- 09 Nov, 2017 25 commits
-
-
Christian Brauner authored
Closes #1899. Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
Christian Brauner authored
Closes #1899. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
lxc-monitord is deprecated so this is expected to fail. Signed-off-by: -
Christian Brauner authored
Brings the number of open fds in the monitor process for a standard container without ttys down to 17. Signed-off-by: -
Christian Brauner authored
There's no obvious need to strdup() the name of the container in the handler. We can simply make this a pointer to the memory allocated in lxc_container_new(). Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
The console struct is internal and liblxc takes care of creating paths. Signed-off-by: -
Christian Brauner authored
In case cgroup namespaces are supported but we do not have CAP_SYS_ADMIN we need to mount cgroups for the container. This patch enables both privileged and unprivileged containers without CAP_SYS_ADMIN. Closes #1737. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
When attaching to a container's namespaces we did not handle the case where we inherited namespaces correctly. In essence, liblxc on start records the namespaces the container was created with in the handler. But it only records the clone flags that were passed to clone() and doesn't record the namespaces we e.g. inherited from other containers. This means that attach only ever attached to the clone flags. But this is only correct if all other namespaces not recorded in the handler refer to the namespaces of the caller. However, this need not be the case if the container has inherited namespaces from another container. To handle this case we need to check whether caller and container are in the same namespace. If they are, we know that things are all good. If they aren't then we need to attach to these namespaces as well. Signed-off-by: -
Antonio Terceiro authored
Doing that confuses locale generation. lxc-ubuntu does the same check Signed-off-by:Antonio Terceiro <terceiro@debian.org>
-
Jordan Webb authored
Signed-off-by:Jordan Webb <jordemort@github.com>
-
adrian5 authored
Signed-off-by:adrian5 <adrian5@users.noreply.github.com>
-
Jordan Webb authored
Signed-off-by: -
Antonio Terceiro authored
Being able to create `testing` containers, regardless of what's the name of the next stable, is useful in several contexts, included but not limited to testing purposes. i.e. one won't need to explicitly switch to `bullseye` once `buster` is released to be able to continue tracking `testing`. While we are at it, let's also enable `unstable`, which is exactly the same as `sid`, but there is no reason for not being able to. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
- 30 Oct, 2017 1 commit
-
-
Stéphane Graber authored
stable-2.0: tools: allow lxc-attach to undefined containers
-
- 27 Oct, 2017 1 commit
-
-
Christian Brauner authored
For example the following sequence is expected to work: lxc-start -n containerName -f /path/to/conf \ -s 'lxc.id_map = u 0 100000 65536' \ -s 'lxc.id_map = g 0 100000 65536' \ -s 'lxc.rootfs = /path/to/rootfs' \ -s 'lxc.init_cmd = /path/to/initcmd' lxc-attach -n containerName Closes #984. Signed-off-by:
-
- 19 Oct, 2017 2 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Adam Borowski authored
Both of struct timespec fields are 64-bit on any new architecture, even 32-bit ones. Signed-off-by:Adam Borowski <kilobyte@angband.pl>
-
- 18 Oct, 2017 3 commits
-
-
Fridtjof Mund authored
This template would always add "en-US.UTF-8" to the end of the container's locale.gen, which in turn confused locale-gen. Signed-off-by:Fridtjof Mund <fridtjofmund@gmail.com>
-
Stéphane Graber authored
confile: use correct check on char array
-
Christian Brauner authored
Signed-off-by:
-
- 17 Oct, 2017 4 commits
-
-
Christian Brauner authored
The kernel only allows 4k writes to most files in /proc including {g,u}id_map so let's not try to write partial mappings. (This will obviously become a lot more relevant when my patch to extend the idmap limit in the kernel is merged.) Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
liblxc should inform users that they are using a devel version. This will have liblxc print MAJOR.MINOR.PATCH-devel if LXC_DEVEL is true and MAJOR.MINOR.PATCH otherwise. Signed-off-by: -
Christian Brauner authored
Before exec()ing we need to become session leader otherwise some shells will not be able to correctly initialize job control. Signed-off-by:
-
- 06 Oct, 2017 1 commit
-
-
Alf Gaida authored
``` # this only works if we have getty@.service to manipulate if [ -f "${rootfs}/lib/systemd/system/getty@.service" ]; then sed -e 's/^ConditionPathExists=/# ConditionPathExists=/' \ -e 's/After=dev-%i.device/After=/' \ < "${rootfs}/lib/systemd/system/getty@.service" \ > "${rootfs}/etc/systemd/system/getty@.service" fi ``` we have only /dev/tty in a container - so this little cutie will spam the log all 10s with the following: ``` Jul 28 22:33:00 mariadb systemd[1]: getty@tty4.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:00 mariadb systemd[1]: getty@tty3.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:00 mariadb systemd[1]: getty@tty1.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:00 mariadb systemd[1]: getty@tty2.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty2. Jul 28 22:33:00 mariadb systemd[1]: getty@tty2.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty2.service, ignoring: Operation not permitted Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty2. Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty1. Jul 28 22:33:00 mariadb systemd[1]: getty@tty1.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty1.service, ignoring: Operation not permitted Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty1. Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty3. Jul 28 22:33:00 mariadb systemd[1]: getty@tty3.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty3.service, ignoring: Operation not permitted Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty3. Jul 28 22:33:00 mariadb systemd[1]: Stopped Getty on tty4. Jul 28 22:33:00 mariadb systemd[1]: getty@tty4.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty4.service, ignoring: Operation not permitted Jul 28 22:33:00 mariadb systemd[1]: Started Getty on tty4. Jul 28 22:33:00 mariadb agetty[242]: /dev/tty1: cannot open as standard input: No such file or directory Jul 28 22:33:00 mariadb agetty[241]: /dev/tty2: cannot open as standard input: No such file or directory Jul 28 22:33:00 mariadb agetty[244]: /dev/tty4: cannot open as standard input: No such file or directory Jul 28 22:33:00 mariadb agetty[243]: /dev/tty3: cannot open as standard input: No such file or directory Jul 28 22:33:10 mariadb systemd[1]: getty@tty4.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:10 mariadb systemd[1]: getty@tty2.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:10 mariadb systemd[1]: getty@tty1.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:10 mariadb systemd[1]: getty@tty3.service: Service has no hold-off time, scheduling restart. Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty3. Jul 28 22:33:10 mariadb systemd[1]: getty@tty3.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty3.service, ignoring: Operation not permitted Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty3. Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty1. Jul 28 22:33:10 mariadb systemd[1]: getty@tty1.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty1.service, ignoring: Operation not permitted Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty1. Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty2. Jul 28 22:33:10 mariadb systemd[1]: getty@tty2.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty2.service, ignoring: Operation not permitted Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty2. Jul 28 22:33:10 mariadb systemd[1]: Stopped Getty on tty4. Jul 28 22:33:10 mariadb systemd[1]: getty@tty4.service: Failed to set invocation ID on control group /system.slice/system-getty.slice/getty@tty4.service, ignoring: Operation not permitted Jul 28 22:33:10 mariadb systemd[1]: Started Getty on tty4. Jul 28 22:33:10 mariadb agetty[245]: /dev/tty3: cannot open as standard input: No such file or directory Jul 28 22:33:10 mariadb agetty[247]: /dev/tty2: cannot open as standard input: No such file or directory Jul 28 22:33:10 mariadb agetty[246]: /dev/tty1: cannot open as standard input: No such file or directory Jul 28 22:33:10 mariadb agetty[248]: /dev/tty4: cannot open as standard input: No such file or directory ``` if more reasons are whished i could attach the logs from 10 containers after one month runtime. (approx 30G) Signed-off-by:Alf Gaida <agaida@siduction.org>
-
- 04 Oct, 2017 3 commits
-
-
Tycho Andersen authored
mem and kmem are really in /dev, so this does us no good. Signed-off-by:Tycho Andersen <tycho@tycho.ws>
-
Christian Brauner authored
We need to clear any ifindeces we recorded so liblxc won't have cached stale data which would cause it to fail on reboot we're we don't re-read the on-disk config file. Signed-off-by: -
Christian Brauner authored
Signed-off-by:
-
