- 31 Jan, 2014 12 commits
-
-
Stéphane Graber authored
Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
To be more consistent with other cgroup_ops methods, in the hopes of having less return-value-related mixups. Signed-off-by:
-
Serge Hallyn authored
If it (or any variation thereof) is in the container configuration, then mount /sys/fs/cgroup/cgmanager.lower (if it exists) or /sys/fs/cgroup/cgmanager into the container so it can run a cgproxy. Also make sure to clear our groups when we start or attach to a container. Else with unprivileged containers we end up with lots of nogroups listed in /proc/1/status. Signed-off-by:
-
Serge Hallyn authored
The cgroupfs-specific code is moved from attach.c to cgroup.c. lxc-cgmanager now only chgrps the container's cgroup, so that the unprivileged user still owns the tasks file allowing him to enter the container cgroup (for attach). Some other changes rolled into the cgmanager update: Make the list of subsystems not per-handler, as it will not change. As a result, the only state we need to keep in the per-handler cgroup data is the char *cgroup_path, so we can drop the cgm_data struct altogether. Catch nih errors (as not doing so causes later crashes). Signed-off-by:
-
Stéphane Graber authored
| host arch | arm64 | armhf | armel | ------------------------------------- | arm64 | X | X | X | | armhf | | X | X | | armel | | X | X | ------------------------------------- Although optional, all existing arm64 silicon supports 32bit instructions. armel/armhf is only a userspace change, so they are interchangeable. However armhf isn't supported on all armel platforms (e.g. armv6) but all those we support have hard-float. Signed-off-by: -
Scott Moser authored
* ppc64el images now exist and generally function. Instead of failing because an arch isnt in the list, let that check happen by ability to download something. * update the hard coded ubuntu releases to know about 'trusty' and drop no longer supported releases (consistent with behavior when distro-info is available) * shorten the logic that decides if host and container arch are supported. * support skipping "invalid arch" check entirely via undocumented variable UCTEMPLATE_SKIP_ARCH_CHECK. * update usage to reference 'tryreleased' as the default 'stream' * give good error message if user tries 'released' and there is no released version available. Signed-off-by:
Scott Moser <smoser@ubuntu.com> Acked-by:
-
Robert Vogelgesang authored
Change lxc-stop's argument parsing so that it matches what the help option and the man page both describe. Signed-off-by:
Robert Vogelgesang <vogel@users.sourceforge.net> Acked-by:
-
Bogdan Purcareata authored
Without enabling INCLUDE_SUSv2 in busybox, we need to use head's -n argument, rather than -#. Signed-off-by:
Christopher Larson <kergoth@gmail.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
- 29 Jan, 2014 19 commits
-
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
userns_exec_1() clones a new task to manipulate. We don't need to fork before calling that. Signed-off-by:
-
Natanael Copa authored
This fixes the following compile errors with uClibc: lxc_snapshot.c: In function 'print_file': lxc_snapshot.c:71:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration] while (getline(&line, &sz, f) != -1) { ^ cc1: all warnings being treated as errors lxc_usernsexec.c: In function 'read_default_map': lxc_usernsexec.c:181:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration] while (getline(&line, &sz, fin) != -1) { ^ cc1: all warnings being treated as errors Signed-off-by:Natanael Copa <ncopa@alpinelinux.org> Acked-by:
-
Natanael Copa authored
This fixes various compile errors when building with musl libc. For example: In file included from start.c:66:0: monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function) char name[NAME_MAX+1]; ^ start.c: In function 'setup_signal_fd': start.c:202:2: error: implicit declaration of function 'sigfillset' [-Werror=implicit-function-declaration] if (sigfillset(&mask) || ^ ... In file included from freezer.c:36:0: monitor.h:39:12: error: 'NAME_MAX' undeclared here (not in a function) char name[NAME_MAX+1]; ^ ... In file included from cgroup.c:45:0: conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function) char veth1[IFNAMSIZ]; /* needed for deconf */ ^ cgroup.c: In function 'find_cgroup_subsystems': cgroup.c:230:3: error: implicit declaration of function 'strdup' [-Werror=implicit-function-declaration] (*kernel_subsystems)[kernel_subsystems_count] = strdup(line); ^ ... In file included from conf.c:65:0: conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function) char veth1[IFNAMSIZ]; /* needed for deconf */ ^ In file included from conf.c:66:0: conf.c: In function 'run_buffer': log.h:263:9: error: implicit declaration of function 'strsignal' [-Werror=implicit-function-declaration] struct lxc_log_locinfo locinfo = LXC_LOG_LOCINFO_INIT; \ ^ ... af_unix.c: In function 'lxc_abstract_unix_send_credential': af_unix.c:208:9: error: variable 'cred' has initializer but incomplete type struct ucred cred = { ^ af_unix.c:209:3: error: unknown field 'pid' specified in initializer .pid = getpid(), ^ af_unix.c:209:3: error: excess elements in struct initializer [-Werror] af_unix.c:209:3: error: (near initialization for 'cred') [-Werror] af_unix.c:210:3: error: unknown field 'uid' specified in initializer .uid = getuid(), ^ af_unix.c:210:3: error: excess elements in struct initializer [-Werror] af_unix.c:210:3: error: (near initialization for 'cred') [-Werror] af_unix.c:211:3: error: unknown field 'gid' specified in initializer .gid = getgid(), ^ and more... Signed-off-by: -
Natanael Copa authored
utmpx.h is specified in POSIX but utmpxname is not so we check for utmpxname in configure script. This fixes the following compile error with musl libc: lxcutmp.c: In function 'utmp_get_runlevel': lxcutmp.c:249:2: error: implicit declaration of function 'utmpxname' [-Werror=implicit-function-declaration] if (!access(path, F_OK) && !utmpxname(path)) ^ Signed-off-by: -
Natanael Copa authored
Instead rely on struct ethhdr from net/ethernet.h This fixes build error with musl libc: In file included from /usr/include/linux/if_bridge.h:17:0, from network.c:47: /usr/include/linux/if_ether.h:133:8: error: redefinition of 'struct ethhdr' struct ethhdr { ^ In file included from /usr/include/net/ethernet.h:10:0, from network.c:42: /usr/include/netinet/if_ether.h:93:8: note: originally defined here struct ethhdr { ^ Signed-off-by: -
Natanael Copa authored
This fixes compile error with musl libc: In file included from start.c:66:0: monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function) char name[NAME_MAX+1]; ^ Signed-off-by: -
Natanael Copa authored
This fixes the following error with musl libc: In file included from start.c:59:0: log.h: In function 'lxc_log_priority_to_int': log.h:136:2: error: implicit declaration of function 'strcasecmp' [-Werror=implicit-function-declaration] Signed-off-by:
-
Natanael Copa authored
This fixes compile error when build with musl libc: conf.h:92:2: error: unknown type name 'uint' uint fmask; ^ Signed-off-by:
-
Natanael Copa authored
poll.h is defined in POSIX: http://pubs.opengroup.org/onlinepubs/009695399/functions/poll.html This fixes a compile warning when building with musl libc: In file included from start.c:46:0: /usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys /poll.h> to <poll.h> [-Werror=cpp] #warning redirecting incorrect #include <sys/poll.h> to <poll.h> ^ Signed-off-by:
-
Serge Hallyn authored
lxc_map_ids can call system(3), which on error from the spawned process returns > 0. No path should return > 0 when it meant success. So check the lxc_map_ids() value to be != rather than just < 0. Signed-off-by:
-
Robert Vogelgesang authored
Move the test of mp->need_cpuset_init to a logically better place. Avoid misleading error messages. Signed-off-by:
-
Natanael Copa authored
It is normally not needed. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Robert Vogelgesang authored
lxc_monitord_spawn() in src/lxc/monitor.c contained "umask(0);", and because of this, lxc-monitord created lxc-monitord.log with mode 0666. World-writeable log files are bad, so remove this umask(0). Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Kaarle Ritvanen authored
Signed-off-by:
Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Acked-by:
-
Serge Hallyn authored
If we have a bad config file entry, fail. Otherwise lxc-start will proceed with a partial configuration. Signed-off-by: -
Serge Hallyn authored
Remove a memory leak on error path. Only try to initialize cpuset if cgroup.clonechildren does not exist. Bump the max value we read from cpuset.{cpus,mems} to 1024. If cpuset.cpus or .mems is already initialized but is too long, don't fail. If parent's cpuset.cpus or .mems is too long, record an error and fail. If anyone actually runs into this, we can simply allocate the required length as needed, but we don't expect anyone to run into this. Signed-off-by: -
Robert Vogelgesang authored
Hi, as promised last week, here's my patch for cpuset cgroup support for kernels without the cgroup.clone_children feature. My initial patch used "#include <linux/version.h>" and the macros defined there to decide if cgroup.clone_children should be used or not. After having seen Serge Hallyn's patch which he posted to the list last Wednesday, where he used stat() to check if the cgroup.clone_children file is there, I rewrote my patch to do the same. The patch is against 1.0.0.beta3, and it is tested successfully with RHEL-6's kernel version 2.6.32-431.3.1.el6, compiled without cgmanager (I've so far not tried to use cgmanager in RHEL-6). In addition to fixing the cpuset cgroup setup, this patch also fixes a wrong argument in a call to handle_cgroup_settings() in the same context. Robert Signed-off-by:
-
- 28 Jan, 2014 5 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
gza authored
Signed-off-by:
gza <github.guillaume@zitta.fr> Acked-by:
-
gza authored
Now splited config 2 settings available * common ** featureful oriented settings * moresecure ** security oriented Signed-off-by:
-
gza authored
Signed-off-by:
-
- 27 Jan, 2014 4 commits
-
-
S.Çağlar Onur authored
This allows external users to query network related config items from the running containers. changes since v1: - function name change Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Acked-by:
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
Otherwise, after a fork, both pids may be flushing. When redirecting output to a file, this causes duplicate (or really far worse) output. Signed-off-by:
-
Stéphane Graber authored
- Also include the variant in the path - Fix invalid LXC_CACHE_BASE - Drop redundant code Signed-off-by:
-
