merge upstream bugfixes:

* fix some memory leaks
  * fix temp file creation
  * fix rootfs pinning with NFS
  * drop supplementary groups on attach
  * fix gid=5 mount option on /dev/pts

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

debian/patches/fixes/0001-conf-ret-try-devpts-mount-without-gid-5-on-error.patch

@@ -0,0 +1,67 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 12 Apr 2018 11:12:06 +0200
+Subject: [PATCH] conf: ret-try devpts mount without gid=5 on error
+
+We should always default to mounting devpts with gid=5 but we should fallback
+to mounting without gid=5. This let's us cover use-cases such as container
+started with only a single mapping e.g.:
+
+lxc.idmap = u 1000 1000 1
+lxc.idmap = g 1000 1000 1
+
+Closes #2257.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/conf.c | 18 +++++++++---------
+ 1 file changed, 9 insertions(+), 9 deletions(-)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index fe30800d..a604adbb 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -1503,7 +1503,7 @@ static struct id_map *find_mapped_nsid_entry(struct lxc_conf *conf, unsigned id,
+ static int lxc_setup_devpts(struct lxc_conf *conf)
+ {
+ 	int ret;
+-	const char *default_devpts_mntopts;
++	const char *default_devpts_mntopts = "gid=5,newinstance,ptmxmode=0666,mode=0620";
+ 	char devpts_mntopts[256];
+ 
+ 	if (conf->pts <= 0) {
+@@ -1512,11 +1512,6 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
+ 		return 0;
+ 	}
+ 
+-	if (!find_mapped_nsid_entry(conf, 5, ID_TYPE_GID))
+-		default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620";
+-	else
+-		default_devpts_mntopts = "newinstance,ptmxmode=0666,mode=0620,gid=5";
+-
+ 	ret = snprintf(devpts_mntopts, sizeof(devpts_mntopts), "%s,max=%d",
+ 		       default_devpts_mntopts, conf->pts);
+ 	if (ret < 0 || (size_t)ret >= sizeof(devpts_mntopts))
+@@ -1540,11 +1535,16 @@ static int lxc_setup_devpts(struct lxc_conf *conf)
+ 		return -1;
+ 	}
+ 
+-	/* Mount new devpts instance. */
++	/* mount new devpts instance */
+ 	ret = mount("devpts", "/dev/pts", "devpts", MS_NOSUID | MS_NOEXEC, devpts_mntopts);
+ 	if (ret < 0) {
+-		SYSERROR("Failed to mount new devpts instance");
+-		return -1;
++		/* try mounting without gid=5 */
++		ret = mount("devpts", "/dev/pts", "devpts",
++			    MS_NOSUID | MS_NOEXEC, devpts_mntopts + sizeof("gid=5"));
++		if (ret < 0) {
++			SYSERROR("Failed to mount new devpts instance");
++			return -1;
++		}
+ 	}
+ 	DEBUG("Mount new devpts instance with options \"%s\"", devpts_mntopts);
+ 
+-- 
+2.11.0
+

debian/patches/fixes/0002-Fix-the-memory-leak-in-cgfsng_attach.patch

@@ -0,0 +1,25 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: LiFeng <lifeng68@huawei.com>
+Date: Tue, 24 Apr 2018 12:53:57 -0400
+Subject: [PATCH] Fix the memory leak in cgfsng_attach
+
+Signed-off-by: LiFeng <lifeng68@huawei.com>
+---
+ src/lxc/cgroups/cgfsng.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
+index b48f997f..689e4fe5 100644
+--- a/src/lxc/cgroups/cgfsng.c
++++ b/src/lxc/cgroups/cgfsng.c
+@@ -2549,6 +2549,7 @@ static bool cgfsng_attach(const char *name, const char *lxcpath, pid_t pid)
+ 			continue;
+ 
+ 		fullpath = build_full_cgpath_from_monitorpath(h, path, "cgroup.procs");
++		free(path);
+ 		ret = lxc_write_to_file(fullpath, pidstr, len, false);
+ 		if (ret < 0) {
+ 			SYSERROR("Failed to attach %d to %s", (int)pid, fullpath);
+-- 
+2.11.0
+

debian/patches/fixes/0003-Fix-memory-leak-in-list_active_containers.patch

@@ -0,0 +1,71 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: LiFeng <lifeng68@huawei.com>
+Date: Tue, 24 Apr 2018 15:10:15 -0400
+Subject: [PATCH] Fix memory leak in list_active_containers
+
+Signed-off-by: LiFeng <lifeng68@huawei.com>
+---
+ src/lxc/lxccontainer.c | 25 +++++++++++++++++++++----
+ 1 file changed, 21 insertions(+), 4 deletions(-)
+
+diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
+index 6d41b6cf..6a58d81c 100644
+--- a/src/lxc/lxccontainer.c
++++ b/src/lxc/lxccontainer.c
+@@ -4973,32 +4973,49 @@ int list_active_containers(const char *lxcpath, char ***nret,
+ 			char *recvpath = lxc_cmd_get_lxcpath(p);
+ 			if (!recvpath)
+ 				continue;
+-			if (strncmp(lxcpath, recvpath, lxcpath_len) != 0)
++			if (strncmp(lxcpath, recvpath, lxcpath_len) != 0) {
++				free(recvpath);
+ 				continue;
++			}
++			free(recvpath);
+ 			p = lxc_cmd_get_name(p);
+ 			if (!p)
+ 				continue;
+ 		}
+ 
+-		if (array_contains(&ct_name, p, ct_name_cnt))
++		if (array_contains(&ct_name, p, ct_name_cnt)) {
++			if (is_hashed)
++				free(p);
+ 			continue;
++		}
+ 
+-		if (!add_to_array(&ct_name, p, ct_name_cnt))
++		if (!add_to_array(&ct_name, p, ct_name_cnt)) {
++			if (is_hashed)
++				free(p);
+ 			goto free_cret_list;
++		}
+ 
+ 		ct_name_cnt++;
+ 
+-		if (!cret)
++		if (!cret) {
++			if (is_hashed)
++				free(p);
+ 			continue;
++		}
+ 
+ 		c = lxc_container_new(p, lxcpath);
+ 		if (!c) {
+ 			INFO("Container %s:%s is running but could not be loaded",
+ 				lxcpath, p);
+ 			remove_from_array(&ct_name, p, ct_name_cnt--);
++			if (is_hashed)
++				free(p);
+ 			continue;
+ 		}
+ 
++		if (is_hashed)
++			free(p);
++
+ 		/*
+ 		 * If this is an anonymous container, then is_defined *can*
+ 		 * return false.  So we don't do that check.  Count on the
+-- 
+2.11.0
+

debian/patches/fixes/0004-pam-cgfs-ignore-the-system-umask-when-creating-the-c.patch

@@ -0,0 +1,58 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Jonathan Calmels <jcalmels@nvidia.com>
+Date: Mon, 16 Apr 2018 12:30:33 -0700
+Subject: [PATCH] pam-cgfs: ignore the system umask when creating the cgroup
+ hierarchy
+
+Fixes: #2277
+Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
+---
+ src/lxc/pam/pam_cgfs.c | 18 ++++++++++++++++--
+ 1 file changed, 16 insertions(+), 2 deletions(-)
+
+diff --git a/src/lxc/pam/pam_cgfs.c b/src/lxc/pam/pam_cgfs.c
+index 3df8daef..5c272b0e 100644
+--- a/src/lxc/pam/pam_cgfs.c
++++ b/src/lxc/pam/pam_cgfs.c
+@@ -223,6 +223,20 @@ static bool cgv2_prune_empty_cgroups(const char *user);
+ static bool cgv2_remove(const char *cgroup);
+ static bool is_cgv2(char *line);
+ 
++static int do_mkdir(const char *path, mode_t mode)
++{
++	int saved_errno;
++	mode_t mask;
++	int r;
++
++	mask = umask(0);
++	r = mkdir(path, mode);
++	saved_errno = errno;
++	umask(mask);
++	errno = saved_errno;
++	return (r);
++}
++
+ /* Create directory and (if necessary) its parents. */
+ static bool mkdir_parent(const char *root, char *path)
+ {
+@@ -252,7 +266,7 @@ static bool mkdir_parent(const char *root, char *path)
+ 		if (file_exists(path))
+ 			goto next;
+ 
+-		if (mkdir(path, 0755) < 0) {
++		if (do_mkdir(path, 0755) < 0) {
+ 			pam_cgfs_debug("Failed to create %s: %s.\n", path, strerror(errno));
+ 			return false;
+ 		}
+@@ -1963,7 +1977,7 @@ static bool cgv1_handle_cpuset_hierarchy(struct cgv1_hierarchy *h,
+ 	cgpath = must_make_path(h->mountpoint, h->base_cgroup, cgroup, NULL);
+ 	if (slash)
+ 		*slash = '/';
+-	if (mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
++	if (do_mkdir(cgpath, 0755) < 0 && errno != EEXIST) {
+ 		pam_cgfs_debug("Failed to create '%s'", cgpath);
+ 		free(cgpath);
+ 		return false;
+-- 
+2.11.0
+

debian/patches/fixes/0005-attach-always-drop-supplementary-groups.patch

@@ -0,0 +1,36 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Mon, 9 Apr 2018 18:01:38 +0200
+Subject: [PATCH] attach: always drop supplementary groups
+
+Closes #1704.
+
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/attach.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/src/lxc/attach.c b/src/lxc/attach.c
+index 9a8a836d..3b715272 100644
+--- a/src/lxc/attach.c
++++ b/src/lxc/attach.c
+@@ -870,12 +870,12 @@ static int attach_child_main(struct attach_clone_payload *payload)
+ 		ret = lxc_switch_uid_gid(new_uid, new_gid);
+ 		if (ret < 0)
+ 			goto on_error;
+-
+-		ret = lxc_setgroups(0, NULL);
+-		if (ret < 0)
+-			goto on_error;
+ 	}
+ 
++	ret = lxc_setgroups(0, NULL);
++	if (ret < 0)
++		goto on_error;
++
+ 	if ((init_ctx->container && init_ctx->container->lxc_conf &&
+ 	     init_ctx->container->lxc_conf->no_new_privs) ||
+ 	    (options->attach_flags & LXC_ATTACH_NO_NEW_PRIVS)) {
+-- 
+2.11.0
+

debian/patches/fixes/0006-storage-rsync-free-memory-on-error.patch

@@ -0,0 +1,32 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: C0deAi <benjamin.bales@assrc.us>
+Date: Fri, 6 Apr 2018 12:46:53 -0400
+Subject: [PATCH] storage/rsync: free memory on error
+
+Closes #2262.
+
+Signed-off-by: C0deAi <techsupport@mycode.ai>
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/storage/rsync.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/storage/rsync.c b/src/lxc/storage/rsync.c
+index c3080a56..83871ae8 100644
+--- a/src/lxc/storage/rsync.c
++++ b/src/lxc/storage/rsync.c
+@@ -73,8 +73,10 @@ int lxc_rsync_exec(const char *src, const char *dest)
+ 		return -1;
+ 
+ 	ret = snprintf(s, l, "%s", src);
+-	if (ret < 0 || (size_t)ret >= l)
++	if (ret < 0 || (size_t)ret >= l) {
++		free(s);
+ 		return -1;
++	}
+ 
+ 	s[l - 2] = '/';
+ 	s[l - 1] = '\0';
+-- 
+2.11.0
+

debian/patches/fixes/0007-tools-utils-free-memory-on-error.patch

@@ -0,0 +1,33 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: C0deAi <benjamin.bales@assrc.us>
+Date: Fri, 6 Apr 2018 12:56:50 -0400
+Subject: [PATCH] tools/utils: free memory on error
+
+Closes #2262.
+
+Signed-off-by: C0deAi <techsupport@mycode.ai>
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/tools/tool_utils.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/tools/tool_utils.c b/src/lxc/tools/tool_utils.c
+index ca325456..71e5036b 100644
+--- a/src/lxc/tools/tool_utils.c
++++ b/src/lxc/tools/tool_utils.c
+@@ -794,8 +794,11 @@ int lxc_config_define_add(struct lxc_list *defines, char *arg)
+ 		return -1;
+ 
+ 	dent->elem = parse_line(arg);
+-	if (!dent->elem)
++	if (!dent->elem) {
++		free(dent);
+ 		return -1;
++	}
++
+ 	lxc_list_add_tail(defines, dent);
+ 	return 0;
+ }
+-- 
+2.11.0
+

debian/patches/fixes/0008-fix-signal-sending-in-lxc.init.patch

@@ -0,0 +1,54 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Tycho Andersen <tycho@tycho.ws>
+Date: Wed, 4 Apr 2018 17:45:29 -0600
+Subject: [PATCH] fix signal sending in lxc.init
+
+The problem here is that these two clauses were ordered backwards: we first
+check if the signal came from not the init pid, and if it did, then we give
+a notice and return. The comment notes that this is intended to protect
+against SIGCHLD, but we don't in fact know if the signal is a SIGCHLD yet,
+because that's tested in the next hunk.
+
+The symptom is that if I e.g. send SIGTERM from the outside world to the
+container init, it ignores it and gives this notice. If we re-order these
+clauses, it forwards non SIGCHLD signals, and ignores SIGCHLD signals from
+things that aren't the real container process.
+
+Signed-off-by: Tycho Andersen <tycho@tycho.ws>
+---
+ src/lxc/start.c | 12 ++++++------
+ 1 file changed, 6 insertions(+), 6 deletions(-)
+
+diff --git a/src/lxc/start.c b/src/lxc/start.c
+index ae13aae9..1982270e 100644
+--- a/src/lxc/start.c
++++ b/src/lxc/start.c
+@@ -380,6 +380,12 @@ static int signal_handler(int fd, uint32_t events, void *data,
+ 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+ 	}
+ 
++	if (siginfo.ssi_signo != SIGCHLD) {
++		kill(hdlr->pid, siginfo.ssi_signo);
++		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
++		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
++	}
++
+ 	/* More robustness, protect ourself from a SIGCHLD sent
+ 	 * by a process different from the container init.
+ 	 */
+@@ -389,12 +395,6 @@ static int signal_handler(int fd, uint32_t events, void *data,
+ 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+ 	}
+ 
+-	if (siginfo.ssi_signo != SIGCHLD) {
+-		kill(hdlr->pid, siginfo.ssi_signo);
+-		INFO("Forwarded signal %d to pid %d", siginfo.ssi_signo, hdlr->pid);
+-		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+-	}
+-
+ 	if (siginfo.ssi_code == CLD_STOPPED) {
+ 		INFO("Container init process was stopped");
+ 		return hdlr->init_died ? LXC_MAINLOOP_CLOSE : 0;
+-- 
+2.11.0
+

debian/patches/fixes/0009-conf-fix-temporary-file-creation.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Fri, 6 Apr 2018 10:54:02 +0200
+Subject: [PATCH] conf: fix temporary file creation
+
+lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
+template to contain 'XXXXXX' and be writable.
+
+Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/conf.c | 5 ++++-
+ 1 file changed, 4 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/conf.c b/src/lxc/conf.c
+index a604adbb..c1193675 100644
+--- a/src/lxc/conf.c
++++ b/src/lxc/conf.c
+@@ -2277,9 +2277,12 @@ FILE *make_anonymous_mount_file(struct lxc_list *mount)
+ 
+ 	fd = memfd_create(".lxc_mount_file", MFD_CLOEXEC);
+ 	if (fd < 0) {
++		char template[] = P_tmpdir "/.lxc_mount_file_XXXXXX";
++
+ 		if (errno != ENOSYS)
+ 			return NULL;
+-		fd = lxc_make_tmpfile((char *){P_tmpdir "/.lxc_mount_file"}, true);
++
++		fd = lxc_make_tmpfile(template, true);
+ 		if (fd < 0) {
+ 			SYSERROR("Could not create temporary mount file");
+ 			return NULL;
+-- 
+2.11.0
+

debian/patches/fixes/0010-ringbuf-fix-temporary-file-creation.patch

@@ -0,0 +1,35 @@
+From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Fri, 6 Apr 2018 10:54:41 +0200
+Subject: [PATCH] ringbuf: fix temporary file creation
+
+lxc_make_tmpfile() uses mkstemp() internally, and thus expects the
+template to contain 'XXXXXX' and be writable.
+
+Signed-off-by: Thomas Moschny <thomas.moschny@gmx.de>
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ src/lxc/ringbuf.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/lxc/ringbuf.c b/src/lxc/ringbuf.c
+index 1299fe70..7aa2e631 100644
+--- a/src/lxc/ringbuf.c
++++ b/src/lxc/ringbuf.c
+@@ -52,10 +52,12 @@ int lxc_ringbuf_create(struct lxc_ringbuf *buf, size_t size)
+ 
+ 	memfd = memfd_create(".lxc_ringbuf", MFD_CLOEXEC);
+ 	if (memfd < 0) {
++		char template[] = P_tmpdir "/.lxc_ringbuf_XXXXXX";
++
+ 		if (errno != ENOSYS)
+ 			goto on_error;
+ 
+-		memfd = lxc_make_tmpfile((char *){P_tmpdir"/.lxc_ringbuf_XXXXXX"}, true);
++		memfd = lxc_make_tmpfile(template, true);
+ 	}
+ 	if (memfd < 0)
+ 		goto on_error;
+-- 
+2.11.0
+

debian/patches/series

@@ -6,3 +6,13 @@
 0006-rename-cgroup-namespace-directory-to-ns.patch
 0007-possibility-to-run-lxc-monitord-as-a-regular-daemon.patch
 0008-Make-lxc-.service-forking.patch
+fixes/0001-conf-ret-try-devpts-mount-without-gid-5-on-error.patch
+fixes/0002-Fix-the-memory-leak-in-cgfsng_attach.patch
+fixes/0003-Fix-memory-leak-in-list_active_containers.patch
+fixes/0004-pam-cgfs-ignore-the-system-umask-when-creating-the-c.patch
+fixes/0005-attach-always-drop-supplementary-groups.patch
+fixes/0006-storage-rsync-free-memory-on-error.patch
+fixes/0007-tools-utils-free-memory-on-error.patch
+fixes/0008-fix-signal-sending-in-lxc.init.patch
+fixes/0009-conf-fix-temporary-file-creation.patch
+fixes/0010-ringbuf-fix-temporary-file-creation.patch