travis: coverity gets confused about the %m printf extension in glibc

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3383 from brauner/2020-04-15/fixes

log: set GNU_SOURCE as it might help coverity along

log: set GNU_SOURCE as it might help coverity along

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3382 from brauner/2020-04-15/fixes

conf: correctly cleanup memory in get_minimal_idmap()

conf: correctly cleanup memory in get_minimal_idmap()

Fixes: Coverity 1461760.
Fixes: Coverity 1461762.
Fixes: Coverity 1461763.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3381 from brauner/2020-04-15/fixes

fixes

rexec: free argv array on failure

Fixes: Coverity 1461736.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: move check for valid config earlier

Fixes: Coverity 1461735.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: restore non-local value

Fixes: Coverity 1461734.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: log warning on network deconfiguration failures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

commands: add additional check to lxc_cmd_sock_get_state()

to please Coverity.

Fixes: Coverity 1461732.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

zfs: fix resource leak

Fixes: Coverity 1461730.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

criu: make explicit that we're ignoring rmdir() return value

Fixes: Coverity 1461726.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: don't double free in get_minimal_idmap()

Fixes: Coverity 1461725.
Fixes: Coverity 1461727.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: use correct NULL pointer check

Fixes: Coverity 1461722.
Fixes: Coverity 1461737.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

rexec: avoid double-close

Fixes: Coverity 1461721.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: fix cgroup2 devices

Fixes: Coverity 1461748.
Fixes: Coverity 1461746.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

uuid: close fd

Fixes: Coverity 1461751.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: do not pass NULL pointer

Fixes: Coverity 1461752.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3380 from brauner/2020-04-15/fixes

fixes

conf: fix tty cleanup

Fixes: Coverity 1461755.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

memory_utils: directly NULL ptr in free_disarm()

This should keep coverity happy.

Fixes: Coverity 1461757.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3379 from brauner/upstream/master

travis: add back coverity

travis: add back coverity

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3378 from brauner/2020-04-13/fixes

cgroups: adhere to boolean return

cgroups: adhere to boolean return

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3377 from lifeng68/fix_cgroup_exit

cgroup: fix wrong use of cgfd_con in cgroup_exit

cgroup: fix wrong use of cgfd_con in cgroup_exit

Signed-off-by: LiFeng <lifeng68@huawei.com>

Merge pull request #3376 from toddnni/lxc-oci-fix

Fix lxc-oci template with loop backingstore

Fix lxc-oci template with loop backingstore

Move the content of rootfs inside OCI package to rootfs instead of
replacing it, as the directory is used as the mountpoint.

Tested with directory and loop backingstore.

Signed-off-by: Toni Ylenius <toni.ylenius@iki.fi>

Merge pull request #3375 from brauner/2020-04-12/fixes

cgroups: ignore legacy limits on pure cgroup2 systems

Merge pull request #3374 from stgraber/master

tests/no-new-privs: Don't mess with /etc/lxc

cgroups: ignore legacy limits on pure cgroup2 systems

Link: https://github.com/lxc/lxc/issues/3183#issuecomment-612462322
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests/no-new-privs: Don't mess with /etc/lxc

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #3370 from stgraber/master

lxc-update-config: Fix bad handling of lxc.logfile

lxc-update-config: Fix bad handling of lxc.logfile

Closes #3369

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge pull request #3368 from brauner/2020-04-09/fixes

fixes

conf: move_ptr() in all cases in mapped_hostid_add()

Closes #3366.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3367 from tomponline/tp-nic-ipvlan

src/lxc/network: ipvlan comment and code style tweak

conf: use macros all around in lxc_map_ids()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: tweak get_minimal_idmap()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

src/lxc/network: ipvlan comment and code style tweak

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Merge pull request #3365 from albatross0/ipvlan_l2

network: Make it possible to set the mode of IPVLAN to L2

network: Make it possible to set the mode of IPVLAN to L2

Signed-off-by: KUWAZAWA Takuya <albatross0@gmail.com>

Merge pull request #3362 from brauner/2020-04-07/fixes

lxc_user_nic: fixes

seccomp: newer kernels require the buffer to be zeroed

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: whitespace fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc_user_nic: continue when we failed to find a group

Closes #3361.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxc_user_nic: simplify group retrieval

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3360 from brauner/2020-04-07/fixes

start: ensure all file descriptors are closed during exec

syscall_numbers: handle riscv

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: ensure all file descriptors are closed during exec

Closes https://github.com/checkpoint-restore/criu/issues/1011.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3359 from Blub/legacy-devices-isolation-change

cgroup isolation: handle devices cgroup early

cgroup isolation: handle devices cgroup early

Otherwise we cannot use an 'a' entry in devices.deny/allow
as these are not permitted once a subdirectory was created.

Without isolation we initialize the devices cgroup
particularly late, so there are probably cases which cannot
work with isolation.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #3357 from Blub/cgroup-isolation-fixes

Cgroup isolation fixes

get the right path in get_cgroup command

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

confile: fix jump table order

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #3356 from tenforward/japanese

doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man

doc: Add lxc.cgroup.dir.{monitor,container,container.inner} to Japanese man

Update for commit a900cba

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #3355 from brauner/2020-04-04/fixes

api-extensions: add and document cgroup_advanced_isolation

api-extensions: add and document cgroup_advanced_isolation

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3353 from Blub/lxc.cgroup.dir-components

 introduce lxc.cgroup.dir.{monitor,container,container.inner}

confile: coding style fixes for set_config_cgroup_container_inner_dir()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

doc: s/lxc.cgroup.container.namespace/lxc.cgroup.container.inner/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: remove unused variable

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

introduce lxc.cgroup.dir.{monitor,container,container.inner}

This is a new approach to #1302 with a container-side
configuration instead of a global boolean flag.

Contrary to the previous PR using an optional additional
parameter for the get-cgroup command, this introduces two
new additional commands to get the limiting cgroup path and
cgroup2 file descriptor. If the limiting option is not in
use, these behave identical to their full-path counterparts.

If these variables are used the payload will end up in the
concatenation of lxc.cgroup.dir.container and
lxc.cgroup.dir.container.inner (which may be empty), and the
monitor will end up in lxc.cgruop.dir.monitor. The
directories are fixed, no retry count logic is applied,
failing to create these directories will simply be a hard
error.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #3352 from Blub/readd-cgroup-ops-check

Revert "start: remove unnecessary check for valid cgroup_ops"

Revert "start: remove unnecessary check for valid cgroup_ops"

This reverts commit 52520e4f793f73e5956c2d9de9c83f074622ce1d.

This can be NULL when there's a pre-start hook which fails.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #3350 from brauner/2020-04-02/fixes

lxccontainer: poll takes millisecond not seconds

lxccontainer: poll takes millisecond not seconds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3349 from cyphar/cgfsng-uninitialised-2

cgroups: fix build warning on GCC 7

cgroups: fix build warning on GCC 7

GCC 7 appears to be clever enough to detect that transient_len is
uninitialised but not that it won't be used despite [1]. Just initialise
it to zero to stop the complaining, and allow LXC to build on openSUSE
Leap.

[1]: 346830421a96 ("cgroups: fix "uninitialized transient_len" warning")

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

Merge pull request #3348 from brauner/2020-04-02/fixes

fixes

utils: use setres{u,g}id() in lxc_switch_uid_gid()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

utils: rework fix_stdio_permissions()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3344 from gaohuatao-1/master

fix non-root user cannot write /dev/stdout

Merge pull request #3347 from cyphar/cgfsng-uninitialised

cgroups: fix "uninitialized transient_len" warning

cgroups: fix "uninitialized transient_len" warning

Without this change, a build error is triggered if you compile with
-Werror=maybe-uninitialized.

 cgroups/cgfsng.c: In function 'cgfsng_monitor_enter':
 groups/cgfsng.c:1387:9: error: 'transient_len' may be used uninitialized in this function
    ret = lxc_writeat(h->cgfd_mon, "cgroup.procs", transient, transient_len);
          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The issue is that if handler->transient_pid is 0, then transient_len is
uninitialised but lxc_writeat(..., transient_len) still gets called.

Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>

Merge pull request #3346 from stgraber/master

systemd: Add Documentation key

Merge pull request #3345 from brauner/2020-03-30/fixes

fixes

systemd: Add Documentation key

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

autotools: don't install run-coccinelle.sh

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3343 from Blub/apparmor-mount-rule-generation

apparmor: generate ro,bind,remount rule list

apparmor: generate ro,bind,remount rule list

and update to changes based on lxd

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

fix non-root user cannot write /dev/stdout

Signed-off-by: gaohuatao <gaohuatao@huawei.com>

Merge pull request #3341 from Blub/upstream-exec-reload

init: add ExecReload to lxc.service to only reload profiles

Merge pull request #3342 from Blub/upstream-monitord-service

allow running lxc-monitord as a system daemon

allow running lxc-monitord as a system daemon

lxc-monitord instances are spawned on demand and, if this
happens from a service, the daemon is considered part of
it by systemd, as it is running in the same cgroups. This
can be avoided by leaving it running permanently.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

init: add ExecReload to lxc.service to only reload profiles

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

start: remove unnecessary check for valid cgroup_ops

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3340 from brauner/2020-03-30/fixes

cgroups: handle older kernels (e.g. v4.9)

cgroups: send two fds to attach to unified cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: send two attach fds

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: log error when failing to create cgroup

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: handle older kernels (e.g. v4.9)

On olders kernels the restrictions to move processes between cgroups are
different than they are on newer kernels. Specifically, we're running into the
following check:

if (!uid_eq(cred->euid, GLOBAL_ROOT_UID) &&
    !uid_eq(cred->euid, tcred->uid) &&
    !uid_eq(cred->euid, tcred->suid))
        ret = -EACCES;

which dictates that in order to move a process into a cgroup one either needs
to be global root (no restrictions apply) or the effective uid of the process
trying to move the process and the {saved}uid of the process that is supposed
to be moved need to be identical. The new attaching logic we did didn't
fulfill this criterion for because it's not present on new kernels.

Closes https://github.com/lxc/lxd/issues/7104.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #3339 from Blub/cmd-get-cgroup-string-termination

verify cgroup controller name

verify cgroup controller name

validate that a cgroup controller name is a valid
zero-terminated string before passing it to
`cgroup_ops->get_cgroup()`.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Merge pull request #3338 from brauner/2020-03-28/fixes

tree-wide: fixes

tree-wide: s/recursive_destroy/lxc_rm_rf/g

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

cgroups: better helper naming

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>