Skip to content

L
lxc
Switch branch/tag
  1. 06 Apr, 2015 5 commits
    • cgmanager: free line at end of check_supports_multiple_controllers · 7b7d76e0
      Serge Hallyn authored 
      This is only called at startup so it wasn't a big leak, but it is a leak.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0 · 89a4ec73
      Serge Hallyn authored 
      Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
and we start an unprivileged container t1, it will be in cgroup
3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
then look up 't1's values.  The reasons for this are

1. cgmanager get_value is relative to your own cgroup, so we need
to be sure to be in t1's cgroup or an ancestor
2. we don't want to be in the container's cgroup bc it might freeze us.

But in Ubuntu 15.04 it was decided that
3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
not be writeable by the user, making this fail.

Therefore put all unprivileged cgroups under "lxc/%n".  That way
the "lxc" cgroup should always be owned by the user so that he can
enter.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • logs: introduce a thread-local 'current' lxc_config · 42e56013
      Serge Hallyn authored 
      The logging code uses a global log_fd and log_level to direct
logging (ERROR(), etc).  While the container configuration file allows
for lxc.loglevel and lxc.logfile, those are only used at configuration
file read time to set the global variables.  This works ok in the
lxc front-end programs, but becomes a problem with threaded API users.

The simplest solution would be to not allow per-container configuration
files, but it'd be nice to avoid that.

Passing a logfd or lxc_conf into every ERROR/INFO/etc call is "possible",
but would be a huge complication as there are many functions, including
struct member functions and callbacks, which don't have that info and
would need to get it from somewhere.

So the approach I'm taking here is to say that all real container work
is done inside api calls, and therefore the API calls themselves can
set a thread-local variable indicating which log info to use.  If
unset, then use the global values.  The lxc-* programs, when called
with a '-o logfile' argument, set a global variable to indicate that
the user-specified value should be used.

In this patch:

If the lxc container configuration specifies a loglevel/logfile, only
set the lxc_config's logfd and loglevel according to those, not the
global values.

Each API call is wrapped to set/unset the current_config.  (The few
exceptions are calls which do not result in any log actions)

Update logfile appender to use the logfile specified in lxc_conf if (a)
current_config is set and (b) the lxc-* command did not override it.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • Merge pull request #469 from fajarnugraha/usernet-20150317 · 0dbb4b2d
      Stéphane Graber authored 
      Allow veth that is not attached to a bridge on unprivileged container
    • Merge pull request #465 from bostjan/bugfix/autostart-order-reverse · 51eba2ce
      Stéphane Graber authored 
      autostart: Fix bug with containers being started in reverse order
  3. 01 Apr, 2015 2 commits
  5. 30 Mar, 2015 3 commits
  7. 17 Mar, 2015 2 commits
  9. 13 Mar, 2015 5 commits
  11. 12 Mar, 2015 1 commit
  13. 11 Mar, 2015 2 commits
  15. 10 Mar, 2015 11 commits
  17. 23 Feb, 2015 1 commit
  19. 20 Feb, 2015 1 commit
  21. 18 Feb, 2015 6 commits
  23. 17 Feb, 2015 1 commit