Skip to content

L
lxc
Unverified Commit a98bd0bd by Stéphane Graber Committed by GitHub
Options

Merge pull request #2164 from brauner/2018-02-14/add_flag_to_compile_tools

tree-wide: rm {lua,python3} bindings, rm deprecated binaries, rm deprecated templates, add --{disable,enable}-{commands,tools} flag
parents ff305221 ea8fa04f
Showing with 121 additions and 3575 deletions
.gitignore
......@@ -39,7 +39,6 @@ src/lxc/lxc-cgroup
src/lxc/tools/lxc-checkconfig
src/lxc/tools/lxc-update-config
src/lxc/lxc-checkpoint
src/lxc/lxc-clone
src/lxc/lxc-console
src/lxc/lxc-config
src/lxc/lxc-copy
......@@ -57,7 +56,6 @@ src/lxc/lxc-monitord
src/lxc/lxc-shutdown
src/lxc/lxc-snapshot
src/lxc/lxc-start
src/lxc/tools/lxc-start-ephemeral
src/lxc/lxc-stop
src/lxc/lxc-top
src/lxc/lxc-unfreeze
......@@ -69,10 +67,6 @@ src/lxc/version.h
src/lxc/cmd/lxc-checkconfig
src/lxc/cmd/lxc-update-config
src/python-lxc/build/
src/python-lxc/lxc/__pycache__/
src/python-lxc/lxc.egg-info/
src/tests/lxc-test-device-add-remove
src/tests/lxc-test-attach
src/tests/lxc-test-apparmor
......
.travis.yml
......@@ -18,7 +18,7 @@ before_install:
- echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
- sudo add-apt-repository ppa:ubuntu-lxc/daily -y
- sudo apt-get update -qq
- sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev python3-dev python3-setuptools docbook2x libgnutls-dev liblua5.2-dev libselinux1-dev
- sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev python3-dev python3-setuptools docbook2x libgnutls-dev libselinux1-dev
script:
- ./autogen.sh
- rm -Rf build
......
Makefile.am
......@@ -13,14 +13,6 @@ EXTRA_DIST = \
RPMARGS =
if ENABLE_LUA
RPMARGS += --with lua
endif
if ENABLE_PYTHON
RPMARGS += --with python
endif
pcdatadir = $(libdir)/pkgconfig
pcdata_DATA = lxc.pc
......
config/apparmor/abstractions/start-container
......@@ -20,7 +20,7 @@
# allow pre-mount hooks to stage mounts under /var/lib/lxc/<container>/
mount -> /var/lib/lxc/{**,},
# required for some pre-mount hooks (like the new lxc-start-ephemeral)
# required for some pre-mount hooks
mount fstype=overlayfs,
mount fstype=aufs,
mount fstype=ecryptfs,
......
config/bash/lxc.in
......@@ -108,5 +108,4 @@ _have lxc-start && {
complete -o default -F _lxc_generic_t lxc-create
complete -o default -F _lxc_generic_o lxc-copy
complete -o default -F _lxc_generic_o lxc-start-ephemeral
}
config/templates/Makefile.am
......@@ -4,43 +4,8 @@ EXTRA_DIST = common.seccomp
SUBDIRS = common.conf.d
templatesconfig_DATA = \
alpine.common.conf \
alpine.userns.conf \
archlinux.common.conf \
archlinux.userns.conf \
centos.common.conf \
centos.userns.conf \
common.conf \
common.seccomp \
debian.common.conf \
debian.userns.conf \
fedora.common.conf \
fedora.userns.conf \
gentoo.common.conf \
gentoo.moresecure.conf \
gentoo.userns.conf \
nesting.conf \
oci.common.conf \
opensuse.common.conf \
opensuse.userns.conf \
oracle.common.conf \
oracle.userns.conf \
plamo.common.conf \
plamo.userns.conf \
slackware.common.conf \
slackware.userns.conf \
ubuntu-cloud.common.conf \
ubuntu-cloud.lucid.conf \
ubuntu-cloud.userns.conf \
ubuntu.common.conf \
ubuntu.lucid.conf \
ubuntu.userns.conf \
openwrt.common.conf \
sparclinux.common.conf \
sparclinux.userns.conf \
voidlinux.common.conf \
voidlinux.userns.conf \
sabayon.common.conf \
sabayon.userns.conf \
userns.conf
templatesconfig_DATA = common.conf \
common.seccomp \
nesting.conf \
oci.common.conf \
userns.conf
config/templates/alpine.common.conf.in deleted 100644 → 0
# This derives from the global common config.
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Doesn't support consoles in /dev/lxc/.
lxc.tty.dir =
# Drop another (potentially) harmful capabilities.
lxc.cap.drop = audit_write
lxc.cap.drop = ipc_owner
lxc.cap.drop = mknod
lxc.cap.drop = setpcap
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_resource
lxc.cap.drop = sys_tty_config
lxc.cap.drop = syslog
lxc.cap.drop = wake_alarm
# Mount /run as tmpfs.
lxc.mount.entry=run run tmpfs rw,nodev,relatime,mode=755 0 0
# Mount /dev/shm as tmpfs; needed for building python and possibly other packages.
lxc.mount.entry=shm dev/shm tmpfs rw,nodev,noexec,nosuid,relatime,mode=1777,create=dir 0 0
config/templates/alpine.userns.conf.in deleted 100644 → 0
# This derives from the global userns config.
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/archlinux.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Allow for 6 tty devices by default
lxc.tty.max = 6
# Set the halt/stop signals
lxc.signal.halt=SIGRTMIN+4
# Uncomment to disable creating tty devices subdirectory in /dev
# lxc.tty.dir =
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
#
lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio
config/templates/archlinux.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/centos.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
lxc.cap.drop = sys_nice sys_pacct sys_rawio
config/templates/centos.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/debian.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Doesn't support consoles in /dev/lxc/
lxc.tty.dir =
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
config/templates/debian.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/fedora.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio
config/templates/fedora.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/gentoo.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Gentoo common default configuration
# This is the most feature-full container configuration
# But security is not the goal.
# Looking for more security, see gentoo.moresecure.conf
# Doesn't support consoles in /dev/lxc/
lxc.tty.dir =
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
# /dev/shm needs to be mounted as tmpfs. It's needed by python (bug #496328)
# and possibly other packages.
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
config/templates/gentoo.moresecure.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Gentoo security oriented default configuration
# This is a more security oriented container configuration
# "More" because this is far from fully secure
# Looking for more working features and you trust your
# Container user ? see gentoo.common.conf
# do not mount sysfs, see http://blog.bofh.it/debian/id_413
lxc.mount.entry=mqueue dev/mqueue mqueue rw,nodev,noexec,nosuid,create=dir 0 0
lxc.mount.entry=shm dev/shm tmpfs rw,nosuid,nodev,noexec,relatime,create=dir 0 0
lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin # breaks systemd
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # breaks journald
# lxc.cap.drop = sys_resource # breaks systemd
# lxc.cap.drop = sys_boot # breaks sysvinit
lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog
# WARNING: the security vulnerability reported for 'cap_net_admin' at
# http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html
# via JIT spraying (the BPF JIT module disabled on most systems was used
# in the example, but others are suggested vulnerable) meant that users
# with root in a container, that capability and kernel module may escape
# the container. ALWAYS be extremely careful granting any process root
# within a container, use a minimal configuration at all levels -
# including the kernel - and multiple layers of security on any system
# where security is a priority. note that not only LXC but PAX (and
# others?) were vulnerable to this issue.
config/templates/gentoo.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/opensuse.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
# lxc.cap.drop = setfcap
lxc.cap.drop = sys_nice sys_pacct sys_rawio
config/templates/opensuse.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/openwrt.common.conf.in deleted 100644 → 0
# Default console settings
lxc.tty.dir = lxc
lxc.tty.max = 4
lxc.pty.max = 1024
# Default capabilities
lxc.cap.drop = mac_admin
lxc.cap.drop = mac_override
lxc.cap.drop = sys_admin
lxc.cap.drop = sys_module
lxc.cap.drop = sys_nice
lxc.cap.drop = sys_pacct
lxc.cap.drop = sys_ptrace
lxc.cap.drop = sys_rawio
lxc.cap.drop = sys_resource
lxc.cap.drop = sys_time
lxc.cap.drop = sys_tty_config
lxc.cap.drop = syslog
lxc.cap.drop = wake_alarm
# Default cgroups - all denied except those whitelisted
lxc.cgroup.devices.deny = a
## /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
## consoles
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 5:1 rwm
## /dev/{,u}random
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 1:9 rwm
## /dev/pts/*
lxc.cgroup.devices.allow = c 5:2 rwm
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## dev/tty0
lxc.cgroup.devices.allow = c 4:0 rwm
## dev/tty1
lxc.cgroup.devices.allow = c 4:1 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp.profile = /usr/share/lxc/config/common.seccomp
config/templates/oracle.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
lxc.cap.drop = sys_nice sys_pacct sys_rawio
config/templates/oracle.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/plamo.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Doesn't support consoles in /dev/lxc/
lxc.tty.dir =
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
config/templates/plamo.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/sabayon.common.conf.in deleted 100644 → 0
# Default configuration for Sabayon containers
# Setup the default mounts
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
# Allow for 1024 pseudo terminals
lxc.pty.max = 1024
# Setup 1 tty devices for lxc-console command
lxc.tty.max = 1
# Needed for systemd distro
lxc.autodev = 1
# Doesn't support consoles in /dev/lxc/
lxc.tty.dir =
# CGroup whitelist
lxc.cgroup.devices.deny = a
## Allow any mknod (but not reading/writing the node)
#lxc.cgroup.devices.allow = c *:* m
#lxc.cgroup.devices.allow = b *:* m
## Allow specific devices
### /dev/null
lxc.cgroup.devices.allow = c 1:3 rwm
### /dev/zero
lxc.cgroup.devices.allow = c 1:5 rwm
### /dev/full
lxc.cgroup.devices.allow = c 1:7 rwm
### /dev/random
lxc.cgroup.devices.allow = c 1:8 rwm
### /dev/urandom
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
#lxc.cgroup.devices.allow = c 136:* rwm
### /dev/tty
#lxc.cgroup.devices.allow = c 5:0 rwm
### /dev/console
#lxc.cgroup.devices.allow = c 5:1 rwm
### /dev/ptmx
#lxc.cgroup.devices.allow = c 5:2 rwm
### fuse
#lxc.cgroup.devices.allow = c 10:229 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
## rtc
#lxc.cgroup.devices.allow = c 254:0 rm
## tun
#lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
#lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
#lxc.cgroup.devices.allow = c 10:232 rwm
## /dev/mem
#lxc.cgroup.devices.allow = c 1:1 rwm
# If something doesn't work, try to comment this out.
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
lxc.cap.drop = sys_time sys_module sys_rawio mac_admin mac_override
#lxc.cap.drop = sys_admin
# /dev/shm needs to be mounted as tmpfs. It's needed by python (bug #496328)
# and possibly other packages.
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
# Blacklist some syscalls which are not safe in privileged
# containers
lxc.seccomp.profile = @LXCTEMPLATECONFIG@/common.seccomp
# Customize lxc options through common directory
lxc.include = @LXCTEMPLATECONFIG@/common.conf.d/
config/templates/sabayon.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/slackware.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Doesn't support consoles in /dev/lxc/
lxc.tty.dir =
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
# mount /dev/shm as tmpfs
lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
# Note that some are already dropped in common.conf.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
#
# Some of these don't apply in Slackware but are here for future reference.
#
# lxc.cap.drop = sys_admin # breaks systemd
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # breaks journald
# lxc.cap.drop = sys_resource # breaks systemd
#
lxc.cap.drop = mknod setfcap setpcap
config/templates/slackware.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/sparclinux.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
lxc.cap.drop = sys_nice sys_pacct sys_rawio
config/templates/sparclinux.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
config/templates/ubuntu-cloud.common.conf.in deleted 100644 → 0
# This derives from the main Ubuntu config
lxc.include = @LXCTEMPLATECONFIG@/ubuntu.common.conf
lxc.hook.clone = @LXCHOOKDIR@/ubuntu-cloud-prep
config/templates/ubuntu-cloud.lucid.conf.in deleted 100644 → 0
# This derives from the main Ubuntu lucid config
lxc.include = @LXCTEMPLATECONFIG@/ubuntu.lucid.conf
config/templates/ubuntu-cloud.userns.conf.in deleted 100644 → 0
# This derives from the main Ubuntu userns config
lxc.include = @LXCTEMPLATECONFIG@/ubuntu.userns.conf
config/templates/ubuntu.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Default mount entries
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
lxc.mount.entry = mqueue dev/mqueue mqueue rw,relatime,create=dir,optional 0 0
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
#lxc.apparmor.profile = unconfined
# Uncomment the following line to autodetect squid-deb-proxy configuration on the
# host and forward it to the guest at start time.
#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client
# If you wish to allow mounting block filesystems, then use the following
# line instead, and make sure to grant access to the block device and/or loop
# devices below in lxc.cgroup.devices.allow.
#lxc.apparmor.profile = lxc-container-default-with-mounting
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 10:228 rwm
## kvm
lxc.cgroup.devices.allow = c 10:232 rwm
## To use loop devices, copy the following line to the container's
## configuration file (uncommented).
#lxc.cgroup.devices.allow = b 7:* rwm
config/templates/ubuntu.lucid.conf.in deleted 100644 → 0
# Ubuntu 10.04 LTS doesn't have /dev/lxc/
lxc.tty.dir =
config/templates/ubuntu.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
# Extra fstab entries as mountall can't mount those by itself
lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0
lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0
config/templates/voidlinux.common.conf.in deleted 100644 → 0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Allow for 6 tty devices by default
lxc.tty.max = 6
# Set $VIRTUALIZATION so runit doesn't try to mount filesystems or start udevd
lxc.environment=VIRTUALIZATION=lxc
# Set the halt/stop signals
lxc.signal.halt=SIGCONT
# Uncomment to disable creating tty devices subdirectory in /dev
# lxc.tty.dir =
# Capabilities
# Uncomment these if you don't run anything that needs the capability, and
# would like the container to run with less privilege.
#
# Dropping sys_admin disables container root from doing a lot of things
# that could be bad like re-mounting lxc fstab entries rw for example,
# but also disables some useful things like being able to nfs mount, and
# things that are already namespaced with ns_capable() kernel checks, like
# hostname(1).
# lxc.cap.drop = sys_admin
# lxc.cap.drop = net_raw # breaks dhcp/ping
# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
# lxc.cap.drop = setuid # breaks sshd,nfs statd
# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed)
# lxc.cap.drop = audit_write
# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd
#
lxc.cap.drop = setfcap sys_nice sys_pacct sys_rawio
config/templates/voidlinux.userns.conf.in deleted 100644 → 0
# This derives from the global userns config
lxc.include = @LXCTEMPLATECONFIG@/userns.conf
# Set $VIRTUALIZATION so runit doesn't try to mount filesystems or start udevd
lxc.environment=VIRTUALIZATION=lxc
# Set the halt/stop signals
lxc.signal.halt=SIGCONT
configure.ac
......@@ -173,13 +173,6 @@ AC_ARG_ENABLE([werror],
[do not treat warnings as errors])],
[], [enable_werror=yes])
# Allow enabling deprecated executables
AC_ARG_ENABLE([deprecated],
[AC_HELP_STRING([--enable-deprecated],
[enable deprecated executables [default=no]])],
[], [enable_deprecated=false])
AM_CONDITIONAL([ENABLE_DEPRECATED], [test "x$enable_deprecated" = "xyes"])
# Allow disabling rpath
AC_ARG_ENABLE([rpath],
[AC_HELP_STRING([--enable-rpath], [set rpath in executables [default=no]])],
......@@ -363,29 +356,6 @@ AC_ARG_ENABLE([examples],
[], [enable_examples=yes])
AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"])
# Python3 module and scripts
AC_ARG_ENABLE([python],
[AC_HELP_STRING([--enable-python], [enable python binding [default=auto]])],
[], [enable_python=auto])
if test "x$enable_python" = "xauto"; then
PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[enable_python=yes],[enable_python=no])
if test "$CC" = "clang"; then
enable_python=no
fi
fi
if test "x$enable_python" = "xyes" && test "$CC" = "clang"; then
AC_MSG_ERROR([Python3 is incompatible with the clang compiler])
fi
AM_CONDITIONAL([ENABLE_PYTHON], [test "x$enable_python" = "xyes"])
AM_COND_IF([ENABLE_PYTHON],
[AM_PATH_PYTHON([3.2], [], [AC_MSG_ERROR([You must install python3])])
PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[],[AC_MSG_ERROR([You must install python3-dev])])
AC_DEFINE_UNQUOTED([ENABLE_PYTHON], 1, [Python3 is available])])
# Enable dumping stack traces
AC_ARG_ENABLE([mutex-debugging],
[AC_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])],
......@@ -416,53 +386,6 @@ m4_ifdef([PKG_CHECK_VAR], [],
])# PKG_CHECK_VAR
])
# Lua module and scripts
AC_ARG_ENABLE([lua],
[AC_HELP_STRING([--enable-lua], [enable lua binding [default=auto]])],
[], [enable_lua=auto])
AC_ARG_WITH([lua-pc],
[AS_HELP_STRING(
[--with-lua-pc=PKG],
[Specify pkg-config package name for lua]
)], [], [with_lua_pc=no])
if test "x$enable_lua" = "xyes" -a "x$with_lua_pc" != "xno"; then
# exit with error if not found
PKG_CHECK_MODULES([LUA], [$with_lua_pc], [LUAPKGCONFIG=$with_lua_pc])
fi
if test "x$enable_lua" = "xauto" -a "x$with_lua_pc" != "xno"; then
PKG_CHECK_MODULES([LUA], [$with_lua_pc],
[LUAPKGCONFIG=$with_lua_pc
enable_lua=yes],
[enable_lua=no])
fi
if test "x$enable_lua" != "xno"; then
PKG_CHECK_MODULES([LUA], [lua], [LUAPKGCONFIG=lua],
[PKG_CHECK_MODULES([LUA], [lua5.2], [LUAPKGCONFIG=lua5.2],
[PKG_CHECK_MODULES([LUA], [lua5.1], [LUAPKGCONFIG=lua5.1],
[AS_IF([test "x$enable_lua" = "xyes"],
[AC_MSG_ERROR([Lua not found. Please use --with-lua-pc=PKG])],
[enable_lua=no])]
)]
)])
AS_IF([test "x$LUAPKGCONFIG" != "x"], [enable_lua=yes])
fi
AM_CONDITIONAL([ENABLE_LUA],
[test "x$enable_lua" = "xyes"])
AM_COND_IF([ENABLE_LUA],
[AC_MSG_CHECKING([Lua version])
PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [V],,
[PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [major_version])])
AC_MSG_RESULT([$LUA_VERSION])
AC_SUBST([LUA_LIBDIR], [$libdir/lua/$LUA_VERSION])
AC_SUBST([LUA_SHAREDIR], [$datadir/lua/$LUA_VERSION])
])
# Optional bash integration
AC_ARG_ENABLE([bash],
[AC_HELP_STRING([--enable-bash], [build bash integration [default=yes]])],
......@@ -477,6 +400,18 @@ AM_COND_IF([ENABLE_BASH],
AC_SUBST(bashcompdir)
])
# Build the command line tools
AC_ARG_ENABLE([tools],
[AC_HELP_STRING([--enable-tools], [build the command line tools [default=yes]])],
[], [enable_tools=yes])
AM_CONDITIONAL([ENABLE_TOOLS], [test "x$enable_tools" = "xyes"])
# Build the liblxc commands
AC_ARG_ENABLE([commands],
[AC_HELP_STRING([--enable-commands], [build the liblxc commands [default=yes]])],
[], [enable_commands=yes])
AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"])
# Optional test binaries
AC_ARG_ENABLE([tests],
[AC_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])],
......@@ -731,44 +666,10 @@ AC_CONFIG_FILES([
config/init/upstart/Makefile
config/etc/Makefile
config/templates/Makefile
config/templates/alpine.common.conf
config/templates/alpine.userns.conf
config/templates/archlinux.common.conf
config/templates/archlinux.userns.conf
config/templates/centos.common.conf
config/templates/centos.userns.conf
config/templates/common.conf
config/templates/common.conf.d/Makefile
config/templates/debian.common.conf
config/templates/debian.userns.conf
config/templates/fedora.common.conf
config/templates/fedora.userns.conf
config/templates/gentoo.common.conf
config/templates/gentoo.moresecure.conf
config/templates/gentoo.userns.conf
config/templates/nesting.conf
config/templates/oci.common.conf
config/templates/opensuse.common.conf
config/templates/opensuse.userns.conf
config/templates/oracle.common.conf
config/templates/oracle.userns.conf
config/templates/plamo.common.conf
config/templates/plamo.userns.conf
config/templates/slackware.common.conf
config/templates/slackware.userns.conf
config/templates/ubuntu-cloud.common.conf
config/templates/ubuntu-cloud.lucid.conf
config/templates/ubuntu-cloud.userns.conf
config/templates/ubuntu.common.conf
config/templates/ubuntu.lucid.conf
config/templates/ubuntu.userns.conf
config/templates/openwrt.common.conf
config/templates/sparclinux.common.conf
config/templates/sparclinux.userns.conf
config/templates/voidlinux.common.conf
config/templates/voidlinux.userns.conf
config/templates/sabayon.common.conf
config/templates/sabayon.userns.conf
config/templates/userns.conf
config/yum/Makefile
config/sysconfig/Makefile
......@@ -781,7 +682,6 @@ AC_CONFIG_FILES([
doc/lxc-cgroup.sgml
doc/lxc-checkconfig.sgml
doc/lxc-checkpoint.sgml
doc/lxc-clone.sgml
doc/lxc-config.sgml
doc/lxc-console.sgml
doc/lxc-copy.sgml
......@@ -794,7 +694,6 @@ AC_CONFIG_FILES([
doc/lxc-ls.sgml
doc/lxc-monitor.sgml
doc/lxc-snapshot.sgml
doc/lxc-start-ephemeral.sgml
doc/lxc-start.sgml
doc/lxc-stop.sgml
doc/lxc-top.sgml
......@@ -830,7 +729,6 @@ AC_CONFIG_FILES([
doc/ja/lxc-cgroup.sgml
doc/ja/lxc-checkconfig.sgml
doc/ja/lxc-checkpoint.sgml
doc/ja/lxc-clone.sgml
doc/ja/lxc-config.sgml
doc/ja/lxc-console.sgml
doc/ja/lxc-copy.sgml
......@@ -843,7 +741,6 @@ AC_CONFIG_FILES([
doc/ja/lxc-ls.sgml
doc/ja/lxc-monitor.sgml
doc/ja/lxc-snapshot.sgml
doc/ja/lxc-start-ephemeral.sgml
doc/ja/lxc-start.sgml
doc/ja/lxc-stop.sgml
doc/ja/lxc-top.sgml
......@@ -868,7 +765,6 @@ AC_CONFIG_FILES([
doc/ko/lxc-cgroup.sgml
doc/ko/lxc-checkconfig.sgml
doc/ko/lxc-checkpoint.sgml
doc/ko/lxc-clone.sgml
doc/ko/lxc-config.sgml
doc/ko/lxc-console.sgml
doc/ko/lxc-copy.sgml
......@@ -881,7 +777,6 @@ AC_CONFIG_FILES([
doc/ko/lxc-ls.sgml
doc/ko/lxc-monitor.sgml
doc/ko/lxc-snapshot.sgml
doc/ko/lxc-start-ephemeral.sgml
doc/ko/lxc-start.sgml
doc/ko/lxc-stop.sgml
doc/ko/lxc-top.sgml
......@@ -903,42 +798,17 @@ AC_CONFIG_FILES([
hooks/dhclient
templates/Makefile
templates/lxc-alpine
templates/lxc-altlinux
templates/lxc-archlinux
templates/lxc-busybox
templates/lxc-centos
templates/lxc-cirros
templates/lxc-debian
templates/lxc-download
templates/lxc-fedora
templates/lxc-fedora-legacy
templates/lxc-gentoo
templates/lxc-local
templates/lxc-oci
templates/lxc-openmandriva
templates/lxc-opensuse
templates/lxc-oracle
templates/lxc-plamo
templates/lxc-pld
templates/lxc-slackware
templates/lxc-sshd
templates/lxc-ubuntu
templates/lxc-ubuntu-cloud
templates/lxc-sparclinux
templates/lxc-voidlinux
templates/lxc-sabayon
src/Makefile
src/lxc/Makefile
src/lxc/lxc.functions
src/lxc/cmd/lxc-checkconfig
src/lxc/cmd/lxc-update-config
src/lxc/tools/lxc-start-ephemeral
src/lxc/version.h
src/python-lxc/Makefile
src/lua-lxc/Makefile
src/tests/Makefile
src/tests/lxc-test-usernic
......@@ -950,6 +820,39 @@ AC_OUTPUT
cat << EOF
----------------------------
Binaries
- Command Line Tools:
- lxc-attach: $enable_tools
- lxc-autostart: $enable_tools
- lxc-cgroup: $enable_tools
- lxc-checkpoint: $enable_tools
- lxc-config: $enable_tools
- lxc-console: $enable_tools
- lxc-copy: $enable_tools
- lxc-create: $enable_tools
- lxc-destroy: $enable_tools
- lxc-device: $enable_tools
- lxc-execute: $enable_tools
- lxc-freeze: $enable_tools
- lxc-info: $enable_tools
- lxc-ls: $enable_tools
- lxc-monitor: $enable_tools
- lxc-snapshot: $enable_tools
- lxc-start: $enable_tools
- lxc-stop: $enable_tools
- lxc-top: $enable_tools
- lxc-unfreeze: $enable_tools
- lxc-unshare: $enable_tools
- lxc-wait: $enable_tools
- liblxc Commands:
- lxc-checkconfig: $enable_commands
- lxc-update-config: $enable_commands
- lxc-init: $enable_commands
- lxc-monitord: $enable_commands
- lxc-user-nic: $enable_commands
- lxc-usernsexec: $enable_commands
Environment:
- compiler: $CC
- distribution: $with_distro
......@@ -968,10 +871,6 @@ PAM:
- PAM module: $enable_pam
- cgroup PAM module: $pamdir
Bindings:
- lua: $enable_lua
- python3: $enable_python
Documentation:
- examples: $enable_examples
- API documentation: $enable_api_docs
......
doc/Makefile.am
......@@ -15,46 +15,41 @@ EXTRA_DIST = \
FAQ.txt
if ENABLE_DOCBOOK
man_MANS = \
lxc-attach.1 \
lxc-autostart.1 \
lxc-cgroup.1 \
lxc-checkconfig.1 \
lxc-checkpoint.1 \
lxc-config.1 \
lxc-console.1 \
lxc-copy.1 \
lxc-create.1 \
lxc-destroy.1 \
lxc-device.1 \
lxc-execute.1 \
lxc-freeze.1 \
lxc-info.1 \
lxc-ls.1 \
lxc-monitor.1 \
lxc-snapshot.1 \
lxc-start.1 \
lxc-stop.1 \
lxc-top.1 \
lxc-unfreeze.1 \
lxc-unshare.1 \
lxc-update-config.1 \
lxc-user-nic.1 \
lxc-usernsexec.1 \
lxc-wait.1 \
\
lxc.conf.5 \
lxc.container.conf.5 \
lxc.system.conf.5 \
lxc-usernet.5 \
\
lxc.7
if ENABLE_DEPRECATED
man_MANS += lxc-clone.1
if ENABLE_PYTHON
man_MANS += lxc-start-ephemeral.1
man_MANS = lxc.conf.5 \
lxc.container.conf.5 \
lxc.system.conf.5 \
lxc-usernet.5 \
lxc.7
if ENABLE_TOOLS
man_MANS += lxc-attach.1 \
lxc-autostart.1 \
lxc-cgroup.1 \
lxc-checkconfig.1 \
lxc-checkpoint.1 \
lxc-config.1 \
lxc-console.1 \
lxc-copy.1 \
lxc-create.1 \
lxc-destroy.1 \
lxc-device.1 \
lxc-execute.1 \
lxc-freeze.1 \
lxc-info.1 \
lxc-ls.1 \
lxc-monitor.1 \
lxc-snapshot.1 \
lxc-start.1 \
lxc-stop.1 \
lxc-top.1 \
lxc-unfreeze.1 \
lxc-unshare.1 \
lxc-wait.1
endif
if ENABLE_COMMANDS
man_MANS += lxc-update-config.1 \
lxc-user-nic.1 \
lxc-usernsexec.1
endif
%.1 : %.sgml
......
doc/ja/Makefile.am
......@@ -42,13 +42,6 @@ man_MANS = \
\
lxc.7
if ENABLE_DEPRECATED
man_MANS += lxc-clone.1
if ENABLE_PYTHON
man_MANS += lxc-start-ephemeral.1
endif
endif
%.1 : %.sgml
$(db2xman) --encoding=UTF-8 $<
test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true
......
doc/ja/lxc-start-ephemeral.sgml.in deleted 100644 → 0
<!--
(C) Copyright Canonical Ltd. 2013
Authors:
Stéphane Graber <stgraber@ubuntu.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Translated into Japanese
by KATOH Yasufumi <karma at jazz.email.ne.jp>
-->
<!DOCTYPE refentry PUBLIC @docdtd@ [
<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
]>
<refentry>
<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
<refmeta>
<refentrytitle>lxc-start-ephemeral</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>lxc-start-ephemeral</refname>
<refpurpose>
<!--
start an ephemeral copy of an existing container
-->
存在するコンテナの一時的なコピーを起動
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>lxc-start-ephemeral</command>
<arg choice="opt">-o</arg>
<arg choice="opt">-n</arg>
<arg choice="opt">-d</arg>
<arg choice="opt">--bdir</arg>
<arg choice="opt">--user</arg>
<arg choice="opt">--key</arg>
<arg choice="opt">--storage-type</arg>
<arg choice="opt">--union-type</arg>
<arg choice="opt">--keep-data</arg>
<arg choice="opt">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title><!-- Description -->説明</title>
<para>
<!--
<command>lxc-start-ephemeral</command> start an ephemeral copy of an
existing container.
-->
<command>lxc-start-ephemeral</command> は、存在するコンテナの一時的なコピーからコンテナを起動します。
</para>
</refsect1>
<refsect1>
<title><!-- Options -->オプション</title>
<variablelist>
<varlistentry>
<term>
<option>-o, --orig <replaceable>orig</replaceable></option>
</term>
<listitem>
<para>
<!--
Original container name
-->
コピー元のコンテナ名
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-n, --name <replaceable>name</replaceable></option>
</term>
<listitem>
<para>
<!--
Name of the ephemeral container (defaults to a random suffix).
-->
一時的なコンテナの名前 (デフォルトではランダムなサフィックスが付与されます)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d, --daemon</option>
</term>
<listitem>
<para>
<!--
Start the container in background and print the name and IP.
This option can't be used if a command is passed.
-->
コンテナをバックグラウンドで実行し、名前と IP アドレスを表示します。
このオプションはコマンドを実行させたいときには使用することはできません。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b, --bdir <replaceable>bdir</replaceable></option>
</term>
<listitem>
<para>
<!--
Directory to bind mount into container.
Can be passed multiple times.
-->
コンテナ内にバインドマウントするためのディレクトリ。
複数回指定できます。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u, --user <replaceable>user</replaceable></option>
</term>
<listitem>
<para>
<!--
The user to connect to the container as.
Used when passing a command to lxc-start-ephemeral.
-->
コンテナに接続するためのユーザ。
lxc-start-ephemeral にコマンドを指定するときに使います。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-S, --key <replaceable>key</replaceable></option>
</term>
<listitem>
<para>
<!--
Copy the provided SSH public key into the container.
-->
コンテナ内にコピーする既存の SSH 公開鍵。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s, --storage-type <replaceable>storage type</replaceable></option>
</term>
<listitem>
<para>
<!--
Specify the type of storage used by the container. Valid types are tmpfs or dir.
-->
コンテナが使うストレージのタイプ。tmpfs か dir を指定できます。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U, --union-type <replaceable>union type</replaceable></option>
</term>
<listitem>
<para>
<!--
Force a specific union file system.
Can be one of: overlayfs aufs
-->
指定した union ファイルシステムを使用します。
overlayfs か aufs のどちらかが使用できます。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k, --keep-data</option>
</term>
<listitem>
<para>
<!--
Use a persistent backend instead of tmpfs.
With this option, you can lxc-stop and lxc-start the no longer so
ephemeral container (it's still an overlay, but a persistent one).
-->
tmpfs の代わりに永続的なバックエンドを使用します。このオプションを使うことにより、もはや一時的なコンテナではないので、lxc-stop や lxc-start を使用することができます (オーバーレイな状態ですが、永続的です)。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>COMMAND</option>
</term>
<listitem>
<para>
<!--
Immediately run the provided command in the container.
This uses attach if the kernel supports it, otherwise uses ssh.
This is incompatible with daemon mode.
-->
即座に指定したコマンドをコンテナ内で実行します。
コマンドを実行する際、カーネルがサポートしている場合は lxc-start-ephemeral は attach を使います。
カーネルがサポートしていない場合は ssh を使います。
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<simpara>
<citerefentry>
<refentrytitle>lxc-start</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>,
</simpara>
</refsect1>
<refsect1>
<title><!-- Examples -->例</title>
<variablelist>
<varlistentry>
<term>lxc-start-ephemeral -o p1</term>
<listitem>
<para>
<!--
Simply start an ephemeral container and attach to the console.
This container will be based on existing container "p1".
-->
単に一時的なコンテナを開始させ、コンソールにアタッチします。
このコンテナは "p1" という既存のコンテナを基にします。
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>lxc-start-ephemeral -o p1 -n p1-ephemeral -d</term>
<listitem>
<para>
<!--
Start an ephemeral container based on p1 called p1-ephemeral and
print its IP and name to the console instead of attaching.
-->
p1 を基にした一時的なコンテナを開始し、コンソールにアタッチする代わりに IP アドレスと名前を表示します。
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title><!-- Notes -->注意</title>
<para>
<!--
<command>lxc-start-ephemeral</command> is deprecated in favor of
<command>lxc-copy</command>.
-->
<command>lxc-start-ephemeral</command> は <command>lxc-copy</command> に置き換えられ、廃止される予定です。
</para>
</refsect1>
&seealso;
<refsect1>
<title><!-- Author -->作者</title>
<para>Stéphane Graber <email>stgraber@ubuntu.com</email></para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
doc/ko/Makefile.am
......@@ -41,13 +41,6 @@ man_MANS = \
\
lxc.7
if ENABLE_DEPRECATED
man_MANS += lxc-clone.1
if ENABLE_PYTHON
man_MANS += lxc-start-ephemeral.1
endif
endif
%.1 : %.sgml
$(db2xman) --encoding=UTF-8 $<
test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true
......
doc/ko/lxc-start-ephemeral.sgml.in deleted 100644 → 0
<!--
(C) Copyright Canonical Ltd. 2013
Authors:
Stéphane Graber <stgraber@ubuntu.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
Translated into Korean
by Sungbae Yoo <sungbae.yoo at samsung.com>
-->
<!DOCTYPE refentry PUBLIC @docdtd@ [
<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
]>
<refentry>
<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
<refmeta>
<refentrytitle>lxc-start-ephemeral</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>lxc-start-ephemeral</refname>
<refpurpose>
<!--
start an ephemeral copy of an existing container
-->
존재하는 컨테이너를 임시 복사본으로 시작
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>lxc-start-ephemeral</command>
<arg choice="opt">-o</arg>
<arg choice="opt">-n</arg>
<arg choice="opt">-d</arg>
<arg choice="opt">--bdir</arg>
<arg choice="opt">--user</arg>
<arg choice="opt">--key</arg>
<arg choice="opt">--storage-type</arg>
<arg choice="opt">--union-type</arg>
<arg choice="opt">--keep-data</arg>
<arg choice="opt">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title><!-- Description -->설명</title>
<para>
<!--
<command>lxc-start-ephemeral</command> start an ephemeral copy of an
existing container.
-->
<command>lxc-start-ephemeral</command>는 존재하는 컨테이너를 임시 복사본으로 시작시킨다.
</para>
</refsect1>
<refsect1>
<title><!-- Options -->옵션</title>
<variablelist>
<varlistentry>
<term>
<option>-o, --orig <replaceable>orig</replaceable></option>
</term>
<listitem>
<para>
<!--
Original container name
-->
원본 컨테이너 이름
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-n, --name <replaceable>name</replaceable></option>
</term>
<listitem>
<para>
<!--
Name of the ephemeral container (defaults to a random suffix).
-->
임시 컨테이너의 이름 (기본값은 무작위한 접미사를 붙이는 것)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d, --daemon</option>
</term>
<listitem>
<para>
<!--
Start the container in background and print the name and IP.
This option can't be used if a command is passed.
-->
컨테이너를 백그라운드로 시작한다. 그리고 이름과 IP를 표시한다.
옵션으로 명령어를 넘길 경우, 이 옵션은 사용하지 못한다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b, --bdir <replaceable>bdir</replaceable></option>
</term>
<listitem>
<para>
<!--
Directory to bind mount into container.
Can be passed multiple times.
-->
컨테이너로 바인드 마운트할 디렉토리.
여러번 인자로 넘겨줄 수 있다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u, --user <replaceable>user</replaceable></option>
</term>
<listitem>
<para>
<!--
The user to connect to the container as.
Used when passing a command to lxc-start-ephemeral.
-->
컨테이너에 연결할 사용자.
lxc-start-ephemeral로 명령어를 넘길때 사용한다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-S, --key <replaceable>key</replaceable></option>
</term>
<listitem>
<para>
<!--
Copy the provided SSH public key into the container.
-->
컨테이너 안으로 지정한 SSH 공개키를 복사한다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s, --storage-type <replaceable>storage type</replaceable></option>
</term>
<listitem>
<para>
<!--
Specify the type of storage used by the container. Valid types are tmpfs or dir.
-->
컨테이너가 사용하는 저장소 형태를 지정한다. 가능한 형태는 tmpfs, dir이다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U, --union-type <replaceable>union type</replaceable></option>
</term>
<listitem>
<para>
<!--
Force a specific union file system.
Can be one of: overlayfs aufs
-->
지정한 union 파일시스템을 사용한다.
가능한 파일시스템은 overlayfs, aufs이다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k, --keep-data</option>
</term>
<listitem>
<para>
<!--
Use a persistent backend instead of tmpfs.
With this option, you can lxc-stop and lxc-start the no longer so
ephemeral container (it's still an overlay, but a persistent one).
-->
tmpfs 대신 영구적인 백엔드를 사용한다.
이 옵션을 사용하면, 더이상 임시 컨테이너가 아니기 때문에 lxc-stop이나 lxc-start를 사용할 수 있게 된다. (여전히 오버레이 상태이지만 영구적이다)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>COMMAND</option>
</term>
<listitem>
<para>
<!--
Immediately run the provided command in the container.
This uses attach if the kernel supports it, otherwise uses ssh.
This is incompatible with daemon mode.
-->
지정한 명령어를 컨테이너 안에서 바로 실행한다.
커널이 attach를 지원하면 attach를 사용하고, 지원하지 않으면 ssh를 사용한다.
이 옵션은 데몬 모드와 같이 사용할 수 없다.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title><!-- See Also -->참조</title>
<simpara>
<citerefentry>
<refentrytitle>lxc-start</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>,
</simpara>
</refsect1>
<refsect1>
<title><!-- Examples -->예제</title>
<variablelist>
<varlistentry>
<term>lxc-start-ephemeral -o p1</term>
<listitem>
<para>
<!--
Simply start an ephemeral container and attach to the console.
This container will be based on existing container "p1".
-->
단순히 임시 복사본 컨테이너를 시작하고, console에 연결한다.
임시 컨테이너는 컨테이너 p1을 기반으로 한다.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>lxc-start-ephemeral -o p1 -n p1-ephemeral -d</term>
<listitem>
<para>
<!--
Start an ephemeral container based on p1 called p1-ephemeral and
print its IP and name to the console instead of attaching.
-->
컨테이너 p1을 기반으로 임시 컨테이너 p1-ephemeral을 시작한다.
console에 연결하지 않고, 컨테이너의 IP와 이름을 출력한다.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title><!-- Notes -->주의</title>
<para>
<!--
<command>lxc-start-ephemeral</command> is deprecated in favor of
<command>lxc-copy</command>.
-->
<command>lxc-start-ephemeral</command>는 <command>lxc-copy</command>로 대체되었으며, 제거될 예정이다.
</para>
</refsect1>
&seealso;
<refsect1>
<title><!-- Author -->저자</title>
<para>Stéphane Graber <email>stgraber@ubuntu.com</email></para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
doc/lxc-clone.sgml.in deleted 100644 → 0
<!--
lxc: linux Container library
(C) Copyright IBM Corp. 2007, 2008
Authors:
Daniel Lezcano <daniel.lezcano at free.fr>
Serge Hallyn <serge.hallyn at ubuntu.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-->
<!DOCTYPE refentry PUBLIC @docdtd@ [
<!ENTITY commonoptions SYSTEM "@builddir@/common_options.sgml">
<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
]>
<refentry>
<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
<refmeta>
<refentrytitle>lxc-clone</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>lxc-clone</refname>
<refpurpose>
clone a new container from an existing one.
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>lxc-clone</command>
<arg choice="opt">-s </arg>
<arg choice="opt">-K </arg>
<arg choice="opt">-M </arg>
<arg choice="opt">-H </arg>
<arg choice="opt">-B <replaceable>backingstore</replaceable></arg>
<arg choice="opt">-L <replaceable>fssize</replaceable></arg>
<arg choice="opt">-p <replaceable>lxcpath</replaceable></arg>
<arg choice="opt">-P <replaceable>newlxcpath</replaceable></arg>
<arg choice="opt">-R </arg>
<arg choice="req">-o <replaceable>orig</replaceable></arg>
<arg choice="req">-n <replaceable>new</replaceable></arg>
<arg choice="opt">-- hook arguments</arg>
</cmdsynopsis>
<cmdsynopsis>
<command>lxc-clone</command>
<arg choice="opt">-s </arg>
<arg choice="opt">-K </arg>
<arg choice="opt">-M </arg>
<arg choice="opt">-H </arg>
<arg choice="opt">-B <replaceable>backingstore</replaceable></arg>
<arg choice="opt">-L <replaceable>fssize</replaceable></arg>
<arg choice="opt">-p <replaceable>lxcpath</replaceable></arg>
<arg choice="opt">-P <replaceable>newlxcpath</replaceable></arg>
<arg choice="opt">-R </arg>
<arg choice="req">orig</arg>
<arg choice="req">new</arg>
<arg choice="opt">-- hook arguments</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
<command>lxc-clone</command> Creates a new container as a clone of an existing
container. Two types of clones are supported: copy and snapshot. A copy
clone copies the root filessytem from the original container to the new. A
snapshot filesystem uses the backing store's snapshot functionality to create
a very small copy-on-write snapshot of the original container. Snapshot
clones require the new container backing store to support snapshotting. Currently
this includes only aufs, btrfs, lvm, overlayfs and zfs. LVM devices do not support
snapshots of snapshots.
</para>
<para>
The backing store of the new container will be the same type as the
original container, with one exception, overlay containers.
aufs and overlayfs snapshots can be created of directory backed
containers. This can be requested by using (for overlayfs) the
<replaceable>-B overlayfs</replaceable> arguments.
</para>
<para>
The names of the original and new container can be given (in that order)
after all options, or can be specified with the
<replaceable>-o</replaceable> and <replaceable>-n</replaceable> options,
respectively.
</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term>
<option>-s, --snapshot</option>
</term>
<listitem>
<para>
The new container's rootfs will be a snapshot of the original. This option can be specified when the backing store is LVM, btrfs or zfs, and must be specified when you want to snapshot using aufs or overlayfs.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-K, --keepname</option>
</term>
<listitem>
<para>
Do not change the hostname of the container (in the root
filesystem).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-M, --keepmac</option>
</term>
<listitem>
<para>
Use the same MAC address as the original container, rather than
generating a new random one.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-H, --copyhooks</option>
</term>
<listitem>
<para>
Copy all mount hooks into the new container's directory, and
update any lxcpaths and container names as needed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-L, --fssize <replaceable>fssize</replaceable></option>
</term>
<listitem>
<para>
In the case of a block device backed container, a size for the new
block device. By default, the new device will be made the
same size as the original.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-p, --lxcpath <replaceable>lxcpath</replaceable></option>
</term>
<listitem>
<para>
The lxcpath of the original container. By default, the system
wide configured lxcpath will be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-P, --newpath <replaceable>newlxcpath</replaceable></option>
</term>
<listitem>
<para>
The lxcpath for the new container. By default the same lxcpath
as the original will be used. Note that with btrfs snapshots,
changing lxcpaths may not be possible, as subvolume snapshots
must be in the same btrfs filesystem.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-B, --backingstore <replaceable>backingstore</replaceable></option>
</term>
<listitem>
<para>
Select a different backing store for the new container. By
default the same as the original container's is used. Note that
currently changing the backingstore is only supported for
aufs and overlayfs snapshots of directory backed containers. Valid
backing stores include dir (directory), aufs, btrfs, lvm, zfs, loop
and overlayfs.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-R, --rename</option>
</term>
<listitem>
<para>
Rename an existing container.
<replaceable>orig</replaceable> is renamed <replaceable>new</replaceable>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-o, --orig <replaceable>orig</replaceable></option>
</term>
<listitem>
<para>
The name of the original container to clone.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-n, --new <replaceable>new</replaceable></option>
</term>
<listitem>
<para>
The name of the new container to create.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Clone hook</title>
<para>
If the container being cloned has one or more <filename>lxc.hook.clone</filename>
specified, then the specified hooks will be called for the new container. The
first 3 arguments passed to the clone hook will be the container name, a section
('lxc'), and the hook type ('clone'). Extra arguments passed
<command>lxc-clone</command> will be passed to the hook program starting at
argument 4. The <filename>LXC_ROOTFS_MOUNT</filename> environment variable gives
the path under which the container's root filesystem is mounted. The
configuration file pathname is stored in <filename>LXC_CONFIG_FILE</filename>, the
new container name in <filename>LXC_NAME</filename>, the old container name in
<filename>LXC_SRC_NAME</filename>, and the path or device on which
the rootfs is located is in <filename>LXC_ROOTFS_PATH</filename>.
</para>
</refsect1>
<refsect1>
<title>Notes</title>
<para>
<command>lxc-clone</command> is deprecated in favor of
<command>lxc-copy</command>.
</para>
</refsect1>
&seealso;
<refsect1>
<title>Author</title>
<para>Serge Hallyn <email>serge.hallyn@ubuntu.com</email></para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
doc/lxc-copy.sgml.in
......@@ -105,8 +105,7 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
<para>
<command>lxc-copy</command> creates and optionally starts (ephemeral or
non-ephemeral) copies of existing containers. It replaces
<command>lxc-clone</command> and <command>lxc-start-ephemeral</command>.
non-ephemeral) copies of existing containers.
</para>
<para>
<command>lxc-copy</command> creates copies of existing containers. Copies
......
doc/lxc-start-ephemeral.sgml.in deleted 100644 → 0
<!--
(C) Copyright Canonical Ltd. 2013
Authors:
Stéphane Graber <stgraber@ubuntu.com>
This library is free software; you can redistribute it and/or
modify it under the terms of the GNU Lesser General Public
License as published by the Free Software Foundation; either
version 2.1 of the License, or (at your option) any later version.
This library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public
License along with this library; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-->
<!DOCTYPE refentry PUBLIC @docdtd@ [
<!ENTITY seealso SYSTEM "@builddir@/see_also.sgml">
]>
<refentry>
<docinfo><date>@LXC_GENERATE_DATE@</date></docinfo>
<refmeta>
<refentrytitle>lxc-start-ephemeral</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>lxc-start-ephemeral</refname>
<refpurpose>
start an ephemeral copy of an existing container
</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>lxc-start-ephemeral</command>
<arg choice="opt">-o</arg>
<arg choice="opt">-n</arg>
<arg choice="opt">-d</arg>
<arg choice="opt">--bdir</arg>
<arg choice="opt">--user</arg>
<arg choice="opt">--key</arg>
<arg choice="opt">--storage-type</arg>
<arg choice="opt">--union-type</arg>
<arg choice="opt">--keep-data</arg>
<arg choice="opt">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para>
<command>lxc-start-ephemeral</command> start an ephemeral copy of an
existing container.
</para>
</refsect1>
<refsect1>
<title>Options</title>
<variablelist>
<varlistentry>
<term>
<option>-o, --orig <replaceable>orig</replaceable></option>
</term>
<listitem>
<para>
Original container name
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-n, --name <replaceable>name</replaceable></option>
</term>
<listitem>
<para>
Name of the ephemeral container (defaults to a random suffix).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-d, --daemon</option>
</term>
<listitem>
<para>
Start the container in background and print the name and IP.
This option can't be used if a command is passed.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-b, --bdir <replaceable>bdir</replaceable></option>
</term>
<listitem>
<para>
Directory to bind mount into container.
Can be passed multiple times.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-u, --user <replaceable>user</replaceable></option>
</term>
<listitem>
<para>
The user to connect to the container as.
Used when passing a command to lxc-start-ephemeral.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-S, --key <replaceable>key</replaceable></option>
</term>
<listitem>
<para>
Copy the provided SSH public key into the container.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-s, --storage-type <replaceable>storage type</replaceable></option>
</term>
<listitem>
<para>
Specify the type of storage used by the container. Valid types are tmpfs or dir.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-U, --union-type <replaceable>union type</replaceable></option>
</term>
<listitem>
<para>
Force a specific union file system.
Can be one of: overlayfs aufs
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>-k, --keep-data</option>
</term>
<listitem>
<para>
Use a persistent backend instead of tmpfs.
With this option, you can lxc-stop and lxc-start the no longer so
ephemeral container (it's still an overlay, but a persistent one).
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>COMMAND</option>
</term>
<listitem>
<para>
Immediately run the provided command in the container.
This uses attach if the kernel supports it, otherwise uses ssh.
This is incompatible with daemon mode.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<simpara>
<citerefentry>
<refentrytitle>lxc-start</refentrytitle>
<manvolnum>1</manvolnum>
</citerefentry>,
</simpara>
</refsect1>
<refsect1>
<title>Examples</title>
<variablelist>
<varlistentry>
<term>lxc-start-ephemeral -o p1</term>
<listitem>
<para>
Simply start an ephemeral container and attach to the console.
This container will be based on existing container "p1".
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>lxc-start-ephemeral -o p1 -n p1-ephemeral -d</term>
<listitem>
<para>
Start an ephemeral container based on p1 called p1-ephemeral and
print its IP and name to the console instead of attaching.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Notes</title>
<para>
<command>lxc-start-ephemeral</command> is deprecated in favor of
<command>lxc-copy</command>.
</para>
</refsect1>
&seealso;
<refsect1>
<title>Author</title>
<para>Stéphane Graber <email>stgraber@ubuntu.com</email></para>
</refsect1>
</refentry>
<!-- Keep this comment at the end of the file
Local variables:
mode: sgml
sgml-omittag:t
sgml-shorttag:t
sgml-minimize-attributes:nil
sgml-always-quote-attributes:t
sgml-indent-step:2
sgml-indent-data:t
sgml-parent-document:nil
sgml-default-dtd-file:nil
sgml-exposed-tags:nil
sgml-local-catalogs:nil
sgml-local-ecat-files:nil
End:
-->
doc/lxc.container.conf.sgml.in
......@@ -1897,11 +1897,10 @@ dev/null proc/kcore none bind,relative 0 0
<listitem><para> Section (always 'lxc'). </para></listitem>
<listitem><para> The hook type (i.e. 'clone' or 'pre-mount'). </para></listitem>
<listitem><para> Additional arguments. In the
case of the clone hook, any extra arguments passed to
lxc-clone will appear as further arguments to the hook.
In the case of the stop hook, paths to filedescriptors
for each of the container's namespaces along with their types
are passed. </para></listitem>
case of the clone hook, any extra arguments passed will appear as
further arguments to the hook. In the case of the stop hook, paths to
filedescriptors for each of the container's namespaces along with
their types are passed. </para></listitem>
</itemizedlist>
The following environment variables are set:
<itemizedlist>
......
lxc.spec.in
......@@ -20,9 +20,6 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
%global with_python %{?_with_python: 1} %{?!_with_python: 0}
%global with_lua %{?_with_lua: 1} %{?!_with_lua: 0}
# Set with_systemd on distros that use it, so we can install the service
# file, otherwise the sysvinit script will be installed
%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
......@@ -94,12 +91,6 @@ BuildRequires: libseccomp-devel
%endif
%endif
%if %{with_python}
Requires: python3
BuildRequires: python3-devel
BuildRequires: python3-setuptools
%endif
%description
Containers are insulated areas inside a system, which have their own namespace
for filesystem, network, PID, IPC, CPU and memory allocation and which can be
......@@ -124,26 +115,10 @@ Requires: %{name} = %{version}-%{release}, pkgconfig
The %{name}-devel package contains header files and library needed for
development of the Linux containers.
%if %{with_lua}
%package lua
Summary: Lua bindings for %{name}
Group: System Environment/Libraries
Requires: lua-filesystem lua-alt-getopt
BuildRequires: lua-devel
%description lua
The %{name}-lua package contains %{name} bindings for lua.
%endif
%prep
%setup -q -n %{name}-%{version}%{?beta_dot}
%build
PATH=$PATH:/usr/sbin:/sbin %configure $args \
%if %{with_lua}
--enable-lua \
%endif
%if %{with_python}
--enable-python \
%endif
%if "x%{_unitdir}" != "x"
--with-systemdsystemunitdir=%{_unitdir} \
%endif
......@@ -280,17 +255,6 @@ fi
%attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers
%endif
%if %{with_python}
%{python3_sitearch}/*
%endif
%if %{with_lua}
%files lua
%defattr(-,root,root)
%{_datadir}/lua
%{_libdir}/lua
%endif
%files devel
%defattr(-,root,root)
%{_includedir}/%{name}/*
......
src/Makefile.am
SUBDIRS = lxc tests python-lxc lua-lxc
SUBDIRS = lxc tests
src/lua-lxc/Makefile.am deleted 100644 → 0
if ENABLE_LUA
luasharedir=$(LUA_SHAREDIR)
lualibdir=$(LUA_LIBDIR)
luadir=$(luasharedir)
sodir=$(lualibdir)/lxc
lua_DATA=lxc.lua
lib_LTLIBRARIES = libcore.la
libcore_la_SOURCES = core.c
AM_CFLAGS=-I$(top_builddir)/src -I$(top_srcdir)/src $(LUA_CFLAGS) -DVERSION=\"$(VERSION)\" -DLXCPATH=\"$(LXCPATH)\"
libcore_la_CFLAGS = -fPIC -DPIC $(AM_CFLAGS)
libcore_la_LDFLAGS = \
-shared \
-L$(top_builddir)/src/lxc \
-Wl,-soname,core.so.$(firstword $(subst ., ,$(VERSION)))
libcore_la_LIBADD = -llxc
install-exec-local: install-libLTLIBRARIES
mkdir -p $(DESTDIR)$(lualibdir)/lxc/
mv $(DESTDIR)$(libdir)/libcore.so.0.0.0 $(DESTDIR)$(lualibdir)/lxc/core.so
rm $(DESTDIR)$(libdir)/libcore.*
uninstall-local:
$(RM) $(DESTDIR)$(lualibdir)/lxc/core.so*
lxc.lua:
endif
EXTRA_DIST= \
lxc.lua \
test/apitest.lua
src/lxc/Makefile.am
......@@ -200,18 +200,14 @@ liblxc_la_LDFLAGS = \
liblxc_la_LIBADD = $(CAP_LIBS) $(SELINUX_LIBS) $(SECCOMP_LIBS)
bin_SCRIPTS = cmd/lxc-checkconfig \
cmd/lxc-update-config
bin_SCRIPTS=
EXTRA_DIST = \
tools/lxc-top.lua
if ENABLE_DEPRECATED
if ENABLE_PYTHON
bin_SCRIPTS += tools/lxc-start-ephemeral
endif
if ENABLE_COMMANDS
bin_SCRIPTS += cmd/lxc-checkconfig \
cmd/lxc-update-config
endif
if ENABLE_TOOLS
bin_PROGRAMS = \
lxc-attach \
lxc-autostart \
......@@ -236,15 +232,14 @@ bin_PROGRAMS = \
lxc-unshare \
lxc-usernsexec \
lxc-wait
if ENABLE_DEPRECATED
bin_PROGRAMS += lxc-clone
endif
if ENABLE_COMMANDS
sbin_PROGRAMS = init.lxc
pkglibexec_PROGRAMS = \
lxc-monitord \
lxc-user-nic
endif
AM_LDFLAGS = -Wl,-E
if ENABLE_RPATH
......@@ -252,6 +247,7 @@ AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
endif
LDADD=liblxc.la @CAP_LIBS@ @SELINUX_LIBS@ @SECCOMP_LIBS@
if ENABLE_TOOLS
lxc_attach_SOURCES = tools/lxc_attach.c tools/arguments.c tools/tool_utils.c
lxc_autostart_SOURCES = tools/lxc_autostart.c tools/arguments.c tools/tool_utils.c
lxc_cgroup_SOURCES = tools/lxc_cgroup.c tools/arguments.c tools/tool_utils.c
......@@ -274,21 +270,24 @@ lxc_wait_SOURCES = tools/lxc_wait.c tools/arguments.c tools/tool_utils.c
lxc_create_SOURCES = tools/lxc_create.c tools/arguments.c tools/tool_utils.c
lxc_snapshot_SOURCES = tools/lxc_snapshot.c tools/arguments.c tools/tool_utils.c
lxc_checkpoint_SOURCES = tools/lxc_checkpoint.c tools/arguments.c tools/tool_utils.c
endif
if ENABLE_COMMANDS
# Binaries shipping with liblxc
init_lxc_SOURCES = cmd/lxc_init.c
lxc_monitord_SOURCES = cmd/lxc_monitord.c
lxc_user_nic_SOURCES = cmd/lxc_user_nic.c namespace.c network.c parse.c
lxc_usernsexec_SOURCES = cmd/lxc_usernsexec.c
if ENABLE_DEPRECATED
lxc_clone_SOURCES = tools/lxc_clone.c tools/arguments.c
endif
if ENABLE_TOOLS
if !HAVE_GETSUBOPT
lxc_copy_SOURCES += tools/include/getsubopt.c tools/include/getsubopt.h
endif
endif
if ENABLE_COMMANDS
if HAVE_STATIC_LIBCAP
sbin_PROGRAMS += init.lxc.static
......@@ -304,6 +303,7 @@ init_lxc_static_LDFLAGS = -all-static
init_lxc_static_LDADD = @CAP_LIBS@
init_lxc_static_CFLAGS = $(AM_CFLAGS) -DNO_LXC_CONF
endif
endif
if ENABLE_PAM
if HAVE_PAM
......
src/lxc/tools/lxc-top.lua deleted 100755 → 0
#!/usr/bin/env lua
--
-- top(1) like monitor for lxc containers
--
-- Copyright © 2012 Oracle.
--
-- Authors:
-- Dwight Engen <dwight.engen@oracle.com>
--
-- This library is free software; you can redistribute it and/or modify
-- it under the terms of the GNU General Public License version 2, as
-- published by the Free Software Foundation.
--
-- This program is distributed in the hope that it will be useful,
-- but WITHOUT ANY WARRANTY; without even the implied warranty of
-- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-- GNU General Public License for more details.
--
-- You should have received a copy of the GNU General Public License along
-- with this program; if not, write to the Free Software Foundation, Inc.,
-- 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
--
local lxc = require("lxc")
local core = require("lxc.core")
local getopt = require("alt_getopt")
local USER_HZ = 100
local ESC = string.format("%c", 27)
local TERMCLEAR = ESC.."[H"..ESC.."[J"
local TERMNORM = ESC.."[0m"
local TERMBOLD = ESC.."[1m"
local TERMRVRS = ESC.."[7m"
local containers = {}
local stats = {}
local stats_total = {}
local max_containers
function printf(...)
local function wrapper(...) io.write(string.format(...)) end
local status, result = pcall(wrapper, ...)
if not status then
error(result, 2)
end
end
function string:split(delim, max_cols)
local cols = {}
local start = 1
local nextc
repeat
nextc = string.find(self, delim, start)
if (nextc and #cols ~= max_cols - 1) then
table.insert(cols, string.sub(self, start, nextc-1))
start = nextc + #delim
else
table.insert(cols, string.sub(self, start, string.len(self)))
nextc = nil
end
until nextc == nil or start > #self
return cols
end
function strsisize(size, width)
local KiB = 1024
local MiB = 1048576
local GiB = 1073741824
local TiB = 1099511627776
local PiB = 1125899906842624
local EiB = 1152921504606846976
local ZiB = 1180591620717411303424
if (size >= ZiB) then
return string.format("%d.%2.2d ZB", size / ZiB, (math.floor(size % ZiB) * 100) / ZiB)
end
if (size >= EiB) then
return string.format("%d.%2.2d EB", size / EiB, (math.floor(size % EiB) * 100) / EiB)
end
if (size >= PiB) then
return string.format("%d.%2.2d PB", size / PiB, (math.floor(size % PiB) * 100) / PiB)
end
if (size >= TiB) then
return string.format("%d.%2.2d TB", size / TiB, (math.floor(size % TiB) * 100) / TiB)
end
if (size >= GiB) then
return string.format("%d.%2.2d GB", size / GiB, (math.floor(size % GiB) * 100) / GiB)
end
if (size >= MiB) then
return string.format("%d.%2.2d MB", size / MiB, (math.floor(size % MiB) * 1000) / (MiB * 10))
end
if (size >= KiB) then
return string.format("%d.%2.2d KB", size / KiB, (math.floor(size % KiB) * 1000) / (KiB * 10))
end
return string.format("%3d.00 ", size)
end
function tty_lines()
local rows = 25
local f = assert(io.popen("stty -a | head -n 1"))
for line in f:lines() do
local stty_rows
_,_,stty_rows = string.find(line, "rows (%d+)")
if (stty_rows ~= nil) then
rows = stty_rows
break
end
end
f:close()
return rows
end
function container_sort(a, b)
if (optarg["r"]) then
if (optarg["s"] == "n") then return (a > b)
elseif (optarg["s"] == "c") then return (stats[a].cpu_use_nanos < stats[b].cpu_use_nanos)
elseif (optarg["s"] == "d") then return (stats[a].blkio < stats[b].blkio)
elseif (optarg["s"] == "m") then return (stats[a].mem_used < stats[b].mem_used)
elseif (optarg["s"] == "k") then return (stats[a].kmem_used < stats[b].kmem_used)
end
else
if (optarg["s"] == "n") then return (a < b)
elseif (optarg["s"] == "c") then return (stats[a].cpu_use_nanos > stats[b].cpu_use_nanos)
elseif (optarg["s"] == "d") then return (stats[a].blkio > stats[b].blkio)
elseif (optarg["s"] == "m") then return (stats[a].mem_used > stats[b].mem_used)
elseif (optarg["s"] == "k") then return (stats[a].kmem_used > stats[b].kmem_used)
end
end
end
function container_list_update()
local now_running
now_running = lxc.containers_running(true)
-- check for newly started containers
for _,v in ipairs(now_running) do
if (containers[v] == nil) then
local ct = lxc.container:new(v)
-- note, this is a "mixed" table, ie both dictionary and list
containers[v] = ct
table.insert(containers, v)
end
end
-- check for newly stopped containers
local indx = 1
while (indx <= #containers) do
local ctname = containers[indx]
if (now_running[ctname] == nil) then
containers[ctname] = nil
stats[ctname] = nil
table.remove(containers, indx)
else
indx = indx + 1
end
end
-- get stats for all current containers and resort the list
lxc.stats_clear(stats_total)
for _,ctname in ipairs(containers) do
stats[ctname] = containers[ctname]:stats_get(stats_total)
end
table.sort(containers, container_sort)
end
function stats_print_header(stats_total)
printf(TERMRVRS .. TERMBOLD)
printf("%-15s %8s %8s %8s %10s %10s", "Container", "CPU", "CPU", "CPU", "BlkIO", "Mem")
if (stats_total.kmem_used > 0) then printf(" %10s", "KMem") end
printf("\n")
printf("%-15s %8s %8s %8s %10s %10s", "Name", "Used", "Sys", "User", "Total", "Used")
if (stats_total.kmem_used > 0) then printf(" %10s", "Used") end
printf("\n")
printf(TERMNORM)
end
function stats_print(name, stats, stats_total)
printf("%-15s %8.2f %8.2f %8.2f %10s %10s",
name,
stats.cpu_use_nanos / 1000000000,
stats.cpu_use_sys / USER_HZ,
stats.cpu_use_user / USER_HZ,
strsisize(stats.blkio),
strsisize(stats.mem_used))
if (stats_total.kmem_used > 0) then
printf(" %10s", strsisize(stats.kmem_used))
end
end
function usage()
printf("Usage: lxc-top [options]\n" ..
" -h|--help print this help message\n" ..
" -m|--max display maximum number of containers\n" ..
" -d|--delay delay in seconds between refreshes (default: 3.0)\n" ..
" -s|--sort sort by [n,c,d,m] (default: n) where\n" ..
" n = Name\n" ..
" c = CPU use\n" ..
" d = Disk I/O use\n" ..
" m = Memory use\n" ..
" k = Kernel memory use\n" ..
" -r|--reverse sort in reverse (descending) order\n"
)
os.exit(1)
end
local long_opts = {
help = "h",
delay = "d",
max = "m",
reverse = "r",
sort = "s",
}
optarg,optind = alt_getopt.get_opts (arg, "hd:m:rs:", long_opts)
optarg["d"] = tonumber(optarg["d"]) or 3.0
optarg["m"] = tonumber(optarg["m"]) or tonumber(tty_lines() - 3)
optarg["r"] = optarg["r"] or false
optarg["s"] = optarg["s"] or "n"
if (optarg["h"] ~= nil) then
usage()
end
while true
do
container_list_update()
-- if some terminal we care about doesn't support the simple escapes, we
-- may fall back to this, or ncurses. ug.
--os.execute("tput clear")
printf(TERMCLEAR)
stats_print_header(stats_total)
for index,ctname in ipairs(containers) do
stats_print(ctname, stats[ctname], stats_total)
printf("\n")
if (index >= optarg["m"]) then
break
end
end
stats_print(string.format("TOTAL (%-2d)", #containers), stats_total, stats_total)
io.flush()
core.usleep(optarg["d"] * 1000000)
end
src/lxc/tools/lxc_clone.c deleted 100644 → 0
/*
*
* Copyright © 2013 Serge Hallyn <serge.hallyn@ubuntu.com>.
* Copyright © 2013 Canonical Ltd.
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License version 2, as
* published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include <ctype.h>
#include <errno.h>
#include <getopt.h>
#include <signal.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/types.h>
#include <sys/wait.h>
#include <lxc/lxccontainer.h>
/* we pass fssize in bytes */
static uint64_t get_fssize(char *s)
{
uint64_t ret;
char *end;
ret = strtoull(s, &end, 0);
if (end == s) {
fprintf(stderr,
"Invalid blockdev size '%s', using default size\n", s);
return 0;
}
while (isblank(*end))
end++;
if (*end == '\0') {
ret *= 1024ULL * 1024ULL; /* MB by default */
} else if (*end == 'b' || *end == 'B') {
ret *= 1ULL;
} else if (*end == 'k' || *end == 'K') {
ret *= 1024ULL;
} else if (*end == 'm' || *end == 'M') {
ret *= 1024ULL * 1024ULL;
} else if (*end == 'g' || *end == 'G') {
ret *= 1024ULL * 1024ULL * 1024ULL;
} else if (*end == 't' || *end == 'T') {
ret *= 1024ULL * 1024ULL * 1024ULL * 1024ULL;
} else {
fprintf(stderr, "Invalid blockdev unit size '%c' in '%s', "
"using default size\n",
*end, s);
return 0;
}
return ret;
}
static void usage(const char *me)
{
printf("Usage: %s [-s] [-B backingstore] [-L size[unit]] [-K] [-M] [-H]\n", me);
printf(" [-p lxcpath] [-P newlxcpath] orig new\n");
printf("\n");
printf(" -s: snapshot rather than copy\n");
printf(" -B: use specified new backingstore. Default is the same as\n");
printf(" the original. Options include aufs, btrfs, lvm, overlayfs, \n");
printf(" dir and loop\n");
printf(" -L: for blockdev-backed backingstore, use specified size * specified\n");
printf(" unit. Default size is the size of the source blockdev, default\n");
printf(" unit is MB\n");
printf(" -K: Keep name - do not change the container name\n");
printf(" -M: Keep macaddr - do not choose a random new mac address\n");
printf(" -p: use container orig from custom lxcpath\n");
printf(" -P: create container new in custom lxcpath\n");
printf(" -R: rename existing container\n");
exit(EXIT_SUCCESS);
}
static struct option options[] = {
{ "snapshot", no_argument, 0, 's'},
{ "backingstore", required_argument, 0, 'B'},
{ "size", required_argument, 0, 'L'},
{ "orig", required_argument, 0, 'o'},
{ "new", required_argument, 0, 'n'},
{ "vgname", required_argument, 0, 'v'},
{ "rename", no_argument, 0, 'R'},
{ "keepname", no_argument, 0, 'K'},
{ "keepmac", no_argument, 0, 'M'},
{ "lxcpath", required_argument, 0, 'p'},
{ "newpath", required_argument, 0, 'P'},
{ "fstype", required_argument, 0, 't'},
{ "help", no_argument, 0, 'h'},
{ 0, 0, 0, 0 },
};
int main(int argc, char *argv[])
{
struct lxc_container *c1 = NULL, *c2 = NULL;
int snapshot = 0, keepname = 0, keepmac = 0, rename = 0;
int flags = 0, option_index;
uint64_t newsize = 0;
char *bdevtype = NULL, *lxcpath = NULL, *newpath = NULL, *fstype = NULL;
char *orig = NULL, *new = NULL, *vgname = NULL;
char **args = NULL;
int c;
bool ret;
fprintf(stderr, "lxc-clone is deprecated in favor of lxc-copy.\n\n");
if (argc < 3)
usage(argv[0]);
while (true) {
c = getopt_long(argc, argv, "sB:L:o:n:v:KMHp:P:Rt:h", options,
&option_index);
if (c == -1)
break;
switch (c) {
case 's':
snapshot = 1;
break;
case 'B':
bdevtype = optarg;
break;
case 'L':
newsize = get_fssize(optarg);
break;
case 'o':
orig = optarg;
break;
case 'n':
new = optarg;
break;
case 'v':
vgname = optarg;
break;
case 'K':
keepname = 1;
break;
case 'M':
keepmac = 1;
break;
case 'p':
lxcpath = optarg;
break;
case 'P':
newpath = optarg;
break;
case 'R':
rename = 1;
break;
case 't':
fstype = optarg;
break;
case 'h':
usage(argv[0]);
default:
break;
}
}
if (optind < argc && !orig)
orig = argv[optind++];
if (optind < argc && !new)
new = argv[optind++];
/* arguments for the clone hook */
if (optind < argc)
args = &argv[optind];
if (!new || !orig) {
printf("Error: you must provide orig and new names\n");
usage(argv[0]);
}
if (snapshot)
flags |= LXC_CLONE_SNAPSHOT;
if (keepname)
flags |= LXC_CLONE_KEEPNAME;
if (keepmac)
flags |= LXC_CLONE_KEEPMACADDR;
/* vgname and fstype could be supported by sending them through the
* bdevdata. However, they currently are not yet. I'm not convinced
* they are worthwhile.
*/
if (vgname) {
printf("Error: vgname not supported\n");
usage(argv[0]);
}
if (fstype) {
printf("Error: fstype not supported\n");
usage(argv[0]);
}
c1 = lxc_container_new(orig, lxcpath);
if (!c1)
exit(EXIT_FAILURE);
if (!c1->may_control(c1)) {
fprintf(stderr, "Insufficent privileges to control %s\n", orig);
lxc_container_put(c1);
exit(EXIT_FAILURE);
}
if (!c1->is_defined(c1)) {
fprintf(stderr, "Error: container %s is not defined\n", orig);
lxc_container_put(c1);
exit(EXIT_FAILURE);
}
if (rename) {
ret = c1->rename(c1, new);
if (!ret) {
fprintf(stderr,
"Error: Renaming container %s to %s failed\n",
c1->name, new);
lxc_container_put(c1);
exit(EXIT_FAILURE);
}
} else {
c2 = c1->clone(c1, new, newpath, flags, bdevtype, NULL, newsize, args);
if (c2 == NULL) {
lxc_container_put(c1);
fprintf(stderr, "clone failed\n");
exit(EXIT_FAILURE);
}
printf("Created container %s as %s of %s\n", new,
snapshot ? "snapshot" : "copy", orig);
lxc_container_put(c2);
}
lxc_container_put(c1);
exit(EXIT_SUCCESS);
}
src/python-lxc/Makefile.am deleted 100644 → 0
if ENABLE_PYTHON
if HAVE_DEBIAN
DISTSETUPOPTS=--install-layout=deb
else
DISTSETUPOPTS=
endif
if ENABLE_RPATH
RPATHOPTS=-R $(libdir)
else
RPATHOPTS=
endif
CALL_SETUP_PY := cd @srcdir@ && $(PYTHON) setup.py build -b @abs_builddir@/build egg_info -e @abs_builddir@
all:
$(CALL_SETUP_PY) build_ext -I @abs_top_srcdir@/src -L @abs_top_builddir@/src/lxc/.libs/ $(RPATHOPTS) --no-pkg-config
DESTDIR = / # default
install:
$(CALL_SETUP_PY) install --prefix=$(prefix) --no-compile $(DISTSETUPOPTS) --root=$(DESTDIR)
clean-local:
rm -rf @builddir@/build
endif
EXTRA_DIST = \
setup.py \
lxc.c \
lxc/__init__.py \
examples/api_test.py \
examples/pyconsole.py \
examples/pyconsole-vte.py
src/python-lxc/examples/api_test.py deleted 100755 → 0
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# api_test.py: Test/demo of the python3-lxc API
#
# (C) Copyright Canonical Ltd. 2012
#
# Authors:
# Stéphane Graber <stgraber@ubuntu.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
# USA
#
import lxc
import uuid
import os
import subprocess
import sys
import time
# Let's pick a random name, avoiding clashes
CONTAINER_NAME = str(uuid.uuid1())
CLONE_NAME = str(uuid.uuid1())
RENAME_NAME = str(uuid.uuid1())
## Instantiate the container instance
print("Getting instance for '%s'" % CONTAINER_NAME)
container = lxc.Container(CONTAINER_NAME)
# A few basic checks of the current state
assert(container.config_file_name == "%s/%s/config" %
(lxc.default_config_path, CONTAINER_NAME))
assert(not container.defined)
assert(container.init_pid == -1)
assert(container.name == CONTAINER_NAME)
assert(not container.running)
assert(container.state == "STOPPED")
# Try to get the host architecture for dpkg systems
arch = "i386"
try:
with open(os.path.devnull, "w") as devnull:
dpkg = subprocess.Popen(['dpkg', '--print-architecture'],
stderr=devnull, stdout=subprocess.PIPE,
universal_newlines=True)
if dpkg.wait() == 0:
arch = dpkg.stdout.read().strip()
except:
pass
## Create a rootfs
print("Creating rootfs using 'download', arch=%s" % arch)
container.create("download", 0,
{"dist": "ubuntu",
"release": "xenial",
"arch": arch})
assert(container.defined)
assert(container.name == CONTAINER_NAME
== container.get_config_item("lxc.uts.name"))
assert(container.name in lxc.list_containers())
## Test the config
print("Testing the configuration")
capdrop = container.get_config_item("lxc.cap.drop")
container.clear_config_item("lxc.cap.drop")
container.set_config_item("lxc.cap.drop", capdrop[:-1])
container.append_config_item("lxc.cap.drop", capdrop[-1])
container.save_config()
# A few basic checks of the current state
assert(isinstance(capdrop, list))
assert(capdrop == container.get_config_item("lxc.cap.drop"))
## Test the networking
print("Testing the networking")
# A few basic checks of the current state
assert("name" in container.get_keys("lxc.net.0"))
assert(len(container.network) == 1)
## Starting the container
print("Starting the container")
container.start()
container.wait("RUNNING", 3)
# A few basic checks of the current state
assert(container.init_pid > 1)
assert(container.running)
assert(container.state == "RUNNING")
## Checking IP address
print("Getting the interface names")
assert(set(container.get_interfaces()) == set(('lo', 'eth0')))
## Checking IP address
print("Getting the IP addresses")
count = 0
ips = []
while not ips or count == 10:
ips = container.get_ips()
time.sleep(1)
count += 1
if os.geteuid():
container.attach_wait(lxc.attach_run_command, ["ifconfig", "eth0"],
namespaces=(lxc.CLONE_NEWUSER + lxc.CLONE_NEWNET
+ lxc.CLONE_NEWUTS))
else:
container.attach_wait(lxc.attach_run_command, ["ifconfig", "eth0"],
namespaces=(lxc.CLONE_NEWNET + lxc.CLONE_NEWUTS))
# A few basic checks of the current state
assert(len(ips) > 0)
## Test running config
assert(container.name == CONTAINER_NAME
== container.get_config_item("lxc.uts.name")
== container.get_running_config_item("lxc.uts.name"))
## Testing cgroups a bit
print("Testing cgroup API")
max_mem = container.get_cgroup_item("memory.max_usage_in_bytes")
current_limit = container.get_cgroup_item("memory.limit_in_bytes")
assert(container.set_cgroup_item("memory.limit_in_bytes", max_mem))
assert(container.get_cgroup_item("memory.limit_in_bytes") != current_limit)
## Freezing the container
print("Freezing the container")
container.freeze()
container.wait("FROZEN", 3)
# A few basic checks of the current state
assert(container.init_pid > 1)
assert(container.running)
assert(container.state == "FROZEN")
## Unfreezing the container
print("Unfreezing the container")
container.unfreeze()
container.wait("RUNNING", 3)
# A few basic checks of the current state
assert(container.init_pid > 1)
assert(container.running)
assert(container.state == "RUNNING")
if len(sys.argv) > 1 and sys.argv[1] == "--with-console":
## Attaching to tty1
print("Attaching to tty1")
container.console(tty=1)
## Shutting down the container
print("Shutting down the container")
if not container.shutdown(3):
container.stop()
if container.running:
print("Stopping the container")
container.stop()
container.wait("STOPPED", 3)
# A few basic checks of the current state
assert(container.init_pid == -1)
assert(not container.running)
assert(container.state == "STOPPED")
## Snapshotting the container
print("Snapshotting the container")
assert(not container.snapshot_list())
assert(container.snapshot() == "snap0")
assert(len(container.snapshot_list()) == 1)
assert(container.snapshot_restore("snap0") is True)
assert(container.snapshot_destroy("snap0") is True)
## Cloning the container
print("Cloning the container as '%s'" % CLONE_NAME)
clone = container.clone(CLONE_NAME)
assert(clone is not False)
print ("Renaming the clone to '%s'" % RENAME_NAME)
rename = clone.rename(RENAME_NAME)
rename.start()
rename.stop()
rename.destroy()
## Destroy the container
print("Destroying the container")
container.destroy()
assert(not container.defined)
src/python-lxc/examples/pyconsole-vte.py deleted 100755 → 0
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# pyconsole-vte: Example program showing use of console functions
# in the lxc python binding
#
# (C) Copyright Oracle. 2013
#
# Authors:
# Dwight Engen <dwight.engen@oracle.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
# USA
#
import gtk
import vte
import lxc
import sys
def gtk_exit_cb(terminal):
gtk.main_quit()
def vte_con(ct, ttynum):
print("Doing console in a VTE widget...")
masterfd = ct.console_getfd(ttynum)
term = vte.Terminal()
term.set_cursor_blinks(True)
term.set_scrollback_lines(1000)
term.connect('eof', gtk_exit_cb)
term.set_pty(masterfd)
term.feed_child('\n')
#term.feed_child('ps aux\n')
vscrollbar = gtk.VScrollbar()
vscrollbar.set_adjustment(term.get_adjustment())
hbox = gtk.HBox()
hbox.pack_start(term)
hbox.pack_start(vscrollbar)
window = gtk.Window()
window.add(hbox)
window.connect('delete-event', lambda window, event: gtk.main_quit())
window.show_all()
gtk.main()
print("Console done")
if __name__ == '__main__':
ttynum = -1
if len(sys.argv) < 2:
sys.exit("Usage: %s container-name [ttynum]" % sys.argv[0])
if len(sys.argv) > 2:
ttynum = int(sys.argv[2])
ct = lxc.Container(sys.argv[1])
print("Container:%s tty:%d" % (ct.name, ttynum))
if not ct.defined:
sys.exit("Container %s not defined" % ct.name)
if not ct.running:
sys.exit("Container %s not running" % ct.name)
vte_con(ct, ttynum)
src/python-lxc/examples/pyconsole.py deleted 100755 → 0
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
#
# pyconsole: Example program showing use of console functions
# in the lxc python binding
#
# (C) Copyright Oracle. 2013
#
# Authors:
# Dwight Engen <dwight.engen@oracle.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
# USA
#
import lxc
import sys
import time
if __name__ == '__main__':
ttynum = -1
escape = 1
if len(sys.argv) < 2:
sys.exit("Usage: %s container-name [ttynum [escape]]" % sys.argv[0])
if len(sys.argv) > 2:
ttynum = int(sys.argv[2])
if len(sys.argv) > 3:
escape = ord(sys.argv[3]) - ord('a') + 1
ct = lxc.Container(sys.argv[1])
print("Container:%s tty:%d Ctrl-%c q to quit" %
(ct.name, ttynum, ord('a') + escape-1))
time.sleep(1)
if not ct.defined:
sys.exit("Container %s not defined" % ct.name)
if not ct.running:
sys.exit("Container %s not running" % ct.name)
ct.console(ttynum, 0, 1, 2, escape)
print("Console done")
src/python-lxc/setup.py deleted 100644 → 0
#!/usr/bin/env python3
#
# python-lxc: Python bindings for LXC
#
# (C) Copyright Canonical Ltd. 2012
#
# Authors:
# Stéphane Graber <stgraber@ubuntu.com>
#
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
# USA
import os
import subprocess
# Fix build when PIE is enabled (must run before setuptools import)
for var in ("LDFLAGS", "CFLAGS"):
current = os.environ.get(var, None)
if not current:
continue
new = []
for flag in current.split(" "):
if flag.lower() in ("-pie", "-fpie"):
if "-fPIC" not in new:
new.append("-fPIC")
continue
new.append(flag)
os.environ[var] = " ".join(new)
from setuptools import setup, Extension
from setuptools.command.build_ext import build_ext as BuildExtCommand
class LxcBuildExtCommand(BuildExtCommand):
user_options = BuildExtCommand.user_options + [
('no-pkg-config', None,
"don't use pkg-config to detect include/library paths")
]
def initialize_options(self):
super(LxcBuildExtCommand, self).initialize_options()
self.no_pkg_config = False
def build_extensions(self):
if not self.no_pkg_config:
pkg_config_executable = os.environ.get('PKG_CONFIG_EXECUTABLE',
'pkg-config')
def get_pkg_config_var(name):
args = [pkg_config_executable, '--variable', name, 'lxc']
output = subprocess.check_output(args,
universal_newlines=True)
return output.rstrip('\n')
try:
includedir = get_pkg_config_var('includedir')
libdir = get_pkg_config_var('libdir')
self.compiler.add_include_dir(includedir)
self.compiler.add_library_dir(libdir)
except subprocess.CalledProcessError:
pass
super(LxcBuildExtCommand, self).build_extensions()
setup(name='lxc',
version='0.1',
description='LXC',
packages=['lxc'],
package_dir={'lxc': 'lxc'},
ext_modules=[Extension('_lxc', sources=['lxc.c'], libraries=['lxc'])],
cmdclass={'build_ext': LxcBuildExtCommand},
)
src/tests/Makefile.am
......@@ -65,7 +65,9 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests lxc-test-startone \
lxc-test-api-reboot lxc-test-state-server lxc-test-share-ns \
lxc-test-criu-check-feature lxc-test-raw-clone
bin_SCRIPTS = lxc-test-automount \
bin_SCRIPTS =
if ENABLE_TOOLS
bin_SCRIPTS += lxc-test-automount \
lxc-test-autostart \
lxc-test-cloneconfig \
lxc-test-createconfig \
......@@ -82,6 +84,7 @@ bin_SCRIPTS += \
lxc-test-unpriv \
lxc-test-usernic
endif
endif
endif
......
templates/Makefile.am
templatesdir=@LXCTEMPLATEDIR@
templates_SCRIPTS = \
lxc-alpine \
lxc-altlinux \
lxc-archlinux \
lxc-busybox \
lxc-centos \
lxc-cirros \
lxc-debian \
lxc-download \
lxc-fedora \
lxc-fedora-legacy \
lxc-gentoo \
lxc-local \
lxc-oci \
lxc-openmandriva \
lxc-opensuse \
lxc-oracle \
lxc-plamo \
lxc-pld \
lxc-slackware \
lxc-sshd \
lxc-ubuntu \
lxc-ubuntu-cloud \
lxc-sparclinux \
lxc-voidlinux \
lxc-sabayon
templates_SCRIPTS = lxc-busybox \
lxc-download \
lxc-local \
lxc-oci
templates/lxc-local.in
......@@ -30,7 +30,7 @@ LXC_PATH=
LXC_ROOTFS=
LXC_CONFIG=
MODE="system"
COMPAT_LEVEL=4
COMPAT_LEVEL=5
# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
......@@ -69,7 +69,8 @@ LXC internal arguments (do not pass manually!):
[ --name <name> ]: The container name
[ --path <path> ]: The path to the container
[ --rootfs <rootfs> ]: The path to the container's rootfs
[ --mapped-uid <map> ]: A uid map (user namespaces)
[ --mapped-gid <map> ]: A gid map (user namespaces)
EOF
return 0
}
......@@ -88,6 +89,8 @@ while :; do
--rootfs) LXC_ROOTFS="$2"; shift 2;;
-m|--metadata) LXC_CONFIG="$2"; shift 2;;
-f|--fstree) LXC_FSTREE="$2"; shift 2;;
--mapped-uid) LXC_MAPPED_UID="$2"; shift 2;;
--mapped-gid) LXC_MAPPED_GID="$2"; shift 2;;
*) break;;
esac
done
......@@ -114,7 +117,7 @@ USERNS="$(in_userns)"
if [ "${USERNS}" != "no" ]; then
if [ "${USERNS}" = "yes" ]; then
if [ -z "${LXC_MAPPED_UID}" ] || [ "${LXC_MAPPED_UID}" = "-1" ]; then
echo "ERROR: In a user namespace without a map." 1>&2
echo "ERROR: In a user namespace without a map" 1>&2
exit 1
fi
MODE="user"
......
templates/lxc-sshd.in deleted 100644 → 0
#!/bin/bash
#
# lxc: linux Container library
# Authors:
# Daniel Lezcano <daniel.lezcano@free.fr>
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Detect use under userns (unsupported)
for arg in "$@"; do
[ "$arg" = "--" ] && break
if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then
echo "This template can't be used for unprivileged containers." 1>&2
echo "You may want to try the \"download\" template instead." 1>&2
exit 1
fi
done
# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
install_sshd()
{
rootfs=$1
tree="\
$rootfs/var/empty/sshd \
$rootfs/var/lib/empty/sshd \
$rootfs/etc/init.d \
$rootfs/etc/rc.d \
$rootfs/etc/ssh \
$rootfs/etc/sysconfig/network-scripts \
$rootfs/dev/shm \
$rootfs/run/sshd \
$rootfs/proc \
$rootfs/sys \
$rootfs/bin \
$rootfs/sbin \
$rootfs/usr \
$rootfs/tmp \
$rootfs/home \
$rootfs/root \
$rootfs/lib \
$rootfs/lib64"
mkdir -p $tree
if [ $? -ne 0 ]; then
return 1
fi
ln -s /run $rootfs/var/run
if [ $? -ne 0 ]; then
return 1
fi
return 0
}
configure_sshd()
{
rootfs=$1
cat <<EOF > $rootfs/etc/passwd
root:x:0:0:root:/root:/bin/bash
sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin
EOF
cat <<EOF > $rootfs/etc/group
root:x:0:root
sshd:x:74:
EOF
ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key
ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key
# by default setup root password with no password
cat <<EOF > $rootfs/etc/ssh/sshd_config
Port 22
Protocol 2
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
UsePrivilegeSeparation yes
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin yes
StrictModes yes
PubkeyAuthentication yes
IgnoreRhosts yes
HostbasedAuthentication no
PermitEmptyPasswords yes
ChallengeResponseAuthentication no
EOF
if [ -n "$auth_key" -a -f "$auth_key" ]; then
u_path="/root/.ssh"
root_u_path="$rootfs/$u_path"
mkdir -p $root_u_path
cp $auth_key "$root_u_path/authorized_keys"
chown -R 0:0 "$rootfs/$u_path"
chmod 700 "$rootfs/$u_path"
echo "Inserted SSH public key from $auth_key into $rootfs/$u_path"
fi
return 0
}
copy_configuration()
{
path=$1
rootfs=$2
name=$3
init_path=$(realpath --relative-to=/ $(readlink -f /sbin/init))
grep -q "^lxc.rootfs.path" $path/config 2>/dev/null || echo "lxc.rootfs.path = $rootfs" >> $path/config
cat <<EOF >> $path/config
lxc.uts.name = $name
lxc.pty.max = 1024
lxc.cap.drop = sys_module mac_admin mac_override sys_time
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.apparmor.profile = unconfined
lxc.mount.entry = /dev dev none ro,bind 0 0
lxc.mount.entry = /lib lib none ro,bind 0 0
lxc.mount.entry = /bin bin none ro,bind 0 0
lxc.mount.entry = /usr usr none ro,bind 0 0
lxc.mount.entry = /sbin sbin none ro,bind 0 0
lxc.mount.entry = tmpfs run/sshd tmpfs mode=0644 0 0
lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd $init_path none ro,bind 0 0
lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
EOF
# Oracle Linux and Fedora need the following two bind mounted
if [ -d /etc/sysconfig/network-scripts ]; then
cat <<EOF >> $path/config
lxc.mount.entry = /etc/sysconfig/network-scripts etc/sysconfig/network-scripts none ro,bind 0 0
EOF
fi
if [ -d /etc/rc.d ]; then
cat <<EOF >> $path/config
lxc.mount.entry = /etc/rc.d etc/rc.d none ro,bind 0 0
EOF
fi
# if no .ipv4 section in config, then have the container run dhcp
grep -q "^lxc.net.0.ipv4.address" $path/config || touch $rootfs/run-dhcp
if [ "$(uname -m)" = "x86_64" ]; then
cat <<EOF >> $path/config
lxc.mount.entry = /lib64 lib64 none ro,bind 0 0
EOF
fi
}
usage()
{
cat <<EOF
$1 -h|--help -p|--path=<path> [--rootfs=<path>]
EOF
return 0
}
check_for_cmd()
{
cmd_path=`type $1`
if [ $? -ne 0 ]; then
echo "The command '$1' $cmd_path is not accessible on the system"
exit 1
fi
# we use cut instead of awk because awk is alternatives symlink on ubuntu
# and /etc/alternatives isn't bind mounted
cmd_path=`echo $cmd_path |cut -d ' ' -f 3`
}
options=$(getopt -o hp:n:S: -l help,rootfs:,path:,name:,auth-key: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
eval set -- "$options"
while true
do
case "$1" in
-h|--help) usage $0 && exit 0;;
-p|--path) path=$2; shift 2;;
--rootfs) rootfs=$2; shift 2;;
-n|--name) name=$2; shift 2;;
-S|--auth-key) auth_key=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ "$(id -u)" != "0" ]; then
echo "This script should be run as 'root'"
exit 1
fi
if [ $0 = "/sbin/init" ]; then
PATH="$PATH:/bin:/sbin:/usr/sbin"
check_for_cmd @SBINDIR@/init.lxc
check_for_cmd sshd
sshd_path=$cmd_path
# run dhcp?
if [ -f /run-dhcp ]; then
check_for_cmd dhclient
check_for_cmd ifconfig
touch /etc/fstab
rm -f /dhclient.conf
cat > /dhclient.conf << EOF
send host-name = gethostname();
EOF
ifconfig eth0 up
dhclient eth0 -cf /dhclient.conf
echo "Container IP address:"
ifconfig eth0 |grep inet
fi
exec @SBINDIR@/init.lxc -- $sshd_path
exit 1
fi
if [ -z "$path" ]; then
echo "'path' parameter is required"
exit 1
fi
# detect rootfs
config="$path/config"
if [ -z "$rootfs" ]; then
if grep -q '^lxc.rootfs.path' $config 2>/dev/null ; then
rootfs=$(awk -F= '/^lxc.rootfs.path =/{ print $2 }' $config)
else
rootfs=$path/rootfs
fi
fi
install_sshd $rootfs
if [ $? -ne 0 ]; then
echo "failed to install sshd's rootfs"
exit 1
fi
configure_sshd $rootfs
if [ $? -ne 0 ]; then
echo "failed to configure sshd template"
exit 1
fi
copy_configuration $path $rootfs $name
if [ $? -ne 0 ]; then
echo "failed to write configuration file"
exit 1
fi
templates/lxc-voidlinux.in deleted 100644 → 0
#!/bin/bash
#
# template script for generating Void Linux container for LXC
#
#
# lxc: linux Container library
# Authors:
# Gregor Reitzenstein <dean4devil@paranoidlabs.org>
# Based on lxc-archlinux template by:
# Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com>
# John Lane <lxc@jelmail.com>
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
# Utility functions
# Check if array $2 contains item $1
containsElement() {
local e
for e in "${@:2}"; do [[ "$1" == "$e" ]] && return 0; done
return 1
}
# split comma-separated string into an array
# ${1} - string to split
# ${2} - separator (default is ",")
# ${result} - result value on success
split_string() {
local ifs=${IFS}
IFS="${2:-,}"
read -ra result < <(echo "${1}")
IFS=${ifs}
return 0
}
# Make sure the usual locations are in PATH
export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin
# defaults
default_path="/var/lib/lxc"
default_path="@LXCPATH@"
shared_config="@LXCTEMPLATECONFIG@/voidlinux.common.conf"
userns_config="@LXCTEMPLATECONFIG@/voidlinux.userns.conf"
pkg_blacklist=("linux>=0" "e2fsprogs>=0" "btrfs-progs>=0" "xfsprogs>=0" "f2fs-tools>=0" "dosfstools>=0")
base_packages=()
for pkg in $(xbps-query -Mv --repository="http://repo2.voidlinux.eu/current/" -x base-system); do
containsElement "$pkg" "${pkg_blacklist[@]}" || base_packages+=($pkg)
done
declare -a additional_packages
copy_configuration() {
mkdir -p "${config_path}"
local config="${config_path}/config"
echo "lxc.uts.name = ${name}" >> "${config}"
grep -q "^lxc.rootfs.path" "${config}" 2>/dev/null \
|| echo "lxc.rootfs.path = ${rootfs_path}" >> "${config}"
# Detect if were in a UserNS and include the right config
if [ -z "${LXC_MAPPED_GID+x}" ] || [ -z "${LXC_MAPPED_UID+x}" ]; then
echo "lxc.include = ${userns_config}" >> "${config}"
else
echo "lxc.include = ${shared_config}" >> "${config}"
fi
if [ $? -ne 0 ]; then
echo "Failed to configure container"
return 1
fi
return 0
}
install_void() {
if ! yes | xbps-install -Sy -R http://repo2.voidlinux.eu/current -r "${rootfs_path}" "${base_packages[@]}"
then
echo "Failed to install container packages"
return 1
fi
}
usage() {
cat <<EOF
usage:
${1} -n|--name=<container_name> [-p|--path=<path>] [-a|--arch=<arch of the container>]
[-r|--root_password=<root password>] [-P|--packages=<pkg1,pkg2,...>] [-h|--help]
Mandatory args:
-n,--name container name, used to as an identifier for that container from now on
Optional args:
-p,--path path to where the container rootfs will be created (${default_path})
--rootfs path for actual container rootfs, (${default_path}/rootfs)
-P,--packages preinstall additional packages, comma-separated list
-c,--config use specified pacman config when installing container packages
-a,--arch use specified architecture instead of host's architecture
-r,--root_password set container root password
-h,--help print this help
EOF
return 0
}
options=$(getopt -o hp:P:n:c:r: -l help,rootfs:,path:,packages:,name:,config:,root_password:,mapped-uid:,mapped-gid: -- "${@}")
if [ ${?} -ne 0 ]; then
usage "$(basename "${0}")"
exit 1
fi
eval set -- "${options}"
while true
do
case "${1}" in
-h|--help) usage "${0}" && exit 0;;
-p|--path) path=${2}; shift 2;;
-n|--name) name=${2}; shift 2;;
-c|--config) config_path=${2}; shift 2;;
--rootfs) rootfs_path=${2}; shift 2;;
-P|--packages) additional_packages=${2}; shift 2;;
-r|--root_password) root_passwd=${2}; shift 2;;
--mapped-uid) LXC_MAPPED_UID=$2; shift 2;;
--mapped-gid) LXC_MAPPED_GID=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
esac
done
if [ -z "${name}" ]; then
echo "missing required 'name' parameter"
exit 1
fi
type xbps-install >/dev/null 2>&1
if [ ${?} -ne 0 ]; then
echo "'xbps-install' command is missing."
fi
type xbps-query >/dev/null 2>&1
if [ ${?} -ne 0 ]; then
echo "'xbps-query' command is missing."
fi
if [ -z "${rootfs_path}" ]; then
rootfs_path="${path}/rootfs"
fi
config_path="${path}"
revert() {
echo "Interrupted, cleaning up"
lxc-destroy -n "${name}"
rm -rf "${path:?}/${name}"
rm -rf "${default_path:?}/${name}"
exit 1
}
trap revert SIGHUP SIGINT SIGTERM
copy_configuration
if [ $? -ne 0 ]; then
echo "Failed to write configuration file"
rm -rf "${config_path}"
exit 1
fi
if [ ${#additional_packages[@]} -gt 0 ]; then
split_string "${additional_packages}"
base_packages+=(${result[@]})
fi
mkdir -p "${rootfs_path}"
install_void
if [ ${?} -ne 0 ]; then
echo "Failed to install Void Linux"
rm -rf "${config_path}" "${path}"
exit 1
fi
if [ -n "${root_passwd}" ]; then
echo "root:${root_passwd}" | chroot "${rootfs_path}" chpasswd
fi
cat << EOF
Void Linux Container ${name} has been successfully created. The configuration is
stored in ${config_path}/config. Please refer to https://wiki.voidlinux.eu for
information regarding Void Linux.
EOF
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment