GLIBC supports %m to avoid calling strerror(). Using it saves some code space.
==> This check will define HAVE_M_FORMAT to be use wherever possible (e.g. log.h)
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Returning -1 in a function with return type bool is the same as
returning true. Change to return false to indicate error properly.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Returning -1 in a function with return type bool is the same as
returning true. Change to return false to indicate error properly.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
Since _exit() will terminate, the return statement is dead code. Also,
returning -1 from a function with bool as return type is confusing.
Detected with cppcheck.
Signed-off-by: Rikard Falkeborn <rikard.falkeborn@gmail.com>
CRIU has only 4 levels of verbosity (errors, warnings, info, debug).
Thus, using `-v4` is more appropriate.
https://criu.org/Logging
Signed-off-by: Radostin Stoyanov <rstoyanov1@gmail.com>
lxc-ls without root privileges on privileged containers should not display
information. In lxc_container_new(), ongoing_create()'s result is not checked
for all possible returned values. Hence, an unprivileged user can send command
messages to the container's monitor. For example:
$ lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr - 0 - - - false
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.51 - false
After this change:
$ lxc-ls -P /.../tests -f <-------- No more display without root privileges
$ sudo lxc-ls -P /.../tests -f
NAME STATE AUTOSTART GROUPS IPV4 IPV6 UNPRIVILEGED
ctr RUNNING 0 - 10.0.3.37 - false
$
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
. Add the "--bbpath" option to pass an alternate busybox pathname instead of the one found from ${PATH}.
. Take this opportunity to add some formatting in the usage display
. As a try is done to pick rootfs from the config file and set it to ${path}/rootfs, it is unnecessary to make it mandatory
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Some error messages were not redirected to stderr.
Moreover, do "exit 0" instead of "exit 1" when "help" option is passed.
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
Use CLONE_PIDFD when possible.
Note the clone() syscall ignores unknown flags which is usually a design
mistake. However, for us this bug is a feature since we can just pass the flag
along and see whether the kernel has given us a pidfd.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The phys devices will now have their original MTUs recorded at start and restored at shutdown.
This is to protect the original phys device from having any container level MTU customisation being applied to the device once it is restored to the host.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Co-developed-by: David Howells <dhowells@redhat.com>
Signed-off-by: David Howells <dhowells@redhat.com>
This is the translation for the following description:
- lxc.seccomp.notify.proxy (commit 8a64375)
- host side veth device static routes (commit d4a7da4)
- IPVLAN (commit c9f5238)
- Layer 2 proxy mode (commit 6509154)
- gateway device route mode (commit a2f9a67)
and fix typo in English man page.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
This is consistent with veth and ipvlan types.
Also makes the debug message for success occur after up script has run.
Also makes device clean up on error more thorough and consistent.
Signed-off-by: tomponline <thomas.parrott@canonical.com>
The returns_twice attribute tells the compiler that a function may return more
than one time. The compiler will ensure that all registers are dead before
calling such a function and will emit a warning about the variables that may be
clobbered after the second return from the function. Examples of such functions
are setjmp and vfork. The longjmp-like counterpart of such function, if any,
might need to be marked with the noreturn attribute.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
