- 28 Sep, 2015 2 commits
-
-
Christian Brauner authored
Signed-off-by:
Christian Brauner <christianvanbrauner@gmail.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Stéphane Graber authored
The dpkg architecture isn't relevant to LXC, only the kernel arch is. Signed-off-by:
Gergely Szasz <szaszg@hu.inter.net> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
- 26 Sep, 2015 2 commits
-
-
Serge Hallyn authored
handler->conf can't be null bc we checked handler->conf->epheemral before calling lxc_destroy_container_on_signal() Signed-off-by: -
Serge Hallyn authored
Don't proceed to try the mount if we failed to create the target if it didn't exist. Signed-off-by:
-
- 25 Sep, 2015 2 commits
-
-
Tycho Andersen authored
Since we want to use null-terminated abstract sockets, let's compute the length of them correctly. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
Serge Hallyn authored
systemd wants it. It doesn't seem to be a big deal, but it's one fewer error msg. Signed-off-by:
-
- 21 Sep, 2015 29 commits
-
-
Stéphane Graber authored
I've noticed that a bunch of the code we've included over the past few weeks has been using 8-spaces rather than tabs, making it all very hard to read depending on your tabstop setting. This commit attempts to revert all of that back to proper tabs and fix a few more cases I've noticed here and there. No functional changes are included in this commit. Signed-off-by: -
Serge Hallyn authored
Otherwise the kernel will umount when it gets around to it, but that on lxc_destroy we may race with it and fail the rmdir of the overmounted (BUSY) rootfs. This makes lxc-test-snapshot pass for me again. Signed-off-by:
-
Serge Hallyn authored
(This *should* fix the lxc-test-snapshot testcase, but doesn't seem to by itself.) If it doesn't exist, we may as well start with an empty one. This is needed when creating an overlayfs snapshot. Signed-off-by:
-
Serge Hallyn authored
We're asked to delete it, don't fail if it doesn't exist. This stops lxc-destroy from failing when the container isn't fully built. Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Christian Brauner authored
On shutdown ephemeral containers will be destroyed. We use mod_all_rdeps() from lxccontainer.c to update the lxc_snapshots file of the original container. We also include lxclock.h to lock the container when mod_all_rdeps() is called to avoid races. Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Tycho Andersen authored
Here's some more config options that we do actually require to be able to boot containers. Signed-off-by:
-
Tycho Andersen authored
Signed-off-by:
-
Tycho Andersen authored
I have no idea what this file is, but the build system seems to be generating it, so let's ignore it. Signed-off-by:
-
Christian Brauner authored
Use pwrite() to write terminating \0-byte This allows us to use standard string handling functions and we can avoid using the GNU-extension memmem(). This simplifies removing the container from the lxc_snapshots file. Wrap strstr() in a while loop to remove duplicate entries. Signed-off-by:
-
Stephane Nguyen authored
Signed-off-by:
Stephane Nguyen <stephminh@yahoo.es> Acked-by:
-
Christian Brauner authored
When lxc.ephemeral is set to 1 in the containers config it will be destroyed on shutdown. Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Christian Brauner authored
static do_bdev_destroy() and bdev_destroy_wrapper() from lxccontainer.c become public bdev_destroy() and bdev_destroy_wrapper() in bdev.c and bdev.h Signed-off-by:
-
Christian Brauner authored
Add lxc.ephemeral lxc.ephemeral indicates whether a container will be destroyed on shutdown Can be 0 for non-ephemeral and 1 for ephemeral. Signed-off-by:
-
Serge Hallyn authored
Closes #655 We can't rsync the delta as unpriv user because we can't create the chardevs representing a whiteout. We can however rsync the rootfs and have the kernel create the whiteouts for us. do_rsync: pass --delete Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
Serge Hallyn authored
Test edge cases (removing first and last entries in lxc_snapshots and the very last snapshot) and make sure original container isn't destroyed while there are snapshots, and is when there are none. Signed-off-by:
-
Serge Hallyn authored
Newer kernels have added a new restriction: if /proc or /sys on the host has files or non-empty directories which are over-mounted, and there is no /proc which fully visible, then it assumes there is a "security" reason for this. It prevents anyone in a non-initial user namespace from creating a new proc or sysfs mount. To work around this, this patch adds a new 'nesting.conf' which can be lxc.include'd from a container configuration file. It adds a non-overmounted mount of /proc and /sys under /dev/.lxc, so that the kernel can see that we're not trying to *hide* things like /proc/uptime. and /sys/devices/virtual/net. If the host adds this to the config file for container w1, then container w1 will support unprivileged child containers. The nesting.conf file also sets the apparmor profile to the with-nesting variant, since that is required anyway. This actually means that supporting nesting isn't really more work than it used to be, just different. Instead of adding lxc.aa_profile = lxc-container-default-with-nesting you now just need to lxc.include = /usr/share/lxc/config/nesting.conf (Look, fewer characters :) Finally, in order to maintain the current apparmor protections on proc and sys, we make /dev/.lxc/{proc,sys} non-read/writeable. We don't need to be able to use them, we're just showing the kernel what's what. Signed-off-by: -
Sungbae Yoo authored
Update for commit dedd4f67Signed-off-by:
Sungbae Yoo <sungbae.yoo@samsung.com> Acked-by:
-
Sungbae Yoo authored
update for commit dbca9237Signed-off-by:
-
Sungbae Yoo authored
Update for commit 2d8632d5Signed-off-by:
-
Sungbae Yoo authored
Update for commit 585f3c6bSigned-off-by:
-
Sungbae Yoo authored
Update for commit f5b67b36Signed-off-by:
-
KATOH Yasufumi authored
Update for commit dedd4f67Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
KATOH Yasufumi authored
update for commit dbca9237Signed-off-by:
-
KATOH Yasufumi authored
* Add the description of '-s' option * Remove '-P' option, and add common options * Improve Japanese translation Signed-off-by:
-
KATOH Yasufumi authored
Add the description of optional, create=file/dir for lxc.mount.entry. This is update for commit f5b67b36. Signed-off-by:
-
- 08 Sep, 2015 1 commit
-
-
Christian Brauner authored
Signed-off-by:
-
- 04 Sep, 2015 2 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
First, fix use of uninitialized variable 'ret'. Then, actually use the value it returned in its caller. Signed-off-by:
-
- 03 Sep, 2015 2 commits
-
-
Stéphane Graber authored
Tear down network devices during container halt
-
Major Hayden authored
On very busy systems, some virtual network devices won't be destroyed after a container halts. This patch uses the lxc_delete_network() method to ensure that network devices attached to the container are destroyed when the container halts. Without the patch, some virtual network devices are left over on the system and must be removed with `ip link del <device>`. This caused containers with lxc.network.veth.pair to not be able to start. For containers using randomly generated virtual network device names, the old devices will hang around on the bridge with their original MAC address. Signed-off-by:Major Hayden <major@mhtx.net>
-
