Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

We were trying to be smart and use whatever the last part of
the container's rootfs path was.  However for block devices
that doesn't make much sense.  I.e. if lxc.rootfs = /dev/md-1,
chances are that /var/lib/lxc/c1/md-1 does not exist.

So always use the $lxcpath/$lxcname/rootfs, and if it does
not exist, try to create it.

With this, 'lxc-clone -s -o c1 -n c2' where c1 has an lvm backend
is fixed.  See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1414771Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Lxc has always created the ptys for use by console and ttys early
on from the monitor process.  This has some advantages, but also
has disadvantages, namely (1) container ptys counting against the
max ptys for the host, and (2) not having a /dev/pts/N in the
container to pass to getty.  (2) was not a problem for us historically
because we bind-mounted the host's /dev/pts/N onto a /dev/ttyN in
the container.  However, systemd hardocdes a check for container_ttys
that the path have 'pts/' in it.  If it were only for (2) I'd have
opted for a systemd patch to check the device major number, but (1)
made it worth moving the openpty to the container namespace.

So this patch moves the tty creation into the task which becomes
the container init.  It then passes the fds for the opened ptys
back to the monitor over a unix socketpair (for use by lxc-console).
The /dev/console is still created in the monitor process, so that
it can for instance be used by lxc.logfd.

So now if you have a foreground container with lxc.tty = 4, you
should end up with one host /dev/pts entry per container rather than 5.

And lxc-console now works with systemd containers.

Note that if the container init mounts its own devpts over the
one mounted by lxc, the tty /dev/pts/n will be hidden.  This is ok
since it's only systemd that needs it, and systemd won't do that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

 - Implements mixed mode for /sys where it's mounted read-only but with
   /sys/devices/virtual/net/ writable.

 - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all
   templates.

 - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup.

 - Get rid of the fstab file by default, using lxc.mount.entry instead.

 - Set sys:mixed as the default for "sys". sys:mixed is slightly more
   permissive than sys:ro so this shouldn't be a problem.

The read-only bind mount of /sys on top of itself is there so that
mountall and other init systems don't attempt to remount /sys
read-write.

v2 changes:
 - Fix the mount list, don't specify a source for the remount.
 - Update the documentation.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Close #406
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Close #421
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

The lxc.tty configuration item specifies a number of ttys to create.
Historically, for each of those, we create a /dev/pts/N entry and
symlink it to /dev/ttyN for older inits to use.  For systemd, we should
instead specify each tty name in a $container_ttys environment variable
passed to init.

See http://www.freedesktop.org/wiki/Software/systemd/ContainerInterface/ and
https://github.com/lxc/lxc/issues/419.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Close #394
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

It is set in plamo.common.conf, so it do not need in plamo.userns.conf
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

At this time, a container that is created by lxc-plamo can't work with
lxc.autodev=1
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

fix busybox unpriv

1. tty5 is not needed
2. the devices should be optional in case they didn't exist in the
host / parent-container
3. switch from 'touch $rootfs/dev/$dev' to using create=file in the
mount entry.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Update Japanese lxc.container.conf(5) for commit 124fa0a8 and d89de239.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Close #389

We will probably also want to switch the order of the mount attempts, as
the new overlay fs should quickly become the more common scenario.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Closes: #403

Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

- document environment variables
- add missing --packages switch to command line
- describe how to pass template options to lxc-create (since
  lxc-create -h doesn't tell you)
- render help text in the same pretty format as lxc-create does
Signed-off-by: Tomáš Posíšek <tpo_deb@sourcepole.ch>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The `index` libc function was removed in POSIX 2008, and `strchr` is a direct
replacement. The bionic (Android) libc has removed `index` when you are
compiling for a 64-bit architecture, such as AArch64.
Signed-off-by: Patrick O'Leary <patrick.oleary@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

fix failed to fallback at lxclock_name

Signed-off-by: Jörg Thalheim <joerg@higgsboson.tk>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Reuse the code from the Debian template to associate a hwaddr if there
is only one veth interface in the container's config file.
Signed-off-by: Vicente Olivert Riera <Vincent.Riera@imgtec.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Ensures matching versions of lxc and lxc-libs being installed
Signed-off-by: Johannes Kastl <mail@ojkastl.de>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Thomas Moschny <thomas.moschny@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The following functions return immediately if a null pointer was passed.
* container_destroy
* lxc_cgroup_process_info_free_and_remove
* lxc_cgroup_put_meta
* toss_list

It is therefore not needed that a function caller repeats a corresponding check.

This issue was fixed by using the software Coccinelle 1.0.0-rc23.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

The function "free" is documented in the way that no action shall occur for
a passed null pointer. It is therefore not needed that a function caller
repeats a corresponding check.
http://stackoverflow.com/questions/18775608/free-a-null-pointer-anyway-or-check-first

This issue was fixed by using the software Coccinelle 1.0.0-rc23.
Signed-off-by: Markus Elfring <elfring@users.sourceforge.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

This defines a missing variable and re-indents the code a bit.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxclock_name will fallback to /tmp/$(id -u)/lxc$lxcpath/.$lxcname when failed
to create directories into rundir. But, in currently, lxclock_name returns
untill preparing directories under the /tmp, so invoker will fail to get
the container lock.  This patch fixes fixes this.
Signed-off-by: Kohei YOSHIDA <kohei.yoshida@gehirn.co.jp>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Hi Michael,

do you have any concerns with the attached patch to
the fedora template that adds an option --mask-tmp
that prevents fedora/systemd from over-mounting
/tmp with tmpfs, which is useful in some cases?

Thanks - Michael

----- Forwarded message from Michael Adam <obnox@samba.org> -----

Date: Sat, 10 Jan 2015 13:12:06 +0100
From: Michael Adam <obnox@samba.org>
To: LXC development mailing-list <lxc-devel@lists.linuxcontainers.org>
Subject: Re: [lxc-devel] [PATCHES] add "--mask-tmp" to lxc-fedora, plus some
	template script fixes
User-Agent: Mutt/1.5.23 (2014-03-12)

On 2015-01-10 at 13:08 +0100, Michael Adam wrote:
> On 2015-01-10 at 04:05 +0000, Serge Hallyn wrote:
>
> > The less controversial one is adding mask-tmp to the fedora template.
> > It looks fine to me, but that should go separately to mwarfield, our
> > fedora template maintainer :)
>
> I had notified mhw of my patches on irc, but apparently he is
> currently very busy.
>
> For a start, following is an update of the uncontroversial fix
> patches, i.e. the fix patche without the path ones, and without
> the mask-tmp patch.

And here comes the mask-tmp patch.
It needs to be applied onto the previous fix-patchset.

From 9589dca113535ed2f4faad89db2fab33bb8a9d7e Mon Sep 17 00:00:00 2001
From: Michael Adam <obnox@samba.org>
Date: Thu, 8 Jan 2015 10:25:24 +0100
Subject: [PATCH] lxc-fedora: add a new option --mask-tmp

This will configure the container to prevent the standard
behaviour of over-mounting /tmp with tmpfs, which can be
undesirable in some cases.

My personal use case is vagrant-lxc in combination with
vagrant-cachier.
Signed-off-by: Michael Adam <obnox@samba.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Fix instantiation of multiple vlan interfaces with same id

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

It's now been proven over and over again that the symlink from /dev/kmsg
to /dev/console is harmful for everything but upstart systems. As Ubuntu
is now switching over to systemd too, lets switch the default.

Upstart users wishing to see boot messages can always set lxc.kmsg = 1
manually in their config (so long as they don't expect to then
dist-upgrade the container to systemd succesfuly).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Now that autodev works fine with unprivileged containers and shouldn't
come with any side effect, lets turn it on by default.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

It turns out that the new upstream overlay fs requires that the delta
and work dirs be under the same mount.  So create a $lxcpath/tmpfs
and create delta0 and work0 under that.  If the user asks for a
tmpfs that'll be mounted under $lxcpath/tmpfs and workdir and delta0
both created under that.

This isn't heavily tested.  But if fixes mounting of 'overlay' fs
for me.

It's "not backward compatible", since it moves delta0, but that
shouldn't matter since ephemeral containers are either destroyed
on exit, or re-started with lxc-start.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

suggested at
https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-December/010985.htmlSigned-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Commit 67702c21 regressed the case where lxc-create use a config
file with 'xx:xx' in lxc.network.hwaddr, so that the 'xx' were
preserved in the container's configuration file.  Expand those
in the unexpanded_config file whenever we are reading a
config file which is not coming from a 'lxc.include'.

The config file will have \n-terminated lines, so update
rand_complete_hwaddr to also stop on \n.

Add a test case to make sure xx gets expanded at lxc-create.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>