- 17 Nov, 2015 4 commits
-
-
Christian Brauner authored
When the clone failed we tried to destroy the container. This will lead to a segfault. Instead simply return -1. Also move the call to free_mnts() after the put label to free the user specified mounts even when we just goto put. Signed-off-by:
Christian Brauner <christianvanbrauner@gmail.com> Acked-by:
Serge E. Hallyn <serge.hallyn@ubuntu.com>
-
Christian Brauner authored
(A trivial fix for lxc-copy is included.) Signed-off-by:Christian Brauner <christian.brauner@mailbox.org>
-
Christian Brauner authored
This is a complete reimplementation of lxc-clone and lxc-start-ephemeral. lxc-copy merges the functionalities of lxc-clone + lxc-start-ephemeral. (1) Cloning containers: (a) as copy: lxc-copy -n aa -N bb (b) as snapshot: lxc-copy -n aa -N bb -s (2) Renaming containers: lxc-copy -n aa -N bb -R (3) Starting ephemeral containers: Ephemeral containers are created and started by passing the flag -e / --ephemeral. Whenever this flag is missing a copy of the container is created. The flag -e / --ephemeral implies -s / --snapshot. (a) start ephemeral container daemonized with random name: lxc-copy -n aa -e (b) start ephemeral container in foreground mode with random name: lxc-copy -n aa -e -F (c) start ephemeral container with specified name in daemonized mode: Analogous to lxc-start ephemeral containers start in daemonized mode per default: lxc-copy -n aa -N bb -e One can however also explicitly pass -d / --daemon: lxc-copy -n aa -N bb -e -d but both commands are equivalent. (d) start non-ephemeral container in daemonized mode: lxc-copy -n aa -D -e (e) start ephemeral container in daemonized mode and keep the original hostname: lxc-copy -n aa -K -e (f) start ephemeral container in daemonized mode and keep the MAC-address of the original container: lxc-copy -n aa -M -e (g) start ephemeral container with custom mounts (additional mounts can be of type {bind,aufs,overlay}) in daemonized mode: lxc-copy -n aa -e -m bind=/src:/dest:ro,aufs=/src:/dest,overlay=/src:/dest (4) Other options: lxc-copy --help In order to create a random containername and random upper- and workdirs for custom mounts we use mkdtemp() to not just create the names but also directly create the corresponding directories. This will be safer and make the code considerably shorter. Signed-off-by: -
Tycho Andersen authored
Instead, let's just allocate new space for the proctitle to live and point the kernel at that. v2: take out testing hunk v3: check return from realloc Signed-off-by:
Tycho Andersen <tycho.andersen@canonical.com> Acked-by:
-
- 12 Nov, 2015 1 commit
-
-
Stéphane Graber authored
- Update list of supported releases - Make the fallback release trusty - Don't specify the compression algorithm (use auto-detection) so that people passing tarballs to the template don't see regressions. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com> Acked-by:
-
- 09 Nov, 2015 2 commits
-
-
Tycho Andersen authored
This isn't in any way fatal, so let's only warn about it with INFO, not ERROR. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
- 07 Nov, 2015 1 commit
-
-
Tycho Andersen authored
Instead of relying on the old ptrace loop, we should instead put all the tasks in the container into the freezer. This will stop them all at the same time, preventing fork bombs from causing criu to infinite loop (and is also simply a lot faster). Note that this uses --freeze-cgroup which isn't in criu 1.7, so it should only go into master. Signed-off-by:
-
- 06 Nov, 2015 13 commits
-
-
Tycho Andersen authored
PR_SET_MM_MAP only went in to the kernel at 3.18 (or 3.19), so we need to define these for kernels before then. If there was an error, the code simply logs the failure and continues on. Also, we can drop the PR_SET_MM_otherstuff contstants since those were dropped in 93525c00. Signed-off-by:
-
Tycho Andersen authored
veths can be unconnected in the container's config, and we should handle this case. Signed-off-by:
-
Tycho Andersen authored
PR_SET_MM_MAP can be called as non-root, which we are in the unprivileged (or nested) case. Also, let's not do the strcpy() for the new cmdline until after we're sure the prctl succeeded. This means that even if it does fail, we won't mutilate the command line like we did before, it just won't be as pretty. v2: remember to chop off bits of the string that are too long Signed-off-by:
-
Christian Brauner authored
Changes v3: (1) Fix typo (q --> p). (1) This commit fixes the calculations when updating paths in lxc.hooks.* entries. We now also update conf->unexpandend_alloced which hasn't been done prior to this commit. (2) Also we use the stricter check: if (p >= lend) continue; This should deal better with invalid config files. (3) Insert some spaces between operators to increase readability. (4) Use gotos to simplify function and increase readability. Signed-off-by: -
Christian Brauner authored
When using overlay and aufs mounts with lxc.mount.entry users have to specify absolute paths for upperdir and workdir which will then get created automatically by mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() in conf.c. When we clone a container with overlay or aufs lxc.mount.entry entries we need to update these absolute paths. In order to do this we add the function update_ovl_paths() in lxccontainer.c. The function updates the mounts in two locations: 1) lxc_conf->mount_list and 2) lxc_conf->unexpanded_config (by calling clone_update_unexp_ovl_dir()) If we were to only update 2) we would end up with wrong upperdir and workdir mounts as the absolute paths would still point to the container that serves as the base for the clone. If we were to only update 1) we would end up with wrong upperdir and workdir lxc.mount.entry entries in the clone's config as the absolute paths in upperdir and workdir would still point to the container that serves as the base for the clone. Updating both will get the job done. NOTE: This function does not sanitize paths apart from removing trailing slashes. (So when a user specifies //home//someone/// it will be cleaned to //home//someone. This is the minimal path cleansing which is also done by lxc_container_new().) But the mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() functions both try to be extremely strict about when to create upperdirs and workdirs. They will only accept sanitized paths, i.e. they require /home/someone. I think this is a (safety) virtue and we should consider sanitizing paths in general. In short: update_ovl_paths() does update all absolute paths to the new container but mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() will still refuse to create upperdir and workdir when the updated path is unclean. This happens easily when e.g. a user calls lxc-clone -o OLD -n NEW -P //home//chb///. Signed-off-by: -
Christian Brauner authored
This functions updates absolute paths for overlay upper- and workdirs so users can simply clone and start new containers without worrying about absolute paths in lxc.mount.entry overlay entries. Signed-off-by:
-
Wolfgang Bumiller authored
Signed-off-by:
Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by:
-
Serge Hallyn authored
Otherwise something like lxc.init_cmd = /sbin/init debug verbose fails trying to execute a file called "/sbin/init debug verbose" Signed-off-by:
-
Sungbae Yoo authored
Signed-off-by:
Sungbae Yoo <sungbae.yoo@samsung.com> Acked-by:
-
Sungbae Yoo authored
Update for commit 0a2b5ab1Signed-off-by:
-
Serge Hallyn authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
- 30 Oct, 2015 3 commits
-
-
Stéphane Graber authored
arch template: Fix systemd-sysctl service
-
Jakub Sztandera authored
The systemd-sysctl service includes condition that /proc/sys/ has to be read-write. In lxc only /proc/sys/net/ is read-write which causes the condition to fail and service not to run. This patch changes the check to /proc/sys/net/ and makes the service apply only rules that are in net tree. Signed-off-by:Jakub Sztandera <kubuxu@gmail.com>
-
Serge Hallyn authored
We didn't do it before, and it makes testcases fail. Signed-off-by:
-
- 29 Oct, 2015 9 commits
-
-
Christian Brauner authored
Instead of duplicating the cleanup-code, once for success and once for failure, simply keep a variable fret which is -1 in the beginning and gets set to 0 on success or stays -1 on failure. Signed-off-by:
-
Christian Brauner authored
The mount_entry_overlay_dirs() and mount_entry_aufs_dirs() functions create workdirs and upperdirs for overlay and aufs lxc.mount.entry entries. They try to make sure that the workdirs and upperdirs can only be created under the containerdir (e.g. /path/to/the/container/CONTAINERNAME). In order to do this the right hand side of if ((strncmp(upperdir, lxcpath, dirlen) == 0) && (strncmp(upperdir, rootfs->path, rootfslen) != 0)) was thought to check if the rootfs->path is not present in the workdir and upperdir mount options. But the current check is bogus since it will be trivially true whenever the container is a block-dev or overlay or aufs backed since the rootfs->path will then have a form like e.g. overlayfs:/some/path:/some/other/path This patch adds the function ovl_get_rootfs_dir() which parses rootfs->path by searching backwards for the first occurrence of the delimiter pair ":/". We do not simply search for ":" since it might be used in path names. If ":/" is not found we assume the container is directory backed and simply return strdup(rootfs->path). Signed-off-by: -
Serge Hallyn authored
Otherwise it may start too early and end up taking 10.0.3.1 even though eth0 was eventually going to end up on 10.0.3.x. https://bugs.launchpad.net/juju-core/+bug/1510619Reported-by:
Ryan Harper <ryan.harper@ubuntu.com> Cc: Martin Pitt <martin.pitt@ubuntu.com> Signed-off-by:
-
Serge Hallyn authored
lxc-usernsexec was using fd 0 and reopening it as 0,1,2 for the new task. If doing "lxc-usernsexec .. < script" this will corrupt the file 'script'. Reported-by:
Fiedler Roman <Roman.Fiedler@ait.ac.at> Signed-off-by:
-
Serge Hallyn authored
The lxc monitor does not store the container's cgroups, rather it recalculates them whenever needed. Systemd moves itself into a /init.scope cgroup for the systemd controller. It might be worth changing that (by storing all cgroup info in the lxc_handler), but for now go the hacky route and chop off any trailing /init.scope. I definately thinkg we want to switch to storing as that will be more bullet-proof, but for now we need a quick backportable fix for systemd 226 guests. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Christian Brauner authored
The mount_entry_create_*_dirs() functions currently assume that the rootfs of the container is actually named "rootfs". This has the consequence that del = strstr(lxcpath, "/rootfs"); if (!del) { free(lxcpath); lxc_free_array((void **)opts, free); return -1; } *del = '\0'; will return NULL when the rootfs of a container is not actually named "rootfs". This means the we return -1 and do not create the necessary upperdir/workdir directories required for the overlay/aufs mount to work. Hence, let's not make that assumption. We now pass lxc_path and lxc_name to mount_entry_create_*_dirs() and create the path directly. To prevent failure we also have mount_entry_create_*_dirs() check that lxc_name and lxc_path are not empty when they are passed in. Signed-off-by: -
KATOH Yasufumi authored
Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
Sungbae Yoo authored
Update for commit 4e6eb26bSigned-off-by:
-
- 18 Oct, 2015 1 commit
-
-
Serge Hallyn authored
Signed-off-by:
-
- 11 Oct, 2015 5 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
It causes trouble when importing from different paths and will always be included ahead of time anyway. Signed-off-by: -
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:
-
- 07 Oct, 2015 1 commit
-
-
Sungbae Yoo authored
Update for commit 592fd47aSigned-off-by:
-
