- 16 Aug, 2014 10 commits
-
-
Lars Wikberg authored
Signed-off-by:
Lars Wikberg <lars.wikberg@anvia.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Jean-Tiare LE BIGOT authored
Signed-off-by:
Jean-Tiare LE BIGOT <jean-tiare.le-bigot@ovh.net> Acked-by:
-
Jean-Tiare LE BIGOT authored
When "lxc.autodev = 1", LXC creates automatically a "/dev/.lxc/<name>.<hash>" folder to put container's devices in so that they are visible from both the host and the container itself. On container exit (ne it normal or not), this folder was not cleaned which made "/dev" folder grow continuously. We fix this by adding a new `int lxc_delete_autodev(struct lxc_handler *handler)` called from `static void lxc_fini(const char *name, struct lxc_handler *handler)`. Signed-off-by:
-
Serge Hallyn authored
This prevents u2 from going into /home/u1/.local/share/lxc/u1/rootfs and running setuid-root applications to get write access to u1's container rootfs. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Dwight Engen <dwight.engen@oracle.com>
-
Serge Hallyn authored
(Thanks, Dwight, this one look right?) Make sure we reap our child at cgm_{s,g}et. Changelog: Fix change in behavior on empty read from the do_cgm_get() helper that was spotted by Dwight. Signed-off-by: -
S.Çağlar Onur authored
Raspberry Pi kernel finally supports all the bits required by LXC [1] This patch makes "./configure --with-distro=raspbian" to install lxcbr0 based config file and upstart jobs. Also src/lxc/lxc.net now checks the existence of the lxc-dnsmasq user (and fallbacks to dnsmasq) RPI users still need to pass "MIRROR=http://archive.raspbian.org/raspbian/" parameter to lxc-create to pick the correct packages MIRROR=http://archive.raspbian.org/raspbian/ lxc-create -t debian -n rpi [Could be applied to stable-1.0 if you cherry-pick 7157a508ba3015b830877a5e4d6ca9debb3fd064] [1] https://github.com/raspberrypi/linux/issues/176Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Acked-by:
-
Serge Hallyn authored
This would have caught a regression in Ubuntu's 3.16 kernel. Signed-off-by:
-
Serge Hallyn authored
We were allocating sizeof(tree) instead of sizeof(*tree). Signed-off-by:
-
Serge Hallyn authored
Actually, get rid of the temporary variables, and set newname and lxcpath to usable values if they were NULL. Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 96f15ca1Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
- 15 Aug, 2014 1 commit
-
-
Stéphane Graber authored
Before calling btrfs and playing with subvolumes, let's make sure the btrfs command is available. Signed-off-by:
-
- 08 Aug, 2014 11 commits
-
-
Serge Hallyn authored
This is for the master branch, to fix a memleak on conf free. Signed-off-by:
-
Jean-Tiare LE BIGOT authored
When `lxc.autodev = 0` and empty tmpfs is mounted on /dev and private pts are requested, we need to ensure '/dev/pts' exists before attempting to mount devpts on it. Signed-off-by:
-
Vincent Giersch authored
Signed-off-by:
Vincent Giersch <vincent.giersch@ovh.net> Acked-by:
-
Vincent Giersch authored
Especially when using the Python API, the child process inherits of the file descriptiors of the script. Signed-off-by:
-
Jean-Tiare LE BIGOT authored
Signed-off-by:
-
rabisg authored
Signed-off-by:
Rabi Shanker Guha <guha.rabishankar@gmail.com> Acked-by:
-
Kalman Olah authored
With the current old CentOS template, dnsmasq was not able to resolve the hostname of an lxc container after it had been created. This minor change rectifies that. Signed-off-by:
Kalman Olah <hello@kalmanolah.net> Acked-by:
-
Nikolay Martynov authored
Send container's hostname to dhcp server when getting ip address. Signed-off-by:
Nikolay Martynov <mar.kolya@gmail.com> Acked-by:
-
Michael Werner authored
Signed-off-by:
Michael Werner <xaseron@googlemail.com> Acked-by:
-
Serge Hallyn authored
They don't work right now, so until we fix that, don't allow it. Signed-off-by:
-
Serge Hallyn authored
/dev/shm must be turned from a directory into a symlink to /run/shm. The templates do this only if they find -d $rootfs/run/shm. Since /run will be a tmpfs, checking for it in the rootfs is silly. It also is currently broken as ubuntu cloud images have an empty /run. (this should fix https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1353734) Signed-off-by:
-
- 06 Aug, 2014 1 commit
-
-
Serge Hallyn authored
v2: add get_config_item clear_config_item is not supported, as it isn't for lxc.console, bc you can do 'lxc.console.logfile =' to clear it. Likewise save_config is not needed because the config is now just written through the unexpanded char*. Signed-off-by:
-
- 04 Aug, 2014 14 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
Originally, we only kept a struct lxc_conf representing the current container configuration. This was insufficient because lxc.include's were expanded, so a clone or a snapshot would contain the expanded include file contents, rather than the original "lxc.include". If the host's include files are updated, clones and snapshots would not inherit those updates. To address this, we originally added a lxc_unexp_conf, which mirrored the lxc_conf, except that lxc.include was not expanded. This has its own cshortcomings, however, In particular, if a lxc.include has a lxc.cgroup setting, and you use the api to say: c.clear_config_item("lxc.cgroup") this is not representable in the lxc_unexp_conf. (The original problem, which was pointed out to me by stgraber, was slightly different, but unlike this problem it was not unsolvable). This patch changes the unexpanded configuration to be a textual representation of the configuration. This allows us *order* the configuration commands, which is what was not possible using the struct lxc_conf *lxc_unexp_conf. The write_config() now becomes a simple fwrite. However, lxc_clone is slightly complicated in parts, the worst of which is the need to rewrite the network configuration if we are changing the macaddrs. With this patch, lxc-clone and clear_config_item do the right thing. lxc-test-saveconfig and lxc-test-clonetest both pass. There is room for improvement - multiple calls to c.append_config_item("lxc.network.link", "lxcbr0") will result in multiple such lines in the configuration file. In that particular case it is harmless. There may be cases where it is not. Overall, this should be a huge improvement in terms of correctness. Changelog: Aug 1: updated to current lxc git head. All lxc-test* and python api test passed. Signed-off-by: -
Serge Hallyn authored
Pull the #defines and struct definitions for btrfs into a separate .h file to not clutter bdev.c Implement btrfs recursive delete support A non-root user isn't allow to do the ioctls needed for searching (as you can verify with 'btrfs subvolume list'). So for an unprivileged user, if the rootfs has subvolumes under it, deletion will fail. Otherwise, it will succeed. Changelog: Aug 1: . Fix wrong objid passing when determining directory paths . In do_remove_btrfs_children, avoid dereferencing NULL dirid . Fix memleak in error case. Signed-off-by:
-
KATOH Yasufumi authored
Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 719fae07Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 7c661726Signed-off-by:
-
KATOH Yasufumi authored
Update for commit c00f3f36Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 476d302cSigned-off-by:
-
Martin Pitt authored
Signed-off-by:
Martin Pitt <martin.pitt@ubuntu.com> Acked-by:
-
Martin Pitt authored
On Ubuntu we need to set up the AppArmor profiles also under systemd. Add a new helper "lxc-apparmor-load" and integrate it into lxc.service. Signed-off-by:
-
Martin Pitt authored
If /etc/rc.d/init.d/functions is not present or does not define an action() function, provide a simple fallback using "echo". Signed-off-by:
-
Martin Pitt authored
This is the equivalent of the upstart lxc-net.conf to set up the LXC bridge. This also drops "lxc.service" from tarballs. It is built source which depends on configure options, so the statically shipped file will not work on most systems. https://launchpad.net/bugs/1312532Signed-off-by:
-
Martin Pitt authored
Don't install systemd unit files into $(prefix), they won't work there. Instead, get them from systemd's pkg-config file. Signed-off-by:
-
Martin Pitt authored
Factor this out of the lxc-net.conf upstart job, so that it can be used by init.d scripts and systemd units, too. Part of https://launchpad.net/bugs/1312532Signed-off-by:
-
- 31 Jul, 2014 3 commits
-
-
Serge Hallyn authored
We only call it (so far) after doing a fork(), so this is fine. If we ever need such a thing from threaded context, we'll simply need to write our own version for android. Signed-off-by:
-
Serge Hallyn authored
This gives me: ubuntu@c-t1:~$ lxc-create -t download -n u1 lxc_container: No mapping for container root lxc_container: Error chowning /home/ubuntu/.local/share/lxc/u1/rootfs to container root lxc_container: You must either run as root, or define uid mappings lxc_container: To pass uid mappings to lxc-create, you could create lxc_container: ~/.config/lxc/default.conf: lxc_container: lxc.include = /etc/lxc/default.conf lxc_container: lxc.id_map = u 0 100000 65536 lxc_container: lxc.id_map = g 0 100000 65536 lxc_container: Error creating backing store type (none) for u1 lxc_container: Error creating container u1 when I create a container without having an id mapping defined. Signed-off-by: -
Dwight Engen authored
The virtd_lxc_t type provided by the default RHEL/CentOS/Oracle 6.5 policy is an unconfined_domain(), so it doesn't really enforce anything. This change will provide a link in the documentation to an example policy that does confine containers. On more recent distributions with new enough policy, it is recommended not to use this sample policy, but to use the types already available on the system from /etc/selinux/targeted/contexts/lxc_contexts, ie: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" Signed-off-by:
-
