- 31 Jul, 2012 37 commits
-
-
Serge Hallyn authored
Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
and check return values Signed-off-by:
-
Serge Hallyn authored
lxc-init used to be under /usr/lib/lxc. Now it is under /usr/lib/<multiarch>/lxc, but old containers will still have it under /usr/lib/lxc. So search for a valid lxc-init to run. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
Timothy Chen <tnachen@gmail.com> Signed-off-by:
-
Serge Hallyn authored
It was calling non-existent 'help' Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
Ben Howard <ben.howard@canonical.com> Signed-off-by:
-
Serge Hallyn authored
This would be done (though done wrongly) by mounted-dev.conf, but that doesn't run because we don't mount /dev. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
An absolute path will be interpreted as absolute with respect to the parent's namespace. Signed-off-by:
-
Serge Hallyn authored
At the same time, allow lxc.mount.entry to specify an absolute target path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev. Otherwise all such entries are ignored for blockdev-backed containers. Signed-off-by:
-
Serge Hallyn authored
This patch introduces support for 4 hooks. We'd like to have 6 in all to mirror the openvz ones (thanks to Stéphane for this info): pre-start: in the host namespace before container mounting happens mount: after container mounting (as per config and /var/lib/lxc/container/fstab) but before pivot_root start: immediately before exec'ing init stop: in container namespace and in chroot before shutdown umount: after other unmounting has happened post-stop: outside of the container stop and umount are not implemented here because when the kernel kills the container init, it kills the namespace. We can probably work around this, i.e. by keeping the /proc/pid/ns/mnt open, and using that, though all container tasks including init would still be dead. Is that worth pursuing? start also presents a bit of an issue. openvz allows a script on the host to be specified, apparently. My patch requires the script or program to exist in the container. I'm fine with trying to do it the openvz way, but I wasn't sure what the best way to do that was. Openvz (I'm told) opens the script and passes its contents to a bash in the container. But that limits the hooks to being only scripts. By requiring the hook to be in the container, we can allow any sort of hook, and assume that any required libraries/dependencies exist there. Other than that with this patchset I can add lxc.hook.pre-start = /var/lib/lxc/p1/pre-start lxc.hook.mount = /var/lib/lxc/p1/mount lxc.hook.start = /start lxc.hook.post-stop = /var/lib/lxc/p1/post-stop to my /var/lib/lxc/p1/config, and the hooks get executed as expected. Signed-off-by: -
Serge Hallyn authored
This could be done as generic 'lsm_init()' and 'lsm_load()' functions, however that would make it impossible to compile one package supporting more than one lsm. If we explicitly add the selinux, smack, and aa hooks in the source, then one package can be built to support multiple kernels. The smack support should be pretty trivial, and probably very close to the apparmor support. The selinux support may require more, including labeling the passed-in fds (consoles etc) and filesystems. If someone on the list has the inclination and experience to add selinux support, please let me know. Otherwise, I'll do Smack and SELinux. Signed-off-by:
-
Serge Hallyn authored
It optionally waits (an optional timeout # of seconds) for the container to be STOPPED. If given -r, it reboots the container (and exits immediately). I decided to add the timeout after all because it's harder to finagle into an upstart post-stop script than a full bash script. Signed-off-by:
-
Serge Hallyn authored
There are two types of cloud images - released and daily ones. We were always using daily ones, instead of using released by default with an option for daily. Fix that. Signed-off-by:
-
Serge Hallyn authored
Also includes a fix for broken check for $debug Signed-off-by:
-
Serge Hallyn authored
1. 'getent group $user' assumes user's group is named $user. 2. if 'getent group' returns error, just ignore the group in container 3. (misc) while it happens to all work out fine anyway, don't do getent passwd $bindhome if $bindhome isn't defined. (it will successfully return all password entries) Signed-off-by: -
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
It might have a conflicting uid, and isn't needed. Also put the bound user into sudo group. Signed-off-by:
-
Serge Hallyn authored
When creating a container as lvm snapshot, use the original size unless user explicitly overrides it. It's all well and good to day "use lvextend if you run out of space", but in the meantime applications may become corrupted... Signed-off-by:
-
Stéphane Graber authored
Always add the user to the 'sudo' group as it's been around since at least Ubuntu 10.04. In addition make the user part of the admin group until 12.04 where it's been removed. Also fix a minor layout issue with devttydir. Signed-off-by:
-
Serge Hallyn authored
If a host user is bound into the container (-b), make sure that his shell is installed in the container. Signed-off-by:
-
Serge Hallyn authored
Since we are creating a new container it should not share a macaddr with the original container. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/934256Signed-off-by:
-
Serge Hallyn authored
It's possible for only one of /lib64 and /usr/lib64 to exist, so adding both fstab entries can cause the busybox container to fail to start. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Serge Hallyn authored
Otherwise callers can get bad containers without knowing it. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/922645Signed-off-by:
-
Daniel Baumann authored
In general, lxc-create should not mess with this and leave it entirely up to the templates to create it. Signed-off-by:
-
Ivan Vilata i Balaguer authored
(Closes: #659011). Signed-off-by:
-
Daniel Baumann authored
Fix signal names in lxc-clone trap. Signed-off-by:
-
Daniel Baumann authored
Fix correct signal names in lxc-create trap (Closes: #655173). Signed-off-by:
-
Daniel Baumann authored
Allow to use -- as seperator in lxc-netstat, otherwise -n from lxc-netstat collides with netstats -n option (Closes: #641251). [Serge Hallyn] update patch to (1) not demand argument for exec (breaks) and (2) set $name not $lxc_name. Signed-off-by:
-
Daniel Baumann authored
Use non-routed, private IPv4 address in documentation examples (Closes: #571525). Signed-off-by:
-
Daniel Baumann authored
Keeping creation of new containers without previously existing configuration non-interactive and trimm the warning message. Signed-off-by:
-
Daniel Baumann authored
Signed-off-by:
-
- 03 May, 2012 3 commits
-
-
David Ward authored
Support new default location for LXCINITDIR. Signed-off-by:
David Ward <david.ward@ll.mit.edu> Signed-off-by:
-
David Ward authored
Display help information in a consistent format. Print error messages and help information to stderr. Prefix error messages with the name of the script (for easier debugging as part of larger scripts). Allow help information to be printed as a non-root user. Fix file mode for lxc-checkconfig.in. Signed-off-by:
-
David Ward authored
Use bash instead of perl; eliminates final lxc dependency on perl (beneficial for minimal operating system environments). Modify the cgroup search to only use hierarchies that contain one or more subsystems. When searching, if a hierarchy contains the 'ns' subsystem, do not append '/lxc' to the parent cgroup. Maintain column spacing. Expand container name column as necessary. Properly handle spaces in 'ps' output that are not field separators (for example, try 'lxc-ps -o pid,args'). Fix file mode in repository. Signed-off-by:
-
