Skip to content

L
lxc
Switch branch/tag
  1. 04 Mar, 2013 7 commits
    • cgroup: improve support for multiple lxcpaths (v3) · ae5c8b8e
      Serge Hallyn authored 
      Add a monitor command to get the cgroup for a running container.  This
allows container r1 started from /var/lib/lxc and container r1 started
from /home/ubuntu/lxcbase to pick unique cgroup directories (which
will be /sys/fs/cgroup/$subsys/lxc/r1 and .../r1-1), and all the lxc-*
tools to get that path over the monitor at lxcpath.

Rework the cgroup code.  Before, if /sys/fs/cgroup/$subsys/lxc/r1
already existed, it would be moved to 'deadXXXXX', and a new r1 created.
Instead, if r1 exists, use r1-1, r1-2, etc.

I ended up removing both the use of cgroup.clone_children and support
for ns cgroup.  Presumably we'll want to put support for ns cgroup
back in for older kernels.  Instead of guessing whether or not we
have clone_children support, just always explicitly do the only thing
that feature buys us - set cpuset.{cpus,mems} for newly created cgroups.

Note that upstream kernel is working toward strict hierarchical
limit enforcements, which will be good for us.

NOTE - I am changing the lxc_answer struct size.  This means that
upgrades to this version while containers are running will result
in lxc_* commands on pre-running containers will fail.

Changelog: (v3)
   implement cgroup attach
   fix a subtle bug arising when we lxc_get_cgpath() returned
     STOPPED rather than -1 (STOPPED is 0, and 0 meant success).
   Rename some functions and add detailed comments above most.
   Drop all my lxc_attach changes in favor of those by Christian
     Seiler (which are mostly the same, but improved).
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • c api: send lxcpath to destroy command · 7f597314
      Serge Hallyn authored 
      Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • c api -> createl: correctly handle 0 template args · 63e414f8
      Serge Hallyn authored 
      Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • userns: handle delayed write errors at fclose · e4ccd113
      Serge Hallyn authored 
      As Kees pointed out, write() errors can be delayed and returned as
close() errors.  So don't ignore error on close when writing the
userns id mapping.
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • af_unix: make sure to keep useful errno · dba104c8
      Serge Hallyn authored 
      Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxc-destroy: add --lxc-path argument · 65a2d6b2
      Serge Hallyn authored 
      Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
    • lxc_attach: fix break with user namespaces (v3) · b858bedf
      Christian Seiler authored 
      When you clone a new user_ns, the child cannot write to the fds
opened by the parent.  Hnadle this by doing an extra fork.  The
grandparent hangs around and waits for its child to tell it the
pid of of the grandchild, which will be the one attached to the
container.  The grandparent then moves the grandchild into the
right cgroup, then waits for the child who in turn is waiting on
the grandchild to complete.

Secondly, when attaching to a new user namespace, your old uid is
not valid, so you are uid -1.  This patch simply does setid+setuid
to 0 if that is the case.  We probably want to be smarter, but
for now this allows lxc-attach to work.
Signed-off-by: 's avatarChristian Seiler <christian@iwakd.de>
  3. 01 Mar, 2013 4 commits
  5. 28 Feb, 2013 8 commits
  7. 22 Feb, 2013 2 commits
  9. 21 Feb, 2013 2 commits
  11. 20 Feb, 2013 1 commit
    • Add example hooks from Ubuntu package · 906f8c4d
      Stéphane Graber authored 
      We've been shipping those two hooks for a while in Ubuntu.
Yesterday I reworked them to use the new environment variables and
avoid hardcoding any path that we have available as a variable.

I tested both to work on Ubuntu 13.04 but they should work just as well
on any distro shipping with the cgroup hierarchy in /sys/fs/cgroup and
with ecryptfs available.

Those are intended as example and distros are free to drop them, they
should however be working without any change required, at least on Ubuntu.
Signed-off-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
Acked-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
  13. 19 Feb, 2013 7 commits
  15. 18 Feb, 2013 4 commits
  17. 13 Feb, 2013 1 commit
  19. 11 Feb, 2013 4 commits
    • Update Lua API · 83c98d82
      Dwight Engen authored 
      Add [gs]et_config_path from API to Lua binding. Add additional optional
parameter to container_new(). Add tests for these new Lua API bindings.
Commit 2a59a681 changed the meaning of lxc_path_get() in the binding,
causing lua script breakage. Reinstate original behavior of
lxc_path_get() and rename it to lxc_default_config_path_get() to make
its intent clearer.
Signed-off-by: 's avatarDwight Engen <dwight.engen@oracle.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • pass lxcpath to lxc_command · 13f5be62
      Serge Hallyn authored 
      The previous lxcpath patches added support for a custom LXCPATH set
through a system-wide configuration file.

This was also exposed through the C api, so that a custom lxcpath could
be set at the container object instanciation time, or set at runtime.

However the command sock filename was always located under the global
lxcpath, which could be confusing, and would be a problem for users
with insufficient perms to the system-wide lxc path (i.e. if setting
lxcpath to $HOME/lxcbase).  This patch changes that by passing the
lxcpath to all callers of lxc_command().

It remains to add an lxcpath command line argument to most of the
command line tools (which are not using the C api) - lxc-start,
lxc-info, lxc-stop, etc.

At this point it becomes tempting to do something like

	c = lxc.Container("r1", "/var/lib/lxc")
	c2 = lxc.Container("r1", "$HOME/lxcbase")

However, that's problematic - those two will use the same directory
names for cgroup directories.

What would be the best way to handle this?  One way (which I kind
of like) is to give up on naming the cgroups after the container.
use mkstemp for the cgroup name, let lxc keep track of the cgroup
name based on the command socket, and make users use lxc-cgroup to get
and change settings.

Other ideas?
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
    • python-lxc: Update for new calls · edb09f8d
      Stéphane Graber authored 
      Add the two new calls to the API and add the new container_path
parameter to the constructor (optional).

This also extends list_containers to support the config_path parameter.
At this point none of the actual tools are changed to make use of those
as we'll probably want to make sure all the tools get the extra option
at once.
Signed-off-by: 's avatarStéphane Graber <stgraber@ubuntu.com>
Tested-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarSerge E. Hallyn <serge.hallyn@ubuntu.com>
    • lxc api: fix some config_path oddities · afeecbba
      Serge Hallyn authored 
      1. When calling c->set_config_path(), update configfile.  I.e. if we
are setting the config_path to /var/lib/lxc, then the configfile should
be changed to /var/lib/lxc/$container/config

2. Add an optional configpath argument to lxc_container_new.  If NULL,
then the default will be used (as before).  If set, then the passed-in
path will be used.  This way you can do

	c1 = lxc.Container("r1", "/var/lib/lxc");
	c2 = lxc.Container("r2", "/home/user/lxcbase");

(Note I did *not* implement the python or lua binding to pass that
argument along)
Signed-off-by: 's avatarSerge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: 's avatarStéphane Graber <stgraber@ubuntu.com>