- 30 Jan, 2015 3 commits
-
-
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
KATOH Yasufumi authored
Update for commit f24a52d5Signed-off-by:
KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by:
-
Serge Hallyn authored
Because we now create the ttys from inside the container, we had to add an apparmor rule for start-container to bind-mount /dev/pts/** -> /dev/tty*/. However that's not sufficient if the container sets lxc.ttydir, in which case we need to support mounting onto files in subdirs of /dev. Signed-off-by:
Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by:
-
- 29 Jan, 2015 7 commits
-
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
We were trying to be smart and use whatever the last part of the container's rootfs path was. However for block devices that doesn't make much sense. I.e. if lxc.rootfs = /dev/md-1, chances are that /var/lib/lxc/c1/md-1 does not exist. So always use the $lxcpath/$lxcname/rootfs, and if it does not exist, try to create it. With this, 'lxc-clone -s -o c1 -n c2' where c1 has an lvm backend is fixed. See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1414771Signed-off-by:
-
Serge Hallyn authored
Lxc has always created the ptys for use by console and ttys early on from the monitor process. This has some advantages, but also has disadvantages, namely (1) container ptys counting against the max ptys for the host, and (2) not having a /dev/pts/N in the container to pass to getty. (2) was not a problem for us historically because we bind-mounted the host's /dev/pts/N onto a /dev/ttyN in the container. However, systemd hardocdes a check for container_ttys that the path have 'pts/' in it. If it were only for (2) I'd have opted for a systemd patch to check the device major number, but (1) made it worth moving the openpty to the container namespace. So this patch moves the tty creation into the task which becomes the container init. It then passes the fds for the opened ptys back to the monitor over a unix socketpair (for use by lxc-console). The /dev/console is still created in the monitor process, so that it can for instance be used by lxc.logfd. So now if you have a foreground container with lxc.tty = 4, you should end up with one host /dev/pts entry per container rather than 5. And lxc-console now works with systemd containers. Note that if the container init mounts its own devpts over the one mounted by lxc, the tty /dev/pts/n will be hidden. This is ok since it's only systemd that needs it, and systemd won't do that. Signed-off-by:
-
Stéphane Graber authored
- Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by:
-
- 28 Jan, 2015 6 commits
-
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Close #406 Signed-off-by:
-
Stéphane Graber authored
Close #421 Signed-off-by:
-
Serge Hallyn authored
The lxc.tty configuration item specifies a number of ttys to create. Historically, for each of those, we create a /dev/pts/N entry and symlink it to /dev/ttyN for older inits to use. For systemd, we should instead specify each tty name in a $container_ttys environment variable passed to init. See http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ and https://github.com/lxc/lxc/issues/419. Signed-off-by:
-
Stéphane Graber authored
Signed-off-by:
-
Stéphane Graber authored
Close #394 Signed-off-by:
-
- 27 Jan, 2015 5 commits
-
-
KATOH Yasufumi authored
It is set in plamo.common.conf, so it do not need in plamo.userns.conf Signed-off-by:
-
KATOH Yasufumi authored
At this time, a container that is created by lxc-plamo can't work with lxc.autodev=1 Signed-off-by:
-
Stéphane Graber authored
fix busybox unpriv
-
Serge Hallyn authored
1. tty5 is not needed 2. the devices should be optional in case they didn't exist in the host / parent-container 3. switch from 'touch $rootfs/dev/$dev' to using create=file in the mount entry. Signed-off-by: -
KATOH Yasufumi authored
Update Japanese lxc.container.conf(5) for commit 124fa0a8 and d89de239. Signed-off-by:
-
- 26 Jan, 2015 3 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Serge Hallyn authored
Close #389 We will probably also want to switch the order of the mount attempts, as the new overlay fs should quickly become the more common scenario. Signed-off-by:
-
Stéphane Graber authored
Closes: #403 Signed-off-by: Dwight Engen Acked-by:
-
- 25 Jan, 2015 4 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Tomas Pospisek authored
- document environment variables - add missing --packages switch to command line - describe how to pass template options to lxc-create (since lxc-create -h doesn't tell you) - render help text in the same pretty format as lxc-create does Signed-off-by:
Tomáš Posíšek <tpo_deb@sourcepole.ch> Acked-by:
-
Patrick O'Leary authored
The `index` libc function was removed in POSIX 2008, and `strchr` is a direct replacement. The bionic (Android) libc has removed `index` when you are compiling for a 64-bit architecture, such as AArch64. Signed-off-by:
Patrick O'Leary <patrick.oleary@gmail.com> Acked-by:
-
hallyn authored
fix failed to fallback at lxclock_name
-
- 24 Jan, 2015 6 commits
-
-
Jörg Thalheim authored
Signed-off-by:
Jörg Thalheim <joerg@higgsboson.tk> Acked-by:
-
Vicente Olivert Riera authored
Reuse the code from the Debian template to associate a hwaddr if there is only one veth interface in the container's config file. Signed-off-by:
Vicente Olivert Riera <Vincent.Riera@imgtec.com> Acked-by:
-
Johannes Kastl authored
Ensures matching versions of lxc and lxc-libs being installed Signed-off-by:
Johannes Kastl <mail@ojkastl.de> Acked-by:
-
Thomas Moschny authored
Signed-off-by:
Thomas Moschny <thomas.moschny@gmail.com> Acked-by:
-
Markus Elfring authored
The following functions return immediately if a null pointer was passed. * container_destroy * lxc_cgroup_process_info_free_and_remove * lxc_cgroup_put_meta * toss_list It is therefore not needed that a function caller repeats a corresponding check. This issue was fixed by using the software Coccinelle 1.0.0-rc23. Signed-off-by:
Markus Elfring <elfring@users.sourceforge.net> Acked-by:
-
Markus Elfring authored
The function "free" is documented in the way that no action shall occur for a passed null pointer. It is therefore not needed that a function caller repeats a corresponding check. http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first This issue was fixed by using the software Coccinelle 1.0.0-rc23. Signed-off-by:
-
- 22 Jan, 2015 2 commits
-
-
Stéphane Graber authored
This defines a missing variable and re-indents the code a bit. Signed-off-by:
-
Kohei YOSHIDA authored
lxclock_name will fallback to /tmp/$(id -u)/lxc$lxcpath/.$lxcname when failed to create directories into rundir. But, in currently, lxclock_name returns untill preparing directories under the /tmp, so invoker will fail to get the container lock. This patch fixes fixes this. Signed-off-by:Kohei YOSHIDA <kohei.yoshida@gehirn.co.jp>
-
- 21 Jan, 2015 4 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Michael Adam authored
Hi Michael, do you have any concerns with the attached patch to the fedora template that adds an option --mask-tmp that prevents fedora/systemd from over-mounting /tmp with tmpfs, which is useful in some cases? Thanks - Michael ----- Forwarded message from Michael Adam <obnox@samba.org> ----- Date: Sat, 10 Jan 2015 13:12:06 +0100 From: Michael Adam <obnox@samba.org> To: LXC development mailing-list <lxc-devel@lists.linuxcontainers.org> Subject: Re: [lxc-devel] [PATCHES] add "--mask-tmp" to lxc-fedora, plus some template script fixes User-Agent: Mutt/1.5.23 (2014-03-12) On 2015-01-10 at 13:08 +0100, Michael Adam wrote: > On 2015-01-10 at 04:05 +0000, Serge Hallyn wrote: > > > The less controversial one is adding mask-tmp to the fedora template. > > It looks fine to me, but that should go separately to mwarfield, our > > fedora template maintainer :) > > I had notified mhw of my patches on irc, but apparently he is > currently very busy. > > For a start, following is an update of the uncontroversial fix > patches, i.e. the fix patche without the path ones, and without > the mask-tmp patch. And here comes the mask-tmp patch. It needs to be applied onto the previous fix-patchset. From 9589dca113535ed2f4faad89db2fab33bb8a9d7e Mon Sep 17 00:00:00 2001 From: Michael Adam <obnox@samba.org> Date: Thu, 8 Jan 2015 10:25:24 +0100 Subject: [PATCH] lxc-fedora: add a new option --mask-tmp This will configure the container to prevent the standard behaviour of over-mounting /tmp with tmpfs, which can be undesirable in some cases. My personal use case is vagrant-lxc in combination with vagrant-cachier. Signed-off-by:
Michael Adam <obnox@samba.org> Acked-by:
-
hallyn authored
Fix instantiation of multiple vlan interfaces with same id
-
Stéphane Graber authored
Signed-off-by:
-
