This adds lxc_config_item_is_supported() as API extension. It allows to check
whether a given config item (e.g. lxc.autodev) is supported by this LXC
instance. The function is useful in the following scenarios:
1. Users have compiled liblxc from source and have removed a config items from
the corresponding struct in confile.c. (For example, embedded users might
decide to gut a bunch of options that they cannot use.)
2. Callers that want to check for a specific configuration item independent of
the version numbers exposed in our version.h header.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This left the file descriptor to the underlying /dev/ptmx file open which
confused the hell out of criu. Let's close it.
Closes https://github.com/lxc/lxd/issues/3243.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
In a lot of cases we need a list of the writeable cgroup controllers detected
by the cgfsng driver.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Use the loop device helpers I wrote for LXD in LXC as well. They should be more
efficient.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The new{g,u}idmap binaries where a source of trouble for users when they lacked
sufficient privileges. This commit adds code to check for sufficient privilege.
It checks whether new{g,u}idmap is root owned and has the setuid bit set and if
it doesn't it checks whether new{g,u}idmap is root owned and has CAP_SETUID in
its CAP_PERMITTED and CAP_EFFECTIVE set.
Closes#296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Add two new helpers that allow to determine whether a given proc or file has a
capability in the given set and move lxc_cap_is_set() to static function that
both call internally.
Closes#296.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
(The code was moved here from the child side of the startup
without adapting the error case.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
These functions define pointer to their key shifted by a
number and guard access to it later via another variable.
Let's make this more explicit (and additionally have the
pointer be NULL in the case where it is not supposed to be
used).
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
This adds lxc.limit.<name> options consisting of one or two
colon separated numerical values (soft and optional hard
limit). If only one number is specified it'll be used for
both soft and hard limit. Additionally the word 'unlimited'
can be used instead of numbers.
Eg.
lxc.limit.nofile = 30000:32768
lxc.limit.stack = unlimited
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
