- 04 Mar, 2013 4 commits
-
-
Serge Hallyn authored
As Kees pointed out, write() errors can be delayed and returned as close() errors. So don't ignore error on close when writing the userns id mapping. Signed-off-by:Serge Hallyn <serge.hallyn@ubuntu.com>
-
Serge Hallyn authored
Signed-off-by: -
Serge Hallyn authored
Signed-off-by: -
Christian Seiler authored
When you clone a new user_ns, the child cannot write to the fds opened by the parent. Hnadle this by doing an extra fork. The grandparent hangs around and waits for its child to tell it the pid of of the grandchild, which will be the one attached to the container. The grandparent then moves the grandchild into the right cgroup, then waits for the child who in turn is waiting on the grandchild to complete. Secondly, when attaching to a new user namespace, your old uid is not valid, so you are uid -1. This patch simply does setid+setuid to 0 if that is the case. We probably want to be smarter, but for now this allows lxc-attach to work. Signed-off-by:Christian Seiler <christian@iwakd.de>
-
- 01 Mar, 2013 4 commits
-
-
Serge Hallyn authored
This patch enables lxc-attach to join the profile of the container it is attaching to. Builds/runs fine with apparmor enabled and disabled. Export new aa_get_profile(), and use it for attach_apparmor, but also handle profile names longer than 100 chars in lxc_start apparmor support. Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Anthony Wu authored
Signed-off-by:
Anthony Wu <wu@learnsprout.com> Acked-by:
-
Stéphane Graber authored
The python api test script was using @LXCPATH@ for one of its checks. Now that the lxcpath is exposed by the lxc python module directly, this can be dropped and api_test.py can now become a simple python file without needing pre-processing by autoconf. Signed-off-by:
-
Stéphane Graber authored
Add initial support for showing and querying nested containers. This is done through a new --nesting argument to lxc-ls and uses lxc-attach to go look for sub-containers. Known limitations include the dependency on setns support for the PID and NETWORK namespaces and the assumption that LXCPATH for the sub-containers matches that of the host. Signed-off-by:
-
- 28 Feb, 2013 8 commits
-
-
Serge Hallyn authored
Update template to install openSUSE 12.3 Signed-off-by:
Frederic Crozat <fcrozat@suse.com> Signed-off-by:
-
Jiri Slaby authored
Otherwise the output looks like: Copying rootfs to /var/lib/lxc/tomcat/rootfs ...Please change root-password ! Signed-off-by: -
Jiri Slaby authored
Fail if something goes wrong. We used to continue and show one failure after another. Signed-off-by: -
Jiri Slaby authored
Base no longer provides bash, sed and tar, but we need those. So add them. Signed-off-by: -
Frederic Crozat authored
This adaptation of systemd. We also add network configuration support. Jiri Slaby: cleanups, rebase Signed-off-by: -
Frederic Crozat authored
When cgroup can't be moved, it might be a hint container is already running. Signed-off-by: -
Frederic Crozat authored
- mount /run on tmpfs outside container - replace /var/run bind mount on /run by a symlink Signed-off-by: -
Frederic Crozat authored
- create /etc/hostname as symlink to /etc/HOSTNAME - fix inadequate space in lxc.mount config, preventing lxc-clone to work Jiri Slaby: some cleanups Signed-off-by:
-
- 22 Feb, 2013 2 commits
-
-
Dwight Engen authored
got link error liblxc.so: undefined reference to `clock_gettime' clock_gettime is used by lxclock.c and is in librt, or bionic libc. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Jäkel, Guido authored
Allow for an additional --host parameter to lxc-ps hiding all processes running in containers. Signed-off-by:
Guido Jäkel <G.Jaekel@dnb.de> Signed-off-by:
-
- 21 Feb, 2013 2 commits
-
-
Dwight Engen authored
this makes "make rpm" work again Signed-off-by:
-
Stéphane Graber authored
This adds -P/--lxcpath to the various python scripts. Signed-off-by:
-
- 20 Feb, 2013 1 commit
-
-
Stéphane Graber authored
We've been shipping those two hooks for a while in Ubuntu. Yesterday I reworked them to use the new environment variables and avoid hardcoding any path that we have available as a variable. I tested both to work on Ubuntu 13.04 but they should work just as well on any distro shipping with the cgroup hierarchy in /sys/fs/cgroup and with ecryptfs available. Those are intended as example and distros are free to drop them, they should however be working without any change required, at least on Ubuntu. Signed-off-by:
-
- 19 Feb, 2013 7 commits
-
-
Serge Hallyn authored
Ok, took a look, what happened was the clearenv calls used to be in lxc_start and lxccontainer and lxc_execute (do lxc_start() callers) themselves. I moved those into do_start(), but the calls in lxccontainer.c were never removed. They should simply be removed altogether. Trivial patch follows. Signed-off-by:
-
Stéphane Graber authored
This commit tweaks the layout of the config file for the Ubuntu templates. With this, we now get a clear network config group, then a path related group, then a bunch of random config options and the end of the config is apparmor, capabilities and cgroups. Signed-off-by:
-
Serge Hallyn authored
This is needed for lxc_wait and lxc_monitor to handle lxcpath. However, the full path name is limited to 108 bytes. Should we use a md5sum of the lxcpath instead of the path itself? In any case, with this patch, lxc-wait and lxc-monitor work right with respect to multiple lxcpaths. The lxcpath is added to the lxc_handler to make it available most of the places we need it. I also remove function prototypes in monitor.h for two functions which are not defined or used anywhere. TODO: make cgroups tolerate multiple same-named containers. Signed-off-by:
-
Stéphane Graber authored
Lintian spotted those two typos. Signed-off-by:
-
Stéphane Graber authored
Use AC_SEARCH_LIBS to detect what library provides sem_*. This allows us to stop hardcoding the ld arguments in the various MakeFiles. Suggested-by:
Natanael Copa <ncopa@alpinelinux.org> Signed-off-by:
-
Stéphane Graber authored
For the lxc-* C binaries, introduce a -P|--lxcpath command line option to override the system default. With this, I can lxc-create -t ubuntu -n r1 lxc-create -t ubuntu -n r1 -P /home/ubuntu/lxcbase lxc-start -n r1 -d lxc-start -n r1 -d -P /home/ubuntu/lxcbase lxc-console -n r1 -d -P /home/ubuntu/lxcbase lxc-stop -n r1 all working with the right containers (module cgroup stuff). To do: * lxc monitor needs to be made to handle cgroups. This is another very invasive one. I started doing this as a part of this set, but that gets hairy, so I'm sending this separately. Note that lxc-wait and lxc-monitor don't work without this, and there may be niggles in what I said works above - since start.c is doing lxc_monitor_send_state etc to the shared abstract unix domain socket. * Need to handle the cgroup conflicts. Signed-off-by: -
Natanael Copa authored
Replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS. This is needed for automake-1.13. Signed-off-by:
-
- 18 Feb, 2013 4 commits
-
-
Dwight Engen authored
For lxc-ls without --active, only output a directory in lxc_path if it contains a file named config. This avoids extra directories that may exist in lxc_path, for example .snapshot if lxc_path is an nfs mount. For lxc-ls with --active, don't output . if there are no active containers. Signed-off-by:
-
Natanael Copa authored
Check for lxcbr0, virbr0 and br0 and use one of those if they exist. Set mac address if network type is veth. Signed-off-by:
-
Dwight Engen authored
Signed-off-by:
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <daniel.lezcano@free.fr>
-
- 13 Feb, 2013 1 commit
-
-
git://github.com/lxc/lxcDaniel Lezcano authored
Signed-off-by:
-
- 11 Feb, 2013 6 commits
-
-
Dwight Engen authored
Add [gs]et_config_path from API to Lua binding. Add additional optional parameter to container_new(). Add tests for these new Lua API bindings. Commit 2a59a681 changed the meaning of lxc_path_get() in the binding, causing lua script breakage. Reinstate original behavior of lxc_path_get() and rename it to lxc_default_config_path_get() to make its intent clearer. Signed-off-by:
-
Serge Hallyn authored
The previous lxcpath patches added support for a custom LXCPATH set through a system-wide configuration file. This was also exposed through the C api, so that a custom lxcpath could be set at the container object instanciation time, or set at runtime. However the command sock filename was always located under the global lxcpath, which could be confusing, and would be a problem for users with insufficient perms to the system-wide lxc path (i.e. if setting lxcpath to $HOME/lxcbase). This patch changes that by passing the lxcpath to all callers of lxc_command(). It remains to add an lxcpath command line argument to most of the command line tools (which are not using the C api) - lxc-start, lxc-info, lxc-stop, etc. At this point it becomes tempting to do something like c = lxc.Container("r1", "/var/lib/lxc") c2 = lxc.Container("r1", "$HOME/lxcbase") However, that's problematic - those two will use the same directory names for cgroup directories. What would be the best way to handle this? One way (which I kind of like) is to give up on naming the cgroups after the container. use mkstemp for the cgroup name, let lxc keep track of the cgroup name based on the command socket, and make users use lxc-cgroup to get and change settings. Other ideas? Signed-off-by: -
Stéphane Graber authored
Add the two new calls to the API and add the new container_path parameter to the constructor (optional). This also extends list_containers to support the config_path parameter. At this point none of the actual tools are changed to make use of those as we'll probably want to make sure all the tools get the extra option at once. Signed-off-by:
-
Serge Hallyn authored
1. When calling c->set_config_path(), update configfile. I.e. if we are setting the config_path to /var/lib/lxc, then the configfile should be changed to /var/lib/lxc/$container/config 2. Add an optional configpath argument to lxc_container_new. If NULL, then the default will be used (as before). If set, then the passed-in path will be used. This way you can do c1 = lxc.Container("r1", "/var/lib/lxc"); c2 = lxc.Container("r2", "/home/user/lxcbase"); (Note I did *not* implement the python or lua binding to pass that argument along) Signed-off-by: -
Stéphane Graber authored
This simply adds an extra blank line between the original lxc config and the template generated options. In typical use cases, this means that we'll now get the header, then a blank line, then default.conf content, then a blank line and finally the template generated config. The wording of the header is also changed slightly so that it fits in the usual 80 columns. Signed-off-by:
-
Stéphane Graber authored
This introduces manpages for: - lxc-checkconfig - lxc-device - lxc-info - lxc-netstat - lxc-shutdown (wasn't in Makefile) - lxc-start-ephemeral - lxc-version This commit also sorts configure.ac and Makefile.am. Signed-off-by:
-
- 08 Feb, 2013 1 commit
-
-
Serge Hallyn authored
Also fix some tabs-as-spaces in lxc_unshare.c itself. lxc-unshare: run usage() on '-h' Signed-off-by:
-
