Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update for commit 055af165Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

When no template file is specified on lxc-create, recieve segfault.
So change not to append header in config when no template is specified.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Also log execlp error code if it returns.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Remove the union in bdev_specs and store all options if -Bbest is passed. Fixes issue #31.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Fixes rpmlint error "script-without-shebang". Checked other lua modules
and none are installed with execute permission.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The following changes were made to fix rpmlint warnings/errors
- use %global instead of %define
  http://fedoraproject.org/wiki/PackagingDrafts/global_preferred_over_define
- change Summary to match .deb
- update License
- do not mention the libcap dependency explicitly, rpm will fill it in
- fix Summary, Description for libs and devel packages
- pass -q to %setup
- add %post for libs to run ldconfig
- explicitly name lxc man paths so pkg doesn't "own" /usr/share/man
- mark /etc/lxc/default.conf as a config file

In addition, while I was here:
- split lua bits into seperate lxc-lua package
- change Description to match .deb
- remove "Version" in changelog entries to follow
  http://fedoraproject.org/wiki/Packaging:Guidelines#ChangelogsSigned-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The template creates /dev/full for the container but needs also give
permission to access it.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

The idea was simply misguided.

If you provide a custom configuration file, you still should be
putting the command sock into the real lxcpath, not an 'anon' one.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 62c70ee2Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

If lvs invocation fails or doesn't return any output, then lv flags comparison to false.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

When using the -Bloop option, fstype and fssize arguments were copied
into the lvm struct of bdev specs instead of the loop struct.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Will fallback to no thinpool if not present or if thin pool provided on the command line does not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

[...]
make[3]: Entering directory `/home/caglar/Projects/lxc/src/tests'
depbase=`echo attach.o | sed 's|[^/]*$|.deps/&|;s|\.o$||'`;\
        gcc -DHAVE_CONFIG_H -I. -I../../src    -I../../src -DLXCROOTFSMOUNT=\"/usr/lib/x86_64-linux-gnu/lxc/rootfs\" -DLXCPATH=\"/var/lib/lxc\" -DLXC_GLOBAL_CONF=\"/etc/lxc/lxc.conf\" -DLXCINITDIR=\"/usr/libexec\" -DLXC_DEFAULT_CONFIG=\"/etc/lxc/default.conf\"   -g -O2 -Wall -Werror -MT attach.o -MD -MP -MF $depbase.Tpo -c -o attach.o attach.c &&\
        mv -f $depbase.Tpo $depbase.Po
attach.c: In function ‘main’:
attach.c:380:2: error: implicit declaration of function ‘test_lsm_detect’ [-Werror=implicit-function-declaration]
cc1: all warnings being treated as errors
make[3]: *** [attach.o] Error 1
[...]
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add a --thinpool argument to lxc-create, to use thin pool backed lvm when creating the container. When cloning a container backed by a thin pool, the clone will default to the same thin pool.

On a system with AppArmor enabled, if lxc.se_context is configured but
lxc.aa_profile is not (because the user just wants to use the default
AppArmor profile) lxc was passing the lxc.se_context to be set as the
new AppArmor profile. Determine which configuration item to use based
on which lsm is enabled.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

- Add attach test cases

- Moved setting of LSM label later to avoid failure of IPC between parent
  and child during attach
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

It was probably disabled by a mistake
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This reworks the mount logic for lxc-start-ephemeral to be as follow:
 - Any real (non-bind) entry gets copied to the target fstab
 - Any bind-mount from a virtual fs gets copied to the target fstab
 - Any remaining bind-mount if confirmed to be valid gets setup as an
   overlay.

Extra bind-mounts passed through the -b option are mounted by the
pre-mount script and don't need processing by the fstab generator.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

A callback return value < 0 means there was an error, so print
out an error message.  But a rv > 0 is used by the mount_unknown_fs
functions to say "we found the one we want, stop here."

Document this, and only print an error message if rv < 0.  Otherwise,

	lxc-create -B lvm --fstype ext3 -t ubuntu -n u1

will print an (innocuous) error message about being unable to parse
the config value 'ext3'.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The latest Mandriva distro release was in 2011 and nowadays distro named
OpenMandriva Lx.
Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>