Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Otherwise we leave bad containers sitting around and further confuse
things on retries.
Reported-by: Mukanyiligira Didacienne <siyana223@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This fixes a long standing issue that there could only be a single
lxc-monitor per container.

With this change, a new lxc-monitord daemon is spawned the first time
lxc-monitor is called against the container and will accept connections
from any subsequent lxc-monitor.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update the code to also match C.* so that C.UTF-8 doesn't make the
container creation fail.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Trying to start multiple containers concurrently may cause
lxc_monitor_read_timeout to fail as select call could be
interrupted by a signal, handle it.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The previous change used some 3.3-specific functions.
We still support 3.2 so revert to 3.2-compatible calls.
Reported-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This finally fixes a few issues with the magic
convert_tuple_to_char_pointer_array function.

This now clearly copies the char* from the python object so we don't
end up keeping reference to those.

Also add the few required free calls to free the content of the array.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Spotted by coverity, we were now assigning mntent but only every using
mntent_r, so drop those variables and assignation.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Trying to stop multiple containers concurrently ends up with "cgroup is not mounted" errors as multiple threads corrupts the shared variables.
Fix that stack corruption and start to use getmntent_r to support stopping multiple containers concurrently.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Introduce a new HTTP_PROXY variable in /etc/default/lxc.  If unset or
set to none, then behavior continues as before.  If set to 'apt', then
any http::proxy set in apt.conf will be used as http_proxy for
debootstrap, and specified in the container's
/etc/apt/apt.conf.d/70proxy.  If set to something else, then the
value of HTTP_PROXY will be used as http_proxy for debootstrap and
specified in the container's 70proxy.

Changelog: (apr 23) merge the two apt proxy detection functions.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

(found by coverity)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

When using -P (lxcpath), the parameter path needs to be forwarded
to the various commands being run but not used by the nested lxc-ls
as it's relatively unlikely that both the host and the nested containers
use a custom path.

This isn't ideal but short of having a way to provide the container path
for every single of the nesting (with potential unlimited depth), it's
the best we can do.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

 - Drop disabled entries from allowed devices list
 - Improve generated config layout a bit
 - Drop redundant uname call
 - Re-generate the SSH host keys on container creation
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

According to "arch"'s manpage, it's identical to "uname -m".

Some distros ship uname but don't ship arch, however all distros ship uname,
therefore it makes sense to use "uname -m" whenever possible.
Signed-off-by: Christian Bühler <christian@cbuehler.de>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This fixes a few issues uncovered by the recent C module fix.

In lxc-start-ephemeral, the hwaddr code wasn't actually working.
Replace by code that properly iterates through the network interfaces
and sets a new MAC address for each entry.

In the python overlay, catch the newly emitted KeyError when in
set_config_item (or setting any previously unset variable would fail).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Fixes a lot of issues found by a code review done by Barry Warsaw.

Those include:
 - Wrong signature for getters
 - Various memory leaks
 - Various optimizations
 - More consistent return values
 - Proper exception handling
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Reported-by: Barry Warsaw <barry@ubuntu.com>
Acked-by: Barry Warsaw <barry@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Reimplement mkdir_p() such that it:
 ...handles relativ paths correctly. (currently it crashes)
 ...does not rely on dirname().
 ...is not recursive.
 ...is shorter. ;-)
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This reverts commit 5a5c35c3.

This commit was preventing startup of containers using lxc hooks and
shutdown of all other containers, requiring the use of a good old
kill -9 to get rid of lxc-start after a container shutdown.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This reverts commit 8de41406.

This commit was preventing container startup on my machine, making them
all fail with various "No such file or directory" errors.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Reimplement mkdir_p() such that it:
 ...handles relativ paths correctly. (currently it crashes)
 ...does not rely on dirname().
 ...is not recursive.
 ...is shorter. ;-)
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

If the process in the new namespace dies very early
we have currently no chance to detect this.
The parent process will just die due to SIGPIPE
if it write to the fd used for synchronisation and
nobody will notice the real cause of the problem.

Install a SIGCHLD handler to detect the death.
Later when the child does execve() to the init within
the new namespace the handler will be disabled automatically.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

While we are here, fix the whitespace damage.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

There is no need to use nested functions voodoo.
Signed-off-by: Richard Weinberger <richard@nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

The recent change to use strtok_r causes a build warning with this older
gcc version, so initialize saveptr to NULL to quiet the compiler and
unbreak the build. There was no warning with gcc 4.7.2 that I
originally tested with.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

As Richard reported, dirname('//') returns //.  But mkdir_p only stops
when called with '/', resulting in infinite recursion when given a
pathname '//foo/bar'.
Reported-by: richard -rw- weinberger <richard.weinberger@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This patch supports the scenario where a user wants to install a
busybox container on a busybox host.

When running the template, in order to change the root password,
the template needs to do the chroot. On busybox-powered hosts, chroot
is not part of the coreutils package - it's part of busybox. And the
busybox implementation or chroot only works if it has /lib in the new
root populated with the right binaries (or at least that's the
solution I found to make it work).

The temporarily bind-mounts /lib in the NEWROOT, chroots there,
changes the password, goes back and unmounts. This set of operations
is contained in a new MOUNT namespace, using the lxc-unshare call.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

pclose returns the exit status from wait, we need to check that to see if
the script itself failed or not. Tested a script that returned 0, 1, and
also one that did a sleep and then was killed by a signal.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Also check that we wrote the amount we expected to. The write on the pty
is blocking but we could still get a short write on EINTR, so we should
SYSERROR it.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

This makes it match the manpage and be consistent with lxc-execute
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>