Skip to content

L
lxc
Switch branch/tag
  1. 16 Jul, 2013 4 commits
  3. 15 Jul, 2013 1 commit
    • lxc_create: prepend pretty header to config file (v2) · 3ce74686
      Serge Hallyn authored 
      Define a sha1sum_file() function in utils.c.  Use that in lxcapi_create
to write out the sha1sum of the template being used.  If libgnutls is
not found, then the template sha1sum simply won't be printed into the
container config.

This patch also trivially fixes some cases where SYSERROR is used after
a fclose (masking errno) and missing consts in mkdir_p.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
  5. 12 Jul, 2013 4 commits
  7. 11 Jul, 2013 3 commits
    • Accomodate stricter devices cgroup rules · 283678ed
      Serge Hallyn authored 
      3.10 kernel comes with proper hierarchical enforcement of devices
cgroup.  To keep that code somewhat sane, certain things are not
allowed.  Switching from default-allow to default-deny and vice versa
are not allowed when there are children cgroups.  (This *could* be
simplified in the kernel by checking that all child cgroups are
unpopulated, but that has not yet been done and may be rejected)

The mountcgroup hook causes lxc-start to break with 3.10 kernels, because
you cannot write 'a' to devices.deny once you have a child cgroup.  With
this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets
the container's devices cgroup, and (c) setup_cgroup() during lxc startup
ignores failures to write to devices subsystem if we are already in a
child of the container's new cgroup.

((a) is not really related to this bug, but is definately needed.
The followup work of making the other hooks use the passed-in lxcpath
is still to be done)
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxcapi_create: fix template handling · cbee8106
      Serge Hallyn authored 
      1. If no template is passed in, then do not try to execute it.  The user
just wanted to write the configuration.

2. If template is passed in as a full path, then use that instead of
constructing '$templatedir/lxc-$template'.
Reported-by: 's avatarWanlong Gao <gaowanlong@cn.fujitsu.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxcapi_create: split out the template execution · 96b3cb40
      Serge Hallyn authored 
      Make it its own function to make both more readable.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
  9. 10 Jul, 2013 4 commits
    • oracle template: use clonehostname hook script · fb75356a
      Dwight Engen authored 
      Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • add clonehostname hook · 1143ed39
      Dwight Engen authored 
      This hook script updates the hostname in various files under /etc in the
cloned container. In order to do so, the old container name is passed in
the LXC_SRC_NAME environment variable.
Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxc-fedora template - Fix retries, use os-release for release, add utsname. · b9b3a92f
      Michael H. Warfield authored 
      Hey all!

Patch for the Fedora template.  Several things...

1) A month or so ago, I floated an idea of adding an option for utsname
which Serge seemed to like but we let it float for more feedback (none
came).

2) In private mail to Serge and Stéphane I mentioned the idea of using
the CPE (Common Platform Enumeration) for host distro and version
identification.  I heard back from Serge but not Stéphane.  CPE is a
standard promoted by NIST and Mitre (along with CVE and CVSS) as part of
the security community as a common identification mechanism.  It's
supported by RedHat based distros and many others (notable exception
Ubuntu).  I've patched the Fedora template to parse first
the /etc/os-release file or, alternatively, the /etc/system-release-cpe
file for the distro ID and version instead of the human
readable /etc/redhat-release.  There's more that can be done with that
in the realm of cross distro container builds, I suspect.

3) At the time of working on 1&2 I noticed that the retry logic in the
Fedora template just didn't seem right.  I believe I posted a message
asking for clarification on that behavior.  A recently post in the
-users list indicating that someone could not create a Fedora 19
container (because the release ver string was 19-2 and the template was
only looking for -1) prompted me to rework the retry logic for handling
the mirror list and servers as well as revamp the download logic to
properly identify the correct release package.

The patch for all of the above is attached below the jump.  It's been
tested on Fedora 17 through Fedora 19 hosts and has created containers
for F11, F12, F13, F14, F16, F17, F18, and F19.  F15 failed for rpm
dependency issues that are not worth fixing (IMHO).

Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw@WittsEnd.com
   /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9          | An optimist believes we live in the best of all
 PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!

--
Signed-off-by: 's avatarMichael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • fix potential out of bounds pointer deref · 3327917f
      Dwight Engen authored 
      I noticed that if find_first_wholeword() is called with word at the very
beginning of p, we will deref *(p - 1) to see if it is a word boundary.
Fix by considering p = p0 to be a word boundary.
Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
  11. 09 Jul, 2013 1 commit
  13. 08 Jul, 2013 5 commits
  15. 03 Jul, 2013 1 commit
  17. 01 Jul, 2013 3 commits
  19. 28 Jun, 2013 1 commit
  21. 27 Jun, 2013 4 commits
  23. 24 Jun, 2013 2 commits
  25. 19 Jun, 2013 1 commit
  27. 18 Jun, 2013 1 commit
  29. 13 Jun, 2013 1 commit
  31. 12 Jun, 2013 2 commits
    • console API improvements · b5159817
      Dwight Engen authored 
      Add a higher level console API that opens a tty/console and runs the
mainloop as well. Rename existing API to console_getfd(). Use these in
the python binding.

Allow attaching a console peer after container bootup, including if the
container was launched with -d. This is made possible by allocation of a
"proxy" pty as the peer when the console is attached to.

Improve handling of SIGWINCH, the pty size will be correctly set at the
beginning of a session and future changes when using the lxc_console() API
will be propagated to it as well.

Refactor some common code between lxc_console.c and console.c. The variable
wait4q (renamed to saw_escape) was static, making the mainloop callback not
safe across threads. This wasn't a problem when the callback was in the
non-threaded lxc-console, but now that it is internal to console.c, we have
to take care of it. This is now contained in a per-tty state structure.

Don't attempt to open /dev/null as the console peer since /dev/null cannot
be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed
to get the console setup (and the log to work) since the case of not having
a peer at console init time has to be handled to allow for attaching to it
later.

Move signalfd libc wrapper/replacement to utils.h.
Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxc-init: continue even if we fail to mount /dev/mqueue · 5d4d3ebb
      Natanael Copa authored 
      The 'lxc-init' (a lightweight init process used by lxc-execute in place
of upstart etc) tries to mount /dev/mqueue during startup. If that fails
(for instance due to missing support for mqueue in kernel) then it
aborts execution and returns -1. This is unreasonable as very few
applications actually need /dev/mqueue.

This similar to what we do with /dev/shm.
Signed-off-by: 's avatarNatanael Copa <ncopa@alpinelinux.org>
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
  33. 11 Jun, 2013 1 commit
  35. 10 Jun, 2013 1 commit