utils: Fix wrong integer of a function parameter.

If SSL is enabled, utils will include function `do_sha1_hash()` to
generate a sha1 encrypted buffer. Last function argument of
`EVP_DigestFinal_ex()` requires a `unsigned int` but the current
parameter is an `integer` type.

See error:
utils.c:350:38: error: passing 'int *' to parameter of type 'unsigned int *' converts between pointers to integer types with different sign
      [-Werror,-Wpointer-sign]
        EVP_DigestFinal_ex(mdctx, md_value, md_len);
                                            ^~~~~~
/usr/include/openssl/evp.h:549:49: note: passing argument to parameter 's' here
                                  unsigned int *s);
Signed-off-by: Julio Faracco <jcfaracco@gmail.com>

lxccontainer: do_lxcapi_detach_interface to support detaching wlan devs

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

cgroups: initialize cpuset properly

Closes #3108.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: initialize all auto-cleanup variables

network: restore ability to move nl80211 devices

Closes #3105.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

pidfds: don't print a scary warning on ENOSYS

Most kernels don't have this functionality yet, and so the warning is
printed a lot. Our people are scared of warnings, so let's make it INFO
instead in this case.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Closes: #3101.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

seccomp: open memfd read-write

Makes it easier to implement syscalls which need to write to
a buffer passed by user space as a pointer.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Adds veth router mode

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Defaulting to bridge mode.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Suggested usage:

	return error_log_errno(err, "Failed: %s", "some error");

It sets errno to the value of err, then calls SYSERROR with the format and remaining args.

It always returns -1.
Suggested-by: Christian Brauner <christian.brauner@ubuntu.com>
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Suppress hardcoded table sizes

. Use sizeof() instead of hardcoded values
. snprintf(..., size, ""...) is in error if the return code is >= size (not sufficient to set only ">")
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

Typo fix

Fixed a typo in error message
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

doc: Add lxc.comp.notify.cookie to Japanese lxc.container.conf(5)

update for commit 214008eeSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

cgroup: check for non-empty conf

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: coding style

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Seccomp notify api update

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

On the one hand this should close the race between the
process exiting until the proxy reads the request.
On the other hand it'll help the proxy quickly access info
from /proc (such as ./cwd, ./ns/mnt, ...)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

We only read the message without the cookie. For now assert
that the sender also didn't try to send more by letting
`recvmsg()` return the original size of the packet if it was
longer.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

and fix a minor typo
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

With the previous commit we now attempt to reconnect to the
proxy in the beginning of the notify handler if we had no
connection.
If the connection fails later on, we now don't really need
to immediately try to reconnect if we send a default
response anyway (particularly if the recv() fails). (This
also gives the proxy more time, for instance if it was just
restarted.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

If a syscall happens after we already failed to communicate
with the proxy, proxy_fd was -1.
Before the previous commit we'd then be stuck in the state
where there was no proxy registered. With the previous
commit we'd send a default reply and only then try to
reconnect.
Improve this even further by trying to reconnect right at
the start.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>