Merge pull request #2658 from brauner/2018-09-28/keyctl

utils: add lxc_setup_keyring()

utils: add lxc_setup_keyring()

Allocate a new keyring if we can to prevent information leak.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: fix -Wimplicit-fallthrough check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2657 from ssup2/master

oci-template: Add logic for no /etc/passwd, group

oci-template: Add logic for no /etc/passwd, group

OCI image spec dosen't specify action when there is
no /etc/passwd or /etc/group. So if there is no
/etc/passwd with string user info, set uid to 0. If there
is no /etc/group with string group info, set gid to 0.

Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr

Merge pull request #2656 from brauner/2018-09-28/fix_btrfs_regression

btrfs: fix btrfs containers

btrfs: fix btrfs containers

Closes #2612.
Closes #2655.

Fixes: 9de31d5a1394 ("tree-wide: s/strncpy()/strlcpy()/g")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2629 from ssup2/master

template: oci template supports for char user info

template: oci template supports for char user info

oci template changes character user info to uid, gid
according to OCI image spec.

Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr

Merge pull request #2653 from brauner/2018-09-27/minor_tweaks

cgroups: tweaks

cgroup: make monitor_pattern const

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: log cgroup names for monitor and container

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2643 from brauner/2018-09-23/cgroup_scoping_fixes

cgroups: implement monitor cgroup deletion

Merge pull request #2652 from brauner/lxc/master

tree-wide: fix includes to fix bionic builds

tree-wide: fix includes to fix bionic builds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2649 from brauner/lxc/master

netns_ifaddrs: fix missing include

Merge pull request #2650 from tenforward/japanese

doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)

doc: Add -u and -g args to Japanese lxc-attach(1) and lxc-execute(1)

Update for commit ddd51fd and 0840104

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

netns_ifaddrs: fix missing include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2648 from brauner/2018-09-26/compiler_attributes

compiler: add __hot attribute

Merge pull request #2647 from brauner/2018-09-23/noreturn_android

compiler: fix __noreturn on bionic

compiler: add __hot attribute

This instructs the compiler to better optimize the config parsing code.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: fix __noreturn on bionic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: do not go into infinite loop

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/25/INTTYPE_TO_STRLEN(pid_t)/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: ensure no-reuse in cgfsng_monitor_create()

The same way we need to ensure that no existing cgroups are reused for
the payload in cgfsng_payload_create() we need to ensure that no
existing cgroups are reused for the monitor. Technially this is less of
an issue since there currently is no logic for the monitor to apply
limits to its cgroup but it is still the proper way to do it.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: introduce helper macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add cgfsng_monitor_destroy()

Since we switched to the new cgroup scoping scheme that places the
container payload into lxc.payload/<container-name> and
lxc.monitor/<container-name> deletion becomes slightly more complicated.
The monitor will be able to rm_rf(lxc.payload/<container-name>) but will
not be able to rm_rf(lxc.monitor/<container-name>) since it will be
located in that cgroup and it will thus be populated.
My current solution to this is to create a lxc.pivot cgroup that only
exists so that the monitor process on container stop can pivot into it,
call rm_rf(lxc.monitor/<container-name>) and can then exit. This group
has not function whatsoever apart from this and can thus be shared by
all monitor processes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/cgfsng_destroy/cgfsng_payload_destroy/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2618 from CameronNemo/lxcmountroot

apparmor: account for specified rootfs path (closes #2617)

Merge pull request #2646 from brauner/2018-09-24/cgroup_tweaks

cgfsng: set errno to ENOENT on get_hierarchy()

cgfsng: set errno to ENOENT on get_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: tweak documentation a little

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2645 from stgraber/master

stop: Only freeze if freezer is available

stop: Only freeze if freezer is available

Closes #2644

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2640 from brauner/2018-09-23/netns_getifaddrs

network: add netns_getifaddrs() implementation

autotools: fix lxc_user_nic build

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

netns_ifaddrs: mark casts as safe

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree_wide: switch to netns_getifaddrs()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: add netns_getifaddrs() implementation

This commit introduces my concept of a network namespace aware
getifaddrs(), i.e. netns_getifaddrs(). This presupposes a kernel that
carries my IF{L}A_TARGET_NETNSID patches:

struct netns_ifaddrs {
        struct netns_ifaddrs *ifa_next;

        /* Can - but shouldn't be - NULL. */
        char *ifa_name;

        /* This field is not present struct ifaddrs. */
        int ifa_ifindex;

        unsigned ifa_flags;

        /* This field is not present struct ifaddrs. */
        int ifa_mtu;

        /* This field is not present struct ifaddrs. */
        int ifa_prefixlen;

        struct sockaddr *ifa_addr;
        struct sockaddr *ifa_netmask;
        union {
                struct sockaddr *ifu_broadaddr;
                struct sockaddr *ifu_dstaddr;
        } ifa_ifu;

        /* If you don't know what this is for don't touch it. */
        void *ifa_data;
};

which is a superset of struct ifaddrs. It contains additional
information such as the mtu, ifindex of the interface and the prefix
length of the address.
Note that the field ordering is different. So don't get any ideas of
using memcpy() to copy from an old struct ifaddrs into a struct
netns_ifaddrs.

int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, bool *netnsid_aware)

takes a network namespace identifier as argument which identifies the
target network namespace.
If successfull, i.e. netns_getifaddrs() returns 0, callers should check
the bool *netnsid_aware return argument. If it is true then
RTM_GET{ADDR,LINK} requests are fully netnsid aware. If it is false then
they are not and the information returned in struct netns_ifaddrs does
*not* contain correct information about the target network namespace
identified by netnsid.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2639 from brauner/2018-09-23/compiler_based_hardening

compiler: compiler based hardening

Merge pull request #2642 from brauner/2018-09-23/android

compiler: __attribute__((noreturn)) on bionic

autotools: support -Wstrict-prototypes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: support -Wcast-align

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: __attribute__((noreturn)) on bionic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2637 from brauner/2018-09-22/bugfixes

macro: add STRLITERALLEN() and STRARRAYLEN()

Merge pull request #2641 from brauner/2018-09-23/cgroup_scoping_fixes

cgfsng: copy parent's cpu settings for monitor too

cgfsng: copy parent's cpu settings for monitor too

Closes https://github.com/lxc/lxd/issues/5060.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: replace sizeof() with SIZEOF2STRLEN()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add STRLITERALLEN() and STRARRAYLEN()

sizeof() implementation for string literals and string arrays that makes
it behave like strlen() for strings.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/__cgfsng_ops__/__cgfsng_ops/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: s/__noreturn__/__noreturn/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: s/__fallthrough__/__fallthrough/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2636 from brauner/2018-09-21/fix_implicit_fallthrough

autotools: fix check for -Wimplicit-fallthrough

Merge pull request #2627 from 2xsec/bugfix

conf: realpath() uses null as second parameter to prevent buffer overflow

autotools: fix wrong AX_CHECK_COMPILE_FLAG test

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2606 from brauner/2018-09-09/cgroup_escape

cgroups: scoping for cgroup v2

cgfsng: add missing __cgfsng_ops__ attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: adapt cgroup tests to new layout

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_monitor_enter()

brauner@wittgenstein|~
> sudo systemctl status lxc@c1
● lxc@c1.service - LXC Container: c1
   Loaded: loaded (/lib/systemd/system/lxc@.service; disabled; vendor preset: enabled)
   Active: active (running) since Tue 2018-09-11 10:42:22 CEST; 38s ago
     Docs: man:lxc-start
           man:lxc
  Process: 29855 ExecStart=/usr/bin/lxc-start -n c1 -p /run/lxc/c1.pid (code=exited, status=0/SUCCESS)
    Tasks: 18 (limit: 4915)
   Memory: 32.1M
   CGroup: /system.slice/system-lxc.slice/lxc@c1.service
           ├─lxc.monitor
           │ └─c1
           │   └─29870 [lxc monitor] /var/lib/lxc c1
           └─lxc.payload
             └─c1
               ├─init.scope
               │ └─29878 /sbin/init
               └─system.slice
                 ├─console-getty.service
                 │ └─30028 /sbin/agetty -o -p -- \u --noclear --keep-baud console 115200,38400,9600 linux
                 ├─cron.service
                 │ └─30019 /usr/sbin/cron -f
                 ├─dbus.service
                 │ └─30020 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation --syslog-only
                 ├─networkd-dispatcher.service
                 │ └─30016 /usr/bin/python3 /usr/bin/networkd-dispatcher --run-startup-triggers
                 ├─rsyslog.service
                 │ └─30017 /usr/sbin/rsyslogd -n
                 ├─system-container\x2dgetty.slice
                 │ ├─container-getty@0.service
                 │ │ └─30027 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/0 115200,38400,9600 vt220
                 │ ├─container-getty@1.service
                 │ │ └─30030 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/1 115200,38400,9600 vt220
                 │ ├─container-getty@2.service
                 │ │ └─30026 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/2 115200,38400,9600 vt220
                 │ └─container-getty@3.service
                 │   └─30029 /sbin/agetty -o -p -- \u --noclear --keep-baud pts/3 115200,38400,9600 vt220
                 ├─systemd-journald.service
                 │ └─29976 /lib/systemd/systemd-journald
                 ├─systemd-logind.service
                 │ └─30018 /lib/systemd/systemd-logind
                 ├─systemd-networkd.service
                 │ └─29996 /lib/systemd/systemd-networkd
                 ├─systemd-resolved.service
                 │ └─30014 /lib/systemd/systemd-resolved
                 └─systemd-udevd.service
                   └─29986 /lib/systemd/systemd-udevd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add monitor_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add monitor_full_path member

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add monitor_cgroup member

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/base_cgroup/container_base_path/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add missing string.h include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: s/fullcgpath/container_full_path/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: switch to lxc.payload as default pattern

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup: rename container specific cgroup functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2635 from brauner/2018-09-21/Wimplicit-fallthrough

autotools: add -Wimplicit-fallthrough

Merge pull request #2630 from brauner/2018-09-20/remove_locking

api_extensions: introduce lxc_has_api_extension()

autotools: add -Wimplicit-fallthrough

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api_extensions: introduce lxc_has_api_extension()

This is modeled after LXD's API extension checks. This allows API users
to query the given LXC instance whether a given API extension is
supported.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2633 from brauner/2018-09-21/cgfsng_ops_attribute

cgfsng: mark ops with __cgfsng_ops__ attribute

Merge pull request #2634 from brauner/2018-09-21/cgroup_relative

confile: s/lxc.cgroup.keep/lxc.cgroup.relative/g

Merge pull request #2607 from brauner/2018-09-11/sysfs_mixed

conf: remove extra MS_BIND with sysfs:mixed

cgfsng: mark ops with __cgfsng_ops__ attribute

Helps to easily tell the cgfsng ops functions from helpers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: s/lxc.cgroup.keep/lxc.cgroup.relative/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2608 from brauner/2018-09-11/netns_get_nsid

network: add lxc_netns_get_nsid()

Merge pull request #2631 from brauner/2018-09-20/rename_backgrounded

start: s/backgrounded/daemonize/g

start: s/backgrounded/daemonize/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: realpath() uses null as second parameter to prevent buffer overflow

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

apparmor: account for specified rootfs path (closes #2617)

Signed-off-by: Cameron Nemo <camerontnorman@gmail.com>

Merge pull request #2626 from brauner/2018-09-20/remove_locking

lxccontainer: remove cgroup locking

lxccontainer: remove locks from get_cgroup_item()

The on-disk config file is not altered and the in-memory config isn't
altered so no need for locking.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: remove locks from set_cgroup_item()

The on-disk config file is not altered and the in-memory config isn't
altered so no need for locking.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2624 from 2xsec/bugfix

af_unix: add function to remove duplicated codes for set sockaddr

af_unix: add function to remove duplicated codes for set sockaddr

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2622 from brauner/2018-09-19/attach_exit_status

attach: report standard shell exit codes

attach: report standard shell exit codes

POSIX mandates that on ENOEXEC 126 and on ENOENT 127 is supposed to be
reported.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2621 from 2xsec/bugfix

security: fix too wide or inconsistent non-owner permissions

security: fix too wide or inconsistent non-owner permissions

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2619 from smibarber/attach-shutdown

attach: don't shutdown ipc socket in child

attach: don't shutdown ipc socket in child

shutdown() affects sockets even across forked processes. The
attached child process doesn't have any interest in using the
IPC socket, so just close it in the child process and let the
intermediate process handle shutting it down.

This fixes a bug seen with lxc exec in crbug.com/884244

Signed-off-by: Stephen Barber <smbarber@chromium.org>

Merge pull request #2611 from 2xsec/bugfix

add compile flags for dlog

log: add additional info of dlog

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

log: add common functions

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

add compile flags for dlog

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

network: minor tweaks

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>