caps: fix illegal access to array bound

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

Merge pull request #2581 from brauner/2018-09-02/macro

macro: move MS_* macros

macro: move MS_* macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2580 from brauner/2018-09-01/revert_blub_revert

Revert "Revert "tree-wide: use sizeof on static arrays""

Revert "Revert "tree-wide: use sizeof on static arrays""

This reverts commit 2fb7cf0b325d2e34cd6faa2758cbaba6b6c3b99f.

The problem wasn't caused by the reverted commit and was fixed in

commit 0c9b1f826d3 ("macro: calculate buffer lengths correctly")

The full explanation can be taken from the following irc excerpt from
the #lxc-dev channel:

│19:54:47 brauner | there was a bug in one of the standard macros we used
│19:55:01 brauner | and the changes by INTTYPE_TO_STRLEN() caused the issue to surface
│19:55:03 brauner | which is good
│19:55:16 brauner | i sent a branch and stgraber merged it that fixes it
│19:57:56  Blub\0 | so...
│19:58:31  Blub\0 | still doesn't explain how it was the sizeof() patch
│20:07:14 brauner | Blub\0: so here's the long explanation
│20:07:35 brauner | Blub\0: stgraber bumped pid_max on our jenkins test builders
│20:07:53 brauner | Blub\0: because we're running *a lot* of containers
│20:07:56 brauner | in any case
│20:08:06 brauner | there was a buffer
│20:08:12 brauner | LXC_LSMATTRLEN
│20:08:59 brauner | it used to be
│20:09:03 brauner | -/* /proc/pid-to-str/attr/current = (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1) */
│20:09:03 brauner | -#define LXC_LSMATTRLEN (5 + INTTYPE_TO_STRLEN(pid_t) + 7 + 1)
│20:09:14 brauner | which one can see is wrong
│20:09:21 brauner | before the INTTYPE patchset
│20:09:40 brauner | INTTYPE_TO_STRLEN(pid_t) was LXC_NUMSTRLEN64
│20:09:45 brauner | which gave you 21 chars
│20:09:57 brauner | so it accounted for the missing parts
│20:10:03 brauner | because the correct macro should've been
│20:10:17 brauner | +/* /proc/        = 6
│20:10:17 brauner | + *               +
│20:10:17 brauner | + * <pid-as-str>  = INTTYPE_TO_STRLEN(pid_t)
│20:10:17 brauner | + *               +
│20:10:17 brauner | + * /attr/        = 6
│20:10:17 brauner | + *               +
│20:10:17 brauner | + * /current      = 8
│20:10:17 brauner | + *               +
│20:10:17 brauner | + * \0            = 1
│20:10:17 brauner | + */
│20:10:17 brauner | +#define LXC_LSMATTRLEN (6 + INTTYPE_TO_STRLEN(pid_t) + 6 + 8 + 1)
│20:10:24  Blub\0 | still
│20:10:31 brauner | the issue was only seen
│20:10:39 brauner | when the pid number hit a specific maximum
│20:10:50  Blub\0 | the sizeof patch only changed instances of actual char buf[A_FIXED_NUMBER] + snprintf(buf, A_FIXED_NUMBER, ...)
│20:10:54 brauner | aka exceeded the newly shortened buffer
│20:11:42 brauner | your patch was a red herring
│20:12:03  Blub\0 | I guess
│20:12:06 brauner | it didn't cause it
│20:12:14 brauner | it just surfaced at the same time it was merged
│20:12:25  Blub\0 | so we can revert the revert then? :)
│20:12:35 brauner | yes, that was th eplan all along

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2579 from brauner/2018-08-31/int64_t_pids

macro: calculate buffer lengths correctly

macro: calculate buffer lengths correctly

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: assign before converting to pointer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2578 from brauner/2018-08-31/int64_t_pids

commands: pass around intmax_t

commands: pass around intmax_t

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "tree-wide: use sizeof on static arrays"

This reverts commit 81a3bb64b4147ac6da3087cb77ac67828a2f2b76.

This commit broke all builders running with pid_max > 32768.

Reverting for now so we can bring the build farm back online.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2435 from brauner/2018-06-27/storage_managed

[RFC] conf: introduce lxc.rootfs.managed

Merge pull request #2577 from Blub/inttype-lengths

tree-wide: use sizeof on static arrays

tree-wide: use sizeof on static arrays

Instead of duplicating their lengths in read/snprintf/...
calls.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #2572 from brauner/2018-08-24/musl_fixes

build: fix musl + add compiler.h

Merge pull request #2576 from brauner/2018-08-28/command_init_id

commands: always return -1 on lxc_cmd_get_init_pid() err

string_utils: use UINT64_MAX macro

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

caps: move macros to macro header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove duplicate macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Makefile: correctly add ifaddrs to noinst_HEADERS

Before this we only added ifaddrs.h to noinst_HEADERS when we were running on
Android's bionic. That obviously doesn't make sense since it is possible that
ifaddrs.h is not defined and we're also not running on Android's bionic.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: coding style fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: final INTTYPE_TO_STRLEN() related cleanups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

monitor: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lsm: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

caps: s/LXC_NUMSTRLEN64/INTTYPE_TO_STRLEN()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add INTTYPE_TO_STRLEN()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add PTR_TO_INT() and INT_TO_PTR()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: move LXC_CMD_DATA_MAX from commands.h

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add LXC_AUDS_ADDR_LEN

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: ensure -1 is sent on EPIPE for init pid

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Stéphane Graber <stgraber@ubuntu.com>

tests: cleanup Makefile

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: add basic.c

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: return -1 on lxc_cmd_get_init_pid() err

A while back the whole lxc_cmd() infrastructure was changed to return
meaningful negative error codes. But lxc_cmd_get_init_pid() should always
return -1. Make it so!

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Stéphane Graber <stgraber@ubuntu.com>

compiler: add compiler.h header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: reorder header checks

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

build: fix musl

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2574 from brauner/2018-08-26/cgroup_keep

 confile: add lxc.cgroup.keep

cgroups: don't escape if lxc.cgroup.keep is true

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>

confile: add lxc.cgroup.keep

This adds the new lxc.cgroup.keep config key. The key can be used to instruct
LXC to not escape to never escape to the root cgroup. This makes it easy for
users to adhere to restrictions enforced by cgroup2 and systemd. Specifically,
this makes it possible to run LXC containers as systemd services.

Note that cgroup v1 is considered legacy and will not see additional
controllers being added to it. This means that it is safe to use
lxc.cgroup.keep as config key since there is no "keep" controller. The only way
a conflict can be introduced is if the user is creating a named controller. I
think this case can be safely ignored since it is super rare and also the users
problem.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>

start: do not initialize cgroup_ops twice

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2570 from brauner/2018-08-23/fix_privileged_logging

execute: pass /proc/self/fd/<nr>

execute: pass /proc/self/fd/<nr>

Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't
the case when users use lxc.namespace.keep = pid to inherit pid namespaces.
Pass /proc/self/fd/<nr> instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>

Merge pull request #2569 from brauner/2018-08-23/fix_unpriv_execute_logging

execute: skip lxc-init logging when unprivileged

execute: skip lxc-init logging when unprivileged

Unprivileged app containers will not be able to open the passed in
/proc/1/fd/<idx> log path and will thus currently fail completely as soon as
any log level or log file is passed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>

Merge pull request #2568 from brauner/2018-08-22/ifaddrs

include: add safe getifaddrs() version

Makefile: conditionalize ifaddrs.h inclusion

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ifaddrs: add safe implementation of getifaddrs()

The old version was crazy. This replaces it with an internal version based on
musl.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2565 from brauner/2018-08-22/more_fixes

remove last pam_cgfs special-casing

Merge pull request #2567 from stgraber/master

Fix typo

Fix typo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

conf: add missing headers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Makefile: remove last pam_cgfs special-casing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: add remove_trailing_slashes()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: remove unused headers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: remove unnecessary include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

initutils: remove useless comment

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{file,string}_utils: remove NO_LOG

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2564 from brauner/2018-08-22/strerror_r_detection

log: handle strerror_r() versions + autotools: add --{disable,enable}-thread-safety

log: fail build on ENFORCE_THREAD_SAFETY error

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: add --{disable,enable}-thread-safety

Fail the build if --enable-thread-safety is passed and the environment cannot
guarantee thread-safety.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: handle strerror_r() versions

Closes #2563.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2562 from brauner/2018-08-22/check_compiler

autotools: check if compiler is new enough

start: add out_sync_fini cleanup label

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: check if compiler is new enough

We line up with the Linux kernel and won't support any compiler under 4.6.
Additionally, we also require at least gnu99 so this is due anyway.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2554 from brauner/2018-08-21/attach_fixes

attach: bugfixes

Merge pull request #2561 from brauner/2018-08-21/test_pam_cgfs

Makefile: don't allow undefined symbols

Makefile: don't allow undefined symbols

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: move macros from attach.c

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: move struct declaration to top

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: s/rexit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2560 from brauner/2018-08-21/fix_fully_unprivileged_containers

conf: fix devpts mounting when fully unprivileged

Merge pull request #2558 from brauner/2018-08-21/pam_cgfs

pam_cgfs: build from the same sources as liblxc

conf: fix devpts mounting when fully unprivileged

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

pam_cgfs: build from the same sources as liblxc

Closes #2556.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: split into {file,string}_utils.{c,h}

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2559 from ssup2/master

start: Fix net iface remaining issue

start: Fix net iface remaining issue

When creating container that has multiple net ifaces fails
because of wrong net config, lxc doesn't remove previously created
net ifaces.

Solve this issue with changing return path in lxc_spawn().

Signed-off-by: Jungsub Shin jungsub_shin@tmax.co.kr

Merge pull request #2555 from tcharding/clang-format-cmd

cmd: Fix format issues found by clang-format

Merge pull request #2557 from 2xsec/bugfix

list: fix indent

list: fix indent

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

cmd: Fix format issues found by clang-format

clang-format finds a few format issues, lets fix these up.

Fix format issues found by clang-format.

Signed-off-by: Tobin C. Harding <me@tobin.cc>

Merge pull request #2552 from tcharding/cpp-check

cmd: Lint with cppcheck

cmd: Reduce scope of 'count' variable

Variable is used in one plaice only within a nested statement block.
The code is cleaner if the variable is declared near where it is used.
Found using cppcheck.

Reduce the scope of 'count' variable.

Signed-off-by: Tobin C. Harding <me@tobin.cc>

cmd: Do not reassign variable before it is used

cppcheck emits warning

  Variable 'ofd' is reassigned a value before the old one has been used.

We do not need to initialise a variable if it is assigned to on first use.

Signed-off-by: Tobin C. Harding <me@tobin.cc>

Merge pull request #2549 from brauner/2018-08-19/cmd_usernsexec_fixes

cmd: lxc-usernsexec fixes + macro: move declarations + config_utils: macvlan fixes

cmd: use goto for cleanup in lxc-usernsexec

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2550 from 2xsec/bugfix

storage: exit() => _exit()

Merge pull request #2542 from tcharding/signal-fail-2523

tools: Indicate container startup failure

Merge pull request #2553 from Blub/ttydir-path-fixup

conf: fix path/lxcpath mixups in tty setup