Skip to content

L
lxc
Commit d082b436 by Daniel Lezcano
Options

Merge git://github.com/lxc/lxc

Signed-off-by: 's avatarDaniel Lezcano <daniel.lezcano@free.fr>
parents 72280e1c 91f7ea53
Showing with 233 additions and 41 deletions
.gitignore
......@@ -47,6 +47,7 @@ src/lxc/lxc-create
src/lxc/lxc-destroy
src/lxc/lxc-execute
src/lxc/lxc-freeze
src/lxc/lxc.functions
src/lxc/lxc-info
src/lxc/lxc-init
src/lxc/lxc-kill
......@@ -91,6 +92,7 @@ config/lt*.m4
doc/*.1
doc/*.5
doc/*.7
doc/legacy/*.1
doc/manpage.links
doc/manpage.refs
......
Makefile.am
......@@ -4,7 +4,13 @@ ACLOCAL_AMFLAGS = -I config
SUBDIRS = config src templates doc hooks
DIST_SUBDIRS = config src templates doc hooks
EXTRA_DIST = autogen.sh lxc.spec CONTRIBUTING MAINTAINERS ChangeLog
EXTRA_DIST = \
autogen.sh \
lxc.spec \
CONTRIBUTING \
MAINTAINERS \
runapitests.sh
RPMARGS =
if ENABLE_LUA
......
configure.ac
......@@ -194,7 +194,7 @@ AM_CONDITIONAL([USE_CONFIGPATH_LOGS], [test "$use_configpath_logs" = "yes"])
if test "$use_configpath_logs" = "yes"; then
default_log_path="${with_config_path}"
else
default_log_path="/var/log/lxc"
default_log_path="${localstatedir}/log/lxc"
fi
AC_ARG_WITH([log-path],
......
doc/Makefile.am
......@@ -2,8 +2,7 @@ SUBDIRS = examples rootfs
DIST_SUBDIRS = examples rootfs
EXTRA_DIST = \
FAQ.txt \
$(man_MANS)
FAQ.txt
if ENABLE_DOCBOOK
man_MANS = \
......@@ -61,6 +60,6 @@ endif
lxc-%.sgml : common_options.sgml see_also.sgml
maintainer-clean-local:
clean-local:
$(RM) manpage.* *.7 *.5 *.1 $(man_MANS)
endif
doc/examples/Makefile.am
EXTRA_DIST = $(pkgexamples_DATA)
if ENABLE_EXAMPLES
pkgexamplesdir=$(docdir)/examples
......
doc/lxc-attach.sgml.in
......@@ -54,6 +54,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
<arg choice="opt">-e</arg>
<arg choice="opt">-s <replaceable>namespaces</replaceable></arg>
<arg choice="opt">-R</arg>
<arg choice="opt">--keep-env</arg>
<arg choice="opt">--clear-env</arg>
<arg choice="opt">-- <replaceable>command</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
......@@ -173,6 +175,37 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--keep-env</option>
</term>
<listitem>
<para>
Keep the current environment for attached programs. This is
the current default behaviour (as of version 0.9), but is
is likely to change in the future, since this may leak
undesirable information into the container. If you rely on
the environment being available for the attached program,
please use this option to be future-proof. In addition to
current environment variables, container=lxc will be set.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--clear-env</option>
</term>
<listitem>
<para>
Clear the environment before attaching, so no undesired
environment variables leak into the container. The variable
container=lxc will be the only environment with which the
attached program starts.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
......
doc/lxc.sgml.in
......@@ -96,7 +96,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
provided by the kernel which needs to be active. Depending of
the missing functionalities the <command>lxc</command> will
work with a restricted number of functionalities or will simply
fails.
fail.
</para>
<para>
......
src/lua-lxc/Makefile.am
......@@ -4,7 +4,6 @@ luadir=$(datadir)/lua/5.1
sodir=$(libdir)/lua/5.1/lxc
lua_SCRIPTS=lxc.lua
EXTRA_DIST=lxc.lua
so_PROGRAMS = core.so
......@@ -24,3 +23,7 @@ core_so_LDADD = -llxc $(LUA_LIBS)
lxc.lua:
endif
EXTRA_DIST= \
lxc.lua \
test/apitest.lua
src/lxc/Makefile.am
......@@ -126,9 +126,12 @@ bin_SCRIPTS = \
lxc-shutdown \
lxc-destroy
EXTRA_DIST=
EXTRA_DIST = \
lxc-device \
lxc-ls \
lxc-top
if ENABLE_PYTHON
EXTRA_DIST += lxc-device lxc-ls
bin_SCRIPTS += lxc-device
bin_SCRIPTS += lxc-ls
bin_SCRIPTS += lxc-start-ephemeral
......@@ -137,7 +140,6 @@ else
endif
if ENABLE_LUA
EXTRA_DIST += lxc-top
bin_SCRIPTS += lxc-top
endif
......
src/lxc/attach.c
......@@ -277,6 +277,36 @@ int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx)
return 0;
}
int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep)
{
/* TODO: implement extra_env, extra_keep
* Rationale:
* - extra_env is an array of strings of the form
* "VAR=VALUE", which are to be set (after clearing or not,
* depending on the value of the policy variable)
* - extra_keep is an array of strings of the form
* "VAR", which are extra environment variables to be kept
* around after clearing (if that is done, otherwise, the
* remain anyway)
*/
(void) extra_env;
(void) extra_keep;
if (policy == LXC_ATTACH_CLEAR_ENV) {
if (clearenv()) {
SYSERROR("failed to clear environment");
/* don't error out though */
}
}
if (putenv("container=lxc")) {
SYSERROR("failed to set environment variable");
return -1;
}
return 0;
}
char *lxc_attach_getpwshell(uid_t uid)
{
/* local variables */
......
src/lxc/attach.h
......@@ -34,9 +34,15 @@ struct lxc_proc_context_info {
extern struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid);
typedef enum lxc_attach_env_policy_t {
LXC_ATTACH_KEEP_ENV,
LXC_ATTACH_CLEAR_ENV
} lxc_attach_env_policy_t;
extern int lxc_attach_to_ns(pid_t other_pid, int which);
extern int lxc_attach_remount_sys_proc();
extern int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx);
extern int lxc_attach_set_environment(enum lxc_attach_env_policy_t policy, char** extra_env, char** extra_keep);
extern char *lxc_attach_getpwshell(uid_t uid);
......
src/lxc/conf.c
......@@ -1129,8 +1129,13 @@ static int setup_rootfs(struct lxc_conf *conf)
{
const struct lxc_rootfs *rootfs = &conf->rootfs;
if (!rootfs->path)
if (!rootfs->path) {
if (mount("", "/", NULL, MS_SLAVE|MS_REC, 0)) {
SYSERROR("Failed to make / rslave");
return -1;
}
return 0;
}
if (access(rootfs->mount, F_OK)) {
SYSERROR("failed to access to '%s', check it is present",
......
src/lxc/confile.c
......@@ -1422,6 +1422,9 @@ int lxc_config_readline(char *buffer, struct lxc_conf *conf)
int lxc_config_read(const char *file, struct lxc_conf *conf)
{
if( access(file, R_OK) == -1 ) {
return -1;
}
/* Catch only the top level config file name in the structure */
if( ! conf->rcfile ) {
conf->rcfile = strdup( file );
......
src/lxc/lxc-clone.in
......@@ -251,6 +251,23 @@ elif which btrfs >/dev/null 2>&1 && btrfs subvolume list $oldroot >/dev/null 2>&
# if oldroot is a btrfs subvolume, assume they want a snapshot
btrfs subvolume snapshot "$oldroot" "$rootfs" 2>&1 || { echo "$(basename $0): btrfs snapshot failed" >&2; false; }
echo "lxc.rootfs = $rootfs" >> "$lxc_path/$lxc_new/config"
elif [ -d $lxc_path/$lxc_orig/delta0 ]; then # this is a quasi-ephemeral container
if [ $container_running = "True" ]; then
echo "$(basename $0): container $lxc_orig is running." >&2
cleanup
fi
rsync -Hax $lxc_path/$lxc_orig/delta0 $lxc_path/$lxc_new/
touch $lxc_path/$lxc_new/configured
cp -f $lxc_path/$lxc_orig/pre-mount $lxc_path/$lxc_new/
sed -i "s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@g" $lxc_path/$lxc_new/config
sed -i "s@$lxc_path/$lxc_orig@$lxc_path/$lxc_new@g" $lxc_path/$lxc_new/pre-mount
sed -i "s@LXC_NAME=\"$lxc_orig@LXC_NAME=\"$lxc_new@" $lxc_path/$lxc_new/pre-mount
# lxc-start-ephemeral will have updated /etc/hostname and such under the
# delta0, so just mounting the delta should suffice.
mkdir -p $rootfs
mount --bind $lxc_path/$lxc_new/delta0 $rootfs
mounted=1
echo "lxc.rootfs = $rootfs" >> "$lxc_path/$lxc_new/config"
else
if [ $snapshot = "yes" ]; then
echo "$(basename $0): cannot snapshot a directory" >&2
......
src/lxc/lxc-create.in
......@@ -291,7 +291,7 @@ fi
if [ ! -z "$lxc_template" ]; then
# Allow for a path to be provided as the template name
if [ -x "$lxc_template" ]; then
if [ -x "$lxc_template" -a $(echo "$lxc_template" | cut -c 1) = '/' ]; then
template_path=$lxc_template
else
template_path=${templatedir}/lxc-$lxc_template
......
src/lxc/lxc-shutdown.in
......@@ -28,6 +28,7 @@ usage() {
}
alarm() {
trap 'exit 0' TERM
pid=$1
timeout=$2
sleep $timeout
......@@ -130,7 +131,7 @@ fi
if [ $timeout != "-1" ]; then
trap dolxcstop EXIT
alarm $$ $timeout &
alarm $$ $timeout 2>/dev/null &
alarmpid=$!
fi
......@@ -139,7 +140,10 @@ while ! lxc-info -n $lxc_name --state-is STOPPED; do
done
if [ $timeout != "-1" ]; then
kill $alarmpid
trap - EXIT
# include subprocesses; otherwise, we may have to wait until sleep completes
# if called from a non-interactive context
kill $alarmpid $(ps --no-headers --ppid $alarmpid -o pid) 2>/dev/null || :
fi
echo "Container $lxc_name has shut down"
......
src/lxc/lxc-start-ephemeral.in
......@@ -70,6 +70,9 @@ parser.add_argument("--lxcpath", "-P", dest="lxcpath", metavar="PATH",
parser.add_argument("--orig", "-o", type=str, required=True,
help=_("name of the original container"))
parser.add_argument("--name", "-n", type=str,
help=_("name of the target container"))
parser.add_argument("--bdir", "-b", type=str,
help=_("directory to bind mount into container"))
......@@ -117,7 +120,13 @@ if not args.lxcpath:
else:
lxc_path = args.lxcpath
dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir=lxc_path)
if args.name:
if os.path.exists("%s/%s" % (lxc_path, args.name)):
parser.error(_("A container named '%s' already exists." % args.name))
dest_path = "%s/%s" % (lxc_path, args.name)
os.mkdir(dest_path)
else:
dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir=lxc_path)
os.mkdir(os.path.join(dest_path, "rootfs"))
# Setup the new container's configuration
......
src/lxc/lxc.functions.in
......@@ -26,8 +26,12 @@ templatedir=@LXCTEMPLATEDIR@
lxcinitdir=@LXCINITDIR@
get_default_lxcpath() {
(grep -v "^#" "$globalconf" 2>/dev/null || echo "lxcpath=@LXCPATH@") | \
grep "[ \t]*lxcpath[ \t]*=" | awk -F= '{ print $2 }'
LXC_PATH=$(grep -v "^#" "$globalconf" 2>/dev/null | grep "[ \t]*lxcpath[ \t]*=")
if [ -n "$LXC_PATH" ]; then
echo $LXC_PATH | awk -F= '{ print $2 }'
else
echo @LXCPATH@
fi
}
lxc_path=`get_default_lxcpath`
src/lxc/lxc_attach.c
......@@ -55,6 +55,9 @@ static const struct option my_longopts[] = {
{"arch", required_argument, 0, 'a'},
{"namespaces", required_argument, 0, 's'},
{"remount-sys-proc", no_argument, 0, 'R'},
/* TODO: decide upon short option names */
{"clear-env", no_argument, 0, 500},
{"keep-env", no_argument, 0, 501},
LXC_COMMON_OPTIONS
};
......@@ -62,6 +65,7 @@ static int elevated_privileges = 0;
static signed long new_personality = -1;
static int namespace_flags = -1;
static int remount_sys_proc = 0;
static lxc_attach_env_policy_t env_policy = LXC_ATTACH_KEEP_ENV;
static int my_parser(struct lxc_arguments* args, int c, char* arg)
{
......@@ -85,6 +89,12 @@ static int my_parser(struct lxc_arguments* args, int c, char* arg)
/* -s implies -e */
elevated_privileges = 1;
break;
case 500: /* clear-env */
env_policy = LXC_ATTACH_CLEAR_ENV;
break;
case 501: /* keep-env */
env_policy = LXC_ATTACH_KEEP_ENV;
break;
}
return 0;
......@@ -116,7 +126,15 @@ Options :\n\
Remount /sys and /proc if not attaching to the\n\
mount namespace when using -s in order to properly\n\
reflect the correct namespace context. See the\n\
lxc-attach(1) manual page for details.\n",
lxc-attach(1) manual page for details.\n\
--clear-env\n\
Clear all environment variables before attaching.\n\
The attached shell/program will start with only\n\
container=lxc set.\n\
--keep-env\n\
Keep all current enivornment variables. This\n\
is the current default behaviour, but is likely to\n\
change in the future.\n",
.options = my_longopts,
.parser = my_parser,
.checker = NULL,
......@@ -411,6 +429,11 @@ int main(int argc, char *argv[])
return -1;
}
if (lxc_attach_set_environment(env_policy, NULL, NULL)) {
ERROR("could not set environment");
return -1;
}
/* tell parent we are done setting up the container and wait
* until we have been put in the container's cgroup, if
* applicable */
......
src/lxc/lxccontainer.c
......@@ -523,14 +523,15 @@ static bool lxcapi_create(struct lxc_container *c, char *t, char *const argv[])
goto out;
}
if (!create_container_dir(c))
goto out;
if (!c->save_config(c, NULL)) {
ERROR("failed to save starting configuration for %s\n", c->name);
goto out;
}
/* container is already created if we have a config and rootfs.path is accessible */
if (lxcapi_is_defined(c) && c->lxc_conf && c->lxc_conf->rootfs.path && access(c->lxc_conf->rootfs.path, F_OK) == 0)
return false;
/* we're going to fork. but since we'll wait for our child, we
don't need to lxc_container_get */
......@@ -767,6 +768,9 @@ static bool lxcapi_save_config(struct lxc_container *c, const char *alt_file)
return false;
}
if (!create_container_dir(c))
return false;
FILE *fout = fopen(alt_file, "w");
if (!fout)
return false;
......@@ -788,6 +792,10 @@ static bool lxcapi_destroy(struct lxc_container *c)
if (!c)
return false;
/* container is already destroyed if we don't have a config and rootfs.path is not accessible */
if (!lxcapi_is_defined(c) && (!c->lxc_conf || !c->lxc_conf->rootfs.path || access(c->lxc_conf->rootfs.path, F_OK) != 0))
return false;
pid = fork();
if (pid < 0)
return false;
......
src/lxc/namespace.h
......@@ -49,7 +49,11 @@
#ifndef CLONE_NEWNET
# define CLONE_NEWNET 0x40000000
#endif
#ifdef IS_BIONIC
#if defined(__ia64__)
int __clone2(int (*__fn) (void *__arg), void *__child_stack_base,
size_t __child_stack_size, int __flags, void *__arg, ...);
#elif defined(IS_BIONIC)
int clone(int (*fn)(void *), void *child_stack,
int flags, void *arg);
#else
......
src/lxc/start.c
......@@ -564,7 +564,7 @@ static int must_drop_cap_sys_boot(void)
FILE *f = fopen("/proc/sys/kernel/ctrl-alt-del", "r");
int ret, cmd, v;
long stack_size = 4096;
void *stack = alloca(stack_size) + stack_size;
void *stack = alloca(stack_size);
int status;
pid_t pid;
......@@ -581,7 +581,12 @@ static int must_drop_cap_sys_boot(void)
}
cmd = v ? LINUX_REBOOT_CMD_CAD_ON : LINUX_REBOOT_CMD_CAD_OFF;
#ifdef __ia64__
pid = __clone2(container_reboot_supported, stack, stack_size, CLONE_NEWPID | SIGCHLD, &cmd);
#else
stack += stack_size;
pid = clone(container_reboot_supported, stack, CLONE_NEWPID | SIGCHLD, &cmd);
#endif
if (pid < 0) {
SYSERROR("failed to clone\n");
return -1;
......@@ -785,7 +790,7 @@ int lxc_spawn(struct lxc_handler *handler)
handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
if (handler->pinfd == -1) {
ERROR("failed to pin the container's rootfs");
goto out_abort;
goto out_delete_net;
}
/* Create a process in a new set of namespaces */
......
src/python-lxc/Makefile.am
if ENABLE_PYTHON
EXTRA_DIST = setup.py lxc.c
if HAVE_DEBIAN
DISTSETUPOPTS=--install-layout=deb
else
......@@ -18,7 +16,12 @@ install:
$(PYTHON) setup.py install --root=$(DESTDIR) --prefix=$(prefix) --no-compile $(DISTSETUPOPTS); \
fi
clean:
clean-local:
rm -rf build
endif
EXTRA_DIST = \
setup.py \
lxc.c \
lxc/__init__.py \
examples/api_test.py
src/python-lxc/lxc.c
......@@ -96,13 +96,13 @@ Container_init(Container *self, PyObject *args, PyObject *kwds)
}
static PyObject *
get_default_config_path(Container *self, PyObject *args, PyObject *kwds)
LXC_get_default_config_path(PyObject *self, PyObject *args)
{
return PyUnicode_FromString(lxc_get_default_config_path());
}
static PyObject *
get_version(Container *self, PyObject *args, PyObject *kwds)
LXC_get_version(PyObject *self, PyObject *args)
{
return PyUnicode_FromString(lxc_get_version());
}
......@@ -496,6 +496,7 @@ static PyGetSetDef Container_getseters[] = {
(getter)Container_state, 0,
"Container state",
NULL},
{NULL, NULL, NULL, NULL, NULL}
};
static PyMethodDef Container_methods[] = {
......@@ -595,7 +596,7 @@ static PyMethodDef Container_methods[] = {
"\n"
"Wait for the container to reach a given state or timeout."
},
{NULL} /* Sentinel */
{NULL, NULL, 0, NULL}
};
static PyTypeObject _lxc_ContainerType = {
......@@ -641,9 +642,9 @@ PyVarObject_HEAD_INIT(NULL, 0)
};
static PyMethodDef LXC_methods[] = {
{"get_default_config_path", (PyCFunction)get_default_config_path, METH_NOARGS,
{"get_default_config_path", (PyCFunction)LXC_get_default_config_path, METH_NOARGS,
"Returns the current LXC config path"},
{"get_version", (PyCFunction)get_version, METH_NOARGS,
{"get_version", (PyCFunction)LXC_get_version, METH_NOARGS,
"Returns the current LXC library version"},
{NULL, NULL, 0, NULL}
};
......
templates/lxc-ubuntu-cloud.in
......@@ -166,7 +166,7 @@ else
# precise and later; and are not supported by the query, so we don't actually
# support them yet (see check later on). When Query2 is available,
# we'll use that to enable arm images.
arch="armel"
arch="armhf"
fi
fi
......@@ -206,13 +206,29 @@ if [ "$arch" == "i686" ]; then
arch=i386
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create amd64 container on i386"
if [ $arch != "i386" -a $arch != "amd64" -a $arch != "armhf" -a $arch != "armel" ]; then
echo "Only i386, amd64, armel and armhf are supported by the ubuntu cloud template."
exit 1
fi
if [ $arch != "i386" -a $arch != "amd64" ]; then
echo "Only i386 and amd64 are supported by the ubuntu cloud template."
if [ $hostarch != "i386" -a $hostarch != "amd64" -a $hostarch != "armhf" -a $hostarch != "armel" ]; then
echo "Only i386, amd64, armel and armhf are supported as host."
exit 1
fi
if [ $hostarch = "amd64" -a $arch != "amd64" -a $arch != "i386" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "i386" -a $arch != "i386" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
[ $arch != "armhf" -a $arch != "armel" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
......
templates/lxc-ubuntu.in
......@@ -617,7 +617,7 @@ else
elif [ "$arch" = "x86_64" ]; then
arch="amd64"
elif [ "$arch" = "armv7l" ]; then
arch="armel"
arch="armhf"
fi
fi
......@@ -661,7 +661,18 @@ if [ "$arch" == "i686" ]; then
fi
if [ $hostarch = "i386" -a $arch = "amd64" ]; then
echo "can't create amd64 container on i386"
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "armhf" -o $hostarch = "armel" ] && \
[ $arch != "armhf" -a $arch != "armel" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
if [ $hostarch = "powerpc" -a $arch != "powerpc" ]; then
echo "can't create $arch container on $hostarch"
exit 1
fi
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment