- 10 Sep, 2013 9 commits
-
-
Christian Seiler authored
Newer glibc versions (that we can't require) allow for an additional letter 'e' in the fopen mode that will cause the file to be opened with the O_CLOEXEC flag, so that it will be closed if the program exec()s away. This is important because if liblxc is used in a multithreaded program, another thread might want to run a program. This options prevents the leakage of file descriptors from LXC. This patch adds an emulation for that that uses the open(2) syscall and fdopen(3). At some later point in time, it may be dropped against fopen(..., "...e"). This commit also converts all fopen() calls in utils.c (where the function is added) to fopen_cloexec(). Subsequently, other calls to fopen() and open() should also be adapted. Signed-off-by:
Christian Seiler <christian@iwakd.de> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com>
-
Christian Seiler authored
Signed-off-by:
-
Christian Seiler authored
Instead of duplicating the code for parsing the global config file for each option, write one main function, lxc_global_config_value, that does the parsing for an arbitrary option name and just call that function from the existing ones. Signed-off-by:
-
Serge Hallyn authored
We log that at INFO level in case it is needed. However, in a modern kernel a container which was shut down using 'shutdown' will always have been signaled with SIGINT. Making lxc-start return an error to reflect that seems overkill. It's *conceivable* that someone is depending on this behavior, so I'm sending this out for anyone to NACK, but if I hear no complaints I'll apply. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Serge Hallyn authored
Hopefully someone else will come in and spruce it up :) This version is as simple as can be lxc-snapshot -n a1 create a snapshot of a1 echo "second commit" > /tmp/a lxc-snapshot -n a1 -c /tmp/a create a snapshot of a1 with /tmp/a as a commit comment lxc-snapshot -n a1 -L list a1's snapshots lxc-snapshot -n a1 -L -C list a1's snapshots along with commit comments lxc-snapshot -n a1 -r snap0 a2 restore snapshot 0 of a1 as container a2 Some easy nice-to-haves: 1. sort snapshots in the list 2. allow a comment to be given in-line 3. an option to remove a snapshot? Removing a snapshot can just as well be done with lxc-destroy -P /var/lib/lxcsnaps/c1 -n snap2 so I leave it to others to decide whether they really want it, and provide the patch if so. Signed-off-by:
-
Serge Hallyn authored
The api allows for creating, listing, and restoring of container snapshots. Snapshots are created as snapshot clones of the original container - i.e. btrfs and lvm will be done as snapshot, a directory-backed container will have overlayfs snapshots. A restore is a copy-clone, using the same backing store as the original container had. Changelog: . remove lxcapi_snap_open, which wasn't defined anyway. . rename get_comment to get_commentpath . if no newname is specified at restore, use c->name (as we meant to) rather than segving. . when choosing a snapshot index, use the correct path to check for. Signed-off-by:
-
Cedric Bosdonnat authored
The fix is described by: https://wiki.archlinux.org/index.php/Linux_Containers#Container_cannot_be_shutdown_if_using_systemdSigned-off-by:
Cedric Bosdonnat <cbosdonnat@suse.com> Acked-by:
-
KATOH Yasufumi authored
Japanese man pages is installed under $mandir/ja. At this time, it is based on version 0.9.0.
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <daniel.lezcano@free.fr>
-
- 09 Sep, 2013 1 commit
-
-
git://github.com/lxc/lxcDaniel Lezcano authored
Signed-off-by:
-
- 06 Sep, 2013 4 commits
-
-
Natanael Copa authored
Search for Lua if no --enable-lua/--disable-lua specified but continue without if not found. If --enable-lua is specified and Lua is not found then return error. If --disable-lua is specified, then don't search for Lua. Signed-off-by:
Natanael Copa <ncopa@alpinelinux.org> Acked-by:
-
Serge Hallyn authored
Otherwise containers may be able to remount -o ro their rootfs at shutdown. Reported-by:
Harald Dunkel <harri@afaics.de> Signed-off-by:
-
Natanael Copa authored
When there is no --enable-lua or --with-lua-pc, Lua should not be enabled. This fixes a bug introduced with 12e93188 (configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc) that caused configure script to fail if lua headers was missing. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
- 05 Sep, 2013 12 commits
-
-
Dwight Engen authored
Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Dwight Engen authored
- remove lxc subdir in cgroup paths (done in commit b98f7d6e) - remove extraneous debug printfs - remove extra call to stats_clear Signed-off-by:
-
Natanael Copa authored
Instead of popen and run external executable dirname we implement a dirname in C in the core module. We also remove the unused basename function. Signed-off-by:
-
Natanael Copa authored
So we avoid running os.execute Signed-off-by:
-
Natanael Copa authored
Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua pkg-config package name. By default it will use 'lua' and try figure out which version it is. Signed-off-by:
-
Natanael Copa authored
Adjust code for Lua 5.2 and keep compatibility with Lua 5.1. Signed-off-by:
-
Natanael Copa authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
The lxc configuration file currently supports 'lxc.cap.drop', a list of capabilities to be dropped (using the bounding set) from the container. The problem with this is that over time new capabilities are added. So an older container configuration file may, over time, become insecure. Walter has in the past suggested replacing lxc.cap.drop with lxc.cap.preserve, which would have the inverse sense - any capabilities in that set would be kept, any others would be dropped. Realistically both have the same problem - the sendmail capabilities bug proved that running code with unexpectedly dropped privilege can be dangerous. This patch gives the admin a choice: You can use either lxc.cap.keep or lxc.cap.drop, not both. Both continue to be ignored if a user namespace is in use. Signed-off-by: -
Serge Hallyn authored
(Except in cases where we will immediately exit) Signed-off-by: -
Dwight Engen authored
Signed-off-by:
-
- 04 Sep, 2013 2 commits
-
-
Natanael Copa authored
We already add harware address for a single veth interface. Do the same with a single macvlan interface. Signed-off-by:
-
S.Çağlar Onur authored
Signed-off-by:
S.Çağlar Onur <caglar@10ur.org> Signed-off-by:
-
- 03 Sep, 2013 6 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
Serge Hallyn authored
As with other files, update to be LGPL since these are part of the lxc library. Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
Serge Hallyn authored
We wish to ensure that, henceforth, newer lxc tools are always compatible with older lxc monitors. Add a comment to commands.c to explain the rule we wish to enforce to this end. Signed-off-by:
-
- 30 Aug, 2013 6 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Stéphane Graber authored
Reported-by: Filirom1 Signed-off-by: -
Stéphane Graber authored
Reported-by: tlc Signed-off-by:
-
