src/lxc/raw_syscalls.c: fix sparc assembly

Build of lxc 3.2.1 fails with ultrasparc on:

raw_syscalls.c: In function ‘lxc_raw_clone’:
raw_syscalls.c:66:3: error: invalid 'asm': invalid operand output code
   asm volatile(
   ^~~

Issue has been added with commit
b52e8e68a61866da2af86e85905ec850f8a8b7fc which added %g1 instead of %%g1

Fixes:
 - http://autobuild.buildroot.org/results/17c2319850f02f24da6fbef9656c07f86fdc5a3a

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

cgroups: honor lxc.cgroup.pattern if set explicitly II

Link: https://discuss.linuxcontainers.org/t/lxc-cgroup-pattern-is-not-being-honored
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: honor lxc.cgroup.pattern if set explicitly

Link: https://discuss.linuxcontainers.org/t/lxc-cgroup-pattern-is-not-being-honored
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove unused method and cleanup cgroup_exit()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: improve setgroups() dropping

Drop groups before we change to userns root.

Reported-by: Teddy Reed <teddy.reed@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxclock: fix a small memory leak

if (!name), we allocate an unnamed semaphore, but if we then fail to
allocate/create the lock, we don't free this semaphore, and we just leak
it.

Signed-off-by: Tycho Andersen <tycho@tycho.ws>

container.conf: Document that order is important in config_jump_table

Add a comment that documents that more specific options of a
namespace have to be added above more generic options in
config_jump_table.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

container.conf: Fix off by 2 in option parsing

This commit fixes a off by 2 in config option parsing
(due to missing parenthesis). The error occurs if for instance
lxc.net.0.type is parsed. In that case, the .0 is removed from the
string. However, due to the missing parenthesis, the null terminating
character is off by two which means the modified config option would
be lxc.net.typepe instead of lxc.net.type.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

cgroups: fix default cgroup pattern

Signed-off-by: Kirill Petrov <yakutskkirill@mail.ru>

start: fix container killing logic

We need to account for the case where pidfd's are not supported by the kernel
in question.

Closes: #3254
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

test: increase timeout for api reboot tests

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup.c: fix memory leak at cgroup init failed

Signed-off-by: LiFeng <lifeng68@huawei.com>

network: fix network device removal

We can't delete by netdev->ifindex since that's the ifindex of the device in
the container, not on the host. The correct thing is done below.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: log api reboot test failures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: fix typ and formatting in comment

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: handle kernel header and kernel incompatability

We might e.g. be compiled in a container with old kernel headers. In this
scenario CLONE_PIDFD will work but pidfd_send_signal() might not be detected
because __NR_pidfd_send_signal is not defined because the kernel headers don't
match the kernel version.

This explains and fixes test-suite hangs on Jenkins I've recently debugged.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: timeout after 60 seconds

That should be more than enough to reboot.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mainloop: add missing \n

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove procfs pidfd support

We'll only rely on proper anon-inode based pidfd support in the future.
There's no good reason to use the procfs fallback. All the fancy features we
might want to use are only available with anon-inode pidfds.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Suppress useless udhcpc directory

The udhcpc directory is created with "mkdir -p" at the place dynamically specified by "busybox udhcpc --help".

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Adaptation to latest busybox

In busybox 1.30, the help of udhcpc for "-s" option changed:
--> busybox v1.27.2: -s,--script PROG Run PROG at DHCP events (default /usr/share/udhcpc/default.script)
--> busybox v1.30.1: -s PROG Run PROG at DHCP events (default /etc/udhcpc/default.script)
So, I changed the command line which extracts the script name to make it work for both versions

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Word repetition in comment

create_run_template(): Double "will mount" in a comment

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

cmd: fix shebang

Signed-off-by: vikaig <vikaig99@gmail.com>

travis: enable -fsanitize=undefined

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fd: only add valid fd to mainloop

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

seccomp: support s390 seccomp

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

cgroups/cgfsng: do not prematurely close file descriptors

When adding the new improved cgroup setup logic I didn't account for the fact
that we need the hierarchy fds up until chown. Add a dedicated cleanup method
to fix this:

lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, , 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, tasks, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )
lxc b1 20191212205052.712 WARN     cgfsng - cgroups/cgfsng.c:fchowmodat:1481 - Bad file descriptor - Failed to fchownat(-9, cgroup.procs, 1000000000, 0, AT_EMPTY_PATH | AT_SYMLINK_NOFOLLOW )

Closes #3228.
Fixes: 1973b62aab41 ("cgroups/cgfsng: improve cgroup creation and removal")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: improve cgroup creation and removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup removal

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework legacy cpuset handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroupfs/cgfsng: pass cgroup to cg_legacy_handle_cpuset_hierarchy() as const char *

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: use explicit unsigned type for bitfield

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: flatten hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: use O_NOCTTY | O_NOFOLLOW

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: enable devpath semantics for cgroup2 device controller

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: replace lxc_write_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_setup_limits_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{get,set}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_unfreeze()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_get_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_num_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/__unused/__lxc_unused/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup attach

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: don't dereference NULL-pointer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: log chown_cgroup_wrapper()

It's becoming more important on cgroup2 to properly delegate cgroups.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgroup2 unprivileged delegation

We accidently checked files to delegate for privileged container and not for
unprivileged containers in the pure unified case. Fix that and clean up the
delegation file parsing.

Closes #3206.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_{monitor,payload}_delegate_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_monitor_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: rework cgfsng_payload_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: remove unused compiler attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: replace compiler attributes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: replace closing helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: add __unused attribute

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{log, macro}: remove unused logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: rework return values of some functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup2_devices: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgroup: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/cgfsng: replace logging functions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: replace logging helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: replace logging helpers

s/error_log_errno(/log_error_errno(-1, /g
s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: s/minus_one_set_errno(/ret_set_errno(-1, /g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: add ret_errno()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: rearrange

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup2: rework controller delegation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

"busy" field set to -1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

"busy" field set to 1 instead of 0

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Init "busy" field to -1 as 0 is valid fd

"busy" field is assigned with the command socket descriptor when the terminal is in use. So, use "-1" to disable it.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

config: Fix parsing of mount options

When parsing mount options e.g. from lxc.mount.entry the specified
options are mapped to the flags constants. To do so, the strings
are compared to the options contained in mount_opt. However,
when comparing the strings, the length of the string is not
checked. That entails that the option "rootcontext=selinux-context"
is mapped to the mount option read-only (ro). This commit fixes
this issue by checking if a '=' is contained in the specified option
and additionally comparing the length of the strings.

Signed-off-by: Maximilian Blenk <Maximilian.Blenk@bmw.de>

cgroups/devices: correctly verify bpf device useability in cgfsng_devices_activate()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: improve container cgroup attaching

The current attach.c codepath which handles moving the attaching process into
the container's cgroups allocates a whole new struct cgroup_ops and goes
through the trouble of reparsing the whole cgroup layout.
That's costly and wasteful. My plan has always been to move this into the
command api by getting fds for attaching back but but it's not worth going
through that hazzle for non-unified hosts. On pure unified hosts however -
being the future - we can just attach through a single fd so there's no need to
allocate and setup struct cgroup_ops.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc: switch to SPDX

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: use logging return helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "cgroups/freezer: fix and improve cgroup2 freezer implementation"

This reverts commit ecaf0c7bfc1baee74ff38dbdbc65bf4bec2361d4. I somehow
accidently did a double-backport.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: rework cgroup2 attach

On pure unified systemd we can use a single file descriptor to interact with
the cgroup filesystem. Add a method to retrieve it and as a start use it in our
unified attach codepath.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: do not log error when bpf device feature is not available

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

freezer: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/freezer: fix and improve cgroup2 freezer implementation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix memory leak for set config rootfs options

Signed-off-by: dongxinhua <dongxinhua@huawei.com>

tree-wide: fix wrong copy-paste for licenses

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/freezer: fix and improve cgroup2 freezer implementation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: add DEFAULT_MOUNTPOINT #define

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove monitor_signal_pdeath codepath

This causes compilation failures due to a bad cherry-pick.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: use dedicated enums

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: introduce ebpf device cgroup global rule types

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups/devices: handle NULL

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: enable -Wunused-but-set-variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>