Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unused value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

do_lxcapi_create: set umask

Fix tool_utils.c build when HAVE_SETNS is unset

Add inline setns() function to tool_utils.h. Without it
tool_utils.c can't be build when HAVE_SETNS is unset.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>

Fix memory leak in list_active_containers

Signed-off-by: LiFeng <lifeng68@huawei.com>

Signed-off-by: LiFeng <lifeng68@huawei.com>

Fix the memory leak in cgfsng_attach

Also pass action scripts to CRIU on checkpointing

Signed-off-by: Daniel Selifonov <ds@thyth.com>

pam-cgfs: ignore the system umask when creating the cgroup hierarchy

Fixes: #2277
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

lxc/tools/lxc_monitor: include missing <stddef.h>

lxc_monitor.c uses offsetof(), so it should include
<stddef.h>. Otherwise the build fails with the musl C library:

tools/lxc_monitor.c: In function ‘lxc_abstract_unix_connect’:
tools/lxc_monitor.c:324:9: warning: implicit declaration of function ‘offsetof’ [-Wimplicit-function-declaration]
         offsetof(struct sockaddr_un, sun_path) + len + 1);
         ^~~~~~~~
tools/lxc_monitor.c:324:18: error: expected expression before ‘struct’
         offsetof(struct sockaddr_un, sun_path) + len + 1);
                  ^~~~~~
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

lxc-oci: mkdir the download directory

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

seccomp: handle arch inversion - The Architecture Strikes Back

LXC generates and loads the seccomp-bpf filter in the host/container which
spawn the new container. In other words, userspace N is responsible for
generating and loading the seccomp-bpf filter which restricts userspace N + 1.
Assume 64bit kernel and 32bit userspace running a 64bit container. In this case
the 32-bit x86 userspace is used to create a seccomp-bpf filter for a 64-bit
userspace. Unless one explicitly adds the 64-bit ABI to the libseccomp filter,
or adjusts the default behavior for "BAD_ARCH", *all* 64-bit x86 syscalls will
be blocked.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Paul Moore <paul@paul-moore.com>

Rename "compat_ctx" to "contexts" and "compat_arch" to "architectures".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Closes #2280.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

seccomp: handle all errors

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Merge pull request #2274 from brauner/2018-04-13/fix_seccomp_with_personality_and_64bit_kernel_32_bit_userspace

seccomp: handle arch inversion

This commit deals with different kernel and userspace layouts and nesting. Here
are three examples:
1. 64bit kernel and 64bit userspace running 32bit containers
2. 64bit kernel and 32bit userspace running 64bit containers
3. 64bit kernel and 64bit userspace running 32bit containers running 64bit containers
Two things to lookout for:
1. The compat arch that is detected might have already been present in the main
   context. So check that it actually hasn't been and only then add it.
2. The contexts don't need merging if the architectures are the same and also can't be.
With these changes I can run all crazy/weird combinations with proper seccomp
isolation.

Closes #654.

Link: https://bugs.chromium.org/p/chromium/issues/detail?id=832366Reported-by: Chirantan Ekbote <chirantan@chromium.org>
Reported-by: Sonny Rao <sonnyrao@chromium.org>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

conf: fix net type checks in run_script_argv()

Signed-off-by: Jakub Skokan <jakub.skokan@havefun.cz>

conf: ret-try devpts mount without gid=5 on error

When starting application containers without a mapping for container root are
started, a dummy bind-mount target for lxc-init needs to be created. This will
not always work directly under "/" when e.g. permissions are missing due to the
ownership and/or mode of "/". We can try to work around this by using the
P_tmpdir as defined in POSIX which should usually land us in /tmp where
basically everyone can create files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

We should always default to mounting devpts with gid=5 but we should fallback
to mounting without gid=5. This let's us cover use-cases such as container
started with only a single mapping e.g.:

lxc.idmap = u 1000 1000 1
lxc.idmap = g 1000 1000 1

Closes #2257.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: try to always drop supplementary groups

rootfs pinning: On NFS, make file hidden but don't delete it

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach: always drop supplementary groups

Closes #2248.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Mergeable branch for C0deAi fixes