limit BLKIO columns to 10 characters is too small，i think 14 is a better value

Signed-off-by: feng xiahou xiahoufeng@yahoo.com

lxc-top: limit CPU to 8 characters

limit CPU columns to 8 characters is too small，i think 12 is a better value

Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Improve the lxc-copy Japanese manpage

Closes #712
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

We'll use this in the next patch to escape to the root cgroup before we
exec criu.

v2: s/cgm_connected/cmg_needs_disconnect/g
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update for commit c154af98Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add support for new target plamo to specify the linux distribution.
Plamo Linux uses sysvinit.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Fold dnsmasq command line at about 80 chars because the line is too
long.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

No idea how these got there, but let's get rid of them since they're weird.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This patch adds a new ->migrate API call with three commands:

MIGRATE_DUMP: this is basically just ->checkpoint()
MIGRATE_RESTORE: this is just ->restore()
MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the
    container.

A small addition to the (pre-)dump commands is the ability to specify a
previous partial dump directory, so that one can use a pre-dump of a
container.

Finally, this new API call uses a structure to pass options so that it can
be easily extended in the future (e.g. to CRIU's --leave-frozen option in
the future, for potentially smarter failure handling on restore).

v2: remember to flip the return code for legacy ->checkpoint and ->restore
    calls
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Since we're relying on 1.8 for the seccomp stuff, let's refuse to use
anything lower than that.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Instead of *always* resetting the current_config to null, we should only
reset it if this API call set it.

This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into
criu.c, which can call c->init_pid() and not lose the ability to log stuff
afterwards.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This is to avoid:

https://errors.ubuntu.com/problem/d640a68bf7343705899d7ca8c6bc070d477cd845Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Hiroaki Nakamura <hnakamur@gmail.com>

Update for commit a8dfe4e0 and 6039eaa2Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit c154af98Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Check if symbols SCMP_ARCH_ARM and SCMP_ARCH_PPC are defined.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.

Do that also for ppc64 and arm64.  This allows seccomp-protected armhf
containers to run on arm64.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

In which case lxc will not update the apparmor profile at all.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit 2b47bac3Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The commit: e5848d39 <netdev_move_by_index: support wlan> only
made netdev_move_by_name support wlan, instead of netdev_move_by_index.

Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
to let lxc-start support wlan phys.
Signed-off-by: fupan li <fupan.li@windriver.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

If manual mounting with elevated permissions is required
this can currently only be done in pre-start hooks or before
starting LXC. In both cases the mounts would appear in the
host's namespace.
With this flag the namespace is unshared before the startup
sequence, so that mounts performed in the pre-start hook
don't show up on the host.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

v2: get rid of extra debug crap
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This is currently breaking our daily image builds which happen in a
perfectly clean environment without a Debian keyring and without
anything in /var/cache/lxc
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc_container struct: add comment about moving member fns

Better handle preserve_ns behavior

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxcapi_clone: restore the unexpanded config len

Otherwise it gets shortened with the temporary len but never
restored - which will only break API users which do a clone
then continue to use the original container, meaning this is
a hard one to detect.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

It breaks container starts.

This reverts commit 473ebc77.

Commit b6b2b194 preserves the container's namespaces for
possible later use in stop hook.  But some kernels don't have
/proc/pid/ns/ns for all the namespaces we may be interested in.
So warn but continue if this is the case.

Implement stgraber's suggested semantics.

 - User requests some namespaces be preserved:
    - If /proc/self/ns is missing => fail (saying kernel misses setns)
    - If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>)
 - User doesn't request some namespaces be preserved:
    - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue
    - If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>