lxccontainer: use thread-safe open() + write()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_freeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_is_running()

There's no need to do string comparisons.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: use thread-safe *_OFD_* locks

If they aren't available fallback to BSD flock()s.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1426734

Argument cannot be negative

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435198

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435200

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435203

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435205

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435206

Time of check time of use

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435207

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435208

Unused value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435210

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2279 from kunkku/create-umask

do_lxcapi_create: set umask

Merge pull request #2293 from pkun/master

Fix tool_utils.c build when HAVE_SETNS is unset

Fix tool_utils.c build when HAVE_SETNS is unset

Add inline setns() function to tool_utils.h. Without it
tool_utils.c can't be build when HAVE_SETNS is unset.

Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>

Merge pull request #2289 from lifeng68/Fix_mem_leak_list_active_containers

Fix memory leak in list_active_containers

Fix memory leak in list_active_containers

Signed-off-by: LiFeng <lifeng68@huawei.com>

Fix the memory leak in cgfsng_attach

Signed-off-by: LiFeng <lifeng68@huawei.com>

Merge pull request #2288 from lifeng68/Fix_mem_leak_cgfsng_attach

Fix the memory leak in cgfsng_attach

Merge pull request #2287 from thyth/master

Also pass action scripts to CRIU on checkpointing

Also pass action scripts to CRIU on checkpointing

Signed-off-by: Daniel Selifonov <ds@thyth.com>

Merge pull request #2284 from 3XX0/pamcgfs-ignore-umask

pam-cgfs: ignore the system umask when creating the cgroup hierarchy

pam-cgfs: ignore the system umask when creating the cgroup hierarchy

Fixes: #2277
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

Merge pull request #2285 from tpetazzoni/offsetof-stddef-fix

lxc/tools/lxc_monitor: include missing <stddef.h>

lxc/tools/lxc_monitor: include missing <stddef.h>

lxc_monitor.c uses offsetof(), so it should include
<stddef.h>. Otherwise the build fails with the musl C library:

tools/lxc_monitor.c: In function ‘lxc_abstract_unix_connect’:
tools/lxc_monitor.c:324:9: warning: implicit declaration of function ‘offsetof’ [-Wimplicit-function-declaration]
         offsetof(struct sockaddr_un, sun_path) + len + 1);
         ^~~~~~~~
tools/lxc_monitor.c:324:18: error: expected expression before ‘struct’
         offsetof(struct sockaddr_un, sun_path) + len + 1);
                  ^~~~~~

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Merge pull request #2283 from flx42/lxc-oci-mkdir-download-directory

lxc-oci: mkdir the download directory

lxc-oci: mkdir the download directory

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Merge pull request #2281 from brauner/2018-04-15/seccomp_fixes

seccomp: handle arch inversion - The Architecture Strikes Back

seccomp: handle arch inversion II

LXC generates and loads the seccomp-bpf filter in the host/container which
spawn the new container. In other words, userspace N is responsible for
generating and loading the seccomp-bpf filter which restricts userspace N + 1.
Assume 64bit kernel and 32bit userspace running a 64bit container. In this case
the 32-bit x86 userspace is used to create a seccomp-bpf filter for a 64-bit
userspace. Unless one explicitly adds the 64-bit ABI to the libseccomp filter,
or adjusts the default behavior for "BAD_ARCH", *all* 64-bit x86 syscalls will
be blocked.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Paul Moore <paul@paul-moore.com>

seccomp: non-functional changes

Rename "compat_ctx" to "contexts" and "compat_arch" to "architectures".

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: document -d/--daemonize for lxc-execute

Closes #2280.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: improve logging

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: cleanup compat architecture handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

do_lxcapi_create: set umask

Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.

Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Merge pull request #2275 from brauner/2018-04-13/improve_seccomp

seccomp: handle all errors

seccomp: handle all errors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2274 from brauner/2018-04-13/fix_seccomp_with_personality_and_64bit_kernel_32_bit_userspace

seccomp: handle arch inversion

seccomp: handle arch inversion

This commit deals with different kernel and userspace layouts and nesting. Here
are three examples:
1. 64bit kernel and 64bit userspace running 32bit containers
2. 64bit kernel and 32bit userspace running 64bit containers
3. 64bit kernel and 64bit userspace running 32bit containers running 64bit containers
Two things to lookout for:
1. The compat arch that is detected might have already been present in the main
   context. So check that it actually hasn't been and only then add it.
2. The contexts don't need merging if the architectures are the same and also can't be.
With these changes I can run all crazy/weird combinations with proper seccomp
isolation.

Closes #654.

Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366
Reported-by: Chirantan Ekbote <chirantan@chromium.org>
Reported-by: Sonny Rao <sonnyrao@chromium.org>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2273 from aither64/master

conf: fix net type checks in run_script_argv()

conf: fix net type checks in run_script_argv()

Signed-off-by: Jakub Skokan <jakub.skokan@havefun.cz>

Merge pull request #2272 from brauner/2018-04-12/bugfixes

conf: ret-try devpts mount without gid=5 on error

execute: fix app containers without root mapping

When starting application containers without a mapping for container root are
started, a dummy bind-mount target for lxc-init needs to be created. This will
not always work directly under "/" when e.g. permissions are missing due to the
ownership and/or mode of "/". We can try to work around this by using the
P_tmpdir as defined in POSIX which should usually land us in /tmp where
basically everyone can create files.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: ret-try devpts mount without gid=5 on error

We should always default to mounting devpts with gid=5 but we should fallback
to mounting without gid=5. This let's us cover use-cases such as container
started with only a single mapping e.g.:

lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1

Closes #2257.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2270 from brauner/2018-04-11/attach_try_dropping_supplementary_groups

attach: try to always drop supplementary groups

Merge pull request #2259 from gjaekel/patch-1

rootfs pinning: On NFS, make file hidden but don't delete it

attach: try to always drop supplementary groups

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2266 from brauner/2018-04-09/attach_drop_suppl_groups

attach: always drop supplementary groups

utils: define __NR_setns if missing on old glibcs

Closes #2248.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2267 from brauner/QbitLogic-master

Mergeable branch for C0deAi fixes

lxc init: coding style

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools/utils: free memory on error

Closes #2262.

Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/rsync: free memory on error

Closes #2262.

Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc init: remove dead code

Value stored is never read.

Closes #2262.

Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: always drop supplementary groups

Closes #1704.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2263 from ffontaine/master

Fix compilation with static libcap and shared gnutls

Fix compilation with static libcap and shared gnutls

Commit c06ed219c47098f34485d408410b6ecc94a40877 has broken
compilation with a static libcap and a shared gnutls.
This results in a build failure on init_lxc_static if gnutls is
a shared library as init_lxc_static is built with -all-static option
(see src/lxc/Makefile.am) and AC_CHECK_LIB adds gnutls to LIBS.

This commit fix the issue by removing default behavior of AC_CHECK_LIB
and handling manually GNUTLS_LIBS and HAVE_LIBGNUTLS

Fixes:
 - http://autobuild.buildroot.net/results/b655d6853c25a195df28d91512b3ffb6c654fc90

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Merge pull request #2261 from brauner/2018-04-06/thmo_patch_1

Fix temp file creation

ringbuf: fix temporary file creation

lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
template to contain 'XXXXXX' and be writable.

Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix temporary file creation

lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
template to contain 'XXXXXX' and be writable.

Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rootfs pinning: On NFS, make file hidden but don't delete it

On NFS, avoid random names of the root pin file due to "NFS silly renaming" but use a fixed hidden name instead.

Merge pull request #2258 from tych0/fix-signal-sending-to-lxc-init

fix signal sending in lxc.init

fix signal sending in lxc.init

The problem here is that these two clauses were ordered backwards: we first
check if the signal came from not the init pid, and if it did, then we give
a notice and return. The comment notes that this is intended to protect
against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
because that's tested in the next hunk.

The symptom is that if I e.g. send SIGTERM from the outside world to the
container init, it ignores it and gives this notice. If we re-order these
clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
things that aren't the real container process.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Merge pull request #2256 from tenforward/japanese

doc: Tweak Japanese translation in lxc.container.conf(5)

doc: Tweak Japanese translation in lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge branch 'FengtuWang-make_rslave' into lxc/master

conf: ensure umounts don't propagate to host

Signed-off-by: Fengtu Wang <wangfengtu@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2247 from brauner/2018-03-31/expand_lxc_environment

confile: expand lxc.environment

confile: expand lxc.environment

When a bare environment variable is specified then retrieve the value from the
current environment. For example, setting

lxc.environment = PATH

will cause LXC to inherit the value of PATH from the current environment.

Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2244 from brauner/2018-03-29/fixup

bugfixes

locktests: fix test suite

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: use thread-safe *_OFD_* fcntl() locks

If they aren't available fallback to BSD flock()s.

Closes #2245.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2246 from flx42/lxc-oci-cmd-parsing-and-umoci

lxc-oci: cmd parsing and less verbose umoci

lxc-oci: make umoci less verbose

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

lxc-oci: fix Cmd/Entrypoint parsing

Don't use the -r option of jq, since it will strip the double quotes.

Fixes: #2195
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

storage: fix lvm fs uuid generation

Closes #2241.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix unitialized variable

Closes #2242.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Release LXC 3.0.0

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2239 from brauner/2018-03-27/fixup_action_script

Allow passing action scripts to CRIU

Allow passing action scripts to CRIU

Closes #2236.

Signed-off-by: Eytan Heidingsfeld <eytanh@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2238 from stgraber/master

configure.ac: Support redhatenterpriseserver

configure.ac: Support redhatenterpriseserver

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Release LXC 3.0.0.beta4

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2237 from brauner/2018-03-26/always_make_dumpable

start: always make us dumpable

start: always make us dumpable

Otherwise lxc.hook.mount hooks that try to inspect /proc/<pid>/*
will fail.

Cc: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2235 from brauner/2018-03-25/simplify_autodev

conf: simplify autodev

conf: simplify lxc_fill_autodev()

This function was way more syscall heavy than it needed to be.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2232 from flx42/dhclient-hook-apparmor

hooks: fix dhclient hook when an AppArmor profile is active

Release LXC 3.0.0.beta3

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2233 from brauner/2018-03-23/truncate_config_file

lxccontainer: truncate config file

lxccontainer: truncate config file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2231 from stgraber/master

pam: Fix missing symbols in module

hooks: fix dhclient hook when an AppArmor profile is active

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

pam: Fix missing symbols in module

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2229 from fliiiix/lxc_net_improvements

Rename ifup/down and remove usless parameter passing

Merge pull request #2230 from tych0/drop-log-whitespace

remove leading whitespace from log files