Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

It's sort of an implementation detail that this exists at all, and we
should probably not pollute the container's mount tables or FS with this.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault.
Signed-off-by: LiFeng <lifeng68@huawei.com>

As the other tools already handle, show usage message when -h or --help
are used.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

remove logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ensure \0-termination
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

used calculated string length when copying into buffer
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The same message exists in lxclock.c and cgmanager.c, so print the
filename along with the message.

Before this patch:
lxc-destroy -n u1
pthread_mutex_unlock returned:1 Operation not permitted

After this patch:
xc-destroy -n u1
lxclock.c: pthread_mutex_unlock returned:1 Operation not permitted
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

avoid NULL-pointer dereference
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The lxc_log args have noghing to do with lxc.rootfs.path, and
we need room for a NULL at end of arguments.

How this bug was hidden for so long I don't know - I can only
trigger it on certain systems under certain conditions, but it's
definately wrong as is.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Closes: #84
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

Check the test user (lxcunpriv) before calling deluser command,
otherwise it will print unnecessary error message:
/usr/sbin/deluser: The user 'lxcunpriv' does not exist.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

In the case the container has a console with a valid slave pty file descriptor
we duplicate std{in,out,err} to the slave file descriptor so console logging
works correctly.
Also, we should become session leader.

Closes #1646.
Closes #1951.
Signed-off-by: Li Feng <lifeng68@huawei.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Li Feng <lifeng68@huawei.com>

Signed-off-by: Li Feng <lifeng68@huawei.com>

In the past, if the console client exited, lxc_console_cb_con return 1. And
the lxc_poll will exit, the process will wait at waitpid. At this moment, the
process could not handle any command (For example get the container state
LXC_CMD_GET_STATE or stop the container LXC_CMD_STOP.).

I think we should clean the tty_state and return 0 in this case. So, we can use
the lxc-console to connect the console of the container. And we will not exit
the function lxc_polland we can handle the commands by lxc_cmd_process

Reproducer prior to this commit:
- open a new terminal, get the tty device name by command tty /dev/pts/6
- set lxc.console.path = /dev/pts/6
- start the container and the ouptut will print to /dev/pts/6
- close /dev/pts/6
- try an operation e.g. getting state with lxc-ls and lxc-ls will hang

Closes #1787.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This reverts commit 37d5831e.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

When users pass -1 there's there won't be an escape sequence to exit the
console so no need to print a misleading info message about how to detach.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This avoids the dance of updating the list of valid releases every time
Debian makes a new release.

It also fixes the following bug: even though lxc-debian will default to
creating containers of the latest stable by querying the archive, it
won't allow you to explicitly request `stable` because the current list
of valid releases don't include it.

Last, but not least, avoid hitting the mirror in the case the desired
release is one of the ones we know will always be there, i.e. stable,
testing, sid, and unstable.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Doing that confuses locale generation. lxc-ubuntu does the same check
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Brings the number of open fds in the monitor process for a standard container
without ttys down to 17.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The console struct is internal and liblxc takes care of creating paths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Being able to create `testing` containers, regardless of what's the name
of the next stable, is useful in several contexts, included but not
limited to testing purposes. i.e. one won't need to explicitly switch to
`bullseye` once `buster` is released to be able to continue tracking
`testing`. While we are at it, let's also enable `unstable`, which is
exactly the same as `sid`, but there is no reason for not being able to.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This template would always add "en-US.UTF-8" to the end of the container's locale.gen, which in turn confused locale-gen.
Signed-off-by: Fridtjof Mund <fridtjofmund@gmail.com>

mem and kmem are really in /dev, so this does us no good.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Update for commit e3dd06efSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

- rework and fix pipe fd leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

To match names beginning with the letters "f" or "b" one can use
the regular expression "[fb].*" or "(f|b).*", but not "[f|b].*",
which would match strings beginning with "f", "|", or "b".
Signed-off-by: Christian von Roques <roques@z12.ch>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>