- 12 Nov, 2012 40 commits
-
-
Dwight Engen authored
Fix gcc error confile.c:83: error: redefinition of typedef ‘config_cb’. Its already defined the same way in confile.h. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
Serge E. Hallyn <serge.hallyn@canonical.com>
-
Dwight Engen authored
Add a few missing #if's to fix compilation when configured without AppArmor. Signed-off-by:
-
Stéphane Graber authored
At Serge's suggestion, always convert the state passed to the wait() function in the python API to its uppercase equivalent. Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by:Serge Hallyn <serge.hallyn@ubuntu.com>
-
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
The previous commit was missing part of the changes, leading to a non-working version of lxc-start-ephemeral. This commit adds the missing parts. Signed-off-by: -
Stéphane Graber authored
Add dependency on sed and add a Makefile.am section for lxc-start-ephemeral so that it gets updated at build time for the right container path.
-
Stéphane Graber authored
This commit adds lxc-start-ephemeral as a python script using the new python-lxc API. This script is somewhat similar to lxc-clone except that it uses overlayfs or aufs to provide an overlay on top of the source container. It also allows the user to directly run a command in the container using SSH and can fetch the IP address from the container when starting the container in the background. The initial work on lxc-start-ephemeral was done by Serge Hallyn in Ubuntu, this is a re-implementation of it using python and the new LXC hooks. Compared to the shell implementation, there are three notable differences: - When starting without a command, lxc-start-ephemeral now attaches to tty1 - When starting in the background (-d), the name and IP of the container is shown on screen. - A new "-k" option is added, allowing the user to keep the ephemeral container after shutdown. This turns off the tmpfs backend and sets up the hooks so that the container can be started/stopped multiple times. Signed-off-by: -
Serge Hallyn authored
So the container will be reparented by init. Otherwise children of the lxc-start might be reaped by python3 rather than lxc-start. Signed-off-by: -
Stéphane Graber authored
This code was addeed to deal with stopped/dead containers but really shouldn't be implemented there. Instead the setsid() call in start() should be enough to prevent python from getting the SIGCHLD and having to deal with it.
-
Stéphane Graber authored
The liblxc API currently doesn't work as non-root, so check that the euid is 0 when getting a Container instance in the python API. Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Then after lxcapi container->create(), free whatever lxc_conf may be loaded and reload from the newly created configuration file. Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
Replaced python-lxc/test.py by a new api_test.py script that uses all the available function of the API to run a batch of basic tests. This example is useful both as a test of the API and as a guide on how to use the python API to manage containers. Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
- Remove unused timeout_handler function. - Remove unsused variables from main() Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
The function wasn't returning anything and none of the callers were checking for a return code. Signed-off-by: -
Stéphane Graber authored
Add a new --enable-tests option to configure which is used to optionally build the tests/examples. Default is off. Signed-off-by: -
Serge Hallyn authored
This happens in the container's namespace, but before the rootfs is setup and mounted. This gives us a chance to mangle the rootfs - i.e. ecryptfs-mount it. Signed-off-by: -
Serge Hallyn authored
Otherwise it defaults to 0, meaning don't wait. -1 means wait forever, which is what we want as the default behavior. Signed-off-by: -
Stéphane Graber authored
LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: -
Stéphane Graber authored
This is a simple POSIX shell script, so no need for the weird extension or for the explicit use of /bin/bash Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
This adds a basic python binding done in C and a python overlay to extend some features and provide a user-friendlier API. This python API only supports python 3.x and was tested with >= 3.2. It's disabled by default in configure and can be turned on by using --enable-python. A basic example of the API can be found in src/python-lxc/test.py. More documentation and examples will be added soon.
-
Stéphane Graber authored
When starting a container daemonized, wait for it to reach RUNNING state before returning the result of start(). If the container doesn't reach RUNNING state in 5 seconds, a failure will be returned to the user. Signed-off-by:
-
Stéphane Graber authored
This turns liblxc into a public library implementing a container structure. The container structure is meant to cover most LXC commands and can easily be used to write bindings in other programming languages. More information on the new functions can be found in src/lxc/lxccontainer.h Test programs using the API can also be found in src/tests/ Signed-off-by:
-
Christian Seiler authored
When attaching to only some namespaces of the container but not the mount namespace, the contents of /sys and /proc of the host system do not properly reflect the context of the container's pid and/or network namespaces, and possibly others. The introduced -R option adds the possibility to additionally unshare the mount namespace (when it is not being attached) and remount /sys and /proc in order for those filesystems to properly reflect the container's context even when only attaching to some of the namespaces. Signed-off-by:
Christian Seiler <christian@iwakd.de> Acked-by:
-
Christian Seiler authored
This patch allows the user to select any list of namespaces (network, pid, mount, uts, ipc, user) that lxc-attach should use when attaching to the container; all other namespaces will not be attached to. This allows the user to for example attach to just the network namespace and use the host's (and not the container's) network tools to reconfigure the network of the container. Signed-off-by:
-
Christian Seiler authored
In order to be able to reuse code in lxc-attach, the functions lxc_namespace_2_cloneflag and lxc_fill_namespace_flags are moved from lxc_unshare.c to namespace.c. Signed-off-by:
-
Christian Seiler authored
Use the command interface to contact lxc-start to receive the set of flags passed to clone() when starting the container. This allows lxc-attach to determine which namespaces were used for the container and select only those to attach to. Signed-off-by:
-
Christian Seiler authored
With the introduction of lxc-attach's functionality to attach to cgroups, the setns() calls were put in the child process after the fork() and not the parent process before the fork() so the parent process remained outside the namespaces and could add the child to the correct cgroup. Unfortunately, the pid namespace really affects only children of the current process and not the process itself, which has several drawbacks: The attached program does not have a pid inside the container and the context that is used when remounting /proc from that process is wrong. Thus, the previous logic of first setting the namespaces and then forking so the child process (which then exec()s to the desired program) is a real member of the container. However, inside the container, there is no guarantee that the cgroup filesystem is still be mounted and that we are allowed to write to it (which is why the setns() was moved in the first place). To work around both problems, we separate the cgroup attach functionality into two parts: Preparing the attach process, which just opens the tasks files of all cgroups and keeps the file descriptors open and the writing to those fds part. This allows us to open all the tasks files in lxc_attach, then call setns(), then fork, in the child process close them completely and in the parent process just write the pid of the child process to all those fds. Signed-off-by:
-
Christian Seiler authored
Add the LXC_COMMAND_CLONE_FLAGS that retrieves the flags passed to clone(2) when the container was started. This allows external programs to determine which namespaces the container was unshared from. Signed-off-by:
-
Serge Hallyn authored
Make 'dir' an explicit backing store type, which accepts '--dir rootfs' as an option to specify a custom location for the container rootfs. Also update lxc-destroy to now remove the rootfs separately, as removing @LXCPATH@/$name may not hit it. Signed-off-by:
-
