paths for mount and pivot_root

openSUSE Leap 15 is using --libdir=/usr/lib64 when building for
x86_64 so we need to allow this path in the apparmor profiles.

Link: https://bugzilla.opensuse.org/show_bug.cgi?id=1099239
Signed-off-by: Markos Chandras <mchandras@suse.de>

conf: the atime flags are locked in userns

This means they need to be added for remount and for fresh mounts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2473 from tenforward/japanese

doc: Translate lxc.monitor.signal.pdeath into Japanese in lxc.contain…

doc: Translate lxc.monitor.signal.pdeath into Japanese in lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #2472 from brauner/2018-07-16/monitor_signal_pdeath

tests: add lxc.monitor.signal.pdeath

tests: add lxc.monitor.signal.pdeath

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2470 from brauner/2018-07-16/monitor_signal_pdeath

confile: add lxc.monitor.signal.pdeath

confile: add lxc.monitor.signal.pdeath

Set the signal to be sent to the container's init when the lxc monitor exits.
By default it is set to SIGKILL which will cause all container processes to be
killed when the lxc monitor process dies.
To ensure that containers stay alive even if lxc monitor dies set this to 0.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: move signal helpers to confile utils

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2469 from 2xsec/bugfix

tools: lxc-unshare: use lxc list for interface names

coverity: #1437949

Argument cannot be negative

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

tools: lxc-unshare: use lxc list for interface names

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2468 from 2xsec/bugfix

tools: lxc-unshare: apply argument parser of lxc and log system of lxc

tools: lxc-unshare: fix wrong coding rules

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

tools: lxc-unshare: apply argument parser of lxc and log system of lxc

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2466 from flx42/fix-define-argument

 confile: fix incorrect strncmp

confile: fix incorrect strncmp

Passing additional configuration options with "--define" was broken.

Result of git bisect:
d899f11b7bfb14c4b532bc801de89c8fb46307d4 is the first bad commit

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Merge pull request #2465 from 2xsec/bugfix

lxclock: change error log using strerror to SYSERROR

lxclock: change error log using strerror to SYSERROR

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2462 from brauner/2018-07-12/coverity

coverity

coverity: #1437935

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1437936

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2459 from brauner/2018-07-11/cleanup_makefile

autotool fixes, attach cleanups

Merge pull request #2460 from brauner/2018-07-12/handle_new_mknod_smarter

conf: handle partially functional device nodes

attach: cleanup log messages in lxc_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use fd_cloexec()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup no_new_privs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup fetch_seccomp()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>