- 24 Oct, 2011 12 commits
-
-
Cedric Le Goater authored
This patch adds a private argument to extend the struct lxc_arguments. This is useful to develop custom lxc commands outside mainline lxc. Signed-off-by:
Cedric Le Goater <clg@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Greg Kurz authored
This patch allows to create application containers with liblxc.so directly. Some code cleanups on the way: - separate ops for lxc_execute() and lxc_start(): the factorisation is wrong here as we may have specific things to do if we're running an application container. It deserves separate ops. - lxc_arguments_dup() is merged in the pre-exec operation: this is a first use for the execute op introduced just above. It's better to build the arguments to execvp() where they're really used. Signed-off-by:
Greg Kurz <gkurz@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com>
-
Frederic Crozat authored
Make sure to correctly detect kernel 3.x for file capabilities. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Alexey Shabalin authored
Updates. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com> --
-
Serge E. Hallyn authored
Otherwise we end up with a bad container fstab and a container that won't boot. See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/879052Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Rainer Weikusat authored
The lxc-ls shell script uses netstat -xa to get a listing of AF_UNIX sockets it then parses in order to determine the names of presently running containers. This is wrong because it will list the listening socket and all sockets created by accepting connections on that. This causes the script to display the names of containers with active lxc-console sessions 1 + n times, n being the number of active console sessions. The patch below fixes this by using netstat -xl instead which only displays the listening sockets. Signed-off-by:
Rainer Weikusat <rweikusat@mobileactivedefense.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
Thought I had sent this before, but I don't find it anywhere. Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
If multiple cgroups are mounted under /sys/fs/cgroup, then the original check ends up looking for /sys/fs/cgroup/cgroup.clone_children, which does not exist because that is just a tmpfs. So make sure to check an actual cgroupfs. Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
/dev/shm is a symlink to /run/shm, so we need /run/shm to exist in the container rootfs. Also, /dev/mqueue does not exist on the host, and can't be created by the container. But we don't really need it so ignore that. Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
This isn't particularly reassuring, and will be moot with user namespaces, but as people are asking for it, turn off sys_module. While we're at it, turn off mac_admin and mac_override. Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
End the command with ';', which is needed, and put the hostname in quotes (which doesn't really seem needed, but shown in man page). Signed-off-by:
Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Greg Kurz authored
There are still some sequels from commit: 1c41ddcbSigned-off-by:
Greg Kurz <gkurz@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 20 Sep, 2011 1 commit
-
-
Greg Kurz authored
Commit 92c7f629 broke the following scipts: - lxc-setcap - lxc-setuid - lxc-create This patch adds the missing variables to be substitued by the configure script. Cheers. Signed-off-by:
Greg Kurz <gkurz@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 13 Sep, 2011 3 commits
-
-
Tzafrir Cohen authored
Signed-off-by:
Tzafrir Cohen <tzafrir@cohens.org.il> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Greg Kurz authored
As discussed in thread: http://sourceforge.net/mailarchive/forum.php?thread_name=4E5618C3.5060507%40free.fr&forum_name=lxc-devel We think it's better for now to only warn the user about a fd leaking into the container. Also remove the call to readlink() as it isn't really useful now: since the container will start anyway, the user can look into /proc/../fd or use lsof or whatever. Signed-off-by:
Greg Kurz <gkurz@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Greg Kurz authored
This patch fixes some makefile/specfile issues when running rpmbuild with the distributed lxc specfile: - fixes usage of installation directories for config files, rootfs, templates and lxc-init so that they're calculated at make time instead of configure time. Thanks to this, all installed items go under $RPM_BUILD_ROOT when running rpmbuild - introduce --disable-rpath option to configure to avoid check-rpaths errors when building non-root. - introduce a lxc-libs package in the default spec file to allow concurrent installation of 32 bit and 64 bit libraries. v2: - fix circular reference in lxc.pc - ship lxc.pc with lxc-devel Signed-off-by:Greg Kurz <gkurz@fr.ibm.com> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 01 Sep, 2011 1 commit
-
-
InformatiQ authored
Signed-off-by:
InformatiQ <rhanna@informatiq.org> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 30 Aug, 2011 10 commits
-
-
InformatiQ authored
Signed-off-by:
InformatiQ <rhanna@informatiq.org> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by:
Serge Hallyn <serge.hallyn@canonical.com>
-
InformatiQ authored
Signed-off-by:
InformatiQ <rhanna@informatiq.org> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by:
Serge Hallyn <serge.hallyn@canonical.com>
-
InformatiQ authored
Signed-off-by:
InformatiQ <rhanna@informatiq.org> Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by:
Serge Hallyn <serge.hallyn@canonical.com>
-
Ramez Hanna authored
* if not running on fedora host amd -R is not set, use fedora 14 as default * trap SIGHUP SIGINT SIGTERM, and cleanup before exiting Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Ramez Hanna authored
templates/lxc-fedora.in | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Alexey Shabalin authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Matthijs Kooijman authored
Man for the gateway option. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Matthijs Kooijman authored
For veth and macvlan networks, this can look up the host address on the bridge (link) interface and add a default route on the guest to that address. This facilitates a typical setup where guests are bridged together. syntax: lxc.ipv4.gateway = auto lxc.ipv6.gateway = auto Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Matthijs Kooijman authored
This directive adds a default route to the guest at startup. syntax: lxc.network.ipv4.gateway = 10.0.0.1 lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334 Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 12 Aug, 2011 1 commit
-
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 11 Aug, 2011 9 commits
-
-
Daniel Lezcano authored
Just warn, do not exit fatally. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
Bad array len computation. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
The setns syscall is now mainstream but the parameter passing changed. Let's fix that. The pid namespace and mount namespace attach are missing for the moment. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
We don't have to check for the cgroup namespace name because the pid we are looking for is already in the list of the container owned by lxc and retrieved from the abstract socket command name. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
InformatiQ authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
InformatiQ authored
Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
- 09 Aug, 2011 3 commits
-
-
Daniel Lezcano authored
Take into account we may have the clone_children flag on the cgroup, so we ignore cgroup namespace in this case. Signed-off-by:Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
If ns cgroup is mounted, then when lxc-unshare runs, the kernel automatically creates a new cgroup for the task. So lxc-unshare tries to delete it. But if ns cgroup is not mounted, that cgroup does not get created, and now lxc-unshare spits an error. Author: Serge Hallyn <serge.hallyn@canonical.com> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319 Forwarded: no Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-
Serge E. Hallyn authored
like lxc-ps and lxc-ls, lxc-netstat breaks if there is not an 'lxc' cgroup mount and /etc/mtab is not a link to /proc/mounts. Author: Serge Hallyn <serge.hallyn@canonical.com> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319 Forwarded: no Signed-off-by:
Daniel Lezcano <dlezcano@fr.ibm.com>
-