raw_syscalls: define __NR_pidfd_send_signal if missing

On all architectures we care about it's 424.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix -g -u parameters for lxc-execute and lxc-attach

Closes #3188.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc_user_nic: don't depend on MAP_FIXED

as this breaks on sparc.

Closes #3262.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3295 from brauner/2020-03-15/fixes

smaller cleanups and simplifications

tree-wide: s/lxc_fini()/lxc_end()/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: remove "name" argument from lxc_{fini,abort}()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

{_}lxc_start: remove "name" argument

as it's directly available in the handler itself.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: add missing TRACE() call

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: better goto target naming in __lxc_start()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: rework cleanup code in __lxc_start()

This makes the goto labels slightly more convoluted but allows us to further
simplify the cleanup in lxc_init().

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: simplify lxc_init()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: don't wrap strings

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3294 from brauner/2020-03-15/fixes

memory_utils: improvements

tree-wide: remove last -1 fd initialization with cleanup macros in favor of -EBADF

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: s/__do_close_prot_errno/__do_close/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: adapt to new infrastructure

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: port cgroup cleanup to call_cleaner(cgroup_exit)

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

caps: port to call_cleaner() based cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: add call_cleaner() helper

This allows to trivially declare cleanup attributes on the fly.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3293 from brauner/2020-03-14/travis_enable_arches

travis: enable all architectures

travis: enable all architectures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

travis: remove libgnutls-dev

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3291 from brauner/2020-03-11/fixes

bugfixes

utils: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: cleanup macros and improvements

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3290 from brauner/2020-03-11/fixes

pidfds: switch infrastructure to rely on pidfds whenever possible

api-extensions: use correct headings

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: document "network_veth_router" api extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: reflow "seccomp_allow_nesting" api extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: reflow "seccomp_notify" api extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: reflow "cgroup2_devices" extensions

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: reflow "cgroup2" api extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

api-extensions: add "pidfd" api extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: switch to pidfd polling when shutting down containers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: switch to pidfds whenever possible

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: add ability to detect whether kernel supports pidfds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: add init_pidfd() API extension

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: LXC_CMD_GET_INIT_PIDFD

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer.h: document seccomp_notify_fd()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3289 from tenforward/japanese

doc: Add keyring options to Japanese lxc.containers.conf(5)

commands: use LXC_CMD_REAP_CLIENT_FD in lxc_cmd_get_cgroup2_fd_callback()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: add ability to audit fd connection and cleanup path

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: Fix typo

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge branch 'master' into japanese

doc: Add keyring options to Japanese lxc.containers.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #3288 from brauner/2020-03-11/fixes

commands: simplify lxc_cmd_fd_cleanup()

commands: simplify lxc_cmd_fd_cleanup()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3287 from brauner/2020-03-11/fixes

fixes

commands_utils: fix command socket hashing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

af_unix: fix return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: cleanup file descriptor closing

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3286 from brauner/2020-03-10/fixes

commands: make sure to always close the client fd

commands: make sure to always close the client fd

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3285 from brauner/2020-03-10/fixes

bugfixes

commands: improve state client cleanup

Improves: ebbca8529732 ("commands_utils: fix socket leak when adding state client")
Cc: Matthias Hardt <matthias.hardt@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: switch to pid_t to send around pid

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3283 from brauner/2020-03-10/fixes

bugfixes

share_ns: improve error handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

share_ns: improve error handling

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: handle libcs without fmemopen()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgfsng: use __do_free_string_list all over

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

file_utils: include stdio.h for fmemopen()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests/share_ns: always call pthread_exit()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3282 from brauner/2020-03-10/fixes

memory_utils: remove unneeded inclusion of mntent.h

memory_utils: remove unneeded inclusion of mntent.h

Fixes: Android
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3281 from brauner/2020-03-10/fixes

tree-wide: cleanup

cgroups: fix memory leak and simplify code

Closes #3252.
Reported-by: LiFeng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests/share_ns: bugfixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands_utils: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3279 from brauner/2020-03-04/improvements

bugfixes

tree-wide: more cleanup macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: increase cleanup macro usage

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: fix lxc-init build with clang-10

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: improve logging

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: make files cloexec whenever possible

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup various helpers

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use logging helpers when handling no new privileges

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use cleanup macros and logging helpers when fetching seccomp

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use LXC_INVALID_{G,U}ID macros

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: use cleanup macros in lxc_attach_getpwshell()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: fix fd leak

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroup2_devices: fix logic error

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: remove unused variables

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3280 from Piscolero/state_client_socket_leak_fix

commands_utils: fix socket leak when adding state client

commands_utils: fix socket leak when adding state client

If lxc_add_state_client() is called with the container already being in the desired state the client fd will never be closed and is leaking. This is due to setting stay_connected in lxc_cmd for LXC_CMD_ADD_STATE_CLIENT. If the desired state isn't already achieved the client fd will later be closed by calling lxc_cmd_fd_cleanup() but in the other case the client configuration isn't added to the handlers
state clients. So the client fd has to be closed explicitely.

This is simply tested by starting container A and calling lxc-wait -n A -s RUNNING.

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

Revert "commands_utils: fix socket leak in when adding state client"

This reverts commit d7aa5552448680c8ff7c4af8c19ea5dbd678e946.

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

Revert "commands_utils: indicate taking ownership of state_client_fd in"

This reverts commit cd0dc360ce740ba302dacc3dc70c6b20b2a5f794.

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

commands_utils: indicate taking ownership of state_client_fd in
lxc_add_state_client()

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

commands_utils: fix socket leak in when adding state client

If lxc_add_state_client() is called with the container already being in
the desired state the client fd will never be closed and is leaking.
This due to setting stay_connected in lxc_cmd for
LXC_CMD_ADD_STATE_CLIENT. If the desired state isn't already achieved
the client fd will later be closed by calling lxc_cmd_fd_cleanup() but
in the other case the client configuration isn't added to the handlers
state clients. So the client fd has to be closed explicitely.

This is simply tested by starting container A and calling lxc-wait -n A
-s RUNNING.

Signed-off-by: Matthias Hardt <matthias.hardt@gmail.com>

af_unix: cleanup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3278 from tomponline/tp-proxy-sleep

network: Adds short sleep between veth setup and neighbour proxy add

Merge pull request #3277 from tomponline/tp-router-netlink

network: Uses netlink for IP neighbour proxy management

network: Adds short sleep between veth setup and neighbour proxy add

There is an intermittent issue, experienced on at least Ubuntu 18.04 (5.3.0-40-generic) and Alpine 3.11 (5.4.12-1-virt) when using the router network interface type that causes the IP proxy neighbour entries on the host side of the veth pair to not be created.

The `ip neigh add proxy` command returns without an error, however by the time the network up hook has started the IP neighbour proxy entries are no longer there (if they ever were).

I've also tested this using netlink rather than the ip command to add and both are equally affected.

Adding a short sleep between setting up the veth pair and adding the proxy entries appears to fix it.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

network: Uses netlink for IP neighbour proxy management

Removes need for ip command when managing IP neighbour proxies.

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Merge pull request #3275 from brauner/2020-03-05/api_extension

utils: only move_fd() when fdopen() has been successful

utils: only move_fd() when fdopen() has been successful

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>