- 03 Oct, 2010 6 commits
-
-
Daniel Lezcano authored
Don't display an error when the callback returns an error different from zero. A value greater than zero may means "stop". Let's the caller to check the error. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
The <rootfs>/var/run/utmp is located in: /proc/<containerinit>/root/var/run/utmp, let's use it. Signed-off-by: -
Daniel Lezcano authored
Let's initialize rootfs->mount to LXCROOTFSMOUNT. The value will be overwritten by the configuration in case it is specified. That will make the code nicer, instead of the ugly rootfs->mount checks. Signed-off-by: -
Daniel Lezcano authored
The rootfs is always located in rootfs->mount, let's use it for the tty. Signed-off-by: -
Daniel Lezcano authored
The rootfs is always located in the mount point now, let's use it. Signed-off-by: -
Daniel Lezcano authored
Split the rootfs setup by mounting the rootfs to the mount point. This mount point will be used as the facto place where the rootfs is placed. Signed-off-by:
-
- 01 Oct, 2010 3 commits
-
-
Daniel Lezcano authored
The attached patch adds a variable at the top of lxc-debian to change the SUITE. Currently tested suites are lenny, squeeze, sid. Also, the patch uses the dhcp3-client package instead of dhcp-client which is deprecated in lenny and removed in squeeze. Patch initialy from Mathieu Parent. Signed-off-by: -
Ozan Caglayan authored
Correctly link to libcap to avoid underlinking and unused direct dependency problems. Signed-off-by:
Ozan Caglayan <ozan@pardus.org.tr> Signed-off-by:
-
Cedric Le Goater authored
Signed-off-by:
Cedric Le Goater <clg@fr.ibm.com> Signed-off-by:
-
- 13 Sep, 2010 1 commit
-
-
Daniel Lezcano authored
When a container is installed with 32bits binaries while we are running on a 64bits host, inside the container we are seen as 64bits arch. That leads to some problems for the package updates because the scripts will download 64bits packages instead of 32bits. This patch defines a configuration variable to set the architecture of the container. lxc.arch = i686 | x86 | x86_64 | amd64 Signed-off-by:
-
- 26 Jul, 2010 1 commit
-
-
Daniel Lezcano authored
Signed-off-by:
-
- 23 Jul, 2010 9 commits
-
-
Michel Normand authored
src/lxc/console.c:143: warning : return type defaults to ‘int’ Signed-off-by:
Michel Normand <normand@fr.ibm.com> Signed-off-by:
-
Daniel Lezcano authored
In case of error the message will be always truncated. We check the message was truncated with the total size received which means the kernel as more info to give. Signed-off-by: -
Daniel Lezcano authored
Signed-off-by: -
Daniel Lezcano authored
If the physical link is not specified in the configuration the check in if_nametoindex(netdev->link) leads to a segfault. Check the link is specified. Signed-off-by:
Ferenc Wagner <wferi@niif.hu>
-
Daniel Lezcano authored
Signed-off-by: -
Daniel Lezcano authored
Add missing include Signed-off-by: -
Daniel Lezcano authored
Signed-off-by: -
Daniel Lezcano authored
Fix the setuid bit root script. Signed-off-by: -
Daniel Lezcano authored
Signed-off-by:
-
- 22 Jul, 2010 2 commits
-
-
Daniel Lezcano authored
When the interface used in the container is a physical interface from the host, we keep the initial name. Signed-off-by:
Sabdar <sabdar@wellspringsys.com>
-
Daniel Lezcano authored
The list is 'lifo', so when we create the network interfaces, we do this in the reverse order of the expected one. That is confusing. Signed-off-by:
-
- 20 Jul, 2010 7 commits
-
-
Daniel Lezcano authored
Some file systems do not support the file posix capabilities. The following script set the setuid bit root on the different cli. Signed-off-by: -
Daniel Lezcano authored
Prevent to specify a file not belonging to us as the output for the console Signed-off-by: -
Daniel Lezcano authored
With the capabilities, the open of the log file can be done on any file, making possible to modifify the content of the file. Let's drop the privilege when opening the file, so we ensure that is no longer possible. Signed-off-by: -
Daniel Lezcano authored
Move the reset of the capabilities to the caps.c file and initialize correctly the capabilities for lxc-init. Signed-off-by: -
Daniel Lezcano authored
Signed-off-by: -
Daniel Lezcano authored
This macro is a helper to call a function into a [un]privilegied section. Signed-off-by: -
Daniel Lezcano authored
This patch adds the functions to drop the 'effective' capabilities and restore them from the 'permitted' capabilities. When the command is run as 'root' we do nothing. When the command is run as 'lambda' user, we drop the effective capabilities When the command is run as 'root' but real uid is not root, we keep the capabilies, switch to real uid, and drop the effective capabilities. This approach is compatible for root user, lambda + file capabilities and lambda + setuid. Signed-off-by:
-
- 19 Jul, 2010 1 commit
-
-
Daniel Lezcano authored
This function is no longer used. Signed-off-by:
-
- 13 Jul, 2010 4 commits
-
-
Daniel Lezcano authored
If lxc-init receives a SIGALRM, a timeout, it kills all the processes of the container with SIGKILL. That will prevent the container to be stuck when one process ignore the SIGTERM signal. Each time a process exits, the timeout is resetted. Signed-off-by: -
Daniel Lezcano authored
When lxc-init receives a SIGTERM, let's kill all the processes of the pid namespace with kill -1. So the exit of the container will happen gracefully with processes death cascade. Signed-off-by: -
Ferenc Wagner authored
Signed-off-by:
-
Ferenc Wagner authored
Signed-off-by:
-
- 12 Jul, 2010 3 commits
-
-
Daniel Lezcano authored
Add missing include. Signed-off-by: -
Sukadev Bhattiprolu authored
As pointed out by Dan Smith, when a container is being stopped, it must also be unfrozen after posting the SIGKILL. Otherwise if the container is frozen when the SIGKILL is posted, the SIGKILL will remain pending and the lxc-stop command will block until lxc-unfreeze is explicitly called). (lxc-stop waits for the container to exit and close the socket but since the container is frozen, lxc-stop will block). Signed-off-by:
Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Acked-by:
Matt Helsley <matthltc@us.ibm.com> Acked-by:
Dan Smith <danms@us.ibm.com> Signed-off-by:
-
Sukadev Bhattiprolu authored
A write to the freezer.state file does not gurantee that the state has changed. To ensure that the freezer state is either FROZEN or THAWED, read the freezer state and if it has not changed, repeat the write. Changelog[v2]: - Minor reorg of code - Comments from Daniel Lezcano: - lseek() before each read/write of freezer.state - Have lxc_freeze_unfreeze() return -1 on error Signed-off-by:
-
- 06 Jul, 2010 2 commits
-
-
Tushar Gohad authored
Signed-off-by:
Tushar Gohad <tgohad@mvista.com> Signed-off-by:
-
Daniel Lezcano authored
If the pdeath signal is set after the synchro we have a window where the parent exits with the pdeath signal not set. In order to avoid that, we have to move the prctl before the synchro with the parent so if the parent exits before we can set the pdeath signal, the synchro will fail in any case and the container startup will be aborted. Signed-off-by:
-
- 24 Jun, 2010 1 commit
-
-
Daniel Lezcano authored
Signed-off-by:
-
