see comment for details.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

For the ->execute() case, we want to make sure the application dies when
SIGHUP is received. The next patch will ignore SIGHUP in the lxc monitor,
because tasks inside the container send SIGHUP to init to have it reload
its config sometimes, and we don't want to do that with init.lxc, since it
might actually kill the container if it forwards SIGHUP to the child and
the child can't handle it.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

seccomp.c: Use return instead of attribution and return

Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

debian: Use iproute2 instead of iproute

The package has pretty much always been iproute2 with iproute being an
alias for it, the alias is now gone so we need to use iproute2.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Unpriv fixups

Signed-off-by: Tycho Andersen <tycho@tycho.ws>

In particular, if we are already in a user namespace we are unprivileged,
and doing things like moving the physical nics back to the host netns won't
work. Let's do the same thing LXD does if euid == 0: inspect
/proc/self/uid_map and see what that says.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Consider the case where we're running in a user namespace but in the host's
mount ns with the host's filesystem (something like
lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we
can't actually write to /run. Let's improve this locking check to make sure
we can actually write to /run before we decide to actually use it as our
locking dir.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

[cgfsng] show wrong errno

lxc_cgroup_set_data: h = get_hierarchy(controller);
if h is NULL, now errno is old, it donot set new one.
And then,
cgfsng_setup_limits:

    if (lxc_cgroup_set_data(cg->subsystem, cg->value, d)) {
		if (do_devices && (errno == EACCES ||
			errno == EPERM)) {
			WARN("Error setting %s to %s for %s",
				cg->subsystem, cg->value,
				d->name);
			continue;
		}
		SYSERROR("Error setting %s to %s for
			 %s",
			 cg->subsystem, cg->value,
			 d->name);
		goto out;
	}

SYSERROR will show old errno, make me confused.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>

bugfixes

network.c: Remove ip_forward_set and callers

The last user of ip_forward_set, lxc_ip_forward_on and
lxc_ip_forward_off was in 2009:

commit 92d38522
Author: Daniel Lezcano <dlezcano@fr.ibm.com>
Date:   Thu Oct 22 15:33:40 2009 +0200

    remove test directory

These functions are not called anymore.
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

Create console when the rootfs is NULL

Add check whether handler->conf->console.path is 'none'
Signed-off-by: LiFeng <lifeng68@huawei.com>

Modify .gitignore

Add:
src/tests/lxc-test-api-reboot
src/tests/lxc-test-criu-check-feature
src/tests/lxc-test-raw-clone
src/tests/lxc-test-share-ns
src/tests/lxc-test-state-server
Signed-off-by: LiFeng <lifeng68@huawei.com>

doc: Update Japanese lxc-attach(1) and lxc.container.conf(5)

* Update for commit ba2be1a8 (attach: move pty allocation into api)
* Update for commit 5757588f (manpage: correct lxc.log.file conf option)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

remove logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

do not call close on bad fd
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

avoid (however unlikely) double free
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

remove logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

storage: treat return value from ops->destroy as int

manpage: correct lxc.log.file conf option

unlink lxc-init

r->ops->destroy() returns an int, -1 on error.
When assigned to a bool, this becomes true and hides errors.
Signed-off-by: Michael McCracken <mikmccra@cisco.com>

It's sort of an implementation detail that this exists at all, and we
should probably not pollute the container's mount tables or FS with this.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Signed-off-by: LiFeng <lifeng68@huawei.com>