Merge pull request #3694 from brauner/2021-02-24/fixes_2

src/lxc/Makefile.am

@@ -18,6 +18,7 @@ noinst_HEADERS = api_extensions.h \
 		 confile_utils.h \
 		 criu.h \
 		 error.h \
+		 error_utils.h \
 		 file_utils.h \
 		 ../include/netns_ifaddrs.h \
 		 initutils.h \
@@ -117,6 +118,7 @@ liblxc_la_SOURCES = af_unix.c af_unix.h \
 		    criu.c criu.h \
 		    error.c error.h \
 		    execute.c \
+		    error_utils.h \
 		    freezer.c \
 		    file_utils.c file_utils.h \
 		    ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \

src/lxc/attach.c

@@ -1641,7 +1641,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function,
 		ret = cgroup_attach(conf, name, lxcpath, pid);
 		if (ret) {
 			call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL;
-			if (ret != -ENOCGROUP2 && ret != -ENOSYS) {
+			if (!ERRNO_IS_NOT_SUPPORTED(ret)) {
 				SYSERROR("Failed to attach cgroup");
 				goto on_error;
 			}

src/lxc/cgroups/cgfsng.c

@@ -40,6 +40,7 @@
 #include "commands_utils.h"
 #include "conf.h"
 #include "config.h"
+#include "error_utils.h"
 #include "log.h"
 #include "macro.h"
 #include "mainloop.h"
@@ -103,7 +104,7 @@ static bool string_in_list(char **list, const char *entry)
 /* Given a handler's cgroup data, return the struct hierarchy for the controller
  * @c, or NULL if there is none.
  */
-static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *controller)
+static struct hierarchy *get_hierarchy(const struct cgroup_ops *ops, const char *controller)
 {
 	if (!ops->hierarchies)
 		return log_trace_errno(NULL, errno, "There are no useable cgroup controllers");
@@ -147,6 +148,38 @@ static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *contr
 	return ret_set_errno(NULL, ENOENT);
 }
 
+int prepare_cgroup_fd(const struct cgroup_ops *ops, struct cgroup_fd *fd, bool limit)
+{
+	int dfd;
+	const struct hierarchy *h;
+
+	h = get_hierarchy(ops, fd->controller);
+	if (!h)
+		return ret_errno(ENOENT);
+
+	/*
+	 * The client requested that the controller must be in a specific
+	 * cgroup version.
+	 */
+	if (fd->type != 0 && fd->type != h->fs_type)
+		return ret_errno(EINVAL);
+
+	if (limit)
+		dfd = h->dfd_con;
+	else
+		dfd = h->dfd_lim;
+	if (dfd < 0)
+		return ret_errno(EBADF);
+
+	fd->layout = ops->cgroup_layout;
+	fd->type = h->fs_type;
+	if (fd->type == UNIFIED_HIERARCHY)
+		fd->utilities = h->utilities;
+	fd->fd = dfd;
+
+	return 0;
+}
+
 /* Taken over modified from the kernel sources. */
 #define NBITS 32 /* bits in uint32_t */
 #define DIV_ROUND_UP(n, d) (((n) + (d)-1) / (d))
@@ -2057,7 +2090,7 @@ __cgfsng_ops static const char *cgfsng_get_cgroup(struct cgroup_ops *ops,
     return cgfsng_get_cgroup_do(ops, controller, false);
 }
 
-__cgfsng_ops static const char *cgfsng_get_limiting_cgroup(struct cgroup_ops *ops,
+__cgfsng_ops static const char *cgfsng_get_limit_cgroup(struct cgroup_ops *ops,
 							const char *controller)
 {
     return cgfsng_get_cgroup_do(ops, controller, true);
@@ -2369,7 +2402,7 @@ __cgfsng_ops static int cgfsng_get(struct cgroup_ops *ops, const char *filename,
 	if (p)
 		*p = '\0';
 
-	path = lxc_cmd_get_limiting_cgroup_path(name, lxcpath, controller);
+	path = lxc_cmd_get_limit_cgroup_path(name, lxcpath, controller);
 	/* not running */
 	if (!path)
 		return -1;
@@ -2531,7 +2564,7 @@ __cgfsng_ops static int cgfsng_set(struct cgroup_ops *ops,
 		return 0;
 	}
 
-	path = lxc_cmd_get_limiting_cgroup_path(name, lxcpath, controller);
+	path = lxc_cmd_get_limit_cgroup_path(name, lxcpath, controller);
 	/* not running */
 	if (!path)
 		return -1;
@@ -3336,7 +3369,7 @@ struct cgroup_ops *cgroup_ops_init(struct lxc_conf *conf)
 	cgfsng_ops->chown				= cgfsng_chown;
 	cgfsng_ops->mount 				= cgfsng_mount;
 	cgfsng_ops->devices_activate			= cgfsng_devices_activate;
-	cgfsng_ops->get_limiting_cgroup			= cgfsng_get_limiting_cgroup;
+	cgfsng_ops->get_limit_cgroup			= cgfsng_get_limit_cgroup;
 
 	cgfsng_ops->criu_escape				= cgfsng_criu_escape;
 	cgfsng_ops->criu_num_hierarchies		= cgfsng_criu_num_hierarchies;
@@ -3377,12 +3410,11 @@ static int __cgroup_attach_many(const struct lxc_conf *conf, const char *name,
 {
 	call_cleaner(put_cgroup_ctx) struct cgroup_ctx *ctx = &(struct cgroup_ctx){};
 	int ret;
-	char pidstr[INTTYPE_TO_STRLEN(pid_t)];
 	size_t idx;
 	ssize_t pidstr_len;
+	char pidstr[INTTYPE_TO_STRLEN(pid_t)];
 
-	ret = lxc_cmd_get_cgroup_ctx(name, lxcpath, NULL, true,
-				     sizeof(struct cgroup_ctx), ctx);
+	ret = lxc_cmd_get_cgroup_ctx(name, lxcpath, sizeof(struct cgroup_ctx), ctx);
 	if (ret < 0)
 		return ret_errno(ENOSYS);
 
@@ -3406,7 +3438,7 @@ static int __cgroup_attach_many(const struct lxc_conf *conf, const char *name,
 	if (idx == 0)
 		return syserrno_set(-ENOENT, "Failed to attach to cgroups");
 
-	TRACE("Attached to %s cgroup layout", cgroup_layout_name(ctx->cgroup_layout));
+	TRACE("Attached to %s cgroup layout", cgroup_layout_name(ctx->layout));
 	return 0;
 }
 
@@ -3420,7 +3452,7 @@ static int __cgroup_attach_unified(const struct lxc_conf *conf, const char *name
 
 	dfd_unified = lxc_cmd_get_cgroup2_fd(name, lxcpath);
 	if (dfd_unified < 0)
-		return ret_errno(ENOCGROUP2);
+		return ret_errno(ENOSYS);
 
 	return __unified_attach_fd(conf, dfd_unified, pid);
 }
@@ -3432,65 +3464,117 @@ int cgroup_attach(const struct lxc_conf *conf, const char *name,
 
 	ret = __cgroup_attach_many(conf, name, lxcpath, pid);
 	if (ret < 0) {
-		if (ret != -ENOSYS)
+		if (!ERRNO_IS_NOT_SUPPORTED(ret))
 			return ret;
 
 		ret = __cgroup_attach_unified(conf, name, lxcpath, pid);
+		if (ret < 0 && ERRNO_IS_NOT_SUPPORTED(ret))
+			return ret_errno(ENOSYS);
 	}
 
 	return ret;
 }
 
 /* Connects to command socket therefore isn't callable from command handler. */
-int cgroup_get(const char *name, const char *lxcpath,
-	       const char *filename, char *buf, size_t len)
+int cgroup_get(const char *name, const char *lxcpath, const char *key, char *buf, size_t len)
 {
-	__do_close int unified_fd = -EBADF;
-	ssize_t ret;
+	__do_close int dfd = -EBADF;
+	struct cgroup_fd fd = {
+		.fd = -EBADF,
+	};
+	size_t len_controller;
+	int ret;
 
-	if (is_empty_string(filename) || is_empty_string(name) ||
-	    is_empty_string(lxcpath))
+	if (is_empty_string(name) || is_empty_string(lxcpath) ||
+	    is_empty_string(key))
 		return ret_errno(EINVAL);
 
 	if ((buf && !len) || (len && !buf))
 		return ret_errno(EINVAL);
 
-	unified_fd = lxc_cmd_get_limiting_cgroup2_fd(name, lxcpath);
-	if (unified_fd < 0)
-		return ret_errno(ENOCGROUP2);
+	len_controller = strcspn(key, ".");
+	len_controller++; /* Don't forget the \0 byte. */
+	if (len_controller >= MAX_CGROUP_ROOT_NAMELEN)
+		return ret_errno(EINVAL);
+	(void)strlcpy(fd.controller, key, len_controller);
 
-	ret = lxc_read_try_buf_at(unified_fd, filename, buf, len);
-	if (ret < 0)
-		SYSERROR("Failed to read cgroup value");
+	ret = lxc_cmd_get_limit_cgroup_fd(name, lxcpath, sizeof(struct cgroup_fd), &fd);
+	if (ret < 0) {
+		if (!ERRNO_IS_NOT_SUPPORTED(ret))
+			return ret;
+
+		dfd = lxc_cmd_get_limit_cgroup2_fd(name, lxcpath);
+		if (dfd < 0) {
+			if (!ERRNO_IS_NOT_SUPPORTED(ret))
+				return ret;
+
+			return ret_errno(ENOSYS);
+		}
+		fd.type = UNIFIED_HIERARCHY;
+		fd.fd = move_fd(dfd);
+	}
+	dfd = move_fd(fd.fd);
+
+	TRACE("Reading %s from %s cgroup hierarchy", key, cgroup_hierarchy_name(fd.type));
+
+	if (fd.type == UNIFIED_HIERARCHY && strequal(fd.controller, "devices"))
+		return ret_errno(EOPNOTSUPP);
+	else
+		ret = lxc_read_try_buf_at(dfd, key, buf, len);
 
 	return ret;
 }
 
 /* Connects to command socket therefore isn't callable from command handler. */
-int cgroup_set(const char *name, const char *lxcpath,
-	       const char *filename, const char *value)
+int cgroup_set(const char *name, const char *lxcpath, const char *key, const char *value)
 {
-	__do_close int unified_fd = -EBADF;
-	ssize_t ret;
+	__do_close int dfd = -EBADF;
+	struct cgroup_fd fd = {
+		.fd = -EBADF,
+	};
+	size_t len_controller;
+	int ret;
 
-	if (is_empty_string(filename) || is_empty_string(value) ||
-	    is_empty_string(name) || is_empty_string(lxcpath))
+	if (is_empty_string(name) || is_empty_string(lxcpath) ||
+	    is_empty_string(key) || is_empty_string(value))
 		return ret_errno(EINVAL);
 
-	unified_fd = lxc_cmd_get_limiting_cgroup2_fd(name, lxcpath);
-	if (unified_fd < 0)
-		return ret_errno(ENOCGROUP2);
+	len_controller = strcspn(key, ".");
+	len_controller++; /* Don't forget the \0 byte. */
+	if (len_controller >= MAX_CGROUP_ROOT_NAMELEN)
+		return ret_errno(EINVAL);
+	(void)strlcpy(fd.controller, key, len_controller);
+
+	ret = lxc_cmd_get_limit_cgroup_fd(name, lxcpath, sizeof(struct cgroup_fd), &fd);
+	if (ret < 0) {
+		if (!ERRNO_IS_NOT_SUPPORTED(ret))
+			return ret;
+
+		dfd = lxc_cmd_get_limit_cgroup2_fd(name, lxcpath);
+		if (dfd < 0) {
+			if (!ERRNO_IS_NOT_SUPPORTED(ret))
+				return ret;
 
-	if (strnequal(filename, "devices.", STRLITERALLEN("devices."))) {
+			return ret_errno(ENOSYS);
+		}
+		fd.type = UNIFIED_HIERARCHY;
+		fd.fd = move_fd(dfd);
+	}
+	dfd = move_fd(fd.fd);
+
+	TRACE("Setting %s to %s in %s cgroup hierarchy", key, value, cgroup_hierarchy_name(fd.type));
+
+	if (fd.type == UNIFIED_HIERARCHY && strequal(fd.controller, "devices")) {
 		struct device_item device = {};
 
-		ret = device_cgroup_rule_parse(&device, filename, value);
+		ret = device_cgroup_rule_parse(&device, key, value);
 		if (ret < 0)
-			return log_error_errno(-1, EINVAL, "Failed to parse device string %s=%s", filename, value);
+			return log_error_errno(-1, EINVAL, "Failed to parse device string %s=%s",
+					       key, value);
 
 		ret = lxc_cmd_add_bpf_device_cgroup(name, lxcpath, &device);
 	} else {
-		ret = lxc_writeat(unified_fd, filename, value, strlen(value));
+		ret = lxc_writeat(dfd, key, value, strlen(value));
 	}
 
 	return ret;
@@ -3553,7 +3637,7 @@ int cgroup_freeze(const char *name, const char *lxcpath, int timeout)
 	if (is_empty_string(name) || is_empty_string(lxcpath))
 		return ret_errno(EINVAL);
 
-	unified_fd = lxc_cmd_get_limiting_cgroup2_fd(name, lxcpath);
+	unified_fd = lxc_cmd_get_limit_cgroup2_fd(name, lxcpath);
 	if (unified_fd < 0)
 		return ret_errno(ENOCGROUP2);
 
@@ -3578,7 +3662,7 @@ int cgroup_unfreeze(const char *name, const char *lxcpath, int timeout)
 	if (is_empty_string(name) || is_empty_string(lxcpath))
 		return ret_errno(EINVAL);
 
-	unified_fd = lxc_cmd_get_limiting_cgroup2_fd(name, lxcpath);
+	unified_fd = lxc_cmd_get_limit_cgroup2_fd(name, lxcpath);
 	if (unified_fd < 0)
 		return ret_errno(ENOCGROUP2);
 

src/lxc/cgroups/cgroup.h

@@ -56,15 +56,40 @@ typedef enum {
 	UNIFIED_HIERARCHY = CGROUP2_SUPER_MAGIC,
 } cgroupfs_type_magic_t;
 
+static inline const char *cgroup_hierarchy_name(cgroupfs_type_magic_t type)
+{
+	switch (type) {
+	case LEGACY_HIERARCHY:
+		return "legacy";
+	case UNIFIED_HIERARCHY:
+		return "unified";
+	}
+
+	return "unknown";
+}
+
 #define DEVICES_CONTROLLER (1U << 0)
 #define FREEZER_CONTROLLER (1U << 1)
 
+/*
+ * This is the maximum length of a cgroup controller in the kernel.
+ * This includes the \0 byte.
+ */
+#define MAX_CGROUP_ROOT_NAMELEN 64
+
 /* That's plenty of hierarchies. */
 #define CGROUP_CTX_MAX_FD 20
-// BUILD_BUG_ON(CGROUP_CTX_MAX_FD > KERNEL_SCM_MAX_FD);
+
+struct cgroup_fd {
+	__s32 layout;
+	__u32 utilities;
+	__s32 type;
+	__s32 fd;
+	char controller[MAX_CGROUP_ROOT_NAMELEN];
+} __attribute__((aligned(8)));
 
 struct cgroup_ctx {
-	__s32 cgroup_layout;
+	__s32 layout;
 	__u32 utilities;
 	__u32 fd_len;
 	__s32 fd[CGROUP_CTX_MAX_FD];
@@ -248,7 +273,7 @@ struct cgroup_ops {
 	bool (*monitor_delegate_controllers)(struct cgroup_ops *ops);
 	bool (*payload_delegate_controllers)(struct cgroup_ops *ops);
 	void (*finalize)(struct cgroup_ops *ops);
-	const char *(*get_limiting_cgroup)(struct cgroup_ops *ops, const char *controller);
+	const char *(*get_limit_cgroup)(struct cgroup_ops *ops, const char *controller);
 };
 
 __hidden extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf);
@@ -259,9 +284,9 @@ define_cleanup_function(struct cgroup_ops *, cgroup_exit);
 __hidden extern int cgroup_attach(const struct lxc_conf *conf, const char *name,
 				  const char *lxcpath, pid_t pid);
 __hidden extern int cgroup_get(const char *name, const char *lxcpath,
-                               const char *filename, char *buf, size_t len);
+                               const char *key, char *buf, size_t len);
 __hidden extern int cgroup_set(const char *name, const char *lxcpath,
-                               const char *filename, const char *value);
+			       const char *key, const char *value);
 __hidden extern int cgroup_freeze(const char *name, const char *lxcpath, int timeout);
 __hidden extern int cgroup_unfreeze(const char *name, const char *lxcpath, int timeout);
 __hidden extern int __cgroup_unfreeze(int unified_fd, int timeout);
@@ -311,11 +336,13 @@ static inline int prepare_cgroup_ctx(struct cgroup_ops *ops,
 		return ret_errno(ENOENT);
 
 	ctx->fd_len = idx;
-	ctx->cgroup_layout = ops->cgroup_layout;
+	ctx->layout = ops->cgroup_layout;
 	if (ops->unified && ops->unified->dfd_con > 0)
 		ctx->utilities = ops->unified->utilities;
 
 	return 0;
 }
+__hidden extern int prepare_cgroup_fd(const struct cgroup_ops *ops,
+				      struct cgroup_fd *fd, bool limit);
 
 #endif /* __LXC_CGROUP_H */

src/lxc/commands.h

@@ -21,7 +21,7 @@
 #define LXC_CMD_REAP_CLIENT_FD 1
 
 typedef enum {
-	LXC_CMD_CONSOLE				= 0,
+	LXC_CMD_GET_TTY_FD			= 0,
 	LXC_CMD_TERMINAL_WINCH			= 1,
 	LXC_CMD_STOP				= 2,
 	LXC_CMD_GET_STATE			= 3,
@@ -40,11 +40,13 @@ typedef enum {
 	LXC_CMD_UNFREEZE			= 16,
 	LXC_CMD_GET_CGROUP2_FD			= 17,
 	LXC_CMD_GET_INIT_PIDFD 			= 18,
-	LXC_CMD_GET_LIMITING_CGROUP		= 19,
-	LXC_CMD_GET_LIMITING_CGROUP2_FD		= 20,
+	LXC_CMD_GET_LIMIT_CGROUP		= 19,
+	LXC_CMD_GET_LIMIT_CGROUP2_FD		= 20,
 	LXC_CMD_GET_DEVPTS_FD			= 21,
 	LXC_CMD_GET_SECCOMP_NOTIFY_FD		= 22,
 	LXC_CMD_GET_CGROUP_CTX			= 23,
+	LXC_CMD_GET_CGROUP_FD			= 24,
+	LXC_CMD_GET_LIMIT_CGROUP_FD		= 25,
 	LXC_CMD_MAX,
 } lxc_cmd_t;
 
@@ -65,7 +67,7 @@ struct lxc_cmd_rr {
 	struct lxc_cmd_rsp rsp;
 };
 
-struct lxc_cmd_console_rsp_data {
+struct lxc_cmd_tty_rsp_data {
 	int ptxfd;
 	int ttynum;
 };
@@ -79,7 +81,8 @@ struct lxc_cmd_console_log {
 };
 
 __hidden extern int lxc_cmd_terminal_winch(const char *name, const char *lxcpath);
-__hidden extern int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath);
+__hidden extern int lxc_cmd_get_tty_fd(const char *name, int *ttynum, int *fd,
+				       const char *lxcpath);
 /*
  * Get the 'real' cgroup path (as seen in /proc/self/cgroup) for a container
  * for a particular subsystem
@@ -125,7 +128,6 @@ __hidden extern int lxc_cmd_console_log(const char *name, const char *lxcpath,
 					struct lxc_console_log *log);
 __hidden extern int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath);
 __hidden extern int lxc_cmd_get_cgroup_ctx(const char *name, const char *lxcpath,
-					   const char *controller, bool batch,
 					   size_t size_ret_ctx,
 					   struct cgroup_ctx *ret_ctx);
 __hidden extern int lxc_cmd_seccomp_notify_add_listener(const char *name, const char *lxcpath, int fd,
@@ -138,9 +140,18 @@ __hidden extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *
 __hidden extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout);
 __hidden extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout);
 __hidden extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath);
-__hidden extern char *lxc_cmd_get_limiting_cgroup_path(const char *name, const char *lxcpath,
+__hidden extern int lxc_cmd_get_cgroup_fd(const char *name, const char *lxcpath,
+					  size_t size_ret_fd,
+					  struct cgroup_fd *ret_fd);
+__hidden extern char *lxc_cmd_get_limit_cgroup_path(const char *name,
+						    const char *lxcpath,
 						    const char *subsystem);
-__hidden extern int lxc_cmd_get_limiting_cgroup2_fd(const char *name, const char *lxcpath);
+__hidden extern int lxc_cmd_get_limit_cgroup2_fd(const char *name,
+						 const char *lxcpath);
+__hidden extern int lxc_cmd_get_limit_cgroup_fd(const char *name,
+						const char *lxcpath,
+						size_t size_ret_fd,
+						struct cgroup_fd *ret_fd);
 __hidden extern int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath);
 
 #endif /* __commands_h */

src/lxc/criu.c

@@ -304,19 +304,19 @@ static int exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
 		 * the handler the restore task created.
 		 */
 		if (strequal(opts->action, "dump") || strequal(opts->action, "pre-dump")) {
-			cgroup_base_path = lxc_cmd_get_limiting_cgroup_path(opts->c->name, opts->c->config_path, controllers_list[0]);
+			cgroup_base_path = lxc_cmd_get_limit_cgroup_path(opts->c->name, opts->c->config_path, controllers_list[0]);
 			if (!cgroup_base_path)
-				return log_error_errno(-ENOENT, ENOENT, "Failed to retrieve limiting cgroup path for %s", controllers_list[0] ?: "(null)");
+				return log_error_errno(-ENOENT, ENOENT, "Failed to retrieve limit cgroup path for %s", controllers_list[0] ?: "(null)");
 		} else {
 			const char *p;
 
-			p = cgroup_ops->get_limiting_cgroup(cgroup_ops, controllers_list[0]);
+			p = cgroup_ops->get_limit_cgroup(cgroup_ops, controllers_list[0]);
 			if (!p)
-				return log_error_errno(-ENOENT, ENOENT, "Failed to retrieve limiting cgroup path for %s", controllers_list[0] ?: "(null)");
+				return log_error_errno(-ENOENT, ENOENT, "Failed to retrieve limit cgroup path for %s", controllers_list[0] ?: "(null)");
 
 			cgroup_base_path = strdup(p);
 			if (!cgroup_base_path)
-				return log_error_errno(-ENOMEM, ENOMEM, "Failed to duplicate limiting cgroup path");
+				return log_error_errno(-ENOMEM, ENOMEM, "Failed to duplicate limit cgroup path");
 		}
 
 		tmp = lxc_deslashify(cgroup_base_path);
@@ -393,7 +393,7 @@ static int exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf,
 		DECLARE_ARG("-t");
 		DECLARE_ARG(init_pid_str);
 
-		freezer_relative = lxc_cmd_get_limiting_cgroup_path(opts->c->name,
+		freezer_relative = lxc_cmd_get_limit_cgroup_path(opts->c->name,
 								 opts->c->config_path,
 								 "freezer");
 		if (!freezer_relative)

src/lxc/error_utils.h

+/* SPDX-License-Identifier: LGPL-2.1+ */
+
+#ifndef __LXC_ERROR_UTILS_H
+#define __LXC_ERROR_UTILS_H
+
+#include <stdbool.h>
+#define MAX_ERRNO 4095
+
+#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
+
+static inline void *ERR_PTR(long error)
+{
+	return (void *)error;
+}
+
+static inline long PTR_ERR(const void *ptr)
+{
+	return (long)ptr;
+}
+
+static inline long IS_ERR(const void *ptr)
+{
+	return IS_ERR_VALUE((unsigned long)ptr);
+}
+
+static inline long IS_ERR_OR_NULL(const void *ptr)
+{
+	return !ptr || IS_ERR_VALUE((unsigned long)ptr);
+}
+
+static inline void *ERR_CAST(const void *ptr)
+{
+	return (void *)ptr;
+}
+
+static inline int PTR_RET(const void *ptr)
+{
+	if (IS_ERR(ptr))
+		return PTR_ERR(ptr);
+	else
+		return 0;
+}
+
+/* Taken from Lennart tyvm. */
+#define CASE_F(X) case X:
+#define CASE_F_1(CASE, X) CASE_F(X)
+#define CASE_F_2(CASE, X, ...)  CASE(X) CASE_F_1(CASE, __VA_ARGS__)
+#define CASE_F_3(CASE, X, ...)  CASE(X) CASE_F_2(CASE, __VA_ARGS__)
+#define CASE_F_4(CASE, X, ...)  CASE(X) CASE_F_3(CASE, __VA_ARGS__)
+#define CASE_F_5(CASE, X, ...)  CASE(X) CASE_F_4(CASE, __VA_ARGS__)
+#define CASE_F_6(CASE, X, ...)  CASE(X) CASE_F_5(CASE, __VA_ARGS__)
+#define CASE_F_7(CASE, X, ...)  CASE(X) CASE_F_6(CASE, __VA_ARGS__)
+#define CASE_F_8(CASE, X, ...)  CASE(X) CASE_F_7(CASE, __VA_ARGS__)
+#define CASE_F_9(CASE, X, ...)  CASE(X) CASE_F_8(CASE, __VA_ARGS__)
+#define CASE_F_10(CASE, X, ...) CASE(X) CASE_F_9(CASE, __VA_ARGS__)
+#define CASE_F_11(CASE, X, ...) CASE(X) CASE_F_10(CASE, __VA_ARGS__)
+#define CASE_F_12(CASE, X, ...) CASE(X) CASE_F_11(CASE, __VA_ARGS__)
+#define CASE_F_13(CASE, X, ...) CASE(X) CASE_F_12(CASE, __VA_ARGS__)
+#define CASE_F_14(CASE, X, ...) CASE(X) CASE_F_13(CASE, __VA_ARGS__)
+#define CASE_F_15(CASE, X, ...) CASE(X) CASE_F_14(CASE, __VA_ARGS__)
+#define CASE_F_16(CASE, X, ...) CASE(X) CASE_F_15(CASE, __VA_ARGS__)
+#define CASE_F_17(CASE, X, ...) CASE(X) CASE_F_16(CASE, __VA_ARGS__)
+#define CASE_F_18(CASE, X, ...) CASE(X) CASE_F_17(CASE, __VA_ARGS__)
+#define CASE_F_19(CASE, X, ...) CASE(X) CASE_F_18(CASE, __VA_ARGS__)
+#define CASE_F_20(CASE, X, ...) CASE(X) CASE_F_19(CASE, __VA_ARGS__)
+
+#define GET_CASE_F(_1,_2,_3,_4,_5,_6,_7,_8,_9,_10,_11,_12,_13,_14,_15,_16,_17,_18,_19,_20,NAME,...) NAME
+#define FOR_EACH_MAKE_CASE(...) \
+        GET_CASE_F(__VA_ARGS__,CASE_F_20,CASE_F_19,CASE_F_18,CASE_F_17,CASE_F_16,CASE_F_15,CASE_F_14,CASE_F_13,CASE_F_12,CASE_F_11, \
+                               CASE_F_10,CASE_F_9,CASE_F_8,CASE_F_7,CASE_F_6,CASE_F_5,CASE_F_4,CASE_F_3,CASE_F_2,CASE_F_1) \
+                   (CASE_F,__VA_ARGS__)
+
+#define XCONCATENATE(x, y) x ## y
+#define CONCATENATE(x, y) XCONCATENATE(x, y)
+
+#define assert_static(expr)                                \
+	struct CONCATENATE(_assert_struct_, __COUNTER__) { \
+		char x[(expr) ? 0 : -1];                   \
+	}
+
+#define IN_SET(x, ...)                                                      \
+	({                                                                  \
+		bool _found = false;                                        \
+		static const long double __assert_in_set[] __lxc_unused = { \
+		    __VA_ARGS__};                                           \
+		assert_static(ARRAY_SIZE(__assert_in_set) <= 20);           \
+		switch (x) {                                                \
+			FOR_EACH_MAKE_CASE(__VA_ARGS__)                     \
+			_found = true;                                      \
+			break;                                              \
+		default:                                                    \
+			break;                                              \
+		}                                                           \
+		_found;                                                     \
+	})
+
+static inline bool ERRNO_IS_NOT_SUPPORTED(int r) {
+	return IN_SET(abs(r), EOPNOTSUPP, ENOSYS);
+}
+
+#endif /* __LXC_ERROR_UTILS_H */

src/lxc/file_utils.c

@@ -127,7 +127,7 @@ ssize_t lxc_read_try_buf_at(int dfd, const char *path, void *buf, size_t count)
 	__do_close int fd = -EBADF;
 	ssize_t ret;
 
-	fd = open_at(dfd, path, PROTECT_OPEN_W, PROTECT_LOOKUP_BENEATH, 0);
+	fd = open_at(dfd, path, PROTECT_OPEN, PROTECT_LOOKUP_BENEATH, 0);
 	if (fd < 0)
 		return -errno;
 

src/lxc/lxccontainer.c

@@ -3290,7 +3290,7 @@ static bool do_lxcapi_set_cgroup_item(struct lxc_container *c, const char *subsy
 		return false;
 
 	ret = cgroup_set(c->name, c->config_path, subsys, value);
-	if (ret == -ENOCGROUP2) {
+	if (ret < 0 && ERRNO_IS_NOT_SUPPORTED(ret)) {
 		cgroup_ops = cgroup_init(c->lxc_conf);
 		if (!cgroup_ops)
 			return false;
@@ -3315,7 +3315,7 @@ static int do_lxcapi_get_cgroup_item(struct lxc_container *c, const char *subsys
 		return -1;
 
 	ret = cgroup_get(c->name, c->config_path, subsys, retv, inlen);
-	if (ret == -ENOCGROUP2) {
+	if (ret < 0 && ERRNO_IS_NOT_SUPPORTED(ret)) {
 		cgroup_ops = cgroup_init(c->lxc_conf);
 		if (!cgroup_ops)
 			return -1;

src/lxc/macro.h

@@ -700,43 +700,6 @@ enum {
 		(b) = __tmp;           \
 	} while (0)
 
-#define MAX_ERRNO 4095
-
-#define IS_ERR_VALUE(x) unlikely((x) >= (unsigned long)-MAX_ERRNO)
-
-static inline void *ERR_PTR(long error)
-{
-	return (void *)error;
-}
-
-static inline long PTR_ERR(const void *ptr)
-{
-	return (long)ptr;
-}
-
-static inline long IS_ERR(const void *ptr)
-{
-	return IS_ERR_VALUE((unsigned long)ptr);
-}
-
-static inline long IS_ERR_OR_NULL(const void *ptr)
-{
-	return !ptr || IS_ERR_VALUE((unsigned long)ptr);
-}
-
-static inline void *ERR_CAST(const void *ptr)
-{
-	return (void *)ptr;
-}
-
-static inline int PTR_RET(const void *ptr)
-{
-	if (IS_ERR(ptr))
-		return PTR_ERR(ptr);
-	else
-		return 0;
-}
-
 #define min(x, y)                              \
 	({                                     \
 		typeof(x) _min1 = (x);         \

src/lxc/memory_utils.h

@@ -11,6 +11,7 @@
 #include <unistd.h>
 
 #include "macro.h"
+#include "error_utils.h"
 
 #define define_cleanup_function(type, cleaner)           \
 	static inline void cleaner##_function(type *ptr) \

src/lxc/terminal.c

@@ -1078,7 +1078,7 @@ int lxc_terminal_ptx_cb(int fd, uint32_t events, void *cbdata,
 
 int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *ptxfd)
 {
-	return lxc_cmd_console(c->name, ttynum, ptxfd, c->config_path);
+	return lxc_cmd_get_tty_fd(c->name, ttynum, ptxfd, c->config_path);
 }
 
 int lxc_console(struct lxc_container *c, int ttynum,
@@ -1094,7 +1094,7 @@ int lxc_console(struct lxc_container *c, int ttynum,
 	};
 	int istty = 0;
 
-	ttyfd = lxc_cmd_console(c->name, &ttynum, &ptxfd, c->config_path);
+	ttyfd = lxc_cmd_get_tty_fd(c->name, &ttynum, &ptxfd, c->config_path);
 	if (ttyfd < 0)
 		return -1;