Unshare netns after setting the userns mappings so that there is a root uid mapping for the /proc/net files. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

sync.c: use correct types Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

sync: fail on unexpected message sizes I think (?) this may be related to our hanging monitor bug. Let's do this anyway, as it's probably a good idea. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

sync: add LXC_SYNC_ERROR to report errors from another process. Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>

Remove process_lock() except where actually needed Functions like open(), close(), socket(), socketpair(), pipe() and mkdir() are generally thin wrappers around kernel-provided system calls. It's the kernel not libc, who ensures race-free handling of file descriptors. Thus locking around these functions is unnecessary even on somewhat buggy libcs. fopen(), fclose() and other stdio functions may maintain internal lists of open file handles and thus can be prone to race-conditions. Hopefully, most libcs utilize proper locking or other ways to ensure thread-safety of these functions. Bionic used to have non-thread-safe stdio [2] but that must be fixed since android 4.3 [3, 4]. S.Çağlar Onur showed [1] that openpty() (because of nsswitch) is not thread-safe though. So we workaround it by protecting openpty() calls with process_lock()/process_unlock(). Because of the need to guard openpty() with process_lock()/process_unlock(), process_unlock() is still used after fork(). This commit reverts most of 025ed0f3911836b71f498d8368725c77a7e1932a. [1] https://github.com/lxc/lxc/pull/106#issuecomment-31077269 [2] https://bugzilla.mozilla.org/show_bug.cgi?id=687367 [3] https://android.googlesource.com/platform/bionic/+/f582340a6a48588aa50da17e1620e8f91b146941 [4] https://android.googlesource.com/platform/bionic/+/6b3f49a5374305ce9690c3c5ca2aadc90f54c521 Signed-off-by: Andrey Mazo <mazo@telum.ru> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

make heavier use of process_lock (v2) pthread_mutex_lock() will only return an error if it was set to PTHREAD_MUTEX_ERRORCHECK and we are recursively calling it (and would otherwise have deadlocked). If that's the case then log a message for future debugging and exit. Trying to "recover" is nonsense at that point. process_lock() was held over too long a time in lxcapi_start() in the daemonize case. (note the non-daemonized case still needs a check to enforce that it must NOT be called while threaded). Add process_lock() at least across all open/close/socket() calls. Anything done after a fork() doesn't need the locks as it is no longer threaded - so some open/close/dups()s are not locked for that reason. However, some common functions are called from both threaded and non-threaded contexts. So after doing a fork(), do a possibly-extraneous process_unlock() to make sure that, if we were forked while pthread mutex was held, we aren't deadlocked by nobody. Tested that lp:~serge-hallyn/+junk/lxc-test still works with this patch. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Tested-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

licensing: Add missing headers and FSF address Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Change author email address Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

introduce a sync API The following patch wrap the calls on the synchronisation socketpair in a lxc_sync_ API. It hopefully clarifies what is done in the start sequence to the expense of more lines of code ... Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>