Similarly to VIR_STRDUP, we want the OOM error to be reported in
VIR_ALLOC and friends.

Create parent directroy for hostdev automatically when we
start a lxc domain or attach a hostdev to a lxc domain.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

This helper function is used to create parent directory for
the hostdev which will be added to the container. If the
parent directory of this hostdev doesn't exist, the mknod of
the hostdev will fail. eg with /dev/net/tun
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Many applications use /dev/tty to read from stdin.
e.g. zypper on openSUSE.

Let's create this device node to unbreak those applications.
As /dev/tty is a synonym for the current controlling terminal
it cannot harm the host or any other containers.
Signed-off-by: NRichard Weinberger <richard@nod.at>

Ensure that all APIs which list domain objects filter
them against the access control system.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

libivrt lxc can only set generic weight for container,
This patch allows user to setup per device blkio
weigh for container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

We forgot to free the stack when Kernel doesn't
support user namespace.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Add some debug logging of LXC wait/continue messages
and uid/gid map update code.

User namespaces will deny the ability to mount the SELinux
filesystem. This is harmless for libvirt's LXC needs, so the
error can be ignored.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The owner of the /proc/meminfo in container should
be the root user of container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

These files are created for container,
the owner should be the root user of container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Since these devices are created for the container.
the owner should be the root user of the container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

container will create /dev/pts directory in /dev.
the owner of /dev should be the root user of container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Since these tty devices will be used by container,
the owner of them should be the root user of container.

This patch also adds a new function virLXCControllerChown,
we can use this general function to change the owner of
files.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

user namespace doesn't allow to create devices in
uninit userns. We should create devices on host side.

We first mount tmpfs on dev directroy under state dir
of container. then create devices under this dev dir.

Finally in container, mount the dev directroy created
on host to the /dev/ directroy of container.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

This patch introduces new helper function
virLXCControllerSetupUserns, in this function,
we set the files uid_map and gid_map of the init
task of container.

lxcContainerSetID is used for creating cred for
tasks running in container. Since after setuid/setgid,
we may be a new user. This patch calls lxcContainerSetUserns
at first to make sure the new created files belong to
right user.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

User namespace will be enabled only when the idmap exist
in configuration.

If you want disable user namespace,just remove these
elements from XML.

If kernel doesn't support user namespace and idmap exist
in configuration file, libvirt lxc will start failed and
return "Kernel doesn't support user namespace" message.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Insert calls to the ACL checking APIs in all LXC driver
entrypoints.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

As a consequence of the cgroup layout changes from commit 'cfed9ad4', the
lxcDomainGetSchedulerParameters[Flags]()' and lxcGetSchedulerType() APIs
failed to return data for a non running domain.  This can be seen through
a 'virsh schedinfo <domain>' command which returns:

Scheduler      : Unknown
error: Requested operation is not valid: cgroup CPU controller is not mounted

Prior to that change a non running domain would return:

Scheduler      : posix
cpu_shares     : 0
vcpu_period    : 0
vcpu_quota     : 0
emulator_period: 0
emulator_quota : 0

This patch will restore the capability to return configuration only data
for a non running domain regardless of whether cgroups are available.

...fixes a trivial copy&paste error.
Signed-off-by: NRichard Weinberger <richard@nod.at>

Found with 'git grep "= 1"'.

By default files in a FUSE mount can only be accessed by the
user which created them, even if the file permissions would
otherwise allow it. To allow other users to access the FUSE
mount the 'allow_other' mount option must be used. This bug
prevented non-root users in an LXC container from reading
the /proc/meminfo file.

https://bugzilla.redhat.com/show_bug.cgi?id=967977Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Earlier commit f7e8653f dropped support for using LXC with
kernels having single-instance devpts filesystem from the
LXC controller. It forgot to remove the same code from the
LXC container setup.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Enforce the rule that .h files don't need to (redundantly)
include <config.h>.

* cfg.mk (sc_prohibit_config_h_in_headers): New rule.
(_virsh_includes): Delete; instead, inline a smaller number of
exclusions...
(exclude_file_name_regexp--sc_require_config_h)
(exclude_file_name_regexp--sc_require_config_h_first): ...here.
* daemon/libvirtd.h (includes): Fix offenders.
* src/driver.h (includes): Likewise.
* src/gnutls_1_0_compat.h (includes): Likewise.
* src/libxl/libxl_conf.h (includes): Likewise.
* src/libxl/libxl_driver.h (includes): Likewise.
* src/lxc/lxc_conf.h (includes): Likewise.
* src/lxc/lxc_driver.h (includes): Likewise.
* src/lxc/lxc_fuse.h (includes): Likewise.
* src/network/bridge_driver.h (includes): Likewise.
* src/phyp/phyp_driver.h (includes): Likewise.
* src/qemu/qemu_conf.h (includes): Likewise.
* src/util/virnetlink.h (includes): Likewise.
Signed-off-by: NEric Blake <eblake@redhat.com>

The comments is for virLXCControllerSetupPrivateNS.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

We forgot to free the mount_options.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

After commit c131525b
"Auto-add a root <filesystem> element to LXC containers on startup"
for libvirt lxc, root must be existent.
Signed-off-by: NGao feng <gaofeng@cn.fujitsu.com>

Re-add the selinux header to lxc_container.c since other
functions now use it, beyond the patch that was just
reverted.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

This reverts commit 940c6f10.

Before trying to mount the selinux filesystem in a container
use is_selinux_enabled() to check if the machine actually
has selinux support (eg not booted with selinux=0)
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

During startup, the LXC driver uses paths such as

  /.oldroot/var/run/libvirt/lxc/...

to access directories from the previous root filesystem
after doing a pivot_root(). Unfortunately if /var/run
is an absolute symlink to /run, instead of a relative
symlink to ../run, these paths break.

At least one Linux distro is known to use an absolute
symlink for /var/run, so workaround this, by resolving
all symlinks before doing the pivot_root().
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

We do not want to allow contained applications to be able to read fusefs_t.
So we want /proc/meminfo label to match the system default proc_t.

Fix checking of error codes

The lxcContainerMountAllFS method had a 'bool skipRoot'
flag to control whether it mounts the / filesystem. Since
removal of the non-pivot root container setup codepaths,
this flag is obsolete as the only caller always passes
'true'.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

Many methods accept a string parameter specifying the
old root directory prefix. Since removal of the non-pivot
root container setup codepaths, this parameter is obsolete
in many methods where the callers always pass "/.oldroot".
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The lxcContainerMountBasicFS method had a 'bool pivotRoot'
flag to control whether it mounted a private /dev. Since
removal of the non-pivot root container setup codepaths,
this flag is obsolete as the only caller always passes
'true'.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The LXC driver can already configure <disk> or <filesystem>
devices to use the loop device. This extends it to also allow
for use of the NBD device, to support non-raw formats.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>

The current code for setting up loop devices to LXC disks first
does a switch() based on the disk format, then looks at the
disk driver name. Reverse this so it first looks at the driver
name, and then the disk format. This is more useful since the
list of supported disk formats depends on what driver is used.

The code for setting loop devices for LXC fs entries also needs
to have the same logic added, now the XML schema supports this.
Signed-off-by: NDaniel P. Berrange <berrange@redhat.com>