Merge pull request #1596 from brauner/2017-05-29/fix_parsing

src/lxc/commands.c

@@ -534,14 +534,18 @@ static int lxc_cmd_get_config_item_callback(int fd, struct lxc_cmd_req *req,
 	int cilen;
 	struct lxc_cmd_rsp rsp;
 	char *cidata;
+	struct lxc_config_t *item;
 
 	memset(&rsp, 0, sizeof(rsp));
-	cilen = lxc_get_config_item(handler->conf, req->data, NULL, 0);
+	item = lxc_getconfig(req->data);
+	if (!item)
+		goto err1;
+	cilen = item->get(req->data, NULL, 0, handler->conf);
 	if (cilen <= 0)
 		goto err1;
 
 	cidata = alloca(cilen + 1);
-	if (lxc_get_config_item(handler->conf, req->data, cidata, cilen + 1) != cilen)
+	if (item->get(req->data, cidata, cilen + 1, handler->conf) != cilen)
 		goto err1;
 	cidata[cilen] = '\0';
 	rsp.data = cidata;

src/lxc/conf.c

@@ -4565,7 +4565,7 @@ static inline void lxc_clear_aliens(struct lxc_conf *conf)
 	}
 }
 
-static inline void lxc_clear_includes(struct lxc_conf *conf)
+void lxc_clear_includes(struct lxc_conf *conf)
 {
 	struct lxc_list *it,*next;
 
@@ -4961,82 +4961,3 @@ struct lxc_list *sort_cgroup_settings(struct lxc_list* cgroup_settings)
 
 	return result;
 }
-
-int lxc_clear_simple_config_item(struct lxc_conf *c, const char *key)
-{
-	if (strcmp(key, "lxc.utsname") == 0) {
-		free(c->utsname);
-		c->utsname = NULL;
-	} else if (strcmp(key, "lxc.arch") == 0) {
-		c->personality = -1;
-	} else if (strcmp(key, "lxc.haltsignal") == 0) {
-		c->haltsignal = 0;
-	} else if (strcmp(key, "lxc.rebootsignal") == 0) {
-		c->rebootsignal = 0;
-	} else if (strcmp(key, "lxc.stopsignal") == 0) {
-		c->stopsignal = 0;
-	} else if (strcmp(key, "lxc.init_cmd") == 0) {
-		free(c->init_cmd);
-		c->init_cmd = NULL;
-	} else if (strcmp(key, "lxc.init_uid") == 0) {
-		c->init_uid = 0;
-	} else if (strcmp(key, "lxc.init_gid") == 0) {
-		c->init_gid = 0;
-	} else if (strcmp(key, "lxc.ephemeral") == 0) {
-		c->ephemeral = 0;
-	} else if (strcmp(key, "lxc.console.logfile") == 0) {
-		free(c->console.log_path);
-		c->console.log_path = NULL;
-	} else if (strcmp(key, "lxc.console") == 0) {
-		free(c->console.path);
-		c->console.path = NULL;
-	} else if (strcmp(key, "lxc.tty") == 0) {
-		c->tty = 0;
-	} else if (strcmp(key, "lxc.devttydir") == 0) {
-		free(c->ttydir);
-		c->ttydir = NULL;
-	} else if (strcmp(key, "lxc.autodev") == 0) {
-		c->autodev = 1;
-	} else if (strcmp(key, "lxc.kmsg") == 0) {
-		c->kmsg = 0;
-	} else if (strcmp(key, "lxc.mount") == 0) {
-		free(c->fstab);
-		c->fstab = NULL;
-	} else if (strcmp(key, "lxc.rootfs") == 0) {
-		free(c->rootfs.path);
-		c->rootfs.path = NULL;
-	} else if (strcmp(key, "lxc.rootfs.mount") == 0) {
-		free(c->rootfs.mount);
-		c->rootfs.mount = NULL;
-	} else if (strcmp(key, "lxc.rootfs.options") == 0) {
-		free(c->rootfs.options);
-		c->rootfs.options = NULL;
-	} else if (strcmp(key, "lxc.rootfs.backend") == 0) {
-		free(c->rootfs.bdev_type);
-		c->rootfs.bdev_type = NULL;
-	} else if (strcmp(key, "lxc.aa_profile") == 0) {
-		free(c->lsm_aa_profile);
-		c->lsm_aa_profile = NULL;
-	} else if (strcmp(key, "lxc.aa_allow_incomplete") == 0) {
-		c->lsm_aa_allow_incomplete = 0;
-	} else if (strcmp(key, "lxc.se_context") == 0) {
-		free(c->lsm_se_context);
-		c->lsm_se_context = NULL;
-	} else if (strcmp(key, "lxc.seccomp") == 0) {
-		free(c->seccomp);
-		c->seccomp = NULL;
-	} else if (strcmp(key, "lxc.loglevel") == 0) {
-		c->loglevel = LXC_LOG_PRIORITY_NOTSET;
-	} else if (strcmp(key, "lxc.logfile") == 0) {
-		free(c->logfile);
-		c->logfile = NULL;
-	} else if (strcmp(key, "lxc.monitor.unshare") == 0) {
-		c->monitor_unshare = 0;
-	} else if (strcmp(key, "lxc.pts") == 0) {
-		c->pts = 0;
-	} else {
-		return -1;
-	}
-
-	return 0;
-}

src/lxc/conf.h

@@ -453,7 +453,7 @@ extern int lxc_clear_groups(struct lxc_conf *c);
 extern int lxc_clear_environment(struct lxc_conf *c);
 extern int lxc_clear_limits(struct lxc_conf *c, const char *key);
 extern int lxc_delete_autodev(struct lxc_handler *handler);
-extern int lxc_clear_simple_config_item(struct lxc_conf *c, const char *key);
+extern void lxc_clear_includes(struct lxc_conf *conf);
 
 extern int do_rootfs_setup(struct lxc_conf *conf, const char *name,
 			   const char *lxcpath);

src/lxc/confile.h

@@ -31,10 +31,14 @@
 struct lxc_conf;
 struct lxc_list;
 
-typedef int (*config_cb)(const char *, const char *, struct lxc_conf *);
+typedef int (*config_set_cb)(const char *, const char *, struct lxc_conf *);
+typedef int (*config_get_cb)(const char *, char *, int, struct lxc_conf *);
+typedef int (*config_clr_cb)(const char *key, struct lxc_conf *c);
 struct lxc_config_t {
 	char *name;
-	config_cb cb;
+	config_set_cb set;
+	config_get_cb get;
+	config_clr_cb clr;
 };
 
 extern struct lxc_config_t *lxc_getconfig(const char *key);
@@ -51,7 +55,6 @@ extern int lxc_config_define_load(struct lxc_list *defines,
 extern signed long lxc_config_parse_arch(const char *arch);
 extern int lxc_fill_elevated_privileges(char *flaglist, int *flags);
 
-extern int lxc_get_config_item(struct lxc_conf *c, const char *key, char *retv, int inlen);
 extern int lxc_clear_config_item(struct lxc_conf *c, const char *key);
 extern void write_config(FILE *fout, struct lxc_conf *c);
 

src/lxc/lxccontainer.c

@@ -1676,17 +1676,27 @@ static void do_clear_unexp_config_line(struct lxc_conf *conf, const char *key)
 		WARN("Error clearing configuration for %s", key);
 }
 
-static bool do_lxcapi_clear_config_item(struct lxc_container *c, const char *key)
+static bool do_lxcapi_clear_config_item(struct lxc_container *c,
+					const char *key)
 {
-	int ret;
+	int ret = 1;
+	struct lxc_config_t *config;
 
 	if (!c || !c->lxc_conf)
 		return false;
+
 	if (container_mem_lock(c))
 		return false;
-	ret = lxc_clear_config_item(c->lxc_conf, key);
+
+	config = lxc_getconfig(key);
+	/* Verify that the config key exists and that it has a callback
+	 * implemented.
+	 */
+	if (config && config->clr)
+		ret = config->clr(key, c->lxc_conf);
 	if (!ret)
 		do_clear_unexp_config_line(c->lxc_conf, key);
+
 	container_mem_unlock(c);
 	return ret == 0;
 }
@@ -1985,13 +1995,22 @@ WRAP_API_3(char **, lxcapi_get_ips, const char *, const char *, int)
 
 static int do_lxcapi_get_config_item(struct lxc_container *c, const char *key, char *retv, int inlen)
 {
-	int ret;
+	int ret = -1;
+	struct lxc_config_t *config;
 
 	if (!c || !c->lxc_conf)
 		return -1;
+
 	if (container_mem_lock(c))
 		return -1;
-	ret = lxc_get_config_item(c->lxc_conf, key, retv, inlen);
+
+	config = lxc_getconfig(key);
+	/* Verify that the config key exists and that it has a callback
+	 * implemented.
+	 */
+	if (config && config->get)
+		ret = config->get(key, retv, inlen, c->lxc_conf);
+
 	container_mem_unlock(c);
 	return ret;
 }
@@ -2461,7 +2480,7 @@ static bool set_config_item_locked(struct lxc_container *c, const char *key, con
 	config = lxc_getconfig(key);
 	if (!config)
 		return false;
-	if (config->cb(key, v, c->lxc_conf) != 0)
+	if (config->set(key, v, c->lxc_conf) != 0)
 		return false;
 	return do_append_unexp_config_line(c->lxc_conf, key, v);
 }

src/lxc/utils.c

@@ -2021,6 +2021,29 @@ int lxc_safe_uint(const char *numstr, unsigned int *converted)
 	return 0;
 }
 
+int lxc_safe_ulong(const char *numstr, unsigned long *converted)
+{
+	char *err = NULL;
+	unsigned long int uli;
+
+	while (isspace(*numstr))
+		numstr++;
+
+	if (*numstr == '-')
+		return -EINVAL;
+
+	errno = 0;
+	uli = strtoul(numstr, &err, 0);
+	if (errno == ERANGE && uli == ULONG_MAX)
+		return -ERANGE;
+
+	if (err == numstr || *err != '\0')
+		return -EINVAL;
+
+	*converted = uli;
+	return 0;
+}
+
 int lxc_safe_int(const char *numstr, int *converted)
 {
 	char *err = NULL;

src/lxc/utils.h

@@ -340,6 +340,7 @@ bool task_blocking_signal(pid_t pid, int signal);
 int lxc_safe_uint(const char *numstr, unsigned int *converted);
 int lxc_safe_int(const char *numstr, int *converted);
 int lxc_safe_long(const char *numstr, long int *converted);
+int lxc_safe_ulong(const char *numstr, unsigned long *converted);
 
 /* Switch to a new uid and gid. */
 int lxc_switch_uid_gid(uid_t uid, gid_t gid);

src/tests/Makefile.am

@@ -24,6 +24,7 @@ lxc_test_attach_SOURCES = attach.c
 lxc_test_device_add_remove_SOURCES = device_add_remove.c
 lxc_test_apparmor_SOURCES = aa.c
 lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h
+lxc_test_parse_config_file_SOURCES = parse_config_file.c lxctest.h
 
 AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
 	-DLXCPATH=\"$(LXCPATH)\" \
@@ -51,7 +52,7 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests lxc-test-startone \
 	lxc-test-cgpath lxc-test-clonetest lxc-test-console \
 	lxc-test-snapshot lxc-test-concurrent lxc-test-may-control \
 	lxc-test-reboot lxc-test-list lxc-test-attach lxc-test-device-add-remove \
-	lxc-test-apparmor lxc-test-utils
+	lxc-test-apparmor lxc-test-utils lxc-test-parse-config-file
 
 bin_SCRIPTS = lxc-test-automount \
 	      lxc-test-autostart \
@@ -101,6 +102,7 @@ EXTRA_DIST = \
 	lxc-test-unpriv \
 	lxc-test-utils.c \
 	may_control.c \
+	parse_config_file.c \
 	saveconfig.c \
 	shutdowntest.c \
 	snapshot.c \
@@ -108,3 +110,4 @@ EXTRA_DIST = \
 
 clean-local:
 	rm -f lxc-test-utils-*
+	rm -f lxc-parse-config-file-*

src/tests/parse_config_file.c

+/* liblxcapi
+ *
+ * Copyright © 2017 Christian Brauner <christian.brauner@ubuntu.com>.
+ * Copyright © 2017 Canonical Ltd.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2, as
+ * published by the Free Software Foundation.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+#include <lxc/lxccontainer.h>
+
+#include <unistd.h>
+#include <signal.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <sys/types.h>
+#include <sys/wait.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <string.h>
+
+#include "lxc/state.h"
+#include "lxctest.h"
+
+static int set_get_compare_clear_save_load(struct lxc_container *c,
+					   const char *key, const char *value,
+					   const char *config_file,
+					   bool compare)
+{
+	char retval[4096] = {0};
+	int ret;
+
+	if (!c->set_config_item(c, key, value)) {
+		lxc_error("failed to set config item \"%s\" to \"%s\"\n", key,
+			  value);
+		return -1;
+	}
+
+	ret = c->get_config_item(c, key, retval, sizeof(retval));
+	if (ret < 0) {
+		lxc_error("failed to get config item \"%s\"\n", key);
+		return -1;
+	}
+
+	if (compare) {
+		ret = strcmp(retval, value);
+		if (ret != 0) {
+			lxc_error(
+			    "expected value \"%s\" and retrieved value \"%s\" "
+			    "for config key \"%s\" do not match\n",
+			    value, retval, key);
+			return -1;
+		}
+	}
+
+	if (config_file) {
+		if (!c->save_config(c, config_file)) {
+			lxc_error("%s\n", "failed to save config file");
+			return -1;
+		}
+
+		c->clear_config(c);
+		c->lxc_conf = NULL;
+
+		if (!c->load_config(c, config_file)) {
+			lxc_error("%s\n", "failed to load config file");
+			return -1;
+		}
+	}
+
+	if (!c->clear_config_item(c, key)) {
+		lxc_error("failed to clear config item \"%s\"\n", key);
+		return -1;
+	}
+
+	if (config_file) {
+		if (!c->save_config(c, config_file)) {
+			lxc_error("%s\n", "failed to save config file");
+			return -1;
+		}
+
+		c->clear_config(c);
+		c->lxc_conf = NULL;
+
+		if (!c->load_config(c, config_file)) {
+			lxc_error("%s\n", "failed to load config file");
+			return -1;
+		}
+	}
+
+	c->clear_config(c);
+	c->lxc_conf = NULL;
+
+	return 0;
+}
+
+int main(int argc, char *argv[])
+{
+	struct lxc_container *c;
+	int fd = -1;
+	int ret = EXIT_FAILURE;
+	char tmpf[] = "lxc-parse-config-file-XXXXXX";
+	char retval[4096] = {0};
+
+	c = lxc_container_new("lxc-parse-config-file-testxyz", NULL);
+	if (!c) {
+		lxc_error("%s\n", "failed to create new container");
+		exit(EXIT_FAILURE);
+	}
+
+	fd = mkstemp(tmpf);
+	if (fd < 0) {
+		lxc_error("%s\n", "Could not create temporary file");
+		goto non_test_error;
+	}
+	close(fd);
+
+	/* lxc.arch */
+	if (set_get_compare_clear_save_load(c, "lxc.arch", "x86_64", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.arch");
+		goto non_test_error;
+	}
+
+	/* lxc.pts */
+	if (set_get_compare_clear_save_load(c, "lxc.pts", "1000", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.pts");
+		goto non_test_error;
+	}
+
+	/* lxc.tty */
+	if (set_get_compare_clear_save_load(c, "lxc.tty", "4", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.tty");
+		goto non_test_error;
+	}
+
+	/* lxc.devttydir */
+	if (set_get_compare_clear_save_load(c, "lxc.devttydir", "not-dev", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.devttydir");
+		goto non_test_error;
+	}
+
+	/* lxc.kmsg */
+	if (set_get_compare_clear_save_load(c, "lxc.kmsg", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.kmsg");
+		goto non_test_error;
+	}
+
+	/* lxc.aa_profile */
+	if (set_get_compare_clear_save_load(c, "lxc.aa_profile", "unconfined", tmpf, true) <
+	    0) {
+		lxc_error("%s\n", "lxc.aa_profile");
+		goto non_test_error;
+	}
+
+	/* lxc.aa_allow_incomplete */
+	if (set_get_compare_clear_save_load(c, "lxc.aa_allow_incomplete", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.aa_allow_incomplete");
+		goto non_test_error;
+	}
+
+	/* lxc.cgroup.cpuset.cpus */
+	if (set_get_compare_clear_save_load(c, "lxc.cgroup.cpuset.cpus", "1-100", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.cgroup.cpuset.cpus");
+		goto non_test_error;
+	}
+
+	/* lxc.cgroup */
+	if (!c->set_config_item(c, "lxc.cgroup.cpuset.cpus", "1-100")) {
+		lxc_error("%s\n", "failed to set config item "
+				  "\"lxc.cgroup.cpuset.cpus\" to \"1-100\"");
+		return -1;
+	}
+
+	if (!c->set_config_item(c, "lxc.cgroup.memory.limit_in_bytes",
+				"123456789")) {
+		lxc_error(
+		    "%s\n",
+		    "failed to set config item "
+		    "\"lxc.cgroup.memory.limit_in_bytes\" to \"123456789\"");
+		return -1;
+	}
+
+	if (!c->get_config_item(c, "lxc.cgroup", retval, sizeof(retval))) {
+		lxc_error("%s\n", "failed to get config item \"lxc.cgroup\"");
+		return -1;
+	}
+
+	c->clear_config(c);
+	c->lxc_conf = NULL;
+
+	/* lxc.id_map
+	 * We can't really save the config here since save_config() wants to
+	 * chown the container's directory but we haven't created an on-disk
+	 * container. So let's test set-get-clear.
+	 */
+	if (set_get_compare_clear_save_load(c, "lxc.id_map", "u 0 100000 1000000000",
+				    NULL, false) < 0) {
+		lxc_error("%s\n", "lxc.id_map");
+		goto non_test_error;
+	}
+
+	if (!c->set_config_item(c, "lxc.id_map", "u 1 100000 10000000")) {
+		lxc_error("%s\n", "failed to set config item "
+				  "\"lxc.id_map\" to \"u 1 100000 10000000\"");
+		return -1;
+	}
+
+	if (!c->set_config_item(c, "lxc.id_map", "g 1 100000 10000000")) {
+		lxc_error("%s\n", "failed to set config item "
+				  "\"lxc.id_map\" to \"g 1 100000 10000000\"");
+		return -1;
+	}
+
+	if (!c->get_config_item(c, "lxc.id_map", retval, sizeof(retval))) {
+		lxc_error("%s\n", "failed to get config item \"lxc.cgroup\"");
+		return -1;
+	}
+
+	c->clear_config(c);
+	c->lxc_conf = NULL;
+
+	/* lxc.loglevel */
+	if (set_get_compare_clear_save_load(c, "lxc.loglevel", "DEBUG", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.loglevel");
+		goto non_test_error;
+	}
+
+	/* lxc.logfile */
+	if (set_get_compare_clear_save_load(c, "lxc.logfile", "/some/path", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.logfile");
+		goto non_test_error;
+	}
+
+	/* lxc.mount */
+	if (set_get_compare_clear_save_load(c, "lxc.mount", "/some/path", NULL, true) < 0) {
+		lxc_error("%s\n", "lxc.mount");
+		goto non_test_error;
+	}
+
+	/* lxc.mount.auto
+	 * Note that we cannot compare the values since the getter for
+	 * lxc.mount.auto does not preserve ordering.
+	 */
+	if (set_get_compare_clear_save_load(c, "lxc.mount.auto", "proc:rw sys:rw cgroup-full:rw", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.mount.auto");
+		goto non_test_error;
+	}
+
+	/* lxc.mount.entry
+	 * Note that we cannot compare the values since the getter for
+	 * lxc.mount.entry appends newlines.
+	 */
+	if (set_get_compare_clear_save_load(
+		c, "lxc.mount.entry",
+		"/dev/dri dev/dri none bind,optional,create=dir", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.mount.entry");
+		goto non_test_error;
+	}
+
+	/* lxc.rootfs */
+	if (set_get_compare_clear_save_load(c, "lxc.rootfs", "/some/path", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.rootfs");
+		goto non_test_error;
+	}
+
+	/* lxc.rootfs.mount */
+	if (set_get_compare_clear_save_load(c, "lxc.rootfs.mount", "/some/path", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.rootfs.mount");
+		goto non_test_error;
+	}
+
+	/* lxc.rootfs.options */
+	if (set_get_compare_clear_save_load(c, "lxc.rootfs.options", "ext4,discard", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.rootfs.options");
+		goto non_test_error;
+	}
+
+	/* lxc.rootfs.backend */
+	if (set_get_compare_clear_save_load(c, "lxc.rootfs.backend", "btrfs", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.rootfs.backend");
+		goto non_test_error;
+	}
+
+	/* lxc.utsname */
+	if (set_get_compare_clear_save_load(c, "lxc.utsname", "the-shire", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.utsname");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.pre-start */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.pre-start", "/some/pre-start", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.pre-start");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.pre-mount */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.pre-mount", "/some/pre-mount", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.pre-mount");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.mount */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.mount", "/some/mount", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.mount");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.autodev */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.autodev", "/some/autodev", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.autodev");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.start */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.start", "/some/start", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.start");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.stop */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.stop", "/some/stop", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.stop");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.post-stop */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.post-stop", "/some/post-stop", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.post-stop");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.clone */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.clone", "/some/clone", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.clone");
+		goto non_test_error;
+	}
+
+	/* lxc.hook.destroy */
+	if (set_get_compare_clear_save_load(c, "lxc.hook.destroy", "/some/destroy", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.hook.destroy");
+		goto non_test_error;
+	}
+
+	/* lxc.cap.drop */
+	if (set_get_compare_clear_save_load(c, "lxc.cap.drop", "sys_module mknod setuid net_raw", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.cap.drop");
+		goto non_test_error;
+	}
+
+	/* lxc.cap.keep */
+	if (set_get_compare_clear_save_load(c, "lxc.cap.keep", "sys_module mknod setuid net_raw", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.cap.keep");
+		goto non_test_error;
+	}
+
+	/* lxc.console */
+	if (set_get_compare_clear_save_load(c, "lxc.console", "none", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.console");
+		goto non_test_error;
+	}
+
+	/* lxc.console.logfile */
+	if (set_get_compare_clear_save_load(c, "lxc.console.logfile", "/some/logfile", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.console.logfile");
+		goto non_test_error;
+	}
+
+	/* lxc.seccomp */
+	if (set_get_compare_clear_save_load(c, "lxc.seccomp", "/some/seccomp/file", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.seccomp");
+		goto non_test_error;
+	}
+
+	/* lxc.autodev */
+	if (set_get_compare_clear_save_load(c, "lxc.autodev", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.autodev");
+		goto non_test_error;
+	}
+
+	/* lxc.haltsignal */
+	if (set_get_compare_clear_save_load(c, "lxc.haltsignal", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.haltsignal");
+		goto non_test_error;
+	}
+
+	/* lxc.rebootsignal */
+	if (set_get_compare_clear_save_load(c, "lxc.rebootsignal", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.rebootsignal");
+		goto non_test_error;
+	}
+
+	/* lxc.stopsignal */
+	if (set_get_compare_clear_save_load(c, "lxc.stopsignal", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.stopsignal");
+		goto non_test_error;
+	}
+
+	/* lxc.start.auto */
+	if (set_get_compare_clear_save_load(c, "lxc.start.auto", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.start.auto");
+		goto non_test_error;
+	}
+
+	/* lxc.start.delay */
+	if (set_get_compare_clear_save_load(c, "lxc.start.delay", "5", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.start.delay");
+		goto non_test_error;
+	}
+
+	/* lxc.start.order */
+	if (set_get_compare_clear_save_load(c, "lxc.start.order", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.start.order");
+		goto non_test_error;
+	}
+
+	/* lxc.syslog */
+	if (set_get_compare_clear_save_load(c, "lxc.syslog", "local0", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.syslog");
+		goto non_test_error;
+	}
+
+	/* lxc.utsname */
+	if (set_get_compare_clear_save_load(c, "lxc.utsname", "get-schwifty", tmpf, true) <
+	    0) {
+		lxc_error("%s\n", "lxc.utsname");
+		goto non_test_error;
+	}
+
+	/* lxc.monitor.unshare */
+	if (set_get_compare_clear_save_load(c, "lxc.monitor.unshare", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.monitor.unshare");
+		goto non_test_error;
+	}
+
+	/* lxc.group */
+	if (set_get_compare_clear_save_load(c, "lxc.group", "some,container,groups", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.group");
+		goto non_test_error;
+	}
+
+	/* lxc.environment */
+	if (set_get_compare_clear_save_load(c, "lxc.environment", "FOO=BAR", tmpf, false) < 0) {
+		lxc_error("%s\n", "lxc.environment");
+		goto non_test_error;
+	}
+
+	/* lxc.init_cmd */
+	if (set_get_compare_clear_save_load(c, "lxc.init_cmd", "/bin/bash", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.init_cmd");
+		goto non_test_error;
+	}
+
+	/* lxc.init_uid */
+	if (set_get_compare_clear_save_load(c, "lxc.init_uid", "1000", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.init_uid");
+		goto non_test_error;
+	}
+
+	/* lxc.init_gid */
+	if (set_get_compare_clear_save_load(c, "lxc.init_gid", "1000", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.init_gid");
+		goto non_test_error;
+	}
+
+	/* lxc.ephemeral */
+	if (set_get_compare_clear_save_load(c, "lxc.ephemeral", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.ephemeral");
+		goto non_test_error;
+	}
+
+	/* lxc.no_new_privs */
+	if (set_get_compare_clear_save_load(c, "lxc.no_new_privs", "1", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.no_new_privs");
+		goto non_test_error;
+	}
+
+	/* lxc.limit.nofile */
+	if (set_get_compare_clear_save_load(c, "lxc.limit.nofile", "65536", tmpf, true) < 0) {
+		lxc_error("%s\n", "lxc.limit.nofile");
+		goto non_test_error;
+	}
+
+	ret = EXIT_SUCCESS;
+non_test_error:
+	c->destroy(c);
+	lxc_container_put(c);
+	exit(ret);
+}