- 19 Aug, 2013 24 commits
-
-
Ubuntu authored
1. add cgroup_get_subsys_abspath() which returns the absolute path for a subsystem mount, and use that where needed to actually set cgroup values 2. cgroup_devices_has_{allow,deny}: don't mix int and boolean values. Also, accept 'a *:* rwm" as any whitelist entry for has_allow(). 3. subsys_lists_match(): fix an off-by-one error in calculating updated oldlen. (we need to keep the extra char for '\0') 4. return -1, not 0, if lxc_cgroup_attach fails to open /proc/self/cgroup. Signed-off-by:Ubuntu <ubuntu@ip-10-181-158-15.ec2.internal>
-
Christian Seiler authored
Adds the arch_to_personality function that looks up an architecture and returns the corresponding personality. This may be used in conjunction with the attach/attach_wait keyword argument. Signed-off-by:
Christian Seiler <christian@iwakd.de> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com>
-
Christian Seiler authored
Signed-off-by:
-
Christian Seiler authored
This fixes some minor bugs in the cgroup logic that made start and attach fail (at least when all cgroup controllers were mounted together). Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
This adds a couple of missing includes, uses the local version of getline on bionic and replaces getpwuid_r by getpwuid. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
We use confstr to grab the default PATH value. If it's not there, just use a standard one with bin and sbin for /, /usr and /usr/local. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
initstate/random doesn't work on bionic, srand/rand works on everything, so let's use that. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
The current Android NDK provides a clone() defintion that's identical to eglibc's so we can drop the ifdef from that one. Signed-off-by:
-
Stéphane Graber authored
Those two aren't always around (specifically on bionic), so add some defines in case they aren't already defined. Signed-off-by:
-
Stéphane Graber authored
New code now uses getmntent_r so we need it exported so that it can be used when building on bionic. Signed-off-by:
-
Stéphane Graber authored
The two functions are identical but strrchr also works on Bionic. Signed-off-by:
-
Stéphane Graber authored
This adds a local ifaddrs implementation to be used on Bionic or other C libraries that don't come with a getifaddrs implementation. This code was written by Kenneth MacKay and is under a two-clause BSD license (copyright information in the file headers). Signed-off-by:
-
- 16 Aug, 2013 5 commits
-
-
Scott Moser authored
upstart depends on inotify, and overlayfs does not support inotify. That means that the following results in 'tgt' not running. tgt is simply used here as an example of a service that installs an upstart job and starts it on package install. lxc-clone -s -B overlayfs -o source-precise-amd64 -n test1 lxc-start -n test1 .. apt-get install tgt The change here is to modify /sbin/start inside the container so that when something explicitly tries 'start', it results in an explicit call to 'initctl reload-configuration' so that upstart is aware of the newly placed job. Should overlayfs ever gain inotify support, this should still not cause any harm. Signed-off-by:
Scott Moser <smoser@ubuntu.com> Signed-off-by:
-
Serge Hallyn authored
If you go to the trouble to request a -s (snapshot) clone of a container which is dir backingstore, then you deserve an overlayfs clone. Signed-off-by: -
Serge Hallyn authored
Because they are in probing functions. Signed-off-by:
-
Stéphane Graber authored
strdup and strndup still don't exist on bionic, so we need to do the alloc() call ourselves or free the memory by hand. Signed-off-by:
-
Stéphane Graber authored
Without this, make dist doesn't include it and LXC fails to build. Signed-off-by:
-
- 15 Aug, 2013 5 commits
-
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
-B dev will check whether btrfs, zfs, or lvm can be used, in that order, and fall back to dir. -B lvm,btrfs will try lvm first, then btrfs, then fail. Signed-off-by: -
Serge Hallyn authored
Ideally it would be great to default to a btrfs subvolume for each new container created. However, this is not as we previously thought without consequence. 'rsync --one-file-system' will not descend into btrfs subvolumes. This means that 'lxc-create -B _unset' will cause different behavior for rsync -vax /var/lib/lxc based on whether that fs is btrfs or not. So don't do that. If -B is not specified, use -B dir. Signed-off-by: -
Alexander Vladimirov authored
Fix build with automake 1.14 and newer, since it requires explicit setting now. Signed-off-by:
Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Signed-off-by:
-
Michael H. Warfield authored
Satoshi Matsumoto certainly had the right idea and in spotting a bug in the lxc-fedora template for systemd detection. Heart was in the right spot but patch was not what we needed. I've looked the patch code over for systemd support and init/upstart support and modified the logic appropriately. If /etc/systemd/system exists, we'll do the right thing by systemd. If /etc/rc.sysinit exists, we'll do the right thing by init / upstart. If both are installed, we'll trying and accommodate both in case someone is playing games with the two (I've done this). Patch was trivial, just took more time to actually test it and create some containers with it and verify them, than it did to code them. Signed-off-by:
Michael H. Warfield <mhw@WittsEnd.com> Signed-off-by:
-
- 14 Aug, 2013 6 commits
-
-
Christian Seiler authored
This patch implements the extra_env and extra_keep options of lxc_attach_set_environment. The Python implementation, the C container API and the lxc-attach utility are able to utilize this feature; lxc-attach has gained two new command line options for this. Signed-off-by:
-
Christian Seiler authored
Add methods attach() and attach_wait() to the Python API that give access to the attach functionality of LXC. Both accept two main arguments: 1. run: A python function that is executed inside the container 2. payload: (optional) A parameter that will be passed to the python function Additionally, the following keyword arguments are supported: attach_flags: How attach should operate, i.e. whether to attach to cgroups, whether to drop capabilities, etc. The following constants are defined as part of the lxc module that may be OR'd together for this option: LXC_ATTACH_MOVE_TO_CGROUP LXC_ATTACH_DROP_CAPABILITIES LXC_ATTACH_SET_PERSONALITY LXC_ATTACH_APPARMOR LXC_ATTACH_REMOUNT_PROC_SYS LXC_ATTACH_DEFAULT namespaces: Which namespaces to attach to, as defined as the flags that may be passed to the clone(2) system call. Note: maybe we should export these flags too. personality: The personality of the process, it will be passed to the personality(2) syscall. Note: maybe we should provide access to the function that converts arch into personality. initial_cwd: The initial working directory after attaching. uid: The user id after attaching. gid: The group id after attaching. env_policy: The environment policy, may be one of: LXC_ATTACH_KEEP_ENV LXC_ATTACH_CLEAR_ENV extra_env_vars: A list (or tuple) of environment variables (in the form KEY=VALUE) that should be set once attach has succeeded. extra_keep_env: A list (or tuple) of names of environment variables that should be kept regardless of policy. stdin: A file/socket/... object that should be used as stdin for the attached process. (If not a standard Python object, it has to implemented the fileno() method and provide a fd as the result.) stdout, stderr: See stdin. attach() returns the PID of the attached process, or -1 on failure. attach_wait() returns the return code of the attached process after that has finished executing, or -1 on failure. Note that if the exit status of the process is 255, -1 will also be returned, since attach failures result in an exit code of 255. Two default run functions are also provided in the lxc module: attach_run_command: Runs the specified command attach_run_shell: Runs a shell in the container Examples (assumeing c is a Container object): c.attach_wait(lxc.attach_run_command, 'id') c.attach_wait(lxc.attach_run_shell) def foo(): print("Hello World") # the following line is important, otherwise the exit code of # the attached program will be -1 # sys.exit(0) will also work return 0 c.attach_wait(foo) c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup']) c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'], attach_flags=(lxc.LXC_ATTACH_DEFAULT & ~lxc.LXC_ATTACH_MOVE_TO_CGROUP)) Note that while it is possible to execute Python code inside the container by passing a function (see example), it is unwise to import modules, since there is no guarantee that the Python installation inside the container is in any way compatible with that outside of it. If you want to run Python code directly, please import all modules before attaching and only use them within the container. Signed-off-by: -
Christian Seiler authored
convert_tuple_to_char_pointer_array now also accepts lists and not only tuples when converting to a C array. Other fixes: - some checking that it's actually a list/tuple before trying to convert - off-by-a-few-bytes allocation error (sizeof(char *)*n+1 vs. sizeof(char *)*(n+1)/calloc(...)) Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
-
Christian Seiler authored
Signed-off-by:
-
