Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

If unprivileged users are using a veth nic, then ifindex is still 0
at lxc_assign_network() (because lxc_create_network() was skipped).
So check for that case before we use lxc->ifindex to decide if we
have an empty network namespace.

We probably should change the !netdev->ifindex check to a
netdev->type == LXC_NET_EMPTY check, but I've been making enough
mistakes today not to risk that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

In particular, if it's already 1, and we can't change it, we currently
fail out.  That's silly.

I was going to just always continue, but if clone_children is not 1,
then the container *will* fail to start later on, so I'd rather stop
earlier on so the original cause doesn't get lost in the noise.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

If we have "with_python" we want to add the resulting packages to
the resulting rpm.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This introduces a new lxc-autostart binary (and associated manpage)
which will let you start/shutdown/kill/restart any container that's
marked as lxc.start.auto=1. It respects the lxc.start.delay value,
sorts by lxc.start.order and filters by lxc.group.

By default it'll affect all containers that DO NOT have lxc.group
set. If -g is specified, ONLY containers in those group will be
affected. To have a command applied to all containers, the -a
argument can be used.

A -L flag is also offered for distributions wishing to start the
containers themselves while still using LXC's calculated order and
wait delays. Instead of performing the action, it'll print the container
name and (if relevant for the action) the wait time.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

When accessing nested containers, hardcode the path to their config.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

First patch in the set of changes required for container autostart.

This commit adds the new configuration keys and parsers that will then
be used by lxc-start and lxc-stop.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>

In what should have been a straightforward fix for a bug found by
priority, I sent 1 instead of '1' from parent to child, while the
child checked for '1'.  Fix.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

While testing https://github.com/lxc/lxc/pull/106, I found that concurrent starts
are hanging time to time. I then reproduced the same problem in master and got following;

 [caglar@oOo:~] sudo gdb -p 16221
 (gdb) bt
 #0  __lll_lock_wait () at ../nptl/sysdeps/unix/sysv/linux/x86_64/lowlevellock.S:135
 #1  0x00007f495526515c in _L_lock_982 () from /lib/x86_64-linux-gnu/libpthread.so.0
 #2  0x00007f4955264fab in __GI___pthread_mutex_lock (mutex=0x7f49556d4600 <static_mutex>) at pthread_mutex_lock.c:64
 #3  0x00007f49554b27a6 in lock_mutex (l=l@entry=0x7f49556d4600 <static_mutex>) at lxclock.c:78
 #4  0x00007f49554b2dac in static_lock () at lxclock.c:330
 #5  0x00007f4955498f71 in lxc_global_config_value (option_name=option_name@entry=0x7f49554c02cf "cgroup.use") at utils.c:273
 #6  0x00007f495549926c in default_cgroup_use () at utils.c:366
 #7  0x00007f49554953bd in lxc_cgroup_load_meta () at cgroup.c:94
 #8  0x00007f495548debc in lxc_spawn (handler=handler@entry=0x7f49200af300) at start.c:783
 #9  0x00007f495548e7a7 in __lxc_start (name=name@entry=0x7f49200b48a0 "lxc-test-concurrent-4", conf=conf@entry=0x7f49200b2030, ops=ops@entry=0x7f49556d3900 <start_ops>, data=data@entry=0x7f495487db90,
    lxcpath=lxcpath@entry=0x7f49200b2010 "/var/lib/lxc") at start.c:951
 #10 0x00007f495548eb9c in lxc_start (name=0x7f49200b48a0 "lxc-test-concurrent-4", argv=argv@entry=0x7f495487dbe0, conf=conf@entry=0x7f49200b2030, lxcpath=0x7f49200b2010 "/var/lib/lxc") at start.c:1048
 #11 0x00007f49554b68f1 in lxcapi_start (c=0x7f49200b1dd0, useinit=<optimized out>, argv=0x7f495487dbe0) at lxccontainer.c:648
 #12 0x0000000000401317 in do_function (arguments=0x1aa80b0) at concurrent.c:94
 #13 0x0000000000401499 in concurrent (arguments=<optimized out>) at concurrent.c:130
 #14 0x00007f4955262f6e in start_thread (arg=0x7f495487e700) at pthread_create.c:311
 #15 0x00007f4954f8d9cd in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:113

It looks like both parent and child end up with locked mutex thus deadlocks.

I ended up placing values in the thread local storage pool, instead of doing "unlock the lock in the child" dance
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-sshd was mounting itself (the template script) as /sbin/init in the
container using a writable bind-mount.

This shouldn't be needed and could lead to quite a few problems should
one of those containers overwrite /sbin/init for some reason.

Instead simply move to a read-only bind-mount which should prevent any
accidental dammage.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Update for commit df3415e0Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxcapi_rename implemented as a convenience function as lately
I find myself in a need to rename a container due to a
typo in its name. I could have started over but didn't want
to spend more time (to installing extra packages and changing
their configuration) on it.

c->clone() followed by c->destroy() did the trick for me and I
though it could be helpful to the other people, so here it is.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

- add missing print in lxc_list_nicconfigs() and in write_config() which
  fixes lxc-clone so it will propagate the script.down config value

- add missing "script.down" to lxc_get_item_nic(). change "upscript" to
  "script.up" to match actual key in config

- refactor to use config_string_item()
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acled-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

1. catch a case if allowed number of nics is 0 (as opposed to no entry),
which previously would have allowed the user to sneak in one entry.

2. return false, not true, if something went heywire with creating the
/sys/class/net/$nic path to open.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

update for commit 8face1deSigned-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

If the system gets into a bad state, it may become impossible to get
the lxc container locks.  We should still be able to stop containers
in that case.  Add a -L/--nolock option to specify this behavior.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

[resending the patch from correct branch]

commit 09ad6246 introduced lxc.include option
to include other config files. This patch uses it in mountcgroups hook otherwise
lxc-start fails with following error message for the nested containers;

root@oOo:/var/lib/lxc/raring# lxc-start -l debug -o l -n raring -d
lxc-start: command get_cgroup failed to receive response
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This commit does the following changes:
 - Disable rpath by default
 - Switch all of our options to --enable-FEATURE in the help
 - Add auto-detection of libcap availability
 - Add auto-detection of python3 availability
 - Always specify the default value in --help
 - Add a configuration overview at the end
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

The list of packages must be comma separated, not space separated.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

run_buffer(): unblock all signals for spawned scripts.

Currently if no lxc.network.type section is in the container
configuration, the container ends up sharing the host's network.
This is a dangerous default.

Instead, add 'lxc.network.type = none' as a valid type, and make
en empty network the default.

If none as well as another network type are specified, then the
none type will be ignored.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

fix the wrong use of realloc
Signed-off-by: Libo Chen <clbchenlibo.chen@huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>