- 28 Aug, 2015 4 commits
-
-
Serge Hallyn authored
It turns out that the new upstream overlay fs requires that the delta and work dirs be under the same mount. So create a $lxcpath/tmpfs and create delta0 and work0 under that. If the user asks for a tmpfs that'll be mounted under $lxcpath/tmpfs and workdir and delta0 both created under that. This isn't heavily tested. But if fixes mounting of 'overlay' fs for me. It's "not backward compatible", since it moves delta0, but that shouldn't matter since ephemeral containers are either destroyed on exit, or re-started with lxc-start. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Serge Hallyn authored
We fixed this some time ago for basic lxc-start, but never did lxc-start-ephemeral. Since the lxc-start patches were pushed, Miklos has given us a way to detect whether we need the workdir= option. So the bdev.c code could be simplified to check for "overlay\n" in /proc/filesystems just as lxc-start-ephemeral does. This patch doesn't do that. Changelog (v2): 1. use 'overlay' fstype for new overlay upstream module 2. avoid using unneeded readlines(). Signed-off-by:
-
David Noyes authored
Signed-off-by:David Noyes <david.j.noyes@gmail.com>
-
David Noyes authored
Signed-off-by:
-
- 27 Aug, 2015 11 commits
-
-
David Ward authored
It is not an error to create a container without a template or rootfs. Signed-off-by:
David Ward <david.ward@ll.mit.edu> Acked-by:
-
David Ward authored
Commit 6c6892b5 "fix multithreaded create()" prevented the container configuration from being saved if the backing store does not need to be created. Signed-off-by:
-
David Ward authored
A container without a rootfs is useful for running a collection of processes in separate namespaces (to provide separate networking as an example), while sharing the host filesystem (except for specific paths that are re-mounted as needed). For multiple processes to run automatically when such a container is started, it can be launched using lxc-start, and a separate instance of systemd can manage just the processes inside the container. (This assumes that the path to the systemd unit files is re-mounted and only contains the services that should run inside the container.) For this use case, autodev should be permitted for a container that does not have a rootfs. Signed-off-by:
-
David Ward authored
Signed-off-by:
-
David Ward authored
Signed-off-by:
-
David Ward authored
Signed-off-by:
-
David Ward authored
Use the same code with and without a rootfs to check if mounting /proc is necessary before doing so. If mounting it is unsuccessful and there is no rootfs, continue as before. Signed-off-by:
-
Antonio Terceiro authored
Signed-off-by:
Antonio Terceiro <terceiro@debian.org> Acked-by:
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <ncornu@aldebaran.com>
-
Robert Schiele authored
Latest glibc release actually honours calling setenv with a NULL pointer by causing SIGSEGV but checking pointers before submitting to any system function is a good idea anyway. Signed-off-by:Robert Schiele <rschiele@gmail.com>
-
Nicolas Cornu authored
Signed-off-by:
-
- 14 Aug, 2015 25 commits
-
-
Antonio Terceiro authored
There is no such thing as security support for unstable/sid. Signed-off-by:
-
Tycho Andersen authored
Somehow our `make tags` target generates TAGS and not tags, so let's ignore that too. Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
Arjun Sreedharan authored
reuse label cleanup since free(NULL) is a no-op Signed-off-by:
Arjun Sreedharan <arjun024@gmail.com> Acked-by:
-
Przemek Rudy authored
Signed-off-by:
Przemek Rudy <prudy1@o2.pl> Acked-by:
-
Robert LeBlanc authored
Caps are getting lost when cloning an LXC. Adding the -X parameter copies the extended attributes. This allows things like ping to continue to be used by a non-privilged user in Debian at least.
-
Nicolas Cornu authored
Signed-off-by:Nicolas Cornu <nicolac76@yahoo.fr>
-
Jiri Slaby authored
zypper info's output is not usable for several reasons: * it is localized -- there is no "Version: " in my output * it shows results both from the repo and local system So use plain rpm to determine whether build is installed and if proper version is in place. Signed-off-by:Jiri Slaby <jslaby@suse.cz>
-
Nicolas Cornu authored
lxc-init has been renamed init.lxc so adapt error message Signed-off-by: -
Natanael Copa authored
We need specify which hashing algorithm was used to create the signature we check. Fixes #609 Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Acked-by:
-
KATOH Yasufumi authored
lxc-user-nic command cannot use common options. Signed-off-by:KATOH Yasufumi <karma@jazz.email.ne.jp>
-
KATOH Yasufumi authored
Signed-off-by: -
KATOH Yasufumi authored
Signed-off-by: -
Christian Brauner authored
lxc-ls takes -P lxcpath and --version as arguments but it did not specify these options on the manpages. Signed-off-by:Christian Brauner <christianvanbrauner@gmail.com>
-
Wolfgang Bumiller authored
1) Two checks on amd64 for whether compat_ctx has already been generated were redundant, as compat_ctx is generally generated before entering the parsing loop. 2) With introduction of reject_force_umount the check for whether the syscall has the same id on both native and compat archs results in false behavior as this is an internal keyword and thus produces a -1 on seccomp_syscall_resolve_name_arch(). The result was that it was added to the native architecture twice and never to the 32 bit architecture, causing it to have no effect on 32 bit containers on 64 bit hosts. 3) I do not see a reason to care about whether the syscalls have the same number on the two architectures. On the one hand this check was there to avoid adding it to two archs (and effectively leaving one arch unprotected), while on the other hand it seemed to be okay to add it to the same arch *twice*. The entire architecture checking branches are now reduced to three simple cases: 'native', 'non-native' and 'all'. With 'all' adding to both architectures regardless of the syscall ID. Also note that libseccomp had a bug in its architecture checking, so architecture related filters weren't working as expected before version 2.2.2, which may have contributed to the confusion in the original architecture-related code. Signed-off-by:Wolfgang Bumiller <w.bumiller@proxmox.com>
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
The Fedora 22 squashfs doesn't appear to work, the Fedora 21 isn't available, so lets use the fedora archive mirror and pull the good old Fedora 20 squashfs. Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Apparently the paths have changed on the rsync server. Signed-off-by: -
Stéphane Graber authored
Switch to Fedora 22 for now. Signed-off-by: -
Wolfgang Bumiller authored
Loop devices can be added on the fly when needed, they're not always created beforehand. The loop-control device can be used to find and allocate the next available number instead of going through the /dev directory contents (which is now only a fallback mechanism). Signed-off-by: -
有张纸 authored
Signed-off-by:feng xiahou <xiahoufeng@yahoo.com>
-
KATOH Yasufumi authored
As the commit 31a882ef, an unprivileged container can use aufs. This patch removes the check for unpriv aufs, and change the path of xino file as an unprivileged user can mount aufs. Signed-off-by:
-
有张纸 authored
debootstrap failed when $GREP_OPTIONS is set, so we need to unset it in the template Signed-off-by: <feng xiahou xiahoufeng@yahoo.com>
-
Arjun Sreedharan authored
also label and consolidate error conditions for better readability Signed-off-by:
-
Lenz Grimmer authored
Updated centos/fedora/oracle templates to use `hostname` for DHCP_HOSTNAME in /etc/sysconfig/network/ifcfg-eth0, so the container's host name is propagated to the host's DHCP server (e.g. dnsmasq, which also acts as the DNS server). This resolves lxc/lxd#756 Signed-off-by:Lenz Grimmer <lenz@grimmer.com>
-
