cgroups/cgfsng: rework cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{get,set}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_get_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_num_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/__unused/__lxc_unused/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: don't dereference NULL-pointer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: log chown_cgroup_wrapper()

It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup2 unprivileged delegation

We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: remove unused compiler attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: replace closing helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: add __unused attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{log, macro}: remove unused logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: rework return values of some functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup2_devices: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: replace logging helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add ret_errno()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: rearrange

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup2: rework controller delegation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

"busy" field set to -1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

"busy" field set to 1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Init "busy" field to -1 as 0 is valid fd

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

config: Fix parsing of mount options

When parsing mount options e.g. from lxc.mount.entry the specified
options are mapped to the flags constants. To do so, the strings
are compared to the options contained in mount_opt. However,
when comparing the strings, the length of the string is not
checked. That entails that the option "rootcontext=selinux-context"
is mapped to the mount option read-only (ro). This commit fixes
this issue by checking if a '=' is contained in the specified option
and additionally comparing the length of the strings.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: improve container cgroup attaching

The current attach.c codepath which handles moving the attaching process into
the container's cgroups allocates a whole new struct cgroup_ops and goes
through the trouble of reparsing the whole cgroup layout.
That's costly and wasteful. My plan has always been to move this into the
command api by getting fds for attaching back but but it's not worth going
through that hazzle for non-unified hosts. On pure unified hosts however -
being the future - we can just attach through a single fd so there's no need to
allocate and setup struct cgroup_ops.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc: switch to SPDX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: use logging return helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "cgroups/freezer: fix and improve cgroup2 freezer implementation"

This reverts commit ecaf0c7bfc1baee74ff38dbdbc65bf4bec2361d4. I somehow
accidently did a double-backport.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: rework cgroup2 attach

On pure unified systemd we can use a single file descriptor to interact with
the cgroup filesystem. Add a method to retrieve it and as a start use it in our
unified attach codepath.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: do not log error when bpf device feature is not available

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

freezer: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/freezer: fix and improve cgroup2 freezer implementation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix memory leak for set config rootfs options

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

tree-wide: fix wrong copy-paste for licenses

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/freezer: fix and improve cgroup2 freezer implementation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add DEFAULT_MOUNTPOINT #define

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove monitor_signal_pdeath codepath

This causes compilation failures due to a bad cherry-pick.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: use dedicated enums

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: introduce ebpf device cgroup global rule types

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: handle NULL

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: enable -Wunused-but-set-variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: implement cgroup2 device controller live update

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: record cgroup2 devices in parsed format

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: "atomically" replace bpf device programs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: remove unused macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add cgroup2 device controller support

Add a bpf-based device controller implementation.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: return attach fail if container stopped

Signed-off-by: LiFeng <lifeng68@huawei.com>

fix wrong order of bridge/nic in error message

Signed-off-by: Balázs Póka <poka@idata.hu>

Typo in a comment

"above" was used instead of "below"

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

tests: use /dev/loop-control instead of /dev/network_latency

BugLink: https://bugs.launchpad.net/bugs/1848587
The latter device has been removed apparently.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure.ac: fix build on toolchain without SSP

Commit 3b5a0eebd4d2efdaa03c6fb11950abfcf081fab8 reverted
3aa7271157d3c815a4426c1f8eaea2f3b6dafa6a resulting in lxc being unable
to be built on toolchain without SSP support

Fixes:
 - http://autobuild.buildroot.org/results/57945f54ffbc5c8764b6891a4516c4907e56ab97

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Update cgroup.h

Fixed the documentation to say that cgroupv2 uses a unified hierarchy
Signed-off-by: Aaditya Murthy <amurthy123@utexas.edu>

terminal: prevent returning invalid pointer

Closes: https://github.com/lxc/lxd/issues/6408
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: make lxc_terminal_signal_fini() static

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-usernsexec: support easily mapping own uid

Signed-off-by: Serge Hallyn <shallyn@cisco.com>

tests: add tests making sure the exit code is appropriate.

lxc2 broke this feature for lxc-execute, and lxc3 broke it for
lxc-attach. This adds a test making sure we don't do the same mistake
a third time.

Signed-off-by: Florian Margaine <florian@platform.sh>

terminal: return NULL on error in terminal_signal_init

Callers expect a NULL on error, and with PR #3171 marking
the pointer as __do_free, we now return a pointer to freed
memory here otherwise.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

terminal: prevent memory leak for lxc_terminal_state

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

syscall_wrappers: rename internal memfd_create to memfd_create_lxc

In case the internal memfd_create has to be used, make sure we don't
clash with the already existing memfd_create function from glibc.

This can happen if this glibc function is a stub. In this case, at
./configure time, the test for this function will return false, however
the declaration of that function is still available. This leads to
compilation errors.

Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>

lxc/tools/lxc/destroy: Restores error message on container destroy

Partially reverts 65b92ea5fcab559fd21be2685bd2f15ef6d33532 so that trying to destroy a non-existent container gives an error message.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Update lxc.containers.conf(5) in Japanese

Update for commit 767bd70

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Bad sgml/man translation

When calling "man lxc.container.conf", an internal "man" keyword is displayed :

$ man lxc.container.conf
[...]
lxc.mount.entry
              Specify a mount point corresponding to a line in the fstab format.  Moreover lxc supports mount  propagation,  such  as
              rslave  or  rprivate, and adds three additional mount options.  optional don't fail if mount does not work.  create=dir
              or create=file to create dir (or file) when the point will be mounted.  relative source path is taken to be relative to
              the mounted container root. For instance,

dev/null proc/kcore none bind,relative 0 0
              .fi     <-----------------------------------UNEXPECTED KEYWORD !!!!

The problem seems to come from the missing blanks before "dev/null proc/kcore none bind,relative 0 0"

Moreover, for homogeneity purposes, it is better to use the "programlisting" tag used in the rest of the text instead of  "screen".

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Add more info about lxc.start.order in Japanese man

Update for commit 0684250

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

lxc-destroy: send successful output messages to log info instead of error.

Signed-off-by: Caio B. Silva <caioboffo@gmail.com>

doc: Add more info about 'lxc.start.order'

Signed-off-by: Lukas Jelinek <lukas.jelinek@nic.cz>

update obsolete functions

Signed-off-by: Caio B. Silva <caioboffo@gmail.com>

start: handle setting pdeath signal in new pidns

In the usual case the child runs in a separate pid namespace. So far we haven't
been able to reliably set the pdeath signal. When we set the pdeath signal we
need to verify that we haven't lost a race whereby we have been orphaned and
though we have set a pdeath signal it won't help us since, well, the parent is
dead.
We were able to correctly handle this case when we were in the same pidns since
getppid() will return a valid pid. When we are in a separate pidns 0 will be
returned since the parent doesn't exist in our pidns.
A while back, while Jann and I were discussing other things he came up with a
nifty idea: simply pass an fd for the parent's status file and check the
"State:" field. This is the implementation of that idea.

Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: pidfds obviously start - like any fd - at 0

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fix lxc-update-config in network.address

Signed-off-by: Alban VIDAL <zordhak@debian.org>

allow users to configure the option --enable-feature or --with-package, if an option is given run shell commands action-if-given

Signed-off-by: Caio B. Silva <caioboffo@gmail.com>

Set minimun autoconf version to 2.69 and change obsolete function AC_HELP_STRING for AS_HELP_STRING

Signed-off-by: Caio B. Silva <caioboffo@gmail.com>

doc: Add Japanese pam_cgfs(8) man page

* translate pam_cgfs(8)
* support --{enable,disable}-{commands,tools} in doc/ja

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: add man page for pam_cgfs

Signed-off-by: Venkata Harshavardhan Reddy Allu <venkataharshavardhan_ven@srmuniv.edu.in>

Ensures OpenSSL compatibility with older versions of EVP API.

Signed-off-by: Caio B. Silva <caioboffo@gmail.com>

utils: Copying source filename to avoid missing info.

Some applications use information from LOOP_GET_STATUS64. The file
associated with loop device is pointed inside structure field
`lo_file_name`. The current code is setting up a loop device without
this information. A legacy example of code checking this is cryptsetup:

    static char *_ioctl_backing_file(const char *loop)
    {
        struct loop_info64 lo64 = {0};
        int loop_fd;

        loop_fd = open(loop, O_RDONLY);
        if (loop_fd < 0)
            return NULL;

        if (ioctl(loop_fd, LOOP_GET_STATUS64, &lo64) < 0) {
            close(loop_fd);
            return NULL;
        }

        lo64.lo_file_name[LO_NAME_SIZE-2] = '*';
        lo64.lo_file_name[LO_NAME_SIZE-1] = 0;

        close(loop_fd);
        return strdup((char*)lo64.lo_file_name);
    }

It will return an empty string because lo_file_name was not set.

Signed-off-by: Julio Faracco <jcfaracco@gmail.com>

cgroups: unify cgfsng_{un}freeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: initialize cgroup root directory - encore

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: check for empty cgroups on freeze/unfreeze

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: initialize cgroup root directory

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

[aa-profile] Deny access to /proc/acpi/**

Signed-off-by: Pierre-Elliott Bécue <becue@crans.org>