initutils: remove fgets() from setproctitle()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

initutils: remove fgets() from lxc_global_con[...]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: remove fgets() from is_shared_mountpoint()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove fgets() from lxc_chroot()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: remove fgets() from run_buffer()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2882 from misterunknown/master

gpg: use proxy, if http_proxy is set

gpg: use proxy, if http_proxy is set

Signed-off-by: Marco Dickert <marco@misterunknown.de>

Merge pull request #2881 from Blub/2019-02-25/lxc-attach-move_fd

attach: use move_fd in lxc_proc_close_ns_fd

attach: use move_fd in lxc_proc_close_ns_fd

Previously this set `ctx->ns_fd[*]` to `-EBADF` until commit
fd2a88b190eb ("attach: cleanup macros lxc_proc_close_ns_fd",
but there are some code paths where we call this before
later calling `lxc_proc_put_context_info` which would call
this function again with the file descriptors still
unchanged.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #2880 from brauner/2019-02-22/cleanup_macros

tree-wide: cleanup macros

conf: cleanup macros suggest_default_idmap

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros write_id_mapping

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros setup_mount_entries

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros make_anonymous_mount_file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_fill_autodev

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_pivot_root

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_chroot

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros remount_all_slave

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: simplify idmaptool_on_path_and_privileged

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2867 from brauner/2019-02-19/cleanup_macros

tree-wide: cleanup macros

Merge pull request #2879 from brauner/2019-02-21/attach_run_wait

lxc-attach: switch to attach_run_wait

lxc-attach: switch to attach_run_wait

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

.travis: remove coverity

It hasn't worked reliably for us for a long time. Remove it until such time as
someone cares enough to fix it.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

.travis: give coverity one more try

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup macros lxc_attach_terminal_[...]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup macros lxc_put_attach_clone_[...]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup macros in_same_namespace

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup macros lxc_proc_close_ns_fd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2876 from brauner/2019-02-20/run_coccinelle_during_tests

travis: run coccinelle

travis: run coccinelle

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2875 from brauner/2019-02-20/run_coccinelle_during_tests

tests: run coccinelle checks

travis: run coccinelle

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2874 from stgraber/master

Fix existing mount target check

Fix existing mount target check

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

conf: cleanup macros suggest_default_idmap

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros get{g,u}name

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros get_minimal_idmap

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_execute_bind_init

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros remount_all_slave

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros idmaptool_on_path_[...]

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros setup_proc_filesystem

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros setup_sysctl_parameters

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros mount_entry_on_generic

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros mount_entry_create_dir_file

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros parse_propagationopts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros parse_mntopts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_chroot

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros lxc_mount_auto_mounts

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros pin_rootfs

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup macros run_script_argv

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: auto free run_buffer

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: auto free lxc_add_state_client

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: auto close lxc_cmd_sock_get_state

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2866 from brauner/2019-02-19/cve-2019-5736-test

cve-2019-5736: add test

cve-2019-5736: add test

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2865 from brauner/2019-02-18/rexec_improve_fallbacks

rexec: try sendfile() fallback to fd_to_fd()

rexec: try sendfile() fallback to fd_to_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2864 from brauner/2019-02-18/rename_pointer_macros

tree-wide: s/steal_{fd,ptr}/move_{fd,ptr}/g

tree-wide: s/steal_fd/move_fd/g

Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/steal_ptr/move_ptr/g

Suggested-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2863 from brauner/2019-02-17/save_rexec

rexec: handle legacy kernels

[V2] rexec: handle legacy kernels

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "rexec: handle legacy kernels"

Broke Android

This reverts commit 8f350e637c0e8001398602a6b2f536de3905787d.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2862 from brauner/2019-02-17/save_rexec

cleanup macros and rexec fixes

rexec: use __do_close_prot_errno

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rexec: handle legacy kernels

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros lxc_cmd_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros lxc_cmd_init

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros lxc_cmd_accept()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros lxc_cmd_add_state_client

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros lxc_cmd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: use __do_close_prot_errno

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: introduce __do_close_prot_errno

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

macro: introduce steal_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup macros in lxc_cmd_console()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: move declaration into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-usernsexec: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-user-nic: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc-init: use cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup_utils: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: use __do_free

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: move variable into tighter scope

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2860 from stgraber/master

mount: Allow over-mounting

mount: Cleanup allow over-mounting

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2859 from stgraber/master

mount: Allow over-mounting

mount: Allow over-mounting

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #2857 from brauner/2019-02-15/tweak_log

log: fixes

network: do not log false friends

The netlink functions just return -1 and not specific negative errno values so
logging them doesn't make any sense.

Fixes: https://discuss.linuxcontainers.org/t/warning-in-the-container-log/4072/2
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: do not log devpts umount2() failure

We're not acting based on the return value so don't log anything.

Fixes: https://discuss.linuxcontainers.org/t/warning-in-the-container-log/4072/2
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2852 from brauner/2019-02-14/revert_simplify_argv_parsing

rexec: cmdline and environ parsing improvements

rexec: remove envp parsing in favour of environ

My first attempt to simplify this and make it less costly focussed on
the way constructors are called. I was under the impression that the ELF
specification mandated that arg, argv, and actually even envp need to be
passed to functions located in the .init_array section (aka
"constructors"). Actually, the specifications is (cf. [2]):

SHT_INIT_ARRAY
This section contains an array of pointers to initialization functions,
as described in ``Initialization and Termination Functions'' in Chapter
5. Each pointer in the array is taken as a parameterless procedure with
a void return.

which means that this becomes a libc specific decision. Glibc passes
down those args, musl doesn't. So this approach can't work. However, we
can at least remove the environment parsing part based on POSIX since
[1] mandates that there should be an environ variable defined in
unistd.h which provides access to the environment. See also the relevant
Open Group specification [1].

[1]: http://pubs.opengroup.org/onlinepubs/9699919799/
[2]: http://www.sco.com/developers/gabi/latest/ch4.sheader.html#init_array

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Revert "rexec: remove needless /proc/cmdline parsing"

The ELF binary spec does specify in [1]:

SHT_INIT_ARRAY
This section contains an array of pointers to initialization functions,
as described in ``Initialization and Termination Functions'' in Chapter
5. Each pointer in the array is taken as a parameterless procedure with
a void return.

which means libcs other than glibc might not pass down argc and argv to
constructors.

This reverts commit 0c816b346788afa9d601766e31544fdcce67d780.

[1]: http://www.sco.com/developers/gabi/latest/ch4.sheader.html#init_array

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2850 from brauner/2019-02-13/simplify_argv_parsing

rexec: remove needless /proc/cmdline parsing

rexec: remove needless /proc/cmdline parsing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2848 from 4383/improve-testing

apparmore: Improve testing on apparmor python script

apparmor: Improve testing on apparmor python script

Compare command output to already existing container-rules file

Signed-off-by: Hervé Beraud <hberaud@redhat.com>

Merge pull request #2847 from 4383/improve-lxc-generator

apparmor: catch config file opening error

apparmor: catch config file opening error

Improve config file error opening management
and improve main code block.

Execute this python script during CI to avoid
regressions

Signed-off-by: Hervé Beraud <hberaud@redhat.com>

Merge pull request #2846 from brauner/2019-02-12/CVE-2019-5736

rexec: make rexecution opt-in for library callers