Merge pull request #3464 from brauner/2020-06-19/clone_into_cgroup

lxc: support CLONE_INTO_CGROUP

lxc: support CLONE_INTO_CGROUP

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3463 from brauner/2020-06-26/fixes

confile: handle overflow in lxc.time.offset.{boot,monotonic}

Merge pull request #3462 from tenforward/japanese

Update Japanese lxc.container.conf(5)

start: preserve time namespace

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: handle overflow in lxc.time.offset.{boot,monotonic}

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: Add lxc.time.offset.* to Japanese lxc.container.conf(5)

and fix a type in English man page.
Update for commit 7fb5a8dfd2dcacd840921fcecdaad34cefad7a68

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Add veth vlan bridge options to Japanese lxc.container.conf(5)

Update for commit a789ca4c24190f903d80b077b3cae766e932b2ad

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #3461 from brauner/2020-06-25/time_namespace

time namespace support

doc: add lxc.time.offset.{boot,monotonic}

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api: add time_namespace extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc: add time namespace support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3460 from brauner/2020-06-25/fixes

commands: don't flood logs

commands: don't flood logs

We're ignoring commands that we don't know about. They used to be fatal. Not
anymore.

Closes: #3459.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3458 from stgraber/master

lxc-net: Set broadcast

lxc-net: Set broadcast

Closes #3457

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #3456 from brauner/2020-06-23/lxc_stop_fixes

lxccontainer: fix non-blocking container stop

lxccontainer: fix non-blocking container stop

Stopping a lxc container with without waiting on it was broken in master. This
patch fixes it.

Signed-off-by: Robert Vogelgesang <vogel@folz.de>

Merge pull request #3454 from brauner/master

tree-wide: variable naming update

test: update terminology

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: update terminology

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

CODING_STYLE: adapt code example

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

openpty: adapt variable naming

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3453 from stgraber/master

network: Rename primary to master

network: Rename primary to master

The previous change made things confusing by impliying there may be a
secondary when VLAN/IPVLAN/bridge members can only have a single parent
device.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Revert "nl: fix memory leak"

This reverts commit 9d05339487f4e9c4e7f700f963c161a4d9977ae4.

This causes a double-free as the variable is already using __do_free.

Closes #3452

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tree-wide: use "primary" in networking code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: wipe references to questionable apis from our public logs

We can't do anything about the established kernel API but we can at least not
propagate the terminology.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: use "ptmx" and "pts" as terminal terms

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3449 from gaurav1086/nl_fix_mem_leak

nl: fix memory leak

Merge pull request #3450 from gaurav1086/containertests_fix_null_ptr_deref

containertests: fix null pointer defereference

containertests: fix null pointer defereference

Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>

nl: fix memory leak

Signed-off-by: Gaurav Singh <gaurav1086@gmail.com>

Merge pull request #3446 from brauner/2020-06-10/fixes_2

conf: kill old chown_mapped_root()

lxccontainer: remove pointless string duplication

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: kill old chown_mapped_root()

It's now a wrapper around userns_exec_mapped_root() which allows us to avoid
fork() + exec() lxc-usernsexec makes things way nicer to test with ASAN etc.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: add some more logging to userns_exec_mapped_root()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: always use target_fd in userns_exec_mapped_root()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove faulty flags

If we set O_RDWR we won't be able to open directories and if we set O_PATH we
won't be able to chown.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3444 from brauner/2020-06-10/fixes

cgroups: initialize lxc.pivot cpuset

cgroups: initialize lxc.pivot cpuset

Closes: #3443.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3442 from tomponline/tp-veth-vlan-coverity

Coverity fixes for veth vlan

network: Adds calls to free_ovs_veth_vlan_args in setup_veth_ovs_bridge_vlan

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Fix int type in log message

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Adds free_ovs_veth_vlan_args and allows trunks field to be freed

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Removes unused ip_proxy_args

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Fix coverity issue, dont initialise string pointers in setup_veth_ovs_bridge_vlan

This is needed by lxc_ovs_setup_bridge_vlan_exec.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Fix coverity issue, leaking data in lxc_ovs_setup_bridge_vlan_exec

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile: Fix coverity issue, missing return in get_config_net_veth_vlan_tagged_id

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Merge pull request #3439 from tomponline/tp-nic-veth-vlan-ovs

NIC: Veth OVS bridge VLAN support

network: Updates instantiate_veth to support OVS VLAN setup

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Adds OVS VLAN setup functions

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Updates netlink_open handling in lxc_ipvlan_create

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

doc: Adds documentation for veth vlan bridge options

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Updates instantiate_veth to set bridge vlan settings

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Adds bridge vlan management functions

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

tests: Adds test for lxc.net.0.veth.vlan.tagged.id config key

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

tests: Adds test for bridge vlan "none" value

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

tests: Adds test for lxc.net.0.veth.vlan.id config key

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile/utils: Adds freeing of priv.veth_attr.vlan_tagged_ids

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile/utils: Adds veth vlan tagged ID tracing to lxc_log_configured_netdevs

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile/utils: Adds veth mode and vlan ID tracing to lxc_log_configured_netdevs

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile: Adds validation for lxc.net.veth.vlan.tagged.id

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

confile: Adds validation for lxc.net.veth.vlan.id

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Adds veth vlan_id, vlan_id_set and vlan_tagged_ids

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

macro: Adds BRIDGE_VLAN_ID_MAX constant

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

macro: Adds constant for BRIDGE_VLAN_NONE mode

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

macro: Adds bridge VLAN constants

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

api/extensions: Adds network_bridge_vlan API extension

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Adds check for bridge link interface existence in instantiate_veth

To avoid misleading errors about openvswitch when non-existent bridge link interface specified.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

macro: Adds UINT_TO_PTR and PTR_TO_USHORT helpers

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Merge pull request #3434 from tomponline/tp-copying

.gitignore: Ignores COPYING file created by make

.gitignore: Ignores COPYING file created by make

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Merge pull request #3432 from smoser/fix/lxc-usernsexec-test-do-create-user

lxc-test-usernsexec: If user is root, then create and use non-root user.

lxc-test-usernsexec: If user is root, then create and use non-root user.

Previously if the user was root, then the test would just skip
running (and exit 0).  The lxc test environment is run as root.
So, instead of never doing anything there, we create a user,
make sure it is in /etc/sub{ug}id and then execute the test as that
user.

If user is already non-root, then just execute the tests as before.

Signed-off-by: Scott Moser <smoser@brickies.net>

Merge pull request #3428 from smoser/test/add-usernsexec-test

Add test of lxc-usernsexec

Add test of lxc-usernsexec

The test executes lxc-usernsexec to create some files and chmod them.
Then makes assertions on the uid and gid of those files from outside.

Signed-off-by: Scott Moser <smoser@brickies.net>

Merge pull request #3424 from brauner/2020-05-25/fixes

api_extensions: add "pidfd"

api_extensions: add "pidfd"

Somehow it's documented but wasn't ever added.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

travis: Restrict coverity to gcc on bionic on amd64

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #3422 from brauner/2020-05-20/usernsexec_fixes

lxc-usernsexec: improvements

lxc-usernsexec: don't fail on setgroups()

We can fail to setgroups() when "deny" has been set which we need to set when
we are a fully unprivileged user.

Closes: 3420.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-usernsexec: dumb down from error to warning message

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3419 from brauner/2020-05-19/network_phys_fixes

network: use __instantiate_ns_common() in instantiate_ns_phys() too

network: use __instantiate_ns_common() in instantiate_ns_phys() too

Fixes: https://lists.linuxcontainers.org/pipermail/lxc-users/2020-May/015245.html
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3418 from brauner/2020-05-18/android_fixes

bionic: s/lxc_raw_execveat()/execveat()/g

bionic: s/lxc_raw_execveat()/execveat()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3417 from brauner/2020-05-15/fixes

network: fix {mac,ip,v}lan device creation

network: fix {mac,ip,v}lan device creation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3415 from brauner/2020-05-15/fixes

network: restore old behavior

network: restore old behavior

I introduced a regression: when users didn't specify a specific name via
lxc.net.<idx>.name then the device would retain the random name it received
when we created it. Before we would use the "eth%d" syntax to get the kernel to
assign a fixed name. Restore that behavior.

Closes: #3407.
Fixes: 8bf64b77ac8a ("network: rework network device creation")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3412 from brauner/2020-05-15/clone3

clone3: add infrastructure and switch container creation to it

Merge pull request #3414 from Blub/get-cgroup-path-compat

improve LXC_CMD_GET_CGROUP compatibility

improve LXC_CMD_GET_CGROUP compatibility

When a newer lxc library communicates with an older one
(such as running an lxc 4.0 lxc-freeze on a longer running
container which was started while lxc was still at version
3), the LXC_CMD_GET_LIMITING_CGROUP command is not
available, causing the remote to just close the socket.
Catch this and try the previous command instead.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

cgroups: be less alarming when creating cgroups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

process_utils: make lxc use clone3() whenever possible

No more weird api quirks between architectures and cool new features.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3413 from Blub/dont-busy-loop-on-freeze

Don't busy loop on freeze with cgroupv2

cgfsng: use EPOLLPRI when polling cgroup.events

EPOLLIN will always be true and therefore end up
busy-looping

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

cgfsng: deduplicate freeze code

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

mainloop: add lxc_mainloop_add_handler_events

in order to be able to listen for EPOLLPRI

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>