diff -Nru lxc-4.0.2/aclocal.m4 lxc-4.0.6/aclocal.m4 --- lxc-4.0.2/aclocal.m4 2020-04-16 18:17:20.000000000 +0000 +++ lxc-4.0.6/aclocal.m4 2021-01-12 00:20:10.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.16.1 -*- Autoconf -*- +# generated automatically by aclocal 1.16.2 -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,9 +20,9 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -dnl serial 11 (pkg-config-0.29.1) -dnl +# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +# serial 12 (pkg-config-0.29.2) + dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson dnl @@ -63,7 +63,7 @@ dnl See the "Since" comment for each macro you use to see what version dnl of the macros you require. m4_defun([PKG_PREREQ], -[m4_define([PKG_MACROS_VERSION], [0.29.1]) +[m4_define([PKG_MACROS_VERSION], [0.29.2]) m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) ])dnl PKG_PREREQ @@ -164,7 +164,7 @@ AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no -AC_MSG_CHECKING([for $1]) +AC_MSG_CHECKING([for $2]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) @@ -174,11 +174,11 @@ See the pkg-config man page for more details.]) if test $pkg_failed = yes; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` - else + else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs @@ -195,7 +195,7 @@ _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then - AC_MSG_RESULT([no]) + AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full @@ -296,7 +296,7 @@ AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR -# Copyright (C) 2002-2018 Free Software Foundation, Inc. +# Copyright (C) 2002-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -311,7 +311,7 @@ [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.16.1], [], +m4_if([$1], [1.16.2], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -327,14 +327,14 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.16.1])dnl +[AM_AUTOMAKE_VERSION([1.16.2])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -386,7 +386,7 @@ # AM_COND_IF -*- Autoconf -*- -# Copyright (C) 2008-2018 Free Software Foundation, Inc. +# Copyright (C) 2008-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -423,7 +423,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -454,7 +454,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -645,7 +645,7 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -684,7 +684,9 @@ done if test $am_rc -ne 0; then AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. Try re-running configure with the + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE="gmake" (or whatever is + necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking).]) fi @@ -711,7 +713,7 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -908,7 +910,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -929,7 +931,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2018 Free Software Foundation, Inc. +# Copyright (C) 2003-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -950,7 +952,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -993,7 +995,7 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2018 Free Software Foundation, Inc. +# Copyright (C) 1997-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1032,7 +1034,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1061,7 +1063,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1108,7 +1110,7 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1127,7 +1129,7 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1208,7 +1210,7 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2018 Free Software Foundation, Inc. +# Copyright (C) 2009-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1268,7 +1270,7 @@ _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2018 Free Software Foundation, Inc. +# Copyright (C) 2001-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1296,7 +1298,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2018 Free Software Foundation, Inc. +# Copyright (C) 2006-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1315,7 +1317,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2018 Free Software Foundation, Inc. +# Copyright (C) 2004-2020 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/coccinelle/Makefile.in lxc-4.0.6/coccinelle/Makefile.in --- lxc-4.0.2/coccinelle/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/coccinelle/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/CODING_STYLE.md lxc-4.0.6/CODING_STYLE.md --- lxc-4.0.2/CODING_STYLE.md 2020-04-16 18:17:12.000000000 +0000 +++ lxc-4.0.6/CODING_STYLE.md 2021-01-12 00:20:05.000000000 +0000 @@ -733,11 +733,11 @@ ``` For example: ```c -void remount_all_slave(void) +void turn_into_dependent_mounts(void) { __do_free char *line = NULL; __do_fclose FILE *f = NULL; - __do_close_prot_errno int memfd = -EBADF, mntinfo_fd = -EBADF; + __do_close int memfd = -EBADF, mntinfo_fd = -EBADF; int ret; ssize_t copied; size_t len = 0; @@ -780,7 +780,7 @@ return; } - f = fdopen(memfd, "r"); + f = fdopen(memfd, "re"); if (!f) { SYSERROR("Failed to open copy of \"/proc/self/mountinfo\" to mark all shared. Continuing"); return; @@ -810,12 +810,11 @@ null_endofword(target); ret = mount(NULL, target, NULL, MS_SLAVE, NULL); if (ret < 0) { - SYSERROR("Failed to make \"%s\" MS_SLAVE", target); - ERROR("Continuing..."); + SYSERROR("Failed to recursively turn old root mount tree into dependent mount. Continuing..."); continue; } - TRACE("Remounted \"%s\" as MS_SLAVE", target); + TRACE("Recursively turned old root mount tree into dependent mount"); } - TRACE("Remounted all mount table entries as MS_SLAVE"); + TRACE("Turned all mount table entries into dependent mount"); } ``` diff -Nru lxc-4.0.2/config/apparmor/abstractions/start-container lxc-4.0.6/config/apparmor/abstractions/start-container --- lxc-4.0.2/config/apparmor/abstractions/start-container 2020-04-16 18:17:32.000000000 +0000 +++ lxc-4.0.6/config/apparmor/abstractions/start-container 2021-01-12 00:20:21.000000000 +0000 @@ -21,6 +21,9 @@ # allow pre-mount hooks to stage mounts under /var/lib/lxc// mount -> /var/lib/lxc/{**,}, + mount /dev/.lxc-boot-id -> /proc/sys/kernel/random/boot_id, + mount options=(ro, nosuid, nodev, noexec, remount, bind) -> /proc/sys/kernel/random/boot_id, + # required for some pre-mount hooks mount fstype=overlayfs, mount fstype=aufs, diff -Nru lxc-4.0.2/config/apparmor/abstractions/start-container.in lxc-4.0.6/config/apparmor/abstractions/start-container.in --- lxc-4.0.2/config/apparmor/abstractions/start-container.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/apparmor/abstractions/start-container.in 2021-01-12 00:20:05.000000000 +0000 @@ -21,6 +21,9 @@ # allow pre-mount hooks to stage mounts under /var/lib/lxc// mount -> /var/lib/lxc/{**,}, + mount /dev/.lxc-boot-id -> /proc/sys/kernel/random/boot_id, + mount options=(ro, nosuid, nodev, noexec, remount, bind) -> /proc/sys/kernel/random/boot_id, + # required for some pre-mount hooks mount fstype=overlayfs, mount fstype=aufs, diff -Nru lxc-4.0.2/config/apparmor/Makefile.in lxc-4.0.6/config/apparmor/Makefile.in --- lxc-4.0.2/config/apparmor/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/apparmor/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/bash/Makefile.in lxc-4.0.6/config/bash/Makefile.in --- lxc-4.0.2/config/bash/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/bash/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/compile lxc-4.0.6/config/compile --- lxc-4.0.2/config/compile 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/compile 2021-01-12 00:20:11.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify @@ -53,7 +53,7 @@ MINGW*) file_conv=mingw ;; - CYGWIN*) + CYGWIN* | MSYS*) file_conv=cygwin ;; *) @@ -67,7 +67,7 @@ mingw/*) file=`cmd //C echo "$file " | sed -e 's/"\(.*\) " *$/\1/'` ;; - cygwin/*) + cygwin/* | msys/*) file=`cygpath -m "$file" || echo "$file"` ;; wine/*) diff -Nru lxc-4.0.2/config/depcomp lxc-4.0.6/config/depcomp --- lxc-4.0.2/config/depcomp 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/depcomp 2021-01-12 00:20:12.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1999-2018 Free Software Foundation, Inc. +# Copyright (C) 1999-2020 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -Nru lxc-4.0.2/config/etc/Makefile.in lxc-4.0.6/config/etc/Makefile.in --- lxc-4.0.2/config/etc/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/etc/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/init/common/lxc-net.in lxc-4.0.6/config/init/common/lxc-net.in --- lxc-4.0.2/config/init/common/lxc-net.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/init/common/lxc-net.in 2021-01-12 00:20:05.000000000 +0000 @@ -46,7 +46,7 @@ _ifup() { MASK=`_netmask2cidr ${LXC_NETMASK}` CIDR_ADDR="${LXC_ADDR}/${MASK}" - ip addr add ${CIDR_ADDR} dev ${LXC_BRIDGE} + ip addr add ${CIDR_ADDR} broadcast + dev ${LXC_BRIDGE} ip link set dev ${LXC_BRIDGE} address $LXC_BRIDGE_MAC ip link set dev ${LXC_BRIDGE} up } @@ -115,10 +115,9 @@ LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" fi - LXC_DHCP_CONFILE_ARG="" - if [ -n "$LXC_DHCP_CONFILE" ]; then - LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE}" - fi + # lxc's dnsmasq should be hermetic and not read `/etc/dnsmasq.conf` (which + # it does by default if `--conf-file` is not present + LXC_DHCP_CONFILE_ARG="--conf-file=${LXC_DHCP_CONFILE:-/dev/null}" # https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-October/010561.html for DNSMASQ_USER in lxc-dnsmasq dnsmasq nobody diff -Nru lxc-4.0.2/config/init/common/Makefile.in lxc-4.0.6/config/init/common/Makefile.in --- lxc-4.0.2/config/init/common/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/init/common/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/init/Makefile.in lxc-4.0.6/config/init/Makefile.in --- lxc-4.0.2/config/init/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/init/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/init/systemd/lxc.service.in lxc-4.0.6/config/init/systemd/lxc.service.in --- lxc-4.0.2/config/init/systemd/lxc.service.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/init/systemd/lxc.service.in 2021-01-12 00:20:05.000000000 +0000 @@ -14,8 +14,6 @@ # Environment=BOOTUP=serial # Environment=CONSOLETYPE=serial Delegate=yes -StandardOutput=syslog -StandardError=syslog [Install] WantedBy=multi-user.target diff -Nru lxc-4.0.2/config/init/systemd/lxc@.service.in lxc-4.0.6/config/init/systemd/lxc@.service.in --- lxc-4.0.2/config/init/systemd/lxc@.service.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/init/systemd/lxc@.service.in 2021-01-12 00:20:05.000000000 +0000 @@ -14,8 +14,6 @@ # Environment=BOOTUP=serial # Environment=CONSOLETYPE=serial Delegate=yes -StandardOutput=syslog -StandardError=syslog [Install] WantedBy=multi-user.target diff -Nru lxc-4.0.2/config/init/systemd/Makefile.in lxc-4.0.6/config/init/systemd/Makefile.in --- lxc-4.0.2/config/init/systemd/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/init/systemd/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -504,8 +504,8 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: @INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: +@INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am diff -Nru lxc-4.0.2/config/init/sysvinit/Makefile.in lxc-4.0.6/config/init/sysvinit/Makefile.in --- lxc-4.0.2/config/init/sysvinit/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/init/sysvinit/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -428,8 +428,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@INIT_SCRIPT_SYSV_FALSE@install-data-local: @INIT_SCRIPT_SYSV_FALSE@uninstall-local: +@INIT_SCRIPT_SYSV_FALSE@install-data-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am diff -Nru lxc-4.0.2/config/init/upstart/Makefile.in lxc-4.0.6/config/init/upstart/Makefile.in --- lxc-4.0.2/config/init/upstart/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/init/upstart/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -423,8 +423,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@INIT_SCRIPT_UPSTART_FALSE@uninstall-local: @INIT_SCRIPT_UPSTART_FALSE@install-data-local: +@INIT_SCRIPT_UPSTART_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am diff -Nru lxc-4.0.2/config/install-sh lxc-4.0.6/config/install-sh --- lxc-4.0.2/config/install-sh 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/install-sh 2021-01-12 00:20:11.000000000 +0000 @@ -451,7 +451,18 @@ trap 'ret=$?; rm -f "$dsttmp" "$rmtmp" && exit $ret' 0 # Copy the file name to the temp name. - (umask $cp_umask && $doit_exec $cpprog "$src" "$dsttmp") && + (umask $cp_umask && + { test -z "$stripcmd" || { + # Create $dsttmp read-write so that cp doesn't create it read-only, + # which would cause strip to fail. + if test -z "$doit"; then + : >"$dsttmp" # No need to fork-exec 'touch'. + else + $doit touch "$dsttmp" + fi + } + } && + $doit_exec $cpprog "$src" "$dsttmp") && # and set any options; do chmod last to preserve setuid bits. # diff -Nru lxc-4.0.2/config/Makefile.in lxc-4.0.6/config/Makefile.in --- lxc-4.0.2/config/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/missing lxc-4.0.6/config/missing --- lxc-4.0.2/config/missing 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/missing 2021-01-12 00:20:11.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2018-03-07.03; # UTC -# Copyright (C) 1996-2018 Free Software Foundation, Inc. +# Copyright (C) 1996-2020 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify diff -Nru lxc-4.0.2/config/selinux/Makefile.in lxc-4.0.6/config/selinux/Makefile.in --- lxc-4.0.2/config/selinux/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/selinux/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/sysconfig/Makefile.in lxc-4.0.6/config/sysconfig/Makefile.in --- lxc-4.0.2/config/sysconfig/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/sysconfig/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/templates/common.conf.d/Makefile.in lxc-4.0.6/config/templates/common.conf.d/Makefile.in --- lxc-4.0.2/config/templates/common.conf.d/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/templates/common.conf.d/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/templates/common.conf.in lxc-4.0.6/config/templates/common.conf.in --- lxc-4.0.2/config/templates/common.conf.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/templates/common.conf.in 2021-01-12 00:20:05.000000000 +0000 @@ -15,7 +15,9 @@ # Ensure hostname is changed on clone lxc.hook.clone = @LXCHOOKDIR@/clonehostname -# CGroup whitelist +# Default legacy cgroup configuration +# +# CGroup allowlist lxc.cgroup.devices.deny = a ## Allow any mknod (but not reading/writing the node) lxc.cgroup.devices.allow = c *:* m @@ -42,6 +44,35 @@ ### fuse lxc.cgroup.devices.allow = c 10:229 rwm +# Default unified cgroup configuration +# +# CGroup allowlist +lxc.cgroup2.devices.deny = a +## Allow any mknod (but not reading/writing the node) +lxc.cgroup2.devices.allow = c *:* m +lxc.cgroup2.devices.allow = b *:* m +## Allow specific devices +### /dev/null +lxc.cgroup2.devices.allow = c 1:3 rwm +### /dev/zero +lxc.cgroup2.devices.allow = c 1:5 rwm +### /dev/full +lxc.cgroup2.devices.allow = c 1:7 rwm +### /dev/tty +lxc.cgroup2.devices.allow = c 5:0 rwm +### /dev/console +lxc.cgroup2.devices.allow = c 5:1 rwm +### /dev/ptmx +lxc.cgroup2.devices.allow = c 5:2 rwm +### /dev/random +lxc.cgroup2.devices.allow = c 1:8 rwm +### /dev/urandom +lxc.cgroup2.devices.allow = c 1:9 rwm +### /dev/pts/* +lxc.cgroup2.devices.allow = c 136:* rwm +### fuse +lxc.cgroup2.devices.allow = c 10:229 rwm + # Setup the default mounts lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 diff -Nru lxc-4.0.2/config/templates/common.seccomp lxc-4.0.6/config/templates/common.seccomp --- lxc-4.0.2/config/templates/common.seccomp 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/templates/common.seccomp 2021-01-12 00:20:05.000000000 +0000 @@ -1,5 +1,5 @@ 2 -blacklist +denylist reject_force_umount # comment this to allow umount -f; not recommended [all] kexec_load errno 1 diff -Nru lxc-4.0.2/config/templates/Makefile.in lxc-4.0.6/config/templates/Makefile.in --- lxc-4.0.2/config/templates/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/templates/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/config/templates/userns.conf.in lxc-4.0.6/config/templates/userns.conf.in --- lxc-4.0.2/config/templates/userns.conf.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/templates/userns.conf.in 2021-01-12 00:20:05.000000000 +0000 @@ -1,7 +1,15 @@ # CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +# +# Default legacy cgroup configuration +# lxc.cgroup.devices.deny = lxc.cgroup.devices.allow = +# Default unified cgroup configuration +# +lxc.cgroup2.devices.deny = +lxc.cgroup2.devices.allow = + # Start with a full set of capabilities in user namespaces. lxc.cap.drop = lxc.cap.keep = diff -Nru lxc-4.0.2/config/yum/lxc-patch.py lxc-4.0.6/config/yum/lxc-patch.py --- lxc-4.0.2/config/yum/lxc-patch.py 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/config/yum/lxc-patch.py 2021-01-12 00:20:05.000000000 +0000 @@ -24,7 +24,6 @@ import os from fnmatch import fnmatch from yum.plugins import TYPE_INTERACTIVE -from yum.plugins import PluginYumExit requires_api_version = '2.0' plugin_type = (TYPE_INTERACTIVE,) diff -Nru lxc-4.0.2/config/yum/Makefile.in lxc-4.0.6/config/yum/Makefile.in --- lxc-4.0.2/config/yum/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/config/yum/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/configure lxc-4.0.6/configure --- lxc-4.0.2/configure 2020-04-16 18:17:21.000000000 +0000 +++ lxc-4.0.6/configure 2021-01-12 00:20:10.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc 4.0.2. +# Generated by GNU Autoconf 2.69 for lxc 4.0.6. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -587,8 +587,8 @@ # Identity of this package. PACKAGE_NAME='lxc' PACKAGE_TARNAME='lxc' -PACKAGE_VERSION='4.0.2' -PACKAGE_STRING='lxc 4.0.2' +PACKAGE_VERSION='4.0.6' +PACKAGE_STRING='lxc 4.0.6' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -659,6 +659,8 @@ HAVE_PRLIMIT64_TRUE HAVE_PRLIMIT_FALSE HAVE_PRLIMIT_TRUE +HAVE_OPENPTY_FALSE +HAVE_OPENPTY_TRUE HAVE_KEYCTL_FALSE HAVE_KEYCTL_TRUE HAVE_FGETLN_FALSE @@ -1514,7 +1516,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc 4.0.2 to adapt to many kinds of systems. +\`configure' configures lxc 4.0.6 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1585,7 +1587,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc 4.0.2:";; + short | recursive ) echo "Configuration of lxc 4.0.6:";; esac cat <<\_ACEOF @@ -1760,7 +1762,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc configure 4.0.2 +lxc configure 4.0.6 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2221,11 +2223,68 @@ eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno } # ac_fn_c_check_decl + +# ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES +# ---------------------------------------------------- +# Tries to find if the field MEMBER exists in type AGGR, after including +# INCLUDES, setting cache variable VAR accordingly. +ac_fn_c_check_member () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for $2.$3" >&5 +$as_echo_n "checking for $2.$3... " >&6; } +if eval \${$4+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$5 +int +main () +{ +static $2 ac_aggr; +if (sizeof ac_aggr.$3) +return 0; + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + eval "$4=yes" +else + eval "$4=no" +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +eval ac_res=\$$4 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_res" >&5 +$as_echo "$ac_res" >&6; } + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + +} # ac_fn_c_check_member cat >config.log <<_ACEOF This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc $as_me 4.0.2, which was +It was created by lxc $as_me 4.0.6, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2696,7 +2755,7 @@ fi fi -LXC_VERSION_BASE=4.0.2 +LXC_VERSION_BASE=4.0.6 @@ -2704,9 +2763,9 @@ LXC_VERSION_MINOR=0 -LXC_VERSION_MICRO=2 +LXC_VERSION_MICRO=6 -LXC_VERSION=4.0.2 +LXC_VERSION=4.0.6 LXC_DEVEL=0 @@ -3238,7 +3297,7 @@ # Define the identity of the package. PACKAGE='lxc' - VERSION='4.0.2' + VERSION='4.0.6' cat >>confdefs.h <<_ACEOF @@ -13516,8 +13575,8 @@ if test -z "$ENABLE_SECCOMP_TRUE"; then : pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SECCOMP" >&5 -$as_echo_n "checking for SECCOMP... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for libseccomp" >&5 +$as_echo_n "checking for libseccomp... " >&6; } if test -n "$SECCOMP_CFLAGS"; then pkg_cv_SECCOMP_CFLAGS="$SECCOMP_CFLAGS" @@ -13557,7 +13616,7 @@ if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -13633,7 +13692,7 @@ elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ac_fn_c_check_header_mongrel "$LINENO" "seccomp.h" "ac_cv_header_seccomp_h" "$ac_includes_default" @@ -15325,7 +15384,7 @@ # Check for some syscalls functions -for ac_func in setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create +for ac_func in setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount, openat2 do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -15337,6 +15396,50 @@ fi done +ac_fn_c_check_type "$LINENO" "struct open_how" "ac_cv_type_struct_open_how" "#include +" +if test "x$ac_cv_type_struct_open_how" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_OPEN_HOW 1 +_ACEOF + + +fi + +ac_fn_c_check_type "$LINENO" "struct clone_args" "ac_cv_type_struct_clone_args" "#include +" +if test "x$ac_cv_type_struct_clone_args" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_CLONE_ARGS 1 +_ACEOF + + +fi + +ac_fn_c_check_member "$LINENO" "struct clone_args" "set_tid" "ac_cv_member_struct_clone_args_set_tid" "#include +" +if test "x$ac_cv_member_struct_clone_args_set_tid" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_CLONE_ARGS_SET_TID 1 +_ACEOF + + +fi + +ac_fn_c_check_member "$LINENO" "struct clone_args" "cgroup" "ac_cv_member_struct_clone_args_cgroup" "#include +" +if test "x$ac_cv_member_struct_clone_args_cgroup" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE_STRUCT_CLONE_ARGS_CGROUP 1 +_ACEOF + + +fi + # Check for strerror_r() support. Defines: # - HAVE_STRERROR_R if available @@ -15577,7 +15680,7 @@ fi -for ac_func in openpty hasmntopt setmntent endmntent utmpxname +for ac_func in hasmntopt setmntent endmntent utmpxname do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -15739,6 +15842,36 @@ fi done +for ac_func in openpty +do : + ac_fn_c_check_func "$LINENO" "openpty" "ac_cv_func_openpty" +if test "x$ac_cv_func_openpty" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_OPENPTY 1 +_ACEOF + if true; then + HAVE_OPENPTY_TRUE= + HAVE_OPENPTY_FALSE='#' +else + HAVE_OPENPTY_TRUE='#' + HAVE_OPENPTY_FALSE= +fi + + +$as_echo "#define HAVE_OPENPTY 1" >>confdefs.h + +else + if false; then + HAVE_OPENPTY_TRUE= + HAVE_OPENPTY_FALSE='#' +else + HAVE_OPENPTY_TRUE='#' + HAVE_OPENPTY_FALSE= +fi + +fi +done + for ac_func in prlimit do : ac_fn_c_check_func "$LINENO" "prlimit" "ac_cv_func_prlimit" @@ -17894,6 +18027,146 @@ : fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Warray-bounds" >&5 +$as_echo_n "checking whether C compiler accepts -Warray-bounds... " >&6; } +if ${ax_cv_check_cflags__Werror__Warray_bounds+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Werror -Warray-bounds" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags__Werror__Warray_bounds=yes +else + ax_cv_check_cflags__Werror__Warray_bounds=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror__Warray_bounds" >&5 +$as_echo "$ax_cv_check_cflags__Werror__Warray_bounds" >&6; } +if test "x$ax_cv_check_cflags__Werror__Warray_bounds" = xyes; then : + CFLAGS="$CFLAGS -Warray-bounds" +else + : +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wrestrict" >&5 +$as_echo_n "checking whether C compiler accepts -Wrestrict... " >&6; } +if ${ax_cv_check_cflags__Werror__Wrestrict+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Werror -Wrestrict" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags__Werror__Wrestrict=yes +else + ax_cv_check_cflags__Werror__Wrestrict=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror__Wrestrict" >&5 +$as_echo "$ax_cv_check_cflags__Werror__Wrestrict" >&6; } +if test "x$ax_cv_check_cflags__Werror__Wrestrict" = xyes; then : + CFLAGS="$CFLAGS -Wrestrict" +else + : +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wreturn-local-addr" >&5 +$as_echo_n "checking whether C compiler accepts -Wreturn-local-addr... " >&6; } +if ${ax_cv_check_cflags__Werror__Wreturn_local_addr+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Werror -Wreturn-local-addr" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags__Werror__Wreturn_local_addr=yes +else + ax_cv_check_cflags__Werror__Wreturn_local_addr=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror__Wreturn_local_addr" >&5 +$as_echo "$ax_cv_check_cflags__Werror__Wreturn_local_addr" >&6; } +if test "x$ax_cv_check_cflags__Werror__Wreturn_local_addr" = xyes; then : + CFLAGS="$CFLAGS -Wreturn-local-addr" +else + : +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether C compiler accepts -Wstringop-overflow" >&5 +$as_echo_n "checking whether C compiler accepts -Wstringop-overflow... " >&6; } +if ${ax_cv_check_cflags__Werror__Wstringop_overflow+:} false; then : + $as_echo_n "(cached) " >&6 +else + + ax_check_save_flags=$CFLAGS + CFLAGS="$CFLAGS -Werror -Wstringop-overflow" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ax_cv_check_cflags__Werror__Wstringop_overflow=yes +else + ax_cv_check_cflags__Werror__Wstringop_overflow=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + CFLAGS=$ax_check_save_flags +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ax_cv_check_cflags__Werror__Wstringop_overflow" >&5 +$as_echo "$ax_cv_check_cflags__Werror__Wstringop_overflow" >&6; } +if test "x$ax_cv_check_cflags__Werror__Wstringop_overflow" = xyes; then : + CFLAGS="$CFLAGS -Wstringop-overflow" +else + : +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether the linker accepts -z relro" >&5 $as_echo_n "checking whether the linker accepts -z relro... " >&6; } @@ -17968,7 +18241,7 @@ fi -CFLAGS="$CFLAGS -Wvla -std=gnu11" +CFLAGS="$CFLAGS -Wvla -std=gnu11 -fms-extensions" if test "x$enable_werror" = "xyes"; then CFLAGS="$CFLAGS -Werror" fi @@ -18044,8 +18317,8 @@ if test -z "$ENABLE_DLOG_TRUE"; then : pkg_failed=no -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DLOG" >&5 -$as_echo_n "checking for DLOG... " >&6; } +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for dlog" >&5 +$as_echo_n "checking for dlog... " >&6; } if test -n "$DLOG_CFLAGS"; then pkg_cv_DLOG_CFLAGS="$DLOG_CFLAGS" @@ -18085,7 +18358,7 @@ if test $pkg_failed = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -18161,7 +18434,7 @@ elif test $pkg_failed = untried; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } ac_fn_c_check_header_mongrel "$LINENO" "dlog.h" "ac_cv_header_dlog_h" "$ac_includes_default" @@ -18552,6 +18825,14 @@ as_fn_error $? "conditional \"HAVE_KEYCTL\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${HAVE_OPENPTY_TRUE}" && test -z "${HAVE_OPENPTY_FALSE}"; then + as_fn_error $? "conditional \"HAVE_OPENPTY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_OPENPTY_TRUE}" && test -z "${HAVE_OPENPTY_FALSE}"; then + as_fn_error $? "conditional \"HAVE_OPENPTY\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${HAVE_PRLIMIT_TRUE}" && test -z "${HAVE_PRLIMIT_FALSE}"; then as_fn_error $? "conditional \"HAVE_PRLIMIT\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -19013,7 +19294,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc $as_me 4.0.2, which was +This file was extended by lxc $as_me 4.0.6, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -19083,7 +19364,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lxc config.status 4.0.2 +lxc config.status 4.0.6 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -20372,7 +20653,9 @@ { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 $as_echo "$as_me: error: in \`$ac_pwd':" >&2;} as_fn_error $? "Something went wrong bootstrapping makefile fragments - for automatic dependency tracking. Try re-running configure with the + for automatic dependency tracking. If GNU make was not used, consider + re-running the configure script with MAKE=\"gmake\" (or whatever is + necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking). See \`config.log' for more details" "$LINENO" 5; } diff -Nru lxc-4.0.2/configure.ac lxc-4.0.6/configure.ac --- lxc-4.0.2/configure.ac 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/configure.ac 2021-01-12 00:20:05.000000000 +0000 @@ -3,7 +3,7 @@ m4_define([lxc_devel], 0) m4_define([lxc_version_major], 4) m4_define([lxc_version_minor], 0) -m4_define([lxc_version_micro], 2) +m4_define([lxc_version_micro], 6) m4_define([lxc_version_beta], []) m4_define([lxc_abi_major], 1) @@ -622,7 +622,11 @@ AC_HEADER_MAJOR # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount, openat2]) +AC_CHECK_TYPES([struct open_how], [], [], [[#include ]]) +AC_CHECK_TYPES([struct clone_args], [], [], [[#include ]]) +AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include ]]) +AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include ]]) # Check for strerror_r() support. Defines: # - HAVE_STRERROR_R if available @@ -660,7 +664,7 @@ AC_CHECK_LIB(pthread, main) AC_CHECK_FUNCS(statvfs) AC_CHECK_LIB(util, openpty) -AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent utmpxname]) +AC_CHECK_FUNCS([hasmntopt setmntent endmntent utmpxname]) AC_CHECK_FUNCS([getgrgid_r], AM_CONDITIONAL(HAVE_GETGRGID_R, true) AC_DEFINE(HAVE_GETGRGID_R,1,[Have getgrgid_r]), @@ -681,6 +685,10 @@ AM_CONDITIONAL(HAVE_KEYCTL, true) AC_DEFINE(HAVE_KEYCTL,1,[Have keyctl]), AM_CONDITIONAL(HAVE_KEYCTL, false)) +AC_CHECK_FUNCS([openpty], + AM_CONDITIONAL(HAVE_OPENPTY, true) + AC_DEFINE(HAVE_OPENPTY,1,[Have openpty]), + AM_CONDITIONAL(HAVE_OPENPTY, false)) AC_CHECK_FUNCS([prlimit], AM_CONDITIONAL(HAVE_PRLIMIT, true) AC_DEFINE(HAVE_PRLIMIT,1,[Have prlimit]), @@ -753,11 +761,15 @@ AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror]) AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Warray-bounds], [CFLAGS="$CFLAGS -Warray-bounds"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wrestrict], [CFLAGS="$CFLAGS -Wrestrict"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wreturn-local-addr], [CFLAGS="$CFLAGS -Wreturn-local-addr"],,[-Werror]) +AX_CHECK_COMPILE_FLAG([-Wstringop-overflow], [CFLAGS="$CFLAGS -Wstringop-overflow"],,[-Werror]) AX_CHECK_LINK_FLAG([-z relro], [LDFLAGS="$LDFLAGS -z relro"],,[]) AX_CHECK_LINK_FLAG([-z now], [LDFLAGS="$LDFLAGS -z now"],,[]) -CFLAGS="$CFLAGS -Wvla -std=gnu11" +CFLAGS="$CFLAGS -Wvla -std=gnu11 -fms-extensions" if test "x$enable_werror" = "xyes"; then CFLAGS="$CFLAGS -Werror" fi diff -Nru lxc-4.0.2/COPYING lxc-4.0.6/COPYING --- lxc-4.0.2/COPYING 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/COPYING 2021-01-12 00:20:05.000000000 +0000 @@ -1,674 +1,2 @@ - GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007 - - Copyright (C) 2007 Free Software Foundation, Inc. - Everyone is permitted to copy and distribute verbatim copies - of this license document, but changing it is not allowed. - - Preamble - - The GNU General Public License is a free, copyleft license for -software and other kinds of works. - - The licenses for most software and other practical works are designed -to take away your freedom to share and change the works. By contrast, -the GNU General Public License is intended to guarantee your freedom to -share and change all versions of a program--to make sure it remains free -software for all its users. We, the Free Software Foundation, use the -GNU General Public License for most of our software; it applies also to -any other work released this way by its authors. You can apply it to -your programs, too. - - When we speak of free software, we are referring to freedom, not -price. Our General Public Licenses are designed to make sure that you -have the freedom to distribute copies of free software (and charge for -them if you wish), that you receive source code or can get it if you -want it, that you can change the software or use pieces of it in new -free programs, and that you know you can do these things. - - To protect your rights, we need to prevent others from denying you -these rights or asking you to surrender the rights. Therefore, you have -certain responsibilities if you distribute copies of the software, or if -you modify it: responsibilities to respect the freedom of others. - - For example, if you distribute copies of such a program, whether -gratis or for a fee, you must pass on to the recipients the same -freedoms that you received. You must make sure that they, too, receive -or can get the source code. And you must show them these terms so they -know their rights. - - Developers that use the GNU GPL protect your rights with two steps: -(1) assert copyright on the software, and (2) offer you this License -giving you legal permission to copy, distribute and/or modify it. - - For the developers' and authors' protection, the GPL clearly explains -that there is no warranty for this free software. For both users' and -authors' sake, the GPL requires that modified versions be marked as -changed, so that their problems will not be attributed erroneously to -authors of previous versions. - - Some devices are designed to deny users access to install or run -modified versions of the software inside them, although the manufacturer -can do so. This is fundamentally incompatible with the aim of -protecting users' freedom to change the software. The systematic -pattern of such abuse occurs in the area of products for individuals to -use, which is precisely where it is most unacceptable. Therefore, we -have designed this version of the GPL to prohibit the practice for those -products. If such problems arise substantially in other domains, we -stand ready to extend this provision to those domains in future versions -of the GPL, as needed to protect the freedom of users. - - Finally, every program is threatened constantly by software patents. -States should not allow patents to restrict development and use of -software on general-purpose computers, but in those that do, we wish to -avoid the special danger that patents applied to a free program could -make it effectively proprietary. To prevent this, the GPL assures that -patents cannot be used to render the program non-free. - - The precise terms and conditions for copying, distribution and -modification follow. - - TERMS AND CONDITIONS - - 0. Definitions. - - "This License" refers to version 3 of the GNU General Public License. - - "Copyright" also means copyright-like laws that apply to other kinds of -works, such as semiconductor masks. - - "The Program" refers to any copyrightable work licensed under this -License. Each licensee is addressed as "you". "Licensees" and -"recipients" may be individuals or organizations. - - To "modify" a work means to copy from or adapt all or part of the work -in a fashion requiring copyright permission, other than the making of an -exact copy. The resulting work is called a "modified version" of the -earlier work or a work "based on" the earlier work. - - A "covered work" means either the unmodified Program or a work based -on the Program. - - To "propagate" a work means to do anything with it that, without -permission, would make you directly or secondarily liable for -infringement under applicable copyright law, except executing it on a -computer or modifying a private copy. Propagation includes copying, -distribution (with or without modification), making available to the -public, and in some countries other activities as well. - - To "convey" a work means any kind of propagation that enables other -parties to make or receive copies. Mere interaction with a user through -a computer network, with no transfer of a copy, is not conveying. - - An interactive user interface displays "Appropriate Legal Notices" -to the extent that it includes a convenient and prominently visible -feature that (1) displays an appropriate copyright notice, and (2) -tells the user that there is no warranty for the work (except to the -extent that warranties are provided), that licensees may convey the -work under this License, and how to view a copy of this License. If -the interface presents a list of user commands or options, such as a -menu, a prominent item in the list meets this criterion. - - 1. Source Code. - - The "source code" for a work means the preferred form of the work -for making modifications to it. "Object code" means any non-source -form of a work. - - A "Standard Interface" means an interface that either is an official -standard defined by a recognized standards body, or, in the case of -interfaces specified for a particular programming language, one that -is widely used among developers working in that language. - - The "System Libraries" of an executable work include anything, other -than the work as a whole, that (a) is included in the normal form of -packaging a Major Component, but which is not part of that Major -Component, and (b) serves only to enable use of the work with that -Major Component, or to implement a Standard Interface for which an -implementation is available to the public in source code form. A -"Major Component", in this context, means a major essential component -(kernel, window system, and so on) of the specific operating system -(if any) on which the executable work runs, or a compiler used to -produce the work, or an object code interpreter used to run it. - - The "Corresponding Source" for a work in object code form means all -the source code needed to generate, install, and (for an executable -work) run the object code and to modify the work, including scripts to -control those activities. However, it does not include the work's -System Libraries, or general-purpose tools or generally available free -programs which are used unmodified in performing those activities but -which are not part of the work. For example, Corresponding Source -includes interface definition files associated with source files for -the work, and the source code for shared libraries and dynamically -linked subprograms that the work is specifically designed to require, -such as by intimate data communication or control flow between those -subprograms and other parts of the work. - - The Corresponding Source need not include anything that users -can regenerate automatically from other parts of the Corresponding -Source. - - The Corresponding Source for a work in source code form is that -same work. - - 2. Basic Permissions. - - All rights granted under this License are granted for the term of -copyright on the Program, and are irrevocable provided the stated -conditions are met. This License explicitly affirms your unlimited -permission to run the unmodified Program. The output from running a -covered work is covered by this License only if the output, given its -content, constitutes a covered work. This License acknowledges your -rights of fair use or other equivalent, as provided by copyright law. - - You may make, run and propagate covered works that you do not -convey, without conditions so long as your license otherwise remains -in force. You may convey covered works to others for the sole purpose -of having them make modifications exclusively for you, or provide you -with facilities for running those works, provided that you comply with -the terms of this License in conveying all material for which you do -not control copyright. Those thus making or running the covered works -for you must do so exclusively on your behalf, under your direction -and control, on terms that prohibit them from making any copies of -your copyrighted material outside their relationship with you. - - Conveying under any other circumstances is permitted solely under -the conditions stated below. Sublicensing is not allowed; section 10 -makes it unnecessary. - - 3. Protecting Users' Legal Rights From Anti-Circumvention Law. - - No covered work shall be deemed part of an effective technological -measure under any applicable law fulfilling obligations under article -11 of the WIPO copyright treaty adopted on 20 December 1996, or -similar laws prohibiting or restricting circumvention of such -measures. - - When you convey a covered work, you waive any legal power to forbid -circumvention of technological measures to the extent such circumvention -is effected by exercising rights under this License with respect to -the covered work, and you disclaim any intention to limit operation or -modification of the work as a means of enforcing, against the work's -users, your or third parties' legal rights to forbid circumvention of -technological measures. - - 4. Conveying Verbatim Copies. - - You may convey verbatim copies of the Program's source code as you -receive it, in any medium, provided that you conspicuously and -appropriately publish on each copy an appropriate copyright notice; -keep intact all notices stating that this License and any -non-permissive terms added in accord with section 7 apply to the code; -keep intact all notices of the absence of any warranty; and give all -recipients a copy of this License along with the Program. - - You may charge any price or no price for each copy that you convey, -and you may offer support or warranty protection for a fee. - - 5. Conveying Modified Source Versions. - - You may convey a work based on the Program, or the modifications to -produce it from the Program, in the form of source code under the -terms of section 4, provided that you also meet all of these conditions: - - a) The work must carry prominent notices stating that you modified - it, and giving a relevant date. - - b) The work must carry prominent notices stating that it is - released under this License and any conditions added under section - 7. This requirement modifies the requirement in section 4 to - "keep intact all notices". - - c) You must license the entire work, as a whole, under this - License to anyone who comes into possession of a copy. This - License will therefore apply, along with any applicable section 7 - additional terms, to the whole of the work, and all its parts, - regardless of how they are packaged. This License gives no - permission to license the work in any other way, but it does not - invalidate such permission if you have separately received it. - - d) If the work has interactive user interfaces, each must display - Appropriate Legal Notices; however, if the Program has interactive - interfaces that do not display Appropriate Legal Notices, your - work need not make them do so. - - A compilation of a covered work with other separate and independent -works, which are not by their nature extensions of the covered work, -and which are not combined with it such as to form a larger program, -in or on a volume of a storage or distribution medium, is called an -"aggregate" if the compilation and its resulting copyright are not -used to limit the access or legal rights of the compilation's users -beyond what the individual works permit. Inclusion of a covered work -in an aggregate does not cause this License to apply to the other -parts of the aggregate. - - 6. Conveying Non-Source Forms. - - You may convey a covered work in object code form under the terms -of sections 4 and 5, provided that you also convey the -machine-readable Corresponding Source under the terms of this License, -in one of these ways: - - a) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by the - Corresponding Source fixed on a durable physical medium - customarily used for software interchange. - - b) Convey the object code in, or embodied in, a physical product - (including a physical distribution medium), accompanied by a - written offer, valid for at least three years and valid for as - long as you offer spare parts or customer support for that product - model, to give anyone who possesses the object code either (1) a - copy of the Corresponding Source for all the software in the - product that is covered by this License, on a durable physical - medium customarily used for software interchange, for a price no - more than your reasonable cost of physically performing this - conveying of source, or (2) access to copy the - Corresponding Source from a network server at no charge. - - c) Convey individual copies of the object code with a copy of the - written offer to provide the Corresponding Source. This - alternative is allowed only occasionally and noncommercially, and - only if you received the object code with such an offer, in accord - with subsection 6b. - - d) Convey the object code by offering access from a designated - place (gratis or for a charge), and offer equivalent access to the - Corresponding Source in the same way through the same place at no - further charge. You need not require recipients to copy the - Corresponding Source along with the object code. If the place to - copy the object code is a network server, the Corresponding Source - may be on a different server (operated by you or a third party) - that supports equivalent copying facilities, provided you maintain - clear directions next to the object code saying where to find the - Corresponding Source. Regardless of what server hosts the - Corresponding Source, you remain obligated to ensure that it is - available for as long as needed to satisfy these requirements. - - e) Convey the object code using peer-to-peer transmission, provided - you inform other peers where the object code and Corresponding - Source of the work are being offered to the general public at no - charge under subsection 6d. - - A separable portion of the object code, whose source code is excluded -from the Corresponding Source as a System Library, need not be -included in conveying the object code work. - - A "User Product" is either (1) a "consumer product", which means any -tangible personal property which is normally used for personal, family, -or household purposes, or (2) anything designed or sold for incorporation -into a dwelling. In determining whether a product is a consumer product, -doubtful cases shall be resolved in favor of coverage. For a particular -product received by a particular user, "normally used" refers to a -typical or common use of that class of product, regardless of the status -of the particular user or of the way in which the particular user -actually uses, or expects or is expected to use, the product. A product -is a consumer product regardless of whether the product has substantial -commercial, industrial or non-consumer uses, unless such uses represent -the only significant mode of use of the product. - - "Installation Information" for a User Product means any methods, -procedures, authorization keys, or other information required to install -and execute modified versions of a covered work in that User Product from -a modified version of its Corresponding Source. The information must -suffice to ensure that the continued functioning of the modified object -code is in no case prevented or interfered with solely because -modification has been made. - - If you convey an object code work under this section in, or with, or -specifically for use in, a User Product, and the conveying occurs as -part of a transaction in which the right of possession and use of the -User Product is transferred to the recipient in perpetuity or for a -fixed term (regardless of how the transaction is characterized), the -Corresponding Source conveyed under this section must be accompanied -by the Installation Information. But this requirement does not apply -if neither you nor any third party retains the ability to install -modified object code on the User Product (for example, the work has -been installed in ROM). - - The requirement to provide Installation Information does not include a -requirement to continue to provide support service, warranty, or updates -for a work that has been modified or installed by the recipient, or for -the User Product in which it has been modified or installed. Access to a -network may be denied when the modification itself materially and -adversely affects the operation of the network or violates the rules and -protocols for communication across the network. - - Corresponding Source conveyed, and Installation Information provided, -in accord with this section must be in a format that is publicly -documented (and with an implementation available to the public in -source code form), and must require no special password or key for -unpacking, reading or copying. - - 7. Additional Terms. - - "Additional permissions" are terms that supplement the terms of this -License by making exceptions from one or more of its conditions. -Additional permissions that are applicable to the entire Program shall -be treated as though they were included in this License, to the extent -that they are valid under applicable law. If additional permissions -apply only to part of the Program, that part may be used separately -under those permissions, but the entire Program remains governed by -this License without regard to the additional permissions. - - When you convey a copy of a covered work, you may at your option -remove any additional permissions from that copy, or from any part of -it. (Additional permissions may be written to require their own -removal in certain cases when you modify the work.) You may place -additional permissions on material, added by you to a covered work, -for which you have or can give appropriate copyright permission. - - Notwithstanding any other provision of this License, for material you -add to a covered work, you may (if authorized by the copyright holders of -that material) supplement the terms of this License with terms: - - a) Disclaiming warranty or limiting liability differently from the - terms of sections 15 and 16 of this License; or - - b) Requiring preservation of specified reasonable legal notices or - author attributions in that material or in the Appropriate Legal - Notices displayed by works containing it; or - - c) Prohibiting misrepresentation of the origin of that material, or - requiring that modified versions of such material be marked in - reasonable ways as different from the original version; or - - d) Limiting the use for publicity purposes of names of licensors or - authors of the material; or - - e) Declining to grant rights under trademark law for use of some - trade names, trademarks, or service marks; or - - f) Requiring indemnification of licensors and authors of that - material by anyone who conveys the material (or modified versions of - it) with contractual assumptions of liability to the recipient, for - any liability that these contractual assumptions directly impose on - those licensors and authors. - - All other non-permissive additional terms are considered "further -restrictions" within the meaning of section 10. If the Program as you -received it, or any part of it, contains a notice stating that it is -governed by this License along with a term that is a further -restriction, you may remove that term. If a license document contains -a further restriction but permits relicensing or conveying under this -License, you may add to a covered work material governed by the terms -of that license document, provided that the further restriction does -not survive such relicensing or conveying. - - If you add terms to a covered work in accord with this section, you -must place, in the relevant source files, a statement of the -additional terms that apply to those files, or a notice indicating -where to find the applicable terms. - - Additional terms, permissive or non-permissive, may be stated in the -form of a separately written license, or stated as exceptions; -the above requirements apply either way. - - 8. Termination. - - You may not propagate or modify a covered work except as expressly -provided under this License. Any attempt otherwise to propagate or -modify it is void, and will automatically terminate your rights under -this License (including any patent licenses granted under the third -paragraph of section 11). - - However, if you cease all violation of this License, then your -license from a particular copyright holder is reinstated (a) -provisionally, unless and until the copyright holder explicitly and -finally terminates your license, and (b) permanently, if the copyright -holder fails to notify you of the violation by some reasonable means -prior to 60 days after the cessation. - - Moreover, your license from a particular copyright holder is -reinstated permanently if the copyright holder notifies you of the -violation by some reasonable means, this is the first time you have -received notice of violation of this License (for any work) from that -copyright holder, and you cure the violation prior to 30 days after -your receipt of the notice. - - Termination of your rights under this section does not terminate the -licenses of parties who have received copies or rights from you under -this License. If your rights have been terminated and not permanently -reinstated, you do not qualify to receive new licenses for the same -material under section 10. - - 9. Acceptance Not Required for Having Copies. - - You are not required to accept this License in order to receive or -run a copy of the Program. Ancillary propagation of a covered work -occurring solely as a consequence of using peer-to-peer transmission -to receive a copy likewise does not require acceptance. However, -nothing other than this License grants you permission to propagate or -modify any covered work. These actions infringe copyright if you do -not accept this License. Therefore, by modifying or propagating a -covered work, you indicate your acceptance of this License to do so. - - 10. Automatic Licensing of Downstream Recipients. - - Each time you convey a covered work, the recipient automatically -receives a license from the original licensors, to run, modify and -propagate that work, subject to this License. You are not responsible -for enforcing compliance by third parties with this License. - - An "entity transaction" is a transaction transferring control of an -organization, or substantially all assets of one, or subdividing an -organization, or merging organizations. If propagation of a covered -work results from an entity transaction, each party to that -transaction who receives a copy of the work also receives whatever -licenses to the work the party's predecessor in interest had or could -give under the previous paragraph, plus a right to possession of the -Corresponding Source of the work from the predecessor in interest, if -the predecessor has it or can get it with reasonable efforts. - - You may not impose any further restrictions on the exercise of the -rights granted or affirmed under this License. For example, you may -not impose a license fee, royalty, or other charge for exercise of -rights granted under this License, and you may not initiate litigation -(including a cross-claim or counterclaim in a lawsuit) alleging that -any patent claim is infringed by making, using, selling, offering for -sale, or importing the Program or any portion of it. - - 11. Patents. - - A "contributor" is a copyright holder who authorizes use under this -License of the Program or a work on which the Program is based. The -work thus licensed is called the contributor's "contributor version". - - A contributor's "essential patent claims" are all patent claims -owned or controlled by the contributor, whether already acquired or -hereafter acquired, that would be infringed by some manner, permitted -by this License, of making, using, or selling its contributor version, -but do not include claims that would be infringed only as a -consequence of further modification of the contributor version. For -purposes of this definition, "control" includes the right to grant -patent sublicenses in a manner consistent with the requirements of -this License. - - Each contributor grants you a non-exclusive, worldwide, royalty-free -patent license under the contributor's essential patent claims, to -make, use, sell, offer for sale, import and otherwise run, modify and -propagate the contents of its contributor version. - - In the following three paragraphs, a "patent license" is any express -agreement or commitment, however denominated, not to enforce a patent -(such as an express permission to practice a patent or covenant not to -sue for patent infringement). To "grant" such a patent license to a -party means to make such an agreement or commitment not to enforce a -patent against the party. - - If you convey a covered work, knowingly relying on a patent license, -and the Corresponding Source of the work is not available for anyone -to copy, free of charge and under the terms of this License, through a -publicly available network server or other readily accessible means, -then you must either (1) cause the Corresponding Source to be so -available, or (2) arrange to deprive yourself of the benefit of the -patent license for this particular work, or (3) arrange, in a manner -consistent with the requirements of this License, to extend the patent -license to downstream recipients. "Knowingly relying" means you have -actual knowledge that, but for the patent license, your conveying the -covered work in a country, or your recipient's use of the covered work -in a country, would infringe one or more identifiable patents in that -country that you have reason to believe are valid. - - If, pursuant to or in connection with a single transaction or -arrangement, you convey, or propagate by procuring conveyance of, a -covered work, and grant a patent license to some of the parties -receiving the covered work authorizing them to use, propagate, modify -or convey a specific copy of the covered work, then the patent license -you grant is automatically extended to all recipients of the covered -work and works based on it. - - A patent license is "discriminatory" if it does not include within -the scope of its coverage, prohibits the exercise of, or is -conditioned on the non-exercise of one or more of the rights that are -specifically granted under this License. You may not convey a covered -work if you are a party to an arrangement with a third party that is -in the business of distributing software, under which you make payment -to the third party based on the extent of your activity of conveying -the work, and under which the third party grants, to any of the -parties who would receive the covered work from you, a discriminatory -patent license (a) in connection with copies of the covered work -conveyed by you (or copies made from those copies), or (b) primarily -for and in connection with specific products or compilations that -contain the covered work, unless you entered into that arrangement, -or that patent license was granted, prior to 28 March 2007. - - Nothing in this License shall be construed as excluding or limiting -any implied license or other defenses to infringement that may -otherwise be available to you under applicable patent law. - - 12. No Surrender of Others' Freedom. - - If conditions are imposed on you (whether by court order, agreement or -otherwise) that contradict the conditions of this License, they do not -excuse you from the conditions of this License. If you cannot convey a -covered work so as to satisfy simultaneously your obligations under this -License and any other pertinent obligations, then as a consequence you may -not convey it at all. For example, if you agree to terms that obligate you -to collect a royalty for further conveying from those to whom you convey -the Program, the only way you could satisfy both those terms and this -License would be to refrain entirely from conveying the Program. - - 13. Use with the GNU Affero General Public License. - - Notwithstanding any other provision of this License, you have -permission to link or combine any covered work with a work licensed -under version 3 of the GNU Affero General Public License into a single -combined work, and to convey the resulting work. The terms of this -License will continue to apply to the part which is the covered work, -but the special requirements of the GNU Affero General Public License, -section 13, concerning interaction through a network will apply to the -combination as such. - - 14. Revised Versions of this License. - - The Free Software Foundation may publish revised and/or new versions of -the GNU General Public License from time to time. Such new versions will -be similar in spirit to the present version, but may differ in detail to -address new problems or concerns. - - Each version is given a distinguishing version number. If the -Program specifies that a certain numbered version of the GNU General -Public License "or any later version" applies to it, you have the -option of following the terms and conditions either of that numbered -version or of any later version published by the Free Software -Foundation. If the Program does not specify a version number of the -GNU General Public License, you may choose any version ever published -by the Free Software Foundation. - - If the Program specifies that a proxy can decide which future -versions of the GNU General Public License can be used, that proxy's -public statement of acceptance of a version permanently authorizes you -to choose that version for the Program. - - Later license versions may give you additional or different -permissions. However, no additional obligations are imposed on any -author or copyright holder as a result of your choosing to follow a -later version. - - 15. Disclaimer of Warranty. - - THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY -APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT -HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY -OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, -THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR -PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM -IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF -ALL NECESSARY SERVICING, REPAIR OR CORRECTION. - - 16. Limitation of Liability. - - IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING -WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS -THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY -GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE -USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF -DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD -PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), -EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF -SUCH DAMAGES. - - 17. Interpretation of Sections 15 and 16. - - If the disclaimer of warranty and limitation of liability provided -above cannot be given local legal effect according to their terms, -reviewing courts shall apply local law that most closely approximates -an absolute waiver of all civil liability in connection with the -Program, unless a warranty or assumption of liability accompanies a -copy of the Program in return for a fee. - - END OF TERMS AND CONDITIONS - - How to Apply These Terms to Your New Programs - - If you develop a new program, and you want it to be of the greatest -possible use to the public, the best way to achieve this is to make it -free software which everyone can redistribute and change under these terms. - - To do so, attach the following notices to the program. It is safest -to attach them to the start of each source file to most effectively -state the exclusion of warranty; and each file should have at least -the "copyright" line and a pointer to where the full notice is found. - - - Copyright (C) - - This program is free software: you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation, either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see . - -Also add information on how to contact you by electronic and paper mail. - - If the program does terminal interaction, make it output a short -notice like this when it starts in an interactive mode: - - Copyright (C) - This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. - This is free software, and you are welcome to redistribute it - under certain conditions; type `show c' for details. - -The hypothetical commands `show w' and `show c' should show the appropriate -parts of the General Public License. Of course, your program's commands -might be different; for a GUI interface, you would use an "about box". - - You should also get your employer (if you work as a programmer) or school, -if any, to sign a "copyright disclaimer" for the program, if necessary. -For more information on this, and how to apply and follow the GNU GPL, see -. - - The GNU General Public License does not permit incorporating your program -into proprietary programs. If your program is a subroutine library, you -may consider it more useful to permit linking proprietary applications with -the library. If this is what you want to do, use the GNU Lesser General -Public License instead of this License. But first, please read -. +All files have SPDX headers that declare what license applies. The applicable +licenses are included in the code repository. diff -Nru lxc-4.0.2/debian/changelog lxc-4.0.6/debian/changelog --- lxc-4.0.2/debian/changelog 2020-04-16 19:52:36.000000000 +0000 +++ lxc-4.0.6/debian/changelog 2021-04-09 16:19:38.000000000 +0000 @@ -1,3 +1,117 @@ +lxc (1:4.0.6-0ubuntu1~20.04.1) focal; urgency=medium + + * Backport hirsute fixes to focal. (LP: #1923232) + + -- Serge Hallyn Fri, 09 Apr 2021 11:19:38 -0500 + +lxc (1:4.0.6-0ubuntu1) hirsute; urgency=medium + + * New upstream bugfix release (4.0.6): + - Improve handling for compatibility architectures for seccomp + - Harden seccomp notifier implementation + - Rework parsing of /proc//mountinfo to handle kernel regression + - Improve network device restoration + - Significantly cleanup and harden config file parsing + - Support new capabilities CAP_PERFORM, CAP_BPF, and CAP_CHECKPOINT_RESTORE + - Harden containers started without CAP_NET_ADMIN + * New upstream bugfix release (4.0.5): + - Support allocating PTS devices from within the container + - Harden more path/mount handling logics + - Rework LSM logic to limit initializer use + * Cherry-pick upstream fixes: + - 0002-commands-fix-check-for-seccomp-notify-support.patch + - 0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch + - 0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch + - 0005-cgroups-fix-cgroup-mounting.patch + - 0006-lsm-remove-obsolute-comment-about-constructor.patch + - 0007-lxc_attach-include-rexec-conditionally.patch + - 0008-tree-wide-fix-some-header-inclusions.patch + - 0009-initutils-fix-missing-includes.patch + - 0010-configure-support-static-binaries.patch + - 0011-autotools-enable-static-builds-for-tools.patch + - 0012-autotools-enable-static-builds-for-commands.patch + - 0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch + - 0014-config-update-ax_pthread.m4.patch + - 0015-configure-add-AC_SYS_LARGEFILE-checking.patch + - 0016-autotools-update-build.patch + - 0017-file_utils-introduce-read_file_at.patch + - 0018-string_utils-add-must_make_path_relative.patch + - 0019-cgroups-coding-style-fixes.patch + - 0020-cgroups-rework-cg_unified_init.patch + - 0021-cgroups-detect-and-record-cgroup2-freezer-support.patch + - 0022-criu-handle-cgroup2-freezer.patch + - 0023-mkdir-p-proc-sys-on-container-startup.patch + - 0024-conf-fix-coding-style.patch + - 0025-conf-coding-style-fixes.patch + - 0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch + - 0027-attach-invert-child-parent-handling.patch + - 0028-attach-use-__do_free-cleanup-macro-for-cwd.patch + - 0029-attach-tweak-logging.patch + - 0030-attach-use-__do_close-for-labelfd.patch + - 0031-attach-coding-style-fixes.patch + - 0032-attach-use-free_disarm.patch + - 0033-attach-s-attach_child_main-do_attach-g.patch + - 0034-attach-mark-do_attach-as-__noreturn.patch + - 0035-attach-make-do_attach-void.patch + - 0036-attach-use-close_prot_errno_disarm.patch + - 0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch + - 0038-cgroups-fix-cgroup-mounting.patch + - 0039-utils-fix-mount_at.patch + - 0040-configure-fix-static-builds-with-clang-12-and-LTO.patch + - 0041-cgroups-bpf-fixes.patch + - 0042-croups-improve-__do_bpf_program_free.patch + - 0043-cgroups-coding-style-fixes.patch + - 0044-cgroups-don-t-initiliaze-NULL-log.patch + - 0045-cgroups-ensure-all-memory-is-zeroed.patch + - 0046-cgroups-use-zalloc.patch + - 0047-cgroups-tweak-cgroup-initialization.patch + - 0048-log-remove-pointless-inline.patch + - 0049-log-add-lxc_log_get_fd.patch + - 0050-seccomp-use-lxc_log_get_fd.patch + - 0051-log-rework-lxc_log_get_level.patch + - 0052-seccomp-use-lxc_log_get_level.patch + - 0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch + - 0054-log-add-lxc_log_trace-helper.patch + - 0055-cgroups-use-PTR_TO_U64.patch + - 0056-cgroups-align-methods.patch + - 0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch + - 0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch + - 0059-attach-fix-logging-for-stdfd-replacement.patch + - 0060-attach-fix-error-checking-for-dup2.patch + - 0061-cgroups-initialize-variable.patch + - 0062-commands_utils-don-t-leak-memory.patch + - 0063-conf-use-lxc_log_trace.patch + - 0064-confile_utils-use-lxc_log_trace.patch + - 0065-rexec-check-lseek-return-value.patch + + -- Stéphane Graber Thu, 11 Feb 2021 16:34:13 -0500 + +lxc (1:4.0.4-0ubuntu3) groovy; urgency=medium + + * Cherry-pick upstream bugfix: + - cgroups: fix armhf builds + + -- Stéphane Graber Tue, 25 Aug 2020 09:45:30 -0400 + +lxc (1:4.0.4-0ubuntu2) groovy; urgency=medium + + * Cherry-pick upstream bugfix: + - cgfsng: fix cgroup attach cgroup creation + + -- Stéphane Graber Fri, 21 Aug 2020 14:09:35 -0400 + +lxc (1:4.0.4-0ubuntu1) groovy; urgency=medium + + * New upstream bugfix release (4.0.4): + - Support for new Linux clone flags (clone into cgroup) + - Support for new Linux VFS system calls + - Internal symbols are now properly hidden from external consumers + * New upstream bugfix release (4.0.3): + - Improvement to cgroupv1/cgroupv2 handling + - Various improvements and tests for lxc-usernsexec + + -- Stéphane Graber Thu, 20 Aug 2020 18:07:53 -0400 + lxc (1:4.0.2-0ubuntu1) focal; urgency=medium * New ypstream bugfix release (4.0.2): diff -Nru lxc-4.0.2/debian/.git-dpm lxc-4.0.6/debian/.git-dpm --- lxc-4.0.2/debian/.git-dpm 2020-04-16 19:41:29.000000000 +0000 +++ lxc-4.0.6/debian/.git-dpm 2021-02-11 21:34:03.000000000 +0000 @@ -1,9 +1,9 @@ # see git-dpm(1) from git-dpm package -517cfedcd50ec689d360b52354439b90be9e40a0 -517cfedcd50ec689d360b52354439b90be9e40a0 -94e7613949b98ecbd766e77f115704a1965c78ef -94e7613949b98ecbd766e77f115704a1965c78ef -lxc_4.0.2.orig.tar.gz -7a9176a307291b2f2043f16837a8eec3cfa6a468 -1352667 -signature:06178d89db5e19558182dc084fc5afd86683bf65:833:lxc_4.0.2.orig.tar.gz.asc +5f8095d301962220f011e8b17b3b7d07cd487a95 +5f8095d301962220f011e8b17b3b7d07cd487a95 +7179bea0a3f6878a27d93567ccf858a8dbecff1d +7179bea0a3f6878a27d93567ccf858a8dbecff1d +lxc_4.0.6.orig.tar.gz +43b0bd4fe5a0409d9c790f308dc63172ba6c4ba8 +1363162 +signature:6fe3a293f6faf51d206df58eb8474eaa9bc9481a:833:lxc_4.0.6.orig.tar.gz.asc diff -Nru lxc-4.0.2/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch lxc-4.0.6/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch --- lxc-4.0.2/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2020-04-16 19:41:29.000000000 +0000 +++ lxc-4.0.6/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2021-02-11 21:34:01.000000000 +0000 @@ -1,4 +1,4 @@ -From 517cfedcd50ec689d360b52354439b90be9e40a0 Mon Sep 17 00:00:00 2001 +From 07d602eee7e78d65aa3289fe75e2ebd67f9d85e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Tue, 3 Nov 2015 11:42:58 -0500 Subject: Allocate new lxcbr0 subnet at startup time @@ -8,7 +8,7 @@ 1 file changed, 91 insertions(+), 9 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in -index df9f1181d..6837be196 100644 +index 999f42cc5..a2170cd99 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -24,6 +24,85 @@ LXC_IPV6_MASK="" diff -Nru lxc-4.0.2/debian/patches/0002-commands-fix-check-for-seccomp-notify-support.patch lxc-4.0.6/debian/patches/0002-commands-fix-check-for-seccomp-notify-support.patch --- lxc-4.0.2/debian/patches/0002-commands-fix-check-for-seccomp-notify-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0002-commands-fix-check-for-seccomp-notify-support.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,39 @@ +From 2e9a9a3ccd15209d13a0fca430bea62aeef41dc8 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Fri, 25 Dec 2020 13:54:14 -0300 +Subject: commands: fix check for seccomp notify support + +Use HAVE_SECCOMP_NOTIFY instead of HAVE_DECL_SECCOMP_NOTIFY_FD. +Currently the latter will be true if the declaration is found by +configure, even if 'configure --disable-seccomp' is used. + +HAVE_SECCOMP_NOTIFY is defined in lxcseccomp.h if both HAVE_SECCOMP and +HAVE_DECL_SECCOMP_NOTIFY_FD are true, which is the correct behavior. + +Signed-off-by: Eneas U de Queiroz +--- + src/lxc/commands.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/commands.c b/src/lxc/commands.c +index 3046587c7..f7065ac70 100644 +--- a/src/lxc/commands.c ++++ b/src/lxc/commands.c +@@ -501,7 +501,7 @@ static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, + + int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) + { +-#if HAVE_DECL_SECCOMP_NOTIFY_FD ++#ifdef HAVE_SECCOMP_NOTIFY + int ret, stopped; + struct lxc_cmd_rr cmd = { + .req = { +@@ -526,7 +526,7 @@ static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *re + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) + { +-#if HAVE_DECL_SECCOMP_NOTIFY_FD ++#ifdef HAVE_SECCOMP_NOTIFY + struct lxc_cmd_rsp rsp = { + .ret = 0, + }; diff -Nru lxc-4.0.2/debian/patches/0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch lxc-4.0.6/debian/patches/0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch --- lxc-4.0.2/debian/patches/0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,48 @@ +From 1dee5965f00d05ec5d46f6c2ceefcd196b630df9 Mon Sep 17 00:00:00 2001 +From: Eneas U de Queiroz +Date: Sat, 16 Jan 2021 13:54:07 -0300 +Subject: configure: skip libseccomp tests if it is disabled + +Move the block checking for libseccomp api compatibility inside +AM_COND_IF([ENABLE_SECCOMP] ... ). + +Signed-off-by: Eneas U de Queiroz +--- + configure.ac | 17 ++++++++--------- + 1 file changed, 8 insertions(+), 9 deletions(-) + +diff --git a/configure.ac b/configure.ac +index d32fecc06..c3077c0e8 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -312,6 +312,14 @@ AM_COND_IF([ENABLE_SECCOMP], + AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) + AC_SUBST([SECCOMP_LIBS], [-lseccomp]) + ]) ++ # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 ++ OLD_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $SECCOMP_CFLAGS" ++ AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) ++ AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) ++ AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include ]]) ++ AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) ++ CFLAGS="$OLD_CFLAGS" + ]) + + AC_MSG_CHECKING(for static libcap) +@@ -359,15 +367,6 @@ AM_COND_IF([ENABLE_CAP], + AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) + AC_SUBST([CAP_LIBS], [-lcap])]) + +-# HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 +-OLD_CFLAGS="$CFLAGS" +-CFLAGS="$CFLAGS $SECCOMP_CFLAGS" +-AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) +-AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) +-AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include ]]) +-AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) +-CFLAGS="$OLD_CFLAGS" +- + AC_CHECK_HEADERS([linux/bpf.h], [ + AC_CHECK_TYPES([struct bpf_cgroup_dev_ctx], [], [], [[#include ]]) + ], [], []) diff -Nru lxc-4.0.2/debian/patches/0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch lxc-4.0.6/debian/patches/0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch --- lxc-4.0.2/debian/patches/0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,89 @@ +From 81d5b40d541d32cecd3e2f3213ffea8e32b2bb21 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 11:41:11 +0100 +Subject: conf: fix containers retaining CAP_NET_ADMIN + +Fixes: #3627 +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 2 +- + src/lxc/conf.c | 34 +++++++++++++++++----------------- + src/lxc/conf.h | 4 ++-- + 3 files changed, 20 insertions(+), 20 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 303c2f6ab..acc64a778 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -1831,7 +1831,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, + } + + if (!wants_force_mount) { +- wants_force_mount = lxc_wants_cap(CAP_SYS_ADMIN, handler->conf); ++ wants_force_mount = !lxc_wants_cap(CAP_SYS_ADMIN, handler->conf); + + /* + * Most recent distro versions currently have init system that +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index ae4972551..d9217a6e1 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -620,24 +620,24 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + * it's busy... MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for + * kernels as low as 2.6.32... + */ +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, false }, + /* proc/tty is used as a temporary placeholder for proc/sys/net which we'll move back in a few steps */ +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL, 1 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL, 0 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL, 1 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL, 0 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, +- { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL, 0 }, +- { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL, 0 }, +- { 0, 0, NULL, NULL, NULL, 0, NULL, 0 } ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL, true }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL, false }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, false }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL, true }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL, false }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, false }, ++ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL, false }, ++ { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL, false }, ++ { 0, 0, NULL, NULL, NULL, 0, NULL, false } + }; + + bool has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); +diff --git a/src/lxc/conf.h b/src/lxc/conf.h +index 664533b8e..28b679fff 100644 +--- a/src/lxc/conf.h ++++ b/src/lxc/conf.h +@@ -509,9 +509,9 @@ static inline bool lxc_wants_cap(int cap, struct lxc_conf *conf) + return false; + + if (!lxc_list_empty(&conf->keepcaps)) +- return !in_caplist(cap, &conf->keepcaps); ++ return in_caplist(cap, &conf->keepcaps); + +- return in_caplist(cap, &conf->caps); ++ return !in_caplist(cap, &conf->caps); + } + + __hidden extern int setup_sysctl_parameters(struct lxc_list *sysctls); diff -Nru lxc-4.0.2/debian/patches/0005-cgroups-fix-cgroup-mounting.patch lxc-4.0.6/debian/patches/0005-cgroups-fix-cgroup-mounting.patch --- lxc-4.0.2/debian/patches/0005-cgroups-fix-cgroup-mounting.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0005-cgroups-fix-cgroup-mounting.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,67 @@ +From df308cd9aaf9d13031c5a1d992d2267d239cefaa Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 12:17:56 +0100 +Subject: cgroups: fix cgroup mounting + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 14 +++++++++++--- + src/lxc/cgroups/cgroup.h | 1 + + src/lxc/utils.c | 2 +- + 3 files changed, 13 insertions(+), 4 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index acc64a778..001bd4d51 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -1870,13 +1870,21 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, + return cg_mount_cgroup_full(type, ops->unified, cgroup_root) == 0; + } + +- /* mount tmpfs */ +- ret = safe_mount_beneath(root, NULL, DEFAULT_CGROUP_MOUNTPOINT, "tmpfs", ++ /* ++ * Mount a tmpfs over DEFAULT_CGROUP_MOUNTPOINT. Note that we're ++ * relying on RESOLVE_BENEATH so we need to skip the leading "/" in the ++ * DEFAULT_CGROUP_MOUNTPOINT define. ++ */ ++ ret = safe_mount_beneath(root, NULL, ++ DEFAULT_CGROUP_MOUNTPOINT_RELATIVE, ++ "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, + "size=10240k,mode=755"); + if (ret < 0) { + if (errno != ENOSYS) +- return false; ++ return log_error_errno(false, errno, ++ "Failed to mount tmpfs on %s", ++ DEFAULT_CGROUP_MOUNTPOINT); + + ret = safe_mount(NULL, cgroup_root, "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, +diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h +index 7dec05a5c..b8a4d0f5b 100644 +--- a/src/lxc/cgroups/cgroup.h ++++ b/src/lxc/cgroups/cgroup.h +@@ -11,6 +11,7 @@ + #include "macro.h" + #include "memory_utils.h" + ++#define DEFAULT_CGROUP_MOUNTPOINT_RELATIVE "sys/fs/cgroup" + #define DEFAULT_CGROUP_MOUNTPOINT "/sys/fs/cgroup" + #define DEFAULT_PAYLOAD_CGROUP_PREFIX "lxc.payload." + #define DEFAULT_MONITOR_CGROUP_PREFIX "lxc.monitor." +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index 2ea54f7b3..7d813957a 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -1103,7 +1103,7 @@ int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, co + + target_fd = openat2(beneath_fd, dst, &how, sizeof(how)); + if (target_fd < 0) +- return -errno; ++ return log_error_errno(-errno, errno, "Failed to open %d(%s)", beneath_fd, dst); + ret = snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd); + if (ret < 0 || ret >= sizeof(tgt_buf)) + return -EIO; diff -Nru lxc-4.0.2/debian/patches/0006-lsm-remove-obsolute-comment-about-constructor.patch lxc-4.0.6/debian/patches/0006-lsm-remove-obsolute-comment-about-constructor.patch --- lxc-4.0.2/debian/patches/0006-lsm-remove-obsolute-comment-about-constructor.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0006-lsm-remove-obsolute-comment-about-constructor.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,27 @@ +From 3cba7c67d5666d2e8567d10379372f0627f520e5 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 13:21:54 +0100 +Subject: lsm: remove obsolute comment about constructor + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/lsm/apparmor.c | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c +index b09d47090..21945b826 100644 +--- a/src/lxc/lsm/apparmor.c ++++ b/src/lxc/lsm/apparmor.c +@@ -523,11 +523,6 @@ static inline char *apparmor_namespace(const char *ctname, const char *lxcpath) + return full; + } + +-/* TODO: This is currently run only in the context of a constructor (via the +- * initial lsm_init() called due to its __attribute__((constructor)), so we +- * do not have ERROR/... macros available, so there are some fprintf(stderr)s +- * in there. +- */ + static bool check_apparmor_parser_version(struct lsm_ops *ops) + { + int major = 0, minor = 0, micro = 0, ret = 0; diff -Nru lxc-4.0.2/debian/patches/0007-lxc_attach-include-rexec-conditionally.patch lxc-4.0.6/debian/patches/0007-lxc_attach-include-rexec-conditionally.patch --- lxc-4.0.2/debian/patches/0007-lxc_attach-include-rexec-conditionally.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0007-lxc_attach-include-rexec-conditionally.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,25 @@ +From acd1e121a7452118a073f9bf13484240e1a1a64e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 13:30:52 +0100 +Subject: lxc_attach: include rexec conditionally + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/tools/lxc_attach.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/lxc/tools/lxc_attach.c b/src/lxc/tools/lxc_attach.c +index a8f493aa7..6d322ba0a 100644 +--- a/src/lxc/tools/lxc_attach.c ++++ b/src/lxc/tools/lxc_attach.c +@@ -23,7 +23,9 @@ + #include "config.h" + #include "confile.h" + #include "log.h" ++#ifdef ENFORCE_MEMFD_REXEC + #include "rexec.h" ++#endif + #include "utils.h" + + lxc_log_define(lxc_attach, lxc); diff -Nru lxc-4.0.2/debian/patches/0008-tree-wide-fix-some-header-inclusions.patch lxc-4.0.6/debian/patches/0008-tree-wide-fix-some-header-inclusions.patch --- lxc-4.0.2/debian/patches/0008-tree-wide-fix-some-header-inclusions.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0008-tree-wide-fix-some-header-inclusions.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,61 @@ +From a13633091833357a95ccab3e3e9c64378d2f742c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 14:31:08 +0100 +Subject: tree-wide: fix some header inclusions + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/commands.c | 2 +- + src/lxc/conf.c | 4 ++-- + src/lxc/confile.c | 2 +- + 3 files changed, 4 insertions(+), 4 deletions(-) + +diff --git a/src/lxc/commands.c b/src/lxc/commands.c +index f7065ac70..603516a33 100644 +--- a/src/lxc/commands.c ++++ b/src/lxc/commands.c +@@ -17,7 +17,7 @@ + #include + + #include "af_unix.h" +-#include "cgroup.h" ++#include "cgroups/cgroup.h" + #include "cgroups/cgroup2_devices.h" + #include "commands.h" + #include "commands_utils.h" +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index d9217a6e1..e0f2dfc47 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -35,7 +35,7 @@ + + #include "af_unix.h" + #include "caps.h" +-#include "cgroup.h" ++#include "cgroups/cgroup.h" + #include "conf.h" + #include "config.h" + #include "confile.h" +@@ -54,7 +54,7 @@ + #include "process_utils.h" + #include "ringbuf.h" + #include "start.h" +-#include "storage.h" ++#include "storage/storage.h" + #include "storage/overlay.h" + #include "syscall_wrappers.h" + #include "terminal.h" +diff --git a/src/lxc/confile.c b/src/lxc/confile.c +index da0da5ff9..b69ab3ad2 100644 +--- a/src/lxc/confile.c ++++ b/src/lxc/confile.c +@@ -35,7 +35,7 @@ + #include "memory_utils.h" + #include "network.h" + #include "parse.h" +-#include "storage.h" ++#include "storage/storage.h" + #include "utils.h" + + #if HAVE_SYS_PERSONALITY_H diff -Nru lxc-4.0.2/debian/patches/0009-initutils-fix-missing-includes.patch lxc-4.0.6/debian/patches/0009-initutils-fix-missing-includes.patch --- lxc-4.0.2/debian/patches/0009-initutils-fix-missing-includes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0009-initutils-fix-missing-includes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,24 @@ +From b9c4f79065c5c94226cf6c1b445cfdafacb8a1ad Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 17:56:14 +0100 +Subject: initutils: fix missing includes + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/initutils.h | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/lxc/initutils.h b/src/lxc/initutils.h +index 74cbb8566..d7b6fc446 100644 +--- a/src/lxc/initutils.h ++++ b/src/lxc/initutils.h +@@ -15,6 +15,8 @@ + #include + #include + ++#include "config.h" ++#include "cgroups/cgroup.h" + #include "compiler.h" + #include "string_utils.h" + diff -Nru lxc-4.0.2/debian/patches/0010-configure-support-static-binaries.patch lxc-4.0.6/debian/patches/0010-configure-support-static-binaries.patch --- lxc-4.0.2/debian/patches/0010-configure-support-static-binaries.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0010-configure-support-static-binaries.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,53 @@ +From 8750bfd3f20f880b9389d479cd3a6d38dc952f73 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 19:16:06 +0100 +Subject: configure: support static binaries + +Including openssl handling. + +Signed-off-by: Christian Brauner +--- + configure.ac | 14 +++++++++++++- + 1 file changed, 13 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index c3077c0e8..34f3ba31e 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -278,9 +278,14 @@ if test "$enable_openssl" = "auto" ; then + fi + AM_CONDITIONAL([ENABLE_OPENSSL], [test "x$enable_openssl" = "xyes"]) + ++AC_ARG_ENABLE([static-binaries], ++ [AS_HELP_STRING([--enable-static-binaries], [build all binaries statically [default=no]])], ++ [enable_static_binaries=$enableval], [enable_static_binaries=no]) ++AM_CONDITIONAL([ENABLE_STATIC_BINARIES], [test "x$enable_static_binaries" = "xyes"]) ++ + AM_COND_IF([ENABLE_OPENSSL], + [AC_CHECK_HEADER([openssl/engine.h],[],[AC_MSG_ERROR([You must install the OpenSSL development package in order to compile lxc])]) +- AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto')]) ++ AM_COND_IF([ENABLE_STATIC_BINARIES], [AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto -ldl')], [AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto')])]) + + # SELinux + AC_ARG_ENABLE([selinux], +@@ -433,6 +438,11 @@ AC_ARG_ENABLE([commands], + [enable_commands=$enableval], [enable_commands=yes]) + AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"]) + ++AC_ARG_ENABLE([static-binaries], ++ [AS_HELP_STRING([--enable-static-binaries], [build all binaries statically [default=no]])], ++ [enable_static_binaries=$enableval], [enable_static_binaries=no]) ++AM_CONDITIONAL([ENABLE_STATIC_BINARIES], [test "x$enable_static_binaries" = "xyes"]) ++ + # Build with ASAN commands + AC_ARG_ENABLE([asan], + [AS_HELP_STRING([--enable-asan], [build with address sanitizer enabled [default=no]])], +@@ -1040,6 +1050,8 @@ Binaries + - lxc-user-nic: $enable_commands + - lxc-usernsexec: $enable_commands + ++ - static binaries: $enable_static_binaries ++ + Environment: + - compiler: $CC + - distribution: $with_distro diff -Nru lxc-4.0.2/debian/patches/0011-autotools-enable-static-builds-for-tools.patch lxc-4.0.6/debian/patches/0011-autotools-enable-static-builds-for-tools.patch --- lxc-4.0.2/debian/patches/0011-autotools-enable-static-builds-for-tools.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0011-autotools-enable-static-builds-for-tools.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,1718 @@ +From 51f7bfdd4da8432b6871b575e399c217e87e49a3 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 19:30:45 +0100 +Subject: autotools: enable static builds for tools + +Signed-off-by: Christian Brauner +--- + src/lxc/Makefile.am | 1569 +++++++++++++++++++++++-------------------- + 1 file changed, 850 insertions(+), 719 deletions(-) + +diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am +index baa624ac9..a6922ce76 100644 +--- a/src/lxc/Makefile.am ++++ b/src/lxc/Makefile.am +@@ -331,209 +331,13 @@ LDADD = liblxc.la \ + + if ENABLE_TOOLS + lxc_attach_SOURCES = tools/lxc_attach.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- rexec.c rexec.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_attach_SOURCES += seccomp.c lxcseccomp.h +-endif +- +-lxc_autostart_SOURCES = tools/lxc_autostart.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_autostart_SOURCES += seccomp.c lxcseccomp.h +-endif +- +-lxc_cgroup_SOURCES = tools/lxc_cgroup.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h +-endif +- +-lxc_config_SOURCES = tools/lxc_config.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_config_SOURCES += seccomp.c lxcseccomp.h +-endif ++ tools/arguments.c tools/arguments.h + +-lxc_console_SOURCES = tools/lxc_console.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++if ENABLE_STATIC_BINARIES ++lxc_attach_SOURCES += $(liblxc_la_SOURCES) ++lxc_attach_LDFLAGS = -all-static -pthread ++else ++lxc_attach_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -557,6 +361,7 @@ lxc_console_SOURCES = tools/lxc_console.c \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ ++ rexec.c rexec.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ +@@ -578,12 +383,74 @@ lxc_console_SOURCES = tools/lxc_console.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_console_SOURCES += seccomp.c lxcseccomp.h ++lxc_attach_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_destroy_SOURCES = tools/lxc_destroy.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++lxc_autostart_SOURCES = tools/lxc_autostart.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_autostart_SOURCES += $(liblxc_la_SOURCES) ++lxc_autostart_LDFLAGS = -all-static -pthread ++else ++lxc_autostart_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_autostart_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_cgroup_SOURCES = tools/lxc_cgroup.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_cgroup_SOURCES += $(liblxc_la_SOURCES) ++lxc_cgroup_LDFLAGS = -all-static -pthread ++else ++lxc_cgroup_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -628,62 +495,18 @@ lxc_destroy_SOURCES = tools/lxc_destroy.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_destroy_SOURCES += seccomp.c lxcseccomp.h ++lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_device_SOURCES = tools/lxc_device.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_device_SOURCES += seccomp.c lxcseccomp.h +-endif ++lxc_config_SOURCES = tools/lxc_config.c \ ++ tools/arguments.c tools/arguments.h + +-lxc_execute_SOURCES = tools/lxc_execute.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++if ENABLE_STATIC_BINARIES ++lxc_config_SOURCES += $(liblxc_la_SOURCES) ++lxc_config_LDFLAGS = -all-static -pthread ++else ++lxc_config_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -728,112 +551,130 @@ lxc_execute_SOURCES = tools/lxc_execute.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_execute_SOURCES += seccomp.c lxcseccomp.h ++lxc_config_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_freeze_SOURCES = tools/lxc_freeze.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_console_SOURCES = tools/lxc_console.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_console_SOURCES += $(liblxc_la_SOURCES) ++lxc_console_LDFLAGS = -all-static -pthread ++else ++lxc_console_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_freeze_SOURCES += seccomp.c lxcseccomp.h ++lxc_console_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_info_SOURCES = tools/lxc_info.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_destroy_SOURCES = tools/lxc_destroy.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_destroy_SOURCES += $(liblxc_la_SOURCES) ++lxc_destroy_LDFLAGS = -all-static -pthread ++else ++lxc_destroy_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_info_SOURCES += seccomp.c lxcseccomp.h ++lxc_destroy_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_monitor_SOURCES = tools/lxc_monitor.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++lxc_device_SOURCES = tools/lxc_device.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_device_SOURCES += $(liblxc_la_SOURCES) ++lxc_device_LDFLAGS = -all-static -pthread ++else ++lxc_device_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -850,7 +691,6 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ +- macro.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ +@@ -879,113 +719,130 @@ lxc_monitor_SOURCES = tools/lxc_monitor.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_monitor_SOURCES += seccomp.c lxcseccomp.h ++lxc_device_SOURCES += seccomp.c lxcseccomp.h + endif +- +-lxc_ls_SOURCES = tools/lxc_ls.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- memory_utils.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_ls_SOURCES += seccomp.c lxcseccomp.h + endif + +-lxc_copy_SOURCES = tools/lxc_copy.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_execute_SOURCES = tools/lxc_execute.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_execute_SOURCES += $(liblxc_la_SOURCES) ++lxc_execute_LDFLAGS = -all-static -pthread ++else ++lxc_execute_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_copy_SOURCES += seccomp.c lxcseccomp.h ++lxc_execute_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_start_SOURCES = tools/lxc_start.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++lxc_freeze_SOURCES = tools/lxc_freeze.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_freeze_SOURCES += $(liblxc_la_SOURCES) ++lxc_freeze_LDFLAGS = -all-static -pthread ++else ++lxc_freeze_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_freeze_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_info_SOURCES = tools/lxc_info.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_info_SOURCES += $(liblxc_la_SOURCES) ++lxc_info_LDFLAGS = -all-static -pthread ++else ++lxc_info_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -1030,62 +887,75 @@ lxc_start_SOURCES = tools/lxc_start.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_start_SOURCES += seccomp.c lxcseccomp.h ++lxc_info_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_stop_SOURCES = tools/lxc_stop.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_monitor_SOURCES = tools/lxc_monitor.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_monitor_SOURCES += $(liblxc_la_SOURCES) ++lxc_monitor_LDFLAGS = -all-static -pthread ++else ++lxc_monitor_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ macro.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_stop_SOURCES += seccomp.c lxcseccomp.h ++lxc_monitor_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_top_SOURCES = tools/lxc_top.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++lxc_ls_SOURCES = tools/lxc_ls.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_ls_SOURCES += $(liblxc_la_SOURCES) ++lxc_ls_LDFLAGS = -all-static -pthread ++else ++lxc_ls_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -1103,6 +973,7 @@ lxc_top_SOURCES = tools/lxc_top.c \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ ++ memory_utils.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ +@@ -1130,20 +1001,306 @@ lxc_top_SOURCES = tools/lxc_top.c \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_top_SOURCES += seccomp.c lxcseccomp.h ++lxc_ls_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ ++lxc_copy_SOURCES = tools/lxc_copy.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_copy_SOURCES += $(liblxc_la_SOURCES) ++lxc_copy_LDFLAGS = -all-static -pthread ++else ++lxc_copy_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_copy_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_start_SOURCES = tools/lxc_start.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_start_SOURCES += $(liblxc_la_SOURCES) ++lxc_start_LDFLAGS = -all-static -pthread ++else ++lxc_start_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_start_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_stop_SOURCES = tools/lxc_stop.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_stop_SOURCES += $(liblxc_la_SOURCES) ++lxc_stop_LDFLAGS = -all-static -pthread ++else ++lxc_stop_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_stop_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_top_SOURCES = tools/lxc_top.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_top_SOURCES += $(liblxc_la_SOURCES) ++lxc_top_LDFLAGS = -all-static -pthread ++else ++lxc_top_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_top_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_unfreeze_SOURCES += $(liblxc_la_SOURCES) ++lxc_unfreeze_LDFLAGS = -all-static -pthread ++else ++lxc_unfreeze_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_unshare_SOURCES = tools/lxc_unshare.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_unshare_SOURCES += $(liblxc_la_SOURCES) ++lxc_unshare_LDFLAGS = -all-static -pthread ++else ++lxc_unshare_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ +@@ -1175,17 +1332,81 @@ lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ ++ syscall_numbers.h \ ++ syscall_wrappers.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h ++lxc_unshare_SOURCES += seccomp.c lxcseccomp.h ++endif ++endif ++ ++lxc_wait_SOURCES = tools/lxc_wait.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_wait_SOURCES += $(liblxc_la_SOURCES) ++lxc_wait_LDFLAGS = -all-static -pthread ++else ++lxc_wait_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) ++if ENABLE_SECCOMP ++lxc_wait_SOURCES += seccomp.c lxcseccomp.h ++endif + endif + +-lxc_unshare_SOURCES = tools/lxc_unshare.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ ++lxc_create_SOURCES = tools/lxc_create.c \ ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_create_SOURCES += $(liblxc_la_SOURCES) ++lxc_create_LDFLAGS = -all-static -pthread ++else ++lxc_create_SOURCES += af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ +@@ -1225,216 +1446,126 @@ lxc_unshare_SOURCES = tools/lxc_unshare.c \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ +- syscall_numbers.h \ +- syscall_wrappers.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) + if ENABLE_SECCOMP +-lxc_unshare_SOURCES += seccomp.c lxcseccomp.h +-endif +- +-lxc_wait_SOURCES = tools/lxc_wait.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP +-lxc_wait_SOURCES += seccomp.c lxcseccomp.h +-endif +- +-lxc_create_SOURCES = tools/lxc_create.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) +-if ENABLE_SECCOMP + lxc_create_SOURCES += seccomp.c lxcseccomp.h + endif ++endif + + lxc_snapshot_SOURCES = tools/lxc_snapshot.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_snapshot_SOURCES += $(liblxc_la_SOURCES) ++lxc_snapshot_LDFLAGS = -all-static -pthread ++else ++lxc_snapshot_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP + lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h + endif ++endif + + lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \ +- tools/arguments.c tools/arguments.h \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++ tools/arguments.c tools/arguments.h ++ ++if ENABLE_STATIC_BINARIES ++lxc_checkpoint_SOURCES += $(liblxc_la_SOURCES) ++lxc_checkpoint_LDFLAGS = -all-static -pthread ++else ++lxc_checkpoint_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP + lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h + endif +- ++endif + endif + + if ENABLE_COMMANDS diff -Nru lxc-4.0.2/debian/patches/0012-autotools-enable-static-builds-for-commands.patch lxc-4.0.6/debian/patches/0012-autotools-enable-static-builds-for-commands.patch --- lxc-4.0.2/debian/patches/0012-autotools-enable-static-builds-for-commands.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0012-autotools-enable-static-builds-for-commands.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,337 @@ +From db2eb462c37f93e837d49bc047996347d4d9002c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 22 Jan 2021 15:38:18 +0100 +Subject: autotools: enable static builds for commands + +Signed-off-by: Christian Brauner +--- + src/lxc/Makefile.am | 304 +++++++++++++++++++++++--------------------- + 1 file changed, 161 insertions(+), 143 deletions(-) + +diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am +index a6922ce76..4f564bb41 100644 +--- a/src/lxc/Makefile.am ++++ b/src/lxc/Makefile.am +@@ -1583,161 +1583,179 @@ init_lxc_SOURCES = cmd/lxc_init.c \ + string_utils.c string_utils.h + init_lxc_LDFLAGS = -pthread + +-lxc_monitord_SOURCES = cmd/lxc_monitord.c \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- syscall_numbers.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_monitord_SOURCES = cmd/lxc_monitord.c ++ ++if ENABLE_STATIC_BINARIES ++lxc_monitord_SOURCES += $(liblxc_la_SOURCES) ++lxc_monitord_LDFLAGS = -all-static -pthread ++else ++lxc_monitord_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ syscall_numbers.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP + lxc_monitord_SOURCES += seccomp.c lxcseccomp.h + endif ++endif + +-lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- mainloop.c mainloop.h \ +- memory_utils.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- syscall_numbers.h \ +- syscall_wrappers.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_user_nic_SOURCES = cmd/lxc_user_nic.c ++ ++if ENABLE_STATIC_BINARIES ++lxc_user_nic_SOURCES += $(liblxc_la_SOURCES) ++lxc_user_nic_LDFLAGS = -all-static -pthread ++else ++lxc_user_nic_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ mainloop.c mainloop.h \ ++ memory_utils.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ syscall_numbers.h \ ++ syscall_wrappers.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP + lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h + endif ++endif + +-lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \ +- af_unix.c af_unix.h \ +- caps.c caps.h \ +- cgroups/cgfsng.c \ +- cgroups/cgroup.c cgroups/cgroup.h \ +- cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ +- cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ +- commands.c commands.h \ +- commands_utils.c commands_utils.h \ +- conf.c conf.h \ +- confile.c confile.h \ +- confile_utils.c confile_utils.h \ +- error.c error.h \ +- file_utils.c file_utils.h \ +- ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ +- initutils.c initutils.h \ +- list.h \ +- log.c log.h \ +- lxclock.c lxclock.h \ +- macro.h \ +- mainloop.c mainloop.h \ +- memory_utils.h \ +- monitor.c monitor.h \ +- namespace.c namespace.h \ +- network.c network.h \ +- nl.c nl.h \ +- parse.c parse.h \ +- process_utils.c process_utils.h \ +- ringbuf.c ringbuf.h \ +- start.c start.h \ +- state.c state.h \ +- storage/btrfs.c storage/btrfs.h \ +- storage/dir.c storage/dir.h \ +- storage/loop.c storage/loop.h \ +- storage/lvm.c storage/lvm.h \ +- storage/nbd.c storage/nbd.h \ +- storage/overlay.c storage/overlay.h \ +- storage/rbd.c storage/rbd.h \ +- storage/rsync.c storage/rsync.h \ +- storage/storage.c storage/storage.h \ +- storage/storage_utils.c storage/storage_utils.h \ +- storage/zfs.c storage/zfs.h \ +- string_utils.c string_utils.h \ +- sync.c sync.h \ +- syscall_wrappers.h \ +- terminal.c terminal.h \ +- utils.c utils.h \ +- uuid.c uuid.h \ +- $(LSM_SOURCES) ++lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c ++ ++if ENABLE_STATIC_BINARIES ++lxc_usernsexec_SOURCES += $(liblxc_la_SOURCES) ++lxc_usernsexec_LDFLAGS = -all-static -pthread ++else ++lxc_usernsexec_SOURCES += af_unix.c af_unix.h \ ++ caps.c caps.h \ ++ cgroups/cgfsng.c \ ++ cgroups/cgroup.c cgroups/cgroup.h \ ++ cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ ++ cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ ++ commands.c commands.h \ ++ commands_utils.c commands_utils.h \ ++ conf.c conf.h \ ++ confile.c confile.h \ ++ confile_utils.c confile_utils.h \ ++ error.c error.h \ ++ file_utils.c file_utils.h \ ++ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ ++ initutils.c initutils.h \ ++ list.h \ ++ log.c log.h \ ++ lxclock.c lxclock.h \ ++ macro.h \ ++ mainloop.c mainloop.h \ ++ memory_utils.h \ ++ monitor.c monitor.h \ ++ namespace.c namespace.h \ ++ network.c network.h \ ++ nl.c nl.h \ ++ parse.c parse.h \ ++ process_utils.c process_utils.h \ ++ ringbuf.c ringbuf.h \ ++ start.c start.h \ ++ state.c state.h \ ++ storage/btrfs.c storage/btrfs.h \ ++ storage/dir.c storage/dir.h \ ++ storage/loop.c storage/loop.h \ ++ storage/lvm.c storage/lvm.h \ ++ storage/nbd.c storage/nbd.h \ ++ storage/overlay.c storage/overlay.h \ ++ storage/rbd.c storage/rbd.h \ ++ storage/rsync.c storage/rsync.h \ ++ storage/storage.c storage/storage.h \ ++ storage/storage_utils.c storage/storage_utils.h \ ++ storage/zfs.c storage/zfs.h \ ++ string_utils.c string_utils.h \ ++ sync.c sync.h \ ++ syscall_wrappers.h \ ++ terminal.c terminal.h \ ++ utils.c utils.h \ ++ uuid.c uuid.h \ ++ $(LSM_SOURCES) + if ENABLE_SECCOMP + lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h + endif + endif ++endif + + + if ENABLE_TOOLS diff -Nru lxc-4.0.2/debian/patches/0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch lxc-4.0.6/debian/patches/0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch --- lxc-4.0.2/debian/patches/0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,139 @@ +From 298b4d29b2f1d476cc1fcbfc83ad8021aff30176 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sun, 24 Jan 2021 22:19:34 +0100 +Subject: tree-wide: fix compilation with-Wstrict-prototypes + -Wold-style-definition + +Fixes: #3630 +Signed-off-by: Christian Brauner +--- + src/lxc/log.c | 4 ++-- + src/lxc/lsm/apparmor.c | 2 +- + src/lxc/tools/arguments.c | 2 +- + src/lxc/tools/lxc_copy.c | 2 +- + src/lxc/utils.c | 2 +- + src/tests/cgpath.c | 2 +- + src/tests/lxcpath.c | 2 +- + src/tests/mount_injection.c | 4 ++-- + 8 files changed, 10 insertions(+), 10 deletions(-) + +diff --git a/src/lxc/log.c b/src/lxc/log.c +index 824c3f5fa..6c7574453 100644 +--- a/src/lxc/log.c ++++ b/src/lxc/log.c +@@ -82,7 +82,7 @@ static int lxc_log_priority_to_syslog(int priority) + return LOG_NOTICE; + } + +-static const char *lxc_log_get_container_name() ++static const char *lxc_log_get_container_name(void) + { + #ifndef NO_LXC_CONF + if (current_config && !log_vmname) +@@ -814,7 +814,7 @@ inline const char *lxc_log_get_prefix(void) + return log_prefix; + } + +-inline void lxc_log_options_no_override() ++inline void lxc_log_options_no_override(void) + { + lxc_quiet_specified = 1; + lxc_loglevel_specified = 1; +diff --git a/src/lxc/lsm/apparmor.c b/src/lxc/lsm/apparmor.c +index 21945b826..ec946ad18 100644 +--- a/src/lxc/lsm/apparmor.c ++++ b/src/lxc/lsm/apparmor.c +@@ -588,7 +588,7 @@ static bool file_is_yes(const char *path) + return rd >= 4 && strncmp(buf, "yes\n", 4) == 0; + } + +-static bool apparmor_can_stack() ++static bool apparmor_can_stack(void) + { + int major, minor, scanned; + FILE *f; +diff --git a/src/lxc/tools/arguments.c b/src/lxc/tools/arguments.c +index dfed2a9ab..447031fc0 100644 +--- a/src/lxc/tools/arguments.c ++++ b/src/lxc/tools/arguments.c +@@ -116,7 +116,7 @@ __noreturn static void print_usage_exit(const struct option longopts[], + exit(EXIT_SUCCESS); + } + +-__noreturn static void print_version_exit() ++__noreturn static void print_version_exit(void) + { + printf("%s\n", lxc_get_version()); + exit(EXIT_SUCCESS); +diff --git a/src/lxc/tools/lxc_copy.c b/src/lxc/tools/lxc_copy.c +index db26094ad..c40692927 100644 +--- a/src/lxc/tools/lxc_copy.c ++++ b/src/lxc/tools/lxc_copy.c +@@ -509,7 +509,7 @@ static int do_clone_task(struct lxc_container *c, enum task task, int flags, + return ret; + } + +-static void free_mnts() ++static void free_mnts(void) + { + unsigned int i; + struct mnts *n = NULL; +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index 7d813957a..a5508ef8f 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -238,7 +238,7 @@ int mkdir_p(const char *dir, mode_t mode) + return 0; + } + +-char *get_rundir() ++char *get_rundir(void) + { + __do_free char *rundir = NULL; + char *static_rundir; +diff --git a/src/tests/cgpath.c b/src/tests/cgpath.c +index 5a7d6839c..5e3eb56c3 100644 +--- a/src/tests/cgpath.c ++++ b/src/tests/cgpath.c +@@ -173,7 +173,7 @@ out1: + return ret; + } + +-int main() ++int main(int argc, char *argv[]) + { + int ret = EXIT_FAILURE; + +diff --git a/src/tests/lxcpath.c b/src/tests/lxcpath.c +index b5141b464..64cc57b64 100644 +--- a/src/tests/lxcpath.c ++++ b/src/tests/lxcpath.c +@@ -33,7 +33,7 @@ + fprintf(stderr, "%d: %s\n", __LINE__, x); \ + } while (0) + +-int main() ++int main(int argc, char *argv[]) + { + struct lxc_container *c; + const char *p1, *p2; +diff --git a/src/tests/mount_injection.c b/src/tests/mount_injection.c +index 3c44d4014..c05455880 100644 +--- a/src/tests/mount_injection.c ++++ b/src/tests/mount_injection.c +@@ -371,13 +371,13 @@ out: + return ret; + } + +-static int do_priv_container_test() ++static int do_priv_container_test(void) + { + const char *config_items[] = {"lxc.mount.auto", "shmounts:/tmp/mount_injection_test", NULL}; + return perform_container_test(NAME"privileged", config_items); + } + +-static int do_unpriv_container_test() ++static int do_unpriv_container_test(void) + { + const char *config_items[] = { + "lxc.mount.auto", "shmounts:/tmp/mount_injection_test", diff -Nru lxc-4.0.2/debian/patches/0014-config-update-ax_pthread.m4.patch lxc-4.0.6/debian/patches/0014-config-update-ax_pthread.m4.patch --- lxc-4.0.2/debian/patches/0014-config-update-ax_pthread.m4.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0014-config-update-ax_pthread.m4.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,303 @@ +From 2c73c6ad8b52ef5ba7fe153d8001f8b9554d908c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 25 Jan 2021 12:45:09 +0100 +Subject: config: update ax_pthread.m4 + +Signed-off-by: Christian Brauner +--- + config/ax_pthread.m4 | 224 ++++++++++++++++++++++++------------------- + 1 file changed, 123 insertions(+), 101 deletions(-) + +diff --git a/config/ax_pthread.m4 b/config/ax_pthread.m4 +index 5fbf9fe0d..1598d077f 100644 +--- a/config/ax_pthread.m4 ++++ b/config/ax_pthread.m4 +@@ -55,6 +55,7 @@ + # + # Copyright (c) 2008 Steven G. Johnson + # Copyright (c) 2011 Daniel Richard G. ++# Copyright (c) 2019 Marc Stevens + # + # This program is free software: you can redistribute it and/or modify it + # under the terms of the GNU General Public License as published by the +@@ -82,7 +83,7 @@ + # modified version of the Autoconf Macro, you may extend this special + # exception to the GPL to apply to your modified version as well. + +-#serial 24 ++#serial 27 + + AU_ALIAS([ACX_PTHREAD], [AX_PTHREAD]) + AC_DEFUN([AX_PTHREAD], [ +@@ -123,10 +124,12 @@ fi + # (e.g. DEC) have both -lpthread and -lpthreads, where one of the + # libraries is broken (non-POSIX). + +-# Create a list of thread flags to try. Items starting with a "-" are +-# C compiler flags, and other items are library names, except for "none" +-# which indicates that we try without any flags at all, and "pthread-config" +-# which is a program returning the flags for the Pth emulation library. ++# Create a list of thread flags to try. Items with a "," contain both ++# C compiler flags (before ",") and linker flags (after ","). Other items ++# starting with a "-" are C compiler flags, and remaining items are ++# library names, except for "none" which indicates that we try without ++# any flags at all, and "pthread-config" which is a program returning ++# the flags for the Pth emulation library. + + ax_pthread_flags="pthreads none -Kthread -pthread -pthreads -mthreads pthread --thread-safe -mt pthread-config" + +@@ -194,14 +197,47 @@ case $host_os in + # that too in a future libc.) So we'll check first for the + # standard Solaris way of linking pthreads (-mt -lpthread). + +- ax_pthread_flags="-mt,pthread pthread $ax_pthread_flags" ++ ax_pthread_flags="-mt,-lpthread pthread $ax_pthread_flags" + ;; + esac + ++# Are we compiling with Clang? ++ ++AC_CACHE_CHECK([whether $CC is Clang], ++ [ax_cv_PTHREAD_CLANG], ++ [ax_cv_PTHREAD_CLANG=no ++ # Note that Autoconf sets GCC=yes for Clang as well as GCC ++ if test "x$GCC" = "xyes"; then ++ AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], ++ [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ ++# if defined(__clang__) && defined(__llvm__) ++ AX_PTHREAD_CC_IS_CLANG ++# endif ++ ], ++ [ax_cv_PTHREAD_CLANG=yes]) ++ fi ++ ]) ++ax_pthread_clang="$ax_cv_PTHREAD_CLANG" ++ ++ + # GCC generally uses -pthread, or -pthreads on some platforms (e.g. SPARC) + ++# Note that for GCC and Clang -pthread generally implies -lpthread, ++# except when -nostdlib is passed. ++# This is problematic using libtool to build C++ shared libraries with pthread: ++# [1] https://gcc.gnu.org/bugzilla/show_bug.cgi?id=25460 ++# [2] https://bugzilla.redhat.com/show_bug.cgi?id=661333 ++# [3] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=468555 ++# To solve this, first try -pthread together with -lpthread for GCC ++ + AS_IF([test "x$GCC" = "xyes"], +- [ax_pthread_flags="-pthread -pthreads $ax_pthread_flags"]) ++ [ax_pthread_flags="-pthread,-lpthread -pthread -pthreads $ax_pthread_flags"]) ++ ++# Clang takes -pthread (never supported any other flag), but we'll try with -lpthread first ++ ++AS_IF([test "x$ax_pthread_clang" = "xyes"], ++ [ax_pthread_flags="-pthread,-lpthread -pthread"]) ++ + + # The presence of a feature test macro requesting re-entrant function + # definitions is, on some systems, a strong hint that pthreads support is +@@ -224,25 +260,86 @@ AS_IF([test "x$ax_pthread_check_macro" = "x--"], + [ax_pthread_check_cond=0], + [ax_pthread_check_cond="!defined($ax_pthread_check_macro)"]) + +-# Are we compiling with Clang? + +-AC_CACHE_CHECK([whether $CC is Clang], +- [ax_cv_PTHREAD_CLANG], +- [ax_cv_PTHREAD_CLANG=no +- # Note that Autoconf sets GCC=yes for Clang as well as GCC +- if test "x$GCC" = "xyes"; then +- AC_EGREP_CPP([AX_PTHREAD_CC_IS_CLANG], +- [/* Note: Clang 2.7 lacks __clang_[a-z]+__ */ +-# if defined(__clang__) && defined(__llvm__) +- AX_PTHREAD_CC_IS_CLANG +-# endif +- ], +- [ax_cv_PTHREAD_CLANG=yes]) +- fi +- ]) +-ax_pthread_clang="$ax_cv_PTHREAD_CLANG" ++if test "x$ax_pthread_ok" = "xno"; then ++for ax_pthread_try_flag in $ax_pthread_flags; do ++ ++ case $ax_pthread_try_flag in ++ none) ++ AC_MSG_CHECKING([whether pthreads work without any flags]) ++ ;; ++ ++ *,*) ++ PTHREAD_CFLAGS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\1/"` ++ PTHREAD_LIBS=`echo $ax_pthread_try_flag | sed "s/^\(.*\),\(.*\)$/\2/"` ++ AC_MSG_CHECKING([whether pthreads work with "$PTHREAD_CFLAGS" and "$PTHREAD_LIBS"]) ++ ;; ++ ++ -*) ++ AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) ++ PTHREAD_CFLAGS="$ax_pthread_try_flag" ++ ;; ++ ++ pthread-config) ++ AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) ++ AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) ++ PTHREAD_CFLAGS="`pthread-config --cflags`" ++ PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" ++ ;; ++ ++ *) ++ AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) ++ PTHREAD_LIBS="-l$ax_pthread_try_flag" ++ ;; ++ esac ++ ++ ax_pthread_save_CFLAGS="$CFLAGS" ++ ax_pthread_save_LIBS="$LIBS" ++ CFLAGS="$CFLAGS $PTHREAD_CFLAGS" ++ LIBS="$PTHREAD_LIBS $LIBS" ++ ++ # Check for various functions. We must include pthread.h, ++ # since some functions may be macros. (On the Sequent, we ++ # need a special flag -Kthread to make this header compile.) ++ # We check for pthread_join because it is in -lpthread on IRIX ++ # while pthread_create is in libc. We check for pthread_attr_init ++ # due to DEC craziness with -lpthreads. We check for ++ # pthread_cleanup_push because it is one of the few pthread ++ # functions on Solaris that doesn't have a non-functional libc stub. ++ # We try pthread_create on general principles. ++ ++ AC_LINK_IFELSE([AC_LANG_PROGRAM([#include ++# if $ax_pthread_check_cond ++# error "$ax_pthread_check_macro must be defined" ++# endif ++ static void *some_global = NULL; ++ static void routine(void *a) ++ { ++ /* To avoid any unused-parameter or ++ unused-but-set-parameter warning. */ ++ some_global = a; ++ } ++ static void *start_routine(void *a) { return a; }], ++ [pthread_t th; pthread_attr_t attr; ++ pthread_create(&th, 0, start_routine, 0); ++ pthread_join(th, 0); ++ pthread_attr_init(&attr); ++ pthread_cleanup_push(routine, 0); ++ pthread_cleanup_pop(0) /* ; */])], ++ [ax_pthread_ok=yes], ++ []) ++ ++ CFLAGS="$ax_pthread_save_CFLAGS" ++ LIBS="$ax_pthread_save_LIBS" ++ ++ AC_MSG_RESULT([$ax_pthread_ok]) ++ AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) ++ ++ PTHREAD_LIBS="" ++ PTHREAD_CFLAGS="" ++done ++fi + +-ax_pthread_clang_warning=no + + # Clang needs special handling, because older versions handle the -pthread + # option in a rather... idiosyncratic way +@@ -261,11 +358,6 @@ if test "x$ax_pthread_clang" = "xyes"; then + # -pthread does define _REENTRANT, and while the Darwin headers + # ignore this macro, third-party headers might not.) + +- PTHREAD_CFLAGS="-pthread" +- PTHREAD_LIBS= +- +- ax_pthread_ok=yes +- + # However, older versions of Clang make a point of warning the user + # that, in an invocation where only linking and no compilation is + # taking place, the -pthread option has no effect ("argument unused +@@ -320,78 +412,7 @@ if test "x$ax_pthread_clang" = "xyes"; then + + fi # $ax_pthread_clang = yes + +-if test "x$ax_pthread_ok" = "xno"; then +-for ax_pthread_try_flag in $ax_pthread_flags; do +- +- case $ax_pthread_try_flag in +- none) +- AC_MSG_CHECKING([whether pthreads work without any flags]) +- ;; +- +- -mt,pthread) +- AC_MSG_CHECKING([whether pthreads work with -mt -lpthread]) +- PTHREAD_CFLAGS="-mt" +- PTHREAD_LIBS="-lpthread" +- ;; +- +- -*) +- AC_MSG_CHECKING([whether pthreads work with $ax_pthread_try_flag]) +- PTHREAD_CFLAGS="$ax_pthread_try_flag" +- ;; +- +- pthread-config) +- AC_CHECK_PROG([ax_pthread_config], [pthread-config], [yes], [no]) +- AS_IF([test "x$ax_pthread_config" = "xno"], [continue]) +- PTHREAD_CFLAGS="`pthread-config --cflags`" +- PTHREAD_LIBS="`pthread-config --ldflags` `pthread-config --libs`" +- ;; + +- *) +- AC_MSG_CHECKING([for the pthreads library -l$ax_pthread_try_flag]) +- PTHREAD_LIBS="-l$ax_pthread_try_flag" +- ;; +- esac +- +- ax_pthread_save_CFLAGS="$CFLAGS" +- ax_pthread_save_LIBS="$LIBS" +- CFLAGS="$CFLAGS $PTHREAD_CFLAGS" +- LIBS="$PTHREAD_LIBS $LIBS" +- +- # Check for various functions. We must include pthread.h, +- # since some functions may be macros. (On the Sequent, we +- # need a special flag -Kthread to make this header compile.) +- # We check for pthread_join because it is in -lpthread on IRIX +- # while pthread_create is in libc. We check for pthread_attr_init +- # due to DEC craziness with -lpthreads. We check for +- # pthread_cleanup_push because it is one of the few pthread +- # functions on Solaris that doesn't have a non-functional libc stub. +- # We try pthread_create on general principles. +- +- AC_LINK_IFELSE([AC_LANG_PROGRAM([#include +-# if $ax_pthread_check_cond +-# error "$ax_pthread_check_macro must be defined" +-# endif +- static void routine(void *a) { a = 0; } +- static void *start_routine(void *a) { return a; }], +- [pthread_t th; pthread_attr_t attr; +- pthread_create(&th, 0, start_routine, 0); +- pthread_join(th, 0); +- pthread_attr_init(&attr); +- pthread_cleanup_push(routine, 0); +- pthread_cleanup_pop(0) /* ; */])], +- [ax_pthread_ok=yes], +- []) +- +- CFLAGS="$ax_pthread_save_CFLAGS" +- LIBS="$ax_pthread_save_LIBS" +- +- AC_MSG_RESULT([$ax_pthread_ok]) +- AS_IF([test "x$ax_pthread_ok" = "xyes"], [break]) +- +- PTHREAD_LIBS="" +- PTHREAD_CFLAGS="" +-done +-fi + + # Various other checks: + if test "x$ax_pthread_ok" = "xyes"; then +@@ -438,7 +459,8 @@ if test "x$ax_pthread_ok" = "xyes"; then + AC_CACHE_CHECK([for PTHREAD_PRIO_INHERIT], + [ax_cv_PTHREAD_PRIO_INHERIT], + [AC_LINK_IFELSE([AC_LANG_PROGRAM([[#include ]], +- [[int i = PTHREAD_PRIO_INHERIT;]])], ++ [[int i = PTHREAD_PRIO_INHERIT; ++ return i;]])], + [ax_cv_PTHREAD_PRIO_INHERIT=yes], + [ax_cv_PTHREAD_PRIO_INHERIT=no]) + ]) diff -Nru lxc-4.0.2/debian/patches/0015-configure-add-AC_SYS_LARGEFILE-checking.patch lxc-4.0.6/debian/patches/0015-configure-add-AC_SYS_LARGEFILE-checking.patch --- lxc-4.0.2/debian/patches/0015-configure-add-AC_SYS_LARGEFILE-checking.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0015-configure-add-AC_SYS_LARGEFILE-checking.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,22 @@ +From d437d7addcd904cf309a318b04ee487d6fd69bb7 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 25 Jan 2021 12:51:31 +0100 +Subject: configure: add AC_SYS_LARGEFILE checking + +Signed-off-by: Christian Brauner +--- + configure.ac | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/configure.ac b/configure.ac +index 34f3ba31e..e234f4cee 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -43,6 +43,7 @@ AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability subdir-objects]) + AC_CANONICAL_HOST + AM_PROG_CC_C_O + AC_USE_SYSTEM_EXTENSIONS ++AC_SYS_LARGEFILE + + # Test if we have a new enough compiler. + AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ diff -Nru lxc-4.0.2/debian/patches/0016-autotools-update-build.patch lxc-4.0.6/debian/patches/0016-autotools-update-build.patch --- lxc-4.0.2/debian/patches/0016-autotools-update-build.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0016-autotools-update-build.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,664 @@ +From 1dbdd9b95fe951989e7591f13ced7c0f4ff6dc19 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 25 Jan 2021 13:25:57 +0100 +Subject: autotools: update build + +Signed-off-by: Christian Brauner +--- + Makefile.am | 2 + + config/attributes.m4 | 292 ++++++++++++++++++++++++++++++++ + config/ax_check_compile_flag.m4 | 53 ------ + config/ax_check_link_flag.m4 | 53 ------ + configure.ac | 95 ++++++----- + src/lxc/Makefile.am | 40 ++--- + src/tests/Makefile.am | 34 ++-- + 7 files changed, 387 insertions(+), 182 deletions(-) + create mode 100644 config/attributes.m4 + delete mode 100644 config/ax_check_compile_flag.m4 + delete mode 100644 config/ax_check_link_flag.m4 + +diff --git a/Makefile.am b/Makefile.am +index d3ce7b507..17fd6a89c 100644 +--- a/Makefile.am ++++ b/Makefile.am +@@ -1,6 +1,8 @@ + # Makefile.am + + ACLOCAL_AMFLAGS = -I config ++AM_CFLAGS += $(PTHREAD_CFLAGS) ++AM_LDFLAGS += $(PTHREAD_LIBS) + + LIBTOOL_DEPS = @LIBTOOL_DEPS@ + SUBDIRS = config coccinelle src templates doc hooks +diff --git a/config/attributes.m4 b/config/attributes.m4 +new file mode 100644 +index 000000000..51ac88be6 +--- /dev/null ++++ b/config/attributes.m4 +@@ -0,0 +1,292 @@ ++dnl Macros to check the presence of generic (non-typed) symbols. ++dnl Copyright (c) 2006-2008 Diego Pettenò ++dnl Copyright (c) 2006-2008 xine project ++dnl Copyright (c) 2012 Lucas De Marchi ++dnl ++dnl This program is free software; you can redistribute it and/or modify ++dnl it under the terms of the GNU General Public License as published by ++dnl the Free Software Foundation; either version 2, or (at your option) ++dnl any later version. ++dnl ++dnl This program is distributed in the hope that it will be useful, ++dnl but WITHOUT ANY WARRANTY; without even the implied warranty of ++dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++dnl GNU General Public License for more details. ++dnl ++dnl You should have received a copy of the GNU General Public License ++dnl along with this program; if not, write to the Free Software ++dnl Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA ++dnl 02110-1301, USA. ++dnl ++dnl As a special exception, the copyright owners of the ++dnl macro gives unlimited permission to copy, distribute and modify the ++dnl configure scripts that are the output of Autoconf when processing the ++dnl Macro. You need not follow the terms of the GNU General Public ++dnl License when using or distributing such scripts, even though portions ++dnl of the text of the Macro appear in them. The GNU General Public ++dnl License (GPL) does govern all other use of the material that ++dnl constitutes the Autoconf Macro. ++dnl ++dnl This special exception to the GPL applies to versions of the ++dnl Autoconf Macro released by this project. When you make and ++dnl distribute a modified version of the Autoconf Macro, you may extend ++dnl this special exception to the GPL to apply to your modified version as ++dnl well. ++ ++dnl Check if FLAG in ENV-VAR is supported by compiler and append it ++dnl to WHERE-TO-APPEND variable. Note that we invert -Wno-* checks to ++dnl -W* as gcc cannot test for negated warnings. If a C snippet is passed, ++dnl use it, otherwise use a simple main() definition that just returns 0. ++dnl CC_CHECK_FLAG_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG], [C-SNIPPET]) ++ ++AC_DEFUN([CC_CHECK_FLAG_APPEND], [ ++ AC_CACHE_CHECK([if $CC supports flag $3 in envvar $2], ++ AS_TR_SH([cc_cv_$2_$3]), ++ [eval "AS_TR_SH([cc_save_$2])='${$2}'" ++ eval "AS_TR_SH([$2])='${cc_save_$2} -Werror `echo "$3" | sed 's/^-Wno-/-W/'`'" ++ AC_LINK_IFELSE([AC_LANG_SOURCE(ifelse([$4], [], ++ [int main(void) { return 0; } ], ++ [$4]))], ++ [eval "AS_TR_SH([cc_cv_$2_$3])='yes'"], ++ [eval "AS_TR_SH([cc_cv_$2_$3])='no'"]) ++ eval "AS_TR_SH([$2])='$cc_save_$2'"]) ++ ++ AS_IF([eval test x$]AS_TR_SH([cc_cv_$2_$3])[ = xyes], ++ [eval "$1='${$1} $3'"]) ++]) ++ ++dnl CC_CHECK_FLAGS_APPEND([WHERE-TO-APPEND], [ENV-VAR], [FLAG1 FLAG2], [C-SNIPPET]) ++AC_DEFUN([CC_CHECK_FLAGS_APPEND], [ ++ for flag in [$3]; do ++ CC_CHECK_FLAG_APPEND([$1], [$2], $flag, [$4]) ++ done ++]) ++ ++dnl Check if the flag is supported by linker (cacheable) ++dnl CC_CHECK_LDFLAGS([FLAG], [ACTION-IF-FOUND],[ACTION-IF-NOT-FOUND]) ++ ++AC_DEFUN([CC_CHECK_LDFLAGS], [ ++ AC_CACHE_CHECK([if $CC supports $1 flag], ++ AS_TR_SH([cc_cv_ldflags_$1]), ++ [ac_save_LDFLAGS="$LDFLAGS" ++ LDFLAGS="$LDFLAGS $1" ++ AC_LINK_IFELSE([int main() { return 1; }], ++ [eval "AS_TR_SH([cc_cv_ldflags_$1])='yes'"], ++ [eval "AS_TR_SH([cc_cv_ldflags_$1])="]) ++ LDFLAGS="$ac_save_LDFLAGS" ++ ]) ++ ++ AS_IF([eval test x$]AS_TR_SH([cc_cv_ldflags_$1])[ = xyes], ++ [$2], [$3]) ++]) ++ ++dnl define the LDFLAGS_NOUNDEFINED variable with the correct value for ++dnl the current linker to avoid undefined references in a shared object. ++AC_DEFUN([CC_NOUNDEFINED], [ ++ dnl We check $host for which systems to enable this for. ++ AC_REQUIRE([AC_CANONICAL_HOST]) ++ ++ case $host in ++ dnl FreeBSD (et al.) does not complete linking for shared objects when pthreads ++ dnl are requested, as different implementations are present; to avoid problems ++ dnl use -Wl,-z,defs only for those platform not behaving this way. ++ *-freebsd* | *-openbsd*) ;; ++ *) ++ dnl First of all check for the --no-undefined variant of GNU ld. This allows ++ dnl for a much more readable command line, so that people can understand what ++ dnl it does without going to look for what the heck -z defs does. ++ for possible_flags in "-Wl,--no-undefined" "-Wl,-z,defs"; do ++ CC_CHECK_LDFLAGS([$possible_flags], [LDFLAGS_NOUNDEFINED="$possible_flags"]) ++ break ++ done ++ ;; ++ esac ++ ++ AC_SUBST([LDFLAGS_NOUNDEFINED]) ++]) ++ ++dnl Check for a -Werror flag or equivalent. -Werror is the GCC ++dnl and ICC flag that tells the compiler to treat all the warnings ++dnl as fatal. We usually need this option to make sure that some ++dnl constructs (like attributes) are not simply ignored. ++dnl ++dnl Other compilers don't support -Werror per se, but they support ++dnl an equivalent flag: ++dnl - Sun Studio compiler supports -errwarn=%all ++AC_DEFUN([CC_CHECK_WERROR], [ ++ AC_CACHE_CHECK( ++ [for $CC way to treat warnings as errors], ++ [cc_cv_werror], ++ [CC_CHECK_CFLAGS_SILENT([-Werror], [cc_cv_werror=-Werror], ++ [CC_CHECK_CFLAGS_SILENT([-errwarn=%all], [cc_cv_werror=-errwarn=%all])]) ++ ]) ++]) ++ ++AC_DEFUN([CC_CHECK_ATTRIBUTE], [ ++ AC_REQUIRE([CC_CHECK_WERROR]) ++ AC_CACHE_CHECK([if $CC supports __attribute__(( ifelse([$2], , [$1], [$2]) ))], ++ AS_TR_SH([cc_cv_attribute_$1]), ++ [ac_save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $cc_cv_werror" ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([$3])], ++ [eval "AS_TR_SH([cc_cv_attribute_$1])='yes'"], ++ [eval "AS_TR_SH([cc_cv_attribute_$1])='no'"]) ++ CFLAGS="$ac_save_CFLAGS" ++ ]) ++ ++ AS_IF([eval test x$]AS_TR_SH([cc_cv_attribute_$1])[ = xyes], ++ [AC_DEFINE( ++ AS_TR_CPP([SUPPORT_ATTRIBUTE_$1]), 1, ++ [Define this if the compiler supports __attribute__(( ifelse([$2], , [$1], [$2]) ))] ++ ) ++ $4], ++ [$5]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_CONSTRUCTOR], [ ++ CC_CHECK_ATTRIBUTE( ++ [constructor],, ++ [void __attribute__((constructor)) ctor() { int a; }], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_FORMAT], [ ++ CC_CHECK_ATTRIBUTE( ++ [format], [format(printf, n, n)], ++ [void __attribute__((format(printf, 1, 2))) printflike(const char *fmt, ...) { fmt = (void *)0; }], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_FORMAT_ARG], [ ++ CC_CHECK_ATTRIBUTE( ++ [format_arg], [format_arg(printf)], ++ [char *__attribute__((format_arg(1))) gettextlike(const char *fmt) { fmt = (void *)0; }], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_VISIBILITY], [ ++ CC_CHECK_ATTRIBUTE( ++ [visibility_$1], [visibility("$1")], ++ [void __attribute__((visibility("$1"))) $1_function() { }], ++ [$2], [$3]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_NONNULL], [ ++ CC_CHECK_ATTRIBUTE( ++ [nonnull], [nonnull()], ++ [void __attribute__((nonnull())) some_function(void *foo, void *bar) { foo = (void*)0; bar = (void*)0; }], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_UNUSED], [ ++ CC_CHECK_ATTRIBUTE( ++ [unused], , ++ [void some_function(void *foo, __attribute__((unused)) void *bar);], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_SENTINEL], [ ++ CC_CHECK_ATTRIBUTE( ++ [sentinel], , ++ [void some_function(void *foo, ...) __attribute__((sentinel));], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_DEPRECATED], [ ++ CC_CHECK_ATTRIBUTE( ++ [deprecated], , ++ [void some_function(void *foo, ...) __attribute__((deprecated));], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_ALIAS], [ ++ CC_CHECK_ATTRIBUTE( ++ [alias], [weak, alias], ++ [void other_function(void *foo) { } ++ void some_function(void *foo) __attribute__((weak, alias("other_function")));], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_MALLOC], [ ++ CC_CHECK_ATTRIBUTE( ++ [malloc], , ++ [void * __attribute__((malloc)) my_alloc(int n);], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_PACKED], [ ++ CC_CHECK_ATTRIBUTE( ++ [packed], , ++ [struct astructure { char a; int b; long c; void *d; } __attribute__((packed));], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_CONST], [ ++ CC_CHECK_ATTRIBUTE( ++ [const], , ++ [int __attribute__((const)) twopow(int n) { return 1 << n; } ], ++ [$1], [$2]) ++]) ++ ++AC_DEFUN([CC_FLAG_VISIBILITY], [ ++ AC_REQUIRE([CC_CHECK_WERROR]) ++ AC_CACHE_CHECK([if $CC supports -fvisibility=hidden], ++ [cc_cv_flag_visibility], ++ [cc_flag_visibility_save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $cc_cv_werror" ++ CC_CHECK_CFLAGS_SILENT([-fvisibility=hidden], ++ cc_cv_flag_visibility='yes', ++ cc_cv_flag_visibility='no') ++ CFLAGS="$cc_flag_visibility_save_CFLAGS"]) ++ ++ AS_IF([test "x$cc_cv_flag_visibility" = "xyes"], ++ [AC_DEFINE([SUPPORT_FLAG_VISIBILITY], 1, ++ [Define this if the compiler supports the -fvisibility flag]) ++ $1], ++ [$2]) ++]) ++ ++AC_DEFUN([CC_FUNC_EXPECT], [ ++ AC_REQUIRE([CC_CHECK_WERROR]) ++ AC_CACHE_CHECK([if compiler has __builtin_expect function], ++ [cc_cv_func_expect], ++ [ac_save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $cc_cv_werror" ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE( ++ [int some_function() { ++ int a = 3; ++ return (int)__builtin_expect(a, 3); ++ }])], ++ [cc_cv_func_expect=yes], ++ [cc_cv_func_expect=no]) ++ CFLAGS="$ac_save_CFLAGS" ++ ]) ++ ++ AS_IF([test "x$cc_cv_func_expect" = "xyes"], ++ [AC_DEFINE([SUPPORT__BUILTIN_EXPECT], 1, ++ [Define this if the compiler supports __builtin_expect() function]) ++ $1], ++ [$2]) ++]) ++ ++AC_DEFUN([CC_ATTRIBUTE_ALIGNED], [ ++ AC_REQUIRE([CC_CHECK_WERROR]) ++ AC_CACHE_CHECK([highest __attribute__ ((aligned ())) supported], ++ [cc_cv_attribute_aligned], ++ [ac_save_CFLAGS="$CFLAGS" ++ CFLAGS="$CFLAGS $cc_cv_werror" ++ for cc_attribute_align_try in 64 32 16 8 4 2; do ++ AC_COMPILE_IFELSE([AC_LANG_SOURCE([ ++ int main() { ++ static char c __attribute__ ((aligned($cc_attribute_align_try))) = 0; ++ return c; ++ }])], [cc_cv_attribute_aligned=$cc_attribute_align_try; break]) ++ done ++ CFLAGS="$ac_save_CFLAGS" ++ ]) ++ ++ if test "x$cc_cv_attribute_aligned" != "x"; then ++ AC_DEFINE_UNQUOTED([ATTRIBUTE_ALIGNED_MAX], [$cc_cv_attribute_aligned], ++ [Define the highest alignment supported]) ++ fi ++]) +diff --git a/config/ax_check_compile_flag.m4 b/config/ax_check_compile_flag.m4 +deleted file mode 100644 +index bd753b34d..000000000 +--- a/config/ax_check_compile_flag.m4 ++++ /dev/null +@@ -1,53 +0,0 @@ +-# =========================================================================== +-# https://www.gnu.org/software/autoconf-archive/ax_check_compile_flag.html +-# =========================================================================== +-# +-# SYNOPSIS +-# +-# AX_CHECK_COMPILE_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +-# +-# DESCRIPTION +-# +-# Check whether the given FLAG works with the current language's compiler +-# or gives an error. (Warnings, however, are ignored) +-# +-# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +-# success/failure. +-# +-# If EXTRA-FLAGS is defined, it is added to the current language's default +-# flags (e.g. CFLAGS) when the check is done. The check is thus made with +-# the flags: "CFLAGS EXTRA-FLAGS FLAG". This can for example be used to +-# force the compiler to issue an error when a bad flag is given. +-# +-# INPUT gives an alternative input source to AC_COMPILE_IFELSE. +-# +-# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +-# macro in sync with AX_CHECK_{PREPROC,LINK}_FLAG. +-# +-# LICENSE +-# +-# Copyright (c) 2008 Guido U. Draheim +-# Copyright (c) 2011 Maarten Bosmans +-# +-# Copying and distribution of this file, with or without modification, are +-# permitted in any medium without royalty provided the copyright notice +-# and this notice are preserved. This file is offered as-is, without any +-# warranty. +- +-#serial 6 +- +-AC_DEFUN([AX_CHECK_COMPILE_FLAG], +-[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +-AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_[]_AC_LANG_ABBREV[]flags_$4_$1])dnl +-AC_CACHE_CHECK([whether _AC_LANG compiler accepts $1], CACHEVAR, [ +- ax_check_save_flags=$[]_AC_LANG_PREFIX[]FLAGS +- _AC_LANG_PREFIX[]FLAGS="$[]_AC_LANG_PREFIX[]FLAGS $4 $1" +- AC_COMPILE_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], +- [AS_VAR_SET(CACHEVAR,[yes])], +- [AS_VAR_SET(CACHEVAR,[no])]) +- _AC_LANG_PREFIX[]FLAGS=$ax_check_save_flags]) +-AS_VAR_IF(CACHEVAR,yes, +- [m4_default([$2], :)], +- [m4_default([$3], :)]) +-AS_VAR_POPDEF([CACHEVAR])dnl +-])dnl AX_CHECK_COMPILE_FLAGS +diff --git a/config/ax_check_link_flag.m4 b/config/ax_check_link_flag.m4 +deleted file mode 100644 +index 03a30ce4c..000000000 +--- a/config/ax_check_link_flag.m4 ++++ /dev/null +@@ -1,53 +0,0 @@ +-# =========================================================================== +-# https://www.gnu.org/software/autoconf-archive/ax_check_link_flag.html +-# =========================================================================== +-# +-# SYNOPSIS +-# +-# AX_CHECK_LINK_FLAG(FLAG, [ACTION-SUCCESS], [ACTION-FAILURE], [EXTRA-FLAGS], [INPUT]) +-# +-# DESCRIPTION +-# +-# Check whether the given FLAG works with the linker or gives an error. +-# (Warnings, however, are ignored) +-# +-# ACTION-SUCCESS/ACTION-FAILURE are shell commands to execute on +-# success/failure. +-# +-# If EXTRA-FLAGS is defined, it is added to the linker's default flags +-# when the check is done. The check is thus made with the flags: "LDFLAGS +-# EXTRA-FLAGS FLAG". This can for example be used to force the linker to +-# issue an error when a bad flag is given. +-# +-# INPUT gives an alternative input source to AC_LINK_IFELSE. +-# +-# NOTE: Implementation based on AX_CFLAGS_GCC_OPTION. Please keep this +-# macro in sync with AX_CHECK_{PREPROC,COMPILE}_FLAG. +-# +-# LICENSE +-# +-# Copyright (c) 2008 Guido U. Draheim +-# Copyright (c) 2011 Maarten Bosmans +-# +-# Copying and distribution of this file, with or without modification, are +-# permitted in any medium without royalty provided the copyright notice +-# and this notice are preserved. This file is offered as-is, without any +-# warranty. +- +-#serial 6 +- +-AC_DEFUN([AX_CHECK_LINK_FLAG], +-[AC_PREREQ(2.64)dnl for _AC_LANG_PREFIX and AS_VAR_IF +-AS_VAR_PUSHDEF([CACHEVAR],[ax_cv_check_ldflags_$4_$1])dnl +-AC_CACHE_CHECK([whether the linker accepts $1], CACHEVAR, [ +- ax_check_save_flags=$LDFLAGS +- LDFLAGS="$LDFLAGS $4 $1" +- AC_LINK_IFELSE([m4_default([$5],[AC_LANG_PROGRAM()])], +- [AS_VAR_SET(CACHEVAR,[yes])], +- [AS_VAR_SET(CACHEVAR,[no])]) +- LDFLAGS=$ax_check_save_flags]) +-AS_VAR_IF(CACHEVAR,yes, +- [m4_default([$2], :)], +- [m4_default([$3], :)]) +-AS_VAR_POPDEF([CACHEVAR])dnl +-])dnl AX_CHECK_LINK_FLAGS +diff --git a/configure.ac b/configure.ac +index e234f4cee..e4ae1766d 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -739,45 +739,60 @@ AC_PROG_SED + LXC_CHECK_TLS + + # Hardening flags +-AX_CHECK_COMPILE_FLAG([-fdiagnostics-color], [CFLAGS="$CFLAGS -fdiagnostics-color"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wimplicit-fallthrough=5], [CFLAGS="$CFLAGS -Wimplicit-fallthrough=5"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wcast-align], [CFLAGS="$CFLAGS -Wcast-align"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wstrict-prototypes], [CFLAGS="$CFLAGS -Wstrict-prototypes"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-fno-strict-aliasing], [CFLAGS="$CFLAGS -fno-strict-aliasing"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-fstack-clash-protection], [CFLAGS="$CFLAGS -fstack-clash-protection"],,[-Werror]) +-AX_CHECK_LINK_FLAG([-fstack-protector-strong], [CFLAGS="$CFLAGS -fstack-protector-strong"],,[-Werror]) +-AX_CHECK_LINK_FLAG([--param=ssp-buffer-size=4], [CFLAGS="$CFLAGS --param=ssp-buffer-size=4"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-g], [CFLAGS="$CFLAGS -g"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([--mcet -fcf-protection], [CFLAGS="$CFLAGS --mcet -fcf-protection"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=implicit-function-declaration], [CFLAGS="$CFLAGS -Werror=implicit-function-declaration"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wlogical-op], [CFLAGS="$CFLAGS -Wlogical-op"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wmissing-include-dirs], [CFLAGS="$CFLAGS -Wmissing-include-dirs"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wold-style-definition], [CFLAGS="$CFLAGS -Wold-style-definition"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Winit-self], [CFLAGS="$CFLAGS -Winit-self"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wunused-but-set-variable], [CFLAGS="$CFLAGS -Wunused-but-set-variable"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wfloat-equal], [CFLAGS="$CFLAGS -Wfloat-equal"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wsuggest-attribute=noreturn], [CFLAGS="$CFLAGS -Wsuggest-attribute=noreturn"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=return-type], [CFLAGS="$CFLAGS -Werror=return-type"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=incompatible-pointer-types], [CFLAGS="$CFLAGS -Werror=incompatible-pointer-types"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wformat=2], [CFLAGS="$CFLAGS -Wformat=2"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wshadow], [CFLAGS="$CFLAGS -Wshadow"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wendif-labels], [CFLAGS="$CFLAGS -Wendif-labels"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=overflow], [CFLAGS="$CFLAGS -Werror=overflow"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-fdiagnostics-show-option], [CFLAGS="$CFLAGS -fdiagnostics-show-option"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=shift-count-overflow], [CFLAGS="$CFLAGS -Werror=shift-count-overflow"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Werror=shift-overflow=2], [CFLAGS="$CFLAGS -Werror=shift-overflow=2"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wdate-time], [CFLAGS="$CFLAGS -Wdate-time"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wnested-externs], [CFLAGS="$CFLAGS -Wnested-externs"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-fasynchronous-unwind-tables], [CFLAGS="$CFLAGS -fasynchronous-unwind-tables"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-pipe], [CFLAGS="$CFLAGS -pipe"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-fexceptions], [CFLAGS="$CFLAGS -fexceptions"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Warray-bounds], [CFLAGS="$CFLAGS -Warray-bounds"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wrestrict], [CFLAGS="$CFLAGS -Wrestrict"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wreturn-local-addr], [CFLAGS="$CFLAGS -Wreturn-local-addr"],,[-Werror]) +-AX_CHECK_COMPILE_FLAG([-Wstringop-overflow], [CFLAGS="$CFLAGS -Wstringop-overflow"],,[-Werror]) +- +-AX_CHECK_LINK_FLAG([-z relro], [LDFLAGS="$LDFLAGS -z relro"],,[]) +-AX_CHECK_LINK_FLAG([-z now], [LDFLAGS="$LDFLAGS -z now"],,[]) ++CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[ \ ++ -fPIE \ ++ -Wvla \ ++ -std=gnu11 \ ++ -fms-extensions \ ++ -fdiagnostics-color \ ++ -Wimplicit-fallthrough=5 \ ++ -Wcast-align \ ++ -Wstrict-prototypes \ ++ -fno-strict-aliasing \ ++ -fstack-clash-protection \ ++ -fstack-protector-strong \ ++ --param=ssp-buffer-size=4 \ ++ -g \ ++ --mcet -fcf-protection \ ++ -Werror=implicit-function-declaration \ ++ -Wlogical-op \ ++ -Wmissing-include-dirs \ ++ -Wold-style-definition \ ++ -Winit-self \ ++ -Wunused-but-set-variable \ ++ -Wfloat-equal \ ++ -Wsuggest-attribute=noreturn \ ++ -Werror=return-type \ ++ -Werror=incompatible-pointer-types \ ++ -Wformat=2 \ ++ -Wshadow \ ++ -Wendif-labels \ ++ -Werror=overflow \ ++ -fdiagnostics-show-option \ ++ -Werror=shift-count-overflow \ ++ -Werror=shift-overflow=2 \ ++ -Wdate-time \ ++ -Wnested-externs \ ++ -fasynchronous-unwind-tables \ ++ -pipe \ ++ -fexceptions \ ++ -Warray-bounds \ ++ -Wrestrict \ ++ -Wreturn-local-addr \ ++ -flto=thin \ ++ -fsanitize=cfi \ ++ -Wstringop-overflow]) ++AC_SUBST(AM_CFLAGS) ++ ++CC_CHECK_FLAGS_APPEND([AM_LDFLAGS],[LDFLAGS],[ \ ++ -Wl,--as-needed \ ++ -Wl,--no-undefined \ ++ -Wl,--gc-sections \ ++ -Wl,-z,relro \ ++ -Wl,-z,now \ ++ -pie \ ++ -Wl,-fuse-ld=gold]) ++AC_SUBST(AM_LDFLAGS) + + CFLAGS="$CFLAGS -Wvla -std=gnu11 -fms-extensions" + if test "x$enable_werror" = "xyes"; then +@@ -1055,6 +1070,8 @@ Binaries + + Environment: + - compiler: $CC ++ - cflags: ${AM_CFLAGS} ${PTHREAD_CFLAGS} ++ - ldflags: ${AM_LDFLAGS} ${PTHREAD_LIBS} + - distribution: $with_distro + - init script type(s): $init_script + - rpath: $enable_rpath +diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am +index 4f564bb41..a1e4be44d 100644 +--- a/src/lxc/Makefile.am ++++ b/src/lxc/Makefile.am +@@ -199,25 +199,25 @@ if ENFORCE_MEMFD_REXEC + liblxc_la_SOURCES += rexec.c rexec.h + endif + +-AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ +- -DLXCPATH=\"$(LXCPATH)\" \ +- -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ +- -DLXCINITDIR=\"$(LXCINITDIR)\" \ +- -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ +- -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ +- -DLXCTEMPLATECONFIG=\"$(LXCTEMPLATECONFIG)\" \ +- -DLOGPATH=\"$(LOGPATH)\" \ +- -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ +- -DLXC_USERNIC_DB=\"$(LXC_USERNIC_DB)\" \ +- -DLXC_USERNIC_CONF=\"$(LXC_USERNIC_CONF)\" \ +- -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ +- -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ +- -DSBINDIR=\"$(SBINDIR)\" \ +- -DAPPARMOR_CACHE_DIR=\"$(APPARMOR_CACHE_DIR)\" \ +- -I $(top_srcdir)/src \ +- -I $(top_srcdir)/src/lxc \ +- -I $(top_srcdir)/src/lxc/storage \ +- -I $(top_srcdir)/src/lxc/cgroups ++AM_CFLAGS += -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ ++ -DLXCPATH=\"$(LXCPATH)\" \ ++ -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ ++ -DLXCINITDIR=\"$(LXCINITDIR)\" \ ++ -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ ++ -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ ++ -DLXCTEMPLATECONFIG=\"$(LXCTEMPLATECONFIG)\" \ ++ -DLOGPATH=\"$(LOGPATH)\" \ ++ -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ ++ -DLXC_USERNIC_DB=\"$(LXC_USERNIC_DB)\" \ ++ -DLXC_USERNIC_CONF=\"$(LXC_USERNIC_CONF)\" \ ++ -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ ++ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ ++ -DSBINDIR=\"$(SBINDIR)\" \ ++ -DAPPARMOR_CACHE_DIR=\"$(APPARMOR_CACHE_DIR)\" \ ++ -I $(top_srcdir)/src \ ++ -I $(top_srcdir)/src/lxc \ ++ -I $(top_srcdir)/src/lxc/storage \ ++ -I $(top_srcdir)/src/lxc/cgroups + if ENABLE_APPARMOR + AM_CFLAGS += -DHAVE_APPARMOR + endif +@@ -316,7 +316,7 @@ pkglibexec_PROGRAMS = lxc-monitord \ + lxc-user-nic + endif + +-AM_LDFLAGS = -Wl,-E ++AM_LDFLAGS += -Wl,-E + + if ENABLE_RPATH + AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir) +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index 664c6c47b..dc7e4820e 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -544,23 +544,23 @@ if ENABLE_SECCOMP + lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h + endif + +-AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ +- -DLXCPATH=\"$(LXCPATH)\" \ +- -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ +- -DLXCINITDIR=\"$(LXCINITDIR)\" \ +- -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ +- -DLOGPATH=\"$(LOGPATH)\" \ +- -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ +- -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ +- -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ +- -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ +- -DSBINDIR=\"$(SBINDIR)\" \ +- -I $(top_srcdir)/src \ +- -I $(top_srcdir)/src/lxc \ +- -I $(top_srcdir)/src/lxc/cgroups \ +- -I $(top_srcdir)/src/lxc/tools \ +- -I $(top_srcdir)/src/lxc/storage \ +- -pthread ++AM_CFLAGS += -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ ++ -DLXCPATH=\"$(LXCPATH)\" \ ++ -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ ++ -DLXCINITDIR=\"$(LXCINITDIR)\" \ ++ -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ ++ -DLOGPATH=\"$(LOGPATH)\" \ ++ -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ ++ -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ ++ -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ ++ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ ++ -DSBINDIR=\"$(SBINDIR)\" \ ++ -I $(top_srcdir)/src \ ++ -I $(top_srcdir)/src/lxc \ ++ -I $(top_srcdir)/src/lxc/cgroups \ ++ -I $(top_srcdir)/src/lxc/tools \ ++ -I $(top_srcdir)/src/lxc/storage \ ++ -pthread + + if ENABLE_APPARMOR + AM_CFLAGS += -DHAVE_APPARMOR diff -Nru lxc-4.0.2/debian/patches/0017-file_utils-introduce-read_file_at.patch lxc-4.0.6/debian/patches/0017-file_utils-introduce-read_file_at.patch --- lxc-4.0.2/debian/patches/0017-file_utils-introduce-read_file_at.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0017-file_utils-introduce-read_file_at.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,214 @@ +From 49bb44920c4ed54b84f28962243e7dcb33e9a3d8 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 11:01:34 +0100 +Subject: file_utils: introduce read_file_at() + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 61 ++++++++-------------------------------- + src/lxc/file_utils.c | 46 ++++++++++++++++++++++++++++++ + src/lxc/file_utils.h | 1 + + 3 files changed, 58 insertions(+), 50 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 001bd4d51..afc27107d 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -176,45 +176,6 @@ static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *contr + return ret_set_errno(NULL, ENOENT); + } + +-#define BATCH_SIZE 50 +-static void batch_realloc(char **mem, size_t oldlen, size_t newlen) +-{ +- int newbatches = (newlen / BATCH_SIZE) + 1; +- int oldbatches = (oldlen / BATCH_SIZE) + 1; +- +- if (!*mem || newbatches > oldbatches) +- *mem = must_realloc(*mem, newbatches * BATCH_SIZE); +-} +- +-static void append_line(char **dest, size_t oldlen, char *new, size_t newlen) +-{ +- size_t full = oldlen + newlen; +- +- batch_realloc(dest, oldlen, full + 1); +- +- memcpy(*dest + oldlen, new, newlen + 1); +-} +- +-/* Slurp in a whole file */ +-static char *read_file(const char *fnam) +-{ +- __do_free char *buf = NULL, *line = NULL; +- __do_fclose FILE *f = NULL; +- size_t len = 0, fulllen = 0; +- int linelen; +- +- f = fopen(fnam, "re"); +- if (!f) +- return NULL; +- +- while ((linelen = getline(&line, &len, f)) != -1) { +- append_line(&buf, fulllen, line, linelen); +- fulllen += linelen; +- } +- +- return move_ptr(buf); +-} +- + /* Taken over modified from the kernel sources. */ + #define NBITS 32 /* bits in uint32_t */ + #define DIV_ROUND_UP(n, d) (((n) + (d)-1) / (d)) +@@ -350,7 +311,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup, + bool flipped_bit = false; + + fpath = must_make_path(parent_cgroup, "cpuset.cpus", NULL); +- posscpus = read_file(fpath); ++ posscpus = read_file_at(-EBADF, fpath); + if (!posscpus) + return log_error_errno(false, errno, "Failed to read file \"%s\"", fpath); + +@@ -360,7 +321,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup, + return false; + + if (file_exists(__ISOL_CPUS)) { +- isolcpus = read_file(__ISOL_CPUS); ++ isolcpus = read_file_at(-EBADF, __ISOL_CPUS); + if (!isolcpus) + return log_error_errno(false, errno, "Failed to read file \"%s\"", __ISOL_CPUS); + +@@ -379,7 +340,7 @@ static bool cg_legacy_filter_and_set_cpus(const char *parent_cgroup, + } + + if (file_exists(__OFFLINE_CPUS)) { +- offlinecpus = read_file(__OFFLINE_CPUS); ++ offlinecpus = read_file_at(-EBADF, __OFFLINE_CPUS); + if (!offlinecpus) + return log_error_errno(false, errno, "Failed to read file \"%s\"", __OFFLINE_CPUS); + +@@ -691,14 +652,14 @@ static char **cg_unified_make_empty_controller(void) + return move_ptr(aret); + } + +-static char **cg_unified_get_controllers(const char *file) ++static char **cg_unified_get_controllers(int dfd, const char *file) + { + __do_free char *buf = NULL; + __do_free_string_list char **aret = NULL; + char *sep = " \t\n"; + char *tok; + +- buf = read_file(file); ++ buf = read_file_at(dfd, file); + if (!buf) + return NULL; + +@@ -3147,7 +3108,7 @@ static void cg_unified_delegate(char ***delegate) + char *token; + int idx; + +- buf = read_file("/sys/kernel/cgroup/delegate"); ++ buf = read_file_at(-EBADF, "/sys/kernel/cgroup/delegate"); + if (!buf) { + for (char **p = standard; p && *p; p++) { + idx = append_null_to_list((void ***)delegate); +@@ -3185,9 +3146,9 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg + * cgroups as our base in that case. + */ + if (!relative && (geteuid() == 0)) +- basecginfo = read_file("/proc/1/cgroup"); ++ basecginfo = read_file_at(-EBADF, "/proc/1/cgroup"); + else +- basecginfo = read_file("/proc/self/cgroup"); ++ basecginfo = read_file_at(-EBADF, "/proc/self/cgroup"); + if (!basecginfo) + return ret_set_errno(-1, ENOMEM); + +@@ -3271,7 +3232,7 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg + "cgroup.controllers", + NULL); + +- controller_list = cg_unified_get_controllers(cgv2_ctrl_path); ++ controller_list = cg_unified_get_controllers(-EBADF, cgv2_ctrl_path); + free(cgv2_ctrl_path); + if (!controller_list) { + controller_list = cg_unified_make_empty_controller(); +@@ -3314,9 +3275,9 @@ static char *cg_unified_get_current_cgroup(bool relative) + char *base_cgroup; + + if (!relative && (geteuid() == 0)) +- basecginfo = read_file("/proc/1/cgroup"); ++ basecginfo = read_file_at(-EBADF, "/proc/1/cgroup"); + else +- basecginfo = read_file("/proc/self/cgroup"); ++ basecginfo = read_file_at(-EBADF, "/proc/self/cgroup"); + if (!basecginfo) + return NULL; + +diff --git a/src/lxc/file_utils.c b/src/lxc/file_utils.c +index 66738ceb0..b6ec0d858 100644 +--- a/src/lxc/file_utils.c ++++ b/src/lxc/file_utils.c +@@ -565,3 +565,49 @@ int fd_make_nonblocking(int fd) + flags &= ~O_NONBLOCK; + return fcntl(fd, F_SETFL, flags); + } ++ ++#define BATCH_SIZE 50 ++static void batch_realloc(char **mem, size_t oldlen, size_t newlen) ++{ ++ int newbatches = (newlen / BATCH_SIZE) + 1; ++ int oldbatches = (oldlen / BATCH_SIZE) + 1; ++ ++ if (!*mem || newbatches > oldbatches) ++ *mem = must_realloc(*mem, newbatches * BATCH_SIZE); ++} ++ ++static void append_line(char **dest, size_t oldlen, char *new, size_t newlen) ++{ ++ size_t full = oldlen + newlen; ++ ++ batch_realloc(dest, oldlen, full + 1); ++ ++ memcpy(*dest + oldlen, new, newlen + 1); ++} ++ ++/* Slurp in a whole file */ ++char *read_file_at(int dfd, const char *fnam) ++{ ++ __do_close int fd = -EBADF; ++ __do_free char *buf = NULL, *line = NULL; ++ __do_fclose FILE *f = NULL; ++ size_t len = 0, fulllen = 0; ++ int linelen; ++ ++ fd = openat(dfd, fnam, O_NOCTTY | O_CLOEXEC | O_NOFOLLOW | O_RDONLY); ++ if (fd < 0) ++ return NULL; ++ ++ f = fdopen(fd, "re"); ++ if (!f) ++ return NULL; ++ /* Transfer ownership to fdopen(). */ ++ move_fd(fd); ++ ++ while ((linelen = getline(&line, &len, f)) != -1) { ++ append_line(&buf, fulllen, line, linelen); ++ fulllen += linelen; ++ } ++ ++ return move_ptr(buf); ++} +diff --git a/src/lxc/file_utils.h b/src/lxc/file_utils.h +index 4a5f876f5..c6650761d 100644 +--- a/src/lxc/file_utils.h ++++ b/src/lxc/file_utils.h +@@ -80,5 +80,6 @@ __hidden extern bool exists_dir_at(int dir_fd, const char *path); + __hidden extern bool exists_file_at(int dir_fd, const char *path); + __hidden extern int open_beneath(int dir_fd, const char *path, unsigned int flags); + __hidden int fd_make_nonblocking(int fd); ++__hidden extern char *read_file_at(int dfd, const char *fnam); + + #endif /* __LXC_FILE_UTILS_H */ diff -Nru lxc-4.0.2/debian/patches/0018-string_utils-add-must_make_path_relative.patch lxc-4.0.6/debian/patches/0018-string_utils-add-must_make_path_relative.patch --- lxc-4.0.2/debian/patches/0018-string_utils-add-must_make_path_relative.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0018-string_utils-add-must_make_path_relative.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,34 @@ +From 747a3138b2dcbcfadd64deb17f18abea3786cbb5 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 15:25:22 +0100 +Subject: string_utils: add must_make_path_relative() + +Stolen without shame from my previous implementation in LXCFS. + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/string_utils.h | 10 ++++++++++ + 1 file changed, 10 insertions(+) + +diff --git a/src/lxc/string_utils.h b/src/lxc/string_utils.h +index dbdf97d57..dc4f4f188 100644 +--- a/src/lxc/string_utils.h ++++ b/src/lxc/string_utils.h +@@ -85,6 +85,16 @@ __hidden __attribute__((sentinel)) extern char *must_concat(size_t *len, const c + __hidden __attribute__((sentinel)) extern char *must_make_path(const char *first, ...); + __hidden __attribute__((sentinel)) extern char *must_append_path(char *first, ...); + ++#define must_make_path_relative(__first__, ...) \ ++ ({ \ ++ char *__ptr__; \ ++ if (*__first__ == '/') \ ++ __ptr__ = must_make_path(".", __first__, __VA_ARGS__); \ ++ else \ ++ __ptr__ = must_make_path(__first__, __VA_ARGS__); \ ++ __ptr__; \ ++ }) ++ + /* Return copy of string @entry. Do not fail. */ + __hidden extern char *must_copy_string(const char *entry); + diff -Nru lxc-4.0.2/debian/patches/0019-cgroups-coding-style-fixes.patch lxc-4.0.6/debian/patches/0019-cgroups-coding-style-fixes.patch --- lxc-4.0.2/debian/patches/0019-cgroups-coding-style-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0019-cgroups-coding-style-fixes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From d0a9d86b560594a1f4196be627a57900978326f7 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 15:27:37 +0100 +Subject: cgroups: coding style fixes + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index afc27107d..227c45457 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -153,14 +153,15 @@ static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *contr + for (int i = 0; ops->hierarchies[i]; i++) { + if (!controller) { + /* This is the empty unified hierarchy. */ +- if (ops->hierarchies[i]->controllers && +- !ops->hierarchies[i]->controllers[0]) ++ if (ops->hierarchies[i]->controllers && !ops->hierarchies[i]->controllers[0]) + return ops->hierarchies[i]; ++ + continue; + } else if (pure_unified_layout(ops) && + strcmp(controller, "devices") == 0) { + if (ops->unified->bpf_device_controller) + return ops->unified; ++ + break; + } + diff -Nru lxc-4.0.2/debian/patches/0020-cgroups-rework-cg_unified_init.patch lxc-4.0.6/debian/patches/0020-cgroups-rework-cg_unified_init.patch --- lxc-4.0.2/debian/patches/0020-cgroups-rework-cg_unified_init.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0020-cgroups-rework-cg_unified_init.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,65 @@ +From 650398c30d63961680bce23e7e145119624f5c97 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 15:28:12 +0100 +Subject: cgroups: rework cg_unified_init() + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 21 ++++++++++++++------- + 1 file changed, 14 insertions(+), 7 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 227c45457..4ccbd9c19 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -3297,12 +3297,11 @@ static char *cg_unified_get_current_cgroup(bool relative) + static int cg_unified_init(struct cgroup_ops *ops, bool relative, + bool unprivileged) + { +- __do_free char *subtree_path = NULL; ++ __do_close int cgroup_root_fd = -EBADF; ++ __do_free char *base_cgroup = NULL, *controllers_path = NULL; + int ret; +- char *mountpoint; + char **delegatable; + struct hierarchy *new; +- char *base_cgroup = NULL; + + ret = unified_cgroup_hierarchy(); + if (ret == -ENOMEDIUM) +@@ -3317,14 +3316,18 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative, + if (!relative) + prune_init_scope(base_cgroup); + ++ cgroup_root_fd = openat(-EBADF, DEFAULT_CGROUP_MOUNTPOINT, ++ O_NOCTTY | O_CLOEXEC | O_NOFOLLOW | O_DIRECTORY); ++ if (cgroup_root_fd < 0) ++ return -errno; ++ + /* + * We assume that the cgroup we're currently in has been delegated to + * us and we are free to further delege all of the controllers listed + * in cgroup.controllers further down the hierarchy. + */ +- mountpoint = must_copy_string(DEFAULT_CGROUP_MOUNTPOINT); +- subtree_path = must_make_path(mountpoint, base_cgroup, "cgroup.controllers", NULL); +- delegatable = cg_unified_get_controllers(subtree_path); ++ controllers_path = must_make_path_relative(base_cgroup, "cgroup.controllers", NULL); ++ delegatable = cg_unified_get_controllers(cgroup_root_fd, controllers_path); + if (!delegatable) + delegatable = cg_unified_make_empty_controller(); + if (!delegatable[0]) +@@ -3337,7 +3340,11 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative, + * controllers per container. + */ + +- new = add_hierarchy(&ops->hierarchies, delegatable, mountpoint, base_cgroup, CGROUP2_SUPER_MAGIC); ++ new = add_hierarchy(&ops->hierarchies, ++ delegatable, ++ must_copy_string(DEFAULT_CGROUP_MOUNTPOINT), ++ move_ptr(base_cgroup), ++ CGROUP2_SUPER_MAGIC); + if (unprivileged) + cg_unified_delegate(&new->cgroup2_chown); + diff -Nru lxc-4.0.2/debian/patches/0021-cgroups-detect-and-record-cgroup2-freezer-support.patch lxc-4.0.6/debian/patches/0021-cgroups-detect-and-record-cgroup2-freezer-support.patch --- lxc-4.0.2/debian/patches/0021-cgroups-detect-and-record-cgroup2-freezer-support.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0021-cgroups-detect-and-record-cgroup2-freezer-support.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,86 @@ +From ccde1379646dbf101a61c7fee60ee2caef1efb33 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 15:28:39 +0100 +Subject: cgroups: detect and record cgroup2 freezer support + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 43 +++++++++++++++++++++++++++++++++++----- + src/lxc/cgroups/cgroup.h | 1 + + 2 files changed, 39 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 4ccbd9c19..19210935b 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -157,12 +157,24 @@ static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *contr + return ops->hierarchies[i]; + + continue; +- } else if (pure_unified_layout(ops) && +- strcmp(controller, "devices") == 0) { +- if (ops->unified->bpf_device_controller) +- return ops->unified; ++ } + +- break; ++ /* ++ * Handle controllers with significant implementation changes ++ * from cgroup to cgroup2. ++ */ ++ if (pure_unified_layout(ops)) { ++ if (strcmp(controller, "devices") == 0) { ++ if (ops->unified->bpf_device_controller) ++ return ops->unified; ++ ++ break; ++ } else if (strcmp(controller, "freezer") == 0) { ++ if (ops->unified->freezer_controller) ++ return ops->unified; ++ ++ break; ++ } + } + + if (string_in_list(ops->hierarchies[i]->controllers, controller)) +@@ -1652,6 +1664,27 @@ __cgfsng_ops static void cgfsng_payload_finalize(struct cgroup_ops *ops) + if (!is_unified_hierarchy(h)) + close_prot_errno_disarm(h->cgfd_con); + } ++ ++ /* ++ * The checking for freezer support should obviously be done at cgroup ++ * initialization time but that doesn't work reliable. The freezer ++ * controller has been demoted (rightly so) to a simple file located in ++ * each non-root cgroup. At the time when the container is created we ++ * might still be located in /sys/fs/cgroup and so checking for ++ * cgroup.freeze won't tell us anything because this file doesn't exist ++ * in the root cgroup. We could then iterate through /sys/fs/cgroup and ++ * find an already existing cgroup and then check within that cgroup ++ * for the existence of cgroup.freeze but that will only work on ++ * systemd based hosts. Other init systems might not manage cgroups and ++ * so no cgroup will exist. So we defer until we have created cgroups ++ * for our container which means we check here. ++ */ ++ if (pure_unified_layout(ops) && ++ !faccessat(ops->unified->cgfd_con, "cgroup.freeze", F_OK, ++ AT_SYMLINK_NOFOLLOW)) { ++ TRACE("Unified hierarchy supports freezer"); ++ ops->unified->freezer_controller = 1; ++ } + } + + /* cgroup-full:* is done, no need to create subdirs */ +diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h +index b8a4d0f5b..7d95dfd35 100644 +--- a/src/lxc/cgroups/cgroup.h ++++ b/src/lxc/cgroups/cgroup.h +@@ -89,6 +89,7 @@ struct hierarchy { + + /* cgroup2 only */ + unsigned int bpf_device_controller:1; ++ unsigned int freezer_controller:1; + + /* container cgroup fd */ + int cgfd_con; diff -Nru lxc-4.0.2/debian/patches/0022-criu-handle-cgroup2-freezer.patch lxc-4.0.6/debian/patches/0022-criu-handle-cgroup2-freezer.patch --- lxc-4.0.2/debian/patches/0022-criu-handle-cgroup2-freezer.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0022-criu-handle-cgroup2-freezer.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,26 @@ +From 4a017fbf5bc69a77fa0365f31bc5b7767acd1c19 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Tue, 26 Jan 2021 15:58:41 +0100 +Subject: criu: handle cgroup2 freezer + +Signed-off-by: Christian Brauner +--- + src/lxc/criu.c | 5 ++++- + 1 file changed, 4 insertions(+), 1 deletion(-) + +diff --git a/src/lxc/criu.c b/src/lxc/criu.c +index 31961d0f0..f3dd6531e 100644 +--- a/src/lxc/criu.c ++++ b/src/lxc/criu.c +@@ -404,7 +404,10 @@ static void exec_criu(struct cgroup_ops *cgroup_ops, struct lxc_conf *conf, + goto err; + } + +- ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/freezer/%s", freezer_relative); ++ if (pure_unified_layout(cgroup_ops)) ++ ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/%s", freezer_relative); ++ else ++ ret = snprintf(log, sizeof(log), "/sys/fs/cgroup/freezer/%s", freezer_relative); + if (ret < 0 || ret >= sizeof(log)) + goto err; + diff -Nru lxc-4.0.2/debian/patches/0023-mkdir-p-proc-sys-on-container-startup.patch lxc-4.0.6/debian/patches/0023-mkdir-p-proc-sys-on-container-startup.patch --- lxc-4.0.2/debian/patches/0023-mkdir-p-proc-sys-on-container-startup.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0023-mkdir-p-proc-sys-on-container-startup.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,125 @@ +From 2ff13520e60312170f650efb6c817b1890923b98 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= +Date: Tue, 26 Jan 2021 20:35:29 +0200 +Subject: mkdir -p /proc /sys on container startup +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +some containers don't have it, and strange things happen. + +Signed-off-by: Motiejus Jakštys +--- + src/lxc/conf.c | 19 +++++++++++++++- + src/tests/Makefile.am | 2 ++ + src/tests/lxc-test-procsys | 44 ++++++++++++++++++++++++++++++++++++++ + 3 files changed, 64 insertions(+), 1 deletion(-) + create mode 100755 src/tests/lxc-test-procsys + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index e0f2dfc47..ae2db4be5 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -3277,6 +3277,24 @@ int lxc_setup(struct lxc_handler *handler) + if (ret < 0) + return log_error(-1, "Failed to setup rootfs"); + ++ /* Create mountpoints for /proc and /sys. */ ++ char path[PATH_MAX]; ++ char *rootfs_path = lxc_conf->rootfs.path ? lxc_conf->rootfs.mount : ""; ++ ++ ret = snprintf(path, sizeof(path), "%s/proc", rootfs_path); ++ if (ret < 0 || (size_t)ret >= sizeof(path)) ++ return log_error(-1, "Path to /proc too long"); ++ ret = mkdir(path, 0755); ++ if (ret < 0 && errno != EEXIST) ++ return log_error_errno(-1, errno, "Failed to create \"/proc\" directory"); ++ ++ ret = snprintf(path, sizeof(path), "%s/sys", rootfs_path); ++ if (ret < 0 || (size_t)ret >= sizeof(path)) ++ return log_error(-1, "Path to /sys too long"); ++ ret = mkdir(path, 0755); ++ if (ret < 0 && errno != EEXIST) ++ return log_error_errno(-1, errno, "Failed to create \"/sys\" directory"); ++ + if (handler->nsfd[LXC_NS_UTS] == -EBADF) { + ret = setup_utsname(lxc_conf->utsname); + if (ret < 0) +@@ -3343,7 +3361,6 @@ int lxc_setup(struct lxc_handler *handler) + if (lxc_conf->is_execute) { + if (execveat_supported()) { + int fd; +- char path[PATH_MAX]; + + ret = snprintf(path, PATH_MAX, SBINDIR "/init.lxc.static"); + if (ret < 0 || ret >= PATH_MAX) +diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am +index dc7e4820e..0e90ce50f 100644 +--- a/src/tests/Makefile.am ++++ b/src/tests/Makefile.am +@@ -620,6 +620,7 @@ bin_SCRIPTS += lxc-test-automount \ + lxc-test-exit-code \ + lxc-test-no-new-privs \ + lxc-test-rootfs \ ++ lxc-test-procsys \ + lxc-test-usernsexec + + if DISTRO_UBUNTU +@@ -658,6 +659,7 @@ EXTRA_DIST = basic.c \ + lxc-test-lxc-attach \ + lxc-test-automount \ + lxc-test-rootfs \ ++ lxc-test-procsys \ + lxc-test-autostart \ + lxc-test-apparmor-mount \ + lxc-test-apparmor-generated \ +diff --git a/src/tests/lxc-test-procsys b/src/tests/lxc-test-procsys +new file mode 100755 +index 000000000..5e48bbeda +--- /dev/null ++++ b/src/tests/lxc-test-procsys +@@ -0,0 +1,44 @@ ++#!/bin/bash ++ ++# lxc: linux Container library ++ ++# Authors: ++# Motiejus Jakštys ++# ++# Ensure that when /proc and/or /sys do not exist in the container, ++# it is started successfully anyway. ++ ++# This library is free software; you can redistribute it and/or ++# modify it under the terms of the GNU Lesser General Public ++# License as published by the Free Software Foundation; either ++# version 2.1 of the License, or (at your option) any later version. ++ ++# This library is distributed in the hope that it will be useful, ++# but WITHOUT ANY WARRANTY; without even the implied warranty of ++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++# Lesser General Public License for more details. ++ ++# You should have received a copy of the GNU Lesser General Public ++# License along with this library; if not, write to the Free Software ++# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA ++ ++set -ex ++FAIL() { ++ echo -n "Failed " >&2 ++ echo "$*" >&2 ++ lxc-destroy -n lxc-test-procsys -f ++ exit 1 ++} ++ ++lxc-destroy -n lxc-test-procsys -f || : ++lxc-create -t busybox -n lxc-test-procsys ++rmdir /var/lib/lxc/lxc-test-procsys/rootfs/{proc,sys} ++ ++lxc-start -n lxc-test-procsys ++lxc-wait -n lxc-test-procsys -s RUNNING || FAIL "waiting for busybox container to run" ++ ++lxc-attach -n lxc-test-procsys -- sh -c 'test -f /proc/version' || FAIL "/proc/version not found" ++lxc-attach -n lxc-test-procsys -- sh -c 'test -d /sys/fs' || FAIL "/sys/fs not found" ++ ++lxc-destroy -n lxc-test-procsys -f ++exit 0 diff -Nru lxc-4.0.2/debian/patches/0024-conf-fix-coding-style.patch lxc-4.0.6/debian/patches/0024-conf-fix-coding-style.patch --- lxc-4.0.2/debian/patches/0024-conf-fix-coding-style.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0024-conf-fix-coding-style.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,62 @@ +From be05d13d07ae6cf56d8aac76a605e5ad7ae21997 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 16:10:24 +0100 +Subject: conf: fix coding style + +Signed-off-by: Christian Brauner +--- + src/lxc/conf.c | 12 +++++++----- + 1 file changed, 7 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index ae2db4be5..2d8bd23c5 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -639,8 +639,10 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL, false }, + { 0, 0, NULL, NULL, NULL, 0, NULL, false } + }; ++ struct lxc_rootfs *rootfs = &conf->rootfs; ++ bool has_cap_net_admin; + +- bool has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); ++ has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); + for (i = 0; default_mounts[i].match_mask; i++) { + __do_free char *destination = NULL, *source = NULL; + int saved_errno; +@@ -650,7 +652,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + + if (default_mounts[i].source) { + /* will act like strdup if %r is not present */ +- source = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].source); ++ source = lxc_string_replace("%r", rootfs->path ? rootfs->mount : "", default_mounts[i].source); + if (!source) + return -1; + } +@@ -664,7 +666,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + } + + /* will act like strdup if %r is not present */ +- destination = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].destination); ++ destination = lxc_string_replace("%r", rootfs->path ? rootfs->mount : "", default_mounts[i].destination); + if (!destination) + return -1; + +@@ -672,7 +674,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + default_mounts[i].flags); + r = safe_mount(source, destination, default_mounts[i].fstype, + mflags, default_mounts[i].options, +- conf->rootfs.path ? conf->rootfs.mount : NULL); ++ rootfs->path ? rootfs->mount : NULL); + saved_errno = errno; + if (r < 0 && errno == ENOENT) { + INFO("Mount source or target for \"%s\" on \"%s\" does not exist. Skipping", source, destination); +@@ -720,7 +722,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + + if (!handler->cgroup_ops->mount(handler->cgroup_ops, + handler, +- conf->rootfs.path ? conf->rootfs.mount : "", ++ rootfs->path ? rootfs->mount : "", + cg_flags)) + return log_error_errno(-1, errno, "Failed to mount \"/sys/fs/cgroup\""); + } diff -Nru lxc-4.0.2/debian/patches/0025-conf-coding-style-fixes.patch lxc-4.0.6/debian/patches/0025-conf-coding-style-fixes.patch --- lxc-4.0.2/debian/patches/0025-conf-coding-style-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0025-conf-coding-style-fixes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,58 @@ +From aa14ab31438b2ef8ce14aa67068d71f3aa4817ae Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 16:46:22 +0100 +Subject: conf: coding style fixes + +Signed-off-by: Christian Brauner +--- + src/lxc/conf.c | 18 +++++++++--------- + 1 file changed, 9 insertions(+), 9 deletions(-) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index 2d8bd23c5..86ec3a663 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -597,7 +597,7 @@ static int add_shmount_to_list(struct lxc_conf *conf) + + static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_handler *handler) + { +- int i, r; ++ int i, ret; + static struct { + int match_mask; + int match_flag; +@@ -672,18 +672,18 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + + mflags = add_required_remount_flags(source, destination, + default_mounts[i].flags); +- r = safe_mount(source, destination, default_mounts[i].fstype, +- mflags, default_mounts[i].options, +- rootfs->path ? rootfs->mount : NULL); ++ ret = safe_mount(source, destination, default_mounts[i].fstype, ++ mflags, default_mounts[i].options, ++ rootfs->path ? rootfs->mount : NULL); + saved_errno = errno; +- if (r < 0 && errno == ENOENT) { ++ if (ret < 0 && errno == ENOENT) { + INFO("Mount source or target for \"%s\" on \"%s\" does not exist. Skipping", source, destination); +- r = 0; +- } else if (r < 0) { ++ ret = 0; ++ } else if (ret < 0) { + SYSERROR("Failed to mount \"%s\" on \"%s\" with flags %lu", source, destination, mflags); + } + +- if (r < 0) { ++ if (ret < 0) { + errno = saved_errno; + return -1; + } +@@ -728,7 +728,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + } + + if (flags & LXC_AUTO_SHMOUNTS_MASK) { +- int ret = add_shmount_to_list(conf); ++ ret = add_shmount_to_list(conf); + if (ret < 0) + return log_error(-1, "Failed to add shmount entry to container config"); + } diff -Nru lxc-4.0.2/debian/patches/0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch lxc-4.0.6/debian/patches/0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch --- lxc-4.0.2/debian/patches/0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,79 @@ +From 7f82d188e37a3c5ed128676116906eb66fb1f1c7 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 16:46:56 +0100 +Subject: conf: move proc and sys mountpoint creation int + lxc_mount_auto_mounts() + +Fixes: 493e00b68da4 ("mkdir -p /proc /sys on container startup") +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/conf.c | 37 +++++++++++++++++-------------------- + 1 file changed, 17 insertions(+), 20 deletions(-) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index 86ec3a663..d91536e20 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -642,6 +642,20 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + struct lxc_rootfs *rootfs = &conf->rootfs; + bool has_cap_net_admin; + ++ if (flags & LXC_AUTO_PROC_MASK) { ++ ret = mkdirat(rootfs->mntpt_fd, "proc" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); ++ if (ret < 0 && errno != EEXIST) ++ return log_error_errno(-errno, errno, ++ "Failed to create proc mountpoint under %d", rootfs->mntpt_fd); ++ } ++ ++ if (flags & LXC_AUTO_SYS_MASK) { ++ ret = mkdirat(rootfs->mntpt_fd, "sys" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); ++ if (ret < 0 && errno != EEXIST) ++ return log_error_errno(-errno, errno, ++ "Failed to create sysfs mountpoint under %d", rootfs->mntpt_fd); ++ } ++ + has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); + for (i = 0; default_mounts[i].match_mask; i++) { + __do_free char *destination = NULL, *source = NULL; +@@ -3279,24 +3293,6 @@ int lxc_setup(struct lxc_handler *handler) + if (ret < 0) + return log_error(-1, "Failed to setup rootfs"); + +- /* Create mountpoints for /proc and /sys. */ +- char path[PATH_MAX]; +- char *rootfs_path = lxc_conf->rootfs.path ? lxc_conf->rootfs.mount : ""; +- +- ret = snprintf(path, sizeof(path), "%s/proc", rootfs_path); +- if (ret < 0 || (size_t)ret >= sizeof(path)) +- return log_error(-1, "Path to /proc too long"); +- ret = mkdir(path, 0755); +- if (ret < 0 && errno != EEXIST) +- return log_error_errno(-1, errno, "Failed to create \"/proc\" directory"); +- +- ret = snprintf(path, sizeof(path), "%s/sys", rootfs_path); +- if (ret < 0 || (size_t)ret >= sizeof(path)) +- return log_error(-1, "Path to /sys too long"); +- ret = mkdir(path, 0755); +- if (ret < 0 && errno != EEXIST) +- return log_error_errno(-1, errno, "Failed to create \"/sys\" directory"); +- + if (handler->nsfd[LXC_NS_UTS] == -EBADF) { + ret = setup_utsname(lxc_conf->utsname); + if (ret < 0) +@@ -3363,12 +3359,13 @@ int lxc_setup(struct lxc_handler *handler) + if (lxc_conf->is_execute) { + if (execveat_supported()) { + int fd; ++ char path[STRLITERALLEN(SBINDIR) + STRLITERALLEN("/init.lxc.static") + 1]; + +- ret = snprintf(path, PATH_MAX, SBINDIR "/init.lxc.static"); ++ ret = snprintf(path, sizeof(path), SBINDIR "/init.lxc.static"); + if (ret < 0 || ret >= PATH_MAX) + return log_error(-1, "Path to init.lxc.static too long"); + +- fd = open(path, O_PATH | O_CLOEXEC); ++ fd = open(path, O_NOCTTY | O_NOFOLLOW | O_CLOEXEC | O_PATH); + if (fd < 0) + return log_error_errno(-1, errno, "Unable to open lxc.init.static"); + diff -Nru lxc-4.0.2/debian/patches/0027-attach-invert-child-parent-handling.patch lxc-4.0.6/debian/patches/0027-attach-invert-child-parent-handling.patch --- lxc-4.0.2/debian/patches/0027-attach-invert-child-parent-handling.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0027-attach-invert-child-parent-handling.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,509 @@ +From fab11f75745d66704b0a4a3f27c604af03c18a9d Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:24:57 +0100 +Subject: attach: invert child/parent handling + +This makes it more consistent with th rest of the shared library. + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 418 +++++++++++++++++++++++------------------------ + 1 file changed, 209 insertions(+), 209 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index befa1580e..93e16c6b1 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -958,6 +958,9 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + struct lxc_conf *conf; + char *name, *lxcpath; + struct attach_clone_payload payload = {0}; ++ int ret_parent = -1; ++ pid_t to_cleanup_pid; ++ struct lxc_epoll_descr descr = {0}; + + ret = access("/proc/self/ns", X_OK); + if (ret) +@@ -1151,275 +1154,272 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + return -1; + } + +- if (pid) { +- int ret_parent = -1; +- pid_t to_cleanup_pid = pid; +- struct lxc_epoll_descr descr = {0}; +- ++ if (pid == 0) { + /* close unneeded file descriptors */ +- close(ipc_sockets[1]); +- free(cwd); +- lxc_proc_close_ns_fd(init_ctx); +- if (options->attach_flags & LXC_ATTACH_TERMINAL) +- lxc_attach_terminal_close_pts(&terminal); +- +- /* Attach to cgroup, if requested. */ +- if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) { +- /* +- * If this is the unified hierarchy cgroup_attach() is +- * enough. +- */ +- ret = cgroup_attach(conf, name, lxcpath, pid); +- if (ret) { +- call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL; +- +- cgroup_ops = cgroup_init(conf); +- if (!cgroup_ops) +- goto on_error; ++ close_prot_errno_disarm(ipc_sockets[0]); + +- if (!cgroup_ops->attach(cgroup_ops, conf, name, lxcpath, pid)) +- goto on_error; +- } +- TRACE("Moved intermediate process %d into container's cgroups", pid); ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) { ++ lxc_attach_terminal_close_ptx(&terminal); ++ lxc_attach_terminal_close_peer(&terminal); ++ lxc_attach_terminal_close_log(&terminal); + } + +- /* Setup /proc limits */ +- if (!lxc_list_empty(&conf->procs)) { +- ret = setup_proc_filesystem(&conf->procs, pid); +- if (ret < 0) +- goto on_error; ++ /* Wait for the parent to have setup cgroups. */ ++ ret = lxc_read_nointr(ipc_sockets[1], &status, sizeof(status)); ++ if (ret != sizeof(status)) { ++ shutdown(ipc_sockets[1], SHUT_RDWR); ++ lxc_proc_put_context_info(init_ctx); ++ _exit(EXIT_FAILURE); + } + +- /* Setup resource limits */ +- if (!lxc_list_empty(&conf->limits)) { +- ret = setup_resource_limits(&conf->limits, pid); +- if (ret < 0) +- goto on_error; ++ TRACE("Intermediate process starting to initialize"); ++ ++ /* Attach now, create another subprocess later, since pid namespaces ++ * only really affect the children of the current process. ++ */ ++ ret = lxc_attach_to_ns(init_pid, init_ctx); ++ if (ret < 0) { ++ ERROR("Failed to enter namespaces"); ++ shutdown(ipc_sockets[1], SHUT_RDWR); ++ lxc_proc_put_context_info(init_ctx); ++ _exit(EXIT_FAILURE); + } + +- if (options->attach_flags & LXC_ATTACH_TERMINAL) { +- ret = lxc_attach_terminal_mainloop_init(&terminal, &descr); +- if (ret < 0) +- goto on_error; ++ /* close namespace file descriptors */ ++ lxc_proc_close_ns_fd(init_ctx); + +- TRACE("Initialized terminal mainloop"); ++ /* Attach succeeded, try to cwd. */ ++ if (options->initial_cwd) ++ new_cwd = options->initial_cwd; ++ else ++ new_cwd = cwd; ++ if (new_cwd) { ++ ret = chdir(new_cwd); ++ if (ret < 0) ++ WARN("Could not change directory to \"%s\"", new_cwd); + } ++ free(cwd); + +- /* Let the child process know to go ahead. */ +- status = 0; +- ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status)); +- if (ret != sizeof(status)) +- goto close_mainloop; +- +- TRACE("Told intermediate process to start initializing"); ++ /* Create attached process. */ ++ payload.ipc_socket = ipc_sockets[1]; ++ payload.options = options; ++ payload.init_ctx = init_ctx; ++ payload.terminal_pts_fd = terminal.pty; ++ payload.exec_function = exec_function; ++ payload.exec_payload = exec_payload; ++ ++ pid = lxc_raw_clone(CLONE_PARENT, NULL); ++ if (pid < 0) { ++ SYSERROR("Failed to clone attached process"); ++ shutdown(ipc_sockets[1], SHUT_RDWR); ++ lxc_proc_put_context_info(init_ctx); ++ _exit(EXIT_FAILURE); ++ } + +- /* Get pid of attached process from intermediate process. */ +- ret = lxc_read_nointr(ipc_sockets[0], &attached_pid, sizeof(attached_pid)); +- if (ret != sizeof(attached_pid)) +- goto close_mainloop; ++ if (pid == 0) { ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) { ++ ret = lxc_terminal_signal_sigmask_safe_blocked(&terminal); ++ if (ret < 0) { ++ SYSERROR("Failed to reset signal mask"); ++ _exit(EXIT_FAILURE); ++ } ++ } + +- TRACE("Received pid %d of attached process in parent pid namespace", attached_pid); ++ ret = attach_child_main(&payload); ++ if (ret < 0) ++ ERROR("Failed to exec"); + +- /* Ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-\) - issue #313. */ +- if (options->stdin_fd == 0) { +- signal(SIGINT, SIG_IGN); +- signal(SIGQUIT, SIG_IGN); ++ _exit(EXIT_FAILURE); + } + +- /* Reap intermediate process. */ +- ret = wait_for_pid(pid); +- if (ret < 0) +- goto close_mainloop; ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) ++ lxc_attach_terminal_close_pts(&terminal); + +- TRACE("Intermediate process %d exited", pid); ++ /* Tell grandparent the pid of the pid of the newly created child. */ ++ ret = lxc_write_nointr(ipc_sockets[1], &pid, sizeof(pid)); ++ if (ret != sizeof(pid)) { ++ /* If this really happens here, this is very unfortunate, since ++ * the parent will not know the pid of the attached process and ++ * will not be able to wait for it (and we won't either due to ++ * CLONE_PARENT) so the parent won't be able to reap it and the ++ * attached process will remain a zombie. ++ */ ++ shutdown(ipc_sockets[1], SHUT_RDWR); ++ lxc_proc_put_context_info(init_ctx); ++ _exit(EXIT_FAILURE); ++ } + +- /* We will always have to reap the attached process now. */ +- to_cleanup_pid = attached_pid; ++ TRACE("Sending pid %d of attached process", pid); + +- /* Open LSM fd and send it to child. */ +- if ((options->namespaces & CLONE_NEWNS) && +- (options->attach_flags & LXC_ATTACH_LSM) && +- init_ctx->lsm_label) { +- int labelfd; +- bool on_exec; ++ /* The rest is in the hands of the initial and the attached process. */ ++ lxc_proc_put_context_info(init_ctx); ++ _exit(EXIT_SUCCESS); ++ } + +- ret = -1; +- on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? true : false; +- labelfd = init_ctx->lsm_ops->process_label_fd_get(init_ctx->lsm_ops, +- attached_pid, on_exec); +- if (labelfd < 0) +- goto close_mainloop; ++ to_cleanup_pid = pid; + +- TRACE("Opened LSM label file descriptor %d", labelfd); ++ /* close unneeded file descriptors */ ++ close(ipc_sockets[1]); ++ free(cwd); ++ lxc_proc_close_ns_fd(init_ctx); ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) ++ lxc_attach_terminal_close_pts(&terminal); + +- /* Send child fd of the LSM security module to write to. */ +- ret = lxc_abstract_unix_send_fds(ipc_sockets[0], &labelfd, 1, NULL, 0); +- if (ret <= 0) { +- if (ret < 0) +- SYSERROR("Failed to send lsm label fd"); ++ /* Attach to cgroup, if requested. */ ++ if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) { ++ /* ++ * If this is the unified hierarchy cgroup_attach() is ++ * enough. ++ */ ++ ret = cgroup_attach(conf, name, lxcpath, pid); ++ if (ret) { ++ call_cleaner(cgroup_exit) struct cgroup_ops *cgroup_ops = NULL; + +- close(labelfd); +- goto close_mainloop; +- } ++ cgroup_ops = cgroup_init(conf); ++ if (!cgroup_ops) ++ goto on_error; + +- close(labelfd); +- TRACE("Sent LSM label file descriptor %d to child", labelfd); ++ if (!cgroup_ops->attach(cgroup_ops, conf, name, lxcpath, pid)) ++ goto on_error; + } ++ TRACE("Moved intermediate process %d into container's cgroups", pid); ++ } + +- if (conf->seccomp.seccomp) { +- ret = lxc_seccomp_recv_notifier_fd(&conf->seccomp, ipc_sockets[0]); +- if (ret < 0) +- goto close_mainloop; ++ /* Setup /proc limits */ ++ if (!lxc_list_empty(&conf->procs)) { ++ ret = setup_proc_filesystem(&conf->procs, pid); ++ if (ret < 0) ++ goto on_error; ++ } + +- ret = lxc_seccomp_add_notifier(name, lxcpath, &conf->seccomp); +- if (ret < 0) +- goto close_mainloop; +- } ++ /* Setup resource limits */ ++ if (!lxc_list_empty(&conf->limits)) { ++ ret = setup_resource_limits(&conf->limits, pid); ++ if (ret < 0) ++ goto on_error; ++ } + +- /* We're done, the child process should now execute whatever it +- * is that the user requested. The parent can now track it with +- * waitpid() or similar. +- */ ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) { ++ ret = lxc_attach_terminal_mainloop_init(&terminal, &descr); ++ if (ret < 0) ++ goto on_error; + +- *attached_process = attached_pid; ++ TRACE("Initialized terminal mainloop"); ++ } + +- /* Now shut down communication with child, we're done. */ +- shutdown(ipc_sockets[0], SHUT_RDWR); +- close(ipc_sockets[0]); +- ipc_sockets[0] = -1; ++ /* Let the child process know to go ahead. */ ++ status = 0; ++ ret = lxc_write_nointr(ipc_sockets[0], &status, sizeof(status)); ++ if (ret != sizeof(status)) ++ goto close_mainloop; + +- ret_parent = 0; +- to_cleanup_pid = -1; ++ TRACE("Told intermediate process to start initializing"); + +- if (options->attach_flags & LXC_ATTACH_TERMINAL) { +- ret = lxc_mainloop(&descr, -1); +- if (ret < 0) { +- ret_parent = -1; +- to_cleanup_pid = attached_pid; +- } +- } ++ /* Get pid of attached process from intermediate process. */ ++ ret = lxc_read_nointr(ipc_sockets[0], &attached_pid, sizeof(attached_pid)); ++ if (ret != sizeof(attached_pid)) ++ goto close_mainloop; + +- close_mainloop: +- if (options->attach_flags & LXC_ATTACH_TERMINAL) +- lxc_mainloop_close(&descr); ++ TRACE("Received pid %d of attached process in parent pid namespace", attached_pid); + +- on_error: +- if (ipc_sockets[0] >= 0) { +- shutdown(ipc_sockets[0], SHUT_RDWR); +- close(ipc_sockets[0]); +- } ++ /* Ignore SIGKILL (CTRL-C) and SIGQUIT (CTRL-\) - issue #313. */ ++ if (options->stdin_fd == 0) { ++ signal(SIGINT, SIG_IGN); ++ signal(SIGQUIT, SIG_IGN); ++ } + +- if (to_cleanup_pid > 0) +- (void)wait_for_pid(to_cleanup_pid); ++ /* Reap intermediate process. */ ++ ret = wait_for_pid(pid); ++ if (ret < 0) ++ goto close_mainloop; + +- if (options->attach_flags & LXC_ATTACH_TERMINAL) { +- lxc_terminal_delete(&terminal); +- lxc_terminal_conf_free(&terminal); +- } ++ TRACE("Intermediate process %d exited", pid); + +- lxc_proc_put_context_info(init_ctx); +- return ret_parent; +- } ++ /* We will always have to reap the attached process now. */ ++ to_cleanup_pid = attached_pid; + +- /* close unneeded file descriptors */ +- close_prot_errno_disarm(ipc_sockets[0]); ++ /* Open LSM fd and send it to child. */ ++ if ((options->namespaces & CLONE_NEWNS) && ++ (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) { ++ int labelfd; ++ bool on_exec; + +- if (options->attach_flags & LXC_ATTACH_TERMINAL) { +- lxc_attach_terminal_close_ptx(&terminal); +- lxc_attach_terminal_close_peer(&terminal); +- lxc_attach_terminal_close_log(&terminal); +- } ++ ret = -1; ++ on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? true : false; ++ labelfd = init_ctx->lsm_ops->process_label_fd_get(init_ctx->lsm_ops, ++ attached_pid, on_exec); ++ if (labelfd < 0) ++ goto close_mainloop; + +- /* Wait for the parent to have setup cgroups. */ +- ret = lxc_read_nointr(ipc_sockets[1], &status, sizeof(status)); +- if (ret != sizeof(status)) { +- shutdown(ipc_sockets[1], SHUT_RDWR); +- lxc_proc_put_context_info(init_ctx); +- _exit(EXIT_FAILURE); +- } ++ TRACE("Opened LSM label file descriptor %d", labelfd); + +- TRACE("Intermediate process starting to initialize"); ++ /* Send child fd of the LSM security module to write to. */ ++ ret = lxc_abstract_unix_send_fds(ipc_sockets[0], &labelfd, 1, NULL, 0); ++ if (ret <= 0) { ++ if (ret < 0) ++ SYSERROR("Failed to send lsm label fd"); + +- /* Attach now, create another subprocess later, since pid namespaces +- * only really affect the children of the current process. +- */ +- ret = lxc_attach_to_ns(init_pid, init_ctx); +- if (ret < 0) { +- ERROR("Failed to enter namespaces"); +- shutdown(ipc_sockets[1], SHUT_RDWR); +- lxc_proc_put_context_info(init_ctx); +- _exit(EXIT_FAILURE); ++ close(labelfd); ++ goto close_mainloop; ++ } ++ ++ close(labelfd); ++ TRACE("Sent LSM label file descriptor %d to child", labelfd); + } + +- /* close namespace file descriptors */ +- lxc_proc_close_ns_fd(init_ctx); ++ if (conf->seccomp.seccomp) { ++ ret = lxc_seccomp_recv_notifier_fd(&conf->seccomp, ipc_sockets[0]); ++ if (ret < 0) ++ goto close_mainloop; + +- /* Attach succeeded, try to cwd. */ +- if (options->initial_cwd) +- new_cwd = options->initial_cwd; +- else +- new_cwd = cwd; +- if (new_cwd) { +- ret = chdir(new_cwd); ++ ret = lxc_seccomp_add_notifier(name, lxcpath, &conf->seccomp); + if (ret < 0) +- WARN("Could not change directory to \"%s\"", new_cwd); ++ goto close_mainloop; + } +- free(cwd); + +- /* Create attached process. */ +- payload.ipc_socket = ipc_sockets[1]; +- payload.options = options; +- payload.init_ctx = init_ctx; +- payload.terminal_pts_fd = terminal.pty; +- payload.exec_function = exec_function; +- payload.exec_payload = exec_payload; ++ /* We're done, the child process should now execute whatever it ++ * is that the user requested. The parent can now track it with ++ * waitpid() or similar. ++ */ + +- pid = lxc_raw_clone(CLONE_PARENT, NULL); +- if (pid < 0) { +- SYSERROR("Failed to clone attached process"); +- shutdown(ipc_sockets[1], SHUT_RDWR); +- lxc_proc_put_context_info(init_ctx); +- _exit(EXIT_FAILURE); +- } ++ *attached_process = attached_pid; + +- if (pid == 0) { +- if (options->attach_flags & LXC_ATTACH_TERMINAL) { +- ret = lxc_terminal_signal_sigmask_safe_blocked(&terminal); +- if (ret < 0) { +- SYSERROR("Failed to reset signal mask"); +- _exit(EXIT_FAILURE); +- } +- } ++ /* Now shut down communication with child, we're done. */ ++ shutdown(ipc_sockets[0], SHUT_RDWR); ++ close(ipc_sockets[0]); ++ ipc_sockets[0] = -1; + +- ret = attach_child_main(&payload); +- if (ret < 0) +- ERROR("Failed to exec"); ++ ret_parent = 0; ++ to_cleanup_pid = -1; + +- _exit(EXIT_FAILURE); ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) { ++ ret = lxc_mainloop(&descr, -1); ++ if (ret < 0) { ++ ret_parent = -1; ++ to_cleanup_pid = attached_pid; ++ } + } + ++close_mainloop: + if (options->attach_flags & LXC_ATTACH_TERMINAL) +- lxc_attach_terminal_close_pts(&terminal); ++ lxc_mainloop_close(&descr); + +- /* Tell grandparent the pid of the pid of the newly created child. */ +- ret = lxc_write_nointr(ipc_sockets[1], &pid, sizeof(pid)); +- if (ret != sizeof(pid)) { +- /* If this really happens here, this is very unfortunate, since +- * the parent will not know the pid of the attached process and +- * will not be able to wait for it (and we won't either due to +- * CLONE_PARENT) so the parent won't be able to reap it and the +- * attached process will remain a zombie. +- */ +- shutdown(ipc_sockets[1], SHUT_RDWR); +- lxc_proc_put_context_info(init_ctx); +- _exit(EXIT_FAILURE); ++on_error: ++ if (ipc_sockets[0] >= 0) { ++ shutdown(ipc_sockets[0], SHUT_RDWR); ++ close(ipc_sockets[0]); + } + +- TRACE("Sending pid %d of attached process", pid); ++ if (to_cleanup_pid > 0) ++ (void)wait_for_pid(to_cleanup_pid); ++ ++ if (options->attach_flags & LXC_ATTACH_TERMINAL) { ++ lxc_terminal_delete(&terminal); ++ lxc_terminal_conf_free(&terminal); ++ } + +- /* The rest is in the hands of the initial and the attached process. */ + lxc_proc_put_context_info(init_ctx); +- _exit(EXIT_SUCCESS); ++ return ret_parent; + } + + int lxc_attach_run_command(void *payload) diff -Nru lxc-4.0.2/debian/patches/0028-attach-use-__do_free-cleanup-macro-for-cwd.patch lxc-4.0.6/debian/patches/0028-attach-use-__do_free-cleanup-macro-for-cwd.patch --- lxc-4.0.2/debian/patches/0028-attach-use-__do_free-cleanup-macro-for-cwd.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0028-attach-use-__do_free-cleanup-macro-for-cwd.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,87 @@ +From 16eef78ed44b9ca951bb0450f6b1eb1672584c9e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:28:35 +0100 +Subject: attach: use __do_free cleanup macro for cwd + +but still yield memory immediately once we're done with it to not have it lying +around while the parent process is around. + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 11 +++-------- + 1 file changed, 3 insertions(+), 8 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 93e16c6b1..480e7cf6e 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -948,9 +948,10 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + void *exec_payload, lxc_attach_options_t *options, + pid_t *attached_process) + { ++ __do_free char *cwd = NULL; + int i, ret, status; + int ipc_sockets[2]; +- char *cwd, *new_cwd; ++ char *new_cwd; + signed long personality; + pid_t attached_pid, init_pid, pid; + struct lxc_proc_context_info *init_ctx; +@@ -1029,7 +1030,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + if (options->namespaces == -1) { + ERROR("Failed to automatically determine the " + "namespaces which the container uses"); +- free(cwd); + lxc_proc_put_context_info(init_ctx); + return -1; + } +@@ -1079,7 +1079,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + for (j = 0; j < i; j++) + close(init_ctx->ns_fd[j]); + +- free(cwd); + lxc_proc_put_context_info(init_ctx); + return -1; + } +@@ -1088,7 +1087,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + ret = lxc_attach_terminal(name, lxcpath, conf, &terminal); + if (ret < 0) { + ERROR("Failed to setup new terminal"); +- free(cwd); + lxc_proc_put_context_info(init_ctx); + return -1; + } +@@ -1134,7 +1132,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, ipc_sockets); + if (ret < 0) { + SYSERROR("Could not set up required IPC mechanism for attaching"); +- free(cwd); + lxc_proc_put_context_info(init_ctx); + return -1; + } +@@ -1149,7 +1146,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + pid = fork(); + if (pid < 0) { + SYSERROR("Failed to create first subprocess"); +- free(cwd); + lxc_proc_put_context_info(init_ctx); + return -1; + } +@@ -1198,7 +1194,6 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + if (ret < 0) + WARN("Could not change directory to \"%s\"", new_cwd); + } +- free(cwd); + + /* Create attached process. */ + payload.ipc_socket = ipc_sockets[1]; +@@ -1260,7 +1255,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + + /* close unneeded file descriptors */ + close(ipc_sockets[1]); +- free(cwd); ++ free_disarm(cwd); + lxc_proc_close_ns_fd(init_ctx); + if (options->attach_flags & LXC_ATTACH_TERMINAL) + lxc_attach_terminal_close_pts(&terminal); diff -Nru lxc-4.0.2/debian/patches/0029-attach-tweak-logging.patch lxc-4.0.6/debian/patches/0029-attach-tweak-logging.patch --- lxc-4.0.2/debian/patches/0029-attach-tweak-logging.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0029-attach-tweak-logging.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 28221ff43d82b22a20be2157b62f462743389a8d Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:35:06 +0100 +Subject: attach: tweak logging + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 480e7cf6e..b9b721642 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -1285,6 +1285,8 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + ret = setup_proc_filesystem(&conf->procs, pid); + if (ret < 0) + goto on_error; ++ ++ TRACE("Setup /proc/%d settings", pid); + } + + /* Setup resource limits */ +@@ -1292,6 +1294,8 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + ret = setup_resource_limits(&conf->limits, pid); + if (ret < 0) + goto on_error; ++ ++ TRACE("Setup resource limits"); + } + + if (options->attach_flags & LXC_ATTACH_TERMINAL) { diff -Nru lxc-4.0.2/debian/patches/0030-attach-use-__do_close-for-labelfd.patch lxc-4.0.6/debian/patches/0030-attach-use-__do_close-for-labelfd.patch --- lxc-4.0.2/debian/patches/0030-attach-use-__do_close-for-labelfd.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0030-attach-use-__do_close-for-labelfd.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,37 @@ +From e547429e6d87f99c34c2781867098c51696751b1 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:37:42 +0100 +Subject: attach: use __do_close for labelfd + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 5 +---- + 1 file changed, 1 insertion(+), 4 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index b9b721642..3409a2091 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -1340,7 +1340,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + /* Open LSM fd and send it to child. */ + if ((options->namespaces & CLONE_NEWNS) && + (options->attach_flags & LXC_ATTACH_LSM) && init_ctx->lsm_label) { +- int labelfd; ++ __do_close int labelfd = -EBADF; + bool on_exec; + + ret = -1; +@@ -1357,12 +1357,9 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + if (ret <= 0) { + if (ret < 0) + SYSERROR("Failed to send lsm label fd"); +- +- close(labelfd); + goto close_mainloop; + } + +- close(labelfd); + TRACE("Sent LSM label file descriptor %d to child", labelfd); + } + diff -Nru lxc-4.0.2/debian/patches/0031-attach-coding-style-fixes.patch lxc-4.0.6/debian/patches/0031-attach-coding-style-fixes.patch --- lxc-4.0.2/debian/patches/0031-attach-coding-style-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0031-attach-coding-style-fixes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 3fa28c88c77fd5db119b1d7e5b47482914e6a1fb Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:39:35 +0100 +Subject: attach: coding style fixes + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 10 +++++----- + 1 file changed, 5 insertions(+), 5 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 3409a2091..7e5b4601b 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -1196,12 +1196,12 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + } + + /* Create attached process. */ +- payload.ipc_socket = ipc_sockets[1]; +- payload.options = options; +- payload.init_ctx = init_ctx; ++ payload.ipc_socket = ipc_sockets[1]; ++ payload.options = options; ++ payload.init_ctx = init_ctx; + payload.terminal_pts_fd = terminal.pty; +- payload.exec_function = exec_function; +- payload.exec_payload = exec_payload; ++ payload.exec_function = exec_function; ++ payload.exec_payload = exec_payload; + + pid = lxc_raw_clone(CLONE_PARENT, NULL); + if (pid < 0) { diff -Nru lxc-4.0.2/debian/patches/0032-attach-use-free_disarm.patch lxc-4.0.6/debian/patches/0032-attach-use-free_disarm.patch --- lxc-4.0.2/debian/patches/0032-attach-use-free_disarm.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0032-attach-use-free_disarm.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,25 @@ +From b5a8b35c36f2ecb7cfb414f23615609612826c25 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:42:21 +0100 +Subject: attach: use free_disarm() + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 7e5b4601b..861d2583c 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -109,8 +109,7 @@ static inline void lxc_proc_close_ns_fd(struct lxc_proc_context_info *ctx) + + static void lxc_proc_put_context_info(struct lxc_proc_context_info *ctx) + { +- free(ctx->lsm_label); +- ctx->lsm_label = NULL; ++ free_disarm(ctx->lsm_label); + + if (ctx->container) { + lxc_container_put(ctx->container); diff -Nru lxc-4.0.2/debian/patches/0033-attach-s-attach_child_main-do_attach-g.patch lxc-4.0.6/debian/patches/0033-attach-s-attach_child_main-do_attach-g.patch --- lxc-4.0.2/debian/patches/0033-attach-s-attach_child_main-do_attach-g.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0033-attach-s-attach_child_main-do_attach-g.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 3559cf7eeaffccded90ac0e7a5b36429b7251a63 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:47:46 +0100 +Subject: attach: s/attach_child_main/do_attach/g + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 861d2583c..fb3a3f791 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -644,7 +644,7 @@ static void lxc_put_attach_clone_payload(struct attach_clone_payload *p) + } + } + +-static int attach_child_main(struct attach_clone_payload *payload) ++static int do_attach(struct attach_clone_payload *payload) + { + int lsm_fd, ret; + uid_t new_uid; +@@ -1219,7 +1219,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + } + } + +- ret = attach_child_main(&payload); ++ ret = do_attach(&payload); + if (ret < 0) + ERROR("Failed to exec"); + diff -Nru lxc-4.0.2/debian/patches/0034-attach-mark-do_attach-as-__noreturn.patch lxc-4.0.6/debian/patches/0034-attach-mark-do_attach-as-__noreturn.patch --- lxc-4.0.2/debian/patches/0034-attach-mark-do_attach-as-__noreturn.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0034-attach-mark-do_attach-as-__noreturn.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,24 @@ +From 070825b0ab0860382abe645415d73370e9d754c8 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:48:41 +0100 +Subject: attach: mark do_attach() as __noreturn + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index fb3a3f791..e9b34d3e6 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -644,7 +644,7 @@ static void lxc_put_attach_clone_payload(struct attach_clone_payload *p) + } + } + +-static int do_attach(struct attach_clone_payload *payload) ++__noreturn static int do_attach(struct attach_clone_payload *payload) + { + int lsm_fd, ret; + uid_t new_uid; diff -Nru lxc-4.0.2/debian/patches/0035-attach-make-do_attach-void.patch lxc-4.0.6/debian/patches/0035-attach-make-do_attach-void.patch --- lxc-4.0.2/debian/patches/0035-attach-make-do_attach-void.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0035-attach-make-do_attach-void.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,45 @@ +From f969cb18e854c5c254354a88f41150540ed8ce0e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:51:20 +0100 +Subject: attach: make do_attach() void + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 9 +++------ + 1 file changed, 3 insertions(+), 6 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index e9b34d3e6..ebc3526c7 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -644,7 +644,7 @@ static void lxc_put_attach_clone_payload(struct attach_clone_payload *p) + } + } + +-__noreturn static int do_attach(struct attach_clone_payload *payload) ++__noreturn static void do_attach(struct attach_clone_payload *payload) + { + int lsm_fd, ret; + uid_t new_uid; +@@ -888,6 +888,7 @@ __noreturn static int do_attach(struct attach_clone_payload *payload) + + on_error: + lxc_put_attach_clone_payload(payload); ++ ERROR("Failed to attach to container"); + _exit(EXIT_FAILURE); + } + +@@ -1219,11 +1220,7 @@ int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + } + } + +- ret = do_attach(&payload); +- if (ret < 0) +- ERROR("Failed to exec"); +- +- _exit(EXIT_FAILURE); ++ do_attach(&payload); + } + + if (options->attach_flags & LXC_ATTACH_TERMINAL) diff -Nru lxc-4.0.2/debian/patches/0036-attach-use-close_prot_errno_disarm.patch lxc-4.0.6/debian/patches/0036-attach-use-close_prot_errno_disarm.patch --- lxc-4.0.2/debian/patches/0036-attach-use-close_prot_errno_disarm.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0036-attach-use-close_prot_errno_disarm.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,25 @@ +From cf25ee166e2c5adbdd60378104d2d846a11be39a Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:52:08 +0100 +Subject: attach: use close_prot_errno_disarm() + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index ebc3526c7..2be9fba02 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -813,8 +813,7 @@ __noreturn static void do_attach(struct attach_clone_payload *payload) + goto on_error; + } + +- close(payload->ipc_socket); +- payload->ipc_socket = -EBADF; ++ close_prot_errno_disarm(payload->ipc_socket); + lxc_proc_put_context_info(init_ctx); + payload->init_ctx = NULL; + diff -Nru lxc-4.0.2/debian/patches/0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch lxc-4.0.6/debian/patches/0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch --- lxc-4.0.2/debian/patches/0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,35 @@ +From 36b681d56d3d9aeb8b3c1b6dd0751040142a0525 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 27 Jan 2021 20:55:02 +0100 +Subject: attach: add some DEBUG() logging to stdfd dpulication + +Cc: stable-4.0 +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 9 ++++++--- + 1 file changed, 6 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 2be9fba02..bdf6da21f 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -827,13 +827,16 @@ __noreturn static void do_attach(struct attach_clone_payload *payload) + * may want to make sure the fds are closed, for example. + */ + if (options->stdin_fd >= 0 && options->stdin_fd != STDIN_FILENO) +- (void)dup2(options->stdin_fd, STDIN_FILENO); ++ if (dup2(options->stdin_fd, STDIN_FILENO)) ++ DEBUG("Failed to replace stdin with %d", options->stdin_fd); + + if (options->stdout_fd >= 0 && options->stdout_fd != STDOUT_FILENO) +- (void)dup2(options->stdout_fd, STDOUT_FILENO); ++ if (dup2(options->stdout_fd, STDOUT_FILENO)) ++ DEBUG("Failed to replace stdout with %d", options->stdin_fd); + + if (options->stderr_fd >= 0 && options->stderr_fd != STDERR_FILENO) +- (void)dup2(options->stderr_fd, STDERR_FILENO); ++ if (dup2(options->stderr_fd, STDERR_FILENO)) ++ DEBUG("Failed to replace stderr with %d", options->stdin_fd); + + /* close the old fds */ + if (options->stdin_fd > STDERR_FILENO) diff -Nru lxc-4.0.2/debian/patches/0038-cgroups-fix-cgroup-mounting.patch lxc-4.0.6/debian/patches/0038-cgroups-fix-cgroup-mounting.patch --- lxc-4.0.2/debian/patches/0038-cgroups-fix-cgroup-mounting.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0038-cgroups-fix-cgroup-mounting.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,220 @@ +From 0fcbd01041ce292f60de9a4dc81e762a6c78b41e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 4 Feb 2021 12:20:05 +0100 +Subject: cgroups: fix cgroup mounting + +Fixes: #3640 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 21 +++++++-------- + src/lxc/cgroups/cgroup.h | 3 +-- + src/lxc/conf.c | 5 +--- + src/lxc/syscall_wrappers.h | 19 ++++++++++++++ + src/lxc/utils.c | 52 ++++++++++++++++++++++++++++++++++++++ + src/lxc/utils.h | 4 +++ + 6 files changed, 88 insertions(+), 16 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 19210935b..528cf0414 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -44,6 +44,7 @@ + #include "mainloop.h" + #include "memory_utils.h" + #include "storage/storage.h" ++#include "syscall_wrappers.h" + #include "utils.h" + + #ifndef HAVE_STRLCPY +@@ -1801,11 +1802,12 @@ static inline int cg_mount_cgroup_full(int type, struct hierarchy *h, + } + + __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, +- struct lxc_handler *handler, +- const char *root, int type) ++ struct lxc_conf *conf, int type) + { + __do_free char *cgroup_root = NULL; + bool has_cgns = false, wants_force_mount = false; ++ struct lxc_rootfs *rootfs = &conf->rootfs; ++ const char *root = rootfs->path ? rootfs->mount : ""; + int ret; + + if (!ops) +@@ -1814,7 +1816,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, + if (!ops->hierarchies) + return true; + +- if (!handler || !handler->conf) ++ if (!conf) + return ret_set_errno(false, EINVAL); + + if ((type & LXC_AUTO_CGROUP_MASK) == 0) +@@ -1826,7 +1828,7 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, + } + + if (!wants_force_mount) { +- wants_force_mount = !lxc_wants_cap(CAP_SYS_ADMIN, handler->conf); ++ wants_force_mount = !lxc_wants_cap(CAP_SYS_ADMIN, conf); + + /* + * Most recent distro versions currently have init system that +@@ -1870,16 +1872,15 @@ __cgfsng_ops static bool cgfsng_mount(struct cgroup_ops *ops, + * relying on RESOLVE_BENEATH so we need to skip the leading "/" in the + * DEFAULT_CGROUP_MOUNTPOINT define. + */ +- ret = safe_mount_beneath(root, NULL, +- DEFAULT_CGROUP_MOUNTPOINT_RELATIVE, +- "tmpfs", +- MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, +- "size=10240k,mode=755"); ++ ret = mount_at(rootfs->mntpt_fd, NULL, DEFAULT_CGROUP_MOUNTPOINT_RELATIVE, ++ PROTECT_OPATH_DIRECTORY, PROTECT_LOOKUP_BENEATH_XDEV, ++ "tmpfs", MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, ++ "size=10240k,mode=755"); + if (ret < 0) { + if (errno != ENOSYS) + return log_error_errno(false, errno, + "Failed to mount tmpfs on %s", +- DEFAULT_CGROUP_MOUNTPOINT); ++ DEFAULT_CGROUP_MOUNTPOINT_RELATIVE); + + ret = safe_mount(NULL, cgroup_root, "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, +diff --git a/src/lxc/cgroups/cgroup.h b/src/lxc/cgroups/cgroup.h +index 7d95dfd35..603ea9022 100644 +--- a/src/lxc/cgroups/cgroup.h ++++ b/src/lxc/cgroups/cgroup.h +@@ -172,8 +172,7 @@ struct cgroup_ops { + bool (*chown)(struct cgroup_ops *ops, struct lxc_conf *conf); + bool (*attach)(struct cgroup_ops *ops, const struct lxc_conf *conf, + const char *name, const char *lxcpath, pid_t pid); +- bool (*mount)(struct cgroup_ops *ops, struct lxc_handler *handler, +- const char *root, int type); ++ bool (*mount)(struct cgroup_ops *ops, struct lxc_conf *conf, int type); + bool (*devices_activate)(struct cgroup_ops *ops, + struct lxc_handler *handler); + bool (*monitor_delegate_controllers)(struct cgroup_ops *ops); +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index d91536e20..af2271962 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -734,10 +734,7 @@ static int lxc_mount_auto_mounts(struct lxc_conf *conf, int flags, struct lxc_ha + if (flags & LXC_AUTO_CGROUP_FORCE) + cg_flags |= LXC_AUTO_CGROUP_FORCE; + +- if (!handler->cgroup_ops->mount(handler->cgroup_ops, +- handler, +- rootfs->path ? rootfs->mount : "", +- cg_flags)) ++ if (!handler->cgroup_ops->mount(handler->cgroup_ops, conf, cg_flags)) + return log_error_errno(-1, errno, "Failed to mount \"/sys/fs/cgroup\""); + } + +diff --git a/src/lxc/syscall_wrappers.h b/src/lxc/syscall_wrappers.h +index 37aa76c28..26574002b 100644 +--- a/src/lxc/syscall_wrappers.h ++++ b/src/lxc/syscall_wrappers.h +@@ -254,6 +254,25 @@ struct lxc_open_how { + (similar to chroot(2)). */ + #endif + ++#define PROTECT_LOOKUP_BENEATH (RESOLVE_BENEATH | RESOLVE_NO_XDEV | RESOLVE_NO_MAGICLINKS | RESOLVE_NO_SYMLINKS) ++#define PROTECT_LOOKUP_BENEATH_WITH_SYMLINKS (PROTECT_LOOKUP_BENEATH & ~RESOLVE_NO_SYMLINKS) ++#define PROTECT_LOOKUP_BENEATH_WITH_MAGICLINKS (PROTECT_LOOKUP_BENEATH & ~(RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS)) ++#define PROTECT_LOOKUP_BENEATH_XDEV (PROTECT_LOOKUP_BENEATH & ~RESOLVE_NO_XDEV) ++ ++#define PROTECT_LOOKUP_ABSOLUTE (PROTECT_LOOKUP_BENEATH & ~RESOLVE_BENEATH) ++#define PROTECT_LOOKUP_ABSOLUTE_WITH_SYMLINKS (PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_SYMLINKS) ++#define PROTECT_LOOKUP_ABSOLUTE_WITH_MAGICLINKS (PROTECT_LOOKUP_ABSOLUTE & ~(RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS)) ++#define PROTECT_LOOKUP_ABSOLUTE_XDEV (PROTECT_LOOKUP_ABSOLUTE & ~RESOLVE_NO_XDEV) ++ ++#define PROTECT_OPATH_FILE (O_NOFOLLOW | O_PATH | O_CLOEXEC) ++#define PROTECT_OPATH_DIRECTORY (PROTECT_OPATH_FILE | O_DIRECTORY) ++ ++#define PROTECT_OPEN_WITH_TRAILING_SYMLINKS (O_CLOEXEC | O_NOCTTY | O_RDONLY) ++#define PROTECT_OPEN (PROTECT_OPEN_WITH_TRAILING_SYMLINKS | O_NOFOLLOW) ++ ++#define PROTECT_OPEN_W_WITH_TRAILING_SYMLINKS (O_CLOEXEC | O_NOCTTY | O_WRONLY) ++#define PROTECT_OPEN_W (PROTECT_OPEN_WITH_TRAILING_SYMLINKS | O_NOFOLLOW) ++ + #ifndef HAVE_OPENAT2 + static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size) + { +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index a5508ef8f..f960c1ee2 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -1208,6 +1208,58 @@ int safe_mount(const char *src, const char *dest, const char *fstype, + return 0; + } + ++int mount_at(int dfd, ++ const char *src_under_dfd, ++ const char *dst_under_dfd, ++ __u64 o_flags, ++ __u64 resolve_flags, ++ const char *fstype, ++ unsigned int mnt_flags, ++ const void *data) ++{ ++ __do_close int source_fd = -EBADF, target_fd = -EBADF; ++ struct lxc_open_how how = { ++ .flags = o_flags, ++ .resolve = resolve_flags, ++ }; ++ int ret; ++ char src_buf[LXC_PROC_PID_FD_LEN], dst_buf[LXC_PROC_PID_FD_LEN]; ++ ++ if (dfd < 0) ++ return ret_errno(EINVAL); ++ ++ if (!is_empty_string(src_buf) && *src_buf == '/') ++ return log_error_errno(-EINVAL, EINVAL, "Absolute path specified"); ++ ++ if (is_empty_string(dst_under_dfd)) ++ return log_error_errno(-EINVAL, EINVAL, "No target path specified"); ++ ++ if (!is_empty_string(src_under_dfd)) { ++ source_fd = openat2(dfd, src_under_dfd, &how, sizeof(how)); ++ if (source_fd < 0) ++ return -errno; ++ ++ ret = snprintf(src_buf, sizeof(src_buf), "/proc/self/fd/%d", source_fd); ++ if (ret < 0 || ret >= sizeof(src_buf)) ++ return -EIO; ++ } ++ ++ target_fd = openat2(dfd, dst_under_dfd, &how, sizeof(how)); ++ if (target_fd < 0) ++ return log_error_errno(-errno, errno, "Failed to open %d(%s)", dfd, dst_under_dfd); ++ ++ ret = snprintf(dst_buf, sizeof(dst_buf), "/proc/self/fd/%d", target_fd); ++ if (ret < 0 || ret >= sizeof(dst_buf)) ++ return -EIO; ++ ++ if (!is_empty_string(src_buf)) ++ ret = mount(src_under_dfd, dst_buf, fstype, mnt_flags, data); ++ else ++ ret = mount(NULL, dst_buf, fstype, mnt_flags, data); ++ ++ return ret; ++} ++ + /* + * Mount a proc under @rootfs if proc self points to a pid other than + * my own. This is needed to have a known-good proc mount for setting +diff --git a/src/lxc/utils.h b/src/lxc/utils.h +index bebbcb64e..41044f5d2 100644 +--- a/src/lxc/utils.h ++++ b/src/lxc/utils.h +@@ -243,5 +243,9 @@ __hidden extern int safe_mount_beneath(const char *beneath, const char *src, con + const char *fstype, unsigned int flags, const void *data); + __hidden extern int safe_mount_beneath_at(int beneat_fd, const char *src, const char *dst, + const char *fstype, unsigned int flags, const void *data); ++__hidden extern int mount_at(int dfd, const char *src_under_dfd, ++ const char *dst_under_dfd, __u64 o_flags, ++ __u64 resolve_flags, const char *fstype, ++ unsigned int mnt_flags, const void *data); + + #endif /* __LXC_UTILS_H */ diff -Nru lxc-4.0.2/debian/patches/0039-utils-fix-mount_at.patch lxc-4.0.6/debian/patches/0039-utils-fix-mount_at.patch --- lxc-4.0.2/debian/patches/0039-utils-fix-mount_at.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0039-utils-fix-mount_at.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,23 @@ +From 5ee4b1bf5c9f1d72a1ec207529dea5a5b7373fb5 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Thu, 4 Feb 2021 16:10:03 +0100 +Subject: utils: fix mount_at() + +Signed-off-by: Christian Brauner +--- + src/lxc/utils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index f960c1ee2..c48be5004 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -1253,7 +1253,7 @@ int mount_at(int dfd, + return -EIO; + + if (!is_empty_string(src_buf)) +- ret = mount(src_under_dfd, dst_buf, fstype, mnt_flags, data); ++ ret = mount(src_buf, dst_buf, fstype, mnt_flags, data); + else + ret = mount(NULL, dst_buf, fstype, mnt_flags, data); + diff -Nru lxc-4.0.2/debian/patches/0040-configure-fix-static-builds-with-clang-12-and-LTO.patch lxc-4.0.6/debian/patches/0040-configure-fix-static-builds-with-clang-12-and-LTO.patch --- lxc-4.0.2/debian/patches/0040-configure-fix-static-builds-with-clang-12-and-LTO.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0040-configure-fix-static-builds-with-clang-12-and-LTO.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,44 @@ +From 866afafa8812824999fa1207b87c37f2f50773cd Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Fri, 29 Jan 2021 13:04:58 +0100 +Subject: configure: fix static builds with clang-12 and LTO + +Signed-off-by: Christian Brauner +--- + configure.ac | 16 ++++++++++++---- + 1 file changed, 12 insertions(+), 4 deletions(-) + +diff --git a/configure.ac b/configure.ac +index e4ae1766d..e20720cca 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -61,6 +61,18 @@ if test "x$valid_compiler" = "xno"; then + AC_MSG_ERROR([Sorry, your compiler is too old - please upgrade it]) + fi + ++AC_PROG_GCC_TRADITIONAL ++AC_ENABLE_SHARED ++AC_ENABLE_STATIC ++# Check binaries ++AC_PROG_SED ++case $CC in clang*) ++ AC_CHECK_TOOL([AR], llvm-ar) ++ AC_CHECK_TOOL([NM], llvm-nm) ++ AC_CHECK_TOOL([OBJCOPY], llvm-objcopy) ++ AC_CHECK_TOOL([RANLIB], llvm-ranlib) ++esac ++ + # libtool + LT_INIT + AC_SUBST([LIBTOOL_DEPS]) +@@ -731,10 +743,6 @@ AC_CHECK_TYPES([struct rtnl_link_stats64], [], [], [[#include ] + AX_PTHREAD + AC_SEARCH_LIBS(clock_gettime, [rt]) + +-# Check for some standard binaries +-AC_PROG_GCC_TRADITIONAL +-AC_PROG_SED +- + # See if we support thread-local storage. + LXC_CHECK_TLS + diff -Nru lxc-4.0.2/debian/patches/0041-cgroups-bpf-fixes.patch lxc-4.0.6/debian/patches/0041-cgroups-bpf-fixes.patch --- lxc-4.0.2/debian/patches/0041-cgroups-bpf-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0041-cgroups-bpf-fixes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,263 @@ +From d855ac0e8299c77676cdbb463f84ee8b32c5d48f Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 00:17:14 +0100 +Subject: cgroups: bpf fixes + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 22 ++++----- + src/lxc/cgroups/cgroup2_devices.c | 74 ++++++++++++++++--------------- + 2 files changed, 50 insertions(+), 46 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 528cf0414..d4e5e8871 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -2963,12 +2963,12 @@ __cgfsng_ops static bool cgfsng_setup_limits(struct cgroup_ops *ops, + __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler) + { + #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX +- __do_bpf_program_free struct bpf_program *devices = NULL; ++ __do_bpf_program_free struct bpf_program *prog = NULL; + int ret; + struct lxc_conf *conf; + struct hierarchy *unified; + struct lxc_list *it; +- struct bpf_program *devices_old; ++ struct bpf_program *prog_old; + + if (!ops) + return ret_set_errno(false, ENOENT); +@@ -2988,18 +2988,18 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct + !unified->container_full_path || lxc_list_empty(&conf->devices)) + return true; + +- devices = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE); +- if (!devices) ++ prog = bpf_program_new(BPF_PROG_TYPE_CGROUP_DEVICE); ++ if (!prog) + return log_error_errno(false, ENOMEM, "Failed to create new bpf program"); + +- ret = bpf_program_init(devices); ++ ret = bpf_program_init(prog); + if (ret) + return log_error_errno(false, ENOMEM, "Failed to initialize bpf program"); + + lxc_list_for_each(it, &conf->devices) { + struct device_item *cur = it->elem; + +- ret = bpf_program_append_device(devices, cur); ++ ret = bpf_program_append_device(prog, cur); + if (ret) + return log_error_errno(false, ENOMEM, "Failed to add new rule to bpf device program: type %c, major %d, minor %d, access %s, allow %d, global_rule %d", + cur->type, +@@ -3017,20 +3017,20 @@ __cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct + cur->global_rule); + } + +- ret = bpf_program_finalize(devices); ++ ret = bpf_program_finalize(prog); + if (ret) + return log_error_errno(false, ENOMEM, "Failed to finalize bpf program"); + +- ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE, ++ ret = bpf_program_cgroup_attach(prog, BPF_CGROUP_DEVICE, + unified->container_limit_path, + BPF_F_ALLOW_MULTI); + if (ret) + return log_error_errno(false, ENOMEM, "Failed to attach bpf program"); + + /* Replace old bpf program. */ +- devices_old = move_ptr(ops->cgroup2_devices); +- ops->cgroup2_devices = move_ptr(devices); +- devices = move_ptr(devices_old); ++ prog_old = move_ptr(ops->cgroup2_devices); ++ ops->cgroup2_devices = move_ptr(prog); ++ prog = move_ptr(prog_old); + #endif + return true; + } +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index 54d333c3f..91b1ff6e3 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -179,7 +179,7 @@ struct bpf_program *bpf_program_new(uint32_t prog_type) + + prog = zalloc(sizeof(struct bpf_program)); + if (!prog) +- return NULL; ++ return ret_set_errno(NULL, ENOMEM); + + prog->prog_type = prog_type; + prog->kernel_fd = -EBADF; +@@ -194,19 +194,19 @@ struct bpf_program *bpf_program_new(uint32_t prog_type) + int bpf_program_init(struct bpf_program *prog) + { + const struct bpf_insn pre_insn[] = { +- /* load device type to r2 */ +- BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)), +- BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF), ++ /* load device type to r2 */ ++ BPF_LDX_MEM(BPF_W, BPF_REG_2, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)), ++ BPF_ALU32_IMM(BPF_AND, BPF_REG_2, 0xFFFF), + +- /* load access type to r3 */ +- BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)), +- BPF_ALU32_IMM(BPF_RSH, BPF_REG_3, 16), ++ /* load access type to r3 */ ++ BPF_LDX_MEM(BPF_W, BPF_REG_3, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, access_type)), ++ BPF_ALU32_IMM(BPF_RSH, BPF_REG_3, 16), + +- /* load major number to r4 */ +- BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, major)), ++ /* load major number to r4 */ ++ BPF_LDX_MEM(BPF_W, BPF_REG_4, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, major)), + +- /* load minor number to r5 */ +- BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, minor)), ++ /* load minor number to r5 */ ++ BPF_LDX_MEM(BPF_W, BPF_REG_5, BPF_REG_1, offsetof(struct bpf_cgroup_dev_ctx, minor)), + }; + + if (!prog) +@@ -253,9 +253,9 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi + + if (!bpf_device_all_access(access_mask)) { + struct bpf_insn ins[] = { +- BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), +- BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask), +- BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr--), ++ BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), ++ BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask), ++ BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr--), + }; + + ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); +@@ -265,7 +265,7 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi + + if (device_type > 0) { + struct bpf_insn ins[] = { +- BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--), ++ BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--), + }; + + ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); +@@ -275,7 +275,7 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi + + if (device->major >= 0) { + struct bpf_insn ins[] = { +- BPF_JMP_IMM(BPF_JNE, BPF_REG_4, device->major, jump_nr--), ++ BPF_JMP_IMM(BPF_JNE, BPF_REG_4, device->major, jump_nr--), + }; + + ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); +@@ -285,7 +285,7 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi + + if (device->minor >= 0) { + struct bpf_insn ins[] = { +- BPF_JMP_IMM(BPF_JNE, BPF_REG_5, device->minor, jump_nr--), ++ BPF_JMP_IMM(BPF_JNE, BPF_REG_5, device->minor, jump_nr--), + }; + + ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); +@@ -323,7 +323,7 @@ int bpf_program_finalize(struct bpf_program *prog) + static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, + __u32 log_size, __u32 log_level) + { +- union bpf_attr attr; ++ union bpf_attr *attr; + + if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf)) + return ret_errno(EINVAL); +@@ -333,7 +333,7 @@ static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, + return 0; + } + +- attr = (union bpf_attr){ ++ attr = &(union bpf_attr){ + .prog_type = prog->prog_type, + .insns = PTR_TO_UINT64(prog->instructions), + .insn_cnt = prog->n_instructions, +@@ -343,7 +343,7 @@ static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, + .log_size = log_size, + }; + +- prog->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr)); ++ prog->kernel_fd = bpf(BPF_PROG_LOAD, attr, sizeof(*attr)); + if (prog->kernel_fd < 0) + return log_error_errno(-1, errno, "Failed to load bpf program: %s", + log_buf ?: "(null)"); +@@ -357,7 +357,7 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type, + { + __do_close int fd = -EBADF; + __do_free char *copy = NULL; +- union bpf_attr attr; ++ union bpf_attr *attr; + int ret; + + if (!path || !prog) +@@ -389,14 +389,14 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type, + if (fd < 0) + return log_error_errno(-1, errno, "Failed to open cgroup path %s", path); + +- attr = (union bpf_attr){ +- .attach_type = type, +- .target_fd = fd, +- .attach_bpf_fd = prog->kernel_fd, +- .attach_flags = flags, ++ attr = &(union bpf_attr){ ++ .attach_type = type, ++ .target_fd = fd, ++ .attach_bpf_fd = prog->kernel_fd, ++ .attach_flags = flags, + }; + +- ret = bpf(BPF_PROG_ATTACH, &attr, sizeof(attr)); ++ ret = bpf(BPF_PROG_ATTACH, attr, sizeof(*attr)); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to attach bpf program"); + +@@ -425,15 +425,15 @@ int bpf_program_cgroup_detach(struct bpf_program *prog) + return log_error_errno(-1, errno, "Failed to open attach cgroup %s", + prog->attached_path); + } else { +- union bpf_attr attr; ++ union bpf_attr *attr; + +- attr = (union bpf_attr){ +- .attach_type = prog->attached_type, +- .target_fd = fd, +- .attach_bpf_fd = prog->kernel_fd, ++ attr = &(union bpf_attr){ ++ .attach_type = prog->attached_type, ++ .target_fd = fd, ++ .attach_bpf_fd = prog->kernel_fd, + }; + +- ret = bpf(BPF_PROG_DETACH, &attr, sizeof(attr)); ++ ret = bpf(BPF_PROG_DETACH, attr, sizeof(*attr)); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to detach bpf program from cgroup %s", + prog->attached_path); +@@ -523,8 +523,8 @@ bool bpf_devices_cgroup_supported(void) + { + __do_bpf_program_free struct bpf_program *prog = NULL; + const struct bpf_insn dummy[] = { +- BPF_MOV64_IMM(BPF_REG_0, 1), +- BPF_EXIT_INSN(), ++ BPF_MOV64_IMM(BPF_REG_0, 1), ++ BPF_EXIT_INSN(), + }; + int ret; + +@@ -536,6 +536,10 @@ bool bpf_devices_cgroup_supported(void) + if (!prog) + return log_trace(false, "Failed to allocate new bpf device cgroup program"); + ++ ret = bpf_program_init(prog); ++ if (ret) ++ return log_error_errno(false, ENOMEM, "Failed to initialize bpf program"); ++ + ret = bpf_program_add_instructions(prog, dummy, ARRAY_SIZE(dummy)); + if (ret < 0) + return log_trace(false, "Failed to add new instructions to bpf device cgroup program"); diff -Nru lxc-4.0.2/debian/patches/0042-croups-improve-__do_bpf_program_free.patch lxc-4.0.6/debian/patches/0042-croups-improve-__do_bpf_program_free.patch --- lxc-4.0.2/debian/patches/0042-croups-improve-__do_bpf_program_free.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0042-croups-improve-__do_bpf_program_free.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,58 @@ +From b371e5ab12bf211d10750db2d8e2ed3f4c6ac875 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 00:55:19 +0100 +Subject: croups: improve __do_bpf_program_free + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.h | 17 +++-------------- + 1 file changed, 3 insertions(+), 14 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.h b/src/lxc/cgroups/cgroup2_devices.h +index 04f493e02..2da101ab4 100644 +--- a/src/lxc/cgroups/cgroup2_devices.h ++++ b/src/lxc/cgroups/cgroup2_devices.h +@@ -19,6 +19,7 @@ + #include "compiler.h" + #include "conf.h" + #include "config.h" ++#include "memory_utils.h" + #include "syscall_numbers.h" + + #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX +@@ -65,14 +66,6 @@ __hidden extern void bpf_program_free(struct bpf_program *prog); + __hidden extern void bpf_device_program_free(struct cgroup_ops *ops); + __hidden extern bool bpf_devices_cgroup_supported(void); + +-static inline void __auto_bpf_program_free__(struct bpf_program **prog) +-{ +- if (*prog) { +- bpf_program_free(*prog); +- *prog = NULL; +- } +-} +- + __hidden extern int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device); + + #else /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ +@@ -129,10 +122,6 @@ static inline bool bpf_devices_cgroup_supported(void) + return false; + } + +-static inline void __auto_bpf_program_free__(struct bpf_program **prog) +-{ +-} +- + static inline int bpf_list_add_device(struct lxc_conf *conf, + struct device_item *device) + { +@@ -141,7 +130,7 @@ static inline int bpf_list_add_device(struct lxc_conf *conf, + } + #endif /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ + +-#define __do_bpf_program_free \ +- __attribute__((__cleanup__(__auto_bpf_program_free__))) ++define_cleanup_function(struct bpf_program *, bpf_program_free); ++#define __do_bpf_program_free call_cleaner(bpf_program_free) + + #endif /* __LXC_CGROUP2_DEVICES_H */ diff -Nru lxc-4.0.2/debian/patches/0043-cgroups-coding-style-fixes.patch lxc-4.0.6/debian/patches/0043-cgroups-coding-style-fixes.patch --- lxc-4.0.2/debian/patches/0043-cgroups-coding-style-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0043-cgroups-coding-style-fixes.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,27 @@ +From 65c90dc85459251ebf0c29509fc4fa4a99221c83 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 01:10:49 +0100 +Subject: cgroups: coding style fixes + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index 91b1ff6e3..26349bf8e 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -245,10 +245,10 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *devi + if (device_type > 0) + jump_nr++; + +- if (device->major != -1) ++ if (device->major >= 0) + jump_nr++; + +- if (device->minor != -1) ++ if (device->minor >= 0) + jump_nr++; + + if (!bpf_device_all_access(access_mask)) { diff -Nru lxc-4.0.2/debian/patches/0044-cgroups-don-t-initiliaze-NULL-log.patch lxc-4.0.6/debian/patches/0044-cgroups-don-t-initiliaze-NULL-log.patch --- lxc-4.0.2/debian/patches/0044-cgroups-don-t-initiliaze-NULL-log.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0044-cgroups-don-t-initiliaze-NULL-log.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,26 @@ +From 60a4dc8557a19be9421d0fe0cfe0ae49a3d30e11 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 02:07:00 +0100 +Subject: cgroups: don't initiliaze NULL log + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 4 +--- + 1 file changed, 1 insertion(+), 3 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index 26349bf8e..ef7d1ec9e 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -328,10 +328,8 @@ static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, + if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf)) + return ret_errno(EINVAL); + +- if (prog->kernel_fd >= 0) { +- memset(log_buf, 0, log_size); ++ if (prog->kernel_fd >= 0) + return 0; +- } + + attr = &(union bpf_attr){ + .prog_type = prog->prog_type, diff -Nru lxc-4.0.2/debian/patches/0045-cgroups-ensure-all-memory-is-zeroed.patch lxc-4.0.6/debian/patches/0045-cgroups-ensure-all-memory-is-zeroed.patch --- lxc-4.0.2/debian/patches/0045-cgroups-ensure-all-memory-is-zeroed.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0045-cgroups-ensure-all-memory-is-zeroed.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,25 @@ +From 7a82bd2d7dbf0a5673954a793dd7bf4b106bd3b3 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 02:07:21 +0100 +Subject: cgroups: ensure all memory is zeroed + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index ef7d1ec9e..657640b8b 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -52,8 +52,9 @@ static int bpf_program_add_instructions(struct bpf_program *prog, + new_insn = realloc(prog->instructions, sizeof(struct bpf_insn) * (count + prog->n_instructions)); + if (!new_insn) + return log_error_errno(-1, ENOMEM, "Failed to reallocate bpf cgroup program"); +- + prog->instructions = new_insn; ++ memset(prog->instructions + prog->n_instructions, 0, ++ sizeof(struct bpf_insn) * count); + memcpy(prog->instructions + prog->n_instructions, instructions, + sizeof(struct bpf_insn) * count); + prog->n_instructions += count; diff -Nru lxc-4.0.2/debian/patches/0046-cgroups-use-zalloc.patch lxc-4.0.6/debian/patches/0046-cgroups-use-zalloc.patch --- lxc-4.0.2/debian/patches/0046-cgroups-use-zalloc.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0046-cgroups-use-zalloc.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,27 @@ +From a380cc587be5821010d44653c7d0ee85d0d7b5ef Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 02:07:36 +0100 +Subject: cgroups: use zalloc + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index d4e5e8871..431a1337e 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -3438,11 +3438,10 @@ struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf) + { + __do_free struct cgroup_ops *cgfsng_ops = NULL; + +- cgfsng_ops = malloc(sizeof(struct cgroup_ops)); ++ cgfsng_ops = zalloc(sizeof(struct cgroup_ops)); + if (!cgfsng_ops) + return ret_set_errno(NULL, ENOMEM); + +- memset(cgfsng_ops, 0, sizeof(struct cgroup_ops)); + cgfsng_ops->cgroup_layout = CGROUP_LAYOUT_UNKNOWN; + + if (cg_init(cgfsng_ops, conf)) diff -Nru lxc-4.0.2/debian/patches/0047-cgroups-tweak-cgroup-initialization.patch lxc-4.0.6/debian/patches/0047-cgroups-tweak-cgroup-initialization.patch --- lxc-4.0.2/debian/patches/0047-cgroups-tweak-cgroup-initialization.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0047-cgroups-tweak-cgroup-initialization.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,57 @@ +From c30db4a3cff5fd9a676a9f99e35b15da6c23361b Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 02:14:00 +0100 +Subject: cgroups: tweak cgroup initialization + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 11 +++++++++-- + 1 file changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 431a1337e..1eef175b8 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -696,6 +696,8 @@ static struct hierarchy *add_hierarchy(struct hierarchy ***h, char **clist, char + int newentry; + + new = zalloc(sizeof(*new)); ++ if (!new) ++ return ret_set_errno(NULL, ENOMEM); + new->controllers = clist; + new->mountpoint = mountpoint; + new->container_base_path = container_base_path; +@@ -3283,6 +3285,8 @@ static int cg_hybrid_init(struct cgroup_ops *ops, bool relative, bool unprivileg + } + + new = add_hierarchy(&ops->hierarchies, move_ptr(controller_list), move_ptr(mountpoint), move_ptr(base_cgroup), type); ++ if (!new) ++ return log_error_errno(-1, errno, "Failed to add cgroup hierarchy"); + if (type == CGROUP2_SUPER_MAGIC && !ops->unified) { + if (unprivileged) + cg_unified_delegate(&new->cgroup2_chown); +@@ -3333,8 +3337,8 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative, + { + __do_close int cgroup_root_fd = -EBADF; + __do_free char *base_cgroup = NULL, *controllers_path = NULL; ++ __do_free_string_list char **delegatable; + int ret; +- char **delegatable; + struct hierarchy *new; + + ret = unified_cgroup_hierarchy(); +@@ -3375,10 +3379,13 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative, + */ + + new = add_hierarchy(&ops->hierarchies, +- delegatable, ++ move_ptr(delegatable), + must_copy_string(DEFAULT_CGROUP_MOUNTPOINT), + move_ptr(base_cgroup), + CGROUP2_SUPER_MAGIC); ++ if (!new) ++ return log_error_errno(-1, errno, "Failed to add unified cgroup hierarchy"); ++ + if (unprivileged) + cg_unified_delegate(&new->cgroup2_chown); + diff -Nru lxc-4.0.2/debian/patches/0048-log-remove-pointless-inline.patch lxc-4.0.6/debian/patches/0048-log-remove-pointless-inline.patch --- lxc-4.0.2/debian/patches/0048-log-remove-pointless-inline.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0048-log-remove-pointless-inline.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,23 @@ +From 0a155f47a871bdee0e57efddeccdaff8e55730a5 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 11:02:10 +0100 +Subject: log: remove pointless inline + +Signed-off-by: Christian Brauner +--- + src/lxc/log.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/log.c b/src/lxc/log.c +index 6c7574453..522a576ad 100644 +--- a/src/lxc/log.c ++++ b/src/lxc/log.c +@@ -762,7 +762,7 @@ int lxc_log_set_level(int *dest, int level) + return 0; + } + +-inline int lxc_log_get_level(void) ++int lxc_log_get_level(void) + { + return lxc_log_category_lxc.priority; + } diff -Nru lxc-4.0.2/debian/patches/0049-log-add-lxc_log_get_fd.patch lxc-4.0.6/debian/patches/0049-log-add-lxc_log_get_fd.patch --- lxc-4.0.2/debian/patches/0049-log-add-lxc_log_get_fd.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0049-log-add-lxc_log_get_fd.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,74 @@ +From 339fb330dd74a87a4224974ba224c683705006ed Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 11:07:43 +0100 +Subject: log: add lxc_log_get_fd() + +Signed-off-by: Christian Brauner +--- + src/lxc/log.c | 18 ++++++++++++++++-- + src/lxc/log.h | 3 ++- + 2 files changed, 18 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/log.c b/src/lxc/log.c +index 522a576ad..bc60083fe 100644 +--- a/src/lxc/log.c ++++ b/src/lxc/log.c +@@ -46,7 +46,7 @@ + int lxc_log_fd = -EBADF; + static bool wants_syslog = false; + static int lxc_quiet_specified; +-int lxc_log_use_global_fd; ++bool lxc_log_use_global_fd = false; + static int lxc_loglevel_specified; + + static char log_prefix[LXC_LOG_PREFIX_SIZE] = "lxc"; +@@ -92,6 +92,20 @@ static const char *lxc_log_get_container_name(void) + return log_vmname; + } + ++int lxc_log_get_fd(void) ++{ ++ int fd_log = -EBADF; ++ ++#ifndef NO_LXC_CONF ++ if (current_config && !lxc_log_use_global_fd) ++ fd_log = current_config->logfd; ++#endif ++ if (fd_log < 0) ++ fd_log = lxc_log_fd; ++ ++ return fd_log; ++} ++ + static char *lxc_log_get_va_msg(struct lxc_log_event *event) + { + __do_free char *msg = NULL; +@@ -659,7 +673,7 @@ int lxc_log_init(struct lxc_log *log) + if (ret < 0) + return log_error_errno(-1, errno, "Failed to enable logfile"); + +- lxc_log_use_global_fd = 1; ++ lxc_log_use_global_fd = true; + } else { + /* if no name was specified, there nothing to do */ + if (!log->name) +diff --git a/src/lxc/log.h b/src/lxc/log.h +index 0361db40f..68e87eb06 100644 +--- a/src/lxc/log.h ++++ b/src/lxc/log.h +@@ -85,7 +85,7 @@ struct lxc_log_category { + }; + + #ifndef NO_LXC_CONF +-extern int lxc_log_use_global_fd; ++extern bool lxc_log_use_global_fd; + #endif + + /* +@@ -574,5 +574,6 @@ __hidden extern const char *lxc_log_get_file(void); + __hidden extern void lxc_log_set_prefix(const char *prefix); + __hidden extern const char *lxc_log_get_prefix(void); + __hidden extern void lxc_log_options_no_override(void); ++__hidden extern int lxc_log_get_fd(void); + + #endif /* __LXC_LOG_H */ diff -Nru lxc-4.0.2/debian/patches/0050-seccomp-use-lxc_log_get_fd.patch lxc-4.0.6/debian/patches/0050-seccomp-use-lxc_log_get_fd.patch --- lxc-4.0.2/debian/patches/0050-seccomp-use-lxc_log_get_fd.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0050-seccomp-use-lxc_log_get_fd.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,23 @@ +From 00bd9e32cf68630980314105575449848dc6d91e Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 11:09:45 +0100 +Subject: seccomp: use lxc_log_get_fd() + +Signed-off-by: Christian Brauner +--- + src/lxc/seccomp.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c +index ba6811d90..9ea0ba9ab 100644 +--- a/src/lxc/seccomp.c ++++ b/src/lxc/seccomp.c +@@ -1262,7 +1262,7 @@ int lxc_seccomp_load(struct lxc_conf *conf) + #if HAVE_SCMP_FILTER_CTX + if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE || + conf->loglevel <= LXC_LOG_LEVEL_TRACE) && +- lxc_log_fd >= 0) { ++ lxc_log_get_fd() >= 0) { + ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, lxc_log_fd); + /* Just give an warning when export error */ + if (ret < 0) { diff -Nru lxc-4.0.2/debian/patches/0051-log-rework-lxc_log_get_level.patch lxc-4.0.6/debian/patches/0051-log-rework-lxc_log_get_level.patch --- lxc-4.0.2/debian/patches/0051-log-rework-lxc_log_get_level.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0051-log-rework-lxc_log_get_level.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,32 @@ +From 7f612e353361949de547bca1771b0128ed77785a Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 12:10:09 +0100 +Subject: log: rework lxc_log_get_level() + +Signed-off-by: Christian Brauner +--- + src/lxc/log.c | 11 ++++++++++- + 1 file changed, 10 insertions(+), 1 deletion(-) + +diff --git a/src/lxc/log.c b/src/lxc/log.c +index bc60083fe..7f1d5a861 100644 +--- a/src/lxc/log.c ++++ b/src/lxc/log.c +@@ -778,7 +778,16 @@ int lxc_log_set_level(int *dest, int level) + + int lxc_log_get_level(void) + { +- return lxc_log_category_lxc.priority; ++ int level = LXC_LOG_LEVEL_NOTSET; ++ ++#ifndef NO_LXC_CONF ++ if (current_config) ++ level = current_config->loglevel; ++#endif ++ if (level == LXC_LOG_LEVEL_NOTSET) ++ level = lxc_log_category_lxc.priority; ++ ++ return level; + } + + bool lxc_log_has_valid_level(void) diff -Nru lxc-4.0.2/debian/patches/0052-seccomp-use-lxc_log_get_level.patch lxc-4.0.6/debian/patches/0052-seccomp-use-lxc_log_get_level.patch --- lxc-4.0.2/debian/patches/0052-seccomp-use-lxc_log_get_level.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0052-seccomp-use-lxc_log_get_level.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,42 @@ +From c4b1e0b81fb7cd9e68f3af02c1756a84bba466ee Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 12:10:21 +0100 +Subject: seccomp: use lxc_log_get_level() + +This will now enable LXD users to dump the seccomp filter in the log when +logging at TRACE level. + +Signed-off-by: Christian Brauner +--- + src/lxc/seccomp.c | 18 ++++++++++-------- + 1 file changed, 10 insertions(+), 8 deletions(-) + +diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c +index 9ea0ba9ab..53614a496 100644 +--- a/src/lxc/seccomp.c ++++ b/src/lxc/seccomp.c +@@ -1260,14 +1260,16 @@ int lxc_seccomp_load(struct lxc_conf *conf) + /* After load seccomp filter into the kernel successfully, export the current seccomp + * filter to log file */ + #if HAVE_SCMP_FILTER_CTX +- if ((lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE || +- conf->loglevel <= LXC_LOG_LEVEL_TRACE) && +- lxc_log_get_fd() >= 0) { +- ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, lxc_log_fd); +- /* Just give an warning when export error */ +- if (ret < 0) { +- errno = -ret; +- SYSWARN("Failed to export seccomp filter to log file"); ++ if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) { ++ int fd_log; ++ ++ fd_log = lxc_log_get_fd(); ++ if (fd_log >= 0) { ++ ret = seccomp_export_pfc(conf->seccomp.seccomp_ctx, fd_log); ++ if (ret < 0) { ++ errno = -ret; ++ SYSWARN("Failed to export seccomp filter to log file"); ++ } + } + } + #endif diff -Nru lxc-4.0.2/debian/patches/0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch lxc-4.0.6/debian/patches/0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch --- lxc-4.0.2/debian/patches/0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,71 @@ +From 7266ed648f2eaf95f32f78ff791ff182edecbbdb Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 12:15:31 +0100 +Subject: cgroups: use bpf log when logging at trace level + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 23 ++++++++++++++++------- + 1 file changed, 16 insertions(+), 7 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index 657640b8b..21d560904 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -27,6 +27,7 @@ + + lxc_log_define(cgroup2_devices, cgroup); + ++#define BPF_LOG_BUF_SIZE (1 << 23) /* 8MB */ + #ifndef BPF_LOG_LEVEL1 + #define BPF_LOG_LEVEL1 1 + #endif +@@ -321,17 +322,25 @@ int bpf_program_finalize(struct bpf_program *prog) + return bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); + } + +-static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, +- __u32 log_size, __u32 log_level) ++static int bpf_program_load_kernel(struct bpf_program *prog) + { ++ __do_free char *log_buf = NULL; ++ __u32 log_level = 0, log_size = 0; + union bpf_attr *attr; + +- if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf)) +- return ret_errno(EINVAL); +- + if (prog->kernel_fd >= 0) + return 0; + ++ if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) { ++ log_buf = zalloc(BPF_LOG_BUF_SIZE); ++ if (!log_buf) { ++ WARN("Failed to allocate bpf log buffer"); ++ } else { ++ log_level = BPF_LOG_LEVEL; ++ log_size = BPF_LOG_BUF_SIZE; ++ } ++ } ++ + attr = &(union bpf_attr){ + .prog_type = prog->prog_type, + .insns = PTR_TO_UINT64(prog->instructions), +@@ -376,7 +385,7 @@ int bpf_program_cgroup_attach(struct bpf_program *prog, int type, + return true; + } + +- ret = bpf_program_load_kernel(prog, NULL, 0, 0); ++ ret = bpf_program_load_kernel(prog); + if (ret < 0) + return log_error_errno(-1, ret, "Failed to load bpf program"); + +@@ -543,7 +552,7 @@ bool bpf_devices_cgroup_supported(void) + if (ret < 0) + return log_trace(false, "Failed to add new instructions to bpf device cgroup program"); + +- ret = bpf_program_load_kernel(prog, NULL, 0, 0); ++ ret = bpf_program_load_kernel(prog); + if (ret < 0) + return log_trace(false, "Failed to load new bpf device cgroup program"); + diff -Nru lxc-4.0.2/debian/patches/0054-log-add-lxc_log_trace-helper.patch lxc-4.0.6/debian/patches/0054-log-add-lxc_log_trace-helper.patch --- lxc-4.0.2/debian/patches/0054-log-add-lxc_log_trace-helper.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0054-log-add-lxc_log_trace-helper.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,53 @@ +From 7fd9f76b00977e97fde0baeb2b363b877c754443 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 12:17:08 +0100 +Subject: log: add lxc_log_trace() helper + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 2 +- + src/lxc/log.h | 4 ++++ + src/lxc/seccomp.c | 2 +- + 3 files changed, 6 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index 21d560904..cd23b2c4e 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -331,7 +331,7 @@ static int bpf_program_load_kernel(struct bpf_program *prog) + if (prog->kernel_fd >= 0) + return 0; + +- if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + log_buf = zalloc(BPF_LOG_BUF_SIZE); + if (!log_buf) { + WARN("Failed to allocate bpf log buffer"); +diff --git a/src/lxc/log.h b/src/lxc/log.h +index 68e87eb06..e4081950e 100644 +--- a/src/lxc/log.h ++++ b/src/lxc/log.h +@@ -568,6 +568,10 @@ __hidden extern void lxc_log_syslog_enable(void); + __hidden extern void lxc_log_syslog_disable(void); + __hidden extern int lxc_log_set_level(int *dest, int level); + __hidden extern int lxc_log_get_level(void); ++static inline bool lxc_log_trace(void) ++{ ++ return lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE; ++} + __hidden extern bool lxc_log_has_valid_level(void); + __hidden extern int lxc_log_set_file(int *fd, const char *fname); + __hidden extern const char *lxc_log_get_file(void); +diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c +index 53614a496..94d33d26d 100644 +--- a/src/lxc/seccomp.c ++++ b/src/lxc/seccomp.c +@@ -1260,7 +1260,7 @@ int lxc_seccomp_load(struct lxc_conf *conf) + /* After load seccomp filter into the kernel successfully, export the current seccomp + * filter to log file */ + #if HAVE_SCMP_FILTER_CTX +- if (lxc_log_get_level() <= LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + int fd_log; + + fd_log = lxc_log_get_fd(); diff -Nru lxc-4.0.2/debian/patches/0055-cgroups-use-PTR_TO_U64.patch lxc-4.0.6/debian/patches/0055-cgroups-use-PTR_TO_U64.patch --- lxc-4.0.2/debian/patches/0055-cgroups-use-PTR_TO_U64.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0055-cgroups-use-PTR_TO_U64.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,43 @@ +From 1abec02b922af33b100c6dd2b74f0b37ddc98875 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 17:28:32 +0100 +Subject: cgroups: use PTR_TO_U64() + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgroup2_devices.c | 6 +++--- + src/lxc/macro.h | 3 ++- + 2 files changed, 5 insertions(+), 4 deletions(-) + +diff --git a/src/lxc/cgroups/cgroup2_devices.c b/src/lxc/cgroups/cgroup2_devices.c +index cd23b2c4e..faee4cc53 100644 +--- a/src/lxc/cgroups/cgroup2_devices.c ++++ b/src/lxc/cgroups/cgroup2_devices.c +@@ -343,10 +343,10 @@ static int bpf_program_load_kernel(struct bpf_program *prog) + + attr = &(union bpf_attr){ + .prog_type = prog->prog_type, +- .insns = PTR_TO_UINT64(prog->instructions), ++ .insns = PTR_TO_U64(prog->instructions), + .insn_cnt = prog->n_instructions, +- .license = PTR_TO_UINT64("GPL"), +- .log_buf = PTR_TO_UINT64(log_buf), ++ .license = PTR_TO_U64("GPL"), ++ .log_buf = PTR_TO_U64(log_buf), + .log_level = log_level, + .log_size = log_size, + }; +diff --git a/src/lxc/macro.h b/src/lxc/macro.h +index b2a19cec8..bc270eac0 100644 +--- a/src/lxc/macro.h ++++ b/src/lxc/macro.h +@@ -561,7 +561,8 @@ enum { + #define PTR_TO_PID(p) ((pid_t)((intptr_t)(p))) + #define PID_TO_PTR(u) ((void *)((intptr_t)(u))) + +-#define PTR_TO_UINT64(p) ((uint64_t)((intptr_t)(p))) ++#define PTR_TO_UINT64(p) ((uint64_t)((uintptr_t)(p))) ++#define PTR_TO_U64(p) ((__u64)((uintptr_t)(p))) + + #define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u))) + #define PTR_TO_USHORT(p) ((unsigned short)((uintptr_t)(p))) diff -Nru lxc-4.0.2/debian/patches/0056-cgroups-align-methods.patch lxc-4.0.6/debian/patches/0056-cgroups-align-methods.patch --- lxc-4.0.2/debian/patches/0056-cgroups-align-methods.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0056-cgroups-align-methods.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,75 @@ +From 25868b73bef645775d134209039b186e421c05af Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Sat, 30 Jan 2021 21:54:45 +0100 +Subject: cgroups: align methods + +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 54 ++++++++++++++++++++-------------------- + 1 file changed, 27 insertions(+), 27 deletions(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index 1eef175b8..fb46846fb 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -3454,33 +3454,33 @@ struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf) + if (cg_init(cgfsng_ops, conf)) + return NULL; + +- cgfsng_ops->data_init = cgfsng_data_init; +- cgfsng_ops->payload_destroy = cgfsng_payload_destroy; +- cgfsng_ops->monitor_destroy = cgfsng_monitor_destroy; +- cgfsng_ops->monitor_create = cgfsng_monitor_create; +- cgfsng_ops->monitor_enter = cgfsng_monitor_enter; +- cgfsng_ops->monitor_delegate_controllers = cgfsng_monitor_delegate_controllers; +- cgfsng_ops->payload_delegate_controllers = cgfsng_payload_delegate_controllers; +- cgfsng_ops->payload_create = cgfsng_payload_create; +- cgfsng_ops->payload_enter = cgfsng_payload_enter; +- cgfsng_ops->payload_finalize = cgfsng_payload_finalize; +- cgfsng_ops->escape = cgfsng_escape; +- cgfsng_ops->num_hierarchies = cgfsng_num_hierarchies; +- cgfsng_ops->get_hierarchies = cgfsng_get_hierarchies; +- cgfsng_ops->get_cgroup = cgfsng_get_cgroup; +- cgfsng_ops->get = cgfsng_get; +- cgfsng_ops->set = cgfsng_set; +- cgfsng_ops->freeze = cgfsng_freeze; +- cgfsng_ops->unfreeze = cgfsng_unfreeze; +- cgfsng_ops->setup_limits_legacy = cgfsng_setup_limits_legacy; +- cgfsng_ops->setup_limits = cgfsng_setup_limits; +- cgfsng_ops->driver = "cgfsng"; +- cgfsng_ops->version = "1.0.0"; +- cgfsng_ops->attach = cgfsng_attach; +- cgfsng_ops->chown = cgfsng_chown; +- cgfsng_ops->mount = cgfsng_mount; +- cgfsng_ops->devices_activate = cgfsng_devices_activate; +- cgfsng_ops->get_limiting_cgroup = cgfsng_get_limiting_cgroup; ++ cgfsng_ops->data_init = cgfsng_data_init; ++ cgfsng_ops->payload_destroy = cgfsng_payload_destroy; ++ cgfsng_ops->monitor_destroy = cgfsng_monitor_destroy; ++ cgfsng_ops->monitor_create = cgfsng_monitor_create; ++ cgfsng_ops->monitor_enter = cgfsng_monitor_enter; ++ cgfsng_ops->monitor_delegate_controllers = cgfsng_monitor_delegate_controllers; ++ cgfsng_ops->payload_delegate_controllers = cgfsng_payload_delegate_controllers; ++ cgfsng_ops->payload_create = cgfsng_payload_create; ++ cgfsng_ops->payload_enter = cgfsng_payload_enter; ++ cgfsng_ops->payload_finalize = cgfsng_payload_finalize; ++ cgfsng_ops->escape = cgfsng_escape; ++ cgfsng_ops->num_hierarchies = cgfsng_num_hierarchies; ++ cgfsng_ops->get_hierarchies = cgfsng_get_hierarchies; ++ cgfsng_ops->get_cgroup = cgfsng_get_cgroup; ++ cgfsng_ops->get = cgfsng_get; ++ cgfsng_ops->set = cgfsng_set; ++ cgfsng_ops->freeze = cgfsng_freeze; ++ cgfsng_ops->unfreeze = cgfsng_unfreeze; ++ cgfsng_ops->setup_limits_legacy = cgfsng_setup_limits_legacy; ++ cgfsng_ops->setup_limits = cgfsng_setup_limits; ++ cgfsng_ops->driver = "cgfsng"; ++ cgfsng_ops->version = "1.0.0"; ++ cgfsng_ops->attach = cgfsng_attach; ++ cgfsng_ops->chown = cgfsng_chown; ++ cgfsng_ops->mount = cgfsng_mount; ++ cgfsng_ops->devices_activate = cgfsng_devices_activate; ++ cgfsng_ops->get_limiting_cgroup = cgfsng_get_limiting_cgroup; + + return move_ptr(cgfsng_ops); + } diff -Nru lxc-4.0.2/debian/patches/0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch lxc-4.0.6/debian/patches/0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch --- lxc-4.0.2/debian/patches/0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From ddce74ecaa31233887af92e176bb745a5da225da Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 14:35:42 +0100 +Subject: utils: use SYSTRACE() when logging stdio permission fixup failures + +Signed-off-by: Christian Brauner +--- + src/lxc/utils.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index c48be5004..fccd28d58 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -1961,15 +1961,15 @@ int fix_stdio_permissions(uid_t uid) + + ret = fchown(std_fds[i], uid, st.st_gid); + if (ret) { +- TRACE("Failed to chown standard I/O file descriptor %d to uid %d and gid %d", +- std_fds[i], uid, st.st_gid); ++ SYSTRACE("Failed to chown standard I/O file descriptor %d to uid %d and gid %d", ++ std_fds[i], uid, st.st_gid); + fret = -1; + continue; + } + + ret = fchmod(std_fds[i], 0700); + if (ret) { +- TRACE("Failed to chmod standard I/O file descriptor %d", std_fds[i]); ++ SYSTRACE("Failed to chmod standard I/O file descriptor %d", std_fds[i]); + fret = -1; + } + } diff -Nru lxc-4.0.2/debian/patches/0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch lxc-4.0.6/debian/patches/0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch --- lxc-4.0.2/debian/patches/0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 9c7b2b1e8ed904f9fb5f53abce730211fad75d8c Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 14:44:45 +0100 +Subject: attach: log failues to dup2() with SYSDEBUG() + +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index bdf6da21f..15a19e598 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -828,15 +828,15 @@ __noreturn static void do_attach(struct attach_clone_payload *payload) + */ + if (options->stdin_fd >= 0 && options->stdin_fd != STDIN_FILENO) + if (dup2(options->stdin_fd, STDIN_FILENO)) +- DEBUG("Failed to replace stdin with %d", options->stdin_fd); ++ SYSDEBUG("Failed to replace stdin with %d", options->stdin_fd); + + if (options->stdout_fd >= 0 && options->stdout_fd != STDOUT_FILENO) + if (dup2(options->stdout_fd, STDOUT_FILENO)) +- DEBUG("Failed to replace stdout with %d", options->stdin_fd); ++ SYSDEBUG("Failed to replace stdout with %d", options->stdin_fd); + + if (options->stderr_fd >= 0 && options->stderr_fd != STDERR_FILENO) + if (dup2(options->stderr_fd, STDERR_FILENO)) +- DEBUG("Failed to replace stderr with %d", options->stdin_fd); ++ SYSDEBUG("Failed to replace stderr with %d", options->stdin_fd); + + /* close the old fds */ + if (options->stdin_fd > STDERR_FILENO) diff -Nru lxc-4.0.2/debian/patches/0059-attach-fix-logging-for-stdfd-replacement.patch lxc-4.0.6/debian/patches/0059-attach-fix-logging-for-stdfd-replacement.patch --- lxc-4.0.2/debian/patches/0059-attach-fix-logging-for-stdfd-replacement.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0059-attach-fix-logging-for-stdfd-replacement.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,28 @@ +From d6415efa3f943263a7ba1600fd9246fafd57c9bf Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 14:50:55 +0100 +Subject: attach: fix logging for stdfd replacement + +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 15a19e598..5a88dbc72 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -832,11 +832,11 @@ __noreturn static void do_attach(struct attach_clone_payload *payload) + + if (options->stdout_fd >= 0 && options->stdout_fd != STDOUT_FILENO) + if (dup2(options->stdout_fd, STDOUT_FILENO)) +- SYSDEBUG("Failed to replace stdout with %d", options->stdin_fd); ++ SYSDEBUG("Failed to replace stdout with %d", options->stdout_fd); + + if (options->stderr_fd >= 0 && options->stderr_fd != STDERR_FILENO) + if (dup2(options->stderr_fd, STDERR_FILENO)) +- SYSDEBUG("Failed to replace stderr with %d", options->stdin_fd); ++ SYSDEBUG("Failed to replace stderr with %d", options->stderr_fd); + + /* close the old fds */ + if (options->stdin_fd > STDERR_FILENO) diff -Nru lxc-4.0.2/debian/patches/0060-attach-fix-error-checking-for-dup2.patch lxc-4.0.6/debian/patches/0060-attach-fix-error-checking-for-dup2.patch --- lxc-4.0.2/debian/patches/0060-attach-fix-error-checking-for-dup2.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0060-attach-fix-error-checking-for-dup2.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 1b5e1facd4bb573c28b72650f7666f9ea986e566 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 14:51:41 +0100 +Subject: attach: fix error checking for dup2() + +Signed-off-by: Christian Brauner +--- + src/lxc/attach.c | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/lxc/attach.c b/src/lxc/attach.c +index 5a88dbc72..1c9b30d2b 100644 +--- a/src/lxc/attach.c ++++ b/src/lxc/attach.c +@@ -827,15 +827,15 @@ __noreturn static void do_attach(struct attach_clone_payload *payload) + * may want to make sure the fds are closed, for example. + */ + if (options->stdin_fd >= 0 && options->stdin_fd != STDIN_FILENO) +- if (dup2(options->stdin_fd, STDIN_FILENO)) ++ if (dup2(options->stdin_fd, STDIN_FILENO) < 0) + SYSDEBUG("Failed to replace stdin with %d", options->stdin_fd); + + if (options->stdout_fd >= 0 && options->stdout_fd != STDOUT_FILENO) +- if (dup2(options->stdout_fd, STDOUT_FILENO)) ++ if (dup2(options->stdout_fd, STDOUT_FILENO) < 0) + SYSDEBUG("Failed to replace stdout with %d", options->stdout_fd); + + if (options->stderr_fd >= 0 && options->stderr_fd != STDERR_FILENO) +- if (dup2(options->stderr_fd, STDERR_FILENO)) ++ if (dup2(options->stderr_fd, STDERR_FILENO) < 0) + SYSDEBUG("Failed to replace stderr with %d", options->stderr_fd); + + /* close the old fds */ diff -Nru lxc-4.0.2/debian/patches/0061-cgroups-initialize-variable.patch lxc-4.0.6/debian/patches/0061-cgroups-initialize-variable.patch --- lxc-4.0.2/debian/patches/0061-cgroups-initialize-variable.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0061-cgroups-initialize-variable.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,24 @@ +From 596be6f3217a15d0b80bbdbe15650885fc14b4d9 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 15:44:59 +0100 +Subject: cgroups: initialize variable + +Fixes: Coverity 1472651 +Signed-off-by: Christian Brauner +--- + src/lxc/cgroups/cgfsng.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c +index fb46846fb..3d6d3c7d9 100644 +--- a/src/lxc/cgroups/cgfsng.c ++++ b/src/lxc/cgroups/cgfsng.c +@@ -3337,7 +3337,7 @@ static int cg_unified_init(struct cgroup_ops *ops, bool relative, + { + __do_close int cgroup_root_fd = -EBADF; + __do_free char *base_cgroup = NULL, *controllers_path = NULL; +- __do_free_string_list char **delegatable; ++ __do_free_string_list char **delegatable = NULL; + int ret; + struct hierarchy *new; + diff -Nru lxc-4.0.2/debian/patches/0062-commands_utils-don-t-leak-memory.patch lxc-4.0.6/debian/patches/0062-commands_utils-don-t-leak-memory.patch --- lxc-4.0.2/debian/patches/0062-commands_utils-don-t-leak-memory.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0062-commands_utils-don-t-leak-memory.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,48 @@ +From 8780fc1823de6be56de4e96ff77ac01114b21534 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 22:34:33 +0100 +Subject: commands_utils: don't leak memory + +Signed-off-by: Christian Brauner +--- + src/lxc/commands_utils.c | 11 +++++------ + 1 file changed, 5 insertions(+), 6 deletions(-) + +diff --git a/src/lxc/commands_utils.c b/src/lxc/commands_utils.c +index cba8e9c10..53464ae15 100644 +--- a/src/lxc/commands_utils.c ++++ b/src/lxc/commands_utils.c +@@ -166,7 +166,7 @@ int lxc_add_state_client(int state_client_fd, struct lxc_handler *handler, + __do_free struct lxc_list *tmplist = NULL; + int state; + +- newclient = malloc(sizeof(*newclient)); ++ newclient = zalloc(sizeof(*newclient)); + if (!newclient) + return -ENOMEM; + +@@ -174,20 +174,19 @@ int lxc_add_state_client(int state_client_fd, struct lxc_handler *handler, + memcpy(newclient->states, states, sizeof(newclient->states)); + newclient->clientfd = state_client_fd; + +- tmplist = malloc(sizeof(*tmplist)); ++ tmplist = zalloc(sizeof(*tmplist)); + if (!tmplist) + return -ENOMEM; + + state = handler->state; + if (states[state] != 1) { +- lxc_list_add_elem(tmplist, newclient); +- lxc_list_add_tail(&handler->conf->state_clients, tmplist); ++ lxc_list_add_elem(tmplist, move_ptr(newclient)); ++ lxc_list_add_tail(&handler->conf->state_clients, move_ptr(tmplist)); + } else { ++ TRACE("Container already in requested state"); + return state; + } + +- move_ptr(newclient); +- move_ptr(tmplist); + TRACE("Added state client fd %d to state client list", state_client_fd); + return MAX_STATE; + } diff -Nru lxc-4.0.2/debian/patches/0063-conf-use-lxc_log_trace.patch lxc-4.0.6/debian/patches/0063-conf-use-lxc_log_trace.patch --- lxc-4.0.2/debian/patches/0063-conf-use-lxc_log_trace.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0063-conf-use-lxc_log_trace.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,54 @@ +From aae1a851403e9551719a38a8fb4488d8ebad317f Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 22:53:56 +0100 +Subject: conf: use lxc_log_trace() + +Signed-off-by: Christian Brauner +--- + src/lxc/conf.c | 12 ++++-------- + 1 file changed, 4 insertions(+), 8 deletions(-) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index af2271962..76d517a16 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -4104,8 +4104,7 @@ int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data, + + close_prot_errno_disarm(pipe_fds[0]); + +- if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE || +- conf->loglevel == LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + struct id_map *map; + struct lxc_list *it; + +@@ -4219,8 +4218,7 @@ int userns_exec_minimal(const struct lxc_conf *conf, + + close_prot_errno_disarm(sock_fds[0]); + +- if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE || +- conf->loglevel == LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + struct id_map *map; + struct lxc_list *it; + +@@ -4404,8 +4402,7 @@ int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data, + /* idmap will now keep track of that memory. */ + host_gid_map = NULL; + +- if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE || +- conf->loglevel == LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + lxc_list_for_each (cur, idmap) { + map = cur->elem; + TRACE("establishing %cid mapping for \"%d\" in new " +@@ -4626,8 +4623,7 @@ int userns_exec_mapped_root(const char *path, int path_fd, + + close_prot_errno_disarm(sock_fds[0]); + +- if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE || +- conf->loglevel == LXC_LOG_LEVEL_TRACE) { ++ if (lxc_log_trace()) { + struct id_map *map; + struct lxc_list *it; + diff -Nru lxc-4.0.2/debian/patches/0064-confile_utils-use-lxc_log_trace.patch lxc-4.0.6/debian/patches/0064-confile_utils-use-lxc_log_trace.patch --- lxc-4.0.2/debian/patches/0064-confile_utils-use-lxc_log_trace.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0064-confile_utils-use-lxc_log_trace.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,24 @@ +From 370dac7fc22297b796d0bf4fd2b124821fa3f393 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Mon, 1 Feb 2021 22:54:47 +0100 +Subject: confile_utils: use lxc_log_trace() + +Signed-off-by: Christian Brauner +--- + src/lxc/confile_utils.c | 3 +-- + 1 file changed, 1 insertion(+), 2 deletions(-) + +diff --git a/src/lxc/confile_utils.c b/src/lxc/confile_utils.c +index 705d7e607..48b6970f6 100644 +--- a/src/lxc/confile_utils.c ++++ b/src/lxc/confile_utils.c +@@ -225,8 +225,7 @@ void lxc_log_configured_netdevs(const struct lxc_conf *conf) + struct lxc_netdev *netdev; + struct lxc_list *it = (struct lxc_list *)&conf->network;; + +- if ((conf->loglevel != LXC_LOG_LEVEL_TRACE) && +- (lxc_log_get_level() != LXC_LOG_LEVEL_TRACE)) ++ if (!lxc_log_trace()) + return; + + if (lxc_list_empty(it)) { diff -Nru lxc-4.0.2/debian/patches/0065-rexec-check-lseek-return-value.patch lxc-4.0.6/debian/patches/0065-rexec-check-lseek-return-value.patch --- lxc-4.0.2/debian/patches/0065-rexec-check-lseek-return-value.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/debian/patches/0065-rexec-check-lseek-return-value.patch 2021-02-11 21:34:03.000000000 +0000 @@ -0,0 +1,33 @@ +From 5f8095d301962220f011e8b17b3b7d07cd487a95 Mon Sep 17 00:00:00 2001 +From: Christian Brauner +Date: Wed, 3 Feb 2021 09:39:21 +0100 +Subject: rexec: check lseek() return value + +Not really needed buy ok. + +Fixes: Coverity: 1472769 +Signed-off-by: Christian Brauner +--- + src/lxc/rexec.c | 7 +++++-- + 1 file changed, 5 insertions(+), 2 deletions(-) + +diff --git a/src/lxc/rexec.c b/src/lxc/rexec.c +index 95a038272..ba5cc0fe8 100644 +--- a/src/lxc/rexec.c ++++ b/src/lxc/rexec.c +@@ -127,10 +127,13 @@ static void lxc_rexec_as_memfd(char **argv, char **envp, const char *memfd_name) + sent = lxc_sendfile_nointr(memfd >= 0 ? memfd : tmpfd, fd, NULL, + st.st_size - bytes_sent); + if (sent < 0) { +- /* Fallback to shoveling data between kernel- and ++ /* ++ * Fallback to shoveling data between kernel- and + * userspace. + */ +- lseek(fd, 0, SEEK_SET); ++ if (lseek(fd, 0, SEEK_SET) == (off_t) -1) ++ fprintf(stderr, "Failed to seek to beginning of file"); ++ + if (fd_to_fd(fd, memfd >= 0 ? memfd : tmpfd)) + break; + diff -Nru lxc-4.0.2/debian/patches/series lxc-4.0.6/debian/patches/series --- lxc-4.0.2/debian/patches/series 2020-04-16 19:41:29.000000000 +0000 +++ lxc-4.0.6/debian/patches/series 2021-02-11 21:34:03.000000000 +0000 @@ -1 +1,65 @@ 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch +0002-commands-fix-check-for-seccomp-notify-support.patch +0003-configure-skip-libseccomp-tests-if-it-is-disabled.patch +0004-conf-fix-containers-retaining-CAP_NET_ADMIN.patch +0005-cgroups-fix-cgroup-mounting.patch +0006-lsm-remove-obsolute-comment-about-constructor.patch +0007-lxc_attach-include-rexec-conditionally.patch +0008-tree-wide-fix-some-header-inclusions.patch +0009-initutils-fix-missing-includes.patch +0010-configure-support-static-binaries.patch +0011-autotools-enable-static-builds-for-tools.patch +0012-autotools-enable-static-builds-for-commands.patch +0013-tree-wide-fix-compilation-with-Wstrict-prototypes-Wo.patch +0014-config-update-ax_pthread.m4.patch +0015-configure-add-AC_SYS_LARGEFILE-checking.patch +0016-autotools-update-build.patch +0017-file_utils-introduce-read_file_at.patch +0018-string_utils-add-must_make_path_relative.patch +0019-cgroups-coding-style-fixes.patch +0020-cgroups-rework-cg_unified_init.patch +0021-cgroups-detect-and-record-cgroup2-freezer-support.patch +0022-criu-handle-cgroup2-freezer.patch +0023-mkdir-p-proc-sys-on-container-startup.patch +0024-conf-fix-coding-style.patch +0025-conf-coding-style-fixes.patch +0026-conf-move-proc-and-sys-mountpoint-creation-int-lxc_m.patch +0027-attach-invert-child-parent-handling.patch +0028-attach-use-__do_free-cleanup-macro-for-cwd.patch +0029-attach-tweak-logging.patch +0030-attach-use-__do_close-for-labelfd.patch +0031-attach-coding-style-fixes.patch +0032-attach-use-free_disarm.patch +0033-attach-s-attach_child_main-do_attach-g.patch +0034-attach-mark-do_attach-as-__noreturn.patch +0035-attach-make-do_attach-void.patch +0036-attach-use-close_prot_errno_disarm.patch +0037-attach-add-some-DEBUG-logging-to-stdfd-dpulication.patch +0038-cgroups-fix-cgroup-mounting.patch +0039-utils-fix-mount_at.patch +0040-configure-fix-static-builds-with-clang-12-and-LTO.patch +0041-cgroups-bpf-fixes.patch +0042-croups-improve-__do_bpf_program_free.patch +0043-cgroups-coding-style-fixes.patch +0044-cgroups-don-t-initiliaze-NULL-log.patch +0045-cgroups-ensure-all-memory-is-zeroed.patch +0046-cgroups-use-zalloc.patch +0047-cgroups-tweak-cgroup-initialization.patch +0048-log-remove-pointless-inline.patch +0049-log-add-lxc_log_get_fd.patch +0050-seccomp-use-lxc_log_get_fd.patch +0051-log-rework-lxc_log_get_level.patch +0052-seccomp-use-lxc_log_get_level.patch +0053-cgroups-use-bpf-log-when-logging-at-trace-level.patch +0054-log-add-lxc_log_trace-helper.patch +0055-cgroups-use-PTR_TO_U64.patch +0056-cgroups-align-methods.patch +0057-utils-use-SYSTRACE-when-logging-stdio-permission-fix.patch +0058-attach-log-failues-to-dup2-with-SYSDEBUG.patch +0059-attach-fix-logging-for-stdfd-replacement.patch +0060-attach-fix-error-checking-for-dup2.patch +0061-cgroups-initialize-variable.patch +0062-commands_utils-don-t-leak-memory.patch +0063-conf-use-lxc_log_trace.patch +0064-confile_utils-use-lxc_log_trace.patch +0065-rexec-check-lseek-return-value.patch diff -Nru lxc-4.0.2/doc/api/Makefile.in lxc-4.0.6/doc/api/Makefile.in --- lxc-4.0.2/doc/api/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/api/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/doc/api-extensions.md lxc-4.0.6/doc/api-extensions.md --- lxc-4.0.2/doc/api-extensions.md 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/api-extensions.md 2021-01-12 00:20:05.000000000 +0000 @@ -118,3 +118,20 @@ ## pidfd When running on kernels that support pidfds LXC will rely on them for most operations. This makes interacting with containers not just more reliable it also makes it significantly safer and eliminates various races inherent to PID-based kernel APIs. LXC will require that the running kernel at least support `pidfd_send_signal()`, `CLONE_PIDFD`, `P_PIDFD`, and pidfd polling support. Any kernel starting with `Linux 5.4` should have full support for pidfds. + +## seccomp\_allow\_deny\_syntax + +This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies. + +## devpts\_fd + +This adds the ability to allocate a file descriptor for the devpts instance of +the container. + +## seccomp\_notify\_fd\_active + +Retrieve the seccomp notifier fd from a running container. + +## seccomp\_proxy\_send\_notify\_fd + +Whether the seccomp notify proxy sends a long a notify fd file descriptor. diff -Nru lxc-4.0.2/doc/examples/Makefile.am lxc-4.0.6/doc/examples/Makefile.am --- lxc-4.0.2/doc/examples/Makefile.am 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/examples/Makefile.am 2021-01-12 00:20:05.000000000 +0000 @@ -10,7 +10,7 @@ lxc-veth.conf \ lxc-complex.conf \ seccomp-v1.conf \ - seccomp-v2-blacklist.conf \ + seccomp-v2-denylist.conf \ seccomp-v2.conf endif @@ -23,10 +23,10 @@ lxc-veth.conf.in \ lxc-complex.conf.in \ seccomp-v1.conf \ - seccomp-v2-blacklist.conf \ + seccomp-v2-denylist.conf \ seccomp-v2.conf EXTRA_DIST = \ seccomp-v1.conf \ - seccomp-v2-blacklist.conf \ + seccomp-v2-denylist.conf \ seccomp-v2.conf diff -Nru lxc-4.0.2/doc/examples/Makefile.in lxc-4.0.6/doc/examples/Makefile.in --- lxc-4.0.2/doc/examples/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/examples/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -351,7 +351,7 @@ @ENABLE_EXAMPLES_TRUE@ lxc-veth.conf \ @ENABLE_EXAMPLES_TRUE@ lxc-complex.conf \ @ENABLE_EXAMPLES_TRUE@ seccomp-v1.conf \ -@ENABLE_EXAMPLES_TRUE@ seccomp-v2-blacklist.conf \ +@ENABLE_EXAMPLES_TRUE@ seccomp-v2-denylist.conf \ @ENABLE_EXAMPLES_TRUE@ seccomp-v2.conf noinst_DATA = \ @@ -363,12 +363,12 @@ lxc-veth.conf.in \ lxc-complex.conf.in \ seccomp-v1.conf \ - seccomp-v2-blacklist.conf \ + seccomp-v2-denylist.conf \ seccomp-v2.conf EXTRA_DIST = \ seccomp-v1.conf \ - seccomp-v2-blacklist.conf \ + seccomp-v2-denylist.conf \ seccomp-v2.conf all: all-am diff -Nru lxc-4.0.2/doc/examples/seccomp-v1.conf lxc-4.0.6/doc/examples/seccomp-v1.conf --- lxc-4.0.2/doc/examples/seccomp-v1.conf 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/examples/seccomp-v1.conf 2021-01-12 00:20:05.000000000 +0000 @@ -1,5 +1,5 @@ 1 -whitelist +allowlist 0 1 2 diff -Nru lxc-4.0.2/doc/examples/seccomp-v2-blacklist.conf lxc-4.0.6/doc/examples/seccomp-v2-blacklist.conf --- lxc-4.0.2/doc/examples/seccomp-v2-blacklist.conf 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/examples/seccomp-v2-blacklist.conf 1970-01-01 00:00:00.000000000 +0000 @@ -1,8 +0,0 @@ -2 -blacklist -# v2 allows comments after the second line, with '#' in first column, -# blacklist will allow syscalls by default -# if 'errno 0' was not appended to 'mknod' below, then the task would -# simply be killed when it tried to mknod. 'errno 0' means do not allow -# the container to mknod, but immediately return 0. -mknod errno 0 diff -Nru lxc-4.0.2/doc/examples/seccomp-v2.conf lxc-4.0.6/doc/examples/seccomp-v2.conf --- lxc-4.0.2/doc/examples/seccomp-v2.conf 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/examples/seccomp-v2.conf 2021-01-12 00:20:05.000000000 +0000 @@ -1,7 +1,7 @@ 2 -whitelist trap -# 'whitelist' would normally mean kill a task doing any syscall which is not -# whitelisted below. By appending 'trap' to the line, we will cause a SIGSYS +allowlist trap +# 'allowlist' would normally mean kill a task doing any syscall which is not +# allowlisted below. By appending 'trap' to the line, we will cause a SIGSYS # to be sent to the task instead. 'errno 0' would mean don't allow the system # call but immediately return 0. 'errno 22' would mean return EINVAL immediately. [x86_64] @@ -20,5 +20,5 @@ write mount umount2 -# Do note that this policy does not whitelist enough system calls to allow a +# Do note that this policy does not allowlist enough system calls to allow a # system container to boot. diff -Nru lxc-4.0.2/doc/examples/seccomp-v2-denylist.conf lxc-4.0.6/doc/examples/seccomp-v2-denylist.conf --- lxc-4.0.2/doc/examples/seccomp-v2-denylist.conf 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/doc/examples/seccomp-v2-denylist.conf 2021-01-12 00:20:05.000000000 +0000 @@ -0,0 +1,8 @@ +2 +denylist +# v2 allows comments after the second line, with '#' in first column, +# denylist will allow syscalls by default +# if 'errno 0' was not appended to 'mknod' below, then the task would +# simply be killed when it tried to mknod. 'errno 0' means do not allow +# the container to mknod, but immediately return 0. +mknod errno 0 diff -Nru lxc-4.0.2/doc/ja/lxc.container.conf.sgml.in lxc-4.0.6/doc/ja/lxc.container.conf.sgml.in --- lxc-4.0.2/doc/ja/lxc.container.conf.sgml.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/ja/lxc.container.conf.sgml.in 2021-01-12 00:20:05.000000000 +0000 @@ -713,25 +713,25 @@ modes are , and . It defaults to mode. In mode TX processing up to L3 happens on the stack instance - attached to the slave device and packets are switched to the stack instance of the - master device for the L2 processing and routing from that instance will be - used before packets are queued on the outbound device. In this mode the slaves + attached to the dependent device and packets are switched to the stack instance of the + parent device for the L2 processing and routing from that instance will be + used before packets are queued on the outbound device. In this mode the dependent devices will not receive nor can send multicast / broadcast traffic. In mode TX processing is very similar to the L3 mode except that iptables (conn-tracking) works in this mode and hence it is L3-symmetric (L3s). This will have slightly less performance but that shouldn't matter since you are choosing this mode over plain-L3 mode to make conn-tracking work. In mode TX processing happens on the stack instance attached to - the slave device and packets are switched and queued to the master device to send - out. In this mode the slaves will RX/TX multicast and broadcast (if applicable) as well. + the dependent device and packets are switched and queued to the parent device to send + out. In this mode the dependent devices will RX/TX multicast and broadcast (if applicable) as well. specifies the isolation mode. The accepted isolation values are , and . It defaults to . - In isolation mode slaves can cross-talk among themselves - apart from talking through the master device. + In isolation mode dependent devices can cross-talk among themselves + apart from talking through the parent device. In isolation mode the port is set in private mode. - i.e. port won't allow cross communication between slaves. + i.e. port won't allow cross communication between dependent devices. In isolation mode the port is set in VEPA mode. i.e. port will offload switching functionality to the external entity as described in 802.1Qbg. @@ -1144,11 +1144,11 @@ もし設定された場合、コンテナは新しい pseudo tty インスタンスを持ち、それを自身のプライベートとします。 - この値は pts インスタンスに許可される pseudo tty の最大数を指定します (この制限はまだ実装されていません)。 + この値は pty インスタンスに許可される pseudo tty の最大数を指定します (この制限はまだ実装されていません)。 @@ -1548,7 +1548,7 @@ fstab フォーマットの一行と同じフォーマットのマウントポイントの指定をします。 - 加えて、LXC では rslave や rprivate といったマウント・プロパゲーションオプションと、独自の 3 つのマウントオプションが使えます。 + 加えて、LXC では rshared や rprivate といったマウント・プロパゲーションオプションと、独自の 3 つのマウントオプションが使えます。 は、マウントが失敗しても失敗を返さずに無視します。 は、マウントポイントをマウントする際にディレクトリもしくはファイルを作成します。 を指定すると、マウントされたコンテナルートからの相対パスとして取得されます。 @@ -2239,7 +2239,7 @@ standard namespace identifiers as seen in the /proc/PID/ns directory. The is a - blacklist option, i.e. it is useful when enforcing that containers + denylist option, i.e. it is useful when enforcing that containers must keep a specific set of namespaces. --> コンテナが、作成元のプロセスから継承する (新しい名前空間を作らずに元のプロセスの名前空間のまま実行する) 名前空間を指定します。継承する名前空間はスペース区切りのリストで指定します。指定する名前空間名は、/proc/PID/ns ディレクトリ内に存在する標準の名前空間指示子でなければなりません。 はブラックリストを指定するオプションです。つまり、コンテナに特定の名前空間を使い続けることを強制したい場合に便利です。 @@ -2660,18 +2660,18 @@ - 現時点では、バージョン番号は 1 と 2 をサポートしています。バージョン 1 では、ポリシーはシンプルなホワイトリストですので、2 行目は "whitelist" でなければなりません。 + 現時点では、バージョン番号は 1 と 2 をサポートしています。バージョン 1 では、ポリシーはシンプルなホワイトリストですので、2 行目は "allowlist" でなければなりません。 そして残りの行には 1 行に 1 つずつ、システムコール番号を書きます。各行のシステムコール番号がホワイトリスト化され、リストにない番号は、そのコンテナではブラックリストに入ります。 @@ -2679,7 +2679,7 @@ @@ -2688,7 +2688,7 @@ 2 - blacklist + denylist mknod errno 0 ioctl notify diff -Nru lxc-4.0.2/doc/ja/Makefile.in lxc-4.0.6/doc/ja/Makefile.in --- lxc-4.0.2/doc/ja/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/ja/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/doc/ja/pam_cgfs.sgml.in lxc-4.0.6/doc/ja/pam_cgfs.sgml.in --- lxc-4.0.2/doc/ja/pam_cgfs.sgml.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/ja/pam_cgfs.sgml.in 2021-01-12 00:20:05.000000000 +0000 @@ -93,17 +93,18 @@ - pam_cgfs.so モジュールは、cgroupfs v1 (/sys/fs/cgroup/$controller) と cgroupfs v2 (/sys/fs/cgroup) のいずれも扱えます。また、コントローラのいくつかが cgroupfs v1 ツリー (/sys/fs/cgroup/$controller) で、それ以外が cgroupfs v2 (/sys/fs/cgroup/unified) ツリーと言ったようなミックスでも扱えます。 + for only controllers listed as arguments on the command line. + Pure cgroup v2 mount is not covered by the pam_cgfs.so module. + --> + pam_cgfs.so モジュールは、純粋な cgroupfs v1 (/sys/fs/cgroup/$controller) ツリーと、コントローラのいくつかが cgroupfs v1 ツリー (/sys/fs/cgroup/$controller) で、それ以外が cgroupfs v2 (/sys/fs/cgroup/unified) ツリーと言ったようなミックスマウントを扱えます。 書き込み可能な cgroup がすべてのコントローラ用に作られます。また、引数で指定すれば、指定したコントローラのみ書き込み可能な cgroup が作られます。 + 純粋な cgroup v2 のみのマウントは pam_cgfs.so モジュールでは対象外です。 diff -Nru lxc-4.0.2/doc/ko/lxc.container.conf.sgml.in lxc-4.0.6/doc/ko/lxc.container.conf.sgml.in --- lxc-4.0.2/doc/ko/lxc.container.conf.sgml.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/ko/lxc.container.conf.sgml.in 2021-01-12 00:20:05.000000000 +0000 @@ -844,7 +844,7 @@ 만약 지정되었다면, 컨테이너는 새 pseudo tty 인스턴스를 갖는다. 그리고 이것을 자기자신 전용으로 만든다. 지정하는 값은 pseudo tty의 최대 개수를 지정한다. (이 제한은 아직 구현되지 않았다) @@ -1736,17 +1736,17 @@ - 현재는 버전1과 2만 지원된다. 버전 1에서는 정책은 단순한 화이트리스트이다. 그러므로 두번째 라인은 반드시 "whitelist"여야 한다. 파일의 나머지 내용은 한 줄에 하나의 시스템콜 번호로 채워진다. 화이트리스트에 없는 번호는 컨테이너에서 블랙리스트로 들어간다. + 현재는 버전1과 2만 지원된다. 버전 1에서는 정책은 단순한 화이트리스트이다. 그러므로 두번째 라인은 반드시 "allowlist"여야 한다. 파일의 나머지 내용은 한 줄에 하나의 시스템콜 번호로 채워진다. 화이트리스트에 없는 번호는 컨테이너에서 블랙리스트로 들어간다. @@ -1754,7 +1754,7 @@ @@ -1762,7 +1762,7 @@ 2 -blacklist +denylist mknod errno 0 diff -Nru lxc-4.0.2/doc/ko/Makefile.in lxc-4.0.6/doc/ko/Makefile.in --- lxc-4.0.2/doc/ko/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/ko/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/doc/lxc.container.conf.sgml.in lxc-4.0.6/doc/lxc.container.conf.sgml.in --- lxc-4.0.2/doc/lxc.container.conf.sgml.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/lxc.container.conf.sgml.in 2021-01-12 00:20:05.000000000 +0000 @@ -530,25 +530,25 @@ modes are , and . It defaults to mode. In mode TX processing up to L3 happens on the stack instance - attached to the slave device and packets are switched to the stack instance of the - master device for the L2 processing and routing from that instance will be - used before packets are queued on the outbound device. In this mode the slaves + attached to the dependent device and packets are switched to the stack instance of the + parent device for the L2 processing and routing from that instance will be + used before packets are queued on the outbound device. In this mode the dependent devices will not receive nor can send multicast / broadcast traffic. In mode TX processing is very similar to the L3 mode except that iptables (conn-tracking) works in this mode and hence it is L3-symmetric (L3s). This will have slightly less performance but that shouldn't matter since you are choosing this mode over plain-L3 mode to make conn-tracking work. In mode TX processing happens on the stack instance attached to - the slave device and packets are switched and queued to the master device to send - out. In this mode the slaves will RX/TX multicast and broadcast (if applicable) as well. + the dependent device and packets are switched and queued to the parent device to send devices + out. In this mode the dependent devices will RX/TX multicast and broadcast (if applicable) as well. specifies the isolation mode. The accepted isolation values are , and . It defaults to . - In isolation mode slaves can cross-talk among themselves - apart from talking through the master device. + In isolation mode dependent devices can cross-talk among themselves + apart from talking through the parent device. In isolation mode the port is set in private mode. - i.e. port won't allow cross communication between slaves. + i.e. port won't allow cross communication between dependent devices. In isolation mode the port is set in VEPA mode. i.e. port will offload switching functionality to the external entity as described in 802.1Qbg. @@ -867,7 +867,7 @@ If set, the container will have a new pseudo tty instance, making this private to it. The value specifies - the maximum number of pseudo ttys allowed for a pts + the maximum number of pseudo ttys allowed for a pty instance (this limitation is not implemented yet). @@ -1164,7 +1164,7 @@ Specify a mount point corresponding to a line in the fstab format. - Moreover lxc supports mount propagation, such as rslave or + Moreover lxc supports mount propagation, such as rshared or rprivate, and adds three additional mount options. don't fail if mount does not work. or @@ -1676,7 +1676,7 @@ standard namespace identifiers as seen in the /proc/PID/ns directory. The is a - blacklist option, i.e. it is useful when enforcing that containers + denylist option, i.e. it is useful when enforcing that containers must keep a specific set of namespaces. @@ -1984,26 +1984,26 @@ Versions 1 and 2 are currently supported. In version 1, the - policy is a simple whitelist. The second line therefore must - read "whitelist", with the rest of the file containing one (numeric) - syscall number per line. Each syscall number is whitelisted, - while every unlisted number is blacklisted for use in the container + policy is a simple allowlist. The second line therefore must + read "allowlist", with the rest of the file containing one (numeric) + syscall number per line. Each syscall number is allowlisted, + while every unlisted number is denylisted for use in the container - In version 2, the policy may be blacklist or whitelist, + In version 2, the policy may be denylist or allowlist, supports per-rule and per-policy default actions, and supports per-architecture system call resolution from textual names. - An example blacklist policy, in which all system calls are + An example denylist policy, in which all system calls are allowed except for mknod, which will simply do nothing and return 0 (success), looks like: 2 - blacklist + denylist mknod errno 0 ioctl notify diff -Nru lxc-4.0.2/doc/Makefile.in lxc-4.0.6/doc/Makefile.in --- lxc-4.0.2/doc/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/doc/pam_cgfs.sgml.in lxc-4.0.6/doc/pam_cgfs.sgml.in --- lxc-4.0.2/doc/pam_cgfs.sgml.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/doc/pam_cgfs.sgml.in 2021-01-12 00:20:05.000000000 +0000 @@ -77,14 +77,14 @@ - The pam_cgfs.so module can handle both pure cgroupfs v1 - (/sys/fs/cgroup/$controller) and pure cgroupfs - v2 (/sys/fs/cgroup), as well as mixed mounts, + The pam_cgfs.so module can handle pure cgroupfs v1 + (/sys/fs/cgroup/$controller) and mixed mounts, where some controllers are mounted in a standard cgroupfs v1 hierarchy (/sys/fs/cgroup/$controller) and others in cgroupfs v2 hierarchy (/sys/fs/cgroup/unified). Writeable cgroups are either created for all controllers or, if specified, - for only controllers listed as arguments on the command line. + for only controllers listed as arguments on the command line. + Pure cgroup v2 mount is not covered by the pam_cgfs.so module. diff -Nru lxc-4.0.2/doc/rootfs/Makefile.in lxc-4.0.6/doc/rootfs/Makefile.in --- lxc-4.0.2/doc/rootfs/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/doc/rootfs/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/hooks/Makefile.in lxc-4.0.6/hooks/Makefile.in --- lxc-4.0.2/hooks/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/hooks/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-4.0.2/lxc.spec lxc-4.0.6/lxc.spec --- lxc-4.0.2/lxc.spec 2020-04-16 18:17:32.000000000 +0000 +++ lxc-4.0.6/lxc.spec 2021-01-12 00:20:21.000000000 +0000 @@ -57,7 +57,7 @@ %endif Name: lxc -Version: 4.0.2 +Version: 4.0.6 Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz diff -Nru lxc-4.0.2/Makefile.in lxc-4.0.6/Makefile.in --- lxc-4.0.2/Makefile.in 2020-04-16 18:17:22.000000000 +0000 +++ lxc-4.0.6/Makefile.in 2021-01-12 00:20:11.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -708,6 +708,10 @@ tardir=$(distdir) && $(am__tar) | XZ_OPT=$${XZ_OPT--e} xz -c >$(distdir).tar.xz $(am__post_remove_distdir) +dist-zstd: distdir + tardir=$(distdir) && $(am__tar) | zstd -c $${ZSTD_CLEVEL-$${ZSTD_OPT--19}} >$(distdir).tar.zst + $(am__post_remove_distdir) + dist-tarZ: distdir @echo WARNING: "Support for distribution archives compressed with" \ "legacy program 'compress' is deprecated." >&2 @@ -750,6 +754,8 @@ eval GZIP= gzip $(GZIP_ENV) -dc $(distdir).shar.gz | unshar ;;\ *.zip*) \ unzip $(distdir).zip ;;\ + *.tar.zst*) \ + zstd -dc $(distdir).tar.zst | $(am__untar) ;;\ esac chmod -R a-w $(distdir) chmod u+w $(distdir) @@ -930,18 +936,19 @@ am--refresh check check-am clean clean-cscope clean-generic \ clean-libtool cscope cscopelist-am ctags ctags-am dist \ dist-all dist-bzip2 dist-gzip dist-lzip dist-shar dist-tarZ \ - dist-xz dist-zip distcheck distclean distclean-generic \ - distclean-libtool distclean-tags distcleancheck distdir \ - distuninstallcheck dvi dvi-am html html-am info info-am \ - install install-am install-data install-data-am \ - install-data-local install-dvi install-dvi-am install-exec \ - install-exec-am install-html install-html-am install-info \ - install-info-am install-man install-pcdataDATA install-pdf \ - install-pdf-am install-ps install-ps-am install-strip \ - installcheck installcheck-am installdirs installdirs-am \ - maintainer-clean maintainer-clean-generic mostlyclean \ - mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ - tags tags-am uninstall uninstall-am uninstall-pcdataDATA + dist-xz dist-zip dist-zstd distcheck distclean \ + distclean-generic distclean-libtool distclean-tags \ + distcleancheck distdir distuninstallcheck dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pcdataDATA \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + installdirs-am maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \ + ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-pcdataDATA .PRECIOUS: Makefile diff -Nru lxc-4.0.2/README.md lxc-4.0.6/README.md --- lxc-4.0.2/README.md 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/README.md 2021-01-12 00:20:05.000000000 +0000 @@ -119,7 +119,7 @@ LXC has always focused on strong backwards compatibility. In fact, the API hasn't been broken from release `1.0.0` onwards. Main LXC is currently at -version `2.*.*`. +version `4.*.*`. ## Reporting Security Issues diff -Nru lxc-4.0.2/src/config.h.in lxc-4.0.6/src/config.h.in --- lxc-4.0.2/src/config.h.in 2020-04-16 18:17:21.000000000 +0000 +++ lxc-4.0.6/src/config.h.in 2021-01-12 00:20:10.000000000 +0000 @@ -12,6 +12,9 @@ /* enforce thread-safety otherwise fail the build */ #undef ENFORCE_THREAD_SAFETY +/* Define to 1 if you have the `clone3' function. */ +#undef HAVE_CLONE3 + /* Define to 1 if you have the `confstr' function. */ #undef HAVE_CONFSTR @@ -45,6 +48,9 @@ /* Define to 1 if you have the `endmntent' function. */ #undef HAVE_ENDMNTENT +/* Define to 1 if you have the `execveat' function. */ +#undef HAVE_EXECVEAT + /* Define to 1 if you have the `faccessat' function. */ #undef HAVE_FACCESSAT @@ -54,6 +60,18 @@ /* Define to 1 if you have the `fmemopen' function. */ #undef HAVE_FMEMOPEN +/* Define to 1 if you have the `fsconfig' function. */ +#undef HAVE_FSCONFIG + +/* Define to 1 if you have the `fsmount,' function. */ +#undef HAVE_FSMOUNT_ + +/* Define to 1 if you have the `fsopen' function. */ +#undef HAVE_FSOPEN + +/* Define to 1 if you have the `fspick' function. */ +#undef HAVE_FSPICK + /* Define to 1 if you have the `getgrgid_r' function. */ #undef HAVE_GETGRGID_R @@ -111,12 +129,21 @@ /* Define to 1 if you have the header file. */ #undef HAVE_MEMORY_H +/* Define to 1 if you have the `move_mount' function. */ +#undef HAVE_MOVE_MOUNT + /* Have %m format */ #undef HAVE_M_FORMAT +/* Define to 1 if you have the `openat2' function. */ +#undef HAVE_OPENAT2 + /* Define to 1 if you have the `openpty' function. */ #undef HAVE_OPENPTY +/* Define to 1 if you have the `open_tree' function. */ +#undef HAVE_OPEN_TREE + /* Define to 1 if you have the `pivot_root' function. */ #undef HAVE_PIVOT_ROOT @@ -183,6 +210,18 @@ /* Define to 1 if the system has the type `struct bpf_cgroup_dev_ctx'. */ #undef HAVE_STRUCT_BPF_CGROUP_DEV_CTX +/* Define to 1 if the system has the type `struct clone_args'. */ +#undef HAVE_STRUCT_CLONE_ARGS + +/* Define to 1 if `cgroup' is a member of `struct clone_args'. */ +#undef HAVE_STRUCT_CLONE_ARGS_CGROUP + +/* Define to 1 if `set_tid' is a member of `struct clone_args'. */ +#undef HAVE_STRUCT_CLONE_ARGS_SET_TID + +/* Define to 1 if the system has the type `struct open_how'. */ +#undef HAVE_STRUCT_OPEN_HOW + /* Define to 1 if the system has the type `struct rtnl_link_stats64'. */ #undef HAVE_STRUCT_RTNL_LINK_STATS64 diff -Nru lxc-4.0.2/src/include/fexecve.c lxc-4.0.6/src/include/fexecve.c --- lxc-4.0.2/src/include/fexecve.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/include/fexecve.c 2021-01-12 00:20:05.000000000 +0000 @@ -29,7 +29,7 @@ #include #include "config.h" #include "macro.h" -#include "raw_syscalls.h" +#include "process_utils.h" int fexecve(int fd, char *const argv[], char *const envp[]) { @@ -41,11 +41,9 @@ return -1; } -#ifdef __NR_execveat - lxc_raw_execveat(fd, "", argv, envp, AT_EMPTY_PATH); + execveat(fd, "", argv, envp, AT_EMPTY_PATH); if (errno != ENOSYS) return -1; -#endif ret = snprintf(procfd, sizeof(procfd), "/proc/self/fd/%d", fd); if (ret < 0 || (size_t)ret >= sizeof(procfd)) { diff -Nru lxc-4.0.2/src/include/netns_ifaddrs.h lxc-4.0.6/src/include/netns_ifaddrs.h --- lxc-4.0.2/src/include/netns_ifaddrs.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/include/netns_ifaddrs.h 2021-01-12 00:20:05.000000000 +0000 @@ -12,7 +12,8 @@ #include #include -#include "netns_ifaddrs.h" +#include "compiler.h" +#include "memory_utils.h" struct netns_ifaddrs { struct netns_ifaddrs *ifa_next; @@ -50,9 +51,10 @@ #define __ifa_broadaddr ifa_ifu.ifu_broadaddr #define __ifa_dstaddr ifa_ifu.ifu_dstaddr -extern void netns_freeifaddrs(struct netns_ifaddrs *); -extern int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, - bool *netnsid_aware); +__hidden extern void netns_freeifaddrs(struct netns_ifaddrs *); +define_cleanup_function(struct netns_ifaddrs *, netns_freeifaddrs); +__hidden extern int netns_getifaddrs(struct netns_ifaddrs **ifap, __s32 netns_id, + bool *netnsid_aware); #ifdef __cplusplus } diff -Nru lxc-4.0.2/src/include/openpty.c lxc-4.0.6/src/include/openpty.c --- lxc-4.0.2/src/include/openpty.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/include/openpty.c 2021-01-12 00:20:05.000000000 +0000 @@ -1,76 +1,136 @@ - /* - * openpty: glibc implementation - * - * Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. - * - * Authors: - * Zack Weinberg , 1998. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ +/* SPDX-License-Identifier: LGPL-2.1+ */ -#define _XOPEN_SOURCE /* See feature_test_macros(7) */ +#define _GNU_SOURCE #include #include #include #include #include +#include +#include #include #include -#include -#include -#define _PATH_DEVPTMX "/dev/ptmx" +#ifdef HAVE_PTY_H +#include +#endif + +static int pts_name(int fd, char **pts, size_t buf_len) +{ + int rv; + char *buf = *pts; + + for (;;) { + char *new_buf; + + if (buf_len) { + rv = ptsname_r(fd, buf, buf_len); -int openpty (int *amaster, int *aslave, char *name, struct termios *termp, - struct winsize *winp) + if (rv != 0 || memchr(buf, '\0', buf_len)) + /* We either got an error, or we succeeded and the + returned name fit in the buffer. */ + break; + + /* Try again with a longer buffer. */ + buf_len += buf_len; /* Double it */ + } else + /* No initial buffer; start out by mallocing one. */ + buf_len = 128; /* First time guess. */ + + if (buf != *pts) + /* We've already malloced another buffer at least once. */ + new_buf = realloc(buf, buf_len); + else + new_buf = malloc(buf_len); + if (!new_buf) { + rv = -1; + break; + } + buf = new_buf; + } + + if (rv == 0) + *pts = buf; /* Return buffer to the user. */ + else if (buf != *pts) + free(buf); /* Free what we malloced when returning an error. */ + + return rv; +} + +int __unlockpt(int fd) +{ +#ifdef TIOCSPTLCK + int unlock = 0; + + if (ioctl(fd, TIOCSPTLCK, &unlock)) { + if (errno != EINVAL) + return -1; + } +#endif + return 0; +} + +int openpty(int *ptx, int *pty, char *name, const struct termios *termp, + const struct winsize *winp) { - char buf[PATH_MAX]; - int master, slave; + char _buf[PATH_MAX]; + char *buf = _buf; + int ptx_fd, ret = -1, pty_fd = -1; + + *buf = '\0'; + + ptx_fd = open("/dev/ptmx", O_RDWR | O_NOCTTY); + if (ptx_fd == -1) + return -1; + + if (__unlockpt(ptx_fd)) + goto on_error; + +#ifdef TIOCGPTPEER + /* Try to allocate pty_fd solely based on ptx_fd first. */ + pty_fd = ioctl(ptx_fd, TIOCGPTPEER, O_RDWR | O_NOCTTY); +#endif + if (pty_fd == -1) { + /* Fallback to path-based pty_fd allocation in case kernel doesn't + * support TIOCGPTPEER. + */ + if (pts_name(ptx_fd, &buf, sizeof(_buf))) + goto on_error; + + pty_fd = open(buf, O_RDWR | O_NOCTTY); + if (pty_fd == -1) + goto on_error; + } + + if (termp) + tcsetattr(pty_fd, TCSAFLUSH, termp); +#ifdef TIOCSWINSZ + if (winp) + ioctl(pty_fd, TIOCSWINSZ, winp); +#endif + + *ptx = ptx_fd; + *pty = pty_fd; + if (name != NULL) { + if (*buf == '\0') + if (pts_name(ptx_fd, &buf, sizeof(_buf))) + goto on_error; + + strcpy(name, buf); + } + + ret = 0; + +on_error: + if (ret == -1) { + close(ptx_fd); + + if (pty_fd != -1) + close(pty_fd); + } + + if (buf != _buf) + free(buf); - master = open(_PATH_DEVPTMX, O_RDWR); - if (master == -1) - return -1; - - if (grantpt(master)) - goto fail; - - if (unlockpt(master)) - goto fail; - - if (ptsname_r(master, buf, sizeof buf)) - goto fail; - - slave = open(buf, O_RDWR | O_NOCTTY); - if (slave == -1) - goto fail; - - /* XXX Should we ignore errors here? */ - if (termp) - tcsetattr(slave, TCSAFLUSH, termp); - if (winp) - ioctl(slave, TIOCSWINSZ, winp); - - *amaster = master; - *aslave = slave; - if (name != NULL) - strcpy(name, buf); - - return 0; - -fail: - close(master); - return -1; + return ret; } diff -Nru lxc-4.0.2/src/include/openpty.h lxc-4.0.6/src/include/openpty.h --- lxc-4.0.2/src/include/openpty.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/include/openpty.h 2021-01-12 00:20:05.000000000 +0000 @@ -1,25 +1,4 @@ -/* - * openpty: glibc implementation - * - * Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc. - * - * Authors: - * Zack Weinberg , 1998. - * - * This library is free software; you can redistribute it and/or - * modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either - * version 2.1 of the License, or (at your option) any later version. - - * This library is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - - * You should have received a copy of the GNU Lesser General Public - * License along with this library; if not, write to the Free Software - * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - */ +/* SPDX-License-Identifier: LGPL-2.1+ */ #ifndef _OPENPTY_H #define _OPENPTY_H @@ -27,11 +6,12 @@ #include #include -/* Create pseudo tty master slave pair with NAME and set terminal - attributes according to TERMP and WINP and return handles for both - ends in AMASTER and ASLAVE. */ -extern int openpty (int *__amaster, int *__aslave, char *__name, - const struct termios *__termp, - const struct winsize *__winp); +/* + * Create pseudo tty ptx pty pair with @__name and set terminal + * attributes according to @__termp and @__winp and return handles for both + * ends in @__aptx and @__apts. + */ +extern int openpty(int *ptx, int *pty, char *name, const struct termios *termp, + const struct winsize *winp); #endif diff -Nru lxc-4.0.2/src/lxc/af_unix.c lxc-4.0.6/src/lxc/af_unix.c --- lxc-4.0.2/src/lxc/af_unix.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/af_unix.c 2021-01-12 00:20:05.000000000 +0000 @@ -14,11 +14,12 @@ #include #include +#include "af_unix.h" #include "config.h" #include "log.h" #include "macro.h" #include "memory_utils.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "utils.h" #ifndef HAVE_STRLCPY @@ -349,7 +350,7 @@ return move_fd(fd); } -int lxc_unix_connect(struct sockaddr_un *addr, int type) +int lxc_unix_connect(struct sockaddr_un *addr) { return lxc_unix_connect_type(addr, SOCK_STREAM); } diff -Nru lxc-4.0.2/src/lxc/af_unix.h lxc-4.0.6/src/lxc/af_unix.h --- lxc-4.0.2/src/lxc/af_unix.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/af_unix.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,25 +7,34 @@ #include #include +#include "compiler.h" + /* does not enforce \0-termination */ -extern int lxc_abstract_unix_open(const char *path, int type, int flags); -extern void lxc_abstract_unix_close(int fd); +__hidden extern int lxc_abstract_unix_open(const char *path, int type, int flags); +__hidden extern void lxc_abstract_unix_close(int fd); /* does not enforce \0-termination */ -extern int lxc_abstract_unix_connect(const char *path); -extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds, - void *data, size_t size); -extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds, - int num_sendfds, struct iovec *iov, - size_t iovlen); -extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data, - size_t size); -extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds, - void *data, size_t size); -extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size); -extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size); -extern int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path); -extern int lxc_unix_connect(struct sockaddr_un *addr); -extern int lxc_unix_connect_type(struct sockaddr_un *addr, int type); -extern int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout); +__hidden extern int lxc_abstract_unix_connect(const char *path); + +__hidden extern int lxc_abstract_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data, + size_t size) __access_r(2, 3) __access_r(4, 5); + +__hidden extern int lxc_abstract_unix_send_fds_iov(int fd, int *sendfds, int num_sendfds, + struct iovec *iov, size_t iovlen) __access_r(2, 3); + +__hidden extern int lxc_abstract_unix_recv_fds(int fd, int *recvfds, int num_recvfds, void *data, + size_t size) __access_r(2, 3) __access_r(4, 5); + +__hidden extern int lxc_unix_send_fds(int fd, int *sendfds, int num_sendfds, void *data, size_t size); + +__hidden extern int lxc_abstract_unix_send_credential(int fd, void *data, size_t size) + __access_r(2, 3); + +__hidden extern int lxc_abstract_unix_rcv_credential(int fd, void *data, size_t size) + __access_w(2, 3); + +__hidden extern int lxc_unix_sockaddr(struct sockaddr_un *ret, const char *path); +__hidden extern int lxc_unix_connect(struct sockaddr_un *addr); +__hidden extern int lxc_unix_connect_type(struct sockaddr_un *addr, int type); +__hidden extern int lxc_socket_set_timeout(int fd, int rcv_timeout, int snd_timeout); #endif /* __LXC_AF_UNIX_H */ diff -Nru lxc-4.0.2/src/lxc/api_extensions.h lxc-4.0.6/src/lxc/api_extensions.h --- lxc-4.0.2/src/lxc/api_extensions.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/api_extensions.h 2021-01-12 00:20:05.000000000 +0000 @@ -38,6 +38,11 @@ "cgroup2_devices", #endif "cgroup2", + "pidfd", + "seccomp_allow_deny_syntax", + "devpts_fd", + "seccomp_notify_fd_active", + "seccomp_proxy_send_notify_fd", }; static size_t nr_api_extensions = sizeof(api_extensions) / sizeof(*api_extensions); diff -Nru lxc-4.0.2/src/lxc/attach.c lxc-4.0.6/src/lxc/attach.c --- lxc-4.0.2/src/lxc/attach.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/attach.c 2021-01-12 00:20:05.000000000 +0000 @@ -39,8 +39,9 @@ #include "macro.h" #include "mainloop.h" #include "memory_utils.h" +#include "mount_utils.h" #include "namespace.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "syscall_wrappers.h" #include "terminal.h" #include "utils.h" @@ -90,7 +91,9 @@ if (!found) return log_error_errno(NULL, ENOENT, "Failed to read capability bounding set from %s", proc_fn); - info->lsm_label = lsm_process_label_get(pid); + info->lsm_ops = lsm_init(); + + info->lsm_label = info->lsm_ops->process_label_get(info->lsm_ops, pid); info->ns_inherited = 0; for (int i = 0; i < LXC_NS_MAX; i++) info->ns_fd[i] = -EBADF; @@ -194,19 +197,15 @@ if (ret < 0) return log_error_errno(-1, errno, "Failed to unshare mount namespace"); - if (detect_shared_rootfs()) { - if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) { - SYSERROR("Failed to make / rslave"); - ERROR("Continuing..."); - } - } + if (detect_shared_rootfs() && mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) + SYSERROR("Failed to recursively turn root mount tree into dependent mount. Continuing..."); /* Assume /proc is always mounted, so remount it. */ ret = umount2("/proc", MNT_DETACH); if (ret < 0) return log_error_errno(-1, errno, "Failed to unmount /proc"); - ret = mount("none", "/proc", "proc", 0, NULL); + ret = mount_filesystem("proc", "/proc", 0); if (ret < 0) return log_error_errno(-1, errno, "Failed to remount /proc"); @@ -219,7 +218,7 @@ return log_error_errno(-1, errno, "Failed to unmount /sys"); /* Remount it. */ - if (ret == 0 && mount("none", "/sys", "sysfs", 0, NULL)) + if (ret == 0 && mount_filesystem("sysfs", "/sys", 0)) return log_error_errno(-1, errno, "Failed to remount /sys"); return 0; @@ -629,7 +628,7 @@ struct attach_clone_payload { int ipc_socket; - int terminal_slave_fd; + int terminal_pts_fd; lxc_attach_options_t *options; struct lxc_proc_context_info *init_ctx; lxc_attach_exec_t exec_function; @@ -639,7 +638,7 @@ static void lxc_put_attach_clone_payload(struct attach_clone_payload *p) { close_prot_errno_disarm(p->ipc_socket); - close_prot_errno_disarm(p->terminal_slave_fd); + close_prot_errno_disarm(p->terminal_pts_fd); if (p->init_ctx) { lxc_proc_put_context_info(p->init_ctx); p->init_ctx = NULL; @@ -774,29 +773,30 @@ else new_gid = ns_root_gid; - if ((init_ctx->container && init_ctx->container->lxc_conf && - init_ctx->container->lxc_conf->no_new_privs) || - (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) { - ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0), - prctl_arg(0), prctl_arg(0)); - if (ret < 0) - goto on_error; - - TRACE("Set PR_SET_NO_NEW_PRIVS"); - } - if (needs_lsm) { bool on_exec; /* Change into our new LSM profile. */ on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? true : false; - ret = lsm_process_label_set_at(lsm_fd, init_ctx->lsm_label, on_exec); + ret = init_ctx->lsm_ops->process_label_set_at(init_ctx->lsm_ops, lsm_fd, + init_ctx->lsm_label, on_exec); close(lsm_fd); if (ret < 0) goto on_error; - TRACE("Set %s LSM label to \"%s\"", lsm_name(), init_ctx->lsm_label); + TRACE("Set %s LSM label to \"%s\"", init_ctx->lsm_ops->name, init_ctx->lsm_label); + } + + if ((init_ctx->container && init_ctx->container->lxc_conf && + init_ctx->container->lxc_conf->no_new_privs) || + (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) { + ret = prctl(PR_SET_NO_NEW_PRIVS, prctl_arg(1), prctl_arg(0), + prctl_arg(0), prctl_arg(0)); + if (ret < 0) + goto on_error; + + TRACE("Set PR_SET_NO_NEW_PRIVS"); } if (init_ctx->container && init_ctx->container->lxc_conf && @@ -860,13 +860,13 @@ } if (options->attach_flags & LXC_ATTACH_TERMINAL) { - ret = lxc_terminal_prepare_login(payload->terminal_slave_fd); + ret = lxc_terminal_prepare_login(payload->terminal_pts_fd); if (ret < 0) { - SYSERROR("Failed to prepare terminal file descriptor %d", payload->terminal_slave_fd); + SYSERROR("Failed to prepare terminal file descriptor %d", payload->terminal_pts_fd); goto on_error; } - TRACE("Prepared terminal file descriptor %d", payload->terminal_slave_fd); + TRACE("Prepared terminal file descriptor %d", payload->terminal_pts_fd); } /* Avoid unnecessary syscalls. */ @@ -879,7 +879,7 @@ /* Make sure that the processes STDIO is correctly owned by the user that we are switching to */ ret = fix_stdio_permissions(new_uid); if (ret) - WARN("Failed to ajust stdio permissions"); + INFO("Failed to adjust stdio permissions"); if (!lxc_switch_uid_gid(new_uid, new_gid)) goto on_error; @@ -892,30 +892,18 @@ _exit(EXIT_FAILURE); } -static int lxc_attach_terminal(struct lxc_conf *conf, +static int lxc_attach_terminal(const char *name, const char *lxcpath, struct lxc_conf *conf, struct lxc_terminal *terminal) { int ret; lxc_terminal_init(terminal); - ret = lxc_terminal_create(terminal); + ret = lxc_terminal_create(name, lxcpath, conf, terminal); if (ret < 0) return log_error(-1, "Failed to create terminal"); - /* Shift ttys to container. */ - ret = lxc_terminal_map_ids(conf, terminal); - if (ret < 0) { - ERROR("Failed to chown terminal"); - goto on_error; - } - return 0; - -on_error: - lxc_terminal_delete(terminal); - lxc_terminal_conf_free(terminal); - return -1; } static int lxc_attach_terminal_mainloop_init(struct lxc_terminal *terminal, @@ -936,14 +924,14 @@ return 0; } -static inline void lxc_attach_terminal_close_master(struct lxc_terminal *terminal) +static inline void lxc_attach_terminal_close_ptx(struct lxc_terminal *terminal) { - close_prot_errno_disarm(terminal->master); + close_prot_errno_disarm(terminal->ptx); } -static inline void lxc_attach_terminal_close_slave(struct lxc_terminal *terminal) +static inline void lxc_attach_terminal_close_pts(struct lxc_terminal *terminal) { - close_prot_errno_disarm(terminal->slave); + close_prot_errno_disarm(terminal->pty); } static inline void lxc_attach_terminal_close_peer(struct lxc_terminal *terminal) @@ -1094,7 +1082,7 @@ } if (options->attach_flags & LXC_ATTACH_TERMINAL) { - ret = lxc_attach_terminal(conf, &terminal); + ret = lxc_attach_terminal(name, lxcpath, conf, &terminal); if (ret < 0) { ERROR("Failed to setup new terminal"); free(cwd); @@ -1173,7 +1161,7 @@ free(cwd); lxc_proc_close_ns_fd(init_ctx); if (options->attach_flags & LXC_ATTACH_TERMINAL) - lxc_attach_terminal_close_slave(&terminal); + lxc_attach_terminal_close_pts(&terminal); /* Attach to cgroup, if requested. */ if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) { @@ -1257,7 +1245,8 @@ ret = -1; on_exec = options->attach_flags & LXC_ATTACH_LSM_EXEC ? true : false; - labelfd = lsm_process_label_fd_get(attached_pid, on_exec); + labelfd = init_ctx->lsm_ops->process_label_fd_get(init_ctx->lsm_ops, + attached_pid, on_exec); if (labelfd < 0) goto close_mainloop; @@ -1336,7 +1325,7 @@ close_prot_errno_disarm(ipc_sockets[0]); if (options->attach_flags & LXC_ATTACH_TERMINAL) { - lxc_attach_terminal_close_master(&terminal); + lxc_attach_terminal_close_ptx(&terminal); lxc_attach_terminal_close_peer(&terminal); lxc_attach_terminal_close_log(&terminal); } @@ -1381,7 +1370,7 @@ payload.ipc_socket = ipc_sockets[1]; payload.options = options; payload.init_ctx = init_ctx; - payload.terminal_slave_fd = terminal.slave; + payload.terminal_pts_fd = terminal.pty; payload.exec_function = exec_function; payload.exec_payload = exec_payload; @@ -1395,8 +1384,7 @@ if (pid == 0) { if (options->attach_flags & LXC_ATTACH_TERMINAL) { - ret = pthread_sigmask(SIG_SETMASK, - &terminal.tty_state->oldmask, NULL); + ret = lxc_terminal_signal_sigmask_safe_blocked(&terminal); if (ret < 0) { SYSERROR("Failed to reset signal mask"); _exit(EXIT_FAILURE); @@ -1411,7 +1399,7 @@ } if (options->attach_flags & LXC_ATTACH_TERMINAL) - lxc_attach_terminal_close_slave(&terminal); + lxc_attach_terminal_close_pts(&terminal); /* Tell grandparent the pid of the pid of the newly created child. */ ret = lxc_write_nointr(ipc_sockets[1], &pid, sizeof(pid)); diff -Nru lxc-4.0.2/src/lxc/attach.h lxc-4.0.6/src/lxc/attach.h --- lxc-4.0.2/src/lxc/attach.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/attach.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,6 +7,7 @@ #include #include +#include "compiler.h" #include "namespace.h" struct lxc_conf; @@ -18,12 +19,13 @@ unsigned long long capability_mask; int ns_inherited; int ns_fd[LXC_NS_MAX]; + struct lsm_ops *lsm_ops; }; -extern int lxc_attach(struct lxc_container *container, - lxc_attach_exec_t exec_function, void *exec_payload, - lxc_attach_options_t *options, pid_t *attached_process); +__hidden extern int lxc_attach(struct lxc_container *container, lxc_attach_exec_t exec_function, + void *exec_payload, lxc_attach_options_t *options, + pid_t *attached_process); -extern int lxc_attach_remount_sys_proc(void); +__hidden extern int lxc_attach_remount_sys_proc(void); #endif /* __LXC_ATTACH_H */ diff -Nru lxc-4.0.2/src/lxc/attach_options.h lxc-4.0.6/src/lxc/attach_options.h --- lxc-4.0.2/src/lxc/attach_options.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/attach_options.h 2021-01-12 00:20:05.000000000 +0000 @@ -26,7 +26,7 @@ /* The following are off by default: */ LXC_ATTACH_REMOUNT_PROC_SYS = 0x00010000, /*!< Remount /proc filesystem */ - LXC_ATTACH_LSM_NOW = 0x00020000, /*!< FIXME: unknown */ + LXC_ATTACH_LSM_NOW = 0x00020000, /*!< TODO: currently unused */ /* Set PR_SET_NO_NEW_PRIVS to block execve() gainable privileges. */ LXC_ATTACH_NO_NEW_PRIVS = 0x00040000, /*!< PR_SET_NO_NEW_PRIVS */ LXC_ATTACH_TERMINAL = 0x00080000, /*!< Allocate new terminal for attached process. */ diff -Nru lxc-4.0.2/src/lxc/caps.h lxc-4.0.6/src/lxc/caps.h --- lxc-4.0.2/src/lxc/caps.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/caps.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,20 +6,20 @@ #include #include "config.h" +#include "compiler.h" #if HAVE_LIBCAP #include /* workaround for libcap < 2.17 bug */ #include -extern int lxc_caps_down(void); -extern int lxc_caps_up(void); -extern int lxc_ambient_caps_up(void); -extern int lxc_ambient_caps_down(void); -extern int lxc_caps_init(void); -extern int lxc_caps_last_cap(void); -extern bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag); -extern bool lxc_file_cap_is_set(const char *path, cap_value_t cap, - cap_flag_t flag); +__hidden extern int lxc_caps_down(void); +__hidden extern int lxc_caps_up(void); +__hidden extern int lxc_ambient_caps_up(void); +__hidden extern int lxc_ambient_caps_down(void); +__hidden extern int lxc_caps_init(void); +__hidden extern int lxc_caps_last_cap(void); +__hidden extern bool lxc_proc_cap_is_set(cap_value_t cap, cap_flag_t flag); +__hidden extern bool lxc_file_cap_is_set(const char *path, cap_value_t cap, cap_flag_t flag); #else static inline int lxc_caps_down(void) { diff -Nru lxc-4.0.2/src/lxc/cgroups/cgfsng.c lxc-4.0.6/src/lxc/cgroups/cgfsng.c --- lxc-4.0.2/src/lxc/cgroups/cgfsng.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgfsng.c 2021-01-12 00:20:05.000000000 +0000 @@ -27,6 +27,7 @@ #include #include #include +#include #include #include @@ -144,7 +145,7 @@ /* Given a handler's cgroup data, return the struct hierarchy for the controller * @c, or NULL if there is none. */ -struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *controller) +static struct hierarchy *get_hierarchy(struct cgroup_ops *ops, const char *controller) { if (!ops->hierarchies) return log_trace_errno(NULL, errno, "There are no useable cgroup controllers"); @@ -653,7 +654,7 @@ * verify /sys/fs/cgroup/ in this field. */ if (strncmp(p, DEFAULT_CGROUP_MOUNTPOINT "/", 15) != 0) - return log_error(NULL, "Found hierarchy not under " DEFAULT_CGROUP_MOUNTPOINT ": \"%s\"", p); + return log_warn(NULL, "Found hierarchy not under " DEFAULT_CGROUP_MOUNTPOINT ": \"%s\"", p); p += 15; p2 = strchr(p, ' '); @@ -725,6 +726,7 @@ new->container_base_path = container_base_path; new->version = type; new->cgfd_con = -EBADF; + new->cgfd_limit = -EBADF; new->cgfd_mon = -EBADF; newentry = append_null_to_list((void ***)h); @@ -946,8 +948,7 @@ TRACE("named subsystem %d: %s", k, *it); } -static int cgroup_tree_remove(struct hierarchy **hierarchies, - const char *container_cgroup) +static int cgroup_tree_remove(struct hierarchy **hierarchies, const char *container_cgroup) { if (!container_cgroup || !hierarchies) return 0; @@ -956,13 +957,15 @@ struct hierarchy *h = hierarchies[i]; int ret; - if (!h->container_full_path) + if (!h->container_limit_path) continue; - ret = lxc_rm_rf(h->container_full_path); + ret = lxc_rm_rf(h->container_limit_path); if (ret < 0) - WARN("Failed to destroy \"%s\"", h->container_full_path); + WARN("Failed to destroy \"%s\"", h->container_limit_path); + if (h->container_limit_path != h->container_full_path) + free_disarm(h->container_limit_path); free_disarm(h->container_full_path); } @@ -1024,7 +1027,7 @@ } #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX - ret = bpf_program_cgroup_detach(handler->conf->cgroup2_devices); + ret = bpf_program_cgroup_detach(handler->cgroup_ops->cgroup2_devices); if (ret < 0) WARN("Failed to detach bpf program from cgroup"); #endif @@ -1078,6 +1081,7 @@ for (int i = 0; ops->hierarchies[i]; i++) { __do_free char *pivot_path = NULL; struct hierarchy *h = ops->hierarchies[i]; + size_t offset; int ret; if (!h->monitor_full_path) @@ -1089,16 +1093,21 @@ goto try_lxc_rm_rf; } - if (conf && conf->cgroup_meta.dir) - pivot_path = must_make_path(h->mountpoint, - h->container_base_path, - conf->cgroup_meta.dir, - CGROUP_PIVOT, NULL); + if (conf && conf->cgroup_meta.monitor_dir) + pivot_path = must_make_path(h->mountpoint, h->container_base_path, + conf->cgroup_meta.monitor_dir, CGROUP_PIVOT, NULL); + else if (conf && conf->cgroup_meta.dir) + pivot_path = must_make_path(h->mountpoint, h->container_base_path, + conf->cgroup_meta.dir, CGROUP_PIVOT, NULL); else - pivot_path = must_make_path(h->mountpoint, - h->container_base_path, + pivot_path = must_make_path(h->mountpoint, h->container_base_path, CGROUP_PIVOT, NULL); + offset = strlen(h->mountpoint) + strlen(h->container_base_path); + + if (cg_legacy_handle_cpuset_hierarchy(h, pivot_path + offset)) + SYSWARN("Failed to initialize cpuset %s/" CGROUP_PIVOT, pivot_path); + ret = mkdir_p(pivot_path, 0755); if (ret < 0 && errno != EEXIST) { ERROR("Failed to create %s", pivot_path); @@ -1140,16 +1149,18 @@ ret = mkdir(makeme, mode); if (ret < 0 && ((errno != EEXIST) || (orig_len == cur_len))) - return log_error_errno(-1, errno, "Failed to create directory \"%s\"", makeme); + return log_warn_errno(-1, errno, "Failed to create directory \"%s\"", makeme); } while (tmp != dir); return 0; } -static bool cgroup_tree_create(struct hierarchy *h, const char *cgroup_tree, - const char *cgroup_leaf, bool payload) +static bool cgroup_tree_create(struct cgroup_ops *ops, struct lxc_conf *conf, + struct hierarchy *h, const char *cgroup_tree, + const char *cgroup_leaf, bool payload, + const char *cgroup_limit_dir) { - __do_free char *path = NULL; + __do_free char *path = NULL, *limit_path = NULL; int ret, ret_cpuset; path = must_make_path(h->mountpoint, h->container_base_path, cgroup_leaf, NULL); @@ -1160,6 +1171,37 @@ if (ret_cpuset < 0) return log_error_errno(false, errno, "Failed to handle legacy cpuset controller"); + if (payload && cgroup_limit_dir) { + /* with isolation both parts need to not already exist */ + limit_path = must_make_path(h->mountpoint, + h->container_base_path, + cgroup_limit_dir, NULL); + + ret = mkdir_eexist_on_last(limit_path, 0755); + if (ret < 0) + return log_debug_errno(false, + errno, "Failed to create %s limiting cgroup", + limit_path); + + h->cgfd_limit = lxc_open_dirfd(limit_path); + if (h->cgfd_limit < 0) + return log_error_errno(false, errno, + "Failed to open %s", path); + h->container_limit_path = move_ptr(limit_path); + + /* + * With isolation the devices legacy cgroup needs to be + * iinitialized early, as it typically contains an 'a' (all) + * line, which is not possible once a subdirectory has been + * created. + */ + if (string_in_list(h->controllers, "devices")) { + ret = ops->setup_limits_legacy(ops, conf, true); + if (ret < 0) + return ret; + } + } + ret = mkdir_eexist_on_last(path, 0755); if (ret < 0) { /* @@ -1168,7 +1210,7 @@ * directory for us to ensure correct initialization. */ if (ret_cpuset != 1 || cgroup_tree) - return log_error_errno(false, errno, "Failed to create %s cgroup", path); + return log_debug_errno(false, errno, "Failed to create %s cgroup", path); } if (payload) { @@ -1176,6 +1218,10 @@ if (h->cgfd_con < 0) return log_error_errno(false, errno, "Failed to open %s", path); h->container_full_path = move_ptr(path); + if (h->cgfd_limit < 0) + h->cgfd_limit = h->cgfd_con; + if (!h->container_limit_path) + h->container_limit_path = h->container_full_path; } else { h->cgfd_mon = lxc_open_dirfd(path); if (h->cgfd_mon < 0) @@ -1188,11 +1234,15 @@ static void cgroup_tree_leaf_remove(struct hierarchy *h, bool payload) { - __do_free char *full_path = NULL; + __do_free char *full_path = NULL, *__limit_path = NULL; + char *limit_path = NULL; if (payload) { __lxc_unused __do_close int fd = move_fd(h->cgfd_con); full_path = move_ptr(h->container_full_path); + limit_path = move_ptr(h->container_limit_path); + if (limit_path != full_path) + __limit_path = limit_path; } else { __lxc_unused __do_close int fd = move_fd(h->cgfd_mon); full_path = move_ptr(h->monitor_full_path); @@ -1200,17 +1250,48 @@ if (full_path && rmdir(full_path)) SYSWARN("Failed to rmdir(\"%s\") cgroup", full_path); + if (limit_path && rmdir(limit_path)) + SYSWARN("Failed to rmdir(\"%s\") cgroup", limit_path); +} + +/* + * Check we have no lxc.cgroup.dir, and that lxc.cgroup.dir.limit_prefix is a + * proper prefix directory of lxc.cgroup.dir.payload. + * + * Returns the prefix length if it is set, otherwise zero on success. + */ +static bool check_cgroup_dir_config(struct lxc_conf *conf) +{ + const char *monitor_dir = conf->cgroup_meta.monitor_dir, + *container_dir = conf->cgroup_meta.container_dir, + *namespace_dir = conf->cgroup_meta.namespace_dir; + + /* none of the new options are set, all is fine */ + if (!monitor_dir && !container_dir && !namespace_dir) + return true; + + /* some are set, make sure lxc.cgroup.dir is not also set*/ + if (conf->cgroup_meta.dir) + return log_error_errno(false, EINVAL, + "lxc.cgroup.dir conflicts with lxc.cgroup.dir.payload/monitor"); + + /* make sure both monitor and payload are set */ + if (!monitor_dir || !container_dir) + return log_error_errno(false, EINVAL, + "lxc.cgroup.dir.payload and lxc.cgroup.dir.monitor must both be set"); + + /* namespace_dir may be empty */ + return true; } -__cgfsng_ops static inline bool cgfsng_monitor_create(struct cgroup_ops *ops, - struct lxc_handler *handler) +__cgfsng_ops static bool cgfsng_monitor_create(struct cgroup_ops *ops, struct lxc_handler *handler) { __do_free char *monitor_cgroup = NULL, *__cgroup_tree = NULL; const char *cgroup_tree; int idx = 0; int i; size_t len; - char *suffix; + char *suffix = NULL; struct lxc_conf *conf; if (!ops) @@ -1227,7 +1308,13 @@ conf = handler->conf; - if (conf->cgroup_meta.dir) { + if (!check_cgroup_dir_config(conf)) + return false; + + if (conf->cgroup_meta.monitor_dir) { + cgroup_tree = NULL; + monitor_cgroup = strdup(conf->cgroup_meta.monitor_dir); + } else if (conf->cgroup_meta.dir) { cgroup_tree = conf->cgroup_meta.dir; monitor_cgroup = must_concat(&len, conf->cgroup_meta.dir, "/", DEFAULT_MONITOR_CGROUP_PREFIX, @@ -1251,27 +1338,31 @@ if (!monitor_cgroup) return ret_set_errno(false, ENOMEM); - suffix = monitor_cgroup + len - CGROUP_CREATE_RETRY_LEN; - *suffix = '\0'; + if (!conf->cgroup_meta.monitor_dir) { + suffix = monitor_cgroup + len - CGROUP_CREATE_RETRY_LEN; + *suffix = '\0'; + } do { - if (idx) + if (idx && suffix) sprintf(suffix, "-%d", idx); for (i = 0; ops->hierarchies[i]; i++) { - if (cgroup_tree_create(ops->hierarchies[i], cgroup_tree, monitor_cgroup, false)) + if (cgroup_tree_create(ops, handler->conf, + ops->hierarchies[i], cgroup_tree, + monitor_cgroup, false, NULL)) continue; - ERROR("Failed to create cgroup \"%s\"", ops->hierarchies[i]->monitor_full_path ?: "(null)"); + DEBUG("Failed to create cgroup \"%s\"", ops->hierarchies[i]->monitor_full_path ?: "(null)"); for (int j = 0; j < i; j++) cgroup_tree_leaf_remove(ops->hierarchies[j], false); idx++; break; } - } while (ops->hierarchies[i] && idx > 0 && idx < 1000); + } while (ops->hierarchies[i] && idx > 0 && idx < 1000 && suffix); - if (idx == 1000) - return ret_set_errno(false, ERANGE); + if (idx == 1000 || (!suffix && idx != 0)) + return log_error_errno(false, ERANGE, "Failed to create monitor cgroup"); ops->monitor_cgroup = move_ptr(monitor_cgroup); return log_info(true, "The monitor process uses \"%s\" as cgroup", ops->monitor_cgroup); @@ -1281,15 +1372,16 @@ * Try to create the same cgroup in all hierarchies. Start with cgroup_pattern; * next cgroup_pattern-1, -2, ..., -999. */ -__cgfsng_ops static inline bool cgfsng_payload_create(struct cgroup_ops *ops, - struct lxc_handler *handler) +__cgfsng_ops static bool cgfsng_payload_create(struct cgroup_ops *ops, struct lxc_handler *handler) { - __do_free char *container_cgroup = NULL, *__cgroup_tree = NULL; + __do_free char *container_cgroup = NULL, + *__cgroup_tree = NULL, + *limiting_cgroup = NULL; const char *cgroup_tree; int idx = 0; int i; size_t len; - char *suffix; + char *suffix = NULL; struct lxc_conf *conf; if (!ops) @@ -1306,7 +1398,25 @@ conf = handler->conf; - if (conf->cgroup_meta.dir) { + if (!check_cgroup_dir_config(conf)) + return false; + + if (conf->cgroup_meta.container_dir) { + cgroup_tree = NULL; + + limiting_cgroup = strdup(conf->cgroup_meta.container_dir); + if (!limiting_cgroup) + return ret_set_errno(false, ENOMEM); + + if (conf->cgroup_meta.namespace_dir) { + container_cgroup = must_make_path(limiting_cgroup, + conf->cgroup_meta.namespace_dir, + NULL); + } else { + /* explicit paths but without isolation */ + container_cgroup = move_ptr(limiting_cgroup); + } + } else if (conf->cgroup_meta.dir) { cgroup_tree = conf->cgroup_meta.dir; container_cgroup = must_concat(&len, cgroup_tree, "/", DEFAULT_PAYLOAD_CGROUP_PREFIX, @@ -1330,27 +1440,32 @@ if (!container_cgroup) return ret_set_errno(false, ENOMEM); - suffix = container_cgroup + len - CGROUP_CREATE_RETRY_LEN; - *suffix = '\0'; + if (!conf->cgroup_meta.container_dir) { + suffix = container_cgroup + len - CGROUP_CREATE_RETRY_LEN; + *suffix = '\0'; + } do { - if (idx) + if (idx && suffix) sprintf(suffix, "-%d", idx); for (i = 0; ops->hierarchies[i]; i++) { - if (cgroup_tree_create(ops->hierarchies[i], cgroup_tree, container_cgroup, true)) + if (cgroup_tree_create(ops, handler->conf, + ops->hierarchies[i], cgroup_tree, + container_cgroup, true, + limiting_cgroup)) continue; - ERROR("Failed to create cgroup \"%s\"", ops->hierarchies[i]->container_full_path ?: "(null)"); + DEBUG("Failed to create cgroup \"%s\"", ops->hierarchies[i]->container_full_path ?: "(null)"); for (int j = 0; j < i; j++) cgroup_tree_leaf_remove(ops->hierarchies[j], true); idx++; break; } - } while (ops->hierarchies[i] && idx > 0 && idx < 1000); + } while (ops->hierarchies[i] && idx > 0 && idx < 1000 && suffix); - if (idx == 1000) - return ret_set_errno(false, ERANGE); + if (idx == 1000 || (!suffix && idx != 0)) + return log_error_errno(false, ERANGE, "Failed to create container cgroup"); ops->container_cgroup = move_ptr(container_cgroup); INFO("The container process uses \"%s\" as cgroup", ops->container_cgroup); @@ -1433,6 +1548,9 @@ struct hierarchy *h = ops->hierarchies[i]; int ret; + if (is_unified_hierarchy(h) && handler->clone_flags & CLONE_INTO_CGROUP) + continue; + ret = lxc_writeat(h->cgfd_con, "cgroup.procs", pidstr, len); if (ret != 0) return log_error_errno(false, errno, "Failed to enter cgroup \"%s\"", h->container_full_path); @@ -1553,7 +1671,7 @@ return true; } -__cgfsng_ops void cgfsng_payload_finalize(struct cgroup_ops *ops) +__cgfsng_ops static void cgfsng_payload_finalize(struct cgroup_ops *ops) { if (!ops) return; @@ -1712,11 +1830,21 @@ wants_force_mount = true; } - if (!wants_force_mount){ - if (!lxc_list_empty(&handler->conf->keepcaps)) - wants_force_mount = !in_caplist(CAP_SYS_ADMIN, &handler->conf->keepcaps); - else - wants_force_mount = in_caplist(CAP_SYS_ADMIN, &handler->conf->caps); + if (!wants_force_mount) { + wants_force_mount = lxc_wants_cap(CAP_SYS_ADMIN, handler->conf); + + /* + * Most recent distro versions currently have init system that + * do support cgroup2 but do not mount it by default unless + * explicitly told so even if the host is cgroup2 only. That + * means they often will fail to boot. Fix this by pre-mounting + * cgroup2 by default. We will likely need to be doing this a + * few years until all distros have switched over to cgroup2 at + * which point we can safely assume that their init systems + * will mount it themselves. + */ + if (pure_unified_layout(ops)) + wants_force_mount = true; } has_cgns = cgns_supported(); @@ -1743,9 +1871,17 @@ } /* mount tmpfs */ - ret = safe_mount(NULL, cgroup_root, "tmpfs", - MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, - "size=10240k,mode=755", root); + ret = safe_mount_beneath(root, NULL, DEFAULT_CGROUP_MOUNTPOINT, "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, + "size=10240k,mode=755"); + if (ret < 0) { + if (errno != ENOSYS) + return false; + + ret = safe_mount(NULL, cgroup_root, "tmpfs", + MS_NOSUID | MS_NODEV | MS_NOEXEC | MS_RELATIME, + "size=10240k,mode=755", root); + } if (ret < 0) return false; @@ -1915,7 +2051,11 @@ return LXC_MAINLOOP_CONTINUE; } -static int cg_unified_freeze(struct cgroup_ops *ops, int timeout) +static int cg_unified_freeze_do(struct cgroup_ops *ops, int timeout, + const char *state_string, + int state_num, + const char *epoll_error, + const char *wait_error) { __do_close int fd = -EBADF; call_cleaner(lxc_mainloop_close) struct lxc_epoll_descr *descr_ptr = NULL; @@ -1940,26 +2080,33 @@ ret = lxc_mainloop_open(&descr); if (ret) - return log_error_errno(-1, errno, "Failed to create epoll instance to wait for container freeze"); + return log_error_errno(-1, errno, "%s", epoll_error); /* automatically cleaned up now */ descr_ptr = &descr; - ret = lxc_mainloop_add_handler(&descr, fd, freezer_cgroup_events_cb, INT_TO_PTR((int){1})); + ret = lxc_mainloop_add_handler_events(&descr, fd, EPOLLPRI, freezer_cgroup_events_cb, INT_TO_PTR(state_num)); if (ret < 0) return log_error_errno(-1, errno, "Failed to add cgroup.events fd handler to mainloop"); } - ret = lxc_write_openat(h->container_full_path, "cgroup.freeze", "1", 1); + ret = lxc_write_openat(h->container_full_path, "cgroup.freeze", state_string, 1); if (ret < 0) return log_error_errno(-1, errno, "Failed to open cgroup.freeze file"); if (timeout != 0 && lxc_mainloop(&descr, timeout)) - return log_error_errno(-1, errno, "Failed to wait for container to be frozen"); + return log_error_errno(-1, errno, "%s", wait_error); return 0; } +static int cg_unified_freeze(struct cgroup_ops *ops, int timeout) +{ + return cg_unified_freeze_do(ops, timeout, "1", 1, + "Failed to create epoll instance to wait for container freeze", + "Failed to wait for container to be frozen"); +} + __cgfsng_ops static int cgfsng_freeze(struct cgroup_ops *ops, int timeout) { if (!ops->hierarchies) @@ -1985,47 +2132,9 @@ static int cg_unified_unfreeze(struct cgroup_ops *ops, int timeout) { - __do_close int fd = -EBADF; - call_cleaner(lxc_mainloop_close)struct lxc_epoll_descr *descr_ptr = NULL; - int ret; - struct lxc_epoll_descr descr; - struct hierarchy *h; - - h = ops->unified; - if (!h) - return ret_set_errno(-1, ENOENT); - - if (!h->container_full_path) - return ret_set_errno(-1, EEXIST); - - if (timeout != 0) { - __do_free char *events_file = NULL; - - events_file = must_make_path(h->container_full_path, "cgroup.events", NULL); - fd = open(events_file, O_RDONLY | O_CLOEXEC); - if (fd < 0) - return log_error_errno(-1, errno, "Failed to open cgroup.events file"); - - ret = lxc_mainloop_open(&descr); - if (ret) - return log_error_errno(-1, errno, "Failed to create epoll instance to wait for container unfreeze"); - - /* automatically cleaned up now */ - descr_ptr = &descr; - - ret = lxc_mainloop_add_handler(&descr, fd, freezer_cgroup_events_cb, INT_TO_PTR((int){0})); - if (ret < 0) - return log_error_errno(-1, errno, "Failed to add cgroup.events fd handler to mainloop"); - } - - ret = lxc_write_openat(h->container_full_path, "cgroup.freeze", "0", 1); - if (ret < 0) - return log_error_errno(-1, errno, "Failed to open cgroup.freeze file"); - - if (timeout != 0 && lxc_mainloop(&descr, timeout)) - return log_error_errno(-1, errno, "Failed to wait for container to be unfrozen"); - - return 0; + return cg_unified_freeze_do(ops, timeout, "0", 0, + "Failed to create epoll instance to wait for container unfreeze", + "Failed to wait for container to be unfrozen"); } __cgfsng_ops static int cgfsng_unfreeze(struct cgroup_ops *ops, int timeout) @@ -2039,8 +2148,8 @@ return cg_unified_unfreeze(ops, timeout); } -__cgfsng_ops static const char *cgfsng_get_cgroup(struct cgroup_ops *ops, - const char *controller) +static const char *cgfsng_get_cgroup_do(struct cgroup_ops *ops, + const char *controller, bool limiting) { struct hierarchy *h; @@ -2049,11 +2158,28 @@ return log_warn_errno(NULL, ENOENT, "Failed to find hierarchy for controller \"%s\"", controller ? controller : "(null)"); + if (limiting) + return h->container_limit_path + ? h->container_limit_path + strlen(h->mountpoint) + : NULL; + return h->container_full_path ? h->container_full_path + strlen(h->mountpoint) : NULL; } +__cgfsng_ops static const char *cgfsng_get_cgroup(struct cgroup_ops *ops, + const char *controller) +{ + return cgfsng_get_cgroup_do(ops, controller, false); +} + +__cgfsng_ops static const char *cgfsng_get_limiting_cgroup(struct cgroup_ops *ops, + const char *controller) +{ + return cgfsng_get_cgroup_do(ops, controller, true); +} + /* Given a cgroup path returned from lxc_cmd_get_cgroup_path, build a full path, * which must be freed by the caller. */ @@ -2089,14 +2215,22 @@ do { bool rm = false; - char attach_cgroup[STRLITERALLEN(".lxc-1000/cgroup.procs") + 1]; - char *slash; + char attach_cgroup[STRLITERALLEN(".lxc-/cgroup.procs") + INTTYPE_TO_STRLEN(int) + 1]; + char *slash = attach_cgroup; ret = snprintf(attach_cgroup, sizeof(attach_cgroup), ".lxc-%d/cgroup.procs", idx); if (ret < 0 || (size_t)ret >= sizeof(attach_cgroup)) return ret_errno(EIO); - slash = &attach_cgroup[ret] - STRLITERALLEN("/cgroup.procs"); + /* + * This shouldn't really happen but the compiler might complain + * that a short write would cause a buffer overrun. So be on + * the safe side. + */ + if (ret < STRLITERALLEN(".lxc-/cgroup.procs")) + return log_error_errno(-EINVAL, EINVAL, "Unexpected short write would cause buffer-overrun"); + + slash += (ret - STRLITERALLEN("/cgroup.procs")); *slash = '\0'; ret = mkdirat(unified_fd, attach_cgroup, 0755); @@ -2382,7 +2516,7 @@ if (p) *p = '\0'; - path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); + path = lxc_cmd_get_limiting_cgroup_path(name, lxcpath, controller); /* not running */ if (!path) return -1; @@ -2440,8 +2574,8 @@ device->major = -1; device->minor = -1; device->global_rule = device->allow - ? LXC_BPF_DEVICE_CGROUP_BLACKLIST - : LXC_BPF_DEVICE_CGROUP_WHITELIST; + ? LXC_BPF_DEVICE_CGROUP_DENYLIST + : LXC_BPF_DEVICE_CGROUP_ALLOWLIST; device->allow = -1; return 0; } @@ -2533,7 +2667,7 @@ *p = '\0'; if (pure_unified_layout(ops) && strcmp(controller, "devices") == 0) { - struct device_item device = {0}; + struct device_item device = {}; ret = device_cgroup_rule_parse(&device, key, value); if (ret < 0) @@ -2547,7 +2681,7 @@ return 0; } - path = lxc_cmd_get_cgroup_path(name, lxcpath, controller); + path = lxc_cmd_get_limiting_cgroup_path(name, lxcpath, controller); /* not running */ if (!path) return -1; @@ -2611,9 +2745,6 @@ if (device_cgroup_parse_access(device, mode) < 0) return -1; - if (n_parts == 1) - return ret_set_errno(-1, EINVAL); - ret = stat(path, &sb); if (ret < 0) return ret_set_errno(-1, errno); @@ -2640,7 +2771,7 @@ static int convert_devpath(const char *invalue, char *dest) { - struct device_item device = {0}; + struct device_item device = {}; int ret; ret = device_cgroup_rule_parse_devpath(&device, invalue); @@ -2660,7 +2791,7 @@ * we created the cgroups. */ static int cg_legacy_set_data(struct cgroup_ops *ops, const char *filename, - const char *value) + const char *value, bool is_cpuset) { __do_free char *controller = NULL; char *p; @@ -2686,7 +2817,12 @@ if (!h) return log_error_errno(-ENOENT, ENOENT, "Failed to setup limits for the \"%s\" controller. The controller seems to be unused by \"cgfsng\" cgroup driver or not enabled on the cgroup hierarchy", controller); - return lxc_write_openat(h->container_full_path, filename, value, strlen(value)); + if (is_cpuset) { + int ret = lxc_write_openat(h->container_full_path, filename, value, strlen(value)); + if (ret) + return ret; + } + return lxc_write_openat(h->container_limit_path, filename, value, strlen(value)); } __cgfsng_ops static bool cgfsng_setup_limits_legacy(struct cgroup_ops *ops, @@ -2723,7 +2859,7 @@ cg = iterator->elem; if (do_devices == !strncmp("devices", cg->subsystem, 7)) { - if (cg_legacy_set_data(ops, cg->subsystem, cg->value)) { + if (cg_legacy_set_data(ops, cg->subsystem, cg->value, strncmp("cpuset", cg->subsystem, 6) == 0)) { if (do_devices && (errno == EACCES || errno == EPERM)) { SYSWARN("Failed to set \"%s\" to \"%s\"", cg->subsystem, cg->value); continue; @@ -2755,7 +2891,7 @@ const char *val) { #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX - struct device_item device_item = {0}; + struct device_item device_item = {}; int ret; if (strcmp("devices.allow", key) == 0 && *val == '/') @@ -2792,9 +2928,12 @@ return ret_set_errno(false, EINVAL); conf = handler->conf; - if (lxc_list_empty(&conf->cgroup2)) - return true; cgroup_settings = &conf->cgroup2; + if (lxc_list_empty(cgroup_settings)) + return true; + + if (!pure_unified_layout(ops)) + return log_warn_errno(true, EINVAL, "Ignoring cgroup2 limits on legacy cgroup system"); if (!ops->unified) return false; @@ -2804,25 +2943,20 @@ struct lxc_cgroup *cg = iterator->elem; int ret; - if (strncmp("devices", cg->subsystem, 7) == 0) { - ret = bpf_device_cgroup_prepare(ops, conf, cg->subsystem, - cg->value); - } else { - ret = lxc_write_openat(h->container_full_path, - cg->subsystem, cg->value, - strlen(cg->value)); - if (ret < 0) - return log_error_errno(false, errno, "Failed to set \"%s\" to \"%s\"", - cg->subsystem, cg->value); - } + if (strncmp("devices", cg->subsystem, 7) == 0) + ret = bpf_device_cgroup_prepare(ops, conf, cg->subsystem, cg->value); + else + ret = lxc_write_openat(h->container_limit_path, cg->subsystem, cg->value, strlen(cg->value)); + if (ret < 0) + return log_error_errno(false, errno, "Failed to set \"%s\" to \"%s\"", cg->subsystem, cg->value); + TRACE("Set \"%s\" to \"%s\"", cg->subsystem, cg->value); } return log_info(true, "Limits for the unified cgroup hierarchy have been setup"); } -__cgfsng_ops bool cgfsng_devices_activate(struct cgroup_ops *ops, - struct lxc_handler *handler) +__cgfsng_ops static bool cgfsng_devices_activate(struct cgroup_ops *ops, struct lxc_handler *handler) { #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX __do_bpf_program_free struct bpf_program *devices = NULL; @@ -2884,20 +3018,20 @@ return log_error_errno(false, ENOMEM, "Failed to finalize bpf program"); ret = bpf_program_cgroup_attach(devices, BPF_CGROUP_DEVICE, - unified->container_full_path, + unified->container_limit_path, BPF_F_ALLOW_MULTI); if (ret) return log_error_errno(false, ENOMEM, "Failed to attach bpf program"); /* Replace old bpf program. */ - devices_old = move_ptr(conf->cgroup2_devices); - conf->cgroup2_devices = move_ptr(devices); + devices_old = move_ptr(ops->cgroup2_devices); + ops->cgroup2_devices = move_ptr(devices); devices = move_ptr(devices_old); #endif return true; } -bool __cgfsng_delegate_controllers(struct cgroup_ops *ops, const char *cgroup) +static bool __cgfsng_delegate_controllers(struct cgroup_ops *ops, const char *cgroup) { __do_free char *add_controllers = NULL, *base_path = NULL; __do_free_string_list char **parts = NULL; @@ -2956,7 +3090,7 @@ return true; } -__cgfsng_ops bool cgfsng_monitor_delegate_controllers(struct cgroup_ops *ops) +__cgfsng_ops static bool cgfsng_monitor_delegate_controllers(struct cgroup_ops *ops) { if (!ops) return ret_set_errno(false, ENOENT); @@ -2964,7 +3098,7 @@ return __cgfsng_delegate_controllers(ops, ops->monitor_cgroup); } -__cgfsng_ops bool cgfsng_payload_delegate_controllers(struct cgroup_ops *ops) +__cgfsng_ops static bool cgfsng_payload_delegate_controllers(struct cgroup_ops *ops) { if (!ops) return ret_set_errno(false, ENOENT); @@ -3098,7 +3232,7 @@ mountpoint = cg_hybrid_get_mountpoint(line); if (!mountpoint) { - ERROR("Failed parsing mountpoint from \"%s\"", line); + WARN("Failed parsing mountpoint from \"%s\"", line); continue; } @@ -3107,7 +3241,7 @@ else base_cgroup = cg_hybrid_get_current_cgroup(basecginfo, NULL, CGROUP2_SUPER_MAGIC); if (!base_cgroup) { - ERROR("Failed to find current cgroup"); + WARN("Failed to find current cgroup"); continue; } @@ -3329,6 +3463,7 @@ cgfsng_ops->chown = cgfsng_chown; cgfsng_ops->mount = cgfsng_mount; cgfsng_ops->devices_activate = cgfsng_devices_activate; + cgfsng_ops->get_limiting_cgroup = cgfsng_get_limiting_cgroup; return move_ptr(cgfsng_ops); } diff -Nru lxc-4.0.2/src/lxc/cgroups/cgroup2_devices.c lxc-4.0.6/src/lxc/cgroups/cgroup2_devices.c --- lxc-4.0.2/src/lxc/cgroups/cgroup2_devices.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgroup2_devices.c 2021-01-12 00:20:05.000000000 +0000 @@ -27,6 +27,18 @@ lxc_log_define(cgroup2_devices, cgroup); +#ifndef BPF_LOG_LEVEL1 +#define BPF_LOG_LEVEL1 1 +#endif + +#ifndef BPF_LOG_LEVEL2 +#define BPF_LOG_LEVEL2 2 +#endif + +#ifndef BPF_LOG_LEVEL +#define BPF_LOG_LEVEL (BPF_LOG_LEVEL1 | BPF_LOG_LEVEL2) +#endif + static int bpf_program_add_instructions(struct bpf_program *prog, const struct bpf_insn *instructions, size_t count) @@ -118,29 +130,28 @@ .off = 0, \ .imm = 0}) -static int bpf_access_mask(const char *acc) +static int bpf_access_mask(const char *acc, __u32 *mask) { - int mask = 0; - if (!acc) - return mask; + return 0; - for (; *acc; acc++) + for (; *acc; acc++) { switch (*acc) { case 'r': - mask |= BPF_DEVCG_ACC_READ; + *mask |= BPF_DEVCG_ACC_READ; break; case 'w': - mask |= BPF_DEVCG_ACC_WRITE; + *mask |= BPF_DEVCG_ACC_WRITE; break; case 'm': - mask |= BPF_DEVCG_ACC_MKNOD; + *mask |= BPF_DEVCG_ACC_MKNOD; break; default: return -EINVAL; } + } - return mask; + return 0; } static int bpf_device_type(char type) @@ -157,10 +168,9 @@ return -1; } -static inline bool bpf_device_all_access(int access_mask) +static inline bool bpf_device_all_access(__u32 access_mask) { - return (access_mask == (BPF_DEVCG_ACC_READ | BPF_DEVCG_ACC_WRITE | - BPF_DEVCG_ACC_MKNOD)); + return access_mask == (BPF_DEVCG_ACC_READ | BPF_DEVCG_ACC_WRITE | BPF_DEVCG_ACC_MKNOD); } struct bpf_program *bpf_program_new(uint32_t prog_type) @@ -174,9 +184,9 @@ prog->prog_type = prog_type; prog->kernel_fd = -EBADF; /* - * By default a whitelist is used unless the user tells us otherwise. + * By default a allowlist is used unless the user tells us otherwise. */ - prog->device_list_type = LXC_BPF_DEVICE_CGROUP_WHITELIST; + prog->device_list_type = LXC_BPF_DEVICE_CGROUP_ALLOWLIST; return move_ptr(prog); } @@ -208,7 +218,8 @@ int bpf_program_append_device(struct bpf_program *prog, struct device_item *device) { int jump_nr = 1; - int access_mask, device_type, ret; + __u32 access_mask = 0; + int device_type, ret; struct bpf_insn bpf_access_decision[2]; if (!prog || !device) @@ -220,6 +231,13 @@ return 0; } + ret = bpf_access_mask(device->access, &access_mask); + if (ret < 0) + return log_error_errno(ret, -ret, "Invalid access mask specified %s", device->access); + + if (!bpf_device_all_access(access_mask)) + jump_nr++; + device_type = bpf_device_type(device->type); if (device_type < 0) return log_error_errno(-1, EINVAL, "Invalid bpf cgroup device type %c", device->type); @@ -227,19 +245,17 @@ if (device_type > 0) jump_nr++; - access_mask = bpf_access_mask(device->access); - if (!bpf_device_all_access(access_mask)) - jump_nr += 3; - if (device->major != -1) jump_nr++; if (device->minor != -1) jump_nr++; - if (device_type > 0) { + if (!bpf_device_all_access(access_mask)) { struct bpf_insn ins[] = { - BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--), + BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), + BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask), + BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr--), }; ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); @@ -247,14 +263,11 @@ return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program"); } - if (!bpf_device_all_access(access_mask)) { + if (device_type > 0) { struct bpf_insn ins[] = { - BPF_MOV32_REG(BPF_REG_1, BPF_REG_3), - BPF_ALU32_IMM(BPF_AND, BPF_REG_1, access_mask), - BPF_JMP_REG(BPF_JNE, BPF_REG_1, BPF_REG_3, jump_nr), + BPF_JMP_IMM(BPF_JNE, BPF_REG_2, device_type, jump_nr--), }; - jump_nr -= 3; ret = bpf_program_add_instructions(prog, ins, ARRAY_SIZE(ins)); if (ret) return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program"); @@ -283,7 +296,7 @@ bpf_access_decision[0] = BPF_MOV64_IMM(BPF_REG_0, device->allow); bpf_access_decision[1] = BPF_EXIT_INSN(); ret = bpf_program_add_instructions(prog, bpf_access_decision, - ARRAY_SIZE(bpf_access_decision)); + ARRAY_SIZE(bpf_access_decision)); if (ret) return log_error_errno(-1, errno, "Failed to add instructions to bpf cgroup program"); @@ -298,9 +311,9 @@ return ret_set_errno(-1, EINVAL); TRACE("Implementing %s bpf device cgroup program", - prog->device_list_type == LXC_BPF_DEVICE_CGROUP_BLACKLIST - ? "blacklist" - : "whitelist"); + prog->device_list_type == LXC_BPF_DEVICE_CGROUP_DENYLIST + ? "denylist" + : "allowlist"); ins[0] = BPF_MOV64_IMM(BPF_REG_0, prog->device_list_type); ins[1] = BPF_EXIT_INSN(); @@ -308,29 +321,34 @@ } static int bpf_program_load_kernel(struct bpf_program *prog, char *log_buf, - size_t log_size) + __u32 log_size, __u32 log_level) { union bpf_attr attr; + if ((log_size != 0 && !log_buf) || (log_size == 0 && log_buf)) + return ret_errno(EINVAL); + if (prog->kernel_fd >= 0) { memset(log_buf, 0, log_size); return 0; } attr = (union bpf_attr){ - .prog_type = prog->prog_type, - .insns = PTR_TO_UINT64(prog->instructions), - .insn_cnt = prog->n_instructions, - .license = PTR_TO_UINT64("GPL"), - .log_buf = PTR_TO_UINT64(log_buf), - .log_level = !!log_buf, - .log_size = log_size, + .prog_type = prog->prog_type, + .insns = PTR_TO_UINT64(prog->instructions), + .insn_cnt = prog->n_instructions, + .license = PTR_TO_UINT64("GPL"), + .log_buf = PTR_TO_UINT64(log_buf), + .log_level = log_level, + .log_size = log_size, }; prog->kernel_fd = bpf(BPF_PROG_LOAD, &attr, sizeof(attr)); if (prog->kernel_fd < 0) - return log_error_errno(-1, errno, "Failed to load bpf program"); + return log_error_errno(-1, errno, "Failed to load bpf program: %s", + log_buf ?: "(null)"); + TRACE("Loaded bpf program: %s", log_buf ?: "(null)"); return 0; } @@ -359,7 +377,7 @@ return true; } - ret = bpf_program_load_kernel(prog, NULL, 0); + ret = bpf_program_load_kernel(prog, NULL, 0, 0); if (ret < 0) return log_error_errno(-1, ret, "Failed to load bpf program"); @@ -421,17 +439,18 @@ prog->attached_path); } - free(prog->attached_path); - prog->attached_path = NULL; + TRACE("Detached bpf program from cgroup %s", prog->attached_path); + free_disarm(prog->attached_path); - return 0; + return 0; } -void lxc_clear_cgroup2_devices(struct lxc_conf *conf) +void bpf_device_program_free(struct cgroup_ops *ops) { - if (conf->cgroup2_devices) { - (void)bpf_program_cgroup_detach(conf->cgroup2_devices); - (void)bpf_program_free(conf->cgroup2_devices); + if (ops->cgroup2_devices) { + (void)bpf_program_cgroup_detach(ops->cgroup2_devices); + (void)bpf_program_free(ops->cgroup2_devices); + ops->cgroup2_devices = NULL; } } @@ -450,12 +469,12 @@ if (cur->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE && device->global_rule > LXC_BPF_DEVICE_CGROUP_LOCAL_RULE) { TRACE("Switched from %s to %s", - cur->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST - ? "whitelist" - : "blacklist", - device->global_rule == LXC_BPF_DEVICE_CGROUP_WHITELIST - ? "whitelist" - : "blacklist"); + cur->global_rule == LXC_BPF_DEVICE_CGROUP_ALLOWLIST + ? "allowlist" + : "denylist", + device->global_rule == LXC_BPF_DEVICE_CGROUP_ALLOWLIST + ? "allowlist" + : "denylist"); cur->global_rule = device->global_rule; return 1; } @@ -521,7 +540,7 @@ if (ret < 0) return log_trace(false, "Failed to add new instructions to bpf device cgroup program"); - ret = bpf_program_load_kernel(prog, NULL, 0); + ret = bpf_program_load_kernel(prog, NULL, 0, 0); if (ret < 0) return log_trace(false, "Failed to load new bpf device cgroup program"); diff -Nru lxc-4.0.2/src/lxc/cgroups/cgroup2_devices.h lxc-4.0.6/src/lxc/cgroups/cgroup2_devices.h --- lxc-4.0.2/src/lxc/cgroups/cgroup2_devices.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgroup2_devices.h 2021-01-12 00:20:05.000000000 +0000 @@ -15,6 +15,8 @@ #include #include +#include "cgroup.h" +#include "compiler.h" #include "conf.h" #include "config.h" #include "syscall_numbers.h" @@ -52,17 +54,17 @@ }; #ifdef HAVE_STRUCT_BPF_CGROUP_DEV_CTX -struct bpf_program *bpf_program_new(uint32_t prog_type); -int bpf_program_init(struct bpf_program *prog); -int bpf_program_append_device(struct bpf_program *prog, - struct device_item *device); -int bpf_program_finalize(struct bpf_program *prog); -int bpf_program_cgroup_attach(struct bpf_program *prog, int type, - const char *path, uint32_t flags); -int bpf_program_cgroup_detach(struct bpf_program *prog); -void bpf_program_free(struct bpf_program *prog); -void lxc_clear_cgroup2_devices(struct lxc_conf *conf); -bool bpf_devices_cgroup_supported(void); +__hidden extern struct bpf_program *bpf_program_new(uint32_t prog_type); +__hidden extern int bpf_program_init(struct bpf_program *prog); +__hidden extern int bpf_program_append_device(struct bpf_program *prog, struct device_item *device); +__hidden extern int bpf_program_finalize(struct bpf_program *prog); +__hidden extern int bpf_program_cgroup_attach(struct bpf_program *prog, int type, const char *path, + uint32_t flags); +__hidden extern int bpf_program_cgroup_detach(struct bpf_program *prog); +__hidden extern void bpf_program_free(struct bpf_program *prog); +__hidden extern void bpf_device_program_free(struct cgroup_ops *ops); +__hidden extern bool bpf_devices_cgroup_supported(void); + static inline void __auto_bpf_program_free__(struct bpf_program **prog) { if (*prog) { @@ -70,8 +72,11 @@ *prog = NULL; } } -int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device); + +__hidden extern int bpf_list_add_device(struct lxc_conf *conf, struct device_item *device); + #else /* !HAVE_STRUCT_BPF_CGROUP_DEV_CTX */ + static inline struct bpf_program *bpf_program_new(uint32_t prog_type) { errno = ENOSYS; @@ -115,7 +120,7 @@ { } -static inline void lxc_clear_cgroup2_devices(struct lxc_conf *conf) +static inline void bpf_device_program_free(struct cgroup_ops *ops) { } diff -Nru lxc-4.0.2/src/lxc/cgroups/cgroup.c lxc-4.0.6/src/lxc/cgroups/cgroup.c --- lxc-4.0.2/src/lxc/cgroups/cgroup.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgroup.c 2021-01-12 00:20:05.000000000 +0000 @@ -10,6 +10,7 @@ #include "cgroup.h" #include "cgroup2_devices.h" +#include "compiler.h" #include "conf.h" #include "config.h" #include "initutils.h" @@ -18,7 +19,7 @@ lxc_log_define(cgroup, lxc); -extern struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf); +__hidden extern struct cgroup_ops *cgfsng_ops_init(struct lxc_conf *conf); struct cgroup_ops *cgroup_init(struct lxc_conf *conf) { diff -Nru lxc-4.0.2/src/lxc/cgroups/cgroup.h lxc-4.0.6/src/lxc/cgroups/cgroup.h --- lxc-4.0.2/src/lxc/cgroups/cgroup.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgroup.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,6 +7,7 @@ #include #include +#include "compiler.h" #include "macro.h" #include "memory_utils.h" @@ -54,7 +55,11 @@ * init's cgroup (if root). * * @container_full_path - * - The full path to the containers cgroup. + * - The full path to the container's cgroup. + * + * @container_limit_path + * - The full path to the container's limiting cgroup. May simply point to + * container_full_path. * * @monitor_full_path * - The full path to the monitor's cgroup. @@ -77,15 +82,18 @@ char *mountpoint; char *container_base_path; char *container_full_path; + char *container_limit_path; char *monitor_full_path; int version; /* cgroup2 only */ unsigned int bpf_device_controller:1; - /* monitor cgroup fd */ - int cgfd_con; /* container cgroup fd */ + int cgfd_con; + /* limiting cgroup fd (may be equal to cgfd_con if not separated) */ + int cgfd_limit; + /* monitor cgroup fd */ int cgfd_mon; }; @@ -169,21 +177,30 @@ bool (*monitor_delegate_controllers)(struct cgroup_ops *ops); bool (*payload_delegate_controllers)(struct cgroup_ops *ops); void (*payload_finalize)(struct cgroup_ops *ops); + const char *(*get_limiting_cgroup)(struct cgroup_ops *ops, const char *controller); }; -extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf); +__hidden extern struct cgroup_ops *cgroup_init(struct lxc_conf *conf); -extern void cgroup_exit(struct cgroup_ops *ops); +__hidden extern void cgroup_exit(struct cgroup_ops *ops); define_cleanup_function(struct cgroup_ops *, cgroup_exit); -extern void prune_init_scope(char *cg); +__hidden extern void prune_init_scope(char *cg); -extern int cgroup_attach(const struct lxc_conf *conf, const char *name, - const char *lxcpath, pid_t pid); +__hidden extern int cgroup_attach(const struct lxc_conf *conf, const char *name, + const char *lxcpath, pid_t pid); static inline bool pure_unified_layout(const struct cgroup_ops *ops) { return ops->cgroup_layout == CGROUP_LAYOUT_UNIFIED; } -#endif +static inline int cgroup_unified_fd(const struct cgroup_ops *ops) +{ + if (!ops->unified) + return -EBADF; + + return ops->unified->cgfd_con; +} + +#endif /* __LXC_CGROUP_H */ diff -Nru lxc-4.0.2/src/lxc/cgroups/cgroup_utils.h lxc-4.0.6/src/lxc/cgroups/cgroup_utils.h --- lxc-4.0.2/src/lxc/cgroups/cgroup_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cgroups/cgroup_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,26 +6,28 @@ #include #include +#include "compiler.h" + /* Retrieve the cgroup version of a given entry from /proc//mountinfo. */ -extern int get_cgroup_version(char *line); +__hidden extern int get_cgroup_version(char *line); /* Check if given entry from /proc//mountinfo is a cgroupfs v1 mount. */ -extern bool is_cgroupfs_v1(char *line); +__hidden extern bool is_cgroupfs_v1(char *line); /* Check if given entry from /proc//mountinfo is a cgroupfs v2 mount. */ -extern bool is_cgroupfs_v2(char *line); +__hidden extern bool is_cgroupfs_v2(char *line); /* Given a v1 hierarchy @mountpoint and base @path, verify that we can create * directories underneath it. */ -extern bool test_writeable_v1(char *mountpoint, char *path); +__hidden extern bool test_writeable_v1(char *mountpoint, char *path); /* Given a v2 hierarchy @mountpoint and base @path, verify that we can create * directories underneath it and that we have write access to the cgroup's * "cgroup.procs" file. */ -extern bool test_writeable_v2(char *mountpoint, char *path); +__hidden extern bool test_writeable_v2(char *mountpoint, char *path); -extern int unified_cgroup_hierarchy(void); +__hidden extern int unified_cgroup_hierarchy(void); #endif /* __LXC_CGROUP_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/cmd/lxc-checkconfig.in lxc-4.0.6/src/lxc/cmd/lxc-checkconfig.in --- lxc-4.0.2/src/lxc/cmd/lxc-checkconfig.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cmd/lxc-checkconfig.in 2021-01-12 00:20:05.000000000 +0000 @@ -52,6 +52,8 @@ fi } +echo "LXC version $(lxc-start --version)" + if [ ! -f $CONFIG ]; then echo "Kernel configuration not found at $CONFIG; searching..." KVER="`uname -r`" diff -Nru lxc-4.0.2/src/lxc/cmd/lxc_init.c lxc-4.0.6/src/lxc/cmd/lxc_init.c --- lxc-4.0.2/src/lxc/cmd/lxc_init.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cmd/lxc_init.c 2021-01-12 00:20:05.000000000 +0000 @@ -28,7 +28,7 @@ #include "initutils.h" #include "memory_utils.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "string_utils.h" /* option keys for long only options */ @@ -479,7 +479,7 @@ break; } default: - ret = kill(pid, was_interrupted); + kill(pid, was_interrupted); break; } ret = EXIT_SUCCESS; diff -Nru lxc-4.0.2/src/lxc/cmd/lxc_monitord.c lxc-4.0.6/src/lxc/cmd/lxc_monitord.c --- lxc-4.0.2/src/lxc/cmd/lxc_monitord.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cmd/lxc_monitord.c 2021-01-12 00:20:05.000000000 +0000 @@ -28,7 +28,7 @@ #include "log.h" #include "mainloop.h" #include "monitor.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "utils.h" #define CLIENTFDS_CHUNK 64 diff -Nru lxc-4.0.2/src/lxc/cmd/lxc_user_nic.c lxc-4.0.6/src/lxc/cmd/lxc_user_nic.c --- lxc-4.0.2/src/lxc/cmd/lxc_user_nic.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cmd/lxc_user_nic.c 2021-01-12 00:20:05.000000000 +0000 @@ -35,8 +35,9 @@ #include "log.h" #include "memory_utils.h" #include "network.h" +#include "nl.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "string_utils.h" #include "syscall_wrappers.h" #include "utils.h" diff -Nru lxc-4.0.2/src/lxc/cmd/lxc_usernsexec.c lxc-4.0.6/src/lxc/cmd/lxc_usernsexec.c --- lxc-4.0.2/src/lxc/cmd/lxc_usernsexec.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/cmd/lxc_usernsexec.c 2021-01-12 00:20:05.000000000 +0000 @@ -20,6 +20,7 @@ #include #include +#include "compiler.h" #include "conf.h" #include "config.h" #include "list.h" @@ -31,7 +32,7 @@ #include "syscall_wrappers.h" #include "utils.h" -extern int lxc_log_fd; +__hidden extern int lxc_log_fd; static void usage(const char *name) { @@ -61,7 +62,7 @@ fd = open(tty, O_RDWR | O_NONBLOCK); if (fd < 0) { - CMD_SYSERROR("Failed to open tty"); + CMD_SYSINFO("Failed to open tty"); return; } @@ -87,11 +88,11 @@ int ret; char **argv = (char **)vargv; - /* Assume we want to become root */ - if (!lxc_switch_uid_gid(0, 0)) + if (!lxc_setgroups(0, NULL) && errno != EPERM) return -1; - if (!lxc_setgroups(0, NULL)) + /* Assume we want to become root */ + if (!lxc_switch_uid_gid(0, 0)) return -1; ret = unshare(CLONE_NEWNS); @@ -103,7 +104,7 @@ if (detect_shared_rootfs()) { ret = mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL); if (ret < 0) { - CMD_SYSINFO("Failed to make \"/\" rslave"); + CMD_SYSINFO("Failed to recursively turn root mount tree into dependent mount"); return -1; } } diff -Nru lxc-4.0.2/src/lxc/commands.c lxc-4.0.6/src/lxc/commands.c --- lxc-4.0.2/src/lxc/commands.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/commands.c 2021-01-12 00:20:05.000000000 +0000 @@ -84,6 +84,10 @@ [LXC_CMD_UNFREEZE] = "unfreeze", [LXC_CMD_GET_CGROUP2_FD] = "get_cgroup2_fd", [LXC_CMD_GET_INIT_PIDFD] = "get_init_pidfd", + [LXC_CMD_GET_LIMITING_CGROUP] = "get_limiting_cgroup", + [LXC_CMD_GET_LIMITING_CGROUP2_FD] = "get_limiting_cgroup2_fd", + [LXC_CMD_GET_DEVPTS_FD] = "get_devpts_fd", + [LXC_CMD_GET_SECCOMP_NOTIFY_FD] = "get_seccomp_notify_fd", }; if (cmd >= LXC_CMD_MAX) @@ -106,7 +110,7 @@ * stored directly in data and datalen will be 0. * * As a special case, the response for LXC_CMD_CONSOLE is created - * here as it contains an fd for the master pty passed through the + * here as it contains an fd for the ptx pty passed through the * unix socket. */ static int lxc_cmd_rsp_recv(int sock, struct lxc_cmd_rr *cmd) @@ -137,12 +141,14 @@ ENOMEM, "Failed to receive response for command \"%s\"", lxc_cmd_str(cmd->req.cmd)); - rspdata->masterfd = move_fd(fd_rsp); + rspdata->ptxfd = move_fd(fd_rsp); rspdata->ttynum = PTR_TO_INT(rsp->data); rsp->data = rspdata; } - if (cmd->req.cmd == LXC_CMD_GET_CGROUP2_FD) { + if (cmd->req.cmd == LXC_CMD_GET_CGROUP2_FD || + cmd->req.cmd == LXC_CMD_GET_LIMITING_CGROUP2_FD) + { int cgroup2_fd = move_fd(fd_rsp); rsp->data = INT_TO_PTR(cgroup2_fd); } @@ -152,6 +158,16 @@ rsp->data = INT_TO_PTR(init_pidfd); } + if (cmd->req.cmd == LXC_CMD_GET_DEVPTS_FD) { + int devpts_fd = move_fd(fd_rsp); + rsp->data = INT_TO_PTR(devpts_fd); + } + + if (cmd->req.cmd == LXC_CMD_GET_SECCOMP_NOTIFY_FD) { + int seccomp_notify_fd = move_fd(fd_rsp); + rsp->data = INT_TO_PTR(seccomp_notify_fd); + } + if (rsp->datalen == 0) return log_debug(ret, "Response data length for command \"%s\" is 0", @@ -443,6 +459,91 @@ return 0; } +int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath) +{ + int ret, stopped; + struct lxc_cmd_rr cmd = { + .req = { + .cmd = LXC_CMD_GET_DEVPTS_FD, + }, + }; + + ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); + if (ret < 0) + return log_debug_errno(-1, errno, "Failed to process devpts fd command"); + + if (cmd.rsp.ret < 0) + return log_debug_errno(-EBADF, errno, "Failed to receive devpts fd"); + + return PTR_TO_INT(cmd.rsp.data); +} + +static int lxc_cmd_get_devpts_fd_callback(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ + struct lxc_cmd_rsp rsp = { + .ret = 0, + }; + int ret; + + if (!handler->conf || handler->conf->devpts_fd < 0) { + rsp.ret = -EBADF; + ret = lxc_abstract_unix_send_fds(fd, NULL, 0, &rsp, sizeof(rsp)); + } else { + ret = lxc_abstract_unix_send_fds(fd, &handler->conf->devpts_fd, 1, &rsp, sizeof(rsp)); + } + if (ret < 0) + return log_error(LXC_CMD_REAP_CLIENT_FD, "Failed to send devpts fd"); + + return 0; +} + +int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath) +{ +#if HAVE_DECL_SECCOMP_NOTIFY_FD + int ret, stopped; + struct lxc_cmd_rr cmd = { + .req = { + .cmd = LXC_CMD_GET_SECCOMP_NOTIFY_FD, + }, + }; + + ret = lxc_cmd(name, &cmd, &stopped, lxcpath, NULL); + if (ret < 0) + return log_debug_errno(-1, errno, "Failed to process seccomp notify fd command"); + + if (cmd.rsp.ret < 0) + return log_debug_errno(-EBADF, errno, "Failed to receive seccomp notify fd"); + + return PTR_TO_INT(cmd.rsp.data); +#else + return ret_errno(EOPNOTSUPP); +#endif +} + +static int lxc_cmd_get_seccomp_notify_fd_callback(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ +#if HAVE_DECL_SECCOMP_NOTIFY_FD + struct lxc_cmd_rsp rsp = { + .ret = 0, + }; + int ret; + + if (!handler->conf || handler->conf->seccomp.notifier.notify_fd < 0) + rsp.ret = -EBADF; + ret = lxc_abstract_unix_send_fds(fd, &handler->conf->seccomp.notifier.notify_fd, 1, &rsp, sizeof(rsp)); + if (ret < 0) + return log_error(LXC_CMD_REAP_CLIENT_FD, "Failed to send seccomp notify fd"); + + return 0; +#else + return ret_errno(EOPNOTSUPP); +#endif +} + /* * lxc_cmd_get_clone_flags: Get clone flags container was spawned with * @@ -483,25 +584,14 @@ return 0; } -/* - * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a - * particular subsystem. This is the cgroup path relative to the root - * of the cgroup filesystem. - * - * @name : name of container to connect to - * @lxcpath : the lxcpath in which the container is running - * @subsystem : the subsystem being asked about - * - * Returns the path on success, NULL on failure. The caller must free() the - * returned path. - */ -char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath, - const char *subsystem) +static char *lxc_cmd_get_cgroup_path_do(const char *name, const char *lxcpath, + const char *subsystem, + lxc_cmd_t command) { int ret, stopped; struct lxc_cmd_rr cmd = { .req = { - .cmd = LXC_CMD_GET_CGROUP, + .cmd = command, .data = subsystem, .datalen = 0, }, @@ -516,8 +606,21 @@ if (ret < 0) return NULL; - if (ret == 0) + if (ret == 0) { + if (command == LXC_CMD_GET_LIMITING_CGROUP) { + /* + * This may indicate that the container was started + * under an ealier version before + * `cgroup_advanced_isolation` as implemented, there + * it sees an unknown command and just closes the + * socket, sending us an EOF. + */ + return lxc_cmd_get_cgroup_path_do(name, lxcpath, + subsystem, + LXC_CMD_GET_CGROUP); + } return NULL; + } if (cmd.rsp.ret < 0 || cmd.rsp.datalen < 0) return NULL; @@ -525,24 +628,72 @@ return cmd.rsp.data; } -static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req, - struct lxc_handler *handler, - struct lxc_epoll_descr *descr) +/* + * lxc_cmd_get_cgroup_path: Calculate a container's cgroup path for a + * particular subsystem. This is the cgroup path relative to the root + * of the cgroup filesystem. + * + * @name : name of container to connect to + * @lxcpath : the lxcpath in which the container is running + * @subsystem : the subsystem being asked about + * + * Returns the path on success, NULL on failure. The caller must free() the + * returned path. + */ +char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath, + const char *subsystem) +{ + return lxc_cmd_get_cgroup_path_do(name, lxcpath, subsystem, + LXC_CMD_GET_CGROUP); +} + +/* + * lxc_cmd_get_limiting_cgroup_path: Calculate a container's limiting cgroup + * path for a particular subsystem. This is the cgroup path relative to the + * root of the cgroup filesystem. This may be the same as the path returned by + * lxc_cmd_get_cgroup_path if the container doesn't have a limiting path prefix + * set. + * + * @name : name of container to connect to + * @lxcpath : the lxcpath in which the container is running + * @subsystem : the subsystem being asked about + * + * Returns the path on success, NULL on failure. The caller must free() the + * returned path. + */ +char *lxc_cmd_get_limiting_cgroup_path(const char *name, const char *lxcpath, + const char *subsystem) +{ + return lxc_cmd_get_cgroup_path_do(name, lxcpath, subsystem, + LXC_CMD_GET_LIMITING_CGROUP); +} + +static int lxc_cmd_get_cgroup_callback_do(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr, + bool limiting_cgroup) { int ret; const char *path; + const void *reqdata; struct lxc_cmd_rsp rsp; struct cgroup_ops *cgroup_ops = handler->cgroup_ops; + const char *(*get_fn)(struct cgroup_ops *ops, const char *controller); if (req->datalen > 0) { ret = validate_string_request(fd, req); if (ret != 0) return ret; - - path = cgroup_ops->get_cgroup(cgroup_ops, req->data); + reqdata = req->data; } else { - path = cgroup_ops->get_cgroup(cgroup_ops, NULL); + reqdata = NULL; } + + get_fn = (limiting_cgroup ? cgroup_ops->get_limiting_cgroup + : cgroup_ops->get_cgroup); + + path = get_fn(cgroup_ops, reqdata); + if (!path) return -1; @@ -557,6 +708,20 @@ return 0; } +static int lxc_cmd_get_cgroup_callback(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ + return lxc_cmd_get_cgroup_callback_do(fd, req, handler, descr, false); +} + +static int lxc_cmd_get_limiting_cgroup_callback(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ + return ret_errno(ENOSYS); +} + /* * lxc_cmd_get_config_item: Get config item the running container * @@ -732,12 +897,11 @@ else TRACE("Sent signal %d to pidfd %d", stopsignal, handler->pid); - rsp.ret = cgroup_ops->unfreeze(cgroup_ops, -1); - if (!rsp.ret) - return 0; + ret = cgroup_ops->unfreeze(cgroup_ops, -1); + if (ret) + WARN("Failed to unfreeze container \"%s\"", handler->name); - ERROR("Failed to unfreeze container \"%s\"", handler->name); - rsp.ret = -errno; + return 0; } else { rsp.ret = -errno; } @@ -776,7 +940,7 @@ * @name : name of container to connect to * @ttynum : in: the tty to open or -1 for next available * : out: the tty allocated - * @fd : out: file descriptor for master side of pty + * @fd : out: file descriptor for ptx side of pty * @lxcpath : the lxcpath in which the container is running * * Returns fd holding tty allocated on success, < 0 on failure @@ -803,11 +967,11 @@ if (ret == 0) return log_error(-1, "tty number %d invalid, busy or all ttys busy", *ttynum); - if (rspdata->masterfd < 0) + if (rspdata->ptxfd < 0) return log_error(-1, "Unable to allocate fd for tty %d", rspdata->ttynum); ret = cmd.rsp.ret; /* socket fd */ - *fd = rspdata->masterfd; + *fd = rspdata->ptxfd; *ttynum = rspdata->ttynum; return log_info(ret, "Alloced fd %d for tty %d via socket %d", *fd, rspdata->ttynum, ret); @@ -817,17 +981,17 @@ struct lxc_handler *handler, struct lxc_epoll_descr *descr) { - int masterfd, ret; + int ptxfd, ret; struct lxc_cmd_rsp rsp; int ttynum = PTR_TO_INT(req->data); - masterfd = lxc_terminal_allocate(handler->conf, fd, &ttynum); - if (masterfd < 0) + ptxfd = lxc_terminal_allocate(handler->conf, fd, &ttynum); + if (ptxfd < 0) return LXC_CMD_REAP_CLIENT_FD; memset(&rsp, 0, sizeof(rsp)); rsp.data = INT_TO_PTR(ttynum); - ret = lxc_abstract_unix_send_fds(fd, &masterfd, 1, &rsp, sizeof(rsp)); + ret = lxc_abstract_unix_send_fds(fd, &ptxfd, 1, &rsp, sizeof(rsp)); if (ret < 0) { lxc_terminal_free(handler->conf, fd); return log_error_errno(LXC_CMD_REAP_CLIENT_FD, errno, @@ -1034,7 +1198,8 @@ __do_bpf_program_free struct bpf_program *devices = NULL; struct lxc_cmd_rsp rsp = {0}; struct lxc_conf *conf = handler->conf; - struct hierarchy *unified = handler->cgroup_ops->unified; + struct cgroup_ops *cgroup_ops = handler->cgroup_ops; + struct hierarchy *unified = cgroup_ops->unified; int ret; struct lxc_list *it; struct device_item *device; @@ -1085,8 +1250,8 @@ goto respond; /* Replace old bpf program. */ - devices_old = move_ptr(conf->cgroup2_devices); - conf->cgroup2_devices = move_ptr(devices); + devices_old = move_ptr(cgroup_ops->cgroup2_devices); + cgroup_ops->cgroup2_devices = move_ptr(devices); devices = move_ptr(devices_old); rsp.ret = 0; @@ -1366,28 +1531,47 @@ return PTR_TO_INT(cmd.rsp.data); } -static int lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req, - struct lxc_handler *handler, - struct lxc_epoll_descr *descr) +static int lxc_cmd_get_cgroup2_fd_callback_do(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr, + bool limiting_cgroup) { struct lxc_cmd_rsp rsp = { .ret = -EINVAL, }; struct cgroup_ops *ops = handler->cgroup_ops; - int ret; + int ret, send_fd; if (!pure_unified_layout(ops) || !ops->unified) return lxc_cmd_rsp_send(fd, &rsp); + send_fd = limiting_cgroup ? ops->unified->cgfd_limit + : ops->unified->cgfd_con; + rsp.ret = 0; - ret = lxc_abstract_unix_send_fds(fd, &ops->unified->cgfd_con, 1, &rsp, - sizeof(rsp)); + ret = lxc_abstract_unix_send_fds(fd, &send_fd, 1, &rsp, sizeof(rsp)); if (ret < 0) return log_error(LXC_CMD_REAP_CLIENT_FD, "Failed to send cgroup2 fd"); return 0; } +static int lxc_cmd_get_cgroup2_fd_callback(int fd, struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ + return lxc_cmd_get_cgroup2_fd_callback_do(fd, req, handler, descr, + false); +} + +static int lxc_cmd_get_limiting_cgroup2_fd_callback(int fd, + struct lxc_cmd_req *req, + struct lxc_handler *handler, + struct lxc_epoll_descr *descr) +{ + return ret_errno(ENOSYS); +} + static int lxc_cmd_process(int fd, struct lxc_cmd_req *req, struct lxc_handler *handler, struct lxc_epoll_descr *descr) @@ -1415,10 +1599,14 @@ [LXC_CMD_UNFREEZE] = lxc_cmd_unfreeze_callback, [LXC_CMD_GET_CGROUP2_FD] = lxc_cmd_get_cgroup2_fd_callback, [LXC_CMD_GET_INIT_PIDFD] = lxc_cmd_get_init_pidfd_callback, + [LXC_CMD_GET_LIMITING_CGROUP] = lxc_cmd_get_limiting_cgroup_callback, + [LXC_CMD_GET_LIMITING_CGROUP2_FD] = lxc_cmd_get_limiting_cgroup2_fd_callback, + [LXC_CMD_GET_DEVPTS_FD] = lxc_cmd_get_devpts_fd_callback, + [LXC_CMD_GET_SECCOMP_NOTIFY_FD] = lxc_cmd_get_seccomp_notify_fd_callback, }; if (req->cmd >= LXC_CMD_MAX) - return log_error_errno(-1, ENOENT, "Undefined command id %d", req->cmd); + return log_trace_errno(-1, EINVAL, "Invalid command id %d", req->cmd); return cb[req->cmd](fd, req, handler, descr); } diff -Nru lxc-4.0.2/src/lxc/commands.h lxc-4.0.6/src/lxc/commands.h --- lxc-4.0.2/src/lxc/commands.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/commands.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,6 +7,7 @@ #include #include +#include "compiler.h" #include "lxccontainer.h" #include "macro.h" #include "state.h" @@ -38,6 +39,10 @@ LXC_CMD_UNFREEZE, LXC_CMD_GET_CGROUP2_FD, LXC_CMD_GET_INIT_PIDFD, + LXC_CMD_GET_LIMITING_CGROUP, + LXC_CMD_GET_LIMITING_CGROUP2_FD, + LXC_CMD_GET_DEVPTS_FD, + LXC_CMD_GET_SECCOMP_NOTIFY_FD, LXC_CMD_MAX, } lxc_cmd_t; @@ -59,7 +64,7 @@ }; struct lxc_cmd_console_rsp_data { - int masterfd; + int ptxfd; int ttynum; }; @@ -71,23 +76,23 @@ }; -extern int lxc_cmd_terminal_winch(const char *name, const char *lxcpath); -extern int lxc_cmd_console(const char *name, int *ttynum, int *fd, - const char *lxcpath); +__hidden extern int lxc_cmd_terminal_winch(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_console(const char *name, int *ttynum, int *fd, const char *lxcpath); /* * Get the 'real' cgroup path (as seen in /proc/self/cgroup) for a container * for a particular subsystem */ -extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath, - const char *subsystem); -extern int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath); -extern char *lxc_cmd_get_config_item(const char *name, const char *item, const char *lxcpath); -extern char *lxc_cmd_get_name(const char *hashed_sock); -extern char *lxc_cmd_get_lxcpath(const char *hashed_sock); -extern pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath); -extern int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath); -extern int lxc_cmd_get_state(const char *name, const char *lxcpath); -extern int lxc_cmd_stop(const char *name, const char *lxcpath); +__hidden extern char *lxc_cmd_get_cgroup_path(const char *name, const char *lxcpath, + const char *subsystem); +__hidden extern int lxc_cmd_get_clone_flags(const char *name, const char *lxcpath); +__hidden extern char *lxc_cmd_get_config_item(const char *name, const char *item, + const char *lxcpath); +__hidden extern char *lxc_cmd_get_name(const char *hashed_sock); +__hidden extern char *lxc_cmd_get_lxcpath(const char *hashed_sock); +__hidden extern pid_t lxc_cmd_get_init_pid(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_get_init_pidfd(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_get_state(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_stop(const char *name, const char *lxcpath); /* lxc_cmd_add_state_client Register a new state client fd in the container's * in-memory handler. @@ -102,32 +107,34 @@ * via socket fd * < MAX_STATE current container state */ -extern int lxc_cmd_add_state_client(const char *name, const char *lxcpath, - lxc_state_t states[MAX_STATE], - int *state_client_fd); -extern int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath, - lxc_state_t state); +__hidden extern int lxc_cmd_add_state_client(const char *name, const char *lxcpath, + lxc_state_t states[MAX_STATE], int *state_client_fd); +__hidden extern int lxc_cmd_serve_state_clients(const char *name, const char *lxcpath, + lxc_state_t state); struct lxc_epoll_descr; struct lxc_handler; -extern int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix); -extern int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr, - struct lxc_handler *handler); -extern int lxc_try_cmd(const char *name, const char *lxcpath); -extern int lxc_cmd_console_log(const char *name, const char *lxcpath, - struct lxc_console_log *log); -extern int lxc_cmd_seccomp_notify_add_listener(const char *name, - const char *lxcpath, - int fd, - /* unused */ unsigned int command, - /* unused */ unsigned int flags); +__hidden extern int lxc_cmd_init(const char *name, const char *lxcpath, const char *suffix); +__hidden extern int lxc_cmd_mainloop_add(const char *name, struct lxc_epoll_descr *descr, + struct lxc_handler *handler); +__hidden extern int lxc_try_cmd(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_console_log(const char *name, const char *lxcpath, + struct lxc_console_log *log); +__hidden extern int lxc_cmd_get_seccomp_notify_fd(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_seccomp_notify_add_listener(const char *name, const char *lxcpath, int fd, + /* unused */ unsigned int command, + /* unused */ unsigned int flags); struct device_item; -extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath, - struct device_item *device); -extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout); -extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout); -extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_add_bpf_device_cgroup(const char *name, const char *lxcpath, + struct device_item *device); +__hidden extern int lxc_cmd_freeze(const char *name, const char *lxcpath, int timeout); +__hidden extern int lxc_cmd_unfreeze(const char *name, const char *lxcpath, int timeout); +__hidden extern int lxc_cmd_get_cgroup2_fd(const char *name, const char *lxcpath); +__hidden extern char *lxc_cmd_get_limiting_cgroup_path(const char *name, const char *lxcpath, + const char *subsystem); +__hidden extern int lxc_cmd_get_limiting_cgroup2_fd(const char *name, const char *lxcpath); +__hidden extern int lxc_cmd_get_devpts_fd(const char *name, const char *lxcpath); #endif /* __commands_h */ diff -Nru lxc-4.0.2/src/lxc/commands_utils.c lxc-4.0.6/src/lxc/commands_utils.c --- lxc-4.0.2/src/lxc/commands_utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/commands_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -62,7 +62,7 @@ ret = lxc_cmd_add_state_client(name, lxcpath, states, &state_client_fd); if (ret < 0) - return ret_errno(EINVAL); + return -errno; if (ret < MAX_STATE) return ret; diff -Nru lxc-4.0.2/src/lxc/commands_utils.h lxc-4.0.6/src/lxc/commands_utils.h --- lxc-4.0.2/src/lxc/commands_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/commands_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -8,11 +8,9 @@ #include "state.h" #include "commands.h" -int lxc_make_abstract_socket_name(char *path, size_t pathlen, - const char *lxcname, - const char *lxcpath, - const char *hashed_sock_name, - const char *suffix); +__hidden extern int lxc_make_abstract_socket_name(char *path, size_t pathlen, const char *lxcname, + const char *lxcpath, const char *hashed_sock_name, + const char *suffix); /* lxc_cmd_sock_get_state Register a new state client fd in the container's * in-memory handler and retrieve the requested @@ -24,8 +22,8 @@ * @return Return < 0 on error * < MAX_STATE current container state */ -extern int lxc_cmd_sock_get_state(const char *name, const char *lxcpath, - lxc_state_t states[MAX_STATE], int timeout); +__hidden extern int lxc_cmd_sock_get_state(const char *name, const char *lxcpath, + lxc_state_t states[MAX_STATE], int timeout); /* lxc_cmd_sock_rcv_state Retrieve the requested state from a state client * fd registerd in the container's in-memory @@ -36,7 +34,7 @@ * @return Return < 0 on error * < MAX_STATE current container state */ -extern int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout); +__hidden extern int lxc_cmd_sock_rcv_state(int state_client_fd, int timeout); /* lxc_add_state_client Add a new state client to the container's * in-memory handler. @@ -48,9 +46,8 @@ * @return Return < 0 on error * 0 on success */ -extern int lxc_add_state_client(int state_client_fd, - struct lxc_handler *handler, - lxc_state_t states[MAX_STATE]); +__hidden extern int lxc_add_state_client(int state_client_fd, struct lxc_handler *handler, + lxc_state_t states[MAX_STATE]); /* lxc_cmd_connect Connect to the container's command socket. * @@ -62,7 +59,7 @@ * @return Return < 0 on error * >= 0 client fd */ -extern int lxc_cmd_connect(const char *name, const char *lxcpath, - const char *hashed_sock_name, const char *suffix); +__hidden extern int lxc_cmd_connect(const char *name, const char *lxcpath, + const char *hashed_sock_name, const char *suffix); #endif /* __LXC_COMMANDS_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/compiler.h lxc-4.0.6/src/lxc/compiler.h --- lxc-4.0.2/src/lxc/compiler.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/compiler.h 2021-01-12 00:20:05.000000000 +0000 @@ -57,4 +57,30 @@ #define __cgfsng_ops +/* access attribute */ +#define __access_r(x, y) +#define __access_w(x, y) +#define __access_rw(x, y) + +#ifdef __has_attribute +#if __has_attribute(access) +#undef __access_r +#define __access_r(x, y) __attribute__((access(read_only, x, y))) + +#undef __access_w +#define __access_w(x, y) __attribute__((access(write_only, x, y))) + +#undef __access_rw +#define __access_rw(x, y) __attribute__((access(read_write, x, y))) +#endif +#endif + +#ifndef __hidden +#define __hidden __attribute__((visibility("hidden"))) +#endif + +#ifndef __public +#define __public __attribute__((visibility("default"))) +#endif + #endif /* __LXC_COMPILER_H */ diff -Nru lxc-4.0.2/src/lxc/conf.c lxc-4.0.6/src/lxc/conf.c --- lxc-4.0.2/src/lxc/conf.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/conf.c 2021-01-12 00:20:05.000000000 +0000 @@ -36,7 +36,6 @@ #include "af_unix.h" #include "caps.h" #include "cgroup.h" -#include "cgroup2_devices.h" #include "conf.h" #include "config.h" #include "confile.h" @@ -48,10 +47,11 @@ #include "lxcseccomp.h" #include "macro.h" #include "memory_utils.h" +#include "mount_utils.h" #include "namespace.h" #include "network.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "ringbuf.h" #include "start.h" #include "storage.h" @@ -69,7 +69,7 @@ #include #endif -#if HAVE_PTY_H +#if HAVE_OPENPTY #include #else #include <../include/openpty.h> @@ -181,56 +181,47 @@ static struct caps_opt caps_opt[] = { #if HAVE_LIBCAP - { "chown", CAP_CHOWN }, - { "dac_override", CAP_DAC_OVERRIDE }, - { "dac_read_search", CAP_DAC_READ_SEARCH }, - { "fowner", CAP_FOWNER }, - { "fsetid", CAP_FSETID }, - { "kill", CAP_KILL }, - { "setgid", CAP_SETGID }, - { "setuid", CAP_SETUID }, - { "setpcap", CAP_SETPCAP }, - { "linux_immutable", CAP_LINUX_IMMUTABLE }, - { "net_bind_service", CAP_NET_BIND_SERVICE }, - { "net_broadcast", CAP_NET_BROADCAST }, - { "net_admin", CAP_NET_ADMIN }, - { "net_raw", CAP_NET_RAW }, - { "ipc_lock", CAP_IPC_LOCK }, - { "ipc_owner", CAP_IPC_OWNER }, - { "sys_module", CAP_SYS_MODULE }, - { "sys_rawio", CAP_SYS_RAWIO }, - { "sys_chroot", CAP_SYS_CHROOT }, - { "sys_ptrace", CAP_SYS_PTRACE }, - { "sys_pacct", CAP_SYS_PACCT }, - { "sys_admin", CAP_SYS_ADMIN }, - { "sys_boot", CAP_SYS_BOOT }, - { "sys_nice", CAP_SYS_NICE }, - { "sys_resource", CAP_SYS_RESOURCE }, - { "sys_time", CAP_SYS_TIME }, - { "sys_tty_config", CAP_SYS_TTY_CONFIG }, - { "mknod", CAP_MKNOD }, - { "lease", CAP_LEASE }, -#ifdef CAP_AUDIT_READ - { "audit_read", CAP_AUDIT_READ }, -#endif -#ifdef CAP_AUDIT_WRITE - { "audit_write", CAP_AUDIT_WRITE }, -#endif -#ifdef CAP_AUDIT_CONTROL - { "audit_control", CAP_AUDIT_CONTROL }, -#endif - { "setfcap", CAP_SETFCAP }, - { "mac_override", CAP_MAC_OVERRIDE }, - { "mac_admin", CAP_MAC_ADMIN }, -#ifdef CAP_SYSLOG - { "syslog", CAP_SYSLOG }, -#endif -#ifdef CAP_WAKE_ALARM - { "wake_alarm", CAP_WAKE_ALARM }, -#endif -#ifdef CAP_BLOCK_SUSPEND - { "block_suspend", CAP_BLOCK_SUSPEND }, -#endif + { "chown", CAP_CHOWN }, + { "dac_override", CAP_DAC_OVERRIDE }, + { "dac_read_search", CAP_DAC_READ_SEARCH }, + { "fowner", CAP_FOWNER }, + { "fsetid", CAP_FSETID }, + { "kill", CAP_KILL }, + { "setgid", CAP_SETGID }, + { "setuid", CAP_SETUID }, + { "setpcap", CAP_SETPCAP }, + { "linux_immutable", CAP_LINUX_IMMUTABLE }, + { "net_bind_service", CAP_NET_BIND_SERVICE }, + { "net_broadcast", CAP_NET_BROADCAST }, + { "net_admin", CAP_NET_ADMIN }, + { "net_raw", CAP_NET_RAW }, + { "ipc_lock", CAP_IPC_LOCK }, + { "ipc_owner", CAP_IPC_OWNER }, + { "sys_module", CAP_SYS_MODULE }, + { "sys_rawio", CAP_SYS_RAWIO }, + { "sys_chroot", CAP_SYS_CHROOT }, + { "sys_ptrace", CAP_SYS_PTRACE }, + { "sys_pacct", CAP_SYS_PACCT }, + { "sys_admin", CAP_SYS_ADMIN }, + { "sys_boot", CAP_SYS_BOOT }, + { "sys_nice", CAP_SYS_NICE }, + { "sys_resource", CAP_SYS_RESOURCE }, + { "sys_time", CAP_SYS_TIME }, + { "sys_tty_config", CAP_SYS_TTY_CONFIG }, + { "mknod", CAP_MKNOD }, + { "lease", CAP_LEASE }, + { "audit_write", CAP_AUDIT_WRITE }, + { "audit_control", CAP_AUDIT_CONTROL }, + { "setfcap", CAP_SETFCAP }, + { "mac_override", CAP_MAC_OVERRIDE }, + { "mac_admin", CAP_MAC_ADMIN }, + { "syslog", CAP_SYSLOG }, + { "wake_alarm", CAP_WAKE_ALARM }, + { "block_suspend", CAP_BLOCK_SUSPEND }, + { "audit_read", CAP_AUDIT_READ }, + { "perfmon", CAP_PERFMON }, + { "bpf", CAP_BPF }, + { "checkpoint_restore", CAP_CHECKPOINT_RESTORE }, #endif }; @@ -615,6 +606,7 @@ const char *fstype; unsigned long flags; const char *options; + bool requires_cap_net_admin; } default_mounts[] = { /* Read-only bind-mounting... In older kernels, doing that * required to do one MS_BIND mount and then @@ -628,27 +620,28 @@ * it's busy... MS_REMOUNT|MS_BIND|MS_RDONLY seems to work for * kernels as low as 2.6.32... */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, /* proc/tty is used as a temporary placeholder for proc/sys/net which we'll move back in a few steps */ - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, - { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL }, - { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL }, - { 0, 0, NULL, NULL, NULL, 0, NULL } + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/tty", NULL, MS_BIND, NULL, 1 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL, 0 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/tty", "%r/proc/sys/net", NULL, MS_MOVE, NULL, 1 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL, 0 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, + { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW, "sysfs", "%r/sys", "sysfs", 0, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO, "sysfs", "%r/sys", "sysfs", MS_RDONLY, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys", "sysfs", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys", "%r/sys", NULL, MS_BIND, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "sysfs", "%r/sys/devices/virtual/net", "sysfs", 0, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, "%r/sys/devices/virtual/net/devices/virtual/net", "%r/sys/devices/virtual/net", NULL, MS_BIND, NULL, 0 }, + { LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED, NULL, "%r/sys/devices/virtual/net", NULL, MS_REMOUNT|MS_BIND|MS_NOSUID|MS_NODEV|MS_NOEXEC, NULL, 0 }, + { 0, 0, NULL, NULL, NULL, 0, NULL, 0 } }; - for (i = 0; default_mounts[i].match_mask; i++) { + bool has_cap_net_admin = lxc_wants_cap(CAP_NET_ADMIN, conf); + for (i = 0; default_mounts[i].match_mask; i++) { __do_free char *destination = NULL, *source = NULL; int saved_errno; unsigned long mflags; @@ -665,6 +658,11 @@ if (!default_mounts[i].destination) return log_error(-1, "BUG: auto mounts destination %d was NULL", i); + if (!has_cap_net_admin && default_mounts[i].requires_cap_net_admin) { + TRACE("Container does not have CAP_NET_ADMIN. Skipping \"%s\" mount", default_mounts[i].source ?: "(null)"); + continue; + } + /* will act like strdup if %r is not present */ destination = lxc_string_replace("%r", conf->rootfs.path ? conf->rootfs.mount : "", default_mounts[i].destination); if (!destination) @@ -903,7 +901,7 @@ define_cleanup_function(struct lxc_tty_info *, lxc_delete_tty); -int lxc_allocate_ttys(struct lxc_conf *conf) +static int lxc_allocate_ttys(struct lxc_conf *conf) { struct lxc_terminal_info *tty_new = NULL; int ret; @@ -921,33 +919,33 @@ for (size_t i = 0; i < ttys->max; i++) { struct lxc_terminal_info *tty = &ttys->tty[i]; - tty->master = -EBADF; - tty->slave = -EBADF; - ret = openpty(&tty->master, &tty->slave, NULL, NULL, NULL); + tty->ptx = -EBADF; + tty->pty = -EBADF; + ret = openpty(&tty->ptx, &tty->pty, NULL, NULL, NULL); if (ret < 0) { ttys->max = i; return log_error_errno(-ENOTTY, ENOTTY, "Failed to create tty %zu", i); } - ret = ttyname_r(tty->slave, tty->name, sizeof(tty->name)); + ret = ttyname_r(tty->pty, tty->name, sizeof(tty->name)); if (ret < 0) { ttys->max = i; - return log_error_errno(-ENOTTY, ENOTTY, "Failed to retrieve name of tty %zu slave", i); + return log_error_errno(-ENOTTY, ENOTTY, "Failed to retrieve name of tty %zu pty", i); } - DEBUG("Created tty \"%s\" with master fd %d and slave fd %d", - tty->name, tty->master, tty->slave); + DEBUG("Created tty \"%s\" with ptx fd %d and pty fd %d", + tty->name, tty->ptx, tty->pty); /* Prevent leaking the file descriptors to the container */ - ret = fd_cloexec(tty->master, true); + ret = fd_cloexec(tty->ptx, true); if (ret < 0) - SYSWARN("Failed to set FD_CLOEXEC flag on master fd %d of tty device \"%s\"", - tty->master, tty->name); + SYSWARN("Failed to set FD_CLOEXEC flag on ptx fd %d of tty device \"%s\"", + tty->ptx, tty->name); - ret = fd_cloexec(tty->slave, true); + ret = fd_cloexec(tty->pty, true); if (ret < 0) - SYSWARN("Failed to set FD_CLOEXEC flag on slave fd %d of tty device \"%s\"", - tty->slave, tty->name); + SYSWARN("Failed to set FD_CLOEXEC flag on pty fd %d of tty device \"%s\"", + tty->pty, tty->name); tty->busy = -1; } @@ -964,8 +962,8 @@ for (int i = 0; i < ttys->max; i++) { struct lxc_terminal_info *tty = &ttys->tty[i]; - close_prot_errno_disarm(tty->master); - close_prot_errno_disarm(tty->slave); + close_prot_errno_disarm(tty->ptx); + close_prot_errno_disarm(tty->pty); } free_disarm(ttys->tty); @@ -986,15 +984,15 @@ int ttyfds[2]; struct lxc_terminal_info *tty = &ttys->tty[i]; - ttyfds[0] = tty->master; - ttyfds[1] = tty->slave; + ttyfds[0] = tty->ptx; + ttyfds[1] = tty->pty; ret = lxc_abstract_unix_send_fds(sock, ttyfds, 2, NULL, 0); if (ret < 0) break; - TRACE("Sent tty \"%s\" with master fd %d and slave fd %d to parent", - tty->name, tty->master, tty->slave); + TRACE("Sent tty \"%s\" with ptx fd %d and pty fd %d to parent", + tty->name, tty->ptx, tty->pty); } if (ret < 0) @@ -1050,50 +1048,50 @@ static int mount_autodev(const char *name, const struct lxc_rootfs *rootfs, int autodevtmpfssize, const char *lxcpath) { - __do_free char *path = NULL; + const char *path = rootfs->path ? rootfs->mount : NULL; int ret; - size_t clen; mode_t cur_mask; char mount_options[128]; INFO("Preparing \"/dev\""); - /* $(rootfs->mount) + "/dev/pts" + '\0' */ - clen = (rootfs->path ? strlen(rootfs->mount) : 0) + 9; - path = must_realloc(NULL, clen); sprintf(mount_options, "size=%d,mode=755", (autodevtmpfssize != 0) ? autodevtmpfssize : 500000); DEBUG("Using mount options: %s", mount_options); - ret = snprintf(path, clen, "%s/dev", rootfs->path ? rootfs->mount : ""); - if (ret < 0 || (size_t)ret >= clen) - return -1; - cur_mask = umask(S_IXUSR | S_IXGRP | S_IXOTH); - ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); + ret = mkdirat(rootfs->mntpt_fd, "dev" , S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); if (ret < 0 && errno != EEXIST) { SYSERROR("Failed to create \"/dev\" directory"); ret = -errno; goto reset_umask; } - ret = safe_mount("none", path, "tmpfs", 0, mount_options, - rootfs->path ? rootfs->mount : NULL ); + ret = safe_mount_beneath_at(rootfs->mntpt_fd, "none", "dev", "tmpfs", 0, mount_options); if (ret < 0) { - SYSERROR("Failed to mount tmpfs on \"%s\"", path); - goto reset_umask; - } - TRACE("Mounted tmpfs on \"%s\"", path); + __do_free char *fallback_path = NULL; - ret = snprintf(path, clen, "%s/dev/pts", rootfs->path ? rootfs->mount : ""); - if (ret < 0 || (size_t)ret >= clen) { - ret = -1; - goto reset_umask; + if (errno != ENOSYS) { + SYSERROR("Failed to mount tmpfs on \"%s\"", path); + goto reset_umask; + } + + if (path) { + fallback_path = must_make_path(path, "/dev", NULL); + ret = safe_mount("none", fallback_path, "tmpfs", 0, mount_options, path); + } else { + ret = safe_mount("none", "dev", "tmpfs", 0, mount_options, NULL); + } + if (ret < 0) { + SYSERROR("Failed to mount tmpfs on \"%s\"", path); + goto reset_umask; + } } + TRACE("Mounted tmpfs on \"%s\"", path); /* If we are running on a devtmpfs mapping, dev/pts may already exist. * If not, then create it and exit if that fails... */ - ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); + ret = mkdirat(rootfs->mntpt_fd, "dev/pts", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); if (ret < 0 && errno != EEXIST) { SYSERROR("Failed to create directory \"%s\"", path); ret = -errno; @@ -1135,39 +1133,33 @@ static int lxc_fill_autodev(const struct lxc_rootfs *rootfs) { + __do_close int dev_dir_fd = -EBADF; int i, ret; - char path[PATH_MAX]; mode_t cmask; int use_mknod = LXC_DEVNODE_MKNOD; - ret = snprintf(path, PATH_MAX, "%s/dev", - rootfs->path ? rootfs->mount : ""); - if (ret < 0 || ret >= PATH_MAX) - return -1; - /* ignore, just don't try to fill in */ - if (!dir_exists(path)) + if (!exists_dir_at(rootfs->mntpt_fd, "dev")) return 0; + dev_dir_fd = openat(rootfs->mntpt_fd, "dev/", O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH | O_NOFOLLOW); + if (dev_dir_fd < 0) + return -errno; + INFO("Populating \"/dev\""); cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH); for (i = 0; i < sizeof(lxc_devices) / sizeof(lxc_devices[0]); i++) { - char hostpath[PATH_MAX]; + char hostpath[PATH_MAX], path[PATH_MAX]; const struct lxc_device_node *device = &lxc_devices[i]; - ret = snprintf(path, PATH_MAX, "%s/dev/%s", - rootfs->path ? rootfs->mount : "", device->name); - if (ret < 0 || ret >= PATH_MAX) - return -1; - if (use_mknod >= LXC_DEVNODE_MKNOD) { - ret = mknod(path, device->mode, makedev(device->maj, device->min)); + ret = mknodat(dev_dir_fd, device->name, device->mode, makedev(device->maj, device->min)); if (ret == 0 || (ret < 0 && errno == EEXIST)) { - DEBUG("Created device node \"%s\"", path); + DEBUG("Created device node \"%s\"", device->name); } else if (ret < 0) { if (errno != EPERM) - return log_error_errno(-1, errno, "Failed to create device node \"%s\"", path); + return log_error_errno(-1, errno, "Failed to create device node \"%s\"", device->name); use_mknod = LXC_DEVNODE_BIND; } @@ -1177,19 +1169,19 @@ continue; if (use_mknod == LXC_DEVNODE_MKNOD) { + __do_close int fd = -EBADF; /* See * - https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=55956b59df336f6738da916dbb520b6e37df9fbd * - https://lists.linuxfoundation.org/pipermail/containers/2018-June/039176.html */ - ret = open(path, O_RDONLY | O_CLOEXEC); - if (ret >= 0) { - close_prot_errno_disarm(ret); + fd = openat(dev_dir_fd, device->name, O_RDONLY | O_CLOEXEC); + if (fd >= 0) { /* Device nodes are fully useable. */ use_mknod = LXC_DEVNODE_OPEN; continue; } - SYSTRACE("Failed to open \"%s\" device", path); + SYSTRACE("Failed to open \"%s\" device", device->name); /* Device nodes are only partially useable. */ use_mknod = LXC_DEVNODE_PARTIAL; } @@ -1200,22 +1192,29 @@ * nodes the prio mknod() call will have created the * device node so we can use it as a bind-mount target. */ - ret = mknod(path, S_IFREG | 0000, 0); + ret = mknodat(dev_dir_fd, device->name, S_IFREG | 0000, 0); if (ret < 0 && errno != EEXIST) - return log_error_errno(-1, errno, "Failed to create file \"%s\"", path); + return log_error_errno(-1, errno, "Failed to create file \"%s\"", device->name); } /* Fallback to bind-mounting the device from the host. */ - ret = snprintf(hostpath, PATH_MAX, "/dev/%s", device->name); - if (ret < 0 || ret >= PATH_MAX) - return -1; + ret = snprintf(hostpath, sizeof(hostpath), "/dev/%s", device->name); + if (ret < 0 || (size_t)ret >= sizeof(hostpath)) + return ret_errno(EIO); - ret = safe_mount(hostpath, path, 0, MS_BIND, NULL, - rootfs->path ? rootfs->mount : NULL); + ret = safe_mount_beneath_at(dev_dir_fd, hostpath, device->name, NULL, MS_BIND, NULL); + if (ret < 0) { + const char *mntpt = rootfs->path ? rootfs->mount : NULL; + if (errno == ENOSYS) { + ret = snprintf(path, sizeof(path), "%s/dev/%s", mntpt, device->name); + if (ret < 0 || ret >= sizeof(path)) + return log_error(-1, "Failed to create device path for %s", device->name); + ret = safe_mount(hostpath, path, 0, MS_BIND, NULL, rootfs->path ? rootfs->mount : NULL); + } + } if (ret < 0) - return log_error_errno(-1, errno, "Failed to bind mount host device node \"%s\" onto \"%s\"", - hostpath, path); - DEBUG("Bind mounted host device node \"%s\" onto \"%s\"", hostpath, path); + return log_error_errno(-1, errno, "Failed to bind mount host device node \"%s\" onto \"%s\"", hostpath, device->name); + DEBUG("Bind mounted host device node \"%s\" onto \"%s\"", hostpath, device->name); } (void)umask(cmask); @@ -1227,12 +1226,16 @@ { int ret; struct lxc_storage *bdev; - const struct lxc_rootfs *rootfs = &conf->rootfs; + struct lxc_rootfs *rootfs = &conf->rootfs; if (!rootfs->path) { ret = mount("", "/", NULL, MS_SLAVE | MS_REC, 0); if (ret < 0) - return log_error_errno(-1, errno, "Failed to remount \"/\" MS_REC | MS_SLAVE"); + return log_error_errno(-1, errno, "Failed to recursively turn root mount tree into dependent mount"); + + rootfs->mntpt_fd = openat(-1, "/", O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH); + if (rootfs->mntpt_fd < 0) + return -errno; return 0; } @@ -1259,10 +1262,14 @@ rootfs->path, rootfs->mount, rootfs->options ? rootfs->options : "(null)"); + rootfs->mntpt_fd = openat(-1, rootfs->mount, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH); + if (rootfs->mntpt_fd < 0) + return -errno; + return 0; } -int lxc_chroot(const struct lxc_rootfs *rootfs) +static int lxc_chroot(const struct lxc_rootfs *rootfs) { __do_free char *nroot = NULL; int i, ret; @@ -1409,12 +1416,12 @@ if (ret < 0) return log_error_errno(-1, errno, "Failed to enter old root directory"); - /* Make oldroot rslave to make sure our umounts don't propagate to the + /* Make oldroot a depedent mount to make sure our umounts don't propagate to the * host. */ ret = mount("", ".", "", MS_SLAVE | MS_REC, NULL); if (ret < 0) - return log_error_errno(-1, errno, "Failed to make oldroot rslave"); + return log_error_errno(-1, errno, "Failed to recursively turn old root mount tree into dependent mount"); ret = umount2(".", MNT_DETACH); if (ret < 0) @@ -1471,13 +1478,32 @@ return retmap; } -static int lxc_setup_devpts(struct lxc_conf *conf) +int lxc_setup_devpts_parent(struct lxc_handler *handler) +{ + int ret; + + if (handler->conf->pty_max <= 0) + return 0; + + ret = lxc_abstract_unix_recv_fds(handler->data_sock[1], &handler->conf->devpts_fd, 1, + &handler->conf->devpts_fd, sizeof(handler->conf->devpts_fd)); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to receive devpts fd from child"); + + TRACE("Received devpts file descriptor %d from child", handler->conf->devpts_fd); + return 0; +} + +static int lxc_setup_devpts_child(struct lxc_handler *handler) { + __do_close int devpts_fd = -EBADF; int ret; char **opts; char devpts_mntopts[256]; char *mntopt_sets[5]; char default_devpts_mntopts[256] = "gid=5,newinstance,ptmxmode=0666,mode=0620"; + struct lxc_conf *conf = handler->conf; + int sock = handler->data_sock[0]; if (conf->pty_max <= 0) return log_debug(0, "No new devpts instance will be mounted since no pts devices are requested"); @@ -1520,6 +1546,19 @@ return log_error_errno(-1, errno, "Failed to mount new devpts instance"); DEBUG("Mount new devpts instance with options \"%s\"", *opts); + devpts_fd = openat(-EBADF, "/dev/pts", O_CLOEXEC | O_DIRECTORY | O_PATH | O_NOFOLLOW); + if (devpts_fd < 0) { + devpts_fd = -EBADF; + TRACE("Failed to create detached devpts mount"); + ret = lxc_abstract_unix_send_fds(sock, NULL, 0, &devpts_fd, sizeof(int)); + } else { + ret = lxc_abstract_unix_send_fds(sock, &devpts_fd, 1, NULL, 0); + } + if (ret < 0) + return log_error_errno(-1, errno, "Failed to send devpts fd to parent"); + + TRACE("Sent devpts file descriptor %d to parent", devpts_fd); + /* Remove any pre-existing /dev/ptmx file. */ ret = remove("/dev/ptmx"); if (ret < 0) { @@ -1552,8 +1591,8 @@ ret = symlink("/dev/pts/ptmx", "/dev/ptmx"); if (ret < 0) return log_error_errno(-1, errno, "Failed to create symlink from \"/dev/ptmx\" to \"/dev/pts/ptmx\""); - DEBUG("Created symlink from \"/dev/ptmx\" to \"/dev/pts/ptmx\""); + DEBUG("Created symlink from \"/dev/ptmx\" to \"/dev/pts/ptmx\""); return 0; } @@ -1575,24 +1614,31 @@ return 0; } +static inline bool wants_console(const struct lxc_terminal *terminal) +{ + return !terminal->path || strcmp(terminal->path, "none"); +} + static int lxc_setup_dev_console(const struct lxc_rootfs *rootfs, - const struct lxc_terminal *console) + const struct lxc_terminal *console, + int pty_mnt_fd) { int ret; char path[PATH_MAX]; char *rootfs_path = rootfs->path ? rootfs->mount : ""; - if (console->path && !strcmp(console->path, "none")) + if (!wants_console(console)) return 0; - ret = snprintf(path, sizeof(path), "%s/dev/console", rootfs_path); - if (ret < 0 || (size_t)ret >= sizeof(path)) - return -1; - - /* When we are asked to setup a console we remove any previous + /* + * When we are asked to setup a console we remove any previous * /dev/console bind-mounts. */ - if (file_exists(path)) { + if (exists_file_at(rootfs->dev_mntpt_fd, "console")) { + ret = snprintf(path, sizeof(path), "%s/dev/console", rootfs_path); + if (ret < 0 || (size_t)ret >= sizeof(path)) + return -1; + ret = lxc_unstack_mountpoint(path, false); if (ret < 0) return log_error_errno(-ret, errno, "Failed to unmount \"%s\"", path); @@ -1600,34 +1646,58 @@ DEBUG("Cleared all (%d) mounts from \"%s\"", ret, path); } - /* For unprivileged containers autodev or automounts will already have + /* + * For unprivileged containers autodev or automounts will already have * taken care of creating /dev/console. */ - ret = mknod(path, S_IFREG | 0000, 0); + ret = mknodat(rootfs->dev_mntpt_fd, "console", S_IFREG | 0000, 0); if (ret < 0 && errno != EEXIST) return log_error_errno(-errno, errno, "Failed to create console"); - ret = fchmod(console->slave, S_IXUSR | S_IXGRP); + ret = fchmod(console->pty, S_IXUSR | S_IXGRP); if (ret < 0) return log_error_errno(-errno, errno, "Failed to set mode \"0%o\" to \"%s\"", S_IXUSR | S_IXGRP, console->name); - ret = safe_mount(console->name, path, "none", MS_BIND, 0, rootfs_path); - if (ret < 0) - return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, path); + if (pty_mnt_fd >= 0) { + ret = move_mount(pty_mnt_fd, "", rootfs->dev_mntpt_fd, "console", MOVE_MOUNT_F_EMPTY_PATH); + if (!ret) { + DEBUG("Moved mount \"%s\" onto \"%s\"", console->name, path); + goto finish; + } + + if (ret && errno != ENOSYS) + return log_error_errno(-1, errno, + "Failed to mount %d(%s) on \"%s\"", + pty_mnt_fd, console->name, path); + } - DEBUG("Mounted pts device \"%s\" onto \"%s\"", console->name, path); + ret = safe_mount_beneath_at(rootfs->dev_mntpt_fd, console->name, "console", NULL, MS_BIND, NULL); + if (ret < 0) { + if (errno == ENOSYS) { + ret = snprintf(path, sizeof(path), "%s/dev/console", rootfs_path); + if (ret < 0 || (size_t)ret >= sizeof(path)) + return -1; + + ret = safe_mount(console->name, path, "none", MS_BIND, NULL, rootfs_path); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pty_mnt_fd, console->name, path); + } + } + +finish: + DEBUG("Mounted pty device %d(%s) onto \"%s\"", pty_mnt_fd, console->name, path); return 0; } static int lxc_setup_ttydir_console(const struct lxc_rootfs *rootfs, const struct lxc_terminal *console, - char *ttydir) + char *ttydir, int pty_mnt_fd) { int ret; char path[PATH_MAX], lxcpath[PATH_MAX]; char *rootfs_path = rootfs->path ? rootfs->mount : ""; - if (console->path && !strcmp(console->path, "none")) + if (!wants_console(console)) return 0; /* create rootfs/dev/ directory */ @@ -1664,16 +1734,30 @@ if (ret < 0 && errno != EEXIST) return log_error_errno(-errno, errno, "Failed to create console"); - ret = fchmod(console->slave, S_IXUSR | S_IXGRP); + ret = fchmod(console->pty, S_IXUSR | S_IXGRP); if (ret < 0) return log_error_errno(-errno, errno, "Failed to set mode \"0%o\" to \"%s\"", S_IXUSR | S_IXGRP, console->name); /* bind mount console->name to '/dev//console' */ + if (pty_mnt_fd >= 0) { + ret = move_mount(pty_mnt_fd, "", -EBADF, lxcpath, MOVE_MOUNT_F_EMPTY_PATH); + if (!ret) { + DEBUG("Moved mount \"%s\" onto \"%s\"", console->name, lxcpath); + goto finish; + } + + if (ret && errno != ENOSYS) + return log_error_errno(-1, errno, + "Failed to mount %d(%s) on \"%s\"", + pty_mnt_fd, console->name, lxcpath); + } + ret = safe_mount(console->name, lxcpath, "none", MS_BIND, 0, rootfs_path); if (ret < 0) - return log_error_errno(-1, errno, "Failed to mount \"%s\" on \"%s\"", console->name, lxcpath); + return log_error_errno(-1, errno, "Failed to mount %d(%s) on \"%s\"", pty_mnt_fd, console->name, lxcpath); DEBUG("Mounted \"%s\" onto \"%s\"", console->name, lxcpath); +finish: /* bind mount '/dev//console' to '/dev/console' */ ret = safe_mount(lxcpath, path, "none", MS_BIND, 0, rootfs_path); if (ret < 0) @@ -1685,13 +1769,14 @@ } static int lxc_setup_console(const struct lxc_rootfs *rootfs, - const struct lxc_terminal *console, char *ttydir) + const struct lxc_terminal *console, char *ttydir, + int pty_mnt_fd) { if (!ttydir) - return lxc_setup_dev_console(rootfs, console); + return lxc_setup_dev_console(rootfs, console, pty_mnt_fd); - return lxc_setup_ttydir_console(rootfs, console, ttydir); + return lxc_setup_ttydir_console(rootfs, console, ttydir, pty_mnt_fd); } static int parse_mntopt(char *opt, unsigned long *flags, char **data, size_t size) @@ -2122,8 +2207,7 @@ return mount_entry_on_generic(mntent, path, rootfs, lxc_name, lxc_path); } -static int mount_file_entries(const struct lxc_conf *conf, - const struct lxc_rootfs *rootfs, FILE *file, +static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, const char *lxc_name, const char *lxc_path) { char buf[PATH_MAX]; @@ -2172,7 +2256,7 @@ if (!f) return log_error_errno(-1, errno, "Failed to open \"%s\"", fstab); - ret = mount_file_entries(conf, rootfs, f, lxc_name, lxc_path); + ret = mount_file_entries(rootfs, f, lxc_name, lxc_path); if (ret < 0) ERROR("Failed to set up mount entries"); @@ -2259,7 +2343,7 @@ if (!f) return -1; - return mount_file_entries(conf, rootfs, f, lxc_name, lxc_path); + return mount_file_entries(rootfs, f, lxc_name, lxc_path); } static int parse_cap(const char *cap) @@ -2509,10 +2593,10 @@ new->console.path = NULL; new->console.peer = -1; new->console.proxy.busy = -1; - new->console.proxy.master = -1; - new->console.proxy.slave = -1; - new->console.master = -1; - new->console.slave = -1; + new->console.proxy.ptx = -1; + new->console.proxy.pty = -1; + new->console.ptx = -1; + new->console.pty = -1; new->console.name[0] = '\0'; memset(&new->console.ringbuf, 0, sizeof(struct lxc_ringbuf)); new->maincmd_fd = -1; @@ -2524,6 +2608,8 @@ return NULL; } new->rootfs.managed = true; + new->rootfs.mntpt_fd = -EBADF; + new->rootfs.dev_mntpt_fd = -EBADF; new->logfd = -1; lxc_list_init(&new->cgroup); lxc_list_init(&new->cgroup2); @@ -2664,7 +2750,7 @@ return 1; } -int lxc_map_ids_exec_wrapper(void *args) +static int lxc_map_ids_exec_wrapper(void *args) { execl("/bin/sh", "sh", "-c", (char *)args, (char *)NULL); return -1; @@ -2791,11 +2877,11 @@ return 0; } -/* Return the host uid/gid to which the container root is mapped in val. +/* + * Return the host uid/gid to which the container root is mapped in val. * Return true if id was found, false otherwise. */ -static bool get_mapped_rootid(const struct lxc_conf *conf, enum idtype idtype, - unsigned long *val) +static id_t get_mapped_rootid(const struct lxc_conf *conf, enum idtype idtype) { unsigned nsid; struct id_map *map; @@ -2812,11 +2898,13 @@ continue; if (map->nsid != nsid) continue; - *val = map->hostid; - return true; + return map->hostid; } - return false; + if (idtype == ID_TYPE_UID) + return LXC_INVALID_UID; + + return LXC_INVALID_GID; } int mapped_hostid(unsigned id, const struct lxc_conf *conf, enum idtype idtype) @@ -2857,131 +2945,8 @@ return freeid; } -int chown_mapped_root_exec_wrapper(void *args) -{ - execvp("lxc-usernsexec", args); - return -1; -} - -/* chown_mapped_root: for an unprivileged user with uid/gid X to - * chown a dir to subuid/subgid Y, he needs to run chown as root - * in a userns where nsid 0 is mapped to hostuid/hostgid Y, and - * nsid Y is mapped to hostuid/hostgid X. That way, the container - * root is privileged with respect to hostuid/hostgid X, allowing - * him to do the chown. - */ -int chown_mapped_root(const char *path, const struct lxc_conf *conf) -{ - uid_t rootuid, rootgid; - unsigned long val; - int hostuid, hostgid, ret; - struct stat sb; - char map1[100], map2[100], map3[100], map4[100], map5[100]; - char ugid[100]; - const char *args1[] = {"lxc-usernsexec", - "-m", map1, - "-m", map2, - "-m", map3, - "-m", map5, - "--", "chown", ugid, path, - NULL}; - const char *args2[] = {"lxc-usernsexec", - "-m", map1, - "-m", map2, - "-m", map3, - "-m", map4, - "-m", map5, - "--", "chown", ugid, path, - NULL}; - char cmd_output[PATH_MAX]; - - hostuid = geteuid(); - hostgid = getegid(); - - if (!get_mapped_rootid(conf, ID_TYPE_UID, &val)) - return log_error(-1, "No uid mapping for container root"); - rootuid = (uid_t)val; - - if (!get_mapped_rootid(conf, ID_TYPE_GID, &val)) - return log_error(-1, "No gid mapping for container root"); - rootgid = (gid_t)val; - - if (hostuid == 0) { - if (chown(path, rootuid, rootgid) < 0) - return log_error(-1, "Error chowning %s", path); - - return 0; - } - - /* nothing to do */ - if (rootuid == hostuid) - return log_info(0, "Container root is our uid; no need to chown"); - - /* save the current gid of "path" */ - if (stat(path, &sb) < 0) - return log_error(-1, "Error stat %s", path); - - /* Update the path argument in case this was overlayfs. */ - args1[sizeof(args1) / sizeof(args1[0]) - 2] = path; - args2[sizeof(args2) / sizeof(args2[0]) - 2] = path; - - /* - * A file has to be group-owned by a gid mapped into the - * container, or the container won't be privileged over it. - */ - DEBUG("trying to chown \"%s\" to %d", path, hostgid); - if (sb.st_uid == hostuid && - mapped_hostid(sb.st_gid, conf, ID_TYPE_GID) < 0 && - chown(path, -1, hostgid) < 0) - return log_error(-1, "Failed chgrping %s", path); - - /* "u:0:rootuid:1" */ - ret = snprintf(map1, 100, "u:0:%d:1", rootuid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error uid printing map string"); - - /* "u:hostuid:hostuid:1" */ - ret = snprintf(map2, 100, "u:%d:%d:1", hostuid, hostuid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error uid printing map string"); - - /* "g:0:rootgid:1" */ - ret = snprintf(map3, 100, "g:0:%d:1", rootgid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error gid printing map string"); - - /* "g:pathgid:rootgid+pathgid:1" */ - ret = snprintf(map4, 100, "g:%d:%d:1", (gid_t)sb.st_gid, - rootgid + (gid_t)sb.st_gid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error gid printing map string"); - - /* "g:hostgid:hostgid:1" */ - ret = snprintf(map5, 100, "g:%d:%d:1", hostgid, hostgid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error gid printing map string"); - - /* "0:pathgid" (chown) */ - ret = snprintf(ugid, 100, "0:%d", (gid_t)sb.st_gid); - if (ret < 0 || ret >= 100) - return log_error(-1, "Error owner printing format string for chown"); - - if (hostgid == sb.st_gid) - ret = run_command(cmd_output, sizeof(cmd_output), - chown_mapped_root_exec_wrapper, - (void *)args1); - else - ret = run_command(cmd_output, sizeof(cmd_output), - chown_mapped_root_exec_wrapper, - (void *)args2); - if (ret < 0) - ERROR("lxc-usernsexec failed: %s", cmd_output); - - return ret; -} - /* NOTE: Must not be called from inside the container namespace! */ -int lxc_create_tmp_proc_mount(struct lxc_conf *conf) +static int lxc_create_tmp_proc_mount(struct lxc_conf *conf) { int mounted; @@ -3007,15 +2972,15 @@ lxc_conf->tmp_umount_proc = false; } -/* Walk /proc/mounts and change any shared entries to slave. */ -void remount_all_slave(void) +/* Walk /proc/mounts and change any shared entries to dependent mounts. */ +void turn_into_dependent_mounts(void) { __do_free char *line = NULL; __do_fclose FILE *f = NULL; __do_close int memfd = -EBADF, mntinfo_fd = -EBADF; - int ret; - ssize_t copied; size_t len = 0; + ssize_t copied; + int ret; mntinfo_fd = open("/proc/self/mountinfo", O_RDONLY | O_CLOEXEC); if (mntinfo_fd < 0) { @@ -3039,12 +3004,8 @@ } } -again: - copied = lxc_sendfile_nointr(memfd, mntinfo_fd, NULL, LXC_SENDFILE_MAX); + copied = fd_to_fd(mntinfo_fd, memfd); if (copied < 0) { - if (errno == EINTR) - goto again; - SYSERROR("Failed to copy \"/proc/self/mountinfo\""); return; } @@ -3085,13 +3046,12 @@ null_endofword(target); ret = mount(NULL, target, NULL, MS_SLAVE, NULL); if (ret < 0) { - SYSERROR("Failed to make \"%s\" MS_SLAVE", target); - ERROR("Continuing..."); + SYSERROR("Failed to recursively turn old root mount tree into dependent mount. Continuing..."); continue; } - TRACE("Remounted \"%s\" as MS_SLAVE", target); + TRACE("Recursively turned old root mount tree into dependent mount"); } - TRACE("Remounted all mount table entries as MS_SLAVE"); + TRACE("Turned all mount table entries into dependent mount"); } static int lxc_execute_bind_init(struct lxc_handler *handler) @@ -3164,10 +3124,14 @@ if (ret < 0) return log_error(-1, "Failed to bind mount container / onto itself"); + conf->rootfs.mntpt_fd = openat(-EBADF, path, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH | O_NOCTTY); + if (conf->rootfs.mntpt_fd < 0) + return log_error_errno(-errno, errno, "Failed to open file descriptor for container rootfs"); + return log_trace(0, "Bind mounted container / onto itself"); } - remount_all_slave(); + turn_into_dependent_mounts(); ret = run_lxc_hooks(name, "pre-mount", conf, NULL); if (ret < 0) @@ -3208,7 +3172,7 @@ static bool execveat_supported(void) { - lxc_raw_execveat(-1, "", NULL, NULL, AT_EMPTY_PATH); + execveat(-1, "", NULL, NULL, AT_EMPTY_PATH); if (errno == ENOSYS) return false; @@ -3265,12 +3229,49 @@ return 0; } +static int lxc_setup_keyring(struct lsm_ops *lsm_ops, const struct lxc_conf *conf) +{ + key_serial_t keyring; + int ret = 0; + + if (conf->lsm_se_keyring_context) + ret = lsm_ops->keyring_label_set(lsm_ops, conf->lsm_se_keyring_context); + else if (conf->lsm_se_context) + ret = lsm_ops->keyring_label_set(lsm_ops, conf->lsm_se_context); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to set keyring context"); + + /* + * Try to allocate a new session keyring for the container to prevent + * information leaks. + */ + keyring = keyctl(KEYCTL_JOIN_SESSION_KEYRING, prctl_arg(0), + prctl_arg(0), prctl_arg(0), prctl_arg(0)); + if (keyring < 0) { + switch (errno) { + case ENOSYS: + DEBUG("The keyctl() syscall is not supported or blocked"); + break; + case EACCES: + __fallthrough; + case EPERM: + DEBUG("Failed to access kernel keyring. Continuing..."); + break; + default: + SYSERROR("Failed to create kernel keyring"); + break; + } + } + + return ret; +} + int lxc_setup(struct lxc_handler *handler) { + __do_close int pty_mnt_fd = -EBADF; int ret; const char *lxcpath = handler->lxcpath, *name = handler->name; struct lxc_conf *lxc_conf = handler->conf; - char *keyring_context = NULL; ret = lxc_setup_rootfs_prepare_root(lxc_conf, name, lxcpath); if (ret < 0) @@ -3283,15 +3284,9 @@ } if (!lxc_conf->keyring_disable_session) { - if (lxc_conf->lsm_se_keyring_context) { - keyring_context = lxc_conf->lsm_se_keyring_context; - } else if (lxc_conf->lsm_se_context) { - keyring_context = lxc_conf->lsm_se_context; - } - - ret = lxc_setup_keyring(keyring_context); + ret = lxc_setup_keyring(handler->lsm_ops, lxc_conf); if (ret < 0) - return -1; + return log_error(-1, "Failed to setup container keyring"); } if (handler->ns_clone_flags & CLONE_NEWNET) { @@ -3305,12 +3300,28 @@ return log_error(-1, "Failed to send network device names and ifindices to parent"); } + if (wants_console(&lxc_conf->console)) { + pty_mnt_fd = open_tree(-EBADF, lxc_conf->console.name, + OPEN_TREE_CLONE | OPEN_TREE_CLOEXEC | AT_EMPTY_PATH); + if (pty_mnt_fd < 0) + SYSTRACE("Failed to create detached mount for container's console \"%s\"", + lxc_conf->console.name); + else + TRACE("Created detached mount for container's console \"%s\"", + lxc_conf->console.name); + } + if (lxc_conf->autodev > 0) { ret = mount_autodev(name, &lxc_conf->rootfs, lxc_conf->autodevtmpfssize, lxcpath); if (ret < 0) return log_error(-1, "Failed to mount \"/dev\""); } + lxc_conf->rootfs.dev_mntpt_fd = openat(lxc_conf->rootfs.mntpt_fd, "dev", + O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_NOFOLLOW); + if (lxc_conf->rootfs.dev_mntpt_fd < 0 && errno != ENOENT) + return log_error_errno(-errno, errno, "Failed to open \"/dev\""); + /* Do automatic mounts (mainly /proc and /sys), but exclude those that * need to wait until other stuff has finished. */ @@ -3377,8 +3388,12 @@ if (!verify_start_hooks(lxc_conf)) return log_error(-1, "Failed to verify start hooks"); + ret = lxc_create_tmp_proc_mount(lxc_conf); + if (ret < 0) + return log_error(-1, "Failed to \"/proc\" LSMs"); + ret = lxc_setup_console(&lxc_conf->rootfs, &lxc_conf->console, - lxc_conf->ttys.dir); + lxc_conf->ttys.dir, pty_mnt_fd); if (ret < 0) return log_error(-1, "Failed to setup console"); @@ -3386,10 +3401,6 @@ if (ret < 0) return log_error(-1, "Failed to setup \"/dev\" symlinks"); - ret = lxc_create_tmp_proc_mount(lxc_conf); - if (ret < 0) - return log_error(-1, "Failed to \"/proc\" LSMs"); - ret = lxc_setup_rootfs_switch_root(&lxc_conf->rootfs); if (ret < 0) return log_error(-1, "Failed to pivot root into rootfs"); @@ -3398,7 +3409,7 @@ if (lxc_conf->autodev > 0) (void)lxc_setup_boot_id(); - ret = lxc_setup_devpts(lxc_conf); + ret = lxc_setup_devpts_child(handler); if (ret < 0) return log_error(-1, "Failed to setup new devpts instance"); @@ -3430,6 +3441,8 @@ return log_error(-1, "Failed to drop capabilities"); } + close_prot_errno_disarm(lxc_conf->rootfs.mntpt_fd) + close_prot_errno_disarm(lxc_conf->rootfs.dev_mntpt_fd) NOTICE("The container \"%s\" is set up", name); return 0; @@ -3487,7 +3500,14 @@ return 0; } -define_cleanup_function(struct lxc_list *, lxc_free_idmap); + +static int __lxc_free_idmap(struct lxc_list *id_map) +{ + lxc_free_idmap(id_map); + free(id_map); + return 0; +} +define_cleanup_function(struct lxc_list *, __lxc_free_idmap); int lxc_clear_idmaps(struct lxc_conf *c) { @@ -3786,6 +3806,8 @@ free(conf->rootfs.options); free(conf->rootfs.path); free(conf->rootfs.data); + close_prot_errno_disarm(conf->rootfs.mntpt_fd); + close_prot_errno_disarm(conf->rootfs.dev_mntpt_fd); free(conf->logfile); if (conf->logfd != -1) close(conf->logfd); @@ -3809,7 +3831,6 @@ lxc_clear_cgroups(conf, "lxc.cgroup", CGROUP_SUPER_MAGIC); lxc_clear_cgroups(conf, "lxc.cgroup2", CGROUP2_SUPER_MAGIC); lxc_clear_devices(conf); - lxc_clear_cgroup2_devices(conf); lxc_clear_hooks(conf, "lxc.hook"); lxc_clear_mount_entries(conf); lxc_clear_idmaps(conf); @@ -4036,7 +4057,7 @@ int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data, const char *fn_name) { - call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL; + call_cleaner(__lxc_free_idmap) struct lxc_list *idmap = NULL; int ret = -1, status = -1; char c = '1'; struct userns_fn_data d = { @@ -4113,7 +4134,7 @@ int (*fn_parent)(void *), void *fn_parent_data, int (*fn_child)(void *), void *fn_child_data) { - call_cleaner(lxc_free_idmap) struct lxc_list *idmap = NULL; + call_cleaner(__lxc_free_idmap) struct lxc_list *idmap = NULL; uid_t resuid = LXC_INVALID_UID; gid_t resgid = LXC_INVALID_GID; char c = '1'; @@ -4404,10 +4425,8 @@ if (pid > 0) ret = wait_for_pid(pid); - if (idmap) { - lxc_free_idmap(idmap); - free(idmap); - } + if (idmap) + __lxc_free_idmap(idmap); if (host_uid_map && (host_uid_map != container_root_uid)) free(host_uid_map); @@ -4417,6 +4436,226 @@ return ret; } +static int add_idmap_entry(struct lxc_list *idmap, enum idtype idtype, + unsigned long nsid, unsigned long hostid, + unsigned long range) +{ + __do_free struct id_map *new_idmap = NULL; + __do_free struct lxc_list *new_list = NULL; + + new_idmap = zalloc(sizeof(*new_idmap)); + if (!new_idmap) + return ret_errno(ENOMEM); + + new_idmap->idtype = idtype; + new_idmap->hostid = hostid; + new_idmap->nsid = nsid; + new_idmap->range = range; + + new_list = zalloc(sizeof(*new_list)); + if (!new_list) + return ret_errno(ENOMEM); + + new_list->elem = move_ptr(new_idmap); + lxc_list_add_tail(idmap, move_ptr(new_list)); + + INFO("Adding id map: type %c nsid %lu hostid %lu range %lu", + idtype == ID_TYPE_UID ? 'u' : 'g', nsid, hostid, range); + return 0; +} + +int userns_exec_mapped_root(const char *path, int path_fd, + const struct lxc_conf *conf) +{ + call_cleaner(__lxc_free_idmap) struct lxc_list *idmap = NULL; + __do_close int fd = -EBADF; + int target_fd = -EBADF; + char c = '1'; + ssize_t ret; + pid_t pid; + int sock_fds[2]; + uid_t container_host_uid, hostuid; + gid_t container_host_gid, hostgid; + struct stat st; + + if (!conf || (!path && path_fd < 0)) + return ret_errno(EINVAL); + + if (!path) + path = "(null)"; + + container_host_uid = get_mapped_rootid(conf, ID_TYPE_UID); + if (!uid_valid(container_host_uid)) + return log_error(-1, "No uid mapping for container root"); + + container_host_gid = get_mapped_rootid(conf, ID_TYPE_GID); + if (!gid_valid(container_host_gid)) + return log_error(-1, "No gid mapping for container root"); + + if (path_fd < 0) { + fd = open(path, O_CLOEXEC | O_NOCTTY); + if (fd < 0) + return log_error_errno(-errno, errno, "Failed to open \"%s\"", path); + target_fd = fd; + } else { + target_fd = path_fd; + } + + hostuid = geteuid(); + /* We are root so chown directly. */ + if (hostuid == 0) { + ret = fchown(target_fd, container_host_uid, container_host_gid); + if (ret) + return log_error_errno(-errno, errno, + "Failed to fchown(%d(%s), %d, %d)", + target_fd, path, container_host_uid, + container_host_gid); + return log_trace(0, "Chowned %d(%s) to uid %d and %d", target_fd, path, + container_host_uid, container_host_gid); + } + + /* The container's root host id matches */ + if (container_host_uid == hostuid) + return log_info(0, "Container root id is mapped to our uid"); + + /* Get the current ids of our target. */ + ret = fstat(target_fd, &st); + if (ret) + return log_error_errno(-errno, errno, "Failed to stat \"%s\"", path); + + hostgid = getegid(); + if (st.st_uid == hostuid && mapped_hostid(st.st_gid, conf, ID_TYPE_GID) < 0) { + ret = fchown(target_fd, -1, hostgid); + if (ret) + return log_error_errno(-errno, errno, + "Failed to fchown(%d(%s), -1, %d)", + target_fd, path, hostgid); + TRACE("Chowned %d(%s) to -1:%d", target_fd, path, hostgid); + } + + idmap = malloc(sizeof(*idmap)); + if (!idmap) + return -ENOMEM; + lxc_list_init(idmap); + + /* "u:0:rootuid:1" */ + ret = add_idmap_entry(idmap, ID_TYPE_UID, 0, container_host_uid, 1); + if (ret < 0) + return log_error_errno(ret, -ret, "Failed to add idmap entry"); + + /* "u:hostuid:hostuid:1" */ + ret = add_idmap_entry(idmap, ID_TYPE_UID, hostuid, hostuid, 1); + if (ret < 0) + return log_error_errno(ret, -ret, "Failed to add idmap entry"); + + /* "g:0:rootgid:1" */ + ret = add_idmap_entry(idmap, ID_TYPE_GID, 0, container_host_gid, 1); + if (ret < 0) + return log_error_errno(ret, -ret, "Failed to add idmap entry"); + + /* "g:hostgid:hostgid:1" */ + ret = add_idmap_entry(idmap, ID_TYPE_GID, hostgid, hostgid, 1); + if (ret < 0) + return log_error_errno(ret, -ret, "Failed to add idmap entry"); + + if (hostgid != st.st_gid) { + /* "g:pathgid:rootgid+pathgid:1" */ + ret = add_idmap_entry(idmap, ID_TYPE_GID, st.st_gid, + container_host_gid + (gid_t)st.st_gid, 1); + if (ret < 0) + return log_error_errno(ret, -ret, "Failed to add idmap entry"); + } + + ret = socketpair(PF_LOCAL, SOCK_STREAM | SOCK_CLOEXEC, 0, sock_fds); + if (ret < 0) + return -errno; + + pid = fork(); + if (pid < 0) { + SYSERROR("Failed to create new process"); + goto on_error; + } + + if (pid == 0) { + close_prot_errno_disarm(sock_fds[1]); + + ret = unshare(CLONE_NEWUSER); + if (ret < 0) { + SYSERROR("Failed to unshare new user namespace"); + _exit(EXIT_FAILURE); + } + + ret = lxc_write_nointr(sock_fds[0], &c, 1); + if (ret != 1) + _exit(EXIT_FAILURE); + + ret = lxc_read_nointr(sock_fds[0], &c, 1); + if (ret != 1) + _exit(EXIT_FAILURE); + + close_prot_errno_disarm(sock_fds[0]); + + if (!lxc_switch_uid_gid(0, 0)) + _exit(EXIT_FAILURE); + + if (!lxc_setgroups(0, NULL)) + _exit(EXIT_FAILURE); + + ret = fchown(target_fd, 0, st.st_gid); + if (ret) { + SYSERROR("Failed to chown %d(%s) to 0:%d", target_fd, path, st.st_gid); + _exit(EXIT_FAILURE); + } + + TRACE("Chowned %d(%s) to 0:%d", target_fd, path, st.st_gid); + _exit(EXIT_SUCCESS); + } + + close_prot_errno_disarm(sock_fds[0]); + + if (lxc_log_get_level() == LXC_LOG_LEVEL_TRACE || + conf->loglevel == LXC_LOG_LEVEL_TRACE) { + struct id_map *map; + struct lxc_list *it; + + lxc_list_for_each(it, idmap) { + map = it->elem; + TRACE("Establishing %cid mapping for \"%d\" in new user namespace: nsuid %lu - hostid %lu - range %lu", + (map->idtype == ID_TYPE_UID) ? 'u' : 'g', pid, map->nsid, map->hostid, map->range); + } + } + + ret = lxc_read_nointr(sock_fds[1], &c, 1); + if (ret != 1) { + SYSERROR("Failed waiting for child process %d\" to tell us to proceed", pid); + goto on_error; + } + + /* Set up {g,u}id mapping for user namespace of child process. */ + ret = lxc_map_ids(idmap, pid); + if (ret < 0) { + ERROR("Error setting up {g,u}id mappings for child process \"%d\"", pid); + goto on_error; + } + + /* Tell child to proceed. */ + ret = lxc_write_nointr(sock_fds[1], &c, 1); + if (ret != 1) { + SYSERROR("Failed telling child process \"%d\" to proceed", pid); + goto on_error; + } + +on_error: + close_prot_errno_disarm(sock_fds[0]); + close_prot_errno_disarm(sock_fds[1]); + + /* Wait for child to finish. */ + if (pid < 0) + return -1; + + return wait_for_pid(pid); +} + /* not thread-safe, do not use from api without first forking */ static char *getuname(void) { diff -Nru lxc-4.0.2/src/lxc/conf.h lxc-4.0.6/src/lxc/conf.h --- lxc-4.0.2/src/lxc/conf.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/conf.h 2021-01-12 00:20:05.000000000 +0000 @@ -15,10 +15,12 @@ #include #include +#include "caps.h" #include "compiler.h" #include "config.h" #include "list.h" #include "lxcseccomp.h" +#include "memory_utils.h" #include "ringbuf.h" #include "start.h" #include "terminal.h" @@ -60,11 +62,24 @@ struct /* meta */ { char *controllers; char *dir; + char *monitor_dir; + char *container_dir; + char *namespace_dir; bool relative; }; }; }; +static void free_lxc_cgroup(struct lxc_cgroup *ptr) +{ + if (ptr) { + free(ptr->subsystem); + free(ptr->value); + free_disarm(ptr); + } +} +define_cleanup_function(struct lxc_cgroup *, free_lxc_cgroup); + #if !HAVE_SYS_RESOURCE_H #define RLIM_INFINITY ((unsigned long)-1) struct rlimit { @@ -83,6 +98,15 @@ struct rlimit limit; }; +static void free_lxc_limit(struct lxc_limit *ptr) +{ + if (ptr) { + free(ptr->resource); + free_disarm(ptr); + } +} +define_cleanup_function(struct lxc_limit *, free_lxc_limit); + enum idtype { ID_TYPE_UID, ID_TYPE_GID @@ -98,6 +122,16 @@ char *value; }; +static void free_lxc_sysctl(struct lxc_sysctl *ptr) +{ + if (ptr) { + free(ptr->key); + free(ptr->value); + free_disarm(ptr); + } +} +define_cleanup_function(struct lxc_sysctl *, free_lxc_sysctl); + /* * Defines a structure to configure proc filesystem at runtime. * @filename : the proc filesystem will be configured without the "lxc.proc" prefix @@ -108,6 +142,16 @@ char *value; }; +static void free_lxc_proc(struct lxc_proc *ptr) +{ + if (ptr) { + free(ptr->filename); + free(ptr->value); + free_disarm(ptr); + } +} +define_cleanup_function(struct lxc_proc *, free_lxc_proc); + /* * id_map is an id map entry. Form in confile is: * lxc.idmap = u 0 9800 100 @@ -136,15 +180,19 @@ /* Defines a structure to store the rootfs location, the * optionals pivot_root, rootfs mount paths - * @path : the rootfs source (directory or device) - * @mount : where it is mounted - * @bev_type : optional backing store type - * @options : mount options - * @mountflags : the portion of @options that are flags - * @data : the portion of @options that are not flags - * @managed : whether it is managed by LXC + * @path : the rootfs source (directory or device) + * @mount : where it is mounted + * @bev_type : optional backing store type + * @options : mount options + * @mountflags : the portion of @options that are flags + * @data : the portion of @options that are not flags + * @managed : whether it is managed by LXC + * @mntpt_fd : fd for @mount + * @dev_mntpt_fd : fd for /dev of the container */ struct lxc_rootfs { + int mntpt_fd; + int dev_mntpt_fd; char *path; char *mount; char *bdev_type; @@ -203,7 +251,7 @@ NUM_LXC_HOOKS }; -extern char *lxchook_names[NUM_LXC_HOOKS]; +__hidden extern char *lxchook_names[NUM_LXC_HOOKS]; struct lxc_state_client { int clientfd; @@ -212,8 +260,8 @@ enum { LXC_BPF_DEVICE_CGROUP_LOCAL_RULE = -1, - LXC_BPF_DEVICE_CGROUP_WHITELIST = 0, - LXC_BPF_DEVICE_CGROUP_BLACKLIST = 1, + LXC_BPF_DEVICE_CGROUP_ALLOWLIST = 0, + LXC_BPF_DEVICE_CGROUP_DENYLIST = 1, }; struct device_item { @@ -224,8 +272,8 @@ int allow; /* * LXC_BPF_DEVICE_CGROUP_LOCAL_RULE -> no global rule - * LXC_BPF_DEVICE_CGROUP_WHITELIST -> whitelist (deny all) - * LXC_BPF_DEVICE_CGROUP_BLACKLIST -> blacklist (allow all) + * LXC_BPF_DEVICE_CGROUP_ALLOWLIST -> allowlist (deny all) + * LXC_BPF_DEVICE_CGROUP_DENYLIST -> denylist (allow all) */ int global_rule; }; @@ -241,7 +289,6 @@ struct { struct lxc_list cgroup; struct lxc_list cgroup2; - struct bpf_program *cgroup2_devices; /* This should be reimplemented as a hashmap. */ struct lxc_list devices; }; @@ -279,6 +326,8 @@ struct lxc_terminal console; /* maximum pty devices allowed by devpts mount */ size_t pty_max; + /* file descriptor for the container's /dev/pts mount */ + int devpts_fd; /* set to true when rootfs has been setup */ bool rootfs_setup; @@ -400,8 +449,8 @@ } shmount; }; -extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, - size_t buf_size); +__hidden extern int write_id_mapping(enum idtype idtype, pid_t pid, const char *buf, size_t buf_size) + __access_r(3, 4); #ifdef HAVE_TLS extern thread_local struct lxc_conf *current_config; @@ -409,66 +458,78 @@ extern struct lxc_conf *current_config; #endif -extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf, - char *argv[]); -extern int detect_shared_rootfs(void); -extern struct lxc_conf *lxc_conf_init(void); -extern void lxc_conf_free(struct lxc_conf *conf); -extern int pin_rootfs(const char *rootfs); -extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid); -extern int lxc_create_tty(const char *name, struct lxc_conf *conf); -extern void lxc_delete_tty(struct lxc_tty_info *ttys); -extern int lxc_clear_config_caps(struct lxc_conf *c); -extern int lxc_clear_config_keepcaps(struct lxc_conf *c); -extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version); -extern int lxc_clear_mount_entries(struct lxc_conf *c); -extern int lxc_clear_automounts(struct lxc_conf *c); -extern int lxc_clear_hooks(struct lxc_conf *c, const char *key); -extern int lxc_clear_idmaps(struct lxc_conf *c); -extern int lxc_clear_groups(struct lxc_conf *c); -extern int lxc_clear_environment(struct lxc_conf *c); -extern int lxc_clear_limits(struct lxc_conf *c, const char *key); -extern int lxc_delete_autodev(struct lxc_handler *handler); -extern int lxc_clear_autodev_tmpfs_size(struct lxc_conf *c); -extern void lxc_clear_includes(struct lxc_conf *conf); -extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, - const char *name, const char *lxcpath); -extern int lxc_setup(struct lxc_handler *handler); -extern int lxc_setup_parent(struct lxc_handler *handler); -extern int setup_resource_limits(struct lxc_list *limits, pid_t pid); -extern int find_unmapped_nsid(const struct lxc_conf *conf, enum idtype idtype); -extern int mapped_hostid(unsigned id, const struct lxc_conf *conf, - enum idtype idtype); -extern int chown_mapped_root(const char *path, const struct lxc_conf *conf); -extern int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), - void *data, const char *fn_name); -extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), - void *data, const char *fn_name); -extern int parse_mntopts(const char *mntopts, unsigned long *mntflags, - char **mntdata); -extern int parse_propagationopts(const char *mntopts, unsigned long *pflags); -extern void tmp_proc_unmount(struct lxc_conf *lxc_conf); -extern void remount_all_slave(void); -extern void suggest_default_idmap(void); -extern FILE *make_anonymous_mount_file(struct lxc_list *mount, - bool include_nesting_helpers); -extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings); -extern unsigned long add_required_remount_flags(const char *s, const char *d, - unsigned long flags); -extern int run_script(const char *name, const char *section, const char *script, - ...); -extern int run_script_argv(const char *name, unsigned int hook_version, - const char *section, const char *script, - const char *hookname, char **argsin); -extern int in_caplist(int cap, struct lxc_list *caps); -extern int setup_sysctl_parameters(struct lxc_list *sysctls); -extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key); -extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid); -extern int lxc_clear_procs(struct lxc_conf *c, const char *key); -extern int lxc_clear_apparmor_raw(struct lxc_conf *c); -extern int lxc_clear_namespace(struct lxc_conf *c); -extern int userns_exec_minimal(const struct lxc_conf *conf, - int (*fn_parent)(void *), void *fn_parent_data, - int (*fn_child)(void *), void *fn_child_data); +__hidden extern int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf, char *argv[]); +__hidden extern struct lxc_conf *lxc_conf_init(void); +__hidden extern void lxc_conf_free(struct lxc_conf *conf); +__hidden extern int pin_rootfs(const char *rootfs); +__hidden extern int lxc_map_ids(struct lxc_list *idmap, pid_t pid); +__hidden extern int lxc_create_tty(const char *name, struct lxc_conf *conf); +__hidden extern void lxc_delete_tty(struct lxc_tty_info *ttys); +__hidden extern int lxc_clear_config_caps(struct lxc_conf *c); +__hidden extern int lxc_clear_config_keepcaps(struct lxc_conf *c); +__hidden extern int lxc_clear_cgroups(struct lxc_conf *c, const char *key, int version); +__hidden extern int lxc_clear_mount_entries(struct lxc_conf *c); +__hidden extern int lxc_clear_automounts(struct lxc_conf *c); +__hidden extern int lxc_clear_hooks(struct lxc_conf *c, const char *key); +__hidden extern int lxc_clear_idmaps(struct lxc_conf *c); +__hidden extern int lxc_clear_groups(struct lxc_conf *c); +__hidden extern int lxc_clear_environment(struct lxc_conf *c); +__hidden extern int lxc_clear_limits(struct lxc_conf *c, const char *key); +__hidden extern int lxc_delete_autodev(struct lxc_handler *handler); +__hidden extern int lxc_clear_autodev_tmpfs_size(struct lxc_conf *c); +__hidden extern void lxc_clear_includes(struct lxc_conf *conf); +__hidden extern int lxc_setup_rootfs_prepare_root(struct lxc_conf *conf, const char *name, + const char *lxcpath); +__hidden extern int lxc_setup(struct lxc_handler *handler); +__hidden extern int lxc_setup_parent(struct lxc_handler *handler); +__hidden extern int setup_resource_limits(struct lxc_list *limits, pid_t pid); +__hidden extern int find_unmapped_nsid(const struct lxc_conf *conf, enum idtype idtype); +__hidden extern int mapped_hostid(unsigned id, const struct lxc_conf *conf, enum idtype idtype); +__hidden extern int userns_exec_1(const struct lxc_conf *conf, int (*fn)(void *), void *data, + const char *fn_name); +__hidden extern int userns_exec_full(struct lxc_conf *conf, int (*fn)(void *), void *data, + const char *fn_name); +__hidden extern int parse_mntopts(const char *mntopts, unsigned long *mntflags, char **mntdata); +__hidden extern int parse_propagationopts(const char *mntopts, unsigned long *pflags); +__hidden extern void tmp_proc_unmount(struct lxc_conf *lxc_conf); +__hidden extern void turn_into_dependent_mounts(void); +__hidden extern void suggest_default_idmap(void); +__hidden extern FILE *make_anonymous_mount_file(struct lxc_list *mount, bool include_nesting_helpers); +__hidden extern struct lxc_list *sort_cgroup_settings(struct lxc_list *cgroup_settings); +__hidden extern unsigned long add_required_remount_flags(const char *s, const char *d, + unsigned long flags); +__hidden extern int run_script(const char *name, const char *section, const char *script, ...); +__hidden extern int run_script_argv(const char *name, unsigned int hook_version, const char *section, + const char *script, const char *hookname, char **argsin); +__hidden extern int in_caplist(int cap, struct lxc_list *caps); + +static inline bool lxc_wants_cap(int cap, struct lxc_conf *conf) +{ + if (lxc_caps_last_cap() < cap) + return false; + + if (!lxc_list_empty(&conf->keepcaps)) + return !in_caplist(cap, &conf->keepcaps); + + return in_caplist(cap, &conf->caps); +} + +__hidden extern int setup_sysctl_parameters(struct lxc_list *sysctls); +__hidden extern int lxc_clear_sysctls(struct lxc_conf *c, const char *key); +__hidden extern int setup_proc_filesystem(struct lxc_list *procs, pid_t pid); +__hidden extern int lxc_clear_procs(struct lxc_conf *c, const char *key); +__hidden extern int lxc_clear_apparmor_raw(struct lxc_conf *c); +__hidden extern int lxc_clear_namespace(struct lxc_conf *c); +__hidden extern int userns_exec_minimal(const struct lxc_conf *conf, int (*fn_parent)(void *), + void *fn_parent_data, int (*fn_child)(void *), + void *fn_child_data); +__hidden extern int userns_exec_mapped_root(const char *path, int path_fd, + const struct lxc_conf *conf); +static inline int chown_mapped_root(const char *path, const struct lxc_conf *conf) +{ + return userns_exec_mapped_root(path, -EBADF, conf); +} + +__hidden int lxc_setup_devpts_parent(struct lxc_handler *handler); #endif /* __LXC_CONF_H */ diff -Nru lxc-4.0.2/src/lxc/confile.c lxc-4.0.6/src/lxc/confile.c --- lxc-4.0.2/src/lxc/confile.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/confile.c 2021-01-12 00:20:05.000000000 +0000 @@ -263,6 +263,18 @@ static const size_t config_jump_table_size = sizeof(config_jump_table) / sizeof(struct lxc_config_t); +struct lxc_config_t *lxc_get_config_exact(const char *key) +{ + size_t i; + + for (i = 0; i < config_jump_table_size; i++) + if (!strcmp(config_jump_table[i].name, key)) + return &config_jump_table[i]; + + return NULL; +} + + struct lxc_config_t *lxc_get_config(const char *key) { size_t i; @@ -294,20 +306,24 @@ return clr_config_net_type(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); if (strcmp(value, "veth") == 0) { netdev->type = LXC_NET_VETH; lxc_list_init(&netdev->priv.veth_attr.ipv4_routes); lxc_list_init(&netdev->priv.veth_attr.ipv6_routes); - lxc_veth_mode_to_flag(&netdev->priv.veth_attr.mode, "bridge"); + if (!lxc_veth_flag_to_mode(netdev->priv.veth_attr.mode)) + lxc_veth_mode_to_flag(&netdev->priv.veth_attr.mode, "bridge"); } else if (strcmp(value, "macvlan") == 0) { netdev->type = LXC_NET_MACVLAN; - lxc_macvlan_mode_to_flag(&netdev->priv.macvlan_attr.mode, "private"); + if (!lxc_macvlan_flag_to_mode(netdev->priv.veth_attr.mode)) + lxc_macvlan_mode_to_flag(&netdev->priv.macvlan_attr.mode, "private"); } else if (strcmp(value, "ipvlan") == 0) { netdev->type = LXC_NET_IPVLAN; - lxc_ipvlan_mode_to_flag(&netdev->priv.ipvlan_attr.mode, "l3"); - lxc_ipvlan_isolation_to_flag(&netdev->priv.ipvlan_attr.isolation, "bridge"); + if (!lxc_ipvlan_flag_to_mode(netdev->priv.ipvlan_attr.mode)) + lxc_ipvlan_mode_to_flag(&netdev->priv.ipvlan_attr.mode, "l3"); + if (!lxc_ipvlan_flag_to_isolation(netdev->priv.ipvlan_attr.isolation)) + lxc_ipvlan_isolation_to_flag(&netdev->priv.ipvlan_attr.isolation, "bridge"); } else if (strcmp(value, "vlan") == 0) { netdev->type = LXC_NET_VLAN; } else if (strcmp(value, "phys") == 0) { @@ -317,8 +333,7 @@ } else if (strcmp(value, "none") == 0) { netdev->type = LXC_NET_NONE; } else { - ERROR("Invalid network type %s", value); - return -1; + return log_error(-1, "Invalid network type %s", value); } return 0; @@ -333,7 +348,7 @@ return clr_config_net_flags(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->flags |= IFF_UP; @@ -343,17 +358,16 @@ static int create_matched_ifnames(const char *value, struct lxc_conf *lxc_conf, struct lxc_netdev *netdev) { - struct netns_ifaddrs *ifaddr, *ifa; + call_cleaner(netns_freeifaddrs) struct netns_ifaddrs *ifaddr = NULL; + struct netns_ifaddrs *ifa; int n; int ret = 0; const char *type_key = "lxc.net.type"; const char *link_key = "lxc.net.link"; const char *tmpvalue = "phys"; - if (netns_getifaddrs(&ifaddr, -1, &(bool){false}) < 0) { - SYSERROR("Failed to get network interfaces"); - return -1; - } + if (netns_getifaddrs(&ifaddr, -1, &(bool){false}) < 0) + return log_error_errno(-1, errno, "Failed to get network interfaces"); for (ifa = ifaddr, n = 0; ifa != NULL; ifa = ifa->ifa_next, n++) { if (!ifa->ifa_addr) @@ -379,9 +393,6 @@ } } - netns_freeifaddrs(ifaddr); - ifaddr = NULL; - return ret; } @@ -395,7 +406,7 @@ return clr_config_net_link(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); if (value[strlen(value) - 1] == '+' && netdev->type == LXC_NET_PHYS) ret = create_matched_ifnames(value, lxc_conf, netdev); @@ -416,11 +427,11 @@ return clr_config_net_l2proxy(key, lxc_conf, data); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); ret = lxc_safe_uint(value, &val); if (ret < 0) - return ret_set_errno(-1, -ret); + return ret_errno(ret); switch (val) { case 0: @@ -431,7 +442,7 @@ return 0; } - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); } static int set_config_net_name(const char *key, const char *value, @@ -443,7 +454,7 @@ return clr_config_net_name(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return network_ifname(netdev->name, value, sizeof(netdev->name)); } @@ -458,7 +469,7 @@ return clr_config_net_veth_mode(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return lxc_veth_mode_to_flag(&netdev->priv.veth_attr.mode, value); } @@ -472,9 +483,10 @@ return clr_config_net_veth_pair(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); - return network_ifname(netdev->priv.veth_attr.pair, value, sizeof(netdev->priv.veth_attr.pair)); + return network_ifname(netdev->priv.veth_attr.pair, value, + sizeof(netdev->priv.veth_attr.pair)); } static int set_config_net_macvlan_mode(const char *key, const char *value, @@ -486,7 +498,7 @@ return clr_config_net_macvlan_mode(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return lxc_macvlan_mode_to_flag(&netdev->priv.macvlan_attr.mode, value); } @@ -500,12 +512,12 @@ return clr_config_net_ipvlan_mode(key, lxc_conf, data); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); - if (netdev->type != LXC_NET_IPVLAN) { - SYSERROR("Invalid ipvlan mode \"%s\", can only be used with ipvlan network", value); - return ret_set_errno(-1, EINVAL); - } + if (netdev->type != LXC_NET_IPVLAN) + return log_error_errno(-EINVAL, + EINVAL, "Invalid ipvlan mode \"%s\", can only be used with ipvlan network", + value); return lxc_ipvlan_mode_to_flag(&netdev->priv.ipvlan_attr.mode, value); } @@ -519,12 +531,12 @@ return clr_config_net_ipvlan_isolation(key, lxc_conf, data); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); - if (netdev->type != LXC_NET_IPVLAN) { - SYSERROR("Invalid ipvlan isolation \"%s\", can only be used with ipvlan network", value); - return ret_set_errno(-1, EINVAL); - } + if (netdev->type != LXC_NET_IPVLAN) + return log_error_errno(-EINVAL, + EINVAL, "Invalid ipvlan isolation \"%s\", can only be used with ipvlan network", + value); return lxc_ipvlan_isolation_to_flag(&netdev->priv.ipvlan_attr.isolation, value); } @@ -539,11 +551,11 @@ return clr_config_net_hwaddr(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); new_value = strdup(value); if (!new_value) - return -1; + return ret_errno(ENOMEM); rand_complete_hwaddr(new_value); @@ -568,11 +580,11 @@ return clr_config_net_vlan_id(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); ret = get_u16(&netdev->priv.vlan_attr.vid, value, 0); if (ret < 0) - return -1; + return ret; return 0; } @@ -586,7 +598,7 @@ return clr_config_net_mtu(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return set_config_string_item(&netdev->mtu, value); } @@ -594,39 +606,34 @@ static int set_config_net_ipv4_address(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free char *addr = NULL; + __do_free struct lxc_inetdev *inetdev = NULL; + __do_free struct lxc_list *list = NULL; int ret; struct lxc_netdev *netdev = data; - struct lxc_inetdev *inetdev; - struct lxc_list *list; char *cursor, *slash; - char *addr = NULL, *bcast = NULL, *prefix = NULL; + char *bcast = NULL, *prefix = NULL; if (lxc_config_value_empty(value)) return clr_config_net_ipv4_address(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); inetdev = malloc(sizeof(*inetdev)); if (!inetdev) - return -1; + return ret_errno(ENOMEM); memset(inetdev, 0, sizeof(*inetdev)); list = malloc(sizeof(*list)); - if (!list) { - free(inetdev); - return -1; - } + if (!list) + return ret_errno(ENOMEM); lxc_list_init(list); - list->elem = inetdev; addr = strdup(value); - if (!addr) { - free(inetdev); - free(list); - return -1; - } + if (!addr) + return ret_errno(ENOMEM); cursor = strstr(addr, " "); if (cursor) { @@ -641,35 +648,21 @@ } ret = inet_pton(AF_INET, addr, &inetdev->addr); - if (!ret || ret < 0) { - SYSERROR("Invalid ipv4 address \"%s\"", value); - free(inetdev); - free(addr); - free(list); - return -1; - } + if (!ret || ret < 0) + return log_error_errno(-1, errno, "Invalid ipv4 address \"%s\"", value); if (bcast) { ret = inet_pton(AF_INET, bcast, &inetdev->bcast); - if (!ret || ret < 0) { - SYSERROR("Invalid ipv4 broadcast address \"%s\"", value); - free(inetdev); - free(list); - free(addr); - return -1; - } + if (!ret || ret < 0) + return log_error_errno(-1, errno, "Invalid ipv4 broadcast address \"%s\"", value); } /* No prefix specified, determine it from the network class. */ if (prefix) { ret = lxc_safe_uint(prefix, &inetdev->prefix); - if (ret < 0) { - free(inetdev); - free(list); - free(addr); - return -1; - } + if (ret < 0) + return ret; } else { inetdev->prefix = config_ip_prefix(&inetdev->addr); } @@ -682,8 +675,10 @@ inetdev->bcast.s_addr |= htonl(INADDR_BROADCAST >> inetdev->prefix); } + list->elem = inetdev; lxc_list_add_tail(&netdev->ipv4, list); - free(addr); + move_ptr(inetdev); + move_ptr(list); return 0; } @@ -709,21 +704,18 @@ netdev->ipv4_gateway_auto = false; netdev->ipv4_gateway_dev = true; } else { + __do_free struct in_addr *gw = NULL; int ret; - struct in_addr *gw; gw = malloc(sizeof(*gw)); if (!gw) - return -1; + return ret_errno(ENOMEM); ret = inet_pton(AF_INET, value, gw); - if (!ret || ret < 0) { - SYSERROR("Invalid ipv4 gateway address \"%s\"", value); - free(gw); - return -1; - } + if (!ret || ret < 0) + return log_error_errno(-1, errno, "Invalid ipv4 gateway address \"%s\"", value); - netdev->ipv4_gateway = gw; + netdev->ipv4_gateway = move_ptr(gw); netdev->ipv4_gateway_auto = false; } @@ -744,47 +736,47 @@ return clr_config_net_veth_ipv4_route(key, lxc_conf, data); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); - if (netdev->type != LXC_NET_VETH) { - SYSERROR("Invalid ipv4 route \"%s\", can only be used with veth network", value); - return ret_set_errno(-1, EINVAL); - } + if (netdev->type != LXC_NET_VETH) + return log_error_errno(-EINVAL, + EINVAL, "Invalid ipv4 route \"%s\", can only be used with veth network", + value); inetdev = malloc(sizeof(*inetdev)); if (!inetdev) - return -1; + return ret_errno(ENOMEM); memset(inetdev, 0, sizeof(*inetdev)); list = malloc(sizeof(*list)); if (!list) - return -1; + return ret_errno(ENOMEM); lxc_list_init(list); list->elem = inetdev; valdup = strdup(value); if (!valdup) - return -1; + return ret_errno(ENOMEM); slash = strchr(valdup, '/'); if (!slash) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); *slash = '\0'; slash++; if (*slash == '\0') - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); netmask = slash; ret = lxc_safe_uint(netmask, &inetdev->prefix); if (ret < 0 || inetdev->prefix > 32) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); ret = inet_pton(AF_INET, valdup, &inetdev->addr); if (!ret || ret < 0) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); lxc_list_add_tail(&netdev->priv.veth_attr.ipv4_routes, list); move_ptr(inetdev); @@ -796,38 +788,33 @@ static int set_config_net_ipv6_address(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free char *valdup = NULL; + __do_free struct lxc_inet6dev *inet6dev = NULL; + __do_free struct lxc_list *list = NULL; int ret; struct lxc_netdev *netdev = data; - struct lxc_inet6dev *inet6dev; - struct lxc_list *list; - char *slash, *valdup, *netmask; + char *slash, *netmask; if (lxc_config_value_empty(value)) return clr_config_net_ipv6_address(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); inet6dev = malloc(sizeof(*inet6dev)); if (!inet6dev) - return -1; + return ret_errno(ENOMEM); memset(inet6dev, 0, sizeof(*inet6dev)); list = malloc(sizeof(*list)); - if (!list) { - free(inet6dev); - return -1; - } + if (!list) + return ret_errno(ENOMEM); lxc_list_init(list); - list->elem = inet6dev; valdup = strdup(value); - if (!valdup) { - free(list); - free(inet6dev); - return -1; - } + if (!valdup) + return ret_errno(ENOMEM); inet6dev->prefix = 64; slash = strstr(valdup, "/"); @@ -836,25 +823,18 @@ netmask = slash + 1; ret = lxc_safe_uint(netmask, &inet6dev->prefix); - if (ret < 0) { - free(list); - free(inet6dev); - free(valdup); - return -1; - } + if (ret < 0) + return ret; } ret = inet_pton(AF_INET6, valdup, &inet6dev->addr); - if (!ret || ret < 0) { - SYSERROR("Invalid ipv6 address \"%s\"", valdup); - free(list); - free(inet6dev); - free(valdup); - return -1; - } + if (!ret || ret < 0) + return log_error_errno(-EINVAL, EINVAL, "Invalid ipv6 address \"%s\"", valdup); + list->elem = inet6dev; lxc_list_add_tail(&netdev->ipv6, list); - free(valdup); + move_ptr(inet6dev); + move_ptr(list); return 0; } @@ -868,7 +848,7 @@ return clr_config_net_ipv6_gateway(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); free(netdev->ipv6_gateway); @@ -881,20 +861,18 @@ netdev->ipv6_gateway_dev = true; } else { int ret; - struct in6_addr *gw; + __do_free struct in6_addr *gw = NULL; gw = malloc(sizeof(*gw)); if (!gw) - return -1; + return ret_errno(ENOMEM); ret = inet_pton(AF_INET6, value, gw); - if (!ret || ret < 0) { - SYSERROR("Invalid ipv6 gateway address \"%s\"", value); - free(gw); - return -1; - } + if (!ret || ret < 0) + return log_error_errno(-EINVAL, EINVAL, + "Invalid ipv6 gateway address \"%s\"", value); - netdev->ipv6_gateway = gw; + netdev->ipv6_gateway = move_ptr(gw); netdev->ipv6_gateway_auto = false; } @@ -915,24 +893,23 @@ return clr_config_net_veth_ipv6_route(key, lxc_conf, data); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); - if (netdev->type != LXC_NET_VETH) { - SYSERROR("Invalid ipv6 route \"%s\", can only be used with veth network", value); - return ret_set_errno(-1, EINVAL); - } + if (netdev->type != LXC_NET_VETH) + return log_error_errno(-EINVAL, + EINVAL, "Invalid ipv6 route \"%s\", can only be used with veth network", + value); inet6dev = malloc(sizeof(*inet6dev)); if (!inet6dev) - return -1; + return ret_errno(ENOMEM); memset(inet6dev, 0, sizeof(*inet6dev)); list = malloc(sizeof(*list)); if (!list) - return -1; + return ret_errno(ENOMEM); lxc_list_init(list); - list->elem = inet6dev; valdup = strdup(value); if (!valdup) @@ -940,23 +917,24 @@ slash = strchr(valdup, '/'); if (!slash) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); *slash = '\0'; slash++; if (*slash == '\0') - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); netmask = slash; ret = lxc_safe_uint(netmask, &inet6dev->prefix); if (ret < 0 || inet6dev->prefix > 128) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); ret = inet_pton(AF_INET6, valdup, &inet6dev->addr); if (!ret || ret < 0) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); + list->elem = inet6dev; lxc_list_add_tail(&netdev->priv.veth_attr.ipv6_routes, list); move_ptr(inet6dev); move_ptr(list); @@ -973,7 +951,7 @@ return clr_config_net_script_up(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return set_config_string_item(&netdev->upscript, value); } @@ -987,22 +965,21 @@ return clr_config_net_script_down(key, lxc_conf, data); if (!netdev) - return -1; + return ret_errno(EINVAL); return set_config_string_item(&netdev->downscript, value); } -static int add_hook(struct lxc_conf *lxc_conf, int which, char *hook) +static int add_hook(struct lxc_conf *lxc_conf, int which, __owns char *hook) { + __do_free char *val = hook; struct lxc_list *hooklist; hooklist = malloc(sizeof(*hooklist)); - if (!hooklist) { - free(hook); - return -1; - } + if (!hooklist) + return ret_errno(ENOMEM); - hooklist->elem = hook; + hooklist->elem = move_ptr(val); lxc_list_add_tail(&lxc_conf->hooks[which], hooklist); return 0; @@ -1123,44 +1100,40 @@ static int set_config_hooks(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *copy; + __do_free char *copy = NULL; if (lxc_config_value_empty(value)) return lxc_clear_hooks(lxc_conf, key); - if (strcmp(key + 4, "hook") == 0) { - ERROR("lxc.hook must not have a value"); - return -1; - } + if (strcmp(key + 4, "hook") == 0) + return log_error_errno(-EINVAL, EINVAL, "lxc.hook must not have a value"); copy = strdup(value); if (!copy) - return -1; + return ret_errno(ENOMEM); if (strcmp(key + 9, "pre-start") == 0) - return add_hook(lxc_conf, LXCHOOK_PRESTART, copy); + return add_hook(lxc_conf, LXCHOOK_PRESTART, move_ptr(copy)); else if (strcmp(key + 9, "start-host") == 0) - return add_hook(lxc_conf, LXCHOOK_START_HOST, copy); + return add_hook(lxc_conf, LXCHOOK_START_HOST, move_ptr(copy)); else if (strcmp(key + 9, "pre-mount") == 0) - return add_hook(lxc_conf, LXCHOOK_PREMOUNT, copy); + return add_hook(lxc_conf, LXCHOOK_PREMOUNT, move_ptr(copy)); else if (strcmp(key + 9, "autodev") == 0) - return add_hook(lxc_conf, LXCHOOK_AUTODEV, copy); + return add_hook(lxc_conf, LXCHOOK_AUTODEV, move_ptr(copy)); else if (strcmp(key + 9, "mount") == 0) - return add_hook(lxc_conf, LXCHOOK_MOUNT, copy); + return add_hook(lxc_conf, LXCHOOK_MOUNT, move_ptr(copy)); else if (strcmp(key + 9, "start") == 0) - return add_hook(lxc_conf, LXCHOOK_START, copy); + return add_hook(lxc_conf, LXCHOOK_START, move_ptr(copy)); else if (strcmp(key + 9, "stop") == 0) - return add_hook(lxc_conf, LXCHOOK_STOP, copy); + return add_hook(lxc_conf, LXCHOOK_STOP, move_ptr(copy)); else if (strcmp(key + 9, "post-stop") == 0) - return add_hook(lxc_conf, LXCHOOK_POSTSTOP, copy); + return add_hook(lxc_conf, LXCHOOK_POSTSTOP, move_ptr(copy)); else if (strcmp(key + 9, "clone") == 0) - return add_hook(lxc_conf, LXCHOOK_CLONE, copy); + return add_hook(lxc_conf, LXCHOOK_CLONE, move_ptr(copy)); else if (strcmp(key + 9, "destroy") == 0) - return add_hook(lxc_conf, LXCHOOK_DESTROY, copy); - - free(copy); + return add_hook(lxc_conf, LXCHOOK_DESTROY, move_ptr(copy)); - return -1; + return ret_errno(EINVAL); } static int set_config_hooks_version(const char *key, const char *value, @@ -1176,11 +1149,9 @@ if (ret < 0) return -1; - if (tmp > 1) { - ERROR("Invalid hook version specified. Currently only 0 " - "(legacy) and 1 are supported"); - return -1; - } + if (tmp > 1) + return log_error_errno(-EINVAL, + EINVAL, "Invalid hook version specified. Currently only 0 (legacy) and 1 are supported"); lxc_conf->hooks_version = tmp; @@ -1190,8 +1161,9 @@ static int set_config_personality(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - signed long personality = lxc_config_parse_arch(value); + signed long personality; + personality = lxc_config_parse_arch(value); if (personality >= 0) lxc_conf->personality = personality; else @@ -1213,7 +1185,7 @@ ret = lxc_safe_uint(value, &max); if (ret < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->pty_max = max; @@ -1228,6 +1200,7 @@ static int set_config_start(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; bool is_empty; is_empty = lxc_config_value_empty(value); @@ -1238,11 +1211,12 @@ return 0; } - if (lxc_safe_uint(value, &lxc_conf->start_auto) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->start_auto); + if (ret) + return ret; if (lxc_conf->start_auto > 1) - return -1; + return ret_errno(EINVAL); return 0; } else if (*(key + 10) == 'd') { /* lxc.start.delay */ @@ -1261,7 +1235,7 @@ return lxc_safe_int(value, &lxc_conf->start_order); } - return -1; + return ret_errno(EINVAL); } static int set_config_monitor(const char *key, const char *value, @@ -1275,7 +1249,7 @@ if (strcmp(key + 12, "unshare") == 0) return lxc_safe_uint(value, &lxc_conf->monitor_unshare); - return -1; + return ret_errno(EINVAL); } static int set_config_monitor_signal_pdeath(const char *key, const char *value, @@ -1291,65 +1265,59 @@ sig_n = sig_parse(value); if (sig_n < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->monitor_signal_pdeath = sig_n; return 0; } - return -EINVAL; + return ret_errno(EINVAL); } static int set_config_group(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *groups, *token; - struct lxc_list *grouplist; - int ret = 0; + __do_free char *groups = NULL; + char *token; if (lxc_config_value_empty(value)) return lxc_clear_groups(lxc_conf); groups = strdup(value); if (!groups) - return -1; + return ret_errno(ENOMEM); /* In case several groups are specified in a single line split these * groups in a single element for the list. */ lxc_iterate_parts(token, groups, " \t") { + __do_free struct lxc_list *grouplist = NULL; + grouplist = malloc(sizeof(*grouplist)); - if (!grouplist) { - ret = -1; - break; - } + if (!grouplist) + return ret_errno(ENOMEM); grouplist->elem = strdup(token); - if (!grouplist->elem) { - free(grouplist); - ret = -1; - break; - } + if (!grouplist->elem) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->groups, grouplist); + lxc_list_add_tail(&lxc_conf->groups, move_ptr(grouplist)); } - free(groups); - - return ret; + return 0; } static int set_config_environment(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - struct lxc_list *list_item = NULL; + __do_free struct lxc_list *list_item = NULL; if (lxc_config_value_empty(value)) return lxc_clear_environment(lxc_conf); list_item = malloc(sizeof(*list_item)); if (!list_item) - goto on_error; + return ret_errno(ENOMEM); if (!strchr(value, '=')) { const char *env_val; @@ -1358,7 +1326,7 @@ env_val = getenv(env_key); if (!env_val) - goto on_error; + return ret_errno(ENOENT); env_var[0] = env_key; env_var[1] = env_val; @@ -1368,16 +1336,11 @@ } if (!list_item->elem) - goto on_error; + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->environment, list_item); + lxc_list_add_tail(&lxc_conf->environment, move_ptr(list_item)); return 0; - -on_error: - free(list_item); - - return -1; } static int set_config_tty_max(const char *key, const char *value, @@ -1393,7 +1356,7 @@ ret = lxc_safe_uint(value, &nbtty); if (ret < 0) - return -1; + return ret; lxc_conf->ttys.max = nbtty; @@ -1418,16 +1381,19 @@ struct lxc_conf *lxc_conf, void *data) { + int ret; + if (lxc_config_value_empty(value)) { lxc_conf->lsm_aa_allow_incomplete = 0; return 0; } - if (lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_incomplete) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_incomplete); + if (ret) + return ret; if (lxc_conf->lsm_aa_allow_incomplete > 1) - return -1; + return ret_errno(EINVAL); return 0; } @@ -1437,14 +1403,17 @@ struct lxc_conf *lxc_conf, void *data) { + int ret; + if (lxc_config_value_empty(value)) return clr_config_apparmor_allow_nesting(key, lxc_conf, NULL); - if (lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_nesting) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->lsm_aa_allow_nesting); + if (ret) + return ret; if (lxc_conf->lsm_aa_allow_nesting > 1) - return -1; + return ret_errno(EINVAL); return 0; } @@ -1454,26 +1423,22 @@ struct lxc_conf *lxc_conf, void *data) { - char *elem; - struct lxc_list *list; + __do_free char *elem = NULL; + __do_free struct lxc_list *list = NULL; if (lxc_config_value_empty(value)) return lxc_clear_apparmor_raw(lxc_conf); list = malloc(sizeof(*list)); - if (!list) { - errno = ENOMEM; - return -1; - } + if (!list) + return ret_errno(ENOMEM); elem = strdup(value); - if (!elem) { - free(list); - return -1; - } - list->elem = elem; + if (!elem) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->lsm_aa_raw, list); + list->elem = move_ptr(elem); + lxc_list_add_tail(&lxc_conf->lsm_aa_raw, move_ptr(list)); return 0; } @@ -1502,12 +1467,12 @@ int ret; if (lxc_config_value_empty(value)) { - free(c->logfile); - c->logfile = NULL; + free_disarm(c->logfile); return 0; } - /* Store these values in the lxc_conf, and then try to set for actual + /* + * Store these values in the lxc_conf, and then try to set for actual * current logging. */ ret = set_config_path_item(&c->logfile, value); @@ -1528,13 +1493,17 @@ } if (value[0] >= '0' && value[0] <= '9') { - if (lxc_safe_int(value, &newlevel) < 0) - return -1; + int ret; + + ret = lxc_safe_int(value, &newlevel); + if (ret) + return ret_errno(EINVAL); } else { newlevel = lxc_log_priority_to_int(value); } - /* Store these values in the lxc_conf, and then try to set for actual + /* + * Store these values in the lxc_conf, and then try to set for actual * current logging. */ lxc_conf->loglevel = newlevel; @@ -1545,16 +1514,19 @@ static int set_config_autodev(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; + if (lxc_config_value_empty(value)) { lxc_conf->autodev = 0; return 0; } - if (lxc_safe_uint(value, &lxc_conf->autodev) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->autodev); + if (ret) + return ret_errno(EINVAL); if (lxc_conf->autodev > 1) - return -1; + return ret_errno(EINVAL); return 0; } @@ -1585,7 +1557,7 @@ sig_n = sig_parse(value); if (sig_n < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->haltsignal = sig_n; @@ -1604,7 +1576,7 @@ sig_n = sig_parse(value); if (sig_n < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->rebootsignal = sig_n; @@ -1623,7 +1595,7 @@ sig_n = sig_parse(value); if (sig_n < 0) - return -1; + return ret_errno(EINVAL); lxc_conf->stopsignal = sig_n; @@ -1633,10 +1605,10 @@ static int __set_config_cgroup_controller(const char *key, const char *value, struct lxc_conf *lxc_conf, int version) { + __do_free struct lxc_list *cglist = NULL; + call_cleaner(free_lxc_cgroup) struct lxc_cgroup *cgelem = NULL; const char *subkey, *token; size_t token_len; - struct lxc_list *cglist = NULL; - struct lxc_cgroup *cgelem = NULL; if (lxc_config_value_empty(value)) return lxc_clear_cgroups(lxc_conf, key, version); @@ -1648,53 +1620,44 @@ token = "lxc.cgroup."; token_len = 11; } else { - return -EINVAL; + return ret_errno(EINVAL); } if (strncmp(key, token, token_len) != 0) - return -EINVAL; + return ret_errno(EINVAL); subkey = key + token_len; if (*subkey == '\0') - return -EINVAL; + return ret_errno(EINVAL); cglist = malloc(sizeof(*cglist)); if (!cglist) - goto out; + return ret_errno(ENOMEM); cgelem = malloc(sizeof(*cgelem)); if (!cgelem) - goto out; + return ret_errno(ENOMEM); memset(cgelem, 0, sizeof(*cgelem)); cgelem->subsystem = strdup(subkey); if (!cgelem->subsystem) - goto out; + return ret_errno(ENOMEM); cgelem->value = strdup(value); if (!cgelem->value) - goto out; + return ret_errno(ENOMEM); cgelem->version = version; - lxc_list_add_elem(cglist, cgelem); + lxc_list_add_elem(cglist, move_ptr(cgelem)); if (version == CGROUP2_SUPER_MAGIC) lxc_list_add_tail(&lxc_conf->cgroup2, cglist); else lxc_list_add_tail(&lxc_conf->cgroup, cglist); + move_ptr(cglist); return 0; - -out: - free(cglist); - if (cgelem) { - free(cgelem->subsystem); - free(cgelem->value); - free(cgelem); - } - - return -1; } static int set_config_cgroup_controller(const char *key, const char *value, @@ -1715,6 +1678,9 @@ static int set_config_cgroup_dir(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + if (lxc_config_value_empty(value)) return clr_config_cgroup_dir(key, lxc_conf, NULL); @@ -1731,8 +1697,8 @@ return clr_config_cgroup_relative(key, lxc_conf, NULL); ret = lxc_safe_uint(value, &converted); - if (ret < 0) - return -ret; + if (ret) + return ret; if (converted == 1) { lxc_conf->cgroup_meta.relative = true; @@ -1744,7 +1710,7 @@ return 0; } - return -EINVAL; + return ret_errno(EINVAL); } static bool parse_limit_value(const char **value, rlim_t *res) @@ -1770,23 +1736,23 @@ static int set_config_prlimit(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free struct lxc_list *limlist = NULL; + call_cleaner(free_lxc_limit) struct lxc_limit *limelem = NULL; struct lxc_list *iter; struct rlimit limit; rlim_t limit_value; - struct lxc_list *limlist = NULL; - struct lxc_limit *limelem = NULL; if (lxc_config_value_empty(value)) return lxc_clear_limits(lxc_conf, key); if (strncmp(key, "lxc.prlimit.", STRLITERALLEN("lxc.prlimit.")) != 0) - return -1; + return ret_errno(EINVAL); key += STRLITERALLEN("lxc.prlimit."); /* soft limit comes first in the value */ if (!parse_limit_value(&value, &limit_value)) - return -1; + return ret_errno(EINVAL); limit.rlim_cur = limit_value; @@ -1797,7 +1763,7 @@ if (*value == ':') ++value; else if (*value) /* any other character is an error here */ - return -1; + return ret_errno(EINVAL); while (isspace(*value)) ++value; @@ -1805,7 +1771,7 @@ /* optional hard limit */ if (*value) { if (!parse_limit_value(&value, &limit_value)) - return -1; + return ret_errno(EINVAL); limit.rlim_max = limit_value; @@ -1814,7 +1780,7 @@ ++value; if (*value) - return -1; + return ret_errno(EINVAL); } else { /* a single value sets both hard and soft limit */ limit.rlim_max = limit.rlim_cur; @@ -1832,41 +1798,30 @@ /* allocate list element */ limlist = malloc(sizeof(*limlist)); if (!limlist) - goto on_error; + return ret_errno(ENOMEM); limelem = malloc(sizeof(*limelem)); if (!limelem) - goto on_error; + return ret_errno(ENOMEM); memset(limelem, 0, sizeof(*limelem)); limelem->resource = strdup(key); if (!limelem->resource) - goto on_error; + return ret_errno(ENOMEM); limelem->limit = limit; - lxc_list_add_elem(limlist, limelem);; - lxc_list_add_tail(&lxc_conf->limits, limlist); + lxc_list_add_elem(limlist, move_ptr(limelem));; + lxc_list_add_tail(&lxc_conf->limits, move_ptr(limlist)); return 0; - -on_error: - free(limlist); - - if (limelem) { - free(limelem->resource); - free(limelem); - } - - return -1; } static int set_config_sysctl(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free struct lxc_list *sysctl_list = NULL; + call_cleaner(free_lxc_sysctl) struct lxc_sysctl *sysctl_elem = NULL; struct lxc_list *iter; - char *replace_value = NULL; - struct lxc_list *sysctl_list = NULL; - struct lxc_sysctl *sysctl_elem = NULL; if (lxc_config_value_empty(value)) return clr_config_sysctl(key, lxc_conf, NULL); @@ -1878,6 +1833,8 @@ /* find existing list element */ lxc_list_for_each(iter, &lxc_conf->sysctls) { + __do_free char *replace_value = NULL; + sysctl_elem = iter->elem; if (strcmp(key, sysctl_elem->key) != 0) @@ -1885,10 +1842,10 @@ replace_value = strdup(value); if (!replace_value) - return -1; + return ret_errno(EINVAL); free(sysctl_elem->value); - sysctl_elem->value = replace_value; + sysctl_elem->value = move_ptr(replace_value); return 0; } @@ -1896,44 +1853,33 @@ /* allocate list element */ sysctl_list = malloc(sizeof(*sysctl_list)); if (!sysctl_list) - goto on_error; + return ret_errno(ENOMEM); sysctl_elem = malloc(sizeof(*sysctl_elem)); if (!sysctl_elem) - goto on_error; + return ret_errno(ENOMEM); memset(sysctl_elem, 0, sizeof(*sysctl_elem)); sysctl_elem->key = strdup(key); if (!sysctl_elem->key) - goto on_error; + return ret_errno(ENOMEM); sysctl_elem->value = strdup(value); if (!sysctl_elem->value) - goto on_error; + return ret_errno(ENOMEM); - lxc_list_add_elem(sysctl_list, sysctl_elem); - lxc_list_add_tail(&lxc_conf->sysctls, sysctl_list); + lxc_list_add_elem(sysctl_list, move_ptr(sysctl_elem)); + lxc_list_add_tail(&lxc_conf->sysctls, move_ptr(sysctl_list)); return 0; - -on_error: - free(sysctl_list); - - if (sysctl_elem) { - free(sysctl_elem->key); - free(sysctl_elem->value); - free(sysctl_elem); - } - - return -1; } static int set_config_proc(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free struct lxc_list *proclist = NULL; + call_cleaner(free_lxc_proc) struct lxc_proc *procelem = NULL; const char *subkey; - struct lxc_list *proclist = NULL; - struct lxc_proc *procelem = NULL; if (lxc_config_value_empty(value)) return clr_config_proc(key, lxc_conf, NULL); @@ -1943,67 +1889,55 @@ subkey = key + STRLITERALLEN("lxc.proc."); if (*subkey == '\0') - return -EINVAL; + return ret_errno(EINVAL); proclist = malloc(sizeof(*proclist)); if (!proclist) - goto on_error; + return ret_errno(ENOMEM); procelem = malloc(sizeof(*procelem)); if (!procelem) - goto on_error; + return ret_errno(ENOMEM); memset(procelem, 0, sizeof(*procelem)); procelem->filename = strdup(subkey); - procelem->value = strdup(value); - - if (!procelem->filename || !procelem->value) - goto on_error; + if (!procelem->filename) + return ret_errno(ENOMEM); - proclist->elem = procelem; + procelem->value = strdup(value); + if (!procelem->value) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->procs, proclist); + proclist->elem = move_ptr(procelem); + lxc_list_add_tail(&lxc_conf->procs, move_ptr(proclist)); return 0; - -on_error: - free(proclist); - - if (procelem) { - free(procelem->filename); - free(procelem->value); - free(procelem); - } - - return -1; } static int set_config_idmaps(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free struct lxc_list *idmaplist = NULL; + __do_free struct id_map *idmap = NULL; unsigned long hostid, nsid, range; char type; int ret; - struct lxc_list *idmaplist = NULL; - struct id_map *idmap = NULL; if (lxc_config_value_empty(value)) return lxc_clear_idmaps(lxc_conf); idmaplist = malloc(sizeof(*idmaplist)); if (!idmaplist) - goto on_error; + return ret_errno(ENOMEM); idmap = malloc(sizeof(*idmap)); if (!idmap) - goto on_error; + return ret_errno(ENOMEM); memset(idmap, 0, sizeof(*idmap)); ret = parse_idmaps(value, &type, &nsid, &hostid, &range); - if (ret < 0) { - ERROR("Failed to parse id mappings"); - goto on_error; - } + if (ret < 0) + return log_error_errno(-EINVAL, EINVAL, "Failed to parse id mappings"); INFO("Read uid map: type %c nsid %lu hostid %lu range %lu", type, nsid, hostid, range); if (type == 'u') @@ -2011,7 +1945,7 @@ else if (type == 'g') idmap->idtype = ID_TYPE_GID; else - goto on_error; + return ret_errno(EINVAL); idmap->hostid = hostid; idmap->nsid = nsid; @@ -2027,15 +1961,10 @@ if (idmap->nsid == 0) lxc_conf->root_nsgid_map = idmap; - idmap = NULL; + move_ptr(idmap); + move_ptr(idmaplist); return 0; - -on_error: - free(idmaplist); - free(idmap); - - return -1; } static int set_config_mount_fstab(const char *key, const char *value, @@ -2043,7 +1972,7 @@ { if (lxc_config_value_empty(value)) { clr_config_mount_fstab(key, lxc_conf, NULL); - return -1; + return ret_errno(EINVAL); } return set_config_path_item(&lxc_conf->fstab, value); @@ -2052,43 +1981,44 @@ static int set_config_mount_auto(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *autos, *token; + __do_free char *autos = NULL; + char *token; int i; - int ret = -1; static struct { const char *token; int mask; int flag; } allowed_auto_mounts[] = { - { "proc", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED }, - { "proc:mixed", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED }, - { "proc:rw", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW }, - { "sys", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED }, - { "sys:ro", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO }, - { "sys:mixed", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED }, - { "sys:rw", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW }, - { "cgroup", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_NOSPEC }, - { "cgroup:mixed", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_MIXED }, - { "cgroup:ro", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RO }, - { "cgroup:rw", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RW }, - { "cgroup:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_NOSPEC | LXC_AUTO_CGROUP_FORCE }, - { "cgroup:mixed:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_MIXED | LXC_AUTO_CGROUP_FORCE }, - { "cgroup:ro:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RO | LXC_AUTO_CGROUP_FORCE }, - { "cgroup:rw:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RW | LXC_AUTO_CGROUP_FORCE }, - { "cgroup-full", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_NOSPEC }, - { "cgroup-full:mixed", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_MIXED }, - { "cgroup-full:ro", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RO }, - { "cgroup-full:rw", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RW }, - { "cgroup-full:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_NOSPEC | LXC_AUTO_CGROUP_FORCE }, - { "cgroup-full:mixed:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_MIXED | LXC_AUTO_CGROUP_FORCE }, - { "cgroup-full:ro:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RO | LXC_AUTO_CGROUP_FORCE }, - { "cgroup-full:rw:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RW | LXC_AUTO_CGROUP_FORCE }, - { "shmounts:", LXC_AUTO_SHMOUNTS_MASK, LXC_AUTO_SHMOUNTS }, - /* For adding anything that is just a single on/off, but has no - * options: keep mask and flag identical and just define the enum - * value as an unused bit so far - */ - { NULL, 0, 0 } + { "proc", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED }, + { "proc:mixed", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED }, + { "proc:rw", LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW }, + { "sys", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED }, + { "sys:ro", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RO }, + { "sys:mixed", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_MIXED }, + { "sys:rw", LXC_AUTO_SYS_MASK, LXC_AUTO_SYS_RW }, + { "cgroup", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_NOSPEC }, + { "cgroup:mixed", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_MIXED }, + { "cgroup:ro", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RO }, + { "cgroup:rw", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RW }, + { "cgroup:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_NOSPEC | LXC_AUTO_CGROUP_FORCE }, + { "cgroup:mixed:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_MIXED | LXC_AUTO_CGROUP_FORCE }, + { "cgroup:ro:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RO | LXC_AUTO_CGROUP_FORCE }, + { "cgroup:rw:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_RW | LXC_AUTO_CGROUP_FORCE }, + { "cgroup-full", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_NOSPEC }, + { "cgroup-full:mixed", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_MIXED }, + { "cgroup-full:ro", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RO }, + { "cgroup-full:rw", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RW }, + { "cgroup-full:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_NOSPEC | LXC_AUTO_CGROUP_FORCE }, + { "cgroup-full:mixed:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_MIXED | LXC_AUTO_CGROUP_FORCE }, + { "cgroup-full:ro:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RO | LXC_AUTO_CGROUP_FORCE }, + { "cgroup-full:rw:force", LXC_AUTO_CGROUP_MASK, LXC_AUTO_CGROUP_FULL_RW | LXC_AUTO_CGROUP_FORCE }, + { "shmounts:", LXC_AUTO_SHMOUNTS_MASK, LXC_AUTO_SHMOUNTS }, + /* + * For adding anything that is just a single on/off, but has no + * options: keep mask and flag identical and just define the + * enum value as an unused bit so far + */ + { NULL, 0, 0 } }; if (lxc_config_value_empty(value)) { @@ -2098,7 +2028,7 @@ autos = strdup(value); if (!autos) - return -1; + return ret_errno(ENOMEM); lxc_iterate_parts(token, autos, " \t") { bool is_shmounts = false; @@ -2114,73 +2044,61 @@ } } - if (!allowed_auto_mounts[i].token) { - ERROR("Invalid filesystem to automount \"%s\"", token); - goto on_error; - } + if (!allowed_auto_mounts[i].token) + return log_error_errno(-EINVAL, EINVAL, "Invalid filesystem to automount \"%s\"", token); lxc_conf->auto_mounts &= ~allowed_auto_mounts[i].mask; lxc_conf->auto_mounts |= allowed_auto_mounts[i].flag; if (is_shmounts) { - char *container_path; - char *host_path; + __do_free char *container_path = NULL, *host_path = NULL; + char *val; - host_path = token + STRLITERALLEN("shmounts:"); - if (*host_path == '\0') { - SYSERROR("Failed to copy shmounts host path"); - goto on_error; - } - - container_path = strchr(host_path, ':'); - if (!container_path || *(container_path + 1) == '\0') - container_path = "/dev/.lxc-mounts"; + val = token + STRLITERALLEN("shmounts:"); + if (*val == '\0') + return log_error_errno(-EINVAL, EINVAL, "Failed to copy shmounts host path"); + + host_path = strdup(val); + if (!host_path) + return log_error_errno(-EINVAL, EINVAL, "Failed to copy shmounts host path"); + + val = strchr(host_path, ':'); + if (!val || *(val + 1) == '\0') + val = "/dev/.lxc-mounts"; else - *container_path++ = '\0'; + *val++ = '\0'; - lxc_conf->shmount.path_host = strdup(host_path); - if (!lxc_conf->shmount.path_host) { - SYSERROR("Failed to copy shmounts host path"); - goto on_error; - } + container_path = strdup(val); + if(!container_path) + return log_error_errno(-EINVAL, EINVAL, "Failed to copy shmounts container path"); - lxc_conf->shmount.path_cont = strdup(container_path); - if(!lxc_conf->shmount.path_cont) { - SYSERROR("Failed to copy shmounts container path"); - goto on_error; - } + lxc_conf->shmount.path_host = move_ptr(host_path); + lxc_conf->shmount.path_cont = move_ptr(container_path); } } - ret = 0; - -on_error: - free(autos); - - return ret; + return 0; } static int set_config_mount(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *mntelem; - struct lxc_list *mntlist; + __do_free char *mntelem = NULL; + __do_free struct lxc_list *mntlist = NULL; if (lxc_config_value_empty(value)) return lxc_clear_mount_entries(lxc_conf); mntlist = malloc(sizeof(*mntlist)); if (!mntlist) - return -1; + return ret_errno(ENOMEM); mntelem = strdup(value); - if (!mntelem) { - free(mntlist); - return -1; - } - mntlist->elem = mntelem; + if (!mntelem) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->mount_list, mntlist); + mntlist->elem = move_ptr(mntelem); + lxc_list_add_tail(&lxc_conf->mount_list, move_ptr(mntlist)); return 0; } @@ -2192,16 +2110,16 @@ static int set_config_cap_keep(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *keepcaps, *token; - struct lxc_list *keeplist; - int ret = -1; + __do_free char *keepcaps = NULL; + __do_free struct lxc_list *keeplist = NULL; + char *token; if (lxc_config_value_empty(value)) return lxc_clear_config_keepcaps(lxc_conf); keepcaps = strdup(value); if (!keepcaps) - return -1; + return ret_errno(ENOMEM); /* In case several capability keep is specified in a single line * split these caps in a single element for the list. @@ -2212,38 +2130,31 @@ keeplist = malloc(sizeof(*keeplist)); if (!keeplist) - goto on_error; + return ret_errno(ENOMEM); keeplist->elem = strdup(token); - if (!keeplist->elem) { - free(keeplist); - goto on_error; - } + if (!keeplist->elem) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->keepcaps, keeplist); + lxc_list_add_tail(&lxc_conf->keepcaps, move_ptr(keeplist)); } - ret = 0; - -on_error: - free(keepcaps); - - return ret; + return 0; } static int set_config_cap_drop(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *dropcaps, *token; - struct lxc_list *droplist; - int ret = -1; + __do_free char *dropcaps = NULL; + __do_free struct lxc_list *droplist = NULL; + char *token; if (lxc_config_value_empty(value)) return lxc_clear_config_caps(lxc_conf); dropcaps = strdup(value); if (!dropcaps) - return -1; + return ret_errno(ENOMEM); /* In case several capability drop is specified in a single line * split these caps in a single element for the list. @@ -2251,23 +2162,16 @@ lxc_iterate_parts(token, dropcaps, " \t") { droplist = malloc(sizeof(*droplist)); if (!droplist) - goto on_error; + return ret_errno(ENOMEM); droplist->elem = strdup(token); - if (!droplist->elem) { - free(droplist); - goto on_error; - } + if (!droplist->elem) + return ret_errno(ENOMEM); - lxc_list_add_tail(&lxc_conf->caps, droplist); + lxc_list_add_tail(&lxc_conf->caps, move_ptr(droplist)); } - ret = 0; - -on_error: - free(dropcaps); - - return ret; + return 0; } static int set_config_console_path(const char *key, const char *value, @@ -2279,19 +2183,19 @@ static int set_config_console_rotate(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; + if (lxc_config_value_empty(value)) { lxc_conf->console.log_rotate = 0; return 0; } - if (lxc_safe_uint(value, &lxc_conf->console.log_rotate) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->console.log_rotate); + if (ret) + return ret_errno(EINVAL); - if (lxc_conf->console.log_rotate > 1) { - ERROR("The \"lxc.console.rotate\" config key can only be set " - "to 0 or 1"); - return -1; - } + if (lxc_conf->console.log_rotate > 1) + return log_error_errno(-EINVAL, EINVAL, "The \"lxc.console.rotate\" config key can only be set to 0 or 1"); return 0; } @@ -2321,29 +2225,26 @@ } ret = parse_byte_size_string(value, &size); - if (ret < 0) - return -1; + if (ret) + return ret; if (size < 0) - return -EINVAL; + return ret_errno(EINVAL); /* must be at least a page size */ pgsz = lxc_getpagesize(); if ((uint64_t)size < pgsz) { - NOTICE("Requested ringbuffer size for the console is %" PRId64 - " but must be at least %" PRId64 - " bytes. Setting ringbuffer size to %" PRId64 " bytes", + NOTICE("Requested ringbuffer size for the console is %" PRId64 " but must be at least %" PRId64 " bytes. Setting ringbuffer size to %" PRId64 " bytes", size, pgsz, pgsz); size = pgsz; } buffer_size = lxc_find_next_power2((uint64_t)size); if (buffer_size == 0) - return -EINVAL; + return ret_errno(EINVAL); if (buffer_size != size) - NOTICE("Passed size was not a power of 2. Rounding log size to " - "next power of two: %" PRIu64 " bytes", buffer_size); + NOTICE("Passed size was not a power of 2. Rounding log size to next power of two: %" PRIu64 " bytes", buffer_size); lxc_conf->console.buffer_size = buffer_size; @@ -2369,29 +2270,26 @@ } ret = parse_byte_size_string(value, &size); - if (ret < 0) - return -1; + if (ret) + return ret_errno(EINVAL); if (size < 0) - return -EINVAL; + return ret_errno(EINVAL); /* must be at least a page size */ pgsz = lxc_getpagesize(); if ((uint64_t)size < pgsz) { - NOTICE("Requested ringbuffer size for the console is %" PRId64 - " but must be at least %" PRId64 - " bytes. Setting ringbuffer size to %" PRId64 " bytes", + NOTICE("Requested ringbuffer size for the console is %" PRId64 " but must be at least %" PRId64 " bytes. Setting ringbuffer size to %" PRId64 " bytes", size, pgsz, pgsz); size = pgsz; } log_size = lxc_find_next_power2((uint64_t)size); if (log_size == 0) - return -EINVAL; + return ret_errno(EINVAL); if (log_size != size) - NOTICE("Passed size was not a power of 2. Rounding log size to " - "next power of two: %" PRIu64 " bytes", log_size); + NOTICE("Passed size was not a power of 2. Rounding log size to next power of two: %" PRIu64 " bytes", log_size); lxc_conf->console.log_size = log_size; @@ -2441,10 +2339,11 @@ linelen = strlen(line); while (conf->unexpanded_alloced <= len + linelen + 2) { - char *tmp = realloc(conf->unexpanded_config, - conf->unexpanded_alloced + 1024); + char *tmp; + + tmp = realloc(conf->unexpanded_config, conf->unexpanded_alloced + 1024); if (!tmp) - return -1; + return ret_errno(EINVAL); if (!conf->unexpanded_config) *tmp = '\0'; @@ -2466,16 +2365,15 @@ { __do_closedir DIR *dir = NULL; struct dirent *direntp; - char path[PATH_MAX]; - int len; - int ret = -1; + int len, ret; dir = opendir(dirp); if (!dir) - return -1; + return -errno; while ((direntp = readdir(dir))) { const char *fnam; + char path[PATH_MAX]; fnam = direntp->d_name; if (!strcmp(fnam, ".")) @@ -2490,11 +2388,11 @@ len = snprintf(path, PATH_MAX, "%s/%s", dirp, fnam); if (len < 0 || len >= PATH_MAX) - return -1; + return ret_errno(EIO); ret = lxc_config_read(path, lxc_conf, true); if (ret < 0) - return -1; + return ret; } return 0; @@ -2517,8 +2415,9 @@ static int set_config_rootfs_path(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free char *dup = NULL; int ret; - char *dup, *tmp; + char *tmp; const char *container_path; if (lxc_config_value_empty(value)) { @@ -2529,7 +2428,7 @@ dup = strdup(value); if (!dup) - return -1; + return ret_errno(ENOMEM); /* Split : into and * . Set "rootfs.bdev_type" to and @@ -2540,10 +2439,8 @@ *tmp = '\0'; ret = set_config_path_item(&lxc_conf->rootfs.bdev_type, dup); - if (ret < 0) { - free(dup); - return -1; - } + if (ret < 0) + return ret_errno(ENOMEM); tmp++; container_path = tmp; @@ -2551,10 +2448,7 @@ container_path = value; } - ret = set_config_path_item(&lxc_conf->rootfs.path, container_path); - free(dup); - - return ret; + return set_config_path_item(&lxc_conf->rootfs.path, container_path); } static int set_config_rootfs_managed(const char *key, const char *value, @@ -2572,30 +2466,26 @@ static int set_config_rootfs_options(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + __do_free char *mdata = NULL, *opts = NULL; unsigned long mflags = 0, pflags = 0; - char *mdata = NULL, *opts = NULL; - int ret; struct lxc_rootfs *rootfs = &lxc_conf->rootfs; + int ret; ret = parse_mntopts(value, &mflags, &mdata); if (ret < 0) - return -EINVAL; + return ret_errno(EINVAL); ret = parse_propagationopts(value, &pflags); - if (ret < 0) { - free(mdata); - return -EINVAL; - } + if (ret < 0) + return ret_errno(EINVAL); ret = set_config_string_item(&opts, value); - if (ret < 0) { - free(mdata); - return -ENOMEM; - } + if (ret < 0) + return ret_errno(ENOMEM); rootfs->mountflags = mflags | pflags; - rootfs->options = opts; - rootfs->data = mdata; + rootfs->options = move_ptr(opts); + rootfs->data = move_ptr(mdata); return 0; } @@ -2603,7 +2493,7 @@ static int set_config_uts_name(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - struct utsname *utsname; + __do_free struct utsname *utsname = NULL; if (lxc_config_value_empty(value)) { clr_config_uts_name(key, lxc_conf, NULL); @@ -2612,16 +2502,14 @@ utsname = malloc(sizeof(*utsname)); if (!utsname) - return -1; + return ret_errno(ENOMEM); - if (strlen(value) >= sizeof(utsname->nodename)) { - free(utsname); - return -1; - } + if (strlen(value) >= sizeof(utsname->nodename)) + return ret_errno(EINVAL); (void)strlcpy(utsname->nodename, value, sizeof(utsname->nodename)); free(lxc_conf->utsname); - lxc_conf->utsname = utsname; + lxc_conf->utsname = move_ptr(utsname); return 0; } @@ -2629,34 +2517,28 @@ static int set_config_namespace_clone(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *ns, *token; + __do_free char *ns = NULL; + char *token; int cloneflag = 0; if (lxc_config_value_empty(value)) return clr_config_namespace_clone(key, lxc_conf, data); - if (lxc_conf->ns_keep != 0) { - errno = EINVAL; - SYSERROR("Cannot set both \"lxc.namespace.clone\" and " - "\"lxc.namespace.keep\""); - return -EINVAL; - } + if (lxc_conf->ns_keep != 0) + return log_error_errno(-EINVAL, EINVAL, "Cannot set both \"lxc.namespace.clone\" and \"lxc.namespace.keep\""); ns = strdup(value); if (!ns) - return -1; + return ret_errno(ENOMEM); lxc_iterate_parts(token, ns, " \t") { token += lxc_char_left_gc(token, strlen(token)); token[lxc_char_right_gc(token, strlen(token))] = '\0'; cloneflag = lxc_namespace_2_cloneflag(token); - if (cloneflag < 0) { - free(ns); - return -EINVAL; - } + if (cloneflag < 0) + return ret_errno(EINVAL); lxc_conf->ns_clone |= cloneflag; } - free(ns); return 0; } @@ -2664,34 +2546,28 @@ static int set_config_namespace_keep(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - char *ns, *token; + __do_free char *ns = NULL; + char *token; int cloneflag = 0; if (lxc_config_value_empty(value)) return clr_config_namespace_keep(key, lxc_conf, data); - if (lxc_conf->ns_clone != 0) { - errno = EINVAL; - SYSERROR("Cannot set both \"lxc.namespace.clone\" and " - "\"lxc.namespace.keep\""); - return -EINVAL; - } + if (lxc_conf->ns_clone != 0) + return log_error_errno(-EINVAL, EINVAL, "Cannot set both \"lxc.namespace.clone\" and \"lxc.namespace.keep\""); ns = strdup(value); if (!ns) - return -1; + return ret_errno(ENOMEM); lxc_iterate_parts(token, ns, " \t") { token += lxc_char_left_gc(token, strlen(token)); token[lxc_char_right_gc(token, strlen(token))] = '\0'; cloneflag = lxc_namespace_2_cloneflag(token); - if (cloneflag < 0) { - free(ns); - return -EINVAL; - } + if (cloneflag < 0) + return ret_errno(EINVAL); lxc_conf->ns_keep |= cloneflag; } - free(ns); return 0; } @@ -2720,10 +2596,11 @@ static int parse_line(char *buffer, void *data) { - char *dot, *key, *line, *linep, *value; + __do_free char *linep = NULL; + char *dot, *key, *line, *value; bool empty_line; struct lxc_config_t *config; - int ret = 0; + int ret; char *dup = buffer; struct parse_line_conf *plc = data; @@ -2738,34 +2615,30 @@ */ linep = line = strdup(dup); if (!line) - return -1; + return ret_errno(ENOMEM); if (!plc->from_include) { ret = append_unexp_config_line(line, plc->conf); if (ret < 0) - goto on_error; + return ret; } if (empty_line) - goto on_error; + return 0; line += lxc_char_left_gc(line, strlen(line)); /* ignore comments */ if (line[0] == '#') - goto on_error; + return 0; /* martian option - don't add it to the config itself */ if (strncmp(line, "lxc.", 4)) - goto on_error; - - ret = -1; + return 0; dot = strchr(line, '='); - if (!dot) { - ERROR("Invalid configuration line: %s", line); - goto on_error; - } + if (!dot) + return log_error_errno(-EINVAL, EINVAL, "Invalid configuration line: %s", line); *dot = '\0'; value = dot + 1; @@ -2787,25 +2660,18 @@ } config = lxc_get_config(key); - if (!config) { - ERROR("Unknown configuration key \"%s\"", key); - goto on_error; - } + if (!config) + return log_error_errno(-EINVAL, EINVAL, "Unknown configuration key \"%s\"", key); - ret = config->set(key, value, plc->conf, NULL); - -on_error: - free(linep); - - return ret; + return config->set(key, value, plc->conf, NULL); } static struct new_config_item *parse_new_conf_line(char *buffer) { - char *dot, *key, *line, *linep, *value; - int ret = 0; + __do_free char *k = NULL, *linep = NULL, *v = NULL; + __do_free struct new_config_item *new = NULL; char *dup = buffer; - struct new_config_item *new = NULL; + char *dot, *key, *line, *value; linep = line = strdup(dup); if (!line) @@ -2815,14 +2681,11 @@ /* martian option - don't add it to the config itself */ if (strncmp(line, "lxc.", 4)) - goto on_error; + return 0; - ret = -1; dot = strchr(line, '='); - if (!dot) { - ERROR("Invalid configuration item: %s", line); - goto on_error; - } + if (!dot) + return log_error_errno(NULL, EINVAL, "Invalid configuration line: %s", line); *dot = '\0'; value = dot + 1; @@ -2843,29 +2706,21 @@ } } - ret = -1; new = malloc(sizeof(struct new_config_item)); if (!new) - goto on_error; - - new->key = strdup(key); - new->val = strdup(value); - if (!new->val || !new->key) - goto on_error; - - ret = 0; + return NULL; -on_error: - free(linep); + k = strdup(key); + if (!k) + return NULL; - if (ret < 0 && new) { - free(new->key); - free(new->val); - free(new); - new = NULL; - } + v = strdup(value); + if (!v) + return NULL; - return new; + new->key = move_ptr(k); + new->val = move_ptr(v); + return move_ptr(new); } int lxc_config_read(const char *file, struct lxc_conf *conf, bool from_include) @@ -2884,19 +2739,17 @@ int lxc_config_define_add(struct lxc_list *defines, char *arg) { - struct lxc_list *dent; + __do_free struct lxc_list *dent = NULL; dent = malloc(sizeof(struct lxc_list)); if (!dent) - return -1; + return ret_errno(ENOMEM); dent->elem = parse_new_conf_line(arg); - if (!dent->elem) { - free(dent); - return -1; - } + if (!dent->elem) + return ret_errno(ENOMEM); - lxc_list_add_tail(defines, dent); + lxc_list_add_tail(defines, move_ptr(dent)); return 0; } @@ -2934,41 +2787,40 @@ signed long lxc_config_parse_arch(const char *arch) { #if HAVE_SYS_PERSONALITY_H - size_t i; struct per_name { char *name; unsigned long per; } pername[] = { - { "arm", PER_LINUX32 }, - { "armel", PER_LINUX32 }, - { "armhf", PER_LINUX32 }, - { "armv7l", PER_LINUX32 }, - { "athlon", PER_LINUX32 }, - { "i386", PER_LINUX32 }, - { "i486", PER_LINUX32 }, - { "i586", PER_LINUX32 }, - { "i686", PER_LINUX32 }, - { "linux32", PER_LINUX32 }, - { "mips", PER_LINUX32 }, - { "mipsel", PER_LINUX32 }, - { "ppc", PER_LINUX32 }, - { "powerpc", PER_LINUX32 }, - { "x86", PER_LINUX32 }, - { "amd64", PER_LINUX }, - { "arm64", PER_LINUX }, - { "linux64", PER_LINUX }, - { "mips64", PER_LINUX }, - { "mips64el", PER_LINUX }, - { "ppc64", PER_LINUX }, - { "ppc64el", PER_LINUX }, - { "ppc64le", PER_LINUX }, - { "powerpc64", PER_LINUX }, - { "s390x", PER_LINUX }, - { "x86_64", PER_LINUX }, + { "arm", PER_LINUX32 }, + { "armel", PER_LINUX32 }, + { "armhf", PER_LINUX32 }, + { "armv7l", PER_LINUX32 }, + { "athlon", PER_LINUX32 }, + { "i386", PER_LINUX32 }, + { "i486", PER_LINUX32 }, + { "i586", PER_LINUX32 }, + { "i686", PER_LINUX32 }, + { "linux32", PER_LINUX32 }, + { "mips", PER_LINUX32 }, + { "mipsel", PER_LINUX32 }, + { "ppc", PER_LINUX32 }, + { "powerpc", PER_LINUX32 }, + { "x86", PER_LINUX32 }, + { "amd64", PER_LINUX }, + { "arm64", PER_LINUX }, + { "linux64", PER_LINUX }, + { "mips64", PER_LINUX }, + { "mips64el", PER_LINUX }, + { "ppc64", PER_LINUX }, + { "ppc64el", PER_LINUX }, + { "ppc64le", PER_LINUX }, + { "powerpc64", PER_LINUX }, + { "s390x", PER_LINUX }, + { "x86_64", PER_LINUX }, }; size_t len = sizeof(pername) / sizeof(pername[0]); - for (i = 0; i < len; i++) + for (int i = 0; i < len; i++) if (!strcmp(pername[i].name, arch)) return pername[i].per; #endif @@ -3008,7 +2860,7 @@ aflag = all_privs[i].flag; if (aflag < 0) - return -1; + return ret_errno(EINVAL); *flags |= aflag; } @@ -3026,10 +2878,8 @@ return 0; ret = lxc_write_nointr(fd, conf->unexpanded_config, len); - if (ret < 0) { - SYSERROR("Failed to write configuration file"); - return -1; - } + if (ret < 0) + return log_error_errno(-errno, errno, "Failed to write configuration file"); return 0; } @@ -3104,13 +2954,12 @@ const char *newpath, const char *oldname, const char *newname, const char *ovldir) { - __do_free char *newdir = NULL, - *olddir = NULL; + __do_free char *newdir = NULL, *olddir = NULL; + char *lstart = conf->unexpanded_config; + const char *key = "lxc.mount.entry"; int ret; char *lend, *p, *q; size_t newdirlen, olddirlen; - char *lstart = conf->unexpanded_config; - const char *key = "lxc.mount.entry"; olddirlen = strlen(ovldir) + strlen(oldpath) + strlen(oldname) + 2; olddir = must_realloc(NULL, olddirlen + 1); @@ -3214,13 +3063,12 @@ const char *newpath, const char *oldname, const char *newname) { - __do_free char *newdir = NULL, - *olddir = NULL; + __do_free char *newdir = NULL, *olddir = NULL; + char *lstart = conf->unexpanded_config; + const char *key = "lxc.hook"; int ret; char *lend, *p; - char *lstart = conf->unexpanded_config; size_t newdirlen, olddirlen; - const char *key = "lxc.hook"; olddirlen = strlen(oldpath) + strlen(oldname) + 1; olddir = must_realloc(NULL, olddirlen + 1); @@ -3389,16 +3237,19 @@ static int set_config_ephemeral(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; + if (lxc_config_value_empty(value)) { lxc_conf->ephemeral = 0; return 0; } - if (lxc_safe_uint(value, &lxc_conf->ephemeral) < 0) - return -1; + ret = lxc_safe_uint(value, &lxc_conf->ephemeral); + if (ret < 0) + return ret; if (lxc_conf->ephemeral > 1) - return -1; + return ret_errno(EINVAL); return 0; } @@ -3408,17 +3259,15 @@ { int facility; - if (lxc_conf->syslog) { - free(lxc_conf->syslog); - lxc_conf->syslog = NULL; - } + if (lxc_conf->syslog) + free_disarm(lxc_conf->syslog); if (lxc_config_value_empty(value)) return 0; facility = lxc_syslog_priority_to_int(value); if (facility == -EINVAL) - return -1; + return ret_errno(EINVAL); lxc_log_syslog(facility); @@ -3428,6 +3277,7 @@ static int set_config_no_new_privs(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { + int ret; unsigned int v; if (lxc_config_value_empty(value)) { @@ -3435,11 +3285,12 @@ return 0; } - if (lxc_safe_uint(value, &v) < 0) - return -1; + ret = lxc_safe_uint(value, &v); + if (ret < 0) + return ret; if (v > 1) - return -1; + return ret_errno(EINVAL); lxc_conf->no_new_privs = v ? true : false; @@ -3587,7 +3438,7 @@ namespaced_token = "lxc.cgroup."; namespaced_token_len = STRLITERALLEN("lxc.cgroup."); } else { - return -1; + return ret_errno(EINVAL); } if (strcmp(key, global_token) == 0) @@ -3595,7 +3446,7 @@ else if (strncmp(key, namespaced_token, namespaced_token_len) == 0) key += namespaced_token_len; else - return -1; + return ret_errno(EINVAL); lxc_list_for_each(it, &c->cgroup) { struct lxc_cgroup *cg = it->elem; @@ -3634,6 +3485,9 @@ int len; int fulllen = 0; + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + if (!retv) inlen = 0; else @@ -3693,7 +3547,7 @@ (map->idtype == ID_TYPE_UID) ? 'u' : 'g', map->nsid, map->hostid, map->range); if (ret < 0 || ret >= __LXC_IDMAP_STR_BUF) - return -1; + return ret_errno(EIO); strprint(retv, inlen, "%s%s", buf, (listlen-- > 1) ? "\n" : ""); } @@ -3857,14 +3711,14 @@ subkey = strchr(key, '.'); if (!subkey) - return -1; + return ret_errno(EINVAL); subkey = strchr(subkey + 1, '.'); if (!subkey) - return -1; + return ret_errno(EINVAL); subkey++; if (*subkey == '\0') - return -1; + return ret_errno(EINVAL); for (i = 0; i < NUM_LXC_HOOKS; i++) { if (strcmp(lxchook_names[i], subkey) == 0) { @@ -3874,7 +3728,7 @@ } if (found == -1) - return -1; + return ret_errno(EINVAL); if (!retv) inlen = 0; @@ -3989,8 +3843,7 @@ #ifdef HAVE_SECCOMP return lxc_get_conf_int(c, retv, inlen, c->seccomp.allow_nesting); #else - errno = ENOSYS; - return -1; + return ret_errno(ENOSYS); #endif } @@ -4000,7 +3853,7 @@ #ifdef HAVE_SECCOMP_NOTIFY return lxc_get_conf_str(retv, inlen, c->seccomp.notifier.cookie); #else - return ret_set_errno(-1, ENOSYS); + return ret_errno(ENOSYS); #endif } @@ -4013,7 +3866,7 @@ ? &c->seccomp.notifier.proxy_addr.sun_path[0] : &c->seccomp.notifier.proxy_addr.sun_path[1]); #else - return ret_set_errno(-1, ENOSYS); + return ret_errno(ENOSYS); #endif } @@ -4184,7 +4037,7 @@ else if (strncmp(key, "lxc.prlimit.", 12) == 0) key += 12; else - return -1; + return ret_errno(EINVAL); lxc_list_for_each(it, &c->limits) { /* 2 colon separated 64 bit integers or the word 'unlimited' */ @@ -4242,7 +4095,7 @@ else if (strncmp(key, "lxc.sysctl.", STRLITERALLEN("lxc.sysctl.")) == 0) key += STRLITERALLEN("lxc.sysctl."); else - return -1; + return ret_errno(EINVAL); lxc_list_for_each(it, &c->sysctls) { struct lxc_sysctl *elem = it->elem; @@ -4275,7 +4128,7 @@ else if (strncmp(key, "lxc.proc.", STRLITERALLEN("lxc.proc.")) == 0) key += STRLITERALLEN("lxc.proc."); else - return -1; + return ret_errno(EINVAL); lxc_list_for_each(it, &c->procs) { struct lxc_proc *proc = it->elem; @@ -4376,16 +4229,14 @@ static inline int clr_config_tty_dir(const char *key, struct lxc_conf *c, void *data) { - free(c->ttys.dir); - c->ttys.dir = NULL; + free_disarm(c->ttys.dir); return 0; } static inline int clr_config_apparmor_profile(const char *key, struct lxc_conf *c, void *data) { - free(c->lsm_aa_profile); - c->lsm_aa_profile = NULL; + free_disarm(c->lsm_aa_profile); return 0; } @@ -4415,16 +4266,14 @@ static inline int clr_config_selinux_context(const char *key, struct lxc_conf *c, void *data) { - free(c->lsm_se_context); - c->lsm_se_context = NULL; + free_disarm(c->lsm_se_context); return 0; } static inline int clr_config_selinux_context_keyring(const char *key, struct lxc_conf *c, void *data) { - free(c->lsm_se_keyring_context); - c->lsm_se_keyring_context = NULL; + free_disarm(c->lsm_se_keyring_context); return 0; } @@ -4450,10 +4299,11 @@ static int clr_config_cgroup_dir(const char *key, struct lxc_conf *lxc_conf, void *data) { - if (lxc_conf->cgroup_meta.dir) { - free(lxc_conf->cgroup_meta.dir); - lxc_conf->cgroup_meta.dir = NULL; - } + if (strcmp(key, "lxc.cgroup.dir") != 0) + return ret_errno(EINVAL); + + if (lxc_conf->cgroup_meta.dir) + free_disarm(lxc_conf->cgroup_meta.dir); return 0; } @@ -4482,8 +4332,7 @@ static inline int clr_config_log_file(const char *key, struct lxc_conf *c, void *data) { - free(c->logfile); - c->logfile = NULL; + free_disarm(c->logfile); return 0; } @@ -4502,16 +4351,14 @@ static inline int clr_config_mount_fstab(const char *key, struct lxc_conf *c, void *data) { - free(c->fstab); - c->fstab = NULL; + free_disarm(c->fstab); return 0; } static inline int clr_config_rootfs_path(const char *key, struct lxc_conf *c, void *data) { - free(c->rootfs.path); - c->rootfs.path = NULL; + free_disarm(c->rootfs.path); return 0; } @@ -4525,19 +4372,15 @@ static inline int clr_config_rootfs_mount(const char *key, struct lxc_conf *c, void *data) { - free(c->rootfs.mount); - c->rootfs.mount = NULL; + free_disarm(c->rootfs.mount); return 0; } static inline int clr_config_rootfs_options(const char *key, struct lxc_conf *c, void *data) { - free(c->rootfs.options); - c->rootfs.options = NULL; - - free(c->rootfs.data); - c->rootfs.data = NULL; + free_disarm(c->rootfs.options); + free_disarm(c->rootfs.data); return 0; } @@ -4545,8 +4388,7 @@ static inline int clr_config_uts_name(const char *key, struct lxc_conf *c, void *data) { - free(c->utsname); - c->utsname = NULL; + free_disarm(c->utsname); return 0; } @@ -4587,16 +4429,14 @@ static inline int clr_config_console_path(const char *key, struct lxc_conf *c, void *data) { - free(c->console.path); - c->console.path = NULL; + free_disarm(c->console.path); return 0; } static inline int clr_config_console_logfile(const char *key, struct lxc_conf *c, void *data) { - free(c->console.log_path); - c->console.log_path = NULL; + free_disarm(c->console.log_path); return 0; } @@ -4628,8 +4468,7 @@ c->seccomp.allow_nesting = 0; return 0; #else - errno = ENOSYS; - return -1; + return ret_errno(ENOSYS); #endif } @@ -4637,11 +4476,10 @@ struct lxc_conf *c, void *data) { #ifdef HAVE_SECCOMP_NOTIFY - free(c->seccomp.notifier.cookie); - c->seccomp.notifier.cookie = NULL; + free_disarm(c->seccomp.notifier.cookie); return 0; #else - return ret_set_errno(-1, ENOSYS); + return ret_errno(ENOSYS); #endif } @@ -4653,15 +4491,14 @@ sizeof(c->seccomp.notifier.proxy_addr)); return 0; #else - return ret_set_errno(-1, ENOSYS); + return ret_errno(ENOSYS); #endif } static inline int clr_config_seccomp_profile(const char *key, struct lxc_conf *c, void *data) { - free(c->seccomp.seccomp); - c->seccomp.seccomp = NULL; + free_disarm(c->seccomp.seccomp); return 0; } @@ -4716,8 +4553,7 @@ static inline int clr_config_log_syslog(const char *key, struct lxc_conf *c, void *data) { - free(c->syslog); - c->syslog = NULL; + free_disarm(c->syslog); return 0; } @@ -4750,24 +4586,21 @@ static inline int clr_config_execute_cmd(const char *key, struct lxc_conf *c, void *data) { - free(c->execute_cmd); - c->execute_cmd = NULL; + free_disarm(c->execute_cmd); return 0; } static inline int clr_config_init_cmd(const char *key, struct lxc_conf *c, void *data) { - free(c->init_cmd); - c->init_cmd = NULL; + free_disarm(c->init_cmd); return 0; } static inline int clr_config_init_cwd(const char *key, struct lxc_conf *c, void *data) { - free(c->init_cwd); - c->init_cwd = NULL; + free_disarm(c->init_cwd); return 0; } @@ -4858,7 +4691,7 @@ static int get_config_includefiles(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { - return -ENOSYS; + return ret_errno(ENOSYS); } static struct lxc_config_t *get_network_config_ops(const char *key, @@ -4866,29 +4699,24 @@ ssize_t *idx, char **deindexed_key) { + __do_free char *copy = NULL; + struct lxc_config_t *config = NULL; int ret; unsigned int tmpidx; size_t numstrlen; - char *copy, *idx_start, *idx_end; - struct lxc_config_t *config = NULL; + char *idx_start, *idx_end; /* check that this is a sensible network key */ - if (strncmp("lxc.net.", key, 8)) { - ERROR("Invalid network configuration key \"%s\"", key); - return NULL; - } + if (strncmp("lxc.net.", key, 8)) + return log_error_errno(NULL, EINVAL, "Invalid network configuration key \"%s\"", key); copy = strdup(key); - if (!copy) { - ERROR("Failed to duplicate string \"%s\"", key); - return NULL; - } + if (!copy) + return log_error_errno(NULL, ENOMEM, "Failed to duplicate string \"%s\"", key); /* lxc.net. */ - if (!isdigit(*(key + 8))) { - ERROR("Failed to detect digit in string \"%s\"", key + 8); - goto on_error; - } + if (!isdigit(*(key + 8))) + return log_error_errno(NULL, EINVAL, "Failed to detect digit in string \"%s\"", key + 8); /* beginning of index string */ idx_start = (copy + 7); @@ -4902,22 +4730,16 @@ /* parse current index */ ret = lxc_safe_uint((idx_start + 1), &tmpidx); if (ret < 0) { - errno = -ret; - SYSERROR("Failed to parse unsigned integer from string \"%s\"", - idx_start + 1); *idx = ret; - goto on_error; + return log_error_errno(NULL, -ret, "Failed to parse unsigned integer from string \"%s\"", idx_start + 1); } /* This, of course is utterly nonsensical on so many levels, but * better safe than sorry. * (Checking for INT_MAX here is intentional.) */ - if (tmpidx == INT_MAX) { - SYSERROR("Number of configured networks would overflow the " - "counter"); - goto on_error; - } + if (tmpidx == INT_MAX) + return log_error_errno(NULL, ERANGE, "Number of configured networks would overflow the counter"); *idx = tmpidx; numstrlen = strlen((idx_start + 1)); @@ -4928,29 +4750,21 @@ /* lxc.net.. */ if (idx_end) { *idx_end = '.'; - if (strlen(idx_end + 1) == 0) { - ERROR("No subkey in network configuration key \"%s\"", key); - goto on_error; - } + if (strlen(idx_end + 1) == 0) + return log_error_errno(NULL, EINVAL, "No subkey in network configuration key \"%s\"", key); memmove(copy + 8, idx_end + 1, strlen(idx_end + 1)); copy[strlen(key) - (numstrlen + 1)] = '\0'; config = lxc_get_config(copy); - if (!config) { - ERROR("Unknown network configuration key \"%s\"", key); - goto on_error; - } + if (!config) + return log_error_errno(NULL, ENOENT, "Unknown network configuration key \"%s\"", key); } if (deindexed_key) - *deindexed_key = copy; + *deindexed_key = move_ptr(copy); return config; - -on_error: - free(copy); - return NULL; } /* Config entry is something like "lxc.net.0.ipv4" the key 'lxc.net.' was @@ -4960,49 +4774,43 @@ static int set_config_net_nic(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { - int ret; + __do_free char *deindexed_key = NULL; + ssize_t idx = -1; const char *idxstring; struct lxc_config_t *config; struct lxc_netdev *netdev; - ssize_t idx = -1; - char *deindexed_key = NULL; idxstring = key + 8; if (!isdigit(*idxstring)) - return -1; + return ret_errno(EINVAL); if (lxc_config_value_empty(value)) return clr_config_net_nic(key, lxc_conf, data); config = get_network_config_ops(key, lxc_conf, &idx, &deindexed_key); if (!config || idx < 0) - return -1; + return -errno; netdev = lxc_get_netdev_by_idx(lxc_conf, (unsigned int)idx, true); - if (!netdev) { - free(deindexed_key); - return -1; - } - - ret = config->set(deindexed_key, value, lxc_conf, netdev); - free(deindexed_key); + if (!netdev) + return ret_errno(EINVAL); - return ret; + return config->set(deindexed_key, value, lxc_conf, netdev); } static int clr_config_net_nic(const char *key, struct lxc_conf *lxc_conf, void *data) { + __do_free char *deindexed_key = NULL; + ssize_t idx = -1; int ret; const char *idxstring; struct lxc_config_t *config; struct lxc_netdev *netdev; - ssize_t idx = -1; - char *deindexed_key = NULL; idxstring = key + 8; if (!isdigit(*idxstring)) - return -1; + return ret_errno(EINVAL); /* The left conjunct is pretty self-explanatory. The right conjunct * checks whether the two pointers are equal. If they are we know that @@ -5012,8 +4820,9 @@ if (isdigit(*idxstring) && (strrchr(key, '.') == (idxstring - 1))) { unsigned int rmnetdevidx; - if (lxc_safe_uint(idxstring, &rmnetdevidx) < 0) - return -1; + ret = lxc_safe_uint(idxstring, &rmnetdevidx); + if (ret < 0) + return ret; /* Remove network from network list. */ lxc_remove_nic_by_idx(lxc_conf, rmnetdevidx); @@ -5022,18 +4831,13 @@ config = get_network_config_ops(key, lxc_conf, &idx, &deindexed_key); if (!config || idx < 0) - return -1; + return -errno; netdev = lxc_get_netdev_by_idx(lxc_conf, (unsigned int)idx, false); - if (!netdev) { - free(deindexed_key); - return -1; - } - - ret = config->clr(deindexed_key, lxc_conf, netdev); - free(deindexed_key); + if (!netdev) + return ret_errno(EINVAL); - return ret; + return config->clr(deindexed_key, lxc_conf, netdev); } static int clr_config_net_type(const char *key, struct lxc_conf *lxc_conf, @@ -5042,7 +4846,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->type = -1; @@ -5055,7 +4859,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->name[0] = '\0'; @@ -5068,7 +4872,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->flags = 0; @@ -5081,7 +4885,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->link[0] = '\0'; @@ -5094,7 +4898,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); netdev->l2proxy = false; @@ -5107,7 +4911,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->type != LXC_NET_MACVLAN) return 0; @@ -5123,7 +4927,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_IPVLAN) return 0; @@ -5139,7 +4943,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_IPVLAN) return 0; @@ -5155,7 +4959,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; @@ -5171,7 +4975,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->priv.veth_attr.pair[0] = '\0'; @@ -5184,10 +4988,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->upscript); - netdev->upscript = NULL; + free_disarm(netdev->upscript); return 0; } @@ -5198,10 +5001,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->downscript); - netdev->downscript = NULL; + free_disarm(netdev->downscript); return 0; } @@ -5212,10 +5014,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->hwaddr); - netdev->hwaddr = NULL; + free_disarm(netdev->hwaddr); return 0; } @@ -5226,10 +5027,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->mtu); - netdev->mtu = NULL; + free_disarm(netdev->mtu); return 0; } @@ -5240,7 +5040,7 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); netdev->priv.vlan_attr.vid = 0; @@ -5253,10 +5053,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->ipv4_gateway); - netdev->ipv4_gateway = NULL; + free_disarm(netdev->ipv4_gateway); return 0; } @@ -5268,7 +5067,7 @@ struct lxc_list *cur, *next; if (!netdev) - return -1; + return ret_errno(EINVAL); lxc_list_for_each_safe(cur, &netdev->ipv4, next) { lxc_list_del(cur); @@ -5280,13 +5079,13 @@ } static int clr_config_net_veth_ipv4_route(const char *key, - struct lxc_conf *lxc_conf, void *data) + struct lxc_conf *lxc_conf, void *data) { struct lxc_netdev *netdev = data; struct lxc_list *cur, *next; if (!netdev) - return -1; + return ret_errno(EINVAL); lxc_list_for_each_safe(cur, &netdev->priv.veth_attr.ipv4_routes, next) { lxc_list_del(cur); @@ -5303,10 +5102,9 @@ struct lxc_netdev *netdev = data; if (!netdev) - return -1; + return ret_errno(EINVAL); - free(netdev->ipv6_gateway); - netdev->ipv6_gateway = NULL; + free_disarm(netdev->ipv6_gateway); return 0; } @@ -5318,7 +5116,7 @@ struct lxc_list *cur, *next; if (!netdev) - return -1; + return ret_errno(EINVAL); lxc_list_for_each_safe(cur, &netdev->ipv6, next) { lxc_list_del(cur); @@ -5330,13 +5128,13 @@ } static int clr_config_net_veth_ipv6_route(const char *key, - struct lxc_conf *lxc_conf, void *data) + struct lxc_conf *lxc_conf, void *data) { struct lxc_netdev *netdev = data; struct lxc_list *cur, *next; if (!netdev) - return -1; + return ret_errno(EINVAL); lxc_list_for_each_safe(cur, &netdev->priv.veth_attr.ipv6_routes, next) { lxc_list_del(cur); @@ -5350,31 +5148,25 @@ static int get_config_net_nic(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { - int ret; + __do_free char *deindexed_key = NULL; + ssize_t idx = -1; const char *idxstring; struct lxc_config_t *config; struct lxc_netdev *netdev; - ssize_t idx = -1; - char *deindexed_key = NULL; idxstring = key + 8; if (!isdigit(*idxstring)) - return -1; + return ret_errno(EINVAL); config = get_network_config_ops(key, c, &idx, &deindexed_key); if (!config || idx < 0) - return -1; + return -errno; netdev = lxc_get_netdev_by_idx(c, (unsigned int)idx, false); - if (!netdev) { - free(deindexed_key); - return -1; - } - - ret = config->get(deindexed_key, retv, inlen, c, netdev); - free(deindexed_key); + if (!netdev) + return ret_errno(EINVAL); - return ret; + return config->get(deindexed_key, retv, inlen, c, netdev); } static int get_config_net_type(const char *key, char *retv, int inlen, @@ -5390,7 +5182,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); strprint(retv, inlen, "%s", lxc_net_type_to_str(netdev->type)); @@ -5410,7 +5202,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->flags & IFF_UP) strprint(retv, inlen, "up"); @@ -5431,7 +5223,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->link[0] != '\0') strprint(retv, inlen, "%s", netdev->link); @@ -5440,7 +5232,7 @@ } static int get_config_net_l2proxy(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) + struct lxc_conf *c, void *data) { struct lxc_netdev *netdev = data; return lxc_get_conf_bool(c, retv, inlen, netdev->l2proxy); @@ -5459,7 +5251,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->name[0] != '\0') strprint(retv, inlen, "%s", netdev->name); @@ -5481,7 +5273,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->type != LXC_NET_MACVLAN) return 0; @@ -5512,10 +5304,10 @@ static int get_config_net_ipvlan_mode(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { - int len; int fulllen = 0; - const char *mode; struct lxc_netdev *netdev = data; + int len; + const char *mode; if (!retv) inlen = 0; @@ -5523,7 +5315,7 @@ memset(retv, 0, inlen); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_IPVLAN) return 0; @@ -5551,10 +5343,10 @@ static int get_config_net_ipvlan_isolation(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { - int len; int fulllen = 0; - const char *mode; struct lxc_netdev *netdev = data; + int len; + const char *mode; if (!retv) inlen = 0; @@ -5562,7 +5354,7 @@ memset(retv, 0, inlen); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_IPVLAN) return 0; @@ -5590,10 +5382,10 @@ static int get_config_net_veth_mode(const char *key, char *retv, int inlen, struct lxc_conf *c, void *data) { - int len; int fulllen = 0; - const char *mode; struct lxc_netdev *netdev = data; + int len; + const char *mode; if (!retv) inlen = 0; @@ -5601,7 +5393,7 @@ memset(retv, 0, inlen); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; @@ -5636,7 +5428,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; @@ -5662,7 +5454,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->upscript) strprint(retv, inlen, "%s", netdev->upscript); @@ -5683,7 +5475,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->downscript) strprint(retv, inlen, "%s", netdev->downscript); @@ -5704,7 +5496,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->hwaddr) strprint(retv, inlen, "%s", netdev->hwaddr); @@ -5725,7 +5517,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->mtu) strprint(retv, inlen, "%s", netdev->mtu); @@ -5746,7 +5538,7 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VLAN) return 0; @@ -5770,14 +5562,15 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->ipv4_gateway_auto) { strprint(retv, inlen, "auto"); } else if (netdev->ipv4_gateway_dev) { strprint(retv, inlen, "dev"); } else if (netdev->ipv4_gateway) { - inet_ntop(AF_INET, netdev->ipv4_gateway, buf, sizeof(buf)); + if (!inet_ntop(AF_INET, netdev->ipv4_gateway, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s", buf); } @@ -5800,13 +5593,14 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); listlen = lxc_list_len(&netdev->ipv4); lxc_list_for_each(it, &netdev->ipv4) { struct lxc_inetdev *i = it->elem; - inet_ntop(AF_INET, &i->addr, buf, sizeof(buf)); + if (!inet_ntop(AF_INET, &i->addr, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s/%u%s", buf, i->prefix, (listlen-- > 1) ? "\n" : ""); } @@ -5830,7 +5624,7 @@ memset(retv, 0, inlen); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; @@ -5839,7 +5633,8 @@ lxc_list_for_each(it, &netdev->priv.veth_attr.ipv4_routes) { struct lxc_inetdev *i = it->elem; - inet_ntop(AF_INET, &i->addr, buf, sizeof(buf)); + if (!inet_ntop(AF_INET, &i->addr, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s/%u%s", buf, i->prefix, (listlen-- > 1) ? "\n" : ""); } @@ -5861,14 +5656,15 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); if (netdev->ipv6_gateway_auto) { strprint(retv, inlen, "auto"); } else if (netdev->ipv6_gateway_dev) { strprint(retv, inlen, "dev"); } else if (netdev->ipv6_gateway) { - inet_ntop(AF_INET6, netdev->ipv6_gateway, buf, sizeof(buf)); + if (!inet_ntop(AF_INET6, netdev->ipv6_gateway, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s", buf); } @@ -5891,13 +5687,14 @@ memset(retv, 0, inlen); if (!netdev) - return -1; + return ret_errno(EINVAL); listlen = lxc_list_len(&netdev->ipv6); lxc_list_for_each(it, &netdev->ipv6) { struct lxc_inet6dev *i = it->elem; - inet_ntop(AF_INET6, &i->addr, buf, sizeof(buf)); + if (!inet_ntop(AF_INET6, &i->addr, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s/%u%s", buf, i->prefix, (listlen-- > 1) ? "\n" : ""); } @@ -5906,7 +5703,7 @@ } static int get_config_net_veth_ipv6_route(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) + struct lxc_conf *c, void *data) { int len; size_t listlen; @@ -5921,7 +5718,7 @@ memset(retv, 0, inlen); if (!netdev) - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); if (netdev->type != LXC_NET_VETH) return 0; @@ -5930,7 +5727,8 @@ lxc_list_for_each(it, &netdev->priv.veth_attr.ipv6_routes) { struct lxc_inet6dev *i = it->elem; - inet_ntop(AF_INET6, &i->addr, buf, sizeof(buf)); + if (!inet_ntop(AF_INET6, &i->addr, buf, sizeof(buf))) + return -errno; strprint(retv, inlen, "%s/%u%s", buf, i->prefix, (listlen-- > 1) ? "\n" : ""); } @@ -6025,7 +5823,7 @@ } else if (!strcmp(key, "lxc.keyring")) { strprint(retv, inlen, "session\n"); } else { - fulllen = -1; + fulllen = ret_errno(EINVAL); } return fulllen; @@ -6045,11 +5843,11 @@ (void)get_network_config_ops(key, c, &idx, NULL); if (idx < 0) - return -1; + return ret_errno(EINVAL); netdev = lxc_get_netdev_by_idx(c, (unsigned int)idx, false); if (!netdev) - return -1; + return ret_errno(EINVAL); if (!retv) inlen = 0; diff -Nru lxc-4.0.2/src/lxc/confile.h lxc-4.0.6/src/lxc/confile.h --- lxc-4.0.2/src/lxc/confile.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/confile.h 2021-01-12 00:20:05.000000000 +0000 @@ -9,6 +9,8 @@ #include #include +#include "compiler.h" + struct lxc_conf; struct lxc_list; @@ -43,63 +45,64 @@ }; /* Get the jump table entry for the given configuration key. */ -extern struct lxc_config_t *lxc_get_config(const char *key); +__hidden extern struct lxc_config_t *lxc_get_config_exact(const char *key); + +/* Get the jump table entry if entry name is a prefix of the given configuration key. */ +__hidden extern struct lxc_config_t *lxc_get_config(const char *key); /* List all available config items. */ -extern int lxc_list_config_items(char *retv, int inlen); +__hidden extern int lxc_list_config_items(char *retv, int inlen) +__access_rw(1, 2); /* Given a configuration key namespace (e.g. lxc.apparmor) list all associated * subkeys for that namespace. * Must be implemented when adding a new configuration key. */ -extern int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv, - int inlen); +__hidden extern int lxc_list_subkeys(struct lxc_conf *conf, const char *key, char *retv, int inlen) + __access_rw(3, 4); /* List all configuration items associated with a given network. For example * pass "lxc.net.[i]" to retrieve all configuration items associated with * the network associated with index [i]. */ -extern int lxc_list_net(struct lxc_conf *c, const char *key, char *retv, - int inlen); +__hidden extern int lxc_list_net(struct lxc_conf *c, const char *key, char *retv, int inlen) + __access_rw(3, 4); -extern int lxc_config_read(const char *file, struct lxc_conf *conf, - bool from_include); +__hidden extern int lxc_config_read(const char *file, struct lxc_conf *conf, bool from_include); -extern int append_unexp_config_line(const char *line, struct lxc_conf *conf); +__hidden extern int append_unexp_config_line(const char *line, struct lxc_conf *conf); -extern int lxc_config_define_add(struct lxc_list *defines, char* arg); +__hidden extern int lxc_config_define_add(struct lxc_list *defines, char *arg); -extern bool lxc_config_define_load(struct lxc_list *defines, - struct lxc_container *c); +__hidden extern bool lxc_config_define_load(struct lxc_list *defines, struct lxc_container *c); -extern void lxc_config_define_free(struct lxc_list *defines); +__hidden extern void lxc_config_define_free(struct lxc_list *defines); /* needed for lxc-attach */ -extern signed long lxc_config_parse_arch(const char *arch); +__hidden extern signed long lxc_config_parse_arch(const char *arch); -extern int lxc_fill_elevated_privileges(char *flaglist, int *flags); +__hidden extern int lxc_fill_elevated_privileges(char *flaglist, int *flags); -extern int lxc_clear_config_item(struct lxc_conf *c, const char *key); +__hidden extern int lxc_clear_config_item(struct lxc_conf *c, const char *key); -extern int write_config(int fd, const struct lxc_conf *conf); +__hidden extern int write_config(int fd, const struct lxc_conf *conf); -extern bool do_append_unexp_config_line(struct lxc_conf *conf, const char *key, - const char *v); +__hidden extern bool do_append_unexp_config_line(struct lxc_conf *conf, const char *key, + const char *v); /* These are used when cloning a container */ -extern void clear_unexp_config_line(struct lxc_conf *conf, const char *key, - bool rm_subkeys); +__hidden extern void clear_unexp_config_line(struct lxc_conf *conf, const char *key, bool rm_subkeys); -extern bool clone_update_unexp_hooks(struct lxc_conf *conf, const char *oldpath, - const char *newpath, const char *oldname, - const char *newmame); +__hidden extern bool clone_update_unexp_hooks(struct lxc_conf *conf, const char *oldpath, + const char *newpath, const char *oldname, + const char *newmame); -bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath, - const char *newpath, const char *oldname, - const char *newname, const char *ovldir); +__hidden extern bool clone_update_unexp_ovl_paths(struct lxc_conf *conf, const char *oldpath, + const char *newpath, const char *oldname, + const char *newname, const char *ovldir); -extern bool network_new_hwaddrs(struct lxc_conf *conf); +__hidden extern bool network_new_hwaddrs(struct lxc_conf *conf); -extern int add_elem_to_mount_list(const char *value, struct lxc_conf *lxc_conf); +__hidden extern int add_elem_to_mount_list(const char *value, struct lxc_conf *lxc_conf); #endif /* __LXC_CONFILE_H */ diff -Nru lxc-4.0.2/src/lxc/confile_utils.c lxc-4.0.6/src/lxc/confile_utils.c --- lxc-4.0.2/src/lxc/confile_utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/confile_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -15,9 +15,11 @@ #include "confile_utils.h" #include "error.h" #include "list.h" +#include "lxc.h" #include "log.h" #include "lxccontainer.h" #include "macro.h" +#include "memory_utils.h" #include "network.h" #include "parse.h" #include "utils.h" @@ -31,16 +33,16 @@ int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, unsigned long *hostid, unsigned long *range) { + __do_free char *dup = NULL; int ret = -1; unsigned long tmp_hostid, tmp_nsid, tmp_range; char tmp_type; char *window, *slide; - char *dup = NULL; /* Duplicate string. */ dup = strdup(idmap); if (!dup) - goto on_error; + return ret_errno(ENOMEM); /* A prototypical idmap entry would be: "u 1000 1000000 65536" */ @@ -49,13 +51,11 @@ /* skip whitespace */ slide += strspn(slide, " \t\r"); if (slide != window && *slide == '\0') - goto on_error; + return ret_errno(EINVAL); /* Validate type. */ - if (*slide != 'u' && *slide != 'g') { - ERROR("Invalid id mapping type: %c", *slide); - goto on_error; - } + if (*slide != 'u' && *slide != 'g') + return log_error_errno(-EINVAL, EINVAL, "Invalid id mapping type: %c", *slide); /* Assign type. */ tmp_type = *slide; @@ -68,7 +68,7 @@ slide += strspn(slide, " \t\r"); /* There must be whitespace. */ if (slide == window) - goto on_error; + return ret_errno(EINVAL); /* Mark beginning of nsid. */ window = slide; @@ -76,15 +76,14 @@ slide += strcspn(slide, " \t\r"); /* There must be non-whitespace. */ if (slide == window || *slide == '\0') - goto on_error; + return ret_errno(EINVAL); /* Mark end of nsid. */ *slide = '\0'; /* Parse nsid. */ - if (lxc_safe_ulong(window, &tmp_nsid) < 0) { - ERROR("Failed to parse nsid: %s", window); - goto on_error; - } + ret = lxc_safe_ulong(window, &tmp_nsid); + if (ret < 0) + return log_error_errno(ret, errno, "Failed to parse nsid: %s", window); /* Move beyond \0. */ slide++; @@ -94,7 +93,7 @@ * So only ensure that we're not at the end of the string. */ if (*slide == '\0') - goto on_error; + return ret_errno(EINVAL); /* Mark beginning of hostid. */ window = slide; @@ -102,15 +101,14 @@ slide += strcspn(slide, " \t\r"); /* There must be non-whitespace. */ if (slide == window || *slide == '\0') - goto on_error; + return ret_errno(EINVAL); /* Mark end of nsid. */ *slide = '\0'; /* Parse hostid. */ - if (lxc_safe_ulong(window, &tmp_hostid) < 0) { - ERROR("Failed to parse hostid: %s", window); - goto on_error; - } + ret = lxc_safe_ulong(window, &tmp_hostid); + if (ret < 0) + return log_error_errno(ret, errno, "Failed to parse hostid: %s", window); /* Move beyond \0. */ slide++; @@ -120,7 +118,7 @@ * So only ensure that we're not at the end of the string. */ if (*slide == '\0') - goto on_error; + return ret_errno(EINVAL); /* Mark beginning of range. */ window = slide; @@ -128,35 +126,29 @@ slide += strcspn(slide, " \t\r"); /* There must be non-whitespace. */ if (slide == window) - goto on_error; + return ret_errno(EINVAL); /* The range is the last valid entry we expect. So make sure that there * is no trailing garbage and if there is, error out. */ if (*(slide + strspn(slide, " \t\r\n")) != '\0') - goto on_error; + return ret_errno(EINVAL); /* Mark end of range. */ *slide = '\0'; /* Parse range. */ - if (lxc_safe_ulong(window, &tmp_range) < 0) { - ERROR("Failed to parse id mapping range: %s", window); - goto on_error; - } + ret = lxc_safe_ulong(window, &tmp_range); + if (ret < 0) + return log_error_errno(ret, errno, "Failed to parse id mapping range: %s", window); - *type = tmp_type; - *nsid = tmp_nsid; + *type = tmp_type; + *nsid = tmp_nsid; *hostid = tmp_hostid; - *range = tmp_range; + *range = tmp_range; /* Yay, we survived. */ - ret = 0; - -on_error: - free(dup); - - return ret; + return 0; } bool lxc_config_value_empty(const char *value) @@ -169,13 +161,13 @@ struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx, bool tail) { - struct lxc_list *newlist; - struct lxc_netdev *netdev = NULL; + __do_free struct lxc_list *newlist = NULL; + __do_free struct lxc_netdev *netdev = NULL; /* network does not exist */ netdev = malloc(sizeof(*netdev)); if (!netdev) - return NULL; + return ret_set_errno(NULL, ENOMEM); memset(netdev, 0, sizeof(*netdev)); lxc_list_init(&netdev->ipv4); @@ -186,10 +178,8 @@ /* prepare new list */ newlist = malloc(sizeof(*newlist)); - if (!newlist) { - free(netdev); - return NULL; - } + if (!newlist) + return ret_set_errno(NULL, ENOMEM); lxc_list_init(newlist); newlist->elem = netdev; @@ -198,8 +188,9 @@ lxc_list_add_tail(networks, newlist); else lxc_list_add(networks, newlist); + move_ptr(newlist); - return netdev; + return move_ptr(netdev); } /* Takes care of finding the correct netdev struct in the networks list or @@ -224,7 +215,7 @@ } if (!allocate) - return NULL; + return ret_set_errno(NULL, EINVAL); return lxc_network_add(insert, idx, true); } @@ -408,6 +399,9 @@ { struct lxc_list *cur, *next; + if (!netdev) + return; + free(netdev->upscript); free(netdev->downscript); free(netdev->hwaddr); @@ -444,11 +438,12 @@ free(netdev); } +define_cleanup_function(struct lxc_netdev *, lxc_free_netdev); + bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx) { + call_cleaner(lxc_free_netdev) struct lxc_netdev *netdev = NULL; struct lxc_list *cur, *next; - struct lxc_netdev *netdev; - bool found = false; lxc_list_for_each_safe(cur, &conf->network, next) { netdev = cur->elem; @@ -456,25 +451,19 @@ continue; lxc_list_del(cur); - found = true; - break; + free(cur); + return true; } - if (!found) - return false; - - lxc_free_netdev(netdev); - free(cur); - - return true; + return false; } void lxc_free_networks(struct lxc_list *networks) { struct lxc_list *cur, *next; - struct lxc_netdev *netdev; - lxc_list_for_each_safe(cur, networks, next) { + lxc_list_for_each_safe (cur, networks, next) { + struct lxc_netdev *netdev = cur->elem; netdev = cur->elem; lxc_free_netdev(netdev); free(cur); @@ -484,13 +473,12 @@ lxc_list_init(networks); } - static struct lxc_veth_mode { char *name; int mode; } veth_mode[] = { - { "bridge", VETH_MODE_BRIDGE }, - { "router", VETH_MODE_ROUTER }, + { "bridge", VETH_MODE_BRIDGE }, + { "router", VETH_MODE_ROUTER }, }; int lxc_veth_mode_to_flag(int *mode, const char *value) @@ -503,24 +491,34 @@ return 0; } - return ret_set_errno(-1, EINVAL); + return ret_errno(EINVAL); +} + +char *lxc_veth_flag_to_mode(int mode) +{ + for (size_t i = 0; i < sizeof(veth_mode) / sizeof(veth_mode[0]); i++) { + if (veth_mode[i].mode != mode) + continue; + + return veth_mode[i].name; + } + + return ret_set_errno(NULL, EINVAL); } static struct lxc_macvlan_mode { char *name; int mode; } macvlan_mode[] = { - { "private", MACVLAN_MODE_PRIVATE }, - { "vepa", MACVLAN_MODE_VEPA }, - { "bridge", MACVLAN_MODE_BRIDGE }, - { "passthru", MACVLAN_MODE_PASSTHRU }, + { "private", MACVLAN_MODE_PRIVATE }, + { "vepa", MACVLAN_MODE_VEPA }, + { "bridge", MACVLAN_MODE_BRIDGE }, + { "passthru", MACVLAN_MODE_PASSTHRU }, }; int lxc_macvlan_mode_to_flag(int *mode, const char *value) { - size_t i; - - for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) { + for (size_t i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) { if (strcmp(macvlan_mode[i].name, value)) continue; @@ -528,30 +526,28 @@ return 0; } - return -1; + return ret_errno(EINVAL); } char *lxc_macvlan_flag_to_mode(int mode) { - size_t i; - - for (i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) { + for (size_t i = 0; i < sizeof(macvlan_mode) / sizeof(macvlan_mode[0]); i++) { if (macvlan_mode[i].mode != mode) continue; return macvlan_mode[i].name; } - return NULL; + return ret_set_errno(NULL, EINVAL); } static struct lxc_ipvlan_mode { char *name; int mode; } ipvlan_mode[] = { - { "l3", IPVLAN_MODE_L3 }, - { "l3s", IPVLAN_MODE_L3S }, - { "l2", IPVLAN_MODE_L2 }, + { "l3", IPVLAN_MODE_L3 }, + { "l3s", IPVLAN_MODE_L3S }, + { "l2", IPVLAN_MODE_L2 }, }; int lxc_ipvlan_mode_to_flag(int *mode, const char *value) @@ -564,7 +560,7 @@ return 0; } - return -1; + return ret_errno(EINVAL); } char *lxc_ipvlan_flag_to_mode(int mode) @@ -576,16 +572,16 @@ return ipvlan_mode[i].name; } - return NULL; + return ret_set_errno(NULL, EINVAL); } static struct lxc_ipvlan_isolation { char *name; int flag; } ipvlan_isolation[] = { - { "bridge", IPVLAN_ISOLATION_BRIDGE }, - { "private", IPVLAN_ISOLATION_PRIVATE }, - { "vepa", IPVLAN_ISOLATION_VEPA }, + { "bridge", IPVLAN_ISOLATION_BRIDGE }, + { "private", IPVLAN_ISOLATION_PRIVATE }, + { "vepa", IPVLAN_ISOLATION_VEPA }, }; int lxc_ipvlan_isolation_to_flag(int *flag, const char *value) @@ -598,7 +594,7 @@ return 0; } - return -1; + return ret_errno(EINVAL); } char *lxc_ipvlan_flag_to_isolation(int flag) @@ -610,7 +606,7 @@ return ipvlan_isolation[i].name; } - return NULL; + return ret_set_errno(NULL, EINVAL); } int set_config_string_item(char **conf_item, const char *value) @@ -618,28 +614,22 @@ char *new_value; if (lxc_config_value_empty(value)) { - free(*conf_item); - *conf_item = NULL; + free_disarm(*conf_item); return 0; } new_value = strdup(value); - if (!new_value) { - SYSERROR("Failed to duplicate string \"%s\"", value); - return -1; - } + if (!new_value) + return log_error_errno(-ENOMEM, ENOMEM, "Failed to duplicate string \"%s\"", value); - free(*conf_item); - *conf_item = new_value; + free_move_ptr(*conf_item, new_value); return 0; } int set_config_string_item_max(char **conf_item, const char *value, size_t max) { - if (strlen(value) >= max) { - ERROR("%s is too long (>= %lu)", value, (unsigned long)max); - return -1; - } + if (strlen(value) >= max) + return log_error_errno(-ENAMETOOLONG, ENAMETOOLONG, "%s is too long (>= %lu)", value, (unsigned long)max); return set_config_string_item(conf_item, value); } @@ -651,6 +641,7 @@ int set_config_bool_item(bool *conf_item, const char *value, bool empty_conf_action) { + int ret; unsigned int val = 0; if (lxc_config_value_empty(value)) { @@ -658,8 +649,9 @@ return 0; } - if (lxc_safe_uint(value, &val) < 0) - return -EINVAL; + ret = lxc_safe_uint(value, &val); + if (ret < 0) + return ret; switch (val) { case 0: @@ -670,7 +662,7 @@ return 0; } - return -EINVAL; + return ret_errno(EINVAL); } int config_ip_prefix(struct in_addr *addr) @@ -692,12 +684,11 @@ size_t retlen; if (!valuep || !value) - return -1; + return ret_errno(EINVAL); retlen = strlcpy(valuep, value, size); if (retlen >= size) - ERROR("Network device name \"%s\" is too long (>= %zu)", value, - size); + ERROR("Network device name \"%s\" is too long (>= %zu)", value, size); return 0; } @@ -773,8 +764,7 @@ rand() % 255, rand() % 255); #endif if (ret < 0 || ret >= 18) { - SYSERROR("Failed to call snprintf()"); - return false; + return log_error_errno(false, EIO, "Failed to call snprintf()"); } return true; @@ -863,37 +853,24 @@ pid = strtol(lxcname_or_pid, &err, 10); if (*err != '\0' || pid < 1) { - struct lxc_container *c; + __put_lxc_container struct lxc_container *c = NULL; c = lxc_container_new(lxcname_or_pid, lxcpath); - if (!c) { - ERROR("\"%s\" is not a valid pid nor a container name", - lxcname_or_pid); - return -1; - } + if (!c) + return log_error_errno(-EINVAL, EINVAL, "\"%s\" is not a valid pid nor a container name", lxcname_or_pid); - if (!c->may_control(c)) { - ERROR("Insufficient privileges to control container " - "\"%s\"", c->name); - lxc_container_put(c); - return -1; - } + if (!c->may_control(c)) + return log_error_errno(-EPERM, EPERM, "Insufficient privileges to control container \"%s\"", c->name); pid = c->init_pid(c); - if (pid < 1) { - ERROR("Container \"%s\" is not running", c->name); - lxc_container_put(c); - return -1; - } + if (pid < 1) + return log_error_errno(-EINVAL, EINVAL, "Container \"%s\" is not running", c->name); - lxc_container_put(c); } ret = kill(pid, 0); - if (ret < 0) { - SYSERROR("Failed to send signal to pid %d", (int)pid); - return -1; - } + if (ret < 0) + return log_error_errno(-errno, errno, "Failed to send signal to pid %d", (int)pid); return pid; } @@ -901,8 +878,9 @@ int lxc_inherit_namespace(const char *nsfd_path, const char *lxcpath, const char *namespace) { + __do_free char *dup = NULL; int fd, pid; - char *dup, *lastslash; + char *lastslash; if (nsfd_path[0] == '/') { return open(nsfd_path, O_RDONLY | O_CLOEXEC); @@ -912,21 +890,20 @@ if (lastslash) { dup = strdup(nsfd_path); if (!dup) - return -1; + return ret_errno(ENOMEM); dup[lastslash - nsfd_path] = '\0'; - pid = lxc_container_name_to_pid(lastslash + 1, dup); - free(dup); - } else { - pid = lxc_container_name_to_pid(nsfd_path, lxcpath); + lxcpath = lastslash + 1; + nsfd_path = lastslash + 1; } + pid = lxc_container_name_to_pid(nsfd_path, lxcpath); if (pid < 0) - return -1; + return pid; fd = lxc_preserve_ns(pid, namespace); if (fd < 0) - return -1; + return -errno; return fd; } @@ -1017,10 +994,12 @@ static int sig_num(const char *sig) { + int ret; unsigned int signum; - if (lxc_safe_uint(sig, &signum) < 0) - return -1; + ret = lxc_safe_uint(sig, &signum); + if (ret < 0) + return ret; return signum; } @@ -1034,12 +1013,12 @@ signame += 4; if (!isdigit(*signame)) - return -1; + return ret_errno(EINVAL); sig_n = sig_num(signame); sig_n = rtmax ? SIGRTMAX - sig_n : SIGRTMIN + sig_n; if (sig_n > SIGRTMAX || sig_n < SIGRTMIN) - return -1; + return ret_errno(EINVAL); return sig_n; } @@ -1060,5 +1039,5 @@ return signames[n].num; } - return -1; + return ret_errno(EINVAL); } diff -Nru lxc-4.0.2/src/lxc/confile_utils.h lxc-4.0.6/src/lxc/confile_utils.h --- lxc-4.0.2/src/lxc/confile_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/confile_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -5,66 +5,66 @@ #include +#include "compiler.h" #include "conf.h" #include "confile_utils.h" -#define strprint(str, inlen, ...) \ - do { \ - if (str) \ - len = snprintf(str, inlen, ##__VA_ARGS__); \ - else \ - len = snprintf((char *){""}, 0, ##__VA_ARGS__); \ - if (len < 0) { \ - SYSERROR("failed to create string"); \ - return -1; \ - }; \ - fulllen += len; \ - if (inlen > 0) { \ - if (str) \ - str += len; \ - inlen -= len; \ - if (inlen < 0) \ - inlen = 0; \ - } \ +#define strprint(str, inlen, ...) \ + do { \ + if (str) \ + len = snprintf(str, inlen, ##__VA_ARGS__); \ + else \ + len = snprintf((char *){""}, 0, ##__VA_ARGS__); \ + if (len < 0) \ + return log_error_errno(-EIO, EIO, "failed to create string"); \ + fulllen += len; \ + if (inlen > 0) { \ + if (str) \ + str += len; \ + inlen -= len; \ + if (inlen < 0) \ + inlen = 0; \ + } \ } while (0); -extern int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, - unsigned long *hostid, unsigned long *range); +__hidden extern int parse_idmaps(const char *idmap, char *type, unsigned long *nsid, + unsigned long *hostid, unsigned long *range); -extern bool lxc_config_value_empty(const char *value); -extern struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx, - bool tail); -extern struct lxc_netdev * -lxc_get_netdev_by_idx(struct lxc_conf *conf, unsigned int idx, bool allocate); -extern void lxc_log_configured_netdevs(const struct lxc_conf *conf); -extern bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx); -extern void lxc_free_networks(struct lxc_list *networks); -extern int lxc_veth_mode_to_flag(int *mode, const char *value); -extern int lxc_macvlan_mode_to_flag(int *mode, const char *value); -extern char *lxc_macvlan_flag_to_mode(int mode); -extern int lxc_ipvlan_mode_to_flag(int *mode, const char *value); -extern char *lxc_ipvlan_flag_to_mode(int mode); -extern int lxc_ipvlan_isolation_to_flag(int *mode, const char *value); -extern char *lxc_ipvlan_flag_to_isolation(int mode); - -extern int set_config_string_item(char **conf_item, const char *value); -extern int set_config_string_item_max(char **conf_item, const char *value, - size_t max); -extern int set_config_path_item(char **conf_item, const char *value); -extern int set_config_bool_item(bool *conf_item, const char *value, - bool empty_conf_action); -extern int config_ip_prefix(struct in_addr *addr); -extern int network_ifname(char *valuep, const char *value, size_t size); -extern void rand_complete_hwaddr(char *hwaddr); -extern bool lxc_config_net_is_hwaddr(const char *line); -extern bool new_hwaddr(char *hwaddr); -extern int lxc_get_conf_str(char *retv, int inlen, const char *value); -extern int lxc_get_conf_bool(struct lxc_conf *c, char *retv, int inlen, bool v); -extern int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, int v); -extern int lxc_get_conf_size_t(struct lxc_conf *c, char *retv, int inlen, size_t v); -extern int lxc_get_conf_uint64(struct lxc_conf *c, char *retv, int inlen, uint64_t v); -extern int lxc_inherit_namespace(const char *lxcname_or_pid, - const char *lxcpath, const char *namespace); -extern int sig_parse(const char *signame); +__hidden extern bool lxc_config_value_empty(const char *value); +__hidden extern struct lxc_netdev *lxc_network_add(struct lxc_list *networks, int idx, bool tail); +__hidden extern struct lxc_netdev *lxc_get_netdev_by_idx(struct lxc_conf *conf, unsigned int idx, + bool allocate); +__hidden extern void lxc_log_configured_netdevs(const struct lxc_conf *conf); +__hidden extern bool lxc_remove_nic_by_idx(struct lxc_conf *conf, unsigned int idx); +__hidden extern void lxc_free_networks(struct lxc_list *networks); +__hidden extern int lxc_veth_mode_to_flag(int *mode, const char *value); +__hidden extern char *lxc_veth_flag_to_mode(int mode); +__hidden extern int lxc_macvlan_mode_to_flag(int *mode, const char *value); +__hidden extern char *lxc_macvlan_flag_to_mode(int mode); +__hidden extern int lxc_ipvlan_mode_to_flag(int *mode, const char *value); +__hidden extern char *lxc_ipvlan_flag_to_mode(int mode); +__hidden extern int lxc_ipvlan_isolation_to_flag(int *mode, const char *value); +__hidden extern char *lxc_ipvlan_flag_to_isolation(int mode); + +__hidden extern int set_config_string_item(char **conf_item, const char *value); +__hidden extern int set_config_string_item_max(char **conf_item, const char *value, size_t max) + __access_r(2, 3); + +__hidden extern int set_config_path_item(char **conf_item, const char *value); +__hidden extern int set_config_bool_item(bool *conf_item, const char *value, bool empty_conf_action); +__hidden extern int config_ip_prefix(struct in_addr *addr); +__hidden extern int network_ifname(char *valuep, const char *value, size_t size) __access_r(2, 3); + +__hidden extern void rand_complete_hwaddr(char *hwaddr); +__hidden extern bool lxc_config_net_is_hwaddr(const char *line); +__hidden extern bool new_hwaddr(char *hwaddr); +__hidden extern int lxc_get_conf_str(char *retv, int inlen, const char *value); +__hidden extern int lxc_get_conf_bool(struct lxc_conf *c, char *retv, int inlen, bool v); +__hidden extern int lxc_get_conf_int(struct lxc_conf *c, char *retv, int inlen, int v); +__hidden extern int lxc_get_conf_size_t(struct lxc_conf *c, char *retv, int inlen, size_t v); +__hidden extern int lxc_get_conf_uint64(struct lxc_conf *c, char *retv, int inlen, uint64_t v); +__hidden extern int lxc_inherit_namespace(const char *lxcname_or_pid, const char *lxcpath, + const char *namespace); +__hidden extern int sig_parse(const char *signame); #endif /* __LXC_CONFILE_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/criu.c lxc-4.0.6/src/lxc/criu.c --- lxc-4.0.2/src/lxc/criu.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/criu.c 2021-01-12 00:20:05.000000000 +0000 @@ -67,7 +67,7 @@ struct lxc_handler *handler; int console_fd; /* The path that is bind mounted from /dev/console, if any. We don't - * want to use `--ext-mount-map auto`'s result here because the pts + * want to use `--ext-mount-map auto`'s result here because the pty * device may have a different path (e.g. if the pty number is * different) on the target host. NULL if lxc.console.path = "none". */ @@ -79,36 +79,26 @@ static int load_tty_major_minor(char *directory, char *output, int len) { - FILE *f; char path[PATH_MAX]; - int ret; + ssize_t ret; ret = snprintf(path, sizeof(path), "%s/tty.info", directory); - if (ret < 0 || ret >= sizeof(path)) { - ERROR("snprintf'd too many characters: %d", ret); - return -1; - } + if (ret < 0 || (size_t)ret >= sizeof(path)) + return ret_errno(EIO); - f = fopen(path, "re"); - if (!f) { - /* This means we're coming from a liblxc which didn't export + ret = lxc_read_from_file(path, output, len); + if (ret < 0) { + /* + * This means we're coming from a liblxc which didn't export * the tty info. In this case they had to have lxc.console.path * = * none, so there's no problem restoring. */ if (errno == ENOENT) return 0; - SYSERROR("couldn't open %s", path); - return -1; - } - - if (!fgets(output, len, f)) { - fclose(f); - SYSERROR("couldn't read %s", path); - return -1; + return log_error_errno(-errno, errno, "Failed to open \"%s\"", path); } - fclose(f); return 0; } @@ -303,7 +293,7 @@ * the handler the restore task created. */ if (!strcmp(opts->action, "dump") || !strcmp(opts->action, "pre-dump")) { - path = lxc_cmd_get_cgroup_path(opts->c->name, opts->c->config_path, controllers[0]); + path = lxc_cmd_get_limiting_cgroup_path(opts->c->name, opts->c->config_path, controllers[0]); if (!path) { ERROR("failed to get cgroup path for %s", controllers[0]); goto err; @@ -311,7 +301,7 @@ } else { const char *p; - p = cgroup_ops->get_cgroup(cgroup_ops, controllers[0]); + p = cgroup_ops->get_limiting_cgroup(cgroup_ops, controllers[0]); if (!p) { ERROR("failed to get cgroup path for %s", controllers[0]); goto err; @@ -406,9 +396,9 @@ DECLARE_ARG("-t"); DECLARE_ARG(pid); - freezer_relative = lxc_cmd_get_cgroup_path(opts->c->name, - opts->c->config_path, - "freezer"); + freezer_relative = lxc_cmd_get_limiting_cgroup_path(opts->c->name, + opts->c->config_path, + "freezer"); if (!freezer_relative) { ERROR("failed getting freezer path"); goto err; @@ -942,7 +932,7 @@ close(fd); } - handler = lxc_init_handler(c->name, c->lxc_conf, c->config_path, false); + handler = lxc_init_handler(NULL, c->name, c->lxc_conf, c->config_path, false); if (!handler) goto out; @@ -1020,7 +1010,7 @@ os.action = "restore"; os.user = opts; os.c = c; - os.console_fd = c->lxc_conf->console.slave; + os.console_fd = c->lxc_conf->console.pty; os.criu_version = criu_version; os.handler = handler; diff -Nru lxc-4.0.2/src/lxc/criu.h lxc-4.0.6/src/lxc/criu.h --- lxc-4.0.2/src/lxc/criu.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/criu.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,9 +7,9 @@ #include -extern bool __criu_pre_dump(struct lxc_container *c, struct migrate_opts *opts); -extern bool __criu_dump(struct lxc_container *c, struct migrate_opts *opts); -extern bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts); -extern bool __criu_check_feature(uint64_t *features_to_check); +__hidden extern bool __criu_pre_dump(struct lxc_container *c, struct migrate_opts *opts); +__hidden extern bool __criu_dump(struct lxc_container *c, struct migrate_opts *opts); +__hidden extern bool __criu_restore(struct lxc_container *c, struct migrate_opts *opts); +__hidden extern bool __criu_check_feature(uint64_t *features_to_check); #endif diff -Nru lxc-4.0.2/src/lxc/error.c lxc-4.0.6/src/lxc/error.c --- lxc-4.0.2/src/lxc/error.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/error.c 2021-01-12 00:20:05.000000000 +0000 @@ -18,7 +18,7 @@ * 128+n signal n received by the application * 255 lxc error */ -extern int lxc_error_set_and_log(int pid, int status) +int lxc_error_set_and_log(int pid, int status) { int ret = 0; diff -Nru lxc-4.0.2/src/lxc/error.h lxc-4.0.6/src/lxc/error.h --- lxc-4.0.2/src/lxc/error.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/error.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,6 +6,8 @@ #define LXC_CLONE_ERROR "Failed to clone a new set of namespaces" #define LXC_UNPRIV_EOPNOTSUPP "the requested function %s is not currently supported with unprivileged containers" -extern int lxc_error_set_and_log(int pid, int status); +#include "compiler.h" + +__hidden extern int lxc_error_set_and_log(int pid, int status); #endif diff -Nru lxc-4.0.2/src/lxc/execute.c lxc-4.0.6/src/lxc/execute.c --- lxc-4.0.2/src/lxc/execute.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/execute.c 2021-01-12 00:20:05.000000000 +0000 @@ -14,7 +14,7 @@ #include "config.h" #include "log.h" #include "start.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "utils.h" lxc_log_define(execute, start); @@ -66,7 +66,7 @@ NOTICE("Exec'ing \"%s\"", my_args->argv[0]); if (my_args->init_fd >= 0) - lxc_raw_execveat(my_args->init_fd, "", argv, environ, AT_EMPTY_PATH); + execveat(my_args->init_fd, "", argv, environ, AT_EMPTY_PATH); else execvp(argv[0], argv); SYSERROR("Failed to exec %s", argv[0]); diff -Nru lxc-4.0.2/src/lxc/file_utils.c lxc-4.0.6/src/lxc/file_utils.c --- lxc-4.0.2/src/lxc/file_utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/file_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -8,16 +8,17 @@ #include #include #include -#include #include +#include #include +#include #include "config.h" #include "file_utils.h" -#include "log.h" #include "macro.h" #include "memory_utils.h" #include "string_utils.h" +#include "syscall_wrappers.h" #include "utils.h" int lxc_open_dirfd(const char *dir) @@ -381,8 +382,10 @@ return ret; } -int fd_to_fd(int from, int to) +ssize_t __fd_to_fd(int from, int to) { + ssize_t total_bytes = 0; + for (;;) { uint8_t buf[PATH_MAX]; uint8_t *p = buf; @@ -396,6 +399,7 @@ break; bytes_to_write = (size_t)bytes_read; + total_bytes += bytes_read; do { ssize_t bytes_written; @@ -408,7 +412,7 @@ } while (bytes_to_write > 0); } - return 0; + return total_bytes; } int fd_to_buf(int fd, char **buf, size_t *length) @@ -512,3 +516,52 @@ #endif return f; } + +bool exists_dir_at(int dir_fd, const char *path) +{ + struct stat sb; + int ret; + + ret = fstatat(dir_fd, path, &sb, 0); + if (ret < 0) + return false; + + return S_ISDIR(sb.st_mode); +} + +bool exists_file_at(int dir_fd, const char *path) +{ + struct stat sb; + + return fstatat(dir_fd, path, &sb, 0) == 0; +} + +int open_beneath(int dir_fd, const char *path, unsigned int flags) +{ + __do_close int fd = -EBADF; + struct lxc_open_how how = { + .flags = flags, + .resolve = RESOLVE_NO_XDEV | RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH, + }; + + fd = openat2(dir_fd, path, &how, sizeof(how)); + if (fd >= 0) + return move_fd(fd); + + if (errno != ENOSYS) + return -errno; + + return openat(dir_fd, path, O_NOFOLLOW | flags); +} + +int fd_make_nonblocking(int fd) +{ + int flags; + + flags = fcntl(fd, F_GETFL); + if (flags < 0) + return -1; + + flags &= ~O_NONBLOCK; + return fcntl(fd, F_SETFL, flags); +} diff -Nru lxc-4.0.2/src/lxc/file_utils.h lxc-4.0.6/src/lxc/file_utils.h --- lxc-4.0.2/src/lxc/file_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/file_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -12,50 +12,73 @@ #include #include +#include "compiler.h" + /* read and write whole files */ -extern int lxc_write_to_file(const char *filename, const void *buf, - size_t count, bool add_newline, mode_t mode); -extern int lxc_readat(int dirfd, const char *filename, void *buf, size_t count); -extern int lxc_writeat(int dirfd, const char *filename, const void *buf, - size_t count); -extern int lxc_write_openat(const char *dir, const char *filename, - const void *buf, size_t count); -extern int lxc_read_from_file(const char *filename, void *buf, size_t count); +__hidden extern int lxc_write_to_file(const char *filename, const void *buf, size_t count, + bool add_newline, mode_t mode) __access_r(2, 3); + +__hidden extern int lxc_readat(int dirfd, const char *filename, void *buf, size_t count) + __access_w(3, 4); + +__hidden extern int lxc_writeat(int dirfd, const char *filename, const void *buf, size_t count) + __access_r(3, 4); + +__hidden extern int lxc_write_openat(const char *dir, const char *filename, const void *buf, + size_t count) __access_r(3, 4); + +__hidden extern int lxc_read_from_file(const char *filename, void *buf, size_t count) + __access_w(2, 3); /* send and receive buffers completely */ -extern ssize_t lxc_write_nointr(int fd, const void *buf, size_t count); -extern ssize_t lxc_pwrite_nointr(int fd, const void *buf, size_t count, - off_t offset); -extern ssize_t lxc_send_nointr(int sockfd, void *buf, size_t len, int flags); -extern ssize_t lxc_read_nointr(int fd, void *buf, size_t count); -extern ssize_t lxc_read_nointr_expect(int fd, void *buf, size_t count, - const void *expected_buf); -extern ssize_t lxc_read_file_expect(const char *path, void *buf, size_t count, - const void *expected_buf); -extern ssize_t lxc_recv_nointr(int sockfd, void *buf, size_t len, int flags); -ssize_t lxc_recvmsg_nointr_iov(int sockfd, struct iovec *iov, size_t iovlen, - int flags); - -extern bool file_exists(const char *f); -extern int print_to_file(const char *file, const char *content); -extern int is_dir(const char *path); -extern int lxc_count_file_lines(const char *fn); -extern int lxc_make_tmpfile(char *template, bool rm); +__hidden extern ssize_t lxc_write_nointr(int fd, const void *buf, size_t count) __access_r(2, 3); + +__hidden extern ssize_t lxc_pwrite_nointr(int fd, const void *buf, size_t count, off_t offset) + __access_r(2, 3); + +__hidden extern ssize_t lxc_send_nointr(int sockfd, void *buf, size_t len, int flags) + __access_r(2, 3); + +__hidden extern ssize_t lxc_read_nointr(int fd, void *buf, size_t count) __access_w(2, 3); + +__hidden extern ssize_t lxc_read_nointr_expect(int fd, void *buf, size_t count, + const void *expected_buf) __access_w(2, 3); + +__hidden extern ssize_t lxc_read_file_expect(const char *path, void *buf, size_t count, + const void *expected_buf) __access_w(2, 3); + +__hidden extern ssize_t lxc_recv_nointr(int sockfd, void *buf, size_t len, int flags) + __access_w(2, 3); + +__hidden extern ssize_t lxc_recvmsg_nointr_iov(int sockfd, struct iovec *iov, size_t iovlen, + int flags); + +__hidden extern bool file_exists(const char *f); +__hidden extern int print_to_file(const char *file, const char *content); +__hidden extern int is_dir(const char *path); +__hidden extern int lxc_count_file_lines(const char *fn); +__hidden extern int lxc_make_tmpfile(char *template, bool rm); /* __typeof__ should be safe to use with all compilers. */ typedef __typeof__(((struct statfs *)NULL)->f_type) fs_type_magic; -extern bool has_fs_type(const char *path, fs_type_magic magic_val); -extern bool fhas_fs_type(int fd, fs_type_magic magic_val); -extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); -extern FILE *fopen_cloexec(const char *path, const char *mode); -extern ssize_t lxc_sendfile_nointr(int out_fd, int in_fd, off_t *offset, - size_t count); -extern char *file_to_buf(const char *path, size_t *length); -extern int fd_to_buf(int fd, char **buf, size_t *length); -extern int fd_to_fd(int from, int to); -extern int lxc_open_dirfd(const char *dir); -extern FILE *fdopen_cached(int fd, const char *mode, void **caller_freed_buffer); -extern FILE *fopen_cached(const char *path, const char *mode, - void **caller_freed_buffer); +__hidden extern bool has_fs_type(const char *path, fs_type_magic magic_val); +__hidden extern bool fhas_fs_type(int fd, fs_type_magic magic_val); +__hidden extern bool is_fs_type(const struct statfs *fs, fs_type_magic magic_val); +__hidden extern FILE *fopen_cloexec(const char *path, const char *mode); +__hidden extern ssize_t lxc_sendfile_nointr(int out_fd, int in_fd, off_t *offset, size_t count); +__hidden extern char *file_to_buf(const char *path, size_t *length); +__hidden extern int fd_to_buf(int fd, char **buf, size_t *length); +__hidden extern ssize_t __fd_to_fd(int from, int to); +static inline int fd_to_fd(int from, int to) +{ + return __fd_to_fd(from, to) >= 0; +} +__hidden extern int lxc_open_dirfd(const char *dir); +__hidden extern FILE *fdopen_cached(int fd, const char *mode, void **caller_freed_buffer); +__hidden extern FILE *fopen_cached(const char *path, const char *mode, void **caller_freed_buffer); +__hidden extern bool exists_dir_at(int dir_fd, const char *path); +__hidden extern bool exists_file_at(int dir_fd, const char *path); +__hidden extern int open_beneath(int dir_fd, const char *path, unsigned int flags); +__hidden int fd_make_nonblocking(int fd); #endif /* __LXC_FILE_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/initutils.c lxc-4.0.6/src/lxc/initutils.c --- lxc-4.0.2/src/lxc/initutils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/initutils.c 2021-01-12 00:20:05.000000000 +0000 @@ -4,12 +4,13 @@ #define _GNU_SOURCE 1 #endif #include +#include +#include #include "compiler.h" #include "config.h" #include "file_utils.h" #include "initutils.h" -#include "log.h" #include "macro.h" #include "memory_utils.h" @@ -17,8 +18,6 @@ #include "include/strlcpy.h" #endif -lxc_log_define(initutils, lxc); - static char *copy_global_config_value(char *p) { int len = strlen(p); @@ -310,8 +309,6 @@ prctl_arg(sizeof(prctl_map)), prctl_arg(0)); if (ret == 0) (void)strlcpy((char *)arg_start, title, len); - else - SYSWARN("Failed to set cmdline"); return ret; } diff -Nru lxc-4.0.2/src/lxc/initutils.h lxc-4.0.6/src/lxc/initutils.h --- lxc-4.0.2/src/lxc/initutils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/initutils.h 2021-01-12 00:20:05.000000000 +0000 @@ -15,6 +15,7 @@ #include #include +#include "compiler.h" #include "string_utils.h" #define DEFAULT_VG "lxc" @@ -47,8 +48,8 @@ }; #endif -extern const char *lxc_global_config_value(const char *option_name); +__hidden extern const char *lxc_global_config_value(const char *option_name); -extern int setproctitle(char *title); +__hidden extern int setproctitle(char *title); #endif /* __LXC_INITUTILS_H */ diff -Nru lxc-4.0.2/src/lxc/log.c lxc-4.0.6/src/lxc/log.c --- lxc-4.0.2/src/lxc/log.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/log.c 2021-01-12 00:20:05.000000000 +0000 @@ -44,8 +44,8 @@ #define LXC_LOG_TIME_SIZE ((INTTYPE_TO_STRLEN(uint64_t)) * 2) int lxc_log_fd = -EBADF; -static int syslog_enable = 0; -int lxc_quiet_specified; +static bool wants_syslog = false; +static int lxc_quiet_specified; int lxc_log_use_global_fd; static int lxc_loglevel_specified; @@ -128,7 +128,7 @@ __do_free char *msg = NULL; const char *log_container_name; - if (!syslog_enable) + if (!wants_syslog) return 0; log_container_name = lxc_log_get_container_name(); @@ -738,9 +738,14 @@ return 0; } -inline void lxc_log_enable_syslog(void) +void lxc_log_syslog_enable(void) { - syslog_enable = 1; + wants_syslog = true; +} + +void lxc_log_syslog_disable(void) +{ + wants_syslog = false; } /* diff -Nru lxc-4.0.2/src/lxc/log.h lxc-4.0.6/src/lxc/log.h --- lxc-4.0.2/src/lxc/log.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/log.h 2021-01-12 00:20:05.000000000 +0000 @@ -16,6 +16,7 @@ #include #include +#include "compiler.h" #include "conf.h" #include "config.h" @@ -27,8 +28,8 @@ #define F_DUPFD_CLOEXEC 1030 #endif -#define LXC_LOG_PREFIX_SIZE 32 -#define LXC_LOG_BUFFER_SIZE 4096 +#define LXC_LOG_PREFIX_SIZE 32 +#define LXC_LOG_BUFFER_SIZE 4096 /* predefined lxc log priorities. */ enum lxc_loglevel { @@ -276,13 +277,13 @@ /* * Helper macro to define and use static categories. */ -#define lxc_log_category_define(name, parent) \ +#define lxc_log_category_define(name, parent) \ extern struct lxc_log_category lxc_log_category_##parent; \ struct lxc_log_category lxc_log_category_##name = { \ - #name, \ - LXC_LOG_LEVEL_NOTSET, \ - NULL, \ - &lxc_log_category_##parent \ + #name, \ + LXC_LOG_LEVEL_NOTSET, \ + NULL, \ + &lxc_log_category_##parent \ }; #define lxc_log_define(name, parent) \ @@ -562,14 +563,16 @@ extern int lxc_log_fd; -extern int lxc_log_syslog(int facility); -extern void lxc_log_enable_syslog(void); -extern int lxc_log_set_level(int *dest, int level); -extern int lxc_log_get_level(void); -extern bool lxc_log_has_valid_level(void); -extern int lxc_log_set_file(int *fd, const char *fname); -extern const char *lxc_log_get_file(void); -extern void lxc_log_set_prefix(const char *prefix); -extern const char *lxc_log_get_prefix(void); -extern void lxc_log_options_no_override(void); -#endif +__hidden extern int lxc_log_syslog(int facility); +__hidden extern void lxc_log_syslog_enable(void); +__hidden extern void lxc_log_syslog_disable(void); +__hidden extern int lxc_log_set_level(int *dest, int level); +__hidden extern int lxc_log_get_level(void); +__hidden extern bool lxc_log_has_valid_level(void); +__hidden extern int lxc_log_set_file(int *fd, const char *fname); +__hidden extern const char *lxc_log_get_file(void); +__hidden extern void lxc_log_set_prefix(const char *prefix); +__hidden extern const char *lxc_log_get_prefix(void); +__hidden extern void lxc_log_options_no_override(void); + +#endif /* __LXC_LOG_H */ diff -Nru lxc-4.0.2/src/lxc/lsm/apparmor.c lxc-4.0.6/src/lxc/lsm/apparmor.c --- lxc-4.0.2/src/lxc/lsm/apparmor.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lsm/apparmor.c 2021-01-12 00:20:05.000000000 +0000 @@ -19,21 +19,11 @@ #include "log.h" #include "lsm.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "utils.h" lxc_log_define(apparmor, lsm); -/* set by lsm_apparmor_drv_init if true */ -static int aa_enabled = 0; -static bool aa_parser_available = false; -static bool aa_supports_unix = false; -static bool aa_can_stack = false; -static bool aa_is_stacked = false; -static bool aa_admin = false; - -static int mount_features_enabled = 0; - #define AA_DEF_PROFILE "lxc-container-default" #define AA_DEF_PROFILE_CGNS "lxc-container-default-cgns" #define AA_MOUNT_RESTR "/sys/kernel/security/apparmor/features/mount/mask" @@ -121,8 +111,8 @@ " # deny reads from debugfs\n" " deny /sys/kernel/debug/{,**} rwklx,\n" "\n" -" # allow paths to be made slave, shared, private or unbindable\n" -" # FIXME: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n" +" # allow paths to be made dependent, shared, private or unbindable\n" +" # TODO: This currently doesn't work due to the apparmor parser treating those as allowing all mounts.\n" "# mount options=(rw,make-slave) -> **,\n" "# mount options=(rw,make-rslave) -> **,\n" "# mount options=(rw,make-shared) -> **,\n" @@ -343,7 +333,7 @@ " mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,\n" " mount options=bind /var/lib/lxd/shmounts/** -> /var/lib/lxd/**,\n" "\n" -" # FIXME: There doesn't seem to be a way to ask for:\n" +" # TODO: There doesn't seem to be a way to ask for:\n" " # mount options=(ro,nosuid,nodev,noexec,remount,bind),\n" " # as we always get mount to $cdir/proc/sys with those flags denied\n" " # So allow all mounts until that is straightened out:\n" @@ -373,42 +363,37 @@ " mount options=(ro,remount),\n" ; -static bool check_mount_feature_enabled(void) -{ - return mount_features_enabled == 1; -} - -static void load_mount_features_enabled(void) +static void load_mount_features_enabled(struct lsm_ops *ops) { struct stat statbuf; int ret; ret = stat(AA_MOUNT_RESTR, &statbuf); if (ret == 0) - mount_features_enabled = 1; + ops->aa_mount_features_enabled = 1; } /* aa_getcon is not working right now. Use our hand-rolled version below */ -static int apparmor_enabled(void) +static int apparmor_enabled(struct lsm_ops *ops) { - FILE *fin; + __do_fclose FILE *fin = NULL; char e; int ret; fin = fopen_cloexec(AA_ENABLED_FILE, "r"); if (!fin) return 0; + ret = fscanf(fin, "%c", &e); - fclose(fin); if (ret == 1 && e == 'Y') { - load_mount_features_enabled(); + load_mount_features_enabled(ops); return 1; } return 0; } -static char *apparmor_process_label_get(pid_t pid) +static char *apparmor_process_label_get(struct lsm_ops *ops, pid_t pid) { char path[100], *space; int ret; @@ -460,9 +445,9 @@ * Probably makes sense to reorganize these to only read * the label once */ -static bool apparmor_am_unconfined(void) +static bool apparmor_am_unconfined(struct lsm_ops *ops) { - char *p = apparmor_process_label_get(lxc_raw_getpid()); + char *p = apparmor_process_label_get(ops, lxc_raw_getpid()); bool ret = false; if (!p || strcmp(p, "unconfined") == 0) ret = true; @@ -538,21 +523,28 @@ return full; } -/* FIXME: This is currently run only in the context of a constructor (via the +/* TODO: This is currently run only in the context of a constructor (via the * initial lsm_init() called due to its __attribute__((constructor)), so we * do not have ERROR/... macros available, so there are some fprintf(stderr)s * in there. */ -static bool check_apparmor_parser_version() +static bool check_apparmor_parser_version(struct lsm_ops *ops) { + int major = 0, minor = 0, micro = 0, ret = 0; struct lxc_popen_FILE *parserpipe; int rc; - int major = 0, minor = 0, micro = 0; + + switch (ops->aa_parser_available) { + case 0: + return false; + case 1: + return true; + } parserpipe = lxc_popen("apparmor_parser --version"); if (!parserpipe) { fprintf(stderr, "Failed to run check for apparmor_parser\n"); - return false; + goto out; } rc = fscanf(parserpipe->f, "AppArmor parser version %d.%d.%d", &major, &minor, µ); @@ -560,26 +552,29 @@ lxc_pclose(parserpipe); /* We stay silent for now as this most likely means the shell * lxc_popen executed failed to find the apparmor_parser binary. - * See the FIXME comment above for details. + * See the TODO comment above for details. */ - return false; + goto out; } rc = lxc_pclose(parserpipe); if (rc < 0) { fprintf(stderr, "Error waiting for child process\n"); - return false; + goto out; } if (rc != 0) { fprintf(stderr, "'apparmor_parser --version' executed with an error status\n"); - return false; + goto out; } - aa_supports_unix = (major > 2) || - (major == 2 && minor > 10) || - (major == 2 && minor == 10 && micro >= 95); + if ((major > 2) || (major == 2 && minor > 10) || (major == 2 && minor == 10 && micro >= 95)) + ops->aa_supports_unix = 1; - return true; + ret = 1; + +out: + ops->aa_parser_available = ret; + return ret == 1; } static bool file_is_yes(const char *path) @@ -725,7 +720,7 @@ } } -static char *get_apparmor_profile_content(struct lxc_conf *conf, const char *lxcpath) +static char *get_apparmor_profile_content(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) { char *profile, *profile_name_full; size_t size; @@ -744,7 +739,7 @@ append_all_remount_rules(&profile, &size); - if (aa_supports_unix) + if (ops->aa_supports_unix) must_append_sized(&profile, &size, AA_PROFILE_UNIX_SOCKETS, STRARRAYLEN(AA_PROFILE_UNIX_SOCKETS)); @@ -752,7 +747,7 @@ must_append_sized(&profile, &size, AA_PROFILE_CGROUP_NAMESPACES, STRARRAYLEN(AA_PROFILE_CGROUP_NAMESPACES)); - if (aa_can_stack && !aa_is_stacked) { + if (ops->aa_can_stack && !ops->aa_is_stacked) { char *namespace, *temp; must_append_sized(&profile, &size, AA_PROFILE_STACKING_BASE, @@ -775,7 +770,7 @@ must_append_sized(&profile, &size, AA_PROFILE_NESTING_BASE, STRARRAYLEN(AA_PROFILE_NESTING_BASE)); - if (!aa_can_stack || aa_is_stacked) { + if (!ops->aa_can_stack || ops->aa_is_stacked) { char *temp; temp = must_concat(NULL, " change_profile -> \"", @@ -832,11 +827,11 @@ return ret; } -static bool make_apparmor_namespace(struct lxc_conf *conf, const char *lxcpath) +static bool make_apparmor_namespace(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) { char *path; - if (!aa_can_stack || aa_is_stacked) + if (!ops->aa_can_stack || ops->aa_is_stacked) return true; path = make_apparmor_namespace_path(conf->name, lxcpath); @@ -916,7 +911,7 @@ free(path); } -static int load_apparmor_profile(struct lxc_conf *conf, const char *lxcpath) +static int load_apparmor_profile(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) { struct stat profile_sb; size_t content_len; @@ -925,7 +920,7 @@ char *profile_path = NULL, *old_content = NULL, *new_content = NULL; int profile_fd = -1; - if (!make_apparmor_namespace(conf, lxcpath)) + if (!make_apparmor_namespace(ops, conf, lxcpath)) return -1; /* In order to avoid forcing a profile parse (potentially slow) on @@ -961,7 +956,7 @@ goto out; } - new_content = get_apparmor_profile_content(conf, lxcpath); + new_content = get_apparmor_profile_content(ops, conf, lxcpath); if (!new_content) goto out; @@ -1019,9 +1014,9 @@ * Ensure that the container's policy namespace is unloaded to free kernel * memory. This does not delete the policy from disk or cache. */ -static void apparmor_cleanup(struct lxc_conf *conf, const char *lxcpath) +static void apparmor_cleanup(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) { - if (!aa_admin) + if (!ops->aa_admin) return; if (!conf->lsm_aa_profile_created) @@ -1033,16 +1028,14 @@ remove_apparmor_profile(conf, lxcpath); } -static int apparmor_prepare(struct lxc_conf *conf, const char *lxcpath) +static int apparmor_prepare(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) { int ret = -1; const char *label; char *curlabel = NULL, *genlabel = NULL; - if (!aa_enabled) { - ERROR("AppArmor not enabled"); - return -1; - } + if (!ops->aa_enabled) + return log_error(-1, "AppArmor not enabled"); label = conf->lsm_aa_profile; @@ -1054,13 +1047,13 @@ } if (label && strcmp(label, AA_GENERATED) == 0) { - if (!aa_parser_available) { + if (!check_apparmor_parser_version(ops)) { ERROR("Cannot use generated profile: apparmor_parser not available"); goto out; } /* auto-generate profile based on available/requested security features */ - if (load_apparmor_profile(conf, lxcpath) != 0) { + if (load_apparmor_profile(ops, conf, lxcpath) != 0) { ERROR("Failed to load generated AppArmor profile"); goto out; } @@ -1071,7 +1064,7 @@ goto out; } - if (aa_can_stack && !aa_is_stacked) { + if (ops->aa_can_stack && !ops->aa_is_stacked) { char *namespace = apparmor_namespace(conf->name, lxcpath); size_t llen = strlen(genlabel); must_append_sized(&genlabel, &llen, "//&:", STRARRAYLEN("//&:")); @@ -1083,9 +1076,9 @@ label = genlabel; } - curlabel = apparmor_process_label_get(lxc_raw_getpid()); + curlabel = apparmor_process_label_get(ops, lxc_raw_getpid()); - if (!aa_can_stack && aa_needs_transition(curlabel)) { + if (!ops->aa_can_stack && aa_needs_transition(curlabel)) { /* we're already confined, and stacking isn't supported */ if (!label || strcmp(curlabel, label) == 0) { @@ -1105,7 +1098,7 @@ label = AA_DEF_PROFILE; } - if (!check_mount_feature_enabled() && strcmp(label, "unconfined") != 0) { + if (!ops->aa_mount_features_enabled && strcmp(label, "unconfined") != 0) { WARN("Incomplete AppArmor support in your kernel"); if (!conf->lsm_aa_allow_incomplete) { ERROR("If you really want to start this container, set"); @@ -1122,12 +1115,61 @@ if (genlabel) { free(genlabel); if (ret != 0) - apparmor_cleanup(conf, lxcpath); + apparmor_cleanup(ops, conf, lxcpath); } free(curlabel); return ret; } +static int apparmor_keyring_label_set(struct lsm_ops *ops, const char *label) +{ + return 0; +} + +static int apparmor_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on_exec) +{ + int ret = -1; + int labelfd; + char path[LXC_LSMATTRLEN]; + + if (on_exec) + TRACE("On-exec not supported with AppArmor"); + + ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid); + if (ret < 0 || ret >= LXC_LSMATTRLEN) + return -1; + + labelfd = open(path, O_RDWR); + if (labelfd < 0) + return log_error_errno(-errno, errno, "Unable to open AppArmor LSM label file descriptor"); + + return labelfd; +} + +static int apparmor_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec) +{ + int ret = -1; + size_t len; + __do_free char *command = NULL; + + if (on_exec) + log_trace(0, "Changing AppArmor profile on exec not supported"); + + len = strlen(label) + strlen("changeprofile ") + 1; + command = malloc(len); + if (!command) + return ret_errno(ENOMEM); + + ret = snprintf(command, len, "changeprofile %s", label); + if (ret < 0 || (size_t)ret >= len) + return -EFBIG; + + ret = lxc_write_nointr(label_fd, command, len - 1); + + INFO("Set AppArmor label to \"%s\"", label); + return 0; +} + /* * apparmor_process_label_set: Set AppArmor process profile * @@ -1140,17 +1182,15 @@ * * Notes: This relies on /proc being available. */ -static int apparmor_process_label_set(const char *inlabel, struct lxc_conf *conf, - bool on_exec) +static int apparmor_process_label_set(struct lsm_ops *ops, const char *inlabel, + struct lxc_conf *conf, bool on_exec) { int label_fd, ret; pid_t tid; const char *label; - if (!aa_enabled) { - ERROR("AppArmor not enabled"); - return -1; - } + if (!ops->aa_enabled) + return log_error(-1, "AppArmor not enabled"); label = inlabel ? inlabel : conf->lsm_aa_profile_computed; if (!label) { @@ -1164,18 +1204,18 @@ return 0; } - if (strcmp(label, "unconfined") == 0 && apparmor_am_unconfined()) { + if (strcmp(label, "unconfined") == 0 && apparmor_am_unconfined(ops)) { INFO("AppArmor profile unchanged"); return 0; } tid = lxc_raw_gettid(); - label_fd = lsm_process_label_fd_get(tid, on_exec); + label_fd = apparmor_process_label_fd_get(ops, tid, on_exec); if (label_fd < 0) { SYSERROR("Failed to change AppArmor profile to %s", label); return -1; } - ret = lsm_process_label_set_at(label_fd, label, on_exec); + ret = apparmor_process_label_set_at(ops, label_fd, label, on_exec); close(label_fd); if (ret < 0) { ERROR("Failed to change AppArmor profile to %s", label); @@ -1186,44 +1226,50 @@ return 0; } -static struct lsm_drv apparmor_drv = { - .name = "AppArmor", - .enabled = apparmor_enabled, - .process_label_get = apparmor_process_label_get, - .process_label_set = apparmor_process_label_set, - .prepare = apparmor_prepare, - .cleanup = apparmor_cleanup, +static struct lsm_ops apparmor_ops = { + .name = "AppArmor", + .aa_admin = -1, + .aa_can_stack = -1, + .aa_enabled = -1, + .aa_is_stacked = -1, + .aa_mount_features_enabled = -1, + .aa_parser_available = -1, + .aa_supports_unix = -1, + .cleanup = apparmor_cleanup, + .enabled = apparmor_enabled, + .keyring_label_set = apparmor_keyring_label_set, + .prepare = apparmor_prepare, + .process_label_fd_get = apparmor_process_label_fd_get, + .process_label_get = apparmor_process_label_get, + .process_label_set = apparmor_process_label_set, + .process_label_set_at = apparmor_process_label_set_at, }; -struct lsm_drv *lsm_apparmor_drv_init(void) +struct lsm_ops *lsm_apparmor_ops_init(void) { - bool have_mac_admin = false; + apparmor_ops.aa_admin = 0; + apparmor_ops.aa_can_stack = 0; + apparmor_ops.aa_enabled = 0; + apparmor_ops.aa_is_stacked = 0; + apparmor_ops.aa_mount_features_enabled = 0; + apparmor_ops.aa_parser_available = -1; + apparmor_ops.aa_supports_unix = 0; - if (!apparmor_enabled()) + if (!apparmor_enabled(&apparmor_ops)) return NULL; - /* We only support generated profiles when apparmor_parser is usable */ - if (!check_apparmor_parser_version()) - goto out; - - aa_parser_available = true; - - aa_can_stack = apparmor_can_stack(); - if (aa_can_stack) - aa_is_stacked = file_is_yes("/sys/kernel/security/apparmor/.ns_stacked"); + apparmor_ops.aa_can_stack = apparmor_can_stack(); + if (apparmor_ops.aa_can_stack) + apparmor_ops.aa_is_stacked = file_is_yes("/sys/kernel/security/apparmor/.ns_stacked"); #if HAVE_LIBCAP - have_mac_admin = lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE); + apparmor_ops.aa_admin = lxc_proc_cap_is_set(CAP_SETGID, CAP_EFFECTIVE); #endif - - if (!have_mac_admin) + if (!apparmor_ops.aa_admin) WARN("Per-container AppArmor profiles are disabled because the mac_admin capability is missing"); - else if (am_host_unpriv() && !aa_is_stacked) + else if (am_host_unpriv() && !apparmor_ops.aa_is_stacked) WARN("Per-container AppArmor profiles are disabled because LXC is running in an unprivileged container without stacking"); - else - aa_admin = true; -out: - aa_enabled = 1; - return &apparmor_drv; + apparmor_ops.aa_enabled = 1; + return &apparmor_ops; } diff -Nru lxc-4.0.2/src/lxc/lsm/lsm.c lxc-4.0.6/src/lxc/lsm/lsm.c --- lxc-4.0.2/src/lxc/lsm/lsm.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lsm/lsm.c 2021-01-12 00:20:05.000000000 +0000 @@ -9,6 +9,7 @@ #include #include +#include "compiler.h" #include "conf.h" #include "config.h" #include "log.h" @@ -16,193 +17,26 @@ lxc_log_define(lsm, lxc); -static struct lsm_drv *drv = NULL; +__hidden extern struct lsm_ops *lsm_apparmor_ops_init(void); +__hidden extern struct lsm_ops *lsm_selinux_ops_init(void); +__hidden extern struct lsm_ops *lsm_nop_ops_init(void); -extern struct lsm_drv *lsm_apparmor_drv_init(void); -extern struct lsm_drv *lsm_selinux_drv_init(void); -extern struct lsm_drv *lsm_nop_drv_init(void); - -__attribute__((constructor)) -void lsm_init(void) +struct lsm_ops *lsm_init(void) { - if (drv) { - INFO("LSM security driver %s", drv->name); - return; - } + struct lsm_ops *ops = NULL; #if HAVE_APPARMOR - drv = lsm_apparmor_drv_init(); + ops = lsm_apparmor_ops_init(); #endif + #if HAVE_SELINUX - if (!drv) - drv = lsm_selinux_drv_init(); + if (!ops) + ops = lsm_selinux_ops_init(); #endif - if (!drv) - drv = lsm_nop_drv_init(); - INFO("Initialized LSM security driver %s", drv->name); -} - -int lsm_enabled(void) -{ - if (drv) - return drv->enabled(); - return 0; -} - -const char *lsm_name(void) -{ - if (drv) - return drv->name; - return "none"; -} - -char *lsm_process_label_get(pid_t pid) -{ - if (!drv) { - ERROR("LSM driver not inited"); - return NULL; - } - return drv->process_label_get(pid); -} - -int lsm_process_label_fd_get(pid_t pid, bool on_exec) -{ - int ret = -1; - int labelfd = -1; - const char *name; - char path[LXC_LSMATTRLEN]; - - name = lsm_name(); - - if (strcmp(name, "nop") == 0) - return 0; - - if (strcmp(name, "none") == 0) - return 0; - - /* We don't support on-exec with AppArmor */ - if (strcmp(name, "AppArmor") == 0) - on_exec = 0; - - if (on_exec) - ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/exec", pid); - else - ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid); - if (ret < 0 || ret >= LXC_LSMATTRLEN) - return -1; - - labelfd = open(path, O_RDWR); - if (labelfd < 0) { - SYSERROR("Unable to %s LSM label file descriptor", name); - return -1; - } - - return labelfd; -} - -int lsm_process_label_set_at(int label_fd, const char *label, bool on_exec) -{ - int ret = -1; - const char *name; - - name = lsm_name(); - - if (strcmp(name, "nop") == 0) - return 0; - - if (strcmp(name, "none") == 0) - return 0; - - /* We don't support on-exec with AppArmor */ - if (strcmp(name, "AppArmor") == 0) - on_exec = false; - - if (strcmp(name, "AppArmor") == 0) { - size_t len; - char *command; - - if (on_exec) { - ERROR("Changing AppArmor profile on exec not supported"); - return -1; - } - - len = strlen(label) + strlen("changeprofile ") + 1; - command = malloc(len); - if (!command) - goto on_error; - - ret = snprintf(command, len, "changeprofile %s", label); - if (ret < 0 || (size_t)ret >= len) { - int saved_errno = errno; - free(command); - errno = saved_errno; - goto on_error; - } - - ret = lxc_write_nointr(label_fd, command, len - 1); - free(command); - } else if (strcmp(name, "SELinux") == 0) { - ret = lxc_write_nointr(label_fd, label, strlen(label)); - } else { - errno = EINVAL; - ret = -1; - } - if (ret < 0) { -on_error: - SYSERROR("Failed to set %s label \"%s\"", name, label); - return -1; - } - - INFO("Set %s label to \"%s\"", name, label); - return 0; -} - -int lsm_process_label_set(const char *label, struct lxc_conf *conf, - bool on_exec) -{ - if (!drv) { - ERROR("LSM driver not inited"); - return -1; - } - return drv->process_label_set(label, conf, on_exec); -} - -int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath) -{ - if (!drv) { - ERROR("LSM driver not inited"); - return 0; - } - - if (!drv->prepare) - return 0; - - return drv->prepare(conf, lxcpath); -} - -void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath) -{ - if (!drv) { - ERROR("LSM driver not inited"); - return; - } - - if (!drv->cleanup) - return; - - drv->cleanup(conf, lxcpath); -} - -int lsm_keyring_label_set(char *label) { - - if (!drv) { - ERROR("LSM driver not inited"); - return -1; - } - - if (!drv->keyring_label_set) - return 0; + if (!ops) + ops = lsm_nop_ops_init(); - return drv->keyring_label_set(label); + INFO("Initialized LSM security driver %s", ops->name); + return ops; } diff -Nru lxc-4.0.2/src/lxc/lsm/lsm.h lxc-4.0.6/src/lxc/lsm/lsm.h --- lxc-4.0.2/src/lxc/lsm/lsm.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lsm/lsm.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,32 +7,32 @@ #include +#include "compiler.h" #include "macro.h" #include "utils.h" -struct lsm_drv { +struct lsm_ops { const char *name; - int (*enabled)(void); - char *(*process_label_get)(pid_t pid); - int (*process_label_set)(const char *label, struct lxc_conf *conf, - bool on_exec); - int (*keyring_label_set)(char* label); - int (*prepare)(struct lxc_conf *conf, const char *lxcpath); - void (*cleanup)(struct lxc_conf *conf, const char *lxcpath); + /* AppArmor specific fields. */ + int aa_enabled; + int aa_parser_available; + int aa_supports_unix; + int aa_can_stack; + int aa_is_stacked; + int aa_admin; + int aa_mount_features_enabled; + + int (*enabled)(struct lsm_ops *ops); + char *(*process_label_get)(struct lsm_ops *ops, pid_t pid); + int (*process_label_set)(struct lsm_ops *ops, const char *label, struct lxc_conf *conf, bool on_exec); + int (*keyring_label_set)(struct lsm_ops *ops, const char *label); + int (*prepare)(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath); + void (*cleanup)(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath); + int (*process_label_fd_get)(struct lsm_ops *ops, pid_t pid, bool on_exec); + int (*process_label_set_at)(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec); }; -extern void lsm_init(void); -extern int lsm_enabled(void); -extern const char *lsm_name(void); -extern char *lsm_process_label_get(pid_t pid); -extern int lsm_process_prepare(struct lxc_conf *conf, const char *lxcpath); -extern int lsm_process_label_set(const char *label, struct lxc_conf *conf, - bool on_exec); -extern int lsm_process_label_fd_get(pid_t pid, bool on_exec); -extern int lsm_process_label_set_at(int label_fd, const char *label, - bool on_exec); -extern void lsm_process_cleanup(struct lxc_conf *conf, const char *lxcpath); -extern int lsm_keyring_label_set(char *label); +__hidden extern struct lsm_ops *lsm_init(void); #endif /* __LXC_LSM_H */ diff -Nru lxc-4.0.2/src/lxc/lsm/nop.c lxc-4.0.6/src/lxc/lsm/nop.c --- lxc-4.0.2/src/lxc/lsm/nop.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lsm/nop.c 2021-01-12 00:20:05.000000000 +0000 @@ -8,30 +8,66 @@ #include "config.h" #include "lsm/lsm.h" -static char *nop_process_label_get(pid_t pid) +static char *nop_process_label_get(struct lsm_ops *ops, pid_t pid) { return NULL; } -static int nop_process_label_set(const char *label, struct lxc_conf *conf, +static int nop_process_label_set(struct lsm_ops *ops, const char *label, struct lxc_conf *conf, bool on_exec) { return 0; } -static int nop_enabled(void) +static int nop_enabled(struct lsm_ops *ops) { return 0; } -static struct lsm_drv nop_drv = { - .name = "nop", - .enabled = nop_enabled, - .process_label_get = nop_process_label_get, - .process_label_set = nop_process_label_set, +static int nop_keyring_label_set(struct lsm_ops *ops, const char *label) +{ + return 0; +} + +static int nop_prepare(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) +{ + return 0; +} + +static void nop_cleanup(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) +{ +} + +static int nop_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on_exec) +{ + return 0; +} + +static int nop_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec) +{ + return 0; +} + +static struct lsm_ops nop_ops = { + .name = "nop", + .aa_admin = -1, + .aa_can_stack = -1, + .aa_enabled = -1, + .aa_is_stacked = -1, + .aa_mount_features_enabled = -1, + .aa_parser_available = -1, + .aa_supports_unix = -1, + .cleanup = nop_cleanup, + .enabled = nop_enabled, + .keyring_label_set = nop_keyring_label_set, + .prepare = nop_prepare, + .process_label_fd_get = nop_process_label_fd_get, + .process_label_get = nop_process_label_get, + .process_label_set = nop_process_label_set, + .process_label_set_at = nop_process_label_set_at, }; -struct lsm_drv *lsm_nop_drv_init(void) +struct lsm_ops *lsm_nop_ops_init(void) { - return &nop_drv; + return &nop_ops; } diff -Nru lxc-4.0.2/src/lxc/lsm/selinux.c lxc-4.0.6/src/lxc/lsm/selinux.c --- lxc-4.0.2/src/lxc/lsm/selinux.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lsm/selinux.c 2021-01-12 00:20:05.000000000 +0000 @@ -30,17 +30,13 @@ * * Note that this relies on /proc being available. */ -static char *selinux_process_label_get(pid_t pid) +static char *selinux_process_label_get(struct lsm_ops *ops, pid_t pid) { - security_context_t ctx; char *label; - if (getpidcon_raw(pid, &ctx) < 0) { - SYSERROR("failed to get SELinux context for pid %d", pid); - return NULL; - } - label = strdup((char *)ctx); - freecon(ctx); + if (getpidcon_raw(pid, &label) < 0) + return log_error_errno(NULL, errno, "failed to get SELinux context for pid %d", pid); + return label; } @@ -56,17 +52,15 @@ * * Notes: This relies on /proc being available. */ -static int selinux_process_label_set(const char *inlabel, struct lxc_conf *conf, - bool on_exec) +static int selinux_process_label_set(struct lsm_ops *ops, const char *inlabel, + struct lxc_conf *conf, bool on_exec) { int ret; const char *label; label = inlabel ? inlabel : conf->lsm_se_context; - if (!label) { - + if (!label) label = DEFAULT_LABEL; - } if (strcmp(label, "unconfined_t") == 0) return 0; @@ -75,11 +69,9 @@ ret = setexeccon_raw((char *)label); else ret = setcon_raw((char *)label); - if (ret < 0) { - SYSERROR("Failed to set SELinux%s context to \"%s\"", - on_exec ? " exec" : "", label); - return -1; - } + if (ret < 0) + return log_error_errno(-1, errno, "Failed to set SELinux%s context to \"%s\"", + on_exec ? " exec" : "", label); INFO("Changed SELinux%s context to \"%s\"", on_exec ? " exec" : "", label); return 0; @@ -92,22 +84,83 @@ * * Returns 0 on success, < 0 on failure */ -static int selinux_keyring_label_set(char *label) +static int selinux_keyring_label_set(struct lsm_ops *ops, const char *label) { return setkeycreatecon_raw(label); -}; +} + +static int selinux_prepare(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) +{ + return 0; +} -static struct lsm_drv selinux_drv = { - .name = "SELinux", - .enabled = is_selinux_enabled, - .process_label_get = selinux_process_label_get, - .process_label_set = selinux_process_label_set, - .keyring_label_set = selinux_keyring_label_set, +static void selinux_cleanup(struct lsm_ops *ops, struct lxc_conf *conf, const char *lxcpath) +{ +} + +static int selinux_process_label_fd_get(struct lsm_ops *ops, pid_t pid, bool on_exec) +{ + int ret = -1; + int labelfd; + char path[LXC_LSMATTRLEN]; + + if (on_exec) + ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/exec", pid); + else + ret = snprintf(path, LXC_LSMATTRLEN, "/proc/%d/attr/current", pid); + if (ret < 0 || ret >= LXC_LSMATTRLEN) + return -1; + + labelfd = open(path, O_RDWR); + if (labelfd < 0) + return log_error_errno(-errno, errno, "Unable to open SELinux LSM label file descriptor"); + + return labelfd; +} + +static int selinux_process_label_set_at(struct lsm_ops *ops, int label_fd, const char *label, bool on_exec) +{ + int ret; + + if (!label) + return 0; + + ret = lxc_write_nointr(label_fd, label, strlen(label)); + if (ret < 0) + return log_error_errno(-errno, errno, "Failed to set AppArmor SELinux label to \"%s\"", label); + + INFO("Set SELinux label to \"%s\"", label); + return 0; +} + +static int selinux_enabled(struct lsm_ops *ops) +{ + return is_selinux_enabled(); +} + +static struct lsm_ops selinux_ops = { + .name = "SELinux", + .aa_admin = -1, + .aa_can_stack = -1, + .aa_enabled = -1, + .aa_is_stacked = -1, + .aa_mount_features_enabled = -1, + .aa_parser_available = -1, + .aa_supports_unix = -1, + .cleanup = selinux_cleanup, + .enabled = selinux_enabled, + .keyring_label_set = selinux_keyring_label_set, + .prepare = selinux_prepare, + .process_label_fd_get = selinux_process_label_fd_get, + .process_label_get = selinux_process_label_get, + .process_label_set = selinux_process_label_set, + .process_label_set_at = selinux_process_label_set_at, }; -struct lsm_drv *lsm_selinux_drv_init(void) +struct lsm_ops *lsm_selinux_ops_init(void) { if (!is_selinux_enabled()) return NULL; - return &selinux_drv; + + return &selinux_ops; } diff -Nru lxc-4.0.2/src/lxc/lxccontainer.c lxc-4.0.6/src/lxc/lxccontainer.c --- lxc-4.0.2/src/lxc/lxccontainer.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxccontainer.c 2021-01-12 00:20:05.000000000 +0000 @@ -49,7 +49,7 @@ #include "namespace.h" #include "network.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "start.h" #include "state.h" #include "storage.h" @@ -537,12 +537,12 @@ WRAP_API(bool, lxcapi_unfreeze) -static int do_lxcapi_console_getfd(struct lxc_container *c, int *ttynum, int *masterfd) +static int do_lxcapi_console_getfd(struct lxc_container *c, int *ttynum, int *ptxfd) { if (!c) return -1; - return lxc_terminal_getfd(c, ttynum, masterfd); + return lxc_terminal_getfd(c, ttynum, ptxfd); } WRAP_API_2(int, lxcapi_console_getfd, int *, int *) @@ -608,6 +608,16 @@ WRAP_API(int, lxcapi_init_pidfd) +static int do_lxcapi_devpts_fd(struct lxc_container *c) +{ + if (!c) + return ret_errno(EBADF); + + return lxc_cmd_get_devpts_fd(c->name, c->config_path); +} + +WRAP_API(int, lxcapi_devpts_fd) + static bool load_config_locked(struct lxc_container *c, const char *fname) { if (!c->lxc_conf) @@ -830,14 +840,12 @@ DEBUG("First child %d exited", pid); /* Close write end of the socket pair. */ - close(handler->state_socket_pair[1]); - handler->state_socket_pair[1] = -1; + close_prot_errno_disarm(handler->state_socket_pair[1]); state = lxc_rcv_status(handler->state_socket_pair[0]); /* Close read end of the socket pair. */ - close(handler->state_socket_pair[0]); - handler->state_socket_pair[0] = -1; + close_prot_errno_disarm(handler->state_socket_pair[0]); if (state < 0) { SYSERROR("Failed to receive the container state"); @@ -867,7 +875,6 @@ NULL, }; char **init_cmd = NULL; - int keepfds[3] = {-1, -1, -1}; /* container does exist */ if (!c) @@ -901,7 +908,7 @@ conf = c->lxc_conf; /* initialize handler */ - handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize); + handler = lxc_init_handler(NULL, c->name, conf, c->config_path, c->daemonize); container_mem_unlock(c); if (!handler) @@ -918,7 +925,7 @@ if (!argv) { if (useinit) { ERROR("No valid init detected"); - lxc_free_handler(handler); + lxc_put_handler(handler); return false; } argv = default_args; @@ -936,7 +943,7 @@ pid_first = fork(); if (pid_first < 0) { free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); return false; } @@ -953,7 +960,7 @@ started = wait_on_daemonized_start(handler, pid_first); free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); return started; } @@ -985,7 +992,7 @@ /* second parent */ if (pid_second != 0) { free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); _exit(EXIT_SUCCESS); } @@ -998,11 +1005,7 @@ _exit(EXIT_FAILURE); } - keepfds[0] = handler->conf->maincmd_fd; - keepfds[1] = handler->state_socket_pair[0]; - keepfds[2] = handler->state_socket_pair[1]; - ret = lxc_check_inherited(conf, true, keepfds, - sizeof(keepfds) / sizeof(keepfds[0])); + ret = inherit_fds(handler, true); if (ret < 0) _exit(EXIT_FAILURE); @@ -1020,7 +1023,7 @@ } else if (!am_single_threaded()) { ERROR("Cannot start non-daemonized container when threaded"); free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); return false; } @@ -1034,7 +1037,7 @@ w = snprintf(pidstr, sizeof(pidstr), "%d", lxc_raw_getpid()); if (w < 0 || (size_t)w >= sizeof(pidstr)) { free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); SYSERROR("Failed to write monitor pid to \"%s\"", c->pidfile); @@ -1047,7 +1050,7 @@ ret = lxc_write_to_file(c->pidfile, pidstr, w, false, 0600); if (ret < 0) { free_init_cmd(init_cmd); - lxc_free_handler(handler); + lxc_put_handler(handler); SYSERROR("Failed to write monitor pid to \"%s\"", c->pidfile); @@ -1065,15 +1068,15 @@ ret = unshare(CLONE_NEWNS); if (ret < 0) { SYSERROR("Failed to unshare mount namespace"); - lxc_free_handler(handler); + lxc_put_handler(handler); ret = 1; goto on_error; } ret = mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL); if (ret < 0) { - SYSERROR("Failed to make / rslave at startup"); - lxc_free_handler(handler); + SYSERROR("Failed to recursively turn root mount tree into dependent mount. Continuing..."); + lxc_put_handler(handler); ret = 1; goto on_error; } @@ -1082,20 +1085,16 @@ reboot: if (conf->reboot == REBOOT_INIT) { /* initialize handler */ - handler = lxc_init_handler(c->name, conf, c->config_path, c->daemonize); + handler = lxc_init_handler(handler, c->name, conf, c->config_path, c->daemonize); if (!handler) { ret = 1; goto on_error; } } - keepfds[0] = handler->conf->maincmd_fd; - keepfds[1] = handler->state_socket_pair[0]; - keepfds[2] = handler->state_socket_pair[1]; - ret = lxc_check_inherited(conf, c->daemonize, keepfds, - sizeof(keepfds) / sizeof(keepfds[0])); + ret = inherit_fds(handler, c->daemonize); if (ret < 0) { - lxc_free_handler(handler); + lxc_put_handler(handler); ret = 1; goto on_error; } @@ -1196,7 +1195,6 @@ static int do_create_container_dir(const char *path, struct lxc_conf *conf) { - __do_free char *p = NULL; int lasterr; int ret = -1; @@ -1212,10 +1210,8 @@ ret = 0; } - p = must_copy_string(path); - if (!lxc_list_empty(&conf->id_map)) { - ret = chown_mapped_root(p, conf); + ret = chown_mapped_root(path, conf); if (ret < 0) ret = -1; } @@ -1359,14 +1355,8 @@ _exit(EXIT_FAILURE); } - ret = detect_shared_rootfs(); - if (ret == 1) { - ret = mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL); - if (ret < 0) { - SYSERROR("Failed to make \"/\" rslave"); - ERROR("Continuing..."); - } - } + if (detect_shared_rootfs() && mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) + SYSERROR("Failed to recursively turn root mount tree into dependent mount. Continuing..."); } if (strcmp(bdev->type, "dir") != 0 && strcmp(bdev->type, "btrfs") != 0) { @@ -2110,41 +2100,41 @@ if (ret < MAX_STATE) return false; + } - if (pidfd >= 0) { - struct pollfd pidfd_poll = { - .events = POLLIN, - .fd = pidfd, - }; - - killret = lxc_raw_pidfd_send_signal(pidfd, haltsignal, - NULL, 0); - if (killret < 0) - return log_warn(false, "Failed to send signal %d to pidfd %d", - haltsignal, pidfd); - - TRACE("Sent signal %d to pidfd %d", haltsignal, pidfd); - - /* - * No need for going through all of the state server - * complications anymore. We can just poll on pidfds. :) - */ + if (pidfd >= 0) { + struct pollfd pidfd_poll = { + .events = POLLIN, + .fd = pidfd, + }; + + killret = lxc_raw_pidfd_send_signal(pidfd, haltsignal, + NULL, 0); + if (killret < 0) + return log_warn(false, "Failed to send signal %d to pidfd %d", + haltsignal, pidfd); - if (timeout != 0) { - ret = poll(&pidfd_poll, 1, timeout * 1000); - if (ret < 0 || !(pidfd_poll.revents & POLLIN)) - return false; + TRACE("Sent signal %d to pidfd %d", haltsignal, pidfd); - TRACE("Pidfd polling detected container exit"); - } - } else { - killret = kill(pid, haltsignal); - if (killret < 0) - return log_warn(false, "Failed to send signal %d to pid %d", - haltsignal, pid); + /* + * No need for going through all of the state server + * complications anymore. We can just poll on pidfds. :) + */ + + if (timeout != 0) { + ret = poll(&pidfd_poll, 1, timeout * 1000); + if (ret < 0 || !(pidfd_poll.revents & POLLIN)) + return false; - TRACE("Sent signal %d to pid %d", haltsignal, pid); + TRACE("Pidfd polling detected container exit"); } + } else { + killret = kill(pid, haltsignal); + if (killret < 0) + return log_warn(false, "Failed to send signal %d to pid %d", + haltsignal, pid); + + TRACE("Sent signal %d to pid %d", haltsignal, pid); } if (timeout == 0) @@ -2350,20 +2340,21 @@ char **interfaces = NULL; char interface[IFNAMSIZ]; - if (pipe2(pipefd, O_CLOEXEC) < 0) - return NULL; + if (pipe2(pipefd, O_CLOEXEC)) + return log_error_errno(NULL, errno, "Failed to create pipe"); pid = fork(); if (pid < 0) { - SYSERROR("Failed to fork task to get interfaces information"); close(pipefd[0]); close(pipefd[1]); - return NULL; + return log_error_errno(NULL, errno, "Failed to fork task to get interfaces information"); } - if (pid == 0) { /* child */ - int ret = 1, nbytes; - struct netns_ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; + if (pid == 0) { + call_cleaner(netns_freeifaddrs) struct netns_ifaddrs *ifaddrs = NULL; + struct netns_ifaddrs *ifa = NULL; + int ret = 1; + int nbytes; /* close the read-end of the pipe */ close(pipefd[0]); @@ -2374,15 +2365,15 @@ } /* Grab the list of interfaces */ - if (netns_getifaddrs(&interfaceArray, -1, &(bool){false})) { + if (netns_getifaddrs(&ifaddrs, -1, &(bool){false})) { SYSERROR("Failed to get interfaces list"); goto out; } /* Iterate through the interfaces */ - for (tempIfAddr = interfaceArray; tempIfAddr != NULL; - tempIfAddr = tempIfAddr->ifa_next) { - nbytes = lxc_write_nointr(pipefd[1], tempIfAddr->ifa_name, IFNAMSIZ); + for (ifa = ifaddrs; ifa != NULL; + ifa = ifa->ifa_next) { + nbytes = lxc_write_nointr(pipefd[1], ifa->ifa_name, IFNAMSIZ); if (nbytes < 0) goto out; @@ -2392,9 +2383,6 @@ ret = 0; out: - if (interfaceArray) - netns_freeifaddrs(interfaceArray); - /* close the write-end of the pipe, thus sending EOF to the reader */ close(pipefd[1]); _exit(ret); @@ -2415,7 +2403,7 @@ count++; } - if (wait_for_pid(pid) != 0) { + if (wait_for_pid(pid)) { for (i = 0; i < count; i++) free(interfaces[i]); @@ -2446,10 +2434,8 @@ char **addresses = NULL; ret = pipe2(pipefd, O_CLOEXEC); - if (ret < 0) { - SYSERROR("Failed to create pipe"); - return NULL; - } + if (ret < 0) + return log_error_errno(NULL, errno, "Failed to create pipe"); pid = fork(); if (pid < 0) { @@ -2460,11 +2446,12 @@ } if (pid == 0) { + call_cleaner(netns_freeifaddrs) struct netns_ifaddrs *ifaddrs = NULL; + struct netns_ifaddrs *ifa = NULL; ssize_t nbytes; char addressOutputBuffer[INET6_ADDRSTRLEN]; char *address_ptr = NULL; - void *tempAddrPtr = NULL; - struct netns_ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; + void *address_ptr_tmp = NULL; /* close the read-end of the pipe */ close(pipefd[0]); @@ -2475,52 +2462,50 @@ } /* Grab the list of interfaces */ - if (netns_getifaddrs(&interfaceArray, -1, &(bool){false})) { + if (netns_getifaddrs(&ifaddrs, -1, &(bool){false})) { SYSERROR("Failed to get interfaces list"); goto out; } /* Iterate through the interfaces */ - for (tempIfAddr = interfaceArray; tempIfAddr; - tempIfAddr = tempIfAddr->ifa_next) { - if (tempIfAddr->ifa_addr == NULL) + for (ifa = ifaddrs; ifa; ifa = ifa->ifa_next) { + if (ifa->ifa_addr == NULL) continue; #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wcast-align" - if (tempIfAddr->ifa_addr->sa_family == AF_INET) { + if (ifa->ifa_addr->sa_family == AF_INET) { if (family && strcmp(family, "inet")) continue; - tempAddrPtr = &((struct sockaddr_in *)tempIfAddr->ifa_addr)->sin_addr; + address_ptr_tmp = &((struct sockaddr_in *)ifa->ifa_addr)->sin_addr; } else { if (family && strcmp(family, "inet6")) continue; - if (((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_scope_id != scope) + if (((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_scope_id != scope) continue; - tempAddrPtr = &((struct sockaddr_in6 *)tempIfAddr->ifa_addr)->sin6_addr; + address_ptr_tmp = &((struct sockaddr_in6 *)ifa->ifa_addr)->sin6_addr; } #pragma GCC diagnostic pop - if (interface && strcmp(interface, tempIfAddr->ifa_name)) + if (interface && strcmp(interface, ifa->ifa_name)) continue; - else if (!interface && strcmp("lo", tempIfAddr->ifa_name) == 0) + else if (!interface && strcmp("lo", ifa->ifa_name) == 0) continue; - address_ptr = (char *)inet_ntop(tempIfAddr->ifa_addr->sa_family, - tempAddrPtr, addressOutputBuffer, - sizeof(addressOutputBuffer)); + address_ptr = (char *)inet_ntop(ifa->ifa_addr->sa_family, address_ptr_tmp, + addressOutputBuffer, + sizeof(addressOutputBuffer)); if (!address_ptr) continue; nbytes = lxc_write_nointr(pipefd[1], address_ptr, INET6_ADDRSTRLEN); if (nbytes != INET6_ADDRSTRLEN) { - SYSERROR("Failed to send ipv6 address \"%s\"", - address_ptr); + SYSERROR("Failed to send ipv6 address \"%s\"", address_ptr); goto out; } @@ -2530,9 +2515,6 @@ ret = 0; out: - if (interfaceArray) - netns_freeifaddrs(interfaceArray); - /* close the write-end of the pipe, thus sending EOF to the reader */ close(pipefd[1]); _exit(ret); @@ -2550,7 +2532,7 @@ count++; } - if (wait_for_pid(pid) != 0) { + if (wait_for_pid(pid)) { for (i = 0; i < count; i++) free(addresses[i]); @@ -3560,7 +3542,7 @@ * then default to those even if not requested. * Currently we only do this for btrfs. */ -bool should_default_to_snapshot(struct lxc_container *c0, +static bool should_default_to_snapshot(struct lxc_container *c0, struct lxc_container *c1) { __do_free char *p0 = NULL, *p1 = NULL; @@ -3685,12 +3667,8 @@ return -1; } - if (detect_shared_rootfs()) { - if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) { - SYSERROR("Failed to make / rslave"); - ERROR("Continuing..."); - } - } + if (detect_shared_rootfs() && mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) + SYSERROR("Failed to recursively turn root mount tree into dependent mount. Continuing..."); if (bdev->ops->mount(bdev) < 0) { storage_put(bdev); @@ -5254,6 +5232,16 @@ WRAP_API(int, lxcapi_seccomp_notify_fd) +static int do_lxcapi_seccomp_notify_fd_active(struct lxc_container *c) +{ + if (!c || !c->lxc_conf) + return ret_set_errno(-1, -EINVAL); + + return lxc_cmd_get_seccomp_notify_fd(c->name, c->config_path); +} + +WRAP_API(int, lxcapi_seccomp_notify_fd_active) + struct lxc_container *lxc_container_new(const char *name, const char *configpath) { struct lxc_container *c; @@ -5343,6 +5331,7 @@ c->unfreeze = lxcapi_unfreeze; c->console = lxcapi_console; c->console_getfd = lxcapi_console_getfd; + c->devpts_fd = lxcapi_devpts_fd; c->init_pid = lxcapi_init_pid; c->init_pidfd = lxcapi_init_pidfd; c->load_config = lxcapi_load_config; @@ -5395,6 +5384,7 @@ c->mount = lxcapi_mount; c->umount = lxcapi_umount; c->seccomp_notify_fd = lxcapi_seccomp_notify_fd; + c->seccomp_notify_fd_active = lxcapi_seccomp_notify_fd_active; return c; @@ -5751,7 +5741,7 @@ bool lxc_config_item_is_supported(const char *key) { - return !!lxc_get_config(key); + return !!lxc_get_config_exact(key); } bool lxc_has_api_extension(const char *extension) diff -Nru lxc-4.0.2/src/lxc/lxccontainer.h lxc-4.0.6/src/lxc/lxccontainer.h --- lxc-4.0.2/src/lxc/lxccontainer.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxccontainer.h 2021-01-12 00:20:05.000000000 +0000 @@ -90,7 +90,7 @@ * \private * Container configuration. * - * \internal FIXME: do we want the whole lxc_handler? + * \internal TODO: do we want the whole lxc_handler? */ struct lxc_conf *lxc_conf; @@ -563,7 +563,7 @@ * \param c Container. * \param[in,out] ttynum Terminal number to attempt to allocate, * or \c -1 to allocate the first available tty. - * \param[out] masterfd File descriptor referring to the master side of the pty. + * \param[out] ptxfd File descriptor referring to the ptx side of the pty. * * \return tty file descriptor number on success, or \c -1 on * failure. @@ -575,7 +575,7 @@ * descriptor when no longer required so that it may be allocated * by another caller. */ - int (*console_getfd)(struct lxc_container *c, int *ttynum, int *masterfd); + int (*console_getfd)(struct lxc_container *c, int *ttynum, int *ptxfd); /*! * \brief Allocate and run a console tty. @@ -858,6 +858,15 @@ int (*seccomp_notify_fd)(struct lxc_container *c); /*! + * \brief Retrieve a file descriptor for the running container's seccomp filter. + * + * \param c Container + * + * \return file descriptor for the running container's seccomp filter + */ + int (*seccomp_notify_fd_active)(struct lxc_container *c); + + /*! * \brief Retrieve a pidfd for the container's init process. * * \param c Container. @@ -865,6 +874,15 @@ * \return pidfd of init process of the container. */ int (*init_pidfd)(struct lxc_container *c); + + /*! + * \brief Retrieve a mount fd for the container's devpts instance. + * + * \param c Container. + * + * \return Mount fd of the container's devpts instance. + */ + int (*devpts_fd)(struct lxc_container *c); }; /*! diff -Nru lxc-4.0.2/src/lxc/lxc.h lxc-4.0.6/src/lxc/lxc.h --- lxc-4.0.2/src/lxc/lxc.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxc.h 2021-01-12 00:20:05.000000000 +0000 @@ -12,6 +12,8 @@ #include #include +#include "compiler.h" +#include "memory_utils.h" #include "state.h" struct lxc_msg; @@ -32,8 +34,8 @@ * @daemonize : whether or not the container is daemonized * Returns 0 on success, < 0 otherwise */ -extern int lxc_start(char *const argv[], struct lxc_handler *handler, - const char *lxcpath, bool daemonize, int *error_num); +__hidden extern int lxc_start(char *const argv[], struct lxc_handler *handler, const char *lxcpath, + bool daemonize, int *error_num); /* * Start the specified command inside an application container @@ -44,39 +46,37 @@ * @daemonize : whether or not the container is daemonized * Returns 0 on success, < 0 otherwise */ -extern int lxc_execute(const char *name, char *const argv[], int quiet, - struct lxc_handler *handler, const char *lxcpath, - bool daemonize, int *error_num); +__hidden extern int lxc_execute(const char *name, char *const argv[], int quiet, + struct lxc_handler *handler, const char *lxcpath, bool daemonize, + int *error_num); /* * Close the fd associated with the monitoring * @fd : the file descriptor provided by lxc_monitor_open * Returns 0 on success, < 0 otherwise */ -extern int lxc_monitor_close(int fd); +__hidden extern int lxc_monitor_close(int fd); /* * Freeze all the tasks running inside the container * @name : the container name * Returns 0 on success, < 0 otherwise */ -extern int lxc_freeze(struct lxc_conf *conf, const char *name, - const char *lxcpath); +__hidden extern int lxc_freeze(struct lxc_conf *conf, const char *name, const char *lxcpath); /* * Unfreeze all previously frozen tasks. * @name : the name of the container * Return 0 on success, < 0 otherwise */ -extern int lxc_unfreeze(struct lxc_conf *conf, const char *name, - const char *lxcpath); +__hidden extern int lxc_unfreeze(struct lxc_conf *conf, const char *name, const char *lxcpath); /* * Retrieve the container state * @name : the name of the container * Returns the state of the container on success, < 0 otherwise */ -extern lxc_state_t lxc_state(const char *name, const char *lxcpath); +__hidden extern lxc_state_t lxc_state(const char *name, const char *lxcpath); /* * Create and return a new lxccontainer struct. @@ -95,6 +95,13 @@ * If it is the last reference, free the lxccontainer and return 1. */ extern int lxc_container_put(struct lxc_container *c); +static inline void put_lxc_container(struct lxc_container *c) +{ + if (c) + lxc_container_put(c); +} +define_cleanup_function(struct lxc_container *, put_lxc_container); +#define __put_lxc_container call_cleaner(put_lxc_container) /* * Get a list of valid wait states. @@ -105,17 +112,16 @@ /* * Add a dependency to a container */ -extern int add_rdepend(struct lxc_conf *lxc_conf, char *rdepend); +__hidden extern int add_rdepend(struct lxc_conf *lxc_conf, char *rdepend); /* * Set a key/value configuration option. Requires that to take a lock on the * in-memory config of the container. */ -extern int lxc_set_config_item_locked(struct lxc_conf *conf, const char *key, - const char *v); +__hidden extern int lxc_set_config_item_locked(struct lxc_conf *conf, const char *key, const char *v); #ifdef __cplusplus } #endif -#endif +#endif /* __LXC_LXC_H */ diff -Nru lxc-4.0.2/src/lxc/lxclock.c lxc-4.0.6/src/lxc/lxclock.c --- lxc-4.0.2/src/lxc/lxclock.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxclock.c 2021-01-12 00:20:05.000000000 +0000 @@ -17,6 +17,7 @@ #include "config.h" #include "log.h" #include "lxclock.h" +#include "memory_utils.h" #include "utils.h" #ifdef MUTEX_DEBUGGING @@ -35,7 +36,6 @@ void *array[MAX_STACKDEPTH]; size_t size; char **strings; - size_t i; size = backtrace(array, MAX_STACKDEPTH); strings = backtrace_symbols(array, size); @@ -43,7 +43,7 @@ /* Using fprintf here as our logging module is not thread safe. */ fprintf(stderr, "\tObtained %zu stack frames\n", size); - for (i = 0; i < size; i++) + for (int i = 0; i < size; i++) fprintf(stderr, "\t\t%s\n", strings[i]); free(strings); @@ -80,9 +80,9 @@ static char *lxclock_name(const char *p, const char *n) { + __do_free char *dest = NULL, *rundir = NULL; int ret; size_t len; - char *dest, *rundir; /* lockfile will be: * "/run" + "/lxc/lock/$lxcpath/$lxcname + '\0' if root @@ -100,134 +100,96 @@ len += strlen(rundir); dest = malloc(len); - if (!dest) { - free(rundir); + if (!dest) return NULL; - } ret = snprintf(dest, len, "%s/lxc/lock/%s", rundir, p); - if (ret < 0 || (size_t)ret >= len) { - free(dest); - free(rundir); - return NULL; - } + if (ret < 0 || (size_t)ret >= len) + return ret_set_errno(NULL, EIO); ret = mkdir_p(dest, 0755); - if (ret < 0) { - free(dest); - free(rundir); + if (ret < 0) return NULL; - } ret = snprintf(dest, len, "%s/lxc/lock/%s/.%s", rundir, p, n); - free(rundir); - if (ret < 0 || (size_t)ret >= len) { - free(dest); - return NULL; - } + if (ret < 0 || (size_t)ret >= len) + return ret_set_errno(NULL, EIO); - return dest; + return move_ptr(dest); } static sem_t *lxc_new_unnamed_sem(void) { + __do_free sem_t *s = NULL; int ret; - sem_t *s; s = malloc(sizeof(*s)); if (!s) - return NULL; + return ret_set_errno(NULL, ENOMEM); ret = sem_init(s, 0, 1); - if (ret < 0) { - free(s); + if (ret < 0) return NULL; - } - return s; + return move_ptr(s); } struct lxc_lock *lxc_newlock(const char *lxcpath, const char *name) { - struct lxc_lock *l; + __do_free struct lxc_lock *l = NULL; - l = malloc(sizeof(*l)); + l = zalloc(sizeof(*l)); if (!l) - goto on_error; + return ret_set_errno(NULL, ENOMEM); - if (!name) { + if (name) { + l->type = LXC_LOCK_FLOCK; + l->u.f.fname = lxclock_name(lxcpath, name); + if (!l->u.f.fname) + return ret_set_errno(NULL, ENOMEM); + l->u.f.fd = -EBADF; + } else { l->type = LXC_LOCK_ANON_SEM; l->u.sem = lxc_new_unnamed_sem(); - if (!l->u.sem) { - free(l); - l = NULL; - } - - goto on_error; - } - - l->type = LXC_LOCK_FLOCK; - l->u.f.fname = lxclock_name(lxcpath, name); - if (!l->u.f.fname) { - if (!name) - free(l->u.sem); - free(l); - l = NULL; - goto on_error; + if (!l->u.sem) + return ret_set_errno(NULL, ENOMEM); } - l->u.f.fd = -1; - -on_error: - return l; + return move_ptr(l); } int lxclock(struct lxc_lock *l, int timeout) { + int ret = -1; struct flock lk; - int ret = -1, saved_errno = errno; - switch(l->type) { + switch (l->type) { case LXC_LOCK_ANON_SEM: if (!timeout) { ret = sem_wait(l->u.sem); - if (ret < 0) - saved_errno = errno; } else { struct timespec ts; ret = clock_gettime(CLOCK_REALTIME, &ts); - if (ret < 0) { - ret = -2; - goto on_error; - } + if (ret < 0) + return -2; ts.tv_sec += timeout; ret = sem_timedwait(l->u.sem, &ts); - if (ret < 0) - saved_errno = errno; } break; case LXC_LOCK_FLOCK: - ret = -2; - if (timeout) { - ERROR("Timeouts are not supported with file locks"); - goto on_error; - } + if (timeout) + return log_error(-2, "Timeouts are not supported with file locks"); - if (!l->u.f.fname) { - ERROR("No filename set for file lock"); - goto on_error; - } + if (!l->u.f.fname) + return log_error(-2, "No filename set for file lock"); - if (l->u.f.fd == -1) { + if (l->u.f.fd < 0) { l->u.f.fd = open(l->u.f.fname, O_CREAT | O_RDWR | O_NOFOLLOW | O_CLOEXEC | O_NOCTTY, S_IWUSR | S_IRUSR); - if (l->u.f.fd == -1) { - SYSERROR("Failed to open \"%s\"", l->u.f.fname); - saved_errno = errno; - goto on_error; - } + if (l->u.f.fd < 0) + return log_error_errno(-2, errno, "Failed to open \"%s\"", l->u.f.fname); } memset(&lk, 0, sizeof(struct flock)); @@ -236,59 +198,47 @@ lk.l_whence = SEEK_SET; ret = fcntl(l->u.f.fd, F_OFD_SETLKW, &lk); - if (ret < 0) { - if (errno == EINVAL) - ret = flock(l->u.f.fd, LOCK_EX); - saved_errno = errno; - } - + if (ret < 0 && errno == EINVAL) + ret = flock(l->u.f.fd, LOCK_EX); break; + default: + return ret_set_errno(-1, EINVAL); } -on_error: - errno = saved_errno; return ret; } int lxcunlock(struct lxc_lock *l) { struct flock lk; - int ret = 0, saved_errno = errno; + int ret = 0; switch (l->type) { case LXC_LOCK_ANON_SEM: - if (!l->u.sem) { - ret = -2; - } else { - ret = sem_post(l->u.sem); - saved_errno = errno; - } + if (!l->u.sem) + return -2; + ret = sem_post(l->u.sem); break; case LXC_LOCK_FLOCK: - if (l->u.f.fd != -1) { - memset(&lk, 0, sizeof(struct flock)); + if (l->u.f.fd < 0) + return -2; - lk.l_type = F_UNLCK; - lk.l_whence = SEEK_SET; + memset(&lk, 0, sizeof(struct flock)); - ret = fcntl(l->u.f.fd, F_OFD_SETLK, &lk); - if (ret < 0) { - if (errno == EINVAL) - ret = flock(l->u.f.fd, LOCK_EX | LOCK_NB); - saved_errno = errno; - } + lk.l_type = F_UNLCK; + lk.l_whence = SEEK_SET; - close(l->u.f.fd); - l->u.f.fd = -1; - } else { - ret = -2; - } + ret = fcntl(l->u.f.fd, F_OFD_SETLK, &lk); + if (ret < 0 && errno == EINVAL) + ret = flock(l->u.f.fd, LOCK_EX | LOCK_NB); + close_prot_errno_disarm(l->u.f.fd); break; + default: + return ret_set_errno(-1, EINVAL); } - errno = saved_errno; return ret; } @@ -304,24 +254,16 @@ if (!l) return; - switch(l->type) { + switch (l->type) { case LXC_LOCK_ANON_SEM: if (l->u.sem) { sem_destroy(l->u.sem); - free(l->u.sem); - l->u.sem = NULL; + free_disarm(l->u.sem); } - break; case LXC_LOCK_FLOCK: - if (l->u.f.fd != -1) { - close(l->u.f.fd); - l->u.f.fd = -1; - } - - free(l->u.f.fname); - l->u.f.fname = NULL; - + close_prot_errno_disarm(l->u.f.fd); + free_disarm(l->u.f.fname); break; } diff -Nru lxc-4.0.2/src/lxc/lxclock.h lxc-4.0.6/src/lxc/lxclock.h --- lxc-4.0.2/src/lxc/lxclock.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxclock.h 2021-01-12 00:20:05.000000000 +0000 @@ -11,6 +11,8 @@ #include #include +#include "compiler.h" + #ifndef F_OFD_GETLK #define F_OFD_GETLK 36 #endif @@ -71,7 +73,7 @@ * freed when the container is freed), and \c u.f.fd = -1. * */ -extern struct lxc_lock *lxc_newlock(const char *lxcpath, const char *name); +__hidden extern struct lxc_lock *lxc_newlock(const char *lxcpath, const char *name); /*! * \brief Take an existing lock. @@ -89,7 +91,7 @@ * (except in the test case) I may remove the support for it in sem as * well. */ -extern int lxclock(struct lxc_lock *lock, int timeout); +__hidden extern int lxclock(struct lxc_lock *lock, int timeout); /*! * \brief Unlock specified lock previously locked using \ref lxclock(). @@ -99,24 +101,24 @@ * \return \c 0 on success, \c -2 if provided lock was not already held, * otherwise \c -1 with \c errno saved from \c fcntl(2) or sem_post function. */ -extern int lxcunlock(struct lxc_lock *lock); +__hidden extern int lxcunlock(struct lxc_lock *lock); /*! * \brief Free a lock created by \ref lxc_newlock(). * * \param lock Lock. */ -extern void lxc_putlock(struct lxc_lock *lock); +__hidden extern void lxc_putlock(struct lxc_lock *lock); /*! * \brief Lock the current process. */ -extern void process_lock(void); +__hidden extern void process_lock(void); /*! * \brief Unlock the current process. */ -extern void process_unlock(void); +__hidden extern void process_unlock(void); struct lxc_container; @@ -127,14 +129,14 @@ * * \return As for \ref lxclock(). */ -extern int container_mem_lock(struct lxc_container *c); +__hidden extern int container_mem_lock(struct lxc_container *c); /*! * \brief Unlock the containers memory. * * \param c Container. */ -extern void container_mem_unlock(struct lxc_container *c); +__hidden extern void container_mem_unlock(struct lxc_container *c); /*! * \brief Lock the containers disk data. @@ -144,7 +146,7 @@ * \return \c 0 on success, or an \ref lxclock() error return * values on error. */ -extern int container_disk_lock(struct lxc_container *c); +__hidden extern int container_disk_lock(struct lxc_container *c); /*! * \brief Unlock the containers disk data. @@ -152,6 +154,6 @@ * \param c Container. * */ -extern void container_disk_unlock(struct lxc_container *c); +__hidden extern void container_disk_unlock(struct lxc_container *c); #endif diff -Nru lxc-4.0.2/src/lxc/lxcseccomp.h lxc-4.0.6/src/lxc/lxcseccomp.h --- lxc-4.0.2/src/lxc/lxcseccomp.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/lxcseccomp.h 2021-01-12 00:20:05.000000000 +0000 @@ -16,6 +16,7 @@ #include #endif +#include "compiler.h" #include "conf.h" #include "config.h" #include "memory_utils.h" @@ -77,21 +78,19 @@ #endif /* HAVE_DECL_SECCOMP_NOTIFY_FD */ }; -extern int lxc_seccomp_load(struct lxc_conf *conf); -extern int lxc_read_seccomp_config(struct lxc_conf *conf); -extern void lxc_seccomp_free(struct lxc_seccomp *seccomp); -extern int seccomp_notify_handler(int fd, uint32_t events, void *data, - struct lxc_epoll_descr *descr); -extern void seccomp_conf_init(struct lxc_conf *conf); -extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp, - struct lxc_epoll_descr *descr, - struct lxc_handler *handler); -extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp, - int socket_fd); -extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp, - int socket_fd); -extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath, - struct lxc_seccomp *seccomp); +__hidden extern int lxc_seccomp_load(struct lxc_conf *conf); +__hidden extern int lxc_read_seccomp_config(struct lxc_conf *conf); +__hidden extern void lxc_seccomp_free(struct lxc_seccomp *seccomp); +__hidden extern int seccomp_notify_handler(int fd, uint32_t events, void *data, + struct lxc_epoll_descr *descr); +__hidden extern void seccomp_conf_init(struct lxc_conf *conf); +__hidden extern int lxc_seccomp_setup_proxy(struct lxc_seccomp *seccomp, + struct lxc_epoll_descr *descr, + struct lxc_handler *handler); +__hidden extern int lxc_seccomp_send_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd); +__hidden extern int lxc_seccomp_recv_notifier_fd(struct lxc_seccomp *seccomp, int socket_fd); +__hidden extern int lxc_seccomp_add_notifier(const char *name, const char *lxcpath, + struct lxc_seccomp *seccomp); static inline int lxc_seccomp_get_notify_fd(struct lxc_seccomp *seccomp) { #if HAVE_DECL_SECCOMP_NOTIFY_FD diff -Nru lxc-4.0.2/src/lxc/macro.h lxc-4.0.6/src/lxc/macro.h --- lxc-4.0.2/src/lxc/macro.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/macro.h 2021-01-12 00:20:05.000000000 +0000 @@ -25,6 +25,10 @@ #define PATH_MAX 4096 #endif +#ifndef MAX_GRBUF_SIZE +#define MAX_GRBUF_SIZE 2097152 +#endif + #define INT64_FMT "%" PRId64 /* Define __S_ISTYPE if missing from the C library. */ @@ -33,28 +37,168 @@ #endif /* capabilities */ +#ifndef CAP_CHOWN +#define CAP_CHOWN 0 +#endif + +#ifndef CAP_DAC_OVERRIDE +#define CAP_DAC_OVERRIDE 1 +#endif + +#ifndef CAP_DAC_READ_SEARCH +#define CAP_DAC_READ_SEARCH 2 +#endif + +#ifndef CAP_FOWNER +#define CAP_FOWNER 3 +#endif + +#ifndef CAP_FSETID +#define CAP_FSETID 4 +#endif + +#ifndef CAP_KILL +#define CAP_KILL 5 +#endif + +#ifndef CAP_SETGID +#define CAP_SETGID 6 +#endif + +#ifndef CAP_SETUID +#define CAP_SETUID 7 +#endif + +#ifndef CAP_SETPCAP +#define CAP_SETPCAP 8 +#endif + +#ifndef CAP_LINUX_IMMUTABLE +#define CAP_LINUX_IMMUTABLE 9 +#endif + +#ifndef CAP_NET_BIND_SERVICE +#define CAP_NET_BIND_SERVICE 10 +#endif + +#ifndef CAP_NET_BROADCAST +#define CAP_NET_BROADCAST 11 +#endif + +#ifndef CAP_NET_ADMIN +#define CAP_NET_ADMIN 12 +#endif + +#ifndef CAP_NET_RAW +#define CAP_NET_RAW 13 +#endif + +#ifndef CAP_IPC_LOCK +#define CAP_IPC_LOCK 14 +#endif + +#ifndef CAP_IPC_OWNER +#define CAP_IPC_OWNER 15 +#endif + +#ifndef CAP_SYS_MODULE +#define CAP_SYS_MODULE 16 +#endif + +#ifndef CAP_SYS_RAWIO +#define CAP_SYS_RAWIO 17 +#endif + +#ifndef CAP_SYS_CHROOT +#define CAP_SYS_CHROOT 18 +#endif + +#ifndef CAP_SYS_PTRACE +#define CAP_SYS_PTRACE 19 +#endif + +#ifndef CAP_SYS_PACCT +#define CAP_SYS_PACCT 20 +#endif + #ifndef CAP_SYS_ADMIN -#define CAP_SYS_ADMIN 21 +#define CAP_SYS_ADMIN 21 +#endif + +#ifndef CAP_SYS_BOOT +#define CAP_SYS_BOOT 22 +#endif + +#ifndef CAP_SYS_NICE +#define CAP_SYS_NICE 23 +#endif + +#ifndef CAP_SYS_RESOURCE +#define CAP_SYS_RESOURCE 24 +#endif + +#ifndef CAP_SYS_TIME +#define CAP_SYS_TIME 25 +#endif + +#ifndef CAP_SYS_TTY_CONFIG +#define CAP_SYS_TTY_CONFIG 26 +#endif + +#ifndef CAP_MKNOD +#define CAP_MKNOD 27 +#endif + +#ifndef CAP_LEASE +#define CAP_LEASE 28 +#endif + +#ifndef CAP_AUDIT_WRITE +#define CAP_AUDIT_WRITE 29 +#endif + +#ifndef CAP_AUDIT_CONTROL +#define CAP_AUDIT_CONTROL 30 #endif #ifndef CAP_SETFCAP -#define CAP_SETFCAP 31 +#define CAP_SETFCAP 31 #endif #ifndef CAP_MAC_OVERRIDE -#define CAP_MAC_OVERRIDE 32 +#define CAP_MAC_OVERRIDE 32 #endif #ifndef CAP_MAC_ADMIN -#define CAP_MAC_ADMIN 33 +#define CAP_MAC_ADMIN 33 #endif -#ifndef CAP_SETUID -#define CAP_SETUID 7 +#ifndef CAP_SYSLOG +#define CAP_SYSLOG 34 #endif -#ifndef CAP_SETGID -#define CAP_SETGID 6 +#ifndef CAP_WAKE_ALARM +#define CAP_WAKE_ALARM 35 +#endif + +#ifndef CAP_BLOCK_SUSPEND +#define CAP_BLOCK_SUSPEND 36 +#endif + +#ifndef CAP_AUDIT_READ +#define CAP_AUDIT_READ 37 +#endif + +#ifndef CAP_PERFMON +#define CAP_PERFMON 38 +#endif + +#ifndef CAP_BPF +#define CAP_BPF 39 +#endif + +#ifndef CAP_CHECKPOINT_RESTORE +#define CAP_CHECKPOINT_RESTORE 40 #endif /* prctl */ @@ -419,6 +563,9 @@ #define PTR_TO_UINT64(p) ((uint64_t)((intptr_t)(p))) +#define UINT_TO_PTR(u) ((void *) ((uintptr_t) (u))) +#define PTR_TO_USHORT(p) ((unsigned short)((uintptr_t)(p))) + #define LXC_INVALID_UID ((uid_t)-1) #define LXC_INVALID_GID ((gid_t)-1) @@ -473,4 +620,12 @@ typeof(&*(x))), \ sizeof(x) / sizeof((x)[0]), ((void)0))) +#ifndef TIOCGPTPEER + #if defined __sparc__ + #define TIOCGPTPEER _IO('t', 137) + #else + #define TIOCGPTPEER _IO('T', 0x41) + #endif +#endif + #endif /* __LXC_MACRO_H */ diff -Nru lxc-4.0.2/src/lxc/mainloop.c lxc-4.0.6/src/lxc/mainloop.c --- lxc-4.0.2/src/lxc/mainloop.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/mainloop.c 2021-01-12 00:20:05.000000000 +0000 @@ -59,8 +59,10 @@ } } -int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, - lxc_mainloop_callback_t callback, void *data) +int lxc_mainloop_add_handler_events(struct lxc_epoll_descr *descr, int fd, + int events, + lxc_mainloop_callback_t callback, + void *data) { __do_free struct mainloop_handler *handler = NULL; __do_free struct lxc_list *item = NULL; @@ -77,7 +79,7 @@ handler->fd = fd; handler->data = data; - ev.events = EPOLLIN; + ev.events = events; ev.data.ptr = handler; if (epoll_ctl(descr->epfd, EPOLL_CTL_ADD, fd, &ev) < 0) @@ -92,6 +94,13 @@ return 0; } +int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, + lxc_mainloop_callback_t callback, void *data) +{ + return lxc_mainloop_add_handler_events(descr, fd, EPOLLIN, callback, + data); +} + int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd) { struct mainloop_handler *handler; diff -Nru lxc-4.0.2/src/lxc/mainloop.h lxc-4.0.6/src/lxc/mainloop.h --- lxc-4.0.2/src/lxc/mainloop.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/mainloop.h 2021-01-12 00:20:05.000000000 +0000 @@ -5,6 +5,7 @@ #include +#include "compiler.h" #include "list.h" #include "memory_utils.h" @@ -20,17 +21,18 @@ typedef int (*lxc_mainloop_callback_t)(int fd, uint32_t event, void *data, struct lxc_epoll_descr *descr); -extern int lxc_mainloop(struct lxc_epoll_descr *descr, int timeout_ms); +__hidden extern int lxc_mainloop(struct lxc_epoll_descr *descr, int timeout_ms); -extern int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, - lxc_mainloop_callback_t callback, - void *data); +__hidden extern int lxc_mainloop_add_handler_events(struct lxc_epoll_descr *descr, int fd, int events, + lxc_mainloop_callback_t callback, void *data); +__hidden extern int lxc_mainloop_add_handler(struct lxc_epoll_descr *descr, int fd, + lxc_mainloop_callback_t callback, void *data); -extern int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd); +__hidden extern int lxc_mainloop_del_handler(struct lxc_epoll_descr *descr, int fd); -extern int lxc_mainloop_open(struct lxc_epoll_descr *descr); +__hidden extern int lxc_mainloop_open(struct lxc_epoll_descr *descr); -extern void lxc_mainloop_close(struct lxc_epoll_descr *descr); +__hidden extern void lxc_mainloop_close(struct lxc_epoll_descr *descr); define_cleanup_function(struct lxc_epoll_descr *, lxc_mainloop_close); diff -Nru lxc-4.0.2/src/lxc/Makefile.am lxc-4.0.6/src/lxc/Makefile.am --- lxc-4.0.2/src/lxc/Makefile.am 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/Makefile.am 2021-01-12 00:20:05.000000000 +0000 @@ -26,8 +26,9 @@ macro.h \ memory_utils.h \ monitor.h \ + mount_utils.h \ namespace.h \ - raw_syscalls.h \ + process_utils.h \ rexec.h \ start.h \ state.h \ @@ -48,14 +49,16 @@ terminal.h \ ../tests/lxctest.h \ tools/arguments.h \ - storage/storage_utils.h \ utils.h \ uuid.h if IS_BIONIC noinst_HEADERS += ../include/fexecve.h \ - ../include/lxcmntent.h \ - ../include/openpty.h + ../include/lxcmntent.h +endif + +if !HAVE_OPENPTY +noinst_HEADERS += ../include/openpty.h endif if !HAVE_PRLIMIT @@ -123,12 +126,13 @@ macro.h \ memory_utils.h \ mainloop.c mainloop.h \ + mount_utils.c mount_utils.h \ namespace.c namespace.h \ - nl.c nl.h \ network.c network.h \ + nl.c nl.h \ monitor.c monitor.h \ parse.c parse.h \ - raw_syscalls.c raw_syscalls.h \ + process_utils.c process_utils.h \ ringbuf.c ringbuf.h \ rtnl.c rtnl.h \ state.c state.h \ @@ -148,7 +152,7 @@ sync.c sync.h \ syscall_numbers.h \ syscall_wrappers.h \ - terminal.c \ + terminal.c terminal.h \ utils.c utils.h \ uuid.c uuid.h \ version.h \ @@ -156,8 +160,11 @@ if IS_BIONIC liblxc_la_SOURCES += ../include/fexecve.c ../include/fexecve.h \ - ../include/lxcmntent.c ../include/lxcmntent.h \ - ../include/openpty.c ../include/openpty.h + ../include/lxcmntent.c ../include/lxcmntent.h +endif + +if !HAVE_OPENPTY +liblxc_la_SOURCES += ../include/openpty.c ../include/openpty.h endif if !HAVE_GETGRGID_R @@ -177,7 +184,7 @@ endif if ENABLE_SECCOMP -liblxc_la_SOURCES += seccomp.c +liblxc_la_SOURCES += seccomp.c lxcseccomp.h endif if !HAVE_STRLCPY @@ -211,7 +218,6 @@ -I $(top_srcdir)/src/lxc \ -I $(top_srcdir)/src/lxc/storage \ -I $(top_srcdir)/src/lxc/cgroups - if ENABLE_APPARMOR AM_CFLAGS += -DHAVE_APPARMOR endif @@ -325,100 +331,1281 @@ if ENABLE_TOOLS lxc_attach_SOURCES = tools/lxc_attach.c \ + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ rexec.c rexec.h \ - tools/arguments.c tools/arguments.h + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_attach_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_autostart_SOURCES = tools/lxc_autostart.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_autostart_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_cgroup_SOURCES = tools/lxc_cgroup.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_cgroup_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_config_SOURCES = tools/lxc_config.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_config_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_console_SOURCES = tools/lxc_console.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_console_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_destroy_SOURCES = tools/lxc_destroy.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_destroy_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_device_SOURCES = tools/lxc_device.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_device_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_execute_SOURCES = tools/lxc_execute.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_execute_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_freeze_SOURCES = tools/lxc_freeze.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_freeze_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_info_SOURCES = tools/lxc_info.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_info_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_monitor_SOURCES = tools/lxc_monitor.c \ + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ macro.h \ - tools/arguments.c tools/arguments.h + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_monitor_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_ls_SOURCES = tools/lxc_ls.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + memory_utils.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_ls_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_copy_SOURCES = tools/lxc_copy.c \ tools/arguments.c tools/arguments.h \ - storage/storage_utils.c storage/storage_utils.h + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_copy_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_start_SOURCES = tools/lxc_start.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_start_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_stop_SOURCES = tools/lxc_stop.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_stop_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_top_SOURCES = tools/lxc_top.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_top_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_unfreeze_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_unshare_SOURCES = tools/lxc_unshare.c \ + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ syscall_numbers.h \ syscall_wrappers.h \ - tools/arguments.c tools/arguments.h + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_unshare_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_wait_SOURCES = tools/lxc_wait.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_wait_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_create_SOURCES = tools/lxc_create.c \ tools/arguments.c tools/arguments.h \ - storage/storage_utils.c storage/storage_utils.h + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_create_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_snapshot_SOURCES = tools/lxc_snapshot.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_snapshot_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ + log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_checkpoint_SOURCES += seccomp.c lxcseccomp.h +endif + endif if ENABLE_COMMANDS # Binaries shipping with liblxc init_lxc_SOURCES = cmd/lxc_init.c \ - compiler.h \ - error.h \ + af_unix.c af_unix.h \ + caps.c caps.h \ + error.c error.h \ + file_utils.c file_utils.h \ initutils.c initutils.h \ + log.c log.h \ + macro.h \ memory_utils.h \ - parse.c parse.h \ - raw_syscalls.c raw_syscalls.h \ - syscall_numbers.h \ + namespace.c namespace.h \ string_utils.c string_utils.h - init_lxc_LDFLAGS = -pthread lxc_monitord_SOURCES = cmd/lxc_monitord.c \ af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ log.c log.h \ + lxclock.c lxclock.h \ mainloop.c mainloop.h \ monitor.c monitor.h \ - raw_syscalls.c raw_syscalls.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h \ + sync.c sync.h \ syscall_numbers.h \ - utils.c utils.h + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_monitord_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ + conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ + file_utils.c file_utils.h \ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ log.c log.h \ + lxclock.c lxclock.h \ + mainloop.c mainloop.h \ memory_utils.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ network.c network.h \ + nl.c nl.h \ parse.c parse.h \ - raw_syscalls.c raw_syscalls.h \ - syscall_numbers.h \ - file_utils.c file_utils.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ string_utils.c string_utils.h \ - syscall_wrappers.h + sync.c sync.h \ + syscall_numbers.h \ + syscall_wrappers.h \ + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_user_nic_SOURCES += seccomp.c lxcseccomp.h +endif + lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \ + af_unix.c af_unix.h \ + caps.c caps.h \ + cgroups/cgfsng.c \ + cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h \ + commands.c commands.h \ + commands_utils.c commands_utils.h \ conf.c conf.h \ + confile.c confile.h \ + confile_utils.c confile_utils.h \ + error.c error.h \ file_utils.c file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + initutils.c initutils.h \ list.h \ log.c log.h \ + lxclock.c lxclock.h \ macro.h \ + mainloop.c mainloop.h \ memory_utils.h \ + monitor.c monitor.h \ + namespace.c namespace.h \ + network.c network.h \ + nl.c nl.h \ + parse.c parse.h \ + process_utils.c process_utils.h \ + ringbuf.c ringbuf.h \ + start.c start.h \ + state.c state.h \ + storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h \ + storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h \ + storage/zfs.c storage/zfs.h \ string_utils.c string_utils.h \ + sync.c sync.h \ syscall_wrappers.h \ - utils.c utils.h + terminal.c terminal.h \ + utils.c utils.h \ + uuid.c uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_usernsexec_SOURCES += seccomp.c lxcseccomp.h +endif endif @@ -433,10 +1620,11 @@ sbin_PROGRAMS += init.lxc.static init_lxc_static_SOURCES = cmd/lxc_init.c \ + af_unix.c af_unix.h \ caps.c caps.h \ error.c error.h \ - initutils.c initutils.h \ file_utils.c file_utils.h \ + initutils.c initutils.h \ log.c log.h \ macro.h \ memory_utils.h \ diff -Nru lxc-4.0.2/src/lxc/Makefile.in lxc-4.0.6/src/lxc/Makefile.in --- lxc-4.0.2/src/lxc/Makefile.in 2020-04-16 18:17:23.000000000 +0000 +++ lxc-4.0.6/src/lxc/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -94,41 +94,41 @@ build_triplet = @build@ host_triplet = @host@ @IS_BIONIC_TRUE@am__append_1 = ../include/fexecve.h \ -@IS_BIONIC_TRUE@ ../include/lxcmntent.h \ -@IS_BIONIC_TRUE@ ../include/openpty.h +@IS_BIONIC_TRUE@ ../include/lxcmntent.h -@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__append_2 = ../include/prlimit.h -@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__append_3 = ../include/getline.h -@HAVE_GETSUBOPT_FALSE@am__append_4 = tools/include/getsubopt.h -@HAVE_GETGRGID_R_FALSE@am__append_5 = ../include/getgrgid_r.h -@ENABLE_APPARMOR_TRUE@am__append_6 = lsm/apparmor.c -@ENABLE_SELINUX_TRUE@am__append_7 = lsm/selinux.c -@IS_BIONIC_TRUE@am__append_8 = ../include/fexecve.c ../include/fexecve.h \ -@IS_BIONIC_TRUE@ ../include/lxcmntent.c ../include/lxcmntent.h \ -@IS_BIONIC_TRUE@ ../include/openpty.c ../include/openpty.h - -@HAVE_GETGRGID_R_FALSE@am__append_9 = ../include/getgrgid_r.c ../include/getgrgid_r.h -@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__append_10 = ../include/getline.c ../include/getline.h -@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__append_11 = ../include/prlimit.c ../include/prlimit.h -@ENABLE_SECCOMP_TRUE@am__append_12 = seccomp.c -@HAVE_STRLCPY_FALSE@am__append_13 = ../include/strlcpy.c ../include/strlcpy.h -@HAVE_STRLCAT_FALSE@am__append_14 = ../include/strlcat.c ../include/strlcat.h -@ENFORCE_MEMFD_REXEC_TRUE@am__append_15 = rexec.c rexec.h -@ENABLE_APPARMOR_TRUE@am__append_16 = -DHAVE_APPARMOR -@ENABLE_OPENSSL_TRUE@am__append_17 = -DHAVE_OPENSSL -@ENABLE_SECCOMP_TRUE@am__append_18 = -DHAVE_SECCOMP \ +@HAVE_OPENPTY_FALSE@am__append_2 = ../include/openpty.h +@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__append_3 = ../include/prlimit.h +@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__append_4 = ../include/getline.h +@HAVE_GETSUBOPT_FALSE@am__append_5 = tools/include/getsubopt.h +@HAVE_GETGRGID_R_FALSE@am__append_6 = ../include/getgrgid_r.h +@ENABLE_APPARMOR_TRUE@am__append_7 = lsm/apparmor.c +@ENABLE_SELINUX_TRUE@am__append_8 = lsm/selinux.c +@IS_BIONIC_TRUE@am__append_9 = ../include/fexecve.c ../include/fexecve.h \ +@IS_BIONIC_TRUE@ ../include/lxcmntent.c ../include/lxcmntent.h + +@HAVE_OPENPTY_FALSE@am__append_10 = ../include/openpty.c ../include/openpty.h +@HAVE_GETGRGID_R_FALSE@am__append_11 = ../include/getgrgid_r.c ../include/getgrgid_r.h +@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__append_12 = ../include/getline.c ../include/getline.h +@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__append_13 = ../include/prlimit.c ../include/prlimit.h +@ENABLE_SECCOMP_TRUE@am__append_14 = seccomp.c lxcseccomp.h +@HAVE_STRLCPY_FALSE@am__append_15 = ../include/strlcpy.c ../include/strlcpy.h +@HAVE_STRLCAT_FALSE@am__append_16 = ../include/strlcat.c ../include/strlcat.h +@ENFORCE_MEMFD_REXEC_TRUE@am__append_17 = rexec.c rexec.h +@ENABLE_APPARMOR_TRUE@am__append_18 = -DHAVE_APPARMOR +@ENABLE_OPENSSL_TRUE@am__append_19 = -DHAVE_OPENSSL +@ENABLE_SECCOMP_TRUE@am__append_20 = -DHAVE_SECCOMP \ @ENABLE_SECCOMP_TRUE@ $(SECCOMP_CFLAGS) -@ENABLE_SELINUX_TRUE@am__append_19 = -DHAVE_SELINUX -@ENABLE_DLOG_TRUE@am__append_20 = -DHAVE_DLOG \ +@ENABLE_SELINUX_TRUE@am__append_21 = -DHAVE_SELINUX +@ENABLE_DLOG_TRUE@am__append_22 = -DHAVE_DLOG \ @ENABLE_DLOG_TRUE@ $(DLOG_CFLAGS) -@USE_CONFIGPATH_LOGS_TRUE@am__append_21 = -DUSE_CONFIGPATH_LOGS -@ENABLE_ASAN_TRUE@am__append_22 = -fsanitize=address \ +@USE_CONFIGPATH_LOGS_TRUE@am__append_23 = -DUSE_CONFIGPATH_LOGS +@ENABLE_ASAN_TRUE@am__append_24 = -fsanitize=address \ @ENABLE_ASAN_TRUE@ -fno-omit-frame-pointer -@ENABLE_UBSAN_TRUE@am__append_23 = -fsanitize=undefined -@ENABLE_COMMANDS_TRUE@am__append_24 = cmd/lxc-checkconfig \ +@ENABLE_UBSAN_TRUE@am__append_25 = -fsanitize=undefined +@ENABLE_COMMANDS_TRUE@am__append_26 = cmd/lxc-checkconfig \ @ENABLE_COMMANDS_TRUE@ cmd/lxc-update-config @ENABLE_COMMANDS_TRUE@@ENABLE_TOOLS_FALSE@bin_PROGRAMS = lxc-usernsexec$(EXEEXT) @@ -144,19 +144,44 @@ @ENABLE_TOOLS_TRUE@ lxc-stop$(EXEEXT) lxc-top$(EXEEXT) \ @ENABLE_TOOLS_TRUE@ lxc-unfreeze$(EXEEXT) lxc-unshare$(EXEEXT) \ @ENABLE_TOOLS_TRUE@ lxc-wait$(EXEEXT) $(am__EXEEXT_1) -@ENABLE_COMMANDS_TRUE@@ENABLE_TOOLS_TRUE@am__append_25 = lxc-usernsexec +@ENABLE_COMMANDS_TRUE@@ENABLE_TOOLS_TRUE@am__append_27 = lxc-usernsexec @ENABLE_COMMANDS_TRUE@sbin_PROGRAMS = init.lxc$(EXEEXT) \ @ENABLE_COMMANDS_TRUE@ $(am__EXEEXT_2) @ENABLE_COMMANDS_TRUE@pkglibexec_PROGRAMS = lxc-monitord$(EXEEXT) \ @ENABLE_COMMANDS_TRUE@ lxc-user-nic$(EXEEXT) -@ENABLE_RPATH_TRUE@am__append_26 = -Wl,-rpath -Wl,$(libdir) -@ENABLE_TOOLS_TRUE@@HAVE_GETSUBOPT_FALSE@am__append_27 = tools/include/getsubopt.c tools/include/getsubopt.h -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@am__append_28 = init.lxc.static -@ENABLE_COMMANDS_TRUE@@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@@HAVE_STATIC_LIBCAP_TRUE@am__append_29 = ../include/getline.c ../include/getline.h -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCPY_FALSE@am__append_30 = ../include/strlcpy.c ../include/strlcpy.h -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCAT_FALSE@am__append_31 = ../include/strlcat.c ../include/strlcat.h -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCAT_FALSE@am__append_32 = ../include/strlcat.c ../include/strlcat.h -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCPY_FALSE@am__append_33 = ../include/strlcpy.c ../include/strlcpy.h +@ENABLE_RPATH_TRUE@am__append_28 = -Wl,-rpath -Wl,$(libdir) +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_29 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_30 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_31 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_32 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_33 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_34 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_35 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_36 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_37 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_38 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_39 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_40 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_41 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_42 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_43 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_44 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_45 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_46 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_47 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_48 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_49 = seccomp.c lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__append_50 = seccomp.c lxcseccomp.h +@ENABLE_COMMANDS_TRUE@@ENABLE_SECCOMP_TRUE@am__append_51 = seccomp.c lxcseccomp.h +@ENABLE_COMMANDS_TRUE@@ENABLE_SECCOMP_TRUE@am__append_52 = seccomp.c lxcseccomp.h +@ENABLE_COMMANDS_TRUE@@ENABLE_SECCOMP_TRUE@am__append_53 = seccomp.c lxcseccomp.h +@ENABLE_TOOLS_TRUE@@HAVE_GETSUBOPT_FALSE@am__append_54 = tools/include/getsubopt.c tools/include/getsubopt.h +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@am__append_55 = init.lxc.static +@ENABLE_COMMANDS_TRUE@@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@@HAVE_STATIC_LIBCAP_TRUE@am__append_56 = ../include/getline.c ../include/getline.h +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCPY_FALSE@am__append_57 = ../include/strlcpy.c ../include/strlcpy.h +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCAT_FALSE@am__append_58 = ../include/strlcat.c ../include/strlcat.h +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCAT_FALSE@am__append_59 = ../include/strlcat.c ../include/strlcat.h +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCPY_FALSE@am__append_60 = ../include/strlcpy.c ../include/strlcpy.h subdir = src/lxc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ @@ -227,19 +252,20 @@ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ initutils.c initutils.h list.h log.c log.h lxc.h \ lxccontainer.c lxccontainer.h lxclock.c lxclock.h lxcseccomp.h \ - macro.h memory_utils.h mainloop.c mainloop.h namespace.c \ - namespace.h nl.c nl.h network.c network.h monitor.c monitor.h \ - parse.c parse.h raw_syscalls.c raw_syscalls.h ringbuf.c \ - ringbuf.h rtnl.c rtnl.h state.c state.h start.c start.h \ - storage/btrfs.c storage/btrfs.h storage/dir.c storage/dir.h \ - storage/loop.c storage/loop.h storage/lvm.c storage/lvm.h \ - storage/nbd.c storage/nbd.h storage/overlay.c \ - storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ - storage/rsync.h storage/storage.c storage/storage.h \ - storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ - storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ - syscall_numbers.h syscall_wrappers.h terminal.c utils.c \ - utils.h uuid.c uuid.h version.h lsm/lsm.c lsm/lsm.h lsm/nop.c \ + macro.h memory_utils.h mainloop.c mainloop.h mount_utils.c \ + mount_utils.h namespace.c namespace.h network.c network.h nl.c \ + nl.h monitor.c monitor.h parse.c parse.h process_utils.c \ + process_utils.h ringbuf.c ringbuf.h rtnl.c rtnl.h state.c \ + state.h start.c start.h storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h storage/rbd.c \ + storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h syscall_numbers.h \ + syscall_wrappers.h terminal.c terminal.h utils.c utils.h \ + uuid.c uuid.h version.h lsm/lsm.c lsm/lsm.h lsm/nop.c \ lsm/apparmor.c lsm/selinux.c ../include/fexecve.c \ ../include/fexecve.h ../include/lxcmntent.c \ ../include/lxcmntent.h ../include/openpty.c \ @@ -254,16 +280,16 @@ am__objects_3 = lsm/liblxc_la-lsm.lo lsm/liblxc_la-nop.lo \ $(am__objects_1) $(am__objects_2) @IS_BIONIC_TRUE@am__objects_4 = ../include/liblxc_la-fexecve.lo \ -@IS_BIONIC_TRUE@ ../include/liblxc_la-lxcmntent.lo \ -@IS_BIONIC_TRUE@ ../include/liblxc_la-openpty.lo -@HAVE_GETGRGID_R_FALSE@am__objects_5 = \ +@IS_BIONIC_TRUE@ ../include/liblxc_la-lxcmntent.lo +@HAVE_OPENPTY_FALSE@am__objects_5 = ../include/liblxc_la-openpty.lo +@HAVE_GETGRGID_R_FALSE@am__objects_6 = \ @HAVE_GETGRGID_R_FALSE@ ../include/liblxc_la-getgrgid_r.lo -@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__objects_6 = ../include/liblxc_la-getline.lo -@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__objects_7 = ../include/liblxc_la-prlimit.lo -@ENABLE_SECCOMP_TRUE@am__objects_8 = liblxc_la-seccomp.lo -@HAVE_STRLCPY_FALSE@am__objects_9 = ../include/liblxc_la-strlcpy.lo -@HAVE_STRLCAT_FALSE@am__objects_10 = ../include/liblxc_la-strlcat.lo -@ENFORCE_MEMFD_REXEC_TRUE@am__objects_11 = liblxc_la-rexec.lo +@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@am__objects_7 = ../include/liblxc_la-getline.lo +@HAVE_PRLIMIT64_TRUE@@HAVE_PRLIMIT_FALSE@am__objects_8 = ../include/liblxc_la-prlimit.lo +@ENABLE_SECCOMP_TRUE@am__objects_9 = liblxc_la-seccomp.lo +@HAVE_STRLCPY_FALSE@am__objects_10 = ../include/liblxc_la-strlcpy.lo +@HAVE_STRLCAT_FALSE@am__objects_11 = ../include/liblxc_la-strlcat.lo +@ENFORCE_MEMFD_REXEC_TRUE@am__objects_12 = liblxc_la-rexec.lo am_liblxc_la_OBJECTS = liblxc_la-af_unix.lo liblxc_la-attach.lo \ liblxc_la-caps.lo cgroups/liblxc_la-cgfsng.lo \ cgroups/liblxc_la-cgroup.lo \ @@ -276,21 +302,22 @@ ../include/liblxc_la-netns_ifaddrs.lo liblxc_la-initutils.lo \ liblxc_la-log.lo liblxc_la-lxccontainer.lo \ liblxc_la-lxclock.lo liblxc_la-mainloop.lo \ - liblxc_la-namespace.lo liblxc_la-nl.lo liblxc_la-network.lo \ - liblxc_la-monitor.lo liblxc_la-parse.lo \ - liblxc_la-raw_syscalls.lo liblxc_la-ringbuf.lo \ - liblxc_la-rtnl.lo liblxc_la-state.lo liblxc_la-start.lo \ - storage/liblxc_la-btrfs.lo storage/liblxc_la-dir.lo \ - storage/liblxc_la-loop.lo storage/liblxc_la-lvm.lo \ - storage/liblxc_la-nbd.lo storage/liblxc_la-overlay.lo \ - storage/liblxc_la-rbd.lo storage/liblxc_la-rsync.lo \ - storage/liblxc_la-storage.lo \ + liblxc_la-mount_utils.lo liblxc_la-namespace.lo \ + liblxc_la-network.lo liblxc_la-nl.lo liblxc_la-monitor.lo \ + liblxc_la-parse.lo liblxc_la-process_utils.lo \ + liblxc_la-ringbuf.lo liblxc_la-rtnl.lo liblxc_la-state.lo \ + liblxc_la-start.lo storage/liblxc_la-btrfs.lo \ + storage/liblxc_la-dir.lo storage/liblxc_la-loop.lo \ + storage/liblxc_la-lvm.lo storage/liblxc_la-nbd.lo \ + storage/liblxc_la-overlay.lo storage/liblxc_la-rbd.lo \ + storage/liblxc_la-rsync.lo storage/liblxc_la-storage.lo \ storage/liblxc_la-storage_utils.lo storage/liblxc_la-zfs.lo \ liblxc_la-string_utils.lo liblxc_la-sync.lo \ liblxc_la-terminal.lo liblxc_la-utils.lo liblxc_la-uuid.lo \ $(am__objects_3) $(am__objects_4) $(am__objects_5) \ $(am__objects_6) $(am__objects_7) $(am__objects_8) \ - $(am__objects_9) $(am__objects_10) $(am__objects_11) + $(am__objects_9) $(am__objects_10) $(am__objects_11) \ + $(am__objects_12) liblxc_la_OBJECTS = $(am_liblxc_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) @@ -306,27 +333,29 @@ file_utils.h macro.h memory_utils.h string_utils.c \ string_utils.h ../include/strlcat.c ../include/strlcat.h \ ../include/strlcpy.c ../include/strlcpy.h -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCAT_FALSE@am__objects_12 = ../include/pam_cgfs_la-strlcat.lo -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCPY_FALSE@am__objects_13 = ../include/pam_cgfs_la-strlcpy.lo +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCAT_FALSE@am__objects_13 = ../include/pam_cgfs_la-strlcat.lo +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@@HAVE_STRLCPY_FALSE@am__objects_14 = ../include/pam_cgfs_la-strlcpy.lo @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@am_pam_cgfs_la_OBJECTS = \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ pam/cgfs_la-pam_cgfs.lo \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ pam_cgfs_la-file_utils.lo \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ pam_cgfs_la-string_utils.lo \ -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__objects_12) \ -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__objects_13) +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__objects_13) \ +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__objects_14) pam_cgfs_la_OBJECTS = $(am_pam_cgfs_la_OBJECTS) pam_cgfs_la_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(pam_cgfs_la_CFLAGS) \ $(CFLAGS) $(pam_cgfs_la_LDFLAGS) $(LDFLAGS) -o $@ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@am_pam_cgfs_la_rpath = -rpath \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(pamdir) -am__init_lxc_SOURCES_DIST = cmd/lxc_init.c compiler.h error.h \ - initutils.c initutils.h memory_utils.h parse.c parse.h \ - raw_syscalls.c raw_syscalls.h syscall_numbers.h string_utils.c \ - string_utils.h +am__init_lxc_SOURCES_DIST = cmd/lxc_init.c af_unix.c af_unix.h caps.c \ + caps.h error.c error.h file_utils.c file_utils.h initutils.c \ + initutils.h log.c log.h macro.h memory_utils.h namespace.c \ + namespace.h string_utils.c string_utils.h @ENABLE_COMMANDS_TRUE@am_init_lxc_OBJECTS = cmd/lxc_init.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ initutils.$(OBJEXT) parse.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ raw_syscalls.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ af_unix.$(OBJEXT) caps.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ error.$(OBJEXT) file_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ namespace.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@ string_utils.$(OBJEXT) init_lxc_OBJECTS = $(am_init_lxc_OBJECTS) init_lxc_LDADD = $(LDADD) @@ -334,238 +363,1465 @@ init_lxc_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) \ $(LIBTOOLFLAGS) --mode=link $(CCLD) $(AM_CFLAGS) $(CFLAGS) \ $(init_lxc_LDFLAGS) $(LDFLAGS) -o $@ -am__init_lxc_static_SOURCES_DIST = cmd/lxc_init.c caps.c caps.h \ - error.c error.h initutils.c initutils.h file_utils.c \ - file_utils.h log.c log.h macro.h memory_utils.h namespace.c \ - namespace.h string_utils.c string_utils.h ../include/getline.c \ - ../include/getline.h ../include/strlcpy.c ../include/strlcpy.h \ - ../include/strlcat.c ../include/strlcat.h -@ENABLE_COMMANDS_TRUE@@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@@HAVE_STATIC_LIBCAP_TRUE@am__objects_14 = ../include/init_lxc_static-getline.$(OBJEXT) -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCPY_FALSE@am__objects_15 = ../include/init_lxc_static-strlcpy.$(OBJEXT) -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCAT_FALSE@am__objects_16 = ../include/init_lxc_static-strlcat.$(OBJEXT) +am__init_lxc_static_SOURCES_DIST = cmd/lxc_init.c af_unix.c af_unix.h \ + caps.c caps.h error.c error.h file_utils.c file_utils.h \ + initutils.c initutils.h log.c log.h macro.h memory_utils.h \ + namespace.c namespace.h string_utils.c string_utils.h \ + ../include/getline.c ../include/getline.h ../include/strlcpy.c \ + ../include/strlcpy.h ../include/strlcat.c ../include/strlcat.h +@ENABLE_COMMANDS_TRUE@@HAVE_FGETLN_TRUE@@HAVE_GETLINE_FALSE@@HAVE_STATIC_LIBCAP_TRUE@am__objects_15 = ../include/init_lxc_static-getline.$(OBJEXT) +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCPY_FALSE@am__objects_16 = ../include/init_lxc_static-strlcpy.$(OBJEXT) +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@@HAVE_STRLCAT_FALSE@am__objects_17 = ../include/init_lxc_static-strlcat.$(OBJEXT) @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@am_init_lxc_static_OBJECTS = cmd/init_lxc_static-lxc_init.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-af_unix.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-caps.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-error.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-initutils.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-file_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-initutils.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-log.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-namespace.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ init_lxc_static-string_utils.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__objects_14) \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__objects_15) \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__objects_16) +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__objects_16) \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__objects_17) init_lxc_static_OBJECTS = $(am_init_lxc_static_OBJECTS) init_lxc_static_DEPENDENCIES = init_lxc_static_LINK = $(LIBTOOL) $(AM_V_lt) --tag=CC \ $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=link $(CCLD) \ $(init_lxc_static_CFLAGS) $(CFLAGS) $(init_lxc_static_LDFLAGS) \ $(LDFLAGS) -o $@ -am__lxc_attach_SOURCES_DIST = tools/lxc_attach.c rexec.c rexec.h \ - tools/arguments.c tools/arguments.h +am__lxc_attach_SOURCES_DIST = tools/lxc_attach.c tools/arguments.c \ + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h rexec.c rexec.h \ + ringbuf.c ringbuf.h start.c start.h state.c state.h \ + storage/btrfs.c storage/btrfs.h storage/dir.c storage/dir.h \ + storage/loop.c storage/loop.h storage/lvm.c storage/lvm.h \ + storage/nbd.c storage/nbd.h storage/overlay.c \ + storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ + storage/rsync.h storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ + storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ + terminal.c terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c \ + lsm/lsm.h lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c \ + lxcseccomp.h +@ENABLE_APPARMOR_TRUE@am__objects_18 = lsm/apparmor.$(OBJEXT) +@ENABLE_SELINUX_TRUE@am__objects_19 = lsm/selinux.$(OBJEXT) +am__objects_20 = lsm/lsm.$(OBJEXT) lsm/nop.$(OBJEXT) $(am__objects_18) \ + $(am__objects_19) +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@am__objects_21 = \ +@ENABLE_SECCOMP_TRUE@@ENABLE_TOOLS_TRUE@ seccomp.$(OBJEXT) @ENABLE_TOOLS_TRUE@am_lxc_attach_OBJECTS = tools/lxc_attach.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ rexec.$(OBJEXT) tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ rexec.$(OBJEXT) ringbuf.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ start.$(OBJEXT) state.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_attach_OBJECTS = $(am_lxc_attach_OBJECTS) lxc_attach_LDADD = $(LDADD) lxc_attach_DEPENDENCIES = liblxc.la am__lxc_autostart_SOURCES_DIST = tools/lxc_autostart.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h af_unix.c af_unix.h caps.c \ + caps.h cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_autostart_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_autostart.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_autostart_OBJECTS = $(am_lxc_autostart_OBJECTS) lxc_autostart_LDADD = $(LDADD) lxc_autostart_DEPENDENCIES = liblxc.la am__lxc_cgroup_SOURCES_DIST = tools/lxc_cgroup.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_cgroup_OBJECTS = tools/lxc_cgroup.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_cgroup_OBJECTS = $(am_lxc_cgroup_OBJECTS) lxc_cgroup_LDADD = $(LDADD) lxc_cgroup_DEPENDENCIES = liblxc.la am__lxc_checkpoint_SOURCES_DIST = tools/lxc_checkpoint.c \ - tools/arguments.c tools/arguments.h + tools/arguments.c tools/arguments.h af_unix.c af_unix.h caps.c \ + caps.h cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_checkpoint_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_checkpoint.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_checkpoint_OBJECTS = $(am_lxc_checkpoint_OBJECTS) lxc_checkpoint_LDADD = $(LDADD) lxc_checkpoint_DEPENDENCIES = liblxc.la am__lxc_config_SOURCES_DIST = tools/lxc_config.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_config_OBJECTS = tools/lxc_config.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_config_OBJECTS = $(am_lxc_config_OBJECTS) lxc_config_LDADD = $(LDADD) lxc_config_DEPENDENCIES = liblxc.la am__lxc_console_SOURCES_DIST = tools/lxc_console.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_console_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_console.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_console_OBJECTS = $(am_lxc_console_OBJECTS) lxc_console_LDADD = $(LDADD) lxc_console_DEPENDENCIES = liblxc.la am__lxc_copy_SOURCES_DIST = tools/lxc_copy.c tools/arguments.c \ - tools/arguments.h storage/storage_utils.c \ - storage/storage_utils.h tools/include/getsubopt.c \ - tools/include/getsubopt.h -@ENABLE_TOOLS_TRUE@@HAVE_GETSUBOPT_FALSE@am__objects_17 = tools/include/getsubopt.$(OBJEXT) + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h \ + tools/include/getsubopt.c tools/include/getsubopt.h +@ENABLE_TOOLS_TRUE@@HAVE_GETSUBOPT_FALSE@am__objects_22 = tools/include/getsubopt.$(OBJEXT) @ENABLE_TOOLS_TRUE@am_lxc_copy_OBJECTS = tools/lxc_copy.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ @ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ $(am__objects_17) +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) $(am__objects_22) lxc_copy_OBJECTS = $(am_lxc_copy_OBJECTS) lxc_copy_LDADD = $(LDADD) lxc_copy_DEPENDENCIES = liblxc.la am__lxc_create_SOURCES_DIST = tools/lxc_create.c tools/arguments.c \ - tools/arguments.h storage/storage_utils.c \ - storage/storage_utils.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_create_OBJECTS = tools/lxc_create.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_create_OBJECTS = $(am_lxc_create_OBJECTS) lxc_create_LDADD = $(LDADD) lxc_create_DEPENDENCIES = liblxc.la am__lxc_destroy_SOURCES_DIST = tools/lxc_destroy.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_destroy_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_destroy.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_destroy_OBJECTS = $(am_lxc_destroy_OBJECTS) lxc_destroy_LDADD = $(LDADD) lxc_destroy_DEPENDENCIES = liblxc.la am__lxc_device_SOURCES_DIST = tools/lxc_device.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_device_OBJECTS = tools/lxc_device.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_device_OBJECTS = $(am_lxc_device_OBJECTS) lxc_device_LDADD = $(LDADD) lxc_device_DEPENDENCIES = liblxc.la am__lxc_execute_SOURCES_DIST = tools/lxc_execute.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_execute_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_execute.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_execute_OBJECTS = $(am_lxc_execute_OBJECTS) lxc_execute_LDADD = $(LDADD) lxc_execute_DEPENDENCIES = liblxc.la am__lxc_freeze_SOURCES_DIST = tools/lxc_freeze.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_freeze_OBJECTS = tools/lxc_freeze.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_freeze_OBJECTS = $(am_lxc_freeze_OBJECTS) lxc_freeze_LDADD = $(LDADD) lxc_freeze_DEPENDENCIES = liblxc.la am__lxc_info_SOURCES_DIST = tools/lxc_info.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_info_OBJECTS = tools/lxc_info.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_info_OBJECTS = $(am_lxc_info_OBJECTS) lxc_info_LDADD = $(LDADD) lxc_info_DEPENDENCIES = liblxc.la am__lxc_ls_SOURCES_DIST = tools/lxc_ls.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h memory_utils.h \ + monitor.c monitor.h namespace.c namespace.h network.c \ + network.h nl.c nl.h parse.c parse.h process_utils.c \ + process_utils.h ringbuf.c ringbuf.h start.c start.h state.c \ + state.h storage/btrfs.c storage/btrfs.h storage/dir.c \ + storage/dir.h storage/loop.c storage/loop.h storage/lvm.c \ + storage/lvm.h storage/nbd.c storage/nbd.h storage/overlay.c \ + storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ + storage/rsync.h storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ + storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ + terminal.c terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c \ + lsm/lsm.h lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c \ + lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_ls_OBJECTS = tools/lxc_ls.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_ls_OBJECTS = $(am_lxc_ls_OBJECTS) lxc_ls_LDADD = $(LDADD) lxc_ls_DEPENDENCIES = liblxc.la -am__lxc_monitor_SOURCES_DIST = tools/lxc_monitor.c macro.h \ - tools/arguments.c tools/arguments.h +am__lxc_monitor_SOURCES_DIST = tools/lxc_monitor.c tools/arguments.c \ + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h macro.h mainloop.c mainloop.h monitor.c \ + monitor.h namespace.c namespace.h network.c network.h nl.c \ + nl.h parse.c parse.h process_utils.c process_utils.h ringbuf.c \ + ringbuf.h start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_monitor_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_monitor.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_monitor_OBJECTS = $(am_lxc_monitor_OBJECTS) lxc_monitor_LDADD = $(LDADD) lxc_monitor_DEPENDENCIES = liblxc.la am__lxc_monitord_SOURCES_DIST = cmd/lxc_monitord.c af_unix.c af_unix.h \ - log.c log.h mainloop.c mainloop.h monitor.c monitor.h \ - raw_syscalls.c raw_syscalls.h syscall_numbers.h utils.c \ - utils.h + caps.c caps.h cgroups/cgfsng.c cgroups/cgroup.c \ + cgroups/cgroup.h cgroups/cgroup2_devices.c \ + cgroups/cgroup2_devices.h cgroups/cgroup_utils.c \ + cgroups/cgroup_utils.h commands.c commands.h commands_utils.c \ + commands_utils.h conf.c conf.h confile.c confile.h \ + confile_utils.c confile_utils.h error.c error.h file_utils.c \ + file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h syscall_numbers.h \ + terminal.c terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c \ + lsm/lsm.h lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c \ + lxcseccomp.h +@ENABLE_COMMANDS_TRUE@@ENABLE_SECCOMP_TRUE@am__objects_23 = \ +@ENABLE_COMMANDS_TRUE@@ENABLE_SECCOMP_TRUE@ seccomp.$(OBJEXT) @ENABLE_COMMANDS_TRUE@am_lxc_monitord_OBJECTS = \ @ENABLE_COMMANDS_TRUE@ cmd/lxc_monitord.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ af_unix.$(OBJEXT) log.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ mainloop.$(OBJEXT) monitor.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ raw_syscalls.$(OBJEXT) utils.$(OBJEXT) +@ENABLE_COMMANDS_TRUE@ af_unix.$(OBJEXT) caps.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands_utils.$(OBJEXT) conf.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_COMMANDS_TRUE@ $(am__objects_23) lxc_monitord_OBJECTS = $(am_lxc_monitord_OBJECTS) lxc_monitord_LDADD = $(LDADD) lxc_monitord_DEPENDENCIES = liblxc.la am__lxc_snapshot_SOURCES_DIST = tools/lxc_snapshot.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_snapshot_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_snapshot.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_snapshot_OBJECTS = $(am_lxc_snapshot_OBJECTS) lxc_snapshot_LDADD = $(LDADD) lxc_snapshot_DEPENDENCIES = liblxc.la am__lxc_start_SOURCES_DIST = tools/lxc_start.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_start_OBJECTS = tools/lxc_start.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_start_OBJECTS = $(am_lxc_start_OBJECTS) lxc_start_LDADD = $(LDADD) lxc_start_DEPENDENCIES = liblxc.la am__lxc_stop_SOURCES_DIST = tools/lxc_stop.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_stop_OBJECTS = tools/lxc_stop.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_stop_OBJECTS = $(am_lxc_stop_OBJECTS) lxc_stop_LDADD = $(LDADD) lxc_stop_DEPENDENCIES = liblxc.la am__lxc_top_SOURCES_DIST = tools/lxc_top.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_top_OBJECTS = tools/lxc_top.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_top_OBJECTS = $(am_lxc_top_OBJECTS) lxc_top_LDADD = $(LDADD) lxc_top_DEPENDENCIES = liblxc.la am__lxc_unfreeze_SOURCES_DIST = tools/lxc_unfreeze.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_unfreeze_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_unfreeze.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_unfreeze_OBJECTS = $(am_lxc_unfreeze_OBJECTS) lxc_unfreeze_LDADD = $(LDADD) lxc_unfreeze_DEPENDENCIES = liblxc.la -am__lxc_unshare_SOURCES_DIST = tools/lxc_unshare.c syscall_numbers.h \ - syscall_wrappers.h tools/arguments.c tools/arguments.h +am__lxc_unshare_SOURCES_DIST = tools/lxc_unshare.c tools/arguments.c \ + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h syscall_numbers.h \ + syscall_wrappers.h terminal.c terminal.h utils.c utils.h \ + uuid.c uuid.h lsm/lsm.c lsm/lsm.h lsm/nop.c lsm/apparmor.c \ + lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_unshare_OBJECTS = \ @ENABLE_TOOLS_TRUE@ tools/lxc_unshare.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_unshare_OBJECTS = $(am_lxc_unshare_OBJECTS) lxc_unshare_LDADD = $(LDADD) lxc_unshare_DEPENDENCIES = liblxc.la -am__lxc_user_nic_SOURCES_DIST = cmd/lxc_user_nic.c \ - ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h log.c \ - log.h memory_utils.h network.c network.h parse.c parse.h \ - raw_syscalls.c raw_syscalls.h syscall_numbers.h file_utils.c \ - file_utils.h string_utils.c string_utils.h syscall_wrappers.h +am__lxc_user_nic_SOURCES_DIST = cmd/lxc_user_nic.c af_unix.c af_unix.h \ + caps.c caps.h cgroups/cgfsng.c cgroups/cgroup.c \ + cgroups/cgroup.h cgroups/cgroup2_devices.c \ + cgroups/cgroup2_devices.h cgroups/cgroup_utils.c \ + cgroups/cgroup_utils.h commands.c commands.h commands_utils.c \ + commands_utils.h conf.c conf.h confile.c confile.h \ + confile_utils.c confile_utils.h error.c error.h file_utils.c \ + file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h memory_utils.h \ + monitor.c monitor.h namespace.c namespace.h network.c \ + network.h nl.c nl.h parse.c parse.h process_utils.c \ + process_utils.h ringbuf.c ringbuf.h start.c start.h state.c \ + state.h storage/btrfs.c storage/btrfs.h storage/dir.c \ + storage/dir.h storage/loop.c storage/loop.h storage/lvm.c \ + storage/lvm.h storage/nbd.c storage/nbd.h storage/overlay.c \ + storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ + storage/rsync.h storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ + storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ + syscall_numbers.h syscall_wrappers.h terminal.c terminal.h \ + utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h lsm/nop.c \ + lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_COMMANDS_TRUE@am_lxc_user_nic_OBJECTS = \ @ENABLE_COMMANDS_TRUE@ cmd/lxc_user_nic.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ log.$(OBJEXT) network.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ parse.$(OBJEXT) raw_syscalls.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ af_unix.$(OBJEXT) caps.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands_utils.$(OBJEXT) conf.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ @ENABLE_COMMANDS_TRUE@ file_utils.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ string_utils.$(OBJEXT) +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_COMMANDS_TRUE@ $(am__objects_23) lxc_user_nic_OBJECTS = $(am_lxc_user_nic_OBJECTS) lxc_user_nic_LDADD = $(LDADD) lxc_user_nic_DEPENDENCIES = liblxc.la -am__lxc_usernsexec_SOURCES_DIST = cmd/lxc_usernsexec.c conf.c conf.h \ - file_utils.c file_utils.h list.h log.c log.h macro.h \ - memory_utils.h string_utils.c string_utils.h \ - syscall_wrappers.h utils.c utils.h +am__lxc_usernsexec_SOURCES_DIST = cmd/lxc_usernsexec.c af_unix.c \ + af_unix.h caps.c caps.h cgroups/cgfsng.c cgroups/cgroup.c \ + cgroups/cgroup.h cgroups/cgroup2_devices.c \ + cgroups/cgroup2_devices.h cgroups/cgroup_utils.c \ + cgroups/cgroup_utils.h commands.c commands.h commands_utils.c \ + commands_utils.h conf.c conf.h confile.c confile.h \ + confile_utils.c confile_utils.h error.c error.h file_utils.c \ + file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h list.h \ + log.c log.h lxclock.c lxclock.h macro.h mainloop.c mainloop.h \ + memory_utils.h monitor.c monitor.h namespace.c namespace.h \ + network.c network.h nl.c nl.h parse.c parse.h process_utils.c \ + process_utils.h ringbuf.c ringbuf.h start.c start.h state.c \ + state.h storage/btrfs.c storage/btrfs.h storage/dir.c \ + storage/dir.h storage/loop.c storage/loop.h storage/lvm.c \ + storage/lvm.h storage/nbd.c storage/nbd.h storage/overlay.c \ + storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ + storage/rsync.h storage/storage.c storage/storage.h \ + storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ + storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ + syscall_wrappers.h terminal.c terminal.h utils.c utils.h \ + uuid.c uuid.h lsm/lsm.c lsm/lsm.h lsm/nop.c lsm/apparmor.c \ + lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_COMMANDS_TRUE@am_lxc_usernsexec_OBJECTS = \ @ENABLE_COMMANDS_TRUE@ cmd/lxc_usernsexec.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ conf.$(OBJEXT) file_utils.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ log.$(OBJEXT) string_utils.$(OBJEXT) \ -@ENABLE_COMMANDS_TRUE@ utils.$(OBJEXT) +@ENABLE_COMMANDS_TRUE@ af_unix.$(OBJEXT) caps.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ commands_utils.$(OBJEXT) conf.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_COMMANDS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_COMMANDS_TRUE@ $(am__objects_23) lxc_usernsexec_OBJECTS = $(am_lxc_usernsexec_OBJECTS) lxc_usernsexec_LDADD = $(LDADD) lxc_usernsexec_DEPENDENCIES = liblxc.la am__lxc_wait_SOURCES_DIST = tools/lxc_wait.c tools/arguments.c \ - tools/arguments.h + tools/arguments.h af_unix.c af_unix.h caps.c caps.h \ + cgroups/cgfsng.c cgroups/cgroup.c cgroups/cgroup.h \ + cgroups/cgroup2_devices.c cgroups/cgroup2_devices.h \ + cgroups/cgroup_utils.c cgroups/cgroup_utils.h commands.c \ + commands.h commands_utils.c commands_utils.h conf.c conf.h \ + confile.c confile.h confile_utils.c confile_utils.h error.c \ + error.h file_utils.c file_utils.h ../include/netns_ifaddrs.c \ + ../include/netns_ifaddrs.h initutils.c initutils.h log.c log.h \ + lxclock.c lxclock.h mainloop.c mainloop.h monitor.c monitor.h \ + namespace.c namespace.h network.c network.h nl.c nl.h parse.c \ + parse.h process_utils.c process_utils.h ringbuf.c ringbuf.h \ + start.c start.h state.c state.h storage/btrfs.c \ + storage/btrfs.h storage/dir.c storage/dir.h storage/loop.c \ + storage/loop.h storage/lvm.c storage/lvm.h storage/nbd.c \ + storage/nbd.h storage/overlay.c storage/overlay.h \ + storage/rbd.c storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h terminal.c \ + terminal.h utils.c utils.h uuid.c uuid.h lsm/lsm.c lsm/lsm.h \ + lsm/nop.c lsm/apparmor.c lsm/selinux.c seccomp.c lxcseccomp.h @ENABLE_TOOLS_TRUE@am_lxc_wait_OBJECTS = tools/lxc_wait.$(OBJEXT) \ -@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) +@ENABLE_TOOLS_TRUE@ tools/arguments.$(OBJEXT) af_unix.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ caps.$(OBJEXT) cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ commands.$(OBJEXT) commands_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ conf.$(OBJEXT) confile.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ confile_utils.$(OBJEXT) error.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ file_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ initutils.$(OBJEXT) log.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ lxclock.$(OBJEXT) mainloop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ monitor.$(OBJEXT) namespace.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ network.$(OBJEXT) nl.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ parse.$(OBJEXT) process_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ ringbuf.$(OBJEXT) start.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ state.$(OBJEXT) storage/btrfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/dir.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/loop.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/lvm.$(OBJEXT) storage/nbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/overlay.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rbd.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/rsync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ storage/zfs.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ string_utils.$(OBJEXT) sync.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ terminal.$(OBJEXT) utils.$(OBJEXT) \ +@ENABLE_TOOLS_TRUE@ uuid.$(OBJEXT) $(am__objects_20) \ +@ENABLE_TOOLS_TRUE@ $(am__objects_21) lxc_wait_OBJECTS = $(am_lxc_wait_OBJECTS) lxc_wait_LDADD = $(LDADD) lxc_wait_DEPENDENCIES = liblxc.la @@ -600,8 +1856,13 @@ ../include/$(DEPDIR)/netns_ifaddrs.Po \ ../include/$(DEPDIR)/pam_cgfs_la-strlcat.Plo \ ../include/$(DEPDIR)/pam_cgfs_la-strlcpy.Plo \ - ./$(DEPDIR)/af_unix.Po ./$(DEPDIR)/conf.Po \ - ./$(DEPDIR)/file_utils.Po ./$(DEPDIR)/init_lxc_static-caps.Po \ + ./$(DEPDIR)/af_unix.Po ./$(DEPDIR)/caps.Po \ + ./$(DEPDIR)/commands.Po ./$(DEPDIR)/commands_utils.Po \ + ./$(DEPDIR)/conf.Po ./$(DEPDIR)/confile.Po \ + ./$(DEPDIR)/confile_utils.Po ./$(DEPDIR)/error.Po \ + ./$(DEPDIR)/file_utils.Po \ + ./$(DEPDIR)/init_lxc_static-af_unix.Po \ + ./$(DEPDIR)/init_lxc_static-caps.Po \ ./$(DEPDIR)/init_lxc_static-error.Po \ ./$(DEPDIR)/init_lxc_static-file_utils.Po \ ./$(DEPDIR)/init_lxc_static-initutils.Po \ @@ -626,10 +1887,11 @@ ./$(DEPDIR)/liblxc_la-lxclock.Plo \ ./$(DEPDIR)/liblxc_la-mainloop.Plo \ ./$(DEPDIR)/liblxc_la-monitor.Plo \ + ./$(DEPDIR)/liblxc_la-mount_utils.Plo \ ./$(DEPDIR)/liblxc_la-namespace.Plo \ ./$(DEPDIR)/liblxc_la-network.Plo ./$(DEPDIR)/liblxc_la-nl.Plo \ ./$(DEPDIR)/liblxc_la-parse.Plo \ - ./$(DEPDIR)/liblxc_la-raw_syscalls.Plo \ + ./$(DEPDIR)/liblxc_la-process_utils.Plo \ ./$(DEPDIR)/liblxc_la-rexec.Plo \ ./$(DEPDIR)/liblxc_la-ringbuf.Plo \ ./$(DEPDIR)/liblxc_la-rtnl.Plo \ @@ -640,12 +1902,20 @@ ./$(DEPDIR)/liblxc_la-sync.Plo \ ./$(DEPDIR)/liblxc_la-terminal.Plo \ ./$(DEPDIR)/liblxc_la-utils.Plo ./$(DEPDIR)/liblxc_la-uuid.Plo \ - ./$(DEPDIR)/log.Po ./$(DEPDIR)/mainloop.Po \ - ./$(DEPDIR)/monitor.Po ./$(DEPDIR)/network.Po \ - ./$(DEPDIR)/pam_cgfs_la-file_utils.Plo \ + ./$(DEPDIR)/log.Po ./$(DEPDIR)/lxclock.Po \ + ./$(DEPDIR)/mainloop.Po ./$(DEPDIR)/monitor.Po \ + ./$(DEPDIR)/namespace.Po ./$(DEPDIR)/network.Po \ + ./$(DEPDIR)/nl.Po ./$(DEPDIR)/pam_cgfs_la-file_utils.Plo \ ./$(DEPDIR)/pam_cgfs_la-string_utils.Plo ./$(DEPDIR)/parse.Po \ - ./$(DEPDIR)/raw_syscalls.Po ./$(DEPDIR)/rexec.Po \ - ./$(DEPDIR)/string_utils.Po ./$(DEPDIR)/utils.Po \ + ./$(DEPDIR)/process_utils.Po ./$(DEPDIR)/rexec.Po \ + ./$(DEPDIR)/ringbuf.Po ./$(DEPDIR)/seccomp.Po \ + ./$(DEPDIR)/start.Po ./$(DEPDIR)/state.Po \ + ./$(DEPDIR)/string_utils.Po ./$(DEPDIR)/sync.Po \ + ./$(DEPDIR)/terminal.Po ./$(DEPDIR)/utils.Po \ + ./$(DEPDIR)/uuid.Po cgroups/$(DEPDIR)/cgfsng.Po \ + cgroups/$(DEPDIR)/cgroup.Po \ + cgroups/$(DEPDIR)/cgroup2_devices.Po \ + cgroups/$(DEPDIR)/cgroup_utils.Po \ cgroups/$(DEPDIR)/liblxc_la-cgfsng.Plo \ cgroups/$(DEPDIR)/liblxc_la-cgroup.Plo \ cgroups/$(DEPDIR)/liblxc_la-cgroup2_devices.Plo \ @@ -653,12 +1923,13 @@ cmd/$(DEPDIR)/init_lxc_static-lxc_init.Po \ cmd/$(DEPDIR)/lxc_init.Po cmd/$(DEPDIR)/lxc_monitord.Po \ cmd/$(DEPDIR)/lxc_user_nic.Po cmd/$(DEPDIR)/lxc_usernsexec.Po \ - lsm/$(DEPDIR)/liblxc_la-apparmor.Plo \ + lsm/$(DEPDIR)/apparmor.Po lsm/$(DEPDIR)/liblxc_la-apparmor.Plo \ lsm/$(DEPDIR)/liblxc_la-lsm.Plo \ lsm/$(DEPDIR)/liblxc_la-nop.Plo \ - lsm/$(DEPDIR)/liblxc_la-selinux.Plo \ - pam/$(DEPDIR)/cgfs_la-pam_cgfs.Plo \ - storage/$(DEPDIR)/liblxc_la-btrfs.Plo \ + lsm/$(DEPDIR)/liblxc_la-selinux.Plo lsm/$(DEPDIR)/lsm.Po \ + lsm/$(DEPDIR)/nop.Po lsm/$(DEPDIR)/selinux.Po \ + pam/$(DEPDIR)/cgfs_la-pam_cgfs.Plo storage/$(DEPDIR)/btrfs.Po \ + storage/$(DEPDIR)/dir.Po storage/$(DEPDIR)/liblxc_la-btrfs.Plo \ storage/$(DEPDIR)/liblxc_la-dir.Plo \ storage/$(DEPDIR)/liblxc_la-loop.Plo \ storage/$(DEPDIR)/liblxc_la-lvm.Plo \ @@ -668,8 +1939,11 @@ storage/$(DEPDIR)/liblxc_la-rsync.Plo \ storage/$(DEPDIR)/liblxc_la-storage.Plo \ storage/$(DEPDIR)/liblxc_la-storage_utils.Plo \ - storage/$(DEPDIR)/liblxc_la-zfs.Plo \ - storage/$(DEPDIR)/storage_utils.Po \ + storage/$(DEPDIR)/liblxc_la-zfs.Plo storage/$(DEPDIR)/loop.Po \ + storage/$(DEPDIR)/lvm.Po storage/$(DEPDIR)/nbd.Po \ + storage/$(DEPDIR)/overlay.Po storage/$(DEPDIR)/rbd.Po \ + storage/$(DEPDIR)/rsync.Po storage/$(DEPDIR)/storage.Po \ + storage/$(DEPDIR)/storage_utils.Po storage/$(DEPDIR)/zfs.Po \ tools/$(DEPDIR)/arguments.Po tools/$(DEPDIR)/lxc_attach.Po \ tools/$(DEPDIR)/lxc_autostart.Po tools/$(DEPDIR)/lxc_cgroup.Po \ tools/$(DEPDIR)/lxc_checkpoint.Po \ @@ -747,10 +2021,10 @@ cgroups/cgroup2_devices.h compiler.h conf.h confile.h \ confile_utils.h criu.h error.h file_utils.h \ ../include/netns_ifaddrs.h initutils.h list.h log.h lxc.h \ - lxclock.h macro.h memory_utils.h monitor.h namespace.h \ - raw_syscalls.h rexec.h start.h state.h storage/btrfs.h \ - storage/dir.h storage/loop.h storage/lvm.h storage/nbd.h \ - storage/overlay.h storage/rbd.h storage/rsync.h \ + lxclock.h macro.h memory_utils.h monitor.h mount_utils.h \ + namespace.h process_utils.h rexec.h start.h state.h \ + storage/btrfs.h storage/dir.h storage/loop.h storage/lvm.h \ + storage/nbd.h storage/overlay.h storage/rbd.h storage/rsync.h \ storage/storage.h storage/storage_utils.h storage/zfs.h \ string_utils.h syscall_numbers.h syscall_wrappers.h terminal.h \ ../tests/lxctest.h tools/arguments.h utils.h uuid.h \ @@ -965,18 +2239,18 @@ cgroups/cgroup_utils.h cgroups/cgroup2_devices.h compiler.h \ conf.h confile.h confile_utils.h criu.h error.h file_utils.h \ ../include/netns_ifaddrs.h initutils.h list.h log.h lxc.h \ - lxclock.h macro.h memory_utils.h monitor.h namespace.h \ - raw_syscalls.h rexec.h start.h state.h storage/btrfs.h \ - storage/dir.h storage/loop.h storage/lvm.h storage/nbd.h \ - storage/overlay.h storage/rbd.h storage/rsync.h \ + lxclock.h macro.h memory_utils.h monitor.h mount_utils.h \ + namespace.h process_utils.h rexec.h start.h state.h \ + storage/btrfs.h storage/dir.h storage/loop.h storage/lvm.h \ + storage/nbd.h storage/overlay.h storage/rbd.h storage/rsync.h \ storage/storage.h storage/storage_utils.h storage/zfs.h \ string_utils.h syscall_numbers.h syscall_wrappers.h terminal.h \ - ../tests/lxctest.h tools/arguments.h storage/storage_utils.h \ - utils.h uuid.h $(am__append_1) $(am__append_2) $(am__append_3) \ - $(am__append_4) $(am__append_5) + ../tests/lxctest.h tools/arguments.h utils.h uuid.h \ + $(am__append_1) $(am__append_2) $(am__append_3) \ + $(am__append_4) $(am__append_5) $(am__append_6) sodir = $(libdir) -LSM_SOURCES = lsm/lsm.c lsm/lsm.h lsm/nop.c $(am__append_6) \ - $(am__append_7) +LSM_SOURCES = lsm/lsm.c lsm/lsm.h lsm/nop.c $(am__append_7) \ + $(am__append_8) lib_LTLIBRARIES = liblxc.la liblxc_la_SOURCES = af_unix.c af_unix.h api_extensions.h attach.c \ attach.h caps.c caps.h cgroups/cgfsng.c cgroups/cgroup.c \ @@ -989,22 +2263,23 @@ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ initutils.c initutils.h list.h log.c log.h lxc.h \ lxccontainer.c lxccontainer.h lxclock.c lxclock.h lxcseccomp.h \ - macro.h memory_utils.h mainloop.c mainloop.h namespace.c \ - namespace.h nl.c nl.h network.c network.h monitor.c monitor.h \ - parse.c parse.h raw_syscalls.c raw_syscalls.h ringbuf.c \ - ringbuf.h rtnl.c rtnl.h state.c state.h start.c start.h \ - storage/btrfs.c storage/btrfs.h storage/dir.c storage/dir.h \ - storage/loop.c storage/loop.h storage/lvm.c storage/lvm.h \ - storage/nbd.c storage/nbd.h storage/overlay.c \ - storage/overlay.h storage/rbd.c storage/rbd.h storage/rsync.c \ - storage/rsync.h storage/storage.c storage/storage.h \ - storage/storage_utils.c storage/storage_utils.h storage/zfs.c \ - storage/zfs.h string_utils.c string_utils.h sync.c sync.h \ - syscall_numbers.h syscall_wrappers.h terminal.c utils.c \ - utils.h uuid.c uuid.h version.h $(LSM_SOURCES) $(am__append_8) \ - $(am__append_9) $(am__append_10) $(am__append_11) \ - $(am__append_12) $(am__append_13) $(am__append_14) \ - $(am__append_15) + macro.h memory_utils.h mainloop.c mainloop.h mount_utils.c \ + mount_utils.h namespace.c namespace.h network.c network.h nl.c \ + nl.h monitor.c monitor.h parse.c parse.h process_utils.c \ + process_utils.h ringbuf.c ringbuf.h rtnl.c rtnl.h state.c \ + state.h start.c start.h storage/btrfs.c storage/btrfs.h \ + storage/dir.c storage/dir.h storage/loop.c storage/loop.h \ + storage/lvm.c storage/lvm.h storage/nbd.c storage/nbd.h \ + storage/overlay.c storage/overlay.h storage/rbd.c \ + storage/rbd.h storage/rsync.c storage/rsync.h \ + storage/storage.c storage/storage.h storage/storage_utils.c \ + storage/storage_utils.h storage/zfs.c storage/zfs.h \ + string_utils.c string_utils.h sync.c sync.h syscall_numbers.h \ + syscall_wrappers.h terminal.c terminal.h utils.c utils.h \ + uuid.c uuid.h version.h $(LSM_SOURCES) $(am__append_9) \ + $(am__append_10) $(am__append_11) $(am__append_12) \ + $(am__append_13) $(am__append_14) $(am__append_15) \ + $(am__append_16) $(am__append_17) AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ -DLXCPATH=\"$(LXCPATH)\" \ -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ @@ -1020,12 +2295,12 @@ -DAPPARMOR_CACHE_DIR=\"$(APPARMOR_CACHE_DIR)\" -I \ $(top_srcdir)/src -I $(top_srcdir)/src/lxc -I \ $(top_srcdir)/src/lxc/storage -I $(top_srcdir)/src/lxc/cgroups \ - $(am__append_16) $(am__append_17) $(am__append_18) \ - $(am__append_19) $(am__append_20) $(am__append_21) + $(am__append_18) $(am__append_19) $(am__append_20) \ + $(am__append_21) $(am__append_22) $(am__append_23) # build the shared library liblxc_la_CFLAGS = -fPIC -DPIC $(AM_CFLAGS) $(LIBLXC_SANITIZER) \ - -pthread $(am__append_22) $(am__append_23) + -pthread $(am__append_24) $(am__append_25) liblxc_la_LDFLAGS = -pthread \ -Wl,-no-undefined \ -Wl,-soname,liblxc.so.$(firstword $(subst ., ,@LXC_ABI@)) \ @@ -1037,8 +2312,8 @@ $(SECCOMP_LIBS) \ $(DLOG_LIBS) -bin_SCRIPTS = $(am__append_24) -AM_LDFLAGS = -Wl,-E $(am__append_26) +bin_SCRIPTS = $(am__append_26) +AM_LDFLAGS = -Wl,-E $(am__append_28) LDADD = liblxc.la \ @CAP_LIBS@ \ @OPENSSL_LIBS@ \ @@ -1047,130 +2322,855 @@ @DLOG_LIBS@ @ENABLE_TOOLS_TRUE@lxc_attach_SOURCES = tools/lxc_attach.c \ -@ENABLE_TOOLS_TRUE@ rexec.c rexec.h \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h rexec.c rexec.h ringbuf.c \ +@ENABLE_TOOLS_TRUE@ ringbuf.h start.c start.h state.c state.h \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.c storage/btrfs.h \ +@ENABLE_TOOLS_TRUE@ storage/dir.c storage/dir.h storage/loop.c \ +@ENABLE_TOOLS_TRUE@ storage/loop.h storage/lvm.c storage/lvm.h \ +@ENABLE_TOOLS_TRUE@ storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_29) @ENABLE_TOOLS_TRUE@lxc_autostart_SOURCES = tools/lxc_autostart.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_30) @ENABLE_TOOLS_TRUE@lxc_cgroup_SOURCES = tools/lxc_cgroup.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_31) @ENABLE_TOOLS_TRUE@lxc_config_SOURCES = tools/lxc_config.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_32) @ENABLE_TOOLS_TRUE@lxc_console_SOURCES = tools/lxc_console.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_33) @ENABLE_TOOLS_TRUE@lxc_destroy_SOURCES = tools/lxc_destroy.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_34) @ENABLE_TOOLS_TRUE@lxc_device_SOURCES = tools/lxc_device.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_35) @ENABLE_TOOLS_TRUE@lxc_execute_SOURCES = tools/lxc_execute.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_36) @ENABLE_TOOLS_TRUE@lxc_freeze_SOURCES = tools/lxc_freeze.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_37) @ENABLE_TOOLS_TRUE@lxc_info_SOURCES = tools/lxc_info.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_38) @ENABLE_TOOLS_TRUE@lxc_monitor_SOURCES = tools/lxc_monitor.c \ -@ENABLE_TOOLS_TRUE@ macro.h \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - -@ENABLE_TOOLS_TRUE@lxc_ls_SOURCES = tools/lxc_ls.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ macro.h mainloop.c mainloop.h monitor.c \ +@ENABLE_TOOLS_TRUE@ monitor.h namespace.c namespace.h network.c \ +@ENABLE_TOOLS_TRUE@ network.h nl.c nl.h parse.c parse.h \ +@ENABLE_TOOLS_TRUE@ process_utils.c process_utils.h ringbuf.c \ +@ENABLE_TOOLS_TRUE@ ringbuf.h start.c start.h state.c state.h \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.c storage/btrfs.h \ +@ENABLE_TOOLS_TRUE@ storage/dir.c storage/dir.h storage/loop.c \ +@ENABLE_TOOLS_TRUE@ storage/loop.h storage/lvm.c storage/lvm.h \ +@ENABLE_TOOLS_TRUE@ storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_39) +@ENABLE_TOOLS_TRUE@lxc_ls_SOURCES = tools/lxc_ls.c tools/arguments.c \ +@ENABLE_TOOLS_TRUE@ tools/arguments.h af_unix.c af_unix.h \ +@ENABLE_TOOLS_TRUE@ caps.c caps.h cgroups/cgfsng.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.c cgroups/cgroup.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h memory_utils.h \ +@ENABLE_TOOLS_TRUE@ monitor.c monitor.h namespace.c namespace.h \ +@ENABLE_TOOLS_TRUE@ network.c network.h nl.c nl.h parse.c \ +@ENABLE_TOOLS_TRUE@ parse.h process_utils.c process_utils.h \ +@ENABLE_TOOLS_TRUE@ ringbuf.c ringbuf.h start.c start.h state.c \ +@ENABLE_TOOLS_TRUE@ state.h storage/btrfs.c storage/btrfs.h \ +@ENABLE_TOOLS_TRUE@ storage/dir.c storage/dir.h storage/loop.c \ +@ENABLE_TOOLS_TRUE@ storage/loop.h storage/lvm.c storage/lvm.h \ +@ENABLE_TOOLS_TRUE@ storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_40) @ENABLE_TOOLS_TRUE@lxc_copy_SOURCES = tools/lxc_copy.c \ @ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ -@ENABLE_TOOLS_TRUE@ storage/storage_utils.c \ -@ENABLE_TOOLS_TRUE@ storage/storage_utils.h $(am__append_27) +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_41) $(am__append_54) @ENABLE_TOOLS_TRUE@lxc_start_SOURCES = tools/lxc_start.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_42) @ENABLE_TOOLS_TRUE@lxc_stop_SOURCES = tools/lxc_stop.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - -@ENABLE_TOOLS_TRUE@lxc_top_SOURCES = tools/lxc_top.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_43) +@ENABLE_TOOLS_TRUE@lxc_top_SOURCES = tools/lxc_top.c tools/arguments.c \ +@ENABLE_TOOLS_TRUE@ tools/arguments.h af_unix.c af_unix.h \ +@ENABLE_TOOLS_TRUE@ caps.c caps.h cgroups/cgfsng.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.c cgroups/cgroup.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_44) @ENABLE_TOOLS_TRUE@lxc_unfreeze_SOURCES = tools/lxc_unfreeze.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_45) @ENABLE_TOOLS_TRUE@lxc_unshare_SOURCES = tools/lxc_unshare.c \ -@ENABLE_TOOLS_TRUE@ syscall_numbers.h \ -@ENABLE_TOOLS_TRUE@ syscall_wrappers.h \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h syscall_numbers.h \ +@ENABLE_TOOLS_TRUE@ syscall_wrappers.h terminal.c terminal.h \ +@ENABLE_TOOLS_TRUE@ utils.c utils.h uuid.c uuid.h \ +@ENABLE_TOOLS_TRUE@ $(LSM_SOURCES) $(am__append_46) @ENABLE_TOOLS_TRUE@lxc_wait_SOURCES = tools/lxc_wait.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_47) @ENABLE_TOOLS_TRUE@lxc_create_SOURCES = tools/lxc_create.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ -@ENABLE_TOOLS_TRUE@ storage/storage_utils.c storage/storage_utils.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_48) @ENABLE_TOOLS_TRUE@lxc_snapshot_SOURCES = tools/lxc_snapshot.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_49) @ENABLE_TOOLS_TRUE@lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c \ -@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h - +@ENABLE_TOOLS_TRUE@ tools/arguments.c tools/arguments.h \ +@ENABLE_TOOLS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup.h cgroups/cgroup2_devices.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_TOOLS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_TOOLS_TRUE@ commands.h commands_utils.c \ +@ENABLE_TOOLS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_TOOLS_TRUE@ confile.h confile_utils.c confile_utils.h \ +@ENABLE_TOOLS_TRUE@ error.c error.h file_utils.c file_utils.h \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TOOLS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_TOOLS_TRUE@ initutils.h log.c log.h lxclock.c lxclock.h \ +@ENABLE_TOOLS_TRUE@ mainloop.c mainloop.h monitor.c monitor.h \ +@ENABLE_TOOLS_TRUE@ namespace.c namespace.h network.c network.h \ +@ENABLE_TOOLS_TRUE@ nl.c nl.h parse.c parse.h process_utils.c \ +@ENABLE_TOOLS_TRUE@ process_utils.h ringbuf.c ringbuf.h start.c \ +@ENABLE_TOOLS_TRUE@ start.h state.c state.h storage/btrfs.c \ +@ENABLE_TOOLS_TRUE@ storage/btrfs.h storage/dir.c storage/dir.h \ +@ENABLE_TOOLS_TRUE@ storage/loop.c storage/loop.h storage/lvm.c \ +@ENABLE_TOOLS_TRUE@ storage/lvm.h storage/nbd.c storage/nbd.h \ +@ENABLE_TOOLS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_TOOLS_TRUE@ storage/rbd.c storage/rbd.h storage/rsync.c \ +@ENABLE_TOOLS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_TOOLS_TRUE@ storage/storage.h storage/storage_utils.c \ +@ENABLE_TOOLS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_TOOLS_TRUE@ storage/zfs.h string_utils.c string_utils.h \ +@ENABLE_TOOLS_TRUE@ sync.c sync.h terminal.c terminal.h utils.c \ +@ENABLE_TOOLS_TRUE@ utils.h uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_TOOLS_TRUE@ $(am__append_50) # Binaries shipping with liblxc @ENABLE_COMMANDS_TRUE@init_lxc_SOURCES = cmd/lxc_init.c \ -@ENABLE_COMMANDS_TRUE@ compiler.h \ -@ENABLE_COMMANDS_TRUE@ error.h \ +@ENABLE_COMMANDS_TRUE@ af_unix.c af_unix.h \ +@ENABLE_COMMANDS_TRUE@ caps.c caps.h \ +@ENABLE_COMMANDS_TRUE@ error.c error.h \ +@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ @ENABLE_COMMANDS_TRUE@ initutils.c initutils.h \ +@ENABLE_COMMANDS_TRUE@ log.c log.h \ +@ENABLE_COMMANDS_TRUE@ macro.h \ @ENABLE_COMMANDS_TRUE@ memory_utils.h \ -@ENABLE_COMMANDS_TRUE@ parse.c parse.h \ -@ENABLE_COMMANDS_TRUE@ raw_syscalls.c raw_syscalls.h \ -@ENABLE_COMMANDS_TRUE@ syscall_numbers.h \ +@ENABLE_COMMANDS_TRUE@ namespace.c namespace.h \ @ENABLE_COMMANDS_TRUE@ string_utils.c string_utils.h @ENABLE_COMMANDS_TRUE@init_lxc_LDFLAGS = -pthread @ENABLE_COMMANDS_TRUE@lxc_monitord_SOURCES = cmd/lxc_monitord.c \ -@ENABLE_COMMANDS_TRUE@ af_unix.c af_unix.h \ -@ENABLE_COMMANDS_TRUE@ log.c log.h \ -@ENABLE_COMMANDS_TRUE@ mainloop.c mainloop.h \ -@ENABLE_COMMANDS_TRUE@ monitor.c monitor.h \ -@ENABLE_COMMANDS_TRUE@ raw_syscalls.c raw_syscalls.h \ -@ENABLE_COMMANDS_TRUE@ syscall_numbers.h \ -@ENABLE_COMMANDS_TRUE@ utils.c utils.h - +@ENABLE_COMMANDS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_COMMANDS_TRUE@ commands.h commands_utils.c \ +@ENABLE_COMMANDS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_COMMANDS_TRUE@ confile.h confile_utils.c \ +@ENABLE_COMMANDS_TRUE@ confile_utils.h error.c error.h \ +@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_COMMANDS_TRUE@ initutils.h log.c log.h lxclock.c \ +@ENABLE_COMMANDS_TRUE@ lxclock.h mainloop.c mainloop.h \ +@ENABLE_COMMANDS_TRUE@ monitor.c monitor.h namespace.c \ +@ENABLE_COMMANDS_TRUE@ namespace.h network.c network.h nl.c \ +@ENABLE_COMMANDS_TRUE@ nl.h parse.c parse.h process_utils.c \ +@ENABLE_COMMANDS_TRUE@ process_utils.h ringbuf.c ringbuf.h \ +@ENABLE_COMMANDS_TRUE@ start.c start.h state.c state.h \ +@ENABLE_COMMANDS_TRUE@ storage/btrfs.c storage/btrfs.h \ +@ENABLE_COMMANDS_TRUE@ storage/dir.c storage/dir.h \ +@ENABLE_COMMANDS_TRUE@ storage/loop.c storage/loop.h \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.c storage/lvm.h \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.c storage/nbd.h \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.c storage/overlay.h \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.c storage/rbd.h \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.c storage/rsync.h \ +@ENABLE_COMMANDS_TRUE@ storage/storage.c storage/storage.h \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.c \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.h string_utils.c \ +@ENABLE_COMMANDS_TRUE@ string_utils.h sync.c sync.h \ +@ENABLE_COMMANDS_TRUE@ syscall_numbers.h terminal.c terminal.h \ +@ENABLE_COMMANDS_TRUE@ utils.c utils.h uuid.c uuid.h \ +@ENABLE_COMMANDS_TRUE@ $(LSM_SOURCES) $(am__append_51) @ENABLE_COMMANDS_TRUE@lxc_user_nic_SOURCES = cmd/lxc_user_nic.c \ -@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ -@ENABLE_COMMANDS_TRUE@ log.c log.h \ -@ENABLE_COMMANDS_TRUE@ memory_utils.h \ -@ENABLE_COMMANDS_TRUE@ network.c network.h \ -@ENABLE_COMMANDS_TRUE@ parse.c parse.h \ -@ENABLE_COMMANDS_TRUE@ raw_syscalls.c raw_syscalls.h \ -@ENABLE_COMMANDS_TRUE@ syscall_numbers.h \ -@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ -@ENABLE_COMMANDS_TRUE@ string_utils.c string_utils.h \ -@ENABLE_COMMANDS_TRUE@ syscall_wrappers.h - +@ENABLE_COMMANDS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_COMMANDS_TRUE@ commands.h commands_utils.c \ +@ENABLE_COMMANDS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_COMMANDS_TRUE@ confile.h confile_utils.c \ +@ENABLE_COMMANDS_TRUE@ confile_utils.h error.c error.h \ +@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_COMMANDS_TRUE@ initutils.h log.c log.h lxclock.c \ +@ENABLE_COMMANDS_TRUE@ lxclock.h mainloop.c mainloop.h \ +@ENABLE_COMMANDS_TRUE@ memory_utils.h monitor.c monitor.h \ +@ENABLE_COMMANDS_TRUE@ namespace.c namespace.h network.c \ +@ENABLE_COMMANDS_TRUE@ network.h nl.c nl.h parse.c parse.h \ +@ENABLE_COMMANDS_TRUE@ process_utils.c process_utils.h \ +@ENABLE_COMMANDS_TRUE@ ringbuf.c ringbuf.h start.c start.h \ +@ENABLE_COMMANDS_TRUE@ state.c state.h storage/btrfs.c \ +@ENABLE_COMMANDS_TRUE@ storage/btrfs.h storage/dir.c \ +@ENABLE_COMMANDS_TRUE@ storage/dir.h storage/loop.c \ +@ENABLE_COMMANDS_TRUE@ storage/loop.h storage/lvm.c \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.h storage/nbd.c \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.h storage/overlay.c \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.h storage/rbd.c \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.h storage/rsync.c \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_COMMANDS_TRUE@ storage/storage.h \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.c \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.h string_utils.c \ +@ENABLE_COMMANDS_TRUE@ string_utils.h sync.c sync.h \ +@ENABLE_COMMANDS_TRUE@ syscall_numbers.h syscall_wrappers.h \ +@ENABLE_COMMANDS_TRUE@ terminal.c terminal.h utils.c utils.h \ +@ENABLE_COMMANDS_TRUE@ uuid.c uuid.h $(LSM_SOURCES) \ +@ENABLE_COMMANDS_TRUE@ $(am__append_52) @ENABLE_COMMANDS_TRUE@lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c \ -@ENABLE_COMMANDS_TRUE@ conf.c conf.h \ -@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ -@ENABLE_COMMANDS_TRUE@ list.h \ -@ENABLE_COMMANDS_TRUE@ log.c log.h \ -@ENABLE_COMMANDS_TRUE@ macro.h \ -@ENABLE_COMMANDS_TRUE@ memory_utils.h \ -@ENABLE_COMMANDS_TRUE@ string_utils.c string_utils.h \ -@ENABLE_COMMANDS_TRUE@ syscall_wrappers.h \ -@ENABLE_COMMANDS_TRUE@ utils.c utils.h - +@ENABLE_COMMANDS_TRUE@ af_unix.c af_unix.h caps.c caps.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgfsng.c cgroups/cgroup.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup2_devices.h \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.c \ +@ENABLE_COMMANDS_TRUE@ cgroups/cgroup_utils.h commands.c \ +@ENABLE_COMMANDS_TRUE@ commands.h commands_utils.c \ +@ENABLE_COMMANDS_TRUE@ commands_utils.h conf.c conf.h confile.c \ +@ENABLE_COMMANDS_TRUE@ confile.h confile_utils.c \ +@ENABLE_COMMANDS_TRUE@ confile_utils.h error.c error.h \ +@ENABLE_COMMANDS_TRUE@ file_utils.c file_utils.h \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_COMMANDS_TRUE@ ../include/netns_ifaddrs.h initutils.c \ +@ENABLE_COMMANDS_TRUE@ initutils.h list.h log.c log.h lxclock.c \ +@ENABLE_COMMANDS_TRUE@ lxclock.h macro.h mainloop.c mainloop.h \ +@ENABLE_COMMANDS_TRUE@ memory_utils.h monitor.c monitor.h \ +@ENABLE_COMMANDS_TRUE@ namespace.c namespace.h network.c \ +@ENABLE_COMMANDS_TRUE@ network.h nl.c nl.h parse.c parse.h \ +@ENABLE_COMMANDS_TRUE@ process_utils.c process_utils.h \ +@ENABLE_COMMANDS_TRUE@ ringbuf.c ringbuf.h start.c start.h \ +@ENABLE_COMMANDS_TRUE@ state.c state.h storage/btrfs.c \ +@ENABLE_COMMANDS_TRUE@ storage/btrfs.h storage/dir.c \ +@ENABLE_COMMANDS_TRUE@ storage/dir.h storage/loop.c \ +@ENABLE_COMMANDS_TRUE@ storage/loop.h storage/lvm.c \ +@ENABLE_COMMANDS_TRUE@ storage/lvm.h storage/nbd.c \ +@ENABLE_COMMANDS_TRUE@ storage/nbd.h storage/overlay.c \ +@ENABLE_COMMANDS_TRUE@ storage/overlay.h storage/rbd.c \ +@ENABLE_COMMANDS_TRUE@ storage/rbd.h storage/rsync.c \ +@ENABLE_COMMANDS_TRUE@ storage/rsync.h storage/storage.c \ +@ENABLE_COMMANDS_TRUE@ storage/storage.h \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.c \ +@ENABLE_COMMANDS_TRUE@ storage/storage_utils.h storage/zfs.c \ +@ENABLE_COMMANDS_TRUE@ storage/zfs.h string_utils.c \ +@ENABLE_COMMANDS_TRUE@ string_utils.h sync.c sync.h \ +@ENABLE_COMMANDS_TRUE@ syscall_wrappers.h terminal.c terminal.h \ +@ENABLE_COMMANDS_TRUE@ utils.c utils.h uuid.c uuid.h \ +@ENABLE_COMMANDS_TRUE@ $(LSM_SOURCES) $(am__append_53) @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@init_lxc_static_SOURCES = \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ cmd/lxc_init.c \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ af_unix.c \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ af_unix.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ caps.c caps.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ error.c error.h \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ initutils.c \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ initutils.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ file_utils.c \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ file_utils.h \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ initutils.c \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ initutils.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ log.c log.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ macro.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ memory_utils.h \ @@ -1178,9 +3178,9 @@ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ namespace.h \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ string_utils.c \ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ string_utils.h \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_29) \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_30) \ -@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_31) +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_56) \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_57) \ +@ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@ $(am__append_58) @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@init_lxc_static_LDFLAGS = -all-static -pthread @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@init_lxc_static_LDADD = @CAP_LIBS@ @ENABLE_COMMANDS_TRUE@@HAVE_STATIC_LIBCAP_TRUE@init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF @@ -1189,8 +3189,8 @@ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ file_utils.c file_utils.h \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ macro.h memory_utils.h \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ string_utils.c string_utils.h \ -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__append_32) \ -@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__append_33) +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__append_59) \ +@ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(am__append_60) @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@pam_cgfs_la_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@pam_cgfs_la_LIBADD = $(AM_LIBS) \ @ENABLE_PAM_TRUE@@HAVE_PAM_TRUE@ $(PAM_LIBS) \ @@ -1592,6 +3592,44 @@ tools/$(DEPDIR)/$(am__dirstamp) tools/arguments.$(OBJEXT): tools/$(am__dirstamp) \ tools/$(DEPDIR)/$(am__dirstamp) +cgroups/cgfsng.$(OBJEXT): cgroups/$(am__dirstamp) \ + cgroups/$(DEPDIR)/$(am__dirstamp) +cgroups/cgroup.$(OBJEXT): cgroups/$(am__dirstamp) \ + cgroups/$(DEPDIR)/$(am__dirstamp) +cgroups/cgroup2_devices.$(OBJEXT): cgroups/$(am__dirstamp) \ + cgroups/$(DEPDIR)/$(am__dirstamp) +cgroups/cgroup_utils.$(OBJEXT): cgroups/$(am__dirstamp) \ + cgroups/$(DEPDIR)/$(am__dirstamp) +../include/netns_ifaddrs.$(OBJEXT): ../include/$(am__dirstamp) \ + ../include/$(DEPDIR)/$(am__dirstamp) +storage/btrfs.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/dir.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/loop.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/lvm.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/nbd.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/overlay.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/rbd.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/rsync.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/storage.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/storage_utils.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +storage/zfs.$(OBJEXT): storage/$(am__dirstamp) \ + storage/$(DEPDIR)/$(am__dirstamp) +lsm/lsm.$(OBJEXT): lsm/$(am__dirstamp) lsm/$(DEPDIR)/$(am__dirstamp) +lsm/nop.$(OBJEXT): lsm/$(am__dirstamp) lsm/$(DEPDIR)/$(am__dirstamp) +lsm/apparmor.$(OBJEXT): lsm/$(am__dirstamp) \ + lsm/$(DEPDIR)/$(am__dirstamp) +lsm/selinux.$(OBJEXT): lsm/$(am__dirstamp) \ + lsm/$(DEPDIR)/$(am__dirstamp) lxc-attach$(EXEEXT): $(lxc_attach_OBJECTS) $(lxc_attach_DEPENDENCIES) $(EXTRA_lxc_attach_DEPENDENCIES) @rm -f lxc-attach$(EXEEXT) @@ -1628,8 +3666,6 @@ $(AM_V_CCLD)$(LINK) $(lxc_console_OBJECTS) $(lxc_console_LDADD) $(LIBS) tools/lxc_copy.$(OBJEXT): tools/$(am__dirstamp) \ tools/$(DEPDIR)/$(am__dirstamp) -storage/storage_utils.$(OBJEXT): storage/$(am__dirstamp) \ - storage/$(DEPDIR)/$(am__dirstamp) tools/include/$(am__dirstamp): @$(MKDIR_P) tools/include @: > tools/include/$(am__dirstamp) @@ -1734,8 +3770,6 @@ $(AM_V_CCLD)$(LINK) $(lxc_unshare_OBJECTS) $(lxc_unshare_LDADD) $(LIBS) cmd/lxc_user_nic.$(OBJEXT): cmd/$(am__dirstamp) \ cmd/$(DEPDIR)/$(am__dirstamp) -../include/netns_ifaddrs.$(OBJEXT): ../include/$(am__dirstamp) \ - ../include/$(DEPDIR)/$(am__dirstamp) lxc-user-nic$(EXEEXT): $(lxc_user_nic_OBJECTS) $(lxc_user_nic_DEPENDENCIES) $(EXTRA_lxc_user_nic_DEPENDENCIES) @rm -f lxc-user-nic$(EXEEXT) @@ -1823,8 +3857,15 @@ @AMDEP_TRUE@@am__include@ @am__quote@../include/$(DEPDIR)/pam_cgfs_la-strlcat.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@../include/$(DEPDIR)/pam_cgfs_la-strlcpy.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/af_unix.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/caps.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/commands.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/commands_utils.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/conf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confile.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/confile_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/error.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/file_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_lxc_static-af_unix.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_lxc_static-caps.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_lxc_static-error.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/init_lxc_static-file_utils.Po@am__quote@ # am--include-marker @@ -1852,11 +3893,12 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-lxclock.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-mainloop.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-monitor.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-mount_utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-namespace.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-network.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-nl.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-parse.Plo@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-raw_syscalls.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-process_utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-rexec.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-ringbuf.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-rtnl.Plo@am__quote@ # am--include-marker @@ -1869,16 +3911,30 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/liblxc_la-uuid.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/log.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/lxclock.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/mainloop.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/monitor.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/namespace.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/network.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nl.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cgfs_la-file_utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/pam_cgfs_la-string_utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/parse.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/raw_syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/process_utils.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/rexec.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/ringbuf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/start.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/state.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/string_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sync.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/terminal.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/uuid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/cgfsng.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/cgroup.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/cgroup2_devices.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/cgroup_utils.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/liblxc_la-cgfsng.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/liblxc_la-cgroup.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cgroups/$(DEPDIR)/liblxc_la-cgroup2_devices.Plo@am__quote@ # am--include-marker @@ -1888,11 +3944,17 @@ @AMDEP_TRUE@@am__include@ @am__quote@cmd/$(DEPDIR)/lxc_monitord.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmd/$(DEPDIR)/lxc_user_nic.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@cmd/$(DEPDIR)/lxc_usernsexec.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/apparmor.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/liblxc_la-apparmor.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/liblxc_la-lsm.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/liblxc_la-nop.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/liblxc_la-selinux.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/lsm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/nop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@lsm/$(DEPDIR)/selinux.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@pam/$(DEPDIR)/cgfs_la-pam_cgfs.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/btrfs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/dir.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-btrfs.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-dir.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-loop.Plo@am__quote@ # am--include-marker @@ -1904,7 +3966,15 @@ @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-storage.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-storage_utils.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/liblxc_la-zfs.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/loop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/lvm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/nbd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/overlay.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/rbd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/rsync.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/storage.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/storage_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@storage/$(DEPDIR)/zfs.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@tools/$(DEPDIR)/arguments.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@tools/$(DEPDIR)/lxc_attach.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@tools/$(DEPDIR)/lxc_autostart.Po@am__quote@ # am--include-marker @@ -2121,6 +4191,13 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-mainloop.lo `test -f 'mainloop.c' || echo '$(srcdir)/'`mainloop.c +liblxc_la-mount_utils.lo: mount_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-mount_utils.lo -MD -MP -MF $(DEPDIR)/liblxc_la-mount_utils.Tpo -c -o liblxc_la-mount_utils.lo `test -f 'mount_utils.c' || echo '$(srcdir)/'`mount_utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-mount_utils.Tpo $(DEPDIR)/liblxc_la-mount_utils.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='mount_utils.c' object='liblxc_la-mount_utils.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-mount_utils.lo `test -f 'mount_utils.c' || echo '$(srcdir)/'`mount_utils.c + liblxc_la-namespace.lo: namespace.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-namespace.lo -MD -MP -MF $(DEPDIR)/liblxc_la-namespace.Tpo -c -o liblxc_la-namespace.lo `test -f 'namespace.c' || echo '$(srcdir)/'`namespace.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-namespace.Tpo $(DEPDIR)/liblxc_la-namespace.Plo @@ -2128,13 +4205,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-namespace.lo `test -f 'namespace.c' || echo '$(srcdir)/'`namespace.c -liblxc_la-nl.lo: nl.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-nl.lo -MD -MP -MF $(DEPDIR)/liblxc_la-nl.Tpo -c -o liblxc_la-nl.lo `test -f 'nl.c' || echo '$(srcdir)/'`nl.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-nl.Tpo $(DEPDIR)/liblxc_la-nl.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nl.c' object='liblxc_la-nl.lo' libtool=yes @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-nl.lo `test -f 'nl.c' || echo '$(srcdir)/'`nl.c - liblxc_la-network.lo: network.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-network.lo -MD -MP -MF $(DEPDIR)/liblxc_la-network.Tpo -c -o liblxc_la-network.lo `test -f 'network.c' || echo '$(srcdir)/'`network.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-network.Tpo $(DEPDIR)/liblxc_la-network.Plo @@ -2142,6 +4212,13 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-network.lo `test -f 'network.c' || echo '$(srcdir)/'`network.c +liblxc_la-nl.lo: nl.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-nl.lo -MD -MP -MF $(DEPDIR)/liblxc_la-nl.Tpo -c -o liblxc_la-nl.lo `test -f 'nl.c' || echo '$(srcdir)/'`nl.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-nl.Tpo $(DEPDIR)/liblxc_la-nl.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='nl.c' object='liblxc_la-nl.lo' libtool=yes @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-nl.lo `test -f 'nl.c' || echo '$(srcdir)/'`nl.c + liblxc_la-monitor.lo: monitor.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-monitor.lo -MD -MP -MF $(DEPDIR)/liblxc_la-monitor.Tpo -c -o liblxc_la-monitor.lo `test -f 'monitor.c' || echo '$(srcdir)/'`monitor.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-monitor.Tpo $(DEPDIR)/liblxc_la-monitor.Plo @@ -2156,12 +4233,12 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-parse.lo `test -f 'parse.c' || echo '$(srcdir)/'`parse.c -liblxc_la-raw_syscalls.lo: raw_syscalls.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-raw_syscalls.lo -MD -MP -MF $(DEPDIR)/liblxc_la-raw_syscalls.Tpo -c -o liblxc_la-raw_syscalls.lo `test -f 'raw_syscalls.c' || echo '$(srcdir)/'`raw_syscalls.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-raw_syscalls.Tpo $(DEPDIR)/liblxc_la-raw_syscalls.Plo -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='raw_syscalls.c' object='liblxc_la-raw_syscalls.lo' libtool=yes @AMDEPBACKSLASH@ +liblxc_la-process_utils.lo: process_utils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-process_utils.lo -MD -MP -MF $(DEPDIR)/liblxc_la-process_utils.Tpo -c -o liblxc_la-process_utils.lo `test -f 'process_utils.c' || echo '$(srcdir)/'`process_utils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/liblxc_la-process_utils.Tpo $(DEPDIR)/liblxc_la-process_utils.Plo +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='process_utils.c' object='liblxc_la-process_utils.lo' libtool=yes @AMDEPBACKSLASH@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-raw_syscalls.lo `test -f 'raw_syscalls.c' || echo '$(srcdir)/'`raw_syscalls.c +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -c -o liblxc_la-process_utils.lo `test -f 'process_utils.c' || echo '$(srcdir)/'`process_utils.c liblxc_la-ringbuf.lo: ringbuf.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(LIBTOOL) $(AM_V_lt) --tag=CC $(AM_LIBTOOLFLAGS) $(LIBTOOLFLAGS) --mode=compile $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(liblxc_la_CFLAGS) $(CFLAGS) -MT liblxc_la-ringbuf.lo -MD -MP -MF $(DEPDIR)/liblxc_la-ringbuf.Tpo -c -o liblxc_la-ringbuf.lo `test -f 'ringbuf.c' || echo '$(srcdir)/'`ringbuf.c @@ -2450,6 +4527,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o cmd/init_lxc_static-lxc_init.obj `if test -f 'cmd/lxc_init.c'; then $(CYGPATH_W) 'cmd/lxc_init.c'; else $(CYGPATH_W) '$(srcdir)/cmd/lxc_init.c'; fi` +init_lxc_static-af_unix.o: af_unix.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-af_unix.o -MD -MP -MF $(DEPDIR)/init_lxc_static-af_unix.Tpo -c -o init_lxc_static-af_unix.o `test -f 'af_unix.c' || echo '$(srcdir)/'`af_unix.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-af_unix.Tpo $(DEPDIR)/init_lxc_static-af_unix.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='af_unix.c' object='init_lxc_static-af_unix.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-af_unix.o `test -f 'af_unix.c' || echo '$(srcdir)/'`af_unix.c + +init_lxc_static-af_unix.obj: af_unix.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-af_unix.obj -MD -MP -MF $(DEPDIR)/init_lxc_static-af_unix.Tpo -c -o init_lxc_static-af_unix.obj `if test -f 'af_unix.c'; then $(CYGPATH_W) 'af_unix.c'; else $(CYGPATH_W) '$(srcdir)/af_unix.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-af_unix.Tpo $(DEPDIR)/init_lxc_static-af_unix.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='af_unix.c' object='init_lxc_static-af_unix.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-af_unix.obj `if test -f 'af_unix.c'; then $(CYGPATH_W) 'af_unix.c'; else $(CYGPATH_W) '$(srcdir)/af_unix.c'; fi` + init_lxc_static-caps.o: caps.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-caps.o -MD -MP -MF $(DEPDIR)/init_lxc_static-caps.Tpo -c -o init_lxc_static-caps.o `test -f 'caps.c' || echo '$(srcdir)/'`caps.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-caps.Tpo $(DEPDIR)/init_lxc_static-caps.Po @@ -2478,20 +4569,6 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-error.obj `if test -f 'error.c'; then $(CYGPATH_W) 'error.c'; else $(CYGPATH_W) '$(srcdir)/error.c'; fi` -init_lxc_static-initutils.o: initutils.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-initutils.o -MD -MP -MF $(DEPDIR)/init_lxc_static-initutils.Tpo -c -o init_lxc_static-initutils.o `test -f 'initutils.c' || echo '$(srcdir)/'`initutils.c -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-initutils.Tpo $(DEPDIR)/init_lxc_static-initutils.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='initutils.c' object='init_lxc_static-initutils.o' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-initutils.o `test -f 'initutils.c' || echo '$(srcdir)/'`initutils.c - -init_lxc_static-initutils.obj: initutils.c -@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-initutils.obj -MD -MP -MF $(DEPDIR)/init_lxc_static-initutils.Tpo -c -o init_lxc_static-initutils.obj `if test -f 'initutils.c'; then $(CYGPATH_W) 'initutils.c'; else $(CYGPATH_W) '$(srcdir)/initutils.c'; fi` -@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-initutils.Tpo $(DEPDIR)/init_lxc_static-initutils.Po -@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='initutils.c' object='init_lxc_static-initutils.obj' libtool=no @AMDEPBACKSLASH@ -@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ -@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-initutils.obj `if test -f 'initutils.c'; then $(CYGPATH_W) 'initutils.c'; else $(CYGPATH_W) '$(srcdir)/initutils.c'; fi` - init_lxc_static-file_utils.o: file_utils.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-file_utils.o -MD -MP -MF $(DEPDIR)/init_lxc_static-file_utils.Tpo -c -o init_lxc_static-file_utils.o `test -f 'file_utils.c' || echo '$(srcdir)/'`file_utils.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-file_utils.Tpo $(DEPDIR)/init_lxc_static-file_utils.Po @@ -2506,6 +4583,20 @@ @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-file_utils.obj `if test -f 'file_utils.c'; then $(CYGPATH_W) 'file_utils.c'; else $(CYGPATH_W) '$(srcdir)/file_utils.c'; fi` +init_lxc_static-initutils.o: initutils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-initutils.o -MD -MP -MF $(DEPDIR)/init_lxc_static-initutils.Tpo -c -o init_lxc_static-initutils.o `test -f 'initutils.c' || echo '$(srcdir)/'`initutils.c +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-initutils.Tpo $(DEPDIR)/init_lxc_static-initutils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='initutils.c' object='init_lxc_static-initutils.o' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-initutils.o `test -f 'initutils.c' || echo '$(srcdir)/'`initutils.c + +init_lxc_static-initutils.obj: initutils.c +@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-initutils.obj -MD -MP -MF $(DEPDIR)/init_lxc_static-initutils.Tpo -c -o init_lxc_static-initutils.obj `if test -f 'initutils.c'; then $(CYGPATH_W) 'initutils.c'; else $(CYGPATH_W) '$(srcdir)/initutils.c'; fi` +@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-initutils.Tpo $(DEPDIR)/init_lxc_static-initutils.Po +@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='initutils.c' object='init_lxc_static-initutils.obj' libtool=no @AMDEPBACKSLASH@ +@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@ +@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -c -o init_lxc_static-initutils.obj `if test -f 'initutils.c'; then $(CYGPATH_W) 'initutils.c'; else $(CYGPATH_W) '$(srcdir)/initutils.c'; fi` + init_lxc_static-log.o: log.c @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) $(CPPFLAGS) $(init_lxc_static_CFLAGS) $(CFLAGS) -MT init_lxc_static-log.o -MD -MP -MF $(DEPDIR)/init_lxc_static-log.Tpo -c -o init_lxc_static-log.o `test -f 'log.c' || echo '$(srcdir)/'`log.c @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) $(DEPDIR)/init_lxc_static-log.Tpo $(DEPDIR)/init_lxc_static-log.Po @@ -2788,8 +4879,15 @@ -rm -f ../include/$(DEPDIR)/pam_cgfs_la-strlcat.Plo -rm -f ../include/$(DEPDIR)/pam_cgfs_la-strlcpy.Plo -rm -f ./$(DEPDIR)/af_unix.Po + -rm -f ./$(DEPDIR)/caps.Po + -rm -f ./$(DEPDIR)/commands.Po + -rm -f ./$(DEPDIR)/commands_utils.Po -rm -f ./$(DEPDIR)/conf.Po + -rm -f ./$(DEPDIR)/confile.Po + -rm -f ./$(DEPDIR)/confile_utils.Po + -rm -f ./$(DEPDIR)/error.Po -rm -f ./$(DEPDIR)/file_utils.Po + -rm -f ./$(DEPDIR)/init_lxc_static-af_unix.Po -rm -f ./$(DEPDIR)/init_lxc_static-caps.Po -rm -f ./$(DEPDIR)/init_lxc_static-error.Po -rm -f ./$(DEPDIR)/init_lxc_static-file_utils.Po @@ -2817,11 +4915,12 @@ -rm -f ./$(DEPDIR)/liblxc_la-lxclock.Plo -rm -f ./$(DEPDIR)/liblxc_la-mainloop.Plo -rm -f ./$(DEPDIR)/liblxc_la-monitor.Plo + -rm -f ./$(DEPDIR)/liblxc_la-mount_utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-namespace.Plo -rm -f ./$(DEPDIR)/liblxc_la-network.Plo -rm -f ./$(DEPDIR)/liblxc_la-nl.Plo -rm -f ./$(DEPDIR)/liblxc_la-parse.Plo - -rm -f ./$(DEPDIR)/liblxc_la-raw_syscalls.Plo + -rm -f ./$(DEPDIR)/liblxc_la-process_utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-rexec.Plo -rm -f ./$(DEPDIR)/liblxc_la-ringbuf.Plo -rm -f ./$(DEPDIR)/liblxc_la-rtnl.Plo @@ -2834,16 +4933,30 @@ -rm -f ./$(DEPDIR)/liblxc_la-utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-uuid.Plo -rm -f ./$(DEPDIR)/log.Po + -rm -f ./$(DEPDIR)/lxclock.Po -rm -f ./$(DEPDIR)/mainloop.Po -rm -f ./$(DEPDIR)/monitor.Po + -rm -f ./$(DEPDIR)/namespace.Po -rm -f ./$(DEPDIR)/network.Po + -rm -f ./$(DEPDIR)/nl.Po -rm -f ./$(DEPDIR)/pam_cgfs_la-file_utils.Plo -rm -f ./$(DEPDIR)/pam_cgfs_la-string_utils.Plo -rm -f ./$(DEPDIR)/parse.Po - -rm -f ./$(DEPDIR)/raw_syscalls.Po + -rm -f ./$(DEPDIR)/process_utils.Po -rm -f ./$(DEPDIR)/rexec.Po + -rm -f ./$(DEPDIR)/ringbuf.Po + -rm -f ./$(DEPDIR)/seccomp.Po + -rm -f ./$(DEPDIR)/start.Po + -rm -f ./$(DEPDIR)/state.Po -rm -f ./$(DEPDIR)/string_utils.Po + -rm -f ./$(DEPDIR)/sync.Po + -rm -f ./$(DEPDIR)/terminal.Po -rm -f ./$(DEPDIR)/utils.Po + -rm -f ./$(DEPDIR)/uuid.Po + -rm -f cgroups/$(DEPDIR)/cgfsng.Po + -rm -f cgroups/$(DEPDIR)/cgroup.Po + -rm -f cgroups/$(DEPDIR)/cgroup2_devices.Po + -rm -f cgroups/$(DEPDIR)/cgroup_utils.Po -rm -f cgroups/$(DEPDIR)/liblxc_la-cgfsng.Plo -rm -f cgroups/$(DEPDIR)/liblxc_la-cgroup.Plo -rm -f cgroups/$(DEPDIR)/liblxc_la-cgroup2_devices.Plo @@ -2853,11 +4966,17 @@ -rm -f cmd/$(DEPDIR)/lxc_monitord.Po -rm -f cmd/$(DEPDIR)/lxc_user_nic.Po -rm -f cmd/$(DEPDIR)/lxc_usernsexec.Po + -rm -f lsm/$(DEPDIR)/apparmor.Po -rm -f lsm/$(DEPDIR)/liblxc_la-apparmor.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-lsm.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-nop.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-selinux.Plo + -rm -f lsm/$(DEPDIR)/lsm.Po + -rm -f lsm/$(DEPDIR)/nop.Po + -rm -f lsm/$(DEPDIR)/selinux.Po -rm -f pam/$(DEPDIR)/cgfs_la-pam_cgfs.Plo + -rm -f storage/$(DEPDIR)/btrfs.Po + -rm -f storage/$(DEPDIR)/dir.Po -rm -f storage/$(DEPDIR)/liblxc_la-btrfs.Plo -rm -f storage/$(DEPDIR)/liblxc_la-dir.Plo -rm -f storage/$(DEPDIR)/liblxc_la-loop.Plo @@ -2869,7 +4988,15 @@ -rm -f storage/$(DEPDIR)/liblxc_la-storage.Plo -rm -f storage/$(DEPDIR)/liblxc_la-storage_utils.Plo -rm -f storage/$(DEPDIR)/liblxc_la-zfs.Plo + -rm -f storage/$(DEPDIR)/loop.Po + -rm -f storage/$(DEPDIR)/lvm.Po + -rm -f storage/$(DEPDIR)/nbd.Po + -rm -f storage/$(DEPDIR)/overlay.Po + -rm -f storage/$(DEPDIR)/rbd.Po + -rm -f storage/$(DEPDIR)/rsync.Po + -rm -f storage/$(DEPDIR)/storage.Po -rm -f storage/$(DEPDIR)/storage_utils.Po + -rm -f storage/$(DEPDIR)/zfs.Po -rm -f tools/$(DEPDIR)/arguments.Po -rm -f tools/$(DEPDIR)/lxc_attach.Po -rm -f tools/$(DEPDIR)/lxc_autostart.Po @@ -2959,8 +5086,15 @@ -rm -f ../include/$(DEPDIR)/pam_cgfs_la-strlcat.Plo -rm -f ../include/$(DEPDIR)/pam_cgfs_la-strlcpy.Plo -rm -f ./$(DEPDIR)/af_unix.Po + -rm -f ./$(DEPDIR)/caps.Po + -rm -f ./$(DEPDIR)/commands.Po + -rm -f ./$(DEPDIR)/commands_utils.Po -rm -f ./$(DEPDIR)/conf.Po + -rm -f ./$(DEPDIR)/confile.Po + -rm -f ./$(DEPDIR)/confile_utils.Po + -rm -f ./$(DEPDIR)/error.Po -rm -f ./$(DEPDIR)/file_utils.Po + -rm -f ./$(DEPDIR)/init_lxc_static-af_unix.Po -rm -f ./$(DEPDIR)/init_lxc_static-caps.Po -rm -f ./$(DEPDIR)/init_lxc_static-error.Po -rm -f ./$(DEPDIR)/init_lxc_static-file_utils.Po @@ -2988,11 +5122,12 @@ -rm -f ./$(DEPDIR)/liblxc_la-lxclock.Plo -rm -f ./$(DEPDIR)/liblxc_la-mainloop.Plo -rm -f ./$(DEPDIR)/liblxc_la-monitor.Plo + -rm -f ./$(DEPDIR)/liblxc_la-mount_utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-namespace.Plo -rm -f ./$(DEPDIR)/liblxc_la-network.Plo -rm -f ./$(DEPDIR)/liblxc_la-nl.Plo -rm -f ./$(DEPDIR)/liblxc_la-parse.Plo - -rm -f ./$(DEPDIR)/liblxc_la-raw_syscalls.Plo + -rm -f ./$(DEPDIR)/liblxc_la-process_utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-rexec.Plo -rm -f ./$(DEPDIR)/liblxc_la-ringbuf.Plo -rm -f ./$(DEPDIR)/liblxc_la-rtnl.Plo @@ -3005,16 +5140,30 @@ -rm -f ./$(DEPDIR)/liblxc_la-utils.Plo -rm -f ./$(DEPDIR)/liblxc_la-uuid.Plo -rm -f ./$(DEPDIR)/log.Po + -rm -f ./$(DEPDIR)/lxclock.Po -rm -f ./$(DEPDIR)/mainloop.Po -rm -f ./$(DEPDIR)/monitor.Po + -rm -f ./$(DEPDIR)/namespace.Po -rm -f ./$(DEPDIR)/network.Po + -rm -f ./$(DEPDIR)/nl.Po -rm -f ./$(DEPDIR)/pam_cgfs_la-file_utils.Plo -rm -f ./$(DEPDIR)/pam_cgfs_la-string_utils.Plo -rm -f ./$(DEPDIR)/parse.Po - -rm -f ./$(DEPDIR)/raw_syscalls.Po + -rm -f ./$(DEPDIR)/process_utils.Po -rm -f ./$(DEPDIR)/rexec.Po + -rm -f ./$(DEPDIR)/ringbuf.Po + -rm -f ./$(DEPDIR)/seccomp.Po + -rm -f ./$(DEPDIR)/start.Po + -rm -f ./$(DEPDIR)/state.Po -rm -f ./$(DEPDIR)/string_utils.Po + -rm -f ./$(DEPDIR)/sync.Po + -rm -f ./$(DEPDIR)/terminal.Po -rm -f ./$(DEPDIR)/utils.Po + -rm -f ./$(DEPDIR)/uuid.Po + -rm -f cgroups/$(DEPDIR)/cgfsng.Po + -rm -f cgroups/$(DEPDIR)/cgroup.Po + -rm -f cgroups/$(DEPDIR)/cgroup2_devices.Po + -rm -f cgroups/$(DEPDIR)/cgroup_utils.Po -rm -f cgroups/$(DEPDIR)/liblxc_la-cgfsng.Plo -rm -f cgroups/$(DEPDIR)/liblxc_la-cgroup.Plo -rm -f cgroups/$(DEPDIR)/liblxc_la-cgroup2_devices.Plo @@ -3024,11 +5173,17 @@ -rm -f cmd/$(DEPDIR)/lxc_monitord.Po -rm -f cmd/$(DEPDIR)/lxc_user_nic.Po -rm -f cmd/$(DEPDIR)/lxc_usernsexec.Po + -rm -f lsm/$(DEPDIR)/apparmor.Po -rm -f lsm/$(DEPDIR)/liblxc_la-apparmor.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-lsm.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-nop.Plo -rm -f lsm/$(DEPDIR)/liblxc_la-selinux.Plo + -rm -f lsm/$(DEPDIR)/lsm.Po + -rm -f lsm/$(DEPDIR)/nop.Po + -rm -f lsm/$(DEPDIR)/selinux.Po -rm -f pam/$(DEPDIR)/cgfs_la-pam_cgfs.Plo + -rm -f storage/$(DEPDIR)/btrfs.Po + -rm -f storage/$(DEPDIR)/dir.Po -rm -f storage/$(DEPDIR)/liblxc_la-btrfs.Plo -rm -f storage/$(DEPDIR)/liblxc_la-dir.Plo -rm -f storage/$(DEPDIR)/liblxc_la-loop.Plo @@ -3040,7 +5195,15 @@ -rm -f storage/$(DEPDIR)/liblxc_la-storage.Plo -rm -f storage/$(DEPDIR)/liblxc_la-storage_utils.Plo -rm -f storage/$(DEPDIR)/liblxc_la-zfs.Plo + -rm -f storage/$(DEPDIR)/loop.Po + -rm -f storage/$(DEPDIR)/lvm.Po + -rm -f storage/$(DEPDIR)/nbd.Po + -rm -f storage/$(DEPDIR)/overlay.Po + -rm -f storage/$(DEPDIR)/rbd.Po + -rm -f storage/$(DEPDIR)/rsync.Po + -rm -f storage/$(DEPDIR)/storage.Po -rm -f storage/$(DEPDIR)/storage_utils.Po + -rm -f storage/$(DEPDIR)/zfs.Po -rm -f tools/$(DEPDIR)/arguments.Po -rm -f tools/$(DEPDIR)/lxc_attach.Po -rm -f tools/$(DEPDIR)/lxc_autostart.Po diff -Nru lxc-4.0.2/src/lxc/monitor.h lxc-4.0.6/src/lxc/monitor.h --- lxc-4.0.2/src/lxc/monitor.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/monitor.h 2021-01-12 00:20:05.000000000 +0000 @@ -8,6 +8,8 @@ #include #include +#include "compiler.h" + typedef enum { lxc_msg_state, lxc_msg_priority, @@ -16,25 +18,23 @@ struct lxc_msg { lxc_msg_type_t type; - char name[NAME_MAX+1]; + char name[NAME_MAX + 1]; int value; }; -extern int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr); -extern int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, - size_t fifo_path_sz, int do_mkdirp); -extern void lxc_monitor_send_state(const char *name, lxc_state_t state, - const char *lxcpath); -extern void lxc_monitor_send_exit_code(const char *name, int exit_code, - const char *lxcpath); -extern int lxc_monitord_spawn(const char *lxcpath); +__hidden extern int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr); +__hidden extern int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path_sz, + int do_mkdirp); +__hidden extern void lxc_monitor_send_state(const char *name, lxc_state_t state, const char *lxcpath); +__hidden extern void lxc_monitor_send_exit_code(const char *name, int exit_code, const char *lxcpath); +__hidden extern int lxc_monitord_spawn(const char *lxcpath); /* * Open the monitoring mechanism for a specific container * The function will return an fd corresponding to the events * Returns a file descriptor on success, < 0 otherwise */ -extern int lxc_monitor_open(const char *lxcpath); +__hidden extern int lxc_monitor_open(const char *lxcpath); /* * Blocking read for the next container state change @@ -43,7 +43,7 @@ * Returns 0 if the monitored container has exited, > 0 if * data was read, < 0 otherwise */ -extern int lxc_monitor_read(int fd, struct lxc_msg *msg); +__hidden extern int lxc_monitor_read(int fd, struct lxc_msg *msg); /* * Blocking read for the next container state change with timeout @@ -53,7 +53,7 @@ * Returns 0 if the monitored container has exited, > 0 if * data was read, < 0 otherwise */ -extern int lxc_monitor_read_timeout(int fd, struct lxc_msg *msg, int timeout); +__hidden extern int lxc_monitor_read_timeout(int fd, struct lxc_msg *msg, int timeout); /* * Blocking read from multiple monitors for the next container state @@ -65,8 +65,7 @@ * Returns 0 if the monitored container has exited, > 0 if * data was read, < 0 otherwise */ -extern int lxc_monitor_read_fdset(struct pollfd *fds, nfds_t nfds, struct lxc_msg *msg, - int timeout); - +__hidden extern int lxc_monitor_read_fdset(struct pollfd *fds, nfds_t nfds, struct lxc_msg *msg, + int timeout); -#endif +#endif /* __LXC_MONITOR_H */ diff -Nru lxc-4.0.2/src/lxc/mount_utils.c lxc-4.0.6/src/lxc/mount_utils.c --- lxc-4.0.2/src/lxc/mount_utils.c 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/src/lxc/mount_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -0,0 +1,140 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif +#include +#include +#include +#include +#include +#include + +#include "log.h" +#include "macro.h" +#include "memory_utils.h" +#include "mount_utils.h" +#include "syscall_numbers.h" +#include "syscall_wrappers.h" + +lxc_log_define(mount_utils, lxc); + +int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags) +{ + unsigned int flags = 0; + + if (old_flags & MS_RDONLY) { + flags |= MOUNT_ATTR_RDONLY; + old_flags &= ~MS_RDONLY; + } + + if (old_flags & MS_NOSUID) { + flags |= MOUNT_ATTR_NOSUID; + old_flags &= ~MS_NOSUID; + } + + if (old_flags & MS_NODEV) { + flags |= MOUNT_ATTR_NODEV; + old_flags &= ~MS_NODEV; + } + + if (old_flags & MS_NOEXEC) { + flags |= MOUNT_ATTR_NOEXEC; + old_flags &= ~MS_NOEXEC; + } + + if (old_flags & MS_RELATIME) { + flags |= MOUNT_ATTR_RELATIME; + old_flags &= ~MS_RELATIME; + } + + if (old_flags & MS_NOATIME) { + flags |= MOUNT_ATTR_NOATIME; + old_flags &= ~MS_NOATIME; + } + + if (old_flags & MS_STRICTATIME) { + flags |= MOUNT_ATTR_STRICTATIME; + old_flags &= ~MS_STRICTATIME; + } + + if (old_flags & MS_NODIRATIME) { + flags |= MOUNT_ATTR_NODIRATIME; + old_flags &= ~MS_NODIRATIME; + } + + *new_flags |= flags; + return old_flags; +} + +int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags) +{ + unsigned int flags = 0; + + if (new_flags & MOUNT_ATTR_RDONLY) { + flags |= MS_RDONLY; + new_flags &= ~MOUNT_ATTR_RDONLY; + } + + if (new_flags & MOUNT_ATTR_NOSUID) { + flags |= MS_NOSUID; + new_flags &= ~MOUNT_ATTR_NOSUID; + } + + if (new_flags & MS_NODEV) { + flags |= MOUNT_ATTR_NODEV; + new_flags &= ~MS_NODEV; + } + + if (new_flags & MOUNT_ATTR_NOEXEC) { + flags |= MS_NOEXEC; + new_flags &= ~MOUNT_ATTR_NOEXEC; + } + + if (new_flags & MS_RELATIME) { + flags |= MS_RELATIME; + new_flags &= ~MOUNT_ATTR_RELATIME; + } + + if (new_flags & MS_NOATIME) { + flags |= MS_NOATIME; + new_flags &= ~MOUNT_ATTR_NOATIME; + } + + if (new_flags & MS_STRICTATIME) { + flags |= MS_STRICTATIME; + new_flags &= ~MOUNT_ATTR_STRICTATIME; + } + + if (new_flags & MS_NODIRATIME) { + flags |= MS_NODIRATIME; + new_flags &= ~MOUNT_ATTR_NODIRATIME; + } + + *old_flags |= flags; + return new_flags; +} + +int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags) +{ + __do_close int fsfd = -EBADF; + unsigned int old_flags = 0; + + fsfd = fsopen(fs_name, FSOPEN_CLOEXEC); + if (fsfd >= 0) { + __do_close int mfd = -EBADF; + + if (fsconfig(fsfd, FSCONFIG_CMD_CREATE, NULL, NULL, 0)) + return -1; + + mfd = fsmount(fsfd, FSMOUNT_CLOEXEC, attr_flags); + if (mfd < 0) + return -1; + + return move_mount(mfd, "", AT_FDCWD, path, MOVE_MOUNT_F_EMPTY_PATH); + } + + TRACE("Falling back to old mount api"); + mnt_attributes_old(attr_flags, &old_flags); + return mount("none", path, fs_name, old_flags, NULL); +} diff -Nru lxc-4.0.2/src/lxc/mount_utils.h lxc-4.0.6/src/lxc/mount_utils.h --- lxc-4.0.2/src/lxc/mount_utils.h 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/src/lxc/mount_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -0,0 +1,153 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef __LXC_MOUNT_UTILS_H +#define __LXC_MOUNT_UTILS_H + +#include +#include +#include + +#include "compiler.h" + +/* open_tree() flags */ +#ifndef OPEN_TREE_CLONE +#define OPEN_TREE_CLONE 1 +#endif + +#ifndef OPEN_TREE_CLOEXEC +#define OPEN_TREE_CLOEXEC O_CLOEXEC +#endif + +/* move_mount() flags */ +#ifndef MOVE_MOUNT_F_SYMLINKS +#define MOVE_MOUNT_F_SYMLINKS 0x00000001 /* Follow symlinks on from path */ +#endif + +#ifndef MOVE_MOUNT_F_AUTOMOUNTS +#define MOVE_MOUNT_F_AUTOMOUNTS 0x00000002 /* Follow automounts on from path */ +#endif + +#ifndef MOVE_MOUNT_F_EMPTY_PATH +#define MOVE_MOUNT_F_EMPTY_PATH 0x00000004 /* Empty from path permitted */ +#endif + +#ifndef MOVE_MOUNT_T_SYMLINKS +#define MOVE_MOUNT_T_SYMLINKS 0x00000010 /* Follow symlinks on to path */ +#endif + +#ifndef MOVE_MOUNT_T_AUTOMOUNTS +#define MOVE_MOUNT_T_AUTOMOUNTS 0x00000020 /* Follow automounts on to path */ +#endif + +#ifndef MOVE_MOUNT_T_EMPTY_PATH +#define MOVE_MOUNT_T_EMPTY_PATH 0x00000040 /* Empty to path permitted */ +#endif + +#ifndef MOVE_MOUNT__MASK +#define MOVE_MOUNT__MASK 0x00000077 +#endif + +/* fsopen() flags */ +#ifndef FSOPEN_CLOEXEC +#define FSOPEN_CLOEXEC 0x00000001 +#endif + +/* fspick() flags */ +#ifndef FSPICK_CLOEXEC +#define FSPICK_CLOEXEC 0x00000001 +#endif + +#ifndef FSPICK_SYMLINK_NOFOLLOW +#define FSPICK_SYMLINK_NOFOLLOW 0x00000002 +#endif + +#ifndef FSPICK_NO_AUTOMOUNT +#define FSPICK_NO_AUTOMOUNT 0x00000004 +#endif + +#ifndef FSPICK_EMPTY_PATH +#define FSPICK_EMPTY_PATH 0x00000008 +#endif + +/* fsconfig() commands */ +#ifndef FSCONFIG_SET_FLAG +#define FSCONFIG_SET_FLAG 0 /* Set parameter, supplying no value */ +#endif + +#ifndef FSCONFIG_SET_STRING +#define FSCONFIG_SET_STRING 1 /* Set parameter, supplying a string value */ +#endif + +#ifndef FSCONFIG_SET_BINARY +#define FSCONFIG_SET_BINARY 2 /* Set parameter, supplying a binary blob value */ +#endif + +#ifndef FSCONFIG_SET_PATH +#define FSCONFIG_SET_PATH 3 /* Set parameter, supplying an object by path */ +#endif + +#ifndef FSCONFIG_SET_PATH_EMPTY +#define FSCONFIG_SET_PATH_EMPTY 4 /* Set parameter, supplying an object by (empty) path */ +#endif + +#ifndef FSCONFIG_SET_FD +#define FSCONFIG_SET_FD 5 /* Set parameter, supplying an object by fd */ +#endif + +#ifndef FSCONFIG_CMD_CREATE +#define FSCONFIG_CMD_CREATE 6 /* Invoke superblock creation */ +#endif + +#ifndef FSCONFIG_CMD_RECONFIGURE +#define FSCONFIG_CMD_RECONFIGURE 7 /* Invoke superblock reconfiguration */ +#endif + +/* fsmount() flags */ +#ifndef FSMOUNT_CLOEXEC +#define FSMOUNT_CLOEXEC 0x00000001 +#endif + +/* mount attributes */ +#ifndef MOUNT_ATTR_RDONLY +#define MOUNT_ATTR_RDONLY 0x00000001 /* Mount read-only */ +#endif + +#ifndef MOUNT_ATTR_NOSUID +#define MOUNT_ATTR_NOSUID 0x00000002 /* Ignore suid and sgid bits */ +#endif + +#ifndef MOUNT_ATTR_NODEV +#define MOUNT_ATTR_NODEV 0x00000004 /* Disallow access to device special files */ +#endif + +#ifndef MOUNT_ATTR_NOEXEC +#define MOUNT_ATTR_NOEXEC 0x00000008 /* Disallow program execution */ +#endif + +#ifndef MOUNT_ATTR__ATIME +#define MOUNT_ATTR__ATIME 0x00000070 /* Setting on how atime should be updated */ +#endif + +#ifndef MOUNT_ATTR_RELATIME +#define MOUNT_ATTR_RELATIME 0x00000000 /* - Update atime relative to mtime/ctime. */ +#endif + +#ifndef MOUNT_ATTR_NOATIME +#define MOUNT_ATTR_NOATIME 0x00000010 /* - Do not update access times. */ +#endif + +#ifndef MOUNT_ATTR_STRICTATIME +#define MOUNT_ATTR_STRICTATIME 0x00000020 /* - Always perform atime updates */ +#endif + +#ifndef MOUNT_ATTR_NODIRATIME +#define MOUNT_ATTR_NODIRATIME 0x00000080 /* Do not update directory access times */ +#endif + +__hidden extern int mnt_attributes_new(unsigned int old_flags, unsigned int *new_flags); + +__hidden extern int mnt_attributes_old(unsigned int new_flags, unsigned int *old_flags); + +__hidden extern int mount_filesystem(const char *fs_name, const char *path, unsigned int attr_flags); + +#endif /* __LXC_MOUNT_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/namespace.c lxc-4.0.6/src/lxc/namespace.c --- lxc-4.0.2/src/lxc/namespace.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/namespace.c 2021-01-12 00:20:05.000000000 +0000 @@ -21,33 +21,6 @@ lxc_log_define(namespace, lxc); -/* - * Let's use the "standard stack limit" (i.e. glibc thread size default) for - * stack sizes: 8MB. - */ -#define __LXC_STACK_SIZE (8 * 1024 * 1024) -pid_t lxc_clone(int (*fn)(void *), void *arg, int flags, int *pidfd) -{ - pid_t ret; - void *stack; - - stack = malloc(__LXC_STACK_SIZE); - if (!stack) { - SYSERROR("Failed to allocate clone stack"); - return -ENOMEM; - } - -#ifdef __ia64__ - ret = __clone2(fn, stack, __LXC_STACK_SIZE, flags | SIGCHLD, arg, pidfd); -#else - ret = clone(fn, stack + __LXC_STACK_SIZE, flags | SIGCHLD, arg, pidfd); -#endif - if (ret < 0) - SYSERROR("Failed to clone (%#x)", flags); - - return ret; -} - /* Leave the user namespace at the first position in the array of structs so * that we always attach to it first when iterating over the struct and using * setns() to switch namespaces. This especially affects lxc_attach(): Suppose diff -Nru lxc-4.0.2/src/lxc/namespace.h lxc-4.0.6/src/lxc/namespace.h --- lxc-4.0.2/src/lxc/namespace.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/namespace.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,62 +7,7 @@ #include #include -#ifndef CLONE_PARENT_SETTID -#define CLONE_PARENT_SETTID 0x00100000 -#endif - -#ifndef CLONE_CHILD_CLEARTID -#define CLONE_CHILD_CLEARTID 0x00200000 -#endif - -#ifndef CLONE_CHILD_SETTID -#define CLONE_CHILD_SETTID 0x01000000 -#endif - -#ifndef CLONE_VFORK -#define CLONE_VFORK 0x00004000 -#endif - -#ifndef CLONE_THREAD -#define CLONE_THREAD 0x00010000 -#endif - -#ifndef CLONE_SETTLS -#define CLONE_SETTLS 0x00080000 -#endif - -#ifndef CLONE_VM -#define CLONE_VM 0x00000100 -#endif - -#ifndef CLONE_FILES -#define CLONE_FILES 0x00000400 -#endif - -#ifndef CLONE_FS -# define CLONE_FS 0x00000200 -#endif -#ifndef CLONE_NEWNS -# define CLONE_NEWNS 0x00020000 -#endif -#ifndef CLONE_NEWCGROUP -# define CLONE_NEWCGROUP 0x02000000 -#endif -#ifndef CLONE_NEWUTS -# define CLONE_NEWUTS 0x04000000 -#endif -#ifndef CLONE_NEWIPC -# define CLONE_NEWIPC 0x08000000 -#endif -#ifndef CLONE_NEWUSER -# define CLONE_NEWUSER 0x10000000 -#endif -#ifndef CLONE_NEWPID -# define CLONE_NEWPID 0x20000000 -#endif -#ifndef CLONE_NEWNET -# define CLONE_NEWNET 0x40000000 -#endif +#include "compiler.h" enum { LXC_NS_USER, @@ -75,49 +20,16 @@ LXC_NS_MAX }; -extern const struct ns_info { +__hidden extern const struct ns_info { const char *proc_name; int clone_flag; const char *flag_name; const char *env_name; } ns_info[LXC_NS_MAX]; -#if defined(__ia64__) -int __clone2(int (*__fn) (void *__arg), void *__child_stack_base, - size_t __child_stack_size, int __flags, void *__arg, ...); -#else -int clone(int (*fn)(void *), void *child_stack, - int flags, void *arg, ... - /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ ); -#endif - -/** - * lxc_clone() - create a new process - * - * - allocate stack: - * This function allocates a new stack the size of page and passes it to the - * kernel. - * - * - support all CLONE_*flags: - * This function supports all CLONE_* flags. If in doubt or not sufficiently - * familiar with process creation in the kernel and interactions with libcs - * this function should be used. - * - * - pthread_atfork() handlers depending on libc: - * Whether this function runs pthread_atfork() handlers depends on the - * corresponding libc wrapper. glibc currently does not run pthread_atfork() - * handlers but does not guarantee that they are not. Other libcs might or - * might not run pthread_atfork() handlers. If you require guarantees please - * refer to the lxc_raw_clone*() functions in raw_syscalls.{c,h}. - * - * - should call lxc_raw_getpid(): - * The child should use lxc_raw_getpid() to retrieve its pid. - */ -extern pid_t lxc_clone(int (*fn)(void *), void *arg, int flags, int *pidfd); - -extern int lxc_namespace_2_cloneflag(const char *namespace); -extern int lxc_namespace_2_ns_idx(const char *namespace); -extern int lxc_namespace_2_std_identifiers(char *namespaces); -extern int lxc_fill_namespace_flags(char *flaglist, int *flags); +__hidden extern int lxc_namespace_2_cloneflag(const char *namespace); +__hidden extern int lxc_namespace_2_ns_idx(const char *namespace); +__hidden extern int lxc_namespace_2_std_identifiers(char *namespaces); +__hidden extern int lxc_fill_namespace_flags(char *flaglist, int *flags); -#endif +#endif /* __LXC_NAMESPACE_H */ diff -Nru lxc-4.0.2/src/lxc/network.c lxc-4.0.6/src/lxc/network.c --- lxc-4.0.2/src/lxc/network.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/network.c 2021-01-12 00:20:05.000000000 +0000 @@ -36,7 +36,7 @@ #include "memory_utils.h" #include "network.h" #include "nl.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "syscall_wrappers.h" #include "utils.h" @@ -182,11 +182,6 @@ return 0; } -struct ip_proxy_args { - const char *ip; - const char *dev; -}; - static int lxc_ip_neigh_proxy(__u16 nlmsg_type, int family, int ifindex, void *dest) { call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL; @@ -324,11 +319,15 @@ } if (!is_empty_string(netdev->link) && netdev->priv.veth_attr.mode == VETH_MODE_BRIDGE) { + if (!lxc_nic_exists(netdev->link)) { + SYSERROR("Failed to attach \"%s\" to bridge \"%s\", bridge interface doesn't exist", veth1, netdev->link); + goto out_delete; + } + err = lxc_bridge_attach(netdev->link, veth1); if (err) { errno = -err; - SYSERROR("Failed to attach \"%s\" to bridge \"%s\"", - veth1, netdev->link); + SYSERROR("Failed to attach \"%s\" to bridge \"%s\"", veth1, netdev->link); goto out_delete; } INFO("Attached \"%s\" to bridge \"%s\"", veth1, netdev->link); @@ -483,8 +482,6 @@ } strlcpy(netdev->created_name, peer, IFNAMSIZ); - if (is_empty_string(netdev->name)) - (void)strlcpy(netdev->name, peer, IFNAMSIZ); netdev->ifindex = if_nametoindex(peer); if (!netdev->ifindex) { @@ -534,7 +531,7 @@ return -1; } -static int lxc_ipvlan_create(const char *master, const char *name, int mode, int isolation) +static int lxc_ipvlan_create(const char *parent, const char *name, int mode, int isolation) { call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL; struct nl_handler nlh; @@ -543,7 +540,7 @@ struct ifinfomsg *ifi; struct rtattr *nest, *nest2; - len = strlen(master); + len = strlen(parent); if (len == 1 || len >= IFNAMSIZ) return ret_errno(EINVAL); @@ -551,13 +548,13 @@ if (len == 1 || len >= IFNAMSIZ) return ret_errno(EINVAL); - index = if_nametoindex(master); + index = if_nametoindex(parent); if (!index) return ret_errno(EINVAL); err = netlink_open(nlh_ptr, NETLINK_ROUTE); if (err) - return ret_errno(-err); + return err; nlmsg = nlmsg_alloc(NLMSG_GOOD_SIZE); if (!nlmsg) @@ -586,7 +583,7 @@ if (!nest2) return ret_errno(EPROTO); - if (nla_put_u32(nlmsg, IFLA_IPVLAN_MODE, mode)) + if (nla_put_u16(nlmsg, IFLA_IPVLAN_MODE, mode)) return ret_errno(EPROTO); /* if_link.h does not define the isolation flag value for bridge mode (unlike IPVLAN_F_PRIVATE and @@ -634,8 +631,6 @@ } strlcpy(netdev->created_name, peer, IFNAMSIZ); - if (is_empty_string(netdev->name)) - (void)strlcpy(netdev->name, peer, IFNAMSIZ); netdev->ifindex = if_nametoindex(peer); if (!netdev->ifindex) { @@ -709,8 +704,6 @@ } strlcpy(netdev->created_name, peer, IFNAMSIZ); - if (is_empty_string(netdev->name)) - (void)strlcpy(netdev->name, peer, IFNAMSIZ); netdev->ifindex = if_nametoindex(peer); if (!netdev->ifindex) { @@ -866,7 +859,7 @@ [LXC_NET_NONE] = instantiate_none, }; -static int instantiate_ns_veth(struct lxc_netdev *netdev) +static int __instantiate_ns_common(struct lxc_netdev *netdev) { char current_ifname[IFNAMSIZ]; @@ -908,33 +901,30 @@ return 0; } -static int __instantiate_common(struct lxc_netdev *netdev) +static int instantiate_ns_veth(struct lxc_netdev *netdev) { - netdev->ifindex = if_nametoindex(netdev->name); - if (!netdev->ifindex) - return log_error_errno(-1, errno, "Failed to retrieve ifindex for network device with name %s", netdev->name); - return 0; + return __instantiate_ns_common(netdev); } static int instantiate_ns_macvlan(struct lxc_netdev *netdev) { - return __instantiate_common(netdev); + return __instantiate_ns_common(netdev); } static int instantiate_ns_ipvlan(struct lxc_netdev *netdev) { - return __instantiate_common(netdev); + return __instantiate_ns_common(netdev); } static int instantiate_ns_vlan(struct lxc_netdev *netdev) { - return __instantiate_common(netdev); + return __instantiate_ns_common(netdev); } static int instantiate_ns_phys(struct lxc_netdev *netdev) { - return __instantiate_common(netdev); + return __instantiate_ns_common(netdev); } static int instantiate_ns_empty(struct lxc_netdev *netdev) @@ -1431,7 +1421,7 @@ return netlink_transaction(nlh_ptr, nlmsg, answer); } -int netdev_get_flag(const char *name, int *flag) +static int netdev_get_flag(const char *name, int *flag) { call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL; struct nl_handler nlh; @@ -1746,7 +1736,7 @@ } /* TODO: merge with lxc_macvlan_create */ -int lxc_vlan_create(const char *master, const char *name, unsigned short vlanid) +int lxc_vlan_create(const char *parent, const char *name, unsigned short vlanid) { call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL; struct nl_handler nlh; @@ -1759,7 +1749,7 @@ if (err) return err; - len = strlen(master); + len = strlen(parent); if (len == 1 || len >= IFNAMSIZ) return ret_errno(EINVAL); @@ -1775,7 +1765,7 @@ if (!answer) return ret_errno(ENOMEM); - lindex = if_nametoindex(master); + lindex = if_nametoindex(parent); if (!lindex) return ret_errno(EINVAL); @@ -1814,7 +1804,7 @@ return netlink_transaction(nlh_ptr, nlmsg, answer); } -int lxc_macvlan_create(const char *master, const char *name, int mode) +int lxc_macvlan_create(const char *parent, const char *name, int mode) { call_cleaner(nlmsg_free) struct nlmsg *answer = NULL, *nlmsg = NULL; struct nl_handler nlh; @@ -1827,7 +1817,7 @@ if (err) return err; - len = strlen(master); + len = strlen(parent); if (len == 1 || len >= IFNAMSIZ) return ret_errno(EINVAL); @@ -1843,7 +1833,7 @@ if (!answer) return ret_errno(ENOMEM); - index = if_nametoindex(master); + index = if_nametoindex(parent); if (!index) return ret_errno(EINVAL); @@ -2447,10 +2437,7 @@ char *lxc_ifname_alnum_case_sensitive(char *template) { - int ret; - struct netns_ifaddrs *ifa, *ifaddr; char name[IFNAMSIZ]; - bool exists = false; size_t i = 0; #ifdef HAVE_RAND_R unsigned int seed; @@ -2464,18 +2451,11 @@ if (strlen(template) >= IFNAMSIZ) return NULL; - /* Get all the network interfaces. */ - ret = netns_getifaddrs(&ifaddr, -1, &(bool){false}); - if (ret < 0) - return log_error_errno(NULL, errno, "Failed to get network interfaces"); - /* Generate random names until we find one that doesn't exist. */ for (;;) { name[0] = '\0'; (void)strlcpy(name, template, IFNAMSIZ); - exists = false; - for (i = 0; i < strlen(name); i++) { if (name[i] == 'X') { #ifdef HAVE_RAND_R @@ -2486,18 +2466,10 @@ } } - for (ifa = ifaddr; ifa != NULL; ifa = ifa->ifa_next) { - if (!strcmp(ifa->ifa_name, name)) { - exists = true; - break; - } - } - - if (!exists) + if (if_nametoindex(name) == 0) break; } - netns_freeifaddrs(ifaddr); (void)strlcpy(template, name, strlen(template) + 1); return template; @@ -2724,7 +2696,7 @@ int bytes, ret; pid_t child; int pipefd[2]; - char buffer[PATH_MAX] = {0}; + char buffer[PATH_MAX] = {}; if (netdev->type != LXC_NET_VETH) return log_error_errno(-1, EINVAL, "Network type %d not support for unprivileged use", netdev->type); @@ -2796,7 +2768,7 @@ return 0; } -bool lxc_delete_network_unpriv(struct lxc_handler *handler) +static bool lxc_delete_network_unpriv(struct lxc_handler *handler) { int ret; struct lxc_list *iterator; @@ -3120,9 +3092,9 @@ physname = is_wlan(netdev->link); if (physname) - ret = lxc_netdev_move_wlan(physname, netdev->link, pid, netdev->name); + ret = lxc_netdev_move_wlan(physname, netdev->link, pid, NULL); else - ret = lxc_netdev_move_by_index(netdev->ifindex, pid, netdev->name); + ret = lxc_netdev_move_by_index(netdev->ifindex, pid, NULL); if (ret) return log_error_errno(-1, -ret, "Failed to move network device \"%s\" with ifindex %d to network namespace %d", netdev->created_name, @@ -3176,7 +3148,7 @@ return 0; } -bool lxc_delete_network_priv(struct lxc_handler *handler) +static bool lxc_delete_network_priv(struct lxc_handler *handler) { int ret; struct lxc_list *iterator; @@ -3317,6 +3289,13 @@ char ifname[IFNAMSIZ]; struct lxc_list *iterator; + /* + * If we weren't asked to clone a new network namespace, there's + * nothing to restore. + */ + if (!(handler->ns_clone_flags & CLONE_NEWNET)) + return 0; + /* We need CAP_NET_ADMIN in the parent namespace in order to setns() to * the parent network namespace. We won't have this capability if we are * unprivileged. diff -Nru lxc-4.0.2/src/lxc/network.h lxc-4.0.6/src/lxc/network.h --- lxc-4.0.2/src/lxc/network.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/network.h 2021-01-12 00:20:05.000000000 +0000 @@ -10,6 +10,7 @@ #include #include +#include "compiler.h" #include "list.h" struct lxc_conf; @@ -177,107 +178,102 @@ }; /* Convert a string mac address to a socket structure. */ -extern int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr); +__hidden extern int lxc_convert_mac(char *macaddr, struct sockaddr *sockaddr); /* Move a device between namespaces. */ -extern int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname); -extern int lxc_netdev_move_by_name(const char *ifname, pid_t pid, - const char *newname); +__hidden extern int lxc_netdev_move_by_index(int ifindex, pid_t pid, const char *ifname); +__hidden extern int lxc_netdev_move_by_name(const char *ifname, pid_t pid, const char *newname); /* Delete a network device. */ -extern int lxc_netdev_delete_by_name(const char *name); -extern int lxc_netdev_delete_by_index(int ifindex); +__hidden extern int lxc_netdev_delete_by_name(const char *name); +__hidden extern int lxc_netdev_delete_by_index(int ifindex); /* Change the device name. */ -extern int lxc_netdev_rename_by_name(const char *oldname, const char *newname); -extern int lxc_netdev_rename_by_index(int ifindex, const char *newname); +__hidden extern int lxc_netdev_rename_by_name(const char *oldname, const char *newname); +__hidden extern int lxc_netdev_rename_by_index(int ifindex, const char *newname); -extern int netdev_set_flag(const char *name, int flag); +__hidden extern int netdev_set_flag(const char *name, int flag); /* Set the device network up or down. */ -extern int lxc_netdev_isup(const char *name); -extern int lxc_netdev_up(const char *name); -extern int lxc_netdev_down(const char *name); +__hidden extern int lxc_netdev_isup(const char *name); +__hidden extern int lxc_netdev_up(const char *name); +__hidden extern int lxc_netdev_down(const char *name); /* Change the mtu size for the specified device. */ -extern int lxc_netdev_set_mtu(const char *name, int mtu); +__hidden extern int lxc_netdev_set_mtu(const char *name, int mtu); /* Create a virtual network devices. */ -extern int lxc_veth_create(const char *name1, const char *name2, pid_t pid, - unsigned int mtu); -extern int lxc_macvlan_create(const char *master, const char *name, int mode); -extern int lxc_vlan_create(const char *master, const char *name, - unsigned short vid); +__hidden extern int lxc_veth_create(const char *name1, const char *name2, pid_t pid, + unsigned int mtu); +__hidden extern int lxc_macvlan_create(const char *parent, const char *name, int mode); +__hidden extern int lxc_vlan_create(const char *parent, const char *name, unsigned short vid); /* Set ip address. */ -extern int lxc_ipv6_addr_add(int ifindex, struct in6_addr *addr, - struct in6_addr *mcast, - struct in6_addr *acast, int prefix); +__hidden extern int lxc_ipv6_addr_add(int ifindex, struct in6_addr *addr, struct in6_addr *mcast, + struct in6_addr *acast, int prefix); -extern int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, - struct in_addr *bcast, int prefix); +__hidden extern int lxc_ipv4_addr_add(int ifindex, struct in_addr *addr, struct in_addr *bcast, + int prefix); /* Get ip address. */ -extern int lxc_ipv4_addr_get(int ifindex, struct in_addr **res); -extern int lxc_ipv6_addr_get(int ifindex, struct in6_addr **res); +__hidden extern int lxc_ipv4_addr_get(int ifindex, struct in_addr **res); +__hidden extern int lxc_ipv6_addr_get(int ifindex, struct in6_addr **res); /* Set default route. */ -extern int lxc_ipv4_gateway_add(int ifindex, struct in_addr *gw); -extern int lxc_ipv6_gateway_add(int ifindex, struct in6_addr *gw); +__hidden extern int lxc_ipv4_gateway_add(int ifindex, struct in_addr *gw); +__hidden extern int lxc_ipv6_gateway_add(int ifindex, struct in6_addr *gw); /* Attach an interface to the bridge. */ -extern int lxc_bridge_attach(const char *bridge, const char *ifname); -extern int lxc_ovs_delete_port(const char *bridge, const char *nic); +__hidden extern int lxc_bridge_attach(const char *bridge, const char *ifname); +__hidden extern int lxc_ovs_delete_port(const char *bridge, const char *nic); -extern bool is_ovs_bridge(const char *bridge); +__hidden extern bool is_ovs_bridge(const char *bridge); /* Create default gateway. */ -extern int lxc_route_create_default(const char *addr, const char *ifname, - int gateway); +__hidden extern int lxc_route_create_default(const char *addr, const char *ifname, int gateway); /* Delete default gateway. */ -extern int lxc_route_delete_default(const char *addr, const char *ifname, - int gateway); +__hidden extern int lxc_route_delete_default(const char *addr, const char *ifname, int gateway); /* Activate neighbor proxying. */ -extern int lxc_neigh_proxy_on(const char *name, int family); +__hidden extern int lxc_neigh_proxy_on(const char *name, int family); /* Disable neighbor proxying. */ -extern int lxc_neigh_proxy_off(const char *name, int family); +__hidden extern int lxc_neigh_proxy_off(const char *name, int family); /* Activate IP forwarding. */ -extern int lxc_ip_forwarding_on(const char *name, int family); +__hidden extern int lxc_ip_forwarding_on(const char *name, int family); /* Disable IP forwarding. */ -extern int lxc_ip_forwarding_off(const char *name, int family); +__hidden extern int lxc_ip_forwarding_off(const char *name, int family); /* * Generate a new unique network interface name. * * Allows for 62^n unique combinations. */ -extern char *lxc_ifname_alnum_case_sensitive(char *template); +__hidden extern char *lxc_ifname_alnum_case_sensitive(char *template); -extern const char *lxc_net_type_to_str(int type); -extern int setup_private_host_hw_addr(char *veth1); -extern int netdev_get_mtu(int ifindex); -extern int lxc_network_move_created_netdev_priv(struct lxc_handler *handler); -extern void lxc_delete_network(struct lxc_handler *handler); -extern int lxc_find_gateway_addresses(struct lxc_handler *handler); -extern int lxc_requests_empty_network(struct lxc_handler *handler); -extern int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler); -extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf, - struct lxc_list *network); -extern int lxc_network_send_to_child(struct lxc_handler *handler); -extern int lxc_network_recv_from_parent(struct lxc_handler *handler); -extern int lxc_network_send_name_and_ifindex_to_parent(struct lxc_handler *handler); -extern int lxc_network_recv_name_and_ifindex_from_child(struct lxc_handler *handler); -extern int lxc_netns_set_nsid(int netns_fd); -extern int lxc_netns_get_nsid(__s32 fd); -extern int lxc_create_network(struct lxc_handler *handler); - -extern char *is_wlan(const char *ifname); -extern int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, - const char *newname); +__hidden extern const char *lxc_net_type_to_str(int type); +__hidden extern int setup_private_host_hw_addr(char *veth1); +__hidden extern int netdev_get_mtu(int ifindex); +__hidden extern int lxc_network_move_created_netdev_priv(struct lxc_handler *handler); +__hidden extern void lxc_delete_network(struct lxc_handler *handler); +__hidden extern int lxc_find_gateway_addresses(struct lxc_handler *handler); +__hidden extern int lxc_requests_empty_network(struct lxc_handler *handler); +__hidden extern int lxc_restore_phys_nics_to_netns(struct lxc_handler *handler); +__hidden extern int lxc_setup_network_in_child_namespaces(const struct lxc_conf *conf, + struct lxc_list *network); +__hidden extern int lxc_network_send_to_child(struct lxc_handler *handler); +__hidden extern int lxc_network_recv_from_parent(struct lxc_handler *handler); +__hidden extern int lxc_network_send_name_and_ifindex_to_parent(struct lxc_handler *handler); +__hidden extern int lxc_network_recv_name_and_ifindex_from_child(struct lxc_handler *handler); +__hidden extern int lxc_netns_set_nsid(int netns_fd); +__hidden extern int lxc_netns_get_nsid(__s32 fd); +__hidden extern int lxc_create_network(struct lxc_handler *handler); + +__hidden extern char *is_wlan(const char *ifname); +__hidden extern int lxc_netdev_move_wlan(char *physname, const char *ifname, pid_t pid, + const char *newname); #endif /* __LXC_NETWORK_H */ diff -Nru lxc-4.0.2/src/lxc/nl.c lxc-4.0.6/src/lxc/nl.c --- lxc-4.0.2/src/lxc/nl.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/nl.c 2021-01-12 00:20:05.000000000 +0000 @@ -19,7 +19,7 @@ lxc_log_define(nl, lxc); -size_t nlmsg_len(const struct nlmsg *nlmsg) +static size_t nlmsg_len(const struct nlmsg *nlmsg) { return nlmsg->nlmsghdr->nlmsg_len - NLMSG_HDRLEN; } diff -Nru lxc-4.0.2/src/lxc/nl.h lxc-4.0.6/src/lxc/nl.h --- lxc-4.0.2/src/lxc/nl.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/nl.h 2021-01-12 00:20:05.000000000 +0000 @@ -5,6 +5,7 @@ #include +#include "compiler.h" #include "memory_utils.h" /* @@ -59,7 +60,7 @@ * * Return 0 on success, < 0 otherwise */ -int netlink_open(struct nl_handler *handler, int protocol); +__hidden extern int netlink_open(struct nl_handler *handler, int protocol); /* * netlink_close : close a netlink socket, after this call, @@ -67,7 +68,7 @@ * * @handler: a handler to the netlink socket */ -void netlink_close(struct nl_handler *handler); +__hidden extern void netlink_close(struct nl_handler *handler); define_cleanup_function(struct nl_handler *, netlink_close); /* @@ -80,8 +81,8 @@ * * Returns 0 on success, < 0 otherwise */ -int netlink_rcv(struct nl_handler *handler, struct nlmsg *nlmsg); -int __netlink_recv(struct nl_handler *handler, struct nlmsghdr *nlmsg); +__hidden extern int netlink_rcv(struct nl_handler *handler, struct nlmsg *nlmsg); +__hidden extern int __netlink_recv(struct nl_handler *handler, struct nlmsghdr *nlmsg); /* * netlink_send: send a netlink message to the kernel. It is up @@ -92,8 +93,8 @@ * * Returns 0 on success, < 0 otherwise */ -int netlink_send(struct nl_handler *handler, struct nlmsg *nlmsg); -int __netlink_send(struct nl_handler *handler, struct nlmsghdr *nlmsg); +__hidden extern int netlink_send(struct nl_handler *handler, struct nlmsg *nlmsg); +__hidden extern int __netlink_send(struct nl_handler *handler, struct nlmsghdr *nlmsg); /* * netlink_transaction: send a request to the kernel and read the response. @@ -106,10 +107,10 @@ * * Returns 0 on success, < 0 otherwise */ -int netlink_transaction(struct nl_handler *handler, - struct nlmsg *request, struct nlmsg *answer); -int __netlink_transaction(struct nl_handler *handler, struct nlmsghdr *request, - struct nlmsghdr *answer); +__hidden extern int netlink_transaction(struct nl_handler *handler, struct nlmsg *request, + struct nlmsg *answer); +__hidden extern int __netlink_transaction(struct nl_handler *handler, struct nlmsghdr *request, + struct nlmsghdr *answer); /* * nla_put_string: copy a null terminated string to a netlink message @@ -121,7 +122,7 @@ * * Returns 0 on success, < 0 otherwise */ -int nla_put_string(struct nlmsg *nlmsg, int attr, const char *string); +__hidden extern int nla_put_string(struct nlmsg *nlmsg, int attr, const char *string); /* * nla_put_buffer: copy a buffer with a specified size to a netlink @@ -134,8 +135,7 @@ * * Returns 0 on success, < 0 otherwise */ -int nla_put_buffer(struct nlmsg *nlmsg, int attr, - const void *data, size_t size); +__hidden extern int nla_put_buffer(struct nlmsg *nlmsg, int attr, const void *data, size_t size); /* * nla_put_u32: copy an integer to a netlink message attribute @@ -146,7 +146,7 @@ * * Returns 0 on success, < 0 otherwise */ -int nla_put_u32(struct nlmsg *nlmsg, int attr, int value); +__hidden extern int nla_put_u32(struct nlmsg *nlmsg, int attr, int value); /* * nla_put_u16: copy an integer to a netlink message attribute @@ -157,7 +157,7 @@ * * Returns 0 on success, < 0 otherwise */ -int nla_put_u16(struct nlmsg *nlmsg, int attr, unsigned short value); +__hidden extern int nla_put_u16(struct nlmsg *nlmsg, int attr, unsigned short value); /* * nla_put_attr: add an attribute name to a netlink @@ -167,7 +167,7 @@ * * Returns 0 on success, < 0 otherwise */ -int nla_put_attr(struct nlmsg *nlmsg, int attr); +__hidden extern int nla_put_attr(struct nlmsg *nlmsg, int attr); /* * nla_begin_nested: begin the nesting attribute @@ -178,7 +178,7 @@ * Returns current nested pointer to be reused * to nla_end_nested. */ -struct rtattr *nla_begin_nested(struct nlmsg *nlmsg, int attr); +__hidden extern struct rtattr *nla_begin_nested(struct nlmsg *nlmsg, int attr); /* * nla_end_nested: end the nesting attribute @@ -188,7 +188,7 @@ * * Returns the current */ -void nla_end_nested(struct nlmsg *nlmsg, struct rtattr *attr); +__hidden extern void nla_end_nested(struct nlmsg *nlmsg, struct rtattr *attr); /* * nlmsg_allocate : allocate a netlink message. The netlink format message @@ -205,7 +205,7 @@ * * Returns a pointer to the newly allocated netlink message, NULL otherwise */ -struct nlmsg *nlmsg_alloc(size_t size); +__hidden extern struct nlmsg *nlmsg_alloc(size_t size); /* * nlmsg_alloc_reserve: like nlmsg_alloc(), but reserve the whole payload @@ -214,7 +214,7 @@ * * @size: the capacity of the payload to be allocated. */ -struct nlmsg *nlmsg_alloc_reserve(size_t size); +__hidden extern struct nlmsg *nlmsg_alloc_reserve(size_t size); /* * Reserve room for additional data at the tail of a netlink message @@ -224,14 +224,14 @@ * * Returns a pointer to newly reserved room or NULL */ -void *nlmsg_reserve(struct nlmsg *nlmsg, size_t len); +__hidden extern void *nlmsg_reserve(struct nlmsg *nlmsg, size_t len); /* * nlmsg_free : free a previously allocate message * * @nlmsg: the netlink message to be freed */ -void nlmsg_free(struct nlmsg *nlmsg); +__hidden extern void nlmsg_free(struct nlmsg *nlmsg); define_cleanup_function(struct nlmsg *, nlmsg_free); /* @@ -241,9 +241,9 @@ * * Returns a pointer to the netlink data or NULL if there is no data */ -void *nlmsg_data(struct nlmsg *nlmsg); +__hidden extern void *nlmsg_data(struct nlmsg *nlmsg); -extern int addattr(struct nlmsghdr *n, size_t maxlen, int type, - const void *data, size_t alen); +__hidden extern int addattr(struct nlmsghdr *n, size_t maxlen, int type, + const void *data, size_t alen); #endif diff -Nru lxc-4.0.2/src/lxc/parse.c lxc-4.0.6/src/lxc/parse.c --- lxc-4.0.2/src/lxc/parse.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/parse.c 2021-01-12 00:20:05.000000000 +0000 @@ -5,6 +5,7 @@ #endif #include #include +#include #include #include #include @@ -50,11 +51,12 @@ int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback, void *data) { - int saved_errno; - ssize_t ret = -1, bytes_sent; - char *line; - int fd = -1, memfd = -1; + __do_close int fd = -EBADF, memfd = -EBADF; + ssize_t ret = -1; char *buf = NULL; + struct stat st = {}; + ssize_t bytes; + char *line; memfd = memfd_create(".lxc_config_file", MFD_CLOEXEC); if (memfd < 0) { @@ -65,8 +67,7 @@ goto on_error; } - TRACE("Failed to create in-memory file. Falling back to " - "temporary file"); + TRACE("Failed to create in-memory file. Falling back to temporary file"); memfd = lxc_make_tmpfile(template, true); if (memfd < 0) { SYSERROR("Failed to create temporary file \"%s\"", template); @@ -80,10 +81,21 @@ goto on_error; } - /* sendfile() handles up to 2GB. No config file should be that big. */ - bytes_sent = lxc_sendfile_nointr(memfd, fd, NULL, LXC_SENDFILE_MAX); - if (bytes_sent < 0) { - SYSERROR("Failed to sendfile \"%s\"", file); + ret = fstat(fd, &st); + if (ret) { + SYSERROR("Failed to stat file \"%s\"", file); + goto on_error; + } + + if (st.st_size > INT_MAX) { + SYSERROR("Excessively large config file \"%s\"", file); + goto on_error; + } + + + bytes = __fd_to_fd(fd, memfd); + if (bytes < 0) { + SYSERROR("Failed to copy config file \"%s\"", file); goto on_error; } @@ -92,7 +104,7 @@ SYSERROR("Failed to append zero byte"); goto on_error; } - bytes_sent++; + bytes++; ret = lseek(memfd, 0, SEEK_SET); if (ret < 0) { @@ -101,8 +113,7 @@ } ret = -1; - buf = mmap(NULL, bytes_sent, PROT_READ | PROT_WRITE, - MAP_SHARED | MAP_POPULATE, memfd, 0); + buf = mmap(NULL, bytes, PROT_READ | PROT_WRITE, MAP_PRIVATE | MAP_POPULATE, memfd, 0); if (buf == MAP_FAILED) { buf = NULL; SYSERROR("Failed to mmap"); @@ -117,24 +128,18 @@ * error. */ if (ret < 0) - ERROR("Failed to parse config file \"%s\" at " - "line \"%s\"", file, line); + ERROR("Failed to parse config file \"%s\" at line \"%s\"", + file, line); break; } } on_error: - saved_errno = errno; - if (fd >= 0) - close(fd); - if (memfd >= 0) - close(memfd); - if (buf && munmap(buf, bytes_sent)) { + if (buf && munmap(buf, bytes)) { SYSERROR("Failed to unmap"); if (ret == 0) ret = -1; } - errno = saved_errno; return ret; } diff -Nru lxc-4.0.2/src/lxc/parse.h lxc-4.0.6/src/lxc/parse.h --- lxc-4.0.2/src/lxc/parse.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/parse.h 2021-01-12 00:20:05.000000000 +0000 @@ -13,17 +13,16 @@ typedef int (*lxc_file_cb)(char *buffer, void *data); -__hot extern int lxc_file_for_each_line(const char *file, lxc_file_cb callback, - void *data); +__hidden __hot extern int lxc_file_for_each_line(const char *file, lxc_file_cb callback, void *data); -__hot extern int lxc_file_for_each_line_mmap(const char *file, - lxc_file_cb callback, void *data); +__hidden __hot extern int lxc_file_for_each_line_mmap(const char *file, lxc_file_cb callback, + void *data); /* mmap() wrapper. lxc_strmmap() will take care to \0-terminate files so that * normal string-handling functions can be used on the buffer. */ -extern void *lxc_strmmap(void *addr, size_t length, int prot, int flags, int fd, - off_t offset); +__hidden extern void *lxc_strmmap(void *addr, size_t length, int prot, int flags, int fd, + off_t offset); /* munmap() wrapper. Use it to free memory mmap()ed with lxc_strmmap(). */ -extern int lxc_strmunmap(void *addr, size_t length); +__hidden extern int lxc_strmunmap(void *addr, size_t length); -#endif +#endif /* __LXC_PARSE_H */ diff -Nru lxc-4.0.2/src/lxc/process_utils.c lxc-4.0.6/src/lxc/process_utils.c --- lxc-4.0.2/src/lxc/process_utils.c 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/src/lxc/process_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -0,0 +1,167 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif +#include +#include +#include +#include +#include +#include +#include + +#include "compiler.h" +#include "config.h" +#include "log.h" +#include "macro.h" +#include "process_utils.h" +#include "syscall_numbers.h" + +lxc_log_define(process_utils, lxc); + +/* + * This is based on raw_clone in systemd but adapted to our needs. This uses + * copy on write semantics and doesn't pass a stack. CLONE_VM is tricky and + * doesn't really matter to us so disallow it. + * + * The nice thing about this is that we get fork() behavior. That is + * lxc_raw_clone() returns 0 in the child and the child pid in the parent. + */ +__returns_twice pid_t lxc_raw_legacy_clone(unsigned long flags, int *pidfd) +{ + +#if defined(__s390x__) || defined(__s390__) || defined(__CRIS__) + /* On s390/s390x and cris the order of the first and second arguments + * of the system call is reversed. + */ + return syscall(__NR_clone, NULL, flags | SIGCHLD, pidfd); +#elif defined(__sparc__) && defined(__arch64__) + { + /* + * sparc64 always returns the other process id in %o0, and a + * boolean flag whether this is the child or the parent in %o1. + * Inline assembly is needed to get the flag returned in %o1. + */ + register long g1 asm("g1") = __NR_clone; + register long o0 asm("o0") = flags | SIGCHLD; + register long o1 asm("o1") = 0; /* is parent/child indicator */ + register long o2 asm("o2") = (unsigned long)pidfd; + long is_error, retval, in_child; + pid_t child_pid; + + asm volatile( +#if defined(__arch64__) + "t 0x6d\n\t" /* 64-bit trap */ +#else + "t 0x10\n\t" /* 32-bit trap */ +#endif + /* + * catch errors: On sparc, the carry bit (csr) in the + * processor status register (psr) is used instead of a + * full register. + */ + "addx %%g0, 0, %%g1" + : "=r"(g1), "=r"(o0), "=r"(o1), "=r"(o2) /* outputs */ + : "r"(g1), "r"(o0), "r"(o1), "r"(o2) /* inputs */ + : "%cc"); /* clobbers */ + + is_error = g1; + retval = o0; + in_child = o1; + + if (is_error) { + errno = retval; + return -1; + } + + if (in_child) + return 0; + + child_pid = retval; + return child_pid; + } +#elif defined(__ia64__) + /* On ia64 the stack and stack size are passed as separate arguments. */ + return syscall(__NR_clone, flags | SIGCHLD, NULL, prctl_arg(0), pidfd); +#else + return syscall(__NR_clone, flags | SIGCHLD, NULL, pidfd); +#endif +} + +__returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd) +{ + pid_t pid; + struct lxc_clone_args args = { + .flags = flags, + .pidfd = ptr_to_u64(pidfd), + }; + + if (flags & (CLONE_VM | CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | + CLONE_CHILD_CLEARTID | CLONE_SETTLS)) + return ret_errno(EINVAL); + + /* On CLONE_PARENT we inherit the parent's exit signal. */ + if (!(flags & CLONE_PARENT)) + args.exit_signal = SIGCHLD; + + pid = lxc_clone3(&args, CLONE_ARGS_SIZE_VER0); + if (pid < 0 && errno == ENOSYS) { + SYSTRACE("Falling back to legacy clone"); + return lxc_raw_legacy_clone(flags, pidfd); + } + + return pid; +} + +pid_t lxc_raw_clone_cb(int (*fn)(void *), void *args, unsigned long flags, + int *pidfd) +{ + pid_t pid; + + pid = lxc_raw_clone(flags, pidfd); + if (pid < 0) + return -1; + + /* + * exit() is not thread-safe and might mess with the parent's signal + * handlers and other stuff when exec() fails. + */ + if (pid == 0) + _exit(fn(args)); + + return pid; +} + +int lxc_raw_pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + unsigned int flags) +{ + return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags); +} + +/* + * Let's use the "standard stack limit" (i.e. glibc thread size default) for + * stack sizes: 8MB. + */ +#define __LXC_STACK_SIZE (8 * 1024 * 1024) +pid_t lxc_clone(int (*fn)(void *), void *arg, int flags, int *pidfd) +{ + pid_t ret; + void *stack; + + stack = malloc(__LXC_STACK_SIZE); + if (!stack) { + SYSERROR("Failed to allocate clone stack"); + return -ENOMEM; + } + +#ifdef __ia64__ + ret = __clone2(fn, stack, __LXC_STACK_SIZE, flags | SIGCHLD, arg, pidfd); +#else + ret = clone(fn, stack + __LXC_STACK_SIZE, flags | SIGCHLD, arg, pidfd); +#endif + if (ret < 0) + SYSERROR("Failed to clone (%#x)", flags); + + return ret; +} diff -Nru lxc-4.0.2/src/lxc/process_utils.h lxc-4.0.6/src/lxc/process_utils.h --- lxc-4.0.2/src/lxc/process_utils.h 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/src/lxc/process_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -0,0 +1,291 @@ +/* SPDX-License-Identifier: LGPL-2.1+ */ + +#ifndef __LXC_PROCESS_UTILS_H +#define __LXC_PROCESS_UTILS_H + +#ifndef _GNU_SOURCE +#define _GNU_SOURCE 1 +#endif +#include +#include +#include +#include +#include +#include +#include +#include + +#include "compiler.h" +#include "config.h" +#include "syscall_numbers.h" + +#ifndef CSIGNAL +#define CSIGNAL 0x000000ff /* signal mask to be sent at exit */ +#endif + +#ifndef CLONE_VM +#define CLONE_VM 0x00000100 /* set if VM shared between processes */ +#endif + +#ifndef CLONE_FS +#define CLONE_FS 0x00000200 /* set if fs info shared between processes */ +#endif + +#ifndef CLONE_FILES +#define CLONE_FILES 0x00000400 /* set if open files shared between processes */ +#endif + +#ifndef CLONE_SIGHAND +#define CLONE_SIGHAND 0x00000800 /* set if signal handlers and blocked signals shared */ +#endif + +#ifndef CLONE_PIDFD +#define CLONE_PIDFD 0x00001000 /* set if a pidfd should be placed in parent */ +#endif + +#ifndef CLONE_PTRACE +#define CLONE_PTRACE 0x00002000 /* set if we want to let tracing continue on the child too */ +#endif + +#ifndef CLONE_VFORK +#define CLONE_VFORK 0x00004000 /* set if the parent wants the child to wake it up on mm_release */ +#endif + +#ifndef CLONE_PARENT +#define CLONE_PARENT 0x00008000 /* set if we want to have the same parent as the cloner */ +#endif + +#ifndef CLONE_THREAD +#define CLONE_THREAD 0x00010000 /* Same thread group? */ +#endif + +#ifndef CLONE_NEWNS +#define CLONE_NEWNS 0x00020000 /* New mount namespace group */ +#endif + +#ifndef CLONE_SYSVSEM +#define CLONE_SYSVSEM 0x00040000 /* share system V SEM_UNDO semantics */ +#endif + +#ifndef CLONE_SETTLS +#define CLONE_SETTLS 0x00080000 /* create a new TLS for the child */ +#endif + +#ifndef CLONE_PARENT_SETTID +#define CLONE_PARENT_SETTID 0x00100000 /* set the TID in the parent */ +#endif + +#ifndef CLONE_CHILD_CLEARTID +#define CLONE_CHILD_CLEARTID 0x00200000 /* clear the TID in the child */ +#endif + +#ifndef CLONE_DETACHED +#define CLONE_DETACHED 0x00400000 /* Unused, ignored */ +#endif + +#ifndef CLONE_UNTRACED +#define CLONE_UNTRACED 0x00800000 /* set if the tracing process can't force CLONE_PTRACE on this clone */ +#endif + +#ifndef CLONE_CHILD_SETTID +#define CLONE_CHILD_SETTID 0x01000000 /* set the TID in the child */ +#endif + +#ifndef CLONE_NEWCGROUP +#define CLONE_NEWCGROUP 0x02000000 /* New cgroup namespace */ +#endif + +#ifndef CLONE_NEWUTS +#define CLONE_NEWUTS 0x04000000 /* New utsname namespace */ +#endif + +#ifndef CLONE_NEWIPC +#define CLONE_NEWIPC 0x08000000 /* New ipc namespace */ +#endif + +#ifndef CLONE_NEWUSER +#define CLONE_NEWUSER 0x10000000 /* New user namespace */ +#endif + +#ifndef CLONE_NEWPID +#define CLONE_NEWPID 0x20000000 /* New pid namespace */ +#endif + +#ifndef CLONE_NEWNET +#define CLONE_NEWNET 0x40000000 /* New network namespace */ +#endif + +#ifndef CLONE_IO +#define CLONE_IO 0x80000000 /* Clone io context */ +#endif + +/* Flags for the clone3() syscall. */ +#ifndef CLONE_CLEAR_SIGHAND +#define CLONE_CLEAR_SIGHAND 0x100000000ULL /* Clear any signal handler and reset to SIG_DFL. */ +#endif + +#ifndef CLONE_INTO_CGROUP +#define CLONE_INTO_CGROUP 0x200000000ULL /* Clone into a specific cgroup given the right permissions. */ +#endif + +/* + * cloning flags intersect with CSIGNAL so can be used with unshare and clone3 + * syscalls only: + */ +#ifndef CLONE_NEWTIME +#define CLONE_NEWTIME 0x00000080 /* New time namespace */ +#endif + +/* waitid */ +#ifndef P_PIDFD +#define P_PIDFD 3 +#endif + +#ifndef CLONE_ARGS_SIZE_VER0 +#define CLONE_ARGS_SIZE_VER0 64 /* sizeof first published struct */ +#endif + +#ifndef CLONE_ARGS_SIZE_VER1 +#define CLONE_ARGS_SIZE_VER1 80 /* sizeof second published struct */ +#endif + +#ifndef CLONE_ARGS_SIZE_VER2 +#define CLONE_ARGS_SIZE_VER2 88 /* sizeof third published struct */ +#endif + +#ifndef ptr_to_u64 +#define ptr_to_u64(ptr) ((__u64)((uintptr_t)(ptr))) +#endif +#ifndef u64_to_ptr +#define u64_to_ptr(x) ((void *)(uintptr_t)x) +#endif + +struct lxc_clone_args { + __aligned_u64 flags; + __aligned_u64 pidfd; + __aligned_u64 child_tid; + __aligned_u64 parent_tid; + __aligned_u64 exit_signal; + __aligned_u64 stack; + __aligned_u64 stack_size; + __aligned_u64 tls; + __aligned_u64 set_tid; + __aligned_u64 set_tid_size; + __aligned_u64 cgroup; +}; + +__returns_twice static inline pid_t lxc_clone3(struct lxc_clone_args *args, size_t size) +{ + return syscall(__NR_clone3, args, size); +} + +#if defined(__ia64__) +int __clone2(int (*__fn)(void *__arg), void *__child_stack_base, + size_t __child_stack_size, int __flags, void *__arg, ...); +#else +int clone(int (*fn)(void *), void *child_stack, int flags, void *arg, ... + /* pid_t *ptid, struct user_desc *tls, pid_t *ctid */); +#endif + +/** + * lxc_clone() - create a new process + * + * - allocate stack: + * This function allocates a new stack the size of page and passes it to the + * kernel. + * + * - support all CLONE_*flags: + * This function supports all CLONE_* flags. If in doubt or not sufficiently + * familiar with process creation in the kernel and interactions with libcs + * this function should be used. + * + * - pthread_atfork() handlers depending on libc: + * Whether this function runs pthread_atfork() handlers depends on the + * corresponding libc wrapper. glibc currently does not run pthread_atfork() + * handlers but does not guarantee that they are not. Other libcs might or + * might not run pthread_atfork() handlers. If you require guarantees please + * refer to the lxc_raw_clone*() functions in process_utils.{c,h}. + * + * - should call lxc_raw_getpid(): + * The child should use lxc_raw_getpid() to retrieve its pid. + */ +__hidden extern pid_t lxc_clone(int (*fn)(void *), void *arg, int flags, int *pidfd); + + +/* + * lxc_raw_clone() - create a new process + * + * - fork() behavior: + * This function returns 0 in the child and > 0 in the parent. + * + * - copy-on-write: + * This function does not allocate a new stack and relies on copy-on-write + * semantics. + * + * - supports subset of ClONE_* flags: + * lxc_raw_clone() intentionally only supports a subset of the flags available + * to the actual system call. Please refer to the implementation what flags + * cannot be used. Also, please don't assume that just because a flag isn't + * explicitly checked for as being unsupported that it is supported. If in + * doubt or not sufficiently familiar with process creation in the kernel and + * interactions with libcs this function should be used. + * + * - no pthread_atfork() handlers: + * This function circumvents - as much as this this is possible - any libc + * wrappers and thus does not run any pthread_atfork() handlers. Make sure + * that this is safe to do in the context you are trying to call this + * function. + * + * - must call lxc_raw_getpid(): + * The child must use lxc_raw_getpid() to retrieve its pid. + */ +__hidden extern pid_t lxc_raw_clone(unsigned long flags, int *pidfd); +__hidden extern pid_t lxc_raw_legacy_clone(unsigned long flags, int *pidfd); + +/* + * lxc_raw_clone_cb() - create a new process + * + * - non-fork() behavior: + * Function does return pid of the child or -1 on error. Pass in a callback + * function via the "fn" argument that gets executed in the child process. + * The "args" argument is passed to "fn". + * + * All other comments that apply to lxc_raw_clone() apply to lxc_raw_clone_cb() + * as well. + */ +__hidden extern pid_t lxc_raw_clone_cb(int (*fn)(void *), void *args, unsigned long flags, + int *pidfd); + +#ifndef HAVE_EXECVEAT +static inline int execveat(int dirfd, const char *pathname, char *const argv[], + char *const envp[], int flags) +{ + return syscall(__NR_execveat, dirfd, pathname, argv, envp, flags); +} +#else +extern int execveat(int dirfd, const char *pathname, char *const argv[], + char *const envp[], int flags); +#endif + +/* + * Because of older glibc's pid cache (up to 2.25) whenever clone() is called + * the child must must retrieve it's own pid via lxc_raw_getpid(). + */ +static inline pid_t lxc_raw_getpid(void) +{ + return (pid_t)syscall(SYS_getpid); +} + +static inline pid_t lxc_raw_gettid(void) +{ +#if __NR_gettid > 0 + return syscall(__NR_gettid); +#else + return lxc_raw_getpid(); +#endif +} + +__hidden extern int lxc_raw_pidfd_send_signal(int pidfd, int sig, siginfo_t *info, + unsigned int flags); + +#endif /* __LXC_PROCESS_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/raw_syscalls.c lxc-4.0.6/src/lxc/raw_syscalls.c --- lxc-4.0.2/src/lxc/raw_syscalls.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/raw_syscalls.c 1970-01-01 00:00:00.000000000 +0000 @@ -1,126 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE 1 -#endif -#include -#include -#include -#include -#include -#include -#include - -#include "compiler.h" -#include "config.h" -#include "macro.h" -#include "raw_syscalls.h" -#include "syscall_numbers.h" - -int lxc_raw_execveat(int dirfd, const char *pathname, char *const argv[], - char *const envp[], int flags) -{ - return syscall(__NR_execveat, dirfd, pathname, argv, envp, flags); -} - -/* - * This is based on raw_clone in systemd but adapted to our needs. This uses - * copy on write semantics and doesn't pass a stack. CLONE_VM is tricky and - * doesn't really matter to us so disallow it. - * - * The nice thing about this is that we get fork() behavior. That is - * lxc_raw_clone() returns 0 in the child and the child pid in the parent. - */ -__returns_twice pid_t lxc_raw_clone(unsigned long flags, int *pidfd) -{ - /* - * These flags don't interest at all so we don't jump through any hoops - * of retrieving them and passing them to the kernel. - */ - errno = EINVAL; - if ((flags & (CLONE_VM | CLONE_PARENT_SETTID | CLONE_CHILD_SETTID | - CLONE_CHILD_CLEARTID | CLONE_SETTLS))) - return -EINVAL; - -#if defined(__s390x__) || defined(__s390__) || defined(__CRIS__) - /* On s390/s390x and cris the order of the first and second arguments - * of the system call is reversed. - */ - return syscall(__NR_clone, NULL, flags | SIGCHLD, pidfd); -#elif defined(__sparc__) && defined(__arch64__) - { - /* - * sparc64 always returns the other process id in %o0, and a - * boolean flag whether this is the child or the parent in %o1. - * Inline assembly is needed to get the flag returned in %o1. - */ - register long g1 asm("g1") = __NR_clone; - register long o0 asm("o0") = flags | SIGCHLD; - register long o1 asm("o1") = 0; /* is parent/child indicator */ - register long o2 asm("o2") = (unsigned long)pidfd; - long is_error, retval, in_child; - pid_t child_pid; - - asm volatile( -#if defined(__arch64__) - "t 0x6d\n\t" /* 64-bit trap */ -#else - "t 0x10\n\t" /* 32-bit trap */ -#endif - /* - * catch errors: On sparc, the carry bit (csr) in the - * processor status register (psr) is used instead of a - * full register. - */ - "addx %%g0, 0, %%g1" - : "=r"(g1), "=r"(o0), "=r"(o1), "=r"(o2) /* outputs */ - : "r"(g1), "r"(o0), "r"(o1), "r"(o2) /* inputs */ - : "%cc"); /* clobbers */ - - is_error = g1; - retval = o0; - in_child = o1; - - if (is_error) { - errno = retval; - return -1; - } - - if (in_child) - return 0; - - child_pid = retval; - return child_pid; - } -#elif defined(__ia64__) - /* On ia64 the stack and stack size are passed as separate arguments. */ - return syscall(__NR_clone, flags | SIGCHLD, NULL, prctl_arg(0), pidfd); -#else - return syscall(__NR_clone, flags | SIGCHLD, NULL, pidfd); -#endif -} - -pid_t lxc_raw_clone_cb(int (*fn)(void *), void *args, unsigned long flags, - int *pidfd) -{ - pid_t pid; - - pid = lxc_raw_clone(flags, pidfd); - if (pid < 0) - return -1; - - /* - * exit() is not thread-safe and might mess with the parent's signal - * handlers and other stuff when exec() fails. - */ - if (pid == 0) - _exit(fn(args)); - - return pid; -} - -int lxc_raw_pidfd_send_signal(int pidfd, int sig, siginfo_t *info, - unsigned int flags) -{ - return syscall(__NR_pidfd_send_signal, pidfd, sig, info, flags); -} diff -Nru lxc-4.0.2/src/lxc/raw_syscalls.h lxc-4.0.6/src/lxc/raw_syscalls.h --- lxc-4.0.2/src/lxc/raw_syscalls.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/raw_syscalls.h 1970-01-01 00:00:00.000000000 +0000 @@ -1,94 +0,0 @@ -/* SPDX-License-Identifier: LGPL-2.1+ */ - -#ifndef __LXC_RAW_SYSCALL_H -#define __LXC_RAW_SYSCALL_H - -#ifndef _GNU_SOURCE -#define _GNU_SOURCE 1 -#endif -#include -#include -#include -#include -#include -#include -#include - -/* clone */ -#ifndef CLONE_PIDFD -#define CLONE_PIDFD 0x00001000 -#endif - -/* waitid */ -#ifndef P_PIDFD -#define P_PIDFD 3 -#endif - -/* - * lxc_raw_clone() - create a new process - * - * - fork() behavior: - * This function returns 0 in the child and > 0 in the parent. - * - * - copy-on-write: - * This function does not allocate a new stack and relies on copy-on-write - * semantics. - * - * - supports subset of ClONE_* flags: - * lxc_raw_clone() intentionally only supports a subset of the flags available - * to the actual system call. Please refer to the implementation what flags - * cannot be used. Also, please don't assume that just because a flag isn't - * explicitly checked for as being unsupported that it is supported. If in - * doubt or not sufficiently familiar with process creation in the kernel and - * interactions with libcs this function should be used. - * - * - no pthread_atfork() handlers: - * This function circumvents - as much as this this is possible - any libc - * wrappers and thus does not run any pthread_atfork() handlers. Make sure - * that this is safe to do in the context you are trying to call this - * function. - * - * - must call lxc_raw_getpid(): - * The child must use lxc_raw_getpid() to retrieve its pid. - */ -extern pid_t lxc_raw_clone(unsigned long flags, int *pidfd); - -/* - * lxc_raw_clone_cb() - create a new process - * - * - non-fork() behavior: - * Function does return pid of the child or -1 on error. Pass in a callback - * function via the "fn" argument that gets executed in the child process. - * The "args" argument is passed to "fn". - * - * All other comments that apply to lxc_raw_clone() apply to lxc_raw_clone_cb() - * as well. - */ -extern pid_t lxc_raw_clone_cb(int (*fn)(void *), void *args, - unsigned long flags, int *pidfd); - -extern int lxc_raw_execveat(int dirfd, const char *pathname, char *const argv[], - char *const envp[], int flags); - -/* - * Because of older glibc's pid cache (up to 2.25) whenever clone() is called - * the child must must retrieve it's own pid via lxc_raw_getpid(). - */ -static inline pid_t lxc_raw_getpid(void) -{ - return (pid_t)syscall(SYS_getpid); -} - -static inline pid_t lxc_raw_gettid(void) -{ -#if __NR_gettid > 0 - return syscall(__NR_gettid); -#else - return lxc_raw_getpid(); -#endif -} - -extern int lxc_raw_pidfd_send_signal(int pidfd, int sig, siginfo_t *info, - unsigned int flags); - -#endif /* __LXC_RAW_SYSCALL_H */ diff -Nru lxc-4.0.2/src/lxc/rexec.c lxc-4.0.6/src/lxc/rexec.c --- lxc-4.0.2/src/lxc/rexec.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/rexec.c 2021-01-12 00:20:05.000000000 +0000 @@ -13,7 +13,8 @@ #include "file_utils.h" #include "macro.h" #include "memory_utils.h" -#include "raw_syscalls.h" +#include "process_utils.h" +#include "rexec.h" #include "string_utils.h" #include "syscall_wrappers.h" diff -Nru lxc-4.0.2/src/lxc/rexec.h lxc-4.0.6/src/lxc/rexec.h --- lxc-4.0.2/src/lxc/rexec.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/rexec.h 2021-01-12 00:20:05.000000000 +0000 @@ -3,6 +3,8 @@ #ifndef __LXC_REXEC_H #define __LXC_REXEC_H -extern int lxc_rexec(const char *memfd_name); +#include "compiler.h" + +__hidden extern int lxc_rexec(const char *memfd_name); #endif /* __LXC_REXEC_H */ diff -Nru lxc-4.0.2/src/lxc/ringbuf.h lxc-4.0.6/src/lxc/ringbuf.h --- lxc-4.0.2/src/lxc/ringbuf.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/ringbuf.h 2021-01-12 00:20:05.000000000 +0000 @@ -8,6 +8,8 @@ #include #include +#include "compiler.h" + /** * lxc_ringbuf - Implements a simple and efficient memory mapped ringbuffer. * - The "addr" field of struct lxc_ringbuf is considered immutable. Instead the @@ -29,10 +31,10 @@ * * @param[in] size Size of the new ringbuffer as a power of 2. */ -extern int lxc_ringbuf_create(struct lxc_ringbuf *buf, size_t size); -extern void lxc_ringbuf_move_read_addr(struct lxc_ringbuf *buf, size_t len); -extern int lxc_ringbuf_write(struct lxc_ringbuf *buf, const char *msg, size_t len); -extern int lxc_ringbuf_read(struct lxc_ringbuf *buf, char *out, size_t *len); +__hidden extern int lxc_ringbuf_create(struct lxc_ringbuf *buf, size_t size); +__hidden extern void lxc_ringbuf_move_read_addr(struct lxc_ringbuf *buf, size_t len); +__hidden extern int lxc_ringbuf_write(struct lxc_ringbuf *buf, const char *msg, size_t len); +__hidden extern int lxc_ringbuf_read(struct lxc_ringbuf *buf, char *out, size_t *len); static inline void lxc_ringbuf_release(struct lxc_ringbuf *buf) { diff -Nru lxc-4.0.2/src/lxc/rtnl.c lxc-4.0.6/src/lxc/rtnl.c --- lxc-4.0.2/src/lxc/rtnl.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/rtnl.c 2021-01-12 00:20:05.000000000 +0000 @@ -16,12 +16,12 @@ #include "nl.h" #include "rtnl.h" -extern int rtnetlink_open(struct rtnl_handler *handler) +int rtnetlink_open(struct rtnl_handler *handler) { return netlink_open(&handler->nlh, NETLINK_ROUTE); } -extern void rtnetlink_close(struct rtnl_handler *handler) +void rtnetlink_close(struct rtnl_handler *handler) { netlink_close(&handler->nlh); } @@ -29,20 +29,19 @@ #pragma GCC diagnostic push #pragma GCC diagnostic ignored "-Wcast-align" -extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg) +int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg) { return netlink_rcv(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr); } -extern int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg) +int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg) { return netlink_send(&handler->nlh, (struct nlmsg *)&rtnlmsg->nlmsghdr); } -extern int rtnetlink_transaction(struct rtnl_handler *handler, - struct rtnlmsg *request, - struct rtnlmsg *answer) +int rtnetlink_transaction(struct rtnl_handler *handler, struct rtnlmsg *request, + struct rtnlmsg *answer) { return netlink_transaction(&handler->nlh, (struct nlmsg *)&request->nlmsghdr, @@ -51,7 +50,7 @@ #pragma GCC diagnostic pop -extern struct rtnlmsg *rtnlmsg_alloc(size_t size) +struct rtnlmsg *rtnlmsg_alloc(size_t size) { /* size_t len; @@ -63,4 +62,4 @@ return NULL; } -extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg) { free(rtnlmsg); } +void rtnlmsg_free(struct rtnlmsg *rtnlmsg) { free(rtnlmsg); } diff -Nru lxc-4.0.2/src/lxc/rtnl.h lxc-4.0.6/src/lxc/rtnl.h --- lxc-4.0.2/src/lxc/rtnl.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/rtnl.h 2021-01-12 00:20:05.000000000 +0000 @@ -3,6 +3,8 @@ #ifndef __LXC_RTNL_H #define __LXC_RTNL_H +#include + /* * Use this as a good size to allocate route netlink messages */ @@ -38,14 +40,14 @@ * * Returns 0 on success, < 0 otherwise */ -extern int rtnetlink_open(struct rtnl_handler *handler); +__hidden extern int rtnetlink_open(struct rtnl_handler *handler); /* * genetlink_close : close a route netlink socket * * @handler: the handler of the socket to be closed */ -extern void rtnetlink_close(struct rtnl_handler *handler); +__hidden extern void rtnetlink_close(struct rtnl_handler *handler); /* * rtnetlink_rcv : receive a route netlink socket, it is up @@ -56,7 +58,7 @@ * * Returns 0 on success, < 0 otherwise */ -extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg); +__hidden extern int rtnetlink_rcv(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg); /* * rtnetlink_send : send a route netlink socket, it is up @@ -67,12 +69,11 @@ * * Returns 0 on success, < 0 otherwise */ -extern int rtnetlink_send(struct rtnl_handler *handler, - struct rtnlmsg *rtnlmsg); +__hidden extern int rtnetlink_send(struct rtnl_handler *handler, struct rtnlmsg *rtnlmsg); -struct genlmsg *genlmsg_alloc(size_t size); +__hidden struct genlmsg *genlmsg_alloc(size_t size); -extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg); +__hidden extern void rtnlmsg_free(struct rtnlmsg *rtnlmsg); /* * rtnetlink_transaction : send and receive a route netlink message in one shot @@ -83,8 +84,9 @@ * * Returns 0 on success, < 0 otherwise */ -extern int rtnetlink_transaction(struct rtnl_handler *handler, - struct rtnlmsg *request, - struct rtnlmsg *answer); +__hidden extern int rtnetlink_transaction(struct rtnl_handler *handler, struct rtnlmsg *request, + struct rtnlmsg *answer); + +__hidden struct rtnlmsg *rtnlmsg_alloc(size_t size); #endif /* __LXC_RTNL_H */ diff -Nru lxc-4.0.2/src/lxc/seccomp.c lxc-4.0.6/src/lxc/seccomp.c --- lxc-4.0.2/src/lxc/seccomp.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/seccomp.c 2021-01-12 00:20:05.000000000 +0000 @@ -7,6 +7,7 @@ #include #include #include +#include #include #include @@ -99,7 +100,7 @@ while (*line == ' ') line++; - /* After 'whitelist' or 'blacklist' comes default behavior. */ + /* After 'allowlist' or 'denylist' comes default behavior. */ if (strncmp(line, "kill", 4) == 0) { ret_action = SCMP_ACT_KILL; } else if (strncmp(line, "errno", 5) == 0) { @@ -317,7 +318,7 @@ lxc_seccomp_arch_unknown = 999, }; -int get_hostarch(void) +static int get_hostarch(void) { struct utsname uts; if (uname(&uts) < 0) { @@ -351,8 +352,8 @@ return lxc_seccomp_arch_unknown; } -scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, - uint32_t default_policy_action, bool *needs_merge) +static scmp_filter_ctx get_new_ctx(enum lxc_hostarch_t n_arch, uint32_t default_policy_action, + bool *needs_merge) { int ret; uint32_t arch; @@ -485,8 +486,15 @@ return ctx; } -bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, - struct seccomp_v2_rule *rule) +enum lxc_seccomp_rule_status_t { + lxc_seccomp_rule_added = 0, + lxc_seccomp_rule_err, + lxc_seccomp_rule_undefined_syscall, + lxc_seccomp_rule_unsupported_arch, +}; + +static enum lxc_seccomp_rule_status_t do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, + struct seccomp_v2_rule *rule) { int i, nr, ret; struct scmp_arg_cmp arg_cmp[6]; @@ -495,7 +503,7 @@ if (arch && ret != 0) { errno = -ret; SYSERROR("Seccomp: rule and context arch do not match (arch %d)", arch); - return false; + return lxc_seccomp_rule_err; } /*get the syscall name*/ @@ -510,24 +518,28 @@ if (ret < 0) { errno = -ret; SYSERROR("Failed loading rule to reject force umount"); - return false; + return lxc_seccomp_rule_err; } INFO("Set seccomp rule to reject force umounts"); - return true; + return lxc_seccomp_rule_added; } nr = seccomp_syscall_resolve_name(line); if (nr == __NR_SCMP_ERROR) { - WARN("Failed to resolve syscall \"%s\"", line); - WARN("This syscall will NOT be handled by seccomp"); - return true; + INFO("The syscall[%s] is is undefined on host native arch", line); + return lxc_seccomp_rule_undefined_syscall; } - if (nr < 0) { - WARN("Got negative return value %d for syscall \"%s\"", nr, line); - WARN("This syscall will NOT be handled by seccomp"); - return true; + // The syscall resolves to a pseudo syscall and may be available on compat archs. + if (nr < 0 && arch == SCMP_ARCH_NATIVE) { + DEBUG("The syscall[%d:%s] is a pseudo syscall and not available on host native arch.", nr, line); + return lxc_seccomp_rule_unsupported_arch; + } + + if (arch != SCMP_ARCH_NATIVE && seccomp_syscall_resolve_name_arch(arch, line) < 0) { + DEBUG("The syscall[%d:%s] is not supported on compat arch[%u]", nr, line, arch); + return lxc_seccomp_rule_unsupported_arch; } memset(&arg_cmp, 0, sizeof(arg_cmp)); @@ -549,16 +561,41 @@ rule->args_value[i].value); } + INFO("Adding %s rule for syscall[%d:%s] action[%d:%s] arch[%u]", + (arch == SCMP_ARCH_NATIVE) ? "native" : "compat", + nr, line, rule->action, get_action_name(rule->action), arch); + ret = seccomp_rule_add_exact_array(ctx, rule->action, nr, rule->args_num, arg_cmp); if (ret < 0) { errno = -ret; - SYSERROR("Failed loading rule for %s (nr %d action %d (%s))", - line, nr, rule->action, get_action_name(rule->action)); - return false; + SYSERROR("Failed to add rule for syscall[%d:%s] action[%d:%s] arch[%u]", + nr, line, rule->action, get_action_name(rule->action), arch); + return lxc_seccomp_rule_err; } - return true; + return lxc_seccomp_rule_added; +} + +/* + * It is unfortunate, but we can't simply remove those terms since this would + * break way too many users. + */ +#define BACKWARDCOMPAT_TERMINOLOGY_DENYLIST "blacklist" +#define BACKWARDCOMPAT_TERMINOLOGY_ALLOWLIST "whitelist" + +static inline bool is_denylist(const char *type) +{ + return strnequal(type, "denylist", STRLITERALLEN("denylist")) || + strnequal(type, BACKWARDCOMPAT_TERMINOLOGY_DENYLIST, + STRLITERALLEN(BACKWARDCOMPAT_TERMINOLOGY_DENYLIST)); +} + +static inline bool is_allowlist(const char *type) +{ + return strnequal(type, "allowlist", STRLITERALLEN("allowlist")) || + strnequal(type, BACKWARDCOMPAT_TERMINOLOGY_ALLOWLIST, + STRLITERALLEN(BACKWARDCOMPAT_TERMINOLOGY_ALLOWLIST)); } /* @@ -580,7 +617,7 @@ int ret; char *p; enum lxc_hostarch_t cur_rule_arch, native_arch; - bool blacklist = false; + bool denylist = false; uint32_t default_policy_action = -1, default_rule_action = -1; struct seccomp_v2_rule rule; struct scmp_ctx_info { @@ -589,12 +626,10 @@ bool needs_merge[3]; } ctx; - if (strncmp(line, "blacklist", 9) == 0) - blacklist = true; - else if (strncmp(line, "whitelist", 9) != 0) { - ERROR("Bad seccomp policy style \"%s\"", line); - return -1; - } + if (is_denylist(line)) + denylist = true; + else if (!is_allowlist(line)) + return log_error(-EINVAL, "Bad seccomp policy style \"%s\"", line); p = strchr(line, ' '); if (p) { @@ -603,8 +638,8 @@ return -1; } - /* for blacklist, allow any syscall which has no rule */ - if (blacklist) { + /* for denylist, allow any syscall which has no rule */ + if (denylist) { if (default_policy_action == -1) default_policy_action = SCMP_ACT_ALLOW; @@ -618,6 +653,8 @@ default_rule_action = SCMP_ACT_ALLOW; } + DEBUG("Host native arch is [%u]", seccomp_arch_native()); + memset(&ctx, 0, sizeof(ctx)); ctx.architectures[0] = SCMP_ARCH_NATIVE; ctx.architectures[1] = SCMP_ARCH_NATIVE; @@ -958,43 +995,23 @@ } #endif - if (!do_resolve_add_rule(SCMP_ARCH_NATIVE, line, - conf->seccomp.seccomp_ctx, &rule)) + + ret = do_resolve_add_rule(SCMP_ARCH_NATIVE, line, + conf->seccomp.seccomp_ctx, &rule); + if (ret == lxc_seccomp_rule_err) goto bad_rule; + if (ret == lxc_seccomp_rule_undefined_syscall) + continue; - INFO("Added native rule for arch %d for %s action %d(%s)", - SCMP_ARCH_NATIVE, line, rule.action, - get_action_name(rule.action)); - - if (ctx.architectures[0] != SCMP_ARCH_NATIVE) { - if (!do_resolve_add_rule(ctx.architectures[0], line, - ctx.contexts[0], &rule)) - goto bad_rule; - - INFO("Added compat rule for arch %d for %s action %d(%s)", - ctx.architectures[0], line, rule.action, - get_action_name(rule.action)); - } - - if (ctx.architectures[1] != SCMP_ARCH_NATIVE) { - if (!do_resolve_add_rule(ctx.architectures[1], line, - ctx.contexts[1], &rule)) - goto bad_rule; - - INFO("Added compat rule for arch %d for %s action %d(%s)", - ctx.architectures[1], line, rule.action, - get_action_name(rule.action)); - } - - if (ctx.architectures[2] != SCMP_ARCH_NATIVE) { - if (!do_resolve_add_rule(ctx.architectures[2], line, - ctx.contexts[2], &rule)) - goto bad_rule; - - INFO("Added native rule for arch %d for %s action %d(%s)", - ctx.architectures[2], line, rule.action, - get_action_name(rule.action)); + for (int i = 0; i < 3; i++ ) { + uint32_t arch = ctx.architectures[i]; + if (arch != SCMP_ARCH_NATIVE && arch != seccomp_arch_native()) { + if (lxc_seccomp_rule_err == do_resolve_add_rule(arch, line, + ctx.contexts[i], &rule)) + goto bad_rule; + } } + } INFO("Merging compat seccomp contexts into main context"); @@ -1079,7 +1096,7 @@ * the second line has some directives * then comes policy subject to the directives * right now version must be '1' or '2' - * the directives must include 'whitelist'(version == 1 or 2) or 'blacklist' + * the directives must include 'allowlist'(version == 1 or 2) or 'denylist' * (version == 2) and can include 'debug' (though debug is not yet supported). */ static int parse_config(FILE *f, struct lxc_conf *conf) @@ -1099,8 +1116,8 @@ goto bad_line; } - if (version == 1 && !strstr(line, "whitelist")) { - ERROR("Only whitelist policy is supported"); + if (version == 1 && !strstr(line, "allowlist")) { + ERROR("Only allowlist policy is supported"); goto bad_line; } @@ -1263,6 +1280,9 @@ return -1; } + if (fd_make_nonblocking(ret)) + return log_error_errno(-1, errno, "Failed to make seccomp listener fd non-blocking");; + conf->seccomp.notifier.notify_fd = ret; TRACE("Retrieved new seccomp listener fd %d", ret); } @@ -1322,9 +1342,16 @@ { resp->id = req->id; resp->error = -ENOSYS; + resp->val = 0; + resp->flags = 0; if (seccomp_notify_respond(fd, resp)) - SYSERROR("Failed to send default message to seccomp"); + SYSERROR("Failed to send default message to seccomp notification with id(%llu)", + (long long unsigned int)resp->id); + else + TRACE("Sent default response for seccomp notification with id(%llu)", + (long long unsigned int)resp->id); + memset(resp, 0, handler->conf->seccomp.notifier.sizes.seccomp_notif_resp); } #endif @@ -1337,7 +1364,7 @@ __do_close int fd_mem = -EBADF; int ret; ssize_t bytes; - int send_fd_list[2]; + int send_fd_list[3]; struct iovec iov[4]; size_t iov_len, msg_base_size, msg_full_size; char mem_path[6 /* /proc/ */ @@ -1352,12 +1379,21 @@ int listener_proxy_fd = conf->seccomp.notifier.proxy_fd; struct seccomp_notify_proxy_msg msg = {0}; char *cookie = conf->seccomp.notifier.cookie; - uint64_t req_id; + __u64 req_id; + + if (events & EPOLLHUP) { + lxc_mainloop_del_handler(descr, fd); + close(fd); + return log_trace(0, "Removing seccomp notifier fd %d", fd); + } - memset(req, 0, sizeof(*req)); + memset(req, 0, conf->seccomp.notifier.sizes.seccomp_notif); ret = seccomp_notify_receive(fd, req); if (ret) { - SYSERROR("Failed to read seccomp notification"); + if (errno == ENOENT) + TRACE("Intercepted system call aborted"); + else + SYSERROR("Failed to read seccomp notification"); goto out; } @@ -1378,6 +1414,7 @@ /* remember the ID in case we receive garbage from the proxy */ resp->id = req_id = req->id; + TRACE("Received seccomp notification with id(%llu)", (long long unsigned int)req_id); snprintf(mem_path, sizeof(mem_path), "/proc/%d", req->pid); fd_pid = open(mem_path, O_RDONLY | O_DIRECTORY | O_CLOEXEC); @@ -1402,7 +1439,7 @@ ret = seccomp_notify_id_valid(fd, req->id); if (ret < 0) { seccomp_notify_default_answer(fd, req, resp, hdlr); - SYSERROR("Invalid seccomp notify request id"); + SYSERROR("Invalid seccomp notify request id(%llu)", (long long unsigned int)req->id); goto out; } @@ -1434,10 +1471,10 @@ send_fd_list[0] = fd_pid; send_fd_list[1] = fd_mem; + send_fd_list[2] = fd; retry: - bytes = lxc_abstract_unix_send_fds_iov(listener_proxy_fd, send_fd_list, - 2, iov, iov_len); + bytes = lxc_abstract_unix_send_fds_iov(listener_proxy_fd, send_fd_list, 3, iov, iov_len); if (bytes != (ssize_t)msg_full_size) { SYSERROR("Failed to forward message to seccomp proxy"); if (!reconnected) { @@ -1461,8 +1498,9 @@ } if (resp->id != req_id) { + ERROR("Proxy returned response with illegal id(%llu) != id(%llu)", + (long long unsigned int)resp->id, (long long unsigned int)req_id); resp->id = req_id; - ERROR("Proxy returned response with illegal id"); seccomp_notify_default_answer(fd, req, resp, hdlr); goto out; } @@ -1474,9 +1512,19 @@ goto out; } + if (resp->id != req_id) { + ERROR("Proxy returned response with illegal id(%llu) != id(%llu)", + (long long unsigned int)resp->id, (long long unsigned int)req_id); + resp->id = req_id; + } + ret = seccomp_notify_respond(fd, resp); if (ret) SYSERROR("Failed to send seccomp notification"); + else + TRACE("Sent response for seccomp notification with id(%llu)", + (long long unsigned int)resp->id); + memset(resp, 0, conf->seccomp.notifier.sizes.seccomp_notif_resp); out: #endif diff -Nru lxc-4.0.2/src/lxc/start.c lxc-4.0.6/src/lxc/start.c --- lxc-4.0.2/src/lxc/start.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/start.c 2021-01-12 00:20:05.000000000 +0000 @@ -30,6 +30,7 @@ #include "cgroup.h" #include "commands.h" #include "commands_utils.h" +#include "compiler.h" #include "conf.h" #include "config.h" #include "confile_utils.h" @@ -47,7 +48,7 @@ #include "monitor.h" #include "namespace.h" #include "network.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "start.h" #include "storage/storage.h" #include "storage/storage_utils.h" @@ -212,6 +213,13 @@ if (conf && conf->close_all_fds) closeall = true; + /* + * Disable syslog at this point to avoid the above logging + * function to open a new fd and make the check_inherited function + * enter an infinite loop. + */ + lxc_log_syslog_disable(); + restart: dir = opendir("/proc/self/fd"); if (!dir) @@ -272,21 +280,24 @@ #endif if (closeall) { - close(fd); + if (close(fd)) + SYSINFO("Closed inherited fd %d", fd); + else + INFO("Closed inherited fd %d", fd); closedir(dir); - INFO("Closed inherited fd %d", fd); goto restart; } WARN("Inherited fd %d", fd); } + closedir(dir); - /* Only enable syslog at this point to avoid the above logging function - * to open a new fd and make the check_inherited function enter an - * infinite loop. + /* + * Only enable syslog at this point to avoid the above logging + * function to open a new fd and make the check_inherited function + * enter an infinite loop. */ - lxc_log_enable_syslog(); + lxc_log_syslog_enable(); - closedir(dir); /* cannot fail */ return 0; } @@ -605,32 +616,7 @@ return ret; } -void lxc_zero_handler(struct lxc_handler *handler) -{ - memset(handler, 0, sizeof(struct lxc_handler)); - - handler->state = STOPPED; - - handler->pinfd = -EBADF; - - handler->pidfd = -EBADF; - - handler->sigfd = -EBADF; - - for (int i = 0; i < LXC_NS_MAX; i++) - handler->nsfd[i] = -EBADF; - - handler->data_sock[0] = -EBADF; - handler->data_sock[1] = -EBADF; - - handler->state_socket_pair[0] = -EBADF; - handler->state_socket_pair[1] = -EBADF; - - handler->sync_sock[0] = -EBADF; - handler->sync_sock[1] = -EBADF; -} - -void lxc_free_handler(struct lxc_handler *handler) +void lxc_put_handler(struct lxc_handler *handler) { close_prot_errno_disarm(handler->pinfd); close_prot_errno_disarm(handler->pidfd); @@ -642,22 +628,27 @@ close_prot_errno_disarm(handler->state_socket_pair[0]); close_prot_errno_disarm(handler->state_socket_pair[1]); cgroup_exit(handler->cgroup_ops); - handler->conf = NULL; - free_disarm(handler); + if (handler->conf && handler->conf->reboot == REBOOT_NONE) + free_disarm(handler); + else + handler->conf = NULL; } -struct lxc_handler *lxc_init_handler(const char *name, struct lxc_conf *conf, +struct lxc_handler *lxc_init_handler(struct lxc_handler *old, + const char *name, struct lxc_conf *conf, const char *lxcpath, bool daemonize) { + int nr_keep_fds = 0; int ret; struct lxc_handler *handler; - handler = malloc(sizeof(*handler)); + if (!old) + handler = zalloc(sizeof(*handler)); + else + handler = old; if (!handler) return NULL; - memset(handler, 0, sizeof(*handler)); - /* Note that am_guest_unpriv() checks the effective uid. We * probably don't care if we are real root only if we are running * as root so this should be fine. @@ -701,6 +692,8 @@ TRACE("Created anonymous pair {%d,%d} of unix sockets", handler->state_socket_pair[0], handler->state_socket_pair[1]); + handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[0]; + handler->keep_fds[nr_keep_fds++] = handler->state_socket_pair[1]; } if (handler->conf->reboot == REBOOT_NONE) { @@ -709,6 +702,7 @@ ERROR("Failed to set up command socket"); goto on_error; } + handler->keep_fds[nr_keep_fds++] = handler->conf->maincmd_fd; } TRACE("Unix domain socket %d for command server is ready", @@ -717,7 +711,7 @@ return handler; on_error: - lxc_free_handler(handler); + lxc_put_handler(handler); return NULL; } @@ -734,7 +728,7 @@ if (status_fd < 0) return log_error_errno(-1, errno, "Failed to open monitor status fd"); - lsm_init(); + handler->lsm_ops = lsm_init(); TRACE("Initialized LSM"); /* Begin by setting the state to STARTING. */ @@ -821,13 +815,6 @@ } TRACE("Created console"); - ret = lxc_terminal_map_ids(conf, &conf->console); - if (ret < 0) { - ERROR("Failed to chown console"); - goto out_delete_terminal; - } - TRACE("Chowned console"); - handler->cgroup_ops = cgroup_init(handler->conf); if (!handler->cgroup_ops) { ERROR("Failed to initialize cgroup driver"); @@ -840,7 +827,7 @@ return log_error(-1, "Failed loading seccomp policy"); TRACE("Read seccomp policy"); - ret = lsm_process_prepare(conf, handler->lxcpath); + ret = handler->lsm_ops->prepare(handler->lsm_ops, conf, handler->lxcpath); if (ret < 0) { ERROR("Failed to initialize LSM"); goto out_delete_terminal; @@ -931,7 +918,7 @@ while (namespace_count--) free(namespaces[namespace_count]); - lsm_process_cleanup(handler->conf, handler->lxcpath); + handler->lsm_ops->cleanup(handler->lsm_ops, handler->conf, handler->lxcpath); if (cgroup_ops) { cgroup_ops->payload_destroy(cgroup_ops, handler); @@ -986,6 +973,7 @@ lxc_terminal_delete(&handler->conf->console); lxc_delete_tty(&handler->conf->ttys); + close_prot_errno_disarm(handler->conf->devpts_fd); /* The command socket is now closed, no more state clients can register * themselves from now on. So free the list of state clients. @@ -1008,7 +996,7 @@ if (handler->conf->ephemeral == 1 && handler->conf->reboot != REBOOT_REQ) lxc_destroy_container_on_signal(handler, name); - lxc_free_handler(handler); + lxc_put_handler(handler); } void lxc_abort(struct lxc_handler *handler) @@ -1088,8 +1076,7 @@ /* Unshare CLONE_NEWNET after CLONE_NEWUSER. See * https://github.com/lxc/lxd/issues/1978. */ - if ((handler->ns_clone_flags & (CLONE_NEWNET | CLONE_NEWUSER)) == - (CLONE_NEWNET | CLONE_NEWUSER)) { + if (handler->ns_unshare_flags & CLONE_NEWNET) { ret = unshare(CLONE_NEWNET); if (ret < 0) { SYSERROR("Failed to unshare CLONE_NEWNET"); @@ -1197,7 +1184,7 @@ * * 8:cpuset:/ */ - if (handler->ns_clone_flags & CLONE_NEWCGROUP) { + if (handler->ns_unshare_flags & CLONE_NEWCGROUP) { ret = unshare(CLONE_NEWCGROUP); if (ret < 0) { if (errno != EINVAL) { @@ -1233,7 +1220,7 @@ } /* Set the label to change to when we exec(2) the container's init. */ - ret = lsm_process_label_set(NULL, handler->conf, true); + ret = handler->lsm_ops->process_label_set(handler->lsm_ops, NULL, handler->conf, true); if (ret < 0) goto out_warn_father; @@ -1256,14 +1243,14 @@ * setup on its console ie. the pty allocated in lxc_terminal_setup() so * make sure that that pty is stdin,stdout,stderr. */ - if (handler->conf->console.slave >= 0) { + if (handler->conf->console.pty >= 0) { if (handler->daemonize || !handler->conf->is_execute) - ret = set_stdfds(handler->conf->console.slave); + ret = set_stdfds(handler->conf->console.pty); else - ret = lxc_terminal_set_stdfds(handler->conf->console.slave); + ret = lxc_terminal_set_stdfds(handler->conf->console.pty); if (ret < 0) { ERROR("Failed to redirect std{in,out,err} to pty file descriptor %d", - handler->conf->console.slave); + handler->conf->console.pty); goto out_warn_father; } } @@ -1290,7 +1277,7 @@ close_prot_errno_disarm(handler->sigfd); - if (handler->conf->console.slave < 0 && handler->daemonize) { + if (handler->conf->console.pty < 0 && handler->daemonize) { if (devnull_fd < 0) { devnull_fd = open_devnull(); if (devnull_fd < 0) @@ -1442,9 +1429,9 @@ tty = &ttys->tty[i]; tty->busy = -1; - tty->master = ttyfds[0]; - tty->slave = ttyfds[1]; - TRACE("Received pty with master fd %d and slave fd %d from child", tty->master, tty->slave); + tty->ptx = ttyfds[0]; + tty->pty = ttyfds[1]; + TRACE("Received pty with ptx fd %d and pty fd %d from child", tty->ptx, tty->pty); } if (ret < 0) @@ -1487,6 +1474,18 @@ TRACE("Sharing %s namespace", ns_info[i].proc_name); } + if (!pure_unified_layout(handler->cgroup_ops) && handler->ns_clone_flags & CLONE_NEWCGROUP) + handler->ns_unshare_flags |= CLONE_NEWCGROUP; + + if ((handler->ns_clone_flags & (CLONE_NEWNET | CLONE_NEWUSER)) == + (CLONE_NEWNET | CLONE_NEWUSER)) + handler->ns_unshare_flags |= CLONE_NEWNET; + + /* Deal with namespaces that are spawned. */ + handler->ns_on_clone_flags = handler->ns_clone_flags & ~handler->ns_unshare_flags; + + handler->clone_flags = handler->ns_on_clone_flags | CLONE_PIDFD; + return 0; } @@ -1609,18 +1608,6 @@ } /* Create a process in a new set of namespaces. */ - handler->ns_on_clone_flags = handler->ns_clone_flags; - if (handler->ns_clone_flags & CLONE_NEWUSER) { - /* If CLONE_NEWUSER and CLONE_NEWNET was requested, we need to - * clone a new user namespace first and only later unshare our - * network namespace to ensure that network devices ownership is - * set up correctly. - */ - handler->ns_on_clone_flags &= ~CLONE_NEWNET; - } - /* The cgroup namespace gets unshare()ed not clone()ed. */ - handler->ns_on_clone_flags &= ~CLONE_NEWCGROUP; - if (share_ns) { pid_t attacher_pid; @@ -1636,15 +1623,64 @@ SYSERROR("Intermediate process failed"); goto out_delete_net; } + + if (handler->pid < 0) { + SYSERROR(LXC_CLONE_ERROR); + goto out_delete_net; + } } else { - handler->pid = lxc_raw_clone_cb(do_start, handler, - CLONE_PIDFD | handler->ns_on_clone_flags, - &handler->pidfd); - } - if (handler->pid < 0) { - SYSERROR(LXC_CLONE_ERROR); - goto out_delete_net; + int cgroup_fd = -EBADF; + + struct lxc_clone_args clone_args = { + .flags = handler->clone_flags, + .pidfd = ptr_to_u64(&handler->pidfd), + .exit_signal = SIGCHLD, + }; + + if (handler->ns_clone_flags & CLONE_NEWCGROUP) { + cgroup_fd = cgroup_unified_fd(cgroup_ops); + if (cgroup_fd >= 0) { + handler->clone_flags |= CLONE_INTO_CGROUP; + clone_args.flags |= CLONE_INTO_CGROUP; + clone_args.cgroup = cgroup_fd; + } + } + + /* Try to spawn directly into target cgroup. */ + handler->pid = lxc_clone3(&clone_args, CLONE_ARGS_SIZE_VER2); + if (handler->pid < 0) { + SYSTRACE("Failed to spawn container directly into target cgroup"); + + /* Kernel might simply be too old for CLONE_INTO_CGROUP. */ + handler->clone_flags &= ~(CLONE_INTO_CGROUP | CLONE_NEWCGROUP); + handler->ns_on_clone_flags &= ~CLONE_NEWCGROUP; + handler->ns_unshare_flags |= CLONE_NEWCGROUP; + + clone_args.flags = handler->clone_flags; + + handler->pid = lxc_clone3(&clone_args, CLONE_ARGS_SIZE_VER0); + } else if (cgroup_fd >= 0) { + TRACE("Spawned container directly into target cgroup via cgroup2 fd %d", cgroup_fd); + } + + /* Kernel might be too old for clone3(). */ + if (handler->pid < 0) { + SYSTRACE("Failed to spawn container via clone3()"); + handler->pid = lxc_raw_legacy_clone(handler->clone_flags, &handler->pidfd); + } + + if (handler->pid < 0) { + SYSERROR(LXC_CLONE_ERROR); + goto out_delete_net; + } + + if (handler->pid == 0) { + (void)do_start(handler); + _exit(EXIT_FAILURE); + } } + if (handler->pidfd < 0) + handler->clone_flags &= ~CLONE_PIDFD; TRACE("Cloned child process %d", handler->pid); /* Verify that we can actually make use of pidfds. */ @@ -1783,7 +1819,12 @@ if (ret < 0) goto out_delete_net; - if (!cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, true)) { + /* + * with isolation the limiting devices cgroup was already setup, so + * only setup devices here if we have no namespace directory + */ + if (!handler->conf->cgroup_meta.namespace_dir && + !cgroup_ops->setup_limits_legacy(cgroup_ops, handler->conf, true)) { ERROR("Failed to setup legacy device cgroup controller limits"); goto out_delete_net; } @@ -1795,7 +1836,7 @@ } TRACE("Set up cgroup2 device controller limits"); - if (handler->ns_clone_flags & CLONE_NEWCGROUP) { + if (handler->ns_unshare_flags & CLONE_NEWCGROUP) { /* Now we're ready to preserve the cgroup namespace */ ret = lxc_try_preserve_ns(handler->pid, "cgroup"); if (ret < 0) { @@ -1837,6 +1878,12 @@ } } + ret = lxc_setup_devpts_parent(handler); + if (ret < 0) { + SYSERROR("Failed to receive devpts fd from child"); + goto out_delete_net; + } + /* Now all networks are created, network devices are moved into place, * and the correct names and ifindices in the respective namespaces have * been recorded. The corresponding structs have now all been filled. So @@ -1937,7 +1984,7 @@ } INFO("Unshared CLONE_NEWNS"); - remount_all_slave(); + turn_into_dependent_mounts(); ret = lxc_setup_rootfs_prepare_root(conf, name, lxcpath); if (ret < 0) { ERROR("Error setting up rootfs mount as root before spawn"); @@ -2004,30 +2051,29 @@ if (error_num) *error_num = handler->exit_status; -/* These are not the droids you are looking for. */ -__private_goto1: lxc_delete_network(handler); - -__private_goto2: detach_block_device(handler->conf); - -__private_goto3: lxc_end(handler); - return ret; -/* These are the droids you are looking for. */ out_abort: lxc_abort(handler); - goto __private_goto3; + lxc_end(handler); + return ret; out_detach_blockdev: lxc_abort(handler); - goto __private_goto2; + detach_block_device(handler->conf); + lxc_end(handler); + return ret; out_delete_network: lxc_abort(handler); - goto __private_goto1; + lxc_restore_phys_nics_to_netns(handler); + lxc_delete_network(handler); + detach_block_device(handler->conf); + lxc_end(handler); + return ret; } struct start_args { diff -Nru lxc-4.0.2/src/lxc/start.h lxc-4.0.6/src/lxc/start.h --- lxc-4.0.2/src/lxc/start.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/start.h 2021-01-12 00:20:05.000000000 +0000 @@ -3,13 +3,17 @@ #ifndef __LXC_START_H #define __LXC_START_H +#include +#include #include #include #include #include #include +#include "compiler.h" #include "conf.h" +#include "macro.h" #include "namespace.h" #include "state.h" @@ -25,20 +29,18 @@ * list the clone flags that were unshare()ed rather then clone()ed * because of ordering requirements (e.g. e.g. CLONE_NEWNET and * CLONE_NEWUSER) or implementation details. - * - * @ns_keep_flags; - * - The clone flags for the namespaces that the container will inherit - * from the parent. They are not recorded in the handler itself but - * are present in the container's config. * - * @ns_share_flags; - * - The clone flags for the namespaces that the container will share - * with another process. They are not recorded in the handler itself - * but are present in the container's config. + * @ns_unshare_flags + * - Flags for namespaces that were unshared, not cloned. + * + * @clone_flags + * - ns_on_clone flags | other flags used to create container. */ struct /* lxc_ns */ { - int ns_clone_flags; - int ns_on_clone_flags; + unsigned int ns_clone_flags; + unsigned int ns_on_clone_flags; + unsigned int ns_unshare_flags; + __aligned_u64 clone_flags; }; /* File descriptor to pin the rootfs for privileged containers. */ @@ -122,6 +124,12 @@ int exit_status; struct cgroup_ops *cgroup_ops; + + /* Internal fds that always need to stay open. */ + int keep_fds[3]; + + /* Static memory, don't free. */ + struct lsm_ops *lsm_ops; }; struct execute_args { @@ -136,21 +144,17 @@ int (*post_start)(struct lxc_handler *, void *); }; -extern int lxc_poll(const char *name, struct lxc_handler *handler); -extern int lxc_set_state(const char *name, struct lxc_handler *handler, - lxc_state_t state); -extern int lxc_serve_state_clients(const char *name, - struct lxc_handler *handler, - lxc_state_t state); -extern void lxc_abort(struct lxc_handler *handler); -extern struct lxc_handler *lxc_init_handler(const char *name, - struct lxc_conf *conf, - const char *lxcpath, - bool daemonize); -extern void lxc_zero_handler(struct lxc_handler *handler); -extern void lxc_free_handler(struct lxc_handler *handler); -extern int lxc_init(const char *name, struct lxc_handler *handler); -extern void lxc_end(struct lxc_handler *handler); +__hidden extern int lxc_poll(const char *name, struct lxc_handler *handler); +__hidden extern int lxc_set_state(const char *name, struct lxc_handler *handler, lxc_state_t state); +__hidden extern int lxc_serve_state_clients(const char *name, struct lxc_handler *handler, + lxc_state_t state); +__hidden extern void lxc_abort(struct lxc_handler *handler); +__hidden extern struct lxc_handler *lxc_init_handler(struct lxc_handler *old, const char *name, + struct lxc_conf *conf, const char *lxcpath, + bool daemonize); +__hidden extern void lxc_put_handler(struct lxc_handler *handler); +__hidden extern int lxc_init(const char *name, struct lxc_handler *handler); +__hidden extern void lxc_end(struct lxc_handler *handler); /* lxc_check_inherited: Check for any open file descriptors and close them if * requested. @@ -159,11 +163,17 @@ * @param[in] fds_to_ignore Array of file descriptors to ignore. * @param[in] len_fds Length of fds_to_ignore array. */ -extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, - int *fds_to_ignore, size_t len_fds); -extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, - const char *, bool, int *); +__hidden extern int lxc_check_inherited(struct lxc_conf *conf, bool closeall, int *fds_to_ignore, + size_t len_fds); +static inline int inherit_fds(struct lxc_handler *handler, bool closeall) +{ + return lxc_check_inherited(handler->conf, closeall, handler->keep_fds, + ARRAY_SIZE(handler->keep_fds)); +} + +__hidden extern int __lxc_start(struct lxc_handler *, struct lxc_operations *, void *, const char *, + bool, int *); -extern int resolve_clone_flags(struct lxc_handler *handler); +__hidden extern int resolve_clone_flags(struct lxc_handler *handler); #endif diff -Nru lxc-4.0.2/src/lxc/state.c lxc-4.0.6/src/lxc/state.c --- lxc-4.0.2/src/lxc/state.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/state.c 2021-01-12 00:20:05.000000000 +0000 @@ -100,10 +100,8 @@ if (state >= 0) break; - if (errno != ECONNREFUSED) { - SYSERROR("Failed to receive state from monitor"); - return -1; - } + if (errno != ECONNREFUSED) + return log_error_errno(-1, errno, "Failed to receive state from monitor"); if (timeout > 0) timeout--; diff -Nru lxc-4.0.2/src/lxc/state.h lxc-4.0.6/src/lxc/state.h --- lxc-4.0.2/src/lxc/state.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/state.h 2021-01-12 00:20:05.000000000 +0000 @@ -3,6 +3,8 @@ #ifndef __LXC_STATE_H #define __LXC_STATE_H +#include "compiler.h" + #define MAX_STATE_LENGTH (8 + 1) typedef enum { @@ -23,10 +25,11 @@ REBOOT_INIT }; -extern lxc_state_t lxc_getstate(const char *name, const char *lxcpath); +__hidden extern lxc_state_t lxc_getstate(const char *name, const char *lxcpath); -extern lxc_state_t lxc_str2state(const char *state); -extern const char *lxc_state2str(lxc_state_t state); -extern int lxc_wait(const char *lxcname, const char *states, int timeout, const char *lxcpath); +__hidden extern lxc_state_t lxc_str2state(const char *state); +__hidden extern const char *lxc_state2str(lxc_state_t state); +__hidden extern int lxc_wait(const char *lxcname, const char *states, int timeout, + const char *lxcpath); -#endif +#endif /* __LXC_STATE_H */ diff -Nru lxc-4.0.2/src/lxc/storage/btrfs.c lxc-4.0.6/src/lxc/storage/btrfs.c --- lxc-4.0.2/src/lxc/storage/btrfs.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/btrfs.c 2021-01-12 00:20:05.000000000 +0000 @@ -824,6 +824,7 @@ ERROR("Out of memory"); free_btrfs_tree(tree); close(fd); + return -ENOMEM; } memcpy(name, tmp, name_len); diff -Nru lxc-4.0.2/src/lxc/storage/btrfs.h lxc-4.0.6/src/lxc/storage/btrfs.h --- lxc-4.0.2/src/lxc/storage/btrfs.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/btrfs.h 2021-01-12 00:20:05.000000000 +0000 @@ -8,8 +8,10 @@ #include #include +#include "compiler.h" + #ifndef BTRFS_SUPER_MAGIC -# define BTRFS_SUPER_MAGIC 0x9123683E +#define BTRFS_SUPER_MAGIC 0x9123683E #endif typedef uint8_t u8; @@ -31,8 +33,7 @@ #define BTRFS_IOCTL_MAGIC 0x94 #define BTRFS_IOC_SUBVOL_GETFLAGS _IOR(BTRFS_IOCTL_MAGIC, 25, unsigned long long) -#define BTRFS_IOC_SPACE_INFO _IOWR(BTRFS_IOCTL_MAGIC, 20, \ - struct btrfs_ioctl_space_args) +#define BTRFS_IOC_SPACE_INFO _IOWR(BTRFS_IOCTL_MAGIC, 20, struct btrfs_ioctl_space_args) #define BTRFS_FSID_SIZE 16 struct btrfs_ioctl_fs_info_args { @@ -42,9 +43,7 @@ unsigned long long reserved[124]; }; -#define BTRFS_IOC_FS_INFO _IOR(BTRFS_IOCTL_MAGIC, 31, \ - struct btrfs_ioctl_fs_info_args) - +#define BTRFS_IOC_FS_INFO _IOR(BTRFS_IOCTL_MAGIC, 31, struct btrfs_ioctl_fs_info_args) #define BTRFS_SUBVOL_NAME_MAX 4039 #define BTRFS_PATH_NAME_MAX 4087 @@ -55,14 +54,10 @@ }; #define BTRFS_IOCTL_MAGIC 0x94 -#define BTRFS_IOC_SUBVOL_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 24, \ - struct btrfs_ioctl_vol_args_v2) -#define BTRFS_IOC_SNAP_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 23, \ - struct btrfs_ioctl_vol_args_v2) -#define BTRFS_IOC_SUBVOL_CREATE _IOW(BTRFS_IOCTL_MAGIC, 14, \ - struct btrfs_ioctl_vol_args) -#define BTRFS_IOC_SNAP_DESTROY _IOW(BTRFS_IOCTL_MAGIC, 15, \ - struct btrfs_ioctl_vol_args) +#define BTRFS_IOC_SUBVOL_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 24, struct btrfs_ioctl_vol_args_v2) +#define BTRFS_IOC_SNAP_CREATE_V2 _IOW(BTRFS_IOCTL_MAGIC, 23, struct btrfs_ioctl_vol_args_v2) +#define BTRFS_IOC_SUBVOL_CREATE _IOW(BTRFS_IOCTL_MAGIC, 14, struct btrfs_ioctl_vol_args) +#define BTRFS_IOC_SNAP_DESTROY _IOW(BTRFS_IOCTL_MAGIC, 15, struct btrfs_ioctl_vol_args) #define BTRFS_QGROUP_INHERIT_SET_LIMITS (1ULL << 0) @@ -185,8 +180,7 @@ char buf[BTRFS_SEARCH_ARGS_BUFSIZE]; }; -#define BTRFS_IOC_TREE_SEARCH _IOWR(BTRFS_IOCTL_MAGIC, 17, \ - struct btrfs_ioctl_search_args) +#define BTRFS_IOC_TREE_SEARCH _IOWR(BTRFS_IOCTL_MAGIC, 17, struct btrfs_ioctl_search_args) #define BTRFS_UUID_SIZE 16 struct btrfs_timespec { @@ -283,8 +277,7 @@ __le64 reserved[8]; /* for future */ } __attribute__ ((__packed__)); -#define BTRFS_IOC_INO_LOOKUP _IOWR(BTRFS_IOCTL_MAGIC, 18, \ - struct btrfs_ioctl_ino_lookup_args) +#define BTRFS_IOC_INO_LOOKUP _IOWR(BTRFS_IOCTL_MAGIC, 18, struct btrfs_ioctl_ino_lookup_args) #define BTRFS_INO_LOOKUP_PATH_MAX 4080 struct btrfs_ioctl_ino_lookup_args { @@ -362,30 +355,28 @@ int num; }; -extern int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int btrfs_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int btrfs_destroy(struct lxc_storage *orig); -extern bool btrfs_detect(const char *path); -extern int btrfs_mount(struct lxc_storage *bdev); -extern int btrfs_umount(struct lxc_storage *bdev); - -extern char *get_btrfs_subvol_path(int fd, u64 dir_id, u64 objid, char *name, - u16 name_len); -extern int btrfs_list_get_path_rootid(int fd, u64 *treeid); -extern bool is_btrfs_fs(const char *path); -extern int is_btrfs_subvol(const char *path); -extern bool btrfs_try_remove_subvol(const char *path); -extern int btrfs_same_fs(const char *orig, const char *new); -extern int btrfs_snapshot(const char *orig, const char *new); -extern int btrfs_snapshot_wrapper(void *data); -extern bool btrfs_create_clone(struct lxc_conf *conf, struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); -extern bool btrfs_create_snapshot(struct lxc_conf *conf, - struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); +__hidden extern int btrfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int btrfs_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int btrfs_destroy(struct lxc_storage *orig); +__hidden extern bool btrfs_detect(const char *path); +__hidden extern int btrfs_mount(struct lxc_storage *bdev); +__hidden extern int btrfs_umount(struct lxc_storage *bdev); + +__hidden extern char *get_btrfs_subvol_path(int fd, u64 dir_id, u64 objid, char *name, u16 name_len); +__hidden extern int btrfs_list_get_path_rootid(int fd, u64 *treeid); +__hidden extern bool is_btrfs_fs(const char *path); +__hidden extern int is_btrfs_subvol(const char *path); +__hidden extern bool btrfs_try_remove_subvol(const char *path); +__hidden extern int btrfs_same_fs(const char *orig, const char *new); +__hidden extern int btrfs_snapshot(const char *orig, const char *new); +__hidden extern int btrfs_snapshot_wrapper(void *data); +__hidden extern bool btrfs_create_clone(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); +__hidden extern bool btrfs_create_snapshot(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); #endif /* __LXC_BTRFS_H */ diff -Nru lxc-4.0.2/src/lxc/storage/dir.h lxc-4.0.6/src/lxc/storage/dir.h --- lxc-4.0.2/src/lxc/storage/dir.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/dir.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,21 +6,23 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern int dir_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int dir_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int dir_destroy(struct lxc_storage *orig); -extern bool dir_detect(const char *path); -extern int dir_mount(struct lxc_storage *bdev); -extern int dir_umount(struct lxc_storage *bdev); +__hidden extern int dir_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int dir_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int dir_destroy(struct lxc_storage *orig); +__hidden extern bool dir_detect(const char *path); +__hidden extern int dir_mount(struct lxc_storage *bdev); +__hidden extern int dir_umount(struct lxc_storage *bdev); #endif /* __LXC_DIR_H */ diff -Nru lxc-4.0.2/src/lxc/storage/loop.h lxc-4.0.6/src/lxc/storage/loop.h --- lxc-4.0.2/src/lxc/storage/loop.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/loop.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,21 +6,23 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern int loop_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int loop_create(struct lxc_storage *bdev, const char *dest, - const char *n, struct bdev_specs *specs, const struct lxc_conf *conf); -extern int loop_destroy(struct lxc_storage *orig); -extern bool loop_detect(const char *path); -extern int loop_mount(struct lxc_storage *bdev); -extern int loop_umount(struct lxc_storage *bdev); +__hidden extern int loop_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int loop_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int loop_destroy(struct lxc_storage *orig); +__hidden extern bool loop_detect(const char *path); +__hidden extern int loop_mount(struct lxc_storage *bdev); +__hidden extern int loop_umount(struct lxc_storage *bdev); #endif /* __LXC_LOOP_H */ diff -Nru lxc-4.0.2/src/lxc/storage/lvm.c lxc-4.0.6/src/lxc/storage/lvm.c --- lxc-4.0.2/src/lxc/storage/lvm.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/lvm.c 2021-01-12 00:20:05.000000000 +0000 @@ -97,41 +97,32 @@ */ static int do_lvm_create(const char *path, uint64_t size, const char *thinpool) { + __do_free char *pathdup = NULL; int len, ret; - char *pathdup, *vg, *lv; + char *vg, *lv; char cmd_output[PATH_MAX]; char sz[24]; __do_free char *tp = NULL; struct lvcreate_args cmd_args = {0}; ret = snprintf(sz, 24, "%" PRIu64 "b", size); - if (ret < 0 || ret >= 24) { - ERROR("Failed to create string: %d", ret); - return -1; - } + if (ret < 0 || ret >= 24) + return log_error(-EIO, "Failed to create string: %d", ret); pathdup = strdup(path); - if (!pathdup) { - ERROR("Failed to duplicate string \"%s\"", path); - return -1; - } + if (!pathdup) + return log_error(-ENOMEM, "Failed to duplicate string \"%s\"", path); lv = strrchr(pathdup, '/'); - if (!lv) { - ERROR("Failed to detect \"/\" in string \"%s\"", pathdup); - free(pathdup); - return -1; - } + if (!lv) + return log_error(-EINVAL, "Failed to detect \"/\" in string \"%s\"", pathdup); *lv = '\0'; lv++; TRACE("Parsed logical volume \"%s\"", lv); vg = strrchr(pathdup, '/'); - if (!vg) { - ERROR("Failed to detect \"/\" in string \"%s\"", pathdup); - free(pathdup); - return -1; - } + if (!vg) + return log_error(-EINVAL, "Failed to detect \"/\" in string \"%s\"", pathdup); vg++; TRACE("Parsed volume group \"%s\"", vg); @@ -140,18 +131,13 @@ tp = must_realloc(NULL, len); ret = snprintf(tp, len, "%s/%s", pathdup, thinpool); - if (ret < 0 || ret >= len) { - ERROR("Failed to create string: %d", ret); - free(pathdup); - return -1; - } + if (ret < 0 || ret >= len) + return log_error(-EIO, "Failed to create string: %d", ret); ret = lvm_is_thin_pool(tp); TRACE("got %d for thin pool at path: %s", ret, tp); if (ret < 0) { - ERROR("Failed to detect whether \"%s\" is a thinpool", tp); - free(pathdup); - return -1; + return log_error(-EINVAL, "Failed to detect whether \"%s\" is a thinpool", tp); } else if (!ret) { TRACE("Detected that \"%s\" is not a thinpool", tp); tp = NULL; @@ -165,30 +151,23 @@ cmd_args.lv = lv; cmd_args.size = sz; cmd_args.sigwipe = true; - TRACE("Creating new lvm storage volume \"%s\" on volume group \"%s\" " - "of size \"%s\"", lv, vg, sz); - ret = run_command_status(cmd_output, sizeof(cmd_output), - lvm_create_exec_wrapper, (void *)&cmd_args); + TRACE("Creating new lvm storage volume \"%s\" on volume group \"%s\" of size \"%s\"", lv, vg, sz); + ret = run_command_status(cmd_output, sizeof(cmd_output), lvm_create_exec_wrapper, + (void *)&cmd_args); /* If lvcreate is old and doesn't support signature wiping, try again without it. * Test for exit code EINVALID_CMD_LINE(3) of lvcreate command. */ if (WIFEXITED(ret) && WEXITSTATUS(ret) == 3) { cmd_args.sigwipe = false; - ret = run_command(cmd_output, sizeof(cmd_output), - lvm_create_exec_wrapper, (void *)&cmd_args); + ret = run_command(cmd_output, sizeof(cmd_output), lvm_create_exec_wrapper, + (void *)&cmd_args); } - if (ret != 0) { - ERROR("Failed to create logical volume \"%s\": %s", lv, - cmd_output); - free(pathdup); - return -1; - } - TRACE("Created new lvm storage volume \"%s\" on volume group \"%s\" " - "of size \"%s\"", lv, vg, sz); + if (ret != 0) + return log_error(-1, "Failed to create logical volume \"%s\": %s", lv, cmd_output); + TRACE("Created new lvm storage volume \"%s\" on volume group \"%s\" of size \"%s\"", lv, vg, sz); - free(pathdup); return ret; } diff -Nru lxc-4.0.2/src/lxc/storage/lvm.h lxc-4.0.6/src/lxc/storage/lvm.h --- lxc-4.0.2/src/lxc/storage/lvm.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/lvm.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,28 +6,30 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern bool lvm_detect(const char *path); -extern int lvm_mount(struct lxc_storage *bdev); -extern int lvm_umount(struct lxc_storage *bdev); -extern int lvm_compare_lv_attr(const char *path, int pos, const char expected); -extern int lvm_is_thin_volume(const char *path); -extern int lvm_is_thin_pool(const char *path); -extern int lvm_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int lvm_destroy(struct lxc_storage *orig); -extern int lvm_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern bool lvm_create_clone(struct lxc_conf *conf, struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); -extern bool lvm_create_snapshot(struct lxc_conf *conf, struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); +__hidden extern bool lvm_detect(const char *path); +__hidden extern int lvm_mount(struct lxc_storage *bdev); +__hidden extern int lvm_umount(struct lxc_storage *bdev); +__hidden extern int lvm_compare_lv_attr(const char *path, int pos, const char expected); +__hidden extern int lvm_is_thin_volume(const char *path); +__hidden extern int lvm_is_thin_pool(const char *path); +__hidden extern int lvm_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int lvm_destroy(struct lxc_storage *orig); +__hidden extern int lvm_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern bool lvm_create_clone(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); +__hidden extern bool lvm_create_snapshot(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); #endif /* __LXC_LVM_H */ diff -Nru lxc-4.0.2/src/lxc/storage/nbd.h lxc-4.0.6/src/lxc/storage/nbd.h --- lxc-4.0.2/src/lxc/storage/nbd.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/nbd.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,25 +6,26 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern int nbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int nbd_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int nbd_destroy(struct lxc_storage *orig); -extern bool nbd_detect(const char *path); -extern int nbd_mount(struct lxc_storage *bdev); -extern int nbd_umount(struct lxc_storage *bdev); - -extern bool attach_nbd(char *src, struct lxc_conf *conf); -extern void detach_nbd_idx(int idx); -extern bool requires_nbd(const char *path); +__hidden extern int nbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int nbd_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int nbd_destroy(struct lxc_storage *orig); +__hidden extern bool nbd_detect(const char *path); +__hidden extern int nbd_mount(struct lxc_storage *bdev); +__hidden extern int nbd_umount(struct lxc_storage *bdev); +__hidden extern bool attach_nbd(char *src, struct lxc_conf *conf); +__hidden extern void detach_nbd_idx(int idx); +__hidden extern bool requires_nbd(const char *path); #endif /* __LXC_NBD_H */ diff -Nru lxc-4.0.2/src/lxc/storage/overlay.h lxc-4.0.6/src/lxc/storage/overlay.h --- lxc-4.0.2/src/lxc/storage/overlay.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/overlay.h 2021-01-12 00:20:05.000000000 +0000 @@ -10,6 +10,7 @@ #include #include +#include "compiler.h" #include "storage.h" struct lxc_storage; @@ -20,16 +21,16 @@ struct lxc_rootfs; -extern int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int ovl_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int ovl_destroy(struct lxc_storage *orig); -extern bool ovl_detect(const char *path); -extern int ovl_mount(struct lxc_storage *bdev); -extern int ovl_umount(struct lxc_storage *bdev); +__hidden extern int ovl_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int ovl_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int ovl_destroy(struct lxc_storage *orig); +__hidden extern bool ovl_detect(const char *path); +__hidden extern int ovl_mount(struct lxc_storage *bdev); +__hidden extern int ovl_umount(struct lxc_storage *bdev); /* To be called from lxcapi_clone() in lxccontainer.c: When we clone a container * with overlay lxc.mount.entry entries we need to update absolute paths for @@ -38,24 +39,23 @@ * independent of each other since lxc_conf->mountlist may container more mount * entries (e.g. from other included files) than lxc_conf->unexpanded_config . */ -extern int ovl_update_abs_paths(struct lxc_conf *lxc_conf, const char *lxc_path, - const char *lxc_name, const char *newpath, - const char *newname); +__hidden extern int ovl_update_abs_paths(struct lxc_conf *lxc_conf, const char *lxc_path, + const char *lxc_name, const char *newpath, + const char *newname); /* To be called from functions in lxccontainer.c: Get lower directory for * overlay rootfs. */ -extern const char *ovl_get_lower(const char *rootfs_path); +__hidden extern const char *ovl_get_lower(const char *rootfs_path); /* Get rootfs path for overlay backed containers. Allocated memory must be freed * by caller. */ -extern char *ovl_get_rootfs(const char *rootfs_path, size_t *rootfslen); +__hidden extern char *ovl_get_rootfs(const char *rootfs_path, size_t *rootfslen); /* Create upper- and workdirs for overlay mounts. */ -extern int ovl_mkdir(const struct mntent *mntent, - const struct lxc_rootfs *rootfs, const char *lxc_name, - const char *lxc_path); +__hidden extern int ovl_mkdir(const struct mntent *mntent, const struct lxc_rootfs *rootfs, + const char *lxc_name, const char *lxc_path); #endif /* __LXC_OVERLAY_H */ diff -Nru lxc-4.0.2/src/lxc/storage/rbd.c lxc-4.0.6/src/lxc/storage/rbd.c --- lxc-4.0.2/src/lxc/storage/rbd.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/rbd.c 2021-01-12 00:20:05.000000000 +0000 @@ -29,7 +29,7 @@ const char *size; }; -int rbd_create_wrapper(void *data) +static int rbd_create_wrapper(void *data) { struct rbd_args *args = data; @@ -39,7 +39,7 @@ return -1; } -int rbd_map_wrapper(void *data) +static int rbd_map_wrapper(void *data) { struct rbd_args *args = data; @@ -49,7 +49,7 @@ return -1; } -int rbd_unmap_wrapper(void *data) +static int rbd_unmap_wrapper(void *data) { struct rbd_args *args = data; @@ -58,7 +58,7 @@ return -1; } -int rbd_delete_wrapper(void *data) +static int rbd_delete_wrapper(void *data) { struct rbd_args *args = data; diff -Nru lxc-4.0.2/src/lxc/storage/rbd.h lxc-4.0.6/src/lxc/storage/rbd.h --- lxc-4.0.2/src/lxc/storage/rbd.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/rbd.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,21 +6,23 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern int rbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int rbd_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int rbd_destroy(struct lxc_storage *orig); -extern bool rbd_detect(const char *path); -extern int rbd_mount(struct lxc_storage *bdev); -extern int rbd_umount(struct lxc_storage *bdev); +__hidden extern int rbd_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int rbd_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int rbd_destroy(struct lxc_storage *orig); +__hidden extern bool rbd_detect(const char *path); +__hidden extern int rbd_mount(struct lxc_storage *bdev); +__hidden extern int rbd_umount(struct lxc_storage *bdev); #endif /* __LXC_RDB_H */ diff -Nru lxc-4.0.2/src/lxc/storage/rsync.c lxc-4.0.6/src/lxc/storage/rsync.c --- lxc-4.0.2/src/lxc/storage/rsync.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/rsync.c 2021-01-12 00:20:05.000000000 +0000 @@ -78,12 +78,8 @@ return -1; } - ret = detect_shared_rootfs(); - if (ret) { - ret = mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL); - if (ret < 0) - SYSERROR("Failed to make \"/\" a slave mount"); - } + if (detect_shared_rootfs() && mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) + SYSERROR("Failed to recursively turn root mount tree into dependent mount"); ret = orig->ops->mount(orig); if (ret < 0) { diff -Nru lxc-4.0.2/src/lxc/storage/rsync.h lxc-4.0.6/src/lxc/storage/rsync.h --- lxc-4.0.2/src/lxc/storage/rsync.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/rsync.h 2021-01-12 00:20:05.000000000 +0000 @@ -5,6 +5,8 @@ #include +#include "compiler.h" + struct rsync_data { struct lxc_storage *orig; struct lxc_storage *new; @@ -16,9 +18,9 @@ }; /* new helpers */ -extern int lxc_rsync_exec_wrapper(void *data); -extern int lxc_storage_rsync_exec_wrapper(void *data); -extern int lxc_rsync_exec(const char *src, const char *dest); -extern int lxc_rsync(struct rsync_data *data); +__hidden extern int lxc_rsync_exec_wrapper(void *data); +__hidden extern int lxc_storage_rsync_exec_wrapper(void *data); +__hidden extern int lxc_rsync_exec(const char *src, const char *dest); +__hidden extern int lxc_rsync(struct rsync_data *data); #endif /* __LXC_RSYNC_H */ diff -Nru lxc-4.0.2/src/lxc/storage/storage.c lxc-4.0.6/src/lxc/storage/storage.c --- lxc-4.0.2/src/lxc/storage/storage.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/storage.c 2021-01-12 00:20:05.000000000 +0000 @@ -109,7 +109,7 @@ }; /* nbd */ -const struct lxc_storage_ops nbd_ops = { +static const struct lxc_storage_ops nbd_ops = { .detect = &nbd_detect, .mount = &nbd_mount, .umount = &nbd_umount, @@ -234,7 +234,7 @@ return &bdevs[i]; } -struct lxc_storage *storage_get(const char *type) +static struct lxc_storage *storage_get(const char *type) { size_t i; struct lxc_storage *bdev; diff -Nru lxc-4.0.2/src/lxc/storage/storage.h lxc-4.0.6/src/lxc/storage/storage.h --- lxc-4.0.2/src/lxc/storage/storage.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/storage.h 2021-01-12 00:20:05.000000000 +0000 @@ -14,6 +14,8 @@ #include #endif +#include "compiler.h" + #ifndef MS_DIRSYNC #define MS_DIRSYNC 128 #endif @@ -99,23 +101,19 @@ * type specifications. If the prefix is not * detected liblxc will try to detect the storage type. */ -extern bool storage_is_dir(struct lxc_conf *conf); -extern bool storage_can_backup(struct lxc_conf *conf); - -extern struct lxc_storage *storage_init(struct lxc_conf *conf); - -extern struct lxc_storage *storage_copy(struct lxc_container *c, - const char *cname, const char *lxcpath, - const char *bdevtype, int flags, - const char *bdevdata, uint64_t newsize, - bool *needs_rdep); -extern struct lxc_storage *storage_create(const char *dest, const char *type, - const char *cname, - struct bdev_specs *specs, - const struct lxc_conf *conf); -extern void storage_put(struct lxc_storage *bdev); -extern bool storage_destroy(struct lxc_conf *conf); -extern bool rootfs_is_blockdev(struct lxc_conf *conf); -extern const char *lxc_storage_get_path(char *src, const char *prefix); +__hidden extern bool storage_is_dir(struct lxc_conf *conf); +__hidden extern bool storage_can_backup(struct lxc_conf *conf); +__hidden extern struct lxc_storage *storage_init(struct lxc_conf *conf); +__hidden extern struct lxc_storage *storage_copy(struct lxc_container *c, const char *cname, + const char *lxcpath, const char *bdevtype, + int flags, const char *bdevdata, uint64_t newsize, + bool *needs_rdep); +__hidden extern struct lxc_storage *storage_create(const char *dest, const char *type, + const char *cname, struct bdev_specs *specs, + const struct lxc_conf *conf); +__hidden extern void storage_put(struct lxc_storage *bdev); +__hidden extern bool storage_destroy(struct lxc_conf *conf); +__hidden extern bool rootfs_is_blockdev(struct lxc_conf *conf); +__hidden extern const char *lxc_storage_get_path(char *src, const char *prefix); #endif /* #define __LXC_STORAGE_H */ diff -Nru lxc-4.0.2/src/lxc/storage/storage_utils.c lxc-4.0.6/src/lxc/storage/storage_utils.c --- lxc-4.0.2/src/lxc/storage/storage_utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/storage_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -165,11 +165,8 @@ if (unshare(CLONE_NEWNS) < 0) _exit(EXIT_FAILURE); - if (detect_shared_rootfs()) - if (mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) { - SYSERROR("Failed to make / rslave"); - ERROR("Continuing..."); - } + if (detect_shared_rootfs() && mount(NULL, "/", NULL, MS_SLAVE | MS_REC, NULL)) + SYSERROR("Failed to recursively turn root mount tree into dependent mount. Continuing..."); ret = mount_unknown_fs(srcdev, bdev->dest, bdev->mntopts); if (ret < 0) { diff -Nru lxc-4.0.2/src/lxc/storage/storage_utils.h lxc-4.0.6/src/lxc/storage/storage_utils.h --- lxc-4.0.2/src/lxc/storage/storage_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/storage_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -8,6 +8,7 @@ #include #include +#include "compiler.h" #include "conf.h" #include "macro.h" @@ -22,20 +23,19 @@ struct lxc_storage; struct lxc_conf; -extern bool attach_block_device(struct lxc_conf *conf); -extern void detach_block_device(struct lxc_conf *conf); -extern int blk_getsize(struct lxc_storage *bdev, uint64_t *size); -extern int detect_fs(struct lxc_storage *bdev, char *type, int len); -extern int do_mkfs_exec_wrapper(void *args); -extern int is_blktype(struct lxc_storage *b); -extern int mount_unknown_fs(const char *rootfs, const char *target, - const char *options); -extern int find_fstype_cb(char *buffer, void *data); -extern const char *linkderef(const char *path, char *dest); -extern bool unpriv_snap_allowed(struct lxc_storage *b, const char *t, bool snap, - bool maybesnap); -extern uint64_t get_fssize(char *s); -extern bool is_valid_storage_type(const char *type); -extern int storage_destroy_wrapper(void *data); +__hidden extern bool attach_block_device(struct lxc_conf *conf); +__hidden extern void detach_block_device(struct lxc_conf *conf); +__hidden extern int blk_getsize(struct lxc_storage *bdev, uint64_t *size); +__hidden extern int detect_fs(struct lxc_storage *bdev, char *type, int len); +__hidden extern int do_mkfs_exec_wrapper(void *args); +__hidden extern int is_blktype(struct lxc_storage *b); +__hidden extern int mount_unknown_fs(const char *rootfs, const char *target, const char *options); +__hidden extern int find_fstype_cb(char *buffer, void *data); +__hidden extern const char *linkderef(const char *path, char *dest); +__hidden extern bool unpriv_snap_allowed(struct lxc_storage *b, const char *t, bool snap, + bool maybesnap); +__hidden extern uint64_t get_fssize(char *s); +__hidden extern bool is_valid_storage_type(const char *type); +__hidden extern int storage_destroy_wrapper(void *data); #endif /* __LXC_STORAGE_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/storage/zfs.c lxc-4.0.6/src/lxc/storage/zfs.c --- lxc-4.0.2/src/lxc/storage/zfs.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/zfs.c 2021-01-12 00:20:05.000000000 +0000 @@ -28,7 +28,7 @@ void *argv; }; -int zfs_detect_exec_wrapper(void *data) +static int zfs_detect_exec_wrapper(void *data) { struct zfs_args *args = data; @@ -38,7 +38,7 @@ return -1; } -int zfs_create_exec_wrapper(void *args) +static int zfs_create_exec_wrapper(void *args) { struct zfs_args *zfs_args = args; @@ -47,7 +47,7 @@ return -1; } -int zfs_delete_exec_wrapper(void *args) +static int zfs_delete_exec_wrapper(void *args) { struct zfs_args *zfs_args = args; @@ -56,7 +56,7 @@ return -1; } -int zfs_snapshot_exec_wrapper(void *args) +static int zfs_snapshot_exec_wrapper(void *args) { struct zfs_args *zfs_args = args; @@ -65,7 +65,7 @@ return -1; } -int zfs_clone_exec_wrapper(void *args) +static int zfs_clone_exec_wrapper(void *args) { struct zfs_args *zfs_args = args; @@ -76,7 +76,7 @@ return -1; } -int zfs_get_parent_snapshot_exec_wrapper(void *args) +static int zfs_get_parent_snapshot_exec_wrapper(void *args) { struct zfs_args *zfs_args = args; diff -Nru lxc-4.0.2/src/lxc/storage/zfs.h lxc-4.0.6/src/lxc/storage/zfs.h --- lxc-4.0.2/src/lxc/storage/zfs.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/storage/zfs.h 2021-01-12 00:20:05.000000000 +0000 @@ -7,26 +7,27 @@ #include #include +#include "compiler.h" + struct lxc_storage; struct bdev_specs; struct lxc_conf; -extern int zfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, - const char *oldname, const char *cname, - const char *oldpath, const char *lxcpath, int snap, - uint64_t newsize, struct lxc_conf *conf); -extern int zfs_create(struct lxc_storage *bdev, const char *dest, const char *n, - struct bdev_specs *specs, const struct lxc_conf *conf); -extern int zfs_destroy(struct lxc_storage *orig); -extern bool zfs_detect(const char *path); -extern int zfs_mount(struct lxc_storage *bdev); -extern int zfs_umount(struct lxc_storage *bdev); - -extern bool zfs_copy(struct lxc_conf *conf, struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); -extern bool zfs_snapshot(struct lxc_conf *conf, struct lxc_storage *orig, - struct lxc_storage *new, uint64_t newsize); +__hidden extern int zfs_clonepaths(struct lxc_storage *orig, struct lxc_storage *new, + const char *oldname, const char *cname, const char *oldpath, + const char *lxcpath, int snap, uint64_t newsize, + struct lxc_conf *conf); +__hidden extern int zfs_create(struct lxc_storage *bdev, const char *dest, const char *n, + struct bdev_specs *specs, const struct lxc_conf *conf); +__hidden extern int zfs_destroy(struct lxc_storage *orig); +__hidden extern bool zfs_detect(const char *path); +__hidden extern int zfs_mount(struct lxc_storage *bdev); +__hidden extern int zfs_umount(struct lxc_storage *bdev); +__hidden extern bool zfs_copy(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); +__hidden extern bool zfs_snapshot(struct lxc_conf *conf, struct lxc_storage *orig, + struct lxc_storage *new, uint64_t newsize); #endif /* __LXC_ZFS_H */ diff -Nru lxc-4.0.2/src/lxc/string_utils.c lxc-4.0.6/src/lxc/string_utils.c --- lxc-4.0.2/src/lxc/string_utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/string_utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -862,21 +862,21 @@ char suffix[3] = {0}; if (!s || !strcmp(s, "")) - return -EINVAL; + return ret_errno(EINVAL); end = stpncpy(dup, s, sizeof(dup) - 1); if (*end != '\0') - return -EINVAL; + return ret_errno(EINVAL); if (isdigit(*(end - 1))) suffix_len = 0; else if (isalpha(*(end - 1))) suffix_len = 1; else - return -EINVAL; + return ret_errno(EINVAL); if (suffix_len > 0 && (end - 2) == dup && !isdigit(*(end - 2))) - return -EINVAL; + return ret_errno(EINVAL); if (suffix_len > 0 && isalpha(*(end - 2))) suffix_len++; @@ -889,8 +889,8 @@ dup[lxc_char_right_gc(dup, strlen(dup))] = '\0'; ret = lxc_safe_long_long(dup, &conv); - if (ret < 0) - return -ret; + if (ret) + return ret; if (suffix_len != 2) { *converted = conv; @@ -904,11 +904,11 @@ else if (strcasecmp(suffix, "GB") == 0) mltpl = 1024 * 1024 * 1024; else - return -EINVAL; + return ret_errno(EINVAL); overflow = conv * mltpl; if (conv != 0 && (overflow / conv) != mltpl) - return -ERANGE; + return ret_errno(ERANGE); *converted = overflow; return 0; diff -Nru lxc-4.0.2/src/lxc/string_utils.h lxc-4.0.6/src/lxc/string_utils.h --- lxc-4.0.2/src/lxc/string_utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/string_utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -15,18 +15,17 @@ #endif /* convert variadic argument lists to arrays (for execl type argument lists) */ -extern char **lxc_va_arg_list_to_argv(va_list ap, size_t skip, int do_strdup); -extern const char **lxc_va_arg_list_to_argv_const(va_list ap, size_t skip); +__hidden extern char **lxc_va_arg_list_to_argv(va_list ap, size_t skip, int do_strdup); +__hidden extern const char **lxc_va_arg_list_to_argv_const(va_list ap, size_t skip); /* * Some simple string functions; if they return pointers, they are allocated * buffers. */ -extern char *lxc_string_replace(const char *needle, const char *replacement, - const char *haystack); -extern bool lxc_string_in_array(const char *needle, const char **haystack); -extern char *lxc_string_join(const char *sep, const char **parts, - bool use_as_prefix); +__hidden extern char *lxc_string_replace(const char *needle, const char *replacement, + const char *haystack); +__hidden extern bool lxc_string_in_array(const char *needle, const char **haystack); +__hidden extern char *lxc_string_join(const char *sep, const char **parts, bool use_as_prefix); /* * Normalize and split path: Leading and trailing / are removed, multiple * / are compactified, .. and . are resolved (.. on the top level is considered @@ -38,69 +37,68 @@ * ./bar/baz/.. -> { bar, NULL } * foo//bar -> { foo, bar, NULL } */ -extern char **lxc_normalize_path(const char *path); +__hidden extern char **lxc_normalize_path(const char *path); /* remove multiple slashes from the path, e.g. ///foo//bar -> /foo/bar */ -extern char *lxc_deslashify(const char *path); -extern char *lxc_append_paths(const char *first, const char *second); +__hidden extern char *lxc_deslashify(const char *path); +__hidden extern char *lxc_append_paths(const char *first, const char *second); /* * Note: the following two functions use strtok(), so they will never * consider an empty element, even if two delimiters are next to * each other. */ -extern bool lxc_string_in_list(const char *needle, const char *haystack, - char sep); -extern char **lxc_string_split(const char *string, char sep); -extern char **lxc_string_split_and_trim(const char *string, char sep); -extern char **lxc_string_split_quoted(char *string); +__hidden extern bool lxc_string_in_list(const char *needle, const char *haystack, char sep); +__hidden extern char **lxc_string_split(const char *string, char sep); +__hidden extern char **lxc_string_split_and_trim(const char *string, char sep); +__hidden extern char **lxc_string_split_quoted(char *string); /* Append string to NULL-terminated string array. */ -extern int lxc_append_string(char ***list, char *entry); +__hidden extern int lxc_append_string(char ***list, char *entry); /* Some simple array manipulation utilities */ typedef void (*lxc_free_fn)(void *); typedef void *(*lxc_dup_fn)(void *); -extern int lxc_grow_array(void ***array, size_t *capacity, size_t new_size, - size_t capacity_increment); -extern void lxc_free_array(void **array, lxc_free_fn element_free_fn); -extern size_t lxc_array_len(void **array); +__hidden extern int lxc_grow_array(void ***array, size_t *capacity, size_t new_size, + size_t capacity_increment); +__hidden extern void lxc_free_array(void **array, lxc_free_fn element_free_fn); +__hidden extern size_t lxc_array_len(void **array); -extern void **lxc_append_null_to_array(void **array, size_t count); -extern void remove_trailing_newlines(char *l); +__hidden extern void **lxc_append_null_to_array(void **array, size_t count); +__hidden extern void remove_trailing_newlines(char *l); /* Helper functions to parse numbers. */ -extern int lxc_safe_uint(const char *numstr, unsigned int *converted); -extern int lxc_safe_int(const char *numstr, int *converted); -extern int lxc_safe_long(const char *numstr, long int *converted); -extern int lxc_safe_long_long(const char *numstr, long long int *converted); -extern int lxc_safe_ulong(const char *numstr, unsigned long *converted); -extern int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base); +__hidden extern int lxc_safe_uint(const char *numstr, unsigned int *converted); +__hidden extern int lxc_safe_int(const char *numstr, int *converted); +__hidden extern int lxc_safe_long(const char *numstr, long int *converted); +__hidden extern int lxc_safe_long_long(const char *numstr, long long int *converted); +__hidden extern int lxc_safe_ulong(const char *numstr, unsigned long *converted); +__hidden extern int lxc_safe_uint64(const char *numstr, uint64_t *converted, int base); /* Handles B, kb, MB, GB. Detects overflows and reports -ERANGE. */ -extern int parse_byte_size_string(const char *s, int64_t *converted); +__hidden extern int parse_byte_size_string(const char *s, int64_t *converted); /* * Concatenate all passed-in strings into one path. Do not fail. If any piece * is not prefixed with '/', add a '/'. */ -__attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...); -__attribute__((sentinel)) extern char *must_make_path(const char *first, ...); -__attribute__((sentinel)) extern char *must_append_path(char *first, ...); +__hidden __attribute__((sentinel)) extern char *must_concat(size_t *len, const char *first, ...); +__hidden __attribute__((sentinel)) extern char *must_make_path(const char *first, ...); +__hidden __attribute__((sentinel)) extern char *must_append_path(char *first, ...); /* Return copy of string @entry. Do not fail. */ -extern char *must_copy_string(const char *entry); +__hidden extern char *must_copy_string(const char *entry); /* Re-allocate a pointer, do not fail */ -extern void *must_realloc(void *orig, size_t sz); +__hidden extern void *must_realloc(void *orig, size_t sz); -extern int lxc_char_left_gc(const char *buffer, size_t len); +__hidden extern int lxc_char_left_gc(const char *buffer, size_t len); -extern int lxc_char_right_gc(const char *buffer, size_t len); +__hidden extern int lxc_char_right_gc(const char *buffer, size_t len); -extern char *lxc_trim_whitespace_in_place(char *buffer); +__hidden extern char *lxc_trim_whitespace_in_place(char *buffer); -extern int lxc_is_line_empty(const char *line); -extern void remove_trailing_slashes(char *p); +__hidden extern int lxc_is_line_empty(const char *line); +__hidden extern void remove_trailing_slashes(char *p); static inline bool is_empty_string(const char *s) { @@ -118,4 +116,14 @@ return (ssize_t)new_len; } +static inline bool strnequal(const char *str, const char *eq, size_t len) +{ + return strncmp(str, eq, len) == 0; +} + +static inline bool strequal(const char *str, const char *eq) +{ + return strcmp(str, eq) == 0; +} + #endif /* __LXC_STRING_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/sync.c lxc-4.0.6/src/lxc/sync.c --- lxc-4.0.2/src/lxc/sync.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/sync.c 2021-01-12 00:20:05.000000000 +0000 @@ -23,30 +23,21 @@ ssize_t ret; ret = lxc_read_nointr(fd, &sync, sizeof(sync)); - if (ret < 0) { - SYSERROR("Sync wait failure"); - return -1; - } + if (ret < 0) + return log_error_errno(-1, errno, "Sync wait failure"); if (!ret) return 0; - if ((size_t)ret != sizeof(sync)) { - ERROR("Unexpected sync size: %zu expected %zu", (size_t)ret, sizeof(sync)); - return -1; - } + if ((size_t)ret != sizeof(sync)) + return log_error(-1, "Unexpected sync size: %zu expected %zu", (size_t)ret, sizeof(sync)); - if (sync == LXC_SYNC_ERROR) { - ERROR("An error occurred in another process " - "(expected sequence number %d)", sequence); - return -1; - } + if (sync == LXC_SYNC_ERROR) + return log_error(-1, "An error occurred in another process (expected sequence number %d)", sequence); + + if (sync != sequence) + return log_error(-1, "Invalid sequence number %d. Expected sequence number %d", sync, sequence); - if (sync != sequence) { - ERROR("Invalid sequence number %d. Expected sequence number %d", - sync, sequence); - return -1; - } return 0; } @@ -54,10 +45,9 @@ { int sync = sequence; - if (lxc_write_nointr(fd, &sync, sizeof(sync)) < 0) { - SYSERROR("Sync wake failure"); - return -1; - } + if (lxc_write_nointr(fd, &sync, sizeof(sync)) < 0) + return log_error_errno(-1, errno, "Sync wake failure"); + return 0; } @@ -65,36 +55,45 @@ { if (__sync_wake(fd, sequence)) return -1; - return __sync_wait(fd, sequence+1); + + return __sync_wait(fd, sequence + 1); } int lxc_sync_barrier_parent(struct lxc_handler *handler, int sequence) { + TRACE("Child waking parent with sequence %s and waiting for sequence %s", + sync_to_string(sequence), sync_to_string(sequence + 1)); return __sync_barrier(handler->sync_sock[0], sequence); } int lxc_sync_barrier_child(struct lxc_handler *handler, int sequence) { + TRACE("Parent waking child with sequence %s and waiting with sequence %s", + sync_to_string(sequence), sync_to_string(sequence + 1)); return __sync_barrier(handler->sync_sock[1], sequence); } int lxc_sync_wake_parent(struct lxc_handler *handler, int sequence) { + TRACE("Child waking parent with sequence %s", sync_to_string(sequence)); return __sync_wake(handler->sync_sock[0], sequence); } int lxc_sync_wait_parent(struct lxc_handler *handler, int sequence) { + TRACE("Parent waiting for child with sequence %s", sync_to_string(sequence)); return __sync_wait(handler->sync_sock[0], sequence); } int lxc_sync_wait_child(struct lxc_handler *handler, int sequence) { + TRACE("Child waiting for parent with sequence %s", sync_to_string(sequence)); return __sync_wait(handler->sync_sock[1], sequence); } int lxc_sync_wake_child(struct lxc_handler *handler, int sequence) { + TRACE("Child waking parent with sequence %s", sync_to_string(sequence)); return __sync_wake(handler->sync_sock[1], sequence); } @@ -103,31 +102,26 @@ int ret; ret = socketpair(AF_LOCAL, SOCK_STREAM, 0, handler->sync_sock); - if (ret) { - SYSERROR("failed to create synchronization socketpair"); - return -1; - } + if (ret) + return log_error_errno(-1, errno, "failed to create synchronization socketpair"); /* Be sure we don't inherit this after the exec */ - fcntl(handler->sync_sock[0], F_SETFD, FD_CLOEXEC); + ret = fcntl(handler->sync_sock[0], F_SETFD, FD_CLOEXEC); + if (ret < 0) + return log_error_errno(-1, errno, "Failed to make socket close-on-exec"); + TRACE("Initialized synchronization infrastructure"); return 0; } void lxc_sync_fini_child(struct lxc_handler *handler) { - if (handler->sync_sock[0] != -1) { - close(handler->sync_sock[0]); - handler->sync_sock[0] = -1; - } + close_prot_errno_disarm(handler->sync_sock[0]); } void lxc_sync_fini_parent(struct lxc_handler *handler) { - if (handler->sync_sock[1] != -1) { - close(handler->sync_sock[1]); - handler->sync_sock[1] = -1; - } + close_prot_errno_disarm(handler->sync_sock[1]); } void lxc_sync_fini(struct lxc_handler *handler) diff -Nru lxc-4.0.2/src/lxc/sync.h lxc-4.0.6/src/lxc/sync.h --- lxc-4.0.2/src/lxc/sync.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/sync.h 2021-01-12 00:20:05.000000000 +0000 @@ -3,30 +3,60 @@ #ifndef __LXC_SYNC_H #define __LXC_SYNC_H +#include "compiler.h" + struct lxc_handler; enum { - LXC_SYNC_STARTUP, - LXC_SYNC_CONFIGURE, - LXC_SYNC_POST_CONFIGURE, - LXC_SYNC_CGROUP, - LXC_SYNC_CGROUP_UNSHARE, - LXC_SYNC_CGROUP_LIMITS, - LXC_SYNC_READY_START, - LXC_SYNC_RESTART, - LXC_SYNC_POST_RESTART, - LXC_SYNC_ERROR = -1 /* Used to report errors from another process */ + LXC_SYNC_STARTUP = 0, + LXC_SYNC_CONFIGURE = 1, + LXC_SYNC_POST_CONFIGURE = 2, + LXC_SYNC_CGROUP = 3, + LXC_SYNC_CGROUP_UNSHARE = 4, + LXC_SYNC_CGROUP_LIMITS = 5, + LXC_SYNC_READY_START = 6, + LXC_SYNC_RESTART = 7, + LXC_SYNC_POST_RESTART = 8, + LXC_SYNC_ERROR = -1 /* Used to report errors from another process */ }; -int lxc_sync_init(struct lxc_handler *handler); -void lxc_sync_fini(struct lxc_handler *); -void lxc_sync_fini_parent(struct lxc_handler *); -void lxc_sync_fini_child(struct lxc_handler *); -int lxc_sync_wake_child(struct lxc_handler *, int); -int lxc_sync_wait_child(struct lxc_handler *, int); -int lxc_sync_wake_parent(struct lxc_handler *, int); -int lxc_sync_wait_parent(struct lxc_handler *, int); -int lxc_sync_barrier_parent(struct lxc_handler *, int); -int lxc_sync_barrier_child(struct lxc_handler *, int); +static inline const char *sync_to_string(int state) +{ + switch (state) { + case LXC_SYNC_STARTUP: + return "startup"; + case LXC_SYNC_CONFIGURE: + return "configure"; + case LXC_SYNC_POST_CONFIGURE: + return "post-configure"; + case LXC_SYNC_CGROUP: + return "cgroup"; + case LXC_SYNC_CGROUP_UNSHARE: + return "cgroup-unshare"; + case LXC_SYNC_CGROUP_LIMITS: + return "cgroup-limits"; + case LXC_SYNC_READY_START: + return "ready-start"; + case LXC_SYNC_RESTART: + return "restart"; + case LXC_SYNC_POST_RESTART: + return "post-restart"; + case LXC_SYNC_ERROR: + return "error"; + default: + return "invalid sync state"; + } +} + +__hidden extern int lxc_sync_init(struct lxc_handler *handler); +__hidden extern void lxc_sync_fini(struct lxc_handler *); +__hidden extern void lxc_sync_fini_parent(struct lxc_handler *); +__hidden extern void lxc_sync_fini_child(struct lxc_handler *); +__hidden extern int lxc_sync_wake_child(struct lxc_handler *, int); +__hidden extern int lxc_sync_wait_child(struct lxc_handler *, int); +__hidden extern int lxc_sync_wake_parent(struct lxc_handler *, int); +__hidden extern int lxc_sync_wait_parent(struct lxc_handler *, int); +__hidden extern int lxc_sync_barrier_parent(struct lxc_handler *, int); +__hidden extern int lxc_sync_barrier_child(struct lxc_handler *, int); -#endif +#endif /* __LXC_SYNC_H */ diff -Nru lxc-4.0.2/src/lxc/syscall_numbers.h lxc-4.0.6/src/lxc/syscall_numbers.h --- lxc-4.0.2/src/lxc/syscall_numbers.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/syscall_numbers.h 2021-01-12 00:20:05.000000000 +0000 @@ -40,7 +40,7 @@ #elif defined __sparc__ #define __NR_keyctl 283 #elif defined __ia64__ - #define __NR_keyctl 249 + #define __NR_keyctl (249 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_keyctl 4282 @@ -112,7 +112,7 @@ #elif defined __sparc__ #define __NR_pivot_root 146 #elif defined __ia64__ - #define __NR_pivot_root 183 + #define __NR_pivot_root (183 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_pivot_root 4216 @@ -147,7 +147,7 @@ #elif defined __sparc__ #define __NR_setns 337 #elif defined __ia64__ - #define __NR_setns 306 + #define __NR_setns (306 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_setns 4344 @@ -182,7 +182,7 @@ #elif defined __sparc__ #define __NR_sethostname 88 #elif defined __ia64__ - #define __NR_sethostname 59 + #define __NR_sethostname (59 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_sethostname 474 @@ -217,7 +217,7 @@ #elif defined __sparc__ #define __NR_signalfd 311 #elif defined __ia64__ - #define __NR_signalfd 283 + #define __NR_signalfd (283 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_signalfd 4317 @@ -228,9 +228,6 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_signalfd 5276 #endif - #else - #define -1 - #warning "__NR_signalfd not defined for your architecture" #endif #endif @@ -252,7 +249,7 @@ #elif defined __sparc__ #define __NR_signalfd4 317 #elif defined __ia64__ - #define __NR_signalfd4 289 + #define __NR_signalfd4 (289 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_signalfd4 4324 @@ -287,7 +284,7 @@ #elif defined __sparc__ #define __NR_unshare 299 #elif defined __ia64__ - #define __NR_unshare 272 + #define __NR_unshare (272 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_unshare 4303 @@ -322,7 +319,7 @@ #elif defined __sparc__ #define __NR_bpf 349 #elif defined __ia64__ - #define __NR_bpf 317 + #define __NR_bpf (317 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_bpf 4355 @@ -357,7 +354,7 @@ #elif defined __sparc__ #define __NR_faccessat 296 #elif defined __ia64__ - #define __NR_faccessat 269 + #define __NR_faccessat (269 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_faccessat 4300 @@ -387,6 +384,8 @@ #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ #define __NR_pidfd_send_signal 5424 #endif + #elif defined __ia64__ + #define __NR_pidfd_send_signal (424 + 1024) #else #define __NR_pidfd_send_signal 424 #endif @@ -410,7 +409,7 @@ #elif defined __sparc__ #define __NR_seccomp 346 #elif defined __ia64__ - #define __NR_seccomp 329 + #define __NR_seccomp (329 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_seccomp 4352 @@ -445,7 +444,7 @@ #elif defined __sparc__ #define __NR_gettid 143 #elif defined __ia64__ - #define __NR_gettid 81 + #define __NR_gettid (81 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_gettid 4222 @@ -484,7 +483,7 @@ #elif defined __sparc__ #define __NR_execveat 350 #elif defined __ia64__ - #define __NR_execveat 318 + #define __NR_execveat (318 + 1024) #elif defined _MIPS_SIM #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ #define __NR_execveat 4356 @@ -501,4 +500,164 @@ #endif #endif +#ifndef __NR_move_mount + #if defined __alpha__ + #define __NR_move_mount 539 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_move_mount 4429 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_move_mount 6429 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_move_mount 5429 + #endif + #elif defined __ia64__ + #define __NR_move_mount (428 + 1024) + #else + #define __NR_move_mount 429 + #endif +#endif + +#ifndef __NR_open_tree + #if defined __alpha__ + #define __NR_open_tree 538 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_open_tree 4428 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_open_tree 6428 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_open_tree 5428 + #endif + #elif defined __ia64__ + #define __NR_open_tree (428 + 1024) + #else + #define __NR_open_tree 428 + #endif +#endif + +#ifndef __NR_clone3 + #if defined __alpha__ + #define __NR_clone3 545 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_clone3 4435 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_clone3 6435 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_clone3 5435 + #endif + #elif defined __ia64__ + #define __NR_clone3 (435 + 1024) + #else + #define __NR_clone3 435 + #endif +#endif + +#ifndef __NR_fsopen + #if defined __alpha__ + #define __NR_fsopen 540 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsopen 4430 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsopen 6430 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsopen 5430 + #endif + #elif defined __ia64__ + #define __NR_fsopen (430 + 1024) + #else + #define __NR_fsopen 430 + #endif +#endif + +#ifndef __NR_fspick + #if defined __alpha__ + #define __NR_fspick 543 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fspick 4433 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fspick 6433 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fspick 5433 + #endif + #elif defined __ia64__ + #define __NR_fspick (433 + 1024) + #else + #define __NR_fspick 433 + #endif +#endif + +#ifndef __NR_fsconfig + #if defined __alpha__ + #define __NR_fsconfig 541 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsconfig 4431 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsconfig 6431 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsconfig 5431 + #endif + #elif defined __ia64__ + #define __NR_fsconfig (431 + 1024) + #else + #define __NR_fsconfig 431 + #endif +#endif + +#ifndef __NR_fsmount + #if defined __alpha__ + #define __NR_fsmount 542 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_fsmount 4432 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_fsmount 6432 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_fsmount 5432 + #endif + #elif defined __ia64__ + #define __NR_fsmount (432 + 1024) + #else + #define __NR_fsmount 432 + #endif +#endif + +#ifndef __NR_openat2 + #if defined __alpha__ + #define __NR_openat2 547 + #elif defined _MIPS_SIM + #if _MIPS_SIM == _MIPS_SIM_ABI32 /* o32 */ + #define __NR_openat2 4437 + #endif + #if _MIPS_SIM == _MIPS_SIM_NABI32 /* n32 */ + #define __NR_openat2 6437 + #endif + #if _MIPS_SIM == _MIPS_SIM_ABI64 /* n64 */ + #define __NR_openat2 5437 + #endif + #elif defined __ia64__ + #define __NR_openat2 (437 + 1024) + #else + #define __NR_openat2 437 + #endif +#endif + #endif /* __LXC_SYSCALL_NUMBERS_H */ diff -Nru lxc-4.0.2/src/lxc/syscall_wrappers.h lxc-4.0.6/src/lxc/syscall_wrappers.h --- lxc-4.0.2/src/lxc/syscall_wrappers.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/syscall_wrappers.h 2021-01-12 00:20:05.000000000 +0000 @@ -16,6 +16,7 @@ #include #include "config.h" +#include "macro.h" #include "syscall_numbers.h" #ifdef HAVE_LINUX_MEMFD_H @@ -26,6 +27,10 @@ #include #endif +#ifdef HAVE_STRUCT_OPEN_HOW +#include +#endif + typedef int32_t key_serial_t; #if !HAVE_KEYCTL @@ -112,8 +117,10 @@ int retval; retval = syscall(__NR_signalfd4, fd, mask, _NSIG / 8, flags); +#ifdef __NR_signalfd if (errno == ENOSYS && flags == 0) retval = syscall(__NR_signalfd, fd, mask, _NSIG / 8); +#endif return retval; } @@ -137,4 +144,125 @@ } #endif +#ifndef HAVE_MOVE_MOUNT +static inline int move_mount_lxc(int from_dfd, const char *from_pathname, + int to_dfd, const char *to_pathname, + unsigned int flags) +{ + return syscall(__NR_move_mount, from_dfd, from_pathname, to_dfd, + to_pathname, flags); +} +#define move_mount move_mount_lxc +#else +extern int move_mount(int from_dfd, const char *from_pathname, int to_dfd, + const char *to_pathname, unsigned int flags); +#endif + +#ifndef HAVE_OPEN_TREE +static inline int open_tree_lxc(int dfd, const char *filename, unsigned int flags) +{ + return syscall(__NR_open_tree, dfd, filename, flags); +} +#define open_tree open_tree_lxc +#else +extern int open_tree(int dfd, const char *filename, unsigned int flags); +#endif + +#ifndef HAVE_FSOPEN +static inline int fsopen_lxc(const char *fs_name, unsigned int flags) +{ + return syscall(__NR_fsopen, fs_name, flags); +} +#define fsopen fsopen_lxc +#else +extern int fsopen(const char *fs_name, unsigned int flags); +#endif + +#ifndef HAVE_FSPICK +static inline int fspick_lxc(int dfd, const char *path, unsigned int flags) +{ + return syscall(__NR_fspick, dfd, path, flags); +} +#define fspick fspick_lxc +#else +extern int fspick(int dfd, const char *path, unsigned int flags); +#endif + +#ifndef HAVE_FSCONFIG +static inline int fsconfig_lxc(int fd, unsigned int cmd, const char *key, const void *value, int aux) +{ + return syscall(__NR_fsconfig, fd, cmd, key, value, aux); +} +#define fsconfig fsconfig_lxc +#else +extern int fsconfig(int fd, unsigned int cmd, const char *key, const void *value, int aux); +#endif + +#ifndef HAVE_FSMOUNT +static inline int fsmount_lxc(int fs_fd, unsigned int flags, unsigned int attr_flags) +{ + return syscall(__NR_fsmount, fs_fd, flags, attr_flags); +} +#define fsmount fsmount_lxc +#else +extern int fsmount(int fs_fd, unsigned int flags, unsigned int attr_flags); +#endif + +/* + * Arguments for how openat2(2) should open the target path. If only @flags and + * @mode are non-zero, then openat2(2) operates very similarly to openat(2). + * + * However, unlike openat(2), unknown or invalid bits in @flags result in + * -EINVAL rather than being silently ignored. @mode must be zero unless one of + * {O_CREAT, O_TMPFILE} are set. + * + * @flags: O_* flags. + * @mode: O_CREAT/O_TMPFILE file mode. + * @resolve: RESOLVE_* flags. + */ +struct lxc_open_how { + __u64 flags; + __u64 mode; + __u64 resolve; +}; + +/* how->resolve flags for openat2(2). */ +#ifndef RESOLVE_NO_XDEV +#define RESOLVE_NO_XDEV 0x01 /* Block mount-point crossings + (includes bind-mounts). */ +#endif + +#ifndef RESOLVE_NO_MAGICLINKS +#define RESOLVE_NO_MAGICLINKS 0x02 /* Block traversal through procfs-style + "magic-links". */ +#endif + +#ifndef RESOLVE_NO_SYMLINKS +#define RESOLVE_NO_SYMLINKS 0x04 /* Block traversal through all symlinks + (implies OEXT_NO_MAGICLINKS) */ +#endif + +#ifndef RESOLVE_BENEATH +#define RESOLVE_BENEATH 0x08 /* Block "lexical" trickery like + "..", symlinks, and absolute + paths which escape the dirfd. */ +#endif + +#ifndef RESOLVE_IN_ROOT +#define RESOLVE_IN_ROOT 0x10 /* Make all jumps to "/" and ".." + be scoped inside the dirfd + (similar to chroot(2)). */ +#endif + +#ifndef HAVE_OPENAT2 +static inline int openat2(int dfd, const char *filename, struct lxc_open_how *how, size_t size) +{ + /* When struct open_how is updated we should update lxc as well. */ +#ifdef HAVE_STRUCT_OPEN_HOW + BUILD_BUG_ON(sizeof(struct lxc_open_how) != sizeof(struct open_how)); +#endif + return syscall(__NR_openat2, dfd, filename, (struct open_how *)how, size); +} +#endif /* HAVE_OPENAT2 */ + #endif /* __LXC_SYSCALL_WRAPPER_H */ diff -Nru lxc-4.0.2/src/lxc/terminal.c lxc-4.0.6/src/lxc/terminal.c --- lxc-4.0.2/src/lxc/terminal.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/terminal.c 2021-01-12 00:20:05.000000000 +0000 @@ -29,7 +29,7 @@ #include "terminal.h" #include "utils.h" -#if HAVE_PTY_H +#if HAVE_OPENPTY #include #else #include <../include/openpty.h> @@ -65,7 +65,7 @@ static void lxc_terminal_winch(struct lxc_terminal_state *ts) { - lxc_terminal_winsz(ts->stdinfd, ts->masterfd); + lxc_terminal_winsz(ts->stdinfd, ts->ptxfd); } int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata, @@ -105,7 +105,7 @@ memset(ts, 0, sizeof(*ts)); ts->stdinfd = srcfd; - ts->masterfd = dstfd; + ts->ptxfd = dstfd; ts->sigfd = -1; ret = sigemptyset(&mask); @@ -147,6 +147,16 @@ return move_ptr(ts); } +int lxc_terminal_signal_sigmask_safe_blocked(struct lxc_terminal *terminal) +{ + struct lxc_terminal_state *state = terminal->tty_state; + + if (!state) + return 0; + + return pthread_sigmask(SIG_SETMASK, &state->oldmask, NULL); +} + /** * lxc_terminal_signal_fini: uninstall signal handler * @@ -330,8 +340,8 @@ INFO("Terminal client on fd %d has exited", fd); lxc_mainloop_del_handler(descr, fd); - if (fd == terminal->master) { - terminal->master = -EBADF; + if (fd == terminal->ptx) { + terminal->ptx = -EBADF; } else if (fd == terminal->peer) { lxc_terminal_signal_fini(terminal); terminal->peer = -EBADF; @@ -344,10 +354,10 @@ } if (fd == terminal->peer) - w = lxc_write_nointr(terminal->master, buf, r); + w = lxc_write_nointr(terminal->ptx, buf, r); w_rbuf = w_log = 0; - if (fd == terminal->master) { + if (fd == terminal->ptx) { /* write to peer first */ if (terminal->peer >= 0) w = lxc_write_nointr(terminal->peer, buf, r); @@ -406,16 +416,16 @@ { int ret; - if (terminal->master < 0) { + if (terminal->ptx < 0) { INFO("Terminal is not initialized"); return 0; } - ret = lxc_mainloop_add_handler(descr, terminal->master, + ret = lxc_mainloop_add_handler(descr, terminal->ptx, lxc_terminal_io_cb, terminal); if (ret < 0) { - ERROR("Failed to add handler for terminal master fd %d to " - "mainloop", terminal->master); + ERROR("Failed to add handler for terminal ptx fd %d to " + "mainloop", terminal->ptx); return -1; } @@ -483,11 +493,11 @@ { lxc_terminal_signal_fini(terminal); - close(terminal->proxy.master); - terminal->proxy.master = -1; + close(terminal->proxy.ptx); + terminal->proxy.ptx = -1; - close(terminal->proxy.slave); - terminal->proxy.slave = -1; + close(terminal->proxy.pty); + terminal->proxy.pty = -1; terminal->proxy.busy = -1; @@ -503,7 +513,7 @@ struct termios oldtermio; struct lxc_terminal_state *ts; - if (terminal->master < 0) { + if (terminal->ptx < 0) { ERROR("Terminal not set up"); return -1; } @@ -519,51 +529,51 @@ } /* This is the proxy terminal that will be given to the client, and - * that the real terminal master will send to / recv from. + * that the real terminal ptx will send to / recv from. */ - ret = openpty(&terminal->proxy.master, &terminal->proxy.slave, NULL, + ret = openpty(&terminal->proxy.ptx, &terminal->proxy.pty, NULL, NULL, NULL); if (ret < 0) { SYSERROR("Failed to open proxy terminal"); return -1; } - ret = ttyname_r(terminal->proxy.slave, terminal->proxy.name, + ret = ttyname_r(terminal->proxy.pty, terminal->proxy.name, sizeof(terminal->proxy.name)); if (ret < 0) { - SYSERROR("Failed to retrieve name of proxy terminal slave"); + SYSERROR("Failed to retrieve name of proxy terminal pty"); goto on_error; } - ret = fd_cloexec(terminal->proxy.master, true); + ret = fd_cloexec(terminal->proxy.ptx, true); if (ret < 0) { - SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal master"); + SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal ptx"); goto on_error; } - ret = fd_cloexec(terminal->proxy.slave, true); + ret = fd_cloexec(terminal->proxy.pty, true); if (ret < 0) { - SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal slave"); + SYSERROR("Failed to set FD_CLOEXEC flag on proxy terminal pty"); goto on_error; } - ret = lxc_setup_tios(terminal->proxy.slave, &oldtermio); + ret = lxc_setup_tios(terminal->proxy.pty, &oldtermio); if (ret < 0) goto on_error; - ts = lxc_terminal_signal_init(terminal->proxy.master, terminal->master); + ts = lxc_terminal_signal_init(terminal->proxy.ptx, terminal->ptx); if (!ts) goto on_error; terminal->tty_state = ts; - terminal->peer = terminal->proxy.slave; + terminal->peer = terminal->proxy.pty; terminal->proxy.busy = sockfd; ret = lxc_terminal_mainloop_add_peer(terminal); if (ret < 0) goto on_error; - NOTICE("Opened proxy terminal with master fd %d and slave fd %d", - terminal->proxy.master, terminal->proxy.slave); + NOTICE("Opened proxy terminal with ptx fd %d and pty fd %d", + terminal->proxy.ptx, terminal->proxy.pty); return 0; on_error: @@ -574,7 +584,7 @@ int lxc_terminal_allocate(struct lxc_conf *conf, int sockfd, int *ttyreq) { int ttynum; - int masterfd = -1; + int ptxfd = -1; struct lxc_tty_info *ttys = &conf->ttys; struct lxc_terminal *terminal = &conf->console; @@ -585,7 +595,7 @@ if (ret < 0) goto out; - masterfd = terminal->proxy.master; + ptxfd = terminal->proxy.ptx; goto out; } @@ -614,10 +624,10 @@ out_tty: ttys->tty[ttynum - 1].busy = sockfd; - masterfd = ttys->tty[ttynum - 1].master; + ptxfd = ttys->tty[ttynum - 1].ptx; out: - return masterfd; + return ptxfd; } void lxc_terminal_free(struct lxc_conf *conf, int fd) @@ -633,7 +643,7 @@ if (terminal->proxy.busy != fd) return; - lxc_mainloop_del_handler(terminal->descr, terminal->proxy.slave); + lxc_mainloop_del_handler(terminal->descr, terminal->proxy.pty); lxc_terminal_peer_proxy_free(terminal); } @@ -666,14 +676,14 @@ goto on_error_free_tios; } - ts = lxc_terminal_signal_init(terminal->peer, terminal->master); + ts = lxc_terminal_signal_init(terminal->peer, terminal->ptx); terminal->tty_state = ts; if (!ts) { WARN("Failed to install signal handler"); goto on_error_free_tios; } - lxc_terminal_winsz(terminal->peer, terminal->master); + lxc_terminal_winsz(terminal->peer, terminal->ptx); terminal->tios = malloc(sizeof(*terminal->tios)); if (!terminal->tios) @@ -749,13 +759,13 @@ close(terminal->peer); terminal->peer = -1; - if (terminal->master >= 0) - close(terminal->master); - terminal->master = -1; - - if (terminal->slave >= 0) - close(terminal->slave); - terminal->slave = -1; + if (terminal->ptx >= 0) + close(terminal->ptx); + terminal->ptx = -1; + + if (terminal->pty >= 0) + close(terminal->pty); + terminal->pty = -1; if (terminal->log_fd >= 0) close(terminal->log_fd); @@ -764,7 +774,7 @@ /** * Note that this function needs to run before the mainloop starts. Since we - * register a handler for the terminal's masterfd when we create the mainloop + * register a handler for the terminal's ptxfd when we create the mainloop * the terminal handler needs to see an allocated ringbuffer. */ static int lxc_terminal_create_ringbuf(struct lxc_terminal *terminal) @@ -828,31 +838,61 @@ return 0; } -int lxc_terminal_create(struct lxc_terminal *terminal) +static int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal) { int ret; - ret = openpty(&terminal->master, &terminal->slave, NULL, NULL, NULL); + if (lxc_list_empty(&c->id_map)) + return 0; + + if (is_empty_string(terminal->name) && terminal->pty < 0) + return 0; + + if (terminal->pty >= 0) + ret = userns_exec_mapped_root(NULL, terminal->pty, c); + else + ret = userns_exec_mapped_root(terminal->name, -EBADF, c); + if (ret < 0) + return log_error(-1, "Failed to chown terminal %d(%s)", terminal->pty, + !is_empty_string(terminal->name) ? terminal->name : "(null)"); + + TRACE("Chowned terminal %d(%s)", terminal->pty, + !is_empty_string(terminal->name) ? terminal->name : "(null)"); + + return 0; +} + +static int lxc_terminal_create_foreign(struct lxc_conf *conf, struct lxc_terminal *terminal) +{ + int ret; + + ret = openpty(&terminal->ptx, &terminal->pty, NULL, NULL, NULL); if (ret < 0) { SYSERROR("Failed to open terminal"); return -1; } - ret = ttyname_r(terminal->slave, terminal->name, sizeof(terminal->name)); + ret = lxc_terminal_map_ids(conf, terminal); + if (ret < 0) { + SYSERROR("Failed to change ownership of terminal multiplexer device"); + goto err; + } + + ret = ttyname_r(terminal->pty, terminal->name, sizeof(terminal->name)); if (ret < 0) { - SYSERROR("Failed to retrieve name of terminal slave"); + SYSERROR("Failed to retrieve name of terminal pty"); goto err; } - ret = fd_cloexec(terminal->master, true); + ret = fd_cloexec(terminal->ptx, true); if (ret < 0) { - SYSERROR("Failed to set FD_CLOEXEC flag on terminal master"); + SYSERROR("Failed to set FD_CLOEXEC flag on terminal ptx"); goto err; } - ret = fd_cloexec(terminal->slave, true); + ret = fd_cloexec(terminal->pty, true); if (ret < 0) { - SYSERROR("Failed to set FD_CLOEXEC flag on terminal slave"); + SYSERROR("Failed to set FD_CLOEXEC flag on terminal pty"); goto err; } @@ -869,6 +909,62 @@ return -ENODEV; } +static int lxc_terminal_create_native(const char *name, const char *lxcpath, struct lxc_conf *conf, + struct lxc_terminal *terminal) +{ + __do_close int devpts_fd = -EBADF; + int ret; + + devpts_fd = lxc_cmd_get_devpts_fd(name, lxcpath); + if (devpts_fd < 0) + return log_error_errno(-1, errno, "Failed to receive devpts fd"); + + terminal->ptx = open_beneath(devpts_fd, "ptmx", O_RDWR | O_NOCTTY | O_CLOEXEC); + if (terminal->ptx < 0) + return log_error_errno(-1, errno, "Failed to open terminal multiplexer device"); + + ret = unlockpt(terminal->ptx); + if (ret < 0) { + SYSERROR("Failed to unlock multiplexer device device"); + goto err; + } + + terminal->pty = ioctl(terminal->ptx, TIOCGPTPEER, O_RDWR | O_NOCTTY | O_CLOEXEC); + if (terminal->pty < 0) { + SYSERROR("Failed to allocate new pty device"); + goto err; + } + + // ret = lxc_terminal_map_ids(conf, terminal); + + ret = ttyname_r(terminal->pty, terminal->name, sizeof(terminal->name)); + if (ret < 0) { + SYSERROR("Failed to retrieve name of terminal pty"); + goto err; + } + + ret = lxc_terminal_peer_default(terminal); + if (ret < 0) { + ERROR("Failed to allocate proxy terminal"); + goto err; + } + + return 0; + +err: + lxc_terminal_delete(terminal); + return -ENODEV; +} + +int lxc_terminal_create(const char *name, const char *lxcpath, struct lxc_conf *conf, + struct lxc_terminal *terminal) +{ + if (!lxc_terminal_create_native(name, lxcpath, conf, terminal)) + return 0; + + return lxc_terminal_create_foreign(conf, terminal); +} + int lxc_terminal_setup(struct lxc_conf *conf) { int ret; @@ -879,7 +975,7 @@ return 0; } - ret = lxc_terminal_create(terminal); + ret = lxc_terminal_create_foreign(conf, terminal); if (ret < 0) return -1; @@ -956,21 +1052,21 @@ ts->saw_escape = 0; } - ret = lxc_write_nointr(ts->masterfd, &c, 1); + ret = lxc_write_nointr(ts->ptxfd, &c, 1); if (ret <= 0) return LXC_MAINLOOP_CLOSE; return LXC_MAINLOOP_CONTINUE; } -int lxc_terminal_master_cb(int fd, uint32_t events, void *cbdata, +int lxc_terminal_ptx_cb(int fd, uint32_t events, void *cbdata, struct lxc_epoll_descr *descr) { int r, w; char buf[LXC_TERMINAL_BUFFER_SIZE]; struct lxc_terminal_state *ts = cbdata; - if (fd != ts->masterfd) + if (fd != ts->ptxfd) return LXC_MAINLOOP_CLOSE; r = lxc_read_nointr(fd, buf, sizeof(buf)); @@ -984,16 +1080,16 @@ return LXC_MAINLOOP_CONTINUE; } -int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *masterfd) +int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *ptxfd) { - return lxc_cmd_console(c->name, ttynum, masterfd, c->config_path); + return lxc_cmd_console(c->name, ttynum, ptxfd, c->config_path); } int lxc_console(struct lxc_container *c, int ttynum, int stdinfd, int stdoutfd, int stderrfd, int escape) { - int masterfd, ret, ttyfd; + int ptxfd, ret, ttyfd; struct lxc_epoll_descr descr; struct termios oldtios; struct lxc_terminal_state *ts; @@ -1002,7 +1098,7 @@ }; int istty = 0; - ttyfd = lxc_cmd_console(c->name, &ttynum, &masterfd, c->config_path); + ttyfd = lxc_cmd_console(c->name, &ttynum, &ptxfd, c->config_path); if (ttyfd < 0) return -1; @@ -1010,7 +1106,7 @@ if (ret < 0) TRACE("Process is already group leader"); - ts = lxc_terminal_signal_init(stdinfd, masterfd); + ts = lxc_terminal_signal_init(stdinfd, ptxfd); if (!ts) { ret = -1; goto close_fds; @@ -1021,8 +1117,8 @@ istty = isatty(stdinfd); if (istty) { - lxc_terminal_winsz(stdinfd, masterfd); - lxc_terminal_winsz(ts->stdinfd, ts->masterfd); + lxc_terminal_winsz(stdinfd, ptxfd); + lxc_terminal_winsz(ts->stdinfd, ts->ptxfd); } else { INFO("File descriptor %d does not refer to a terminal", stdinfd); } @@ -1049,10 +1145,10 @@ goto close_mainloop; } - ret = lxc_mainloop_add_handler(&descr, ts->masterfd, - lxc_terminal_master_cb, ts); + ret = lxc_mainloop_add_handler(&descr, ts->ptxfd, + lxc_terminal_ptx_cb, ts); if (ret < 0) { - ERROR("Failed to add master handler"); + ERROR("Failed to add ptx handler"); goto close_mainloop; } @@ -1093,7 +1189,7 @@ lxc_terminal_signal_fini(&terminal); close_fds: - close(masterfd); + close(ptxfd); close(ttyfd); return ret; @@ -1133,16 +1229,16 @@ void lxc_terminal_info_init(struct lxc_terminal_info *terminal) { terminal->name[0] = '\0'; - terminal->master = -EBADF; - terminal->slave = -EBADF; + terminal->ptx = -EBADF; + terminal->pty = -EBADF; terminal->busy = -1; } void lxc_terminal_init(struct lxc_terminal *terminal) { memset(terminal, 0, sizeof(*terminal)); - terminal->slave = -EBADF; - terminal->master = -EBADF; + terminal->pty = -EBADF; + terminal->ptx = -EBADF; terminal->peer = -EBADF; terminal->log_fd = -EBADF; lxc_terminal_info_init(&terminal->proxy); @@ -1156,24 +1252,3 @@ lxc_ringbuf_release(&terminal->ringbuf); lxc_terminal_signal_fini(terminal); } - -int lxc_terminal_map_ids(struct lxc_conf *c, struct lxc_terminal *terminal) -{ - int ret; - - if (lxc_list_empty(&c->id_map)) - return 0; - - if (strcmp(terminal->name, "") == 0) - return 0; - - ret = chown_mapped_root(terminal->name, c); - if (ret < 0) { - ERROR("Failed to chown terminal \"%s\"", terminal->name); - return -1; - } - - TRACE("Chowned terminal \"%s\"", terminal->name); - - return 0; -} diff -Nru lxc-4.0.2/src/lxc/terminal.h lxc-4.0.6/src/lxc/terminal.h --- lxc-4.0.2/src/lxc/terminal.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/terminal.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,6 +6,7 @@ #include #include +#include "compiler.h" #include "list.h" #include "macro.h" #include "ringbuf.h" @@ -15,14 +16,14 @@ struct lxc_epoll_descr; struct lxc_terminal_info { - /* the path name of the slave side */ + /* the path name of the pty side */ char name[PATH_MAX]; - /* the file descriptor of the master */ - int master; + /* the file descriptor of the ptx */ + int ptx; - /* the file descriptor of the slave */ - int slave; + /* the file descriptor of the pty */ + int pty; /* whether the terminal is currently used */ int busy; @@ -32,7 +33,7 @@ struct lxc_list node; int stdinfd; int stdoutfd; - int masterfd; + int ptxfd; /* Escape sequence to use for exiting the terminal. A single char can * be specified. The terminal can then exited by doing: Ctrl + @@ -57,8 +58,8 @@ }; struct lxc_terminal { - int slave; - int master; + int pty; + int ptx; int peer; struct lxc_terminal_info proxy; struct lxc_epoll_descr *descr; @@ -98,30 +99,32 @@ * indication that the console or tty is no longer in use * @ttyreq : the tty requested to be opened, -1 for any, 0 for the console */ -extern int lxc_terminal_allocate(struct lxc_conf *conf, int sockfd, int *ttynum); +__hidden extern int lxc_terminal_allocate(struct lxc_conf *conf, int sockfd, int *ttynum); /** * Create a new terminal: - * - calls openpty() to allocate a master/slave pair - * - sets the FD_CLOEXEC flag on the master/slave fds + * - calls openpty() to allocate a ptx/pty pair + * - sets the FD_CLOEXEC flag on the ptx/pty fds * - allocates either the current controlling terminal (default) or a user - * specified terminal as proxy for the newly created master/slave pair + * specified terminal as proxy for the newly created ptx/pty pair * - sets up SIGWINCH handler, winsz, and new terminal settings * (Handlers for SIGWINCH and I/O are not registered in a mainloop.) */ -extern int lxc_terminal_create(struct lxc_terminal *console); +__hidden extern int lxc_terminal_create(const char *name, const char *lxcpath, + struct lxc_conf *conf, + struct lxc_terminal *console); /** * lxc_terminal_setup: Create a new terminal. * - In addition to lxc_terminal_create() also sets up logging. */ -extern int lxc_terminal_setup(struct lxc_conf *); +__hidden extern int lxc_terminal_setup(struct lxc_conf *); /** * Delete a terminal created via lxc_terminal_create() or lxc_terminal_setup(): * Note, registered handlers are not automatically deleted. */ -extern void lxc_terminal_delete(struct lxc_terminal *); +__hidden extern void lxc_terminal_delete(struct lxc_terminal *); /** * lxc_terminal_free: mark the terminal as unallocated and free any resources @@ -132,17 +135,17 @@ * the terminal is no longer in use. this is used to match * which terminal is being freed. */ -extern void lxc_terminal_free(struct lxc_conf *conf, int fd); +__hidden extern void lxc_terminal_free(struct lxc_conf *conf, int fd); /** * Register terminal event handlers in an open mainloop. */ -extern int lxc_terminal_mainloop_add(struct lxc_epoll_descr *, struct lxc_terminal *); +__hidden extern int lxc_terminal_mainloop_add(struct lxc_epoll_descr *, struct lxc_terminal *); /** * Handle SIGWINCH events on the allocated terminals. */ -extern void lxc_terminal_sigwinch(int sig); +__hidden extern void lxc_terminal_sigwinch(int sig); /** * Connect to one of the ttys given to the container via lxc.tty.max. @@ -153,9 +156,8 @@ * - registers SIGWINCH, I/O handlers in the mainloop * - performs all necessary cleanup operations */ -extern int lxc_console(struct lxc_container *c, int ttynum, - int stdinfd, int stdoutfd, int stderrfd, - int escape); +__hidden extern int lxc_console(struct lxc_container *c, int ttynum, int stdinfd, int stdoutfd, + int stderrfd, int escape); /** * Allocate one of the tty given to the container via lxc.tty.max. Returns an @@ -163,15 +165,14 @@ * Set ttynum to -1 to allocate the first available tty, or to a value within * the range specified by lxc.tty.max to allocate a specific tty. */ -extern int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, - int *masterfd); +__hidden extern int lxc_terminal_getfd(struct lxc_container *c, int *ttynum, int *ptxfd); /** * Make fd a duplicate of the standard file descriptors. The fd is made a * duplicate of a specific standard file descriptor iff the standard file * descriptor refers to a terminal. */ -extern int lxc_terminal_set_stdfds(int fd); +__hidden extern int lxc_terminal_set_stdfds(int fd); /** * Handler for events on the stdin fd of the terminal. To be registered via the @@ -179,34 +180,33 @@ * lxc_terminal_mainloop_add(). * This function exits the loop cleanly when an EPOLLHUP event is received. */ -extern int lxc_terminal_stdin_cb(int fd, uint32_t events, void *cbdata, - struct lxc_epoll_descr *descr); +__hidden extern int lxc_terminal_stdin_cb(int fd, uint32_t events, void *cbdata, + struct lxc_epoll_descr *descr); /** - * Handler for events on the master fd of the terminal. To be registered via + * Handler for events on the ptx fd of the terminal. To be registered via * the corresponding functions declared and defined in mainloop.{c,h} or * lxc_terminal_mainloop_add(). * This function exits the loop cleanly when an EPOLLHUP event is received. */ -extern int lxc_terminal_master_cb(int fd, uint32_t events, void *cbdata, - struct lxc_epoll_descr *descr); +__hidden extern int lxc_terminal_ptx_cb(int fd, uint32_t events, void *cbdata, + struct lxc_epoll_descr *descr); /** * Setup new terminal properties. The old terminal settings are stored in * oldtios. */ -extern int lxc_setup_tios(int fd, struct termios *oldtios); - +__hidden extern int lxc_setup_tios(int fd, struct termios *oldtios); /** * lxc_terminal_winsz: propagate winsz from one terminal to another * * @srcfd - * - terminal to get size from (typically a slave pty) + * - terminal to get size from (typically a pty pty) * @dstfd - * - terminal to set size on (typically a master pty) + * - terminal to set size on (typically a ptx pty) */ -extern void lxc_terminal_winsz(int srcfd, int dstfd); +__hidden extern void lxc_terminal_winsz(int srcfd, int dstfd); /* * lxc_terminal_signal_init: install signal handler @@ -232,26 +232,25 @@ * * This function allocates memory. It is up to the caller to free it. */ -extern struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd); +__hidden extern struct lxc_terminal_state *lxc_terminal_signal_init(int srcfd, int dstfd); /** * Handler for signal events. To be registered via the corresponding functions * declared and defined in mainloop.{c,h} or lxc_terminal_mainloop_add(). */ -extern int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata, - struct lxc_epoll_descr *descr); +__hidden extern int lxc_terminal_signalfd_cb(int fd, uint32_t events, void *cbdata, + struct lxc_epoll_descr *descr); -extern int lxc_terminal_write_ringbuffer(struct lxc_terminal *terminal); -extern int lxc_terminal_create_log_file(struct lxc_terminal *terminal); -extern int lxc_terminal_io_cb(int fd, uint32_t events, void *data, - struct lxc_epoll_descr *descr); - -extern int lxc_make_controlling_terminal(int fd); -extern int lxc_terminal_prepare_login(int fd); -extern void lxc_terminal_conf_free(struct lxc_terminal *terminal); -extern void lxc_terminal_info_init(struct lxc_terminal_info *terminal); -extern void lxc_terminal_init(struct lxc_terminal *terminal); -extern int lxc_terminal_map_ids(struct lxc_conf *c, - struct lxc_terminal *terminal); +__hidden extern int lxc_terminal_write_ringbuffer(struct lxc_terminal *terminal); +__hidden extern int lxc_terminal_create_log_file(struct lxc_terminal *terminal); +__hidden extern int lxc_terminal_io_cb(int fd, uint32_t events, void *data, + struct lxc_epoll_descr *descr); + +__hidden extern int lxc_make_controlling_terminal(int fd); +__hidden extern int lxc_terminal_prepare_login(int fd); +__hidden extern void lxc_terminal_conf_free(struct lxc_terminal *terminal); +__hidden extern void lxc_terminal_info_init(struct lxc_terminal_info *terminal); +__hidden extern void lxc_terminal_init(struct lxc_terminal *terminal); +__hidden extern int lxc_terminal_signal_sigmask_safe_blocked(struct lxc_terminal *terminal); #endif /* __LXC_TERMINAL_H */ diff -Nru lxc-4.0.2/src/lxc/tools/arguments.h lxc-4.0.6/src/lxc/tools/arguments.h --- lxc-4.0.2/src/lxc/tools/arguments.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/tools/arguments.h 2021-01-12 00:20:05.000000000 +0000 @@ -11,6 +11,8 @@ #include +#include "compiler.h" + struct lxc_arguments; typedef int (*lxc_arguments_parser_t)(struct lxc_arguments *, int, char *); @@ -152,13 +154,11 @@ #define OPT_SHARE_UTS OPT_USAGE - 5 #define OPT_SHARE_PID OPT_USAGE - 6 -extern int lxc_arguments_parse(struct lxc_arguments *args, int argc, - char *const argv[]); +__hidden extern int lxc_arguments_parse(struct lxc_arguments *args, int argc, char *const argv[]); -extern int lxc_arguments_str_to_int(struct lxc_arguments *args, - const char *str); +__hidden extern int lxc_arguments_str_to_int(struct lxc_arguments *args, const char *str); -extern bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c); +__hidden extern bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c); #define lxc_info(arg, fmt, args...) \ do { \ diff -Nru lxc-4.0.2/src/lxc/tools/lxc_ls.c lxc-4.0.6/src/lxc/tools/lxc_ls.c --- lxc-4.0.2/src/lxc/tools/lxc_ls.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/tools/lxc_ls.c 2021-01-12 00:20:05.000000000 +0000 @@ -24,6 +24,7 @@ #include "arguments.h" #include "config.h" #include "log.h" +#include "memory_utils.h" #include "utils.h" lxc_log_define(lxc_ls, lxc); @@ -218,17 +219,17 @@ struct lengths max_len = { /* default header length */ - .name_length = 4, /* NAME */ - .state_length = 5, /* STATE */ - .groups_length = 6, /* GROUPS */ - .interface_length = 9, /* INTERFACE */ - .ipv4_length = 4, /* IPV4 */ - .ipv6_length = 4, /* IPV6 */ - .init_length = 3, /* PID */ - .ram_length = 3, /* RAM */ - .swap_length = 4, /* SWAP */ - .autostart_length = 9, /* AUTOSTART */ - .unprivileged_length = 12, /* UNPRIVILEGED */ + .name_length = 4, /* NAME */ + .state_length = 5, /* STATE */ + .groups_length = 6, /* GROUPS */ + .interface_length = 9, /* INTERFACE */ + .ipv4_length = 4, /* IPV4 */ + .ipv6_length = 4, /* IPV6 */ + .init_length = 3, /* PID */ + .ram_length = 3, /* RAM */ + .swap_length = 4, /* SWAP */ + .autostart_length = 9, /* AUTOSTART */ + .unprivileged_length = 12, /* UNPRIVILEGED */ }; char **grps = NULL; @@ -289,26 +290,26 @@ free(l); } -static char *ls_get_config_item(struct lxc_container *c, const char *item, - bool running) +static char *ls_get_config_item(struct lxc_container *c, const char *item, bool running) { + __do_free char *val = NULL; + int len; + if (running) return c->get_running_config_item(c, item); - int len = c->get_config_item(c, item, NULL, 0); + len = c->get_config_item(c, item, NULL, 0); if (len <= 0) return NULL; - char *val = malloc((len + 1) * sizeof(*val)); + val = malloc((len + 1) * sizeof(*val)); if (!val) return NULL; - if (c->get_config_item(c, item, val, len + 1) != len) { - free(val); - val = NULL; - } + if (c->get_config_item(c, item, val, len + 1) != len) + return NULL; - return val; + return move_ptr(val); } static void ls_free_arr(char **arr, size_t size) @@ -322,9 +323,8 @@ } static int ls_get(struct ls **m, size_t *size, const struct lxc_arguments *args, - const char *basepath, const char *parent, unsigned int lvl, - char **lockpath, size_t len_lockpath, char **grps_must, - size_t grps_must_len) + const char *basepath, const char *parent, unsigned int lvl, char **lockpath, + size_t len_lockpath, char **grps_must, size_t grps_must_len) { /* As ls_get() is non-tail recursive we face the inherent danger of * blowing up the stack at some level of nesting. To have at least some @@ -597,38 +597,39 @@ static char *ls_get_cgroup_item(struct lxc_container *c, const char *item) { + __do_free char *val = NULL; + int len = c->get_cgroup_item(c, item, NULL, 0); if (len <= 0) return NULL; - char *val = malloc((len + 1) * sizeof(*val)); + val = malloc((len + 1) * sizeof(*val)); if (!val) return NULL; - if (c->get_cgroup_item(c, item, val, len + 1) != len) { - free(val); - val = NULL; - } + if (c->get_cgroup_item(c, item, val, len + 1) != len) + return NULL; - return val; + return move_ptr(val); } static char *ls_get_groups(struct lxc_container *c, bool running) { int len = 0; - char *val = NULL; + __do_free char *val = NULL; if (running) val = c->get_running_config_item(c, "lxc.group"); else len = c->get_config_item(c, "lxc.group", NULL, 0); - if (!val && (len > 0)) { + if (!val && (len > 0 && len < INT_MAX)) { val = malloc((len + 1) * sizeof(*val)); - if (c->get_config_item(c, "lxc.group", val, len + 1) != len) { - free(val); + if (!val) + return NULL; + + if (c->get_config_item(c, "lxc.group", val, len + 1) != len) return NULL; - } } if (val) { @@ -642,7 +643,7 @@ val = tmp; } - return val; + return move_ptr(val); } static char *ls_get_ips(struct lxc_container *c, const char *inet) @@ -681,16 +682,17 @@ */ static double ls_get_swap(struct lxc_container *c) { - char *stat, *swap, *tmp; + __do_free char *stat = NULL; + char *swap, *tmp; unsigned long long int num = 0; stat = ls_get_cgroup_item(c, "memory.stat"); if (!stat) - goto out; + return num; swap = strstr(stat, "\nswap"); if (!swap) - goto out; + return num; /* start_of_swap_value = '\n' + strlen(swap) + ' ' */ swap = 1 + swap + 4 + 1; @@ -698,16 +700,13 @@ /* find end of swap value */ tmp = strchr(swap, '\n'); if (!tmp) - goto out; + return num; *tmp = '\0'; num = strtoull(swap, NULL, 0); num = num / 1024 / 1024; -out: - free(stat); - return num; } @@ -775,8 +774,7 @@ return m; } -static void ls_print_names(struct ls *l, struct lengths *lht, - size_t size, size_t termwidth, bool list) +static void ls_print_names(struct ls *l, struct lengths *lht, size_t size, size_t termwidth, bool list) { /* If list is empty do nothing. */ if (size == 0) @@ -806,8 +804,8 @@ printf("\n"); } -static void ls_print_fancy_format(struct ls *l, struct lengths *lht, - size_t size, const char *fancy_fmt) +static void ls_print_fancy_format(struct ls *l, struct lengths *lht, size_t size, + const char *fancy_fmt) { /* If list is empty do nothing. */ if (size == 0) @@ -908,8 +906,7 @@ lxc_free_array((void **)tmp, free); } -static void ls_print_table(struct ls *l, struct lengths *lht, - size_t size) +static void ls_print_table(struct ls *l, struct lengths *lht, size_t size) { size_t i; @@ -1040,8 +1037,8 @@ return ret; } -static int ls_remove_lock(const char *path, const char *name, - char **lockpath, size_t *len_lockpath, bool recalc) +static int ls_remove_lock(const char *path, const char *name, char **lockpath, size_t *len_lockpath, + bool recalc) { int ret = -1; char *rundir; @@ -1092,7 +1089,7 @@ if (lxc_write_nointr(fd, &slen, sizeof(slen)) != sizeof(slen)) return -1; - if (slen > 0) { + if (slen > 0 && slen < SIZE_MAX) { if (lxc_write_nointr(fd, buf, slen) != (ssize_t)slen) return -1; } @@ -1166,21 +1163,24 @@ if (ret != sizeof(slen)) return -1; - if (slen > 0) { - *buf = malloc(sizeof(char) * (slen + 1)); - if (!*buf) + ret = -EINVAL; + if (slen > 0 && slen < SIZE_MAX) { + __do_free char *s = NULL; + + s = malloc(sizeof(char) * (slen + 1)); + if (!s) return -1; - ret = lxc_read_nointr(fd, *buf, slen); - if (ret != (ssize_t)slen) { - free(*buf); + ret = lxc_read_nointr(fd, s, slen); + if (ret != (ssize_t)slen) return -1; - } (*buf)[slen] = '\0'; + *buf = move_ptr(s); + ret = 0; } - return 0; + return ret; } static int ls_deserialize(int rpipefd, struct ls **m, size_t *len) @@ -1255,8 +1255,7 @@ return 0; } -static void ls_field_width(const struct ls *l, const size_t size, - struct lengths *lht) +static void ls_field_width(const struct ls *l, const size_t size, struct lengths *lht) { const struct ls *m; size_t i, len = 0; diff -Nru lxc-4.0.2/src/lxc/utils.c lxc-4.0.6/src/lxc/utils.c --- lxc-4.0.2/src/lxc/utils.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/utils.c 2021-01-12 00:20:05.000000000 +0000 @@ -35,7 +35,7 @@ #include "memory_utils.h" #include "namespace.h" #include "parse.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "syscall_wrappers.h" #include "utils.h" @@ -201,12 +201,12 @@ char *ptr; if (!arg || !*arg) - return -1; + return ret_errno(EINVAL); errno = 0; res = strtoul(arg, &ptr, base); if (!ptr || ptr == arg || *ptr || res > 0xFFFF || errno != 0) - return -1; + return ret_errno(ERANGE); *val = res; @@ -240,7 +240,9 @@ char *get_rundir() { - char *rundir; + __do_free char *rundir = NULL; + char *static_rundir; + int ret; size_t len; const char *homedir; struct stat sb; @@ -251,9 +253,9 @@ if (geteuid() == sb.st_uid || getegid() == sb.st_gid) return strdup(RUNTIME_PATH); - rundir = getenv("XDG_RUNTIME_DIR"); - if (rundir) - return strdup(rundir); + static_rundir = getenv("XDG_RUNTIME_DIR"); + if (static_rundir) + return strdup(static_rundir); INFO("XDG_RUNTIME_DIR isn't set in the environment"); homedir = getenv("HOME"); @@ -265,8 +267,11 @@ if (!rundir) return NULL; - snprintf(rundir, len, "%s/.cache/lxc/run/", homedir); - return rundir; + ret = snprintf(rundir, len, "%s/.cache/lxc/run/", homedir); + if (ret < 0 || (size_t)ret >= len) + return ret_set_errno(NULL, EIO); + + return move_ptr(rundir); } int wait_for_pid(pid_t pid) @@ -569,15 +574,7 @@ bool dir_exists(const char *path) { - struct stat sb; - int ret; - - ret = stat(path, &sb); - if (ret < 0) - /* Could be something other than eexist, just say "no". */ - return false; - - return S_ISDIR(sb.st_mode); + return exists_dir_at(-1, path); } /* Note we don't use SHA-1 here as we don't want to depend on HAVE_GNUTLS. @@ -712,7 +709,7 @@ if (strcmp(p + 1, "/") == 0) { /* This is '/'. Is it the ramfs? */ p = strchr(p2 + 1, '-'); - if (p && strncmp(p, "- rootfs rootfs ", 16) == 0) + if (p && strncmp(p, "- rootfs ", 9) == 0) return true; } } @@ -1079,6 +1076,65 @@ return dirfd; } +int __safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype, + unsigned int flags, const void *data) +{ + __do_close int source_fd = -EBADF, target_fd = -EBADF; + struct lxc_open_how how = { + .flags = O_RDONLY | O_CLOEXEC | O_PATH, + .resolve = RESOLVE_NO_SYMLINKS | RESOLVE_NO_MAGICLINKS | RESOLVE_BENEATH, + }; + int ret; + char src_buf[LXC_PROC_PID_FD_LEN], tgt_buf[LXC_PROC_PID_FD_LEN]; + + if (beneath_fd < 0) + return -EINVAL; + + if ((flags & MS_BIND) && src && src[0] != '/') { + source_fd = openat2(beneath_fd, src, &how, sizeof(how)); + if (source_fd < 0) + return -errno; + ret = snprintf(src_buf, sizeof(src_buf), "/proc/self/fd/%d", source_fd); + if (ret < 0 || ret >= sizeof(src_buf)) + return -EIO; + } else { + src_buf[0] = '\0'; + } + + target_fd = openat2(beneath_fd, dst, &how, sizeof(how)); + if (target_fd < 0) + return -errno; + ret = snprintf(tgt_buf, sizeof(tgt_buf), "/proc/self/fd/%d", target_fd); + if (ret < 0 || ret >= sizeof(tgt_buf)) + return -EIO; + + if (!is_empty_string(src_buf)) + ret = mount(src_buf, tgt_buf, fstype, flags, data); + else + ret = mount(src, tgt_buf, fstype, flags, data); + + return ret; +} + +int safe_mount_beneath(const char *beneath, const char *src, const char *dst, const char *fstype, + unsigned int flags, const void *data) +{ + __do_close int beneath_fd = -EBADF; + const char *path = beneath ? beneath : "/"; + + beneath_fd = openat(-1, path, O_RDONLY | O_CLOEXEC | O_DIRECTORY | O_PATH); + if (beneath_fd < 0) + return log_error_errno(-errno, errno, "Failed to open %s", path); + + return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data); +} + +int safe_mount_beneath_at(int beneath_fd, const char *src, const char *dst, const char *fstype, + unsigned int flags, const void *data) +{ + return __safe_mount_beneath_at(beneath_fd, src, dst, fstype, flags, data); +} + /* * Safely mount a path into a container, ensuring that the mount target * is under the container's @rootfs. (If @rootfs is NULL, then the container @@ -1323,10 +1379,8 @@ ret = snprintf(path, __NS_PATH_LEN, "/proc/%d/ns%s%s", pid, !ns || strcmp(ns, "") == 0 ? "" : "/", !ns || strcmp(ns, "") == 0 ? "" : ns); - if (ret < 0 || (size_t)ret >= __NS_PATH_LEN) { - errno = EFBIG; - return -1; - } + if (ret < 0 || (size_t)ret >= __NS_PATH_LEN) + return ret_errno(EIO); return open(path, O_RDONLY | O_CLOEXEC); } @@ -1544,7 +1598,7 @@ return umounts; } -int run_command_internal(char *buf, size_t buf_size, int (*child_fn)(void *), void *args, bool wait_status) +static int run_command_internal(char *buf, size_t buf_size, int (*child_fn)(void *), void *args, bool wait_status) { pid_t child; int ret, fret, pipefd[2]; @@ -1791,41 +1845,6 @@ return fret; } -int lxc_setup_keyring(char *keyring_label) -{ - key_serial_t keyring; - int ret = 0; - - if (keyring_label) { - if (lsm_keyring_label_set(keyring_label) < 0) { - ERROR("Couldn't set keyring label"); - } - } - - /* Try to allocate a new session keyring for the container to prevent - * information leaks. - */ - keyring = keyctl(KEYCTL_JOIN_SESSION_KEYRING, prctl_arg(0), - prctl_arg(0), prctl_arg(0), prctl_arg(0)); - if (keyring < 0) { - switch (errno) { - case ENOSYS: - DEBUG("The keyctl() syscall is not supported or blocked"); - break; - case EACCES: - __fallthrough; - case EPERM: - DEBUG("Failed to access kernel keyring. Continuing..."); - break; - default: - SYSERROR("Failed to create kernel keyring"); - break; - } - } - - return ret; -} - bool lxc_can_use_pidfd(int pidfd) { int ret; @@ -1871,11 +1890,11 @@ devnull_fd = open_devnull(); if (devnull_fd < 0) - return log_warn_errno(-1, errno, "Failed to open \"/dev/null\""); + return log_trace_errno(-1, errno, "Failed to open \"/dev/null\""); ret = fstat(devnull_fd, &st_null); if (ret) - return log_warn_errno(-errno, errno, "Failed to stat \"/dev/null\""); + return log_trace_errno(-errno, errno, "Failed to stat \"/dev/null\""); for (int i = 0; i < ARRAY_SIZE(std_fds); i++) { ret = fstat(std_fds[i], &st); @@ -1890,14 +1909,15 @@ ret = fchown(std_fds[i], uid, st.st_gid); if (ret) { - SYSWARN("Failed to chown standard I/O file descriptor %d to uid %d and gid %d", - std_fds[i], uid, st.st_gid); + TRACE("Failed to chown standard I/O file descriptor %d to uid %d and gid %d", + std_fds[i], uid, st.st_gid); fret = -1; + continue; } ret = fchmod(std_fds[i], 0700); if (ret) { - SYSWARN("Failed to chmod standard I/O file descriptor %d", std_fds[i]); + TRACE("Failed to chmod standard I/O file descriptor %d", std_fds[i]); fret = -1; } } diff -Nru lxc-4.0.2/src/lxc/utils.h lxc-4.0.6/src/lxc/utils.h --- lxc-4.0.2/src/lxc/utils.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/utils.h 2021-01-12 00:20:05.000000000 +0000 @@ -6,10 +6,6 @@ /* Properly support loop devices on 32bit systems. */ #define _FILE_OFFSET_BITS 64 -#ifndef MAX_GRBUF_SIZE -#define MAX_GRBUF_SIZE 65536 -#endif - #include #include #include @@ -21,18 +17,19 @@ #include #include +#include "compiler.h" #include "file_utils.h" #include "initutils.h" #include "macro.h" #include "memory_utils.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "string_utils.h" /* returns 1 on success, 0 if there were any failures */ -extern int lxc_rmdir_onedev(const char *path, const char *exclude); -extern int get_u16(unsigned short *val, const char *arg, int base); -extern int mkdir_p(const char *dir, mode_t mode); -extern char *get_rundir(void); +__hidden extern int lxc_rmdir_onedev(const char *path, const char *exclude); +__hidden extern int get_u16(unsigned short *val, const char *arg, int base); +__hidden extern int mkdir_p(const char *dir, mode_t mode); +__hidden extern char *get_rundir(void); /* Define getline() if missing from the C library */ #ifndef HAVE_GETLINE @@ -64,14 +61,14 @@ * Returns pointer to struct lxc_popen_FILE, that should be freed with lxc_pclose(). * On error returns NULL. */ -extern struct lxc_popen_FILE *lxc_popen(const char *command); +__hidden extern struct lxc_popen_FILE *lxc_popen(const char *command); /* pclose() replacement to be used on struct lxc_popen_FILE *, * returned by lxc_popen(). * Waits for associated process to terminate, returns its exit status and * frees resources, pointed to by struct lxc_popen_FILE *. */ -extern int lxc_pclose(struct lxc_popen_FILE *fp); +__hidden extern int lxc_pclose(struct lxc_popen_FILE *fp); static inline void __auto_lxc_pclose__(struct lxc_popen_FILE **f) { @@ -83,16 +80,16 @@ /* * wait on a child we forked */ -extern int wait_for_pid(pid_t pid); -extern int lxc_wait_for_pid_status(pid_t pid); -extern int wait_for_pidfd(int pidfd); +__hidden extern int wait_for_pid(pid_t pid); +__hidden extern int lxc_wait_for_pid_status(pid_t pid); +__hidden extern int wait_for_pidfd(int pidfd); #if HAVE_OPENSSL -extern int sha1sum_file(char *fnam, unsigned char *md_value, unsigned int *md_len); +__hidden extern int sha1sum_file(char *fnam, unsigned char *md_value, unsigned int *md_len); #endif /* initialize rand with urandom */ -extern int randseed(bool); +__hidden extern int randseed(bool); /* are we unprivileged with respect to our namespaces */ inline static bool am_guest_unpriv(void) { @@ -126,52 +123,51 @@ /* * parse /proc/self/uid_map to find what @orig maps to */ -extern uid_t get_ns_uid(uid_t orig); +__hidden extern uid_t get_ns_uid(uid_t orig); /* * parse /proc/self/gid_map to find what @orig maps to */ -extern gid_t get_ns_gid(gid_t orig); +__hidden extern gid_t get_ns_gid(gid_t orig); -extern bool dir_exists(const char *path); +__hidden extern bool dir_exists(const char *path); #define FNV1A_64_INIT ((uint64_t)0xcbf29ce484222325ULL) -extern uint64_t fnv_64a_buf(void *buf, size_t len, uint64_t hval); +__hidden extern uint64_t fnv_64a_buf(void *buf, size_t len, uint64_t hval); -extern bool is_shared_mountpoint(const char *path); -extern int detect_shared_rootfs(void); -extern bool detect_ramfs_rootfs(void); -extern char *on_path(const char *cmd, const char *rootfs); -extern bool cgns_supported(void); -extern char *choose_init(const char *rootfs); -extern bool switch_to_ns(pid_t pid, const char *ns); -extern char *get_template_path(const char *t); -extern int safe_mount(const char *src, const char *dest, const char *fstype, - unsigned long flags, const void *data, - const char *rootfs); -extern int lxc_mount_proc_if_needed(const char *rootfs); -extern int open_devnull(void); -extern int set_stdfds(int fd); -extern int null_stdfds(void); -extern int lxc_preserve_ns(const int pid, const char *ns); +__hidden extern bool is_shared_mountpoint(const char *path); +__hidden extern int detect_shared_rootfs(void); +__hidden extern bool detect_ramfs_rootfs(void); +__hidden extern char *on_path(const char *cmd, const char *rootfs); +__hidden extern bool cgns_supported(void); +__hidden extern char *choose_init(const char *rootfs); +__hidden extern bool switch_to_ns(pid_t pid, const char *ns); +__hidden extern char *get_template_path(const char *t); +__hidden extern int safe_mount(const char *src, const char *dest, const char *fstype, + unsigned long flags, const void *data, const char *rootfs); +__hidden extern int lxc_mount_proc_if_needed(const char *rootfs); +__hidden extern int open_devnull(void); +__hidden extern int set_stdfds(int fd); +__hidden extern int null_stdfds(void); +__hidden extern int lxc_preserve_ns(const int pid, const char *ns); /* Check whether a signal is blocked by a process. */ -extern bool task_blocks_signal(pid_t pid, int signal); +__hidden extern bool task_blocks_signal(pid_t pid, int signal); /* Switch to a new uid and gid. * If LXC_INVALID_{G,U}ID is passed then the set{g,u}id() will not be called. */ -extern bool lxc_switch_uid_gid(uid_t uid, gid_t gid); -extern bool lxc_setgroups(int size, gid_t list[]); +__hidden extern bool lxc_switch_uid_gid(uid_t uid, gid_t gid); +__hidden extern bool lxc_setgroups(int size, gid_t list[]); /* Find an unused loop device and associate it with source. */ -extern int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags); +__hidden extern int lxc_prepare_loop_dev(const char *source, char *loop_dev, int flags); /* Clear all mounts on a given node. * >= 0 successfully cleared. The number returned is the number of umounts * performed. * < 0 error umounting. Return -errno. */ -extern int lxc_unstack_mountpoint(const char *path, bool lazy); +__hidden extern int lxc_unstack_mountpoint(const char *path, bool lazy); /* * run_command runs a command and collect it's std{err,out} output in buf. @@ -185,8 +181,7 @@ * function must exec. * @param[in] args Arguments to be passed to child_fn. */ -extern int run_command(char *buf, size_t buf_size, int (*child_fn)(void *), - void *args); +__hidden extern int run_command(char *buf, size_t buf_size, int (*child_fn)(void *), void *args); /* * run_command runs a command and collect it's std{err,out} output in buf, returns exit status. @@ -200,16 +195,10 @@ * function must exec. * @param[in] args Arguments to be passed to child_fn. */ -extern int run_command_status(char *buf, size_t buf_size, int (*child_fn)(void *), - void *args); - -/* return copy of string @entry; do not fail. */ -extern char *must_copy_string(const char *entry); +__hidden extern int run_command_status(char *buf, size_t buf_size, int (*child_fn)(void *), + void *args); -/* Re-allocate a pointer, do not fail */ -extern void *must_realloc(void *orig, size_t sz); - -extern bool lxc_nic_exists(char *nic); +__hidden extern bool lxc_nic_exists(char *nic); static inline uint64_t lxc_getpagesize(void) { @@ -230,15 +219,29 @@ * If the caller passes in 0 they will receive 0 in return since this is invalid * input and 0 is not a power of 2. */ -extern uint64_t lxc_find_next_power2(uint64_t n); +__hidden extern uint64_t lxc_find_next_power2(uint64_t n); /* Set a signal the child process will receive after the parent has died. */ -extern int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd); -extern int fd_cloexec(int fd, bool cloexec); -extern int lxc_rm_rf(const char *dirname); -extern int lxc_setup_keyring(char *keyring_label); -extern bool lxc_can_use_pidfd(int pidfd); +__hidden extern int lxc_set_death_signal(int signal, pid_t parent, int parent_status_fd); +__hidden extern int fd_cloexec(int fd, bool cloexec); +__hidden extern int lxc_rm_rf(const char *dirname); +__hidden extern bool lxc_can_use_pidfd(int pidfd); + +__hidden extern int fix_stdio_permissions(uid_t uid); + +static inline bool uid_valid(uid_t uid) +{ + return uid != LXC_INVALID_UID; +} + +static inline bool gid_valid(gid_t gid) +{ + return gid != LXC_INVALID_GID; +} -extern int fix_stdio_permissions(uid_t uid); +__hidden extern int safe_mount_beneath(const char *beneath, const char *src, const char *dst, + const char *fstype, unsigned int flags, const void *data); +__hidden extern int safe_mount_beneath_at(int beneat_fd, const char *src, const char *dst, + const char *fstype, unsigned int flags, const void *data); #endif /* __LXC_UTILS_H */ diff -Nru lxc-4.0.2/src/lxc/uuid.h lxc-4.0.6/src/lxc/uuid.h --- lxc-4.0.2/src/lxc/uuid.h 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/lxc/uuid.h 2021-01-12 00:20:05.000000000 +0000 @@ -9,16 +9,18 @@ #define __STDC_FORMAT_MACROS #include +#include "compiler.h" + typedef union lxc_id128 lxc_id128_t; union lxc_id128 { - uint8_t bytes[16]; - uint64_t qwords[2]; -} -; -extern int lxc_id128_randomize(lxc_id128_t *ret); -extern int lxc_id128_write(const char *p, lxc_id128_t id); -extern int lxc_id128_write_fd(int fd, lxc_id128_t id); -extern char *id128_to_uuid_string(lxc_id128_t id, char s[37]); + uint8_t bytes[16]; + uint64_t qwords[2]; +}; + +__hidden extern int lxc_id128_randomize(lxc_id128_t *ret); +__hidden extern int lxc_id128_write(const char *p, lxc_id128_t id); +__hidden extern int lxc_id128_write_fd(int fd, lxc_id128_t id); +__hidden extern char *id128_to_uuid_string(lxc_id128_t id, char s[37]); #endif /* __LXC_UUID_H */ diff -Nru lxc-4.0.2/src/lxc/version.h lxc-4.0.6/src/lxc/version.h --- lxc-4.0.2/src/lxc/version.h 2020-04-16 18:17:37.000000000 +0000 +++ lxc-4.0.6/src/lxc/version.h 2021-01-12 00:20:24.000000000 +0000 @@ -6,8 +6,8 @@ #define LXC_DEVEL 0 #define LXC_VERSION_MAJOR 4 #define LXC_VERSION_MINOR 0 -#define LXC_VERSION_MICRO 2 +#define LXC_VERSION_MICRO 6 #define LXC_VERSION_ABI "1.7.0" -#define LXC_VERSION "4.0.2" +#define LXC_VERSION "4.0.6" #endif diff -Nru lxc-4.0.2/src/Makefile.in lxc-4.0.6/src/Makefile.in --- lxc-4.0.2/src/Makefile.in 2020-04-16 18:17:23.000000000 +0000 +++ lxc-4.0.6/src/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -141,8 +141,8 @@ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir distdir-am -am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) \ - $(LISP)config.h.in +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) \ + config.h.in # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. diff -Nru lxc-4.0.2/src/tests/attach.c lxc-4.0.6/src/tests/attach.c --- lxc-4.0.2/src/tests/attach.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/attach.c 2021-01-12 00:20:05.000000000 +0000 @@ -47,14 +47,16 @@ static const char *lsm_config_key = NULL; static const char *lsm_label = NULL; +struct lsm_ops *lsm_ops; + static void test_lsm_detect(void) { - if (lsm_enabled()) { - if (!strcmp(lsm_name(), "SELinux")) { + if (lsm_ops->enabled(lsm_ops)) { + if (!strcmp(lsm_ops->name, "SELinux")) { lsm_config_key = "lxc.selinux.context"; lsm_label = "unconfined_u:unconfined_r:lxc_t:s0-s0:c0.c1023"; } - else if (!strcmp(lsm_name(), "AppArmor")) { + else if (!strcmp(lsm_ops->name, "AppArmor")) { lsm_config_key = "lxc.apparmor.profile"; if (file_exists("/proc/self/ns/cgroup")) lsm_label = "lxc-container-default-cgns"; @@ -62,7 +64,7 @@ lsm_label = "lxc-container-default"; } else { - TSTERR("unknown lsm %s enabled, add test code here", lsm_name()); + TSTERR("unknown lsm %s enabled, add test code here", lsm_ops->name); exit(EXIT_FAILURE); } } @@ -78,7 +80,7 @@ static int test_attach_lsm_func_func(void* payload) { - TSTOUT("%s", lsm_process_label_get(syscall(SYS_getpid))); + TSTOUT("%s", lsm_ops->process_label_get(lsm_ops, syscall(SYS_getpid))); return 0; } @@ -328,7 +330,7 @@ goto out2; } - if (lsm_enabled()) + if (lsm_ops->enabled(lsm_ops)) test_attach_lsm_set_config(ct); ct->want_daemonize(ct, true); @@ -368,7 +370,7 @@ goto err2; } - if (lsm_enabled()) { + if (lsm_ops->enabled(lsm_ops)) { ret = test_attach_lsm_cmd(ct); if (ret < 0) { TSTERR("attach lsm cmd test failed"); @@ -398,6 +400,8 @@ (void)strlcpy(template, P_tmpdir"/attach_XXXXXX", sizeof(template)); + lsm_ops = lsm_init(); + i = lxc_make_tmpfile(template, false); if (i < 0) { lxc_error("Failed to create temporary log file for container %s\n", TSTNAME); diff -Nru lxc-4.0.2/src/tests/console.c lxc-4.0.6/src/tests/console.c --- lxc-4.0.2/src/tests/console.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/console.c 2021-01-12 00:20:05.000000000 +0000 @@ -37,14 +37,14 @@ } while (0) static void test_console_close_all(int ttyfd[MAXCONSOLES], - int masterfd[MAXCONSOLES]) + int ptxfd[MAXCONSOLES]) { int i; for (i = 0; i < MAXCONSOLES; i++) { - if (masterfd[i] != -1) { - close(masterfd[i]); - masterfd[i] = -1; + if (ptxfd[i] != -1) { + close(ptxfd[i]); + ptxfd[i] = -1; } if (ttyfd[i] != -1) { @@ -59,14 +59,14 @@ int nrconsoles, i, ret = -1; int ttynum [MAXCONSOLES]; int ttyfd [MAXCONSOLES]; - int masterfd[MAXCONSOLES]; + int ptxfd[MAXCONSOLES]; for (i = 0; i < MAXCONSOLES; i++) - ttynum[i] = ttyfd[i] = masterfd[i] = -1; + ttynum[i] = ttyfd[i] = ptxfd[i] = -1; ttynum[0] = 1; - ret = c->console_getfd(c, &ttynum[0], &masterfd[0]); + ret = c->console_getfd(c, &ttynum[0], &ptxfd[0]); if (ret < 0) { TSTERR("console allocate failed"); goto err1; @@ -79,12 +79,12 @@ } /* attempt to alloc same ttynum */ - ret = c->console_getfd(c, &ttynum[0], &masterfd[1]); + ret = c->console_getfd(c, &ttynum[0], &ptxfd[1]); if (ret != -1) { TSTERR("console allocate should fail for allocated ttynum %d", ttynum[0]); goto err2; } - close(masterfd[0]); masterfd[0] = -1; + close(ptxfd[0]); ptxfd[0] = -1; close(ttyfd[0]); ttyfd[0] = -1; /* ensure we can allocate all consoles, we do this a few times to @@ -92,7 +92,7 @@ */ for (i = 0; i < 10; i++) { for (nrconsoles = 0; nrconsoles < MAXCONSOLES; nrconsoles++) { - ret = c->console_getfd(c, &ttynum[nrconsoles], &masterfd[nrconsoles]); + ret = c->console_getfd(c, &ttynum[nrconsoles], &ptxfd[nrconsoles]); if (ret < 0) break; ttyfd[nrconsoles] = ret; @@ -103,13 +103,13 @@ goto err2; } - test_console_close_all(ttyfd, masterfd); + test_console_close_all(ttyfd, ptxfd); } ret = 0; err2: - test_console_close_all(ttyfd, masterfd); + test_console_close_all(ttyfd, ptxfd); err1: return ret; diff -Nru lxc-4.0.2/src/tests/containertests.c lxc-4.0.6/src/tests/containertests.c --- lxc-4.0.2/src/tests/containertests.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/containertests.c 2021-01-12 00:20:05.000000000 +0000 @@ -135,7 +135,7 @@ str = c->config_file_name(c); #define CONFIGFNAM LXCPATH "/" MYNAME "/config" - if (!str || strcmp(str, CONFIGFNAM)) { + if (str && strcmp(str, CONFIGFNAM)) { fprintf(stderr, "%d: got wrong config file name (%s, not %s)\n", __LINE__, str, CONFIGFNAM); goto out; } diff -Nru lxc-4.0.2/src/tests/get_item.c lxc-4.0.6/src/tests/get_item.c --- lxc-4.0.2/src/tests/get_item.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/get_item.c 2021-01-12 00:20:05.000000000 +0000 @@ -600,6 +600,11 @@ goto out; } + if (lxc_config_item_is_supported("lxc.arch.nonsense")) { + fprintf(stderr, "%d: failed to detect \"lxc.arch.nonsense\" as unsupported configuration item\n", __LINE__); + goto out; + } + if (c->set_config_item(c, "lxc.notaconfigkey", "invalid")) { fprintf(stderr, "%d: Managed to set \"lxc.notaconfigkey\"\n", __LINE__); goto out; diff -Nru lxc-4.0.2/src/tests/lxc_raw_clone.c lxc-4.0.6/src/tests/lxc_raw_clone.c --- lxc-4.0.2/src/tests/lxc_raw_clone.c 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/lxc_raw_clone.c 2021-01-12 00:20:06.000000000 +0000 @@ -39,7 +39,7 @@ #include "lxctest.h" #include "namespace.h" -#include "raw_syscalls.h" +#include "process_utils.h" #include "utils.h" int main(int argc, char *argv[]) diff -Nru lxc-4.0.2/src/tests/lxc-test-usernsexec lxc-4.0.6/src/tests/lxc-test-usernsexec --- lxc-4.0.2/src/tests/lxc-test-usernsexec 1970-01-01 00:00:00.000000000 +0000 +++ lxc-4.0.6/src/tests/lxc-test-usernsexec 2021-01-12 00:20:06.000000000 +0000 @@ -0,0 +1,368 @@ +#!/bin/bash +# +# This is a bash test case to test lxc-usernsexec. +# It basically supports usring lxc-usernsexec to execute itself +# and then create files and check that their ownership is as expected. +# +# It requires that the current user has at least 1 value in subuid and /etc/subgid +TEMP_D="" +VERBOSITY=0 +set -f + +fail() { echo "$@" 1>&2; exit 1; } +error() { echo "$@" 1>&2; } +skip() { + error "SKIP:" "$@" + exit 0 +} +debug() { + local level=${1}; shift; + [ "${level}" -gt "${VERBOSITY}" ] && return + error "${@}" +} + +collect_owners() { + # collect_owners([--dir=dir], file1, file2 ...) + # set _RET to a space delimited array of + # :owner:group :owner:group ... + local out="" ret="" dir="" + if [ "${1#--dir=}" != "$1" ]; then + dir="${1#--dir=}" + shift + fi + for arg in "$@"; do + # drop the :* so that input can be same as touch_files. + out=$(stat --format "%n:%u:%g" "${dir}${arg}") || { + error "failed to stat ${arg}" + return 1; + } + ret="$ret ${out##*/}" + done + _RET="${ret# }" +} + +cleanup() { + if [ -d "$TEMP_D" ]; then + rm -Rf "$TEMP_D" + fi +} + +touch_files() { + # touch_files tok [tok ...] + # tok is filename:chown_id:chown_gid + # if chown_id or chown_gid is empty, then chown will do the right thing + # and only change the provided value. + local args="" tok="" fname="" uidgid="" + args=( "$@" ) + for tok in "$@"; do + fname=${tok%%:*} + uidgid=${tok#$fname} + uidgid=${uidgid#:} + : > "$fname" || { error "failed to create $fname"; return 1; } + [ -z "$uidgid" ] && continue + chown $uidgid "$fname" || { error "failed to chmod '$uidgid' $fname ($?)"; return 1; } + done +} + +inside_cleanup() { + local f="" + rm -f "${FILES[@]}" + echo "$STATUS" >&5 + echo "$STATUS" >&6 +} + +set_files() { + local x="" + FILES=( ) + for x in "$@"; do + FILES[${#FILES[@]}]="${x%%:*}" + done +} + +inside() { + # this what gets run inside the usernsexec environment. + # basically expects arguments of :uid:gid + # it will create the file, and then chmod it to the provided uid:gid + # it writes to file descriptor 5 a single line with space delimited + # exit_value uid gid [:: ... ] + STATUS=127 + trap inside_cleanup EXIT + local uid="" gid="" x="" + + uid=$(id -u) || fail "failed execution of id -u" + gid=$(id -g) || fail "failed execution of id -g" + + set_files "$@" + + touch_files "$@" || fail "failed to create files" + + collect_owners "${FILES[@]}" || fail "failed to collect owners" + result="$_RET" + + # tell caller we are done. + echo "0" "$uid" "$gid" "$result" >&5 + STATUS=0 + + # let the caller do things while the files are around. + read -t 30 x <&6 + + exit +} + +runtest() { + # runtest(mydir, nsexec_args, [inside [...]]) + # - use 'mydir' as a working dir. + # - execute lxc-usernsexec $nsexec_args -- inside + # + # write to stdout + # exit_value inside_exit_value inside_uid:inside_gid + # + # where results are a list of space separated + # filename:uid:gid + # for each file passed in inside_args + [ $# -ge 3 ] || { error "runtest expects 2 args"; return 1; } + local mydir="$1" nsexec_args="$2" + shift 2 + local ret inside_owners t="" + KIDPID="" + + mkfifo "${mydir}/5" && exec 5<>"${mydir}/5" || return + mkfifo "${mydir}/6" && exec 6<>"${mydir}/6" || return + mkdir --mode=777 "${mydir}/work" || return + cd "${mydir}/work" + + set_files "$@" + + local results="" oresults="" iresults="" iuid="" igid="" n=0 + + error "$" $USERNSEXEC ${nsexec_args} -- "$MYPATH" inside "$*" + ${USERNSEXEC} ${nsexec_args} -- "$MYPATH" inside "$@" & + KIDPID=$! + + [ -d "/proc/$KIDPID" ] || { + wait $KIDPID + fail "kid $KIDPID died quickly $?" + } + + # if lxc-usernsexec fails to execute MYPATH inside, then + # the read below would timeout. To avoid a long timeout, + # we do a short timeout and check the pid is alive. + while ! read -t 1 ret iuid igid inside_owners <&5; do + n=$((n+1)) + if [ ! -d "/proc/$KIDPID" ]; then + wait $KIDPID + fail "kid $KIDPID is gone $?" + fi + [ $n -ge 30 ] && fail "child never wrote to pipe" + done + iresults=( $inside_owners ) + + collect_owners "--dir=${mydir}/work/" "${FILES[@]}" || return + oresults=( $_RET ) + + echo 0 >&6 + wait + + ret=$? + + results=( ) + for((i=0;i<${#iresults[@]};i++)); do + results[$i]="${oresults[$i]}:${iresults[$i]#*:}" + done + + echo 0 $ret "$iuid:$igid" "${results[@]}" +} + +runcheck() { + local name="$1" expected="$2" nsexec_args="$3" found="" + shift 3 + mkdir "${TEMP_D}/$name" || fail "failed mkdir /$name.d" + local err="${TEMP_D}/$name.err" + out=$("$MYPATH" runtest "${TEMP_D}/$name" "$nsexec_args" "$@" 2>"$err") || { + error "$name: FAIL - runtest failed $?" + [ -n "$out" ] && error " $out" + sed 's,^, ,' "$err" 1>&2 + ERRORS="${ERRORS} $name" + return 1 + } + set -- $out + local parentrc=$1 kidrc=$2 iuidgid="$3" found="" + shift 3 + found="$*" + [ "$parentrc" = "0" -a "$kidrc" = "0" ] || { + error "$name: FAIL - parentrc=$parentrc kidrc=$kidrc found=$found" + ERRORS="${ERRORS} $name" + return 1 + } + [ "$expected" = "$found" ] && { + error "$name: PASS" + PASS="${PASSES} $name" + return 0 + } + echo "$name: FAIL expected '$expected' != found '$found'" + FAILS="${FAILS} $name" + return 1 +} + +setup_Usage() { + cat <> /etc/subuid || { + error "failed to add $asuser to /etc/subuid" + } + fi + + subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$asuser" /etc/subgid) || { + error "failed to read /etc/subgid for $asuser" + return 1 + } + if [ -n "$subgid" ]; then + debug 1 "$asuser already had subgid=$subgid" + else + debug 1 "adding $asuser:$create_subgid to /etc/subgid" + echo "$asuser:$create_subgid" >> /etc/subgid || { + error "failed to add $asuser to /etc/subgid" + } + fi + + debug 0 "as $asuser executing ${MYPATH} ${pt_args[*]}" + sudo -Hu "$asuser" "${MYPATH}" "${pt_args[@]}" +} + +USERNSEXEC=${USERNSEXEC:-lxc-usernsexec} +MYPATH=$(readlink -f "$0") || { echo "failed to get full path to self: $0"; exit 1; } +export MYPATH + +if [ "$1" = "inside" ]; then + shift + inside "$@" + exit +elif [ "$1" = "runtest" ]; then + shift + runtest "$@" + exit +elif [ "$1" = "setup_and_run" ]; then + shift + setup_and_run "$@" + exit +fi + +name=$(id --user --name) || fail "failed to get username" +if [ "$name" = "root" ]; then + setup_and_run "$@" + exit +fi + +subuid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subuid) && + [ -n "$subuid" ] || fail "did not find $name in /etc/subuid" + +subgid=$(awk -F: '$1 == n { print $2; exit(0); }' "n=$name" /etc/subgid) && + [ -n "$subgid" ] || fail "did not find $name in /etc/subgid" + + +uid=$(id --user) || fail "failed to get uid" +gid=$(id --group) || fail "failed to get gid" + +mapuid="u:0:$uid:1" +mapgid="g:0:$gid:1" + +ver=$(dpkg-query --show lxc-utils | awk '{print $2}') +error "uid=$uid gid=$gid name=$name subuid=$subuid subgid=$subgid ver=$ver" +error "lxc-utils=$ver kver=$(uname -r)" +error "USERNSEXEC=$USERNSEXEC" + +TEMP_D=$(mktemp -d) +trap cleanup EXIT + +PASSES=""; FAILS=""; ERRORS="" +runcheck nouidgid "f0:$subuid:$subgid:0:0" "" f0 + +runcheck myuidgid "f0:$uid:$gid:0:0" \ + "-m$mapuid -m$mapgid" f0 + +runcheck subuidgid \ + "f0:$subuid:$subgid:0:0" \ + "-mu:0:$subuid:1 -mg:0:$subgid:1" f0:0:0 + +runcheck bothsets "f0:$uid:$gid:0:0 f1:$subuid:$subgid:1:1 f2:$uid:$subgid:0:1" \ + "-m$mapuid -m$mapgid -mu:1:$subuid:1 -mg:1:$subgid:1" \ + f0 f1:1:1 f2::1 + +runcheck mismatch "f0:$uid:$subgid:0:0 f1:$subuid:$gid:15:31" \ + "-mu:0:$uid:1 -mg:0:$subgid:1 -mu:15:$subuid:1 -mg:31:$gid:1" \ + f0 f1:15:31 + +FAILS=${FAILS# } +ERRORS=${ERRORS# } +PASSES=${PASSES# } + +[ -z "${FAILS}" ] || error "FAILS: ${FAILS}" +[ -z "${ERRORS}" ] || error "ERRORS: ${ERRORS}" +[ -z "${FAILS}" -a -z "${ERRORS}" ] || exit 1 +exit 0 diff -Nru lxc-4.0.2/src/tests/Makefile.am lxc-4.0.6/src/tests/Makefile.am --- lxc-4.0.2/src/tests/Makefile.am 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/src/tests/Makefile.am 2021-01-12 00:20:05.000000000 +0000 @@ -1,15 +1,273 @@ if ENABLE_TESTS -LDADD = ../lxc/liblxc.la +LDADD = ../lxc/liblxc.la \ + @CAP_LIBS@ \ + @OPENSSL_LIBS@ \ + @SECCOMP_LIBS@ \ + @SELINUX_LIBS@ \ + @DLOG_LIBS@ + +LSM_SOURCES = ../lxc/lsm/lsm.c \ + ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c + +if ENABLE_APPARMOR +LSM_SOURCES += ../lxc/lsm/apparmor.c +endif + +if ENABLE_SELINUX +LSM_SOURCES += ../lxc/lsm/selinux.c +endif + +lxc_test_api_reboot_SOURCES = api_reboot.c \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_api_reboot_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + +lxc_test_apparmor_SOURCES = aa.c \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_apparmor_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + +lxc_test_attach_SOURCES = attach.c \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_attach_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif -lxc_test_api_reboot_SOURCES = api_reboot.c -lxc_test_apparmor_SOURCES = aa.c -lxc_test_attach_SOURCES = attach.c lxc_test_basic_SOURCES = basic.c -lxc_test_cgpath_SOURCES = cgpath.c +lxc_test_cgpath_SOURCES = cgpath.c \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_cgpath_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_clonetest_SOURCES = clonetest.c lxc_test_concurrent_SOURCES = concurrent.c -lxc_test_config_jump_table_SOURCES = config_jump_table.c lxctest.h +lxc_test_config_jump_table_SOURCES = config_jump_table.c \ + lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_config_jump_table_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_console_SOURCES = console.c lxc_test_console_log_SOURCES = console_log.c lxctest.h lxc_test_containertests_SOURCES = containertests.c @@ -21,45 +279,292 @@ lxc_test_getkeys_SOURCES = getkeys.c lxc_test_get_item_SOURCES = get_item.c lxc_test_list_SOURCES = list.c -lxc_test_locktests_SOURCES = locktests.c +lxc_test_locktests_SOURCES = locktests.c \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_locktests_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_lxcpath_SOURCES = lxcpath.c lxc_test_may_control_SOURCES = may_control.c -lxc_test_mount_injection_SOURCES = mount_injection.c lxctest.h +lxc_test_mount_injection_SOURCES = mount_injection.c \ + lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_mount_injection_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_parse_config_file_SOURCES = parse_config_file.c \ - lxctest.h + lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_parse_config_file_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \ lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ ../lxc/namespace.c ../lxc/namespace.h \ - ../lxc/raw_syscalls.c ../lxc/raw_syscalls.h - ../lxc/utils.c ../lxc/utils.h + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_raw_clone_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif + lxc_test_reboot_SOURCES = reboot.c lxc_test_saveconfig_SOURCES = saveconfig.c lxc_test_share_ns_SOURCES = share_ns.c \ lxctest.h \ ../lxc/compiler.h -lxc_test_shortlived_SOURCES = shortlived.c +lxc_test_shortlived_SOURCES = shortlived.c \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../lxc/string_utils.c ../lxc/string_utils.h lxc_test_shutdowntest_SOURCES = shutdowntest.c lxc_test_snapshot_SOURCES = snapshot.c lxc_test_startone_SOURCES = startone.c lxc_test_state_server_SOURCES = state_server.c \ lxctest.h \ ../lxc/compiler.h -lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h +lxc_test_utils_SOURCES = lxc-test-utils.c \ + lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h \ + ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c \ + ../lxc/cgroups/cgroup.c ../lxc/cgroups/cgroup.h \ + ../lxc/cgroups/cgroup2_devices.c ../lxc/cgroups/cgroup2_devices.h \ + ../lxc/cgroups/cgroup_utils.c ../lxc/cgroups/cgroup_utils.h \ + ../lxc/commands.c ../lxc/commands.h \ + ../lxc/commands_utils.c ../lxc/commands_utils.h \ + ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h \ + ../lxc/confile_utils.c ../lxc/confile_utils.h \ + ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h \ + ../lxc/log.c ../lxc/log.h \ + ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h \ + ../lxc/monitor.c ../lxc/monitor.h \ + ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h \ + ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h \ + ../lxc/process_utils.c ../lxc/process_utils.h \ + ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h \ + ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h \ + ../lxc/storage/nbd.c ../lxc/storage/nbd.h \ + ../lxc/storage/overlay.c ../lxc/storage/overlay.h \ + ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ + ../lxc/storage/rsync.c ../lxc/storage/rsync.h \ + ../lxc/storage/storage.c ../lxc/storage/storage.h \ + ../lxc/storage/storage_utils.c ../lxc/storage/storage_utils.h \ + ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ + ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h \ + ../lxc/terminal.c ../lxc/terminal.h \ + ../lxc/utils.c ../lxc/utils.h \ + ../lxc/uuid.c ../lxc/uuid.h \ + $(LSM_SOURCES) +if ENABLE_SECCOMP +lxc_test_utils_SOURCES += ../lxc/seccomp.c ../lxc/lxcseccomp.h +endif AM_CFLAGS=-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ -DLXCPATH=\"$(LXCPATH)\" \ -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ -DLXCINITDIR=\"$(LXCINITDIR)\" \ + -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ + -DLOGPATH=\"$(LOGPATH)\" \ + -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ + -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ + -DSBINDIR=\"$(SBINDIR)\" \ -I $(top_srcdir)/src \ -I $(top_srcdir)/src/lxc \ -I $(top_srcdir)/src/lxc/cgroups \ -I $(top_srcdir)/src/lxc/tools \ + -I $(top_srcdir)/src/lxc/storage \ -pthread if ENABLE_APPARMOR AM_CFLAGS += -DHAVE_APPARMOR +AM_CFLAGS += -DAPPARMOR_CACHE_DIR=\"$(APPARMOR_CACHE_DIR)\" endif if ENABLE_SECCOMP @@ -114,7 +619,8 @@ lxc-test-createconfig \ lxc-test-exit-code \ lxc-test-no-new-privs \ - lxc-test-rootfs + lxc-test-rootfs \ + lxc-test-usernsexec if DISTRO_UBUNTU bin_SCRIPTS += lxc-test-lxc-attach \ @@ -163,6 +669,7 @@ lxc-test-snapdeps \ lxc-test-symlink \ lxc-test-unpriv \ + lxc-test-usernsexec \ lxc-test-utils.c \ may_control.c \ mount_injection.c \ diff -Nru lxc-4.0.2/src/tests/Makefile.in lxc-4.0.6/src/tests/Makefile.in --- lxc-4.0.2/src/tests/Makefile.in 2020-04-16 18:17:23.000000000 +0000 +++ lxc-4.0.6/src/tests/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -89,11 +89,25 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@am__append_1 = -DHAVE_APPARMOR -@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_2 = -DHAVE_SECCOMP \ +@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@am__append_1 = ../lxc/lsm/apparmor.c +@ENABLE_SELINUX_TRUE@@ENABLE_TESTS_TRUE@am__append_2 = ../lxc/lsm/selinux.c +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_3 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_4 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_5 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_6 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_7 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_8 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_9 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_10 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_11 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_12 = ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@am__append_13 = \ +@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@ -DHAVE_APPARMOR \ +@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@ -DAPPARMOR_CACHE_DIR=\"$(APPARMOR_CACHE_DIR)\" +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__append_14 = -DHAVE_SECCOMP \ @ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@ $(SECCOMP_CFLAGS) -@ENABLE_SELINUX_TRUE@@ENABLE_TESTS_TRUE@am__append_3 = -DHAVE_SELINUX +@ENABLE_SELINUX_TRUE@@ENABLE_TESTS_TRUE@am__append_15 = -DHAVE_SELINUX @ENABLE_TESTS_TRUE@bin_PROGRAMS = lxc-test-api-reboot$(EXEEXT) \ @ENABLE_TESTS_TRUE@ lxc-test-apparmor$(EXEEXT) \ @ENABLE_TESTS_TRUE@ lxc-test-attach$(EXEEXT) \ @@ -128,15 +142,16 @@ @ENABLE_TESTS_TRUE@ lxc-test-startone$(EXEEXT) \ @ENABLE_TESTS_TRUE@ lxc-test-state-server$(EXEEXT) \ @ENABLE_TESTS_TRUE@ lxc-test-utils$(EXEEXT) -@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@am__append_4 = lxc-test-automount \ +@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@am__append_16 = lxc-test-automount \ @ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-autostart \ @ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-cloneconfig \ @ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-createconfig \ @ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-exit-code \ @ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-no-new-privs \ -@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-rootfs +@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-rootfs \ +@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-usernsexec -@DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@am__append_5 = lxc-test-lxc-attach \ +@DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@am__append_17 = lxc-test-lxc-attach \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-apparmor-mount \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-apparmor-generated \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@@ENABLE_TOOLS_TRUE@ lxc-test-checkpoint-restore \ @@ -166,9 +181,94 @@ CONFIG_CLEAN_VPATH_FILES = am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(bindir)" PROGRAMS = $(bin_PROGRAMS) -am__lxc_test_api_reboot_SOURCES_DIST = api_reboot.c +am__lxc_test_api_reboot_SOURCES_DIST = api_reboot.c ../lxc/af_unix.c \ + ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h +am__dirstamp = $(am__leading_dot)dirstamp +@ENABLE_APPARMOR_TRUE@@ENABLE_TESTS_TRUE@am__objects_1 = ../lxc/lsm/apparmor.$(OBJEXT) +@ENABLE_SELINUX_TRUE@@ENABLE_TESTS_TRUE@am__objects_2 = ../lxc/lsm/selinux.$(OBJEXT) +@ENABLE_TESTS_TRUE@am__objects_3 = ../lxc/lsm/lsm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lsm/nop.$(OBJEXT) $(am__objects_1) \ +@ENABLE_TESTS_TRUE@ $(am__objects_2) +@ENABLE_SECCOMP_TRUE@@ENABLE_TESTS_TRUE@am__objects_4 = ../lxc/seccomp.$(OBJEXT) @ENABLE_TESTS_TRUE@am_lxc_test_api_reboot_OBJECTS = \ -@ENABLE_TESTS_TRUE@ api_reboot.$(OBJEXT) +@ENABLE_TESTS_TRUE@ api_reboot.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_api_reboot_OBJECTS = $(am_lxc_test_api_reboot_OBJECTS) lxc_test_api_reboot_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_api_reboot_DEPENDENCIES = \ @@ -177,13 +277,169 @@ am__v_lt_ = $(am__v_lt_@AM_DEFAULT_V@) am__v_lt_0 = --silent am__v_lt_1 = -am__lxc_test_apparmor_SOURCES_DIST = aa.c -@ENABLE_TESTS_TRUE@am_lxc_test_apparmor_OBJECTS = aa.$(OBJEXT) +am__lxc_test_apparmor_SOURCES_DIST = aa.c ../lxc/af_unix.c \ + ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_TESTS_TRUE@am_lxc_test_apparmor_OBJECTS = aa.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_apparmor_OBJECTS = $(am_lxc_test_apparmor_OBJECTS) lxc_test_apparmor_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_apparmor_DEPENDENCIES = ../lxc/liblxc.la -am__lxc_test_attach_SOURCES_DIST = attach.c -@ENABLE_TESTS_TRUE@am_lxc_test_attach_OBJECTS = attach.$(OBJEXT) +am__lxc_test_attach_SOURCES_DIST = attach.c ../lxc/af_unix.c \ + ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_TESTS_TRUE@am_lxc_test_attach_OBJECTS = attach.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_attach_OBJECTS = $(am_lxc_test_attach_OBJECTS) lxc_test_attach_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_attach_DEPENDENCIES = ../lxc/liblxc.la @@ -192,8 +448,86 @@ lxc_test_basic_OBJECTS = $(am_lxc_test_basic_OBJECTS) lxc_test_basic_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_basic_DEPENDENCIES = ../lxc/liblxc.la -am__lxc_test_cgpath_SOURCES_DIST = cgpath.c -@ENABLE_TESTS_TRUE@am_lxc_test_cgpath_OBJECTS = cgpath.$(OBJEXT) +am__lxc_test_cgpath_SOURCES_DIST = cgpath.c ../lxc/af_unix.c \ + ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h +@ENABLE_TESTS_TRUE@am_lxc_test_cgpath_OBJECTS = cgpath.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_cgpath_OBJECTS = $(am_lxc_test_cgpath_OBJECTS) lxc_test_cgpath_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_cgpath_DEPENDENCIES = ../lxc/liblxc.la @@ -211,9 +545,86 @@ @ENABLE_TESTS_TRUE@lxc_test_concurrent_DEPENDENCIES = \ @ENABLE_TESTS_TRUE@ ../lxc/liblxc.la am__lxc_test_config_jump_table_SOURCES_DIST = config_jump_table.c \ - lxctest.h + lxctest.h ../lxc/af_unix.c ../lxc/af_unix.h ../lxc/caps.c \ + ../lxc/caps.h ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_config_jump_table_OBJECTS = \ -@ENABLE_TESTS_TRUE@ config_jump_table.$(OBJEXT) +@ENABLE_TESTS_TRUE@ config_jump_table.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_config_jump_table_OBJECTS = \ $(am_lxc_test_config_jump_table_OBJECTS) lxc_test_config_jump_table_LDADD = $(LDADD) @@ -292,9 +703,87 @@ lxc_test_list_OBJECTS = $(am_lxc_test_list_OBJECTS) lxc_test_list_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_list_DEPENDENCIES = ../lxc/liblxc.la -am__lxc_test_locktests_SOURCES_DIST = locktests.c +am__lxc_test_locktests_SOURCES_DIST = locktests.c ../lxc/af_unix.c \ + ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_locktests_OBJECTS = \ -@ENABLE_TESTS_TRUE@ locktests.$(OBJEXT) +@ENABLE_TESTS_TRUE@ locktests.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_locktests_OBJECTS = $(am_lxc_test_locktests_OBJECTS) lxc_test_locktests_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_locktests_DEPENDENCIES = ../lxc/liblxc.la @@ -311,31 +800,258 @@ @ENABLE_TESTS_TRUE@lxc_test_may_control_DEPENDENCIES = \ @ENABLE_TESTS_TRUE@ ../lxc/liblxc.la am__lxc_test_mount_injection_SOURCES_DIST = mount_injection.c \ - lxctest.h + lxctest.h ../lxc/af_unix.c ../lxc/af_unix.h ../lxc/caps.c \ + ../lxc/caps.h ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_mount_injection_OBJECTS = \ -@ENABLE_TESTS_TRUE@ mount_injection.$(OBJEXT) +@ENABLE_TESTS_TRUE@ mount_injection.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_mount_injection_OBJECTS = \ $(am_lxc_test_mount_injection_OBJECTS) lxc_test_mount_injection_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_mount_injection_DEPENDENCIES = \ @ENABLE_TESTS_TRUE@ ../lxc/liblxc.la am__lxc_test_parse_config_file_SOURCES_DIST = parse_config_file.c \ - lxctest.h + lxctest.h ../lxc/af_unix.c ../lxc/af_unix.h ../lxc/caps.c \ + ../lxc/caps.h ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_parse_config_file_OBJECTS = \ -@ENABLE_TESTS_TRUE@ parse_config_file.$(OBJEXT) +@ENABLE_TESTS_TRUE@ parse_config_file.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_parse_config_file_OBJECTS = \ $(am_lxc_test_parse_config_file_OBJECTS) lxc_test_parse_config_file_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_parse_config_file_DEPENDENCIES = \ @ENABLE_TESTS_TRUE@ ../lxc/liblxc.la am__lxc_test_raw_clone_SOURCES_DIST = lxc_raw_clone.c lxctest.h \ - ../lxc/namespace.c ../lxc/namespace.h ../lxc/raw_syscalls.c \ - ../lxc/raw_syscalls.h -am__dirstamp = $(am__leading_dot)dirstamp + ../lxc/af_unix.c ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_raw_clone_OBJECTS = \ @ENABLE_TESTS_TRUE@ lxc_raw_clone.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ @ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ -@ENABLE_TESTS_TRUE@ ../lxc/raw_syscalls.$(OBJEXT) +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_raw_clone_OBJECTS = $(am_lxc_test_raw_clone_OBJECTS) lxc_test_raw_clone_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_raw_clone_DEPENDENCIES = ../lxc/liblxc.la @@ -357,9 +1073,13 @@ lxc_test_share_ns_OBJECTS = $(am_lxc_test_share_ns_OBJECTS) lxc_test_share_ns_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_share_ns_DEPENDENCIES = ../lxc/liblxc.la -am__lxc_test_shortlived_SOURCES_DIST = shortlived.c +am__lxc_test_shortlived_SOURCES_DIST = shortlived.c \ + ../lxc/file_utils.c ../lxc/file_utils.h ../lxc/string_utils.c \ + ../lxc/string_utils.h @ENABLE_TESTS_TRUE@am_lxc_test_shortlived_OBJECTS = \ -@ENABLE_TESTS_TRUE@ shortlived.$(OBJEXT) +@ENABLE_TESTS_TRUE@ shortlived.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) lxc_test_shortlived_OBJECTS = $(am_lxc_test_shortlived_OBJECTS) lxc_test_shortlived_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_shortlived_DEPENDENCIES = \ @@ -389,9 +1109,87 @@ lxc_test_state_server_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_state_server_DEPENDENCIES = \ @ENABLE_TESTS_TRUE@ ../lxc/liblxc.la -am__lxc_test_utils_SOURCES_DIST = lxc-test-utils.c lxctest.h +am__lxc_test_utils_SOURCES_DIST = lxc-test-utils.c lxctest.h \ + ../lxc/af_unix.c ../lxc/af_unix.h ../lxc/caps.c ../lxc/caps.h \ + ../lxc/cgroups/cgfsng.c ../lxc/cgroups/cgroup.c \ + ../lxc/cgroups/cgroup.h ../lxc/cgroups/cgroup2_devices.c \ + ../lxc/cgroups/cgroup2_devices.h ../lxc/cgroups/cgroup_utils.c \ + ../lxc/cgroups/cgroup_utils.h ../lxc/commands.c \ + ../lxc/commands.h ../lxc/commands_utils.c \ + ../lxc/commands_utils.h ../lxc/conf.c ../lxc/conf.h \ + ../lxc/confile.c ../lxc/confile.h ../lxc/confile_utils.c \ + ../lxc/confile_utils.h ../lxc/error.c ../lxc/error.h \ + ../lxc/file_utils.c ../lxc/file_utils.h \ + ../include/netns_ifaddrs.c ../include/netns_ifaddrs.h \ + ../lxc/initutils.c ../lxc/initutils.h ../lxc/log.c \ + ../lxc/log.h ../lxc/lxclock.c ../lxc/lxclock.h \ + ../lxc/mainloop.c ../lxc/mainloop.h ../lxc/monitor.c \ + ../lxc/monitor.h ../lxc/namespace.c ../lxc/namespace.h \ + ../lxc/network.c ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ + ../lxc/parse.c ../lxc/parse.h ../lxc/process_utils.c \ + ../lxc/process_utils.h ../lxc/ringbuf.c ../lxc/ringbuf.h \ + ../lxc/start.c ../lxc/start.h ../lxc/state.c ../lxc/state.h \ + ../lxc/storage/btrfs.c ../lxc/storage/btrfs.h \ + ../lxc/storage/dir.c ../lxc/storage/dir.h \ + ../lxc/storage/loop.c ../lxc/storage/loop.h \ + ../lxc/storage/lvm.c ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ + ../lxc/storage/nbd.h ../lxc/storage/overlay.c \ + ../lxc/storage/overlay.h ../lxc/storage/rbd.c \ + ../lxc/storage/rbd.h ../lxc/storage/rsync.c \ + ../lxc/storage/rsync.h ../lxc/storage/storage.c \ + ../lxc/storage/storage.h ../lxc/storage/storage_utils.c \ + ../lxc/storage/storage_utils.h ../lxc/storage/zfs.c \ + ../lxc/storage/zfs.h ../lxc/sync.c ../lxc/sync.h \ + ../lxc/string_utils.c ../lxc/string_utils.h ../lxc/terminal.c \ + ../lxc/terminal.h ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ + ../lxc/uuid.h ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ + ../lxc/lsm/nop.c ../lxc/lsm/apparmor.c ../lxc/lsm/selinux.c \ + ../lxc/seccomp.c ../lxc/lxcseccomp.h @ENABLE_TESTS_TRUE@am_lxc_test_utils_OBJECTS = \ -@ENABLE_TESTS_TRUE@ lxc-test-utils.$(OBJEXT) +@ENABLE_TESTS_TRUE@ lxc-test-utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/error.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/log.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/network.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/nl.$(OBJEXT) ../lxc/parse.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/start.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/state.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.$(OBJEXT) \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.$(OBJEXT) $(am__objects_3) \ +@ENABLE_TESTS_TRUE@ $(am__objects_4) lxc_test_utils_OBJECTS = $(am_lxc_test_utils_OBJECTS) lxc_test_utils_LDADD = $(LDADD) @ENABLE_TESTS_TRUE@lxc_test_utils_DEPENDENCIES = ../lxc/liblxc.la @@ -438,8 +1236,38 @@ DEFAULT_INCLUDES = -I.@am__isrc@ -I$(top_builddir)/src depcomp = $(SHELL) $(top_srcdir)/config/depcomp am__maybe_remake_depfiles = depfiles -am__depfiles_remade = ../lxc/$(DEPDIR)/namespace.Po \ - ../lxc/$(DEPDIR)/raw_syscalls.Po ./$(DEPDIR)/aa.Po \ +am__depfiles_remade = ../include/$(DEPDIR)/netns_ifaddrs.Po \ + ../lxc/$(DEPDIR)/af_unix.Po ../lxc/$(DEPDIR)/caps.Po \ + ../lxc/$(DEPDIR)/commands.Po \ + ../lxc/$(DEPDIR)/commands_utils.Po ../lxc/$(DEPDIR)/conf.Po \ + ../lxc/$(DEPDIR)/confile.Po ../lxc/$(DEPDIR)/confile_utils.Po \ + ../lxc/$(DEPDIR)/error.Po ../lxc/$(DEPDIR)/file_utils.Po \ + ../lxc/$(DEPDIR)/initutils.Po ../lxc/$(DEPDIR)/log.Po \ + ../lxc/$(DEPDIR)/lxclock.Po ../lxc/$(DEPDIR)/mainloop.Po \ + ../lxc/$(DEPDIR)/monitor.Po ../lxc/$(DEPDIR)/namespace.Po \ + ../lxc/$(DEPDIR)/network.Po ../lxc/$(DEPDIR)/nl.Po \ + ../lxc/$(DEPDIR)/parse.Po ../lxc/$(DEPDIR)/process_utils.Po \ + ../lxc/$(DEPDIR)/ringbuf.Po ../lxc/$(DEPDIR)/seccomp.Po \ + ../lxc/$(DEPDIR)/start.Po ../lxc/$(DEPDIR)/state.Po \ + ../lxc/$(DEPDIR)/string_utils.Po ../lxc/$(DEPDIR)/sync.Po \ + ../lxc/$(DEPDIR)/terminal.Po ../lxc/$(DEPDIR)/utils.Po \ + ../lxc/$(DEPDIR)/uuid.Po ../lxc/cgroups/$(DEPDIR)/cgfsng.Po \ + ../lxc/cgroups/$(DEPDIR)/cgroup.Po \ + ../lxc/cgroups/$(DEPDIR)/cgroup2_devices.Po \ + ../lxc/cgroups/$(DEPDIR)/cgroup_utils.Po \ + ../lxc/lsm/$(DEPDIR)/apparmor.Po ../lxc/lsm/$(DEPDIR)/lsm.Po \ + ../lxc/lsm/$(DEPDIR)/nop.Po ../lxc/lsm/$(DEPDIR)/selinux.Po \ + ../lxc/storage/$(DEPDIR)/btrfs.Po \ + ../lxc/storage/$(DEPDIR)/dir.Po \ + ../lxc/storage/$(DEPDIR)/loop.Po \ + ../lxc/storage/$(DEPDIR)/lvm.Po \ + ../lxc/storage/$(DEPDIR)/nbd.Po \ + ../lxc/storage/$(DEPDIR)/overlay.Po \ + ../lxc/storage/$(DEPDIR)/rbd.Po \ + ../lxc/storage/$(DEPDIR)/rsync.Po \ + ../lxc/storage/$(DEPDIR)/storage.Po \ + ../lxc/storage/$(DEPDIR)/storage_utils.Po \ + ../lxc/storage/$(DEPDIR)/zfs.Po ./$(DEPDIR)/aa.Po \ ./$(DEPDIR)/api_reboot.Po ./$(DEPDIR)/attach.Po \ ./$(DEPDIR)/basic.Po ./$(DEPDIR)/cgpath.Po \ ./$(DEPDIR)/clonetest.Po ./$(DEPDIR)/concurrent.Po \ @@ -737,15 +1565,287 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -@ENABLE_TESTS_TRUE@LDADD = ../lxc/liblxc.la -@ENABLE_TESTS_TRUE@lxc_test_api_reboot_SOURCES = api_reboot.c -@ENABLE_TESTS_TRUE@lxc_test_apparmor_SOURCES = aa.c -@ENABLE_TESTS_TRUE@lxc_test_attach_SOURCES = attach.c +@ENABLE_TESTS_TRUE@LDADD = ../lxc/liblxc.la \ +@ENABLE_TESTS_TRUE@ @CAP_LIBS@ \ +@ENABLE_TESTS_TRUE@ @OPENSSL_LIBS@ \ +@ENABLE_TESTS_TRUE@ @SECCOMP_LIBS@ \ +@ENABLE_TESTS_TRUE@ @SELINUX_LIBS@ \ +@ENABLE_TESTS_TRUE@ @DLOG_LIBS@ + +@ENABLE_TESTS_TRUE@LSM_SOURCES = ../lxc/lsm/lsm.c ../lxc/lsm/lsm.h \ +@ENABLE_TESTS_TRUE@ ../lxc/lsm/nop.c $(am__append_1) \ +@ENABLE_TESTS_TRUE@ $(am__append_2) +@ENABLE_TESTS_TRUE@lxc_test_api_reboot_SOURCES = api_reboot.c \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_3) +@ENABLE_TESTS_TRUE@lxc_test_apparmor_SOURCES = aa.c ../lxc/af_unix.c \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.h ../lxc/caps.c \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.h ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_4) +@ENABLE_TESTS_TRUE@lxc_test_attach_SOURCES = attach.c ../lxc/af_unix.c \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.h ../lxc/caps.c \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.h ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_5) @ENABLE_TESTS_TRUE@lxc_test_basic_SOURCES = basic.c -@ENABLE_TESTS_TRUE@lxc_test_cgpath_SOURCES = cgpath.c +@ENABLE_TESTS_TRUE@lxc_test_cgpath_SOURCES = cgpath.c ../lxc/af_unix.c \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.h ../lxc/caps.c \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.h ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_6) @ENABLE_TESTS_TRUE@lxc_test_clonetest_SOURCES = clonetest.c @ENABLE_TESTS_TRUE@lxc_test_concurrent_SOURCES = concurrent.c -@ENABLE_TESTS_TRUE@lxc_test_config_jump_table_SOURCES = config_jump_table.c lxctest.h +@ENABLE_TESTS_TRUE@lxc_test_config_jump_table_SOURCES = \ +@ENABLE_TESTS_TRUE@ config_jump_table.c lxctest.h \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_7) @ENABLE_TESTS_TRUE@lxc_test_console_SOURCES = console.c @ENABLE_TESTS_TRUE@lxc_test_console_log_SOURCES = console_log.c lxctest.h @ENABLE_TESTS_TRUE@lxc_test_containertests_SOURCES = containertests.c @@ -757,25 +1857,236 @@ @ENABLE_TESTS_TRUE@lxc_test_getkeys_SOURCES = getkeys.c @ENABLE_TESTS_TRUE@lxc_test_get_item_SOURCES = get_item.c @ENABLE_TESTS_TRUE@lxc_test_list_SOURCES = list.c -@ENABLE_TESTS_TRUE@lxc_test_locktests_SOURCES = locktests.c +@ENABLE_TESTS_TRUE@lxc_test_locktests_SOURCES = locktests.c \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_8) @ENABLE_TESTS_TRUE@lxc_test_lxcpath_SOURCES = lxcpath.c @ENABLE_TESTS_TRUE@lxc_test_may_control_SOURCES = may_control.c -@ENABLE_TESTS_TRUE@lxc_test_mount_injection_SOURCES = mount_injection.c lxctest.h -@ENABLE_TESTS_TRUE@lxc_test_parse_config_file_SOURCES = parse_config_file.c \ -@ENABLE_TESTS_TRUE@ lxctest.h - +@ENABLE_TESTS_TRUE@lxc_test_mount_injection_SOURCES = \ +@ENABLE_TESTS_TRUE@ mount_injection.c lxctest.h \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_9) +@ENABLE_TESTS_TRUE@lxc_test_parse_config_file_SOURCES = \ +@ENABLE_TESTS_TRUE@ parse_config_file.c lxctest.h \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_10) @ENABLE_TESTS_TRUE@lxc_test_raw_clone_SOURCES = lxc_raw_clone.c \ -@ENABLE_TESTS_TRUE@ lxctest.h \ -@ENABLE_TESTS_TRUE@ ../lxc/namespace.c ../lxc/namespace.h \ -@ENABLE_TESTS_TRUE@ ../lxc/raw_syscalls.c ../lxc/raw_syscalls.h - +@ENABLE_TESTS_TRUE@ lxctest.h ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_11) @ENABLE_TESTS_TRUE@lxc_test_reboot_SOURCES = reboot.c @ENABLE_TESTS_TRUE@lxc_test_saveconfig_SOURCES = saveconfig.c @ENABLE_TESTS_TRUE@lxc_test_share_ns_SOURCES = share_ns.c \ @ENABLE_TESTS_TRUE@ lxctest.h \ @ENABLE_TESTS_TRUE@ ../lxc/compiler.h -@ENABLE_TESTS_TRUE@lxc_test_shortlived_SOURCES = shortlived.c +@ENABLE_TESTS_TRUE@lxc_test_shortlived_SOURCES = shortlived.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.c ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h + @ENABLE_TESTS_TRUE@lxc_test_shutdowntest_SOURCES = shutdowntest.c @ENABLE_TESTS_TRUE@lxc_test_snapshot_SOURCES = snapshot.c @ENABLE_TESTS_TRUE@lxc_test_startone_SOURCES = startone.c @@ -783,19 +2094,78 @@ @ENABLE_TESTS_TRUE@ lxctest.h \ @ENABLE_TESTS_TRUE@ ../lxc/compiler.h -@ENABLE_TESTS_TRUE@lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h +@ENABLE_TESTS_TRUE@lxc_test_utils_SOURCES = lxc-test-utils.c lxctest.h \ +@ENABLE_TESTS_TRUE@ ../lxc/af_unix.c ../lxc/af_unix.h \ +@ENABLE_TESTS_TRUE@ ../lxc/caps.c ../lxc/caps.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgfsng.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup2_devices.h \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/cgroups/cgroup_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands.c ../lxc/commands.h \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/commands_utils.h ../lxc/conf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/conf.h ../lxc/confile.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile.h ../lxc/confile_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/confile_utils.h ../lxc/error.c \ +@ENABLE_TESTS_TRUE@ ../lxc/error.h ../lxc/file_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/file_utils.h \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.c \ +@ENABLE_TESTS_TRUE@ ../include/netns_ifaddrs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/initutils.c ../lxc/initutils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/log.c ../lxc/log.h ../lxc/lxclock.c \ +@ENABLE_TESTS_TRUE@ ../lxc/lxclock.h ../lxc/mainloop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/mainloop.h ../lxc/monitor.c \ +@ENABLE_TESTS_TRUE@ ../lxc/monitor.h ../lxc/namespace.c \ +@ENABLE_TESTS_TRUE@ ../lxc/namespace.h ../lxc/network.c \ +@ENABLE_TESTS_TRUE@ ../lxc/network.h ../lxc/nl.c ../lxc/nl.h \ +@ENABLE_TESTS_TRUE@ ../lxc/parse.c ../lxc/parse.h \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/process_utils.h ../lxc/ringbuf.c \ +@ENABLE_TESTS_TRUE@ ../lxc/ringbuf.h ../lxc/start.c \ +@ENABLE_TESTS_TRUE@ ../lxc/start.h ../lxc/state.c \ +@ENABLE_TESTS_TRUE@ ../lxc/state.h ../lxc/storage/btrfs.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/btrfs.h ../lxc/storage/dir.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/dir.h ../lxc/storage/loop.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/loop.h ../lxc/storage/lvm.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/lvm.h ../lxc/storage/nbd.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/nbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/overlay.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rbd.c ../lxc/storage/rbd.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/rsync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.c \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/storage_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/storage/zfs.c ../lxc/storage/zfs.h \ +@ENABLE_TESTS_TRUE@ ../lxc/sync.c ../lxc/sync.h \ +@ENABLE_TESTS_TRUE@ ../lxc/string_utils.c ../lxc/string_utils.h \ +@ENABLE_TESTS_TRUE@ ../lxc/terminal.c ../lxc/terminal.h \ +@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h ../lxc/uuid.c \ +@ENABLE_TESTS_TRUE@ ../lxc/uuid.h $(LSM_SOURCES) \ +@ENABLE_TESTS_TRUE@ $(am__append_12) @ENABLE_TESTS_TRUE@AM_CFLAGS = -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \ @ENABLE_TESTS_TRUE@ -DLXCPATH=\"$(LXCPATH)\" \ @ENABLE_TESTS_TRUE@ -DLXC_GLOBAL_CONF=\"$(LXC_GLOBAL_CONF)\" \ @ENABLE_TESTS_TRUE@ -DLXCINITDIR=\"$(LXCINITDIR)\" \ +@ENABLE_TESTS_TRUE@ -DLIBEXECDIR=\"$(LIBEXECDIR)\" \ +@ENABLE_TESTS_TRUE@ -DLOGPATH=\"$(LOGPATH)\" \ +@ENABLE_TESTS_TRUE@ -DLXCTEMPLATEDIR=\"$(LXCTEMPLATEDIR)\" \ @ENABLE_TESTS_TRUE@ -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ -@ENABLE_TESTS_TRUE@ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" -I \ +@ENABLE_TESTS_TRUE@ -DDEFAULT_CGROUP_PATTERN=\"$(DEFAULT_CGROUP_PATTERN)\" \ +@ENABLE_TESTS_TRUE@ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ +@ENABLE_TESTS_TRUE@ -DSBINDIR=\"$(SBINDIR)\" -I \ @ENABLE_TESTS_TRUE@ $(top_srcdir)/src -I $(top_srcdir)/src/lxc \ @ENABLE_TESTS_TRUE@ -I $(top_srcdir)/src/lxc/cgroups -I \ -@ENABLE_TESTS_TRUE@ $(top_srcdir)/src/lxc/tools -pthread \ -@ENABLE_TESTS_TRUE@ $(am__append_1) $(am__append_2) \ -@ENABLE_TESTS_TRUE@ $(am__append_3) -@ENABLE_TESTS_TRUE@bin_SCRIPTS = $(am__append_4) $(am__append_5) +@ENABLE_TESTS_TRUE@ $(top_srcdir)/src/lxc/tools -I \ +@ENABLE_TESTS_TRUE@ $(top_srcdir)/src/lxc/storage -pthread \ +@ENABLE_TESTS_TRUE@ $(am__append_13) $(am__append_14) \ +@ENABLE_TESTS_TRUE@ $(am__append_15) +@ENABLE_TESTS_TRUE@bin_SCRIPTS = $(am__append_16) $(am__append_17) EXTRA_DIST = basic.c \ cgpath.c \ clonetest.c \ @@ -829,6 +2199,7 @@ lxc-test-snapdeps \ lxc-test-symlink \ lxc-test-unpriv \ + lxc-test-usernsexec \ lxc-test-utils.c \ may_control.c \ mount_injection.c \ @@ -926,6 +2297,134 @@ list=`for p in $$list; do echo "$$p"; done | sed 's/$(EXEEXT)$$//'`; \ echo " rm -f" $$list; \ rm -f $$list +../lxc/$(am__dirstamp): + @$(MKDIR_P) ../lxc + @: > ../lxc/$(am__dirstamp) +../lxc/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../lxc/$(DEPDIR) + @: > ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/af_unix.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/caps.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/cgroups/$(am__dirstamp): + @$(MKDIR_P) ../lxc/cgroups + @: > ../lxc/cgroups/$(am__dirstamp) +../lxc/cgroups/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../lxc/cgroups/$(DEPDIR) + @: > ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) +../lxc/cgroups/cgfsng.$(OBJEXT): ../lxc/cgroups/$(am__dirstamp) \ + ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) +../lxc/cgroups/cgroup.$(OBJEXT): ../lxc/cgroups/$(am__dirstamp) \ + ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) +../lxc/cgroups/cgroup2_devices.$(OBJEXT): \ + ../lxc/cgroups/$(am__dirstamp) \ + ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) +../lxc/cgroups/cgroup_utils.$(OBJEXT): ../lxc/cgroups/$(am__dirstamp) \ + ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) +../lxc/commands.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/commands_utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/conf.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/confile.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/confile_utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/error.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/file_utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../include/$(am__dirstamp): + @$(MKDIR_P) ../include + @: > ../include/$(am__dirstamp) +../include/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../include/$(DEPDIR) + @: > ../include/$(DEPDIR)/$(am__dirstamp) +../include/netns_ifaddrs.$(OBJEXT): ../include/$(am__dirstamp) \ + ../include/$(DEPDIR)/$(am__dirstamp) +../lxc/initutils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/log.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/lxclock.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/mainloop.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/monitor.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/namespace.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/network.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/nl.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/parse.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/process_utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/ringbuf.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/start.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/state.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/$(am__dirstamp): + @$(MKDIR_P) ../lxc/storage + @: > ../lxc/storage/$(am__dirstamp) +../lxc/storage/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../lxc/storage/$(DEPDIR) + @: > ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/btrfs.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/dir.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/loop.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/lvm.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/nbd.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/overlay.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/rbd.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/rsync.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/storage.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/storage_utils.$(OBJEXT): \ + ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/storage/zfs.$(OBJEXT): ../lxc/storage/$(am__dirstamp) \ + ../lxc/storage/$(DEPDIR)/$(am__dirstamp) +../lxc/sync.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/string_utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/terminal.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/utils.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/uuid.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) +../lxc/lsm/$(am__dirstamp): + @$(MKDIR_P) ../lxc/lsm + @: > ../lxc/lsm/$(am__dirstamp) +../lxc/lsm/$(DEPDIR)/$(am__dirstamp): + @$(MKDIR_P) ../lxc/lsm/$(DEPDIR) + @: > ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) +../lxc/lsm/lsm.$(OBJEXT): ../lxc/lsm/$(am__dirstamp) \ + ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) +../lxc/lsm/nop.$(OBJEXT): ../lxc/lsm/$(am__dirstamp) \ + ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) +../lxc/lsm/apparmor.$(OBJEXT): ../lxc/lsm/$(am__dirstamp) \ + ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) +../lxc/lsm/selinux.$(OBJEXT): ../lxc/lsm/$(am__dirstamp) \ + ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) +../lxc/seccomp.$(OBJEXT): ../lxc/$(am__dirstamp) \ + ../lxc/$(DEPDIR)/$(am__dirstamp) lxc-test-api-reboot$(EXEEXT): $(lxc_test_api_reboot_OBJECTS) $(lxc_test_api_reboot_DEPENDENCIES) $(EXTRA_lxc_test_api_reboot_DEPENDENCIES) @rm -f lxc-test-api-reboot$(EXEEXT) @@ -1022,16 +2521,6 @@ lxc-test-parse-config-file$(EXEEXT): $(lxc_test_parse_config_file_OBJECTS) $(lxc_test_parse_config_file_DEPENDENCIES) $(EXTRA_lxc_test_parse_config_file_DEPENDENCIES) @rm -f lxc-test-parse-config-file$(EXEEXT) $(AM_V_CCLD)$(LINK) $(lxc_test_parse_config_file_OBJECTS) $(lxc_test_parse_config_file_LDADD) $(LIBS) -../lxc/$(am__dirstamp): - @$(MKDIR_P) ../lxc - @: > ../lxc/$(am__dirstamp) -../lxc/$(DEPDIR)/$(am__dirstamp): - @$(MKDIR_P) ../lxc/$(DEPDIR) - @: > ../lxc/$(DEPDIR)/$(am__dirstamp) -../lxc/namespace.$(OBJEXT): ../lxc/$(am__dirstamp) \ - ../lxc/$(DEPDIR)/$(am__dirstamp) -../lxc/raw_syscalls.$(OBJEXT): ../lxc/$(am__dirstamp) \ - ../lxc/$(DEPDIR)/$(am__dirstamp) lxc-test-raw-clone$(EXEEXT): $(lxc_test_raw_clone_OBJECTS) $(lxc_test_raw_clone_DEPENDENCIES) $(EXTRA_lxc_test_raw_clone_DEPENDENCIES) @rm -f lxc-test-raw-clone$(EXEEXT) @@ -1110,13 +2599,63 @@ mostlyclean-compile: -rm -f *.$(OBJEXT) + -rm -f ../include/*.$(OBJEXT) -rm -f ../lxc/*.$(OBJEXT) + -rm -f ../lxc/cgroups/*.$(OBJEXT) + -rm -f ../lxc/lsm/*.$(OBJEXT) + -rm -f ../lxc/storage/*.$(OBJEXT) distclean-compile: -rm -f *.tab.c +@AMDEP_TRUE@@am__include@ @am__quote@../include/$(DEPDIR)/netns_ifaddrs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/af_unix.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/caps.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/commands.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/commands_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/conf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/confile.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/confile_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/error.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/file_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/initutils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/log.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/lxclock.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/mainloop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/monitor.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/namespace.Po@am__quote@ # am--include-marker -@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/raw_syscalls.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/network.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/nl.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/parse.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/process_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/ringbuf.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/seccomp.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/start.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/state.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/string_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/sync.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/terminal.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/$(DEPDIR)/uuid.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/cgroups/$(DEPDIR)/cgfsng.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/cgroups/$(DEPDIR)/cgroup.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/cgroups/$(DEPDIR)/cgroup2_devices.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/cgroups/$(DEPDIR)/cgroup_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/lsm/$(DEPDIR)/apparmor.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/lsm/$(DEPDIR)/lsm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/lsm/$(DEPDIR)/nop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/lsm/$(DEPDIR)/selinux.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/btrfs.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/dir.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/loop.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/lvm.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/nbd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/overlay.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/rbd.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/rsync.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/storage.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/storage_utils.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@../lxc/storage/$(DEPDIR)/zfs.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/aa.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/api_reboot.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/attach.Po@am__quote@ # am--include-marker @@ -1306,8 +2845,16 @@ distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + -rm -f ../include/$(DEPDIR)/$(am__dirstamp) + -rm -f ../include/$(am__dirstamp) -rm -f ../lxc/$(DEPDIR)/$(am__dirstamp) -rm -f ../lxc/$(am__dirstamp) + -rm -f ../lxc/cgroups/$(DEPDIR)/$(am__dirstamp) + -rm -f ../lxc/cgroups/$(am__dirstamp) + -rm -f ../lxc/lsm/$(DEPDIR)/$(am__dirstamp) + -rm -f ../lxc/lsm/$(am__dirstamp) + -rm -f ../lxc/storage/$(DEPDIR)/$(am__dirstamp) + -rm -f ../lxc/storage/$(am__dirstamp) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @@ -1318,8 +2865,54 @@ mostlyclean-am distclean: distclean-am - -rm -f ../lxc/$(DEPDIR)/namespace.Po - -rm -f ../lxc/$(DEPDIR)/raw_syscalls.Po + -rm -f ../include/$(DEPDIR)/netns_ifaddrs.Po + -rm -f ../lxc/$(DEPDIR)/af_unix.Po + -rm -f ../lxc/$(DEPDIR)/caps.Po + -rm -f ../lxc/$(DEPDIR)/commands.Po + -rm -f ../lxc/$(DEPDIR)/commands_utils.Po + -rm -f ../lxc/$(DEPDIR)/conf.Po + -rm -f ../lxc/$(DEPDIR)/confile.Po + -rm -f ../lxc/$(DEPDIR)/confile_utils.Po + -rm -f ../lxc/$(DEPDIR)/error.Po + -rm -f ../lxc/$(DEPDIR)/file_utils.Po + -rm -f ../lxc/$(DEPDIR)/initutils.Po + -rm -f ../lxc/$(DEPDIR)/log.Po + -rm -f ../lxc/$(DEPDIR)/lxclock.Po + -rm -f ../lxc/$(DEPDIR)/mainloop.Po + -rm -f ../lxc/$(DEPDIR)/monitor.Po + -rm -f ../lxc/$(DEPDIR)/namespace.Po + -rm -f ../lxc/$(DEPDIR)/network.Po + -rm -f ../lxc/$(DEPDIR)/nl.Po + -rm -f ../lxc/$(DEPDIR)/parse.Po + -rm -f ../lxc/$(DEPDIR)/process_utils.Po + -rm -f ../lxc/$(DEPDIR)/ringbuf.Po + -rm -f ../lxc/$(DEPDIR)/seccomp.Po + -rm -f ../lxc/$(DEPDIR)/start.Po + -rm -f ../lxc/$(DEPDIR)/state.Po + -rm -f ../lxc/$(DEPDIR)/string_utils.Po + -rm -f ../lxc/$(DEPDIR)/sync.Po + -rm -f ../lxc/$(DEPDIR)/terminal.Po + -rm -f ../lxc/$(DEPDIR)/utils.Po + -rm -f ../lxc/$(DEPDIR)/uuid.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgfsng.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup2_devices.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup_utils.Po + -rm -f ../lxc/lsm/$(DEPDIR)/apparmor.Po + -rm -f ../lxc/lsm/$(DEPDIR)/lsm.Po + -rm -f ../lxc/lsm/$(DEPDIR)/nop.Po + -rm -f ../lxc/lsm/$(DEPDIR)/selinux.Po + -rm -f ../lxc/storage/$(DEPDIR)/btrfs.Po + -rm -f ../lxc/storage/$(DEPDIR)/dir.Po + -rm -f ../lxc/storage/$(DEPDIR)/loop.Po + -rm -f ../lxc/storage/$(DEPDIR)/lvm.Po + -rm -f ../lxc/storage/$(DEPDIR)/nbd.Po + -rm -f ../lxc/storage/$(DEPDIR)/overlay.Po + -rm -f ../lxc/storage/$(DEPDIR)/rbd.Po + -rm -f ../lxc/storage/$(DEPDIR)/rsync.Po + -rm -f ../lxc/storage/$(DEPDIR)/storage.Po + -rm -f ../lxc/storage/$(DEPDIR)/storage_utils.Po + -rm -f ../lxc/storage/$(DEPDIR)/zfs.Po -rm -f ./$(DEPDIR)/aa.Po -rm -f ./$(DEPDIR)/api_reboot.Po -rm -f ./$(DEPDIR)/attach.Po @@ -1399,8 +2992,54 @@ installcheck-am: maintainer-clean: maintainer-clean-am - -rm -f ../lxc/$(DEPDIR)/namespace.Po - -rm -f ../lxc/$(DEPDIR)/raw_syscalls.Po + -rm -f ../include/$(DEPDIR)/netns_ifaddrs.Po + -rm -f ../lxc/$(DEPDIR)/af_unix.Po + -rm -f ../lxc/$(DEPDIR)/caps.Po + -rm -f ../lxc/$(DEPDIR)/commands.Po + -rm -f ../lxc/$(DEPDIR)/commands_utils.Po + -rm -f ../lxc/$(DEPDIR)/conf.Po + -rm -f ../lxc/$(DEPDIR)/confile.Po + -rm -f ../lxc/$(DEPDIR)/confile_utils.Po + -rm -f ../lxc/$(DEPDIR)/error.Po + -rm -f ../lxc/$(DEPDIR)/file_utils.Po + -rm -f ../lxc/$(DEPDIR)/initutils.Po + -rm -f ../lxc/$(DEPDIR)/log.Po + -rm -f ../lxc/$(DEPDIR)/lxclock.Po + -rm -f ../lxc/$(DEPDIR)/mainloop.Po + -rm -f ../lxc/$(DEPDIR)/monitor.Po + -rm -f ../lxc/$(DEPDIR)/namespace.Po + -rm -f ../lxc/$(DEPDIR)/network.Po + -rm -f ../lxc/$(DEPDIR)/nl.Po + -rm -f ../lxc/$(DEPDIR)/parse.Po + -rm -f ../lxc/$(DEPDIR)/process_utils.Po + -rm -f ../lxc/$(DEPDIR)/ringbuf.Po + -rm -f ../lxc/$(DEPDIR)/seccomp.Po + -rm -f ../lxc/$(DEPDIR)/start.Po + -rm -f ../lxc/$(DEPDIR)/state.Po + -rm -f ../lxc/$(DEPDIR)/string_utils.Po + -rm -f ../lxc/$(DEPDIR)/sync.Po + -rm -f ../lxc/$(DEPDIR)/terminal.Po + -rm -f ../lxc/$(DEPDIR)/utils.Po + -rm -f ../lxc/$(DEPDIR)/uuid.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgfsng.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup2_devices.Po + -rm -f ../lxc/cgroups/$(DEPDIR)/cgroup_utils.Po + -rm -f ../lxc/lsm/$(DEPDIR)/apparmor.Po + -rm -f ../lxc/lsm/$(DEPDIR)/lsm.Po + -rm -f ../lxc/lsm/$(DEPDIR)/nop.Po + -rm -f ../lxc/lsm/$(DEPDIR)/selinux.Po + -rm -f ../lxc/storage/$(DEPDIR)/btrfs.Po + -rm -f ../lxc/storage/$(DEPDIR)/dir.Po + -rm -f ../lxc/storage/$(DEPDIR)/loop.Po + -rm -f ../lxc/storage/$(DEPDIR)/lvm.Po + -rm -f ../lxc/storage/$(DEPDIR)/nbd.Po + -rm -f ../lxc/storage/$(DEPDIR)/overlay.Po + -rm -f ../lxc/storage/$(DEPDIR)/rbd.Po + -rm -f ../lxc/storage/$(DEPDIR)/rsync.Po + -rm -f ../lxc/storage/$(DEPDIR)/storage.Po + -rm -f ../lxc/storage/$(DEPDIR)/storage_utils.Po + -rm -f ../lxc/storage/$(DEPDIR)/zfs.Po -rm -f ./$(DEPDIR)/aa.Po -rm -f ./$(DEPDIR)/api_reboot.Po -rm -f ./$(DEPDIR)/attach.Po @@ -1473,7 +3112,6 @@ .PRECIOUS: Makefile -@ENABLE_TESTS_TRUE@ ../lxc/utils.c ../lxc/utils.h clean-local: rm -f lxc-test-utils-* diff -Nru lxc-4.0.2/templates/lxc-download.in lxc-4.0.6/templates/lxc-download.in --- lxc-4.0.2/templates/lxc-download.in 2020-04-16 18:17:13.000000000 +0000 +++ lxc-4.0.6/templates/lxc-download.in 2021-01-12 00:20:06.000000000 +0000 @@ -47,6 +47,7 @@ DOWNLOAD_VALIDATE="true" DOWNLOAD_VARIANT="default" DOWNLOAD_TEMP= +DOWNLOAD_STANDARD_RESOLVER="false" LXC_MAPPED_GID= LXC_MAPPED_UID= @@ -130,16 +131,19 @@ mkdir -p "${DOWNLOAD_TEMP}/gpg" chmod 700 "${DOWNLOAD_TEMP}/gpg" + + if [ "${DOWNLOAD_STANDARD_RESOLVER}" = "true" ]; then + echo "standard-resolver" > "${DOWNLOAD_TEMP}/gpg/dirmngr.conf" + fi export GNUPGHOME="${DOWNLOAD_TEMP}/gpg" success= for _ in $(seq 3); do - if $(gpg --keyserver "${DOWNLOAD_KEYSERVER}" ${DOWNLOAD_GPG_PROXY:-} \ - --recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1); then + if gpg --keyserver "${DOWNLOAD_KEYSERVER}" ${DOWNLOAD_GPG_PROXY:-} \ + --recv-keys "${DOWNLOAD_KEYID}" >/dev/null 2>&1; then success=1 break fi - break done if [ -z "${success}" ]; then @@ -223,6 +227,7 @@ [ --no-validate ]: Disable GPG validation (not recommended) [ --flush-cache ]: Flush the local copy (if present) [ --force-cache ]: Force the use of the local copy even if expired +[ --standard-resolver ]: Force the use of the standard resolver LXC internal arguments (do not pass manually!): [ --name ]: The container name @@ -261,6 +266,7 @@ --no-validate) DOWNLOAD_VALIDATE="false"; shift 1;; --flush-cache) DOWNLOAD_FLUSH_CACHE="true"; shift 1;; --force-cache) DOWNLOAD_FORCE_CACHE="true"; shift 1;; + --standard-resolver) STANDARD_RESOLVER="true"; shift 1;; --name) LXC_NAME="$2"; shift 2;; --path) LXC_PATH="$2"; shift 2;; --rootfs) LXC_ROOTFS="$2"; shift 2;; @@ -327,7 +333,7 @@ DOWNLOAD_TEMP="${DOWNLOAD_TEMP}/tmp/lxc-download.$$" elif [ -n "${DOWNLOAD_TEMP}" ]; then mkdir -p "${DOWNLOAD_TEMP}" - DOWNLOAD_TEMP="$(mktemp -p ${DOWNLOAD_TEMP} -d)" + DOWNLOAD_TEMP="$(mktemp -p "${DOWNLOAD_TEMP}" -d)" else DOWNLOAD_TEMP="${DOWNLOAD_TEMP}$(mktemp -d)" fi diff -Nru lxc-4.0.2/templates/Makefile.in lxc-4.0.6/templates/Makefile.in --- lxc-4.0.2/templates/Makefile.in 2020-04-16 18:17:23.000000000 +0000 +++ lxc-4.0.6/templates/Makefile.in 2021-01-12 00:20:12.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.16.1 from Makefile.am. +# Makefile.in generated by automake 1.16.2 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2018 Free Software Foundation, Inc. +# Copyright (C) 1994-2020 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it,