From 49938fbcd9780c558d9aee5e43a97cefc41389cc Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Fri, 25 May 2018 19:35:00 +0200
Subject: [PATCH 1/5] tools: fix lxc-create with global config value II

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/tools/lxc_create.c | 21 ++++++++-------------
 1 file changed, 8 insertions(+), 13 deletions(-)

diff --git a/src/lxc/tools/lxc_create.c b/src/lxc/tools/lxc_create.c
index dba252112..3dd2e01b8 100644
--- a/src/lxc/tools/lxc_create.c
+++ b/src/lxc/tools/lxc_create.c
@@ -267,24 +267,19 @@ int main(int argc, char *argv[])
 		exit(EXIT_FAILURE);
 	}
 
-	if (geteuid()) {
-		if (!my_args.lxcpath[0])
-			my_args.lxcpath[0] = lxc_get_global_config_item("lxc.lxcpath");
 
-		if (mkdir_p(my_args.lxcpath[0], 0755))
-			exit(EXIT_FAILURE);
+	if (!my_args.lxcpath[0])
+		my_args.lxcpath[0] = lxc_get_global_config_item("lxc.lxcpath");
 
+	if (mkdir_p(my_args.lxcpath[0], 0755))
+		exit(EXIT_FAILURE);
+
+	if (geteuid())
 		if (access(my_args.lxcpath[0], O_RDONLY) < 0) {
-			fprintf(stderr, "You lack access to %s\n", my_args.lxcpath[0]);
+			fprintf(stderr, "You lack access to %s\n",
+				my_args.lxcpath[0]);
 			exit(EXIT_FAILURE);
 		}
-		if (strcmp(my_args.bdevtype, "dir") && strcmp(my_args.bdevtype, "_unset") &&
-				strcmp(my_args.bdevtype, "btrfs")) {
-			fprintf(stderr, "Unprivileged users cannot create %s containers.\n", my_args.bdevtype);
-			exit(EXIT_FAILURE);
-		}
-	}
-
 
 	c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
 	if (!c) {

From a579fa51bf9e65aa5a1f12d3a73860b7fc89fc89 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sat, 26 May 2018 03:20:36 +0200
Subject: [PATCH 2/5] coverity: #1435806

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/lxccontainer.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 2a8066767..1910e23a6 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1971,11 +1971,8 @@ static bool do_lxcapi_reboot2(struct lxc_container *c, int timeout)
 	}
 	TRACE("Sent signal %d to pid %d", rebootsignal, pid);
 
-	if (timeout == 0) {
-		if (state_client_fd >= 0)
-			close(state_client_fd);
+	if (timeout == 0)
 		return true;
-	}
 
 	ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout);
 	close(state_client_fd);

From 923929f61295fba4c491e98e29c9302f6499456e Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sat, 26 May 2018 03:21:05 +0200
Subject: [PATCH 3/5] coverity: #1435805

Logically dead code

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/lxccontainer.c | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 1910e23a6..828ebb8e5 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2041,11 +2041,8 @@ static bool do_lxcapi_shutdown(struct lxc_container *c, int timeout)
 	}
 	TRACE("Sent signal %d to pid %d", haltsignal, pid);
 
-	if (timeout == 0) {
-		if (state_client_fd >= 0)
-			close(state_client_fd);
+	if (timeout == 0)
 		return true;
-	}
 
 	ret = lxc_cmd_sock_rcv_state(state_client_fd, timeout);
 	close(state_client_fd);

From 4c496daa33d4725cd007e91d2eb7d5652dfdb98f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sat, 26 May 2018 03:22:58 +0200
Subject: [PATCH 4/5] coverity: #1435803

Unchecked return value

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/start.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/lxc/start.c b/src/lxc/start.c
index 638e195d6..94abff377 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -861,11 +861,11 @@ int lxc_init(const char *name, struct lxc_handler *handler)
 	return 0;
 
 out_restore_sigmask:
-	pthread_sigmask(SIG_SETMASK, &handler->oldmask, NULL);
+	(void)pthread_sigmask(SIG_SETMASK, &handler->oldmask, NULL);
 out_delete_tty:
 	lxc_delete_tty(&conf->ttys);
 out_aborting:
-	lxc_set_state(name, handler, ABORTING);
+	(void)lxc_set_state(name, handler, ABORTING);
 out_close_maincmd_fd:
 	close(conf->maincmd_fd);
 	conf->maincmd_fd = -1;

From 3ec12d39cda560d4054887d8755cdbe94d8c5c86 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner@ubuntu.com>
Date: Sat, 26 May 2018 03:25:20 +0200
Subject: [PATCH 5/5] coverity: #1435747

Dereference before null check

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
---
 src/lxc/cgroups/cgfsng.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 544772c61..e7948b25b 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1284,7 +1284,6 @@ static inline bool cgfsng_create(struct cgroup_ops *ops,
 	char *container_cgroup, *offset, *tmp;
 	int idx = 0;
 	struct lxc_conf *conf = handler->conf;
-	const char *join_args[] = {conf->cgroup_meta.dir, handler->name, NULL};
 
 	if (ops->container_cgroup) {
 		WARN("cgfsng_create called a second time: %s", ops->container_cgroup);
@@ -1295,7 +1294,7 @@ static inline bool cgfsng_create(struct cgroup_ops *ops,
 		return false;
 
 	if (conf->cgroup_meta.dir)
-		tmp = lxc_string_join("/", join_args, false);
+		tmp = lxc_string_join("/", (const char *[]){conf->cgroup_meta.dir, handler->name, NULL}, false);
 	else
 		tmp = lxc_string_replace("%n", handler->name, ops->cgroup_pattern);
 	if (!tmp) {