commands: cleanup macros lxc_cmd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: use __do_close_prot_errno

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: introduce steal_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros in lxc_cmd_console()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: move declaration into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-usernsexec: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-user-nic: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-init: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_utils: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: move variable into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: do not log false friends

The netlink functions just return -1 and not specific negative errno values so
logging them doesn't make any sense.

Fixes: https://discuss.linuxcontainers.org/t/warning-in-the-container-log/4072/2
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: do not log devpts umount2() failure

We're not acting based on the return value so don't log anything.

Fixes: https://discuss.linuxcontainers.org/t/warning-in-the-container-log/4072/2
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

apparmor: Improve testing on apparmor python script

Compare command output to already existing container-rules file

Signed-off-by: Hervé Beraud <hberaud@redhat.com>

apparmor: catch config file opening error

Improve config file error opening management
and improve main code block.

Execute this python script during CI to avoid
regressions

Signed-off-by: Hervé Beraud <hberaud@redhat.com>

string_utils.h: fix wrong licensing

liblxc has always been meant to be LGPLv2.1+ as reflected by the many
downstreams projects and bindings which are themselves under LGPLv2.1+ or other
licenses which would be incompatible with linking against a GPLv2+ library.

It's pretty normal for a library to be LGPL while binaries are GPL as a GPL
library would only ever be usable by other GPL-only projects, which isn't the
case for very many of the liblxc downstreams.

The issue here is really carelessness. None of those GPL headers were put there
intentionally, instead being wrongly copy/pasted from other parts of the
codebase which is indeed intended to be GPLv2+. This is also made clear in our
CONTRIBUTING file in this repository:

Licensing for new files:
------------------------

LXC is made of files shipped under a few different licenses.

Anything that ends up being part of the LXC library needs to be released
under LGPLv2.1+ or a license compatible with it (though the latter will
only be accepted for cases where the code originated elsewhere and was
imported into LXC).

Language bindings for the libraries need to be released under LGPLv2.1+.

Anything else (non-libraries) needs to be Free Software and needs to be
allowed to link with LGPLv2.1+ code (if needed). LXC upstream prefers
LGPLv2.1+ or GPLv2 for those.

When introducing a new file into the project, please make sure it has a
copyright header making clear under which license it's being released
and if it doesn't match the criteria described above, please explain
your decision on the lxc-devel mailing-list when submitting your patch.

This is intended to switch over files to LGPLv2.1+ to which end we have
collected ACKs from relevant people.
/* Affected People */
Christian Brauner <christian.brauner@ubuntu.com>
Fabrice Fontaine <fontaine.fabrice@gmail.com>
Josh Soref <jsoref@gmail.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Acked-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Acked-by: Josh Soref <jsoref@gmail.com>

syscall_wrappers: fix wrong licensing

/* Affected People */
Christian Brauner <christian.brauner@ubuntu.com>
Aleksa Sarai <cyphar@cyphar.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ringbuf.h: fix wrong licensing

/* Affected People */
Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: fix wrong licensing

/* Affected People */
Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

parse: handle \r

Closes #2838.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coccinelle: use standard exit identifiers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coccinelle: s/while({1,true})/for(;;)/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coccinelle: add coccinelle support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-init: exit with error on wait failure

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: prevent signed-issues

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: remove unnecessary check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove unnecessary check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

README: add LGTM

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-unshare: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

overlay: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rbd: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

nbd: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lvm: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

loop: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

pam_cgfs: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

namespace: remove stack allocations

Switch to a static stack instead of allocating a new one. There's really
no point in doing all of the dance to get the current pagesize.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

monitor: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc_user_nic: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcmntent: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wnested-externs hardening

Warn if an extern declaration is encountered within a function.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wdate-time hardening

Warn when macros __TIME__, __DATE__ or __TIMESTAMP__ are encountered as
they might prevent bit-wise-identical reproducible compilations.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=shift-overflow=2 hardening

Warn about left shift overflows. This warning is enabled by default in
C99 and C++11 modes (and newer).

-Wshift-overflow=2
This warning level also warns about left-shifting 1 into the sign bit,
unless C++14 mode (or newer) is active.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=shift-count-overflow hardening

Warn if shift count >= width of type.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: fix -fstack-protector-strong

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -fdiagnostics-show-option

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=overflow hardening

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wendif-labels hardening

Do not warn whenever an #else or an #endif are followed by text.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wshadow hardening

Warn whenever a local variable or type declaration shadows another
variable, parameter, type, class member (in C++), or instance variable
(in Objective-C) or whenever a built-in function is shadowed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: set -Wimplicit-fallthrough to 5

-Wimplicit-fallthrough=5 doesn’t recognize any comments as fallthrough
comments, only attributes disable the warning.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wformat=2 hardening

Enable -Wformat plus additional format checks. Currently equivalent to
-Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=incompatible-pointer-types

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=return-type hardening

Warn whenever a function is defined with a return type that defaults to
int. Also warn about any return statement with no return value in a
function whose return type is not void (falling off the end of the
function body is considered returning without a value).

For C only, warn about a return statement with an expression in a
function whose return type is void, unless the expression type is also
void. As a GNU extension, the latter case is accepted without a warning
unless -Wpedantic is used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wsuggest-attribute=noreturn hardening

Warn about functions that might be candidates for attributes pure, const
or noreturn or malloc.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wfloat-equal hardening

Warn if floating-point values are used in equality comparisons.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Winit-self hardening

Warn about uninitialized variables that are initialized with themselves.
Note this option can only be used with the -Wuninitialized option.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wold-style-definition hardening

Warn if an old-style function definition is used. A warning is given
even if there is a previous prototype.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wmissing-include-dirs hardening

Warn if a user-supplied include directory does not exist.

This already surfaced a bug that is fixed by this commit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wlogical-op hardening

Warn about suspicious uses of logical operators in expressions.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fix rpm packaging for bash completion directory.

Closed #1825

Signed-off-by: tomponline <tomp@tomp.uk>

More accurate error msg for template file

When calling lxc-create, if the template exists but is not executable, we end with the following error messages which make believe that the template file does not exist when it is merely a execute access problem:

lxc-create: ctn00: utils.c: get_template_path: 918 No such file or directory - bad template: /.../lxc-busybox
lxc-create: ctn00: lxccontainer.c: do_lxcapi_create: 1786 Unknown template "/.../lxc-busybox"
lxc-create: ctn00: tools/lxc_create.c: main: 327 Failed to create container ctn00

Actually internally the errno is lost as the following code triggers a useless access to (strace output):

access("/.../lxc-busybox", X_OK) = -1 ENOENT (No such file or directory)

With the above fix, we get a more explicit error message when the template file is missing the "execute" bit:

lxc-create: bbc: utils.c: get_template_path: 917 Permission denied - Bad template pathname: /tmp/azerty
lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/azerty"
lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc

With the above fix, we get a more explicit error message when the pathname of the template file is incorrect:

lxc-create: bbc: utils.c: get_template_path: 917 No such file or directory - Bad template pathname: /tmp/qwerty
lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/qwerty"
lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

prlimit: remove deprecated and unneeded header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: remove deprecated and unneeded header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

/etc/resolv.conf grows indefinitely

This file grows indefinitely : upon each DHCP lease renew,
the "nameserver ..dns..." line is added at the end of the file.
Make a "grep" in the file to make sure that the same line
does not already exist.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Create /var/run

Some programs like "who" need this directory
to work (this permits the of /var/run/utmp file).

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Use BUSYBOX_EXE variable in configure_busybox()

As "which busybox" is stored in BUSYBOX_EXE
global variable at startup, use it wherever it is
needed.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

conf: check for successful mount entry parse

Since liblxc is completely in control of the mount entry file we should
only consider a parse successful when EOF is reached.

Closes #2798.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Installation of default.script for udhcpc

The busybox template installs default.script in /usr/share/udhcpc/.
But the pathname of "default.script" may vary from one busybox
build to another. As the pathname is displayed in udhcpc's help,
grab it from it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Avoid risk of "too far memory read"

As we call "lxc_add_state_client(fd, handler, (lxc_state_t *)req->data)"
which supposes that the last parameter is a table of MAX_STATE
entries when calling memcpy():
memcpy(newclient->states, states, sizeof(newclient->states))

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Handle alternative loop device location on Android

Signed-off-by: ondra <ondrak@localhost.localdomain>

Fixing hooks functionality Android where 'sh' is placed under /system/bin

Signed-off-by: ondra <ondrak@localhost.localdomain>

Fix memory leak in cgroup_exit

Add free memory pointed by struct cgroup_ops *ops

Signed-off-by: LiFeng <lifeng68@huawei.com>

conf.c: fix memory leak and mount error

1. cleanup namespace memory
2. fix bug when ro mount not setted, mount propagation will be skipped.

Signed-off-by: t00416110 <tanyifeng1@huawei.com>

Revert "conf: remove extra MS_BIND with sysfs:mixed"

This reverts commit 51a922baf724689ff3a0df938ca8975601c9c815.

The above commit confuses the mountall unit of privileged
Ubuntu 14.04 containers at startup so that they cannot
finish booting.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

network: prefix veth interface name with uid info

Signed-off-by: Hajo Noerenberg <hajo-github@noerenberg.de>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: handle missing CLONE_NEWCGROUP

If cgroup namespaces are not supported we should just record it in the
log and move on.

Cc: Ondrej Kubik <ondrej.kubik@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fixing compile error when compiling for android

Signed-off-by: Ondrej Kubik <ondrej.kubik@canonical.com>

fix: unprivileged veth devices (e.g. vethFWABHX) never contain 'Z' character in the randomly generated device name part because for modulo one does not need to substract 1 from strlen().

Signed-off-by: Hajo Noerenberg <hajo-github@noerenberg.de>

lxccontainer: fix container copy

We need to strip the prefix from the container's source path before
trying to update the file.

Closes #2380.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "Set c to NULL after freeing it"

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>

conf: use SYSERROR on lxc_write_to_file errors

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Set c to NULL after freeing it

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>

terminal: remove sigwinch command

SIGWINCH is handled in lxc_terminal_signalfd_cb().

I cannot for the life of me figure out what this is supposed to do.
Afaict, it scans a global list that is totally unnecessary and also
let's say you have 100 ttys and for a single one SIGWINCH is sent. In
that case the whole list is walked and two ioctl()s are performed: one
to get window size one to set window size. For 99 of them the window
size hasn't changed.
If we see issues we can revert!

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: add newline to lxc-cgroup output

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fix lxc-cgroup not giving output

lxc-cgroup fails to provide any output since the latest version, this
should fix it

Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>

storage: remove unused function

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure.ac: fix build without stack-protector

Compiler based hardening (including -fstack-protector-strong) are
enabled since version 3.0.3 and
https://github.com/lxc/lxc/commit/2268c27754152aa538db2c9e3753d72d19bcd17a

However, some compilers could missed the needed library (-lssp or
-lssp_nonshared) at linking step so use ax_check_link_flag instead of
ax_check_compile_flag

Fixes:
 - http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

stringutils: include stdarg for va_list

Fixes:
 - http://autobuild.buildroot.org/results/0b90e7dca2984652842832a41abad93ac49a9b86

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Add template-options to help output

Copied from the [manpage](https://github.com/lxc/lxc/blob/9e42c1e3f102be48be9014e1ecbacc2a57446e20/doc/lxc-create.sgml.in#L175).

Signed-off-by: Adam Kasztenny <adamkasztenny@gmail.com>