- 28 Mar, 2013 1 commit
-
-
Serge Hallyn authored
Though it's more subtle than that. If the file doesn't exist or we can't access it, then don't record it. But if we have parse errors, then do. This is mainly to help out API users who try to read a container configuration file before calling c->create(). If the file doesn't exist, then without this patch the subsequent create() will not use the default /etc/lxc/default.conf. The API user could check for the file ahead of time, but this check makes his life easier without costing us anything. Signed-off-by:
S.Çağlar Onur" <caglar@10ur.org> Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com>
-
- 27 Mar, 2013 5 commits
-
-
Matthias Brugger authored
This patch fixes a small typo in the man page. Signed-off-by:
Matthias Brugger <matthias.bgg@gmail.com> Acked-by:
-
Serge Hallyn authored
All of this needs a rewrite/redesign, and that will be coming (details below), but for now You can start 'non-ephemeral ephemeral' containers using lxc-start-ephemeral -o oldname -n newname --keep-data When you shut that down, the container stick around and can be restarted. Now lxc-clone will recognize such a container by the presence of the delta0/ which contains the read-write overlayfs layer. This means you can do incremental development of containers, i.e. lxc-create -t ubuntu -n r1 lxc-start-ephemeral --keep-data -o r1 -n r1-2 # make some changes, poweroff lxc-clone -o r1-2 -n r1-3 # make some changes... lxc-clone -o r1-3 -n r1-4 # etc... Now, as for design changes... from a higher level 1. lxc-clone should be re-written in c and exported through the api. 2. lxc-clone should support overlayfs and aufs 3. lxc-start-ephemeral should become a thin layer which clones a container, starts and stops and destroys it. at a lower level, 1. the api should support container->setup_mounts 2. lxc-clone should be written as a set of backend classes which can copy mounts to each other. So when you load a container which is lvm-backed, it creates a lvm backend class. That class instance can be converted into a loopback or qemu-nbd or directory backed class. A directory-backed class can be converted into a overlayfs or aufs backed class, which (a) uses the dirctory-backed class as the read-only base, and (b) pins the base container (so it can't be deleted until all snapshots are deleted). Signed-off-by:
Stéphane Graber <stgraber@ubuntu.com>
-
Stéphane Graber authored
The -n/--name option of lxc-start-ephemeral was never implemented even though it was documented in the manpage. Signed-off-by:
-
David Ward authored
If the filesystem mounts on the host have the MS_SHARED or MS_SLAVE flag set, and a container without a rootfs is started, then any new mounts created inside the container are currently propagated into the host. In addition to mounts placed in the configuration file of the container or performed manually after startup, the automatic mounting of /proc by lxc-execute will propagate back into the host, effectively crippling the entire system. This can be prevented by setting the MS_SLAVE flag on all mounts (inside the container's own mount namespace) during startup if a rootfs is not configured. Signed-off-by:
David Ward <david.ward@ll.mit.edu> Acked-by:
-
Stéphane Graber authored
This updates the various checks to match the grid below: == lxc-ubuntu support per architecture == amd64: amd64, i386, armel, armhf, powerpc i386: i386, armel, armhf, powerpc armel: armel, armhf armhf: armhf, armel powerpc: powerpc == lxc-ubuntu-cloud support per architecture == amd64: amd64, i386 i386: i386 armel: armel, armhf armhf: armhf, armel Note that most of the foreign architectures on x86 are supported through the use of qemu-user-static. This one however isn't yet support for cloud images (I'll send a patch for 1.0). Also, qemu-user-static is technically able to emulate amd64 on i386 but qemu-debootstrap doesn't appear to know that and fails quite miserably. We may also want to add a test for amd64 kernel but i386 userspace, which is a valid combination that allows running an amd64 container on an i386 host without requiring emulation, but that's for another patch. Signed-off-by:
-
- 26 Mar, 2013 3 commits
-
-
Stéphane Graber authored
This is mostly to make debuild happy as it doesn't tolerate any leftover file when building twice in a row. Signed-off-by:
-
Stéphane Graber authored
I recently noticed that the generated tarballs with "make dist" were incomplete unless the configure script was run on a machine with all possible build dependencies. That's wrong as you clearly don't need those dependencies to generate the tarball. This change fixes that. Signed-off-by:
-
Stéphane Graber authored
Recent testing on Ubuntu armhf showed that the python module was failing to import. After some time tracking the issue down, the problem was identified as being a non-terminated list of get/setters. This commit fixes that issue as well as a few other potential ones that were identified during debugging. Signed-off-by:
-
- 21 Mar, 2013 1 commit
-
-
David Ward authored
The child process's environment should be manipulated the same way by lxc-attach as it would be by lxc-start or lxc-execute. Signed-off-by:
-
- 19 Mar, 2013 7 commits
-
-
Ryota Ozaki authored
When we install lxc by manual (configure; make; make install), all files are installed under /usr/local/. Configuration files and setting files of containers are stored under /usr/local/ too, however, only log files are stored under /var/log/ not /usr/local/var/log. This patch changes the default log path to $localstatedir/log/lxc (by default $localstatedir is /usr/local/var) where is an ordinary directory, which is probably expected and unsurprising. Signed-off-by:
Ryota Ozaki <ozaki.ryota@gmail.com> Acked-by:
-
Christian Seiler authored
Signed-off-by:
Christian Seiler <christian@iwakd.de> Acked-by:
-
Dennis Schridde authored
Signed-off-by:
Dennis Schridde <devurandom@gmx.net> Acked-by:
-
Christian Seiler authored
Signed-off-by:
-
Dennis Schridde authored
Signed-off-by:
-
Daniel Lezcano authored
Signed-off-by:Daniel Lezcano <daniel.lezcano@free.fr>
-
Daniel Lezcano authored
Signed-off-by:
-
- 18 Mar, 2013 1 commit
-
-
git://github.com/lxc/lxcDaniel Lezcano authored
Signed-off-by:
-
- 14 Mar, 2013 2 commits
-
-
Stéphane Graber authored
conf.h and start.h weren't explicitly including config.h which meant that depending on the ordering of the includes in whatever was including conf.h or start.h, some pieces of the structs defined in those may be missing. This led amongst other problems to the lxc_conf struct being wrong by 8 bytes for functions from commands.c, leading to lxc-stop always failing. Signed-off-by:
-
Serge Hallyn authored
This can't really happen due to current limits in cgroup.c but add it in case those change in the future. Signed-off-by:
-
- 13 Mar, 2013 6 commits
-
-
Serge Hallyn authored
Otherwise containers fail to start even if they aren't trying to map ids. Also don't allocate buf unless we need to. Reported-by:
Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Signed-off-by:
-
Alexander Vladimirov authored
Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Alexander Vladimirov authored
Had this changeset hanging around for some time, maybe this would be useful until some better solution come up. Signed-off-by:
-
Serge Hallyn authored
1. deeper hierarchy has steep performance costs 2. init may be under /init, but containers should be under /lxc 3. in a nested container we like to bind-mount $cgroup_path/$c/$c.real into $cgroup_path - but task 1's cgroup is $c/$c.real, so a nested container would be in $c/$c.real/lxc, which would become /$c/$c.real/$c/$c.real/lxc when expanded 4. this pulls quite a bit of code (of mine) which is always nice Signed-off-by: -
Serge Hallyn authored
Signed-off-by:
-
- 12 Mar, 2013 3 commits
-
-
Dwight Engen authored
The kernel requires a single atomic write for setting the /proc idmap files. We were calling write(2) more than once when multiple ranges were configured so instead build a buffer to pass in one write(2) call. Change id types to unsigned long to handle large id mappings gracefully. Fix max id in example comment. Signed-off-by:
Dwight Engen <dwight.engen@oracle.com> Acked-by:
-
Alexander Vladimirov authored
I remember discussion about implementing proper way to shutdown guests using different signals, so here's a patch proposal. It allows to use specific signal numbers to shutdown guests gracefully, for example SIGRTMIN+4 starts poweroff.target in systemd. Signed-off-by:
-
Dwight Engen authored
This fixes some issues found by Oracle QA, including several cosmetic errors seen during container bootup. The rpm database needs moving on Debian hosts similar to on Ubuntu. I took Serge's suggestions: Do the yum install in an unshared mount namespace so the /proc mount done during OL4 install doesn't pollute the host. No need to blacklist ipv6 modules. Make the default release 6.3, unless the host is OL, then default to the same version as the host (same as Ubuntu template does). Signed-off-by:
-
- 11 Mar, 2013 6 commits
-
-
Dwight Engen authored
The id ordering and case of u,g is also consistent with uidmapshift, reducing confusion. doc: Moved example to the the EXAMPLES section, and used values corresponding to the defaults in the pending shadow-utils subuid patch. Signed-off-by:
-
Stéphane Graber authored
Debian 5.0 Lenny turned out of support on the 6th of February 2012. From now on, the only supported Debian template is lxc-debian. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Serge Hallyn authored
1. if there's no rootfs, return -2, not 0. 2. don't close pinfd unconditionally in do_start(). Signed-off-by:
-
- 07 Mar, 2013 1 commit
-
-
Dwight Engen authored
This should eventually make the source releases available on sourceforge also contain the tests. Signed-off-by:
-
- 06 Mar, 2013 4 commits
-
-
Serge Hallyn authored
If we're not attaching to the mount ns , then don't enter the container's apparmor policy. Since we're running binaries from the host and not the container, that actually seems the sane thing to do (besides also the lazier thing). If we dont' do this patch, then we will need to move the apparmor attach past the procfs remount, will need to also mount securityfs if available, and for the !remount_proc_sys case we'll want to mount those just long enough to do the apparmor transition. Signed-off-by:
-
Serge Hallyn authored
Signed-off-by: -
Christian Seiler authored
When attaching to a container with a user namespace, try to detect the user and group ids of init via /proc and attach as that same user. Only if that is unsuccessful, fall back to (0, 0). Signed-off-by: -
Christian Seiler authored
If getpwuid() fails and also the fallback of spawning of a 'getent' process, and the user specified no command to execute, default to /bin/sh and only fail if even that is not available. This should ensure that unless the container is *really* weird, no matter what, the user should always end up with a shell when calling lxc-attach with no further arguments. Signed-off-by:
-
