Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

The current script doesn't generate a valid configuration for
lxc.network.ipv4 key, it lacking an .address part which lead to:

parse.c: lxc_file_for_each_line: 58 Failed to parse config: lxc.net.0.ipv4 = 192.168.10.101/24
Signed-off-by: Julien Surloppe <julien@surloppe.fr>

This patch fixes
commit 6e62213e ("templates: actually create DOWNLOAD_TEMP directory".
To use mktemp -p correctly the directories need to exist. So call mkdir -p.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

The way 'mktemp' is currently used you will get a temp directory in
$TMPDIR or '/tmp' and DOWNLOAD_TEMP will not be pointing to an actual
directory. This will result in the wget operations failing and the
container will fail to create:

    ERROR: Failed to download http://....

Instead we want to use the '-p' option for mktemp to set the base path
and this will ensure that the temp directory is created in the correct
location and DOWNLOAD_TEMP will be consistent with this location.
Signed-off-by: Mark Asselstine <mark.asselstine@windriver.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

commit 321db026 ("start: fix waitpid() blocking issue") and
commit b2a48508 ("change defines for return value of handlers)
changed the mode of files.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

POSIX specifies [1]:
"If the value of n is zero on a call to snprintf(), nothing shall be written,
the number of bytes that would have been written had n been sufficiently large
excluding the terminating null shall be returned, and s may be a null pointer."

But in case there are any non-sane libcs out there that do actually dereference
the buffer when when 0 is passed as length to snprintf() let's give them a
dummy buffer.

[1]: The Open Group Base Specifications Issue 7, 2018 edition
     IEEE Std 1003.1-2017 (Revision of IEEE Std 1003.1-2008)
     Copyright © 2001-2018 IEEE and The Open Group
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Reported-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

We need to make sure that the ttys are actually initialized otherwise deleting
them is not safe.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

ns_clone_flags is used as a bitmask so initializing it to -1 is a bad idea.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Donghwa Jeong <dh48.jeong@samsung.com>

Closes #2342.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Dereference before null check
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Unchecked return value
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Logically dead code
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Let's error out on syscalls that cannot be resolved or fail to resolve instead
of just warning users.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Be more strict about unrecognized actions. Previously the
parser would happily accept lines with typos like:

  kexec_load errrno 1

(note the extra 'r')
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Moving parse_config_v2 to use getline accidentally parsed
the wrong buffer. Since both _v1 and _v2 now use getline it
seems to be simpler to also use getline() for the first line
before entering the version specific parsers and pass along
the pointer and size so they can reuse them.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: 9c3798eb ("seccomp: parse_config_v2()")

This can happen when the 'errno' action can't parse its
supplied number.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: f67c94d0 ("seccomp: parse_v2_rules()")

Fix an error case not free()ing the line forgotten during
the move from fgets() on a static buffer to using getline.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Fixes: ccf8d128 ("seccomp: parse_config_v1()")