tests/lxc-attach: ensure no data corruption happens during heavy IO on pts

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>

lxc/{terminal, file_utils}: ensure complete data writes in ptx/peer io handlers

Previously, lxc_write_nointr could return without writing all data
when write() returned EAGAIN/EWOULDBLOCK due to buffer full conditions.

This change:
- Implements a loop to continue writing until all data is sent
- Handles EINTR, EAGAIN, and EWOULDBLOCK errors appropriately
- Uses poll() to wait for fd to become ready when blocked
- Maintains backward compatibility while fixing partial write issues

Signed-off-by: DreamConnected <1487442471@qq.com>
[ alex ]
- introduce a separate helper lxc_write_all and use it only in ptx/peer
  io handlers
- cleanup the code a bit
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>

Merge pull request #4631 from mihalicyn/io_uring_ci_test

github: test io_uring-based event loop

github: test io_uring-based event loop

Previously, I've added https://github.com/lxc/lxc-ci/pull/714,
but this stuff was lost during our switch to GH Actions
from Jenkins.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@futurfusion.io>

Merge pull request #4574 from attil1o/main

Improve build flow

build: update Makefile and meson.build

Update Makefile to use 'build' directory and add helper targets. Fix syntax error in meson.build.

Signed-off-by: Alessio Attilio <alessio.attilio@engineer.com>

Merge pull request #4629 from hallyn/2025-12-25/dbus-errors

Improve the dbus scope creation error handling

Improve the dbus scope creation error handling

If there is an actual dbus error, then return an error.  If we
have gotten a message that isn't what we are expecting, then keep
waiting.

Also put a time limit on our wiating for a reply.  Until now, we
were waiting indefinitely, causing the lxc monitor to hang.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4628 from hallyn/2025-12-23/fix-dbus-scope-reboot

cgfsng: fix reboots when using dbus

cgfsng: fix reboots when using dbus

When using dbus on a systemd system, we ask systemd to create a
"scope" for us to run in.  We send a dbus message, and wait
for the reply saying it is created.

When we reboot, we were re-sending the request to create the
scope.  However, the scope still exists, because or single
lxc-monitor (originally lxc-start) thread is still under the
'lxc.pivot' sub-directory of the scope.

But, on reboot, our lxc_conf already has our scope recorded!
So, just check whether that is set, and skip scope creation
if so.

With this patch, i can reboot ad nauseum with no apparent
problems.

We could probably move this check to the top of the function,
but for now this fixes the bug.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4616 from chackoj-1204/doc/unprivileged-containers-section

Added documentation on unprivileged LXC containers

Merge pull request #4626 from Filiprogrammer/fix-init-groups-in-userns

Do not ignore lxc.init.groups when using userns

Merge pull request #4624 from James-Featherston/issue-4514

Fix "lxc-copy with overlayfs throws an error"

copy_rdepends: Don't fail on missing source file

Signed-off-by: jamesfeatherston <jamesfeatherston@utexas.edu>

start: Respect lxc.init.groups also in new user namespace

Fix supplementary groups defined in 'lxc.init.groups' being ignored when
the container uses a new user namespace.

In other words: Fix lxc.init.groups for unprivileged containers.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

start: Remove outdated comment about group dropping

Commit b58214ac30bd (tree-wide: improve setgroups() dropping) moved the
group dropping code to occur before lxc_switch_uid_gid. Therefore this
comment is no longer correct.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

Merge pull request #4615 from chackoj-1204/meson-build-enable-api-docs

Add Meson option for enabling API documentation generation with Doxygen

Merge pull request #4625 from lxc/dependabot/github_actions/actions/upload-artifact-6

build(deps): bump actions/upload-artifact from 5 to 6

build(deps): bump actions/upload-artifact from 5 to 6

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 5 to 6.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Added documentation on unprivileged LXC containers

Co-developed-by: Jake Chacko <chackoj1204@gmail.com>
Co-developed-by: Rahik Sikder <sikder.rahik@gmail.com>
Signed-off-by: Jake Chacko <chackoj1204@gmail.com>

Merge pull request #4622 from Rahik-Sikder/lxc_create_rbd_user_option

added "--rbduser" option in "lxc-create -B rbd"

added doc for --rbduser

Signed-off-by: Rahik-Sikder <sikder.rahik@gmail.com>

added "--rbduser" option in "lxc-create -B rbd"

Co-developed-by: Rahik Sikder <sikder.rahik@gmail.com>
Co-developed-by: Jake Chacko <chackoj1204@gmail.com>
Signed-off-by: Rahik-Sikder <sikder.rahik@gmail.com>

Merge pull request #4621 from James-Featherston/issue-4577

Add checks for "lxc-net fails when kernel has no IPv6"

Merge pull request #4620 from yangh/run-dir-xdg

Fallback to XDG_RUNTIME_DIR when /run not found

Fallback to XDG_RUNTIME_DIR when /run not found

Instead of return null immediately when RUNTIME_PATH
not found, fallback to XDG_RUNTIME_DIR or HOME.

Signed-off-by: Hong YANG <hong.yang3@nio.com>

Merge pull request #4618 from yangh/main

checkonfig: Fixed compatible with toybox/gunzip

checkonfig: Fixed compatible with toybox/gunzip

gunzip in Android/toybox has no -q option.

Signed-off-by: Hong YANG <hong.yang3@nio.com>

Merge pull request #4617 from James-Featherston/issue-4580

Fix "initializer-string for character array is too long, array size is 16 but initializer has size 17" compile error with clang 21

Initial changes without testing

Signed-off-by: jamesfeatherston <jamesfeatherston@utexas.edu>

Enumerated all values in array

Signed-off-by: jamesfeatherston <jamesfeatherston@utexas.edu>

meson: add meson option for running doxygen in build

Co-developed-by: Jake Chacko <chackoj1204@gmail.com>
Co-developed-by: Rahik Sikder <sikder.rahik@gmail.com>
Signed-off-by: Jake Chacko <chackoj1204@gmail.com>

Merge pull request #4601 from FernandoPicazo/unfreeze_fix

Ensure do_lxcapi_unfreeze returns false when getstate errors

Merge pull request #4614 from jaeyoonjung/pr.musl2

build: Check if P_PIDFD is defined

build: Check if P_PIDFD is defined

It is defined in enum 'idtype_t' in some environment in which causes an
error like:
../git/src/lxc/process_utils.h:144:17: error: expected identifier before numeric constant
  144 | #define P_PIDFD 3
      |                 ^

Signed-off-by: Jaeyoon Jung <jaeyoon.jung@lge.com>

Merge pull request #4610 from lxc/dependabot/github_actions/actions/checkout-6

build(deps): bump actions/checkout from 5 to 6

build(deps): bump actions/checkout from 5 to 6

Bumps [actions/checkout](https://github.com/actions/checkout) from 5 to 6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Ensure do_lxcapi_unfreeze returns false when getstate errors

Signed-off-by: Fernando Picazo <fernando.picazo@outlook.com>

Merge pull request #4609 from ThomasLamprecht/apparmor-no-proc-sys-restrictions-if-nested

apparmor: skip /proc and /sys restrictions if nesting is enabled

apparmor: skip /proc and /sys restrictions if nesting is enabled

If nesting is enabled, it's already possible to mount your own
instance of both procfs and sysfs inside the container, so protecting
the "original" ones at /proc and /sys makes no sense, but breaks
certain nested container setups.

See: https://github.com/lxc/incus/pull/2624/commits/1fbe4bffb9748cc3b07aaf5db310d463c1e827d0

Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>

Merge pull request #4602 from arrowd/spec-fix

Update lxc.spec.in to use meson

Update lxc.spec.in to use meson

Signed-off-by: Gleb Popov <6yearold@gmail.com>

Merge pull request #4598 from gibmat/fix-apparmor-abstraction-generation

Fix meson build generation of apparmor container-base

config/apparmor/abstractions: Drop manually generated container-base file

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

config/apparmor/abstractions: Fix meson build generation of container-base

Previously, abstractions/container-base was a hand-generated concatenation of
two different files, abstractions/container-base.in and container-rules. This
was confusing, since the meson configuration didn't actually create
abstractions/container-base from abstractions/container-base.in. Now, the
previously manual step of creating abstractions/container-base is part of the
meson configure step.

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

Merge pull request #4599 from lxc/dependabot/github_actions/actions/upload-artifact-5

build(deps): bump actions/upload-artifact from 4 to 5

build(deps): bump actions/upload-artifact from 4 to 5

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #4596 from hallyn/2025-10-25/packaging

builds workflow: make .orig.tar.gz unique per build

builds workflow: make .orig.tar.gz unique per build

This way we can actually post the result to ppa for
various releases.

The package version previously was something like

6.0.0-0+daily~noble~202510260402

and now becomes

6.0.0~daily~noble~202510260402

So we s/-0+/~/ .  This way, we can use an orig tarball
named lxc_6.0.0~daily~jammy~202510260402.orig.tar.gz.
With the -0 after the version, debuild would only look
for lxc_6.0.0.orig.tar.gz.  6.0.0~daily will still be older
than any 6.0.0-0 or 6.0.0-1 that might legitimately get
pushed into the release.

Signed-off-by: Serge Hallyn <serge@hallyn.com>

Merge pull request #4569 from Container-On-Android/features

add MFD_NOEXEC_SEAL or MFD_EXEC by default if it‘s available

Merge pull request #4595 from stgraber/main

github: Drop focal source packages

github: Drop focal source packages

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

add MFD_EXEC and MFD_NOEXEC_SEAL flag to memfd_create

Signed-off-by: DreamConnected <1487442471@qq.com>
Co-Authored-By: Danny Lin <danny@kdrag0n.dev>

Merge pull request #4592 from stgraber/main

start: Only include linux/landlock.h when landlock is enabled

start: Only include linux/landlock.h when landlock is enabled

Closes #4591

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4590 from stribika/main

Automatically detect compression format in the lxc-local template

Automatically detect compression format in the lxc-local template

Signed-off-by: Stribik András <andras@stribik.technology>

Merge pull request #4581 from kadinsayani/fix/create-mount-target

lxccontainer: check if target exists before remove in create_mount_target()

lxccontainer: check if target exists before remove in create_mount_target()

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>

Merge pull request #4589 from rsyring/log-file-perms

Standardize log file create mode to 0640

Standardize log file create mode to 0640

refs: https://github.com/lxc/lxc/issues/4588
Signed-off-by: Randy Syring <randy@syrings.us>

Merge pull request #4584 from tenforward/japanese

doc: add lxc.environment.{runtime,hooks} in Japanese man page

doc: add lxc.environment.{runtime,hooks} in Japanese man page

Update for e0290fa

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Merge pull request #4583 from vishwasudupa/main

Enable systemd to create /var/lib/lxc at runtime with StateDirectory

Enable systemd to create /var/lib/lxc at runtime with StateDirectory

This change adds the StateDirectory= directive in the systemd
unit file to ensure that the /var/lib/lxc directory is
automatically created and managed by systemd during service startup.

The StateDirectory= option instructs systemd to create a persistent
state directory under /var/lib/. This is particularly useful in
scenarios where the directory may be missing at first boot — such as
on OSTree-based Linux distributions, which typically ship with
empty /var directory as part of their immutable root filesystem.

By adding StateDirectory=lxc, systemd will handle the creation of
/var/lib/lxc on first boot, ensuring that the service can start
reliably even when the directory is not present initially.

Signed-off-by: Vishwas Udupa <vudupa@qti.qualcomm.com>
Co-developed-by: Raghuvarya S <raghuvar@qti.qualcomm.com>

Merge pull request #4582 from Filiprogrammer/conf-env-split

conf: split `lxc.environment` into `runtime` and `hooks`

doc: add lxc.environment.{runtime, hooks}

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

api_extensions: add environment_runtime_hooks extension

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

conf: split `lxc.environment` into `runtime` and `hooks`

Introduce `lxc.environment.runtime` to set environment variables only
for the container init process and `lxc.environment.hooks` to set
environment variables only for hooks. Leave the original
`lxc.environment` unchanged. It still applies to everything.

Signed-off-by: Filip Schauer <f.schauer@proxmox.com>

Merge pull request #4579 from stgraber/main

Implement initial protection of LXC monitor using Landlock

github: Enable landlock in tests

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

start: Add Landlock restrictions to monitor

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

start: Make lxc_handler mainloop to run in thread

This allows applying Landlock restrictions just to the monitor handler.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

meson: Add optional landlock protection for monitor

This introduces a new optional security feature to the LXC monitor process.

With this enabled, the monitor API used for communication between the
CLI (or other clients) and the container monitor will now run in a
dedicated thread and have a Landlock policy applied to that thread.

The thread trick is required as the monitor process is also responsible
for running post-stop tasks (hooks) which need full privileges as well
as also handling full container reboots which similarly require full
privileges.

The policy is pretty simple at this point. It allows access to /dev/pts,
/dev/ptmx and /sys/fs/cgroup as those are the few paths that the monior
actually needs to open (as opposed to just handing out existing
filedescriptors).

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

commands: Fix indent

Mix of tab and spaces was making things a bit hard to read.

Signed-off-by: Stéphane Graber <stgraber@stgraber.org>

Merge pull request #4578 from kadinsayani/fix/broken-readme-link

README: update links

README: update links

Signed-off-by: Kadin Sayani <kadin.sayani@canonical.com>

Rename CONTRIBUTING to CONTRIBUTING.md

Signed-off-by: Alessio Attilio <226562783+SigAttilio@users.noreply.github.com>

README: Fix CI links

Signed-off-by: Alessio Attilio <226562783+SigAttilio@users.noreply.github.com>

Merge pull request #4571 from lxc/dependabot/github_actions/actions/checkout-5

build(deps): bump actions/checkout from 4 to 5

build(deps): bump actions/checkout from 4 to 5

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Merge pull request #4567 from mihalicyn/various_fixes_jul2025

A bunch of fixes (Jul 2025)

Merge pull request #4565 from Container-On-Android/features

lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU dis…

lxc/conf: do not leak opts.data memory in __lxc_idmapped_mounts_child()

Fixes: Coverity 1641425
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/network: null-terminate ifname string in lxc_network_recv_name_and_ifindex_from_child()

Fixes: Coverity 1486538
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/lxc-test-snapdeps: try to load overlay kernel module

We don't want test to be skipped just because overlay module
isn't loaded yet.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

tests/lxc-test-rootfs: add idmapped rootfs testcase

I've discovered that we have no test coverage for rootfs
"lxc.rootfs.options = idmap=container" at all.

Let's add this basic test at least.

Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4566 from mihalicyn/enter_net_ns_errors_fix

lxc/lxccontainer: stop printing misleading errors in enter_net_ns()

lxc/lxccontainer: stop printing misleading errors in enter_net_ns()

In enter_net_ns() we try to enter network namespace at first, before
entering a user namespace to support inherited netns case properly.
It is expected to get EPERM for unprivileged container with non-shared
network namespace at first try. Let's take this into account
and stop misleading users with these error messages.

Link: https://discuss.linuxcontainers.org/t/lxc-ls-fancy-command-shows-operation-not-permitted/24080
Fixes: 3011e79f92ef ("lxccontainer: fix enter_net_ns helper to work when netns is inherited")
Fixes: #4560
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

lxc/process_utils.h: use strsignal() or sys_siglist[] for Non-GNU distros

use strsignal() for Non-GNU and sys_siglist[] for nothing, even if sys_siglist[] has been marked as deprecated by Glibc

Signed-off-by: Li Lu <1487442471@qq.com>

Merge pull request #4564 from Container-On-Android/fix/meson.build

meson.build: fix checks for fsconfig and calls

meson.build: use has_header_symbol() instead of get_define() to improve compatibility

Signed-off-by: DreamConnected <1487442471@qq.com>

meson.build: fix checks for fsconfig and calls

move Headers checks up to Calls. keep fsconfig checks on openSUSE #4176

Signed-off-by: Li Lu <1487442471@qq.com>

Merge pull request #4557 from RomanGenexis/meson-specfile-distrosysconfdir

meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`

meson.build: set `LXC_DISTRO_SYSCONF` when `-Dspecfile=true`

Before the change, the `setup` meson step would fail when disabling the
`install-init-files` option:

$ meson setup -Dinstall-init-files=false build
<snip>
meson.build:936:44: ERROR: Entry LXC_DISTRO_SYSCONF not in configuration data.

This is because setting the `LXC_DISTRO_SYSCONF` option is conditional
and requires `install-init-files` to be enabled.

Meanwhile the `specfile` option (default enabled) also requires the
variable above, resulting in a failure when it is unset.

Amend the conditional to also set `LXC_DISTRO_SYSCONF` when `specfile`
option is `true`.

Fixes: 872db5424363 ("build: add more options for customizing install")
Signed-off-by: Roman Azarenko <roman.azarenko+gh@genexis.eu>

Merge pull request #4555 from gibmat/add-loong64-personality

Add loong64 to list of recognized architectures

Add loong64 to list of recognized architectures

Debian refers to the loong architecture as "loong64".

Signed-off-by: Mathias Gibbens <gibmat@debian.org>

Merge pull request #4554 from mihalicyn/no-new-privs-regression-fix

Revert (delay assumption of apparmor labels) to fix a regression

Revert "re-add onexec for apparmor, move label assumption until after container has been setup for attach"

This reverts commit 50dee37cfe3201ed51f477356f81941c960a5511.

Fixes: #4553
Bisected-by: Simon Deziel <simon.deziel@canonical.com>
Signed-off-by: Alexander Mikhalitsyn <aleksandr.mikhalitsyn@canonical.com>

Merge pull request #4552 from mihalicyn/fix_fuzzing_stuff

src/tests/oss-fuzz: pin meson to 1.7.2 to workaround build failures