- 28 May, 2018 2 commits
-
-
Stéphane Graber authored
start: enable pre-setns() kernels
-
Christian Brauner authored
Signed-off-by:Christian Brauner <christian.brauner@ubuntu.com>
-
- 07 Feb, 2018 24 commits
-
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Stéphane Graber authored
Signed-off-by:Stéphane Graber <stgraber@ubuntu.com>
-
Christian Brauner authored
This lets users use the tools with "lxc-* -n <container-name>" or "lxc-* <container-name>". Signed-off-by: -
Stéphane Graber authored
The package has pretty much always been iproute2 with iproute being an alias for it, the alias is now gone so we need to use iproute2. Signed-off-by: -
Tycho Andersen authored
In particular, if we are already in a user namespace we are unprivileged, and doing things like moving the physical nics back to the host netns won't work. Let's do the same thing LXD does if euid == 0: inspect /proc/self/uid_map and see what that says. Signed-off-by:Tycho Andersen <tycho@tycho.ws>
-
Tycho Andersen authored
Consider the case where we're running in a user namespace but in the host's mount ns with the host's filesystem (something like lxc-usernsexec ... lxc-execute ...), in this case, we'll be euid 0, but we can't actually write to /run. Let's improve this locking check to make sure we can actually write to /run before we decide to actually use it as our locking dir. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Tycho Andersen authored
It's sort of an implementation detail that this exists at all, and we should probably not pollute the container's mount tables or FS with this. Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
Signed-off-by: -
LiFeng authored
If 'lxc_cmd_get_name' failed and return with NULL, this would cause a segment fault. Signed-off-by:LiFeng <lifeng68@huawei.com>
-
Marcos Paulo de Souza authored
As the other tools already handle, show usage message when -h or --help are used. Signed-off-by:Marcos Paulo de Souza <marcos.souza.org@gmail.com>
-
Christian Brauner authored
remove logically dead code Signed-off-by: -
Christian Brauner authored
ensure \0-termination Signed-off-by: -
Christian Brauner authored
used calculated string length when copying into buffer Signed-off-by: -
Marcos Paulo de Souza authored
The same message exists in lxclock.c and cgmanager.c, so print the filename along with the message. Before this patch: lxc-destroy -n u1 pthread_mutex_unlock returned:1 Operation not permitted After this patch: xc-destroy -n u1 lxclock.c: pthread_mutex_unlock returned:1 Operation not permitted Signed-off-by: -
Christian Brauner authored
free allocated memory Signed-off-by: -
Christian Brauner authored
avoid NULL-pointer dereference Signed-off-by: -
Serge Hallyn authored
The lxc_log args have noghing to do with lxc.rootfs.path, and we need room for a NULL at end of arguments. How this bug was hidden for so long I don't know - I can only trigger it on certain systems under certain conditions, but it's definately wrong as is. Signed-off-by:Serge Hallyn <shallyn@cisco.com>
-
Christian Brauner authored
Signed-off-by: -
Marcos Paulo de Souza authored
Closes: #84 Signed-off-by: -
Po-Hsu Lin authored
Check the test user (lxcunpriv) before calling deluser command, otherwise it will print unnecessary error message: /usr/sbin/deluser: The user 'lxcunpriv' does not exist. Signed-off-by:Po-Hsu Lin <po-hsu.lin@canonical.com>
-
- 29 Nov, 2017 5 commits
-
-
Li Feng authored
In the case the container has a console with a valid slave pty file descriptor we duplicate std{in,out,err} to the slave file descriptor so console logging works correctly. Also, we should become session leader. Closes #1646. Closes #1951. Signed-off-by: -
Li Feng authored
Signed-off-by: -
Li Feng authored
Signed-off-by: -
LiFeng authored
In the past, if the console client exited, lxc_console_cb_con return 1. And the lxc_poll will exit, the process will wait at waitpid. At this moment, the process could not handle any command (For example get the container state LXC_CMD_GET_STATE or stop the container LXC_CMD_STOP.). I think we should clean the tty_state and return 0 in this case. So, we can use the lxc-console to connect the console of the container. And we will not exit the function lxc_polland we can handle the commands by lxc_cmd_process Reproducer prior to this commit: - open a new terminal, get the tty device name by command tty /dev/pts/6 - set lxc.console.path = /dev/pts/6 - start the container and the ouptut will print to /dev/pts/6 - close /dev/pts/6 - try an operation e.g. getting state with lxc-ls and lxc-ls will hang Closes #1787. Signed-off-by:
-
Christian Brauner authored
Signed-off-by:
-
- 16 Nov, 2017 9 commits
-
-
Stéphane Graber authored
Signed-off-by: -
Stéphane Graber authored
This reverts commit 37d5831e. Signed-off-by:
-
Christian Brauner authored
Signed-off-by: -
Christian Brauner authored
When users pass -1 there's there won't be an escape sequence to exit the console so no need to print a misleading info message about how to detach. Signed-off-by: -
Antonio Terceiro authored
This avoids the dance of updating the list of valid releases every time Debian makes a new release. It also fixes the following bug: even though lxc-debian will default to creating containers of the latest stable by querying the archive, it won't allow you to explicitly request `stable` because the current list of valid releases don't include it. Last, but not least, avoid hitting the mirror in the case the desired release is one of the ones we know will always be there, i.e. stable, testing, sid, and unstable. Signed-off-by:Antonio Terceiro <terceiro@debian.org>
-
Antonio Terceiro authored
Doing that confuses locale generation. lxc-ubuntu does the same check Signed-off-by: -
Christian Brauner authored
Brings the number of open fds in the monitor process for a standard container without ttys down to 17. Signed-off-by: -
Christian Brauner authored
The console struct is internal and liblxc takes care of creating paths. Signed-off-by: -
Antonio Terceiro authored
Being able to create `testing` containers, regardless of what's the name of the next stable, is useful in several contexts, included but not limited to testing purposes. i.e. one won't need to explicitly switch to `bullseye` once `buster` is released to be able to continue tracking `testing`. While we are at it, let's also enable `unstable`, which is exactly the same as `sid`, but there is no reason for not being able to. Signed-off-by:
-
