Because that's what lxcfs gives us.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

If we're trying to allow a device which was denied to our parent
container, just continue.

Cgmanager does not help us to distinguish between eperm and other
errors, so just always continue.

We may want to consider actually computing the range of devices
to which the container monitor has access, but OTOH that introduces
a whole new set of complexity to compute access sets.

Closes #827
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Otherwise after a shortcut on error we could end up trying to write
to the closed log fd.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

fname cannot be passed in as NULL by any of its current callers.  If it
could, then build_dir() would crash as it doesn't check for it.  So make
sure we are warned if in the future we pass in NULL.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: benaryorg <binary@benary.org>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Some systems need to be able to bind-mount /run to /var/run
and /run/lock to /var/run/lock. (Tested with opensuse 13.1
containers migrated from openvz.)
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>

Update for commit 020104c3Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit ff689149Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Just as cgmanager does, if we are calculating a task's paths, drop
the trailing '/init.scope'.  We don't want the container to sit under
there.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Min Wang <mingewang@gmail.com>

  * This are either '.', '..' or a hidden directory.
    And this names should not be used for a container
    in any case.

  * Before this patch, if you created a git repository under lxc.lxcpath (it
    can be useful to keep track of the configurations of your containers)

    Then, when you run lxc-ls you will get the following output:

        # lxc-ls
        .git      container1      container2    ....

    This is because there is a 'config' file inside the '.git' directory.
    It is where git stores the configuration of the repository.

    And the test lxc-ls does to check if a directory contains a container
    is just to check if the 'directory/config' file exists.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>

Signed-off-by: KURODA Hiraku <kuroda@syngram.co.jp>

We no longer use mirrors.kernel.org.
Commit f71e8f41 switched it to archives.fedoraproject.org
Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>

They change a value and return true on success rather than
fetching the value as the comments previously suggested.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

No reason for these to be +x, and it looks weird.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

When running application containers with lxc-execute, /dev is
populated only with device entries. Since /dev is a tmpfs mount in
the container environment, the /dev/shm folder not being present is not
a sufficient reason for the /dev/shm mount to fail.

Create the /dev/shm directory if not present.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

In the current implementation, the open_without_symlink function
will default to opening the root mount only if the passed rootfs
prefix is null. It doesn't account for the case where this prefix
is passed as an empty string.

Properly handle this second case as well.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@nxp.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Should be mentioned separately because it will reset a big group of options.
Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The lock path for lxc is not

	RUNTIME_PATH/lock/lxc

but rather

	RUNTIME_PATH/lxc/lock
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

More general for all list options.

Seems to currently affect:
lxc.network (clear all NICs)
lxc.network.* (clear current NIC)
lxc.cap.drop
lxc.cap.keep
lxc.cgroup
lxc.mount.entry
lxc.mount.auto
lxc.hook
lxc.id_map
lxc.group
lxc.environment
Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 7eff30fdSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

We no longer use mirrors.kernel.org.
Commit f71e8f41 switched it to archives.fedoraproject.org
Signed-off-by: Nehal J Wani <nehaljw.kkd1@gmail.com>

Show the ifindex in case it's useful
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

When preserving fds for the stop hook, make sure to also save
any fds we've inherited.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

We were freeing one and setting a different one to NULL, eventually
leading to a crash when closing the netdev (at container shutdown)
and freeing already-freed memory.

Closes #732
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

`bash-completion` version 2.1 and later no longer include the `have` command,
and consequently the `lxc` competion file fails on such systems. The command is
now called `_have`.
Signed-off-by: Peter Simons <simons@cryp.to>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Closes #1459
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

nlmsg_reserve() might return NULL

        if (nlmsg_len + tlen > nlmsg->cap)
                return NULL;

Also set err = -ENOMEM where appropriate
Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

From b24b0e16848fbb93402a08efa3950cd59272b8da Mon Sep 17 00:00:00 2001
From: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Date: Sun, 3 Jan 2016 23:07:19 +0100
Subject: [PATCH] Documenting valueless lxc.cap.drop behaviour

Undocummented behaviour since 7d0eb87e.
Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

jenkins: ok to test
Signed-off-by: Tw <tw19881113@gmail.com>

As lxc_attach() calls fork() PyOS_AfterFork should be called in the new
process if the Python interpreter will continue to be used.
Signed-off-by: Danil Osherov <shindo@yandex-team.ru>

Signed-off-by: Eva Charlotte Mayer <eva-charlotte.mayer@posteo.de>

Signed-off-by: Wesley Marques <wesleymr.27@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

zgrep is a script provided by the 'gzip' package, which may not be
installed on embedded systems etc which use busybox instead of the
standard full-featured utilities.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>

Physical nic is not instantiated in lxc_create_network
Signed-off-by: Li Qiu <li.qiu@nomovok.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>