confile: add lxc.console.size

lxc.console.size regulates the size of the console log file. This is intended
to replace lxc.console.buffer.logfile. The current semantics are:

- if lxc.console.size is not set:
  - no limit is placed on the size of the log file
- if lxc.console.size is set:
  - if lxc.console.rotate is set and the next write would exceed the limit:
    - write as much as possible into the old log file
    - rotate the log file
    - write as much as posible into the new log file
    - discard remaining bytes (scenario shouldn't be possible in normal
      circumstances)
  - if lxc.console.rotate is not set and the next write would exceed the limit:
    - keep overwriting the current log file

To make the log file a mirror of the in-memory ringbuffer simply set:
lxc.console.buffer.size == lxc.console.size.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

libpam: Drop mention to non-existing macro.h

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2192 from brauner/2018-02-26/enable_pam_flag

configure: add --enable-pam

Merge pull request #2190 from brauner/2018-02-16/lxc_local_template

templates: add lxc-local template

configure: add --enable-pam

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

templates: add lxc-local template

Closes #2184.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-oci: remove executable bit

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "Revert "pam: create writable cgroups for unpriv users""

This reverts commit 79cf25e826509e61cdda4c47d5aeb0e222439970.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2191 from brauner/2018-02-16/fix_snapshot_segfault

lxc-snapshot: fix segfault

Merge pull request #2189 from brauner/2018-02-16/remove_needless_locking

commands: remove mutex from state client list

Merge pull request #2188 from brauner/2018-02-16/coding_style

CODING_STYLE: add section about _exit()

lxc-snapshot: fix segfault

https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1751780

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

parse: error out on invalid config key

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove mutex from state client list

I was thinking about the locking here yesterday and it dawned on me that we
actually don't need this at all:
- possible contention between traversing list to send states to state clients
  and adding new state clients to the list:
  It is the command handler that adds new state clients to the state client
  list. The command handler and the code that actually sends out the container
  states run in the same process so there's not contention and thus no locking
  needed.
- adding state clients to the list from multiple threads:
  The command handler itself is single-threaded so only one thread's request can
  be served at the same time so no locking is needed.
- sending out the state to state clients via the command handler itself:
  The state client also adds and removes state clients from the state client
  list so there's no locking needed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

CODING_STYLE: add section about _exit()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2187 from itoffshore/alpine

fix download template for /tmp as tmpfs or noexec

fix download template for /tmp as tmpfs or noexec

* prepend $LXC_PATH to $DOWNLOAD_TEMP on systems with /tmp mounted
  securely as a small tmpfs / noexec

* gpg_setup() creates $DOWNLOAD_TEMP so remove superflous mkdir

* fixes https://github.com/lxc/lxc/issues/516

Signed-off-by: Stuart Cardall <developer@it-offshore.co.uk>

Merge pull request #2186 from brauner/2018-02-22/make_confile_reading_thread_safe

tree-wide: thread-safety improvements

cgfsng: fix get_hierarchy() for unified hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: du_dump()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: do_restore()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: criu_version_ok()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: __criu_check_feature()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: create_container_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_create_container_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: lxcapi_startl()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: lxcapi_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: free_init_cmd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: split_init_cmd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: push_arg()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: am_single_threaded()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_wait()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_want_close_all_fds()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_want_daemonize()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_load_config()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: load_config_locked()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: lxcapi_console()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_console_getfd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_freeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_is_running()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: is_stopped()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_state()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_is_defined()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: lxc_container_{get,put}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: lxc_container_free()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: create_partial()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: create_partial()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: ongoing_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: config_file_exists()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: move macros to utils.h

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_save_config()

If liblxc is used multi-threaded do_lxcapi_save_config() could be called from
threads that fork() which to not risk ending up with invalid locking states we
should avoid using functions like fopen() that internally allocate memory and
use locking. Let's replace it with the async-signal safe combination of
open() + write().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: lxc_delete_network_unpriv_exec()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: lxc_create_network_unpriv_exec()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: lxc_netdev_move_wlan()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: lxc_netdev_rename_by_name_in_netns()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: run_command()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: lxc_popen()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: {un}lock_mutex()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_detach_interface()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_add_remove_node()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_clone()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_get_ips()

thread-safety: s/exit/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_get_interfaces()

thread-safety: s/exit()/_exit/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_create()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: create_run_template()

thread_safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: do_lxcapi_start()

thread-safety: s/exit()/_exit()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: use mmap() to parse config file

Sigh, this is going to be fun. Essentially, dynamic memory allocation through
malloc() and friends is unsafe when fork()ing in threads. The locking state
that glibc maintains internally might get messed up when the process that
fork()ed calls malloc or calls functions that malloc() internally. Functions
that internally malloc() include fopen(). One solution here is to use open() +
mmap() instead of fopen() + getline().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2182 from tenforward/japanese

doc: Add cgroup-full:*:force to Japanese lxc.container.conf(5)

doc: Add cgroup-full:*:force to Japanese lxc.container.conf(5)

Update for commit e7806b2

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #2181 from brauner/2018-02-22/fix_root_owned_unprivileged_containers

cgfsng: fix off-by-one error

cgfsng: fix off-by-one error

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "pam: create writable cgroups for unpriv users"

This reverts commit 799566212468620fd0de3796c82447f002844419.

Before we can merge something like this we need to have it be behind a
configure flag and quite probably be an opt-in feature (--enable-pam).

This should fix Jenkins, PPA builds and the current binary conflicts
between the lxcfs and lxc package builds (snap and archive).

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2148 from brauner/2018-02-09/move_pam_module_to_liblxc

pam: create writable cgroups for unpriv users

Merge pull request #2179 from brauner/2018-02-21/docs_add_cgroup_full_force

doc: document cgroup-full:{mixed,ro,rw}:force

Merge pull request #2180 from tenforward/japanese

Update Japanese lxc.container.conf(5)

doc: Improve Japanese translation in lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: add "force" option of lxc.mount.auto to Japanese lxc.container.conf(5)

Update for commit 3f69fb1, and and reduce commentnized English line.

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Add the describe of mount propagation to Japanese lxc.container.conf(5)

Update for commit d840039

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Add lxc.namespace.{clone,keep} to Japanese lxc.container.conf(5)

Update for commit 46186ac

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: Update to lxc.namespace.share.* in Japanese lxc.container.conf(5)

change from lxc.namespace.* to lxc.namespace.share.*.
Update for commit b074bbf

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

doc: add lxc.cgroup2.* to Japanese lxc.container.conf(5)

Update for commit 54860ed

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

utils: include linux/types.h

Closes #2178.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: document cgroup-full:{mixed,ro,rw}:force

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2175 from brauner/2018-02-17/coding_style_fixes

tree-wide: coding style + fixes

cgroups: remove cgroup_create_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: implement "driver" and "driver_version"

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove legacy cgfs cgroup driver

The time has come to remove the cgfs cgroup driver as well. I'm doing this for
mainly two reasons:
- potential security issue:
  The cgfs cgroup driver has been unmaintained for a long time now. It did not
  receive new functionality apart from bugfixes. Now that cgroup2 is a thing
  the internal logic how to deal with cgroups has been substantially reworked
  for the cgfsng driver. Given that we won't do the same work for the cgfs
  driver I smell bugs all over the place in the near future. I don't want to
  wake up to a security issue where someone forces LXC to fallback to the cgfs
  driver to exploit bugs when e.g. running in a pure unified cgroup layout.
- code complexity:
  The cgfs cgroup driver is massively complex since it tried to figure out
  where the mountpoint for each legacy cgroup hierarchy is, i.e. it didn't make
  simplyfing assumptions like cgfsng does about where the cgroup hierarchies -
  legacy or unified - would be mounted. This was appropriate before cgroup
  mounting has been standardized. Nowadays, anyone who mounts cgroups not under
  /sys/fs/cgroup is on their own. Furthermore, with unified hierarchy cgroup
  layouts there will only be a single hierarchy mounted at /sys/fs/cgroup so
  there's even less need to drag the complex parsing in cgfs into the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: enable "force" for "cgroup-full"

This enables cgroup-full:{mixed,ro,rw}:force and reworks the mount logic.
When cgroup-full was specified we used to bind-mount the cgroups from the host.
That is pretty weird thing to do given that you can simply mount them directly
without going through bind-mounts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: cleanup namespace handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_set_death_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do_destroy_container()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_destroy_container_on_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: post_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_spawn()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>