Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add a --thinpool argument to lxc-create, to use thin pool backed lvm when creating the container. When cloning a container backed by a thin pool, the clone will default to the same thin pool.

On a system with AppArmor enabled, if lxc.se_context is configured but
lxc.aa_profile is not (because the user just wants to use the default
AppArmor profile) lxc was passing the lxc.se_context to be set as the
new AppArmor profile. Determine which configuration item to use based
on which lsm is enabled.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

- Add attach test cases

- Moved setting of LSM label later to avoid failure of IPC between parent
  and child during attach
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

It was probably disabled by a mistake
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This reworks the mount logic for lxc-start-ephemeral to be as follow:
 - Any real (non-bind) entry gets copied to the target fstab
 - Any bind-mount from a virtual fs gets copied to the target fstab
 - Any remaining bind-mount if confirmed to be valid gets setup as an
   overlay.

Extra bind-mounts passed through the -b option are mounted by the
pre-mount script and don't need processing by the fstab generator.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

A callback return value < 0 means there was an error, so print
out an error message.  But a rv > 0 is used by the mount_unknown_fs
functions to say "we found the one we want, stop here."

Document this, and only print an error message if rv < 0.  Otherwise,

	lxc-create -B lvm --fstype ext3 -t ubuntu -n u1

will print an (innocuous) error message about being unable to parse
the config value 'ext3'.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The latest Mandriva distro release was in 2011 and nowadays distro named
OpenMandriva Lx.
Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Dmitry Yu Okunev <dyokunev@ut.mephi.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This fixes sshd getting an avc on traversing the /dev/ptmx symlink
(was default_t)
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122

The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.

It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

This fixes a few obvious issues when comparing the make dist output with
the git tree.

 - Make all templates non-executable in git
 - Remove unused files:
   - src/lxc/list.c (empty, only includes the list.h header)
   - src/lxc/lxc-destroy.in (replace by lxc_destroy.c)
 - Add missing files to dist tarball:
   - src/python-lxc/examples/pyconsole.py
   - src/python-lxc/examples/pyconsole-vte.py
 - Mark all the python API tests executable
 - Mark lxc-test-ubuntu executable
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Laurent Vallar <val@zbla.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Change the location of linefeed for improving to be read lxc.conf(5) in
Japanese environment.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Two new commands are defined: list_defined_containers() and
list_active_containers().  Both take an lxcpath (NULL means
use the default lxcpath) and return the number of containers
found.  If a lxc_container ** is passed in, then an array of
lxc_container's is returned, one for each container found.
The caller must then lxc_container_put() each container and
free the array, as shown in the new list testcase.
If a char ** is passed in, then an array of container names
is returned, after which the caller must free all the names
and the name array, as showsn in the testcase.

Changelog:
	Check for the container config file before trying to
	create an lxc_container *, to save some work. [ per
	stgraber comments]
	Add names ** argument to return only container names.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

gcc was complaining with:
reboot.c:33: error: conflicting types for ‘clone’
/usr/include/bits/sched.h:83: note: previous declaration of ‘clone’ was here
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-plamo now work with any distribution other than Plamo Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Bug found by Vincent Ladeuil <vila+ci@canonical.com>
Fix suggested by Scott Moser <smoser@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:

  lxc-create: Libgcrypt warning: missing initialization -
              please fix the application
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Same as the commit 3157e673Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>