New --bbpath option and unecessary --rootfs checks

As suggested during the review.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

lxccontainer: do not display if missing privileges

lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:

$ lxc-ls -P /.../tests -f
NAME     STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr -     0         -      -    -    false
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.51 -    false

After this change:

$ lxc-ls -P /.../tests -f      <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME     STATE   AUTOSTART GROUPS IPV4      IPV6 UNPRIVILEGED
ctr RUNNING 0         -      10.0.3.37 -    false
$
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

. Add the "--bbpath" option to pass an alternate busybox pathname instead of the one found from ${PATH}.
. Take this opportunity to add some formatting in the usage display
. As a try is done to pick rootfs from the config file and set it to ${path}/rootfs, it is unnecessary to make it mandatory
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

coding style: update

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: Adds mtu support for phys and macvlan types

Redirect error messages to stderr

Some error messages were not redirected to stderr.
Moreover, do "exit 0" instead of "exit 1" when "help" option is passed.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

start: use CLONE_PIDFD

Use CLONE_PIDFD when possible.

Note the clone() syscall ignores unknown flags which is usually a design
mistake. However, for us this bug is a feature since we can just pass the flag
along and see whether the kernel has given us a pidfd.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This will allow LXD to check for custom MTU support for phys and macvlan devices.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

The phys devices will now have their original MTUs recorded at start and restored at shutdown.

This is to protect the original phys device from having any container level MTU customisation being applied to the device once it is restored to the host.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

clone: add infrastructure for CLONE_PIDFD

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=eac7078a0fff1e72cf2b641721e3f55ec7e5e21eSigned-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>

utils: improve switch_to_ns()

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Update Japanese lxc.container.conf(5)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Reviewed-by: Hiroaki Nakamura <hnakamur@gmail.com>

This is the translation for the following description:
  - lxc.seccomp.notify.proxy (commit 8a643759)
  - host side veth device static routes (commit d4a7da46)
  - IPVLAN (commit c9f52382)
  - Layer 2 proxy mode (commit 6509154d)
  - gateway device route mode (commit a2f9a670)

and fix typo in English man page.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Devices created in rootfs instead of rootfs/dev

Added /dev in the mknod commands.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>

network: Re-works veth gateway logic

Handles more errors and gives better error messages.
Signed-off-by: tomponline <thomas.parrott@canonical.com>

network: Makes vlan network interfaces set mtu before upscript called

network: Adds custom mtu support for ipvlan interfaces

This is consistent with veth and ipvlan types.

Also makes the debug message for success occur after up script has run.

Also makes device clean up on error more thorough and consistent.
Signed-off-by: tomponline <thomas.parrott@canonical.com>

Signed-off-by: tomponline <thomas.parrott@canonical.com>

seccomp: document path calculation

raw_syscalls: add initial support for pidfd_send_signal()

Well, I added this syscall so we better use it. :)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

tree-wide: make socket SOCK_CLOEXEC

compiler: add __returns_twice attribute

The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

network: Adds gateway device route mode