utils: include linux/types.h

Closes #2178.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: document cgroup-full:{mixed,ro,rw}:force

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2175 from brauner/2018-02-17/coding_style_fixes

tree-wide: coding style + fixes

cgroups: remove cgroup_create_legacy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: implement "driver" and "driver_version"

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove legacy cgfs cgroup driver

The time has come to remove the cgfs cgroup driver as well. I'm doing this for
mainly two reasons:
- potential security issue:
  The cgfs cgroup driver has been unmaintained for a long time now. It did not
  receive new functionality apart from bugfixes. Now that cgroup2 is a thing
  the internal logic how to deal with cgroups has been substantially reworked
  for the cgfsng driver. Given that we won't do the same work for the cgfs
  driver I smell bugs all over the place in the near future. I don't want to
  wake up to a security issue where someone forces LXC to fallback to the cgfs
  driver to exploit bugs when e.g. running in a pure unified cgroup layout.
- code complexity:
  The cgfs cgroup driver is massively complex since it tried to figure out
  where the mountpoint for each legacy cgroup hierarchy is, i.e. it didn't make
  simplyfing assumptions like cgfsng does about where the cgroup hierarchies -
  legacy or unified - would be mounted. This was appropriate before cgroup
  mounting has been standardized. Nowadays, anyone who mounts cgroups not under
  /sys/fs/cgroup is on their own. Furthermore, with unified hierarchy cgroup
  layouts there will only be a single hierarchy mounted at /sys/fs/cgroup so
  there's even less need to drag the complex parsing in cgfs into the future.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: enable "force" for "cgroup-full"

This enables cgroup-full:{mixed,ro,rw}:force and reworks the mount logic.
When cgroup-full was specified we used to bind-mount the cgroups from the host.
That is pretty weird thing to do given that you can simply mount them directly
without going through bind-mounts.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: cleanup namespace handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: add lxc_set_death_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: non-functional changes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do_destroy_container()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_destroy_container_on_signal()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: post_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_spawn()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_abort()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_fini()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_init_handler()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: simplify

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_poll()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: signal_handler()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: lxc_check_inherited()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: preserve_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: close_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: print_top_failing_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: use correct prefix for includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{commands,start}: remove element from list first

First remove the client from the list then close the fd. Otherwise we open
ourselves to a race where another codepath might be writing to a bad file
descriptor.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: remove locking around openpty()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove duplicate lxc_monitor_send_state()

Closes #2177.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: use wait_for_pid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_legacy_setup_limits()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_set_data()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: convert_devpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_set()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_get()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: __cg_unified_attach()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: build_full_cgpath_from_monitorpath()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_escape()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_count_nrtasks()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_mount()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: mount_cgroup_full()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_chown()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_enter()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: remove_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: create_path_for_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_create_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: recursive_destroy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cgfsng_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_unified_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_is_pure_unified()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_basecg_debuginfo()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cgfsng_print_hierarchies()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: trim()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_string()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_current_cgroup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_in_clist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_to_eol()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_mountpoint()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_hybrid_get_controllers()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: all_controllers_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_found()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_list_is_dup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: controller_lists_intersect()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_handle_cpuset_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: copy_parent_file()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_filter_and_set_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_max_cpus()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask_to_cpulist()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: lxc_cpumask()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: get_hierarchy()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: must_append_controller()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: string_in_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: append_null_to_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: add me to authors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: move cg_legacy_must_prefix_named()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: cg_legacy_must_prefix_named()

s/must_prefix_named/cg_legacy_must_prefix_named/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: free_string_list()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document remaining variables

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct cgfsng_handler_data

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: fully document struct hierarchy

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: order includes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2174 from brauner/2018-02-17/lxc-update-config_check_empty_args

cmd/lxc-update-config: check for empty arguments

cmd/lxc-update-config: check for empty arguments

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2173 from brauner/2018-02-17/add_coverity_status

README: add coverity

README: add coverity

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2171 from brauner/2018-02-16/rework_hooks

conf: fix run_script_argv()

console: ensure that fd is marked EBADF

If the handler closes the file descriptor for the peer or master fd it is
crucial that we mark it as -EBADF. This will prevent lxc_console_delete()
from calling close() on an already closed file descriptor again. I've
observed the double close in the attach code.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: don't call close on invalid file descriptor

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2172 from stgraber/master

Sabayon fixes

lxc-sabayon: Fix handling of eth0

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-sabayon: Remove broken/unused code

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

conf: s/argsin/argv/ in run_script_argv()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>