- 07 Oct, 2013 1 commit
-
-
Serge Hallyn authored
Signed-off-by:Serge Hallyn <serge.hallyn@ubuntu.com>
-
- 04 Oct, 2013 9 commits
-
-
Dwight Engen authored
These need to be in the dist tarball even if the host packaging system doesn't have docbook2x, otherwise configure will fail to find them. Also, the build system may have docbook2x, even if the packaging system does not. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Signed-off-by:
-
Dwight Engen authored
docbook2man picks up some errors that docbook2x does not, fixing them isn't harmful to docbook2x. The only real change is adding <para> and <citerefentry> tags. Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
Michael H. Warfield authored
This patches the Fedora template to insure that the legacy network startup scripts are enabled when NetworkManager has not been installed in the container (default). It also fixes a login problem with pam_loginuid.so in a container. https://bugzilla.redhat.com/show_bug.cgi?id=966807Signed-off-by:
Michael H. Warfield <mhw@WittsEnd.com> -- Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
They are the real /dev/tty{0,1}, which are physical consoles. Lxc bind-mounts over them. Don't let the container use these! Signed-off-by: -
S.Çağlar Onur authored
Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Signed-off-by:
-
Stéphane Graber authored
Container trimming is a bad idea in general, Ubuntu since 12.04 allows standard systems to run in containers and we've got separate code to deal with 10.04, so let's just drop trim. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Signed-off-by:
-
Michael H. Warfield authored
This patch reworks the Fedora template to operate in the most "distro agnostic" manner possible. It should even run on distros where rpm and yum are not present and not available or may be incompatible. It depends on the most basic set of system facilities like rsync but does require squashfs support also be available to mount a LiveOS runtime. Based on comments at Linux Plumbers, what I had been referring to as a "run time environment" or RTE has been renamed in the code to refer to it as a "bootstrap". It has been tested on Fedora (of course), OpenSuse, Ubuntu, and Oracle (latest host versions of each) building Fedora containers of F19 back through F9. Varying levels of database problems were encountered from F11 and back and are "will not fix" due to versions being long EOL. F15 and F16 build but do not run "out of the box" due to systemd version issues and those are also "will not fix" for the same reasons. Signed-off-by:
-
- 03 Oct, 2013 5 commits
-
-
Serge Hallyn authored
Some features of lxc - networking and LSM configuration for instance - are generally configured by the distro packages. This program tests the Ubuntu configuration. changelog v2: Switch to lxc-info -i to detect ip address as stgraber suggested Don't look for 'expect' as I'm not using it yet. changelog v3: Make sure to only read one ip address from container. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
This mostly changes two things: - Only log to the container's logfile on start/stop/restart/execute - Call may_control() every time we use the API and return "Insufficient privileges" on failure. NOTE: I didn't test every single one of those but I'm fairly confident in my copy/paste abilities and I confirmed they all build fine at least. Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
It's really more of a kernel check, but worth having. Signed-off-by:
-
- 02 Oct, 2013 11 commits
-
-
Stéphane Graber authored
give hint to user to modprobe configs (altho could just modprobe it?) Signed-off-by:
Elan Ruusamäe <glen@delfi.ee> Acked-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Reported-by: Anatoly Techtonik Signed-off-by: -
Stéphane Graber authored
Suggested-by: Markus Elfring Signed-off-by: -
Andrey Mazo authored
Otherwise, it cases problems on cbuild endianness != ctarget endianness setups because /sbin/ldconfig expects elf header in the wrong endianness. Signed-off-by:
Andrey Mazo <ahippo@yandex.ru> Acked-by:
-
Dwight Engen authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Renich Bon Ciric authored
Fedora 19's release has no -1 revision; it's a -2 revision actually: ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/Signed-off-by:
Renich Bon Ciric <renich@woralelandia.com> Acked-by:
-
KATOH Yasufumi authored
Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
KATOH Yasufumi authored
Signed-off-by:
-
KATOH Yasufumi authored
- Update to commit 'fbf050e4' - Improve translation Acked-by:
-
- 01 Oct, 2013 5 commits
-
-
Dwight Engen authored
Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
KATOH Yasufumi authored
Add description of automatic mounting options
-
KATOH Yasufumi authored
Add description of '-i' option
-
KATOH Yasufumi authored
* sync current English man pages on master branch * delete lxc-shutdown.sgml.in * add lxc-snapshot.sgml.in * update FSF address (same as 250b1eec) * remove trailing whitespaces in legacy/lxc-ls.sgml.in (same as 8900b9eb)
-
- 30 Sep, 2013 4 commits
-
-
Dwight Engen authored
- When doing the selinux change, I noticed that there was a lot of duplication of code in handing string configuration items, so I refactored this into a common function. - Added a config_string_max that can be passed a maximum acceptable length, used to limit ttydir to NAME_MAX. - The behavior of config_seccomp was different than other strings: if the item was already defined, then the second attempt to set it would fail instead of just replacing the value. Changed to just replace the value. - Remove unused key and lxc_conf arguments to config_path_item(). Signed-off-by:
-
Serge Hallyn authored
The original rationale for this was to make sure that if lxcpath was /home/serge/lxcbase, then then lockdir (/run/user/serge/lock/lxc/home/serge/lxcbase) would be owned by the same user as /home/serge/lxcbase. The only user who can chown to other uids (without CAP_CHOWN added to fP) is root, who shouldn't be mucking with non-root owned containers anyway. In the meantime this causes a bunch of noise for arguably no benefit. Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
This is an api function which will return false if the container is running, and the caller may not talk to its monitor over its command socket. Otherwise - if the container is not running, or the caller may access it - it returns true. We can use this in several tools early on to prevent the segvs etc which we currently get. Signed-off-by:
-
- 29 Sep, 2013 1 commit
-
-
Stéphane Graber authored
Check that the interface structure is not NULL before trying to access its members. Signed-off-by:
-
- 27 Sep, 2013 4 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Dwight Engen authored
Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
Christian Seiler <christian@iwakd.de> Signed-off-by:
-
Christian Seiler authored
This adds quite a few more ways to mount the cgroup filesystem automatically: - Specify ro/rw/mixed: - ro: everything mounted read-only - rw: everything mounted read-write - mixed: only container's own cgroup is rw, rest ro (default) - Add cgroup-full that mounts the entire cgroup tree to the corresponding directories. ro/rw/mixed also apply here. Signed-off-by:
-
