Merge branch 'upstream-bugfix' of https://github.com/lxc/lxc

Makefile.am

@@ -6,7 +6,7 @@ SUBDIRS = src templates doc
 DIST_SUBDIRS = config src templates doc
 EXTRA_DIST = autogen.sh lxc.spec CONTRIBUTING MAINTAINERS ChangeLog
 
-pcdatadir = $(datadir)/pkgconfig
+pcdatadir = $(libdir)/pkgconfig
 pcdata_DATA = lxc.pc
 
 ChangeLog::

configure.ac

 #                                               -*- Autoconf -*-
 # Process this file with autoconf to produce a configure script.
 
-AC_INIT([lxc], [0.8.0-rc2])
+AC_INIT([lxc], [0.8.0.rc2])
 
 AC_CONFIG_SRCDIR([configure.ac])
 AC_CONFIG_AUX_DIR([config])
@@ -70,11 +70,11 @@ AC_ARG_WITH([rootfs-path],
 	)], [], [with_rootfs_path=['${libdir}/lxc/rootfs']])
 
 AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)")
+AS_AC_EXPAND(LXCPATH, "${with_config_path}")
+AS_AC_EXPAND(LXCROOTFSMOUNT, "${with_rootfs_path}")
+AS_AC_EXPAND(LXCTEMPLATEDIR, ['${datadir}/lxc/templates'])
 
-AC_SUBST(LXCPATH, "${with_config_path}")
-AC_SUBST(LXCROOTFSMOUNT, "${with_rootfs_path}")
 AC_SUBST(LXCINITDIR, ['${libexecdir}'])
-AC_SUBST(LXCTEMPLATEDIR, ['/usr/share/lxc/templates'])
 
 AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h],
 				  [],

doc/lxc-attach.sgml.in

@@ -47,10 +47,13 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   </refnamediv>
 
   <refsynopsisdiv>
-    <cmdsynopsis><command>lxc-attach <replaceable>-n
-    name</replaceable> <optional>-a
-    arch</optional> <optional>-e</optional>
-    <optional>-- command</optional></command></cmdsynopsis>
+    <cmdsynopsis>
+      <command>lxc-attach</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-a <replaceable>arch</replaceable></arg>
+      <arg choice="opt">-e</arg>
+      <arg choice="opt">-- <replaceable>command</replaceable></arg>
+    </cmdsynopsis>
   </refsynopsisdiv>
 
   <refsect1>

doc/lxc-cgroup.sgml.in

@@ -48,9 +48,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-cgroup -n <replaceable>name</replaceable>
-	<replaceable>state-object</replaceable> <optional>value</optional>
-      </command>
+      <command>lxc-cgroup</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="req"><replaceable>state-object</replaceable></arg>
+      <arg choice="opt">value</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-checkpoint.sgml.in

@@ -49,10 +49,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-checkpoint
-	--statefile=<replaceable>FILE</replaceable>
-	--statefd=<replaceable>FD</replaceable>
-	--name=<replaceable>NAME</replaceable> </command>
+      <command>lxc-checkpoint</command>
+      <arg choice="req">--statefile=<replaceable>FILE</replaceable></arg>
+      <arg choice="req">--statefd=<replaceable>FD</replaceable></arg>
+      <arg choice="req">--name=<replaceable>NAME</replaceable></arg>
       <arg><option>-k</option>|<option>-p</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>

doc/lxc-console.sgml.in

@@ -48,9 +48,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-console <replaceable>-n name</replaceable>
-	<optional>-t ttynum</optional>
-      </command>
+      <command>lxc-console</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-t <replaceable>ttynum</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -84,7 +84,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
       <varlistentry>
 	<term>
-	  <option>-t <optional>ttynum</optional></option>
+	  <option>-t <optional><replaceable>ttynum</replaceable></optional></option>
 	</term>
 	<listitem>
 	  <para>

doc/lxc-create.sgml.in

@@ -48,12 +48,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-create <replaceable>-n name</replaceable>
-       <optional>-f config_file</optional>
-       <optional>-t template</optional>
-       <optional>-B backingstore</optional>
-       <optional>-- template-options</optional>
-       </command>
+      <command>lxc-create</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-f <replaceable>config_file</replaceable></arg>
+      <arg choice="opt">-t <replaceable>template</replaceable></arg>
+      <arg choice="opt">-B <replaceable>backingstore</replaceable></arg>
+      <arg choice="opt">-- <replaceable>template-options</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-destroy.sgml.in

@@ -48,10 +48,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-destroy <replaceable>-n
-      name</replaceable>
-      <optional>-f</optional>
-      </command>
+      <command>lxc-destroy</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-f</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-execute.sgml.in

@@ -48,11 +48,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-execute <replaceable>-n name</replaceable>
-	<optional>-f config_file</optional> <optional>-s KEY=VAL
-	</optional>
-	<optional>--</optional>
-	<replaceable>command</replaceable></command>
+      <command>lxc-execute</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-f <replaceable>config_file</replaceable></arg>
+      <arg choice="opt">-s KEY=VAL</arg>
+      <arg choice="opt">-- <replaceable>command</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-freeze.sgml.in

@@ -48,8 +48,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-freeze <replaceable>-n name</replaceable>
-      </command>
+      <command>lxc-freeze</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-kill.sgml.in

@@ -49,7 +49,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-kill --name=<replaceable>NAME</replaceable> <replaceable>SIGNUM</replaceable></command>
+      <command>lxc-kill</command>
+      <arg choice="req">--name=<replaceable>NAME</replaceable></arg>
+      <arg choice="req"><replaceable>SIGNUM</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-ls.sgml.in

@@ -48,8 +48,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-ls <optional>--active</optional> <optional>ls option</optional>
-      </command>
+      <command>lxc-ls</command>
+      <arg choice="opt">--active</arg>
+      <arg choice="opt">ls option</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-monitor.sgml.in

@@ -48,8 +48,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-monitor <replaceable>-n name</replaceable>
-      </command>
+      <command>lxc-monitor</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-ps.sgml.in

@@ -48,10 +48,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-ps <optional>--name name</optional>
-        <optional>--lxc</optional>
-	<optional>ps option</optional>
-      </command>
+      <command>lxc-ps</command>
+      <arg choice="opt">--name <replaceable>name</replaceable></arg>
+      <arg choice="opt">--lxc</arg>
+      <arg choice="opt">-- ps option</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -81,11 +81,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
       <varlistentry>
 	<term>
-	  <option><replaceable>--name NAME</replaceable></option>
+	  <option>-n, --name <replaceable>name</replaceable></option>
 	</term>
 	<listitem>
 	  <para>
-	    specify the container <replaceable>NAME</replaceable>
+	    specify the container <replaceable>name</replaceable>
 	    to limit the output to the processes belonging 
 	    to this container name.	    
 	  </para>
@@ -94,7 +94,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
       <varlistentry>
 	<term>
-	  <option><replaceable>--lxc</replaceable></option>
+	  <option>--lxc</option>
 	</term>
 	<listitem>
 	  <para>

doc/lxc-restart.sgml.in

@@ -49,11 +49,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-restart <optional>-f
-	config_file</optional><optional>-s KEY=VAL</optional>
-	--statefile=<replaceable>FILE</replaceable>
-	--statefd=<replaceable>FD</replaceable></command>
-      <arg choice="req"><option>--name=<replaceable>NAME</replaceable></option></arg>
+      <command>lxc-restart</command>
+      <arg choice="opt">-f <replaceable>config_file</replaceable></arg>
+      <arg choice="opt">-s KEY=VAL</arg>
+      <arg choice="req">--statefile=<replaceable>FILE</replaceable></arg>
+      <arg choice="req">--statefd=<replaceable>FD</replaceable></arg>
+      <arg choice="req">--name=<replaceable>NAME</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-shutdown.sgml.in

@@ -45,9 +45,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-shutdown <replaceable>-n name</replaceable>
-      <optional>-w</optional> <optional>-r</optional>
-      </command>
+      <command>lxc-shutdown</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-w</arg>
+      <arg choice="opt">-r</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-start.sgml.in

@@ -47,12 +47,16 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
   </refnamediv>
 
   <refsynopsisdiv>
-    <cmdsynopsis><command>lxc-start <replaceable>-n
-    name</replaceable> <optional>-f
-    config_file</optional> <optional>-c
-    console_file</optional> <optional>-d</optional> <optional>-s
-    KEY=VAL</optional> <optional>-C</optional>
-    <optional>command</optional></command></cmdsynopsis>
+    <cmdsynopsis>
+      <command>lxc-start</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="opt">-f <replaceable>config_file</replaceable></arg>
+      <arg choice="opt">-c <replaceable>console_file</replaceable></arg>
+      <arg choice="opt">-d</arg>
+      <arg choice="opt">-s KEY=VAL</arg>
+      <arg choice="opt">-C</arg>
+      <arg choice="opt">command</arg>
+    </cmdsynopsis>
   </refsynopsisdiv>
 
   <refsect1>

doc/lxc-stop.sgml.in

@@ -48,8 +48,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-stop <replaceable>-n name</replaceable>
-      </command>
+      <command>lxc-stop</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-unfreeze.sgml.in

@@ -48,8 +48,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-unfreeze <replaceable>-n name</replaceable>
-      </command>
+      <command>lxc-unfreeze</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

doc/lxc-wait.sgml.in

@@ -49,9 +49,9 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
   <refsynopsisdiv>
     <cmdsynopsis>
-      <command>lxc-wait <replaceable>-n name</replaceable>
-	<replaceable>-s states</replaceable>
-      </command>
+      <command>lxc-wait</command>
+      <arg choice="req">-n <replaceable>name</replaceable></arg>
+      <arg choice="req">-s <replaceable>states</replaceable></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 

lxc.spec.in

@@ -68,9 +68,9 @@ PATH=$PATH:/usr/sbin:/sbin %configure $args --disable-rpath
 make %{?_smp_mflags}
 
 %install
-%makeinstall
-
-find $RPM_BUILD_ROOT -type f -name '*.la' -exec rm -f {} ';'  
+rm -rf %{buildroot}
+make install DESTDIR=%{buildroot}
+find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
 
 %clean
 rm -rf %{buildroot}
@@ -92,20 +92,26 @@ rm -rf %{buildroot}
 %attr(4111,root,root) %{_bindir}/lxc-restart
 %{_mandir}/*
 %{_datadir}/doc/*
+%{_datadir}/lxc/*
 
 %files libs
 %defattr(-,root,root)
 %{_libdir}/*.so.*
 %{_libdir}/%{name}
-%attr(4555,root,root) %{_libdir}/%{name}/lxc-init
+%attr(4555,root,root) %{_libexecdir}/%{name}/lxc-init
 
 %files devel
 %defattr(-,root,root)
 %{_includedir}/%{name}/*
 %{_libdir}/*.so
-%{_datadir}/pkgconfig/*
+%{_libdir}/pkgconfig/*
 
 %changelog
+* Mon Sep 10 2012 Dwight Engen <dwight.engen@oracle.com> - Version 0.8.0
+- fix lxc-init moved to libexec
+- .pc moved to _libdir
+- package template files /usr/share/lxc/templates
+
 * Thu Sep  8 2011 Greg Kurz <gkurz@fr.ibm.com> - Version 0.7.5.1
 - fix installed files for rpmbuild
 - introduce lxc-libs package

src/lxc/cgroup.c

@@ -419,9 +419,12 @@ static int lxc_one_cgroup_create(const char *name,
 	}
 
 	/* if cgparent does not exist, create it */
-	if (access(cgparent, F_OK) && mkdir(cgparent, 0755)) {
-		SYSERROR("failed to create '%s' directory", cgparent);
-		return -1;
+	if (access(cgparent, F_OK)) {
+		ret = mkdir(cgparent, 0755);
+		if (ret == -1 && errno == EEXIST) {
+			SYSERROR("failed to create '%s' directory", cgparent);
+			return -1;
+		}
 	}
 
 	/*

src/lxc/conf.c

@@ -62,6 +62,10 @@
 #include "lxc.h"	/* for lxc_cgroup_set() */
 #include "caps.h"       /* for lxc_caps_last_cap() */
 
+#if HAVE_APPARMOR
+#include <apparmor.h>
+#endif
+
 lxc_log_define(lxc_conf, lxc);
 
 #define MAXHWLEN    18
@@ -279,8 +283,8 @@ static int run_script(const char *name, const char *section,
 
 	free(output);
 
-	if (pclose(f)) {
-		ERROR("Script exited on error");
+	if (pclose(f) == -1) {
+		SYSERROR("Script exited on error");
 		return -1;
 	}
 
@@ -1051,6 +1055,31 @@ static int setup_console(const struct lxc_rootfs *rootfs,
 	return setup_ttydir_console(rootfs, console, ttydir);
 }
 
+static int setup_kmsg(const struct lxc_rootfs *rootfs,
+		       const struct lxc_console *console)
+{
+	char kpath[MAXPATHLEN];
+	int ret;
+
+	ret = snprintf(kpath, sizeof(kpath), "%s/dev/kmsg", rootfs->mount);
+	if (ret < 0 || ret >= sizeof(kpath))
+		return -1;
+
+	ret = unlink(kpath);
+	if (ret && errno != ENOENT) {
+		SYSERROR("error unlinking %s\n", kpath);
+		return -1;
+	}
+
+	ret = symlink("console", kpath);
+	if (ret) {
+		SYSERROR("failed to create symlink for kmsg");
+		return -1;
+	}
+
+	return 0;
+}
+
 static int setup_cgroup(const char *name, struct lxc_list *cgroups)
 {
 	struct lxc_list *iterator;
@@ -2152,7 +2181,11 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
 		return -1;
 	}
 
-	HOOK(name, "mount", lxc_conf);
+	if (run_lxc_hooks(name, "mount", lxc_conf)) {
+		ERROR("failed to run mount hooks for container '%s'.", name);
+		return -1;
+	}
+
 	if (setup_cgroup(name, &lxc_conf->cgroup)) {
 		ERROR("failed to setup the cgroups for '%s'", name);
 		return -1;
@@ -2163,13 +2196,23 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
 		return -1;
 	}
 
+	if (setup_kmsg(&lxc_conf->rootfs, &lxc_conf->console)) {
+		ERROR("failed to setup kmsg for '%s'", name);
+		return -1;
+	}
+
 	if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info, lxc_conf->ttydir)) {
 		ERROR("failed to setup the ttys for '%s'", name);
 		return -1;
 	}
 
 #if HAVE_APPARMOR /* || HAVE_SMACK || HAVE_SELINUX */
-	mounted = lsm_mount_proc_if_needed(lxc_conf->rootfs.path, lxc_conf->rootfs.mount);
+	INFO("rootfs path is .%s., mount is .%s.", lxc_conf->rootfs.path,
+		lxc_conf->rootfs.mount);
+	if (lxc_conf->rootfs.path == NULL || strlen(lxc_conf->rootfs.path) == 0)
+		mounted = 0;
+	else
+		mounted = lsm_mount_proc_if_needed(lxc_conf->rootfs.path, lxc_conf->rootfs.mount);
 	if (mounted == -1) {
 		SYSERROR("failed to mount /proc in the container.");
 		return -1;

src/lxc/conf.h

@@ -232,12 +232,6 @@ struct lxc_conf {
 };
 
 int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);
-/* we don't want to stick with the HOOK define, it's just to easily start */
-#define HOOK(name, which, conf) \
-	do { \
-		int hookret = run_lxc_hooks(name, which, conf); \
-		if (hookret) return -1; \
-	} while (0);
 
 /*
  * Initialize the lxc configuration structure

src/lxc/lxc-clone.in

@@ -46,7 +46,6 @@ help() {
 
 shortoptions='ho:n:sL:v:p:t:'
 longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:'
-localstatedir=@LOCALSTATEDIR@
 lxc_path=@LXCPATH@
 bindir=@BINDIR@
 snapshot=no
@@ -90,7 +89,7 @@ while true; do
             lxc_vg=$1
             shift
             ;;
-        -n|--new)
+        -n|--name)
             shift
             lxc_new=$1
             shift
@@ -176,7 +175,7 @@ cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config
 sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config
 echo "lxc.utsname = $hostname" >> $lxc_path/$lxc_new/config
 
-grep "lxc.mount =" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; }
+grep "lxc.mount[ \t]" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount[ \t]/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; }
 
 if [ -e  $lxc_path/$lxc_orig/fstab ];then
     cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab
@@ -184,13 +183,13 @@ if [ -e  $lxc_path/$lxc_orig/fstab ];then
 fi
 
 echo "Copying rootfs..."
-rootfs=$lxc_path/$lxc_new/rootfs
+oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F'[= \t]+' '{ print $2 }'`
+rootfs=`echo $oldroot |sed "s/$lxc_orig/$lxc_new/"`
 
 container_running=True
 lxc-info -s -n $lxc_orig|grep RUNNING >/dev/null 2>&1 || container_running=False
 
 sed -i '/lxc.rootfs/d' $lxc_path/$lxc_new/config
-oldroot=`grep lxc.rootfs $lxc_path/$lxc_orig/config | awk -F= '{ print $2 '}`
 if [ -b $oldroot ]; then
     type vgscan || { echo "$(basename $0): lvm is not installed" >&2; false; }
     lvdisplay $oldroot > /dev/null 2>&1 || { echo "$(basename $0): non-lvm blockdev cloning is not supported" >&2; false; }
@@ -203,7 +202,13 @@ if [ -b $oldroot ]; then
     if [ $lxc_size = "_unset" ]; then
         lxc_size=`lvdisplay $oldroot | grep Size | awk '{ print $3 $4 }'`
     fi
-    lvcreate -s -L $lxc_size -n ${lxc_lv_prefix}${lxc_new}_snapshot $oldroot
+    newlv="${lxc_lv_prefix}${lxc_new}_snapshot"
+    lvcreate -s -L $lxc_size -n $newlv $oldroot
+    type xfs_admin > /dev/null 2>&1 && {
+        # change filesystem UUID if it is an xfs filesystem
+        xfs_admin -u /dev/$lxc_vg/$newlv && xfs_admin -U generate /dev/$lxc_vg/$newlv
+    }
+
     if [ $container_running = "True" ]; then
         lxc-unfreeze -n $lxc_orig
         frozen=0
@@ -216,7 +221,7 @@ if [ -b $oldroot ]; then
         lvcreate -L $lxc_size $lxc_vg -n ${lxc_lv_prefix}$lxc_new
         echo "lxc.rootfs = /dev/$lxc_vg/${lxc_lv_prefix}$lxc_new" >> $lxc_path/$lxc_new/config
         # and mount it so we can tweak it
-        mkdir -p $lxc_path/$lxc_new/rootfs
+        mkdir -p $rootfs
         mkfs -t $fstype /dev/$lxc_vg/${lxc_lv_prefix}$lxc_new
         mount /dev/$lxc_vg/${lxc_lv_prefix}$lxc_new $rootfs || { echo "$(basename $0): failed to mount new rootfs" >&2; false; }
         mounted=1
@@ -228,16 +233,15 @@ if [ -b $oldroot ]; then
         lvrename $lxc_vg/${lxc_lv_prefix}${lxc_new}_snapshot $lxc_vg/${lxc_lv_prefix}$lxc_new
         echo "lxc.rootfs = /dev/$lxc_vg/${lxc_lv_prefix}$lxc_new" >> $lxc_path/$lxc_new/config
         # and mount it so we can tweak it
-        mkdir -p $lxc_path/$lxc_new/rootfs
+        mkdir -p $rootfs
         mount /dev/$lxc_vg/${lxc_lv_prefix}$lxc_new $rootfs || { echo "$(basename $0): failed to mount new rootfs" >&2; false; }
         mounted=1
     fi
 
-elif out=$(btrfs subvolume list "$lxc_path/$lxc_orig/rootfs" 2>&1); then
-
-    out=$(btrfs subvolume snapshot "$lxc_path/$lxc_orig/rootfs" "$rootfs" 2>&1) || { echo "$(basename $0): btrfs snapshot failed" >&2; false; }
+elif which btrfs >/dev/null 2>&1 && btrfs subvolume list $oldroot >/dev/null 2>&1; then
+    # if oldroot is a btrfs subvolume, assume they want a snapshot
+    btrfs subvolume snapshot "$oldroot" "$rootfs" 2>&1 || { echo "$(basename $0): btrfs snapshot failed" >&2; false; }
     echo "lxc.rootfs = $rootfs" >> "$lxc_path/$lxc_new/config"
-
 else
     if [ $snapshot = "yes" ]; then
         echo "$(basename $0): cannot snapshot a directory" >&2
@@ -247,8 +251,8 @@ else
         lxc-freeze -n $lxc_orig
         frozen=1
     fi
-    mkdir -p $lxc_path/$lxc_new/rootfs/
-    rsync -ax $lxc_path/$lxc_orig/rootfs/ $lxc_path/$lxc_new/rootfs/
+    mkdir -p $rootfs/
+    rsync -ax $oldroot/ $rootfs/
     echo "lxc.rootfs = $rootfs" >> $lxc_path/$lxc_new/config
     if [ $container_running = "True" ]; then
         lxc-unfreeze -n $lxc_orig
@@ -259,7 +263,7 @@ fi
 echo "Updating rootfs..."
 
 # so you can 'ssh $hostname.' or 'ssh $hostname.local'
-if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
+if [ -f $rootfs/etc/dhcp/dhclient.conf ] && ! grep -q "^send host-name.*hostname" $rootfs/etc/dhcp/dhclient.conf; then
     sed -i "s/send host-name.*$/send host-name \"$hostname\";/" $rootfs/etc/dhcp/dhclient.conf
 fi
 

src/lxc/lxc-create.in

@@ -62,10 +62,8 @@ help() {
 
 shortoptions='hn:f:t:B:'
 longoptions='help,name:,config:,template:,backingstore:,fstype:,lvname:,vgname:,fssize:'
-localstatedir=@LOCALSTATEDIR@
 lxc_path=@LXCPATH@
 bindir=@BINDIR@
-libdir=@LIBDIR@
 templatedir=@LXCTEMPLATEDIR@
 backingstore=_unset
 fstype=ext4
@@ -136,6 +134,18 @@ while true; do
         esac
 done
 
+# If -h or --help was passed into the container, we'll want to cleanup
+# afterward
+wantedhelp=0
+for var in "$@"
+do
+if [ "$var" = "-h" -o "$var" = "--help" ]; then
+    help
+    exit 1
+fi
+done
+
+
 if [ -z "$lxc_path" ]; then
     echo "$(basename $0): no configuration path defined" >&2
     exit 1

src/lxc/lxc-destroy.in

@@ -41,7 +41,6 @@ help() {
 
 shortoptions='hn:f'
 longoptions='help,name:'
-localstatedir=@LOCALSTATEDIR@
 lxc_path=@LXCPATH@
 force=0
 
@@ -107,16 +106,24 @@ if [ $? -eq 0 ]; then
 fi
 
 # Deduce the type of rootfs
-# If LVM partition, destroy it.  If anything else, ignore it.  We'll support
-# deletion of others later.
+# If LVM partition, destroy it. For btrfs, we delete the subvolue. If anything
+# else, ignore it. We'll support deletion of others later.
 rootdev=`grep lxc.rootfs $lxc_path/$lxc_name/config 2>/dev/null | sed -e 's/^[^/]*/\//'`
-if [ ! -z "$rootdev" ]; then
-	if [ -b "$rootdev" -o -h "$rootdev" ]; then
+if [ -n "$rootdev" ]; then
+	if [ -b "$rootdev" ]; then
 		lvdisplay $rootdev > /dev/null 2>&1
 		if [ $? -eq 0 ]; then
 			echo "removing backing store: $rootdev"
 			lvremove -f $rootdev
 		fi
+	elif [ -h "$rootdev" -o -d "$rootdev" ]; then
+		if which btrfs >/dev/null 2>&1 &&
+		   btrfs subvolume list "$rootdev" >/dev/null 2>&1; then
+			btrfs subvolume delete "$rootdev"
+		else
+			# In case rootfs is not under $lxc_path/$lxc_name, remove it
+			rm -rf --one-file-system --preserve-root $rootdev
+		fi
 	fi
 fi
 # recursively remove the container to remove old container configuration

src/lxc/lxc-ls.in

@@ -17,7 +17,6 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
-localstatedir=@LOCALSTATEDIR@
 lxc_path=@LXCPATH@
 
 usage()
@@ -57,7 +56,7 @@ get_parent_cgroup()
 		init_cgroup=${fields#*:}
 
 		# Get the filesystem mountpoint of the hierarchy
-		mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^ ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2)
+		mountpoint=$(grep -E "^[^ ]+ [^ ]+ cgroup ([^ ]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2)
 		if [ -z "$mountpoint" ]; then continue; fi
 
 		# Return the absolute path to the containers' parent cgroup
@@ -71,7 +70,7 @@ get_parent_cgroup()
 	done
 }
 
-directory="$lxc_path"
+directory=$(readlink -f "$lxc_path")
 
 for i in "$@"; do
 	case $i in

src/lxc/lxc-ps.in

@@ -74,9 +74,9 @@ containers=""
 list_container_processes=0
 for i in "$@"; do
 	case $i in
-		--help)
+		-h|--help)
 			help; exit 1;;
-		--name)
+		-n|--name)
 			containers=$2; list_container_processes=1; shift 2;;
 		--lxc)
 			list_container_processes=1; shift;;

src/lxc/lxc-setcap.in

@@ -83,9 +83,6 @@ lxc_dropcaps()
 
 shortoptions='hd'
 longoptions='help'
-libdir=@LIBDIR@
-libexecdir=@LIBEXECDIR@
-localstatedir=@LOCALSTATEDIR@
 
 getopt=$(getopt -o $shortoptions --longoptions  $longoptions -- "$@")
 if [ $? != 0 ]; then

src/lxc/lxc-setuid.in

@@ -80,9 +80,6 @@ lxc_dropuid()
 
 shortoptions='hd'
 longoptions='help'
-libdir=@LIBDIR@
-libexecdir=@LIBEXECDIR@
-localstatedir=@LOCALSTATEDIR@
 
 getopt=$(getopt -o $shortoptions --longoptions  $longoptions -- "$@")
 if [ $? != 0 ]; then

src/lxc/lxc_start.c

@@ -199,9 +199,19 @@ int main(int argc, char *argv[])
 		free(console);
 	}
 
-	if (my_args.daemonize && daemon(0, 0)) {
-		SYSERROR("failed to daemonize '%s'", my_args.name);
-		return err;
+	if (my_args.daemonize) {
+		/* do an early check for needed privs, since otherwise the
+		 * user won't see the error */
+
+		if (!lxc_caps_check()) {
+			ERROR("Not running with sufficient privilege");
+			return err;
+		}
+
+		if (daemon(0, 0)) {
+			SYSERROR("failed to daemonize '%s'", my_args.name);
+			return err;
+		}
 	}
 
 	if (my_args.close_all_fds)

src/lxc/namespace.h

@@ -47,6 +47,10 @@
 #ifndef CLONE_NEWNET
 #  define CLONE_NEWNET            0x40000000
 #endif
+int clone(int (*fn)(void *), void *child_stack,
+	int flags, void *arg, ...
+	/* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
+
 
 extern pid_t lxc_clone(int (*fn)(void *), void *arg, int flags);
 

src/lxc/start.c

@@ -359,7 +359,10 @@ struct lxc_handler *lxc_init(const char *name, struct lxc_conf *conf)
 		goto out_free_name;
 	}
 
-	HOOK(name, "pre-start", conf);
+	if (run_lxc_hooks(name, "pre-start", conf)) {
+		ERROR("failed to run pre-start hooks for container '%s'.", name);
+		goto out_aborting;
+	}
 
 	if (lxc_create_tty(name, conf)) {
 		ERROR("failed to create the ttys");
@@ -405,7 +408,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler)
 	lxc_set_state(name, handler, STOPPING);
 	lxc_set_state(name, handler, STOPPED);
 
-	HOOK(name, "post-stop", handler->conf);
+	if (run_lxc_hooks(name, "post-stop", handler->conf))
+		ERROR("failed to run post-stop hooks for container '%s'.", name);
 
 	/* reset mask set by setup_signal_fd */
 	if (sigprocmask(SIG_SETMASK, &handler->oldmask, NULL))
@@ -526,9 +530,12 @@ static int do_start(void *data)
 	if (apparmor_load(handler) < 0)
 		goto out_warn_father;
 
-	close(handler->sigfd);
+	if (run_lxc_hooks(handler->name, "start", handler->conf)) {
+		ERROR("failed to run start hooks for container '%s'.", handler->name);
+		goto out_warn_father;
+	}
 
-	HOOK(handler->name, "start", handler->conf);
+	close(handler->sigfd);
 
 	/* after this call, we are in error because this
 	 * ops should not return as it execs */

templates/lxc-altlinux.in

@@ -245,6 +245,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #networking
 lxc.network.type = $lxc_network_type
 lxc.network.flags = up

templates/lxc-archlinux.in

@@ -224,6 +224,10 @@ lxc.tty=4
 lxc.pts=1024
 lxc.rootfs=${rootfs_path}
 lxc.mount=${config_path}/fstab
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #networking
 lxc.network.type=${lxc_network_type}
 lxc.network.flags=up

templates/lxc-busybox.in

@@ -233,26 +233,22 @@ lxc.utsname = $name
 lxc.tty = 1
 lxc.pts = 1
 lxc.rootfs = $rootfs
-EOF
-
-if [ -d "$rootfs/lib" ]; then
-cat <<EOF >> $path/config
-lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0
-lxc.mount.entry=/usr/lib $rootfs/usr/lib none ro,bind 0 0
-EOF
-fi
 
-if [ -d "/lib64" ] && [ -d "$rootfs/lib64" ]; then
-cat <<EOF >> $path/config
-lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 EOF
-fi
 
-if [ -d "/usr/lib64" ] && [ -d "$rootfs/usr/lib64" ]; then
-cat <<EOF >> $path/config
-lxc.mount.entry=/usr/lib64 $rootfs/usr/lib64 none ro,bind 0 0
-EOF
-fi
+    libdirs="\
+        lib \
+        usr/lib \
+        lib64 \
+        usr/lib64"
+
+    for dir in $libdirs; do
+        if [ -d "/$dir" ] && [ -d "$rootfs/$dir" ]; then
+            echo "lxc.mount.entry=/$dir $dir none ro,bind 0 0" >> $path/config
+        fi
+    done
 }
 
 usage()

templates/lxc-debian.in

@@ -54,6 +54,8 @@ c1:12345:respawn:/sbin/getty 38400 tty1 linux
 c2:12345:respawn:/sbin/getty 38400 tty2 linux
 c3:12345:respawn:/sbin/getty 38400 tty3 linux
 c4:12345:respawn:/sbin/getty 38400 tty4 linux
+p6::ctrlaltdel:/sbin/init 6 
+p0::powerfail:/sbin/init 0
 EOF
 
     # disable selinux in debian
@@ -95,6 +97,12 @@ EOF
     return 0
 }
 
+cleanup()
+{
+    rm -rf $cache/partial-$SUITE-$arch
+    rm -rf $cache/rootfs-$SUITE-$arch
+}
+
 download_debian()
 {
     packages=\
@@ -102,7 +110,7 @@ ifupdown,\
 locales,\
 libui-dialog-perl,\
 dialog,\
-dhcp3-client,\
+isc-dhcp-client,\
 netbase,\
 net-tools,\
 iproute,\
@@ -111,6 +119,7 @@ openssh-server
     cache=$1
     arch=$2
 
+    trap cleanup EXIT SIGHUP SIGINT SIGTERM
     # check the mini debian was not already downloaded
     mkdir -p "$cache/partial-$SUITE-$arch"
     if [ $? -ne 0 ]; then
@@ -130,6 +139,10 @@ openssh-server
 
     mv "$1/partial-$SUITE-$arch" "$1/rootfs-$SUITE-$arch"
     echo "Download complete."
+    trap EXIT
+    trap SIGINT
+    trap SIGTERM
+    trap SIGHUP
 
     return 0
 }
@@ -194,6 +207,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.utsname = $hostname
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

templates/lxc-fedora.in

@@ -29,9 +29,7 @@
 arch=$(arch)
 cache_base=/var/cache/lxc/fedora/$arch
 default_path=/var/lib/lxc
-root_password=rooter
-lxc_network_type=veth
-lxc_network_link=virbr0
+root_password=root
 
 # is this fedora?
 [ -f /etc/fedora-release ] && is_fedora=true
@@ -52,7 +50,7 @@ configure_fedora()
 DEVICE=eth0
 BOOTPROTO=dhcp
 ONBOOT=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${name}
 NM_CONTROLLED=no
 TYPE=Ethernet
 MTU=${MTU}
@@ -61,7 +59,7 @@ EOF
     # set the hostname
     cat <<EOF > ${rootfs_path}/etc/sysconfig/network
 NETWORKING=yes
-HOSTNAME=${UTSNAME}
+HOSTNAME=${name}
 EOF
 
     # set minimal hosts
@@ -92,12 +90,26 @@ EOF
     echo "setting root passwd to $root_password"
     echo "root:$root_password" | chroot $rootfs_path chpasswd
 
+    # specifying this in the initial packages doesn't always work.
+    echo "installing fedora-release package"
+    chroot ${rootfs_path} yum --releasever=${release} -y install fedora-release
+
+    # silence some needless startup errors
+    touch ${rootfs_path}/etc/fstab
+
+    # give us a console on /dev/console
+    sed -i 's/ACTIVE_CONSOLES=.*$/ACTIVE_CONSOLES="\/dev\/console \/dev\/tty[1-4]"/' \
+        ${rootfs_path}/etc/sysconfig/init
+
     return 0
 }
 configure_fedora_init()
 {
     sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.sysinit
     sed -i 's|.sbin.start_udev||' ${rootfs_path}/etc/rc.d/rc.sysinit
+    # don't mount devpts, for pete's sake
+    sed -i 's/^.*dev.pts.*$/#\0/' ${rootfs_path}/etc/rc.sysinit
+    sed -i 's/^.*dev.pts.*$/#\0/' ${rootfs_path}/etc/rc.d/rc.sysinit
     chroot ${rootfs_path} chkconfig udev-post off
     chroot ${rootfs_path} chkconfig network on
 }
@@ -126,7 +138,7 @@ download_fedora()
     # download a mini fedora into a cache
     echo "Downloading fedora minimal ..."
     YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
-    PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils"
+    PKG_LIST="yum initscripts passwd rsyslog vim-minimal dhclient chkconfig rootfiles policycoreutils fedora-release"
     MIRRORLIST_URL="http://mirrors.fedoraproject.org/mirrorlist?repo=fedora-$release&arch=$arch"
 
     DOWNLOAD_OK=no
@@ -237,12 +249,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs_path
 lxc.mount  = $config_path/fstab
-#networking
-lxc.network.type = $lxc_network_type
-lxc.network.flags = up
-lxc.network.link = $lxc_network_link
-lxc.network.name = eth0
-lxc.network.mtu = 1500
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 #cgroups
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
@@ -264,7 +274,6 @@ EOF
 
     cat <<EOF > $config_path/fstab
 proc            proc         proc    nodev,noexec,nosuid 0 0
-devpts          dev/pts      devpts defaults 0 0
 sysfs           sys          sysfs defaults  0 0
 EOF
     if [ $? -ne 0 ]; then
@@ -341,9 +350,20 @@ if [ ! -z "$clean" -a -z "$path" ]; then
     exit 0
 fi
 
+needed_pkgs=""
 type yum >/dev/null 2>&1
 if [ $? -ne 0 ]; then
-    echo "'yum' command is missing"
+    needed_pkgs="yum $needed_pkgs"
+fi
+
+type curl >/dev/null 2>&1
+if [ $? -ne 0 ]; then
+    needed_pkgs="curl $needed_pkgs"
+fi
+
+if [ -n "$needed_pkgs" ]; then
+    echo "Missing commands: $needed_pkgs"
+    echo "Please install these using \"sudo apt-get install $needed_pkgs\""
     exit 1
 fi
 
@@ -366,7 +386,11 @@ if [ "$(id -u)" != "0" ]; then
 fi
 
 
-rootfs_path=$path/rootfs
+rootfs_path=$path/$name/rootfs
+# check for 'lxc.rootfs' passed in through default config by lxc-create
+if grep -q '^lxc.rootfs' $path/config 2>/dev/null ; then
+    rootfs_path=`grep 'lxc.rootfs =' $path/config | awk -F= '{ print $2 }'`
+fi
 config_path=$default_path/$name
 cache=$cache_base/$release
 
@@ -413,4 +437,3 @@ if [ ! -z $clean ]; then
     exit 0
 fi
 echo "container rootfs and config created"
-echo "container is configured for lxc.network.type=veth and lxc.network.link=virbr0 (which is default if you have libvirt runnig)"

templates/lxc-lenny.in

@@ -183,6 +183,10 @@ lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.cgroup.devices.deny = a
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm
 lxc.cgroup.devices.allow = c 1:5 rwm
@@ -297,7 +301,7 @@ if [ $? -ne 0 ]; then
     exit 1
 fi
 
-copy_configuration $path $rootfs
+copy_configuration $path $rootfs $name
 if [ $? -ne 0 ]; then
     echo "failed write configuration file"
     exit 1

templates/lxc-opensuse.in

@@ -262,6 +262,9 @@ lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.cgroup.devices.deny = a
 # /dev/null and zero
 lxc.cgroup.devices.allow = c 1:3 rwm

templates/lxc-sshd.in

@@ -88,6 +88,17 @@ HostbasedAuthentication no
 PermitEmptyPasswords yes
 ChallengeResponseAuthentication no
 EOF
+
+    if [ -n "$auth_key" -a -f "$auth_key" ]; then
+        u_path="/root/.ssh"
+        root_u_path="$rootfs/$u_path"
+        mkdir -p $root_u_path
+        cp $auth_key "$root_u_path/authorized_keys"
+        chown -R 0:0 "$rootfs/$u_path"
+        chmod 700 "$rootfs/$u_path"
+        echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
+    fi
+
     return 0
 }
 
@@ -101,6 +112,10 @@ cat <<EOF >> $path/config
 lxc.utsname = $name
 lxc.pts = 1024
 lxc.rootfs = $rootfs
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
+
 lxc.mount.entry=/dev dev none ro,bind 0 0
 lxc.mount.entry=/lib lib none ro,bind 0 0
 lxc.mount.entry=/bin bin none ro,bind 0 0
@@ -108,13 +123,17 @@ lxc.mount.entry=/usr usr none ro,bind 0 0
 lxc.mount.entry=/sbin sbin none ro,bind 0 0
 lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0
 lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0
+lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0
 EOF
 
-if [ "$(uname -m)" = "x86_64" ]; then
-    cat <<EOF >> $path/config
+    # if no .ipv4 section in config, then have the container run dhcp
+    grep -q "^lxc.network.ipv4" $path/config || touch $rootfs/run-dhcp
+
+    if [ "$(uname -m)" = "x86_64" ]; then
+        cat <<EOF >> $path/config
 lxc.mount.entry=/lib64 lib64 none ro,bind 0 0
 EOF
-fi
+    fi
 }
 
 usage()
@@ -125,10 +144,10 @@ EOF
     return 0
 }
 
-options=$(getopt -o hp:n: -l help,path:,name: -- "$@")
+options=$(getopt -o hp:n:S: -l help,path:,name:,auth-key: -- "$@")
 if [ $? -ne 0 ]; then
         usage $(basename $0)
-	exit 1
+    exit 1
 fi
 eval set -- "$options"
 
@@ -137,7 +156,8 @@ do
     case "$1" in
         -h|--help)      usage $0 && exit 0;;
         -p|--path)      path=$2; shift 2;;
-	-n|--name)      name=$2; shift 2;;
+        -n|--name)      name=$2; shift 2;;
+        -S|--auth-key)  auth_key=$2; shift 2;;
         --)             shift 1; break ;;
         *)              break ;;
     esac
@@ -162,6 +182,22 @@ if [ $0 == "/sbin/init" ]; then
 	exit 1
     fi
 
+    # run dhcp?
+    if [ -f /run-dhcp ]; then
+        type dhclient
+        if [ $? -ne 0 ]; then
+            echo "can't find dhclient"
+            exit 1
+        fi
+        touch /etc/fstab
+        rm -f /dhclient.conf
+        cat > /dhclient.conf << EOF
+send host-name "<hostname>";
+EOF
+        ifconfig eth0 up
+        dhclient eth0 -cf /dhclient.conf
+    fi
+
     exec @LXCINITDIR@/lxc-init -- /usr/sbin/sshd
     exit 1
 fi

templates/lxc-ubuntu-cloud.in

@@ -55,6 +55,10 @@ lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin
+lxc.pivotdir = lxc_putold
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
@@ -92,13 +96,12 @@ proc            proc         proc    nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs defaults  0 0
 EOF
 
-    # rmdir /dev/shm in precise and quantal containers.
+    # rmdir /dev/shm for containers that have /run/shm
     # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
     # get bind mounted to the host's /run/shm.  So try to rmdir
     # it, and in case that fails move it out of the way.
-    if [ $release = "precise" ] || [ $release = "quantal" ]; then
-        [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
-        [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
+    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
+        mv $rootfs/dev/shm $rootfs/dev/shm.bak
         ln -s /run/shm $rootfs/dev/shm
     fi
 
@@ -218,9 +221,22 @@ if [ "$stream" != "daily" -a "$stream" != "released" ]; then
     exit 1
 fi
 
-if [ -n "$userdata" -a ! -f "$userdata" ]; then
-    echo "Userdata does not exist"
-    exit 1
+if [ -n "$userdata" ]; then
+    if [ ! -f "$userdata" ]; then
+        echo "Userdata ($userdata) does not exist"
+        exit 1
+    else
+        userdata=`readlink -f $userdata`
+    fi
+fi
+
+if [ -n "$auth_key" ]; then
+    if [ ! -f "$auth_key" ]; then
+        echo "--auth-key=${auth_key} must reference a file"
+        exit 1
+    fi
+    auth_key=$(readlink -f "${auth_key}") ||
+        { echo "failed to get full path for auth_key"; exit 1; }
 fi
 
 if [ -z "$path" ]; then
@@ -245,14 +261,19 @@ cache="/var/cache/lxc/cloud-$release"
 mkdir -p $cache
 
 if [ -n "$tarball" ]; then
-	url2="$tarball"
+    url2="$tarball"
 else
-	url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
-	url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
+    url1=`ubuntu-cloudimg-query $release $stream $arch --format "%{url}\n"`
+    url2=`echo $url1 | sed -e 's/.tar.gz/-root\0/'`
 fi
 
 filename=`basename $url2`
 
+wgetcleanup()
+{
+    rm -f $filename
+}
+
 buildcleanup()
 {
     cd $rootfs
@@ -271,7 +292,7 @@ build_root_tgz()
     xdir=`mktemp -d -p .`
     tarname=`basename $url`
     imgname="$release-*-cloudimg-$arch.img"
-    trap buildcleanup EXIT
+    trap buildcleanup EXIT SIGHUP SIGINT SIGTERM
     if [ $flushcache -eq 1 -o ! -f $cache/$tarname ]; then
         rm -f $tarname
         echo "Downloading cloud image from $url"
@@ -286,6 +307,9 @@ build_root_tgz()
     rmdir $xdir
     echo "New cloud image cache created"
     trap EXIT
+    trap SIGHUP
+    trap SIGINT
+    trap SIGTERM
 }
 
 mkdir -p /var/lock/subsys/
@@ -298,9 +322,14 @@ mkdir -p /var/lock/subsys/
         rm -f $filename
     fi
 
+    trap wgetcleanup EXIT SIGHUP SIGINT SIGTERM
     if [ ! -f $filename ]; then
-       wget $url2 || build_root_tgz $url1 $filename
+        wget $url2 || build_root_tgz $url1 $filename
     fi
+    trap EXIT
+    trap SIGHUP
+    trap SIGINT
+    trap SIGTERM
 
     echo "Extracting container rootfs"
     mkdir -p $rootfs
@@ -309,67 +338,62 @@ mkdir -p /var/lock/subsys/
 
 
     if [ $cloud -eq 0 ]; then
-	echo "Configuring for running outside of a cloud environment"
-	echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
+        echo "Configuring for running outside of a cloud environment"
+        echo "If you want to configure for a cloud evironment, please use '-- -C' to create the container"
 
-	seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
-	rhostid=$(uuidgen | cut -c -8)
-	host_id=${hostid:-$rhostid}
-	mkdir -p $seed_d
+        seed_d=$rootfs/var/lib/cloud/seed/nocloud-net
+        rhostid=$(uuidgen | cut -c -8)
+        host_id=${hostid:-$rhostid}
+        mkdir -p $seed_d
 
-	cat > "$seed_d/meta-data" <<EOF
-instance_id: lxc-$host_id
+        cat > "$seed_d/meta-data" <<EOF
+instance-id: lxc-$host_id
 EOF
-
-	rm $rootfs/etc/hostname
-
-	if [ $locales -eq 1 ]; then
-		cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
-	fi
-
-
-	if [ -n "$auth_key" -a -f "$auth_key" ]; then
-		u_path="/home/ubuntu/.ssh"
-		root_u_path="$rootfs/$u_path"
-		mkdir -p $root_u_path
-		cp $auth_key "$root_u_path/authorized_keys"
-		chroot $rootfs chown -R ubuntu: "$u_path"
-
-		echo "Inserted SSH public key from $auth_key into /home/ubuntu/.ssh/authorized_keys"
-	fi
-
-	if [ -f "$userdata" ]; then
-		echo "Using custom user-data"
-		cp $userdata $seed_d/user-data
-	else
-
-		if [ -z "$MIRROR" ]; then
-			MIRROR="http://archive.ubuntu.com/ubuntu"
-		fi
-
-		cat > "$seed_d/user-data" <<EOF
+        if [ -n "$auth_key" ]; then
+            {
+            echo "public-keys:" &&
+            sed -e '/^$/d' -e 's,^,- ,' "$auth_key" "$auth_key"
+            } >> "$seed_d/meta-data"
+            [ $? -eq 0 ] ||
+                { echo "failed to write public keys to metadata"; exit 1; }
+        fi
+
+        rm $rootfs/etc/hostname
+
+        if [ $locales -eq 1 ]; then
+            cp /usr/lib/locale/locale-archive $rootfs/usr/lib/locale/locale-archive
+        fi
+
+        if [ -f "$userdata" ]; then
+            echo "Using custom user-data"
+            cp $userdata $seed_d/user-data
+        else
+
+            if [ -z "$MIRROR" ]; then
+                MIRROR="http://archive.ubuntu.com/ubuntu"
+            fi
+
+            cat > "$seed_d/user-data" <<EOF
 #cloud-config
 output: {all: '| tee -a /var/log/cloud-init-output.log'}
-apt-mirror: $MIRROR
+apt_mirror: $MIRROR
 manage_etc_hosts: localhost
 locale: $(/usr/bin/locale | awk -F= '/LANG=/ {print$NF}')
+password: ubuntu
+chpasswd: { expire: False }
 EOF
-	fi
+        fi
+    else
 
-	chroot $rootfs /usr/sbin/usermod -U ubuntu
-	echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
-	echo "Please login as user ubuntu with password ubuntu."
-
-   else
-
-	echo "Configured for running in a cloud environment."
-	echo "If you do not have a meta-data service, this container will likely be useless."
-
-   fi
+        echo "Configured for running in a cloud environment."
+        echo "If you do not have a meta-data service, this container will likely be useless."
 
+    fi
 ) 200>/var/lock/subsys/lxc-ubucloud
 
 copy_configuration $path $rootfs $name $arch $release
 
 echo "Container $name created."
 exit 0
+
+# vi: ts=4 expandtab

templates/lxc-ubuntu.in

@@ -146,6 +146,18 @@ EOF
     fi
 }
 
+cleanup()
+{
+    rm -rf $cache/partial-$arch
+    rm -rf $cache/rootfs-$arch
+}
+
+suggest_flush()
+{
+    echo "Container upgrade failed.  The container cache may be out of date,"
+    echo "in which case flushing the case (see -F in the hep output) may help."
+}
+
 download_ubuntu()
 {
     cache=$1
@@ -155,6 +167,7 @@ download_ubuntu()
     packages=vim,ssh
     echo "installing packages: $packages"
 
+    trap cleanup EXIT SIGHUP SIGINT SIGTERM
     # check the mini ubuntu was not already downloaded
     mkdir -p "$cache/partial-$arch"
     if [ $? -ne 0 ]; then
@@ -192,16 +205,16 @@ exit 101
 EOF
     chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
 
-    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
-    ret=$?
+    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y || { suggest_flush; false; }
     rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
 
-    if [ $ret -ne 0 ]; then
-        echo "Failed to upgrade the cache"
-        return 1
-    fi
+    chroot "$1/partial-${arch}" apt-get clean
 
     mv "$1/partial-$arch" "$1/rootfs-$arch"
+    trap EXIT
+    trap SIGINT
+    trap SIGTERM
+    trap SIGHUP
     echo "Download complete"
     return 0
 }
@@ -300,6 +313,10 @@ lxc.rootfs = $rootfs
 lxc.mount  = $path/fstab
 lxc.arch = $arch
 lxc.cap.drop = sys_module mac_admin mac_override
+lxc.pivotdir = lxc_putold
+
+# When using LXC with apparmor, uncomment the next line to run unconfined:
+#lxc.aa_profile = unconfined
 
 lxc.cgroup.devices.deny = a
 # Allow any mknod (but not using the node)
@@ -455,6 +472,7 @@ post_process()
         # for lucid, if not trimming, then add the ubuntu-virt
         # ppa and install lxcguest
         if [ $release = "lucid" ]; then
+            chroot $rootfs apt-get update
             chroot $rootfs apt-get install --force-yes -y python-software-properties
             chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
         fi
@@ -498,9 +516,8 @@ post_process()
     # I'm afraid of doing rm -rf $rootfs/dev/shm, in case it did
     # get bind mounted to the host's /run/shm.  So try to rmdir
     # it, and in case that fails move it out of the way.
-    if [ -d $rootfs/run/shm ]; then
-        [ -d "$rootfs/dev/shm" ] && rmdir $rootfs/dev/shm
-        [ -e "$rootfs/dev/shm" ] && mv $rootfs/dev/shm $rootfs/dev/shm.bak
+    if [ ! -L $rootfs/dev/shm ] && [ -d $rootfs/run/shm ] && [ -e $rootfs/dev/shm ]; then
+        mv $rootfs/dev/shm $rootfs/dev/shm.bak
         ln -s /run/shm $rootfs/dev/shm
     fi
 }
@@ -684,7 +701,11 @@ fi
 
 echo ""
 echo "##"
-echo "# The default user is 'ubuntu' with password 'ubuntu'!"
-echo "# Use the 'sudo' command to run tasks as root in the container."
+if [ -n "$bindhome" ]; then
+	echo "# Log in as user $bindhome"
+else
+	echo "# The default user is 'ubuntu' with password 'ubuntu'!"
+	echo "# Use the 'sudo' command to run tasks as root in the container."
+fi
 echo "##"
 echo ""