- 08 Feb, 2014 2 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
Signed-off-by:
-
- 07 Feb, 2014 6 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
The goal is to avoid an absolute symlink in the guest redirecting us to the host's /dev. Thanks to the libvirt team for considering that possibility! We want to work on kernels which do not support setns, so we simply chroot into the container before doing any rm/mknod. If /dev/vda5 is a symlink to /XXX, or /dev is a symlink to /etc, this is now correctly resolved locally in the chroot. We would have preferred to use realpath() to check that the resolved path is not changed, but realpath across /proc/pid/root does not work as expected. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
This fixes a crash in lxc-autostart following the addition of lxc_log_init as lxc-autostart doesn't use the name property. Signed-off-by:
Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by:
-
- 06 Feb, 2014 14 commits
-
-
Dwight Engen authored
lxc-cgroup doesn't depend on cgmanager Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
The previous change to support http proxies only worked when http_proxy was set... Instead add some detection code and only use :80 when using http_proxy. That's a bit of a workaround, but it's the only way I could find to get GPG to work with http_proxy. Signed-off-by: -
Dwight Engen authored
This op will be used on older kernels where container shutdown via reboot(2) is not implemented and we use the utmp watching code. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Dwight Engen authored
- refactor cgroup into two backends, the classic cgfs driver and the new cgmanager. Instead of lxc_handler knowing about the internals of each, have it just store an opaque pointer to a struct that is private to each backend. - rename a couple of cgroup functions for consistency: those that are considered an API (ie. exported by lxc.h) begin with lxc_ and those that are not are just cgroup_* - made as many backend routines static as possible, only cg*_ops_init is exported - made a nrtasks op which is needed by the utmp code for monitoring container shutdown, currently only implemented for the cgfs backend Signed-off-by:
-
Dwight Engen authored
This is just a move without any changes so history will be preserved. Makefile.am was modified so that lxc will still build and run. Signed-off-by:
-
KATOH Yasufumi authored
Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
TAMUKI Shoichi authored
For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by:
TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by:
-
Jonas Eriksson authored
Change the license from GPL to LGPL to avoid a tricky license situation for liblxc.so. Signed-off-by:
Jonas Eriksson <jonas.eriksson@enea.com> Signed-off-by:
-
Miquel van Smoorenburg authored
lxc.id_map bug when writing directly to /proc/pid/[ug]id_map There's some code in src/lxc/conf.c that sets up the UID/GID mapping. It can use the external newuidmap/newgidmap tools, or it can write to /proc/pid/[ug]id_map directly. The latter case is broken: lines are written without a newline (\n) at the end. This patch fixes that. Note that I did not check if the newuidmap/newgidmap case still works. It should, but I wasn't able to test it. Signed-off-by:
Miquel van Smoorenburg <mikevs@xs4all.net> Signed-off-by:
-
- 05 Feb, 2014 5 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
This sets lxc_log_define to what should be appropriate values for all existing binaries that call lxc_log_init. The name is lxc_<bin name>_ui for anything that's user visible and lxc_<bin name> for anything that's not. The parent is set to "lxc" for anything using the API and to the matching C file name for anything that isn't. Signed-off-by:
-
Dwight Engen authored
- configure fails to compile the cgmanager test without -lnih -lnih-dbus - fix include path from cgmanger commit f1d9bd1a Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
gza authored
Signed-off-by:
Guillaume Zitta <github.guillaume@zitta.fr> Acked-by:
-
- 04 Feb, 2014 4 commits
-
-
Stéphane Graber authored
In current LXC, loglevel and logfile are write-once functions. That behaviour was appropriate when those two were first introduced (pre-API) but with current API, one would expect to be able to set_config_item those multiple times. So instead, introduce lxc_log_options_no_override which when called turns those two config keys read-only and have all existing binaries which use log_init call that function once they're done setting the value requested by the user. Signed-off-by:
-
Serge Hallyn authored
That way templates can fix group ownership alongside uid ownership. Signed-off-by:
-
Stéphane Graber authored
Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by:
-
Harald Dunkel authored
This change introduces a flag --repo to the lxc-centos template to allow using a local repository (e.g. a loop mounted installer iso on your web server). Signed-off-by:
Harald Dunkel <harri@afaics.de> Acked-by:
Michael H. Warfield <mhw@WittsEnd.com> Signed-off-by:
-
- 03 Feb, 2014 5 commits
-
-
Serge Hallyn authored
If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1 should be started under /a/b/c/u1. However if he does 'sudo lxc-start -n u1', then that cgroup shoudl start under /lxc/u1. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Rafal Wojdyla authored
Signed-off-by:
Rafal Wojdyla <ravwojdyla@gmail.com> Acked-by:
-
KATOH Yasufumi authored
update for commit a17b1e65Signed-off-by:
-
KATOH Yasufumi authored
update for commit 5c4734bcSigned-off-by:
-
- 31 Jan, 2014 4 commits
-
-
Stéphane Graber authored
With this change, shutdown() will no longer call stop() after the timeout, instead it'll just return false and it's up to the caller to then call stop() if appropriate. This also updates the bindings, tests and other scripts. lxc-stop is then updated to do proper option checking and use shutdown, stop or reboot as appropriate. Signed-off-by:
-
Serge Hallyn authored
In order for attach to work, the container owner must be able to write to the tasks file. Therefore we make the container's cgroup owned by the container root group, but the container owner uid. So for the container root to be allowed to create new cgroups, it needs group write perms. With this patch, an unprivileged container with an lxc.mount.auto = cgroup entry entry can run the cgproxy and pass all cgmanager tests. Acls would have been another way to do this, but are not yet being used/exported by cgmanager. Signed-off-by:
-
Robert Vogelgesang authored
The timeout argument should be handled as follows: -1 => Wait forever 0 => Don't wait > 0 => Wait for timeout seconds Without this patch, the 0 case is mapped to -1. Signed-off-by:Robert Vogelgesang <vogel@users.sourceforge.net> Acked-by:
-
Stéphane Graber authored
This introduces a new lxc.rootfs.options which lets you pass new mountflags/mountdata when mounting the root filesystem. Signed-off-by:
-
