This is required by systemd to cleanly shutdown. Other init systems should not
have SIGRTMIN+3 in the blocked signals set.
Signed-off-by: Christian Brauner <cbrauner@suse.de>

lxc-copy: allow snapshots to be placed on tmpfs

Place an ephemeral container started with -e flag on a tmpfs. Restrictions are
that you cannot request the data to be kept while placing the container on a
tmpfs, that either overlay or aufs backing storage must be used, and that the
storage backend of the original container must be a directory.

For ephemeral snapshots backed by overlay or aufs filesystems, a fresh tmpfs
is mounted over the containers directory if the user requests it. This should
be the easiest options. Anything else would require us to change the current
mount-layout of overlay and aufs snapshots. (A standard overlay or aufs
snapshot clone currently has the layout:

	/var/lib/lxc/CLONE_SNAPSHOT/delta0      <-- upperdir
	/var/lib/lxc/CLONE_SNAPSHOT/rootfs
	/var/lib/lxc/CLONE_SNAPSHOT/olwork
	/var/lib/lxc/CLONE_SNAPSHOT/olwork/work <-- workdir

with the lowerdir being

	/var/lib/lxc/CLONE_PARENT/rootfs

The fact that upperdir and workdir are not placed in a common subfolder under
the container directory has the consequence that we cannot simply mount a fresh
tmpfs under upperdir and workdir because overlay expects them to be on the same
filesystem.)

Because we mount a fresh tmpfs over the directory of the container the updated
/etc/hostname file created during the clone residing in the upperdir (currently
named "delta0" by default) will be hidden. Hence, if the user requests that the
old name is not to be kept for the clone, we recreate this file on the tmpfs.
This should be all that is required to restore the exact behaviour we would get
with a normal clone.
NOTE: If the container is rebooted all changes made to it are lost. This is not
easy to prevent since each reboot remounts the rootfs again.
Signed-off-by: Christian Brauner <cbrauner@suse.de>

c/r: make local function static

This is a minimal commit which makes the function 'do_restore()' static
as it is not used anywhere else in the code. This also removes a
trailing space my editor complained about.
Signed-off-by: Adrian Reber <areber@redhat.com>

c/r: drop in-flight connections during CRIU dump

Shortly after CRIU 2.3 has been released a patch has been added to skip
in-flight TCP connections. In-flight connections are not completely
established connections (SYN, SYN-ACK). Skipping in-flight TCP
connections means that the client has to re-initiate the connection
establishment.

This patch stores the CRIU version detected during version check, so
that during dump/checkpoint options can be dynamically enabled depending
on the available CRIU version.

v2:
   * use the newly introduced criu version interface
   * add an option to disable skipping in-flight connections
Signed-off-by: Adrian Reber <areber@redhat.com>

add missing cgroup namespace to ns_info struct

c/r: initialize migrate_opts properly

Signed-off-by: Christian Brauner <cbrauner@suse.de>

The commit "c/r: add support for CRIU's --action-script" breaks
lxc-checkpoint on the command-line. It produces errors like:

 sh: $'\260\366\b\001': command not found

and then it fails. src/lxc/criu.c expects migrate_opts->action_script to
be either NULL, then it is ignored, or to actually contain the name of
an action scripts.

As the struct migrate_opts has not static storage is has to be explicitly
initialized or the value of the structure's members is indeterminate.
Signed-off-by: Adrian Reber <areber@redhat.com>

Add flag in mount_entry to skip NODEV in case of a persistent dev entry

store criu version

c/r: add support for CRIU's --action-script

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

- If version != NULL criu_version_ok() stores the detected criu version in
  version. Allocates memory for version which must be freed by caller.
- If version == NULL criu_version_ok() will return true when the version
  matches, false in all other cases.
Signed-off-by: Christian Brauner <cbrauner@suse.de>

cgfsng: don't pre-calculate path

First, we're doing this so long a there is any cgroup config item -
even if no devices ones.  Then if devices is not available we fail.
This was leading to Rob E's mysterious startup failures.

Secondly, we're not even using this info.  The user was removed
awhile back.
Signed-off-by: Serge Hallyn <serge@hallyn.com>

Signed-off-by: Rodrigo Vaz <rodrigo@heroku.com>

Fix typo found by lintian

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-debian: fix regression when creating wheezy containers

The regression was introduced by commit
3c39b0b7 which makes it possible to
create working stretch containers by forcinig `init` to be in the
included package list.

However, `init` didn't exit before jessie, so now for wheezy we
explicitly include `sysvinit`; sysvinit on wheezy is essential,
so it would already be included anyway.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Include all lxcmntent.h function declarations on Bionic

Newer versions of Android (5.0+, aka API Level 21+) include mntent.h,
which declares setmntent and endmntent. This hits an edge
case with the preprocessor checks in lxcmntent.h because HAVE_SETMNTENT
and HAVE_ENDMNTENT are both defined (in Bionic's mntent.h), but conf.c
always includes lxcmntent.h on Bionic! As a result, we get compiler
warnings of implicit function declarations for setmntent endmntent.

This patch always includes setmntent/endmntent/hasmntopt function
declarations on Bionic, which gets rid of these warnings.
Signed-off-by: Preetam D'Souza <preetamjdsouza@gmail.com>

c/r: use criu's "full" mode for cgroups

A while ago cgroup modes were introduced to CRIU, which slightly changed
the behavior w.r.t. cgroups under the hood. What we're really after is
criu's --full mode, i.e. even if a particular cgroup directory exists
(in particular /lxc/$container[-$number] will, since we create it), we
should restore perms on that cgroup.

Things worked just fine for actual properties (except "special" properties
as criu refers to them, which I've just sent a patch for) because liblxc
creates no subdirectories, just the TLD.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

copied from lxc-ubuntu.in
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Acked-by: Serge Hallyn <serge@hallyn.com>

copied from lxc-ubuntu.in
Signed-off-by: Laurent Vivier <laurent@vivier.eu>
Acked-by: Serge Hallyn <serge@hallyn.com>

The profile already contains
  mount options=(rw, make-slave) -> **,

Which allows going through all mountpoints with make-slave,
so it seems to make sense to also allow the directly
recursive variant with "make-rslave".
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

More apparmor tweaks

Properly list all of the states and the right apparmor stanza for them,
then comment them all as actually enabling this would currently let the
user bypass apparmor entirely.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Force lxc-instance to behave like a good Upstart client

Remove unnecessary shell wrap around job start.
Force foreground execution to allow job monitoring and control.

Signed-off-by Andrey Repin <anrdaemon@yandex.ru>

apparmor: Allow bind-mounts and {r}shared/{r}private

Bind-mounts aren't harmful in containers, so long as they're not used to
bypass MAC policies.

This change allows bind-mounting of any path which isn't a dangerous
filesystem that's otherwise blocked by apparmor.

This also allows switching paths {r}shared or {r}private.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

plamo: Improve Plamo template

* configure to start only the minimum of service
* add ntp, kmod to ignore packages
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>