cmd: s/write()/lxc_write_nointr()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cmd: s/pipe()/pipe2()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: s/pipe()/pipe2()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: cleanup do_lxcapi_get_interfaces()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: s/pipe()/pipe2()/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: always close pipe in run_userns_fn()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: s/pipe()/pipe2()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

nl: avoid NULL pointer dereference

It's a valid case to call nla_put() with NULL data and 0 len. It's done e.g. in
the nla_put_attr().

There has to be a check for data in nla_put() as passing NULL to the memcpy()
is not allowed. Even if length is 0, both pointers have to be valid.

For a reference see C99 standard (7.21.1/2), it says: "pointer arguments on
such a call shall still have valid values".

Reported-by: Daniel Gimpelevich <daniel@gimpelevich.san-francisco.ca.us>
Signed-off-by: Rafał Miłecki <rafal@milecki.pl>
[christian.brauner@ubuntu.com: adapted commit message]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

change log macro of error case from lxc_ambient_caps_up/down

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

coverity: #1438067

Explicit null dereferenced

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

conf: the atime flags are locked in userns

This means they need to be added for remount and for fresh mounts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: change error log using strerror to SYSERROR

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

coverity: #1437935

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1437936

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: simplify lxc_attach_getpwshell()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: thread-safety backports

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: don't unconditionally open("/dev/null")

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425816

Explicit null dereferenced

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

CODING_STYLE: add section about using strlcat()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: account for Android's Bionic's strerror_r()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: add lxc_log_strerror_r macro

Let's ensure that we always use the thread-safe strerror_r() function and add
an approriate macro.
Additionally, define SYS*() macros for all log levels. They will use the new
macro and ensure thread-safe retrieval of errno values.

Signed-off-by: 2xsec <dh48.jeong@samsung.com>
[christian.brauner@ubuntu.com: simplify lxc_log_strerror_r macro]
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

move some comments in lxc.spec.in

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

monitor: change exit() => _exit() system call in child process

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

commands: simplify lxc_cmd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fix pointer c is dereferenced after checking null

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

fix fd handle leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

secure coding: #2 strcpy => strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

btrfs: fix get_btrfs_subvol_path()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

include: add strlcat() implementation

CC: Donghwa Jeong <dh48.jeong@samsung.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

btrfs: fix btrfs_snapshot()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

secure coding: network: strcpy => strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

secure coding: strcpy => strlcpy

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1437027

Read from pointer after free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425855

String not null terminated

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425789

Unchecked return value from library

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425846

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425840

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425837

String not null terminated

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425825

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425824

Missing break in switch

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425819

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425818

Dereference after null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425813

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425810

Explicit null dereferenced

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425799

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425793

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425792

Insecure temporary file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425789

Unchecked return value from library

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425771

Insecure temporary file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425770

Insecure temporary file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

include: add getgrgid_r()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425768

Untrusted array index read

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425767

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425766

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425760

Use of untrusted scalar value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425778

Out-of-bounds write

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

coverity: #1437017

Uninitialized pointer

Signed-off-by: 2xsec <dh48.jeong@samsung.com>

fix getgrgid() thread safe issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

fix getpwuid() thread safe issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1436916

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

attach: fix double free

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

fix getpwnam() thread safe issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

tools: restore lxc-create log behavior

Older versions of lxc-create used to set log_file to "none" when a log priority
but no log file was specified on the command line. Let's restore this behavior.

Closes #2392.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425781

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

arguments: improve some operations

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

conf: only use newuidmap and newgidmap when necessary

Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

coverity: #1425836

Resource leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425849

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425841

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425795

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425794

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425779

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

coverity: #1425777

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Fix typo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

support tls in cross-compile

AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.

Signed-off-by: duguhaotian <duguhaotian@gmail.com>

conf: copy mountinfo for remount_all_slave()

While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.

Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: handle EINTR in some read()/write()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: log unknown info.si_code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: fix waitpid() blocking issue

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

confile: improve strprint()

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: va_end was not called.

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

network: fix socket handle leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

utils: fix task_blocking_signal()

Closes #2342.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435803

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1435805

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix lxc-create with global config value II

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix lxc-create with global config value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: order architectures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: fix fd leaks when sending signals

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: fix task_blocking_signal()

sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/sigprocmask/pthread_sigmask()/g

The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-init: skip signals that can't be caught

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425802

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

capabilities: raise ambient capabilities

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>

config: allow read-write /sys in user namespace

Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: #1425844

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1248106

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1425836

Resource leak

Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

coverity: #1435603

Resource leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>