Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

confile: improve strprint()

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>

conf: va_end was not called.

conf: small cleanups

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

start: do not init ns_clone_flags to -1

We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: fix socket handle leak

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

conf: cleanups, and bugfixes

Closes #2342.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: fix lxc-create with global config value II

Dereference before null check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

seccomp: more fixes

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Seccomp fixup part 2

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eb ("seccomp: parse_config_v2()")

This can happen when the 'errno' action can't parse its
supplied number.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d0 ("seccomp: parse_v2_rules()")