tests: add tests for supported architectures

Ensure that we detect all supported architectures and don't regress
recognizing them.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: re-add aarch64 architecture

Apparenty we dropped this when we cleaned up architecture handling.

Fixes: #3832
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3831 from sjuxax/zfs-fix

Skip rootfs pinning for ZFS roots.

Reflow ZFS check to follow the style of the overlayfs return.

Per https://github.com/lxc/lxc/pull/3831#discussion_r628865713

Signed-off-by: Jeff Cook <jeff@jeffcook.io>

Skip rootfs pinning for ZFS roots.

Signed-off-by: Jeff Cook <jeff@jeffcook.io>

Merge pull request #3829 from brauner/2021-05-07.fixes

doc: document new idmap= option for lxc.rootfs.options

doc: document new idmap= option for lxc.rootfs.options

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3827 from brauner/2021-05-06.cap_setfcap

conf: handle kernels with CAP_SETFCAP

conf: handle kernels with CAP_SETFCAP

LXC is being very clever and sometimes maps the caller's uid into the
child userns. This means that the caller can technically write fscaps
that are valid in the ancestor userns (which can be a security issue in
some scenarios) so newer kernels require CAP_SETFCAP to do this. Until
newuidmap/newgidmap are updated to account for this simply write the
mapping directly in this case.

Cc: stable-4.0
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3825 from brauner/2021-05-04.fixes

lxc.arch fixes

attach: introduce explicit personality macro

Introduce LXC_ATTACH_DETECT_PERSONALITY to make it explicit what is
happening instead of using -1.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: add personality_t

Catch errors in personality handling better.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach_options: unbreak header

In a moment of idioticity I switch -1 with 0xffffffff in the header
definition but we use -1 to autodetect.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: rework lxc_config_parse_arch()

Fix architecture parsing. So far we couldn't really differ between "want
default architecture" and "failed to parse requested architecture"
because the -1 return value means both. Fix this by using the return
value only to indicate success or failure and return the parsed
personality in a return argument.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: tweak setup_personality()

Use the dedicated LXC_ARCH_UNCHANGED macro everywhere instead of relying
on -1 being correct.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: make personality codepaths unconditional

Now that we have the infra to make personality handling unconitional
remove the ifndefs everywhere.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscalls: wrap personality syscall if undefined

There's no need to making personality handling conditional as it has
been around for such a long time that only weird systems wouldn't have
support for it. And especially if the user requested a specific
personality to be set but the system doesn't support the personality
syscall we should loudly fail instead of moving on.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: log at debug not info level when receiving file descriptors

Don't spam the logs because we do receive a lot of file descriptors.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: make per_name struct static

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3823 from evverx/gcc-11-workaround

string_utils: get around GCC-11 false positives

Merge pull request #3824 from evverx/sanitizers-follow-ups

github: remove the dh-* packages

string_utils: get around GCC-11 false positives

by getting rid of stpncpy

Tested with gcc (GCC) 11.1.1 20210428 (Red Hat 11.1.1-1)

Closes https://github.com/lxc/lxc/issues/3752

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

github: also pass the j option to make

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

github: remove the dh-* packages

We don't build any packages there so it seems we don't need
those packages any more. Apart from that, it should make the
script work on Ubuntu Hirsute where dh-systemd was merged into
debhelper and is no longer available.

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

Merge pull request #3819 from dev-aaront-org/console-mode-messages

conf: fix console chmod error log messages

Merge pull request #3822 from stgraber/master

github: Run apt-get update in sanitizer test

Merge pull request #3820 from brauner/2021-05-03.lxc_monitord.log

lxc_monitord: remove monitord log

github: Run apt-get update in sanitizer test

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc_monitord: remove monitord log

The tool is effectively unused with current master so removing the log
should be ok by now. Let's remove the log to avoid issues such as #3747.

Fixes #3747
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3818 from evverx/disable-logs-on-oss-fuzz

oss-fuzz: always turn off logging on OSS-Fuzz

conf: fix console chmod error log messages

Signed-off-by: Aaron Thompson <dev@aaront.org>

Merge pull request #3817 from brauner/2021-04-30.fixes

cgroups: fix fallback attach codepath

cgroups: fix fallback attach codepath

When we attach to an old server the server can return ENOSYS instead of
ENOCGROUP2 which causes LXC to abort the attach unnecessary. Fix this!

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3816 from brauner/2021-04-30/fixes

storage: fix dup_cloexec() call

oss-fuzz: always turn off logging on OSS-Fuzz

Apparently /proc/self/cmd can't be used (reliably) on OSS-Fuzz to figure out
whether the code is run inside the fuzz targets, which causes the
fuzz targets to fill the filesystem with log files.

Related: https://github.com/google/oss-fuzz/issues/5509
Should address https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33835

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

storage: fix dup_cloexec() call

Fixes: Coverity 1477399
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3814 from brauner/2021-04-28.fixes

api-extensions: add entry for idmapped_mounts

api-extensions: add entry for idmapped_mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3812 from brauner/2021-04-28.fixes

storage/dir: cleanup mount code

Merge pull request #3802 from evverx/build-system-fuzzers

oss-fuzz: switch to --enable-fuzzers

storage/dir: cleanup mount code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: remove error handling down

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: source can't be empty

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: use "source" and "target" as terms

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: retrieve proper source path later

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: use clear error messages

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage/dir: bdev->dest can't be empty

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

dir: use mnt_opts->data instead of mntdata

Fixes: https://launchpadlibrarian.net/535845165/buildlog_ubuntu-focal-s390x.lxc_1%3A4.0.6+master~20210427-2321-0ubuntu1~focal_BUILDING.txt.gz
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3811 from brauner/2021-04-25.idmapped_mounts.rootfs

rootfs rework

build-system: turn off lto=thin when building the fuzzers

With lto=thin the fuzzers fail as soon as they start with
```
ERROR: The size of coverage PC tables does not match the
number of instrumented PCs. This might be a compiler bug,
please contact the libFuzzer developers.
Also check https://bugs.llvm.org/show_bug.cgi?id=34636
for possible workarounds (tl;dr: don't use the old GNU ld)
```

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

tests: run the fuzzers along with the other tests

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

log: create log files in "fuzzing" mode if it's called outside fuzz targets

to make it possible to run the fuzzers along with the other tests

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

ci: switch to --enable-fuzzers

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

build-system: add --enable-fuzzers

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>

conf: improve idmapped mounts support

Setting up a detached idmapped mount is a privileged operation, mounting
it doesn't have to be.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/lxc_rootfs_prepare/lxc_rootfs_init/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: move all mount options into struct lxc_mount_options

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: stash lxc_storage into lxc_rootfs and bind to its lifetime

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3810 from brauner/2021-04-24.fixes

configure: fix function detection

configure: fix function detection

Fixes: #3809
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3808 from brauner/2021-04-23.fixes

dir: fix rootfs mounting

dir: fix rootfs mounting

We need to be able to lookup symlinks and allow xdev.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3807 from evverx/seccom-leak

seccomp: init and destroy notifier.cookie

Merge pull request #3805 from brauner/2021-04-22.fixes.3

mntopt fixes

conf: don't overrun dest buffer in parse_lxc_mntopts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: better naming

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3804 from brauner/2021-04-22.fixes.2

getsubopt: use correct include

getsubopt: use correct include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3803 from brauner/2021-04-22.fixes

include fixes for Bionic

Makefile: fix strchrnul() inclusion

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: include strchrnul for platforms that don't support it

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

strchrnul: include header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3709 from brauner/2021-03-17/idmapped_mounts_v2

Initial support for idmapped mounts

conf: don't allow idmapped lxc.mount.{entry,fstab} just yet

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: tweak parse_lxc_mntopts()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

apparmor:  handle on-exec

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use correct lxc_namespace_t type

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: visually separate pids from fds during initalization

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: verify that the rootfs can support idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: documented idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add two detached mount helpers

They'll come in handy in the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: support idmapping directories

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add helper to determine whether new mount api supports bind mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: keep a reference to lxc_rootfs in lxc_storage

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mount_utils: add support for mount_setattr() syscall

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: parse idmap=<path> mount option for rootfs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: add first, trivial support for idmapped mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: rework lxc specific mount option parsing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3801 from evverx/san-tweaks

ci: make use of --enable-sanitizers instead of CFLAGS

Merge pull request #3800 from evverx/gh3796

Revert "ci: get around https://github.com/lxc/lxc/issues/3796"

Merge pull request #3787 from evverx/san-build

ci: an attempt to run the tests under ASan/UBsan

Merge pull request #3799 from evverx/apparmor-bytes

apparmor: turn bytes into null-terminated strings before calling strcspn

Merge pull request #3790 from brauner/2021-04-15.fixes

lxc_clone & configure fix

commands: don't needlessly allocate

Fixes: #3796
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3797 from evverx/pass-on-asan

tests: pass on ASAN/UBSAN options to several tests

process_utils: free stack after return

Fixes: #3789
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: fix sanitizer compilation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

error_utils: add missing macro.h include

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3794 from evverx/gh3791

tests: stop cutting off right square brackets in share_ns

Merge pull request #3793 from evverx/busybox-test

tests: switch to the "busybox" template in lxc-test-checkpoint-restore