Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This avoids the dance of updating the list of valid releases every time
Debian makes a new release.

It also fixes the following bug: even though lxc-debian will default to
creating containers of the latest stable by querying the archive, it
won't allow you to explicitly request `stable` because the current list
of valid releases don't include it.

Last, but not least, avoid hitting the mirror in the case the desired
release is one of the ones we know will always be there, i.e. stable,
testing, sid, and unstable.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Doing that confuses locale generation. lxc-ubuntu does the same check
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Signed-off-by: adrian5 <adrian5@users.noreply.github.com>

Being able to create `testing` containers, regardless of what's the name
of the next stable, is useful in several contexts, included but not
limited to testing purposes. i.e. one won't need to explicitly switch to
`bullseye` once `buster` is released to be able to continue tracking
`testing`. While we are at it, let's also enable `unstable`, which is
exactly the same as `sid`, but there is no reason for not being able to.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

Problem happens for image with systemd >=233.
Minor fix for mirrors list.
Signed-off-by: Geaaru <geaaru@gmail.com>

stable-2.1: tools: allow lxc-attach to undefined containers

For example the following sequence is expected to work:

lxc-start -n containerName -f /path/to/conf \
-s 'lxc.id_map = u 0 100000 65536' \
-s 'lxc.id_map = g 0 100000 65536' \
-s 'lxc.rootfs = /path/to/rootfs' \
-s 'lxc.init_cmd = /path/to/initcmd'

lxc-attach -n containerName

Closes #984.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Assuming a particular width of a type (or equivalence with "long") doesn't
work everywhere.  On new architectures, LFS/etc is enabled by default,
making rlim_t same as rlim64_t even if long is only 32-bit.

Not sure how you handle too big values -- you may want to re-check the
strtoull part.
Signed-off-by: Adam Borowski <kilobyte@angband.pl>

Both of struct timespec fields are 64-bit on any new architecture, even
32-bit ones.
Signed-off-by: Adam Borowski <kilobyte@angband.pl>

This template would always add "en-US.UTF-8" to the end of the container's locale.gen, which in turn confused locale-gen.
Signed-off-by: Fridtjof Mund <fridtjofmund@gmail.com>

Seems a bit invasive for a bugfix release.

This reverts commit f9d14b54.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

The kernel only allows 4k writes to most files in /proc including {g,u}id_map
so let's not try to write partial mappings. (This will obviously become a lot
more relevant when my patch to extend the idmap limit in the kernel is merged.)
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

liblxc should inform users that they are using a devel version. This will have
liblxc print

    MAJOR.MINOR.PATCH-devel

if LXC_DEVEL is true and

    MAJOR.MINOR.PATCH

otherwise.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Before exec()ing we need to become session leader otherwise some shells will
not be able to correctly initialize job control.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

With the release LXC 2.1 we started warning users who use LXC through the API
and users who use LXC through the tools equally about updating their config.
This quickly got confusing and annoying to API users who e.g. generate configs
on the fly (e.g. LXD). So instead of unconditionally warning users we make this
opt-in. If LXC detects that the env variable LXC_UPDATE_CONFIG_FORMAT is set
then it will warn the user if any legacy configuration keys are present. If it
is not set however, it will not warn the user. This is ok, since the log will
still log WARN()s for all legacy configuration keys.
The tools will all set LXC_UPDATE_CONFIG_FORMAT since it is very much required
that users update to the new configuration format pre-LXC 3.0.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

```
    # this only works if we have getty@.service to manipulate
    if [ -f "${rootfs}/lib/systemd/system/getty@.service" ]; then
       sed -e 's/^ConditionPathExists=/# ConditionPathExists=/' \
           -e 's/After=dev-%i.device/After=/' \
           < "${rootfs}/lib/systemd/system/getty@.service" \
           > "${rootfs}/etc/systemd/system/getty@.service"
    fi
```
we have only /dev/tty in a container - so this little cutie will spam the log all 10s with the following:

```
Jul 28 22:33:00 mariadb systemd[1]: getty@tty4.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty3.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty1.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty2.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty2.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty2.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty2.service, ignoring: Operation not permitted
Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty2.
Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty1.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty1.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty1.service, ignoring: Operation not permitted
Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty1.
Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty3.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty3.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty3.service, ignoring: Operation not permitted
Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty3.
Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty4.
Jul 28 22:33:00 mariadb systemd[1]: getty@tty4.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty4.service, ignoring: Operation not permitted
Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty4.
Jul 28 22:33:00 mariadb agetty[242]: /dev/tty1: cannot open as standard input: No such file or directory
Jul 28 22:33:00 mariadb agetty[241]: /dev/tty2: cannot open as standard input: No such file or directory
Jul 28 22:33:00 mariadb agetty[244]: /dev/tty4: cannot open as standard input: No such file or directory
Jul 28 22:33:00 mariadb agetty[243]: /dev/tty3: cannot open as standard input: No such file or directory
Jul 28 22:33:10 mariadb systemd[1]: getty@tty4.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty2.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty1.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty3.service: Service has no hold-off time, scheduling restart.
Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty3.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty3.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty3.service, ignoring: Operation not permitted
Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty3.
Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty1.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty1.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty1.service, ignoring: Operation not permitted
Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty1.
Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty2.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty2.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty2.service, ignoring: Operation not permitted
Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty2.
Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty4.
Jul 28 22:33:10 mariadb systemd[1]: getty@tty4.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty4.service, ignoring: Operation not permitted
Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty4.
Jul 28 22:33:10 mariadb agetty[245]: /dev/tty3: cannot open as standard input: No such file or directory
Jul 28 22:33:10 mariadb agetty[247]: /dev/tty2: cannot open as standard input: No such file or directory
Jul 28 22:33:10 mariadb agetty[246]: /dev/tty1: cannot open as standard input: No such file or directory
Jul 28 22:33:10 mariadb agetty[248]: /dev/tty4: cannot open as standard input: No such file or directory
```
if more reasons are whished i could attach the logs from 10 containers after one month runtime. (approx 30G)
Signed-off-by: Alf Gaida <agaida@siduction.org>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

mem and kmem are really in /dev, so this does us no good.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

We need to clear any ifindeces we recorded so liblxc won't have cached stale
data which would cause it to fail on reboot we're we don't re-read the on-disk
config file.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Otherwise we can never share namespaces.
Signed-off-by: LiFeng <lifeng68@huawei.com>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>

We can't rely in general on the presence of an initialized conf on cgroup init
time. One good example are our criu codepaths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Closes #1827.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Update for commit e3dd06efSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

So far, we silently skipped over limits that failed to be applied which is very
odd. Let's error on when cgroup limits fail to apply.

Closes #1815.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Closes #1818.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>