- 25 Nov, 2014 1 commit
-
-
Silvio Fricke authored
Closes: #355 Signed-off-by:
Silvio Fricke <silvio.fricke@gmail.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
- 24 Nov, 2014 10 commits
-
-
謝致邦 authored
Signed-off-by:
謝致邦 <Yeking@Red54.com> Acked-by:
-
謝致邦 authored
Signed-off-by:
-
Petar Koretic authored
This adds OpenWrt common config file. Signed-off-by:
Petar Koretic <petar.koretic@sartura.hr> CC: Luka Perkov <luka.perkov@sartura.hr> Acked-by:
-
Serge Hallyn authored
Support creation and use of lxc-cirros by unprivileged users. If we detect we are an unprivileged user, then insist that we be in a userns with a id mapping. If we are in a userns, then don't extract /dev when extracting the rootfs. If we are not root, then save the tarball to ~/.cache/lxc/cirros instead of /var/cache/lxc/cirros. If we are not roo, then include entries to auto-mount proc and sys, as well as bind-mount devices. Cc: Scott Moser <smoser@ubuntu.com> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
-
Joel Nider authored
This is a multipart message in MIME format. Fixes a small (but consistent) spelling mistake in conf.c Signed-off-by:
Joel Nider <joeln@il.ibm.com> Acked-by:
-
Serge Hallyn authored
Otherwise both resulting takss will print what they had flushed when they exit. This fixes https://bugs.launchpad.net/bugs/1389244Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
Dwight Engen authored
Add simple test case for attach() method. Add assert for return value from create() method which also returns a boolean. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Stéphane Graber authored
Signed-off-by:
-
TAMUKI Shoichi authored
Do mkdir $rootfs/dev/shm and then mount tmpfs on /dev/shm. Signed-off-by:
TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by:
-
Antonio Terceiro authored
Containers with systemd need a somewhat special setup, which I borrowed and adapted from lxc-fedora. These changes are required so that Debian 8 (jessie) containers work properly, and are a no-op for previous Debian versions. Signed-off-by:
Antonio Terceiro <terceiro@debian.org> Acked-by:
-
- 20 Nov, 2014 1 commit
-
-
hallyn authored
lxc/utils: bugfix freed pointer return value
-
- 19 Nov, 2014 1 commit
-
-
Silvio Fricke authored
We allocate a pointer and save this address in a static variable. After this we freed this pointer and return. Here a cuttout of a valgrind report: [...] ==11568== Invalid read of size 1 ==11568== at 0x4C2D524: strlen (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11568== by 0x5961C9B: puts (in /usr/lib/libc-2.20.so) ==11568== by 0x400890: main (lxc_config.c:73) ==11568== Address 0x6933e21 is 1 bytes inside a block of size 32 free'd ==11568== at 0x4C2B200: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==11568== by 0x4E654F2: lxc_global_config_value (utils.c:415) ==11568== by 0x4E92177: lxc_get_global_config_item (lxccontainer.c:2287) ==11568== by 0x400883: main (lxc_config.c:71) [...] Signed-off-by:
-
- 18 Nov, 2014 1 commit
-
-
hallyn authored
lxc/utils: improve choose_init code readability
-
- 17 Nov, 2014 1 commit
-
-
Dwight Engen authored
added container:attach() into the Lua API
-
- 12 Nov, 2014 1 commit
-
-
Silvio Fricke authored
Signed-off-by:
-
- 08 Nov, 2014 1 commit
-
-
ashtoreth authored
fixed indent and vars
-
- 07 Nov, 2014 1 commit
-
-
PiXy authored
-
- 06 Nov, 2014 1 commit
-
-
Gu1 authored
Fix a typo in the lines inserted in the default sources.list. Change the default mirror to http.debian.net which is (supposedly) more accurate and better than cdn.debian.net for a generic configuration. Use security.debian.org directly for the {release}/updates repository. Signed-off-by:Gu1 <gu1@aeroxteam.fr> Acked-by:
-
- 05 Nov, 2014 1 commit
-
-
KATOH Yasufumi authored
This commit fixes two issues at the time of clone: * unnecessary directory is created when clone between overlayfs/aufs * clone failed when the end of rootfs path is not "/rootfs" Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
- 02 Nov, 2014 1 commit
-
-
Serge Hallyn authored
"all" is not a supported keyword for cgmanager's get_pid_cgroup. Pass the first mounted cgroup subsystem instead of passing "all" when getting the container's cgorup to attach to. Also, make sure that the target cgroup is in fact in all identical cgroups before attaching with 'all". If not, then we must attach to each cgroup separately, or else we will not be in all the same cgroups as the target container. Signed-off-by:
-
- 31 Oct, 2014 1 commit
-
-
KATOH Yasufumi authored
This patch creates workdir as "olwork", and retry mount with workdir option when mount is failed. It is used to prepare files before atomically swithing with destination, and needs to be on the same filesystem as upperdir. It's OK for it to be empty. Signed-off-by:
-
- 29 Oct, 2014 1 commit
-
-
Serge Hallyn authored
If attach is being done over passed-in fds, then we shouldn't mess with the caller's signal table to ignore ctrl-c over the fd. Signed-off-by:
-
- 27 Oct, 2014 9 commits
-
-
Sergio Jimenez authored
Signed-off-by:
Sergio Jimenez <tripledes@gmail.com> Acked-by:
-
Simon Deziel authored
This addresses https://github.com/lxc/lxc/issues/280. Signed-off-by:
Simon Deziel <simon@sdeziel.info> Acked-by:
-
Serge Hallyn authored
Currently when we clone a container, bdev_copy passes NULL as dst argument of bdev_init, then sees bdev->dest (as a result) is NULL, and sets bdev->dest to $lxcpath/$name/rootfs. so $ops->clone_paths() can assume that "/rootfs" is at the end of the path. The overlayfs and aufs clonepaths do assume that and index to endofstring-6 and append delta0. Let's be more robust by actually finding the last / in the path. Then, instead of always setting oldbdev->dest to $lxcpath/$name/rootfs, set it to oldbdev->src. Else dir_clonepaths fails when mounting src onto dest bc dest does not exist. We could also fix that by creating bdev->dest if needed, but that addes an empty directory to the old container. This fixes 'lxc-clone -o x1 -n x2' if x1 has lxc.rootfs = /var/lib/lxc/x1/x and makes the overlayfs and aufs paths less fragile should something else change. Signed-off-by:
-
Serge Hallyn authored
It is not system-definable, rather glibc sets that to bin:/usr/bin, which is simply too restrictive. So just always set our preferred path. This was reported at: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1384327Signed-off-by:
-
Serge Hallyn authored
Rather than try to free all the not-being-returned items at each if clause where we assign one to return value, just NULL the one we are returning so we can safely free all the values. This should fix the newly reported coverity memory leak Signed-off-by:
-
Serge Hallyn authored
If we are root using a user namespace and are mounting a blockdev as rootfs, then we do this before unsharing the userns, because we are not allowed to do it in a userns. But after unsharing the userns, we unconditionally retried mounting the rootfs, resulting in failure. stop that. Signed-off-by:
-
Tycho Andersen authored
On restore, we pass criu a script to manage the network interfaces (i.e. the full path to lxc-restore-net), which we previously installed into /var/lib/<tuple>/lxc. However, this is also the directory that is the default for use in mounting the rootfs locally before pivot_root()ing. So, we mounted the rootfs and then happliy called criu, pointing it to this directory which didn't have lxc-restore-net any more, it just had the container's rootfs. Instead, we should put lxc-restore-net somewhere else, so that criu can still see it after the rootfs is mounted. Signed-off-by:
-
Dark Templar authored
Behave well when /etc/lxc/${name} is a symlink to directory Signed-off-by:Dark Templar <dark_templar@hotbox.ru> Acked-by:
-
Serge Hallyn authored
Fix return value on bind mount failure. If we've already mounted the rootfs, exit after the bind mount rather than re-trying the rootfs mount. The only case where this happens is when root is starting a container in a user namespace and with a block device backing store. In that case, pre-mount hooks will be executed in the initial user namespace. That may be worth fixing. Or it may be what we want. We should think about it and fix it. Signed-off-by:
-
- 22 Oct, 2014 4 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Dark Templar authored
I've found one more typo in the gentoo template, configuration in the generated file /etc/conf.d/hostname was not valid, but it didn't impact me due to "lxc.utsname" being set in the configuration file of container and hostname service being not used. Anyway, I've made a patch and sending it with this mail. Signed-off-by:
-
Bogdan Purcareata authored
When running unprivileged, lxc-create will touch a fstab file, with bind-mounts for the ttys and other devices. Add this entry in the container config. Signed-off-by:
Bogdan Purcareata <bogdan.purcareata@freescale.com> Acked-by:
-
Bogdan Purcareata authored
Apply the changes found in templates/lxc-download to the busybox template as well. Change ownership of the config and fstab files to the unprivileged user, and the ownership of the rootfs to root in the new user namespace. Eliminate the "unsupported for userns" flag. Signed-off-by:
-
- 20 Oct, 2014 4 commits
-
-
KATOH Yasufumi authored
>>> On Tue, 30 Sep 2014 19:48:09 +0000 in message "Re: [lxc-devel] [PATCH] lxc-config can show lxc.cgroup.(use|pattern)" Serge Hallyn-san wrote: > I think it would be worth also augmenting > lxc_global_config_value() to return a default lxc.cgroup.use > for 'all', and a default lxc.cgroup.pattern ("/lxc/%n" for root > or "%n" for non-root). lxc.cgroup.pattern is like this? (^_^;) Signed-off-by: -
KATOH Yasufumi authored
Signed-off-by:
-
Dark Templar authored
Signed-off-by:
-
Serge Hallyn authored
Check for it when we check for apparmor being enabled, rather than doing it during the middle of a container setup. This avoid the need to try mounting /sys and /sys/kernel/security in the middle of startup, which we may not be allowed to anyway. Signed-off-by:
-
