Merge pull request #2179 from brauner/2018-02-21/docs_add_cgroup_full_force

doc: document cgroup-full:{mixed,ro,rw}:force

Merge pull request #2180 from tenforward/japanese

Update Japanese lxc.container.conf(5)

doc: Improve Japanese translation in lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: add "force" option of lxc.mount.auto to Japanese lxc.container.conf(5)

Update for commit 3f69fb1, and and reduce commentnized English line.

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Add the describe of mount propagation to Japanese lxc.container.conf(5)

Update for commit d840039

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Add lxc.namespace.{clone,keep} to Japanese lxc.container.conf(5)

Update for commit 46186ac

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Update to lxc.namespace.share.* in Japanese lxc.container.conf(5)

change from lxc.namespace.* to lxc.namespace.share.*.
Update for commit b074bbf

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: add lxc.cgroup2.* to Japanese lxc.container.conf(5)

Update for commit 54860ed

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

utils: include linux/types.h

Closes #2178.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: document cgroup-full:{mixed,ro,rw}:force

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2175 from brauner/2018-02-17/coding_style_fixes

tree-wide: coding style + fixes

cgroups: remove cgroup_create_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: implement "driver" and "driver_version"

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove legacy cgfs cgroup driver

The time has come to remove the cgfs cgroup driver as well. I'm doing this for
mainly two reasons:
- potential security issue:
  The cgfs cgroup driver has been unmaintained for a long time now. It did not
  receive new functionality apart from bugfixes. Now that cgroup2 is a thing
  the internal logic how to deal with cgroups has been substantially reworked
  for the cgfsng driver. Given that we won't do the same work for the cgfs
  driver I smell bugs all over the place in the near future. I don't want to
  wake up to a security issue where someone forces LXC to fallback to the cgfs
  driver to exploit bugs when e.g. running in a pure unified cgroup layout.
- code complexity:
  The cgfs cgroup driver is massively complex since it tried to figure out
  where the mountpoint for each legacy cgroup hierarchy is, i.e. it didn't make
  simplyfing assumptions like cgfsng does about where the cgroup hierarchies -
  legacy or unified - would be mounted. This was appropriate before cgroup
  mounting has been standardized. Nowadays, anyone who mounts cgroups not under
  /sys/fs/cgroup is on their own. Furthermore, with unified hierarchy cgroup
  layouts there will only be a single hierarchy mounted at /sys/fs/cgroup so
  there's even less need to drag the complex parsing in cgfs into the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: enable "force" for "cgroup-full"

This enables cgroup-full:{mixed,ro,rw}:force and reworks the mount logic.
When cgroup-full was specified we used to bind-mount the cgroups from the host.
That is pretty weird thing to do given that you can simply mount them directly
without going through bind-mounts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: cleanup namespace handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_set_death_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do_destroy_container()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_destroy_container_on_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: post_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_spawn()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_abort()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_fini()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_init_handler()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: simplify

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_poll()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: signal_handler()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_check_inherited()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: preserve_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: close_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: print_top_failing_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: use correct prefix for includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{commands,start}: remove element from list first

First remove the client from the list then close the fd. Otherwise we open
ourselves to a race where another codepath might be writing to a bad file
descriptor.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: remove locking around openpty()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove duplicate lxc_monitor_send_state()

Closes #2177.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: use wait_for_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_legacy_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_set_data()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: convert_devpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_set()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_get()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: build_full_cgpath_from_monitorpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: mount_cgroup_full()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: remove_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: create_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_create_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_is_pure_unified()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_basecg_debuginfo()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: trim()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_string()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_in_clist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_to_eol()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_mountpoint()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: all_controllers_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_list_is_dup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_lists_intersect()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_handle_cpuset_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_parent_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_filter_and_set_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_max_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask_to_cpulist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_controller()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: string_in_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: append_null_to_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add me to authors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: move cg_legacy_must_prefix_named()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_must_prefix_named()

s/must_prefix_named/cg_legacy_must_prefix_named/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: free_string_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document remaining variables

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct cgfsng_handler_data

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: order includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2174 from brauner/2018-02-17/lxc-update-config_check_empty_args

cmd/lxc-update-config: check for empty arguments

cmd/lxc-update-config: check for empty arguments

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2173 from brauner/2018-02-17/add_coverity_status

README: add coverity