- 27 Nov, 2013 9 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
Signed-off-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
This properly regroups the module functions together and then sorts all other functions alphabetically to match the function and property lists. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Drop any tab as spaces are preferred, get everything to fit the 80char limit. Signed-off-by:
-
Stéphane Graber authored
This adds a new list_containers function to the python3 binding and a matching override in __init__.py that adds the as_object parameter. This should be compatible to the previous pure python implementation with the advantage of also listing active non-defined containers (fixing github issue #68). Signed-off-by:
-
- 26 Nov, 2013 3 commits
-
-
Michael H. Warfield authored
This adds an lxc-centos template for crreating CentOS 5+ templates. It does NOT create CentOS 4 or earlier containers as these are way past end of life and no longer supported. It is based on the work of Fajar A. Nugraha <github@fajar.net> who modified an earlier Fedora template. His work has been brought LARGELY into congruence with the current Fedora template. It still lacks the distro agnostic bootstrap and systemd code from the Fedora template but those should only be relevant with CentOS 7 when that can of worms pops open sometime next year or so. Signed-off-by:
Michael H. Warfield <mhw@WittsEnd.com> Acked-by:
-
Stéphane Graber authored
The previous patch added code to add a static route prior to adding the gateway to the interface. This commit simply changes the logic so that this is only done on failure to add the gateway. Signed-off-by:
-
Guilhem Lettron authored
Signed-off-by:
Guilhem Lettron <guilhem.lettron@gmail.com> Acked-by:
-
- 25 Nov, 2013 18 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
hallyn authored
Add options to `lxc-start` to inherit network, ipc and uts namespaces
-
Michael H. Warfield authored
Just some additional catches for disabling selinux and pam_loginuid.so thanks to Dwight Engen and the Oracle template. Also add ssh and ssh-server to the default installation. Signed-off-by:
-
Michael H. Warfield authored
From 38cfabdbe0e46f5a0ed20687fcda48424b4a7b6d Mon Sep 17 00:00:00 2001 From: "Michael H. Warfield" <mhw@WittsEnd.com> Date: Mon, 25 Nov 2013 10:34:48 -0500 Subject: [PATCH 1/2] Fix stupid architecture error. Organization: Thaumaturgy & Speculums Technology Fix stupid architecture error. Stupid error and I did it! Fixed hard coded x86_64 in several spots. Signed-off-by:
-
Serge Hallyn authored
This pulls a lot of common code out of lxc_user_nic.c. It also moves one function from conf.c that was duplicated in lxc_user_nic.c (It removes a DEBUG statement because (a) it doesn't seem actually useful and (b) DEBUG doesn't work in network.c). Also replace the old test of only parsing code with a skeleton for a full test. (Note - the test will need some work, it's just there as do-what-i-mean code example) Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Dwight Engen authored
fixes rpm build Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
James Hunt authored
Signed-off-by:
James Hunt <james.hunt@ubuntu.com> Acked-by:
-
Guilhem Lettron authored
Signed-off-by:
Guilhem Lettron <guilhem.lettron@optiflows.com> Acked-by:
-
Guilhem Lettron authored
Signed-off-by:
-
Guilhem Lettron authored
Signed-off-by:
-
Guilhem Lettron authored
This adds support for "packages", "user" and "password" Signed-off-by:
-
Elan Ruusamäe authored
Signed-off-by:
Elan Ruusamäe <glen@delfi.ee> Acked-by:
-
KATOH Yasufumi authored
Update for commit 4d69b293Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
- 22 Nov, 2013 6 commits
-
-
Serge Hallyn authored
In general proc gets mounted ahead of time, so init shouldn't have to do it. Without this patch, you cannot lxc-execute -n x1 -s lxc.cap.drop=sys_admin /bin/bash (See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1253669 for a bug about this) Signed-off-by:
-
Serge Hallyn authored
This is necessary to have the rights to remove files owned by our subuids. Also update lxc_rmdir_onedev to return 0 on success, -1 on failure. Callers were not consistent in using it correctly, and this is more in keeping with the rest of our code. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
S.Çağlar Onur authored
Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Signed-off-by:
-
Serge Hallyn authored
Always build lxc-usernsexec. Else we require having uidmap installed on the build host for no good reason. And we never actually used the NEWUIDMAP path we detected. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
- 21 Nov, 2013 3 commits
-
-
Michael H. Warfield authored
Added a file "lxc.service" for a systemd service file. Added a file "lxc-devsetup" to setup /dev/ on startup to support autodev in containers. Service file references lxc-devsetup as an ExecStartPre command. The lxc-devsetup script is not dependent on systemd or Fedora and can be used at bootup on any system. Modified lxc.spec.in to install the two new files on Fedora. The systemd specific code in the lxc.spec file may need some review and conditionalize for systemd on non-systemd rpm-based systems. Signed-off-by:
-
Serge Hallyn authored
If the container is dir-backed, we don't actually mount it (to support unprivileged use). So always set the LXC_ROOTFS_MOUNT to bdev->dest, not to the rootfs path specified in the container configuration. This should fix bug http://pad.lv/1253573Signed-off-by:
-
Michael H. Warfield authored
If autodev is not specifically set to 0 or 1, attempts to determine if systemd is being utilized and forces autodev=1 to prevent host system conflicts and collisions. If autodev is enabled and the host /dev is mounted with devtmpfs or /dev/.lxc is mounted with another file system... Each container created by a privileged user gets a /dev directory mapped off the host /dev here: /dev/.lxc/${name}.$( hash $lxcpath/$name ) Each container created by a non-privileged user gets a /dev/directory mapped off the host /dev here: /dev/.lxc/user/${name}.$( hash $lxcpath/$name ) The /dev/.lxc/user is mode 1777 to allow unpriv access. The /dev/.lxc/{containerdev} is bind mounted into the container /dev. Fallback on failure is to mount tmpfs into the container /dev. A symlink is created from $lxcpath/$name/rootfs.dev back to the /dev relative directory to provid a code consistent reference for updating container devs. Signed-off-by:
-
- 20 Nov, 2013 1 commit
-
-
Nikola Kotur authored
There are scenarios in which we want to execute process with specific privileges elevated. An example for this might be executing a process inside the container securely, with capabilities dropped, but not in container's cgroup so that we can have per process restrictions inside single container. Similar to namespaces, privileges to be elevated can be OR'd: lxc-attach --elevated-privileges='CAP|CGROUP' ... Backward compatibility with previous versions is retained. In case no privileges are specified behaviour is the same as before: all of them are elevated. Signed-off-by:Nikola Kotur <kotnick@gmail.com> Acked-By:
Christian Seiler <christian@iwakd.de> Signed-off-by:
-
