- 08 Jul, 2013 5 commits
-
-
Stéphane Graber authored
The new openssh uses a different mechanism to start/stop the daemon which in turn requires a few tweaks in our template to deal with both the new and old ways of doing that. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Stéphane Graber authored
The introduction of the new console() python API broke lxc-start-ephemeral's console(tty=1) call, I now changed that to console() which does the right thing with both API versions. This also adds a new storage-type option, letting the user choose to use a standard directory instead of tmpfs for the container (but still have it ephemeral). Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
It turns out that most API users want some kind of timeout option for get_ips, so instead of re-implementing it in every single client software, let's just have it as a python overlay upstream. Signed-off-by: -
Dwight Engen authored
Commit a0a2066d introduced an lxc subdir into the lxc-init path, but this was never reflected in the sshd template. Add it there. Don't have ssh-keygen ask for passphrase since host keys are not supposed to use them. Don't try to symlink kmsg since /dev is bind mounted readonly. Read-only bind mount some extra /etc directories, and sysfs which are needed by dhclient on Fedora and Oracle Linux. Fix mounting of /proc. Find sshd in more places by adding some common paths to $PATH, and use the found path to it instead of hardcoded /usr/sbin. Check for ifconfig command, and print out container's IP address. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Signed-off-by:
-
- 03 Jul, 2013 1 commit
-
-
Bogdan Purcareata authored
Signed-off-by:
Bogdan Purcareata <bogdan.purcareata@freescale.com> Signed-off-by:
-
- 01 Jul, 2013 3 commits
-
-
Dwight Engen authored
Signed-off-by:
-
Dwight Engen authored
commit 829dd918 added parsing of a -c argument to both the common options handling and to lxc-start. It is not a common option, and should have only been added to lxc-start. Because the common code is processing it, no other command can use -c. Remove -c from being processed by the common code. Tested that -c still works with lxc-start. Signed-off-by:
-
Serge Hallyn authored
unlikely as a failure may be... Signed-off-by:
-
- 28 Jun, 2013 1 commit
-
-
Natanael Copa authored
Use sed to set the specified alpine release in the copied /etc/apk/repositories Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Signed-off-by:
-
- 27 Jun, 2013 4 commits
-
-
Kaarle Ritvanen authored
Signed-off-by:
Kaarle Ritvanen <kaarle.ritvanen@datakunkku.fi> Signed-off-by:
-
Kaarle Ritvanen authored
pick random server from mirror list use the latest stable release Signed-off-by:
-
Andrew Gilbert authored
lxc-netstat now only processes an -n argument if it has not previously received a value for $name from --name or -n. If it _has_ received such a value, it stops processing arguments and leaves the -n for netstat. This does not apply to the use of --name after a name has been provided by --name or -n; the current behaviour continues. The new behaviour makes netstat -n <container> -n -a behave like netstat -n <container> -a -n which already will act as though there is '--' between '<container>' and '-a' (see line 91 of lxc-netstat.in). Signed-off-by:
Andrew Gilbert <andrewg800@gmail.com> Signed-off-by:
-
Andrew Gilbert authored
When lxc-netstat was called by lxc-unshare, it would be given the arguments intended for netstat from the first invocation, but without anything to separate them from the arguments intended for lxc-netstat. This meant that netstat arguments like -n would result in lxc-netstat trying to process them. Signed-off-by:
-
- 24 Jun, 2013 2 commits
-
-
Serge Hallyn authored
In the best case we'll get errors about failing to remove it. In the worst case we'll be trying to delete the original container's rootfs. Reported-by:
zoolook <nbensa+lxcusers@gmail.com> Signed-off-by:
-
Serge Hallyn authored
When updating container names in hook files during a container clone, we substitute the new container name for the old any time the old name shows up as a separate word. This patch adds the four characters '.,_-' as additional delimiters. Signed-off-by:
-
- 19 Jun, 2013 1 commit
-
-
Stéphane Graber authored
The timeout option in get_ips has been deprecated, so work around it. Signed-off-by:
-
- 18 Jun, 2013 1 commit
-
-
Serge Hallyn authored
The reason is that the generic code which handles reading lxc.rootfs.mount always frees the old value if not NULL. So without this setting lxc.rootfs.mount = /mnt causes segfault. Signed-off-by:
-
- 13 Jun, 2013 1 commit
-
-
Serge Hallyn authored
Currently due to some safety checks for !rootfs.path, lxc-execute works ok if you do not set lxc.rootfs at all in your lxc.conf. But if you set lxc.rootfs = '/', then it sets up console, and when you do an lxc-execute, the console appears hung. However the lxc.rootfs NULL check was just incidental to not dereference a NULL pointer. In fact we should not be setting up a console if the container isn't running a full-fledged distro with a getty/login running on the container's /dev/console. Have lxc_execute() mark in lxc_conf that this is a lxc-execute and not an lxc-start, and don't set up the console. The issue is documented at https://sourceforge.net/p/lxc/bugs/67/ . Signed-off-by:
-
- 12 Jun, 2013 2 commits
-
-
Dwight Engen authored
Add a higher level console API that opens a tty/console and runs the mainloop as well. Rename existing API to console_getfd(). Use these in the python binding. Allow attaching a console peer after container bootup, including if the container was launched with -d. This is made possible by allocation of a "proxy" pty as the peer when the console is attached to. Improve handling of SIGWINCH, the pty size will be correctly set at the beginning of a session and future changes when using the lxc_console() API will be propagated to it as well. Refactor some common code between lxc_console.c and console.c. The variable wait4q (renamed to saw_escape) was static, making the mainloop callback not safe across threads. This wasn't a problem when the callback was in the non-threaded lxc-console, but now that it is internal to console.c, we have to take care of it. This is now contained in a per-tty state structure. Don't attempt to open /dev/null as the console peer since /dev/null cannot be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed to get the console setup (and the log to work) since the case of not having a peer at console init time has to be handled to allow for attaching to it later. Move signalfd libc wrapper/replacement to utils.h. Signed-off-by:
-
Natanael Copa authored
The 'lxc-init' (a lightweight init process used by lxc-execute in place of upstart etc) tries to mount /dev/mqueue during startup. If that fails (for instance due to missing support for mqueue in kernel) then it aborts execution and returns -1. This is unreasonable as very few applications actually need /dev/mqueue. This similar to what we do with /dev/shm. Signed-off-by:
-
- 11 Jun, 2013 1 commit
-
-
Serge Hallyn authored
Currently the lxc API mutexes configuration file read/writes with a lock called $lxcpath/locks/$lxcname. This fails if the container is on a rofs. This patch moves those locks under /run/lock/lxc. The $lxcpath/$lxcname/partial file is not moved - if you can't create it, you probably can't create the container either. Signed-off-by:
-
- 10 Jun, 2013 6 commits
-
-
Serge Hallyn authored
I originally forgot to set ret = 0 if it succeeded, meaning that a simple 'lxc-stop -n container1' returns failure even though the stop succeeded. Signed-off-by:
-
Serge Hallyn authored
otherwise we won't be allowed to set an apparmor context (on pid 1) Signed-off-by:
-
Qiang Huang authored
Right now if we use lxc-execute without log level set, we get error: lxc: invalid log priority NOTSET. Because we set log level manually in execute_start(), but didn't check if we have a valid log level or not, so fix it. Signed-off-by:
Qiang Huang <h.huangqiang@huawei.com> Signed-off-by:
-
Weng Meiling authored
When we use lxc-ps to show the process, it's more appropriate to show process when container is frozen. Signed-off-by:
Weng Meiling <wengmeiling.weng@huawei.com> Signed-off-by:
-
Rui Xiang authored
Sometimes, the path of lxc tools is not '/usr/bin', but '/usr/local/bin' or other. Then execvp lxc-monitord will fail in lxc_monitord_spawn. Signed-off-by:
Rui Xiang <rui.xiang@huawei.com> Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
- 05 Jun, 2013 2 commits
-
-
Serge Hallyn authored
flock is not supported on nfs. fcntl is at least supported on newer (v3 and above) nfs. Signed-off-by:
-
Weng Meiling authored
When we use arg --lxc to show processes in all containers, no process displays, so fix it. (Changelog: Serge: in-line fix of s/;;/;/ at line 69) Signed-off-by:
-
- 03 Jun, 2013 7 commits
-
-
Serge Hallyn authored
Create a loopfile backed container by doing: lxc-create -B loop -t template -n name or lxc-clone -B loop -o dir1 -n loop1 The rootfs in the configuration file will be loop:/var/lib/lxc/loop1/rootdev Signed-off-by: -
Serge Hallyn authored
With the lxc-create script, 'lxc-create -t template -h' used to call 'template -h' to get template-specific help. The api based lxc-create did not yet support that. Add a 'helpfn' method to the lxc_arguments, which is called at the end of printhelp, and passed the lxc_arguments. Use that in lxc_create to reintroduce the desired behavior. Signed-off-by: -
Qiang Huang authored
Changelog: jun 3: (Serge) trivial typo fix inline. Signed-off-by:
-
Qiang Huang authored
Fix typo in help info of lxc-create, and get rid of duplicate comments in bdev.h Signed-off-by:
-
Qiang Huang authored
We should return -ENOMEM instead of ENOMEM when realloc fails. Signed-off-by:
-
Serge Hallyn authored
Otherwise we can't see template progress. Signed-off-by: -
Natanael Copa authored
If the package manager, apk-tools is missing, then: - download a static binary and public keys - verify the keys against embedded checksum - verify the signature of the static binary against the downloaded keys - use the verified static binary Signed-off-by:
-
- 31 May, 2013 3 commits
-
-
Serge Hallyn authored
And use it in place of the various ways we were deducing /etc/lxc/default.conf. Signed-off-by:
-
Serge Hallyn authored
configure/makefile: rename default_conf to distro_conf, since it is a per-distro default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to refer to the installed file. Signed-off-by:
-
Serge Hallyn authored
Update the LOCKING comment. Take mem_lock in want_daemonize. convert lxcapi_destroy to not use privlock/slock by hand. Fix a coverity-found potential dereference of NULL c->lxc_conf. api_cgroup_get_item() and api_cgroup_set_item(): use disklock, not memlock, since the values are set through the cgroup fs on the running container. Signed-off-by:
-
