Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: James Cowgill <james410@cowgill.org.uk>

Fixes "unsupported personality" warnings when starting containers.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>

MIPS processors implement 3 ABIs: o32, n64 and n32 (similar to x32). The kernel
treats each ABI separately so syscalls disallowed on "all" arches should be
added to all three seccomp sets. This is implemented by expanding compat_arch
and compat_ctx to accept two compat architectures.

After this, the MIPS hostarch detection code and config section code is added.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>

Signed-off-by: James Cowgill <james410@cowgill.org.uk>

With how easy it is to create a collision on a short ID nowadays and
given that the user doesn't actually have to remember or manually enter
the key ID, lets just use the full fingerprint from now on.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Christian Brauner <cbrauner@suse.de>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This fixes a double free corruption on container-requested
reboots when lxc_spawn() fails before receiving the ttys, as
lxc_fini() (part of __lxc_start()'s cleanup) calls
lxc_delete_tty().
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

This allows installing to different locations and using
the lxc.pc to build using the generated includedir and
libdir.
Signed-off-by: Sergio Schvezov <sergio.schvezov@ubuntu.com>

Signed-off-by: Andreas Freudenberg <andreas.freudenberg@licomonch.net>

Signed-off-by: Vitaly Lavrov <vel21ripn@gmail.com>

The regression was introduced by commit
3c39b0b7 which makes it possible to
create working stretch containers by forcinig `init` to be in the
included package list.

However, `init` didn't exit before jessie, so now for wheezy we
explicitly include `sysvinit`; sysvinit on wheezy is essential,
so it would already be included anyway.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Newer versions of Android (5.0+, aka API Level 21+) include mntent.h,
which declares setmntent and endmntent. This hits an edge
case with the preprocessor checks in lxcmntent.h because HAVE_SETMNTENT
and HAVE_ENDMNTENT are both defined (in Bionic's mntent.h), but conf.c
always includes lxcmntent.h on Bionic! As a result, we get compiler
warnings of implicit function declarations for setmntent endmntent.

This patch always includes setmntent/endmntent/hasmntopt function
declarations on Bionic, which gets rid of these warnings.
Signed-off-by: Preetam D'Souza <preetamjdsouza@gmail.com>

The profile already contains
  mount options=(rw, make-slave) -> **,

Which allows going through all mountpoints with make-slave,
so it seems to make sense to also allow the directly
recursive variant with "make-rslave".
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

* configure to start only the minimum of service
* add ntp, kmod to ignore packages
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

init 1.34 is not "Essential" anymore, in order to make it not required
on minimal chroots, docker containers, etc. Because of that we now need
to manually include it on systems that are expected to boot.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

struct in6_addr is both defined in the C library header <netinet/in.h>
and the Linux kernel header <linux/in6.h>.

lxc_user_nic.c includes both <netinet/in.h> and <linux/if_bridge.h>. The
later one includes <linux/in6.h>.

This breaks build with the musl libc:
  error: redefinition of ‘struct in6_addr’

As lxc_user_nic.c does not use any references from <linux/if_bridge.h> it
is safe to remove this header.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>

Signed-off-by: Andrey Kostin <andrey@kostin.email>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

If the value starts and ends with matching quote characters, those
characters are stripped automatically.   Quote characters are the
single quote (') or double quote (").  The quote removal is done after
the whitespace trimming.

This is needed particularly in order that lxc.environment values may
have trailing spaces.  However, the quote removal is done for all values
in the parse_line function, as it has non-const access to the value.
Signed-off-by: Stewart Brodie <stewart@metahusky.net>

so that there is a root uid mapping for the /proc/net files.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Hartnell Foster <hartnell.foster@bbc.co.uk>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

I think (?) this may be related to our hanging monitor bug. Let's do this
anyway, as it's probably a good idea.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

Required for proper applying dnsmasq config entries.
Signed-off-by: Andrey Kostin <andrey@kostin.email>

Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>

When container init failed for whatever reason, previously it resulted
in a `SystemError: NULL result without error in PyObject_Call`
This will now result in a RuntimeError with the error message
previously printed to stderr.
Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>

Let lxc-checkconfig write to non-tty stdout without color control
characters
Signed-off-by: walkerning <foxdoraame@gmail.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

the target is obsolete since systemd v38 which everybody should have.

original patch by Daniel Baumann
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Using $(date) for LXC_GENERATE_DATE has various flaws:
* formating depends on the locale of the system we execute configure on
* the output is not really a date but more a timestamp

Let's use $(date --utc '+%Y-%m-%d') instead.

While at it, also support SOURCE_DATE_EPOCH [1] to make the build
reproducible

[1] https://reproducible-builds.org/specs/source-date-epoch/Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Matt Ullman <staticfox@staticfox.net>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

All uses of netlink_open() assume that on error the
nl_handler doesn't need to be closed, but some error cases
happen after the socket was opened successfully and used to
simply return -errno.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Oleg Freedholm <overlayfs@gmail.com>

A change in kernel 4.2 caused btrfs_recursive_destroy to
fail to delete unprivileged containers.  This patch restores
the pre-kernel-4.2 behaviour.  Ref: Issue 935.
Signed-off-by: Oleg Freedhom <overlayfs@gmail.com>

Squeeze is EOL now, Stretch is the upcoming stable
Signed-off-by: Evgeni Golov <evgeni@golov.de>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>