network: Adds layer 2 (ARP/NDP) proxy mode

seccomp: send process memory fd

namespaces: allow a pathname to a nsfd for namespace to share

There's an inherent race when reading a process's memory. The easiest way is to
have liblxc get an fd and check that the race was one, send it to the caller
(They are free to ignore it if they don't use recvmsg()).
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Serge Hallyn <shallyn@cisco.com>

Adds the lxc.net.[i].l2proxy flag that can be either 0 or 1.

Defaults to 0.

This, when used with lxc.net.[i].link, will add IP neighbour proxy entries on the linked device
for any IPv4 and IPv6 addresses on the container's network device.

Additionally, for IPv6 addresses it will check the following sysctl values and fail with an error if not set:

	net.ipv6.conf.[link].proxy_ndp=1
	net.ipv6.conf.[link].forwarding=1
Signed-off-by: tomponline <thomas.parrott@canonical.com>

seccomp: ensure fields are set to 0

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: Adds IPVLAN support

Example usage:

	lxc.net[i].type=ipvlan
	lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3)
	lxc.net[i].ipvlan.flags=[bridge|private|vepa] (defaults to bridge)
	lxc.net[i].link=eth0
	lxc.net[i].flags=up
Signed-off-by: tomponline <thomas.parrott@canonical.com>

seccomp: remove alignment requirements

since apparently there are insane programming languages out there that just
silently remove packed members in structs.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: don't commit to an api just yet

I'm not sure that I want to be married (to this layout) just yet.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: notifier fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: Makes some routing functions static

The following functions can be made static for consistency:

	lxc_ipv4_dest_add
	lxc_ipv6_dest_add
	lxc_ip_route_dest_add (renamed)
Signed-off-by: tomponline <thomas.parrott@canonical.com>

docs: Adds missing doc entries for seccomp related API extensions

Signed-off-by: tomponline <thomas.parrott@canonical.com>

network: Adds veth static routes feature

network: Fixes bug in macvlan mode selection

Signed-off-by: tomponline <thomas.parrott@canonical.com>

seccomp: cleanup

Simplify and cleanup some of the seccomp code. This mainly focuses on removing
the open coding of various seccomp settings all over the code place in favor of
centralized helpers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: Updates .gitignore to ignore test build artefacts

network: Fixes vlan hook script

Signed-off-by: tomponline <thomas.parrott@canonical.com>

Signed-off-by: tomponline <thomas.parrott@canonical.com>

Adds the following new config keys:

	lxc.net.[i].veth.ipv4.route
	lxc.net.[i].veth.ipv6.route
E.g.

	lxc.net.0.veth.ipv4.route = 192.0.2.1/32
	lxc.net.0.veth.ipv4.route = 192.0.3.0/24
	lxc.net.0.veth.ipv6.route = 2001:db8::1/128
	lxc.net.0.veth.ipv6.route = 2001:db8:2::/64
Signed-off-by: tomponline <thomas.parrott@canonical.com>

network: Fixes a little typo in an error message

network: Adds hook handling for vlan network type

Signed-off-by: tomponline <thomas.parrott@canonical.com>

Signed-off-by: tomponline <thomas.parrott@canonical.com>

seccomp: SECCOMP_RET_USER_NOTIF support

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>