When I first solved this problem I went for a fork() + setns() + clone() model.
This works fine but has unnecessary overhead for a couple of reasons:

- doing a full fork() including copying file descriptor table and virtual
  memory
- using pipes to retrieve the pid of the second child (the actual container
  process)

This can all be avoided by being a little smart in how we employ the clone()
syscall:

- using CLONE_VM will let us get rid of using pipes since we can simply write
  to the handler because we share the memory with our parent
- using CLONE_VFORK will also let us get rid of using pipes since the execution
  of the parent is suspended until the child returns
- using CLONE_VM will not cause virtual memory to be copied
- using CLONE_FILES will not cause the file descriptor table to be copied

Note that the intermediate clone() is used with CLONE_VM. Some glibc versions
used to reset the pid/tid to -1 when CLONE_VM was used without CLONE_THREAD.
But since the memory between parent and child is shared on CLONE_VM this would
invalidate the getpid() cache that glibc used to maintain and so getpid() in
the child would return the parent's pid. This is all fixed in newer glibc
versions where the getpid() cache is removed and the pid/tid is not reset
anymore. However, if for whatever reason you - dear commiter - somehow need to
get the pid of the dummy intermediate process for do_share_ns() you need to
call syscall(__NR_getpid) directly. The next lxc_clone() call does not employ
CLONE_VM and will be fine.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

confile: add lxc.sysctl config

Signed-off-by: LiFeng <lifeng68@huawei.com>

legacy confile: fix legacy network parser

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This fixes a bug introduced by:

commit 94f0035b
Author: Christian Brauner <christian.brauner@ubuntu.com>
Date:   Thu Dec 7 15:07:26 2017 +0100

    coverity: #1425924

    remove logically dead condition
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Coverity's bug analysis is correct but my fix wasn't.

This commit fixes a bunch of other bugs I just spotted as well.

This unblocks #2009.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-oci misc improvements

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

lxc: Distinguish pthread_mutex_unlock error messages

bugfixes

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

The same message exists in lxclock.c and cgmanager.c, so print the
filename along with the message.

Before this patch:
lxc-destroy -n u1
pthread_mutex_unlock returned:1 Operation not permitted

After this patch:
xc-destroy -n u1
lxclock.c: pthread_mutex_unlock returned:1 Operation not permitted
Signed-off-by: Marcos Paulo de Souza <marcos.souza.org@gmail.com>

coverity: bugfixes

check return value of getifaddrs()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

do not call close on bad file descriptor
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

silence complaint about unchecked return value from library function
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

avoid NULL-pointer dereference
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

remove logically dead condition
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Avoid NULL-pointer dereference. Apparently monitor.{c,h} calls
lxc_check_inherited() with NULL passed for the config. This isn't really a big
issue since monitor.{c,h} is effectively dead for all liblxc versions that have
the state client patch. Also, the patch that introduces the relevant lines into
lxc_check_inherited() is only in master and yet unreleased.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

coverity: bugfixes

commands: improve and simplify locking + lxccontainer: add reboot2() API extension

remove logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

fix error condition check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

check snprintf() return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free allocated memory
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

use correct inequality comparison
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

free memory on error
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This adds additional test for app containers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Move lxc_init up to lxc/src and add argument parser

Signed-off-by: RicardoSanchezA <ricardo.sanchez@utexas.edu>

lxc_init.c should not depend on tools/arguments.{c,h}, thus it needs its own custom argument parser
Signed-off-by: RicardoSanchezA <ricardo.sanchez@utexas.edu>

lxc_init.c is actually not a tool, thus it doesn't belong to the tools/ subfolder
Signed-off-by: RicardoSanchezA <ricardo.sanchez@utexas.edu>

It doesn't make sense to error out when an app container doesn't pass explicit
arguments through c->start{l}(). This is especially true since we implemented
lxc.execute.cmd. However, even before we could have always relied on
lxc.init.cmd and errored out after that.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>