Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tests: set clone_children if need be

Lxc only sets it on /lxc, not on /.

It's conceivable that we should really re-set this to the original
value, to prevent making later tests not fail when they should.  I
didn't do that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

cgfsng: set cpuset clone_children if needed

Sigh.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

cgfsng: enter/escape error msgs: differentiate and add errno

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Remove trailing newlines in log

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

prevent containers from reading /sys/kernel/debug

Unprivileged containers cannot read it anyway, but also prevent root
owned containers from doing so.  Sadly upstart's mountall won't run
if we try to prevent it from being mounted at all.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

cgfsng: next generation filesystem-backed cgroup implementation

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Fix apparmor

Execute script lxc-devsetup also with sysvinit and upstart.

Some changes happened but the final profiles weren't generated...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

This reverts commit 833bf9c2.

This change wasn't actually safe and is now superseded by the cgns profile.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Note this is printing to stdout because it runs before logging is setup.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

We may need to revert this, but I *think* we no longer need this
with default configs.  The idea iirc was that if caller cannot
write to devices.allow (i.e. is in a user namespace), then ignore
permission failures if the cgroups are already sufficiently setup.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Added ALTLinux distribution.

so that container root can create sub-cgroups
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

- Added ALTLinux distribution.
- Updated template for ALTLinux Sisyphus
Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-attach: fix redirection - stderr

This makes simplifying assumptions:  all usable cgroups must be
mounted under /sys/fs/cgroup/controller or /sys/fs/cgroup/contr1,contr2.

Currently this will only work with cgroup namespaces, because
lxc.mount.auto = cgroup is not implemented.  So cgfsng_ops_init()
returns NULL if cgroup namespaces are not enabled.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Test if the various types of I/O redirection work with lxc-attach.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

So that we can do things like:

	lxc-attach -n a -- sh -c 'echo ERR >&2' > /dev/null

There seems to be no easy way to discern when we need to write to stderr
instead of stdout when we receive an event on the master fd of an allocated
pty. So we're using a "trick"/"hack". We write to STDOUT_FILENO if it refers to
a pty. If STDOUT_FILENO does not refer to a pty we check whether STDERR_FILENO
refers to a pty and if so write to it.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

  * This script sets /dev/.lxc which is needed for autodev containers.
  * Previously was only executed with systemd. Execute it also with
    the other init systems (sysvinit and upstart)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>

doc: Update Korean lxc-attach(1) and lxc-copy(1), Improve lxc-unshare(1)

Explain that the pipe symbol needs to be escaped for -s.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Explain that the pipe symbol needs to be escaped for -e and -s.
Update for commit 759d521bSigned-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Update for commit cc0607a9Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

console.{c.h}: add/improve documentation

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>