pam: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lsm: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: fix indent

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

log: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cmd: s/MAXPATHLEN/PATH_MAX/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add PATH_MAX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

parse: report errors when failing config parsing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

parse: remove access() check

We can just fail on open() and not waste an additional syscall.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2672 from 2xsec/bugfix

remove unused argument

Merge pull request #2673 from Blub/2018-10-06/cgfsng-alloc-cleanup

cgfsng: use realloc instead of malloc+copy+free

cgfsng: use realloc instead of malloc+copy+free

Signed-off-by: Wolfgang Bumiller <w.bumiller@errno.eu>

tools: lxc-unshare: remove unnecessary initialization

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

tools: lxc-start: remove unused argument

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2671 from brauner/2018-10-03/syscall_wrappers

syscalls: move wrappers and raw syscalls to appropriate files

Merge pull request #2670 from brauner/2018-10-03/cgfsng_fix_race

cgfsng: close tiny race window

raw_syscalls: move lxc_raw_gettid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: move signalfd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: move unshare()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: move sethostname()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: move setns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: move memfd_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: handle v1 cpuset hierarchy first

If the value of cgroup.clone_children in our immediate ancestor cgroup
is 0 then the cpuset of any cgroups we create in subtrees will be empty
and hence we'll copy an empty cpuset at which point we cannot enter the
cpuset cgroup.
Avoid this problem by initializing cgroup.clone_children to 1 an copying
the initialized cpuset of our immediate ancestor. Note, that the cpuset
of our immediate ancestor must be initialized and ours as well otherwise
we couldn't be located in this cgroup.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "Revert "cgfsng: avoid tiny race window""

This reverts commit c5e7a7acbf23f0c267179b3318af41423b39493a.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "cgfsng: avoid tiny race window"

This reverts commit 17e55991744576bca20e370a6d829da99c3fc801.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2669 from brauner/2018-10-02/bugfixes

utils: fix lxc_set_death_signal()

utils: fix lxc_set_death_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2668 from brauner/2018-10-02/cgroups_monitor_fixes

cgfsng: do not reuse another monitor's cgroup

cgfsng: avoid tiny race window

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: do not reuse another monitor's cgroup

Otherwise we will create a race.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2667 from brauner/2018-10-02/prefault_mmaped_config_file

parse: prefault config file with MAP_POPULATE

parse: prefault config file with MAP_POPULATE

When we call lxc_file_for_each_line_mmap() we will always parse the
whole config file. Prefault it in case it is really long to optimize
performance.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2666 from 2xsec/bugfix

cgroups: remove unnecessary line

netns_iaddrs: remove unused functions

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

cgroups: remove unnecessary line

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2664 from brauner/2018-09-30/syscall_wrappers

syscalls: add wrappers and explicit raw syscalls

Merge pull request #2665 from brauner/2018-09-30/netns_ifaddrs

netns_ifaddrs: only use struct rtnl_link_stats64

netns_ifaddrs: only use struct rtnl_link_stats64

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add missing build dependencies

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: fix lxc-usernsexec build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: fix lxc-user-nic build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: fix lxc-monitord build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: fix lxc init build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

raw_syscalls: add lxc_raw_getpid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

raw_syscalls: add lxc_raw_clone{_cb}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2663 from brauner/2018-09-30/netns_ifaddrs

netns_ifaddrs: handle IFLA_STATS{64} correctly

raw_syscalls: add lxc_raw_execveat()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: add pivot_root()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

netns_ifaddrs: handle IFLA_STATS{64} correctly

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2661 from brauner/2018-09-28/relro_bind_now

autotools: support -z relro and -z now

autotools: support -z relro and -z now

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2658 from brauner/2018-09-28/keyctl

utils: add lxc_setup_keyring()

utils: add lxc_setup_keyring()

Allocate a new keyring if we can to prevent information leak.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: fix -Wimplicit-fallthrough check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2657 from ssup2/master

oci-template: Add logic for no /etc/passwd, group

oci-template: Add logic for no /etc/passwd, group

OCI image spec dosen't specify action when there is
no /etc/passwd or /etc/group. So if there is no
/etc/passwd with string user info, set uid to 0. If there
is no /etc/group with string group info, set gid to 0.

Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr

Merge pull request #2656 from brauner/2018-09-28/fix_btrfs_regression

btrfs: fix btrfs containers

btrfs: fix btrfs containers

Closes #2612.
Closes #2655.

Fixes: 9de31d5a1394 ("tree-wide: s/strncpy()/strlcpy()/g")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2629 from ssup2/master

template: oci template supports for char user info

template: oci template supports for char user info

oci template changes character user info to uid, gid
according to OCI image spec.

Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr

Merge pull request #2653 from brauner/2018-09-27/minor_tweaks

cgroups: tweaks

cgroup: make monitor_pattern const

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: log cgroup names for monitor and container

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2643 from brauner/2018-09-23/cgroup_scoping_fixes

cgroups: implement monitor cgroup deletion

Merge pull request #2652 from brauner/lxc/master

tree-wide: fix includes to fix bionic builds

tree-wide: fix includes to fix bionic builds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2649 from brauner/lxc/master

netns_ifaddrs: fix missing include

Merge pull request #2650 from tenforward/japanese

doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)

doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)

Update for commit ddd51fd and 0840104

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

netns_ifaddrs: fix missing include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2648 from brauner/2018-09-26/compiler_attributes

compiler: add __hot attribute

Merge pull request #2647 from brauner/2018-09-23/noreturn_android

compiler: fix __noreturn on bionic

compiler: add __hot attribute

This instructs the compiler to better optimize the config parsing code.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: fix __noreturn on bionic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: do not go into infinite loop

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: ensure no-reuse in cgfsng_monitor_create()

The same way we need to ensure that no existing cgroups are reused for
the payload in cgfsng_payload_create() we need to ensure that no
existing cgroups are reused for the monitor. Technially this is less of
an issue since there currently is no logic for the monitor to apply
limits to its cgroup but it is still the proper way to do it.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: introduce helper macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add cgfsng_monitor_destroy()

Since we switched to the new cgroup scoping scheme that places the
container payload into lxc.payload/<container-name> and
lxc.monitor/<container-name> deletion becomes slightly more complicated.
The monitor will be able to rm_rf(lxc.payload/<container-name>) but will
not be able to rm_rf(lxc.monitor/<container-name>) since it will be
located in that cgroup and it will thus be populated.
My current solution to this is to create a lxc.pivot cgroup that only
exists so that the monitor process on container stop can pivot into it,
call rm_rf(lxc.monitor/<container-name>) and can then exit. This group
has not function whatsoever apart from this and can thus be shared by
all monitor processes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2618 from CameronNemo/lxcmountroot

apparmor: account for specified rootfs path (closes #2617)

Merge pull request #2646 from brauner/2018-09-24/cgroup_tweaks

cgfsng: set errno to ENOENT on get_hierarchy()

cgfsng: set errno to ENOENT on get_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: tweak documentation a little

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2645 from stgraber/master

stop: Only freeze if freezer is available

stop: Only freeze if freezer is available

Closes #2644

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2640 from brauner/2018-09-23/netns_getifaddrs

network: add netns_getifaddrs() implementation

autotools: fix lxc_user_nic build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

netns_ifaddrs: mark casts as safe

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree_wide: switch to netns_getifaddrs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: add netns_getifaddrs() implementation

This commit introduces my concept of a network namespace aware
getifaddrs(), i.e. netns_getifaddrs(). This presupposes a kernel that
carries my IF{L}A_TARGET_NETNSID patches:

struct netns_ifaddrs {
        struct netns_ifaddrs *ifa_next;

        /* Can - but shouldn't be - NULL. */
        char *ifa_name;

        /* This field is not present struct ifaddrs. */
        int ifa_ifindex;

        unsigned ifa_flags;

        /* This field is not present struct ifaddrs. */
        int ifa_mtu;

        /* This field is not present struct ifaddrs. */
        int ifa_prefixlen;

        struct sockaddr *ifa_addr;
        struct sockaddr *ifa_netmask;
        union {
                struct sockaddr *ifu_broadaddr;
                struct sockaddr *ifu_dstaddr;
        } ifa_ifu;

        /* If you don't know what this is for don't touch it. */
        void *ifa_data;
};

which is a superset of struct ifaddrs. It contains additional
information such as the mtu, ifindex of the interface and the prefix
length of the address.
Note that the field ordering is different. So don't get any ideas of
using memcpy() to copy from an old struct ifaddrs into a struct
netns_ifaddrs.

int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, bool *netnsid_aware)

takes a network namespace identifier as argument which identifies the
target network namespace.
If successfull, i.e. netns_getifaddrs() returns 0, callers should check
the bool *netnsid_aware return argument. If it is true then
RTM_GET{ADDR,LINK} requests are fully netnsid aware. If it is false then
they are not and the information returned in struct netns_ifaddrs does
*not* contain correct information about the target network namespace
identified by netnsid.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening

compiler: compiler based hardening

Merge pull request #2642 from brauner/2018-09-23/android

compiler: __attribute__((noreturn)) on bionic

autotools: support -Wstrict-prototypes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: support -Wcast-align

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: __attribute__((noreturn)) on bionic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>