This reverts commit e4434e0f.

In the Python implementation users could pass a regex without a parameter flag
as additional argument on the command line. The C implementation gained the
flag -r/--regex for this. To not irritate users we restore the old behaviour
and additionally rename -r/--regex to --filter to allow eplicitly passing the
regex.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

- If lxc_container_new() fails we check for ENOMEM and if so goto out. If
  ENOMEM is not set we will simply continue. The same goes for the call to
  regcomp() but instead of checking for ENOMEM we need to check for REG_ESPACE.

- Tweaking: Since lxc-ls might have to gather a lot of containers and I don't
  know if compilers will always optimize this, let's move *some* variable
  declarations outside of the loop when it does not hinder readability.

- Set ls_nesting to 0 initially. Otherwise users will always see nested
  containers printed.

- ls_get() gains an argument char **lockpath which is a string pointing us to
  the lock we put under /run/lxc/lock/.../... so that we can remove the lock
  when we no longer need it. To avoid pointless memory allocation in each new
  recursion level, we share lockpath amongst all non-fork()ing recursive calls
  to ls_get().  As it is not guaranteed that realloc() does not do any memory
  moving when newlen == len_lockpath, we give ls_get() an additional argument
  size_t len_lockpath). Every time we have a non-fork()ing recursive call to
  ls_get() we check if newlen > len_lockpath and only then do we
  realloc(*lockpath, newlen * 2) a reasonable chunk of memory (as the path will
  keep growing) and set len_lockpath = newlen * 2 to pass to the next
  non-fork()ing recursive call to ls_get().
  To avoid keeping a variable char *lockpath in main() which serves no purpose
  whatsoever and might be abused later we use a compound literal
  &(char *){NULL} which gives us an anonymous pointer. This pointer we can use
  for memory allocation in ls_get() for lockpath. We can conveniently free() it
  in ls_get() when the nesting level parameter lvl == 0 after exiting the loop.
  The advantage is that the variable is only accessible within ls_get() and not
  in main() while at the same time giving us an easy way to share lockpath
  amongst all non-fork()ing recursive calls to ls_get().
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Explain that multiple /lower layers can be used.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Do it in a safe way by using strstr() to check for the substring ":/" should
':' be part of a pathname.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Do it in a safe way by using strstr() to check for the substring ":/" should
':' be part of a pathname. This should be a safer implementation than the one
originally suggested in #547.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

The safe_mount function was introduced in order to address CVE-2015-1335,
one of the vulnerabilities being a mount with a symlink for the
destination path. In scenarios such as lxc-execute with no rootfs, the
destination path is the host /proc, which is previously mounted by the
host, and is unmounted and mounted again in a new set of namespaces,
therefore eliminating the need to check for it being a symlink.

Mount the rootfs normally if the rootfs is NULL, keep the safe mount
only for scenarios where a different rootfs is defined.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

- explain new numeric argument to --nesting
- include common options as lxc-ls now uses the standard lxc parser
- add history section and update authors
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

They change a value and return true on success rather than
fetching the value as the comments previously suggested.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Otherwise users will always get nested containers listed.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

The following patch fixes memory alignment and endianness
issue while doing a snapshot deletion with btrfs as a
backing store on platform such as sparc.

The implementation is taken from btrfs-progs.

Changes since v1:
- include <byteswap.h> for bswap definition
- include defined function name as a comment above BTRFS_SETGET_STACK_FUNCS
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Check if we're really on a btrfs filesystem before we call btrfs_same_fs().
Otherwise we will report misleading errors although everything went fine.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

As ls_get() is non-tail recursive we face the inherent danger of blowing up the
stack at some level of nesting. To have at least some security we define
MAX_NESTLVL to be 5. That should be sufficient for most users. The argument lvl
to ls_get() can be used to keep track of the level of nesting we are at. If lvl
is greater than the allowed default level return (without error) and unwind the
stack.

--nesting gains an optional numeric argument. This allows the user to specify
the maximum level of nesting she/he wants to see. Fair warning: If your nesting
level is really deep and/or you have a lot of containers your might run into
trouble.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

No reason for these to be +x, and it looks weird.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

When running application containers with lxc-execute, /dev is
populated only with device entries. Since /dev is a tmpfs mount in
the container environment, the /dev/shm folder not being present is not
a sufficient reason for the /dev/shm mount to fail.

Create the /dev/shm directory if not present.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

In the current implementation, the open_without_symlink function
will default to opening the root mount only if the passed rootfs
prefix is null. It doesn't account for the case where this prefix
is passed as an empty string.

Properly handle this second case as well.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Should be mentioned separately because it will reset a big group of options.
Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The lock path for lxc is not

	RUNTIME_PATH/lock/lxc

but rather

	RUNTIME_PATH/lxc/lock
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

More general for all list options.

Seems to currently affect:
lxc.network (clear all NICs)
lxc.network.* (clear current NIC)
lxc.cap.drop
lxc.cap.keep
lxc.cgroup
lxc.mount.entry
lxc.mount.auto
lxc.hook
lxc.id_map
lxc.group
lxc.environment
Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 7eff30fdSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 07945418Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Refactor templates section of .gitignore - no need to specify individual templates anymore

.gitignore: add missing templates/sparclinux to ignore list

Fix Comment inside Fedora Template

Signed-off-by: Bostjan Skufca <bostjan@a2o.si>

Signed-off-by: Bostjan Skufca <bostjan@a2o.si>

We no longer use mirrors.kernel.org.
Commit f71e8f41 switched it to archives.fedoraproject.org
Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>

Show the ifindex in case it's useful
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add openSUSE Leap release in opensuse template

Otherwise every lxc-info by a user who doesn't own all his cgroups
will result in a set of error messages which are really innocuous.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

What we want is to make sure we dont' use controller 'all' if cgmanager
doesn't support, if all our cgroups aren't the same, or if we cannot
controll all our cgroups.  We were mixing some of these conditions.  Use
cgm_all_controllers_same for all.  (Might want to rename it, but we want
to stick with just one).
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Reimplement lxc-ls in C

Bad late-night commit.  We were doing a while loop for a reason.  Just
initialize i to 0 before the while loop.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This is a reimplementation of lxc-ls in C. It supports all features previously
supported by lxc-ls.

- All flags and parameters have the same name as before except when the user
  specifies a regex to filter container names by. In the previous Python
  implementation the regex was passed without paramter flag. The new
  C-implementation has the parameter flag -r/--regex for this.

- Since we fork in lxc_attach() we need some form of IPC. Opening shared memory
  in the parent (mmap()) seems to be impractical since we don't know the size
  of the mapping beforehand. The other option is to open shared memory in the
  child and then to attach the parent to it but then we would need to resort to
  shm_open() or shmget(). Instead we go for a socketpair() here and wait for
  the child.
- Note that we call lxc_attach() and pass ls_get() as exec function to it (To
  be even more specific: We do not pass ls_get() directly but rather a wrapper
  function for ls_get() which receives a few arguments to enable the
  communication between child and parent.). This implementation has the
  advantage that we do not depend on any lxc executables being present in the
  container. The gist in code:

	ls_get()
	{
		/* Gather all relevant information */

		/* get nested containers */
		if (args->ls_nested && running) {
			/* set up some more stuff */

			/*
			 * execute ls_get() in namespace of the container to
 			 * get nested containers
			 */
  			c->attach(c, ls_get_wrapper, &wrapargs, &aopt, &out)

			/* do some cleaning up */
		}
	}

- When the user requests listing of nested containers without fancy-format
  enabled we want him to easily recognize which container is nested in which.
  So in this case we do not simply record the name but rather the name
  prepended with all the parents of the container:

	grand-grand-parent/grand-parent/parent/child

- Pretty-printing nested containers: Any call to list_*_containers() will
  return a sorted array of container names.  Furthermore, the recursive
  implementation of lxc_ls() will automatically put the containers in the
  correct order regarding their nesting. That is if we have the following
  nesting:

	A
	A --> S
	A --> T --> O
	A --> T --> O --> L
	A --> T --> O --> M
	A --> U
	A --> U --> P
	A --> U --> Q
	B

  The array ls_get() will set up looks like this:
	A S T O L M U P Q B

  Hence, we only need to keep an additional variable nestlvl to indicate the
  nesting level a container is at and use that to compute (a) the maximum field
  width we need to print out the container names and (b) to correctly indent
  each container according to its nesting level when printing it.

- add comments to make the ls_get() function more accessible
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

we were initializing i to 0, then doing a while i <, but then a
separate commit (by myself) used i as a generic variable in between
those two.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Split bdev into modules

The function

	- bdev_get();

becomes static. It is called from nowhere else so far and never appeared in any
header.

Minor changes

	- Avoid comparisons between int and size_t types. Use size_t where
	  possible else cast to size_t when it makes sense.
	- insert missing spaces between operators
	- put declarations for all static functions at the top
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

The functions

	- clone_attach_nbd();
	- do_attach_nbd();
	- nbd_busy();
	- nbd_detach();
	- nbd_get_partition();
	- wait_for_partition();

move from bdev.c to lxcnbd.c. They remain static

The functions

	- attach_nbd();
	- detach_nbd_idx();
	- nbd_clonepaths();
	- nbd_create();
	- nbd_destroy();
	- nbd_detect();
	- nbd_mount();
	- nbd_umount();
	- requires_nbd();

move from bdev.c to lxcnbd.{c,h}. They all become extern.

The struct

	- struct nbd_attach_data

moves from bdev.c to lxcnbd.c.

Adapt Makefile.am to include lxcnbd.{c,h}.

The structs

       - struct bdev; /* defined in bdev.h */
       - struct bdev_specs; /* defined in lxccontainer.h */
       - struct lxc_conf; /* defined conf.h */

are forward declared/put as incomplete types into lxcnbd.h as the functions
associated with nbd need access to it.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>