Apply the changes found in templates/lxc-download to the busybox template as
well. Change ownership of the config and fstab files to the unprivileged user,
and the ownership of the rootfs to root in the new user namespace.

Eliminate the "unsupported for userns" flag.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

>>> On Tue, 30 Sep 2014 19:48:09 +0000
    in message   "Re: [lxc-devel] [PATCH] lxc-config can show lxc.cgroup.(use|pattern)"
                  Serge Hallyn-san wrote:

> I think it would be worth also augmenting
> lxc_global_config_value() to return a default lxc.cgroup.use
> for 'all', and a default lxc.cgroup.pattern ("/lxc/%n" for root
> or "%n" for non-root).

lxc.cgroup.pattern is like this? (^_^;)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dark Templar <dark_templar@hotbox.ru>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

because that's what it does
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

When we need to know some info about a netdev, such as is_up or not,
we need to read the flag for the netdev.

This patch introduce a interface function named lxc_netdev_isup()
to check is a netdev up or down.

And introduce a network private function named netdev_get_flag()
to get flag for netdev by netlink.

Changelog: 10/15/2015: Return failure if name==NULL to avoid later strlen fun
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

In netlink, we can set the dest_name of netdev when move netdev
between namespaces in one netlink request. And moving a netdev of
a src_name to a netdev with a dest_name is a common usecase.

So this patch add a parametaer to lxc_network_move_by_index() to
indicate the dest_name for the movement. NULL means same with
the src_name.
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

We should exit with a error when starting a running container.
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

When we want to get index of a ifname which does not
exist, we should return a -EINVAL in this case.
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

We should not modify ifname in lxc_netdev_move_by_name(),
making it as const in param list will make our code more
robust.
Signed-off-by: Dongsheng Yang <yangds.fnst@cn.fujitsu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

the way config_mount was structured, sending 'lxc.mount.auto = '
ended up actually clearing all lxc.mount.entrys.  Fix that by
moving the check for an empty value to after the subkey checks.
Then, actually do the clearing of auto_mounts in config_mount_auto.

The 'strlen(subkey)' check being removed was bogus - the subkey
either known to be 'lxc.mount.entry', else subkey would have been
NULL (and forced a return in the block above).

This would have been clearer if the config_mount() and helper
fns were structured like the rest of confile.c.  It's tempting
to switch it over, but there are subtleties in there so it's
not something to do without a lot of thought and testing.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

pivot_root can't be called if / is on a ramfs. Currently chroot is
called before pivot_root. In this case the standard well-known
'chroot escape' technique allows to escape a container.

I think the best way to handle this situation is to make following actions:
* clean all mounts, which should not be visible in CT
* move CT's rootfs into /
* make chroot into /

I don't have a host, where / is on a ramfs, so I can't test this patch.
Signed-off-by: Andrey Vagin <avagin@openvz.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

These all fix various ways that cgroup actions could fail if an
unprivileged user's cgroup paths were not all the same for all
controllers.

1. in cgm_{g,s}et, use the right controller, not the first in the list,
   to get the cgroup path.

2. when we pass 'all' to cgmanager for a ${METHOD}_abs, make sure that all
   cgroup paths are the same.  That isn't necessary for methods not
   taking an absolute path, so split up the former
   cgm_supports_multiple_controllers() function into two booleans, one
   telling whether cgm supports it, and another telling us whether
   cgm supports it AND all controller cgroup paths are the same.

3. separately, do_cgm_enter with abs=true couldn't work if all
   cgroup paths were not the same.  So just ditch that helper and
   call lxc_cgmanager_enter() where needed, because the special
   cases would be more complicated.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Don't use $TUSER as it's not defined. Also don't include
lxc-test-usernic in extra_DIST.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Restrict signal and ptrace for processes running under the container
profile. Rules based on AppArmor base abstraction. Add unix rules for
processes running under the container profile.
Signed-off-by: Jamie Strandboge <jamie@canonical.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

newer lxc uses 'silent' when remounting on shutdown.  Silence that denial too

Author: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Sergio Jimenez <tripledes@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Andre Nathan <andre@digirati.com.br>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Reported-by: NeilGreenwood <neil.greenwood@gmail.com>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

To cover all the cases we have around, we need to:
 - Attempt to use cgm if present (preferred)
 - Attempt to use cgmanager directly over dbus otherwise
 - Fallback to cgroupfs
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Bill Kolokithas <kolokithas.b@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Jean-Tiare LE BIGOT <jean-tiare.le-bigot@ovh.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

When "lxc.autodev = 1", LXC creates automatically a "/dev/.lxc/<name>.<hash>"
folder to put container's devices in so that they are visible from both
the host and the container itself.

On container exit (ne it normal or not), this folder was not cleaned
which made "/dev" folder grow continuously.

We fix this by adding a new `int lxc_delete_autodev(struct lxc_handler
*handler)` called from `static void lxc_fini(const char *name, struct
lxc_handler *handler)`.
Signed-off-by: Jean-Tiare LE BIGOT <jean-tiare.le-bigot@ovh.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Explain why we insist that root use newuidmap if it is available.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

If we didn't find newuidmap, then simply require the caller to be
root and write to /proc/self/uidmap manually.  Checking for
newgidmap to exist is bogus.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This patch fixes following build errors.

running build_ext
building '_lxc' extension
creating build/temp.linux-x86_64-3.4
gcc -pthread -Wno-unused-result -Werror=declaration-after-statement -DDYNAMIC_ANNOTATIONS_ENABLED=1 -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -march=x86-64 -mtune=generic -O2 -pipe -fstack-protector-strong --param=ssp-buffer-size=4 -fPIC -I../../src -I../../src -I/usr/include/python3.4m -c lxc.c -o ./build/temp.linux-x86_64-3.4/lxc.o
lxc.c: In function ‘convert_tuple_to_char_pointer_array’:
lxc.c:49:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
     char **result = (char**) calloc(argc + 1, sizeof(char*));
     ^
lxc.c:60:9: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
         char *str = NULL;
         ^
lxc.c: In function ‘Container_get_cgroup_item’:
lxc.c:822:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
     char* value = (char*) malloc(sizeof(char)*len + 1);
     ^
lxc.c: In function ‘Container_get_config_item’:
lxc.c:861:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
     char* value = (char*) malloc(sizeof(char)*len + 1);
     ^
lxc.c: In function ‘Container_get_keys’:
lxc.c:903:5: error: ISO C90 forbids mixed declarations and code [-Werror=declaration-after-statement]
     char* value = (char*) malloc(sizeof(char)*len + 1);
     ^
cc1: some warnings being treated as errors
error: command 'gcc' failed with exit status 1
Makefile:472: recipe for target 'all' failed
make[3]: *** [all] Error 1
make[3]: Leaving directory '/home/masami/codes/lxc/src/python-lxc'
Makefile:394: recipe for target 'all-recursive' failed
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory '/home/masami/codes/lxc/src'
Makefile:338: recipe for target 'all' failed
make[1]: *** [all] Error 2
make[1]: Leaving directory '/home/masami/codes/lxc/src'
Makefile:484: recipe for target 'all-recursive' failed
make: *** [all-recursive] Error 1

build env:
distribution: Arch Linux
gcc version 4.9.1 20140903 (prerelease) (GCC)
Signed-off-by: Masami Ichikawa <masami256@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

quiet mode was overriden by the double call of lxc_log_init
see lxc_container_new

use lxc_log_options_no_override in order to fix this
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: William Dauchy <william@gandi.net>

Introduce a new list of controllers just containing "all".

Make the lists of controllers null-terminated.

If the cgmanager api version is high enough, use the 'all' controller
rather than walking all controllers, which should greatly reduce the
amount of dbus overhead.  This will be especially important for
those going through a cgproxy.

Also remove the call to cleanup cgroups when a cgroup existed.  That
usually fails (and failure is ignored) since the to-be-cleaned-up
cgroup is busy, but we shouldn't even be trying.  Note this can
create for extra un-cleanedup cgroups, however it's better than us
accidentally removing a cgroup that someone else had created and was
about to use.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Call tar with --numeric-owner option to use numbers for user/group
names because the whole uid/gid in rootfs should be consistently
unchanged as in original stage3 tarball and private portage.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Regardless of whether "installpkg" command exists or not, install the
command temporarily with static linked tar command into the lxc cache
directory to keep the original uid/gid of files/directories.  Also,
use sed command instead of ed command for simplicity.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

When managing containers, I need to take action based on container
exit status. For instance, if it exited abnormally (status!=0), I
sometime want to respawn it automatically. Or, when invoking
`lxc-stop` I want to know if it terminated gracefully (ie on `SIGTERM`)
or on `SIGKILL` after a timeout.

This patch adds a new message type `lxc_msg_exit_code,` to preserve
ABI. It sends the raw status code as returned by `waitpid` so that
listening application may want to apply `WEXITSTATUS` before. This is
what `lxc-monitor` does.
Signed-off-by: Jean-Tiare LE BIGOT <jean-tiare.le-bigot@ovh.net>

To ask cgmanager to chown files as an unpriv user, we must send the
request from the container's namespace (with our own userid also
mapped in).  However when we create a new namespace then we must
open a new dbus connection, so that our credential and the credential
on the dbus socket match.  Otherwise the proxy will refuse the request.

Because we were warning about this failure but not exiting, the failure
was not noticed until the unprivileged container went on to try to
administer its cgroups, i.e. creating a container inside itself.

Fix this by having the do_chown_cgroup create a new cgmanager connection.
In order to reduce the number of connections, since the list of subsystems
is global anyway, don't call do_chown_cgroup once for each controller,
just call it once and have it run over all controllers.

(This patch does not change the fact that we don't fail if the
chown failed.  I think we should change that, but let's do it in a
later patch)
Reported-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

With the new hashed command socket names (e8589841), it's possible to
have something like below;

[caglar@qop:~/go/src/github.com/lxc/go-lxc(master)] cat /proc/net/unix | grep lxc
0000000000000000: 00000002 00000000 00010000 0001 01 53465 @lxc/d086e835c86f4b8d/command
[...]

list_active_containers reads /proc/net/unix to find all running
containers but this new format no longer includes the container name or
its lxcpath.

This patch introduces two new commands (LXC_CMD_GET_NAME and
LXC_CMD_GET_LXCPATH) and starts to use those in list_active_containers
call.

changes since v1:
 - added sanity check proposed by Serge
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>