Commits · cdcee3c7ff56e3018bd73ddd1512dbe4cbcfa915 · Chen Yisong / lxc

24 Oct, 2011 3 commits

ubuntu template: disallow cap_sys_module (by popular demand) · cdcee3c7

authored Oct 24, 2011

This isn't particularly reassuring, and will be moot with user
namespaces, but as people are asking for it, turn off sys_module.
While we're at it, turn off mac_admin and mac_override.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

cdcee3c7

lxc-clone: fix dhclient.conf send hostname command · 0f3fe9e0

authored Oct 24, 2011

End the command with ';', which is needed, and put the hostname in
quotes (which doesn't really seem needed, but shown in man page).
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

0f3fe9e0

fix more broken paths in lxc-*.in scripts · 6f7c8b02

authored Oct 24, 2011

There are still some sequels from commit:

1c41ddcbSigned-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

6f7c8b02

20 Sep, 2011 1 commit

fix broken lxc-*.in scripts · 4e04d515

authored Sep 20, 2011

Commit 92c7f629 broke the following scipts:
- lxc-setcap
- lxc-setuid
- lxc-create

This patch adds the missing variables to be substitued by the configure
script.

Cheers.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

4e04d515

13 Sep, 2011 3 commits

Set the utsname on the debian template · 16501521

authored Sep 13, 2011

Signed-off-by: Tzafrir Cohen <tzafrir@cohens.org.il>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

16501521

only warn for inherited file descriptors · 92c7f629

authored Sep 13, 2011

As discussed in thread:

http://sourceforge.net/mailarchive/forum.php?thread_name=4E5618C3.5060507%40free.fr&forum_name=lxc-devel

We think it's better for now to only warn the user about a fd leaking into
the container. Also remove the call to readlink() as it isn't really useful
now: since the container will start anyway, the user can look into /proc/../fd
or use lsof or whatever.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

92c7f629

fixes for rpmbuild · 1c41ddcb

authored Sep 13, 2011

This patch fixes some makefile/specfile issues when running
rpmbuild with the distributed lxc specfile:

- fixes usage of installation directories for config files,
  rootfs, templates and lxc-init so that they're calculated
  at make time instead of configure time. Thanks to this,
  all installed items go under $RPM_BUILD_ROOT when running
  rpmbuild
- introduce --disable-rpath option to configure to avoid
  check-rpaths errors when building non-root.
- introduce a lxc-libs package in the default spec file
  to allow concurrent installation of 32 bit and 64 bit
  libraries.

v2: - fix circular reference in lxc.pc
    - ship lxc.pc with lxc-devel
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

1c41ddcb

01 Sep, 2011 1 commit
- remove the check for container path as it's done in lxc-create · f7b98d38
  InformatiQ authored Sep 01, 2011
```
Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
  f7b98d38
30 Aug, 2011 10 commits

if after freezing the container the snapshot/rsync fails, unfreeze before exiting · ac70c6cf

authored Aug 31, 2011

Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

ac70c6cf

*add the new opts to help() *set container_running=false · 8534a83e

authored Aug 31, 2011

Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

8534a83e

* allow cloning of non-snapshot lvm devices · 27078f44

authored Aug 31, 2011

Signed-off-by: InformatiQ <rhanna@informatiq.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>

27078f44

lxc-fedora.in · 29ec8f84

authored Aug 31, 2011

* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

29ec8f84

fix for missing EOF and fstab contents · a30ce0ac

authored Aug 31, 2011

 templates/lxc-fedora.in |   10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

a30ce0ac

add lxc-altlinux template · 262f4e48
Alexey Shabalin authored Aug 16, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
262f4e48

.gateway options · be58c6b5

authored Aug 30, 2011

Man for the gateway option.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

be58c6b5

add autodetection of the gateway address · 19a26f82

authored Aug 30, 2011

For veth and macvlan networks, this can look up the host address on the
bridge (link) interface and add a default route on the guest to that
address. This facilitates a typical setup where guests are bridged
together.

syntax:
	lxc.ipv4.gateway = auto
	lxc.ipv6.gateway = auto
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

19a26f82

.gateway configuration · f8fee0e2

authored Aug 30, 2011

This directive adds a default route to the guest at startup.

syntax:
	lxc.network.ipv4.gateway = 10.0.0.1
	lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

f8fee0e2

Don't log an error when the container is stopped · ebdd307d
Daniel Lezcano authored Aug 30, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
ebdd307d

12 Aug, 2011 1 commit
- remove minimal install for ubuntu template · e6238180
  Daniel Lezcano authored Aug 12, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
  e6238180
11 Aug, 2011 9 commits

make undefined personality non-fatal · 970ab589
Daniel Lezcano authored Aug 12, 2011
```
Just warn, do not exit fatally.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
970ab589
fix segfault when an unsupported personality is set · 6f1239c3
Daniel Lezcano authored Aug 12, 2011
```
Bad array len computation.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
6f1239c3
Version 0.7.5 · 6371febf
Daniel Lezcano authored Aug 11, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
6371febf

fix setns parameter · d3b90403

authored Aug 11, 2011

The setns syscall is now mainstream but the parameter passing changed.
Let's fix that.

The pid namespace and mount namespace attach are missing for the moment.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

d3b90403

lxc-ps : update the man page for passing the options · c797dcc3
Daniel Lezcano authored Aug 11, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
c797dcc3

lxc-ps : fix the container name search · 858133f5

authored Aug 11, 2011

We don't have to check for the cgroup namespace name because the
pid we are looking for is already in the list of the container owned by
lxc and retrieved from the abstract socket command name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

858133f5

add container init pid with the lxc-info command · 5d42011a
Daniel Lezcano authored Aug 11, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
5d42011a
fix RELEAE_URL to not hardcode the arch · 98945759
InformatiQ authored Jul 14, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
98945759
working fedora template · 579ebf12
InformatiQ authored Apr 20, 2011
```
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
```
579ebf12

09 Aug, 2011 6 commits

lxc-checkconfig takes into account cgroup.clone_children · d9e2cc0e

authored Aug 09, 2011

Take into account we may have the clone_children flag on the cgroup,
so we ignore cgroup namespace in this case.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

d9e2cc0e

Silence lxc-unshare warning when removing cgroup · 0b9c21ab

authored Aug 09, 2011

If ns cgroup is mounted, then when lxc-unshare runs, the kernel automatically
creates a new cgroup for the task.  So lxc-unshare tries to delete it.  But
if ns cgroup is not mounted, that cgroup does not get created, and now
lxc-unshare spits an error.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319
Forwarded: no
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

0b9c21ab

make lxc-netstat work when /etc/mtab is not /proc/mounts · 0a1259d9

authored Aug 09, 2011

like lxc-ps and lxc-ls, lxc-netstat breaks if there is not an 'lxc' cgroup
mount and /etc/mtab is not a link to /proc/mounts.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319
Forwarded: no
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

0a1259d9

fix lxc-ls with mtab != /proc/mounts · 93884589

authored Aug 09, 2011

The cgroup mounts created by cgroup-bin do not show up in /etc/mtab.
lxc-ls, as lxc-ps before it, assumes that /etc/mtab is symlinked to
/proc/mounts.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Forwarded: no
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

93884589

lxc-ps: support '-n name' and '-- ps-options' · 3729572b

authored Aug 09, 2011

This is more consistent with other lxc commands

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/820720Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

3729572b

explicitly do not use the console · dff21ef0

authored Aug 09, 2011

If the keyword 'none' is specified for the console name, lxc will ignore creating a console.
That allows to have a rootfs but without a console.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

dff21ef0

07 Aug, 2011 2 commits

Use container's /run/utmp if it exists · 4cb05a60

authored Aug 07, 2011

If /var/run is a symlink to /run in the container, then opening
/proc/<pid>/root/var/run/utmp will end up opening the host's utmp.
Therefore the hack detecting shutdown through utmp fails.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

4cb05a60

add ubuntu-keyring to the packagelist for oneiric containers. · 3e9c97c1

authored Aug 07, 2011

Otherwise apt fails during and after debootstrap.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

3e9c97c1

27 Jul, 2011 1 commit

Don't try to add host user's groups in container · 9e4fcfa1

authored Jul 27, 2011

When '-b user' is specified to lxc-ubuntu container creation template, do
not automatically add all the groups of which user is a member on the host,
to user's groups in the container.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

9e4fcfa1

24 Jul, 2011 3 commits

lxc-ubuntu: Allow /dev/fuse to be used in a container · 623f98d8

authored Jul 25, 2011

As people seem to want it, i.e.
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/800886Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

623f98d8

lxc-ubuntu: don't put devpts in $confdir/container/fstab · c440536e

authored Jul 25, 2011

src/lxc/conf.c will explicitly mount it anyway.  Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.

Note - I messed up.  This was applied upstream, but I dropped it in
subsequent conversion to lxc-ubuntu template.  It therefore needs to
be reapplied.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

c440536e

Add arm as a supported srcarch · e7eb632c

authored Jul 25, 2011

Otherwise building on armel fails with

checking for linux SRCARCH... configure: error: architecture arm-unknown-linux-gnueabi not supported

See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/745884 for details.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

e7eb632c