Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unused value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: LiFeng <lifeng68@huawei.com>

Signed-off-by: LiFeng <lifeng68@huawei.com>

Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

We should always default to mounting devpts with gid=5 but we should fallback
to mounting without gid=5. This let's us cover use-cases such as container
started with only a single mapping e.g.:

lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1

Closes #2257.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Closes #2248.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Value stored is never read.

Closes #2262.
Signed-off-by: C0deAi <techsupport@mycode.ai>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The problem here is that these two clauses were ordered backwards: we first
check if the signal came from not the init pid, and if it did, then we give
a notice and return. The comment notes that this is intended to protect
against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
because that's tested in the next hunk.

The symptom is that if I e.g. send SIGTERM from the outside world to the
container init, it ignores it and gives this notice. If we re-order these
clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
things that aren't the real container process.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

If they aren't available fallback to BSD flock()s.

Closes #2245.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Otherwise lxc.hook.mount hooks that try to inspect /proc/<pid>/*
will fail.

Cc: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This function was way more syscall heavy than it needed to be.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Felix <de-ch@hotmail.de>

The problem here is that __lxc_start frees the handler, so any use
afterwards is invalid. Since we don't have access to the actual struct
lxc_container object in __lxc_start, let's pass a pointer to error_num in
so it can be returned.

Unfortunately, I'm a little too paranoid to change the return type of
lxc_start, since it returns failure if some of the cleanup fails, which
may be useful in some cases. So let's keep this out of band.

Closes #2218
Closes #2219
Reported-by: Felix Abecassis <fabecassis@nvidia.com>
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

when compiling lxc with clang-5.0 parse_cap()'s main loop will produce a
warning about a tautological comparision (#2215).

By moving the result of computation into a variable (end) this is no
longer a constant expression. clang-5.0 does not do dataflow analysis at
this point, so it is, to quote someone from #llvm, "morally equivalent"
to casting `(int)i`.

in addition, we also clean up the #if HAVE_LIBCAP to no longer need
its #else branch!
Signed-off-by: Igor Galić <igor.galic@automatic-server.com>

This reverts commit 8d961e28.

Unfortunately I don't believe the check is correct in the general case.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>

If we're host unpriv but root in our userns, we can't really escape
cgroups. Let's switch the cgroup escape test to reflect this.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

lxc-usernsexec uses some functions (e.g. lxc_map_ids()), which are part of
the lxc library and thus use the WARN etc. macros to emit log messages.
However, it doesn't initialize the log in any way, so these messages go
into the ether.

lxc-usernsexec currently has no log parameters, so let's just log these to
stderr. Someone can do something fancier later if they want.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Fixes: #2178
Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

We have an extensive set of container config options to do this
for us, and doing this unconditionally breaks several use cases.
For instance, if we want to bind mount a /dev/shm using the
container configuration, then lxc-execute, then lxc-init will
rudely unmount the /dev/shm and remount it as a private tmpfs.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>

https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1751780Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

I was thinking about the locking here yesterday and it dawned on me that we
actually don't need this at all:
- possible contention between traversing list to send states to state clients
  and adding new state clients to the list:
  It is the command handler that adds new state clients to the state client
  list. The command handler and the code that actually sends out the container
  states run in the same process so there's not contention and thus no locking
  needed.
- adding state clients to the list from multiple threads:
  The command handler itself is single-threaded so only one thread's request can
  be served at the same time so no locking is needed.
- sending out the state to state clients via the command handler itself:
  The state client also adds and removes state clients from the state client
  list so there's no locking needed.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

* prepend $LXC_PATH to $DOWNLOAD_TEMP on systems with /tmp mounted
  securely as a small tmpfs / noexec

* gpg_setup() creates $DOWNLOAD_TEMP so remove superflous mkdir

* fixes https://github.com/lxc/lxc/issues/516Signed-off-by: Stuart Cardall <developer@it-offshore.co.uk>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

thread-safety: s/exit()/_exit()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

thread-safety: s/exit()/_exit()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

thread-safety: s/exit()/_exit()/g
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>