- 25 Oct, 2012 9 commits
-
-
Stéphane Graber authored
On Debian and Ubuntu, the default host-name field in dhclient.conf is set to either "<hostname>" or "gethostname()" both of which get replaced by the machine's hostname at query time. The sed call currently present in lxc-clone hardcodes the hostname in dhclient.conf, causing dpkg to prompt on isc-dhcp updates. Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
By default we use mnt, but that means that lxc fstab entries do not work when placed under the container's /mnt/. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
-
Stéphane Graber authored
Now that initscripts in Debian and Ubuntu has been updated to no longer do silly things with /dev/shm and /run/shm on installation/update, the check needs updating to detect any remaining broken case and fix it. Signed-off-by: -
Serge Hallyn authored
Starting a container with insufficient privilege (correctly) fails during lxc_init. However, if starting a daemonized container, we daemonize before we get to that check. Therefore while the container will fail to start, and the logfile will show this, the 'lxc-start -n x -d' command will return success. For ease of scripting, do a check for the required privilege before we exit. Signed-off-by: -
Serge Hallyn authored
This saves quite a bit of space in the cache and containers. See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1037626 for the original bug report. Reported-by:
Fajar A. Nugraha <list@fajar.net> Signed-off-by:
-
Serge Hallyn authored
Otherwise the next lxc-create may rsync a bad cache. Signed-off-by: -
Serge Hallyn authored
If user calls 'lxc-create -t ubuntu -- -h' (as opposed to 'lxc-create -t ubuntu -h') then the ubuntu template will print its help then exit 0. Then lxc-create does not cleanup. So detect this in lxc-create.
-
Serge Hallyn authored
The 'lxc.mount =' entry can have more than one space, or tabs, before the =. We only need to disambiguate from 'lxc.mount.entry'. So just check for a space or tab after mount. Signed-off-by: -
Serge Hallyn authored
Otherwise after cloning an lvm+xfs container you can't run the original and clone at the same time. Based on a patch by Maurizio Sambati posted at https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1013549Signed-off-by:
-
- 31 Jul, 2012 31 commits
-
-
Serge Hallyn authored
Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge Hallyn authored
CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel actually supports. If the kernel supports fewer capabilities, then a cap_get_flag for an unsupported capability returns -EINVAL. Recognize that, and don't fail when initializing capabilities when this happens, rather accept that we've reached the last capability. Signed-off-by:
-
Serge Hallyn authored
Make the prototypes and functions match between apparmor.{c,h} Signed-off-by: -
Serge Hallyn authored
When a container has dpkg >= 1.16.2, use dpkg --add-architecture for multi-arch configuration on foreign architecture containers. Signed-off-by:
-
Serge Hallyn authored
Just wait until the lock is available. That is a nicer behavior for concurrent lxc-creates. Signed-off-by:
-
Serge Hallyn authored
Otherwise a container name with a dash confuses ls Signed-off-by:
-
Serge Hallyn authored
It segfaults otherwise trying to execute &NULL. We could alternatively guess at a command to execute, such as a shell, but invariably there would be cases where the command we guess does not exist. Signed-off-by:
-
Serge Hallyn authored
Using mnt means that lxc fstab entries do not work when placed under the container's /mnt/ (i.e. /mnt/etc). Signed-off-by:
-
Serge Hallyn authored
Commits 15da01b3 and 2e44ed1e conflicted and resulted in some duplicate functionality. Drop the poorer version of that block. Signed-off-by:
-
Serge Hallyn authored
- Update list of extra packages for debootstrap to only include vim and ssh. The others were only relevant when we were still using the minbase variant. (LP: #996839) - Drop any hardcoded Ubuntu version check and replace by feature checks instead. - Format lxc-ubuntu to consistently use 4-spaces indent instead of mixed spaces/tabs. - Update default /etc/network/interfaces to include the header. - Update default /etc/hosts to match that of a regular Ubuntu system. - Drop support for end-of-life releases (gutsy on sparc). - Make sure /etc/resolv.conf is valid before running any apt command. - Update template help message for release and arch parameters. - Switch default Ubuntu version from lucid to precise. Signed-off-by: -
Serge Hallyn authored
When installing a non-native architecture, the template installs a bunch of packages of the native architecture to work around existing limitations of qemu-user-static, mostly related to netlink. The current code would install upstart of the host architecture but force the amd64 version of the others. This was just a mistake done while testing/developping the code. Fixing now to always install the native architecture version of all of them. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
and check return values Signed-off-by:
-
Serge Hallyn authored
lxc-init used to be under /usr/lib/lxc. Now it is under /usr/lib/<multiarch>/lxc, but old containers will still have it under /usr/lib/lxc. So search for a valid lxc-init to run. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
Timothy Chen <tnachen@gmail.com> Signed-off-by:
-
Serge Hallyn authored
It was calling non-existent 'help' Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
Ben Howard <ben.howard@canonical.com> Signed-off-by:
-
Serge Hallyn authored
This would be done (though done wrongly) by mounted-dev.conf, but that doesn't run because we don't mount /dev. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
An absolute path will be interpreted as absolute with respect to the parent's namespace. Signed-off-by:
-
Serge Hallyn authored
At the same time, allow lxc.mount.entry to specify an absolute target path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev. Otherwise all such entries are ignored for blockdev-backed containers. Signed-off-by:
-
Serge Hallyn authored
This patch introduces support for 4 hooks. We'd like to have 6 in all to mirror the openvz ones (thanks to Stéphane for this info): pre-start: in the host namespace before container mounting happens mount: after container mounting (as per config and /var/lib/lxc/container/fstab) but before pivot_root start: immediately before exec'ing init stop: in container namespace and in chroot before shutdown umount: after other unmounting has happened post-stop: outside of the container stop and umount are not implemented here because when the kernel kills the container init, it kills the namespace. We can probably work around this, i.e. by keeping the /proc/pid/ns/mnt open, and using that, though all container tasks including init would still be dead. Is that worth pursuing? start also presents a bit of an issue. openvz allows a script on the host to be specified, apparently. My patch requires the script or program to exist in the container. I'm fine with trying to do it the openvz way, but I wasn't sure what the best way to do that was. Openvz (I'm told) opens the script and passes its contents to a bash in the container. But that limits the hooks to being only scripts. By requiring the hook to be in the container, we can allow any sort of hook, and assume that any required libraries/dependencies exist there. Other than that with this patchset I can add lxc.hook.pre-start = /var/lib/lxc/p1/pre-start lxc.hook.mount = /var/lib/lxc/p1/mount lxc.hook.start = /start lxc.hook.post-stop = /var/lib/lxc/p1/post-stop to my /var/lib/lxc/p1/config, and the hooks get executed as expected. Signed-off-by: -
Serge Hallyn authored
This could be done as generic 'lsm_init()' and 'lsm_load()' functions, however that would make it impossible to compile one package supporting more than one lsm. If we explicitly add the selinux, smack, and aa hooks in the source, then one package can be built to support multiple kernels. The smack support should be pretty trivial, and probably very close to the apparmor support. The selinux support may require more, including labeling the passed-in fds (consoles etc) and filesystems. If someone on the list has the inclination and experience to add selinux support, please let me know. Otherwise, I'll do Smack and SELinux. Signed-off-by:
-
Serge Hallyn authored
It optionally waits (an optional timeout # of seconds) for the container to be STOPPED. If given -r, it reboots the container (and exits immediately). I decided to add the timeout after all because it's harder to finagle into an upstart post-stop script than a full bash script. Signed-off-by:
-
Serge Hallyn authored
There are two types of cloud images - released and daily ones. We were always using daily ones, instead of using released by default with an option for daily. Fix that. Signed-off-by:
-
Serge Hallyn authored
Also includes a fix for broken check for $debug Signed-off-by:
-
