Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Argument cannot be negative
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

These files have never been used and as such have no dependencies in the
codebase whatsoever. So remove them. If we need them we can simply pull them
out of the git history.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

I'm not really sure we should be looking in the rootfs for an existing
init, but I'll send a much more invasive patch to correct that. For now,
let's just make sure we set init_path when we find one, so that later in
execute_start() we don't bail.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

This always works fine... until your exec() fails and you try to go and
free it, you've overwritten the allocator's metadata (and potentially other
stuff) and it fails.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

The errors in execute_start are important because nothing actually prints
out what error if any there was in these cases, so you're left with an
empty log.

The TRACE logs are simply to tell you which version of start lxc chose to
invoke: exec or start.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

This is already done in do_lxcapi_start{l}() so a) no need to do it again here
and b) this would close the state socket pair sockets, corrup the fd, and lead
to EBADF.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The problem here is that lxc-init runs *inside* the container. So if a
person has the log file set to /home/$USER/foo, lxc-init ends up making a
directory /home/$USER/foo inside the container to put the log file in. What
we really want are the logs to be propagated from inside the container to
the outside. We accomplish this by passing an fd without O_CLOEXEC, and
telling lxc-init to log to that file.
Signed-off-by: Tycho Andersen <tycho@tycho.ws>

Use after free
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

There's no need to do string comparisons.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

If they aren't available fallback to BSD flock()s.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Argument cannot be negative
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Resource leak
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Time of check time of use
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unused value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Add inline setns() function to tool_utils.h. Without it
tool_utils.c can't be build when HAVE_SETNS is unset.
Signed-off-by: Serj Kalichev <serj.kalichev@gmail.com>

Signed-off-by: LiFeng <lifeng68@huawei.com>

Signed-off-by: LiFeng <lifeng68@huawei.com>

Signed-off-by: Daniel Selifonov <ds@thyth.com>

Fixes: #2277
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>

lxc_monitor.c uses offsetof(), so it should include
<stddef.h>. Otherwise the build fails with the musl C library:

tools/lxc_monitor.c: In function ‘lxc_abstract_unix_connect’:
tools/lxc_monitor.c:324:9: warning: implicit declaration of function ‘offsetof’ [-Wimplicit-function-declaration]
         offsetof(struct sockaddr_un, sun_path) + len + 1);
         ^~~~~~~~
tools/lxc_monitor.c:324:18: error: expected expression before ‘struct’
         offsetof(struct sockaddr_un, sun_path) + len + 1);
                  ^~~~~~
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>

Always use 022 as the umask when creating the rootfs directory and
executing the template. A too loose umask may cause security issues.
A too strict umask may cause programs to fail inside the container.
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi>

Signed-off-by: Felix Abecassis <fabecassis@nvidia.com>

LXC generates and loads the seccomp-bpf filter in the host/container which
spawn the new container. In other words, userspace N is responsible for
generating and loading the seccomp-bpf filter which restricts userspace N + 1.
Assume 64bit kernel and 32bit userspace running a 64bit container. In this case
the 32-bit x86 userspace is used to create a seccomp-bpf filter for a 64-bit
userspace. Unless one explicitly adds the 64-bit ABI to the libseccomp filter,
or adjusts the default behavior for "BAD_ARCH", *all* 64-bit x86 syscalls will
be blocked.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Suggested-by: Paul Moore <paul@paul-moore.com>