- 27 Oct, 2014 9 commits
-
-
Sergio Jimenez authored
Signed-off-by:
Sergio Jimenez <tripledes@gmail.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Simon Deziel authored
This addresses https://github.com/lxc/lxc/issues/280. Signed-off-by:
Simon Deziel <simon@sdeziel.info> Acked-by:
-
Serge Hallyn authored
Currently when we clone a container, bdev_copy passes NULL as dst argument of bdev_init, then sees bdev->dest (as a result) is NULL, and sets bdev->dest to $lxcpath/$name/rootfs. so $ops->clone_paths() can assume that "/rootfs" is at the end of the path. The overlayfs and aufs clonepaths do assume that and index to endofstring-6 and append delta0. Let's be more robust by actually finding the last / in the path. Then, instead of always setting oldbdev->dest to $lxcpath/$name/rootfs, set it to oldbdev->src. Else dir_clonepaths fails when mounting src onto dest bc dest does not exist. We could also fix that by creating bdev->dest if needed, but that addes an empty directory to the old container. This fixes 'lxc-clone -o x1 -n x2' if x1 has lxc.rootfs = /var/lib/lxc/x1/x and makes the overlayfs and aufs paths less fragile should something else change. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
-
Serge Hallyn authored
It is not system-definable, rather glibc sets that to bin:/usr/bin, which is simply too restrictive. So just always set our preferred path. This was reported at: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1384327Signed-off-by:
-
Serge Hallyn authored
Rather than try to free all the not-being-returned items at each if clause where we assign one to return value, just NULL the one we are returning so we can safely free all the values. This should fix the newly reported coverity memory leak Signed-off-by:
-
Serge Hallyn authored
If we are root using a user namespace and are mounting a blockdev as rootfs, then we do this before unsharing the userns, because we are not allowed to do it in a userns. But after unsharing the userns, we unconditionally retried mounting the rootfs, resulting in failure. stop that. Signed-off-by:
-
Tycho Andersen authored
On restore, we pass criu a script to manage the network interfaces (i.e. the full path to lxc-restore-net), which we previously installed into /var/lib/<tuple>/lxc. However, this is also the directory that is the default for use in mounting the rootfs locally before pivot_root()ing. So, we mounted the rootfs and then happliy called criu, pointing it to this directory which didn't have lxc-restore-net any more, it just had the container's rootfs. Instead, we should put lxc-restore-net somewhere else, so that criu can still see it after the rootfs is mounted. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
Dark Templar authored
Behave well when /etc/lxc/${name} is a symlink to directory Signed-off-by:Dark Templar <dark_templar@hotbox.ru> Acked-by:
-
Serge Hallyn authored
Fix return value on bind mount failure. If we've already mounted the rootfs, exit after the bind mount rather than re-trying the rootfs mount. The only case where this happens is when root is starting a container in a user namespace and with a block device backing store. In that case, pre-mount hooks will be executed in the initial user namespace. That may be worth fixing. Or it may be what we want. We should think about it and fix it. Signed-off-by:
-
- 22 Oct, 2014 4 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Dark Templar authored
I've found one more typo in the gentoo template, configuration in the generated file /etc/conf.d/hostname was not valid, but it didn't impact me due to "lxc.utsname" being set in the configuration file of container and hostname service being not used. Anyway, I've made a patch and sending it with this mail. Signed-off-by:
-
Bogdan Purcareata authored
When running unprivileged, lxc-create will touch a fstab file, with bind-mounts for the ttys and other devices. Add this entry in the container config. Signed-off-by:
Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by:
-
Bogdan Purcareata authored
Apply the changes found in templates/lxc-download to the busybox template as well. Change ownership of the config and fstab files to the unprivileged user, and the ownership of the rootfs to root in the new user namespace. Eliminate the "unsupported for userns" flag. Signed-off-by:
-
- 20 Oct, 2014 4 commits
-
-
KATOH Yasufumi authored
>>> On Tue, 30 Sep 2014 19:48:09 +0000 in message "Re: [lxc-devel] [PATCH] lxc-config can show lxc.cgroup.(use|pattern)" Serge Hallyn-san wrote: > I think it would be worth also augmenting > lxc_global_config_value() to return a default lxc.cgroup.use > for 'all', and a default lxc.cgroup.pattern ("/lxc/%n" for root > or "%n" for non-root). lxc.cgroup.pattern is like this? (^_^;) Signed-off-by:KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by:
-
KATOH Yasufumi authored
Signed-off-by:
-
Dark Templar authored
Signed-off-by:
-
Serge Hallyn authored
Check for it when we check for apparmor being enabled, rather than doing it during the middle of a container setup. This avoid the need to try mounting /sys and /sys/kernel/security in the middle of startup, which we may not be allowed to anyway. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com>
-
- 17 Oct, 2014 4 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Tycho Andersen authored
Signed-off-by:
-
Tycho Andersen authored
We previously wrote a bunch of files (eth*, veth*, and bridge*) as hard coded files which we used as the names of interfaces to restore via criu's --veth-pair. This meant that if people, e.g. gave a different bridge on their new host, we would use our saved bridge in bridge* and try to restore to the wrong bridge. Instead, we can just generate a new veth id (if the user hasn't provided one), and use whatever the user configured values for the interface name and bridge are. This allows people to switch the bridge that they restore onto simply by migrating the rootfs and config, and then changing the bridge name in the container's configuration before running lxc-checkpoint. Signed-off-by:
-
Tycho Andersen authored
Break the monolithic ->checkpoint and ->restore functions into smaller ones. This is in preparation for the checkpoint/restore tty work, which has a similar need to dump information outside of criu. Signed-off-by:
-
- 15 Oct, 2014 11 commits
-
-
Serge Hallyn authored
The python lxc-device supported adding wlan devices, so add that support as well. Since the python one did not support 'del', I didn't try adding that support, though it should be trivial to add. We should be able to do the wlan adding using netlink, but I went ahead and used 'iw' as the netlink path looked more complicated than it does for other nics. Patches to switch that over would be very welcome. Signed-off-by: -
Serge Hallyn authored
because that's what it does Signed-off-by: -
Dongsheng Yang authored
As there is a function named attach_interface to pass a interface to container now, we do not need to relay on python impolementation for lxc-device any more. changelog: 10/15/2014: serge: fail immediately if run as non-root. changelog: 10/15/2014: serge: add explicit error message on bad usage (fix build failure) Signed-off-by:
Dongsheng Yang <yangds.fnst@cn.fujitsu.com> Acked-by:
-
Dongsheng Yang authored
Changelog: 10/15/2014: serge: make ifname mandatory for detach_interface. Signed-off-by:
-
Dongsheng Yang authored
Currently, we depends on ip command to attach interface to container. It means we only implemented it by python. This patch implement adding and removing interface by c and added them in struct container. Changelog: 10/15/2014 (serge): return error if ifname is NULL. Signed-off-by:
-
Dongsheng Yang authored
Function of enter_to_ns() is useful but currently is static for lxccontainer.c. This patch split it into two parts named as switch_to_newuser() and switch_to_newnet() into utils.c. Signed-off-by:
-
Dongsheng Yang authored
When we need to know some info about a netdev, such as is_up or not, we need to read the flag for the netdev. This patch introduce a interface function named lxc_netdev_isup() to check is a netdev up or down. And introduce a network private function named netdev_get_flag() to get flag for netdev by netlink. Changelog: 10/15/2015: Return failure if name==NULL to avoid later strlen fun Signed-off-by:
-
Dongsheng Yang authored
In netlink, we can set the dest_name of netdev when move netdev between namespaces in one netlink request. And moving a netdev of a src_name to a netdev with a dest_name is a common usecase. So this patch add a parametaer to lxc_network_move_by_index() to indicate the dest_name for the movement. NULL means same with the src_name. Signed-off-by:
-
Dongsheng Yang authored
We should exit with a error when starting a running container. Signed-off-by:
-
Dongsheng Yang authored
When we want to get index of a ifname which does not exist, we should return a -EINVAL in this case. Signed-off-by:
-
Dongsheng Yang authored
We should not modify ifname in lxc_netdev_move_by_name(), making it as const in param list will make our code more robust. Signed-off-by:
-
- 13 Oct, 2014 1 commit
-
-
Stéphane Graber authored
Signed-off-by:
-
- 09 Oct, 2014 3 commits
-
-
Serge Hallyn authored
the way config_mount was structured, sending 'lxc.mount.auto = ' ended up actually clearing all lxc.mount.entrys. Fix that by moving the check for an empty value to after the subkey checks. Then, actually do the clearing of auto_mounts in config_mount_auto. The 'strlen(subkey)' check being removed was bogus - the subkey either known to be 'lxc.mount.entry', else subkey would have been NULL (and forced a return in the block above). This would have been clearer if the config_mount() and helper fns were structured like the rest of confile.c. It's tempting to switch it over, but there are subtleties in there so it's not something to do without a lot of thought and testing. Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by:
-
- 08 Oct, 2014 4 commits
-
-
Dwight Engen authored
- RHEL/OL 7 doesn't have the ifconfig command by default so have the lxc-net script check for its existence before use, and fall back to using the ip command if ifconfig is not available - When lxc-net is run from systemd on a system with selinux enabled, the mkdir -p ${varrun} will create /run/lxc as init_var_run_t which dnsmasq can't write its pid into, so we restorecon it after creation (to var_run_t) - The lxc-net systemd .service file needs an [Install] section so that "systemctl enable lxc-net" will work Signed-off-by: -
Tycho Andersen authored
If we don't close these running lxc-checkpoint via: ssh host "sudo lxc-checkpoint ..." just hangs. We leave stderr open so that subesquent errors will print correctly (and also because for whatever reason it doesn't break ssh :). Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com> Signed-off-by: -
Tycho Andersen authored
Previously, we let criu create the cgroups for a container as it was restoring things. In some cases (i.e. migration across hosts), if the container being migrated was in /lxc/u1-3, it would be migrated to the target host in /lxc/u1-3, even if there was no /lxc/u1-2 (or worse, if there was already an alive container in u1-3). Instead, we use lxc's cgroup_create, and then tell criu where to restore to. Signed-off-by:
-
Tycho Andersen authored
On Tue, Oct 07, 2014 at 07:33:07PM +0000, Tycho Andersen wrote: > This commit is in preparation for the cgroups create work, since we will need > the handler in both the parent and the child. This commit also re-works how > errors are propagated to be less verbose. Here is an updated version: From 941623498a49551411ccf185146061f3f37d3a67 Mon Sep 17 00:00:00 2001 From: Tycho Andersen <tycho.andersen@canonical.com> Date: Tue, 7 Oct 2014 19:13:51 +0000 Subject: [PATCH 1/2] restore: Hoist handler to function level This commit is in preparation for the cgroups create work, since we will need the handler in both the parent and the child. This commit also re-works how errors are propagated to be less verbose. v2: rename error to has_error, handle it correctly, and remove some diff noise Signed-off-by:
-
