Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

 confile: add lxc.cgroup.keep

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>

This adds the new lxc.cgroup.keep config key. The key can be used to instruct
LXC to not escape to never escape to the root cgroup. This makes it easy for
users to adhere to restrictions enforced by cgroup2 and systemd. Specifically,
this makes it possible to run LXC containers as systemd services.

Note that cgroup v1 is considered legacy and will not see additional
controllers being added to it. This means that it is safe to use
lxc.cgroup.keep as config key since there is no "keep" controller. The only way
a conflict can be introduced is if the user is creating a named controller. I
think this case can be safely ignored since it is super rare and also the users
problem.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Cc: Felix Abecassis <fabecassis@nvidia.com>
Cc: Jonathan Calmels <jcalmels@nvidia.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

execute: pass /proc/self/fd/<nr>

Passing /proc/1/fd/<nr> presupposes that CLONE_NEWPID was specified. This isn't
the case when users use lxc.namespace.keep = pid to inherit pid namespaces.
Pass /proc/self/fd/<nr> instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>

execute: skip lxc-init logging when unprivileged

Unprivileged app containers will not be able to open the passed in
/proc/1/fd/<idx> log path and will thus currently fail completely as soon as
any log level or log file is passed.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Mrinal Dhillon <mdhillon@juniper.net>

include: add safe getifaddrs() version

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The old version was crazy. This replaces it with an internal version based on
musl.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

remove last pam_cgfs special-casing

Fix typo

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

log: handle strerror_r() versions + autotools: add --{disable,enable}-thread-safety

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Fail the build if --enable-thread-safety is passed and the environment cannot
guarantee thread-safety.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Closes #2563.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

autotools: check if compiler is new enough