[lxc-devel] [GIT] lxc branch, master, updated. 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1
Daniel Lezcano
git at users.sourceforge.net
Tue Mar 19 10:23:21 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lxc".
The branch, master has been updated
via 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1 (commit)
via 9afe19d634946d50eab30e3b90cb5cebcde39eea (commit)
via 7b2b9c7f9717fbcf8bb953bf5d1b4d4d9527f486 (commit)
via f424fa8f3ed5883c5624cf0a494537a5ec912d35 (commit)
via 2ac9aafca6793e74587df7b81a1b27a71a16caa9 (commit)
via 4f7521b4137d37fed01d3d11d4d2dde92138158a (commit)
via 6139e7e52d914af89f2a204512c1345af56ce6e9 (commit)
via 2f3f41d0d586bbf4d16969ea13074eddf761d1d1 (commit)
via 7e0e1d941d4b0fbca53fd9aba3aafa9745119b53 (commit)
via 23622a2ac8eff0eb41f21189425baffd4eb83fdb (commit)
via fc7de5616f6564a14d12454054f05565264bd4e1 (commit)
via 251d0d2a8b4ec7a12c22ba63b5d0e558289c2ef6 (commit)
via a84b99323ab760d67cf76ef2418313bfd4f8b3ca (commit)
via da139233f0529c8c6d305c7da5a406aa2a77f677 (commit)
via ac7725e7bb6753087aa63bbefb999529b0625212 (commit)
via 4e18e959535e3f4239f6be25924ca14f7ce65ade (commit)
via b6adc92b5f40e4bcd72b1e6a3bd82fbb160257eb (commit)
via b6b918a1d4f91da7bb41da202112ac8fddf947f7 (commit)
via 24fcdb395fbd9769a33093e09a68b2339de66ed6 (commit)
via 0d03360a77521d7af4f177e195f6119c36d4c31d (commit)
via 90341b9e39561e37797777a34d0589c14c0c2a68 (commit)
via 990d9d7c371d26021f14d25a62484776b1f14d32 (commit)
via 53a54099bc66a8a72935220921be73b933dad064 (commit)
via cb3e61fa37431373e52602e6b26a3e2ade9e2941 (commit)
via 21da9912d453a8a3b9c05309b2c7c24774d233d3 (commit)
via 905022f73f5dee19cd6a880f8112b0a6aa45ba22 (commit)
via 66b503423832b65059ca62c2897f2ed266804391 (commit)
via ae5c8b8ed5feb9a47c5007c986ce01ea39b5075f (commit)
via 7f597314cdc6efe530f733e6caef6c6490af5ea2 (commit)
via 63e414f8c128cdf391ae95c547509eb14c59f826 (commit)
via e4ccd113dce99c9eb0cfba23c09eda4b58234d0d (commit)
via dba104c82ef151b26b806cc17ee29c4ab9a5b5e6 (commit)
via 65a2d6b2ba71f96c2120bbb6f92ad0456fd0ea6f (commit)
via b858bedf4a6467d37ff9c486c073f6545c58b30d (commit)
via 9958532bff244ddca65503b42d31c8a4b90b11b1 (commit)
via c5427d7d9fc571844c4ca7c9126330a0a005b2b0 (commit)
via 1cb4260d10df377deb64f4d2a5fc188890b01e66 (commit)
via 0e21ea4b15b1f1a066da54aed04f4fcac45d5741 (commit)
via 36368228d286cd5c1492ae7aab92b4d78dbfb616 (commit)
via 285ee6b8f120ebb8f37578081fb4bdc400538306 (commit)
via f4936bf19c56a688eec182e1916c8b660e3a0058 (commit)
via e6242d6a3d3f94b72d1c5a86abab4d18fafbd984 (commit)
via a7273db9f87f59815d36c3eca4d4501304ae84b2 (commit)
via f02adce21a023543fa4f13849740761a85e3e9eb (commit)
via d696d21c2a7d5d15b3a456edd8ba742a5970d40a (commit)
via ba4c42597399c72fbb0b8f99e6ded79f738a6ac3 (commit)
via 336d546929d7482b6334a2e6b2a45577e143ba79 (commit)
via 6e2faa3724f1b05d5d5f9accc1b0f05f0ba26b5e (commit)
via 852965851dbc8458e0f6d542872386445876fabd (commit)
via 9157421a9b6dd075da0c6a6705be13e467ea0a01 (commit)
via 906f8c4ddd784ce0e759dae87bcb0f9c0a1926be (commit)
via 91e065ec331416b9d0941da86792bdbc8f10fadf (commit)
via daaf41b36790bdaae855048e56ed090b17a77c97 (commit)
via 9123e4718d0db98de2a2935cb2d0bcca1997a333 (commit)
via fbf5de31e3ba14226e30602fb21a50d3cca8db9f (commit)
via c9a841734e36128dd238c0e19aef447b6063ce73 (commit)
via 67e571de63a8e465dc8f1b17e16744a1d3fb552c (commit)
via 067cfaeb190f3bc25a6f5dbcb5a42d743b016458 (commit)
via f40315408755ed29008efef3cf9467ce03c411b7 (commit)
via d42277f769d1bed8a4a198a49dbe96582a4fa2ec (commit)
via 444f3ca2326cbf10bacc62ef0ad731e2e819c7b5 (commit)
from 64e9369c8f82ef9256388726b77b20f042a54809 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1
Author: Daniel Lezcano <daniel.lezcano at free.fr>
Date: Tue Mar 19 11:20:16 2013 +0100
lxc-0.9.0.rc1
Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>
commit 9afe19d634946d50eab30e3b90cb5cebcde39eea
Author: Daniel Lezcano <daniel.lezcano at free.fr>
Date: Tue Mar 19 11:19:06 2013 +0100
Change author email address
Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>
commit 7b2b9c7f9717fbcf8bb953bf5d1b4d4d9527f486
Merge: 64e9369 f424fa8
Author: Daniel Lezcano <daniel.lezcano at free.fr>
Date: Mon Mar 18 23:17:00 2013 +0100
Merge git://github.com/lxc/lxc
Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>
commit f424fa8f3ed5883c5624cf0a494537a5ec912d35
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Mar 13 23:21:15 2013 -0400
Add missing config.h includes.
conf.h and start.h weren't explicitly including config.h which meant that
depending on the ordering of the includes in whatever was including conf.h
or start.h, some pieces of the structs defined in those may be missing.
This led amongst other problems to the lxc_conf struct being wrong by 8 bytes
for functions from commands.c, leading to lxc-stop always failing.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2ac9aafca6793e74587df7b81a1b27a71a16caa9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Mar 13 21:19:24 2013 -0500
commands.c: sanity check to not write too-long cgroup path name
This can't really happen due to current limits in cgroup.c but add it
in case those change in the future.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 4f7521b4137d37fed01d3d11d4d2dde92138158a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Mar 13 10:33:00 2013 -0500
lxc_id_mapping: don't try to write mappings if there are none
Otherwise containers fail to start even if they aren't trying to map
ids.
Also don't allocate buf unless we need to.
Reported-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 6139e7e52d914af89f2a204512c1345af56ce6e9
Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Date: Wed Mar 13 22:24:02 2013 +0800
Update lxc-archlinux template default config to use new options
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2f3f41d0d586bbf4d16969ea13074eddf761d1d1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Mar 13 08:55:11 2013 -0500
default kmsg symlinking to on, and document lxc.kmsg
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7e0e1d941d4b0fbca53fd9aba3aafa9745119b53
Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Date: Mon Mar 11 13:15:18 2013 +0800
Make /dev/kmsg symlinking optional, add lxc.kmsg option
Had this changeset hanging around for some time, maybe this would be useful
until some better solution come up.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 23622a2ac8eff0eb41f21189425baffd4eb83fdb
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Mar 12 21:34:26 2013 -0500
cgroups: don't mount under init's cgroup
1. deeper hierarchy has steep performance costs
2. init may be under /init, but containers should be under /lxc
3. in a nested container we like to bind-mount $cgroup_path/$c/$c.real
into $cgroup_path - but task 1's cgroup is $c/$c.real, so a nested
container would be in $c/$c.real/lxc, which would become
/$c/$c.real/$c/$c.real/lxc when expanded
4. this pulls quite a bit of code (of mine) which is always nice
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fc7de5616f6564a14d12454054f05565264bd4e1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Mar 12 20:21:42 2013 -0500
cgroup: try to set clone_children
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 251d0d2a8b4ec7a12c22ba63b5d0e558289c2ef6
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Mar 11 16:36:25 2013 -0400
uidmap: fix writing multiple ranges
The kernel requires a single atomic write for setting the /proc
idmap files. We were calling write(2) more than once when multiple
ranges were configured so instead build a buffer to pass in one write(2)
call.
Change id types to unsigned long to handle large id mappings gracefully.
Fix max id in example comment.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a84b99323ab760d67cf76ef2418313bfd4f8b3ca
Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Date: Tue Mar 12 17:14:11 2013 +0800
Add lxc.stopsignal config option
I remember discussion about implementing proper way to shutdown
guests using different signals, so here's a patch proposal.
It allows to use specific signal numbers to shutdown guests
gracefully, for example SIGRTMIN+4 starts poweroff.target in
systemd.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit da139233f0529c8c6d305c7da5a406aa2a77f677
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Mar 12 13:04:35 2013 -0400
oracle template: fixes for older releases
This fixes some issues found by Oracle QA, including several cosmetic
errors seen during container bootup.
The rpm database needs moving on Debian hosts similar to on Ubuntu.
I took Serge's suggestions: Do the yum install in an unshared
mount namespace so the /proc mount done during OL4 install doesn't
pollute the host. No need to blacklist ipv6 modules.
Make the default release 6.3, unless the host is OL, then default
to the same version as the host (same as Ubuntu template does).
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit ac7725e7bb6753087aa63bbefb999529b0625212
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Mar 11 15:33:57 2013 -0400
make [ug]id map ordering consistent with /proc/<nr>/[ug]id_map
The id ordering and case of u,g is also consistent with uidmapshift,
reducing confusion.
doc: Moved example to the the EXAMPLES section, and used values
corresponding to the defaults in the pending shadow-utils subuid patch.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 4e18e959535e3f4239f6be25924ca14f7ce65ade
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Mar 8 15:20:19 2013 -0500
lxc-lenny: Remove deprecated template
Debian 5.0 Lenny turned out of support on the 6th of February 2012.
From now on, the only supported Debian template is lxc-debian.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit b6adc92b5f40e4bcd72b1e6a3bd82fbb160257eb
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Mar 11 11:57:52 2013 -0400
python: Add get_version to binding
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit b6b918a1d4f91da7bb41da202112ac8fddf947f7
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Mar 11 11:57:51 2013 -0400
API: export lxc_get_version()
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 24fcdb395fbd9769a33093e09a68b2339de66ed6
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Mar 11 11:57:50 2013 -0400
python: Don't hardcode LXCPATH in python module
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 0d03360a77521d7af4f177e195f6119c36d4c31d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Mar 10 22:42:40 2013 -0500
rootfs pin: fix two bugs
1. if there's no rootfs, return -2, not 0.
2. don't close pinfd unconditionally in do_start().
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: David Ward <david.ward at ll.mit.edu>
commit 90341b9e39561e37797777a34d0589c14c0c2a68
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu Mar 7 10:45:00 2013 -0500
include tests in make dist
This should eventually make the source releases available on sourceforge
also contain the tests.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 990d9d7c371d26021f14d25a62484776b1f14d32
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Mar 6 13:41:04 2013 -0600
attach: handle apparmor transitions in !NEWNS cases
If we're not attaching to the mount ns , then don't enter the
container's apparmor policy. Since we're running binaries from the host
and not the container, that actually seems the sane thing to do (besides
also the lazier thing).
If we dont' do this patch, then we will need to move the apparmor attach
past the procfs remount, will need to also mount securityfs if available,
and for the !remount_proc_sys case we'll want to mount those just long
enough to do the apparmor transition.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 53a54099bc66a8a72935220921be73b933dad064
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Mar 6 14:32:33 2013 -0600
attach: free result before potentially strduping a second time.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit cb3e61fa37431373e52602e6b26a3e2ade9e2941
Author: Christian Seiler <christian at iwakd.de>
Date: Wed Mar 6 20:43:52 2013 +0100
lxc-attach: User namespaces: Use init's user & group id when attaching
When attaching to a container with a user namespace, try to detect the
user and group ids of init via /proc and attach as that same user. Only
if that is unsuccessful, fall back to (0, 0).
Signed-off-by: Christian Seiler <christian at iwakd.de>
commit 21da9912d453a8a3b9c05309b2c7c24774d233d3
Author: Christian Seiler <christian at iwakd.de>
Date: Wed Mar 6 20:41:54 2013 +0100
lxc-attach: Default to /bin/sh if shell cannot be determined or exec'd
If getpwuid() fails and also the fallback of spawning of a 'getent'
process, and the user specified no command to execute, default to
/bin/sh and only fail if even that is not available. This should ensure
that unless the container is *really* weird, no matter what, the user
should always end up with a shell when calling lxc-attach with no
further arguments.
Signed-off-by: Christian Seiler <christian at iwakd.de>
commit 905022f73f5dee19cd6a880f8112b0a6aa45ba22
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Mar 4 23:38:25 2013 +0100
lxc-attach: Try really hard to determine login shell
If no command is specified, and using getpwuid() to determine the login
shell fails, try to spawn a process that executes the utility 'getent'.
getpwuid() may fail because of incompatibilities between the NSS
implementations on the host and in the container.
Signed-off-by: Christian Seiler <christian at iwakd.de>
commit 66b503423832b65059ca62c2897f2ed266804391
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 19:54:12 2013 -0600
lxc-destroy man page: document --lxcpath option
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ae5c8b8ed5feb9a47c5007c986ce01ea39b5075f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Mar 1 14:53:20 2013 -0600
cgroup: improve support for multiple lxcpaths (v3)
Add a monitor command to get the cgroup for a running container. This
allows container r1 started from /var/lib/lxc and container r1 started
from /home/ubuntu/lxcbase to pick unique cgroup directories (which
will be /sys/fs/cgroup/$subsys/lxc/r1 and .../r1-1), and all the lxc-*
tools to get that path over the monitor at lxcpath.
Rework the cgroup code. Before, if /sys/fs/cgroup/$subsys/lxc/r1
already existed, it would be moved to 'deadXXXXX', and a new r1 created.
Instead, if r1 exists, use r1-1, r1-2, etc.
I ended up removing both the use of cgroup.clone_children and support
for ns cgroup. Presumably we'll want to put support for ns cgroup
back in for older kernels. Instead of guessing whether or not we
have clone_children support, just always explicitly do the only thing
that feature buys us - set cpuset.{cpus,mems} for newly created cgroups.
Note that upstream kernel is working toward strict hierarchical
limit enforcements, which will be good for us.
NOTE - I am changing the lxc_answer struct size. This means that
upgrades to this version while containers are running will result
in lxc_* commands on pre-running containers will fail.
Changelog: (v3)
implement cgroup attach
fix a subtle bug arising when we lxc_get_cgpath() returned
STOPPED rather than -1 (STOPPED is 0, and 0 meant success).
Rename some functions and add detailed comments above most.
Drop all my lxc_attach changes in favor of those by Christian
Seiler (which are mostly the same, but improved).
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7f597314cdc6efe530f733e6caef6c6490af5ea2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 14:11:36 2013 -0600
c api: send lxcpath to destroy command
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 63e414f8c128cdf391ae95c547509eb14c59f826
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 13:29:52 2013 -0600
c api -> createl: correctly handle 0 template args
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e4ccd113dce99c9eb0cfba23c09eda4b58234d0d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 11:55:16 2013 -0600
userns: handle delayed write errors at fclose
As Kees pointed out, write() errors can be delayed and returned as
close() errors. So don't ignore error on close when writing the
userns id mapping.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit dba104c82ef151b26b806cc17ee29c4ab9a5b5e6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 10:47:58 2013 -0600
af_unix: make sure to keep useful errno
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 65a2d6b2ba71f96c2120bbb6f92ad0456fd0ea6f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Mar 4 14:24:51 2013 -0600
lxc-destroy: add --lxc-path argument
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b858bedf4a6467d37ff9c486c073f6545c58b30d
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Mar 4 10:55:38 2013 -0600
lxc_attach: fix break with user namespaces (v3)
When you clone a new user_ns, the child cannot write to the fds
opened by the parent. Hnadle this by doing an extra fork. The
grandparent hangs around and waits for its child to tell it the
pid of of the grandchild, which will be the one attached to the
container. The grandparent then moves the grandchild into the
right cgroup, then waits for the child who in turn is waiting on
the grandchild to complete.
Secondly, when attaching to a new user namespace, your old uid is
not valid, so you are uid -1. This patch simply does setid+setuid
to 0 if that is the case. We probably want to be smarter, but
for now this allows lxc-attach to work.
Signed-off-by: Christian Seiler <christian at iwakd.de>
commit 9958532bff244ddca65503b42d31c8a4b90b11b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Mar 1 14:25:36 2013 -0600
attach: join apparmor profile
This patch enables lxc-attach to join the profile of the container it
is attaching to. Builds/runs fine with apparmor enabled and disabled.
Export new aa_get_profile(), and use it for attach_apparmor, but also
handle profile names longer than 100 chars in lxc_start apparmor
support.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit c5427d7d9fc571844c4ca7c9126330a0a005b2b0
Author: Anthony Wu <wu at learnsprout.com>
Date: Thu Feb 28 17:00:22 2013 -0800
Update README w/ libcap troubleshooting tip.
Signed-off-by: Anthony Wu <wu at learnsprout.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 1cb4260d10df377deb64f4d2a5fc188890b01e66
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Mar 1 11:12:20 2013 -0500
python api_test: Drop use of @LXCPATH@
The python api test script was using @LXCPATH@ for one of its checks.
Now that the lxcpath is exposed by the lxc python module directly, this
can be dropped and api_test.py can now become a simple python file without
needing pre-processing by autoconf.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 0e21ea4b15b1f1a066da54aed04f4fcac45d5741
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Feb 28 18:04:46 2013 -0500
lxc-ls: Implement support for nested containers
Add initial support for showing and querying nested containers.
This is done through a new --nesting argument to lxc-ls and uses
lxc-attach to go look for sub-containers.
Known limitations include the dependency on setns support for the PID
and NETWORK namespaces and the assumption that LXCPATH for the sub-containers
matches that of the host.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 36368228d286cd5c1492ae7aab92b4d78dbfb616
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Feb 28 14:07:49 2013 -0600
templates: update for openSUSE 12.3
Update template to install openSUSE 12.3
Signed-off-by: Frederic Crozat <fcrozat at suse.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 285ee6b8f120ebb8f37578081fb4bdc400538306
Author: Jiri Slaby <jslaby at suse.cz>
Date: Tue Feb 19 13:44:53 2013 +0100
lxc-opensuse: print \n from one echo
Otherwise the output looks like:
Copying rootfs to /var/lib/lxc/tomcat/rootfs ...Please change
root-password !
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit f4936bf19c56a688eec182e1916c8b660e3a0058
Author: Jiri Slaby <jslaby at suse.cz>
Date: Tue Feb 19 12:59:32 2013 +0100
lxc-opensuse: proper failure
Fail if something goes wrong. We used to continue and show one failure
after another.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e6242d6a3d3f94b72d1c5a86abab4d18fafbd984
Author: Jiri Slaby <jslaby at suse.cz>
Date: Tue Feb 19 12:59:17 2013 +0100
lxc-opensuse: extend base
Base no longer provides bash, sed and tar, but we need those. So add them.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a7273db9f87f59815d36c3eca4d4501304ae84b2
Author: Frederic Crozat <fcrozat at suse.com>
Date: Tue Feb 19 12:55:18 2013 +0100
lxc-opensuse: update for 12.2
This adaptation of systemd. We also add network configuration support.
Jiri Slaby: cleanups, rebase
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit f02adce21a023543fa4f13849740761a85e3e9eb
Author: Frederic Crozat <fcrozat at suse.com>
Date: Fri Apr 27 15:57:02 2012 +0200
give a hint if old cgroup can't be moved
When cgroup can't be moved, it might be a hint container is already
running.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d696d21c2a7d5d15b3a456edd8ba742a5970d40a
Author: Frederic Crozat <fcrozat at suse.com>
Date: Fri Apr 20 14:36:53 2012 +0200
shutdown fixes for openSUSE container
- mount /run on tmpfs outside container
- replace /var/run bind mount on /run by a symlink
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ba4c42597399c72fbb0b8f99e6ded79f738a6ac3
Author: Frederic Crozat <fcrozat at suse.com>
Date: Wed Apr 18 17:17:18 2012 +0200
various fixes for openSUSE template for lxc-clone usage
- create /etc/hostname as symlink to /etc/HOSTNAME
- fix inadequate space in lxc.mount config, preventing lxc-clone to work
Jiri Slaby: some cleanups
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 336d546929d7482b6334a2e6b2a45577e143ba79
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri Feb 22 10:55:54 2013 -0500
ensure clock_gettime symbol is found
got link error liblxc.so: undefined reference to `clock_gettime'
clock_gettime is used by lxclock.c and is in librt, or bionic libc.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 6e2faa3724f1b05d5d5f9accc1b0f05f0ba26b5e
Author: Jäkel, Guido <G.Jaekel at dnb.de>
Date: Thu Feb 21 16:31:25 2013 -0500
A new option '--host' for lxc-ps
Allow for an additional --host parameter to lxc-ps hiding all processes running
in containers.
Signed-off-by: Guido Jäkel <G.Jaekel at dnb.de>
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 852965851dbc8458e0f6d542872386445876fabd
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu Feb 21 16:57:40 2013 -0500
include hook files in make dist
this makes "make rpm" work again
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 9157421a9b6dd075da0c6a6705be13e467ea0a01
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Feb 21 15:11:29 2013 -0500
python: Update the python scripts for lxcpath
This adds -P/--lxcpath to the various python scripts.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 906f8c4ddd784ce0e759dae87bcb0f9c0a1926be
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Feb 19 15:44:19 2013 -0500
Add example hooks from Ubuntu package
We've been shipping those two hooks for a while in Ubuntu.
Yesterday I reworked them to use the new environment variables and
avoid hardcoding any path that we have available as a variable.
I tested both to work on Ubuntu 13.04 but they should work just as well
on any distro shipping with the cgroup hierarchy in /sys/fs/cgroup and
with ecryptfs available.
Those are intended as example and distros are free to drop them, they
should however be working without any change required, at least on Ubuntu.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 91e065ec331416b9d0941da86792bdbc8f10fadf
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Feb 19 14:39:31 2013 -0600
remove redundant, too-early call to clearenv in api_start call.
Ok, took a look, what happened was the clearenv calls used to be
in lxc_start and lxccontainer and lxc_execute (do lxc_start() callers)
themselves. I moved those into do_start(), but the calls in
lxccontainer.c were never removed.
They should simply be removed altogether. Trivial patch follows.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit daaf41b36790bdaae855048e56ed090b17a77c97
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Feb 18 18:59:42 2013 -0500
lxc-ubuntu{-cloud}: Config layout tweaking
This commit tweaks the layout of the config file for the Ubuntu templates.
With this, we now get a clear network config group, then a path related group,
then a bunch of random config options and the end of the config is apparmor,
capabilities and cgroups.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9123e4718d0db98de2a2935cb2d0bcca1997a333
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Feb 14 10:30:55 2013 -0600
lxc_monitor_open: prepend lxcpath
This is needed for lxc_wait and lxc_monitor to handle lxcpath. However,
the full path name is limited to 108 bytes. Should we use a md5sum of
the lxcpath instead of the path itself?
In any case, with this patch, lxc-wait and lxc-monitor work right with
respect to multiple lxcpaths.
The lxcpath is added to the lxc_handler to make it available most of the
places we need it.
I also remove function prototypes in monitor.h for two functions which
are not defined or used anywhere.
TODO: make cgroups tolerate multiple same-named containers.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit fbf5de31e3ba14226e30602fb21a50d3cca8db9f
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Feb 18 11:52:53 2013 -0500
Fix typos identified by lintian
Lintian spotted those two typos.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit c9a841734e36128dd238c0e19aef447b6063ce73
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Feb 19 11:36:07 2013 -0500
Use AC_SEARCH_LIBS instead of hardcoded lists
Use AC_SEARCH_LIBS to detect what library provides sem_*.
This allows us to stop hardcoding the ld arguments in the various MakeFiles.
Suggested-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 67e571de63a8e465dc8f1b17e16744a1d3fb552c
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Feb 19 11:48:56 2013 -0500
Introduce --lxcpath cmdline option, and make default_lxc_path() return const char *
For the lxc-* C binaries, introduce a -P|--lxcpath command line option
to override the system default.
With this, I can
lxc-create -t ubuntu -n r1
lxc-create -t ubuntu -n r1 -P /home/ubuntu/lxcbase
lxc-start -n r1 -d
lxc-start -n r1 -d -P /home/ubuntu/lxcbase
lxc-console -n r1 -d -P /home/ubuntu/lxcbase
lxc-stop -n r1
all working with the right containers (module cgroup stuff).
To do:
* lxc monitor needs to be made to handle cgroups.
This is another very invasive one. I started doing this as
a part of this set, but that gets hairy, so I'm sending this
separately. Note that lxc-wait and lxc-monitor don't work
without this, and there may be niggles in what I said works
above - since start.c is doing lxc_monitor_send_state etc
to the shared abstract unix domain socket.
* Need to handle the cgroup conflicts.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 067cfaeb190f3bc25a6f5dbcb5a42d743b016458
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Tue Feb 19 10:17:41 2013 +0100
configure: replace deprecated AM_CONFIG_HEADER
Replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS.
This is needed for automake-1.13.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit f40315408755ed29008efef3cf9467ce03c411b7
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Feb 12 15:54:47 2013 -0500
legacy ls: only output appropriate directories/containers
For lxc-ls without --active, only output a directory in lxc_path if it
contains a file named config. This avoids extra directories that may
exist in lxc_path, for example .snapshot if lxc_path is an nfs mount.
For lxc-ls with --active, don't output . if there are no active
containers.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit d42277f769d1bed8a4a198a49dbe96582a4fa2ec
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Wed Feb 13 14:47:11 2013 +0100
lxc-alpine: autodetect standard bridges and set hwaddress
Check for lxcbr0, virbr0 and br0 and use one of those if they exist.
Set mac address if network type is veth.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 444f3ca2326cbf10bacc62ef0ad731e2e819c7b5
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Feb 12 12:52:25 2013 -0500
only INFO rcfile if asprintf successfully allocates it
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 3 -
MAINTAINERS | 2 +-
Makefile.am | 4 +-
README | 13 +
configure.ac | 16 +-
doc/common_options.sgml.in | 11 +-
doc/lxc-attach.sgml.in | 2 +-
doc/lxc-cgroup.sgml.in | 2 +-
doc/lxc-checkpoint.sgml.in | 2 +-
doc/lxc-clone.sgml.in | 2 +-
doc/lxc-console.sgml.in | 2 +-
doc/lxc-create.sgml.in | 2 +-
doc/lxc-destroy.sgml.in | 11 +-
doc/lxc-execute.sgml.in | 2 +-
doc/lxc-freeze.sgml.in | 2 +-
doc/lxc-kill.sgml.in | 2 +-
doc/lxc-ls.sgml.in | 14 +-
doc/lxc-monitor.sgml.in | 2 +-
doc/lxc-ps.sgml.in | 15 +-
doc/lxc-restart.sgml.in | 2 +-
doc/lxc-start.sgml.in | 2 +-
doc/lxc-stop.sgml.in | 2 +-
doc/lxc-unfreeze.sgml.in | 2 +-
doc/lxc-unshare.sgml.in | 2 +-
doc/lxc-wait.sgml.in | 2 +-
doc/lxc.conf.sgml.in | 74 ++-
doc/lxc.sgml.in | 2 +-
doc/see_also.sgml.in | 2 +-
hooks/Makefile.am | 7 +
hooks/mountcgroups | 44 +
hooks/mountecryptfsroot | 50 ++
lxc.spec.in | 2 +-
src/lua-lxc/core.c | 3 +-
src/lxc/Makefile.am | 14 +-
src/lxc/af_unix.c | 8 +-
src/lxc/af_unix.h | 2 +-
src/lxc/apparmor.c | 105 ++-
src/lxc/apparmor.h | 22 +-
src/lxc/arguments.c | 6 +-
src/lxc/arguments.h | 4 +-
src/lxc/attach.c | 208 +++++-
src/lxc/attach.h | 7 +-
src/lxc/caps.c | 2 +-
src/lxc/caps.h | 2 +-
src/lxc/cgroup.c | 926 +++++++++-----------
src/lxc/cgroup.h | 20 +-
src/lxc/checkpoint.c | 2 +-
src/lxc/commands.c | 21 +-
src/lxc/commands.h | 5 +-
src/lxc/conf.c | 70 ++-
src/lxc/conf.h | 24 +-
src/lxc/confile.c | 114 +++-
src/lxc/confile.h | 2 +-
src/lxc/console.c | 2 +-
src/lxc/console.h | 2 +-
src/lxc/error.c | 2 +-
src/lxc/error.h | 2 +-
src/lxc/execute.c | 2 +-
src/lxc/freezer.c | 47 +-
src/lxc/genl.c | 2 +-
src/lxc/genl.h | 2 +-
src/lxc/legacy/lxc-ls.in | 9 +-
src/lxc/list.c | 2 +-
src/lxc/log.c | 2 +-
src/lxc/log.h | 2 +-
src/lxc/lxc-create.in | 11 +-
src/lxc/lxc-destroy.in | 20 +-
src/lxc/lxc-device | 6 +-
src/lxc/lxc-ls | 78 ++-
src/lxc/lxc-ps.in | 13 +-
src/lxc/lxc-start-ephemeral.in | 14 +-
src/lxc/lxc.h | 44 +-
src/lxc/lxc_attach.c | 231 ++++-
src/lxc/lxc_cgroup.c | 6 +-
src/lxc/lxc_checkpoint.c | 2 +-
src/lxc/lxc_console.c | 6 +-
src/lxc/lxc_execute.c | 12 +-
src/lxc/lxc_freeze.c | 4 +-
src/lxc/lxc_info.c | 8 +-
src/lxc/lxc_init.c | 2 +-
src/lxc/lxc_kill.c | 6 +-
src/lxc/lxc_monitor.c | 4 +-
src/lxc/lxc_restart.c | 12 +-
src/lxc/lxc_start.c | 16 +-
src/lxc/lxc_stop.c | 8 +-
src/lxc/lxc_unfreeze.c | 4 +-
src/lxc/lxc_unshare.c | 12 +-
src/lxc/lxc_wait.c | 4 +-
src/lxc/lxccontainer.c | 40 +-
src/lxc/lxccontainer.h | 3 +-
src/lxc/lxcutmp.c | 4 +-
src/lxc/lxcutmp.h | 2 +-
src/lxc/mainloop.c | 2 +-
src/lxc/mainloop.h | 2 +-
src/lxc/monitor.c | 34 +-
src/lxc/monitor.h | 7 +-
src/lxc/namespace.c | 2 +-
src/lxc/namespace.h | 2 +-
src/lxc/network.c | 2 +-
src/lxc/network.h | 2 +-
src/lxc/nl.c | 2 +-
src/lxc/nl.h | 2 +-
src/lxc/parse.c | 2 +-
src/lxc/parse.h | 2 +-
src/lxc/restart.c | 7 +-
src/lxc/rtnl.c | 2 +-
src/lxc/rtnl.h | 2 +-
src/lxc/start.c | 62 ++-
src/lxc/start.h | 7 +-
src/lxc/state.c | 15 +-
src/lxc/state.h | 4 +-
src/lxc/stop.c | 11 +-
src/lxc/sync.c | 2 +-
src/lxc/sync.h | 2 +-
src/lxc/utils.c | 21 +-
src/lxc/utils.h | 4 +-
src/lxc/version.c | 2 +-
src/lxc/{error.h => version.h} | 11 +-
.../examples/{api_test.py.in => api_test.py} | 3 +-
src/python-lxc/lxc.c | 22 +-
src/python-lxc/lxc/{__init__.py.in => __init__.py} | 25 +-
src/tests/Makefile.am | 21 +-
src/tests/cgpath.c | 164 ++++
src/tests/lxcpath.c | 2 +-
templates/Makefile.am | 1 -
templates/lxc-alpine.in | 38 +-
templates/lxc-archlinux.in | 4 +-
templates/lxc-lenny.in | 317 -------
templates/lxc-opensuse.in | 149 ++--
templates/lxc-oracle.in | 132 ++-
templates/lxc-ubuntu-cloud.in | 14 +-
templates/lxc-ubuntu.in | 11 +-
132 files changed, 2210 insertions(+), 1423 deletions(-)
create mode 100644 hooks/Makefile.am
create mode 100755 hooks/mountcgroups
create mode 100755 hooks/mountecryptfsroot
copy src/lxc/{error.h => version.h} (82%)
rename src/python-lxc/examples/{api_test.py.in => api_test.py} (98%)
rename src/python-lxc/lxc/{__init__.py.in => __init__.py} (96%)
create mode 100644 src/tests/cgpath.c
delete mode 100644 templates/lxc-lenny.in
hooks/post-receive
--
lxc
More information about the lxc-devel
mailing list