- 04 Jun, 2014 14 commits
-
-
Serge Hallyn authored
It is not possible to mount a block device from a non-init user namespace. Therefore if root on the host is starting a container with a uid mapping, and the rootfs is a block device, then mount the rootfs before we spawn the container init task. This addresses https://github.com/lxc/lxc/issues/221Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
This is to deal with the GPG pool occasionaly yielding broken servers. Signed-off-by:
-
Michael H. Warfield authored
Set the halt.target action to be sigpwr.target. This allows SIGPWR to properly shut the container down from lxc-stop. Renable the systemd-journald.service. Signed-off-by:
Michael H. Warfield <mhw@WittsEnd.com> Acked-by:
-
Serge Hallyn authored
before using it, like the other snapshot api methods do. This will need to go into stable-1.0 as well. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
The template name isn't required, if it's not passed, then create will simply be asked to create a container without a rootfs. Signed-off-by:
-
bartekplus authored
Signed-off-by:
Bartosz Tomczyk <bartekplus@gmail.com> Acked-by:
-
bartekplus authored
Signed-off-by:
-
TAMUKI Shoichi authored
Fix configure_plamo so as not to configure wireless network interface in containers even if the host uses wireless network interface. Signed-off-by:
TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by:
-
Dwight Engen authored
Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Serge Hallyn authored
AC_SEARCH_LIBS always places the library being queried into LIBS. We don't want that - we were only checking whether a function is available. Not everything (notably not init.lxc.static) needs to link against -lcgmanager. Signed-off-by:
-
bartekplus authored
Signed-off-by:
-
Serge Hallyn authored
Newer kernels optionally disallow reading /proc/$$/personality by non-root users. We can get the personality through the lxc command interface, so do so. Also try to be more consistent about personality being a signed long. We had it as int, unsigned long, signed long throughout the code. (This addresses bug https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1322067 : 3.15.0-1.x breaks lxc-attach for unprivileged containers) Signed-off-by:
-
S.Çağlar Onur authored
Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Acked-by:
-
- 21 May, 2014 7 commits
-
-
S.Çağlar Onur authored
Signed-off-by:
-
Serge Hallyn authored
Otherwise the name=systemd cgroup isn't changed to one which the lxc-unpriv user can write to, causing the test to fail. This allows lxc-test-unpriv and lxc-test-usernic to pass when run in an unprivileged container with cgmanager. Signed-off-by:
-
Serge Hallyn authored
we actually meant to check *p not p. Signed-off-by: -
Dwight Engen authored
Signed-off-by:
-
Serge Hallyn authored
When I converted attach and enter to using move_pid_abs, these needed to use the new get_pid_cgroup_abs method to get an absolute path. But for some inexplicable reason I also converted the functions which get and set cgroup properties to use the absolute paths. These are simply not compatible with the cgmanager set_value and get_value methods. This breaks for instance lxc-test-cgpath. So undo that. With this patch lxc-test-cgpath, lxc-test-autotest, and lxc-test-concurrent once again pass in a nested container. Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
ChangZhuo Chen (陳昌倬) authored
Signed-off-by:
ChangZhuo Chen (陳昌倬) <czchen@gmail.com> Acked-by:
-
- 20 May, 2014 1 commit
-
-
Dwight Engen authored
Don't spawn a getty on /dev/console when running under libvirt-lxc Signed-off-by:
-
- 19 May, 2014 18 commits
-
-
Dwight Engen authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
KATOH Yasufumi authored
Update for commit 6191f4f4Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
Serge Hallyn authored
For years it has been best practice to use a relative path as the mount target. But the manpage hasn't reflect that. Fix it. Signed-off-by:
-
Edvinas Klovas authored
when using btrfs backend lxc-create first creates rootfs in /usr/lib/lxc/rootfs directory before moving it to /var/lib/lxc or other directory supplied by the command line. Archlinux template relied in $rootfs_path which made containers created with btrfs backend have lxc.rootfs set to /usr/lib/lxc/rootfs. By using $path instead of $rootfs_path we make sure that lxc.rootfs is always correct. Signed-off-by:
Edvinas Klovas <edvinas@pnd.io> Acked-by:
-
S.Çağlar Onur authored
Signed-off-by:
-
Serge Hallyn authored
On older cgmanager the support was broken. So rather than fail container starts altogether, just keep the old lxc behavior in this case by not using name= subsystems. Signed-off-by:
-
KATOH Yasufumi authored
commit aafea1f7 was incomplete. Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
Edvinas Klovas authored
archlinux is using systemd and systemd's configuration does not have any services setup to handle sigpwr hook which is sent by lxc-stop command. By enabling sigpwr service we make sure that lxc-stop will work. Signed-off-by:
-
Serge Hallyn authored
If an unprivileged user does 'lxc-start -n u1' in one login session, followed by 'lxc-attach -n u1' in another session, the attach will fail if the sessions are in different cgroups. The same is true of lxc-cgroup commands. Address this by using the GetPidCgroupAbs and MovePidAbs which work with the containers' cgroup path relative to the cgproxy. Since GetPidCgroupAbs is new to api version 3 in cgmanager, use the old method if we are on an older cgmanager. Signed-off-by:
-
Serge Hallyn authored
Read /proc/self/cgroup instead of /proc/cgroups, so as to catch named subsystems. Otherwise the contaienrs will not be fully moved into the container cgroups. Also free line which was being leaked. Signed-off-by:
-
Serge Hallyn authored
Do this by calling the bdev->destroy() hook from a user namespace configured as the container's. Signed-off-by:
-
Serge Hallyn authored
btrfs subvolume ioctls are usable by unprivileged users, so allow unprivileged containers to reside on btrfs. This patch does not yet enable destroy. Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
KATOH Yasufumi authored
Update for commit 0769b82aSigned-off-by:
-
KATOH Yasufumi authored
Update for commit b46f0553Signed-off-by:
-
