This will only be defined if liblxc was even compiled with bpf supported.
Support itself will be determined at runtime by liblxc itself.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
BugLink: https://bugs.launchpad.net/bugs/1848587
The latter device has been removed apparently.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
lxc2 broke this feature for lxc-execute, and lxc3 broke it for
lxc-attach. This adds a test making sure we don't do the same mistake
a third time.
Signed-off-by: Florian Margaine <florian@platform.sh>
Callers expect a NULL on error, and with PR #3171 marking
the pointer as __do_free, we now return a pointer to freed
memory here otherwise.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
In case the internal memfd_create has to be used, make sure we don't
clash with the already existing memfd_create function from glibc.
This can happen if this glibc function is a stub. In this case, at
./configure time, the test for this function will return false, however
the declaration of that function is still available. This leads to
compilation errors.
Signed-off-by: Patrick Havelange <patrick.havelange@essensium.com>
Partially reverts 65b92ea5fc so that trying to destroy a non-existent container gives an error message.
Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>
When calling "man lxc.container.conf", an internal "man" keyword is displayed :
$ man lxc.container.conf
[...]
lxc.mount.entry
Specify a mount point corresponding to a line in the fstab format. Moreover lxc supports mount propagation, such as
rslave or rprivate, and adds three additional mount options. optional don't fail if mount does not work. create=dir
or create=file to create dir (or file) when the point will be mounted. relative source path is taken to be relative to
the mounted container root. For instance,
dev/null proc/kcore none bind,relative 0 0
.fi <-----------------------------------UNEXPECTED KEYWORD !!!!
The problem seems to come from the missing blanks before "dev/null proc/kcore none bind,relative 0 0"
Moreover, for homogeneity purposes, it is better to use the "programlisting" tag used in the rest of the text instead of "screen".
Signed-off-by: Rachid Koucha <rachid.koucha@gmail.com>
In the usual case the child runs in a separate pid namespace. So far we haven't
been able to reliably set the pdeath signal. When we set the pdeath signal we
need to verify that we haven't lost a race whereby we have been orphaned and
though we have set a pdeath signal it won't help us since, well, the parent is
dead.
We were able to correctly handle this case when we were in the same pidns since
getppid() will return a valid pid. When we are in a separate pidns 0 will be
returned since the parent doesn't exist in our pidns.
A while back, while Jann and I were discussing other things he came up with a
nifty idea: simply pass an fd for the parent's status file and check the
"State:" field. This is the implementation of that idea.
Suggested-by: Jann Horn <jann@thejh.net>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
