init 1.34 is not "Essential" anymore, in order to make it not required
on minimal chroots, docker containers, etc. Because of that we now need
to manually include it on systems that are expected to boot.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>

There is container-getty.service with OL7.2 systemd, it
is also used for managing the getty service, use that
instead and not manually create it.
Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

In many environments the preference is to configure containers with
apt mirrors that are SSL-secured.

When building containers using the download template this can't be
done unless an insecure mirror is first used to install the
apt-transport-https package, then the sources reconfigured to
use the https URL.

When building containers without using the download template this
can't be done unless the container creator specifically includes
this package in the package list at build time. It seems more
intuitive to me to have the package installed by default.

Commit 396f75ab added the package
to the minbase variant, but this variant is not used by the download
template build process. The build process instead specifies no
variant, so this patch moves the package from the packages_template
package list in the minbase variant to the global packages_template
package list, ensuring that this package is included in all Ubuntu
build images that use the lxc-ubuntu template.
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>

lxc-start started to default to daemonize the container when starting
this conflicts with type=simple of the systemd unit

call lxc-start with -F and thus force execution in foreground
that way we can feed the log to journald properly and keep type=simple

Debian-Bug: https://bugs.debian.org/826100Signed-off-by: Evgeni Golov <evgeni@golov.de>

Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>

It looks like VPATH (split source and build directories) builds
are frequently broken. So let's test them on travis-ci.

Personally I use VPATH build in my deployment scripts.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>

struct in6_addr is both defined in the C library header <netinet/in.h>
and the Linux kernel header <linux/in6.h>.

lxc_user_nic.c includes both <netinet/in.h> and <linux/if_bridge.h>. The
later one includes <linux/in6.h>.

This breaks build with the musl libc:
  error: redefinition of ‘struct in6_addr’

As lxc_user_nic.c does not use any references from <linux/if_bridge.h> it
is safe to remove this header.
Signed-off-by: Jörg Krause <joerg.krause@embedded.rocks>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Andrey Kostin <andrey@kostin.email>

In many environments the preference is to configure containers with
apt mirrors that are SSL-secured.

When building containers using the download template this can't be
done unless an insecure mirror is first used to install the
apt-transport-https package, then the sources reconfigured to
use the https URL.

When building containers without using the download template this
can't be done unless the container creator specifically includes
this package in the package list at build time.

It seems more intuitive to me to have the package installed by
default. This patch includes the required package for the minbase
variant only as this is the default.
Signed-off-by: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

The idea here is that criu can use open_by_handle on a configuration which
will preserve inodes on moves across hosts, but shouldn't do that on
configurations which won't preserve inodes. Before, we forced it to always
be slow, but we don't have to do this.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

If we don't do this, we'll end up changing the function signatures for the
internal __criu_* functions each time we add a new parameter, which will
get very annoying very quickly. Since we already have the user's arguments
struct, let's just pass that all the way down.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

When writing out the CRIU exec command, we're bumping up against the buffer
size limit. Let's increase it so we can avoid:

lxc 20160509213229.921 WARN     lxc_log - log.c:log_append_logfile:111 - truncated next event from 523 to 512 bytes
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

If the value starts and ends with matching quote characters, those
characters are stripped automatically.   Quote characters are the
single quote (') or double quote (").  The quote removal is done after
the whitespace trimming.

This is needed particularly in order that lxc.environment values may
have trailing spaces.  However, the quote removal is done for all values
in the parse_line function, as it has non-const access to the value.
Signed-off-by: Stewart Brodie <stewart@metahusky.net>

Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>

so that there is a root uid mapping for the /proc/net files.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Hartnell Foster <hartnell.foster@bbc.co.uk>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

gentoo.moresecure.conf tries to drop the capability CAP_SYS_RESOURCES.
However, that capability doesn't exist, so the container doesn't start.
Change it to CAP_SYS_RESOURCE, according to capabilities(7).

Also correct the same typo in a comment in slackware.common.conf.
Signed-off-by: Karl-Johan Karlsson <creideiki@ferretporn.se>

I think (?) this may be related to our hanging monitor bug. Let's do this
anyway, as it's probably a good idea.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>

Required for proper applying dnsmasq config entries.
Signed-off-by: Andrey Kostin <andrey@kostin.email>

Signed-off-by: Thomas Tanaka <thomas.tanaka@oracle.com>

Update for commit f43d63bcSigned-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

When container init failed for whatever reason, previously it resulted
in a `SystemError: NULL result without error in PyObject_Call`
This will now result in a RuntimeError with the error message
previously printed to stderr.
Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>

Let lxc-checkconfig write to non-tty stdout without color control
characters
Signed-off-by: walkerning <foxdoraame@gmail.com>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

Update for commit f43d63bcSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

gcc -Wall warns about uninitialized variables (-Wmaybe-uninitialized), and
-Werror makes it fatal. This change allows the build to succeed by NULL'ifying
the pointer passed to strtok_r().

Note that strtok_r(3) anyway ignores a non-NULL arg3 pointer on the 1st call
with non-NULL arg1 string.
Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>

- /etc(/rc.d)?/init.d/functions does not exist on all distributions
- LSB does not define a message function without an explicit status
- Debian-derived systems add a log_daemon_msg for that

lets define an own log_daemon_msg as echo and try to load LSB init
functions afterwards, which might overload it with a nicer version

that way the init scripts should work on any system, without hard
dependencies on neither LSB nor /etc/init.d/functions

Closes #309 #310 #311
Signed-off-by: Evgeni Golov <evgeni@debian.org>

the target is obsolete since systemd v38 which everybody should have.

original patch by Daniel Baumann
Signed-off-by: Evgeni Golov <evgeni@debian.org>

```
>>> c = lxc.Container('ct')
>>> c.create('debian', args=('-r', 'jessie'))
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/usr/lib/python3/dist-packages/lxc/__init__.py", line 229, in
create
    template_args['args'] = tuple(tmp_args)
UnboundLocalError: local variable 'tmp_args' referenced before
assignment
```
Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>

original patch by Daniel Baumann

closes #308
Signed-off-by: Evgeni Golov <evgeni@debian.org>

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

pty logging only works correctly when stdout and stderr refer to a pty. If they
do not, we do not dup2() them and lxc_console_cb_con() will never write to the
corresponding log file descriptor.

When redirection on stdout and stderr is used we can safely assume that the user
is already logging to a file or /dev/null and creating an additional pty log
doesn't seem to make sense.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>