Merge pull request #4488 from sgalgano/fix-4476

Avoid null pointer dereference when using shared rootfs

Avoid null pointer dereference when using shared rootfs.
rootfs->storage not set by lxc_storage_prepare when using a shared
rootfs.

Fixes: https://github.com/lxc/lxc/issues/4476
Signed-off-by: Steven Galgano <sgalgano@adjacentlink.com>

Merge pull request #4487 from hallyn/kurt-cb/lxc

create_run_template: don't use txtuid and txtguid out of scope

create_run_template: don't use txtuid and txtguid out of scope

It's ok that we don't free the malloc()d space since we're
immediately exec()ing.

Originally-by: Kurt Godwin <kgodwin@itron.com>
Reported-by: Kurt Godwin <kgodwin@itron.com>
Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4482 from hallyn/2024-09-16/static

meson.build: add -ffat-lto-objects

Merge pull request #4483 from ariel-miculas/support_puzzlefs

Add suppport for PuzzleFS images in the oci template

Add suppport for PuzzleFS images in the oci template

PuzzleFS images (media type 'application/vnd.puzzlefs.image.rootfs.v1')
can be mounted in a similar way to squashfs images, we just have to
detect the type and reuse the existing code for providing a mount
helper. PuzzleFS is a next-generation container filesystem [1] with
several benefits, such as  reduced duplication, reproducible image
builds, direct mounting support and memory safety guarantees.

Since PuzzleFS currently doesn't provide an image config, also add
support for empty image configs, they are supported by the OCI spec [2].

The MOUNT_HELPER is now passed a `--persist <upperdir>` flag, so it
knows that it needs to create an overlay. This is needed because LXC
expects a writable rootfs and both atomfs and puzzlefs are read-only
filesystems.

Example:
```
$ sudo env PATH=$PATH build/src/lxc/tools/lxc-create --name mycontainer -t \
oci -- --url oci:/$HOME/.local/share/puzzlefs/pfs_ubuntu:eg --no-cache

$ sudo build/src/lxc/tools/lxc-start --name mycontainer --foreground /bin/bash
```

--no-cache is needed for puzzlefs until [3] is solved

[1] https://github.com/project-machine/puzzlefs
[2] https://github.com/opencontainers/image-spec/blob/main/manifest.md#image-manifest
[3] https://github.com/project-machine/puzzlefs/issues/131

Signed-off-by: Ariel Miculas-Trif <amiculas@cisco.com>

meson.build: drop suggest-attribute=noreturn build option

The suggest-attribute=noreturn option marks functions which will
never return, to give the compiler some hints.  It catches all of
our src/lxc/tools/*.c *_main functions as follows:

error: function might be candidate for attribute ‘noreturn’ [-Werror=suggest-attribute=noreturn]

But if we mark those __noreturn, then  the compiler complains that:

../src/lxc/tools/lxc_attach.c:320:53: warning: ‘main’ specifies less restrictive attribute than its target ‘lxc_attach_main’: ‘noreturn’ [-Wmissi
ng-attributes]
  320 | int __attribute__((weak, alias("lxc_attach_main"))) main(int argc, char *argv[]);

This recommendation is really not very important, so let's not ask
the build to warn about it.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

meson.build: add -ffat-lto-objects

Otherwise, if we generate a static library, lintian warns that
it has no code sections.  See

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977596

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4481 from yuncang123/main

fix possible clang compile error on AARCH

fix possible clang compile error in AARCH

Signed-off-by: yuncang123 <135211779+yuncang123@users.noreply.github.com>

Merge pull request #4475 from stgraber/main

README: Update security contact

README: Update security contact

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4472 from stgraber/main

doc: Fix definitions of get_config_path and set_config_path

doc: Fix definitions of get_config_path and set_config_path

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4462 from Jip-Hop/list-exit-code

Exit 0 when there's no error

Exit 0 when there's no error

Signed-off-by: Jip de Beer <2871973+Jip-Hop@users.noreply.github.com>

Merge pull request #4463 from stgraber/main

Reduce logging for newuidmap/newgidmap

idmap: Lower logging level of newXidmap tools to INFO

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Remove unused function

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4459 from mihalicyn/lxc_nixos_build_fix2

meson: fix build with -Dtools-multicall=true on NixOS

meson: fix build with -Dtools-multicall=true on NixOS

See also:
https://github.com/lxc/lxc/pull/4428

Fixes: #4427
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4453 from mihalicyn/update_githubci_ubuntu24

Update GitHub Actions to use Ubuntu 24.04

github: exclude clang & ubuntu-24.04 combination

Temporary workaround for:
https://bugs.launchpad.net/ubuntu/+source/llvm-toolchain-18/+bug/2064187

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/storage/zfs: ignore false-positive use-after-free warning

free(dataset) is perfecly valid after failed realloc(dataset, len) call.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

github: properly check apparmor profile changes

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

github: start using ubuntu-24.04

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4456 from mihalicyn/apparmor_syntax_fix_fixup

AppArmor fixup

apparmor: regenerate rules

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

apparmor: use /{,**} instead of /**

It turned out, that old (and incorrect) rule:
mount options=(rw,make-slave) -> **,

is NOT equivalent to:
mount options=(rw,make-slave) -> /**,

Let's use:
mount options=(rw,make-slave) -> /{,**},

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4452 from mihalicyn/apparmor_prof_syntax_fix

Apparmor profiles syntax fixes

apparmor: regenerate rules

Follow the instruction from config/apparmor/README:

./lxc-generate-aa-rules.py container-rules.base > container-rules
cat abstractions/container-base.in container-rules > abstractions/container-base

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

apparmor: fix rule path pattern specification syntax

See also:
https://bugs.launchpad.net/lxc/+bug/2064144
https://github.com/lxc/incus/pull/889/commits/d2c13e3f6312f08750981a80a510530e881c4ec7

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4450 from jacobmcnamee/fix-local-template

lxc-local: fix broken templates processing

lxc-local: remove check for template existence before extraction

This check always fails because template files do not exist until the
rootfs is unpacked. File existence is already confirmed before replacing
variables

Signed-off-by: Jacob McNamee <jacob@jacobmcnamee.com>

lxc-local: fix incorrect path to `templates` file

Signed-off-by: Jacob McNamee <jacob@jacobmcnamee.com>

lxc-local: fix use of `LXC_PATH` before init

Signed-off-by: Jacob McNamee <jacob@jacobmcnamee.com>

Merge pull request #4446 from tenforward/japanese

Update lxc-{attach,execute}.sgml.in

Update lxc-execute.sgml.in

Update for a7aa297

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Update lxc-{attach,execute}.sgml.in

Update for 52bf34d and a7aa297

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #4441 from MMFuba/patch-2

Update lxc-execute.sgml.in

Merge pull request #4442 from MMFuba/patch-1

Update lxc-attach.sgml.in

Update lxc-execute.sgml.in

add hint to use numerical values for uid and gid

Signed-off-by: MMFuba <114305581+MMFuba@users.noreply.github.com>

Update lxc-attach.sgml.in

added hint to use numerical value for uid and gid

Signed-off-by: MMFuba <114305581+MMFuba@users.noreply.github.com>

Merge pull request #4432 from mihalicyn/ipv6_ebadf_fixup

Don't fail veth creation if ipv6 is disabled

network: netdev_configure_server_veth: reduce scope of disable_ipv6_fd/path vars

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/network: handle non-existing sysctl <ifname>/disable_ipv6

Skip writting to /proc/sys/net/ipv6/conf/<ifname>/disable_ipv6
if it does not exist.

Fixes: #4431
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4428 from mihalicyn/new_meson_build_fixup

meson: fix build on NixOS

github: test the lxc multicall binary builds too

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

meson: fix build on NixOS

Fixes: #4427
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

meson: Set DEVEL flag post release

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Release LXC 6.0.0

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4424 from stgraber/main

Cleanup MAINTAINERS, COPYING and sort out SPDX headers

lxc.spec: Align SPDX license id

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Makefile: Align SPDX license id

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

meson: Align SPDX license id

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

COPYING: Clarify licensing of files without SPDX

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

doc: Add SPDX headers and remove Author field

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

src/include: Add SPDX headers

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

src/tests: Add SPDX headers

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

hooks: Add SPDX headers

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

lxc.spec: Clear default changelog

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

lxc.spec: Use SPDX

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

template: Use SPDX

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

config/yum: Use SPDX header

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

COPYING: Remove whitespace

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

MAINTAINERS: Remove Dwight from the maintainer list

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4377 from adamcstephens/install-options

build: add more options for customizing install

Merge pull request #4423 from stgraber/main

lxc-checkconfig improvements

lxc-checkconfig: Fix shellcheck

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

lxc-checkconfig: Show namespace limits

Closes #4259

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4422 from mihalicyn/ct_list_fix

lxc-ls: list names with whitespaces in `--active`.

lxc-ls: list names with whitespaces in `--active`.

Fixes: #3970
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
[ small fixes ]
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4421 from mihalicyn/lxc_copy_fixes

lxc/tools: set default log_priority to ERROR

Merge pull request #4418 from mihalicyn/cumulative_fixes_2apr2024

confile_utils: fix incorrect multiply_overflow test #2

Merge pull request #4420 from mihalicyn/autostart_fix

tools/lxc_autostart: don't fail when there are no containers

Merge pull request #4419 from mihalicyn/fixup_mod_rdep

lxc/lxccontainer: specify file mode in open() call inside mod_rdep

lxc/tools: set default log_priority to ERROR

For some reason, we don't have default log_priority
set for many tools which leads to the situation when
tools can fail silently even if error occurs.

Fixes: #4405
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tools/lxc_autostart: don't fail when there are no containers

Fixes: #3847
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/lxccontainer: specify file mode in open() call inside mod_rdep

We must explicitly specify file mode in open(.. O_CREAT ..).

Let's set 0644, while previously it was 0666 [1] which seems too much.

[1] https://sourceware.org/git/?p=glibc.git;a=blob;f=libio/fileops.c;h=4db4a76f755b1f3b766dc47c669c09242395ec95;hb=HEAD#l216

Fixes: Coverity 1596044
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/confile: do not print excess space before scale suffix for time.offset.boot

Let's make time.offset.boot and time.offset.monotonic getters consistent

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/confile: do not print newline symbol in getter for lxc.time.offset.*

It's clearly a mistake in the getters implementation.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/parse_config_file: fix some typos

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/parse_config_file: add tests for lxc.time.offset.*

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tree-wide: replace multiply_overflow with check_mul_overflow

Remove redundant multiply_overflow helper and use check_mul_overflow.

This also fixes a bug with incorrect handling for negative offset values.

Link: #4374

Signed-off-by: Arnaud Fontaine <arnaud.fontaine@airbus.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4417 from mihalicyn/revert-3951-2021-08-25.fixes

Rework "lxccontainer: fixes" PR

lxccontainer: rework copy_file()

Signed-off-by: Christian Brauner <christian@brauner.io>
resurrect file_exists(new) check
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxccontainer: improve mod_rdep()

Signed-off-by: Christian Brauner <christian@brauner.io>
O_RDWR -> O_WRONLY | O_CREAT
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Revert "lxccontainer: fixes"

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #3951 from brauner/2021-08-25.fixes

lxccontainer: fixes

Merge pull request #4416 from ffontaine/main

src/lxc/syscall_numbers.h: drop define -1

src/lxc/syscall_numbers.h: drop define -1

Drop "#define -1" to avoid the following m68k build failure with gcc 12:

In file included from ../src/lxc/syscall_wrappers.h:19,
                 from ../src/lxc/mount_utils.h:15,
                 from ../src/lxc/conf.h:24,
                 from ../src/lxc/log.h:19,
                 from ../src/lxc/storage/btrfs.c:20:
../src/lxc/syscall_numbers.h:423:25: error: macro names must be identifiers
  423 |                 #define -1
      |                         ^

Fixes:
 - http://autobuild.buildroot.org/results/f40a517eba86838b11b4b1d6a8a05b8233a3394d

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

Merge pull request #4346 from zhongTao99/fix

containers in the FREEZING state also need to be unfreeze

Merge pull request #4412 from petris/fix_rexec_free

rexec: Avoid invalid free in rexec failure path

rexec: Avoid invalid free in rexec failure path

Commit "rexec: free argv array on failure" used __do_free_string_list
as a destructor for argv, which is an array of pointers to a single
buffer and not an array of pointers to independent buffers, which leads
to an attempt to free invalid pointer whenever argv has more than one
element.

Structure argv as one memory block and use __do_free as the destructor.

Signed-off-by: Petr Malat <oss@malat.biz>

Merge pull request #4414 from cjavad/main

README: Correct 'armvl7' to 'armv7l'

README: Correct 'armvl7' to 'armv7l'

Use the correct designation for the armv7l arch, as also reflected in src/lxc/confile.c.

Signed-off-by: Javad Shafique <javadshafique@hotmail.com>

Merge pull request #4411 from hallyn/2024-03-11/simplify-lookup_name

unshare: simplify lookup_name

unshare: simplify lookup_name

pass the optarg straight to getpwnam_r, instead of first
scanning the name out of it.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4410 from HappyDrink-okk/main

lxc-unshare: fix an buffer overflow issue in lxc_unshare