Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This will be used to log the output of attach to.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

- int lxc_make_controlling_pty()
- int lxc_login_pty()
- void lxc_pty_conf_free()
- void lxc_pty_info_init()
- void lxc_pty_init()
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

add some idmap parsing error messages

otherwise, we just get a return value of false from setting config failure,
with no indication as to what actually failed in the log.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

fix up lxc-usernsexec's exit status

* exit(1) when there is an option parsing error
* exit(0) when the user explicitly asks for help
* exit(1) when the user specifies an invalid option
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Add return check for 'lxc_cmd_get_name'

If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault.
Signed-off-by: LiFeng <lifeng68@huawei.com>

lxc_get_version() should show the "-devel" suffix

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

conf: write "deny" to /proc/[pid]/setgroups

commands: fully revert set_running_config_item()

When we deleted cgroups for unprivileged containers we used to allocate a new
mapping and clone a new user namespace each time we delete a cgroup. This of
course meant - on a cgroup v1 system - doing this >= 10 times when all
controllers were used. Let's not to do this and only allocate and establish a
mapping once.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

When fully unprivileged users run a container that only maps their own {g,u}id
and they do not have access to setuid new{g,u}idmap binaries we will write the
idmapping directly. This however requires us to write "deny" to
/proc/[pid]/setgroups otherwise any write to /proc/[pid]/gid_map will be
denied.

On a sidenote, this patch enables fully unprivileged containers. If you now set
lxc.net.[i].type = empty no privilege whatsoever is required to run a container.

Enhances #2033.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

gentoo: Add support for .xz tarballs

configure.ac: fix the check for static libcap

The existing check doesn't work, because when you statically
link a program against libc, any functions not called are not
included.  So cap_init() which we check for is not there in
the built binary.

So instead just check whether a "gcc -lcap -static" works.
If libcap.a is not available it will fail, if it is it will
succeed.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

The noop implementation is pointless.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

lxccontainer: revert set_running_config_item()

Support configurations without root mapping

Closes #2033.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

If no id mapping for the container's root id is defined try to us the id
mappings specified via lxc.init.{g,u}id.

Closes #2033.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>