parse: handle \r

Closes #2838.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2836 from brauner/2019-02-10/fix_cgfsng_driver

cgroup: bugfixes

cgfsng: fix cgroup creation

When cgroup creation failed we reset container_cgroup to NULL to avoid
issues with __cleanup__. Fix that logic:
- add steal_ptr() based on take_ptr()
- move stealing the pointer out of the loop

lxc ctImport 20190210050705.858 DEBUG    network - network.c:instantiate_veth:202 - Instantiated veth "vethGQMH7I/vethSPXNL3", index is "272"
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1262 - File exists - Failed to create directory "/sys/fs/cgroup/unified//lxc.payload/ctImport-0"
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:container_create_path_for_hierarchy:1302 - Failed to create cgroup "/sys/fs/cgroup/unified//lxc.payload/ctImport-0"
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1431 - Failed to create cgroup "/sys/fs/cgroup/unified//lxc.payload/ctImport-0"
lxc ctImport 20190210050705.858 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1441 - The container uses "lxc.payload/ctImport-0" as cgroup
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:mkdir_eexist_on_last:1262 - File exists - Failed to create directory "/sys/fs/cgroup/unified/"
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:container_create_path_for_hierarchy:1302 - Failed to create cgroup "/sys/fs/cgroup/unified/"
lxc ctImport 20190210050705.858 ERROR    cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1431 - Failed to create cgroup "/sys/fs/cgroup/unified/"
lxc ctImport 20190210050705.858 INFO     cgfsng - cgroups/cgfsng.c:cgfsng_payload_create:1441 - The container uses "(null)" as cgroup

Fixes: d97919abf22 ("cgroups: partially switch to cleanup macros")
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: coding style for cgfsng_payload_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: coding style for cgfsng_monitor_create()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2832 from brauner/2019-02-08/add_coccinelle

coccinelle support

Merge pull request #2829 from brauner/2019-02-08/capabilities

caps: check uid and euid

coccinelle: use standard exit identifiers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coccinelle: s/while({1,true})/for(;;)/

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coccinelle: add coccinelle support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2833 from brauner/2019-02-09/bugfixes

bugfixes

lxc-init: exit with error on wait failure

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: prevent signed-issues

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: remove unnecessary check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove unnecessary check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2827 from brauner/2019-02-07/auto_cleanup

cgroups: partially switch to cleanup macros

caps: check uid and euid

When we are running inside of a user namespace getuid() will return a
non-zero uid. So let's check euid as well to make sure we correctly drop
capabilities

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: partially switch to cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2825 from brauner/lxc/master

README: add LGTM

README: add LGTM

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2821 from brauner/2019-02-05/remove_stack_allocation

tree-wide: wipe alloca() from the codebase

lxc-unshare: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

overlay: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rbd: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

nbd: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lvm: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

loop: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

terminal: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

string_utils: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

pam_cgfs: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

namespace: remove stack allocations

Switch to a static stack instead of allocating a new one. There's really
no point in doing all of the dance to get the current pagesize.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

monitor: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc_user_nic: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxcmntent: remove stack allocations

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: add memory_utils.h

The header defines a simple wrapper for free() that can be used with
gcc's and clang's __attribute__((__cleanup__(<cleanup-fun>))) macro.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2824 from brauner/2019-02-05/compiler_based_hardening

compiler: hardening

compiler: -Wnested-externs hardening

Warn if an extern declaration is encountered within a function.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wdate-time hardening

Warn when macros __TIME__, __DATE__ or __TIMESTAMP__ are encountered as
they might prevent bit-wise-identical reproducible compilations.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=shift-overflow=2 hardening

Warn about left shift overflows. This warning is enabled by default in
C99 and C++11 modes (and newer).

-Wshift-overflow=2
This warning level also warns about left-shifting 1 into the sign bit,
unless C++14 mode (or newer) is active.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=shift-count-overflow hardening

Warn if shift count >= width of type.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: fix -fstack-protector-strong

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -fdiagnostics-show-option

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=overflow hardening

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wendif-labels hardening

Do not warn whenever an #else or an #endif are followed by text.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2823 from brauner/2019-02-05/compiler_based_hardening

compiler: hardening

compiler: -Wshadow hardening

Warn whenever a local variable or type declaration shadows another
variable, parameter, type, class member (in C++), or instance variable
(in Objective-C) or whenever a built-in function is shadowed.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: set -Wimplicit-fallthrough to 5

-Wimplicit-fallthrough=5 doesn’t recognize any comments as fallthrough
comments, only attributes disable the warning.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wformat=2 hardening

Enable -Wformat plus additional format checks. Currently equivalent to
-Wformat -Wformat-nonliteral -Wformat-security -Wformat-y2k.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=incompatible-pointer-types

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Werror=return-type hardening

Warn whenever a function is defined with a return type that defaults to
int. Also warn about any return statement with no return value in a
function whose return type is not void (falling off the end of the
function body is considered returning without a value).

For C only, warn about a return statement with an expression in a
function whose return type is void, unless the expression type is also
void. As a GNU extension, the latter case is accepted without a warning
unless -Wpedantic is used.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wsuggest-attribute=noreturn hardening

Warn about functions that might be candidates for attributes pure, const
or noreturn or malloc.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wfloat-equal hardening

Warn if floating-point values are used in equality comparisons.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Winit-self hardening

Warn about uninitialized variables that are initialized with themselves.
Note this option can only be used with the -Wuninitialized option.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wold-style-definition hardening

Warn if an old-style function definition is used. A warning is given
even if there is a previous prototype.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wmissing-include-dirs hardening

Warn if a user-supplied include directory does not exist.

This already surfaced a bug that is fixed by this commit.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: -Wlogical-op hardening

Warn about suspicious uses of logical operators in expressions.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2822 from tomponline/tp-rpmspec

fix rpm packaging for bash completion directory.

fix rpm packaging for bash completion directory.

Closed #1825

Signed-off-by: tomponline <tomp@tomp.uk>

Merge pull request #2820 from brauner/2019-01-31/cgfsng_sys/kernel/cgroup/delegate

cgroups: use of /sys/kernel/cgroup/delegate file

Merge pull request #2787 from Blub/2019-01-17/revert-sys-double-bindmount-cleanup

Revert "conf: remove extra MS_BIND with sysfs:mixed"

cgroups: use of /sys/kernel/cgroup/delegate file

This file contains the files one needs to chown to successfully delegate
cgroup files to unprivileged users.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2806 from brauner/2019-01-27/bugfixes

freezer: non-functional changes

freezer: non-functional changes

Fix the coding style in a few files.

Fixes: db1228b35f3e ("Avoid hardcoded string length")
Fixes: 71fc9c046816 ("Avoid risk of "too far memory read"")
Fixes: 2341916a0367 ("Avoid double lxc-freeze/unfreeze")
Fixes: 9eb9ce3e4778 ("Update freezer.c")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2817 from Rachid-Koucha/patch-5

More accurate error msg for template file

More accurate error msg for template file

When calling lxc-create, if the template exists but is not executable, we end with the following error messages which make believe that the template file does not exist when it is merely a execute access problem:

lxc-create: ctn00: utils.c: get_template_path: 918 No such file or directory - bad template: /.../lxc-busybox
lxc-create: ctn00: lxccontainer.c: do_lxcapi_create: 1786 Unknown template "/.../lxc-busybox"
lxc-create: ctn00: tools/lxc_create.c: main: 327 Failed to create container ctn00

Actually internally the errno is lost as the following code triggers a useless access to (strace output):

access("/.../lxc-busybox", X_OK) = -1 ENOENT (No such file or directory)

With the above fix, we get a more explicit error message when the template file is missing the "execute" bit:

lxc-create: bbc: utils.c: get_template_path: 917 Permission denied - Bad template pathname: /tmp/azerty
lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/azerty"
lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc

With the above fix, we get a more explicit error message when the pathname of the template file is incorrect:

lxc-create: bbc: utils.c: get_template_path: 917 No such file or directory - Bad template pathname: /tmp/qwerty
lxc-create: bbc: lxccontainer.c: do_lxcapi_create: 1816 Unknown template "/tmp/qwerty"
lxc-create: bbc: tools/lxc_create.c: main: 331 Failed to create container bbc

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2807 from brauner/2019-01-27/mount_entries

conf: check for successful mount entry parse

Merge pull request #2814 from tenforward/japanese

doc: Add lxc.seccomp.allow_nesting to Japanese lxc.container.conf(5)

doc: Add lxc.seccomp.allow_nesting to Japanese lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #2813 from brauner/2019-01-27/bugfixes_2

compiler: remove deprecated and unneeded header

prlimit: remove deprecated and unneeded header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

compiler: remove deprecated and unneeded header

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2812 from Rachid-Koucha/patch-7

/etc/resolv.conf grows indefinitely

/etc/resolv.conf grows indefinitely

This file grows indefinitely : upon each DHCP lease renew,
the "nameserver ..dns..." line is added at the end of the file.
Make a "grep" in the file to make sure that the same line
does not already exist.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

conf: append 0 0 to nesting helpers mount entries

Otherwise musl's getmntent_r() parser will fail.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2811 from Rachid-Koucha/patch-6

Create /var/run

Create /var/run

Some programs like "who" need this directory
to work (this permits the of /var/run/utmp file).

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2810 from Rachid-Koucha/patch-6

Use BUSYBOX_EXE variable in configure_busybox()

Use BUSYBOX_EXE variable in configure_busybox()

As "which busybox" is stored in BUSYBOX_EXE
global variable at startup, use it wherever it is
needed.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

conf: check for successful mount entry parse

Since liblxc is completely in control of the mount entry file we should
only consider a parse successful when EOF is reached.

Closes #2798.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2809 from Rachid-Koucha/patch-6

Installation of default.script for udhcpc

Installation of default.script for udhcpc

The busybox template installs default.script in /usr/share/udhcpc/.
But the pathname of "default.script" may vary from one busybox
build to another. As the pathname is displayed in udhcpc's help,
grab it from it.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2744 from adamkasztenny/patch-1

Add template-options to help output

Merge pull request #2804 from Rachid-Koucha/patch-4

Avoid hardcoded string length

Avoid hardcoded string length

Use strlen() on "state" variable instead of harcoded
value 6.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2803 from Rachid-Koucha/patch-4

Avoid risk of "too far memory read"

Merge pull request #2802 from Rachid-Koucha/patch-3

Avoid double lxc-freeze/unfreeze

Avoid risk of "too far memory read"

As we call "lxc_add_state_client(fd, handler, (lxc_state_t *)req->data)"
which supposes that the last parameter is a table of MAX_STATE
entries when calling memcpy():
memcpy(newclient->states, states, sizeof(newclient->states))

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2801 from Rachid-Koucha/patch-2

Update freezer.c

Avoid double lxc-freeze/unfreeze

If we call lxc-freeze multiple times for an already frozen container, LXC
triggers useless freezing by writing into the "freezer.state" cgroup file.
This is the same when we call lxc-unfreeze multiple times.
Checking the current state with a LXC_CMD_GET_STATE
(calling c->state) would permit to check if the container is FROZEN
or not.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Update freezer.c

Suppressed hard coded values for state and array's maximum index.

Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Merge pull request #2794 from brauner/2019-01-21/revert_seccomp_fuckup

Revert "seccomp: add rules for specified architecture only"