On shutdown we move physical network interfaces back to the
host namespace and rename them afterwards as well as in the
later lxc_network_delete() step. However, if the device had
a name which already exists in the host namespace then the
moving fails and so do the subsequent rename attempts. When
the namespace ceases to exist the devices finally end up
in the host namespace named 'dev<ID>' by the kernel.

In order to avoid this, we do the moving and renaming in a
single step (lxc_netdev_move_by_*()'s move & rename happen
in a single netlink transaction).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

When the container is already running our manpage promises to exit with 2.
Let's make it so.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

If cgroupv2 is enabled either alone or together with legacy hierarchies
/proc/self/cgroup can contain entries of the form:

        0::/

These entries need to be skipped.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

And let's be on the safe side by NULLing free()ed variables.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

Closes: #502
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

There are no personalities for s390x, so don't list itself as one.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc_strerror() was dropped long time ago, in 2009 to be exact.

Related commit:
https://github.com/lxc/lxc/commit/7cee8789514fb42d6a48d50b904e24284f5526e3Signed-off-by: Jafar Al-Gharaibeh <to.jafar@gmail.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

The returned value from snprintf() should be checked carefully.

This bug can be leveraged to execute arbitrary code through carefully
constructing the payload, e.g,

lxc-freeze -n `python -c "print 'AAAAAAAA' + 'B'*959"` -P PADPAD -o /tmp/log

This command running on Ubuntu 14.04 (x86-64) can cause a segment fault.
Signed-off-by: Lans Zhang <jia.zhang@windriver.com>

this allows running them also under Python2, which otherwise
would choke on Stéphane's name and error out with
 SyntaxError: Non-ASCII character '\xc3' in file …
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Roman Mueller <roman.mueller@gmail.com>

Make sure we don't return uninitialized memory.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

Template catches arch from uname -m, but for ppc64el system, arch reports ppc64le
which doesn't match image repo.
Signed-off-by: Thierry Fauck <tfauck@free.fr>
Signed-off-by: Serge Hallyn <serge@hallyn.com>

Signed-off-by: Lukas Pirl <git@lukas-pirl.de>

- We expect destroy to fail in zfs_clone() so try to silence it so users are
  not irritated when they create zfs snapshots.
- Add -r recursive to zfs_destroy(). This code is only hit when a) the
  container has no snapshots or b) the user calls destroy with snapshots. So
  this should be safe. Without -r snapshots will remain.
Signed-off-by: Christian Brauner <christian.brauner@canonical.com>

lxc_console is used with lxc_console.c
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

otherwise the generated docs have the full build path in them
and nonbody cares that the files were built in
 /build/lxc-_BVY2u/lxc-2.0.4/src/lxc/
Signed-off-by: Evgeni Golov <evgeni@debian.org>

/usr/share/lxc/templates/lxc-fedora: line 1078: openssl: command not found
Signed-off-by: Elan Ruusamäe <glen@delfi.ee>

- log more errnos
- adapt coding style
Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: James Cowgill <james410@cowgill.org.uk>

Fixes "unsupported personality" warnings when starting containers.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>

MIPS processors implement 3 ABIs: o32, n64 and n32 (similar to x32). The kernel
treats each ABI separately so syscalls disallowed on "all" arches should be
added to all three seccomp sets. This is implemented by expanding compat_arch
and compat_ctx to accept two compat architectures.

After this, the MIPS hostarch detection code and config section code is added.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>

Signed-off-by: James Cowgill <james410@cowgill.org.uk>

With how easy it is to create a collision on a short ID nowadays and
given that the user doesn't actually have to remember or manually enter
the key ID, lets just use the full fingerprint from now on.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This fixes a double free corruption on container-requested
reboots when lxc_spawn() fails before receiving the ttys, as
lxc_fini() (part of __lxc_start()'s cleanup) calls
lxc_delete_tty().
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

This allows installing to different locations and using
the lxc.pc to build using the generated includedir and
libdir.
Signed-off-by: Sergio Schvezov <sergio.schvezov@ubuntu.com>

Signed-off-by: Andreas Freudenberg <andreas.freudenberg@licomonch.net>

Signed-off-by: Vitaly Lavrov <vel21ripn@gmail.com>

The regression was introduced by commit
3c39b0b7 which makes it possible to
create working stretch containers by forcinig `init` to be in the
included package list.

However, `init` didn't exit before jessie, so now for wheezy we
explicitly include `sysvinit`; sysvinit on wheezy is essential,
so it would already be included anyway.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Newer versions of Android (5.0+, aka API Level 21+) include mntent.h,
which declares setmntent and endmntent. This hits an edge
case with the preprocessor checks in lxcmntent.h because HAVE_SETMNTENT
and HAVE_ENDMNTENT are both defined (in Bionic's mntent.h), but conf.c
always includes lxcmntent.h on Bionic! As a result, we get compiler
warnings of implicit function declarations for setmntent endmntent.

This patch always includes setmntent/endmntent/hasmntopt function
declarations on Bionic, which gets rid of these warnings.
Signed-off-by: Preetam D'Souza <preetamjdsouza@gmail.com>

The profile already contains
  mount options=(rw, make-slave) -> **,

Which allows going through all mountpoints with make-slave,
so it seems to make sense to also allow the directly
recursive variant with "make-rslave".
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

* configure to start only the minimum of service
* add ntp, kmod to ignore packages
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>