change defines for return value of handlers

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2365 from brauner/2018-05-30/improve_strprint

confile: improve strprint()

confile: improve strprint()

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2363 from 2xsec/master

conf: va_end was not called.

Merge pull request #2360 from brauner/2018-05-29/conf_cleanup

conf: small cleanups

conf: va_end was not called.

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make tmp_umount_proc bool

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make root idmap structs const

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: add reboot macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2358 from brauner/2018-05-28/do_not_init_ns_clone_flags

start: do not init ns_clone_flags to -1

conf: ensure lxc_delete_tty() does not crash

We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do not init ns_clone_flags to -1

ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2355 from 2xsec/master

network: fix socket handle leak

network: fix socket handle leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Merge pull request #2354 from brauner/2018-05-26/config_cleanups

conf: cleanups, and bugfixes

utils: fix task_blocking_signal()

Closes #2342.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: pts -> pty_max

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: simplify tty handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: reshuffle mount members

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make close_all_fds a boolean

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: make is_execute a boolean

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2353 from brauner/2018-05-25/fix_lxc_create

tools: fix lxc-create with global config value II

coverity: #1435747

Dereference before null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435803

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435805

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435806

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix lxc-create with global config value II

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2352 from brauner/2018-05-25/further_seccomp_fixes

seccomp: more fixes

tools: fix lxc-create with global config value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: make do_resolve_add_rule() more strict

Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_v2_rules()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: lxc_read_seccomp_config()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2351 from Blub/seccomp-fixup-2

Seccomp fixup part 2

seccomp: error on unrecognized actions

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

seccomp: refactor line handling of parse_config

Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eba41c ("seccomp: parse_config_v2()")

seccomp: re-add action parse error handling

This can happen when the 'errno' action can't parse its
supplied number.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d00a0d ("seccomp: parse_v2_rules()")

Merge pull request #2350 from Blub/seccomp-cleanup-fixup

seccomp: leak fixup

seccomp: leak fixup

Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128e430 ("seccomp: parse_config_v1()")

Merge pull request #2349 from brauner/2018-05-24/prevent_fd_leak

lxccontainer: fix fd leaks when sending signals

start: log setns() failure

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: order architectures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: fix fd leaks when sending signals

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2347 from brauner/2018-05-24/seccomp_cleanups

seccomp: cleanup

Merge pull request #2348 from brauner/2018-05-24/pthread_sigmask

tree-wide: s/sigprocmask/pthread_sigmask()/g

utils: fix task_blocking_signal()

sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/sigprocmask/pthread_sigmask()/g

The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: lxc_read_seccomp_config()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_config()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_config_v2()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: do_resolve_add_rule()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: scmp_filter_ctx get_new_ctx()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: get_hostarch()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: move #ifdefines

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_v2_rules()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: fix get_seccomp_arg_value()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: get_v2_action()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: get_action_name()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: get_v2_default_action()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add remove_trailing_newlines()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: parse_config_v1()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcseccomp: cleanup header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2345 from flx42/seccomp-fixes

Seccomp fixes

seccomp: fix type mismatch when parsing syscall arguments filters

Specifier %lli was insufficient for the type uint64_t, all values
between 2^63-1 and 2^64-1 were silently converted to 2^63-1.

We can't use %llu since it doesn't handle hexadecimal. Instead, we
parse the values as strings and then use strtoull(3).

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

seccomp: remove unnecessary memset

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

seccomp: remove confusing comment line

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

seccomp: fix off-by-one error in array allocation for sscanf

The maximum field width does not include the null terminator.

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Merge pull request #2344 from brauner/2018-05-23/on_demand_log_file

tools: only create log file when requested

Merge pull request #2340 from brauner/2018-05-22/fix_init_cmd

lxc-init: skip signals that can't be caught

Merge pull request #2338 from brauner/2018-05-17/multi_threaded_logging

log: enable per-thread container name prefix

tools: only create log file when requested

We used to initialize a log unconditionally before. This has led to scenarios
where users where left with container directories and an empty log file even
though they didn't request a log be created at all.
Switch all tools to only create a log file when the user explicitly requests
this.

Closes #1779.
Closes #2032.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2341 from tych0/optionally-execveat

use execveat syscall to exec lxc-init if supported

execute: use execveat() syscall if supported

The execveat allows us to exec stuff via a fd so we don't have to bind mount
stuff in. See the comment about why we're using the syscall directly.

Closes #2339.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>
[christian.brauner@ubuntu.com: adapt error message and whitespace fixes]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-init: skip signals that can't be caught

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2337 from brauner/2018-05-18/cgroup_rework

cgroups: refactor cgroup handling

log: enable per-thread container name prefix

When using the LXC API multi-thread and users initialize a log:

struct lxc_log log;
log.name = "my-log";
lxc_log_init(&log);

all threads will have the same "my-log" prefix even though thy might call
lxc_container_new() in separate threads. There is currently no easy way to
handle per-thread container name prefixes.
To handle this carry a reference to the name of the container in struct
lxc_conf and if no log.name was set, use it by default. This way each thread
will get the container it is currently working on as a log-prefix.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: duguhaotian <duguhaotian@gmail.com>

conf: simplify write_id_mapping()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: #ifdef SCMP_ARCH_AARCH64

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove freezer_state()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: refactor cgroup handling

This replaces the constructor implementation of cgroup handling with a simpler,
thread-safe on-demand model of cgroup driver initialization.
Making the cgroup initialization code run in a constructor means that each time
the shared library gets mapped the cgroup parsing code gets run. That's
unnecessary overhead.
It also feels to me that this is only accidently thread-safe because
constructors are only run once. But should threads actually end up manipulating
or freeing memory that is file-global to cgfsng.c we'd be screwed. Now, I might
be wrong here but the cleaner implementation is to allocate a cgroup driver on
demand whenever we need it.
Take the chance and rework the cgroup_ops interface to make the functions it
wants to have implemented a lot cleaner.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2328 from simos/fix-resource-leak-cid1425802

coverity: #1425802

coverity: #1425802

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

Merge pull request #2324 from simos/fix-resource-leak-cid1248106

Fixed resource leak in is_wlan() at network.c

Merge pull request #2323 from simos/fix-resource-leak-cid1425836

Fixed resource leak in userns_exec_full()

Merge pull request #2332 from brauner/2018-05-16/use_ambient_capabilities

capabilities: raise ambient capabilities

capabilities: raise ambient capabilities

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>

Merge pull request #2319 from brauner/2018-05-13/allow_sys_rw_for_unpriv_containers

config: allow read-write /sys in user namespace

Merge pull request #2327 from brauner/2018-05-15/coverity

coverity

Merge pull request #2329 from simos/fix-resource-leak-cid1425844

coverity: #1425844

config: allow read-write /sys in user namespace

Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425844

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1248106

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1425836

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1435602

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435603

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435604

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2326 from tenforward/japanese

Update Japanese man pages