lxc_execute() and lxc-execute where broken when a user tried to switch to a
non-root uid/gid. This prevented necessary setup operations like mounting the
rootfs which require root in the user namespace. This commit separates
switching to root in the user namespace from switching to the requested uid/gid
by lxc_execute().
This should be safe: Once we switched to root in the user namespace via
setuid() and then switch to a non-root uid/gid in the user namespace for
lxc_execute() via setuid() we cannot regain root privileges again. So we can
only make us safer (Unless I forget about some very intricate user namespace
nonsense; which is not as unlikely as I try to make it sound.).
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This commit adds lxc_switch_uid_gid() which allows to switch the uid and gid of
a process via setuid() and setgid() and lxc_setgroups() which allows to set
groups via setgroups(). The main advantage is that they nicely log the switches
they perform.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tools: only check for O_RDONLY

tree-wide: Sic semper assertis!

On some Android systems the lxc folders where containers are stored might be
read-only and so checking for O_RDWR, will effectively make the tools useless
on these systems, so let's dumb the check down to O_RDONLY.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

python3-lxc: fix api_test.py on s390x

The api_test.py script uses Trusty release by default, which does not
have s390x image. Switch to Xenial to solve this.
Signed-off-by: Po-Hsu Lin <po-hsu.lin@canonical.com>

conf: fix suggest_default_idmap()

We need to remove the newline otherwise lxc_safe_uint() will fail as it detects
an invalid (non-numeric) char in the string.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tests: skip unpriv tests on broken overlay module

This mainly affects Trusty. The 3.13 kernel has a broken overlay module which
does not handle symlinks correctly. This is a problem for containers that use
an overlay based rootfs since safe_mount() uses /proc/<pid>/fd/<fd-number> in
its calls to mount().
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Add --enable-gnutls option

Previously HAVE_LIBGNUTLS was never set in config.h even if gnutls was
detected as AC_CHECK_LIB default action-if-found was overriden by
enable_gnutls=yes
This patch adds an --enable-gnutls option and will call AC_CHECK_LIB
with the default action to write HAVE_LIBGNUTLS in config.h
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>

confile: support the network link string pattern matching

do not set insecure passwords

OpenSUSE systemd fixes

Signed-off-by: Evgeni Golov <evgeni@debian.org>

Given commit 330ae3d3:

    lxccontainer: detect if we should send SIGRTMIN+3

    This is required by systemd to cleanly shutdown. Other init systems should not
    have SIGRTMIN+3 in the blocked signals set.

we should stop poking around with sigpwr.target for systemd.
Signed-off-by: Evgeni Golov <evgeni@debian.org>

it might not even be there…
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Enable lxc network config support the following type and link:

lxc.network.type = phys
lxc.network.link = eth+

Here, the suffix '+' will trigger a string pattern matching
and when lxc find any network interfaces name prefixed with
"eth" such as "eth0", "eth1", "ethxxxx" and so on, it will
try to move them into the container's namespace; If it didn't
find any matching, it would do nothing for this configure
line.
Signed-off-by: fli <fupan.li@windriver.com>

templates: update openSUSE release to 42.2

Debian: powerpc and architecture fixes

Removed libgcc_s1 because it breaks container building for openSUSE.

Related: openSUSE/obs-build#188
Signed-off-by: Terzeus S. Dominguez <tsdmgz@gmail.com>

Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Santiago Ruano Rincón <santiago@debian.org>
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Uncommented lxc.aa_profile = unconfined. Otherwise, container fails to
start up.
Signed-off-by: Terzeus S. Dominguez <tsdmgz@gmail.com>

Signed-off-by: Terzeus S. Dominguez <tsdmgz@gmail.com>

Aside from adding a 42.2 option, $DISTRO comparisons for Leap have been
changed [ exp ] => [[ exp ]] to accomodate pattern matching for future
releases.
Signed-off-by: Terzeus S. Dominguez <tsdmgz@gmail.com>

conf, attach: save errno across call to close

Save errno across some calls to close() since it can be
interrupted.
Signed-off-by: Wolfgang Bumiller <wry.git@bumiller.com>

attach: close lsm label file descriptor

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

templates: fix getty service startup

Commit bf39edb3 broke the handling of the getty service file with an '@' character in filename. So the startup condition was not fixed.

Because the parameter was quoted with the causal commit, the escaping has to be removed.

Signed-off-by: Andreas Eberlein foodeas@aeberlein.de

tools: account for different architectures

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

attach batch mode with -b flag which prints csv output with a timestamp

Signed-off-by: martin <martin@attivio.com>

tests; Don't cause test failures on cleanup errors