Fix mount_entry_on_generic()

In mount_entry_on_generic() we dereferenced a NULL pointer whenever a container
without a rootfs was created. (Since mount_entry_on_systemfs() passes them with
NULL.) We have mount_entry_on_generic() check whether rootfs != NULL.

We also check whether rootfs != NULL in the functions ovl_mkdir() and
mount_entry_create_aufs_dirs() and bail immediately. Rationale: For overlay and
aufs lxc.mount.entry entries users give us absolute paths to e.g. workdir and
upperdir which we create for them. We currently use rootfs->path and the
lxcpath for the container to check that users give us a sane path to create
those directories under and refuse if they do not. If we want to allow overlay
mounts for containers without a rootfs they can easily be reworked.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

Fix NULL-ptr derefs for container without rootfs

Since we allow containers to be created without a rootfs most checks in conf.c
are not sane anymore. Instead of just checking if rootfs->path != NULL we need
to check whether rootfs != NULL.

Minor fixes:
- Have mount_autodev() always return -1 on failure: mount_autodev() returns 0
  on success and -1 on failure. But when the return value of safe_mount() was
  checked in mount_autodev() we returned false (instead of -1) which caused
  mount_autodev() to return 0 (success) instead of the correct -1 (failure).
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

lxc-ls: exit 0 when path is not found

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

Remove legacy versions of lxc-ls

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-ls nowadays is a C binary so there's no need to keep the python and
shell versions around anymore, remove them from the branch and cleanup
documentation and Makefiles.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

apparmor: allow binding /run/{,lock/} -> /var/run/{,lock/}

Some systems need to be able to bind-mount /run to /var/run
and /run/lock to /var/run/lock. (Tested with opensuse 13.1
containers migrated from openvz.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Update Korean manpages

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

add the description of multiple lower layer.
Update for commit 280d2379Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Update for commit 020104c3Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Update for commit ff689149Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-copy: cleanup

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Commit ea467969 replaced the python implementation with a
C one.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

- make free_mnts() work directly on the globals mnt_table and mnt_table_size
- have free_mnts() set mnt_table = NULL and mnt_table_size = 0 when its done to
  avoid double frees
- simplify error-handling in do_clone_ephemeral()
- do_clone_ephemeral(): when chmod() falls to set permissions on the temporary
  folder we created for mkdtemp() remove the folder
- simplify error handling in main()
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

add the description of multiple lower layer.
Update for commit 280d2379Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 37cf83eaSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 020104c3Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit ff689149Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

2016 01 31/cgfs

Just as cgmanager does, if we are calculating a task's paths, drop
the trailing '/init.scope'.  We don't want the container to sit under
there.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Previously, name= controllers would be handled if lxc.cgroup.use=@all,
but not if lxc.cgroup.use was unspecified.  Change that, since you cannot
run systemd in a container without it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 37cf83eaSigned-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 7eff30fdSigned-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

implement chown for cgfs

increase /dev size to 500k ( issue #781)

Signed-off-by: Min Wang <mingewang@gmail.com>

cgroup ns: move the check for whether cgns is supported

This allows cgfs to be used to create containers in a user namespace,
and have the container owner be able to use cgroups.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Ignore any container named '.git'

  * This are either '.', '..' or a hidden directory.
    And this names should not be used for a container
    in any case.

  * Before this patch, if you created a git repository under lxc.lxcpath (it
    can be useful to keep track of the configurations of your containers)

    Then, when you run lxc-ls you will get the following output:

        # lxc-ls
        .git      container1      container2    ....

    This is because there is a 'config' file inside the '.git' directory.
    It is where git stores the configuration of the repository.

    And the test lxc-ls does to check if a directory contains a container
    is just to check if the 'directory/config' file exists.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>