Init command

From dwight.engen at oracle.com Mon Dec 1 14:55:44 2014 From: dwight.engen at oracle.com (Dwight Engen) Date: Mon, 1 Dec 2014 09:55:44 -0500 Subject: [lxc-devel] [PATCH] Add missing files to ignore list In-Reply-To: <1417034060-11315-1-git-send-email-stgraber@ubuntu.com> References: <1417034060-11315-1-git-send-email-stgraber@ubuntu.com> Message-ID: <20141201095544.753a1cb6@Delphi.home> On Wed, 26 Nov 2014 15:34:20 -0500 Stéphane Graber wrote: > Signed-off-by: Stéphane Graber Acked-by: Dwight Engen > --- > .gitignore | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/.gitignore b/.gitignore > index ddc4e18..aa3a537 100644 > --- a/.gitignore > +++ b/.gitignore > @@ -55,6 +55,7 @@ src/lxc/lxc-console > src/lxc/lxc-config > src/lxc/lxc-create > src/lxc/lxc-destroy > +src/lxc/lxc-device > src/lxc/lxc-execute > src/lxc/lxc-freeze > src/lxc/lxc.functions > @@ -68,6 +69,7 @@ src/lxc/lxc-snapshot > src/lxc/lxc-start > src/lxc/lxc-start-ephemeral > src/lxc/lxc-stop > +src/lxc/lxc-top > src/lxc/lxc-unfreeze > src/lxc/lxc-unshare > src/lxc/lxc-usernsexec From dwight.engen at oracle.com Mon Dec 1 15:13:32 2014 From: dwight.engen at oracle.com (Dwight Engen) Date: Mon, 1 Dec 2014 10:13:32 -0500 Subject: [lxc-devel] [PATCH] Define a new lxc.init_cmd config option In-Reply-To: <1417034081-11372-1-git-send-email-stgraber@ubuntu.com> References: <1417034081-11372-1-git-send-email-stgraber@ubuntu.com> Message-ID: <20141201101332.6d6f9371@Delphi.home> On Wed, 26 Nov 2014 15:34:41 -0500 Stéphane Graber wrote: > Signed-off-by: Stéphane Graber Acked-by: Dwight Engen I think we should also update the lxc-start manpage, which says "If no command is specified, lxc-start will use the default "/sbin/init" command to run a system container" to something like "If no command is specified, lxc-start will use the lxc.init_cmd configuration option, or if that is not given fall back to /sbin/init to run a system container" > --- > doc/lxc.container.conf.sgml.in | 23 +++++++++++++++++++++++ > src/lxc/conf.c | 2 ++ > src/lxc/conf.h | 3 +++ > src/lxc/confile.c | 10 ++++++++++ > src/lxc/lxc_autostart.c | 6 +----- > src/lxc/lxc_start.c | 5 ++++- > src/lxc/lxccontainer.c | 12 ++++++++++-- > 7 files changed, 53 insertions(+), 8 deletions(-) > > diff --git a/doc/lxc.container.conf.sgml.in > b/doc/lxc.container.conf.sgml.in index 35907b5..6d4daac 100644 > --- a/doc/lxc.container.conf.sgml.in > +++ b/doc/lxc.container.conf.sgml.in > @@ -202,6 +202,29 @@ Foundation, Inc., 51 Franklin Street, Fifth > Floor, Boston, MA 02110-1301 USA > > > + Init command > + > + Sets the command to use as the init system for the > containers. + > + This option is ignored when using lxc-execute. > + > + Defaults to: /sbin/init > + > + > + > + > + > + > + > + > + Absolute path from container rootfs to the binary to use > as init. > + > + > + > + > + > + > + > Network > > The network section defines how the network is virtualized in > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > index ac21c77..90df4d2 100644 > --- a/src/lxc/conf.c > +++ b/src/lxc/conf.c > @@ -4537,6 +4537,8 @@ void lxc_conf_free(struct lxc_conf *conf) > free(conf->fstab); > if (conf->rcfile) > free(conf->rcfile); > + if (conf->init_cmd) > + free(conf->init_cmd); > free(conf->unexpanded_config); > lxc_clear_config_network(conf); > if (conf->lsm_aa_profile) > diff --git a/src/lxc/conf.h b/src/lxc/conf.h > index 563109c..06d3e23 100644 > --- a/src/lxc/conf.h > +++ b/src/lxc/conf.h > @@ -356,6 +356,9 @@ struct lxc_conf { > /* text representation of the config file */ > char *unexpanded_config; > size_t unexpanded_len, unexpanded_alloced; > + > + /* init command */ > + char *init_cmd; > }; > > int run_lxc_hooks(const char *name, char *hook, struct lxc_conf > *conf, diff --git a/src/lxc/confile.c b/src/lxc/confile.c > index 886f8a1..83dab05 100644 > --- a/src/lxc/confile.c > +++ b/src/lxc/confile.c > @@ -101,6 +101,7 @@ static int config_stopsignal(const char *, const > char *, struct lxc_conf *); static int config_start(const char *, > const char *, struct lxc_conf *); static int config_group(const char > *, const char *, struct lxc_conf *); static int > config_environment(const char *, const char *, struct lxc_conf *); > +static int config_init_cmd(const char *, const char *, struct > lxc_conf *); static struct lxc_config_t config[] = { > > @@ -162,6 +163,7 @@ static struct lxc_config_t config[] = { > { "lxc.start.order", config_start }, > { "lxc.group", config_group }, > { "lxc.environment", config_environment }, > + { "lxc.init_cmd", config_init_cmd }, > }; > > struct signame { > @@ -965,6 +967,12 @@ static int config_seccomp(const char *key, const > char *value, return config_path_item(&lxc_conf->seccomp, value); > } > > +static int config_init_cmd(const char *key, const char *value, > + struct lxc_conf *lxc_conf) > +{ > + return config_path_item(&lxc_conf->init_cmd, value); > +} > + > static int config_hook(const char *key, const char *value, > struct lxc_conf *lxc_conf) > { > @@ -2327,6 +2335,8 @@ int lxc_get_config_item(struct lxc_conf *c, > const char *key, char *retv, v = c->seccomp; > else if (strcmp(key, "lxc.environment") == 0) > return lxc_get_item_environment(c, retv, inlen); > + else if (strcmp(key, "lxc.init_cmd") == 0) > + v = c->init_cmd; > else return -1; > > if (!v) > diff --git a/src/lxc/lxc_autostart.c b/src/lxc/lxc_autostart.c > index d0e3bfa..db25b48 100644 > --- a/src/lxc/lxc_autostart.c > +++ b/src/lxc/lxc_autostart.c > @@ -330,10 +330,6 @@ int main(int argc, char *argv[]) > struct lxc_container **containers = NULL; > struct lxc_list **c_groups_lists = NULL; > struct lxc_list *cmd_group; > - char *const default_start_args[] = { > - "/sbin/init", > - NULL, > - }; > > if (lxc_arguments_parse(&my_args, argc, argv)) > return 1; > @@ -470,7 +466,7 @@ int main(int argc, char *argv[]) > printf("%s %d\n", > c->name, get_config_integer(c, "lxc.start.delay")); > else { > - if (!c->start(c, 0, > default_start_args)) > + if (!c->start(c, 0, > NULL)) fprintf(stderr, "Error starting container: %s\n", c->name); > else > sleep(get_config_integer(c, > "lxc.start.delay")); diff --git a/src/lxc/lxc_start.c > b/src/lxc/lxc_start.c index 874bb9e..006ffc4 100644 > --- a/src/lxc/lxc_start.c > +++ b/src/lxc/lxc_start.c > @@ -336,7 +336,10 @@ int main(int argc, char *argv[]) > if (my_args.close_all_fds) > c->want_close_all_fds(c, true); > > - err = c->start(c, 0, args) ? 0 : 1; > + if (args == default_args) > + err = c->start(c, 0, NULL) ? 0 : 1; > + else > + err = c->start(c, 0, args) ? 0 : 1; > > if (err) { > ERROR("The container failed to start."); > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c > index 2372b19..406cead 100644 > --- a/src/lxc/lxccontainer.c > +++ b/src/lxc/lxccontainer.c > @@ -555,6 +555,7 @@ static bool lxcapi_start(struct lxc_container *c, > int useinit, char * const argv "/sbin/init", > NULL, > }; > + char *init_cmd[2]; > > /* container exists */ > if (!c) > @@ -591,8 +592,15 @@ static bool lxcapi_start(struct lxc_container > *c, int useinit, char * const argv return ret == 0 ? true : false; > } > > - if (!argv) > - argv = default_args; > + if (!argv) { > + if (conf->init_cmd) { > + init_cmd[0] = conf->init_cmd; > + init_cmd[1] = NULL; > + argv = init_cmd; > + } > + else > + argv = default_args; > + } > > /* > * say, I'm not sure - what locks do we want here? Any? From stgraber at ubuntu.com Mon Dec 1 16:05:38 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Mon, 1 Dec 2014 11:05:38 -0500 Subject: [lxc-devel] [PATCH] Define a new lxc.init_cmd config option In-Reply-To: <20141201101332.6d6f9371@Delphi.home> References: <1417034081-11372-1-git-send-email-stgraber@ubuntu.com> <20141201101332.6d6f9371@Delphi.home> Message-ID: <20141201160538.GC15220@dakara> On Mon, Dec 01, 2014 at 10:13:32AM -0500, Dwight Engen wrote: > On Wed, 26 Nov 2014 15:34:41 -0500 > Stéphane Graber wrote: > > > Signed-off-by: Stéphane Graber > > Acked-by: Dwight Engen > > I think we should also update the lxc-start manpage, which says > "If no command is specified, lxc-start will use the default > "/sbin/init" command to run a system container" > > to something like > > "If no command is specified, lxc-start will use the lxc.init_cmd > configuration option, or if that is not given fall back to /sbin/init > to run a system container" Good point, I'll update that before pushing. Thanks > > > --- > > doc/lxc.container.conf.sgml.in | 23 +++++++++++++++++++++++ > > src/lxc/conf.c | 2 ++ > > src/lxc/conf.h | 3 +++ > > src/lxc/confile.c | 10 ++++++++++ > > src/lxc/lxc_autostart.c | 6 +----- > > src/lxc/lxc_start.c | 5 ++++- > > src/lxc/lxccontainer.c | 12 ++++++++++-- > > 7 files changed, 53 insertions(+), 8 deletions(-) > > > > diff --git a/doc/lxc.container.conf.sgml.in > > b/doc/lxc.container.conf.sgml.in index 35907b5..6d4daac 100644 > > --- a/doc/lxc.container.conf.sgml.in > > +++ b/doc/lxc.container.conf.sgml.in > > @@ -202,6 +202,29 @@ Foundation, Inc., 51 Franklin Street, Fifth > > Floor, Boston, MA 02110-1301 USA > > > > > > + Init command > > + > > + Sets the command to use as the init system for the > > containers. + > > + This option is ignored when using lxc-execute. > > + > > + Defaults to: /sbin/init > > + > > + > > + > > + > > + > > + > > + > > + > > + Absolute path from container rootfs to the binary to use > > as init. > > + > > + > > + > > + > > + > > + > > + > > Network > > > > The network section defines how the network is virtualized in > > diff --git a/src/lxc/conf.c b/src/lxc/conf.c > > index ac21c77..90df4d2 100644 > > --- a/src/lxc/conf.c > > +++ b/src/lxc/conf.c > > @@ -4537,6 +4537,8 @@ void lxc_conf_free(struct lxc_conf *conf) > > free(conf->fstab); > > if (conf->rcfile) > > free(conf->rcfile); > > + if (conf->init_cmd) > > + free(conf->init_cmd); > > free(conf->unexpanded_config); > > lxc_clear_config_network(conf); > > if (conf->lsm_aa_profile) > > diff --git a/src/lxc/conf.h b/src/lxc/conf.h > > index 563109c..06d3e23 100644 > > --- a/src/lxc/conf.h > > +++ b/src/lxc/conf.h > > @@ -356,6 +356,9 @@ struct lxc_conf { > > /* text representation of the config file */ > > char *unexpanded_config; > > size_t unexpanded_len, unexpanded_alloced; > > + > > + /* init command */ > > + char *init_cmd; > > }; > > > > int run_lxc_hooks(const char *name, char *hook, struct lxc_conf > > *conf, diff --git a/src/lxc/confile.c b/src/lxc/confile.c > > index 886f8a1..83dab05 100644 > > --- a/src/lxc/confile.c > > +++ b/src/lxc/confile.c > > @@ -101,6 +101,7 @@ static int config_stopsignal(const char *, const > > char *, struct lxc_conf *); static int config_start(const char *, > > const char *, struct lxc_conf *); static int config_group(const char > > *, const char *, struct lxc_conf *); static int > > config_environment(const char *, const char *, struct lxc_conf *); > > +static int config_init_cmd(const char *, const char *, struct > > lxc_conf *); static struct lxc_config_t config[] = { > > > > @@ -162,6 +163,7 @@ static struct lxc_config_t config[] = { > > { "lxc.start.order", config_start }, > > { "lxc.group", config_group }, > > { "lxc.environment", config_environment }, > > + { "lxc.init_cmd", config_init_cmd }, > > }; > > > > struct signame { > > @@ -965,6 +967,12 @@ static int config_seccomp(const char *key, const > > char *value, return config_path_item(&lxc_conf->seccomp, value); > > } > > > > +static int config_init_cmd(const char *key, const char *value, > > + struct lxc_conf *lxc_conf) > > +{ > > + return config_path_item(&lxc_conf->init_cmd, value); > > +} > > + > > static int config_hook(const char *key, const char *value, > > struct lxc_conf *lxc_conf) > > { > > @@ -2327,6 +2335,8 @@ int lxc_get_config_item(struct lxc_conf *c, > > const char *key, char *retv, v = c->seccomp; > > else if (strcmp(key, "lxc.environment") == 0) > > return lxc_get_item_environment(c, retv, inlen); > > + else if (strcmp(key, "lxc.init_cmd") == 0) > > + v = c->init_cmd; > > else return -1; > > > > if (!v) > > diff --git a/src/lxc/lxc_autostart.c b/src/lxc/lxc_autostart.c > > index d0e3bfa..db25b48 100644 > > --- a/src/lxc/lxc_autostart.c > > +++ b/src/lxc/lxc_autostart.c > > @@ -330,10 +330,6 @@ int main(int argc, char *argv[]) > > struct lxc_container **containers = NULL; > > struct lxc_list **c_groups_lists = NULL; > > struct lxc_list *cmd_group; > > - char *const default_start_args[] = { > > - "/sbin/init", > > - NULL, > > - }; > > > > if (lxc_arguments_parse(&my_args, argc, argv)) > > return 1; > > @@ -470,7 +466,7 @@ int main(int argc, char *argv[]) > > printf("%s %d\n", > > c->name, get_config_integer(c, "lxc.start.delay")); > > else { > > - if (!c->start(c, 0, > > default_start_args)) > > + if (!c->start(c, 0, > > NULL)) fprintf(stderr, "Error starting container: %s\n", c->name); > > else > > sleep(get_config_integer(c, > > "lxc.start.delay")); diff --git a/src/lxc/lxc_start.c > > b/src/lxc/lxc_start.c index 874bb9e..006ffc4 100644 > > --- a/src/lxc/lxc_start.c > > +++ b/src/lxc/lxc_start.c > > @@ -336,7 +336,10 @@ int main(int argc, char *argv[]) > > if (my_args.close_all_fds) > > c->want_close_all_fds(c, true); > > > > - err = c->start(c, 0, args) ? 0 : 1; > > + if (args == default_args) > > + err = c->start(c, 0, NULL) ? 0 : 1; > > + else > > + err = c->start(c, 0, args) ? 0 : 1; > > > > if (err) { > > ERROR("The container failed to start."); > > diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c > > index 2372b19..406cead 100644 > > --- a/src/lxc/lxccontainer.c > > +++ b/src/lxc/lxccontainer.c > > @@ -555,6 +555,7 @@ static bool lxcapi_start(struct lxc_container *c, > > int useinit, char * const argv "/sbin/init", > > NULL, > > }; > > + char *init_cmd[2]; > > > > /* container exists */ > > if (!c) > > @@ -591,8 +592,15 @@ static bool lxcapi_start(struct lxc_container > > *c, int useinit, char * const argv return ret == 0 ? true : false; > > } > > > > - if (!argv) > > - argv = default_args; > > + if (!argv) { > > + if (conf->init_cmd) { > > + init_cmd[0] = conf->init_cmd; > > + init_cmd[1] = NULL; > > + argv = init_cmd; > > + } > > + else > > + argv = default_args; > > + } > > > > /* > > * say, I'm not sure - what locks do we want here? Any? > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Mon Dec 1 18:47:57 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Mon, 1 Dec 2014 13:47:57 -0500 Subject: [lxc-devel] [PATCH] Disabled building openSUSE containers on openSUSE 13.2 and openSUSE Tumbleweed due to faulty behaviour with newer versions of init_buildsystem In-Reply-To: References: Message-ID: <20141201184757.GF15220@dakara> On Sat, Nov 29, 2014 at 09:43:26PM +0100, Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > On 26.11.2014 Johannes Kastl wrote: > > On 26.11.2014 Johannes Kastl wrote: > > > >> There is a bug report, but no solution yet. I am busy with other > >> real world stuff right now, so maybe to protect users this patch > >> should make it into stable-1.0? > > As newer snapshots/releases of openSUSE Tumbleweed have a different > /etc/os-release, I adapted the patch. Or rather wrote an additional > patch, to detect Tumbleweed releases more reliably. > > Regards, > Johannes > - -- > Why is it that New Jersey got all the toxic waste dumps and California > got all the lawyers? > New Jersey had first choice. > (unknown) > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlR6L+4ACgkQzi3gQ/xETbL4GACgiINAP+3JazipazeGRuCB2Oo2 > YssAniJ4WwGQFvTj5rDnFPN3YFntXe+u > =k2+c > -----END PGP SIGNATURE----- > From 603657a1f4c18e40eb1e977b73b76b9a7ea9078b Mon Sep 17 00:00:00 2001 > From: Johannes Kastl > Date: Sat, 29 Nov 2014 21:37:02 +0100 > Subject: [PATCH] lxc-opensuse.in: Disabling builds on openSUSE Tumbleweed, > detection improved > > Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber > --- > templates/lxc-opensuse.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in > index d563f20..abbbc4e 100644 > --- a/templates/lxc-opensuse.in > +++ b/templates/lxc-opensuse.in > @@ -405,7 +405,7 @@ if [ -z "$path" ]; then > exit 1 > fi > > -if [ $(grep Harlequin /etc/os-release >/dev/null; echo $?) = 0 ]; then > +if grep -q Harlequin /etc/os-release || grep -q Tumbleweed /etc/os-release ; then > echo "Building containers on openSUSE 13.2 or Tumbleweed is broken at the moment. We are working on this problem." > exit 1 > fi > -- > 2.1.3 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Mon Dec 1 19:02:11 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 11:02:11 -0800 Subject: [lxc-devel] [lxc/lxc] 55ae7e: audit: added capacity and reserve() to nlmsg Message-ID: <547cbb331a568_649c3f98195f729c60524@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 55ae7edb18c503a4b869dd0089f25f03a05a6563 https://github.com/lxc/lxc/commit/55ae7edb18c503a4b869dd0089f25f03a05a6563 Author: Shuai Zhang Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M src/lxc/network.c M src/lxc/nl.c M src/lxc/nl.h Log Message: ----------- audit: added capacity and reserve() to nlmsg There are now two (permitted) ways to add data to netlink message: 1. put_xxx() 2. call nlmsg_reserve() to get a pointer to newly reserved room within the original netlink message, then write or memcpy data to that area. Both of them guarantee adding requested length data do not overflow the pre-allocated message buffer by checking against its cap field first. And there may be no need to access nlmsg_len outside nl module, because both put_xxx() and nlmsg_reserve() have alread did that for us. Signed-off-by: Shuai Zhang Acked-by: Stéphane Graber Commit: 358f18beab0d82362381bb13a01d09db956323af https://github.com/lxc/lxc/commit/358f18beab0d82362381bb13a01d09db956323af Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M .gitignore Log Message: ----------- Add missing files to ignore list Signed-off-by: Stéphane Graber Acked-by: Dwight Engen Commit: c464fd7e01ea5687dc3872d557213881cae9715e https://github.com/lxc/lxc/commit/c464fd7e01ea5687dc3872d557213881cae9715e Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M doc/lxc.container.conf.sgml.in Log Message: ----------- tabs/spaces consistency Signed-off-by: Stéphane Graber Commit: 67c660d0aaff5f2854a55da936fe6cd82510494f https://github.com/lxc/lxc/commit/67c660d0aaff5f2854a55da936fe6cd82510494f Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M doc/lxc-start.sgml.in M doc/lxc.container.conf.sgml.in M doc/lxc.sgml.in M src/lxc/conf.c M src/lxc/conf.h M src/lxc/confile.c M src/lxc/lxc_autostart.c M src/lxc/lxc_start.c M src/lxc/lxccontainer.c Log Message: ----------- Define a new lxc.init_cmd config option Signed-off-by: Stéphane Graber Acked-by: Dwight Engen Commit: e71549fc7e1455d7bb8d7bdb26b9276093fd27c6 https://github.com/lxc/lxc/commit/e71549fc7e1455d7bb8d7bdb26b9276093fd27c6 Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M doc/Makefile.am Log Message: ----------- doc: Always include the lxc-top manpage Since it's no longer written in lua. Signed-off-by: Stéphane Graber Commit: de548c6055a6246804a8217e901c9272dbf699d4 https://github.com/lxc/lxc/commit/de548c6055a6246804a8217e901c9272dbf699d4 Author: Johannes Kastl Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: Disabling builds on openSUSE Tumbleweed, detection improved. Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Commit: 40d811614ce7b8fee716878f37d05a195b29ae8f https://github.com/lxc/lxc/commit/40d811614ce7b8fee716878f37d05a195b29ae8f Author: overlay fs Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M src/lxc/lxc-start-ephemeral.in Log Message: ----------- Issue #278: lxc-start-ephemeral: add --cdir option for cow-mounts This is a copy of patch version 3 for issue #278 on the issue-tracker: - Allow multiple bind-mounts (--bdir) and multiple cow-mounts (--cdir). - Further fixes to permissions throughout lxc-start-ephemeral (annotated in the code). Signed-off by: Oleg Freedholm Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/f38788b405e6...40d811614ce7 From stgraber at ubuntu.com Mon Dec 1 19:04:53 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Mon, 1 Dec 2014 14:04:53 -0500 Subject: [lxc-devel] [PATCH] Issue #278: lxc-start-ephemeral: add --cdir option for cow-mounts In-Reply-To: References: Message-ID: <20141201190453.GG15220@dakara> On Thu, Nov 27, 2014 at 04:11:43AM +1100, overlay fs wrote: > This is a copy of patch version 3 for issue #278 on the issue-tracker: > > -Allow multiple bind-mounts (--bdir) and multiple cow-mounts (--cdir). > > -Further fixes to permissions throughout lxc-start-ephemeral > (annotated in the code). > > -Reduce start-up time by ~5 seconds; only wait for a network ip > address if really need it, ie if we are running a command. > > > Signed-off by: Oleg Freedholm Acked-by: Stéphane Graber But I pushed with some changes: 1) Had to fix your patch by hand because your mail client messed it up (wrapped the long lines resulting in an invalid diff). 2) Removed all of the "edit:" lines. We already have diffs and your commit description, no need to add all that stuff to the code. 3) Added safeguards in case of failure of getfacl/setfacl 4) Reverted the start-up time change as that'd have caused regressions for sure. lxc-start-ephemeral guarantess that by the time it returns the container has network connectivity. People using it so far have been able to rely on that both for interactive work and for scripted use cases, let's not break that. > > --- /usr/bin/lxc-start-ephemeral 2014-11-21 17:48:49.000000000 +1100 > +++ lxc-start-ephemeral 2014-11-27 00:30:42.095429007 +1100 > @@ -84,9 +84,14 @@ > parser.add_argument("--name", "-n", type=str, > help=_("name of the target container")) > > -parser.add_argument("--bdir", "-b", type=str, > +# edit: insert action="append" > +parser.add_argument("--bdir", "-b", type=str, action="append", default=[], > help=_("directory to bind mount into container")) > > +# edit: add cdir > +parser.add_argument("--cdir", "-c", type=str, action="append", default=[], > + help=_("directory to cow mount into container")) > + > parser.add_argument("--user", "-u", type=str, > help=_("the user to run the command as")) > > @@ -156,6 +161,14 @@ > else: > dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir=lxc_path) > os.mkdir(os.path.join(dest_path, "rootfs")) > +# edit: set the permissions for an ephemeral container to the default > permissions for a non-ephemeral container, o770. > +# : if the permissions are not set here, then they vary greatly, > depending upon the arguments. > +# : sometimes permissions are too tight, so that the > (unprivileged) host user cannot list the container's host directory. > +# : in this case, lxc-start-ephemeral fails to cleanup the > container upon termination. > +# : eg lxc-start-ephemeral -o trusty > +# : othertimes permissions are too loose, so that every host user > can list the container's host directory. > +# : eg lxc-start-ephemeral -o trusty -n trusty_ephemeral > +os.chmod(dest_path, 0o770) > > # Setup the new container's configuration > dest = lxc.Container(os.path.basename(dest_path), args.lxcpath) > @@ -206,6 +219,16 @@ > # Setup an overlay for anything remaining > overlay_dirs += [(fields[0], dest_mount)] > > +# edit: Setup an overlay for each cow mount > +for entry in args.cdir: > + if not os.path.exists(entry): > + print(_("Path '%s' doesn't exist, won't be cow-mounted.") % > + entry) > + else: > + src_path = os.path.abspath(entry) > + dst_path = "%s/rootfs/%s" % (dest_path, src_path) > + overlay_dirs += [(src_path, dst_path)] > + > # Generate pre-mount script > with open(os.path.join(dest_path, "pre-mount"), "w+") as fd: > os.fchmod(fd.fileno(), 0o755) > @@ -223,6 +246,17 @@ > if args.storage_type == "tmpfs": > fd.write("mount -n -t tmpfs -o mode=0755 none %s\n" % (target)) > > + # edit: attempt to fix permissions (setfacl) and optionally > ownership (chown) > + # - this is complicated, because we are inside an id_map, > and this confuses tools such as setfacl & chown. > + # - fixing permissions is essential. Without the fix, an > unprivileged user in the container > + # cannot write to the top level of '--cdir' (though they > can write to subdirectories of --cdir). > + # setfacl seems to solve the problem. > + # - fixing ownership is optional, since acl permissions > trump ownership. > + # chown behaves strangely under the id_map, so it has > been commented out. > + ###fd.write("chown --no-dereference --reference=%s %s %s\n" % > (entry[0], target, entry[1])) > + fd.write("getfacl -a %s | setfacl --set-file=- %s\n" % > (entry[0], target)) > + fd.write("getfacl -a %s | setfacl --set-file=- %s\n" % > (entry[0], entry[1])) > + > if args.union_type == "overlayfs": > fd.write("mount -n -t overlayfs" > " -oupperdir=%s,lowerdir=%s none %s\n" % ( > @@ -242,13 +276,13 @@ > entry[1])) > count += 1 > > - if args.bdir: > - if not os.path.exists(args.bdir): > + for entry in args.bdir: > + if not os.path.exists(entry): > print(_("Path '%s' doesn't exist, won't be bind-mounted.") % > - args.bdir) > + entry) > else: > - src_path = os.path.abspath(args.bdir) > - dst_path = "%s/rootfs/%s" % (dest_path, os.path.abspath(args.bdir)) > + src_path = os.path.abspath(entry) > + dst_path = "%s/rootfs/%s" % (dest_path, os.path.abspath(entry)) > fd.write("mkdir -p %s\nmount -n --bind %s %s\n" % ( > dst_path, src_path, dst_path)) > > @@ -295,7 +329,11 @@ > sys.exit(0) > > # Try to get the IP addresses > -ips = dest.get_ips(timeout=10) > +# edit: Only wait for the IP address if we really need it, ie if we > are executing a command. > +# : This takes ~5 seconds, perhaps because it takes that long to > launch the network in the container. > +ips = [] # edit: ... ensure ips is defined > +if args.command: # edit: added if statement > + ips = dest.get_ips(timeout=10) > > # Deal with the case where we just print info about the container > if args.daemon: > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Mon Dec 1 20:15:38 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 12:15:38 -0800 Subject: [lxc-devel] [lxc/lxc] 26f1b3: Allow lxc_clear_config_item to clear idmaps. Message-ID: <547ccc6a41f5f_24db3ff2c17772b874655@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 26f1b3902c61c2b2c0c1a2577cd9b5cb0457a682 https://github.com/lxc/lxc/commit/26f1b3902c61c2b2c0c1a2577cd9b5cb0457a682 Author: Casey Marshall Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M src/lxc/confile.c Log Message: ----------- Allow lxc_clear_config_item to clear idmaps. Ran into this when trying to automate stgraber's "GUI in containers" post. Signed-off-by: Casey Marshall Acked-by: Stéphane Graber From noreply at github.com Mon Dec 1 20:39:15 2014 From: noreply at github.com (GitHub) Date: Mon, 01 Dec 2014 12:39:15 -0800 Subject: [lxc-devel] [lxc/lxc] a43183: Revert "audit: added capacity and reserve() to nlm... Message-ID: <547cd1f3d4a66_21963f95ec17f2c01041c6@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: a4318300b4610d37730ec1825a7c9b796279c3c7 https://github.com/lxc/lxc/commit/a4318300b4610d37730ec1825a7c9b796279c3c7 Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M src/lxc/network.c M src/lxc/nl.c M src/lxc/nl.h Log Message: ----------- Revert "audit: added capacity and reserve() to nlmsg" This reverts commit 55ae7edb18c503a4b869dd0089f25f03a05a6563. This change caused hangs in the testsuite, specifically with lxc-user-nic. Signed-off-by: Stéphane Graber From karma at jazz.email.ne.jp Tue Dec 2 09:15:34 2014 From: karma at jazz.email.ne.jp (KATOH Yasufumi) Date: Tue, 2 Dec 2014 18:15:34 +0900 Subject: [lxc-devel] [PATCH] Add the Japanese translation for the lxc.init_cmd config option Message-ID: <1417511734-32100-1-git-send-email-karma@jazz.email.ne.jp> Update for commit 67c660d Signed-off-by: KATOH Yasufumi --- doc/ja/lxc-start.sgml.in | 5 +++-- doc/ja/lxc.container.conf.sgml.in | 31 +++++++++++++++++++++++++++++++ doc/ja/lxc.sgml.in | 5 +++-- 3 files changed, 37 insertions(+), 4 deletions(-) diff --git a/doc/ja/lxc-start.sgml.in b/doc/ja/lxc-start.sgml.in index 3260972..c0dd872 100644 --- a/doc/ja/lxc-start.sgml.in +++ b/doc/ja/lxc-start.sgml.in @@ -94,11 +94,12 @@ by KATOH Yasufumi - もし command が指定されない場合は、lxc-start はシステムコンテナを実行するためのコマンドとして、デフォルトで "/sbin/init" を使用します。 + もし command が指定されない場合は、lxc-start はシステムコンテナを実行するためのコマンドとして、lxc.init_cmd で設定されたコマンドを使用します。 + もし lxc.init_cmd が設定されていない場合は、デフォルトで "/sbin/init" を使用します。 diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in index 579f5d2..dbb23df 100644 --- a/doc/ja/lxc.container.conf.sgml.in +++ b/doc/ja/lxc.container.conf.sgml.in @@ -273,6 +273,37 @@ by KATOH Yasufumi + Init コマンド + + + コンテナの init として使うコマンドを設定します。 + このオプションは lxc-execute では無視されます。 + デフォルトは /sbin/init です。 + + + + + + + + + + init として使うバイナリの、コンテナの rootfs からの絶対パスを指定します。 + + + + + + + ネットワーク lxc-start コマンドは、コンテナ内の特定のコマンドを直接実行します。最初のプロセスの pid が 1 となります。 - もし、実行するコマンドが指定されない場合は、lxc-start は /sbin/init を実行します。 + もし、実行するコマンドが指定されない場合は、lxc-start は lxc.init_cmd で設定されたコマンドを実行します。もし lxc.init_cmd が設定されていない場合は /sbin/init を実行します。 -- 2.1.1 From karma at jazz.email.ne.jp Tue Dec 2 09:20:15 2014 From: karma at jazz.email.ne.jp (KATOH Yasufumi) Date: Tue, 2 Dec 2014 18:20:15 +0900 Subject: [lxc-devel] [PATCH] doc: Always include the Japanese lxc-top manpage Message-ID: <1417512015-1555-1-git-send-email-karma@jazz.email.ne.jp> Update for commit e71549f Signed-off-by: KATOH Yasufumi --- doc/ja/Makefile.am | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/doc/ja/Makefile.am b/doc/ja/Makefile.am index 72e22fe..20a7021 100644 --- a/doc/ja/Makefile.am +++ b/doc/ja/Makefile.am @@ -25,6 +25,7 @@ man_MANS = \ lxc-snapshot.1 \ lxc-start.1 \ lxc-stop.1 \ + lxc-top.1 \ lxc-unfreeze.1 \ lxc-unshare.1 \ lxc-user-nic.1 \ @@ -46,10 +47,6 @@ else man_MANS += legacy/lxc-ls.1 endif -if ENABLE_LUA - man_MANS += lxc-top.1 -endif - %.1 : %.sgml $(db2xman) --encoding=UTF-8 $< test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true -- 2.1.1 From petar.koretic at sartura.hr Tue Dec 2 09:56:53 2014 From: petar.koretic at sartura.hr (Petar Koretic) Date: Tue, 2 Dec 2014 09:56:53 +0000 Subject: [lxc-devel] [PATCH] openwrt: add common configuration file In-Reply-To: <20141124213556.GE26443@dakara> References: <0000014961138416-7dbf3d06-ea7f-4216-905f-a4591e265337-000000@email.amazonses.com> <20141124213556.GE26443@dakara> Message-ID: <0000014a0a6e5e52-2c356867-1d24-4654-b3f2-9eb36ab546d2-000000@email.amazonses.com> Hi Stï¿½phane, On Nov 24, 16:35, Stï¿½phane Graber wrote: > On Thu, Oct 30, 2014 at 12:41:49PM +0000, Petar Koretic wrote: > > This adds OpenWrt common config file. > > > > Signed-off-by: Petar Koretic > > CC: Luka Perkov > > Acked-by: Stï¿½phane Graber > > > --- > > > > OpenWrt templates are working using 'lxc-create -t download' command. We are > > running that over our server on http://virtualwrt.org/containers/. There is > > only support for x86, x86_64 and ar71xx as of now. We plan to add all other > > architectures supported by OpenWrt in the future. The build scripts used to > > generate images can be found here: > > > > https://github.com/VirtualWrt/misc > > > > Note that index files on virtualwrt.org/containers are not validated. > > > > OpenWrt now supports containers but due to platform specifics there are some limitations: > > > > * 'tar --anchored' doesn't come with busybox's tar version, lxc is patched in > > OpenWrt packages feed to ignore this functionality. > > How did you workaround this? We patched OpenWrt LXC and removed this option for now. > The goal for the download template is to work with busybox, so it'd be > nice if this could be resolved upstream too. Looking at the busybox source they have their own tar implementation and they didn't implement --anchored flag. Not sure how easy would be to add that. > > * .xz extraction is very expensive on most OpenWrt supported devices, -0 level > > is used for rootfs compression to mitigate that to some extent. > > * Priviliged containers are not supported at the moment since default user > > is root on this platform. > > > > I'm looking forward for your comments and suggestions to get OpenWrt images > > hosted on official lxc servers. > > So the first step to get images on the official lxc server would be to > add support for OpenWRT to github.com/lxc/lxc-ci so that build-image can > be used to build OpenWRT images. Then once we've got that, it should > just be a matter of adding that to jenkins.linuxcontainers.org and we'll > get daily builds. We will take a look at this. Thanks. Best regards, Petar From stgraber at ubuntu.com Tue Dec 2 15:52:50 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 2 Dec 2014 10:52:50 -0500 Subject: [lxc-devel] [PATCH] Add the Japanese translation for the lxc.init_cmd config option In-Reply-To: <1417511734-32100-1-git-send-email-karma@jazz.email.ne.jp> References: <1417511734-32100-1-git-send-email-karma@jazz.email.ne.jp> Message-ID: <20141202155250.GL15220@dakara> On Tue, Dec 02, 2014 at 06:15:34PM +0900, KATOH Yasufumi wrote: > Update for commit 67c660d > > Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber > --- > doc/ja/lxc-start.sgml.in | 5 +++-- > doc/ja/lxc.container.conf.sgml.in | 31 +++++++++++++++++++++++++++++++ > doc/ja/lxc.sgml.in | 5 +++-- > 3 files changed, 37 insertions(+), 4 deletions(-) > > diff --git a/doc/ja/lxc-start.sgml.in b/doc/ja/lxc-start.sgml.in > index 3260972..c0dd872 100644 > --- a/doc/ja/lxc-start.sgml.in > +++ b/doc/ja/lxc-start.sgml.in > @@ -94,11 +94,12 @@ by KATOH Yasufumi > > > - もし command が指定されない場合は、lxc-start はシステムコンテナを実行するためのコマンドとして、デフォルトで "/sbin/init" を使用します。 > + もし command が指定されない場合は、lxc-start はシステムコンテナを実行するためのコマンドとして、lxc.init_cmd で設定されたコマンドを使用します。 > + もし lxc.init_cmd が設定されていない場合は、デフォルトで "/sbin/init" を使用します。 > > > > diff --git a/doc/ja/lxc.container.conf.sgml.in b/doc/ja/lxc.container.conf.sgml.in > index 579f5d2..dbb23df 100644 > --- a/doc/ja/lxc.container.conf.sgml.in > +++ b/doc/ja/lxc.container.conf.sgml.in > @@ -273,6 +273,37 @@ by KATOH Yasufumi > > > > + Init コマンド > + > + > + コンテナの init として使うコマンドを設定します。 > + このオプションは lxc-execute では無視されます。 > + デフォルトは /sbin/init です。 > + > + > + > + > + > + > + > + > + > + init として使うバイナリの、コンテナの rootfs からの絶対パスを指定します。 > + > + > + > + > + > + > + > ネットワーク > > > lxc-start コマンドは、コンテナ内の特定のコマンドを直接実行します。 > 最初のプロセスの pid が 1 となります。 > - もし、実行するコマンドが指定されない場合は、lxc-start は /sbin/init を実行します。 > + もし、実行するコマンドが指定されない場合は、lxc-start は lxc.init_cmd で設定されたコマンドを実行します。もし lxc.init_cmd が設定されていない場合は /sbin/init を実行します。 > > > > -- > 2.1.1 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Tue Dec 2 15:52:57 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 2 Dec 2014 10:52:57 -0500 Subject: [lxc-devel] [PATCH] doc: Always include the Japanese lxc-top manpage In-Reply-To: <1417512015-1555-1-git-send-email-karma@jazz.email.ne.jp> References: <1417512015-1555-1-git-send-email-karma@jazz.email.ne.jp> Message-ID: <20141202155257.GM15220@dakara> On Tue, Dec 02, 2014 at 06:20:15PM +0900, KATOH Yasufumi wrote: > Update for commit e71549f > > Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber > --- > doc/ja/Makefile.am | 5 +---- > 1 file changed, 1 insertion(+), 4 deletions(-) > > diff --git a/doc/ja/Makefile.am b/doc/ja/Makefile.am > index 72e22fe..20a7021 100644 > --- a/doc/ja/Makefile.am > +++ b/doc/ja/Makefile.am > @@ -25,6 +25,7 @@ man_MANS = \ > lxc-snapshot.1 \ > lxc-start.1 \ > lxc-stop.1 \ > + lxc-top.1 \ > lxc-unfreeze.1 \ > lxc-unshare.1 \ > lxc-user-nic.1 \ > @@ -46,10 +47,6 @@ else > man_MANS += legacy/lxc-ls.1 > endif > > -if ENABLE_LUA > - man_MANS += lxc-top.1 > -endif > - > %.1 : %.sgml > $(db2xman) --encoding=UTF-8 $< > test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true > -- > 2.1.1 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Tue Dec 2 15:56:13 2014 From: noreply at github.com (GitHub) Date: Tue, 02 Dec 2014 07:56:13 -0800 Subject: [lxc-devel] [lxc/lxc] c881c4: Add the Japanese translation for the lxc.init_cmd ... Message-ID: <547de11d364b8_56f63fc0c55172bc453e0@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: c881c406aced3fa89a5c0fc5815b7f223b7a0233 https://github.com/lxc/lxc/commit/c881c406aced3fa89a5c0fc5815b7f223b7a0233 Author: KATOH Yasufumi Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M doc/ja/lxc-start.sgml.in M doc/ja/lxc.container.conf.sgml.in M doc/ja/lxc.sgml.in Log Message: ----------- Add the Japanese translation for the lxc.init_cmd config option Update for commit 67c660d Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Commit: be54cb1c55806073b5a08a99b991b1f9a2a2cef0 https://github.com/lxc/lxc/commit/be54cb1c55806073b5a08a99b991b1f9a2a2cef0 Author: KATOH Yasufumi Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M doc/ja/Makefile.am Log Message: ----------- doc: Always include the Japanese lxc-top manpage Update for commit e71549f Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/a4318300b461...be54cb1c5580 From noreply at github.com Tue Dec 2 15:59:41 2014 From: noreply at github.com (GitHub) Date: Tue, 02 Dec 2014 07:59:41 -0800 Subject: [lxc-devel] [lxc/lxc] 2b75b6: lxc-debian: adjust init system configurations Message-ID: <547de1ededa32_5dbf3f96b24ef2b81055f8@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 2b75b644f8023fed4b215317ed806d822be3c106 https://github.com/lxc/lxc/commit/2b75b644f8023fed4b215317ed806d822be3c106 Author: Cameron Norman Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: adjust init system configurations Do as much as possible to allow containers switching from non-systemd to systemd to work as intended (but nothing that will cause side effects). Use update-rc.d disable instead of remove so the init scripts are not re-enabled when the package is updated Signed-off-by: Cameron Norman Acked-by: Stéphane Graber Commit: 4de03d375b49e7749605c8a45abc898317833f3f https://github.com/lxc/lxc/commit/4de03d375b49e7749605c8a45abc898317833f3f Author: Cameron Norman Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: mask both Wheezy and Jessie udev services Signed-off-by: Cameron Norman Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/be54cb1c5580...4de03d375b49 From noreply at github.com Tue Dec 2 17:21:44 2014 From: noreply at github.com (GitHub) Date: Tue, 02 Dec 2014 09:21:44 -0800 Subject: [lxc-devel] [lxc/lxc] 3fb22c: Remounts bind mounts if read-only flag is provided Message-ID: <547df528e9c87_6aa33fe5499f92a08473@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 3fb22c29dcb647826aacd227efa506b17f50fcac https://github.com/lxc/lxc/commit/3fb22c29dcb647826aacd227efa506b17f50fcac Author: Abin Shahab Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M src/lxc/conf.c Log Message: ----------- Remounts bind mounts if read-only flag is provided Bind mounts do not honor filesystem mount options. This change will remount filesystems that are bind mounted if there are changes to filesystem mount options, specifically if the mount is readonly. Signed-off-by: Abin Shahab Acked-by: Serge E. Hallyn Commit: ba1a2aec883b2ae257ef8b1a9a513cce08a999e8 https://github.com/lxc/lxc/commit/ba1a2aec883b2ae257ef8b1a9a513cce08a999e8 Author: Stéphane Graber Date: 2014-12-01 (Mon, 01 Dec 2014) Changed paths: M doc/lxc.container.conf.sgml.in Log Message: ----------- tabs/spaces consistency Signed-off-by: Stéphane Graber Commit: 641539c43fa9411b1d7b38d63948bfe8243d4b34 https://github.com/lxc/lxc/commit/641539c43fa9411b1d7b38d63948bfe8243d4b34 Author: Alexander Dreweke Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: added support for package installation - added --mirror, --security-mirror and --package parameters - generate source.list - install packages into final lxc instance Update by Stéphane Graber for stable-1.0: - Drop the addition of --packages (new feature) Signed-off-by: Alexander Dreweke Acked-by: Stéphane Graber Commit: 956bd66602324393f3e66e82d97205e109f246f3 https://github.com/lxc/lxc/commit/956bd66602324393f3e66e82d97205e109f246f3 Author: Gu1 Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: Fix default mirrors Fix a typo in the lines inserted in the default sources.list. Change the default mirror to http.debian.net which is (supposedly) more accurate and better than cdn.debian.net for a generic configuration. Use security.debian.org directly for the {release}/updates repository. Signed-off-by: Gu1 Acked-by: Stéphane Graber Commit: 26da72b6241fb9f4cc3572b2b008f5f6f5dad231 https://github.com/lxc/lxc/commit/26da72b6241fb9f4cc3572b2b008f5f6f5dad231 Author: Antonio Terceiro Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: support systemd as PID 1 Containers with systemd need a somewhat special setup, which I borrowed and adapted from lxc-fedora. These changes are required so that Debian 8 (jessie) containers work properly, and are a no-op for previous Debian versions. Signed-off-by: Antonio Terceiro Acked-by: Serge E. Hallyn Commit: 9b1762ef85e26d4b929a048d95a86417dc03ac51 https://github.com/lxc/lxc/commit/9b1762ef85e26d4b929a048d95a86417dc03ac51 Author: Cameron Norman Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: adjust init system configurations Do as much as possible to allow containers switching from non-systemd to systemd to work as intended (but nothing that will cause side effects). Use update-rc.d disable instead of remove so the init scripts are not re-enabled when the package is updated Signed-off-by: Cameron Norman Acked-by: Stéphane Graber Commit: 969f8964285318a4f2550929322dbf8dfce2e31e https://github.com/lxc/lxc/commit/969f8964285318a4f2550929322dbf8dfce2e31e Author: Cameron Norman Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-debian.in Log Message: ----------- lxc-debian: mask both Wheezy and Jessie udev services Signed-off-by: Cameron Norman Acked-by: Stéphane Graber Commit: 3ae4a3ce649c479212c5e2b8cda5777957ea14f9 https://github.com/lxc/lxc/commit/3ae4a3ce649c479212c5e2b8cda5777957ea14f9 Author: Johannes Kastl Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: Disabling builds on openSUSE Tumbleweed, detection improved. Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Commit: de1230232db796d739fe649d82467a8f346d57e5 https://github.com/lxc/lxc/commit/de1230232db796d739fe649d82467a8f346d57e5 Author: Casey Marshall Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M src/lxc/confile.c Log Message: ----------- Allow lxc_clear_config_item to clear idmaps. Ran into this when trying to automate stgraber's "GUI in containers" post. Signed-off-by: Casey Marshall Acked-by: Stéphane Graber Commit: 1b49e7d03b44652db581c738e4f476201cbaaf1b https://github.com/lxc/lxc/commit/1b49e7d03b44652db581c738e4f476201cbaaf1b Author: Serge Hallyn Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M src/lxc/bdev.c Log Message: ----------- overlay and aufs clone_paths: be more robust Currently when we clone a container, bdev_copy passes NULL as dst argument of bdev_init, then sees bdev->dest (as a result) is NULL, and sets bdev->dest to $lxcpath/$name/rootfs. so $ops->clone_paths() can assume that "/rootfs" is at the end of the path. The overlayfs and aufs clonepaths do assume that and index to endofstring-6 and append delta0. Let's be more robust by actually finding the last / in the path. Then, instead of always setting oldbdev->dest to $lxcpath/$name/rootfs, set it to oldbdev->src. Else dir_clonepaths fails when mounting src onto dest bc dest does not exist. We could also fix that by creating bdev->dest if needed, but that addes an empty directory to the old container. This fixes 'lxc-clone -o x1 -n x2' if x1 has lxc.rootfs = /var/lib/lxc/x1/x and makes the overlayfs and aufs paths less fragile should something else change. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: b73d3bbce39c49bd75ac2a7db0eb4151be2a7563 https://github.com/lxc/lxc/commit/b73d3bbce39c49bd75ac2a7db0eb4151be2a7563 Author: KATOH Yasufumi Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M src/lxc/bdev.c Log Message: ----------- overlayfs: overlayfs.v22 or higher needs workdir option This patch creates workdir as "olwork", and retry mount with workdir option when mount is failed. It is used to prepare files before atomically swithing with destination, and needs to be on the same filesystem as upperdir. It's OK for it to be empty. Signed-off-by: KATOH Yasufumi Signed-off-by: Serge Hallyn Commit: 3858c11b3b9ff7fabac2296ddd55d26e5aba7d3a https://github.com/lxc/lxc/commit/3858c11b3b9ff7fabac2296ddd55d26e5aba7d3a Author: KATOH Yasufumi Date: 2014-12-02 (Tue, 02 Dec 2014) Changed paths: M src/lxc/bdev.c Log Message: ----------- Fix clone issues This commit fixes two issues at the time of clone: * unnecessary directory is created when clone between overlayfs/aufs * clone failed when the end of rootfs path is not "/rootfs" Signed-off-by: KATOH Yasufumi Acked-by: Serge E. Hallyn Compare: https://github.com/lxc/lxc/compare/07d79178fd71...3858c11b3b9f From stgraber at ubuntu.com Tue Dec 2 20:56:05 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 2 Dec 2014 15:56:05 -0500 Subject: [lxc-devel] About to tag 1.1.0~alpha3 Message-ID: <20141202205605.GO15220@dakara> Hello, So all the patches that we had around have been applied, Jenkins looks pretty happy and a bit of manual testing here didn't show me any massive regression. That means that I'm about to tag 1.1.0~alpha3, my plan is to tag it by noon (US eastern) tomorrow. I'd appreciate it if everyone could test the bits they care about to make sure we don't have any nasty bug in there, hopefully it's all fine and we'll get to enjoy our last alpha release. Current timeline is for rc1 to be tagged before the 20th and then extra rcs to be tagged as needed with the final 1.1 release still aimed at first or second week of January. As a reminder, my goal for rc1 is to have proper systemd support, both privileged and unprivileged. I've already submitted the lxc.init_cmd bit but we still need to rework autodev (currently waiting a bit longer for feedback from Mike since it's his baby) and add/commonize the init system detection code. Parallel to that, Serge and I will be working on lxfs which is the fuse filesystem providing all the bits that systemd expects in an unprivileged way (and more). The plan is to have the first release of lxfs be out just ahead of LXC 1.1. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Wed Dec 3 01:51:47 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 2 Dec 2014 20:51:47 -0500 Subject: [lxc-devel] New website about to go live Message-ID: <20141203015147.GP15220@dakara> Hey everyone, I just spent a few more hours typing some extra content for the new linuxcontainers.org (LXC, LXD, LXFS and CGManager). The result is available at: https://beta.linuxcontainers.org I'm planning for it to progressively go live tomorrow and be fully online by tomorrow evening (US eastern). This will take a little time as I need to make sure I properly rewrite all the old URLs to their equivalent on the new site. As far as I can tell, there are no broken links and we've got all the old content on it in one form or another. That being said, more eyeballs are always appreciated, so if you can spare a little bit of time to look at it and report any issue, that'd be appreciated. All the website content and code to build it locally is available at: https://github.com/lxc/linuxcontainers.org So feel free to send pull requests over there to add content, fix my mistakes or translate pages in your favorite language (look at the Japanese translation for a good example). Besides what I hope is a refreshing look and centralizing all the information for our various projects into a single website, the new website is also designed to make contributions easy. The content can be either in raw html or markdown, there's support for syntax hilighting and everything is easily translatable. With that, it's trivial for anyone to help make our website better, no need to know html or any other web technology, just head over to Github, fork the website, update the content and send a pull request (see CONTRIBUTING.md for details). -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From caglar at 10ur.org Wed Dec 3 03:02:34 2014 From: caglar at 10ur.org (=?UTF-8?B?Uy7Dh2HEn2xhciBPbnVy?=) Date: Tue, 2 Dec 2014 22:02:34 -0500 Subject: [lxc-devel] stable-1.0 broken on 14.04 Message-ID: Hey, Seems like [1] is causing problems for trusty (I'm using daily stable builds) as its AppArmor version does not understand "unix" directive [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload * Reloading AppArmor profiles ppArmor parser error for /etc/apparmor.d/lxc-containers in /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax error, unexpected TOK_OPENPAREN, expecting TOK_MODE Commenting out following helps but not sure whether that's a correct thing to do 37 # Allow receive via unix sockets from anywhere. Note: if per-container 38 # profiles are supported, for container isolation this should be changed to 39 # something like: 40 # unix (receive) peer=(label=unconfined), 41 #unix (receive), 42 43 # Allow all unix in the container 44 #unix peer=(label=@{profile_name}), [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372 Best, -- S.Çağlar Onur From stgraber at ubuntu.com Wed Dec 3 03:34:56 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 2 Dec 2014 22:34:56 -0500 Subject: [lxc-devel] stable-1.0 broken on 14.04 In-Reply-To: References: Message-ID: <20141203033456.GA31863@dakara> On Tue, Dec 02, 2014 at 10:02:34PM -0500, S.Çağlar Onur wrote: > Hey, > > Seems like [1] is causing problems for trusty (I'm using daily stable > builds) as its AppArmor version does not understand "unix" directive > > [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload > * Reloading AppArmor profiles > > ppArmor parser error for /etc/apparmor.d/lxc-containers in > /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax > error, unexpected TOK_OPENPAREN, expecting TOK_MODE > > Commenting out following helps but not sure whether that's a correct thing to do > > 37 # Allow receive via unix sockets from anywhere. Note: if per-container > 38 # profiles are supported, for container isolation this should be > changed to > 39 # something like: > 40 # unix (receive) peer=(label=unconfined), > 41 #unix (receive), > 42 > 43 # Allow all unix in the container > 44 #unix peer=(label=@{profile_name}), > > [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372 > > Best, Good catch, I'll update the stable PPA packaging to drop the unix lines on 14.04. We already have a bunch of those (detecting apparmor version and stripping the stanzas that go introduced in later versions). So yeah, removing or commenting out those lines is the right thing to do, but the packaging should do that for you usually :) -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Wed Dec 3 16:04:24 2014 From: noreply at github.com (GitHub) Date: Wed, 03 Dec 2014 08:04:24 -0800 Subject: [lxc-devel] [lxc/lxc] c8a600: fixed typo in comment Message-ID: <547f3488919a3_18393ff5151372bc3358c@hookshot-fe3-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: c8a600ea29c0b0372052b50fe48793ccdad7fc46 https://github.com/lxc/lxc/commit/c8a600ea29c0b0372052b50fe48793ccdad7fc46 Author: Shuai Zhang Date: 2014-12-03 (Wed, 03 Dec 2014) Changed paths: M src/lxc/lxc_user_nic.c Log Message: ----------- fixed typo in comment Signed-off-by: Shuai Zhang Acked-by: Stéphane Graber From noreply at github.com Wed Dec 3 16:03:46 2014 From: noreply at github.com (GitHub) Date: Wed, 03 Dec 2014 08:03:46 -0800 Subject: [lxc-devel] [lxc/lxc] 2e2d6a: Improve veth error cases logging Message-ID: <547f346271a7_102b3fe991ff52c06034@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 2e2d6a7be9d62e9646c35d87119af3e767754edf https://github.com/lxc/lxc/commit/2e2d6a7be9d62e9646c35d87119af3e767754edf Author: Stéphane Graber Date: 2014-12-03 (Wed, 03 Dec 2014) Changed paths: M src/lxc/conf.c Log Message: ----------- Improve veth error cases logging The previous error message made it look like the host interface name was the concatenation of both the host and guest interface names. Closes #374 Signed-off-by: Stéphane Graber From noreply at github.com Wed Dec 3 16:04:40 2014 From: noreply at github.com (GitHub) Date: Wed, 03 Dec 2014 08:04:40 -0800 Subject: [lxc-devel] [lxc/lxc] 6dd558: Improve veth error cases logging Message-ID: <547f3498a1739_10f03ffc4a4ad2c07742f@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 6dd5588e89debc95b2e782e09d6a07798f3fe162 https://github.com/lxc/lxc/commit/6dd5588e89debc95b2e782e09d6a07798f3fe162 Author: Stéphane Graber Date: 2014-12-03 (Wed, 03 Dec 2014) Changed paths: M src/lxc/conf.c Log Message: ----------- Improve veth error cases logging The previous error message made it look like the host interface name was the concatenation of both the host and guest interface names. Closes #374 Signed-off-by: Stéphane Graber Commit: a44cafdb091f9c8bfd81307713a0c010eca38ed1 https://github.com/lxc/lxc/commit/a44cafdb091f9c8bfd81307713a0c010eca38ed1 Author: Shuai Zhang Date: 2014-12-03 (Wed, 03 Dec 2014) Changed paths: M src/lxc/lxc_user_nic.c Log Message: ----------- fixed typo in comment Signed-off-by: Shuai Zhang Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/3858c11b3b9f...a44cafdb091f From stgraber at ubuntu.com Wed Dec 3 17:05:58 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Wed, 3 Dec 2014 12:05:58 -0500 Subject: [lxc-devel] stable-1.0 broken on 14.04 In-Reply-To: <20141203033456.GA31863@dakara> References: <20141203033456.GA31863@dakara> Message-ID: <20141203170558.GB18628@dakara> On Tue, Dec 02, 2014 at 10:34:56PM -0500, Stéphane Graber wrote: > On Tue, Dec 02, 2014 at 10:02:34PM -0500, S.Çağlar Onur wrote: > > Hey, > > > > Seems like [1] is causing problems for trusty (I'm using daily stable > > builds) as its AppArmor version does not understand "unix" directive > > > > [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload > > * Reloading AppArmor profiles > > > > ppArmor parser error for /etc/apparmor.d/lxc-containers in > > /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax > > error, unexpected TOK_OPENPAREN, expecting TOK_MODE > > > > Commenting out following helps but not sure whether that's a correct thing to do > > > > 37 # Allow receive via unix sockets from anywhere. Note: if per-container > > 38 # profiles are supported, for container isolation this should be > > changed to > > 39 # something like: > > 40 # unix (receive) peer=(label=unconfined), > > 41 #unix (receive), > > 42 > > 43 # Allow all unix in the container > > 44 #unix peer=(label=@{profile_name}), > > > > [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372 > > > > Best, > > Good catch, I'll update the stable PPA packaging to drop the unix lines > on 14.04. We already have a bunch of those (detecting apparmor version > and stripping the stanzas that go introduced in later versions). > > So yeah, removing or commenting out those lines is the right thing to > do, but the packaging should do that for you usually :) > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com I updated the packaging branch and a build is currently in progress, the next PPA upload should work fine on 14.04. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Wed Dec 3 18:01:03 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Wed, 3 Dec 2014 13:01:03 -0500 Subject: [lxc-devel] New website about to go live In-Reply-To: <20141203015147.GP15220@dakara> References: <20141203015147.GP15220@dakara> Message-ID: <20141203180103.GC18628@dakara> On Tue, Dec 02, 2014 at 08:51:47PM -0500, Stéphane Graber wrote: > Hey everyone, > > I just spent a few more hours typing some extra content for the new > linuxcontainers.org (LXC, LXD, LXFS and CGManager). > > The result is available at: https://beta.linuxcontainers.org > > I'm planning for it to progressively go live tomorrow and be fully > online by tomorrow evening (US eastern). This will take a little time as > I need to make sure I properly rewrite all the old URLs to their > equivalent on the new site. > > As far as I can tell, there are no broken links and we've got all the > old content on it in one form or another. That being said, more eyeballs > are always appreciated, so if you can spare a little bit of time to look > at it and report any issue, that'd be appreciated. > > All the website content and code to build it locally is available at: > https://github.com/lxc/linuxcontainers.org > > So feel free to send pull requests over there to add content, fix my > mistakes or translate pages in your favorite language (look at the > Japanese translation for a good example). > > > Besides what I hope is a refreshing look and centralizing all the > information for our various projects into a single website, the new > website is also designed to make contributions easy. The content can be > either in raw html or markdown, there's support for syntax hilighting > and everything is easily translatable. > > > With that, it's trivial for anyone to help make our website better, no > need to know html or any other web technology, just head over to Github, > fork the website, update the content and send a pull request (see > CONTRIBUTING.md for details). And it's now live. I believe I've covered all the old URLs with appropriate redirections, so in theory no link should have been broken in the process. Please let me know if I missed something. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From caglar at 10ur.org Wed Dec 3 18:16:37 2014 From: caglar at 10ur.org (=?UTF-8?B?Uy7Dh2HEn2xhciBPbnVy?=) Date: Wed, 3 Dec 2014 13:16:37 -0500 Subject: [lxc-devel] stable-1.0 broken on 14.04 In-Reply-To: <20141203170558.GB18628@dakara> References: <20141203033456.GA31863@dakara> <20141203170558.GB18628@dakara> Message-ID: On Wed, Dec 3, 2014 at 12:05 PM, Stéphane Graber wrote: > On Tue, Dec 02, 2014 at 10:34:56PM -0500, Stéphane Graber wrote: >> On Tue, Dec 02, 2014 at 10:02:34PM -0500, S.Çağlar Onur wrote: >> > Hey, >> > >> > Seems like [1] is causing problems for trusty (I'm using daily stable >> > builds) as its AppArmor version does not understand "unix" directive >> > >> > [root at eleksi:~/eleksi(master)] /etc/init.d/apparmor reload >> > * Reloading AppArmor profiles >> > >> > ppArmor parser error for /etc/apparmor.d/lxc-containers in >> > /etc/apparmor.d/abstractions/lxc/container-base at line 41: syntax >> > error, unexpected TOK_OPENPAREN, expecting TOK_MODE >> > >> > Commenting out following helps but not sure whether that's a correct thing to do >> > >> > 37 # Allow receive via unix sockets from anywhere. Note: if per-container >> > 38 # profiles are supported, for container isolation this should be >> > changed to >> > 39 # something like: >> > 40 # unix (receive) peer=(label=unconfined), >> > 41 #unix (receive), >> > 42 >> > 43 # Allow all unix in the container >> > 44 #unix peer=(label=@{profile_name}), >> > >> > [1] https://github.com/lxc/lxc/commit/d9bae9c84b21642876107f32ba6c51ff3350c372 >> > >> > Best, >> >> Good catch, I'll update the stable PPA packaging to drop the unix lines >> on 14.04. We already have a bunch of those (detecting apparmor version >> and stripping the stanzas that go introduced in later versions). >> >> So yeah, removing or commenting out those lines is the right thing to >> do, but the packaging should do that for you usually :) >> >> -- >> Stéphane Graber >> Ubuntu developer >> http://www.ubuntu.com > > I updated the packaging branch and a build is currently in progress, the > next PPA upload should work fine on 14.04. Thanks Stéphane! > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > -- S.Çağlar Onur From noreply at github.com Wed Dec 3 20:00:46 2014 From: noreply at github.com (GitHub) Date: Wed, 03 Dec 2014 12:00:46 -0800 Subject: [lxc-devel] [lxc/lxc] d2928e: change version to 1.1.0.alpha3 in configure.ac Message-ID: <547f6bee8f429_10663fcec46032b89059f@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: d2928eafbbbaf2aa762f4af65002090d901bccb5 https://github.com/lxc/lxc/commit/d2928eafbbbaf2aa762f4af65002090d901bccb5 Author: Stéphane Graber Date: 2014-12-03 (Wed, 03 Dec 2014) Changed paths: M configure.ac Log Message: ----------- change version to 1.1.0.alpha3 in configure.ac Signed-off-by: Stéphane Graber From noreply at github.com Wed Dec 3 20:00:49 2014 From: noreply at github.com (GitHub) Date: Wed, 03 Dec 2014 12:00:49 -0800 Subject: [lxc-devel] [lxc/lxc] Message-ID: <547f6bf1db296_3c0e3fd007d6f29c8599d@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/tags/lxc-1.1.0.alpha3 Home: https://github.com/lxc/lxc From stgraber at ubuntu.com Wed Dec 3 20:05:17 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Wed, 3 Dec 2014 15:05:17 -0500 Subject: [lxc-devel] About to tag 1.1.0~alpha3 In-Reply-To: <20141202205605.GO15220@dakara> References: <20141202205605.GO15220@dakara> Message-ID: <20141203200517.GD18628@dakara> On Tue, Dec 02, 2014 at 03:56:05PM -0500, Stéphane Graber wrote: > Hello, > > So all the patches that we had around have been applied, Jenkins looks > pretty happy and a bit of manual testing here didn't show me any massive > regression. > > That means that I'm about to tag 1.1.0~alpha3, my plan is to tag it by > noon (US eastern) tomorrow. > > I'd appreciate it if everyone could test the bits they care about to > make sure we don't have any nasty bug in there, hopefully it's all fine > and we'll get to enjoy our last alpha release. > > > Current timeline is for rc1 to be tagged before the 20th and then extra > rcs to be tagged as needed with the final 1.1 release still aimed at > first or second week of January. > > As a reminder, my goal for rc1 is to have proper systemd support, both > privileged and unprivileged. I've already submitted the lxc.init_cmd bit > but we still need to rework autodev (currently waiting a bit longer for > feedback from Mike since it's his baby) and add/commonize the init > system detection code. > > Parallel to that, Serge and I will be working on lxfs which is the fuse > filesystem providing all the bits that systemd expects in an > unprivileged way (and more). The plan is to have the first release of > lxfs be out just ahead of LXC 1.1. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com And LXC 1.1.0 alpha3 has now been tagged. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From notifications at travis-ci.org Wed Dec 3 20:12:37 2014 From: notifications at travis-ci.org (Travis CI) Date: Wed, 03 Dec 2014 20:12:37 +0000 Subject: [lxc-devel] Passed: lxc/lxc#774 (lxc-1.1.0.alpha3 - d2928ea) In-Reply-To: Message-ID: <547f6eb546118_233a5c4142567@42a19114-979d-4950-aa03-7c0786cd98f3.mail> Build Update for lxc/lxc ------------------------------------- Build: #774 Status: Passed Duration: 6 minutes and 25 seconds Commit: d2928ea (lxc-1.1.0.alpha3) Author: Stéphane Graber Message: change version to 1.1.0.alpha3 in configure.ac Signed-off-by: Stéphane Graber View the changeset: https://github.com/lxc/lxc/compare/lxc-1.1.0.alpha3 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/42903364 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From arjun024 at gmail.com Thu Dec 4 08:56:04 2014 From: arjun024 at gmail.com (Arjun Sreedharan) Date: Thu, 4 Dec 2014 14:26:04 +0530 Subject: [lxc-devel] [PATCH] tests: try again when waitpid() sets errno as EINTR Message-ID: <1417683364-10915-1-git-send-email-arjun024@gmail.com> when waitpid() is interrupted, errno is not set to the negative value -EINTR. It is set to EINTR. check against EINTR. Signed-off-by: Arjun Sreedharan --- src/tests/containertests.c | 4 ++-- src/tests/destroytest.c | 2 +- src/tests/saveconfig.c | 2 +- src/tests/startone.c | 4 ++-- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/tests/containertests.c b/src/tests/containertests.c index 9230853..d093a02 100644 --- a/src/tests/containertests.c +++ b/src/tests/containertests.c @@ -48,7 +48,7 @@ static int destroy_busybox(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; @@ -80,7 +80,7 @@ static int create_busybox(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; diff --git a/src/tests/destroytest.c b/src/tests/destroytest.c index 4bb6aae..eaf3c84 100644 --- a/src/tests/destroytest.c +++ b/src/tests/destroytest.c @@ -46,7 +46,7 @@ static int create_container(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c index de2fa82..d8a4ca2 100644 --- a/src/tests/saveconfig.c +++ b/src/tests/saveconfig.c @@ -46,7 +46,7 @@ static int create_container(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; diff --git a/src/tests/startone.c b/src/tests/startone.c index 9dd4ec3..6b7344f 100644 --- a/src/tests/startone.c +++ b/src/tests/startone.c @@ -48,7 +48,7 @@ static int destroy_container(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; @@ -80,7 +80,7 @@ static int create_container(void) again: ret = waitpid(pid, &status, 0); if (ret == -1) { - if (errno == -EINTR) + if (errno == EINTR) goto again; perror("waitpid"); return -1; -- 1.7.10.1 From stgraber at ubuntu.com Thu Dec 4 16:47:23 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Thu, 4 Dec 2014 11:47:23 -0500 Subject: [lxc-devel] [PATCH] tests: try again when waitpid() sets errno as EINTR In-Reply-To: <1417683364-10915-1-git-send-email-arjun024@gmail.com> References: <1417683364-10915-1-git-send-email-arjun024@gmail.com> Message-ID: <20141204164723.GF18628@dakara> On Thu, Dec 04, 2014 at 02:26:04PM +0530, Arjun Sreedharan wrote: > when waitpid() is interrupted, errno is not set to the negative > value -EINTR. It is set to EINTR. check against EINTR. > > Signed-off-by: Arjun Sreedharan Acked-by: Stéphane Graber > --- > src/tests/containertests.c | 4 ++-- > src/tests/destroytest.c | 2 +- > src/tests/saveconfig.c | 2 +- > src/tests/startone.c | 4 ++-- > 4 files changed, 6 insertions(+), 6 deletions(-) > > diff --git a/src/tests/containertests.c b/src/tests/containertests.c > index 9230853..d093a02 100644 > --- a/src/tests/containertests.c > +++ b/src/tests/containertests.c > @@ -48,7 +48,7 @@ static int destroy_busybox(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > @@ -80,7 +80,7 @@ static int create_busybox(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > diff --git a/src/tests/destroytest.c b/src/tests/destroytest.c > index 4bb6aae..eaf3c84 100644 > --- a/src/tests/destroytest.c > +++ b/src/tests/destroytest.c > @@ -46,7 +46,7 @@ static int create_container(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c > index de2fa82..d8a4ca2 100644 > --- a/src/tests/saveconfig.c > +++ b/src/tests/saveconfig.c > @@ -46,7 +46,7 @@ static int create_container(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > diff --git a/src/tests/startone.c b/src/tests/startone.c > index 9dd4ec3..6b7344f 100644 > --- a/src/tests/startone.c > +++ b/src/tests/startone.c > @@ -48,7 +48,7 @@ static int destroy_container(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > @@ -80,7 +80,7 @@ static int create_container(void) > again: > ret = waitpid(pid, &status, 0); > if (ret == -1) { > - if (errno == -EINTR) > + if (errno == EINTR) > goto again; > perror("waitpid"); > return -1; > -- > 1.7.10.1 > -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Thu Dec 4 16:50:07 2014 From: noreply at github.com (GitHub) Date: Thu, 04 Dec 2014 08:50:07 -0800 Subject: [lxc-devel] [lxc/lxc] 21e624: tests: try again when waitpid() sets errno as EINT... Message-ID: <548090bf27e5a_7b973fa9f7b272b84904f@hookshot-fe1-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 21e624d9cf79d05179030f1534552048e0c506f5 https://github.com/lxc/lxc/commit/21e624d9cf79d05179030f1534552048e0c506f5 Author: Arjun Sreedharan Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/tests/containertests.c M src/tests/destroytest.c M src/tests/saveconfig.c M src/tests/startone.c Log Message: ----------- tests: try again when waitpid() sets errno as EINTR when waitpid() is interrupted, errno is not set to the negative value -EINTR. It is set to EINTR. check against EINTR. Signed-off-by: Arjun Sreedharan Acked-by: Stéphane Graber Commit: 06f976cad74d027c8080b594eefb391298b4c341 https://github.com/lxc/lxc/commit/06f976cad74d027c8080b594eefb391298b4c341 Author: Shuai Zhang Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/lxc/network.c M src/lxc/nl.c M src/lxc/nl.h Log Message: ----------- audit: added capacity and reserve() to nlmsg There are now two (permitted) ways to add data to netlink message: 1. put_xxx() 2. call nlmsg_reserve() to get a pointer to newly reserved room within the original netlink message, then write or memcpy data to that area. Both of them guarantee adding requested length data do not overflow the pre-allocated message buffer by checking against its cap field first. And there may be no need to access nlmsg_len outside nl module, because both put_xxx() and nlmsg_reserve() have alread did that for us. Signed-off-by: Shuai Zhang Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/d2928eafbbba...06f976cad74d From caglar at 10ur.org Thu Dec 4 17:31:12 2014 From: caglar at 10ur.org (=?UTF-8?B?Uy7Dh2HEn2xhciBPbnVy?=) Date: Thu, 4 Dec 2014 12:31:12 -0500 Subject: [lxc-devel] [PATCH] tests: try again when waitpid() sets errno as EINTR In-Reply-To: <20141204164723.GF18628@dakara> References: <1417683364-10915-1-git-send-email-arjun024@gmail.com> <20141204164723.GF18628@dakara> Message-ID: On Thu, Dec 4, 2014 at 11:47 AM, Stéphane Graber wrote: > On Thu, Dec 04, 2014 at 02:26:04PM +0530, Arjun Sreedharan wrote: >> when waitpid() is interrupted, errno is not set to the negative >> value -EINTR. It is set to EINTR. check against EINTR. >> >> Signed-off-by: Arjun Sreedharan > > Acked-by: Stéphane Graber hmm nice catch, I believe we need following too as rmdir and lxc_unpriv returns non-negative error codes as well. diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c index 9ccd666..9d0a735 100644 --- a/src/lxc/bdev.c +++ b/src/lxc/bdev.c @@ -1418,7 +1418,7 @@ static int btrfs_snapshot(const char *orig, const char *new) goto out; } // make sure the directory doesn't already exist - if (rmdir(newfull) < 0 && errno != -ENOENT) { + if (rmdir(newfull) < 0 && errno != ENOENT) { SYSERROR("Error removing empty new rootfs"); goto out; } @@ -1511,7 +1511,7 @@ static int btrfs_clonepaths(struct bdev *orig, struct bdev *new, const char *old return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata); } - if (rmdir(new->dest) < 0 && errno != -ENOENT) { + if (rmdir(new->dest) < 0 && errno != ENOENT) { SYSERROR("removing %s", new->dest); return -1; } diff --git a/src/lxc/log.c b/src/lxc/log.c index cb48600..13bd0e8 100644 --- a/src/lxc/log.c +++ b/src/lxc/log.c @@ -159,7 +159,7 @@ static int build_dir(const char *name) *p = '\0'; if (access(n, F_OK)) { ret = lxc_unpriv(mkdir(n, 0755)); - if (ret && errno != -EEXIST) { + if (ret && errno != EEXIST) { SYSERROR("failed to create directory '%s'.", n); free(n); return -1; >> --- >> src/tests/containertests.c | 4 ++-- >> src/tests/destroytest.c | 2 +- >> src/tests/saveconfig.c | 2 +- >> src/tests/startone.c | 4 ++-- >> 4 files changed, 6 insertions(+), 6 deletions(-) >> >> diff --git a/src/tests/containertests.c b/src/tests/containertests.c >> index 9230853..d093a02 100644 >> --- a/src/tests/containertests.c >> +++ b/src/tests/containertests.c >> @@ -48,7 +48,7 @@ static int destroy_busybox(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> @@ -80,7 +80,7 @@ static int create_busybox(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> diff --git a/src/tests/destroytest.c b/src/tests/destroytest.c >> index 4bb6aae..eaf3c84 100644 >> --- a/src/tests/destroytest.c >> +++ b/src/tests/destroytest.c >> @@ -46,7 +46,7 @@ static int create_container(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c >> index de2fa82..d8a4ca2 100644 >> --- a/src/tests/saveconfig.c >> +++ b/src/tests/saveconfig.c >> @@ -46,7 +46,7 @@ static int create_container(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> diff --git a/src/tests/startone.c b/src/tests/startone.c >> index 9dd4ec3..6b7344f 100644 >> --- a/src/tests/startone.c >> +++ b/src/tests/startone.c >> @@ -48,7 +48,7 @@ static int destroy_container(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> @@ -80,7 +80,7 @@ static int create_container(void) >> again: >> ret = waitpid(pid, &status, 0); >> if (ret == -1) { >> - if (errno == -EINTR) >> + if (errno == EINTR) >> goto again; >> perror("waitpid"); >> return -1; >> -- >> 1.7.10.1 >> > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > -- S.Çağlar Onur From stgraber at ubuntu.com Thu Dec 4 17:49:13 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Thu, 4 Dec 2014 12:49:13 -0500 Subject: [lxc-devel] [PATCH] tests: try again when waitpid() sets errno as EINTR In-Reply-To: References: <1417683364-10915-1-git-send-email-arjun024@gmail.com> <20141204164723.GF18628@dakara> Message-ID: <20141204174913.GA23859@dakara> On Thu, Dec 04, 2014 at 12:31:12PM -0500, S.Çağlar Onur wrote: > On Thu, Dec 4, 2014 at 11:47 AM, Stéphane Graber wrote: > > On Thu, Dec 04, 2014 at 02:26:04PM +0530, Arjun Sreedharan wrote: > >> when waitpid() is interrupted, errno is not set to the negative > >> value -EINTR. It is set to EINTR. check against EINTR. > >> > >> Signed-off-by: Arjun Sreedharan > > > > Acked-by: Stéphane Graber > > hmm nice catch, I believe we need following too as rmdir and > lxc_unpriv returns non-negative error codes as well. Indeed, looks good to me. Can you submit that as a patch? Thanks > > diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c > index 9ccd666..9d0a735 100644 > --- a/src/lxc/bdev.c > +++ b/src/lxc/bdev.c > @@ -1418,7 +1418,7 @@ static int btrfs_snapshot(const char *orig, > const char *new) > goto out; > } > // make sure the directory doesn't already exist > - if (rmdir(newfull) < 0 && errno != -ENOENT) { > + if (rmdir(newfull) < 0 && errno != ENOENT) { > SYSERROR("Error removing empty new rootfs"); > goto out; > } > @@ -1511,7 +1511,7 @@ static int btrfs_clonepaths(struct bdev *orig, > struct bdev *new, const char *old > return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata); > } > > - if (rmdir(new->dest) < 0 && errno != -ENOENT) { > + if (rmdir(new->dest) < 0 && errno != ENOENT) { > SYSERROR("removing %s", new->dest); > return -1; > } > diff --git a/src/lxc/log.c b/src/lxc/log.c > index cb48600..13bd0e8 100644 > --- a/src/lxc/log.c > +++ b/src/lxc/log.c > @@ -159,7 +159,7 @@ static int build_dir(const char *name) > *p = '\0'; > if (access(n, F_OK)) { > ret = lxc_unpriv(mkdir(n, 0755)); > - if (ret && errno != -EEXIST) { > + if (ret && errno != EEXIST) { > SYSERROR("failed to create directory '%s'.", n); > free(n); > return -1; > > >> --- > >> src/tests/containertests.c | 4 ++-- > >> src/tests/destroytest.c | 2 +- > >> src/tests/saveconfig.c | 2 +- > >> src/tests/startone.c | 4 ++-- > >> 4 files changed, 6 insertions(+), 6 deletions(-) > >> > >> diff --git a/src/tests/containertests.c b/src/tests/containertests.c > >> index 9230853..d093a02 100644 > >> --- a/src/tests/containertests.c > >> +++ b/src/tests/containertests.c > >> @@ -48,7 +48,7 @@ static int destroy_busybox(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> @@ -80,7 +80,7 @@ static int create_busybox(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> diff --git a/src/tests/destroytest.c b/src/tests/destroytest.c > >> index 4bb6aae..eaf3c84 100644 > >> --- a/src/tests/destroytest.c > >> +++ b/src/tests/destroytest.c > >> @@ -46,7 +46,7 @@ static int create_container(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c > >> index de2fa82..d8a4ca2 100644 > >> --- a/src/tests/saveconfig.c > >> +++ b/src/tests/saveconfig.c > >> @@ -46,7 +46,7 @@ static int create_container(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> diff --git a/src/tests/startone.c b/src/tests/startone.c > >> index 9dd4ec3..6b7344f 100644 > >> --- a/src/tests/startone.c > >> +++ b/src/tests/startone.c > >> @@ -48,7 +48,7 @@ static int destroy_container(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> @@ -80,7 +80,7 @@ static int create_container(void) > >> again: > >> ret = waitpid(pid, &status, 0); > >> if (ret == -1) { > >> - if (errno == -EINTR) > >> + if (errno == EINTR) > >> goto again; > >> perror("waitpid"); > >> return -1; > >> -- > >> 1.7.10.1 > >> > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel at lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > > > -- > S.Çağlar Onur > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From caglar at 10ur.org Thu Dec 4 17:59:47 2014 From: caglar at 10ur.org (=?UTF-8?q?S=2E=C3=87a=C4=9Flar=20Onur?=) Date: Thu, 4 Dec 2014 12:59:47 -0500 Subject: [lxc-devel] [PATCH] rmdir and lxc_unpriv returns non-negative error codes Message-ID: <1417715987-5079-1-git-send-email-caglar@10ur.org> Signed-off-by: S.Çağlar Onur --- src/lxc/bdev.c | 4 ++-- src/lxc/log.c | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c index 75e6896..822d62c 100644 --- a/src/lxc/bdev.c +++ b/src/lxc/bdev.c @@ -1419,7 +1419,7 @@ static int btrfs_snapshot(const char *orig, const char *new) goto out; } // make sure the directory doesn't already exist - if (rmdir(newfull) < 0 && errno != -ENOENT) { + if (rmdir(newfull) < 0 && errno != ENOENT) { SYSERROR("Error removing empty new rootfs"); goto out; } @@ -1512,7 +1512,7 @@ static int btrfs_clonepaths(struct bdev *orig, struct bdev *new, const char *old return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata); } - if (rmdir(new->dest) < 0 && errno != -ENOENT) { + if (rmdir(new->dest) < 0 && errno != ENOENT) { SYSERROR("removing %s", new->dest); return -1; } diff --git a/src/lxc/log.c b/src/lxc/log.c index 0fe376c..ff680a9 100644 --- a/src/lxc/log.c +++ b/src/lxc/log.c @@ -159,7 +159,7 @@ static int build_dir(const char *name) *p = '\0'; if (access(n, F_OK)) { ret = lxc_unpriv(mkdir(n, 0755)); - if (ret && errno != -EEXIST) { + if (ret && errno != EEXIST) { SYSERROR("failed to create directory '%s'.", n); free(n); return -1; -- 1.9.1 From stgraber at ubuntu.com Thu Dec 4 18:02:33 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Thu, 4 Dec 2014 13:02:33 -0500 Subject: [lxc-devel] [PATCH] rmdir and lxc_unpriv returns non-negative error codes In-Reply-To: <1417715987-5079-1-git-send-email-caglar@10ur.org> References: <1417715987-5079-1-git-send-email-caglar@10ur.org> Message-ID: <20141204180233.GB23859@dakara> On Thu, Dec 04, 2014 at 12:59:47PM -0500, S.Çağlar Onur wrote: > Signed-off-by: S.Çağlar Onur Acked-by: Stéphane Graber > --- > src/lxc/bdev.c | 4 ++-- > src/lxc/log.c | 2 +- > 2 files changed, 3 insertions(+), 3 deletions(-) > > diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c > index 75e6896..822d62c 100644 > --- a/src/lxc/bdev.c > +++ b/src/lxc/bdev.c > @@ -1419,7 +1419,7 @@ static int btrfs_snapshot(const char *orig, const char *new) > goto out; > } > // make sure the directory doesn't already exist > - if (rmdir(newfull) < 0 && errno != -ENOENT) { > + if (rmdir(newfull) < 0 && errno != ENOENT) { > SYSERROR("Error removing empty new rootfs"); > goto out; > } > @@ -1512,7 +1512,7 @@ static int btrfs_clonepaths(struct bdev *orig, struct bdev *new, const char *old > return userns_exec_1(conf, btrfs_snapshot_wrapper, &sdata); > } > > - if (rmdir(new->dest) < 0 && errno != -ENOENT) { > + if (rmdir(new->dest) < 0 && errno != ENOENT) { > SYSERROR("removing %s", new->dest); > return -1; > } > diff --git a/src/lxc/log.c b/src/lxc/log.c > index 0fe376c..ff680a9 100644 > --- a/src/lxc/log.c > +++ b/src/lxc/log.c > @@ -159,7 +159,7 @@ static int build_dir(const char *name) > *p = '\0'; > if (access(n, F_OK)) { > ret = lxc_unpriv(mkdir(n, 0755)); > - if (ret && errno != -EEXIST) { > + if (ret && errno != EEXIST) { > SYSERROR("failed to create directory '%s'.", n); > free(n); > return -1; > -- > 1.9.1 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From caglar at 10ur.org Thu Dec 4 18:21:24 2014 From: caglar at 10ur.org (=?UTF-8?q?S=2E=C3=87a=C4=9Flar=20Onur?=) Date: Thu, 4 Dec 2014 13:21:24 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 Message-ID: <1417717284-12535-1-git-send-email-caglar@10ur.org> Signed-off-by: S.Çağlar Onur --- config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- 1 file changed, 22 insertions(+), 4 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index 5567fee..5ca2eb2 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" # or in @LXC_DISTRO_SYSCONF@/lxc-net USE_LXC_BRIDGE="true" +USE_OPENVSWITCH="false" LXC_BRIDGE="lxcbr0" LXC_ADDR="10.0.3.1" LXC_NETMASK="255.255.255.0" @@ -79,7 +80,11 @@ start() { iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill ifdown ${LXC_BRIDGE} - brctl delbr ${LXC_BRIDGE} || true + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true + else + brctl delbr ${LXC_BRIDGE} || true + fi } if [ -d /sys/class/net/${LXC_BRIDGE} ]; then @@ -87,7 +92,11 @@ start() { fi # set up the lxc network - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } + else + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } + fi echo 1 > /proc/sys/net/ipv4/ip_forward # if we are run from systemd on a system with selinux enabled, @@ -115,7 +124,12 @@ start() { if [ -n "$LXC_DOMAIN" ]; then LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" fi - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + + DNSMASQ_USER="lxc-dnsmasq" + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then + DNSMASQ_USER="dnsmasq" + fi + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup touch "${varrun}"/network_up touch "${lockdir}"/lxc-net } @@ -141,7 +155,11 @@ stop() { iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true rm -f "${varrun}"/dnsmasq.pid - brctl delbr ${LXC_BRIDGE} + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true + else + brctl delbr ${LXC_BRIDGE} + fi fi rm -f "${varrun}"/network_up rm -f "${lockdir}"/lxc-net -- 1.9.1 From stgraber at ubuntu.com Thu Dec 4 19:15:21 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Thu, 4 Dec 2014 14:15:21 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 In-Reply-To: <1417717284-12535-1-git-send-email-caglar@10ur.org> References: <1417717284-12535-1-git-send-email-caglar@10ur.org> Message-ID: <20141204191521.GC23859@dakara> On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: > Signed-off-by: S.Çağlar Onur > --- > config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- > 1 file changed, 22 insertions(+), 4 deletions(-) > > diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in > index 5567fee..5ca2eb2 100644 > --- a/config/init/common/lxc-net.in > +++ b/config/init/common/lxc-net.in > @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" > # or in @LXC_DISTRO_SYSCONF@/lxc-net > > USE_LXC_BRIDGE="true" > +USE_OPENVSWITCH="false" > LXC_BRIDGE="lxcbr0" > LXC_ADDR="10.0.3.1" > LXC_NETMASK="255.255.255.0" > @@ -79,7 +80,11 @@ start() { > iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true > iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > ifdown ${LXC_BRIDGE} > - brctl delbr ${LXC_BRIDGE} || true > + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > + else > + brctl delbr ${LXC_BRIDGE} || true > + fi > } > > if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > @@ -87,7 +92,11 @@ start() { > fi > > # set up the lxc network > - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } > + else > + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > + fi > echo 1 > /proc/sys/net/ipv4/ip_forward > > # if we are run from systemd on a system with selinux enabled, > @@ -115,7 +124,12 @@ start() { > if [ -n "$LXC_DOMAIN" ]; then > LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" > fi > - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > + > + DNSMASQ_USER="lxc-dnsmasq" > + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then > + DNSMASQ_USER="dnsmasq" Shouldn't the fallback be nobody rather than dnsmasq? > + fi > + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > touch "${varrun}"/network_up > touch "${lockdir}"/lxc-net > } > @@ -141,7 +155,11 @@ stop() { > iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true > rm -f "${varrun}"/dnsmasq.pid > - brctl delbr ${LXC_BRIDGE} > + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > + else > + brctl delbr ${LXC_BRIDGE} > + fi > fi > rm -f "${varrun}"/network_up > rm -f "${lockdir}"/lxc-net > -- > 1.9.1 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Thu Dec 4 19:25:47 2014 From: noreply at github.com (GitHub) Date: Thu, 04 Dec 2014 11:25:47 -0800 Subject: [lxc-devel] [lxc/lxc] 8479c1: rmdir and lxc_unpriv returns non-negative error co... Message-ID: <5480b53bee8d4_2e033fa0d7f112bc8683@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 8479c136351f7e369db410368fca784c40e4e4c6 https://github.com/lxc/lxc/commit/8479c136351f7e369db410368fca784c40e4e4c6 Author: S.Çağlar Onur Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/lxc/bdev.c M src/lxc/log.c Log Message: ----------- rmdir and lxc_unpriv returns non-negative error codes Signed-off-by: S.Çağlar Onur Acked-by: Stéphane Graber From caglar at 10ur.org Thu Dec 4 20:13:44 2014 From: caglar at 10ur.org (=?UTF-8?B?Uy7Dh2HEn2xhciBPbnVy?=) Date: Thu, 4 Dec 2014 15:13:44 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 In-Reply-To: <20141204191521.GC23859@dakara> References: <1417717284-12535-1-git-send-email-caglar@10ur.org> <20141204191521.GC23859@dakara> Message-ID: On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber wrote: > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: >> Signed-off-by: S.Çağlar Onur >> --- >> config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- >> 1 file changed, 22 insertions(+), 4 deletions(-) >> >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in >> index 5567fee..5ca2eb2 100644 >> --- a/config/init/common/lxc-net.in >> +++ b/config/init/common/lxc-net.in >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" >> # or in @LXC_DISTRO_SYSCONF@/lxc-net >> >> USE_LXC_BRIDGE="true" >> +USE_OPENVSWITCH="false" >> LXC_BRIDGE="lxcbr0" >> LXC_ADDR="10.0.3.1" >> LXC_NETMASK="255.255.255.0" >> @@ -79,7 +80,11 @@ start() { >> iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill >> ifdown ${LXC_BRIDGE} >> - brctl delbr ${LXC_BRIDGE} || true >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true >> + else >> + brctl delbr ${LXC_BRIDGE} || true >> + fi >> } >> >> if [ -d /sys/class/net/${LXC_BRIDGE} ]; then >> @@ -87,7 +92,11 @@ start() { >> fi >> >> # set up the lxc network >> - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } >> + else >> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } >> + fi >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> # if we are run from systemd on a system with selinux enabled, >> @@ -115,7 +124,12 @@ start() { >> if [ -n "$LXC_DOMAIN" ]; then >> LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" >> fi >> - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup >> + >> + DNSMASQ_USER="lxc-dnsmasq" >> + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then >> + DNSMASQ_USER="dnsmasq" > > Shouldn't the fallback be nobody rather than dnsmasq? I guess we could. I used dnsmasq cause https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) >> + fi >> + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup >> touch "${varrun}"/network_up >> touch "${lockdir}"/lxc-net >> } >> @@ -141,7 +155,11 @@ stop() { >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill >> pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true >> rm -f "${varrun}"/dnsmasq.pid >> - brctl delbr ${LXC_BRIDGE} >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true >> + else >> + brctl delbr ${LXC_BRIDGE} >> + fi >> fi >> rm -f "${varrun}"/network_up >> rm -f "${lockdir}"/lxc-net >> -- >> 1.9.1 >> >> _______________________________________________ >> lxc-devel mailing list >> lxc-devel at lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > -- S.Çağlar Onur From stgraber at ubuntu.com Thu Dec 4 20:28:57 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Thu, 4 Dec 2014 15:28:57 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 In-Reply-To: References: <1417717284-12535-1-git-send-email-caglar@10ur.org> <20141204191521.GC23859@dakara> Message-ID: <20141204202857.GD23859@dakara> On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote: > On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber wrote: > > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: > >> Signed-off-by: S.Çağlar Onur > >> --- > >> config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- > >> 1 file changed, 22 insertions(+), 4 deletions(-) > >> > >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in > >> index 5567fee..5ca2eb2 100644 > >> --- a/config/init/common/lxc-net.in > >> +++ b/config/init/common/lxc-net.in > >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" > >> # or in @LXC_DISTRO_SYSCONF@/lxc-net > >> > >> USE_LXC_BRIDGE="true" > >> +USE_OPENVSWITCH="false" > >> LXC_BRIDGE="lxcbr0" > >> LXC_ADDR="10.0.3.1" > >> LXC_NETMASK="255.255.255.0" > >> @@ -79,7 +80,11 @@ start() { > >> iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true > >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > >> ifdown ${LXC_BRIDGE} > >> - brctl delbr ${LXC_BRIDGE} || true > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > >> + else > >> + brctl delbr ${LXC_BRIDGE} || true > >> + fi > >> } > >> > >> if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > >> @@ -87,7 +92,11 @@ start() { > >> fi > >> > >> # set up the lxc network > >> - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } > >> + else > >> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > >> + fi > >> echo 1 > /proc/sys/net/ipv4/ip_forward > >> > >> # if we are run from systemd on a system with selinux enabled, > >> @@ -115,7 +124,12 @@ start() { > >> if [ -n "$LXC_DOMAIN" ]; then > >> LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" > >> fi > >> - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > >> + > >> + DNSMASQ_USER="lxc-dnsmasq" > >> + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then > >> + DNSMASQ_USER="dnsmasq" > > > > Shouldn't the fallback be nobody rather than dnsmasq? > > I guess we could. I used dnsmasq cause > https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then falling back to nobody. That way we can add other distros' account for dnsmasq if needed. > > >> + fi > >> + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > >> touch "${varrun}"/network_up > >> touch "${lockdir}"/lxc-net > >> } > >> @@ -141,7 +155,11 @@ stop() { > >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > >> pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true > >> rm -f "${varrun}"/dnsmasq.pid > >> - brctl delbr ${LXC_BRIDGE} > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > >> + else > >> + brctl delbr ${LXC_BRIDGE} > >> + fi > >> fi > >> rm -f "${varrun}"/network_up > >> rm -f "${lockdir}"/lxc-net > >> -- > >> 1.9.1 > >> > >> _______________________________________________ > >> lxc-devel mailing list > >> lxc-devel at lists.linuxcontainers.org > >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel at lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > > > -- > S.Çağlar Onur > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Thu Dec 4 20:30:07 2014 From: noreply at github.com (GitHub) Date: Thu, 04 Dec 2014 12:30:07 -0800 Subject: [lxc-devel] [lxc/lxc] e5e0bc: tests: try again when waitpid() sets errno as EINT... Message-ID: <5480c44fbd4e9_790b3f9ffb80b29c35586@hookshot-fe5-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: e5e0bc557a2aabb8b1173144ba602b7b874dc9ab https://github.com/lxc/lxc/commit/e5e0bc557a2aabb8b1173144ba602b7b874dc9ab Author: Arjun Sreedharan Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/tests/containertests.c M src/tests/destroytest.c M src/tests/saveconfig.c M src/tests/startone.c Log Message: ----------- tests: try again when waitpid() sets errno as EINTR when waitpid() is interrupted, errno is not set to the negative value -EINTR. It is set to EINTR. check against EINTR. Signed-off-by: Arjun Sreedharan Acked-by: Stéphane Graber Commit: dc990b1d9f26cd860ee9cf49034e36fe63ba76b2 https://github.com/lxc/lxc/commit/dc990b1d9f26cd860ee9cf49034e36fe63ba76b2 Author: Shuai Zhang Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/lxc/network.c M src/lxc/nl.c M src/lxc/nl.h Log Message: ----------- audit: added capacity and reserve() to nlmsg There are now two (permitted) ways to add data to netlink message: 1. put_xxx() 2. call nlmsg_reserve() to get a pointer to newly reserved room within the original netlink message, then write or memcpy data to that area. Both of them guarantee adding requested length data do not overflow the pre-allocated message buffer by checking against its cap field first. And there may be no need to access nlmsg_len outside nl module, because both put_xxx() and nlmsg_reserve() have alread did that for us. Signed-off-by: Shuai Zhang Acked-by: Stéphane Graber Commit: 53ae2e9240eb1d7182e1366ee735014ecd36f133 https://github.com/lxc/lxc/commit/53ae2e9240eb1d7182e1366ee735014ecd36f133 Author: S.Çağlar Onur Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M src/lxc/bdev.c M src/lxc/log.c Log Message: ----------- rmdir and lxc_unpriv returns non-negative error codes Signed-off-by: S.Çağlar Onur Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/a44cafdb091f...53ae2e9240eb From mhw at WittsEnd.com Thu Dec 4 20:36:01 2014 From: mhw at WittsEnd.com (Michael H. Warfield) Date: Thu, 04 Dec 2014 15:36:01 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 In-Reply-To: References: <1417717284-12535-1-git-send-email-caglar@10ur.org> <20141204191521.GC23859@dakara> Message-ID: <1417725361.6653.90.camel@canyon.ip6.wittsend.com> On Thu, 2014-12-04 at 15:13 -0500, S.Çağlar Onur wrote: > On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber wrote: > > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: > >> Signed-off-by: S.Çağlar Onur > >> --- > >> config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- > >> 1 file changed, 22 insertions(+), 4 deletions(-) > >> > >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in > >> index 5567fee..5ca2eb2 100644 > >> --- a/config/init/common/lxc-net.in > >> +++ b/config/init/common/lxc-net.in > >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" > >> # or in @LXC_DISTRO_SYSCONF@/lxc-net > >> > >> USE_LXC_BRIDGE="true" > >> +USE_OPENVSWITCH="false" > >> LXC_BRIDGE="lxcbr0" > >> LXC_ADDR="10.0.3.1" > >> LXC_NETMASK="255.255.255.0" > >> @@ -79,7 +80,11 @@ start() { > >> iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true > >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > >> ifdown ${LXC_BRIDGE} > >> - brctl delbr ${LXC_BRIDGE} || true > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > >> + else > >> + brctl delbr ${LXC_BRIDGE} || true > >> + fi > >> } > >> > >> if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > >> @@ -87,7 +92,11 @@ start() { > >> fi > >> > >> # set up the lxc network > >> - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } > >> + else > >> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } > >> + fi > >> echo 1 > /proc/sys/net/ipv4/ip_forward > >> > >> # if we are run from systemd on a system with selinux enabled, > >> @@ -115,7 +124,12 @@ start() { > >> if [ -n "$LXC_DOMAIN" ]; then > >> LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" > >> fi > >> - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > >> + > >> + DNSMASQ_USER="lxc-dnsmasq" > >> + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then > >> + DNSMASQ_USER="dnsmasq" > > > > Shouldn't the fallback be nobody rather than dnsmasq? > > I guess we could. I used dnsmasq cause > https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) Maybe fall back to check for dnsmasq and fall back to it if it exists and then fall back to nobody if it doesn't? I ran into this with the rpm spec file. > >> + fi > >> + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup > >> touch "${varrun}"/network_up > >> touch "${lockdir}"/lxc-net > >> } > >> @@ -141,7 +155,11 @@ stop() { > >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > >> pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true > >> rm -f "${varrun}"/dnsmasq.pid > >> - brctl delbr ${LXC_BRIDGE} > >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then > >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true > >> + else > >> + brctl delbr ${LXC_BRIDGE} > >> + fi > >> fi > >> rm -f "${varrun}"/network_up > >> rm -f "${lockdir}"/lxc-net > >> -- > >> 1.9.1 > >> > >> _______________________________________________ > >> lxc-devel mailing list > >> lxc-devel at lists.linuxcontainers.org > >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel at lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > > -- Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 465 bytes Desc: This is a digitally signed message part URL: From caglar at 10ur.org Thu Dec 4 21:10:30 2014 From: caglar at 10ur.org (=?UTF-8?B?Uy7Dh2HEn2xhciBPbnVy?=) Date: Thu, 4 Dec 2014 16:10:30 -0500 Subject: [lxc-devel] [PATCH] add support for openvswitch bridge and restore the dropped bits of 1c1bb85ad2b6 In-Reply-To: <20141204202857.GD23859@dakara> References: <1417717284-12535-1-git-send-email-caglar@10ur.org> <20141204191521.GC23859@dakara> <20141204202857.GD23859@dakara> Message-ID: On Thu, Dec 4, 2014 at 3:28 PM, Stéphane Graber wrote: > On Thu, Dec 04, 2014 at 03:13:44PM -0500, S.Çağlar Onur wrote: >> On Thu, Dec 4, 2014 at 2:15 PM, Stéphane Graber wrote: >> > On Thu, Dec 04, 2014 at 01:21:24PM -0500, S.Çağlar Onur wrote: >> >> Signed-off-by: S.Çağlar Onur >> >> --- >> >> config/init/common/lxc-net.in | 26 ++++++++++++++++++++++---- >> >> 1 file changed, 22 insertions(+), 4 deletions(-) >> >> >> >> diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in >> >> index 5567fee..5ca2eb2 100644 >> >> --- a/config/init/common/lxc-net.in >> >> +++ b/config/init/common/lxc-net.in >> >> @@ -8,6 +8,7 @@ varrun="@RUNTIME_PATH@/lxc" >> >> # or in @LXC_DISTRO_SYSCONF@/lxc-net >> >> >> >> USE_LXC_BRIDGE="true" >> >> +USE_OPENVSWITCH="false" >> >> LXC_BRIDGE="lxcbr0" >> >> LXC_ADDR="10.0.3.1" >> >> LXC_NETMASK="255.255.255.0" >> >> @@ -79,7 +80,11 @@ start() { >> >> iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true >> >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill >> >> ifdown ${LXC_BRIDGE} >> >> - brctl delbr ${LXC_BRIDGE} || true >> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true >> >> + else >> >> + brctl delbr ${LXC_BRIDGE} || true >> >> + fi >> >> } >> >> >> >> if [ -d /sys/class/net/${LXC_BRIDGE} ]; then >> >> @@ -87,7 +92,11 @@ start() { >> >> fi >> >> >> >> # set up the lxc network >> >> - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } >> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> >> + ovs-vsctl --may-exist add-br ${LXC_BRIDGE} || { echo "Missing openvbridge support in kernel"; stop; exit 0; } >> >> + else >> >> + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } >> >> + fi >> >> echo 1 > /proc/sys/net/ipv4/ip_forward >> >> >> >> # if we are run from systemd on a system with selinux enabled, >> >> @@ -115,7 +124,12 @@ start() { >> >> if [ -n "$LXC_DOMAIN" ]; then >> >> LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" >> >> fi >> >> - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup >> >> + >> >> + DNSMASQ_USER="lxc-dnsmasq" >> >> + if ! getent passwd ${DNSMASQ_USER} >/dev/null; then >> >> + DNSMASQ_USER="dnsmasq" >> > >> > Shouldn't the fallback be nobody rather than dnsmasq? >> >> I guess we could. I used dnsmasq cause >> https://github.com/lxc/lxc/commit/1c1bb85ad2b6 was using that :) > > I guess we could have a for loop trying lxc-dnsmasq, dnsmasq and then > falling back to nobody. That way we can add other distros' account for > dnsmasq if needed. Sure. I also realized that lxc-net needs to depend on openvswitch-switch if USE_OPENVSWITCH is true so I'll send v2 with those changes. >> >> >> + fi >> >> + dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup >> >> touch "${varrun}"/network_up >> >> touch "${lockdir}"/lxc-net >> >> } >> >> @@ -141,7 +155,11 @@ stop() { >> >> iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill >> >> pid=`cat "${varrun}"/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true >> >> rm -f "${varrun}"/dnsmasq.pid >> >> - brctl delbr ${LXC_BRIDGE} >> >> + if [ "x$USE_OPENVSWITCH" = "xtrue" ]; then >> >> + ovs-vsctl --if-exists del-br ${LXC_BRIDGE} || true >> >> + else >> >> + brctl delbr ${LXC_BRIDGE} >> >> + fi >> >> fi >> >> rm -f "${varrun}"/network_up >> >> rm -f "${lockdir}"/lxc-net >> >> -- >> >> 1.9.1 >> >> >> >> _______________________________________________ >> >> lxc-devel mailing list >> >> lxc-devel at lists.linuxcontainers.org >> >> http://lists.linuxcontainers.org/listinfo/lxc-devel >> > >> > -- >> > Stéphane Graber >> > Ubuntu developer >> > http://www.ubuntu.com >> > >> > _______________________________________________ >> > lxc-devel mailing list >> > lxc-devel at lists.linuxcontainers.org >> > http://lists.linuxcontainers.org/listinfo/lxc-devel >> > >> >> >> >> -- >> S.Çağlar Onur >> _______________________________________________ >> lxc-devel mailing list >> lxc-devel at lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > -- S.Çağlar Onur From noreply at github.com Thu Dec 4 23:40:30 2014 From: noreply at github.com (GitHub) Date: Thu, 04 Dec 2014 15:40:30 -0800 Subject: [lxc-devel] [lxc/lxc] ec6426: typofixes - https://github.com/vlajos/misspell_fix... Message-ID: <5480f0eee921a_32233ff14894f2b8818bf@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ec64264d78d4ed608553842ce9e1f07eeab2a032 https://github.com/lxc/lxc/commit/ec64264d78d4ed608553842ce9e1f07eeab2a032 Author: Veres Lajos Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M doc/api/Doxyfile M doc/ja/lxc.container.conf.sgml.in M lxc.spec.in M src/lxc/attach.c M src/lxc/attach_options.h M src/lxc/bdev.c M src/lxc/cgfs.c M src/lxc/commands.c M src/lxc/conf.c M src/lxc/conf.h M src/lxc/confile.c M src/lxc/log.c M src/lxc/lxc-btrfs.h M src/lxc/lxc-checkconfig.in M src/lxc/lxc.h M src/lxc/lxccontainer.h M src/lxc/lxclock.c M src/lxc/start.c M templates/lxc-centos.in M templates/lxc-debian.in M templates/lxc-fedora.in M templates/lxc-gentoo.in Log Message: ----------- typofixes - https://github.com/vlajos/misspell_fixer Signed-off-by: Veres Lajos Acked-by: Stéphane Graber From noreply at github.com Thu Dec 4 23:43:05 2014 From: noreply at github.com (GitHub) Date: Thu, 04 Dec 2014 15:43:05 -0800 Subject: [lxc-devel] [lxc/lxc] 68b6d5: typofixes - https://github.com/vlajos/misspell_fix... Message-ID: <5480f189101b_9933fb70105f29c71327@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 68b6d527638cbdf0bb456defac6a3103f951974a https://github.com/lxc/lxc/commit/68b6d527638cbdf0bb456defac6a3103f951974a Author: Veres Lajos Date: 2014-12-04 (Thu, 04 Dec 2014) Changed paths: M doc/api/Doxyfile M doc/ja/lxc.container.conf.sgml.in M lxc.spec.in M src/lxc/attach.c M src/lxc/attach_options.h M src/lxc/bdev.c M src/lxc/cgfs.c M src/lxc/commands.c M src/lxc/conf.c M src/lxc/conf.h M src/lxc/confile.c M src/lxc/log.c M src/lxc/lxc-btrfs.h M src/lxc/lxc-checkconfig.in M src/lxc/lxc.h M src/lxc/lxccontainer.h M src/lxc/lxclock.c M src/lxc/start.c M templates/lxc-centos.in M templates/lxc-debian.in M templates/lxc-fedora.in M templates/lxc-gentoo.in Log Message: ----------- typofixes - https://github.com/vlajos/misspell_fixer Signed-off-by: Veres Lajos Acked-by: Stéphane Graber From noreply at github.com Fri Dec 5 18:38:00 2014 From: noreply at github.com (GitHub) Date: Fri, 05 Dec 2014 10:38:00 -0800 Subject: [lxc-devel] [lxc/lxc] Message-ID: <5481fb88d8a5_41c53f89b88612b82921@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/tags/lxc-1.0.7 Home: https://github.com/lxc/lxc From noreply at github.com Fri Dec 5 18:37:58 2014 From: noreply at github.com (GitHub) Date: Fri, 05 Dec 2014 10:37:58 -0800 Subject: [lxc-devel] [lxc/lxc] 1c5ccb: change version to 1.0.7 in configure.ac Message-ID: <5481fb867d068_68443fd0758fd2b893961@hookshot-fe4-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 1c5ccb98a75b41caa135465c5df5f4d1f7a75759 https://github.com/lxc/lxc/commit/1c5ccb98a75b41caa135465c5df5f4d1f7a75759 Author: Stéphane Graber Date: 2014-12-05 (Fri, 05 Dec 2014) Changed paths: M configure.ac Log Message: ----------- change version to 1.0.7 in configure.ac Signed-off-by: Stéphane Graber From notifications at travis-ci.org Fri Dec 5 18:52:03 2014 From: notifications at travis-ci.org (Travis CI) Date: Fri, 05 Dec 2014 18:52:03 +0000 Subject: [lxc-devel] Passed: lxc/lxc#782 (lxc-1.0.7 - 1c5ccb9) In-Reply-To: Message-ID: <5481fed38f110_244d5c275f2@9ab68e55-ac8d-472c-ba9d-61fc5904be21.mail> Build Update for lxc/lxc ------------------------------------- Build: #782 Status: Passed Duration: 6 minutes and 18 seconds Commit: 1c5ccb9 (lxc-1.0.7) Author: Stéphane Graber Message: change version to 1.0.7 in configure.ac Signed-off-by: Stéphane Graber View the changeset: https://github.com/lxc/lxc/compare/lxc-1.0.7 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/43126477 -- You can configure recipients for build notifications in your .travis.yml file. See http://docs.travis-ci.com/user/notifications -------------- next part -------------- An HTML attachment was scrubbed... URL: From stgraber at ubuntu.com Sat Dec 6 10:35:39 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Sat, 6 Dec 2014 11:35:39 +0100 Subject: [lxc-devel] LXC 1.0.7 has been released! Message-ID: <20141206103539.GA17202@castiana.ipv6.teksavvy.com> Hello everyone, The seventh LXC 1.0 bugfix release is now out! This includes over two months worth of bugfixes contributed by 27 individual developers. As usual, the full announcement and changelog may be found at: https://linuxcontainers.org/lxc/news/ And our tarballs can be downloaded from: https://linuxcontainers.org/lxc/downloads/ I'd also like to point out that we have a new website, which is now common to LXC, LXD, LXCFS and CGManager. As a reminder, LXC upstream is planning on maintaining the LXC 1.0 branch with frequent bugfix and security updates until April 2019. Stéphane Graber On behalf of the LXC development team -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From mail at ojkastl.de Mon Dec 8 19:51:09 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Mon, 08 Dec 2014 20:51:09 +0100 Subject: [lxc-devel] Building lxc 1.1 from spec: configure and automake Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, as 1.1 seems to be getting nearer, I wanted to start building packages for openSUSE. First thing I ran into is the missing configure, so one has to run autogen.sh first. (This is different on 1.0.x). Unfortunately, this does not work (in my tests) with the upstream spec, at least not out of the box. I found a hack that defines %_configure to run autogen.sh, but then configure is not called correctly. How could this be handled in the spec? I also had to add automake as BuildRequires, otherwise autogen.sh does not find aclocal... Regards, Johannes - -- I still maintain the point that designing a monolithic kernel in 1991 is a fundamental error. Be thankful you are not my student. You would not get a high grade for such a design. (Andrew Tanenbaum to Linus Torvalds) -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSGAS0ACgkQzi3gQ/xETbJJyACggeTxfBMHL0KQzzpRgeUL1Tu4 6BgAn3Tb3WSdRp6kKPhgzuawCLleYM9u =jE7o -----END PGP SIGNATURE----- From dwight.engen at oracle.com Mon Dec 8 20:28:01 2014 From: dwight.engen at oracle.com (Dwight Engen) Date: Mon, 8 Dec 2014 15:28:01 -0500 Subject: [lxc-devel] Building lxc 1.1 from spec: configure and automake In-Reply-To: References: Message-ID: <20141208152801.78da8b29@Delphi.home> On Mon, 08 Dec 2014 20:51:09 +0100 Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > as 1.1 seems to be getting nearer, I wanted to start building packages > for openSUSE. First thing I ran into is the missing configure, so one > has to run autogen.sh first. (This is different on 1.0.x). > > Unfortunately, this does not work (in my tests) with the upstream > spec, at least not out of the box. I found a hack that defines > %_configure to run autogen.sh, but then configure is not called > correctly. > > How could this be handled in the spec? > > I also had to add automake as BuildRequires, otherwise autogen.sh does > not find aclocal... Hi Johannes, I think that release tarballs will always have configure, just raw git checkouts will not. For Oracle's build of lxc, we run ./autogen.sh as the first line of %build, so just before %configure runs. We do this because the version of aclocal included with a released tarball may be too new for our build environment, so we just regenerate. Of course this then means that we need to add automake and autoconf to BuildRequires. If you need to run autogen.sh in your enviroment, this would probably work for you as well. > Regards, > Johannes > - -- > I still maintain the point that designing a monolithic kernel in 1991 > is a fundamental error. Be thankful you are not my student. You would > not get a high grade for such a design. > (Andrew Tanenbaum to Linus Torvalds) > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlSGAS0ACgkQzi3gQ/xETbJJyACggeTxfBMHL0KQzzpRgeUL1Tu4 > 6BgAn3Tb3WSdRp6kKPhgzuawCLleYM9u > =jE7o > -----END PGP SIGNATURE----- > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel From mail at ojkastl.de Mon Dec 8 21:02:10 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Mon, 08 Dec 2014 22:02:10 +0100 Subject: [lxc-devel] Building lxc 1.1 from spec: configure and automake In-Reply-To: <20141208152801.78da8b29@Delphi.home> References: <20141208152801.78da8b29@Delphi.home> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Dwight, On 08.12.2014 Dwight Engen wrote: >> I think that release tarballs will always have configure, just >> raw git checkouts will not. That might be the reason, yeah. >> For Oracle's build of lxc, we run ./autogen.sh as the first line >> of %build, so just before %configure runs. We do this because the >> version of aclocal included with a released tarball may be too >> new for our build environment, so we just regenerate. Of course >> this then means that we need to add automake and autoconf to >> BuildRequires. If you need to run autogen.sh in your enviroment, >> this would probably work for you as well. I see, so this should not be necessary once 1.1 is released officially. Thanks for the quick answer. Regards, Johannes - -- Working with Unix is like wrestling a worthy opponent. Working with windows is like attacking a small whining child who is carrying a .38. -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSGEdIACgkQzi3gQ/xETbLUmgCeNWxNwk3k4tJtAzllM7hrb/RX YI8AoJlAnjVb8FDngu1zg/dHXGxHx5OK =ypK6 -----END PGP SIGNATURE----- From mail at ojkastl.de Fri Dec 12 20:51:21 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Fri, 12 Dec 2014 21:51:21 +0100 Subject: [lxc-devel] [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches end-of-life soon Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi everyone, as openSUSE 12.3 reaches end-of-life soon, I added a patch that changes the default release in the lxc-opensuse template to 13.1. This patch is against master, I'll send a patch against stable-1.0 soon. Here is the 'Advance discontinuation notice for openSUSE 12.3': > http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00005.html I > do not know if it's possible to have this in 1.1 but it would be nice. As it's to late for 1.0.7 already... I'm looking forward to any comments, hints and such. Regards, Johannes - -- Insane people throw computers out of windows, sane people... -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSLVUkACgkQzi3gQ/xETbLpVACgnh+zqeLpddUc/X3AS4QEW/kQ uWAAoJPavu2t9nIvmtafaSJaax/ZvhzJ =0wEv -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0007-lxc-opensuse-default-release-changed-to-13.1-as-12.3.patch Type: text/x-patch Size: 1245 bytes Desc: not available URL: From mail at ojkastl.de Fri Dec 12 20:58:59 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Fri, 12 Dec 2014 21:58:59 +0100 Subject: [lxc-devel] [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches end-of-life soon In-Reply-To: References: Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12.12.2014 Johannes Kastl wrote: > This patch is against master, I'll send a patch against stable-1.0 > soon. Here is the patch for stable-1.0. As 1.0.x does not include the template with release selection, this just changes the default to 13.1. Regards, Johannes - -- The presence of those seeking the truth is infinitely to be preferred to the presence of those who think they 've found it. (Terry Pratchett, Monstrous regiment) -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSLVxMACgkQzi3gQ/xETbJVbgCfeejvgaiEFGDt3ovWKh2/yXzV Zk0AnjK+c7eoVBiYBToMGrZF0DeZq6nJ =hqxm -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0004-lxc-opensuse-default-release-changed-to-13.1-as-12.3.patch Type: text/x-patch Size: 722 bytes Desc: not available URL: From eeg5auquaephoo5j at gmail.com Tue Dec 16 09:36:13 2014 From: eeg5auquaephoo5j at gmail.com (Till Walter) Date: Tue, 16 Dec 2014 10:36:13 +0100 Subject: [lxc-devel] Valid Container Names/Identifiers Message-ID: Dear LXC Developers, the manual page of lxc-create states that "The container identifier format is an alphanumeric string". Yet besides [A-Za-z0-9] other characters like underscore are also fine. I had a brief look at the source but did not find any check, e.g., using a regex. Is there any check at all? What are valid container identifiers/names? I am asking because I am using the official python bindings to write a little utility and want to avoid container naming problems that may arise. Best regards, BB From stgraber at ubuntu.com Tue Dec 16 15:22:05 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Tue, 16 Dec 2014 10:22:05 -0500 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: References: Message-ID: <20141216152205.GL23859@dakara> On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: > Dear LXC Developers, > > the manual page of lxc-create states that "The container identifier > format is an alphanumeric string". Yet besides [A-Za-z0-9] other > characters like underscore are also fine. > I had a brief look at the source but did not find any check, e.g., > using a regex. Is there any check at all? What are valid container > identifiers/names? > I am asking because I am using the official python bindings to write a > little utility and want to avoid container naming problems that may > arise. > > Best regards, > > BB So LXC itself doesn't really have a definition for valid names, however since the name is typically used for the container's hostname, you should stick to what's considered a valid hostname on Linux. There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From dwight.engen at oracle.com Tue Dec 16 19:57:47 2014 From: dwight.engen at oracle.com (Dwight Engen) Date: Tue, 16 Dec 2014 14:57:47 -0500 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: <20141216152205.GL23859@dakara> References: <20141216152205.GL23859@dakara> Message-ID: <20141216145747.31f8c194@Delphi.home> On Tue, 16 Dec 2014 10:22:05 -0500 Stéphane Graber wrote: > On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: > > Dear LXC Developers, > > > > the manual page of lxc-create states that "The container identifier > > format is an alphanumeric string". Yet besides [A-Za-z0-9] other > > characters like underscore are also fine. > > I had a brief look at the source but did not find any check, e.g., > > using a regex. Is there any check at all? What are valid container > > identifiers/names? > > I am asking because I am using the official python bindings to > > write a little utility and want to avoid container naming problems > > that may arise. > > > > Best regards, > > > > BB > > So LXC itself doesn't really have a definition for valid names, > however since the name is typically used for the container's > hostname, you should stick to what's considered a valid hostname on > Linux. > > There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. Also note that if you're using the cgfs cgroup backend, the name must pass is_valid_cgroup(), which has a comment that says: /* Use the ASCII printable characters range(32 - 127) * is reasonable, we kick out 32(SPACE) because it'll * break legacy lxc-ls */ I guess its a bit not nice that it looks like we don't check at create time, but will fail it from starting later. From eeg5auquaephoo5j at gmail.com Wed Dec 17 17:34:37 2014 From: eeg5auquaephoo5j at gmail.com (eeg5auquaephoo5j at gmail.com) Date: Wed, 17 Dec 2014 18:34:37 +0100 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: <20141216145747.31f8c194@Delphi.home> References: <20141216152205.GL23859@dakara> <20141216145747.31f8c194@Delphi.home> Message-ID: Thanks for the clarification. I will use an even smaller subset of characters when creating lxc.Container instances ... just to be on the safe side. Kind regards, BB On 12/16/14, Dwight Engen wrote: > On Tue, 16 Dec 2014 10:22:05 -0500 > Stéphane Graber wrote: > >> On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: >> > Dear LXC Developers, >> > >> > the manual page of lxc-create states that "The container identifier >> > format is an alphanumeric string". Yet besides [A-Za-z0-9] other >> > characters like underscore are also fine. >> > I had a brief look at the source but did not find any check, e.g., >> > using a regex. Is there any check at all? What are valid container >> > identifiers/names? >> > I am asking because I am using the official python bindings to >> > write a little utility and want to avoid container naming problems >> > that may arise. >> > >> > Best regards, >> > >> > BB >> >> So LXC itself doesn't really have a definition for valid names, >> however since the name is typically used for the container's >> hostname, you should stick to what's considered a valid hostname on >> Linux. >> >> There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. > > Also note that if you're using the cgfs cgroup backend, the name must > pass is_valid_cgroup(), which has a comment that says: > > /* Use the ASCII printable characters range(32 - 127) > * is reasonable, we kick out 32(SPACE) because it'll > * break legacy lxc-ls > */ > > I guess its a bit not nice that it looks like we don't check at create > time, but will fail it from starting later. > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > From mail at ojkastl.de Wed Dec 17 20:06:34 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Wed, 17 Dec 2014 21:06:34 +0100 Subject: [lxc-devel] [PATCH] lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed (was: [PATCH] Disabled building openSUSE containers on openSUSE 13.2 and openSUSE Tumbleweed due to faulty behaviour with newer versions of init_buildsystem) In-Reply-To: <20141127225147.GR10205@dakara> References: <20141127225147.GR10205@dakara> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 27.11.2014 Stéphane Graber wrote: > There is a bug report, but no solution yet. I am busy with other > real world stuff right now, so maybe to protect users this patch > should make it into stable-1.0? The bug has been found, it was a different behaviour in the build package. This is fixed on openSUSE with build version 20141120 or newer. So, I changed the version check in the package, and it aborts creation only if - - running on openSUSE 13.2 or Tumbleweed AND - - the version of the build package is lower than 20141120. This patch is for stable-1.0, I'd like to get this into 1.1, too. I'll send a patch soon. Regards, Johannes - -- I love deadlines. I like the whooshing sound they make as they fly by. (Douglas Adams) -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSR4koACgkQzi3gQ/xETbKL7ACfYR+l0a5/poqlGJEZgIQRBpkY eMQAniDNjJUMUb7v/L6S/ugyecbYyLQT =LXRW -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0005-lxc-opensuse-Disable-building-openSUSE-containers-on.patch Type: text/x-patch Size: 1160 bytes Desc: not available URL: From mail at ojkastl.de Wed Dec 17 20:10:01 2014 From: mail at ojkastl.de (Johannes Kastl) Date: Wed, 17 Dec 2014 21:10:01 +0100 Subject: [lxc-devel] [PATCH] lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed In-Reply-To: References: <20141127225147.GR10205@dakara> Message-ID: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 17.12.2014 Johannes Kastl wrote: > This patch is for stable-1.0, I'd like to get this into 1.1, too. > I'll send a patch soon. Here it is. Regards, Johannes - -- `You should write a book,´ Ron told Hermione as he cut up his potatoes, `translating mad things girls do so boys can understand them.´ (Harry Potter and the Order of the Phoenix) -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ iEYEARECAAYFAlSR4xkACgkQzi3gQ/xETbInjQCgkSwmQ/7X9Mi4oCrES08+UR+q RFMAn3IavjqjBF4CXnFrRrgoLOJRfyIJ =vyWW -----END PGP SIGNATURE----- -------------- next part -------------- A non-text attachment was scrubbed... Name: 0008-lxc-opensuse-Disable-building-openSUSE-containers-on.patch Type: text/x-patch Size: 1156 bytes Desc: not available URL: From JOELN at il.ibm.com Thu Dec 18 10:50:37 2014 From: JOELN at il.ibm.com (Joel Nider) Date: Thu, 18 Dec 2014 12:50:37 +0200 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: <20141216152205.GL23859@dakara> References: <20141216152205.GL23859@dakara> Message-ID: I would strongly suggest to nail this down now since the question came up. This is the kind of issue that could create security bugs later on (when different parts of the code check for valid names in different ways, or don't check at all). Stephane's suggestion of a 64 ASCII character string that forms a valid Linux hostname sounds good to me - is this formally defined somewhere? Regards, Joel "lxc-devel" wrote on 16/12/2014 05:22:05 PM: > From: Stéphane Graber > To: LXC development mailing-list > Date: 16/12/2014 05:22 PM > Subject: Re: [lxc-devel] Valid Container Names/Identifiers > Sent by: "lxc-devel" > > On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: > > Dear LXC Developers, > > > > the manual page of lxc-create states that "The container identifier > > format is an alphanumeric string". Yet besides [A-Za-z0-9] other > > characters like underscore are also fine. > > I had a brief look at the source but did not find any check, e.g., > > using a regex. Is there any check at all? What are valid container > > identifiers/names? > > I am asking because I am using the official python bindings to write a > > little utility and want to avoid container naming problems that may > > arise. > > > > Best regards, > > > > BB > > So LXC itself doesn't really have a definition for valid names, however > since the name is typically used for the container's hostname, you > should stick to what's considered a valid hostname on Linux. > > There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > [attachment "signature.asc" deleted by Joel Nider/Haifa/IBM] > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel From serge.hallyn at ubuntu.com Thu Dec 18 15:42:04 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Thu, 18 Dec 2014 15:42:04 +0000 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: References: <20141216152205.GL23859@dakara> Message-ID: <20141218154204.GE1397@ubuntumail> Agreed. Would you mind coming up with a proposed patch to be stricter at lxcapi_create() and sending it out? Quoting Joel Nider (JOELN at il.ibm.com): > I would strongly suggest to nail this down now since the question came up. > This is the kind of issue that could create security bugs later on (when > different parts of the code check for valid names in different ways, or > don't check at all). Stephane's suggestion of a 64 ASCII character string > that forms a valid Linux hostname sounds good to me - is this formally > defined somewhere? > > Regards, > > Joel > > "lxc-devel" wrote on > 16/12/2014 05:22:05 PM: > > > From: Stéphane Graber > > To: LXC development mailing-list > > Date: 16/12/2014 05:22 PM > > Subject: Re: [lxc-devel] Valid Container Names/Identifiers > > Sent by: "lxc-devel" > > > > On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: > > > Dear LXC Developers, > > > > > > the manual page of lxc-create states that "The container identifier > > > format is an alphanumeric string". Yet besides [A-Za-z0-9] other > > > characters like underscore are also fine. > > > I had a brief look at the source but did not find any check, e.g., > > > using a regex. Is there any check at all? What are valid container > > > identifiers/names? > > > I am asking because I am using the official python bindings to write a > > > little utility and want to avoid container naming problems that may > > > arise. > > > > > > Best regards, > > > > > > BB > > > > So LXC itself doesn't really have a definition for valid names, however > > since the name is typically used for the container's hostname, you > > should stick to what's considered a valid hostname on Linux. > > > > There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. > > > > -- > > Stéphane Graber > > Ubuntu developer > > http://www.ubuntu.com > > [attachment "signature.asc" deleted by Joel Nider/Haifa/IBM] > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel at lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel From serge.hallyn at ubuntu.com Thu Dec 18 17:23:51 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Thu, 18 Dec 2014 17:23:51 +0000 Subject: [lxc-devel] [PATCH 1/1] apparmor: prevent force umount Message-ID: <20141218172351.GJ1397@ubuntumail> it will cause hangup of the fuse fs on host. Note we could limit this to fuse filesystems only, but I can't see a good reason to allow force umount from container at all at the moment. Signed-off-by: Serge Hallyn --- config/apparmor/abstractions/container-base | 3 +++ config/apparmor/abstractions/container-base.in | 3 +++ 2 files changed, 6 insertions(+) diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base index 2d5fd7a..4faed77 100644 --- a/config/apparmor/abstractions/container-base +++ b/config/apparmor/abstractions/container-base @@ -3,6 +3,9 @@ file, umount, + # prevent containers from causing nfs/fuse hangup on host + deny umount options=(force), + # dbus, signal, ptrace and unix are only supported by recent apparmor # versions. Comment them if the apparmor parser doesn't recognize them. diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in index 2065735..56f4da9 100644 --- a/config/apparmor/abstractions/container-base.in +++ b/config/apparmor/abstractions/container-base.in @@ -3,6 +3,9 @@ file, umount, + # prevent containers from causing nfs/fuse hangup on host + deny umount options=(force), + # dbus, signal, ptrace and unix are only supported by recent apparmor # versions. Comment them if the apparmor parser doesn't recognize them. -- 2.1.0 From serge.hallyn at ubuntu.com Thu Dec 18 17:31:57 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Thu, 18 Dec 2014 17:31:57 +0000 Subject: [lxc-devel] [PATCH 1/1] apparmor: prevent force umount In-Reply-To: <20141218172351.GJ1397@ubuntumail> References: <20141218172351.GJ1397@ubuntumail> Message-ID: <20141218173157.GK1397@ubuntumail> Never mind, this won't work until apparmor gets some changes. Quoting Serge Hallyn (serge.hallyn at ubuntu.com): > it will cause hangup of the fuse fs on host. > > Note we could limit this to fuse filesystems only, but I can't see a > good reason to allow force umount from container at all at the moment. > > Signed-off-by: Serge Hallyn > --- > config/apparmor/abstractions/container-base | 3 +++ > config/apparmor/abstractions/container-base.in | 3 +++ > 2 files changed, 6 insertions(+) > > diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base > index 2d5fd7a..4faed77 100644 > --- a/config/apparmor/abstractions/container-base > +++ b/config/apparmor/abstractions/container-base > @@ -3,6 +3,9 @@ > file, > umount, > > + # prevent containers from causing nfs/fuse hangup on host > + deny umount options=(force), > + > # dbus, signal, ptrace and unix are only supported by recent apparmor > # versions. Comment them if the apparmor parser doesn't recognize them. > > diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in > index 2065735..56f4da9 100644 > --- a/config/apparmor/abstractions/container-base.in > +++ b/config/apparmor/abstractions/container-base.in > @@ -3,6 +3,9 @@ > file, > umount, > > + # prevent containers from causing nfs/fuse hangup on host > + deny umount options=(force), > + > # dbus, signal, ptrace and unix are only supported by recent apparmor > # versions. Comment them if the apparmor parser doesn't recognize them. > > -- > 2.1.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel From kunalkushwahaoss at gmail.com Thu Dec 18 17:46:16 2014 From: kunalkushwahaoss at gmail.com (Kunal Kushwaha) Date: Thu, 18 Dec 2014 23:16:16 +0530 Subject: [lxc-devel] [LXD] Default routes changes. Message-ID: Hi, With ref to LXD issue #114 There are two ways to implement the default roots. 1. Initialize within code. Instead of initializing with empty Config Structure at https://github.com/lxc/lxd/blob/master/config.go#L56 can be initialized as remotes := map[string]RemoteConfig{ "images": RemoteConfig{"https+registry://registry.linuxcontainers.org"}, "local": RemoteConfig{"unix+lxd://var/lib/lxd/socket"}, } defaultConfig := &Config{TestOption: "", DefaultRemote: "", Remotes: remotes, ListenAddr: "80"} 2. Create a default config file. While installation, a default config.yml can be create with default settings. --- test-option: default-remote: remotes: images: addr: https+registry://registry.linuxcontainers.org local: addr: unix+lxd://var/lib/lxd/socket listen-addr: 80 Which approach is better? Regards, Kunal Kushwaha -------------- next part -------------- An HTML attachment was scrubbed... URL: From serge.hallyn at ubuntu.com Fri Dec 19 18:22:55 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 19 Dec 2014 18:22:55 +0000 Subject: [lxc-devel] [PATCH 1/2] seccomp: add rule to reject umount -f Message-ID: <20141219182255.GA4288@ubuntumail> If a container has a bind mount from a host nfs or fuse filesystem, and does 'umount -f', it will disconnect the host's filesystem. This patch adds a seccomp rule to block umount -f from a container. It also adds that rule to the default seccomp profile. Thanks stgraber for the idea :) Signed-off-by: Serge Hallyn --- config/templates/common.seccomp | 1 + src/lxc/seccomp.c | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/config/templates/common.seccomp b/config/templates/common.seccomp index e6650ef..6f8eeba 100644 --- a/config/templates/common.seccomp +++ b/config/templates/common.seccomp @@ -1,5 +1,6 @@ 2 blacklist +reject_force_umount # comment this to allow umount -f; not recommended [all] kexec_load errno 1 open_by_handle_at errno 1 diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c index dfdedf2..825d8a1 100644 --- a/src/lxc/seccomp.c +++ b/src/lxc/seccomp.c @@ -28,6 +28,7 @@ #include #include #include +#include #include "config.h" #include "lxcseccomp.h" @@ -186,6 +187,18 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, ERROR("BUG: seccomp: rule and context arch do not match (arch %d)", arch); return false; } + + if (strncmp(line, "reject_force_umount", 19) == 0) { + INFO("Setting seccomp rule to reject force umounts\n"); + ret = seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(umount2), + 1, SCMP_A1(SCMP_CMP_MASKED_EQ , MNT_FORCE , MNT_FORCE )); + if (ret < 0) { + ERROR("failed (%d) loading rule to reject force umount", ret); + return false; + } + return true; + } + nr = seccomp_syscall_resolve_name(line); if (nr == __NR_SCMP_ERROR) { WARN("Seccomp: failed to resolve syscall: %s", line); @@ -393,6 +406,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf) goto bad; } } + return 0; bad_arch: -- 2.1.0 From serge.hallyn at ubuntu.com Fri Dec 19 18:23:52 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 19 Dec 2014 18:23:52 +0000 Subject: [lxc-devel] [PATCH 2/2] Enable seccomp by default for unprivileged users. In-Reply-To: <20141219182255.GA4288@ubuntumail> References: <20141219182255.GA4288@ubuntumail> Message-ID: <20141219182352.GB4288@ubuntumail> In contrast to what the comment above the line disabling it said, it seems to work just fine. It also is needed on current kernels (until Eric's patch hits upstream) to prevent unprivileged containers from hosing fuse filesystems they inherit. Signed-off-by: Serge Hallyn --- config/templates/userns.conf.in | 4 ---- 1 file changed, 4 deletions(-) diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in index 2d9d7d5..5dc19c7 100644 --- a/config/templates/userns.conf.in +++ b/config/templates/userns.conf.in @@ -13,7 +13,3 @@ lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 - -# Default seccomp policy is not needed for unprivileged containers, and -# non-root users cannot use seccmp without NNP anyway. -lxc.seccomp = -- 2.1.0 From stgraber at ubuntu.com Fri Dec 19 18:28:18 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:28:18 -0500 Subject: [lxc-devel] [PATCH 2/2] Enable seccomp by default for unprivileged users. In-Reply-To: <20141219182352.GB4288@ubuntumail> References: <20141219182255.GA4288@ubuntumail> <20141219182352.GB4288@ubuntumail> Message-ID: <20141219182818.GM23851@dakara> On Fri, Dec 19, 2014 at 06:23:52PM +0000, Serge Hallyn wrote: > In contrast to what the comment above the line disabling it said, > it seems to work just fine. It also is needed on current kernels > (until Eric's patch hits upstream) to prevent unprivileged containers > from hosing fuse filesystems they inherit. > > Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber > --- > config/templates/userns.conf.in | 4 ---- > 1 file changed, 4 deletions(-) > > diff --git a/config/templates/userns.conf.in b/config/templates/userns.conf.in > index 2d9d7d5..5dc19c7 100644 > --- a/config/templates/userns.conf.in > +++ b/config/templates/userns.conf.in > @@ -13,7 +13,3 @@ lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 > lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 > lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 > lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 > - > -# Default seccomp policy is not needed for unprivileged containers, and > -# non-root users cannot use seccmp without NNP anyway. > -lxc.seccomp = > -- > 2.1.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:30:51 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:30:51 -0500 Subject: [lxc-devel] [PATCH 1/2] seccomp: add rule to reject umount -f In-Reply-To: <20141219182255.GA4288@ubuntumail> References: <20141219182255.GA4288@ubuntumail> Message-ID: <20141219183051.GN23851@dakara> On Fri, Dec 19, 2014 at 06:22:55PM +0000, Serge Hallyn wrote: > If a container has a bind mount from a host nfs or fuse > filesystem, and does 'umount -f', it will disconnect the > host's filesystem. This patch adds a seccomp rule to > block umount -f from a container. It also adds that rule > to the default seccomp profile. > > Thanks stgraber for the idea :) > > Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber > --- > config/templates/common.seccomp | 1 + > src/lxc/seccomp.c | 14 ++++++++++++++ > 2 files changed, 15 insertions(+) > > diff --git a/config/templates/common.seccomp b/config/templates/common.seccomp > index e6650ef..6f8eeba 100644 > --- a/config/templates/common.seccomp > +++ b/config/templates/common.seccomp > @@ -1,5 +1,6 @@ > 2 > blacklist > +reject_force_umount # comment this to allow umount -f; not recommended > [all] > kexec_load errno 1 > open_by_handle_at errno 1 > diff --git a/src/lxc/seccomp.c b/src/lxc/seccomp.c > index dfdedf2..825d8a1 100644 > --- a/src/lxc/seccomp.c > +++ b/src/lxc/seccomp.c > @@ -28,6 +28,7 @@ > #include > #include > #include > +#include > > #include "config.h" > #include "lxcseccomp.h" > @@ -186,6 +187,18 @@ bool do_resolve_add_rule(uint32_t arch, char *line, scmp_filter_ctx ctx, > ERROR("BUG: seccomp: rule and context arch do not match (arch %d)", arch); > return false; > } > + > + if (strncmp(line, "reject_force_umount", 19) == 0) { > + INFO("Setting seccomp rule to reject force umounts\n"); > + ret = seccomp_rule_add_exact(ctx, SCMP_ACT_ERRNO(EACCES), SCMP_SYS(umount2), > + 1, SCMP_A1(SCMP_CMP_MASKED_EQ , MNT_FORCE , MNT_FORCE )); > + if (ret < 0) { > + ERROR("failed (%d) loading rule to reject force umount", ret); > + return false; > + } > + return true; > + } > + > nr = seccomp_syscall_resolve_name(line); > if (nr == __NR_SCMP_ERROR) { > WARN("Seccomp: failed to resolve syscall: %s", line); > @@ -393,6 +406,7 @@ static int parse_config_v2(FILE *f, char *line, struct lxc_conf *conf) > goto bad; > } > } > + > return 0; > > bad_arch: > -- > 2.1.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:34:07 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:34:07 -0500 Subject: [lxc-devel] [LXD] Default routes changes. In-Reply-To: References: Message-ID: <20141219183407.GO23851@dakara> On Thu, Dec 18, 2014 at 11:16:16PM +0530, Kunal Kushwaha wrote: > Hi, > > With ref to LXD issue #114 > > There are two ways to implement the default roots. > > 1. Initialize within code. > Instead of initializing with empty Config Structure at > https://github.com/lxc/lxd/blob/master/config.go#L56 > > can be initialized as > > remotes := map[string]RemoteConfig{ > "images": RemoteConfig{"https+registry://registry.linuxcontainers.org"}, > "local": RemoteConfig{"unix+lxd://var/lib/lxd/socket"}, > } > > defaultConfig := &Config{TestOption: "", > DefaultRemote: "", > Remotes: remotes, > ListenAddr: "80"} > > > > 2. Create a default config file. > While installation, a default config.yml can be create with default > settings. > > --- > test-option: > default-remote: > remotes: > images: > addr: https+registry://registry.linuxcontainers.org > local: > addr: unix+lxd://var/lib/lxd/socket > listen-addr: 80 > > > Which approach is better? > > > Regards, > Kunal Kushwaha So I think we'd need something closer to option 1 since the actual list of default remotes may vary depending on the system. See: https://github.com/lxc/lxd/issues/114 The "local" entry must only be added and set as default if there is a lxd socket. If there isn't, only the images one should be present and no remote should be set as default. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:37:43 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:37:43 -0500 Subject: [lxc-devel] [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches end-of-life soon In-Reply-To: References: Message-ID: <20141219183743.GP23851@dakara> On Fri, Dec 12, 2014 at 09:51:21PM +0100, Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Hi everyone, > > as openSUSE 12.3 reaches end-of-life soon, I added a patch that > changes the default release in the lxc-opensuse template to 13.1. This > patch is against master, I'll send a patch against stable-1.0 soon. > > Here is the 'Advance discontinuation notice for openSUSE 12.3': > > http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00005.html > > I > > > do not know if it's possible to have this in 1.1 but it would be > nice. As it's to late for 1.0.7 already... > > I'm looking forward to any comments, hints and such. > > Regards, > Johannes > - -- > Insane people throw computers out of windows, sane people... > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlSLVUkACgkQzi3gQ/xETbLpVACgnh+zqeLpddUc/X3AS4QEW/kQ > uWAAoJPavu2t9nIvmtafaSJaax/ZvhzJ > =0wEv > -----END PGP SIGNATURE----- > From bd1298413ffa21424f97b7db775846e74a4e370e Mon Sep 17 00:00:00 2001 > From: Johannes Kastl > Date: Fri, 12 Dec 2014 21:42:08 +0100 > Subject: [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches > end-of-life soon > > Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber > --- > templates/lxc-opensuse.in | 12 ++++-------- > 1 file changed, 4 insertions(+), 8 deletions(-) > > diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in > index e9c96e6..4c09d24 100644 > --- a/templates/lxc-opensuse.in > +++ b/templates/lxc-opensuse.in > @@ -380,8 +380,8 @@ usage() > { > cat < $1 -h|--help -p|--path= -r|--release nn.n --clean > -Please give the release as 12.3, 13.1, 13.2 etc. > -If no release is given, openSUSE 12.3 is installed. > +Please give the release as 13.1, 13.2 etc. > +If no release is given, openSUSE 13.1 is installed. > EOF > return 0 > } > @@ -433,15 +433,11 @@ fi > > if [ -z "$DISTRO" ]; then > echo "" > - echo "No release selected, using openSUSE 12.3" > - DISTRO=12.3 > + echo "No release selected, using openSUSE 13.1" > + DISTRO=13.1 > else > echo "" > case "$DISTRO" in > - 12.3) > - echo "Selected openSUSE 12.3" > - ;; > - > 13.1) > echo "Selected openSUSE 13.1" > ;; > -- > 2.2.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:39:16 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:39:16 -0500 Subject: [lxc-devel] [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches end-of-life soon In-Reply-To: References: Message-ID: <20141219183916.GQ23851@dakara> On Fri, Dec 12, 2014 at 09:58:59PM +0100, Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 12.12.2014 Johannes Kastl wrote: > > > This patch is against master, I'll send a patch against stable-1.0 > > soon. > > Here is the patch for stable-1.0. As 1.0.x does not include the > template with release selection, this just changes the default to 13.1. > > Regards, > Johannes > - -- > The presence of those seeking the truth is infinitely to be preferred > to the presence of those who think they 've found it. > (Terry Pratchett, Monstrous regiment) > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlSLVxMACgkQzi3gQ/xETbJVbgCfeejvgaiEFGDt3ovWKh2/yXzV > Zk0AnjK+c7eoVBiYBToMGrZF0DeZq6nJ > =hqxm > -----END PGP SIGNATURE----- > From d4a24486138b9330127d6fddd8ea26cecc6149c4 Mon Sep 17 00:00:00 2001 > From: Johannes Kastl > Date: Fri, 12 Dec 2014 21:52:57 +0100 > Subject: [PATCH] lxc-opensuse default release changed to 13.1, as 12.3 reaches > end-of-life soon > > Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber > --- > templates/lxc-opensuse.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in > index 91ef726..c593238 100644 > --- a/templates/lxc-opensuse.in > +++ b/templates/lxc-opensuse.in > @@ -38,7 +38,7 @@ done > # Make sure the usual locations are in PATH > export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin > > -DISTRO=12.3 > +DISTRO=13.1 > > configure_opensuse() > { > -- > 2.2.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:39:44 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:39:44 -0500 Subject: [lxc-devel] [PATCH] lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed (was: [PATCH] Disabled building openSUSE containers on openSUSE 13.2 and openSUSE Tumbleweed due to faulty behaviour with newer versions of init_buildsystem) In-Reply-To: References: <20141127225147.GR10205@dakara> Message-ID: <20141219183944.GR23851@dakara> On Wed, Dec 17, 2014 at 09:06:34PM +0100, Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 27.11.2014 Stéphane Graber wrote: > > > There is a bug report, but no solution yet. I am busy with other > > real world stuff right now, so maybe to protect users this patch > > should make it into stable-1.0? > > The bug has been found, it was a different behaviour in the build > package. This is fixed on openSUSE with build version 20141120 or newer. > > So, I changed the version check in the package, and it aborts creation > only if > - - running on openSUSE 13.2 or Tumbleweed > AND > - - the version of the build package is lower than 20141120. > > This patch is for stable-1.0, I'd like to get this into 1.1, too. I'll > send a patch soon. > > Regards, > Johannes > - -- > I love deadlines. I like the whooshing sound they make as they fly by. > (Douglas Adams) > > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlSR4koACgkQzi3gQ/xETbKL7ACfYR+l0a5/poqlGJEZgIQRBpkY > eMQAniDNjJUMUb7v/L6S/ugyecbYyLQT > =LXRW > -----END PGP SIGNATURE----- > From 14ad06d6beb245dcfa59cb940f95e47ebcc05d02 Mon Sep 17 00:00:00 2001 > From: Johannes Kastl > Date: Wed, 17 Dec 2014 21:01:27 +0100 > Subject: [PATCH] lxc-opensuse: Disable building openSUSE containers on > 13.2/Tumbleweed only if wrong version of build package is installed > > Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber > --- > templates/lxc-opensuse.in | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in > index c593238..8d1d4e1 100644 > --- a/templates/lxc-opensuse.in > +++ b/templates/lxc-opensuse.in > @@ -395,8 +395,10 @@ if [ -z "$path" ]; then > fi > > if grep -q Harlequin /etc/os-release || grep -q Tumbleweed /etc/os-release ; then > - echo "Building containers on openSUSE 13.2 or Tumbleweed is broken at the moment. We are working on this problem." > - exit 1 > + if [[ "$(zypper info build|awk -F "[- ]" '/Version/ {print $2}')" -lt "20141120" ]] ; then > + echo "Building openSUSE containers with your version of the build package is broken. Please install the update to version 20141120 or newer." > + exit 1 > + fi > fi > > if [ "$(id -u)" != "0" ]; then > -- > 2.2.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From stgraber at ubuntu.com Fri Dec 19 18:39:52 2014 From: stgraber at ubuntu.com (=?iso-8859-1?Q?St=E9phane?= Graber) Date: Fri, 19 Dec 2014 13:39:52 -0500 Subject: [lxc-devel] [PATCH] lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed In-Reply-To: References: <20141127225147.GR10205@dakara> Message-ID: <20141219183952.GS23851@dakara> On Wed, Dec 17, 2014 at 09:10:01PM +0100, Johannes Kastl wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On 17.12.2014 Johannes Kastl wrote: > > > This patch is for stable-1.0, I'd like to get this into 1.1, too. > > I'll send a patch soon. > > Here it is. > > Regards, > Johannes > - -- > `You should write a book,´ Ron told Hermione as he cut up his > potatoes, `translating mad things girls do so boys can understand them.´ > (Harry Potter and the Order of the Phoenix) > -----BEGIN PGP SIGNATURE----- > Comment: Using GnuPG with SeaMonkey - http://www.enigmail.net/ > > iEYEARECAAYFAlSR4xkACgkQzi3gQ/xETbInjQCgkSwmQ/7X9Mi4oCrES08+UR+q > RFMAn3IavjqjBF4CXnFrRrgoLOJRfyIJ > =vyWW > -----END PGP SIGNATURE----- > From 5f391b0dd8b98365398ccd9098acd4b19d0b8ee8 Mon Sep 17 00:00:00 2001 > From: Johannes Kastl > Date: Wed, 17 Dec 2014 21:08:21 +0100 > Subject: [PATCH] lxc-opensuse: Disable building openSUSE containers on > 13.2/Tumbleweed only if wrong version of build package is installed > > Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber > --- > templates/lxc-opensuse.in | 6 ++++-- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in > index 4c09d24..f727250 100644 > --- a/templates/lxc-opensuse.in > +++ b/templates/lxc-opensuse.in > @@ -427,8 +427,10 @@ if [ -z "$path" ]; then > fi > > if grep -q Harlequin /etc/os-release || grep -q Tumbleweed /etc/os-release ; then > - echo "Building containers on openSUSE 13.2 or Tumbleweed is broken at the moment. We are working on this problem." > - exit 1 > + if [[ "$(zypper info build|awk -F "[- ]" '/Version/ {print $2}')" -lt "20141120" ]] ; then > + echo "Building openSUSE containers with your version of the build package is broken. Please install the update to version 20141120 or newer." > + exit 1 > + fi > fi > > if [ -z "$DISTRO" ]; then > -- > 2.2.0 > > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: From noreply at github.com Fri Dec 19 18:45:21 2014 From: noreply at github.com (GitHub) Date: Fri, 19 Dec 2014 10:45:21 -0800 Subject: [lxc-devel] [lxc/lxc] 6166fa: seccomp: add rule to reject umount -f Message-ID: <54947241e72be_4d673f9495aab2c073657@hookshot-fe2-cp1-prd.iad.github.net.mail> Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 6166fa6d83b23e86a24cc2ab5cfe780fccb0a709 https://github.com/lxc/lxc/commit/6166fa6d83b23e86a24cc2ab5cfe780fccb0a709 Author: Serge Hallyn Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M config/templates/common.seccomp M src/lxc/seccomp.c Log Message: ----------- seccomp: add rule to reject umount -f If a container has a bind mount from a host nfs or fuse filesystem, and does 'umount -f', it will disconnect the host's filesystem. This patch adds a seccomp rule to block umount -f from a container. It also adds that rule to the default seccomp profile. Thanks stgraber for the idea :) Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: 218f99322c78b7788c0eff1997f95d135741e480 https://github.com/lxc/lxc/commit/218f99322c78b7788c0eff1997f95d135741e480 Author: Serge Hallyn Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M config/templates/userns.conf.in Log Message: ----------- Enable seccomp by default for unprivileged users. In contrast to what the comment above the line disabling it said, it seems to work just fine. It also is needed on current kernels (until Eric's patch hits upstream) to prevent unprivileged containers from hosing fuse filesystems they inherit. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: 8f3a3cd80509d32443072b5f678fdebd04cbc882 https://github.com/lxc/lxc/commit/8f3a3cd80509d32443072b5f678fdebd04cbc882 Author: Johannes Kastl Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: default release changed to 13.1, as 12.3 reaches end-of-life soon Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Commit: d3eccbbf805cb68522955519b0709853f6bc7bff https://github.com/lxc/lxc/commit/d3eccbbf805cb68522955519b0709853f6bc7bff Author: Johannes Kastl Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/ec64264d78d4...d3eccbbf805c From noreply at github.com Fri Dec 19 18:51:35 2014 From: noreply at github.com (GitHub) Date: Fri, 19 Dec 2014 10:51:35 -0800 Subject: [lxc-devel] [lxc/lxc] cd4c25: lxc-opensuse: default release changed to 13.1, as ... Message-ID: <549473b77f5c5_1ea53ffb8b9132c04735d@hookshot-fe6-cp1-prd.iad.github.net.mail> Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: cd4c250df41822c25b22303dea84ccd3c81a589b https://github.com/lxc/lxc/commit/cd4c250df41822c25b22303dea84ccd3c81a589b Author: Johannes Kastl Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: default release changed to 13.1, as 12.3 reaches end-of-life soon Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Commit: 96c3d526640d1e1f15052d0c87796ba604d58b50 https://github.com/lxc/lxc/commit/96c3d526640d1e1f15052d0c87796ba604d58b50 Author: Johannes Kastl Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M templates/lxc-opensuse.in Log Message: ----------- lxc-opensuse: Disable building openSUSE containers on 13.2/Tumbleweed only if wrong version of build package is installed Signed-off-by: Johannes Kastl Acked-by: Stéphane Graber Commit: 18d8dd1e72354a806452df0779f132c2c069d94b https://github.com/lxc/lxc/commit/18d8dd1e72354a806452df0779f132c2c069d94b Author: Serge Hallyn Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M config/templates/common.seccomp M src/lxc/seccomp.c Log Message: ----------- seccomp: add rule to reject umount -f If a container has a bind mount from a host nfs or fuse filesystem, and does 'umount -f', it will disconnect the host's filesystem. This patch adds a seccomp rule to block umount -f from a container. It also adds that rule to the default seccomp profile. Thanks stgraber for the idea :) Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: 5cb9ed613b2b3d8f3d0f1c0c4e41a74bb98fa5b1 https://github.com/lxc/lxc/commit/5cb9ed613b2b3d8f3d0f1c0c4e41a74bb98fa5b1 Author: Serge Hallyn Date: 2014-12-19 (Fri, 19 Dec 2014) Changed paths: M config/templates/centos.userns.conf.in M config/templates/debian.userns.conf.in M config/templates/fedora.userns.conf.in M config/templates/gentoo.userns.conf.in M config/templates/oracle.userns.conf.in M config/templates/plamo.userns.conf.in M config/templates/ubuntu.userns.conf.in Log Message: ----------- Enable seccomp by default for unprivileged users. In contrast to what the comment above the line disabling it said, it seems to work just fine. It also is needed on current kernels (until Eric's patch hits upstream) to prevent unprivileged containers from hosing fuse filesystems they inherit. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/1c5ccb98a75b...5cb9ed613b2b From serge.hallyn at ubuntu.com Fri Dec 19 18:56:49 2014 From: serge.hallyn at ubuntu.com (Serge Hallyn) Date: Fri, 19 Dec 2014 18:56:49 +0000 Subject: [lxc-devel] [LXD] Default routes changes. In-Reply-To: References: Message-ID: <20141219185649.GA4460@ubuntumail> Quoting Kunal Kushwaha (kunalkushwahaoss at gmail.com): > Hi, > > With ref to LXD issue #114 > > There are two ways to implement the default roots. > > 1. Initialize within code. > Instead of initializing with empty Config Structure at > https://github.com/lxc/lxd/blob/master/config.go#L56 > > can be initialized as > > remotes := map[string]RemoteConfig{ > "images": RemoteConfig{"https+registry://registry.linuxcontainers.org"}, > "local": RemoteConfig{"unix+lxd://var/lib/lxd/socket"}, > } > > defaultConfig := &Config{TestOption: "", > DefaultRemote: "", > Remotes: remotes, > ListenAddr: "80"} > > > > 2. Create a default config file. > While installation, a default config.yml can be create with default > settings. > > --- > test-option: > default-remote: > remotes: > images: > addr: https+registry://registry.linuxcontainers.org > local: > addr: unix+lxd://var/lib/lxd/socket > listen-addr: 80 > > > Which approach is better? The comment at https://github.com/lxc/lxd/blob/master/config.go#L55 says that a missing config == default config. So it sounds like: 1. if there is no specified config, use the two defaults (hard-coded in code) 2. user can add more entries, which results in a config being written out, which includes bot the two defaults and the new config 3. user can remove entries from the config file, including the defaults. The defaults are not re-added unless the config file is deleted altogether. my 2c -serge From eeg5auquaephoo5j at gmail.com Sat Dec 20 15:33:33 2014 From: eeg5auquaephoo5j at gmail.com (BB) Date: Sat, 20 Dec 2014 16:33:33 +0100 Subject: [lxc-devel] lxc.Container.attach_wait() capturing stdout (and stderr) Message-ID: Dear LXC Developers, please excuse me, I was not sure if this question belongs on the users or devel list. What's the "standard" way to get the output (stdout, stderr) from lxc.Container.attach_wait()? The method returns only the exit code and writes to sys.stdout and sys.stderr. I know that I can temporarily set sys.stdout to a StringIO buffer but I suspect that there must be an easier way. Best regards, BB -------------- next part -------------- An HTML attachment was scrubbed... URL: From eeg5auquaephoo5j at gmail.com Tue Dec 23 18:01:43 2014 From: eeg5auquaephoo5j at gmail.com (BB) Date: Tue, 23 Dec 2014 19:01:43 +0100 Subject: [lxc-devel] Valid Container Names/Identifiers In-Reply-To: <20141218154204.GE1397@ubuntumail> References: <20141216152205.GL23859@dakara> <20141218154204.GE1397@ubuntumail> Message-ID: Just a remark... When I start a container via the Python bindings (version 1.0.6-0ubuntu0.1 on Ubuntu trusty) I get the following message: lxc_container: simple_container is too long (>= 16) I cannot reproduce this by calling lxc-start directly but if there will be a patch to check the name, please allow names longer than 16 characters - because of the common use case mentioned by Stéphane: container name == hostname (or even fqdn). The message probably originates here: https://github.com/lxc/lxc/blob/ec64264d78d4ed608553842ce9e1f07eeab2a032/src/lxc/confile.c#L265 Regards, BB On Thu, Dec 18, 2014 at 4:42 PM, Serge Hallyn wrote: > Agreed. Would you mind coming up with a proposed patch to be stricter at > lxcapi_create() and sending it out? > > Quoting Joel Nider (JOELN at il.ibm.com): > > I would strongly suggest to nail this down now since the question came > up. > > This is the kind of issue that could create security bugs later on (when > > different parts of the code check for valid names in different ways, or > > don't check at all). Stephane's suggestion of a 64 ASCII character string > > that forms a valid Linux hostname sounds good to me - is this formally > > defined somewhere? > > > > Regards, > > > > Joel > > > > "lxc-devel" wrote on > > 16/12/2014 05:22:05 PM: > > > > > From: Stéphane Graber > > > To: LXC development mailing-list > > > Date: 16/12/2014 05:22 PM > > > Subject: Re: [lxc-devel] Valid Container Names/Identifiers > > > Sent by: "lxc-devel" > > > > > > On Tue, Dec 16, 2014 at 10:36:13AM +0100, Till Walter wrote: > > > > Dear LXC Developers, > > > > > > > > the manual page of lxc-create states that "The container identifier > > > > format is an alphanumeric string". Yet besides [A-Za-z0-9] other > > > > characters like underscore are also fine. > > > > I had a brief look at the source but did not find any check, e.g., > > > > using a regex. Is there any check at all? What are valid container > > > > identifiers/names? > > > > I am asking because I am using the official python bindings to write > a > > > > little utility and want to avoid container naming problems that may > > > > arise. > > > > > > > > Best regards, > > > > > > > > BB > > > > > > So LXC itself doesn't really have a definition for valid names, however > > > since the name is typically used for the container's hostname, you > > > should stick to what's considered a valid hostname on Linux. > > > > > > There's a POSIX RFC for that but IIRC it's basically 64 chars ASCII. > > > > > > -- > > > Stéphane Graber > > > Ubuntu developer > > > http://www.ubuntu.com > > > [attachment "signature.asc" deleted by Joel Nider/Haifa/IBM] > > > _______________________________________________ > > > lxc-devel mailing list > > > lxc-devel at lists.linuxcontainers.org > > > http://lists.linuxcontainers.org/listinfo/lxc-devel > > > > _______________________________________________ > > lxc-devel mailing list > > lxc-devel at lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > _______________________________________________ > lxc-devel mailing list > lxc-devel at lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > -------------- next part -------------- An HTML attachment was scrubbed... URL: From beprojectcriu at gmail.com Thu Dec 25 16:19:23 2014 From: beprojectcriu at gmail.com (beproject criu) Date: Thu, 25 Dec 2014 21:49:23 +0530 Subject: [lxc-devel] Session Leader Message-ID: Dear LXC Developers, Why init of spawned container is not a session leader?. Can i change the session leader of lxc container using hooks,etc? If yes, how do i do it. Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From stgraber at ubuntu.com Thu Dec 25 23:17:25 2014 From: stgraber at ubuntu.com (=?UTF-8?q?St=C3=A9phane=20Graber?=) Date: Fri, 26 Dec 2014 00:17:25 +0100 Subject: [lxc-devel] [PATCH] Also drop caps in unpriv containers Message-ID: <1419549445-31359-1-git-send-email-stgraber@ubuntu.com> Signed-off-by: Stéphane Graber --- src/lxc/conf.c | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 472eb79..72181dd 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -4158,20 +4158,18 @@ int lxc_setup(struct lxc_handler *handler) return -1; } - if (lxc_list_empty(&lxc_conf->id_map)) { - if (!lxc_list_empty(&lxc_conf->keepcaps)) { - if (!lxc_list_empty(&lxc_conf->caps)) { - ERROR("Simultaneously requested dropping and keeping caps"); - return -1; - } - if (dropcaps_except(&lxc_conf->keepcaps)) { - ERROR("failed to keep requested caps"); - return -1; - } - } else if (setup_caps(&lxc_conf->caps)) { - ERROR("failed to drop capabilities"); + if (!lxc_list_empty(&lxc_conf->keepcaps)) { + if (!lxc_list_empty(&lxc_conf->caps)) { + ERROR("Simultaneously requested dropping and keeping caps"); return -1; } + if (dropcaps_except(&lxc_conf->keepcaps)) { + ERROR("failed to keep requested caps"); + return -1; + } + } else if (setup_caps(&lxc_conf->caps)) { + ERROR("failed to drop capabilities"); + return -1; } NOTICE("'%s' is setup.", name); -- 1.9.1 From stgraber at ubuntu.com Sun Dec 28 17:33:29 2014 From: stgraber at ubuntu.com (=?UTF-8?q?St=C3=A9phane=20Graber?=) Date: Sun, 28 Dec 2014 18:33:29 +0100 Subject: [lxc-devel] [PATCH] apparmor: Block access to /proc/kcore Message-ID: <1419788009-20768-1-git-send-email-stgraber@ubuntu.com> Just like we block access to mem and kmem, there's no good reason for the container to have access to kcore. Reported-by: Marc Schaefer Signed-off-by: Stéphane Graber --- config/apparmor/abstractions/container-base | 5 +++-- config/apparmor/abstractions/container-base.in | 5 +++-- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/config/apparmor/abstractions/container-base b/config/apparmor/abstractions/container-base index 2d5fd7a..ac8d4e9 100644 --- a/config/apparmor/abstractions/container-base +++ b/config/apparmor/abstractions/container-base @@ -70,9 +70,10 @@ mount fstype=efivarfs -> /sys/firmware/efi/efivars/, # block some other dangerous paths - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, + deny @{PROC}/kcore rwklx, deny @{PROC}/kmem rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/sysrq-trigger rwklx, # deny writes in /sys except for /sys/fs/cgroup, also allow # fusectl, securityfs and debugfs to be mounted there (read-only) diff --git a/config/apparmor/abstractions/container-base.in b/config/apparmor/abstractions/container-base.in index 2065735..235913b 100644 --- a/config/apparmor/abstractions/container-base.in +++ b/config/apparmor/abstractions/container-base.in @@ -70,9 +70,10 @@ mount fstype=efivarfs -> /sys/firmware/efi/efivars/, # block some other dangerous paths - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, + deny @{PROC}/kcore rwklx, deny @{PROC}/kmem rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/sysrq-trigger rwklx, # deny writes in /sys except for /sys/fs/cgroup, also allow # fusectl, securityfs and debugfs to be mounted there (read-only) -- 1.9.1 From ncopa at alpinelinux.org Wed Dec 31 07:31:45 2014 From: ncopa at alpinelinux.org (Natanael Copa) Date: Wed, 31 Dec 2014 08:31:45 +0100 Subject: [lxc-devel] [PATCH] lxc-alpine: use yaml for detection of latest release Message-ID: <1420011105-19139-1-git-send-email-ncopa@alpinelinux.org> Alpine Linux provides yaml files with latest release instead of the old approach with .latest.txt. Signed-off-by: Natanael Copa --- Should also go to 1.0.x stable templates/lxc-alpine.in | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in index ba27aea..187a032 100644 --- a/templates/lxc-alpine.in +++ b/templates/lxc-alpine.in @@ -28,10 +28,15 @@ get_static_apk () { if [ -z "$repository" ]; then url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi + yaml_path="latest-stable/releases/$apk_arch/latest-releases.yaml" if [ -z "$release" ]; then echo -n "Determining the latest release... " - release=$($wget $url/.latest.$apk_arch.txt | \ - cut -d " " -f 3 | cut -d / -f 1 | uniq) + release=$($wget $url/$yaml_path | \ + awk '$1 == "branch:" {print $2; exit 0}') + if [ -z "$release" ]; then + release=$($wget $url/.latest.$apk_arch.txt | \ + cut -d " " -f 3 | cut -d / -f 1 | uniq) + fi if [ -z "$release" ]; then echo failed return 1 -- 2.2.1