Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

AC_RUN_IFELSE will fail in cross-compile,
we can use AC_COMPILE_IFELSE replace.
Signed-off-by: duguhaotian <duguhaotian@gmail.com>

While a container reads mountinfo from proc fs, the mountinfo can be changed by
the kernel anytime. This has caused critical issues on some devices.

Signed-off-by: Donghwa Jeong dh48.jeong@samsung.com
Reported-by: Donghwa Jeong dh48.jeong@samsung.com
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Closes #2342.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

sscanf() skips whitespace anyway so don't account for tabs in case the file
layout changes.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The behavior of sigprocmask() is unspecified in multi-threaded programs. Let's
use pthread_sigmask() instead.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Jonathan Calmels <jcalmels@nvidia.com>

Unprivileged containers can safely mount /sys as read-write. This also allows
systemd-udevd to be started in unprivileged containers.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

Resource leak
Signed-off-by: Simos Xenitellis <simos.lists@googlemail.com>

Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

This reverts commit 2ec47d51.

First, I forgot to actually replace strncpy() with strlcpy(). Second, we don't
want to \0-terminate since this is an abstract unix socket and this is not
required. Instead, let's simply use memcpy() which is more correct and also
silences gcc-8.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Starting with commit
55956b59df33 ("vfs: Allow userns root to call mknod on owned filesystems.")
Linux will allow mknod() in user namespaces for userns root if CAP_MKNOD is
available.
However, these device nodes are useless since

static struct super_block *alloc_super(struct file_system_type *type, int flags,
                                       struct user_namespace *user_ns)
{
    /* <snip> */

    if (s->s_user_ns != &init_user_ns)
            s->s_iflags |= SB_I_NODEV;

    /* <snip> */
}

will set the SB_I_NODEV flag on the filesystem. When a device node created in
non-init userns is open()ed the call chain will hit:

bool may_open_dev(const struct path *path)
{
    return !(path->mnt->mnt_flags & MNT_NODEV) &&
            !(path->mnt->mnt_sb->s_iflags & SB_I_NODEV);
}

which will cause an EPERM because the device node is located on an fs
owned by non-init-userns and thus doesn't grant access to device nodes due to
SB_I_NODEV.

This commit enables LXC to deal with such kernels.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The additional \0-byte space added is not needed since IFNAMSIZ needs to
include the \0-byte.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>