[lxc-devel] [GIT] lxc branch, master, updated. be9f766c1ef1c74cb7cdfca97a71757b492b8a5c

Daniel Lezcano git at users.sourceforge.net
Mon Sep 9 19:12:09 UTC 2013


This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lxc".

The branch, master has been updated
       via  be9f766c1ef1c74cb7cdfca97a71757b492b8a5c (commit)
       via  f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1 (commit)
       via  5c068da9695bcbfa46e0b3666128e3a533c9ddc7 (commit)
       via  69c757b343b5bbd2543adc4f3f0204d4696515e0 (commit)
       via  2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3 (commit)
       via  3a1675bf08b35bd5a5078f5638048c2c72c3e981 (commit)
       via  330da5fa322cf628aadc425c5be86814530d313e (commit)
       via  c25c2970a6aabc45ee6375cc127ed45efea2f9bf (commit)
       via  ac8255280d2e4348ab0eba5ec6982edc92ee6fbd (commit)
       via  12e93188de7dfe9ba66e022f9c28aa1f696a22e8 (commit)
       via  44a80d675ffb81ebb1a66a62c162e93a4c5882a0 (commit)
       via  2698b46924ab861b1f39fb11560c852d080e7b02 (commit)
       via  eee59f9408398849e9b7fc58dbe68ec176de4d50 (commit)
       via  2a2d36a42512160e7771b2472cb7922423523048 (commit)
       via  1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4 (commit)
       via  59d66af29da6ca8c5fa8cb63a5bbfc443811bb81 (commit)
       via  41c3b7c7ac9b33bc562ebad9ea124912577f2ba5 (commit)
       via  75b5535282453b3442a41df4a3ba6d3058cd6e48 (commit)
       via  e34b5d2ef2c329afe6540bbfc298ae631378832e (commit)
       via  cd0bcc4958e58a2750cf9086f75649d14c83ac70 (commit)
       via  250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77 (commit)
       via  d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda (commit)
       via  c66e9b01f04840c5abc34d235dbbb2ec9ca55205 (commit)
       via  ca9548ad02238600899a1f86ded308279964e018 (commit)
       via  80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6 (commit)
       via  0f081315a9310bf04fe4bc64b900ec6bac36f85d (commit)
       via  188e0ab60bda276c688ad15877c6d6402081c6c9 (commit)
       via  acbb59f50d5196facde837ea377f70e98ce1e6f8 (commit)
       via  d75462e4d663c58bde0787fdbe0ef3148e44cdde (commit)
       via  0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6 (commit)
       via  dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad (commit)
       via  840295ff4cf11da0938a19f99fef8a1525de8106 (commit)
       via  80507ee8eb66f4f23494caae26f6d2f0b50480b6 (commit)
       via  48c63f8d035045af1103b677b5ec577aec59a5b5 (commit)
       via  5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e (commit)
       via  79622932f21d22db36a0b6cca129f559b5e76108 (commit)
       via  cb0c6c020314ee0fea0ce30d209711f7e9c29aaa (commit)
       via  92b0b5bac5717e5281f51340192288050409ad47 (commit)
       via  9069513c69d77b5c22219b43f78ba1554431dd36 (commit)
       via  dfb31b25e298d98ea80a699f019308019c6670d8 (commit)
       via  84bdfb2b4c95b24fde5e90e621372fcd6c4d069b (commit)
       via  659aa0618c34cecd388df73936b41d5fb573090d (commit)
       via  5d9598d7d3206d1bede4932e7c8565f1ab309fbc (commit)
       via  a09295f841be8add0cbfc2932c59535f0d1365ed (commit)
       via  ca6973422d5471281126e9e1884633367479f246 (commit)
       via  01efd4d3d91713fc4f8ca55c7726b8216ed16fc6 (commit)
       via  1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f (commit)
       via  b4569e93217fe9a18af35b4475c8f8eac1436759 (commit)
       via  fb760f70541c9af728eb2ab0c6175875f7448752 (commit)
       via  e14f67a7bfa7065480fc7cd47a45f209a0aee79b (commit)
       via  c9ec905567952830d58a14d1e3a3ea4e1f8b0041 (commit)
       via  01bfae14dd898fecf0bd130e47a62a3155f619d0 (commit)
       via  4f17323e79969a98604bc30a8cc24cf083d474c3 (commit)
       via  9c6694b7073a6ebfd1da4950e0c8db4b91530202 (commit)
       via  a9cab7e39b101b89470e2e4109c14e7f17218032 (commit)
       via  55c76589fd19e5f04697dcfd0084039cd77ef304 (commit)
       via  37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d (commit)
       via  e768f9c0f69df1f02f8252fead6d82648b410bd8 (commit)
       via  511a6936c7062d59dd9335ef16d9165d19c45604 (commit)
       via  1a2e58cf55979749ea76835d0b36327c051c2715 (commit)
       via  5ec279894e8b1275b6cbfaaddb425e8f56639bdc (commit)
       via  a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8 (commit)
       via  7f3e12f3e5223c6a6c34bafdf47df86f66078963 (commit)
       via  2e74d6f3744e5aef2e01f1f295472ffdb58f1929 (commit)
       via  120ce443c466fb1d286ffd200ca22a1e9db7284c (commit)
       via  2b89a9c19db30894e2476a5a750c443dee339d70 (commit)
       via  ec346ea11f76d0797035c476794104a3230531f9 (commit)
       via  180edd67022017351a6546b4aa79bcaefada01c8 (commit)
       via  590ae889334b01a59606a1a8952d976098bd6123 (commit)
       via  bff13ba210ed61f756fc82adce1921f84b43ffe0 (commit)
       via  92adc3e911314a6f90986d8410ec0ff4b82c9f79 (commit)
       via  c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15 (commit)
       via  4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b (commit)
       via  d24d56d7ee3420bb79238ff84cad07c20cf4757d (commit)
       via  e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d (commit)
       via  6fe93aa1877359365a07d9110e0e2dbfb3b0205f (commit)
       via  d74325c436457b87b17e3ea598a9eb4ba66e0d49 (commit)
       via  1d374b9725e53d8b099970c1b501d56d599c4772 (commit)
       via  fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8 (commit)
       via  d44e88c26690a56f9efac58f602dba06c9ec0c90 (commit)
       via  d3060bd055eac45c1767e1e80fcaba763eb7477d (commit)
       via  d007f8ab3da297ed0de884e0c6e57a66de2fcb42 (commit)
       via  bf7d3153c925ca1404662a8fe031da27308f4187 (commit)
       via  3d5e9f4801c0311a6300fc781a4c0a09a6d463fe (commit)
       via  d7a09c630b2150636bf4dfb266bc632abd65dfa8 (commit)
       via  b7f2846aabb8c1c59b078b4c529e60ea254432f1 (commit)
       via  626ad11bfee3e12e675f51e92920030a6f383b19 (commit)
       via  a0e93eeb2293e15a18e6c56271d13907f082c4df (commit)
       via  61a1d519f472c1ac95c641d974401c932f82be66 (commit)
       via  9c4693b853c5a9ab2156544ee3334a082cdba420 (commit)
       via  650468bb4a5c9a6c69b524f574e8d0f315f45c37 (commit)
       via  b93aac46f2802b3639c1ac2ed0cf71174673d110 (commit)
       via  01e6b7148046c3f41849d093bc61454279792b80 (commit)
       via  b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138 (commit)
       via  070a4b8e68a6bf9a96c24ded47974388c83f1d57 (commit)
       via  20ab58c777136a449b3199e0733b62fa87ecfa61 (commit)
       via  3fb18be95747034bf36f46be11b0eb288b2ec1b4 (commit)
       via  baece282266318a9bb527cefc85ebf7b6dd7f10e (commit)
       via  8bb17b7791777538d8f7cc957939fc871843f218 (commit)
       via  79159a86ddb51071055abd7ee08935bc65b9e7a9 (commit)
       via  034a01593a4ae10d6f1e49b71afbfff70cfc226c (commit)
       via  54e339f91785368a7825b2edaad04c2177a1a382 (commit)
       via  65d8ae9c4a66f5ca85289c02dc06d63261c84619 (commit)
       via  1c8e4ee0a08638e35732a0ddd0052ecde49fbecb (commit)
       via  4a0ba80d62c0d8aeb5c9857749659fdf716c380a (commit)
       via  b40a606e52c788db85fe1c42d3747483d159b6a5 (commit)
       via  96532523ef90ea6ce3f08ec7d74c3c850b885e50 (commit)
       via  d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54 (commit)
       via  c9cbb9e51436f84d7871a50776dccacfd8dc196a (commit)
       via  2c495ae35a804e3c12cb9f4826c30295043986ce (commit)
       via  d155b47dac549a5c30c0011923274e3744109c91 (commit)
       via  469b57873977afcb5d9f5adb00097c944caedd2a (commit)
       via  b60ed720848c8276e4e770d380ec6014768d9923 (commit)
       via  b113383b84e5fcd2997a939d3f826a06b109e3d9 (commit)
       via  1aad9e44d65e7c20dabc4c99f57bcf532db66c68 (commit)
       via  460bcbd85c97b5a0eac9cf7cead1abde1281cd5a (commit)
       via  5be56973e5e874a142263dfb164b0b03e18a65f3 (commit)
       via  4165b2c65648b5df521c6e83b1cbad91d0896a00 (commit)
       via  6f259716e75552cf46ee5125bdbd21e34456d0c0 (commit)
       via  8058be395d46cfabf2dacd7df79e95309619986a (commit)
       via  819554fe20bbc0ce720b5ed0d5b8e53aeba6b284 (commit)
       via  5202677243dcda16ab97c07d497174726198f7ab (commit)
       via  27c27d73e1b1a07e3621484fa033206549e2a1f5 (commit)
       via  3ce746862b2a2b33f3de65aeecda0bad1a5dd27c (commit)
       via  868a70afead6cc48a4c883126ea3ef01b6ec57e0 (commit)
       via  6a2e602b1b03617e77dcd4b5f82f34713a970ac4 (commit)
       via  dc23c1c817da5c13529432270e51d0f7f3b1e95e (commit)
       via  ae13ae0853a246119ddaf9c8cc6d128a21a8988c (commit)
       via  283678ed2ccd88a6ba57fcb28516311adcdb6fac (commit)
       via  cbee8106e38f9ffa130c7bf8be325f7f203da67a (commit)
       via  96b3cb407c07915db2cd0542c313a4bff4d1d389 (commit)
       via  fb75356a85e3097db77386e7c62836a3ee69217f (commit)
       via  1143ed392d2760e8f7aeee88d570bb0ba151885f (commit)
       via  b9b3a92f664fe3966decd0411b25fb6b77425e23 (commit)
       via  3327917f4a991a49ba1562b774c63c45139772eb (commit)
       via  9313e1e628160ca64f9e7fcec6500056c9a0725f (commit)
       via  6cda3f5ac1e3a20a97a419923e587d6bdb1fece9 (commit)
       via  b58e60e232a3049d946a3b18e6f21912cd3453f0 (commit)
       via  39ffde307ad83bd407aaa6a0d81682902bab248b (commit)
       via  b0f9616f6227f56dce8ca2514610f432ba4fab8a (commit)
       via  18efb001a4498f8fc62ab37f1db552fdf001e798 (commit)
       via  ef091cefca5082007678fe82ad01389f7057ca48 (commit)
       via  9c631ea7c2906f41b23f5c8dcc9f6045078879db (commit)
       via  9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349 (commit)
       via  53f3f04845a9eb60064c302e1f95652f665809f1 (commit)
       via  2e599a6a25b533fe63840edc34ee265811b7b814 (commit)
       via  982e7b6ea40ea57923f4f094858424debc1a5f7f (commit)
       via  85b41c7d7f72213199b5cff9525d17f44b49a842 (commit)
       via  37cb98a2b7e5c7b0abf69f261a16d759453492f1 (commit)
       via  1a7cb0850405b271b7bedacd243235f29cd368df (commit)
       via  176d9acb2ec17211a0d69bd2bd99f914fad8d7ad (commit)
       via  ae3f8cf9a4a03c62c6c12968b38b2352388df91c (commit)
       via  618fa49dddbedd2b7319c0089dffd8d65aef8369 (commit)
       via  54c30e290876c5fa6e4c7b5a511580793e4777e3 (commit)
       via  37903589a2de0cbd62f94c5fd06d0aa8d57ca140 (commit)
       via  b515981702133b9aaea1aff378493f054c14d46c (commit)
       via  5d4d3ebb13705d1e102429c75fc06932f81816dd (commit)
       via  71b0fed669a088675c1344ed68b250e87414c998 (commit)
       via  54b79829e23e01998eeafb8156987937a894af3c (commit)
       via  6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa (commit)
       via  fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4 (commit)
       via  38973621a40a5657b067409321d54759520d7951 (commit)
       via  31f58b3fcec322dba1eed71e364335c30500066c (commit)
       via  f02abefef9a59658c813e08f86a91fbe09eabf00 (commit)
       via  93dc5327aa0c2b13d619b8bedf893eea983d4d68 (commit)
       via  1af60b514fc9d8da2b4485e9e8845619fb6c6b68 (commit)
       via  eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1 (commit)
       via  f002c8a7655e42a325ef6bad9fb0844fad4e410b (commit)
       via  4c1f6b67d9b842d9e5c293eea2ff19301ecc5596 (commit)
       via  3155e7f954d4b5d7da528d2a3cd8be254432e3c3 (commit)
       via  63c3090c913142cd19f443b040cdede2c0522ce8 (commit)
       via  44ef0c0c7200ef4e8783387d886d3748da3d50fd (commit)
       via  569bee5cc3d647032573db8f72734faa9307d577 (commit)
       via  0a18b5458b6d0fcad9a82b96f99035254af50c7a (commit)
       via  3a647d582dc759e43c2087f0d906adf77c62ab6c (commit)
       via  3bc449ed24edc4b754cbe0af19fe878d29731f59 (commit)
       via  73e608b21f73509c5f8c7a948cc6d4b0898edb2c (commit)
       via  39dc698cb4025516a3428a68e19da05feb6fc0e9 (commit)
       via  0115f8fd27b1a31d367bb161a121694f92b45e62 (commit)
       via  3db989bad5d58bafac80f448e1dd2d048e791478 (commit)
       via  dc5e436e702f0bf4001e3e6e9f855443b2fcf448 (commit)
       via  5790f7b7a76b9ccff662fdd6ff0013b8f218d020 (commit)
       via  64f782ca69c70fd155427a81d69fda593981e770 (commit)
       via  1897e3bcd36af9f3fe6d3649910a9adb93e5e988 (commit)
       via  60bf62d4ae36a48342fb8aee680fbd4b423810b1 (commit)
       via  3e625e2d2e12b919dd9590b97badc6108ee67b1a (commit)
       via  5cee8c5040661f9875bf41cfffd641c87afae8af (commit)
       via  df271a59cbfcfbe98fa4bd7af3ae595633539a12 (commit)
       via  2acf77955239ec0046451fa16812d2884e6bd19b (commit)
       via  6a44839f5973f41553349f1b5e77d8db809e60eb (commit)
       via  ad5f15151580201b79fc140f664227b494639e81 (commit)
       via  5bb4a226ebec9f3fb678a282a2b2833748d6707b (commit)
       via  65be441e0892b45000b9b3863d407539e56e47a4 (commit)
       via  481624b37b37ffa98b735cf3f94e35d1fbd729e0 (commit)
       via  fa9ac567a7f1593c586cca57362f6b542985e5d7 (commit)
       via  20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5 (commit)
       via  fca3080f6a46f856c54218a8e478a174382b4c15 (commit)
       via  ef6e34eec8d5a9f1447462d6080facb674b3ccdb (commit)
       via  9c83a661397456e1455d739bcadfa38f05ce2fe6 (commit)
       via  92f023dccced28a55ce323253f298e9825fe7da7 (commit)
       via  65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc (commit)
       via  c797a220d51d2796355fd60eca50523ffd6fb45e (commit)
       via  71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0 (commit)
       via  d1240f0335e0c469b850da467661dfbb8f262727 (commit)
       via  11029c023a12dbe3f3569fcc22f25667686e417f (commit)
       via  40650ea6817286a9587a84bf3ce5d25d10620303 (commit)
       via  de09eccbeda214a1ef5a9b7144870defa97e88c4 (commit)
       via  dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1 (commit)
       via  148e91f56799f03c868deca8dcad473983a1a2bf (commit)
       via  9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba (commit)
       via  6031a6e5f939bda07d98768d34dafae677a7dfeb (commit)
       via  d9e80daf54e15b89b0b08d475b29893be9830be0 (commit)
       via  627fe3b4c3a65535eb53c3d63794705d8f6322d4 (commit)
       via  794fb287b3bd7a6c07f99ec1565c517922287065 (commit)
       via  807732062eab6cd44fb033bfbb37fbb38907aa66 (commit)
       via  58a46e06210a6321c530735f15f66eb648c4657d (commit)
       via  714540763b8b1ac12c029d7760b4e4fe13a69b43 (commit)
       via  304143a823ede4eca52f1d11ae1449995ad503ff (commit)
       via  8d06bd135af4852f24660be965aba2d781223af4 (commit)
       via  566c0d6dce82ee573da01e325c53179ed74350f1 (commit)
       via  7f4717c293fd5ecb9d605bed890cb412314aa8e2 (commit)
       via  dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b (commit)
       via  f2bbe86da4044c8db39e6eae19541fe2d117bae7 (commit)
       via  3856bc9ff50f2cbd6cb2830619f3594ffea0b344 (commit)
       via  5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7 (commit)
       via  42fb4b1585d5f2073fbfe984acd46b625fd3c6a1 (commit)
       via  91c908ee8ea5aada054cbb7f4203d486c2e9a09e (commit)
       via  ab81cef05338e7a553aacca141287034d6daf167 (commit)
       via  7c7ec7a8eded3d3864631165503fedb456e1b779 (commit)
       via  8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3 (commit)
       via  d2c8186b4d185d75e81aec02d5a62dde4192c16d (commit)
       via  a9bafa108521ac785e846f2ace105c327371c106 (commit)
       via  3c73b55472c096f06fd037c3c0af011be62a432b (commit)
       via  a747894428ea38c4a908acacb610fc3de714e0c0 (commit)
       via  8fb86a37daecd05e9ef7f291dd4762be881f88e4 (commit)
       via  bec695f3ec43972ad38f06f92ff2db03d8405562 (commit)
       via  8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9 (commit)
       via  a2eea3c1974d70bdef74a0af6a14ca3a6fa41704 (commit)
       via  2d4bcb96155c0e4a5d2734017f889b993144e876 (commit)
       via  fc7e88640cbdb402aaa048dd74829c8d09dda850 (commit)
       via  b85ab7989ebe24629267048cb269b278eeb50490 (commit)
       via  375c2258b24b233832c9ec43ab9c7b3f5dce25fb (commit)
       via  e0b0b533feed683ce12c94e11174019a5dac64fc (commit)
       via  eee3ba81c88e64b8a732694fc4843a39d5bde491 (commit)
       via  ee25a44fd389ed450e3d7ef9513eec19668f2de7 (commit)
       via  b338c81b9f0130106eee4b2ff70959c2e62a1fac (commit)
       via  385e7a431a1865017211478741408d505396f9a7 (commit)
       via  b164a17f9bfcc3f067dad33d0c38834aa22ca2b1 (commit)
       via  ec471210d97ba23b2de618349bdb6dd4145e53e0 (commit)
       via  0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df (commit)
       via  a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0 (commit)
       via  1e1bb42a8fca68d9fa9391e6644aeff296479499 (commit)
       via  31a95fecd2e0b1408e9a97e3ae36a7770544d1a2 (commit)
       via  ca52dcb55961d75e0163f237c92d225964c786bd (commit)
       via  3baa76fe36bd2b59645a952c3a47a960090c38d2 (commit)
       via  9be53773792fc9e8bd173edc3b7ac7e144875387 (commit)
       via  ab1bf971d2db43777cbf3892fb887bf71ce7d155 (commit)
       via  7f95145833bb24f54e037f73ecc37444d6635697 (commit)
       via  33c2c3ec93c17758f37cc2e53f07f7dfe6b72336 (commit)
       via  f485f377a1caba11c58da100d3db9a8c6fdeb7d5 (commit)
       via  4f43438c476c3c5fb78d6192238d540108a33cb1 (commit)
       via  6320e49454b0fd86dde7df0af54a2e194ae59821 (commit)
       via  69fe23ff0777390e34a8c0b11ce6037e5aef9109 (commit)
       via  f05699d19e27567583b9397a8d529e8aa275f5e1 (commit)
       via  6b7916695264238a490971e8cd87612154fc18b1 (commit)
       via  e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2 (commit)
       via  4fa22bfca1e94393aa3fbdc3fdf5516e75d47521 (commit)
       via  e51d4895129209cec1c15bda2322136a03ec94b2 (commit)
       via  dc7f65454ee88fbd50f4d6f8a7c567eb27107314 (commit)
       via  0a9362f5745a58a3d63354d76182108ea81ecf05 (commit)
       via  15451ecf742bfa38a0732270b36d4a8666d2124e (commit)
       via  6516ad8b01aac298bffe60a8d7d21745f3354a38 (commit)
       via  93d564edc5d69819e85c3fa93368d37ec803a2f9 (commit)
       via  fd37327f57a6d53692babcaf69dfbd8f62e59918 (commit)
       via  cf0f903326cf3cdd10f834c1bbc627fd81e06044 (commit)
       via  051151de890705173a42bbead40a6125d34ea41b (commit)
       via  bbb8a488aeacf8a226d49773fe13798a202a78e2 (commit)
       via  7e1667d76e76eb3d571be5e4b545e8ace6e92187 (commit)
       via  ddb17f1f0870ddb1678e34652f54458207cb3bb0 (commit)
       via  599d42525144cf0fcc7de6ac1b576c5c6ae290c2 (commit)
       via  a2abaa9ec60a8967611e8c8905698bd01bde5861 (commit)
       via  ed4616b1cfbc84dd01caa8546d813e8c5d482921 (commit)
       via  6c5db2af1f706e8f21f2a5f074bada96e9011052 (commit)
       via  2ebec36f271d4ee943281e32feb3552745115347 (commit)
       via  860fc865b0ae0fd6381a8a9a777efdbde0aaefb6 (commit)
       via  23154d5764c06b68a5c154cecd89524ebe747ca1 (commit)
       via  3763ee85915d28737bfebffa136bfb49ef0a2109 (commit)
       via  8de4140644f01180f2fdab55b0ab0f13d1c761c6 (commit)
       via  5a5c35c3a01afec515e688c8366e6f893985518d (commit)
       via  6b28a086310b8715f4655446f4c01d9555ef1786 (commit)
       via  a81bad13ec305b885eff2934307d9205d55e0050 (commit)
       via  2c7d90ac6eb4d883d9650d17cd915d958b4e5e66 (commit)
       via  98663823e47ec56ff5a8205a17cc884acbf9cabd (commit)
       via  883f4a1eae77f332059dc0be6f965485a0361ec0 (commit)
       via  ce4c4ca43586825a13c1abb4ce13e90d9447a0eb (commit)
       via  8e7da691af29fe1d8b93d2e4acc98eb188ae74cc (commit)
       via  2796cf790f80e8be8dd90238f6789e52bd3cc2ac (commit)
       via  e6a19d2683629888175371ed2eeb8a49a7b44873 (commit)
       via  0a2188544a538b421612c90d44e56853a9d64458 (commit)
       via  03027ad99f2759182fbcd3363298ae6adaf88cdb (commit)
       via  4d44e274dcd933327c4f1c1cc7e1f876d08ffa85 (commit)
       via  00b6be440f93131e35e75fb1b34d8d3220590bb5 (commit)
       via  5371906219ff19886169612993efbb8e82f749a7 (commit)
       via  2802732032aeaabe8c793ae76112d9c8ba13ee23 (commit)
       via  bb1d227404ff96564877a04ef9299c63f608f543 (commit)
       via  022de5f317014c538e17378b626cf3267625e141 (commit)
       via  b6f24d54f54146a0f5de700dac7ffc2ef7624359 (commit)
       via  a6537fbbfb0b9d08adc58ae23b873a084e5d479c (commit)
       via  a741a85d8e241e9ca773f3cd7575d720837fcb51 (commit)
       via  b4e4ca49c792d7320787a6991ce1815d26060d39 (commit)
       via  c928f41fc0e79a24e4c43a80fb26b3c46997d91a (commit)
       via  416707883893211a15c031b1f3589bc7cde9bf2b (commit)
       via  586d4e9be1eb13cd9cb77cf6c56ce57e24623c44 (commit)
       via  af41709c4243e0fd9dc1fac5f22cdd47316f8277 (commit)
       via  bdb539b89bbe123018392bb8c64cb94c13d736a8 (commit)
       via  8767795058ca5b46c8a9e335ad941d8799241716 (commit)
       via  43d1aa34aab1c43bce8f083d024bf54f0246a884 (commit)
       via  e649c8032f84b488cac8ea6c8fb9a77c424a0419 (commit)
       via  75129865d48d2293383316f88ce7661e37dde43d (commit)
       via  9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3 (commit)
       via  33892746e373449a8a69a4265d783bf701cb5784 (commit)
       via  6efdcb6a3cc4d06bf64af69b08bc95335f02b79f (commit)
       via  fe19f236a2295da1e01ab05ff59853c5a4556811 (commit)
       via  1354f952876e96b456425efc7ed9994caf687028 (commit)
       via  190a2ea88e9820e5e150ce36414233da4bd34b44 (commit)
       via  fd95f2402dc70ad41fa2db8fb101f950196458a9 (commit)
      from  e9831f83532184caa119f830eee54728084444ba (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit be9f766c1ef1c74cb7cdfca97a71757b492b8a5c
Merge: e9831f8 f756cda
Author: Daniel Lezcano <daniel.lezcano at free.fr>
Date:   Mon Sep 9 21:07:12 2013 +0200

    Merge git://github.com/lxc/lxc
    
    Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>

commit f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Fri Sep 6 21:09:57 2013 +0200

    configure: enable Lua if found and continue without if not
    
    Search for Lua if no --enable-lua/--disable-lua specified but continue
    without if not found.
    
    If --enable-lua is specified and Lua is not found then return error.
    
    If --disable-lua is specified, then don't search for Lua.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 5c068da9695bcbfa46e0b3666128e3a533c9ddc7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Sep 6 12:25:47 2013 -0500

    lxc_spawn: don't close pinfd until container is stopped
    
    Otherwise containers may be able to remount -o ro their rootfs
    at shutdown.
    
    Reported-by: Harald Dunkel <harri at afaics.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 69c757b343b5bbd2543adc4f3f0204d4696515e0
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Fri Sep 6 09:08:45 2013 +0200

    lua: fix logic to enable lua support in configure
    
    When there is no --enable-lua or --with-lua-pc, Lua should not be
    enabled.
    
    This fixes a bug introduced with 12e93188 (configure/makefile:
    Allow specify Lua pkg-config file with --with-lua-pc) that caused
    configure script to fail if lua headers was missing.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Sep 5 20:31:55 2013 -0500

    sanity-check number of detected capabilities
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3a1675bf08b35bd5a5078f5638048c2c72c3e981
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Thu Sep 5 16:40:49 2013 -0400

    add AS_VAR_COPY for older autoconf versions
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 330da5fa322cf628aadc425c5be86814530d313e
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Thu Sep 5 15:20:44 2013 -0400

    lua: fix stats gathering
    
    - remove lxc subdir in cgroup paths (done in commit b98f7d6e)
    - remove extraneous debug printfs
    - remove extra call to stats_clear
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit c25c2970a6aabc45ee6375cc127ed45efea2f9bf
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Thu Sep 5 15:29:20 2013 +0200

    lua: implement dirname in C rather than depend on external executable
    
    Instead of popen and run external executable dirname we implement a
    dirname in C in the core module.
    
    We also remove the unused basename function.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit ac8255280d2e4348ab0eba5ec6982edc92ee6fbd
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Thu Sep 5 14:33:28 2013 +0200

    lua: implement usleep in C module
    
    So we avoid running os.execute
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 12e93188de7dfe9ba66e022f9c28aa1f696a22e8
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Thu Sep 5 17:13:07 2013 +0200

    configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc
    
    Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua
    pkg-config package name. By default it will use 'lua' and try figure
    out which version it is.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 44a80d675ffb81ebb1a66a62c162e93a4c5882a0
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Thu Sep 5 08:45:33 2013 +0200

    lua: prepare for Lua 5.2
    
    Adjust code for Lua 5.2 and keep compatibility with Lua 5.1.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 2698b46924ab861b1f39fb11560c852d080e7b02
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Thu Sep 5 15:07:51 2013 -0400

    lua: fix a bug in the parsing of /proc/mounts
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit eee59f9408398849e9b7fc58dbe68ec176de4d50
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Sep 5 18:05:34 2013 -0500

    clone: don't copy rdepends when not doing a snapshot clone
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2a2d36a42512160e7771b2472cb7922423523048
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Sep 5 17:59:28 2013 -0500

    fix typo
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Jun 13 22:43:01 2013 -0500

    introduce lxc.cap.keep
    
    The lxc configuration file currently supports 'lxc.cap.drop', a list of
    capabilities to be dropped (using the bounding set) from the container.
    The problem with this is that over time new capabilities are added.  So
    an older container configuration file may, over time, become insecure.
    
    Walter has in the past suggested replacing lxc.cap.drop with
    lxc.cap.preserve, which would have the inverse sense - any capabilities
    in that set would be kept, any others would be dropped.
    
    Realistically both have the same problem - the sendmail capabilities
    bug proved that running code with unexpectedly dropped privilege can be
    dangerous.  This patch gives the admin a choice:  You can use either
    lxc.cap.keep or lxc.cap.drop, not both.
    
    Both continue to be ignored if a user namespace is in use.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 59d66af29da6ca8c5fa8cb63a5bbfc443811bb81
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Sep 5 16:56:54 2013 -0500

    bdev: free after bdev_init
    
    (Except in cases where we will immediately exit)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 41c3b7c7ac9b33bc562ebad9ea124912577f2ba5
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Sep 4 17:04:51 2013 -0400

    valgrind: fix memory leak on container new/put
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 75b5535282453b3442a41df4a3ba6d3058cd6e48
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Wed Sep 4 17:01:09 2013 +0200

    lxc-alpine: add hwaddr for a single macvlan interface
    
    We already add harware address for a single veth interface. Do the same
    with a single macvlan interface.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit e34b5d2ef2c329afe6540bbfc298ae631378832e
Author: S.Çağlar Onur <caglar at 10ur.org>
Date:   Tue Sep 3 16:21:15 2013 -0400

    bdev_copy segfaults if bdevtype is NULL
    
    Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit cd0bcc4958e58a2750cf9086f75649d14c83ac70
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Tue Sep 3 15:11:07 2013 -0400

    tests: Add lxc-test-usernic to the dist tarball
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Tue Sep 3 14:29:46 2013 -0400

    licensing: Add missing headers and FSF address
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Tue Sep 3 11:36:09 2013 -0400

    ubuntu: iproute is now called iproute2
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit c66e9b01f04840c5abc34d235dbbb2ec9ca55205
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Sep 3 07:56:11 2013 -0500

    lua: update license
    
    As with other files, update to be LGPL since these are part
    of the lxc library.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ca9548ad02238600899a1f86ded308279964e018
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 30 17:27:14 2013 -0400

    python: Fix api_test to use the new attach() API
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Sep 3 08:08:39 2013 -0500

    lxc-commands: add a comment explaining CMD_* rules
    
    We wish to ensure that, henceforth, newer lxc tools are always compatible
    with older lxc monitors.  Add a comment to commands.c to explain the
    rule we wish to enforce to this end.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 0f081315a9310bf04fe4bc64b900ec6bac36f85d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 30 15:51:31 2013 -0500

    remove old stale comments (lxc-clone is now implemented)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 188e0ab60bda276c688ad15877c6d6402081c6c9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 30 15:56:21 2013 -0400

    Add a section about licensing to CONTRIBUTING
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit acbb59f50d5196facde837ea377f70e98ce1e6f8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 30 14:43:09 2013 -0500

    fix license text in ubuntu and ubuntu-cloud templates
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d75462e4d663c58bde0787fdbe0ef3148e44cdde
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 30 14:42:20 2013 -0500

    fix wrong license text for parts of liblxc library
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 30 12:08:26 2013 -0400

    avoid zgrep -q as it's failing on some distros
    
    Reported-by: Filirom1
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 30 11:47:58 2013 -0400

    fedora: Add missing double-quotes.
    
    Reported-by: tlc
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 840295ff4cf11da0938a19f99fef8a1525de8106
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 30 11:43:19 2013 -0400

    Fix some typos
    
    Signed-off-by: Dmitry Shachnev <mitya57 at ubuntu.com>
    Reported-by: Vincent Ladeuil
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 80507ee8eb66f4f23494caae26f6d2f0b50480b6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Aug 29 10:41:19 2013 -0500

    start.c: handle potential signal flood
    
    Signalfd does not guarantee that we'll get an event for every signal.
    So if 3 tasks exit at the same time, we may get only one sigchld
    event.  Therefore, in signal_handler(), always check whether init has
    exited.  Do with with WNOWAIT so that we can still wait4 to cleanup
    the init after lxc_poll() exists (rather than complicating the code).
    
    Note - there is still a race in the kernel which can cause the
    container init to become a defunct child of the host init (!).  This
    doesn't solve that, but is a potential (if very unlikely) race which
    apw pointed out while we were trying to create a reproducer for the
    kernel bug.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 48c63f8d035045af1103b677b5ec577aec59a5b5
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Mon Aug 26 13:47:58 2013 +0200

    lxc-alpine: create /dev/zero
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 23 12:45:15 2013 -0500

    config_ipv6: run inet_pton on the addr value without mask
    
    otherwise a "$addr/$mask" results in failure.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 79622932f21d22db36a0b6cca129f559b5e76108
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Aug 22 10:27:40 2013 -0500

    api: convert lxc_start
    
    Normal lxc-start usage tends to be "lxc-start -n name [-P lxcpath]".
    This causes $lxcpath/$name/config to be the configuration for the
    container.  However, lxc-start is more flexible than that.  You can
    specify a custom configuration file, in which case $lxcpath/$name/config
    is not used.  You can also (in addition or in place of either of these)
    specify configuration entries one-by-one using "-s lxc.utsname=xxx".
    
    To support this using the API, if we are not using
    $lxcpath/$name/config then we put ourselves into a custom lxcpath
    called (configurable using LXCPATH) /var/lib/lxc_anon.  To stop a
    container so created, then, you would use
    
    	lxc-stop -P /var/lib/lxc_anon -n name
    
    TODO: we should walk over the list of &defines by hand and set them
    using c->set_config_item.  I haven't done that in this patch.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit cb0c6c020314ee0fea0ce30d209711f7e9c29aaa
Author: Scott Moser <smoser at ubuntu.com>
Date:   Thu Aug 22 15:38:48 2013 -0400

    hooks/ubuntu-cloud-prep: add hostname to meta-data
    
    prior to my enabling of the clone hook, the setting of the hostname
    was being done by writing to /etc/hostname.  Instead of relying on that
    we're now writing 'local-hostname' into the metadata for the instance.
    
    cloud-init then reads this and sets the hostname properly.
    
    We are also writing /etc/hostname with the new hostname explicitly.  This is
    useful/necessary because on network bringup of eth0, dhclient will submit its
    hosname.  The updating done by cloud-init occurs to late, and thus
    the dhcp request goes out with the un-configured hostname and dns doens't
    work correctly.
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 92b0b5bac5717e5281f51340192288050409ad47
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 21 16:53:52 2013 -0500

    api: convert lxc_wait, lxc_freeze, and lxc_unfreeze
    
    These are the last of the simpler conversions.  Start, execute,
    kill, info and attach remain to be done.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit 9069513c69d77b5c22219b43f78ba1554431dd36
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 21 14:35:28 2013 -0500

    lxc_cgroup: convert to using API
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit dfb31b25e298d98ea80a699f019308019c6670d8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 21 14:43:52 2013 -0500

    Track snapshot dependencies (v2)
    
    (Will push in a bit barring any objections)
    
    lvm, btrfs, and zfs snapshots each do an ok job of handling deletions
    for us - a btrfs snapshot does fine after the original is removed,
    while zfs and lvm will both refuse to allow the original to be deleted
    while the snapshot exists.
    
    Overlayfs doesn't do this for us.  So, for overlayfs snapshots, track
    the dependencies.
    
    When c2 is created as an overlayfs snapshot of dir-backed c1, then
    
    1. c2's lxc_rdepends file will contain
    
    	c1_lxcpath
    	c1_lxcname
    
    2. c1's lxc_snapshots will contain "1"
    
    c1 cannot be deleted so long as lxc_snapshots exists and contains
    a non-zero number.
    
    The contents of lxc_snapshots and lxc_rdepends are protected by
    container_disk_lock() and at lxc_clone by the new container not yet
    being accessible.
    
    (Originally I was going to keep them in the container config, but the
    problem with using $lxcpath/$name/config is that api users could end up
    calling c->save_config() with a cached old value of snapshots/rdepends.)
    
    Changelog:
    	aug 21: check for fprintf and fclose failures
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit 84bdfb2b4c95b24fde5e90e621372fcd6c4d069b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 18:15:06 2013 -0500

    avoid very unlikely race due to EEXIST
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 659aa0618c34cecd388df73936b41d5fb573090d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 18:01:07 2013 -0500

    coverity: make indent match nest level
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5d9598d7d3206d1bede4932e7c8565f1ab309fbc
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 17:59:19 2013 -0500

    coverity: dont dereference before null check
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a09295f841be8add0cbfc2932c59535f0d1365ed
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 17:54:19 2013 -0500

    coverity: don't leak partial_fd
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ca6973422d5471281126e9e1884633367479f246
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 17:48:54 2013 -0500

    coverity: don't leak open DIR
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 01efd4d3d91713fc4f8ca55c7726b8216ed16fc6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 16:58:24 2013 -0500

    coverity: correctly handle tpath error case.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 16:50:25 2013 -0500

    coverity: ftell returns long, not size_t (which is unsigned)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b4569e93217fe9a18af35b4475c8f8eac1436759
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 20 16:29:29 2013 -0500

    coverity: don't bother getting template path if we're not going to measure it
    
    This should also fix a memory leak, since we were freeing it under ifdef
    but always allocating it.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fb760f70541c9af728eb2ab0c6175875f7448752
Author: Scott Moser <smoser at ubuntu.com>
Date:   Mon Aug 19 10:18:37 2013 -0400

    ubuntu-cloud-prep: improve overlayfs workaround
    
    the previous 'patch_start' can be vastly simplified now that I better
    understand what the bug was.  Instead of wrapping 'start', we only
    need to ensure that /etc/init exists inside the overlayfs, so that the
    directory that upstart watches is guaranteed to be in the overlay, not
    the underlay.
    
    The problem is described under bug 1213925.
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit e14f67a7bfa7065480fc7cd47a45f209a0aee79b
Author: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>
Date:   Mon Aug 19 13:34:59 2013 +0000

    cgroup updates: fix several bugs
    
    1. add cgroup_get_subsys_abspath() which returns the absolute
    path for a subsystem mount, and use that where needed to actually
    set cgroup values
    
    2. cgroup_devices_has_{allow,deny}: don't mix int and boolean
    values.  Also, accept 'a *:* rwm" as any whitelist entry for
    has_allow().
    
    3. subsys_lists_match(): fix an off-by-one error in calculating
    updated oldlen.  (we need to keep the extra char for '\0')
    
    4. return -1, not 0, if lxc_cgroup_attach fails to open
    /proc/self/cgroup.
    
    Signed-off-by: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>

commit c9ec905567952830d58a14d1e3a3ea4e1f8b0041
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Aug 19 00:52:44 2013 +0200

    python/attach: Add function that returns personality for architecture
    
    Adds the arch_to_personality function that looks up an architecture
    and returns the corresponding personality. This may be used in
    conjunction with the attach/attach_wait keyword argument.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 01bfae14dd898fecf0bd130e47a62a3155f619d0
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Aug 19 00:52:43 2013 +0200

    python/attach: export CLONE_NEW* constants to Python
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 4f17323e79969a98604bc30a8cc24cf083d474c3
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Aug 19 00:52:40 2013 +0200

    cgroup: minor bugfixes so start and attach work again
    
    This fixes some minor bugs in the cgroup logic that made start and
    attach fail (at least when all cgroup controllers were mounted
    together).
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9c6694b7073a6ebfd1da4950e0c8db4b91530202
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Aug 19 00:52:42 2013 +0200

    python/attach: Fix minor memory leaks
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a9cab7e39b101b89470e2e4109c14e7f17218032
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon Aug 19 00:52:41 2013 +0200

    attach: Fix minor memory leak in environment variable handling
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 55c76589fd19e5f04697dcfd0084039cd77ef304
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Mon Aug 19 14:37:20 2013 +0200

    Remove all trailing whitespaces
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 16:55:40 2013 +0200

    Fix lxc-user-nic to work on bionic
    
    This adds a couple of missing includes, uses the local version of
    getline on bionic and replaces getpwuid_r by getpwuid.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit e768f9c0f69df1f02f8252fead6d82648b410bd8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 16:42:39 2013 +0200

    Add missing namespace.h include
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 511a6936c7062d59dd9335ef16d9165d19c45604
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 16:40:48 2013 +0200

    Allow building without confstr
    
    We use confstr to grab the default PATH value. If it's not there, just
    use a standard one with bin and sbin for /, /usr and /usr/local.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 1a2e58cf55979749ea76835d0b36327c051c2715
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:38:13 2013 +0200

    Don't define new_personality when building without personalities
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 5ec279894e8b1275b6cbfaaddb425e8f56639bdc
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:35:51 2013 +0200

    Add missing sys/socket.h include
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:35:06 2013 +0200

    Define SOCK_CLOEXEC when missing
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 7f3e12f3e5223c6a6c34bafdf47df86f66078963
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:22:28 2013 +0200

    Use srand/rand instead of initstate/random
    
    initstate/random doesn't work on bionic, srand/rand works on everything,
    so let's use that.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 2e74d6f3744e5aef2e01f1f295472ffdb58f1929
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:10:13 2013 +0200

    Include stdio.h in getline.h for FILE
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 120ce443c466fb1d286ffd200ca22a1e9db7284c
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:08:39 2013 +0200

    Import local getline copy on bionic
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 2b89a9c19db30894e2476a5a750c443dee339d70
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 15:05:52 2013 +0200

    Add missing sys/select.h include for fd_set
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit ec346ea11f76d0797035c476794104a3230531f9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:28:17 2013 +0200

    Add missing syscall.h include to utils.h
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 180edd67022017351a6546b4aa79bcaefada01c8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:25:28 2013 +0200

    Add arm defines for __NR_signalfd(4)
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 590ae889334b01a59606a1a8952d976098bd6123
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:22:38 2013 +0200

    Android now uses a sane clone() definition
    
    The current Android NDK provides a clone() defintion that's identical to
    eglibc's so we can drop the ifdef from that one.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit bff13ba210ed61f756fc82adce1921f84b43ffe0
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:19:44 2013 +0200

    Define BLKGETSIZE64 and LO_FLAGS_AUTOCLEAR
    
    Those two aren't always around (specifically on bionic), so add some
    defines in case they aren't already defined.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 92adc3e911314a6f90986d8410ec0ff4b82c9f79
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:18:15 2013 +0200

    Export the local getmntent_r implementation
    
    New code now uses getmntent_r so we need it exported so that it can be
    used when building on bionic.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 11:53:11 2013 +0200

    Replace all calls to rindex by strrchr
    
    The two functions are identical but strrchr also works on Bionic.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 11:47:10 2013 +0200

    Add a local implementation of ifaddrs.h
    
    This adds a local ifaddrs implementation to be used on Bionic or other C
    libraries that don't come with a getifaddrs implementation.
    
    This code was written by Kenneth MacKay and is under a two-clause BSD
    license (copyright information in the file headers).
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit d24d56d7ee3420bb79238ff84cad07c20cf4757d
Author: Scott Moser <smoser at ubuntu.com>
Date:   Fri Aug 16 16:47:32 2013 -0400

    ubuntu-cloud-prep: patch /sbin/start for overlayfs
    
    upstart depends on inotify, and overlayfs does not support inotify.
    
    That means that the following results in 'tgt' not running. tgt is simply
    used here as an example of a service that installs an upstart job and
    starts it on package install.
     lxc-clone -s -B overlayfs -o source-precise-amd64 -n test1
     lxc-start -n test1
     ..
     apt-get install tgt
    
    The change here is to modify /sbin/start inside the container so that when
    something explicitly tries 'start', it results in an explicit call to
    'initctl reload-configuration' so that upstart is aware of the newly
    placed job.
    
    Should overlayfs ever gain inotify support, this should still not cause
    any harm.
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 16 15:50:25 2013 -0500

    lxc-clone: default to overlaysf for -s clone of dir
    
    If you go to the trouble to request a -s (snapshot) clone of
    a container which is dir backingstore, then you deserve an
    overlayfs clone.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 6fe93aa1877359365a07d9110e0e2dbfb3b0205f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 16 13:34:36 2013 -0500

    cgroup.c: remove spurious ERROR messages
    
    Because they are in probing functions.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit d74325c436457b87b17e3ea598a9eb4ba66e0d49
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 14:57:44 2013 +0200

    Replace a few more str(n)dupa by str(n)dup + free
    
    strdup and strndup still don't exist on bionic, so we need to do the
    alloc() call ourselves or free the memory by hand.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1d374b9725e53d8b099970c1b501d56d599c4772
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 16 12:09:02 2013 +0200

    Add attach_options.h to the list of included files
    
    Without this, make dist doesn't include it and LXC fails to build.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Aug 15 15:37:30 2013 -0500

    document new lxc-create btrfs behavior
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d44e88c26690a56f9efac58f602dba06c9ec0c90
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Aug 15 12:55:50 2013 -0500

    bdev: support -B best and -B lvm,dir
    
    -B dev will check whether btrfs, zfs, or lvm can be used,
    in that order, and fall back to dir.
    
    -B lvm,btrfs will try lvm first, then btrfs, then fail.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d3060bd055eac45c1767e1e80fcaba763eb7477d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Aug 15 12:22:26 2013 -0500

    bdev_create: don't default to btrfs if possible
    
    Ideally it would be great to default to a btrfs subvolume for each new
    container created.  However, this is not as we previously thought
    without consequence.  'rsync --one-file-system' will not descend into
    btrfs subvolumes.  This means that 'lxc-create -B _unset' will cause
    different behavior for rsync -vax /var/lib/lxc based on whether that
    fs is btrfs or not.
    
    So don't do that.  If -B is not specified, use -B dir.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d007f8ab3da297ed0de884e0c6e57a66de2fcb42
Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Date:   Thu Aug 15 14:27:05 2013 +0800

    Add subdir-objects option to AM_INIT_AUTOMAKE
    
    Fix build with automake 1.14 and newer, since it requires explicit
    setting now.
    
    Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit bf7d3153c925ca1404662a8fe031da27308f4187
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date:   Thu Aug 15 13:57:50 2013 -0400

    lxc-fedrora: New patch for systemd detection and init configuration.
    
    Satoshi Matsumoto certainly had the right idea and in spotting a bug in
    the lxc-fedora template for systemd detection.  Heart was in the right
    spot but patch was not what we needed.
    
    I've looked the patch code over for systemd support and init/upstart
    support and modified the logic appropriately.  If /etc/systemd/system
    exists, we'll do the right thing by systemd.  If /etc/rc.sysinit exists,
    we'll do the right thing by init / upstart.  If both are installed,
    we'll trying and accommodate both in case someone is playing games with
    the two (I've done this).
    
    Patch was trivial, just took more time to actually test it and create
    some containers with it and verify them, than it did to code them.
    
    Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3d5e9f4801c0311a6300fc781a4c0a09a6d463fe
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue Aug 13 23:04:37 2013 +0200

    attach: implement remaining options of lxc_attach_set_environment
    
    This patch implements the extra_env and extra_keep options of
    lxc_attach_set_environment.
    
    The Python implementation, the C container API and the lxc-attach
    utility are able to utilize this feature; lxc-attach has gained two new
    command line options for this.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit d7a09c630b2150636bf4dfb266bc632abd65dfa8
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue May 21 14:57:06 2013 +0200

    python: add attach support
    
    Add methods attach() and attach_wait() to the Python API that give
    access to the attach functionality of LXC. Both accept two main
    arguments:
    
    1. run: A python function that is executed inside the container
    2. payload: (optional) A parameter that will be passed to the python
                function
    
    Additionally, the following keyword arguments are supported:
    
    attach_flags: How attach should operate, i.e. whether to attach to
                  cgroups, whether to drop capabilities, etc. The following
                  constants are defined as part of the lxc module that may
                  be OR'd together for this option:
                    LXC_ATTACH_MOVE_TO_CGROUP
                    LXC_ATTACH_DROP_CAPABILITIES
                    LXC_ATTACH_SET_PERSONALITY
                    LXC_ATTACH_APPARMOR
                    LXC_ATTACH_REMOUNT_PROC_SYS
                    LXC_ATTACH_DEFAULT
    namespaces: Which namespaces to attach to, as defined as the flags that
                may be passed to the clone(2) system call. Note: maybe we
                should export these flags too.
    personality: The personality of the process, it will be passed to the
                 personality(2) syscall. Note: maybe we should provide
                 access to the function that converts arch into
                 personality.
    initial_cwd: The initial working directory after attaching.
    uid: The user id after attaching.
    gid: The group id after attaching.
    env_policy: The environment policy, may be one of:
                  LXC_ATTACH_KEEP_ENV
                  LXC_ATTACH_CLEAR_ENV
    extra_env_vars: A list (or tuple) of environment variables (in the form
                    KEY=VALUE) that should be set once attach has
                    succeeded.
    extra_keep_env: A list (or tuple) of names of environment variables
                    that should be kept regardless of policy.
    stdin: A file/socket/... object that should be used as stdin for the
           attached process. (If not a standard Python object, it has to
           implemented the fileno() method and provide a fd as the result.)
    stdout, stderr: See stdin.
    
    attach() returns the PID of the attached process, or -1 on failure.
    
    attach_wait() returns the return code of the attached process after
    that has finished executing, or -1 on failure. Note that if the exit
    status of the process is 255, -1 will also be returned, since attach
    failures result in an exit code of 255.
    
    Two default run functions are also provided in the lxc module:
    
    attach_run_command: Runs the specified command
    attach_run_shell: Runs a shell in the container
    
    Examples (assumeing c is a Container object):
    
    c.attach_wait(lxc.attach_run_command, 'id')
    c.attach_wait(lxc.attach_run_shell)
    def foo():
      print("Hello World")
      # the following line is important, otherwise the exit code of
      # the attached program will be -1
      # sys.exit(0) will also work
      return 0
    c.attach_wait(foo)
    c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'])
    c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'],
                  attach_flags=(lxc.LXC_ATTACH_DEFAULT &
                  ~lxc.LXC_ATTACH_MOVE_TO_CGROUP))
    
    Note that while it is possible to execute Python code inside the
    container by passing a function (see example), it is unwise to import
    modules, since there is no guarantee that the Python installation
    inside the container is in any way compatible with that outside of it.
    If you want to run Python code directly, please import all modules
    before attaching and only use them within the container.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit b7f2846aabb8c1c59b078b4c529e60ea254432f1
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue Aug 13 21:36:58 2013 +0200

    python: improve convert_tuple_to_char_pointer_array
    
    convert_tuple_to_char_pointer_array now also accepts lists and not only
    tuples when converting to a C array. Other fixes:
    
     - some checking that it's actually a list/tuple before trying to
       convert
     - off-by-a-few-bytes allocation error
       (sizeof(char *)*n+1 vs. sizeof(char *)*(n+1)/calloc(...))
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 626ad11bfee3e12e675f51e92920030a6f383b19
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue Aug 13 21:33:19 2013 +0200

    apparmor/attach: make sure buffer is NUL-terminated
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit a0e93eeb2293e15a18e6c56271d13907f082c4df
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue May 21 14:57:06 2013 +0200

    Add attach support to container C API
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 61a1d519f472c1ac95c641d974401c932f82be66
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue May 21 14:56:00 2013 +0200

    Add helper functions to convert va_list of char* to char**.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 9c4693b853c5a9ab2156544ee3334a082cdba420
Author: Christian Seiler <christian at iwakd.de>
Date:   Wed May 8 14:57:35 2013 +0200

    lxc-attach: Completely rework lxc-attach and move to API function
    
     - Move attach functionality to a completely new API function for
       attaching to containers. The API functions accepts the name of the
       container, the lxcpath, a structure indicating options for attaching
       and returns the pid of the attached process. The calling thread may
       then use waitpid() or similar to wait for the attached process to
       finish. lxc-attach itself is just a simple wrapper around the new
       API function.
    
     - Use CLONE_PARENT when creating the attached process from the
       intermediate process. This allows the intermediate process to exit
       immediately after attach and the original thread may supervise the
       attached process directly.
    
     - Since the intermediate process exits quickly, its only job is to
       send the original process the pid of the attached process (as seen
       from outside the pidns) and exit. This allows us to simplify the
       synchronisation logic by quite a bit.
    
     - Use O_CLOEXEC / SOCK_CLOEXEC on (hopefully) all FDs opened in the
       main thread by the attach logic so that other threads of the same
       program may safely fork+exec off. Also, use shutdown() on the
       synchronisation socket, so that if another thread forks off without
       exec'ing, the synchronisation will not fail. (Not tested whether
       this solves this issue.)
    
     - Instead of directly specifying a program to execute on the API
       level, one specifies a callback function and a payload. This allows
       code using the API to execute a custom function directly inside the
       container without having to execute a program. Two default callbacks
       are provided directly, one to execute an arbitrary program, another
       to execute a shell. The lxc-attach utility will always use either
       one of these default callbacks.
    
     - More fine-grained control of the attached process on the API level
       (not implemented in lxc-attach utility yet, some may not be sensible):
         * Specify which file descriptors should be stdin/stdout/stderr of
           the newly created process. If fds other than 0/1/2 are
           specified, they will be dup'd in the attached process (and the
           originals closed). This allows e.g. threaded applications to
           specify pipes for communication with the attached process
           without having to modify its own stdin/stdout/stderr before
           running lxc-attach.
         * Specify user and group id for the newly attached process.
         * Specify initial working directory for the newly attached
           process.
         * Fine-grained control on whether to do any, all or none of the
           following: move attached process into the container's init's
           cgroup, drop capabilities of the process, set the processes's
           personality, load the proper apparmor profile and (for partial
           attaches to any but not mount-namespaces) whether to unshare the
           mount namespace and remount /sys and /proc. If additional
           features (SELinux policy, SMACK policy, ...) are implemented,
           flags for those may also be provided.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 650468bb4a5c9a6c69b524f574e8d0f315f45c37
Author: Christian Seiler <christian at iwakd.de>
Date:   Tue May 21 11:58:35 2013 +0200

    Fix return type of read/write utility functions.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit b93aac46f2802b3639c1ac2ed0cf71174673d110
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 14 15:01:40 2013 -0500

    lxc-stop: exit with 1 or 2, not -1 or -2.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 01e6b7148046c3f41849d093bc61454279792b80
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 14 14:58:48 2013 -0500

    lxc_destroy: print an error if the container is not defined.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 9 23:47:37 2013 -0500

    cgroups: rework to handle nested containers with multiple and partial mounts
    
    Currently, if you create a container and use the mountcgruop hook,
    you get the /lxc/c1/c1.real cgroup mounted to /.  If you then try
    to start containers inside that container, lxc can get confused.
    This patch addresses that, by accepting that the cgroup as found
    in /proc/self/cgroup can be partially hidden by bind mounts.
    
    In this patch:
    
    Add optional 'lxc.cgroup.use' to /etc/lxc/lxc.conf to specify which
    mounted cgroup filesystems lxc should use.  So far only the cgroup
    creation respects this.
    
    Keep separate cgroup information for each cgroup mountpoint.  So if
    the caller is in devices cgroup /a but cpuset cgroup /b that should
    now be ok.
    
    Change how we decide whether to ignore failure to set devices cgroup
    settings.  Actually look to see if our current cgroup already has the
    settings.  If not, add them.
    
    Finally, the real reason for this patch: in a nested container,
    /proc/self/cgroup says nothing about where under /sys/fs/cgroup you
    might find yourself.  Handle this by searching for our pid in tasks
    files, and keep that info in the cgroup handler.
    
    Also remove all strdupa from cgroup.c (not android-friendly).
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 070a4b8e68a6bf9a96c24ded47974388c83f1d57
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 9 21:08:28 2013 -0500

    lxc-user-nic: specify config and db files in autoconf
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 20ab58c777136a449b3199e0733b62fa87ecfa61
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Aug 9 14:48:35 2013 -0500

    add lxc-user-nic
    
    It is meant to be run setuid-root to allow unprivileged users to
    tunnel veths from a host bridge to their containers.  The program
    looks at /etc/lxc/lxc-usernet which has entries of the form
    
    	user type bridge number
    
    The type currently must be veth.  Whenver lxc-user-nic creates a
    nic for a user, it records it in /var/lib/lxc/nics (better location
    is needed).  That way when a container dies lxc-user-nic can cull
    the dead nic from the list.
    
    The -DISTEST allows lxc-user-nic to be compiled so that it uses
    files under /tmp and doesn't actually create the nic, so that
    unprivileged users can compile and test the code.  lxc-test-usernic
    is a script which runs a few tests using lxc-usernic-test, which
    is a version of lxc-user-nic compiled with -DISTEST.
    
    The next step, after issues with this code are raised and addressed,
    is to have lxc-start, when running unprivileged, call out to
    lxc-user-nic (will have to exec so that setuid-root is honored).
    On top of my previous unprivileged-creation patchset, that should
    allow unprivileged users to create and start useful containers.
    
    Also update .gitignore.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3fb18be95747034bf36f46be11b0eb288b2ec1b4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 14 09:57:12 2013 -0500

    hooks/Makefile.am: add ubuntu-cloud-prep
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit baece282266318a9bb527cefc85ebf7b6dd7f10e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 13 13:45:56 2013 -0500

    lxc.conf.sgml.in: note the arguments and environment variables passed to hooks
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8bb17b7791777538d8f7cc957939fc871843f218
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 13 00:05:49 2013 -0500

    mountcgroups: use the right configuration file!
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 79159a86ddb51071055abd7ee08935bc65b9e7a9
Author: Scott Moser <smoser at ubuntu.com>
Date:   Sat Aug 10 05:51:21 2013 -0400

    ubuntu-cloud-prep: cleanup, fix bug with userdata
    
    --userdata was broken, completely missing an implementation.
    This adds that implementation back in, makes 'debug' logic
    correct, and then also improves the doc at the top.
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 034a01593a4ae10d6f1e49b71afbfff70cfc226c
Author: Franz Pletz <fpletz at fnordicwalking.de>
Date:   Mon Aug 12 14:01:39 2013 +0200

    lxc-destroy: Fix regular expression for getting rootfs
    
    The `lxc-destroy` script was using a simple `grep` for extracting
    `lxc.rootfs` from the lxc config. This regex also matches commented lines
    and breaks at least removing btrfs subvolumes if the string `lxc.rootfs`
    is mentioned in a comment. Furthermore, due to the unescaped dot in the
    regex it would also match other wrong strings like `lxc rootfs`.
    
    This patch modifies the regular expression to correctly match the beginning
    of the line plus potential whitespace characters and the string
    `lxc.rootfs`.
    
    Signed-off-by: Franz Pletz <fpletz at fnordicwalking.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 54e339f91785368a7825b2edaad04c2177a1a382
Author: Scott Moser <smoser at ubuntu.com>
Date:   Fri Aug 9 15:37:23 2013 +0100

    ubuntu-cloud-prep: fix bad declare of VERBOSITY
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 65d8ae9c4a66f5ca85289c02dc06d63261c84619
Author: Scott Moser <smoser at ubuntu.com>
Date:   Thu Aug 8 19:16:59 2013 +0100

    add a clone hook for ubuntu-cloud images
    
    This allows ability to now specify '--userdata' arguments to 'create' or
    to 'clone'. So now, the following means very fast start of instances with
    different user-data.
    
    $ sudo lxc-create -t ubuntu-cloud -n precise -- \
       -r precise --arch amd64
    
    $ sudo lxc-clone -B overlayfs -o precise -s -n ephem1 \
       --userdata="my.userdata1"
    $ sudo lxc-clone -B overlayfs -o precise -s -n ephem2 \
       --userdata="my.userdata2"
    
    Also present here is
     * an improvement to the static list of Ubuntu releases. It uses
       ubuntu-distro-info if available degrades back to a static list on failure.
     * moving of the replacement variables to the top of the create template This
       is just to make it more obvious what is being replaced and put them in a
       single location.
    
    Signed-off-by: Scott Moser <smoser at ubuntu.com>

commit 1c8e4ee0a08638e35732a0ddd0052ecde49fbecb
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 9 15:06:02 2013 +0200

    Cleanup Makefile.am
    
    Remove some dead code and fix identation, no functional change.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 4a0ba80d62c0d8aeb5c9857749659fdf716c380a
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Aug 9 11:32:55 2013 +0200

    Replace mktemp() by a new mkifname()
    
    Using mktemp() leads to build time warnings and isn't actually
    appropriate for what we want to do as it's checking for the existence of
    a file and not a network interface.
    
    Replace those calls by an equivalent mkifname() function which uses the
    same template as mktemp but instead checks for existing network
    interfaces.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b40a606e52c788db85fe1c42d3747483d159b6a5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Aug 6 14:56:48 2013 -0500

    Logging: don't confuse command line and config file specified values
    
    Currently if loglevel/logfile are specified on command line in a
    program using LXC api, and that program does any
    container->save_config(), then the new config will be saved with the
    loglevel/logfile specified on command line.  This is wrong, especially
    in the case of
    
    cat > lxc.conf << EOF
    lxc.logfile=a
    EOF
    
    lxc-create -t cirros -n c1 -o b
    
    which will result in a container config with lxc.logfile=b.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 96532523ef90ea6ce3f08ec7d74c3c850b885e50
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Aug 5 15:20:29 2013 -0500

    lxc-clone: don't s/oldname/newname in the config file and hooks
    
    1. container hooks should use lxcpath and lxcname from the environment.
    2. the utsname now gets separately updated
    3. the rootfs path gets updated by the bdev backend.
    4. the fstab mount targets should be relative
    5. the fstab source directories could be separately updated if needed.
    
    This leaves one definate bug: the lxc.logfile does not get updated.
    This made me wonder why it was in the configuration file to begin with.
    Digging deeper, I realized that whatever '-o outfile' you give
    lxc-create gets set in log.c and gets used by the lxc_container object
    we create at write_config().  So if you say
    	lxc-create -t cirros -n c1 -o /tmp/out1
    then /var/lib/lxc/c1/config will have lxc.logfile=/tmp/out1 - which is
    clearly wrong.  Therefore I leave fixing that for later.
    
    I'm looking for candidates for $p/$n expansion.  Note we can't expand
    these at config_utsname() etc, because then lxc-clone would see the
    expanded variable.  So we want to read $p/$n verbatim at config_*(),
    and expand them only when they are used.  lxc.logfile is an obvious
    good use case.  lxc.utsname can do it too, in case you want container
    c1 to be called "c1-whatever".  I'm not sure that's worth it though.
    Are there any others, or is that it?
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Aug 7 08:53:07 2013 -0500

    ubuntu-cloud: remove debugging echo
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit c9cbb9e51436f84d7871a50776dccacfd8dc196a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 26 22:57:10 2013 +0200

    cgroups: fix the recently broken setting of clone_children
    
    Several places think that the current cgroup will be NULL rather
    than "/" when we're in the root cgroup.  Fix that.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2c495ae35a804e3c12cb9f4826c30295043986ce
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 22 23:59:18 2013 -0500

    cgroup_enter: catch write errors
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit d155b47dac549a5c30c0011923274e3744109c91
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 22 15:23:58 2013 -0500

    define lxc-usernsexec
    
    It uses the newuidmap and newgidmap program to start a shell in
    a mapped user namespace.  While newuidmap and newgidmap are
    setuid-root, lxc-usernsexec is not.
    
    If new{ug}idmap are not available, then this program is not
    built or installed.  Otherwise, it will be used to support creating,
    starting, destroying, etc containers by unprivileged users using
    their authorized subuids and subgids.
    
    Example:
    	usernsexec -m u:0:100000:1 -- /bin/bash
    
    will, if the user is authorized to use subuid 100000, start a
    bash shell in a user namespace where 100000 on the host is
    mapped to root in the namespace, and the shell is running as
    (privileged) root.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 469b57873977afcb5d9f5adb00097c944caedd2a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 22 14:09:19 2013 -0500

    lxclock: use XDG_RUNTIME_DIR for lock if appropriate (v2)
    
    If we are euid==0 or XDG_RUNTIME_DIR is not set, then use
    /run/lock/lxc/$lxcpath/$lxcname as before.  Otherwise,
    use $XDG_RUNTIME_DIR/lock/lxc/$lxcpath/$lxcname.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Cc: Stéphane Graber <stephane.graber at canonical.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit b60ed720848c8276e4e770d380ec6014768d9923
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 10 12:35:26 2013 -0700

    A few changes for unprivileged lxc-start
    
    When doing reboot test, must add clone_newuser to clone flags, else
    we can't clone(CLONE_NEWPID).
    
    If we don't have caps at lxc-start, don't refuse to start.  Drop the
    lxc_caps_check() function altogether as it is unused now.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit b113383b84e5fcd2997a939d3f826a06b109e3d9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Jul 18 22:46:30 2013 -0500

    send current cgroup to lxc_cgroup_create()
    
    This is needed if we're going to have unprivileged users
    create containers inside cgroups which they own.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 1aad9e44d65e7c20dabc4c99f57bcf532db66c68
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 15 20:24:14 2013 -0500

    ubuntu-cloud: changes to support unprivileged use
    
    don't try to lock if using a specified tarball
    
    The lock/subsys/lxc-ubuntu-cloud lock is to protect the tarballs
    managed under /var/cache/lxc/cloud-$release.  Don't lock if we've
    been handed a tarball.
    
    fake device creation
    
    Unprivileged users can't create devices, so bind mount null, tty, urandom
    and console from the host.
    
    Changelog:
    	Jul 22: as Stéphane points out, remove a left-over debug line
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 8 20:25:06 2013 -0500

    lxc-create: support unpriv users
    
    Just make sure we are root if we are asked to deal with something other
    than a directory, and make sure we have permission to create the
    container in the given lxcpath.
    
    The templates will need much more work.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 5be56973e5e874a142263dfb164b0b03e18a65f3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 8 20:15:29 2013 -0500

    templates: require running as root
    
    Up to now lxc-create ensured that you were running as root.  Now the
    templates which require root need to do it for themselves.  Templates
    which do mknod definately require root.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 4165b2c65648b5df521c6e83b1cbad91d0896a00
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Jul 18 16:08:12 2013 -0500

    teach lxc-cirros about the --rootfs argument
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 6f259716e75552cf46ee5125bdbd21e34456d0c0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Jul 17 09:38:28 2013 -0500

    ubuntu templates: add some kernel filesystems to container fstab
    
    The debugfs, fusectl, and securityfs may not be mounted inside a
    non-init userns.  But mountall hangs waiting for them to be
    mounted.  So just pre-mount them using $lxcpath/$name/fstab as
    bind mounts, which will prevent mountall from trying to mount
    them.
    
    If the kernel doesn't provide them, then the bind mount failure
    will be ignored, and mountall in the container will proceed
    without the mount since it is 'optional'.  But without these
    bind mounts, starting a container inside a user namespace
    hangs.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 8058be395d46cfabf2dacd7df79e95309619986a
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Jul 16 10:35:02 2013 -0400

    clone: only update <rootfs>/etc/hostname if it exists
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 819554fe20bbc0ce720b5ed0d5b8e53aeba6b284
Author: John McFarlane <john at rockfloat.com>
Date:   Fri Jul 12 14:06:20 2013 -0700

    Make get_ips timeout poll configurable
    
    This commit increases the default timeout used by lxc-start-ephemeral
    from 5 to 10, and adds support for an LXC_IP_TIMEOUT override.
    
    Patchset 2:
      - Previous patch used a command line arg.
    
    Signed-off-by: John McFarlane <john at rockfloat.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 5202677243dcda16ab97c07d497174726198f7ab
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Jul 16 08:11:56 2013 -0500

    lxccontainer: don't define certain variables if !HAVE_GNUTLS
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 27c27d73e1b1a07e3621484fa033206549e2a1f5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 15 16:42:15 2013 -0500

    userns: clear and save id_map (v2)
    
    Otherwise (a) there is a memory leak when using user namespaces and
    clearing a config, and (b) saving a container configuration file doesn't
    maintain the userns mapping.  For instance, if container c1 has
    lxc.id_map configuration entries, then
    
    python3
    import lxc
    c=lxc.Container("c1")
    c.save_config("/tmp/config1")
    
    should show 'lxc.id_map =' entries in /tmp/config1.
    
    Changelog for v2:
       1. fix incorrect saving of group types (s/'c'/'g')
       2. fix typo -> idmap->type should be idmap->idtype
    
    Reported-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>
    Tested-by: Dwight Engen <dwight.engen at oracle.com>

commit 3ce746862b2a2b33f3de65aeecda0bad1a5dd27c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 12 14:07:23 2013 -0500

    lxc_create: prepend pretty header to config file (v2)
    
    Define a sha1sum_file() function in utils.c.  Use that in lxcapi_create
    to write out the sha1sum of the template being used.  If libgnutls is
    not found, then the template sha1sum simply won't be printed into the
    container config.
    
    This patch also trivially fixes some cases where SYSERROR is used after
    a fclose (masking errno) and missing consts in mkdir_p.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 868a70afead6cc48a4c883126ea3ef01b6ec57e0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 12 15:33:06 2013 -0500

    ubuntu-cloud template: accept --rootfs argument
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 6a2e602b1b03617e77dcd4b5f82f34713a970ac4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 12 14:08:17 2013 -0500

    remove old lxc-create script.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit dc23c1c817da5c13529432270e51d0f7f3b1e95e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 12 09:44:41 2013 -0500

    create: add a quiet flag
    
    If set, then fds 0,1,2 will be redirected while the creation
    template is executed.
    
    Note, as Dwight has pointed out, if fd 0 is redirected, then if
    templates ask for input there will be a problem.  We could simply
    not redirect fd 0, or we could require that templates work without
    interaction.  I'm assuming here that we want to do the latter, but
    I'm open to changing that.
    
    Reported-by: "S.Çağlar Onur" <caglar at 10ur.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ae13ae0853a246119ddaf9c8cc6d128a21a8988c
Author: zoolook <nbensa+lxcusers at gmail.com>
Date:   Thu Jul 11 20:38:02 2013 -0300

    lxc_clone.c: Allow size subfixes for -L parameter
    
    lxc-clone ignores size subfixes (K, M, G) when using -L parameter. The
    following is a quick patch to allow, for example, lxc-clone -L 10G.
    
    Signed-off-by: Norberto Bensa <nbensa at gmail.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 283678ed2ccd88a6ba57fcb28516311adcdb6fac
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jul 5 19:34:55 2013 -0500

    Accomodate stricter devices cgroup rules
    
    3.10 kernel comes with proper hierarchical enforcement of devices
    cgroup.  To keep that code somewhat sane, certain things are not
    allowed.  Switching from default-allow to default-deny and vice versa
    are not allowed when there are children cgroups.  (This *could* be
    simplified in the kernel by checking that all child cgroups are
    unpopulated, but that has not yet been done and may be rejected)
    
    The mountcgroup hook causes lxc-start to break with 3.10 kernels, because
    you cannot write 'a' to devices.deny once you have a child cgroup.  With
    this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets
    the container's devices cgroup, and (c) setup_cgroup() during lxc startup
    ignores failures to write to devices subsystem if we are already in a
    child of the container's new cgroup.
    
    ((a) is not really related to this bug, but is definately needed.
    The followup work of making the other hooks use the passed-in lxcpath
    is still to be done)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit cbee8106e38f9ffa130c7bf8be325f7f203da67a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Jul 10 23:30:29 2013 -0500

    lxcapi_create: fix template handling
    
    1. If no template is passed in, then do not try to execute it.  The user
    just wanted to write the configuration.
    
    2. If template is passed in as a full path, then use that instead of
    constructing '$templatedir/lxc-$template'.
    
    Reported-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 96b3cb407c07915db2cd0542c313a4bff4d1d389
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Jul 10 23:29:20 2013 -0500

    lxcapi_create: split out the template execution
    
    Make it its own function to make both more readable.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fb75356a85e3097db77386e7c62836a3ee69217f
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Jul 9 14:44:36 2013 -0400

    oracle template: use clonehostname hook script
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1143ed392d2760e8f7aeee88d570bb0ba151885f
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Jul 9 16:19:45 2013 -0400

    add clonehostname hook
    
    This hook script updates the hostname in various files under /etc in the
    cloned container. In order to do so, the old container name is passed in
    the LXC_SRC_NAME environment variable.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b9b3a92f664fe3966decd0411b25fb6b77425e23
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date:   Tue Jul 9 15:40:38 2013 -0400

    lxc-fedora template - Fix retries, use os-release for release, add utsname.
    
    Hey all!
    
    Patch for the Fedora template.  Several things...
    
    1) A month or so ago, I floated an idea of adding an option for utsname
    which Serge seemed to like but we let it float for more feedback (none
    came).
    
    2) In private mail to Serge and Stéphane I mentioned the idea of using
    the CPE (Common Platform Enumeration) for host distro and version
    identification.  I heard back from Serge but not Stéphane.  CPE is a
    standard promoted by NIST and Mitre (along with CVE and CVSS) as part of
    the security community as a common identification mechanism.  It's
    supported by RedHat based distros and many others (notable exception
    Ubuntu).  I've patched the Fedora template to parse first
    the /etc/os-release file or, alternatively, the /etc/system-release-cpe
    file for the distro ID and version instead of the human
    readable /etc/redhat-release.  There's more that can be done with that
    in the realm of cross distro container builds, I suspect.
    
    3) At the time of working on 1&2 I noticed that the retry logic in the
    Fedora template just didn't seem right.  I believe I posted a message
    asking for clarification on that behavior.  A recently post in the
    -users list indicating that someone could not create a Fedora 19
    container (because the release ver string was 19-2 and the template was
    only looking for -1) prompted me to rework the retry logic for handling
    the mirror list and servers as well as revamp the download logic to
    properly identify the correct release package.
    
    The patch for all of the above is attached below the jump.  It's been
    tested on Fedora 17 through Fedora 19 hosts and has created containers
    for F11, F12, F13, F14, F16, F17, F18, and F19.  F15 failed for rpm
    dependency issues that are not worth fixing (IMHO).
    
    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
       /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
       NIC whois: MHW9          | An optimist believes we live in the best of all
     PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
    
    --
    
    Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3327917f4a991a49ba1562b774c63c45139772eb
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Jul 9 18:07:26 2013 -0400

    fix potential out of bounds pointer deref
    
    I noticed that if find_first_wholeword() is called with word at the very
    beginning of p, we will deref *(p - 1) to see if it is a word boundary.
    Fix by considering p = p0 to be a word boundary.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9313e1e628160ca64f9e7fcec6500056c9a0725f
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Tue Jul 9 18:30:52 2013 -0400

    ubuntu: Tweak layout of the config
    
    Just add an extra white line to both templates.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 6cda3f5ac1e3a20a97a419923e587d6bdb1fece9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Mon Jul 8 13:02:52 2013 -0400

    ubuntu: Fix openssh postinst call in >= saucy
    
    The new openssh uses a different mechanism to start/stop the daemon
    which in turn requires a few tweaks in our template to deal with both
    the new and old ways of doing that.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit b58e60e232a3049d946a3b18e6f21912cd3453f0
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Mon Jul 8 11:01:36 2013 -0400

    lxc-start-ephemeral: Fix console() and add storage option
    
    The introduction of the new console() python API broke
    lxc-start-ephemeral's console(tty=1) call, I now changed that to
    console() which does the right thing with both API versions.
    
    This also adds a new storage-type option, letting the user choose to use
    a standard directory instead of tmpfs for the container (but still have
    it ephemeral).
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 39ffde307ad83bd407aaa6a0d81682902bab248b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Mon Jul 8 10:46:20 2013 -0400

    python: Update scripts to respect PEP-8 spec
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit b0f9616f6227f56dce8ca2514610f432ba4fab8a
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Mon Jul 8 10:41:32 2013 -0400

    python: Re-introduce timeout in get_ips
    
    It turns out that most API users want some kind of timeout option for
    get_ips, so instead of re-implementing it in every single client
    software, let's just have it as a python overlay upstream.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 18efb001a4498f8fc62ab37f1db552fdf001e798
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri Jul 5 12:17:15 2013 -0400

    fix sshd template
    
    Commit a0a2066d introduced an lxc subdir into the lxc-init path, but
    this was never reflected in the sshd template. Add it there.
    
    Don't have ssh-keygen ask for passphrase since host keys are not
    supposed to use them.
    
    Don't try to symlink kmsg since /dev is bind mounted readonly.
    
    Read-only bind mount some extra /etc directories, and sysfs which are
    needed by dhclient on Fedora and Oracle Linux. Fix mounting of /proc.
    
    Find sshd in more places by adding some common paths to $PATH, and
    use the found path to it instead of hardcoded /usr/sbin.
    
    Check for ifconfig command, and print out container's IP address.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ef091cefca5082007678fe82ad01389f7057ca48
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date:   Wed Jul 3 12:00:53 2013 -0400

    lxcapi_set_cgroup_item: remove duplicate == 0
    
    Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9c631ea7c2906f41b23f5c8dcc9f6045078879db
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Jul 1 12:38:23 2013 -0400

    allow lxc-info to get running container configuration
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Jul 1 12:38:15 2013 -0400

    fix -c argument handling
    
    commit 829dd918 added parsing of a -c argument to both the common options
    handling and to lxc-start. It is not a common option, and should have only
    been added to lxc-start. Because the common code is processing it, no other
    command can use -c. Remove -c from being processed by the common code.
    Tested that -c still works with lxc-start.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 53f3f04845a9eb60064c302e1f95652f665809f1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jul 1 15:32:25 2013 -0500

    lxc_conf_init: make sure strdup succeeded
    
    unlikely as a failure may be...
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2e599a6a25b533fe63840edc34ee265811b7b814
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Fri Jun 28 16:56:51 2013 +0200

    lxc-alpine: make --release work when apk exists
    
    Use sed to set the specified alpine release in the copied
    /etc/apk/repositories
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 982e7b6ea40ea57923f4f094858424debc1a5f7f
Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date:   Wed Jun 26 11:15:00 2013 +0300

    lxc-alpine: option for specifying the release to be installed
    
    Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 85b41c7d7f72213199b5cff9525d17f44b49a842
Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date:   Wed Jun 26 11:14:59 2013 +0300

    lxc-alpine: automatic repository selection
    
    pick random server from mirror list
    use the latest stable release
    
    Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 37cb98a2b7e5c7b0abf69f261a16d759453492f1
Author: Andrew Gilbert <andrewg800 at gmail.com>
Date:   Thu Jun 27 08:09:05 2013 -0500

    Add -n differentiation to lxc-netstat
    
    lxc-netstat now only processes an -n argument if it has not previously
    received a value for $name from --name or -n. If it _has_ received such
    a value, it stops processing arguments and leaves the -n for netstat.
    This does not apply to the use of --name after a name has been provided
    by --name or -n; the current behaviour continues. The new behaviour
    makes
    	netstat -n <container> -n -a
    behave like
    	netstat -n <container> -a -n
    which already will act as though there is '--' between '<container>' and
    '-a' (see line 91 of lxc-netstat.in).
    
    Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1a7cb0850405b271b7bedacd243235f29cd368df
Author: Andrew Gilbert <andrewg800 at gmail.com>
Date:   Thu Jun 27 08:07:14 2013 -0500

    Add double-dash to lxc-netstat re-call arguments
    
    When lxc-netstat was called by lxc-unshare, it would be given the
    arguments intended for netstat from the first invocation, but without
    anything to separate them from the arguments intended for lxc-netstat.
    This meant that netstat arguments like -n would result in lxc-netstat
    trying to process them.
    
    Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 176d9acb2ec17211a0d69bd2bd99f914fad8d7ad
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jun 21 14:16:42 2013 -0500

    api_clone: don't remove storage if we haven't created it
    
    In the best case we'll get errors about failing to remove it.  In the
    worst case we'll be trying to delete the original container's rootfs.
    
    Reported-by: zoolook <nbensa+lxcusers at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ae3f8cf9a4a03c62c6c12968b38b2352388df91c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Jun 21 14:15:42 2013 -0500

    Accept more word delimiters when updating hooks
    
    When updating container names in hook files during a container clone,
    we substitute the new container name for the old any time the old name
    shows up as a separate word.  This patch adds the four characters
    '.,_-' as additional delimiters.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 618fa49dddbedd2b7319c0089dffd8d65aef8369
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed Jun 19 14:12:37 2013 -0400

    lxc-start-ephemeral: Fix get_ips call
    
    The timeout option in get_ips has been deprecated, so work around it.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 54c30e290876c5fa6e4c7b5a511580793e4777e3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Jun 18 14:52:24 2013 -0500

    conf.c: always strdup rootfs.mount
    
    The reason is that the generic code which handles reading
    lxc.rootfs.mount always frees the old value if not NULL.
    So without this setting lxc.rootfs.mount = /mnt causes
    segfault.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 37903589a2de0cbd62f94c5fd06d0aa8d57ca140
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Jun 13 10:06:15 2013 -0500

    don't set up console for lxc-execute
    
    Currently due to some safety checks for !rootfs.path, lxc-execute works
    ok if you do not set lxc.rootfs at all in your lxc.conf. But if you
    set lxc.rootfs = '/', then it sets up console, and when you do an
    lxc-execute, the console appears hung.
    
    However the lxc.rootfs NULL check was just incidental to not dereference
    a NULL pointer.  In fact we should not be setting up a console if the
    container isn't running a full-fledged distro with a getty/login
    running on the container's /dev/console.
    
    Have lxc_execute() mark in lxc_conf that this is a lxc-execute and not
    an lxc-start, and don't set up the console.
    
    The issue is documented at https://sourceforge.net/p/lxc/bugs/67/ .
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit b515981702133b9aaea1aff378493f054c14d46c
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Jun 12 08:09:16 2013 -0700

    console API improvements
    
    Add a higher level console API that opens a tty/console and runs the
    mainloop as well. Rename existing API to console_getfd(). Use these in
    the python binding.
    
    Allow attaching a console peer after container bootup, including if the
    container was launched with -d. This is made possible by allocation of a
    "proxy" pty as the peer when the console is attached to.
    
    Improve handling of SIGWINCH, the pty size will be correctly set at the
    beginning of a session and future changes when using the lxc_console() API
    will be propagated to it as well.
    
    Refactor some common code between lxc_console.c and console.c. The variable
    wait4q (renamed to saw_escape) was static, making the mainloop callback not
    safe across threads. This wasn't a problem when the callback was in the
    non-threaded lxc-console, but now that it is internal to console.c, we have
    to take care of it. This is now contained in a per-tty state structure.
    
    Don't attempt to open /dev/null as the console peer since /dev/null cannot
    be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed
    to get the console setup (and the log to work) since the case of not having
    a peer at console init time has to be handled to allow for attaching to it
    later.
    
    Move signalfd libc wrapper/replacement to utils.h.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5d4d3ebb13705d1e102429c75fc06932f81816dd
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Wed Jun 12 11:18:04 2013 +0200

    lxc-init: continue even if we fail to mount /dev/mqueue
    
    The 'lxc-init' (a lightweight init process used by lxc-execute in place
    of upstart etc) tries to mount /dev/mqueue during startup. If that fails
    (for instance due to missing support for mqueue in kernel) then it
    aborts execution and returns -1. This is unreasonable as very few
    applications actually need /dev/mqueue.
    
    This similar to what we do with /dev/shm.
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 71b0fed669a088675c1344ed68b250e87414c998
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Jun 5 17:37:03 2013 -0500

    lxclock: move container locks into /run/lock
    
    Currently the lxc API mutexes configuration file read/writes with a
    lock called $lxcpath/locks/$lxcname.  This fails if the container
    is on a rofs.
    
    This patch moves those locks under /run/lock/lxc.
    
    The $lxcpath/$lxcname/partial file is not moved - if you can't
    create it, you probably can't create the container either.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 54b79829e23e01998eeafb8156987937a894af3c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jun 10 11:52:44 2013 -0500

    lxc_stop: return success if api_shutdown succeeded
    
    I originally forgot to set ret = 0 if it succeeded, meaning that a
    simple 'lxc-stop -n container1' returns failure even though the
    stop succeeded.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jun 10 09:34:06 2013 -0500

    conf.c: if we don't specify a rootfs, we still need proc mounted
    
    otherwise we won't be allowed to set an apparmor context (on pid 1)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4
Author: Qiang Huang <h.huangqiang at huawei.com>
Date:   Fri Jun 7 15:27:32 2013 +0800

    lxc-execute: allow lxc-init to log only when we have a valid log level
    
    Right now if we use lxc-execute without log level set, we get error:
    lxc: invalid log priority NOTSET.
    Because we set log level manually in execute_start(), but didn't
    check if we have a valid log level or not, so fix it.
    
    Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 38973621a40a5657b067409321d54759520d7951
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date:   Thu Jun 6 19:59:31 2013 +0800

    lxc-ps: display process when container is frozen
    
    When we use lxc-ps to show the process, it's  more appropriate to
    show process when container is frozen.
    
    Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 31f58b3fcec322dba1eed71e364335c30500066c
Author: Rui Xiang <rui.xiang at huawei.com>
Date:   Sat Jun 8 18:04:47 2013 +0800

    lxc-monitord: remove hard code execvp path of lxc-monitord
    
    Sometimes, the path of lxc tools is not '/usr/bin', but
    '/usr/local/bin' or other. Then execvp lxc-monitord will fail
    in lxc_monitord_spawn.
    
    Signed-off-by: Rui Xiang <rui.xiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit f02abefef9a59658c813e08f86a91fbe09eabf00
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri Jun 7 10:07:36 2013 -0400

    fix check for lock acquired
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 93dc5327aa0c2b13d619b8bedf893eea983d4d68
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Jun 5 11:56:30 2013 -0500

    lxclock and lxccontainer: switch from flock to fcntl
    
    flock is not supported on nfs.  fcntl is at least supported on newer
    (v3 and above) nfs.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Tested-by: zoolook <nbensa+lxcusers at gmail.com>

commit 1af60b514fc9d8da2b4485e9e8845619fb6c6b68
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date:   Tue Jun 4 20:52:27 2013 +0800

    lxc-ps: fix the display problem with arg --lxc
    
    When we use arg --lxc to show processes in all containers, no
    process displays, so fix it.
    
    (Changelog: Serge: in-line fix of s/;;/;/ at line 69)
    
    Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Jun 2 15:39:35 2013 -0500

    implement loopback backing store
    
    Create a loopfile backed container by doing:
    
    	lxc-create -B loop -t template -n name
    
    or
    
    	lxc-clone -B loop -o dir1 -n loop1
    
    The rootfs in the configuration file will be
    
    	loop:/var/lib/lxc/loop1/rootdev
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit f002c8a7655e42a325ef6bad9fb0844fad4e410b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jun 3 18:19:01 2013 +0200

    lxc_create: support 'lxc-create -t <template> -h'
    
    With the lxc-create script, 'lxc-create -t template -h' used to call
    'template -h' to get template-specific help.  The api based lxc-create
    did not yet support that.
    
    Add a 'helpfn' method to the lxc_arguments, which is called at the end
    of printhelp, and passed the lxc_arguments.  Use that in lxc_create to
    reintroduce the desired behavior.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 4c1f6b67d9b842d9e5c293eea2ff19301ecc5596
Author: Qiang Huang <h.huangqiang at huawei.com>
Date:   Mon Jun 3 09:48:14 2013 +0800

    lxc-destroy: fix the wrong help info of lxc-destroy
    
    Changelog: jun 3: (Serge) trivial typo fix inline.
    
    Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3155e7f954d4b5d7da528d2a3cd8be254432e3c3
Author: Qiang Huang <h.huangqiang at huawei.com>
Date:   Mon Jun 3 09:48:13 2013 +0800

    lxc-create: fix the typo in help info
    
    Fix typo in help info of lxc-create, and get rid of duplicate
    comments in bdev.h
    
    Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 63c3090c913142cd19f443b040cdede2c0522ce8
Author: Qiang Huang <h.huangqiang at huawei.com>
Date:   Mon Jun 3 09:48:12 2013 +0800

    arguments: should return negative number when error happens
    
    We should return -ENOMEM instead of ENOMEM when realloc fails.
    
    Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 44ef0c0c7200ef4e8783387d886d3748da3d50fd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Jun 3 10:47:21 2013 -0500

    lxcapi_create: don't close stdin/out/err
    
    Otherwise we can't see template progress.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 569bee5cc3d647032573db8f72734faa9307d577
Author: Natanael Copa <ncopa at alpinelinux.org>
Date:   Tue May 28 10:25:14 2013 +0200

    lxc-alpine: download a static package manager if its missing
    
    If the package manager, apk-tools is missing, then:
     - download a static binary and public keys
     - verify the keys against embedded checksum
     - verify the signature of the static binary against the downloaded keys
     - use the verified static binary
    
    Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
    Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 0a18b5458b6d0fcad9a82b96f99035254af50c7a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 31 16:09:14 2013 +0200

    Define LXC_DEFAULT_CONFIG
    
    And use it in place of the various ways we were deducing /etc/lxc/default.conf.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 3a647d582dc759e43c2087f0d906adf77c62ab6c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 31 16:02:33 2013 +0200

    configure/makefile: rename default_conf to distro_conf
    
    configure/makefile: rename default_conf to distro_conf, since it is a per-distro
    default.  Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to
    refer to the installed file.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 3bc449ed24edc4b754cbe0af19fe878d29731f59
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 31 07:55:14 2013 -0500

    lxccontainer: update locking comment
    
    Update the LOCKING comment.
    
    Take mem_lock in want_daemonize.
    
    convert lxcapi_destroy to not use privlock/slock by hand.
    
    Fix a coverity-found potential dereference of NULL c->lxc_conf.
    
    api_cgroup_get_item() and api_cgroup_set_item(): use disklock,
    not memlock, since the values are set through the cgroup fs on
    the running container.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 73e608b21f73509c5f8c7a948cc6d4b0898edb2c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu May 30 11:22:16 2013 -0500

    waitpid at abort to make sure we can rmdir cgroups
    
    If we abort the container start, and don't wait for the init task to be
    reaped after we kill it, then we can't remove the container cgroup
    because it is not empty.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 39dc698cb4025516a3428a68e19da05feb6fc0e9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 29 12:26:25 2013 -0500

    lxccontainer: don't lock around getstate and freeze/unfreeze (v2)
    
    Those go through commands.c and are already mutex'ed that way.
    
    Also remove a unmatched container_disk_unlock in lxcapi_create.
    
    Since is_stopped uses getstate which is no longer locked, rename
    it to drop the _locked suffix.
    
    And convert save_config to taking the disk lock.  This way the
    save_ and load_config are mutexing each other, as they should.
    
    Changelog: May 29:
       Per Dwight's comment, take the lock before opening the config
          FILE *.
       Only take disklock at load and save_config when we're using the
       container's config file, not when read/writing from/to another
       file.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit 0115f8fd27b1a31d367bb161a121694f92b45e62
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 28 15:25:41 2013 -0400

    add console to lxc api
    
    Make lxc_cmd_console() return the fd from the socket connection to the
    caller. This fd keeps the tty slot allocated until the caller closes
    it. Returning the fd allows for a long lived process to close the fd
    and reuse consoles.
    
    Add API function for console allocation.
    
    Create test program for console API.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3db989bad5d58bafac80f448e1dd2d048e791478
Author: Qiang Huang <h.huangqiang at huawei.com>
Date:   Mon May 27 19:10:38 2013 +0800

    lxc-console: use fd instead of 0 in setup_tios
    
    We should use the fd specified by caller.
    
    Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit dc5e436e702f0bf4001e3e6e9f855443b2fcf448
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 28 15:18:22 2013 -0400

    lxc.spec.in: remove lxc-shutdown (for commit 3e625e2d)
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5790f7b7a76b9ccff662fdd6ff0013b8f218d020
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 28 15:27:42 2013 -0500

    api_clone: call is_stopped_locked() to avoid deadlock.
    
    Technically as Dwight has mentioned we should probably drop the locking
    from api_state() altogether, since those are protected through the
    lxc command system.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 64f782ca69c70fd155427a81d69fda593981e770
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 28 14:07:43 2013 -0500

    lxc.conf.sgml.in: fill in missing configuration file statements
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1897e3bcd36af9f3fe6d3649910a9adb93e5e988
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 17 23:23:17 2013 +0200

    Move container creation fully into the api
    
    1. implement bdev->create:
    
    python and lua: send NULL for bdevtype and bdevspecs.
    They'll want to be updated to pass those in in a way that makes
    sense, but I can't think about that right now.
    
    2. templates: pass --rootfs
    
    If the container is backed by a device which must be mounted (i.e.
    lvm) then pass the actual rootfs mount destination to the
    templates.
    
    Note that the lxc.rootfs can be a mounted block device.  The template
    should actually be installing the rootfs under the path where the
    lxc.rootfs is *mounted*.
    
    Still, some people like to run templates by hand and assume purely
    directory backed containers, so continue to support that use case
    (i.e. if no --rootfs is listed).
    
    Make sure the templates don't re-write lxc.rootfs if it is
    already in the config.  (Most were already checking for that)
    
    3. Replace lxc-create script with lxc_create.c program.
    
    Changelog:
    May 24: when creating a container, create $lxcpath/$name/partial,
    and flock it.  When done, close that file and unlink it.  In
    lxc_container_new() and lxcapi_start(), check for this file.  If
    it is locked, create is ongoing.  If it exists but is not locked,
    create() was killed - remove the container.
    
    May 24: dont disk-lock during lxcapi_create.  The partial lock
    is sufficient.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 60bf62d4ae36a48342fb8aee680fbd4b423810b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 17 07:20:10 2013 +0200

    destroy: implement in the api
    
    This requires implementing bdev->ops->destroy() for each of the backing
    store types.  Then implementing lxcapi_clone(), writing lxc_destroy.c
    using the api, and removing the lxc-destroy.in script.
    
    (this also has a few other cleanups, like marking some functions
    static)
    
    Changelog:
    	fold into destroy: fix zfs destroy
    	destroy: use correct program name in help
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3e625e2d2e12b919dd9590b97badc6108ee67b1a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu May 16 23:03:47 2013 +0200

    lxc-stop: use api, remove lxc_shutdown, extend lxc-stop functionality
    
    implement c->reboot(c) in the api.
    
    Also if the container is not running, return -2.  Currently
    lxc-stop will return 0, so you cannot tell the difference
    between successfull stopping and noop.
    
    Per stgraber's email:
    
     - Remove lxc-shutdown
     - Change lxc-stop so that:
       * Default behaviour is to call shutdown(), wait 15s for STOPPED, if
    not STOPPED, print a message to the user and call stop() [ NOTE:
    actually 60 seconds per followup thread]
       * We have a -r option to reboot the container (with proper check that
    the container indeed rebooted within the next 15s)
       * We have a -s option to shutdown the container without the automatic
    fallback to stop()
       * Add a -k option allowing a user to just kill a container
    (equivalent to old lxc-stop, no shutdown() call and no delay).
    
    and update manpages.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5cee8c5040661f9875bf41cfffd641c87afae8af
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 24 16:03:22 2013 -0500

    locking: update per Dwight's comment
    
    Create three pairs of functions:
    	int process_lock(void);
    	void process_unlock(void);
    	int container_mem_lock(struct lxc_container *c)
    	void container_mem_unlock(struct lxc_container *c)
    	int container_disk_lock(struct lxc_container *c);
    	void container_disk_unlock(struct lxc_container *c);
    
    and use those in lxccontainer.c
    
    process_lock() is to protect the process state among multiple threads.
    container_mem_lock() is to protect a struct container among multiple
    threads.  container_disk_lock is to protect a container on disk.
    
    Also remove the lock in lxcapi_init_pid() as Dwight suggested.
    
    Fix a typo (s/container/contain) spotted by Dwight.
    
    More locking fixes are needed, but let's first the the fundamentals
    right.  How close does this get us?
    
    Changelog: v2:
    	fix lxclock compile
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit df271a59cbfcfbe98fa4bd7af3ae595633539a12
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 22 16:24:00 2013 -0500

    lxclock: Replace named sempahore with flock
    
    The problem: if a task is killed while holding a posix semaphore,
    there appears to be no way to have the semaphore be reliably
    autmoatically released.  The only trick which seemed promising
    is to store the pid of the lock holder in some file and have
    later lock seekers check whether that task has died.
    
    Instead of going down that route, this patch switches from a
    named posix semaphore to flock.  The advantage is that when
    the task is killed, its fds are closed and locks are automatically
    released.
    
    The disadvantage of flock is that we can't rely on it to exclude
    threads.  Therefore c->slock must now always be wrapped inside
    c->privlock.
    
    This patch survived basic testing with the lxcapi_create patchset,
    where now killing lxc-create while it was holding the lock did
    not lock up future api commands.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2acf77955239ec0046451fa16812d2884e6bd19b
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Thu May 23 15:44:39 2013 -0400

    fix memory leaks in cgroup functions
    
    There were several memory leaks in the cgroup functions, notably in the
    success cases.
    
    The cgpath test program was refactored and additional tests added to it.
    It was used in various modes under valgrind to test that the leaks were
    fixed.
    
    Simplify lxc_cgroup_path_get() and cgroup_path_get by having them return a
    char * instead of an int and an output char * argument. The only return
    values ever used were -1 and 0, which are now handled with NULL and non-NULL
    returns respectively.
    
    Use consistent variable names of cgabspath when refering to an absolute path
    to a cgroup subsystem or file, and cgrelpath when refering to a container
    "group/name" within the cgroup heirarchy.
    
    Remove unused subsystem argument to lxc_cmd_get_cgroup_path().
    
    Remove unused #define MAXPRIOLEN
    
    Make template arg to lxcapi_create() const
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 6a44839f5973f41553349f1b5e77d8db809e60eb
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Thu May 23 15:39:03 2013 -0400

    consolidate missing C library functions into utils.h
    
    This fixes the build of lxccontainer.c on systems that have __NR_setns
    but not HAVE_SETNS.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ad5f15151580201b79fc140f664227b494639e81
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed May 22 22:28:43 2013 -0400

    python: Fix lxc-ls's usage of get_ips()
    
    The recent port of get_ips() from pure python to the C API came with
    a couple of API changes for that function call (as were highlighted in
    the commit message).
    
    I somehow didn't notice that lxc-ls was still calling with the old API
    and so was crashing whenever it was asked to show the ipv4 or ipv6 address.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 5bb4a226ebec9f3fb678a282a2b2833748d6707b
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date:   Tue May 21 14:17:25 2013 -0400

    lxc-fedora template. Cleanup for rootfs.
    
    This is just some minor changes in the way the Fedora template is
    synthesizing the target rootfs_path.  Currently, the template uses a
    path with the container in it twice like this:
    
    /var/lib/lxc/rasputin/rasputin/rootfs
    
    This happens because the container name is already contained in the
    "path" and the template appends it a second time.  This changes the
    logic to be congruent with other templates such as lxc-arch.  The new
    behavior will be to create the rootfs like this:
    
    /var/lib/lxc/rasputin/rootfs
    
    Attached below the jump.
    
    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
       /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
       NIC whois: MHW9          | An optimist believes we live in the best of all
     PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
    --
    
    Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 65be441e0892b45000b9b3863d407539e56e47a4
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 21 11:34:45 2013 -0400

    oracle template: mount /dev/shm as tmpfs
    
    sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC. Normally /dev/shm
    is mounted in the initramfs created by dracut, but that won't be run for
    a container so make sure that rc.sysinit mounts /dev/shm.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 481624b37b37ffa98b735cf3f94e35d1fbd729e0
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 21 13:30:09 2013 -0400

    fix build with --enable-tests
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fa9ac567a7f1593c586cca57362f6b542985e5d7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 21 20:31:04 2013 -0500

    attach: and cgroup.c: be overly cautious
    
    Realistically (as Dwight points out) it doesn't seem possible that
    getline won't return at least one line in this functions, however
    just to make absolutely sure we don't get a segv on free(NULL),
    check line != NULL before freeing it on exit.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 21 15:36:32 2013 -0400

    fix getline(3) memory leaks
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fca3080f6a46f856c54218a8e478a174382b4c15
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 21 13:15:53 2013 -0400

    fix minor gcc 4.7.2 error
    
    lxccontainer.c:874:4: error: ‘for’ loop initial declarations are only
    allowed in C99 mode
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit ef6e34eec8d5a9f1447462d6080facb674b3ccdb
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 17 18:29:12 2013 -0400

    extend command processor to handle generic data
    
    Motivation for this change is to have the ability to get the run-time
    configuration items from a container, which may differ from its current
    on disk configuration, or might not be available any other way (for
    example lxc.network.0.veth.pair). In adding this ability it seemed there
    was room for refactoring improvements.
    
    Genericize the command infrastructure so that both command requests and
    responses can have arbitrary data. Consolidate all commands into command.c
    and name them consistently. This allows all the callback routines to be
    made static, reducing exposure.
    
    Return the actual allocated tty for the console command. Don't print the
    init pid in lxc_info if the container isn't actually running. Command
    processing was made more thread safe by removing the static buffer from
    receive_answer(). Refactored command response code to a common routine.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9c83a661397456e1455d739bcadfa38f05ce2fe6
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Apr 26 16:01:58 2013 +0200

    lxcapi: Add new get_ips() call
    
    This adds a new get_ips call which takes a family (inet, inet6 or NULL),
    a network interface (or NULL for all) and a scope (0 for global) and returns
    a char** of all the IPs in the container.
    
    This also adds a matching python3 binding (function result is a tuple) and
    deprecates the previous pure-python get_ips() implementation.
    
    WARNING: The python get_ips() call is quite different from the previous
    implementation. The timeout argument has been removed, the family names are
    slightly different (inet/inet6 vs ipv4/ipv6) and an extra scope parameter
    has been added.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 92f023dccced28a55ce323253f298e9825fe7da7
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon May 20 17:54:23 2013 +0200

    Implement simple utility functions for reading and writing to fds
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon May 20 17:54:22 2013 +0200

    Move declarations of some constants to where they are needed.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit c797a220d51d2796355fd60eca50523ffd6fb45e
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon May 20 17:54:21 2013 +0200

    utils.c: Add lxc_wait_for_pid_status routine that returns exit code
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0
Author: Christian Seiler <christian at iwakd.de>
Date:   Mon May 20 17:54:20 2013 +0200

    wait_for_pid: Fix EINTR check
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d1240f0335e0c469b850da467661dfbb8f262727
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date:   Mon May 20 12:04:38 2013 -0400

    lxc-fedora template - systemd console gettys
    
    Hey all...
    
    Patch to the lxc-fedora template to setup gettys on the ttys that are
    enabled in the configuration.  The area of the code already had some
    modifications to that service that didn't seem to do anything and would
    get wiped out by an update.  I commented that out but subsumed the
    change it was attempting into my command in case it does something on
    another rev somewhere.
    
    This is very similar to the logic in the OpenSuse template but doesn't
    seem to appear in other templates, such as arch, which have to deal with
    systemd.  This isn't unique to Fedora.  The templates for Fedora,
    ArchLinux, and OpenSuse are the only three that seem to have any
    reference to systemd at all.
    
    Attached below the jump.
    
    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
       /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
       NIC whois: MHW9          | An optimist believes we live in the best of all
     PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
    --
    
    Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 11029c023a12dbe3f3569fcc22f25667686e417f
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 17 18:28:12 2013 -0400

    return lxc generated name for veth pair
    
    Doing a get_config_item for lxc.network.0.veth.pair only returns the
    pair name if explicitly given, but it can be useful to know the name
    even if it is the one that lxc autogenerated.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 40650ea6817286a9587a84bf3ce5d25d10620303
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 17 17:40:12 2013 -0400

    quiet gcc 4.4.7 warning about saveptr use before initialization
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit de09eccbeda214a1ef5a9b7144870defa97e88c4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 17 11:25:15 2013 -0500

    lxc-create: zfs: consistently use zfsroot, not zfs_root
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu May 16 08:22:41 2013 -0500

    document clone hooks
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 148e91f56799f03c868deca8dcad473983a1a2bf
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 14 16:10:37 2013 -0500

    lxc: add clone hook.
    
    Add a clone hook called from api_clone.  Pass arguments to it from
    lxc_clone.c.
    
    The clone update hook is called while the container's bdev is mounted.
    Information about the container is passed in through environment
    variables LXC_ROOTFS_PATH, LXC_NAME, The LXC_ROOTFS_MOUNT, and
    LXC_CONFIG_FILE.
    
    LXC_ROOTFS_MOUNT=/usr/lib/x86_64-linux-gnu/lxc
    LXC_CONFIG_FILE=/var/lib/lxc/demo3/config
    LXC_ROOTFS_PATH=/var/lib/lxc/demo3/rootfs
    LXC_NAME=demo3
    
    So from the hook, updates to the container should be made under
    $LXC_ROOTFS_MOUNT/ .
    
    The hook also receives command line arguments as follows:
    First argument is container name, second is always 'lxc', third
    is the hook name (always clone), then come the arguments which
    were passed to lxc-clone.  I.e. when I did:
    
    sudo lxc-clone demo2 demo3 -- hey there dude
    
    the arguments passed in were "demo3 lxc clone hey there dude"
    
    I personally would like to drop the first two arguments.  The
    name is available as $LXC_NAME, and the section argument ('lxc')
    is meaningless.  However, doing so risks invalidating existing
    hooks.
    
    Soon analogous create and destroy hooks will be added as well.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 15 15:21:24 2013 -0500

    cgroup: prevent DOS when a hierachy is mounted multiple times
    
    When starting a container, we walk through all cgroup mounts looking
    for a unique directory name we can use for this container.  If the
    name we are trying is in use, we try another name.  If it is not in
    use in the first mount we check, we need to check other hierarchies
    as it may exist there.  But we weren't checking whether we have already
    checked a subsystem - so that if freezer was mounted twice, we would
    create it in the first mount, see it exists in the second, so start
    over trying in the second mount.
    
    To fix this, keep track of which subsystems we have already checked,
    and do not re-check.
    
    (See http://pad.lv/1176287 for a bug report)
    
    Note we still need to add, at the next: label, the removal of the
    directories we've already created.  I'm keeping that for later as
    it's far lower priority than this fix, and I don't want to risk
    introducing a regression for that.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 6031a6e5f939bda07d98768d34dafae677a7dfeb
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed May 15 12:27:34 2013 -0400

    set non device cgroup items before the cgroup is entered
    
    This allows some special cgroup items such as memory.kmem.limit_in_bytes
    to be successfully set, since they must be set before any task is put
    into the cgroup.
    
    The devices cgroup is setup later giving the container a chance to mount
    file systems before the device it might want to mount from becomes
    unavailable.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d9e80daf54e15b89b0b08d475b29893be9830be0
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed May 15 13:23:12 2013 -0400

    doc/lxc.conf minor clarifications
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 627fe3b4c3a65535eb53c3d63794705d8f6322d4
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date:   Tue May 14 17:45:12 2013 -0400

    lxc-fedora-template: autodev, hostname, ARM archs, Raspberry Pi fixes
    
    This took a lot longer for me to get around to it...  Sorry.
    
    Patch to the lxc-fedora template.
    
    I didn't get any further comments from my earlier proposal, weeks ago,
    and did get one addition based on comments about properly setting the
    hostname in /etc/hostname, which I've added.  I could have broken them
    into separate patches but most are pretty small and minor.
    
    Changes:
    
    * Map armv6l and armv7l architectures to "arm" for yum and repos to
    function properly.
    
    * Detect Fedora Remix distros with no "/etc/fedora-release" file
    (Raspberry Pi) and find proper release versions when "remix" part of the
    file context.
    
    * Change default Fedora container on non-Fedora hosts to Fedora 17.
    
    * Added code for autodev for Fedora systemd containers.
    
    * Added code to set /etc/hostname for Fedora > 14 (systemd).
    
    * Fix a few typos.
    
    Regards,
    Mike
    --
    Michael H. Warfield (AI4NB) | (770) 985-6132 |  mhw at WittsEnd.com
       /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
       NIC whois: MHW9          | An optimist believes we live in the best of all
     PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
    --
    
    Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 794fb287b3bd7a6c07f99ec1565c517922287065
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date:   Wed May 15 12:08:14 2013 +0300

    lxc-busybox: check when bind-mounting host libdirs
    
    The patch removes the behavior of automatically mounting /lib
    and /usr/lib, since this is duplicated a few lines below. It will
    also remove the risk of failing when one of these entries are not
    present on the host - e.g. on a 64bit machine.
    
    Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 807732062eab6cd44fb033bfbb37fbb38907aa66
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 14 08:24:27 2013 -0500

    lxc-cirros updates
    
    fix userdata consumption
    
    patch for console issue
    
    Signed-off-by: Scott Moser <scott.moser at canonical.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 58a46e06210a6321c530735f15f66eb648c4657d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 10 00:52:22 2013 -0500

    add lxc-cirros
    
    Add a template to create a cirros container.  One great thing about
    cirros is that the image you download is 3.5M.
    
    Thanks smoser!
    
    Note by default /etc/inittab doesn't have a /dev/console entry, so you
    don't get a login on the lxc-start console.  Adding
    
    console::respawn:/sbin/getty 115200 console
    
    makes that work, but ctrl-c still gets forwarded to init which then
    reboots.  So I didn't bother adding console as part of the template
    (yet).  Instead I simply lxc-start -d, then lxc-console.
    
    Signed-off-by: Scott Moser <scott.moser at canonical.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 714540763b8b1ac12c029d7760b4e4fe13a69b43
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon May 13 12:03:14 2013 -0400

    serialize multiple threads doing lxcapi_start()
    
    The problem is that the fd table is shared between threads and if a thread
    forks() while another thread has an open fd to the monitor, the duped fd
    in the fork()ed child will not get closed, thus causing monitord to stay
    around since it thinks it still has a client. This only happened when
    calling lxcapi_start() in the daemonized case since that is the only time
    we try to get the status from the monitor.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 304143a823ede4eca52f1d11ae1449995ad503ff
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed May 8 16:44:10 2013 -0400

    lxc-shutdown: fix lxc_path variable
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8d06bd135af4852f24660be965aba2d781223af4
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 16:40:49 2013 -0400

    lxc-monitor multiple paths
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 566c0d6dce82ee573da01e325c53179ed74350f1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 7 19:28:32 2013 -0500

    lxc-ps: handle cgroup collisions
    
    A few months ago cgroup handling in lxc was updated so that if
    /sys/fs/cgroup/$cgroup/lxc/$container already exists (most often
    due to another container by the same name under a different lxcpath),
    then /sys/fs/cgroup/$cgroup/lxc/${container}-N would be used.
    
    lxc-ps was never updated to handle this.  Fix that.
    
    (Note, the ns cgroup is being special cased there, but I don't
    really believe ns cgroup works any more.)
    
    It would be preferable to rewrite lxc-ps in python or in C, but
    this at least makes the basic lxc-ps work in the case of multiple
    containers with the same name.
    
    Changelog:
    	fix missing fi.
    	replace 'z1' with '$container' as pointed out by Christian
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 7f4717c293fd5ecb9d605bed890cb412314aa8e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue May 7 15:33:42 2013 -0500

    conf.c: remove a break
    
    commit ab81cef05338e7a553aacca141287034d6daf167 meant to remove the
    added break, but apparently i had not done 'git add' before commit
    --amend.  Remove the added break.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:38 2013 -0400

    coverity: fix potential dereference NULL returned from malloc
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit f2bbe86da4044c8db39e6eae19541fe2d117bae7
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:33 2013 -0400

    coverity: check return from waitpid
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 3856bc9ff50f2cbd6cb2830619f3594ffea0b344
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:26 2013 -0400

    coverity: clonetest: check correct container is cloned
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:16 2013 -0400

    coverity: condition already checked for
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 42fb4b1585d5f2073fbfe984acd46b625fd3c6a1
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:09 2013 -0400

    coverity: open can return 0 as an fd, change error check to < 0
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 91c908ee8ea5aada054cbb7f4203d486c2e9a09e
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue May 7 10:57:03 2013 -0400

    coverity: free malloc'ed memory in error case
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit ab81cef05338e7a553aacca141287034d6daf167
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 16:50:32 2013 -0400

    coverity: fix dereference NULL return value
    
    also break once we have found root, no need to search the rest of the mounts
    
    Changelog: May 6: Serge: don't add the break.  (see m-l)
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 7c7ec7a8eded3d3864631165503fedb456e1b779
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date:   Fri May 3 10:53:43 2013 +0200

    support alternate container path in lxc-netstat.in
    
    Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date:   Fri May 3 10:53:41 2013 +0200

    lxc-create: add missing -P option for running lxc-destroy
    
    Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit d2c8186b4d185d75e81aec02d5a62dde4192c16d
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date:   Fri May 3 10:53:40 2013 +0200

    support alternate container path in lxc-shutdown
    
    Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a9bafa108521ac785e846f2ace105c327371c106
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 16:50:20 2013 -0400

    coverity: fix dereference before NULL check
    
    also fixed some error strings while here
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3c73b55472c096f06fd037c3c0af011be62a432b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 3 16:36:08 2013 -0500

    remove leftover debug cruft (thanks, Dwight)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a747894428ea38c4a908acacb610fc3de714e0c0
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 13:41:40 2013 -0400

    coverity: ftell returns a signed value
    
    The check for flen < 0 could never have been true since flen was declared
    to be size_t (unsigned). Declare flen to be long since that is what ftell
    returns.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8fb86a37daecd05e9ef7f291dd4762be881f88e4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri May 3 12:28:06 2013 -0500

    confile.c:config_network_ipv6_gateway: only define gw in needed scope
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit bec695f3ec43972ad38f06f92ff2db03d8405562
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 12:04:07 2013 -0400

    coverity: fix leak when ipv6 gw is auto
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 12:04:01 2013 -0400

    coverity: fix leak in error case
    
    Since lxc_execute() is available through the library and is exposed via
    the API we cannot be sure the caller will immediately exit, so we should
    take care to free the allocated memory.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a2eea3c1974d70bdef74a0af6a14ca3a6fa41704
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Fri May 3 11:29:39 2013 -0400

    coverity: ensure string is null terminated, return in
    
     error case
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2d4bcb96155c0e4a5d2734017f889b993144e876
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date:   Fri May 3 11:02:48 2013 +0800

    lxc_start: free the conf if starting the container fails
    
    When running lxc-start command with valgrind, it reports a memory leak error.
    When lxc-start command fails, the conf which is from malloc has not been released.
    This patch fix the problem.
    
    Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fc7e88640cbdb402aaa048dd74829c8d09dda850
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date:   Fri May 3 11:02:40 2013 +0800

    add free conf->rcfile in lxc_conf_free
    
    when releasing the conf, add free conf->rcfile which is from malloc
    
    Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b85ab7989ebe24629267048cb269b278eeb50490
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu May 2 16:28:10 2013 -0500

    ubuntu templates: add comments to show how to enable nesting
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 375c2258b24b233832c9ec43ab9c7b3f5dce25fb
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 1 23:37:05 2013 -0500

    clone: a few fixes
    
    clean up error case in clone, which in particular could cause double
    lxc_container_put(c2)
    
    for overlayfs, handle (with error message) all bdev types.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit e0b0b533feed683ce12c94e11174019a5dac64fc
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed May 1 19:07:16 2013 -0400

    allow lxc-init to log when rootfs not given
    
    On Mon, 29 Apr 2013 14:44:47 -0500
    Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
    
    > Quoting Dwight Engen (dwight.engen at oracle.com):
    > > So I did this, only to realize that lxc-init is passing "none" for
    > > the file anyway, so it currently doesn't intend to log. This makes
    > > me think that passing NULL for lxcpath is the right thing to do in
    > > this patch. If you want me to make it so lxc-init can log, I can do
    > > that but I think it should be in a different change :)
    >
    > That actually would be very useful, but as you say that's a different
    > feature - thanks.
    
    ... and here is said change.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit eee3ba81c88e64b8a732694fc4843a39d5bde491
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed May 1 08:33:12 2013 -0500

    templates: deny writes to host's clock (v2)
    
    Don't allow write to /dev/rtc0, and remove sys_time.
    
    Thanks, Christoph.
    
    v2: drop sys_time, sys_module, mac_admin and mac_override in
    all templates.
    
    Reported-by: Christoph Mitasch <cmitasch at thomas-krenn.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ee25a44fd389ed450e3d7ef9513eec19668f2de7
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Apr 30 16:33:18 2013 -0400

    log.c: always use dir when lxcpath is not default
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b338c81b9f0130106eee4b2ff70959c2e62a1fac
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 30 14:45:32 2013 -0500

    lxc.functions.in: add missing backquote
    
    Reported by both Dwight and S.Çağlar - thanks.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 385e7a431a1865017211478741408d505396f9a7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 30 14:23:08 2013 -0500

    lxc.functions.in: use the right parameter to lxc-config to get lxcpath
    
    Reported-by: S.Çağlar Onur <caglar at 10ur.org>
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b164a17f9bfcc3f067dad33d0c38834aa22ca2b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 30 14:20:40 2013 -0500

    remove lxc-clone-sh
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ec471210d97ba23b2de618349bdb6dd4145e53e0
Author: S.Çağlar Onur <caglar at 10ur.org>
Date:   Tue Apr 30 14:55:04 2013 -0400

    Update .gitignore
    
    Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
    Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df
Author: S.Çağlar Onur <caglar at 10ur.org>
Date:   Tue Apr 30 14:55:03 2013 -0400

    silence "sh: 1: zfs: not found" errors on systems without ZFS
    
    Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
    Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Apr 29 22:09:06 2013 +0200

    introduce lxc_config
    
    It's a tiny program (exported through the api) wrapping the util.c
    helpers for reading /etc/lxc/lxc.conf variables, and replaces
    the kludgy shell duplication in lxc.functions.in
    
    Changelog: Apr 30: address feedback from Dwight
    	(exit error on failure, and use 'lxcpath' as name, not
    	'default_path').
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Dwight Engen <dwight.engen at oracle.com>

commit 1e1bb42a8fca68d9fa9391e6644aeff296479499
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Apr 29 14:50:30 2013 +0200

    add vg and zfsroot options to lxc.functions and use in lxc-create
    
    also make sure to drop spaces between = and variable in lxc.conf
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 31a95fecd2e0b1408e9a97e3ae36a7770544d1a2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sat Apr 27 04:59:11 2013 +0200

    allow site-wide customization of zfsroot and lvm vg
    
    /etc/lxc/lxc.conf can contain
    
    	zfsroot = custom1
    	lvm_vg = vg0
    
    (Otherwise the defaults are 'lxc' for lvm_vg, and 'lxc' for zfsroot)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ca52dcb55961d75e0163f237c92d225964c786bd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Apr 26 18:00:28 2013 +0200

    Several backing store improvements
    
    allow copy clones from other bdevs
    
    for lvm and zfs, as we don't yet support passing options, only default
    VG of 'lxc' and default zfsroot of 'tank' are supported when converting
    another backing store type.
    
    refuse deletion of container which has lvm or zfs snapshots.
    	Note that since a zfs clone must be made from a zfs snapshot,
    	which is made from the original zfs fs, even after we
    	lxc-destroy the snapshotted container we still must manually
    	remove the snapshot.  This can be handled automatically, by
    	looking for snapshots where c1 is the original, c2 is the clone,
    	tank/c2 no longer exists, but tank/c1 at c2 does.  We can then
    	remove tank/c1 at c2 and feel free to remove tank/c1.  This patch
    	does NOT do that yet.
    
    Make sure not to return when we're a forked child.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 3baa76fe36bd2b59645a952c3a47a960090c38d2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Apr 26 00:14:37 2013 +0200

    implement zfs bdev and clone
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 9be53773792fc9e8bd173edc3b7ac7e144875387
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 16 08:07:05 2013 -0500

    implement backend drivers and container clone API (v3)
    
    1. commonize waitpid users to use a single helper.  We frequently want
    to run something in a clean namespace, or fork off a script.  This
    lets us keep the function doing fork:(1)exec(2)waitpid simpler.
    
    2. start a blockdev backend implementation.  This will be used for
    mounting, copying, and snapshotting container filesystems.
    
    3. implement btrfs, lvm, directory, and overlayfs backends.
    
    4. For overlayfs, support a new lxc.rootfs format of
    'bdevtype:<extra>'.  This means you can now use overlayfs-based
    containers without using lxc-start-ephemeral, by using
    lxc.rootfs = overlayfs:/readonly-dir:writeable-dir
    
    5. add a set of simple clone testcases
    
    6. Write a new lxc_clone.c based on api clone.
    
    Still to do (there's more, but off top of my head):
    
    1. support zfs, aufs
    2. have clone handle other mount entries (right now it only clones
    the rootfs)
    3. python, lua, and go bindings (not me :)
    4. lxc-destroy: if lvm backing store, check for snapshots of it.
       (what about directories which have overlayfs clones?)
    
    Changes since v2:
    	Initialize random generator when picking new macaddr (reported
    	  by caglar at 10ur.org)
    	Fix wrong use of bitmask flags
    	On copy-clone of btrfs, create a subvolume
    	lxc_clone.c: respect the command line usage of the old script
    	lxc-clone(1): update documentation
    	Refuse to try changing backing stores expect to overlayfs, as
    	  it is not implemented (yet) anyway.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    
    Conflicts:
    	src/lxc/utils.h

commit ab1bf971d2db43777cbf3892fb887bf71ce7d155
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 29 14:54:08 2013 -0400

    Create log file in lxcpath for non-system containers
    
    On Fri, 26 Apr 2013 10:18:12 -0500
    Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
    
    > Quoting Dwight Engen (dwight.engen at oracle.com):
    > > On Fri, 26 Apr 2013 09:37:49 -0500
    > > Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
    > >
    > > > Quoting Dwight Engen (dwight.engen at oracle.com):
    > > > > Using lxc configured with --enable-configpath-log, and
    > > > > specifying a path to the lxc commands with -P, the log file
    > > > > path is generated with a basename of LOGPATH instead of the
    > > > > lxcpath. This means for example if you do
    > > > >
    > > > > lxc-start -P /tmp/containers -n test01 -l INFO
    > > > >
    > > > > your log file will be
    > > > >
    > > > > /var/lib/lxc/test01/test01.log
    > > > >
    > > > > I was expecting the log to be /tmp/containers/test01/test01.log.
    > > > > This is particularly confusing if you also have test01 on the
    > > > > regular lxcpath. The patch below changes the log file path to be
    > > > > based on lxcpath rather than LOGPATH when lxc is configured with
    > > > > --enable-configpath-log.
    > > > >
    > > > > I think that even in the normal non --enable-configpath-log case
    > > > > we should consider using lxcpath as the base and not having
    > > > > LOGPATH at all, as attempting to create the log files
    > > > > in /var/log is not going to work for regular users on their own
    > > > > lxcpath. If we want that, I'll update the patch to do that as
    > > > > well.
    > > >
    > > >
    > > > Perhaps we should do:
    > > >
    > > > 	1. If lxcpath == default_lxc_path(), then first choice is
    > > > 	   LOGPATH, second is lxcpath/container.log
    > > > 	2. when opening, if first choice fails, use second choice
    > > > 	   if there is any.
    > > >
    > > > That way 'system' containers will go to /var/log/lxc, as I think
    > > > they should.  Custom-lxcpath containers should never go
    > > > to /var/log/lxc, since their names could be dups of containers in
    > > > default_lxc_path(). And if the system is a weird one where
    > > > default_lxc_path is set up so that an unprivileged user can use
    > > > it, then we should log into $lxcpath.
    > >
    > > That sounds good to me. So these rules would apply in both the
    > > regular and --enable-configpath-log cases.
    
    I updated the patch to try to open the log file according to the
    choices given above. Along the way I cleaned up log.c a bit, making
    some things static, grouping external interfaces together, etc...
    Hopefully that doesn't add too much noise.
    
    > > > (Note this patch will trivially conflict with my new lxc_clone.c
    > > > causing it to fail to build - unfortunate result of timing)
    > >
    > > Yeah unfortunately this touches every lxc_log_init() caller. I can
    > > work on the above logic and re-submit after your new lxc_clone
    > > stuff goes in.
    >
    > No no, I'll just need to remember to update mine.  Don't hold up on
    > mine, this is just the nature of such collaboration  :)
    >
    > > Did you have any thoughts on the XXX what to pass in for lxcpath in
    > > lxc_init? Right now it just falls back to LOGPATH.
    >
    > No - that's a weird one, since lxc_init runs in the container.  If
    > there were only system containers I'd say always use LOGPATH.
    > However there are people (apparently :) who use container sharing the
    > host's rootfs...
    >
    > lxc-execute does know the lxcpath.  Perhaps we can simply have
    > src/lxc/execute.c:execute_start() look at handler->conf to see if a
    > rootfs is set.  If rootfs is NOT set, then pass lxcpath along to
    > lxc-init.  Then lxc-init can mostly do the same as the others?  (It
    > doesn't use src/lxc/arguments.c, so you'd have to add lxcpath to
    > options[] in lxc-init.c)
    
    So I did this, only to realize that lxc-init is passing "none" for the
    file anyway, so it currently doesn't intend to log. This makes me
    think that passing NULL for lxcpath is the right thing to do in
    this patch. If you want me to make it so lxc-init can log, I can do
    that but I think it should be in a different change :)
    
    --
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 7f95145833bb24f54e037f73ecc37444d6635697
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 29 16:47:35 2013 -0400

    fix building docs
    
    Commit 69fe23ff added checking for the older docbook2man back into
    configure, but this breaks building the docs on at least Oracle Linux and
    Fedora when docbook2X is not installed as docbook2man will be found but the
    docs don't actually build with that tool.
    
    This change makes it so the docs can be built with either the older
    docbook2man or the newer 2X tools by using configure to set the dtd
    string to an appropriate value depending on use of docbook2man or
    db2x_docbook2man.
    
    Also fixed a small error in lxc-destroy.sgml.in that was noticed
    by the old tools.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 33c2c3ec93c17758f37cc2e53f07f7dfe6b72336
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Apr 25 15:18:25 2013 -0500

    add zfs support to lxc-create and lxc-destroy
    
    This is based on patch from Papp Tamas (thanks).  It also does some
    reorganizing of lxc-create to commonize some of the backingstore handling.
    
    I played with it using:
    
    	sudo lvcreate -L 100G -n zfs vg0
    	sudo zpool create lxc /dev/vg0/zfs
    	sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
    
    or you could
    
    	qemu-img create zfs.img 100G
    	sudo qemu-nbd -c /dev/nbd0 zfs.img
    	sudo zpool create lxc /dev/nbd0
    	sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
    
    I'll write the bdev.c handler and hook up lxc-clone next.
    
    This also fixses a bug in the sed expression to extract the rootfs from
    container config, which prepended an extra '/' to the rootdev.  (That
    caused the zfs list entry not to match at destroy)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Cc: Papp Tamas <tompos at martos.bme.hu>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit f485f377a1caba11c58da100d3db9a8c6fdeb7d5
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Thu Apr 25 12:21:53 2013 -0400

    lxc_wait should start monitord
    
    If lxc_wait is called before the container has started the socket will not
    yet have been created and lxc_wait's connect to it will fail. Starting the
    daemon will create the socket for lxc_wait to connect to.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 4f43438c476c3c5fb78d6192238d540108a33cb1
Author: Christian Seiler <christian at iwakd.de>
Date:   Thu Apr 25 13:00:19 2013 +0200

    lxc_attach: Use clone() instead of second fork()
    
    Because of an assertion in glibc's fork() wrapper that parent pid and
    pid of child should never be the same, one should avoid fork() after
    attaching to a PID namespace, since the pid inside the namespace may
    coincide with the pid of the parent outside the namespace, thus hitting
    the aforementioned assertion.
    
    This patch just changes the code in the most simple manner to use
    clone() instead of fork(). Since clone() requires a function to be
    called instead of returning 0, we move the code of the child into a
    function child_main.
    
    Signed-off-by: Christian Seiler <christian at iwakd.de>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 6320e49454b0fd86dde7df0af54a2e194ae59821
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Thu Apr 25 17:31:34 2013 +0200

    lxc.conf: Add reference to capabilities manpage
    
    This adds a reference to capabilities(7) to the lxc.conf manpage.
    
    Signed-off-by: Tomáš Pospíšek <tpo_deb at sourcepole.ch>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 69fe23ff0777390e34a8c0b11ce6037e5aef9109
Author: Peter Simons <simons at cryp.to>
Date:   Thu Apr 25 12:20:30 2013 +0200

    configure: support for the "docbook2man" utility to build the documentation
    
    This adds docbook2man as an alternative name for the docbook compiler.
    As that name was used on Debian based systems for an older version of the tool,
    this change also adds a check so that docbook2man is never used on Debian based
    systems.
    
    Reported-by: Peter Simons <simons at cryp.to>
    Reported-by: Christian Bühler christian at cbuehler.de
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit f05699d19e27567583b9397a8d529e8aa275f5e1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Apr 24 22:47:50 2013 -0500

    Revert "monitor.c: sanity check on waitpid return value"
    
    It's reported to errors in parallel starts.
    
    Reported-by: "S.Çağlar Onur" <caglar at 10ur.org>
    
    This reverts commit 6b7916695264238a490971e8cd87612154fc18b1.

commit 6b7916695264238a490971e8cd87612154fc18b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Apr 24 19:59:10 2013 -0500

    monitor.c: sanity check on waitpid return value
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Apr 24 19:49:59 2013 -0500

    close fd on error path
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 4fa22bfca1e94393aa3fbdc3fdf5516e75d47521
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Wed Apr 24 15:16:21 2013 -0500

    lxc-create: cleanup whenever exiting with error
    
    Otherwise we leave bad containers sitting around and further confuse
    things on retries.
    
    Reported-by: Mukanyiligira Didacienne <siyana223 at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit e51d4895129209cec1c15bda2322136a03ec94b2
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Apr 24 15:06:20 2013 -0400

    Allow multiple monitor clients
    
    This fixes a long standing issue that there could only be a single
    lxc-monitor per container.
    
    With this change, a new lxc-monitord daemon is spawned the first time
    lxc-monitor is called against the container and will accept connections
    from any subsequent lxc-monitor.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit dc7f65454ee88fbd50f4d6f8a7c567eb27107314
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed Apr 24 21:38:32 2013 +0200

    ubuntu: Don't break when the locale is C.*
    
    Update the code to also match C.* so that C.UTF-8 doesn't make the
    container creation fail.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 0a9362f5745a58a3d63354d76182108ea81ecf05
Author: S.Çağlar Onur <caglar at 10ur.org>
Date:   Tue Apr 23 17:24:31 2013 -0400

    Support starting containers concurrently
    
    Trying to start multiple containers concurrently may cause
    lxc_monitor_read_timeout to fail as select call could be
    interrupted by a signal, handle it.
    
    Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 15451ecf742bfa38a0732270b36d4a8666d2124e
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed Apr 24 17:24:26 2013 +0200

    python: Make the code compatibly with 3.2
    
    The previous change used some 3.3-specific functions.
    We still support 3.2 so revert to 3.2-compatible calls.
    
    Reported-by: S.Çağlar Onur <caglar at 10ur.org>
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 6516ad8b01aac298bffe60a8d7d21745f3354a38
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed Apr 24 00:50:44 2013 +0200

    python: Fix convert_tuple_to_char_pointer_array
    
    This finally fixes a few issues with the magic
    convert_tuple_to_char_pointer_array function.
    
    This now clearly copies the char* from the python object so we don't
    end up keeping reference to those.
    
    Also add the few required free calls to free the content of the array.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 93d564edc5d69819e85c3fa93368d37ec803a2f9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Wed Apr 24 11:41:45 2013 +0200

    cgroup: Remove unused mntent variables
    
    Spotted by coverity, we were now assigning mntent but only every using
    mntent_r, so drop those variables and assignation.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit fd37327f57a6d53692babcaf69dfbd8f62e59918
Author: S.Çağlar Onur <caglar at 10ur.org>
Date:   Wed Apr 17 17:15:51 2013 -0400

    Support stopping containers concurrently
    
    Trying to stop multiple containers concurrently ends up with "cgroup is not mounted" errors as multiple threads corrupts the shared variables.
    Fix that stack corruption and start to use getmntent_r to support stopping multiple containers concurrently.
    
    Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit cf0f903326cf3cdd10f834c1bbc627fd81e06044
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 23 08:37:41 2013 -0500

    detect APT_PROXY from host apt.conf
    
    Introduce a new HTTP_PROXY variable in /etc/default/lxc.  If unset or
    set to none, then behavior continues as before.  If set to 'apt', then
    any http::proxy set in apt.conf will be used as http_proxy for
    debootstrap, and specified in the container's
    /etc/apt/apt.conf.d/70proxy.  If set to something else, then the
    value of HTTP_PROXY will be used as http_proxy for debootstrap and
    specified in the container's 70proxy.
    
    Changelog: (apr 23) merge the two apt proxy detection functions.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 051151de890705173a42bbead40a6125d34ea41b
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 22 14:02:30 2013 -0400

    goto correct cleanup label to ensure fd is closed
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit bbb8a488aeacf8a226d49773fe13798a202a78e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Apr 22 15:46:26 2013 -0500

    remove needless check for 'line' which cannot be NULl there
    
    (found by coverity)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 7e1667d76e76eb3d571be5e4b545e8ace6e92187
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Mon Apr 22 15:40:57 2013 -0500

    cgpath test: don't check path len before checking if it is null
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ddb17f1f0870ddb1678e34652f54458207cb3bb0
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 22 11:16:57 2013 -0400

    make lxc_af_unix_open() safely return error on long pathnames
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 599d42525144cf0fcc7de6ac1b576c5c6ae290c2
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Sun Apr 21 22:42:06 2013 +0200

    python: Fix get_ips and nesting with lxcpath
    
    When using -P (lxcpath), the parameter path needs to be forwarded
    to the various commands being run but not used by the nested lxc-ls
    as it's relatively unlikely that both the host and the nested containers
    use a custom path.
    
    This isn't ideal but short of having a way to provide the container path
    for every single of the nesting (with potential unlimited depth), it's
    the best we can do.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit a2abaa9ec60a8967611e8c8905698bd01bde5861
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Sun Apr 21 20:09:24 2013 +0200

    ubuntu: Various fixes
    
     - Drop disabled entries from allowed devices list
     - Improve generated config layout a bit
     - Drop redundant uname call
     - Re-generate the SSH host keys on container creation
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit ed4616b1cfbc84dd01caa8546d813e8c5d482921
Author: Christian Bühler <christian at cbuehler.de>
Date:   Sat Apr 20 15:50:13 2013 +0200

    Use "uname -m" instead of "arch"
    
    According to "arch"'s manpage, it's identical to "uname -m".
    
    Some distros ship uname but don't ship arch, however all distros ship uname,
    therefore it makes sense to use "uname -m" whenever possible.
    
    Signed-off-by: Christian Bühler <christian at cbuehler.de>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 6c5db2af1f706e8f21f2a5f074bada96e9011052
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Thu Apr 18 22:20:53 2013 +0200

    python: Various fixes to the python scripts
    
    This fixes a few issues uncovered by the recent C module fix.
    
    In lxc-start-ephemeral, the hwaddr code wasn't actually working.
    Replace by code that properly iterates through the network interfaces
    and sets a new MAC address for each entry.
    
    In the python overlay, catch the newly emitted KeyError when in
    set_config_item (or setting any previously unset variable would fail).
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 2ebec36f271d4ee943281e32feb3552745115347
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Fri Apr 12 11:19:56 2013 +0200

    python: Lots of fixes in C extension
    
    Fixes a lot of issues found by a code review done by Barry Warsaw.
    
    Those include:
     - Wrong signature for getters
     - Various memory leaks
     - Various optimizations
     - More consistent return values
     - Proper exception handling
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
    Reported-by: Barry Warsaw <barry at ubuntu.com>
    Acked-by: Barry Warsaw <barry at ubuntu.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 860fc865b0ae0fd6381a8a9a777efdbde0aaefb6
Author: Richard Weinberger <richard at nod.at>
Date:   Wed Apr 17 23:54:09 2013 +0200

    utils: reimplement/fix mkdir_p() (v2)
    
    Reimplement mkdir_p() such that it:
     ...handles relativ paths correctly. (currently it crashes)
     ...does not rely on dirname().
     ...is not recursive.
     ...is shorter. ;-)
    
    Signed-off-by: Richard Weinberger <richard at nod.at>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 23154d5764c06b68a5c154cecd89524ebe747ca1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Thu Apr 18 10:30:33 2013 +0200

    Revert "start: Detect early failure of the new child"
    
    This reverts commit 5a5c35c3a01afec515e688c8366e6f893985518d.
    
    This commit was preventing startup of containers using lxc hooks and
    shutdown of all other containers, requiring the use of a good old
    kill -9 to get rid of lxc-start after a container shutdown.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 3763ee85915d28737bfebffa136bfb49ef0a2109
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Thu Apr 18 10:29:44 2013 +0200

    Revert "utils: reimplement/fix mkdir_p()"
    
    This reverts commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6.
    
    This commit was preventing container startup on my machine, making them
    all fail with various "No such file or directory" errors.
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6
Author: Richard Weinberger <richard at nod.at>
Date:   Wed Apr 17 17:13:40 2013 +0200

    utils: reimplement/fix mkdir_p()
    
    Reimplement mkdir_p() such that it:
     ...handles relativ paths correctly. (currently it crashes)
     ...does not rely on dirname().
     ...is not recursive.
     ...is shorter. ;-)
    
    Signed-off-by: Richard Weinberger <richard at nod.at>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 5a5c35c3a01afec515e688c8366e6f893985518d
Author: Richard Weinberger <richard at nod.at>
Date:   Tue Apr 16 23:42:23 2013 +0200

    start: Detect early failure of the new child
    
    If the process in the new namespace dies very early
    we have currently no chance to detect this.
    The parent process will just die due to SIGPIPE
    if it write to the fd used for synchronisation and
    nobody will notice the real cause of the problem.
    
    Install a SIGCHLD handler to detect the death.
    Later when the child does execve() to the init within
    the new namespace the handler will be disabled automatically.
    
    Signed-off-by: Richard Weinberger <richard at nod.at>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 6b28a086310b8715f4655446f4c01d9555ef1786
Author: Richard Weinberger <richard at nod.at>
Date:   Tue Apr 16 23:48:16 2013 +0200

    init: Fix whitespace damage
    
    While we are here, fix the whitespace damage.
    
    Signed-off-by: Richard Weinberger <richard at nod.at>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit a81bad13ec305b885eff2934307d9205d55e0050
Author: Richard Weinberger <richard at nod.at>
Date:   Tue Apr 16 23:48:15 2013 +0200

    init: unnest interrupt_handler
    
    There is no need to use nested functions voodoo.
    
    Signed-off-by: Richard Weinberger <richard at nod.at>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 2c7d90ac6eb4d883d9650d17cd915d958b4e5e66
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Apr 16 11:47:29 2013 -0400

    quiet gcc 4.4.7 warning about saveptr use before initialization
    
    The recent change to use strtok_r causes a build warning with this older
    gcc version, so initialize saveptr to NULL to quiet the compiler and
    unbreak the build. There was no warning with gcc 4.7.2 that I
    originally tested with.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit 98663823e47ec56ff5a8205a17cc884acbf9cabd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 16 07:41:17 2013 -0500

    fix spacing
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 883f4a1eae77f332059dc0be6f965485a0361ec0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 16 07:35:05 2013 -0500

    mkdir_p: account for '//foo/bar'
    
    As Richard reported, dirname('//') returns //.  But mkdir_p only stops
    when called with '/', resulting in infinite recursion when given a
    pathname '//foo/bar'.
    
    Reported-by: richard -rw- weinberger <richard.weinberger at gmail.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit ce4c4ca43586825a13c1abb4ce13e90d9447a0eb
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date:   Thu Apr 11 16:29:44 2013 +0300

    lxc-template: enable chroot + chpasswd functionality for Busybox hosts
    
    This patch supports the scenario where a user wants to install a
    busybox container on a busybox host.
    
    When running the template, in order to change the root password,
    the template needs to do the chroot. On busybox-powered hosts, chroot
    is not part of the coreutils package - it's part of busybox. And the
    busybox implementation or chroot only works if it has /lib in the new
    root populated with the right binaries (or at least that's the
    solution I found to make it work).
    
    The temporarily bind-mounts /lib in the NEWROOT, chroots there,
    changes the password, goes back and unmounts. This set of operations
    is contained in a new MOUNT namespace, using the lxc-unshare call.
    
    Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 8e7da691af29fe1d8b93d2e4acc98eb188ae74cc
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 15 13:43:14 2013 -0400

    fix checking hook script exit code
    
    pclose returns the exit status from wait, we need to check that to see if
    the script itself failed or not. Tested a script that returned 0, 1, and
    also one that did a sleep and then was killed by a signal.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 2796cf790f80e8be8dd90238f6789e52bd3cc2ac
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 15 15:28:07 2013 -0400

    fortify: use reentrant safe strtok_r
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit e6a19d2683629888175371ed2eeb8a49a7b44873
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 15 15:59:12 2013 -0400

    fortify: minor cleanups for unused variables, stricter types
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 0a2188544a538b421612c90d44e56853a9d64458
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 15 15:40:53 2013 -0400

    fortify: check the value returned from write(2)
    
    Also check that we wrote the amount we expected to. The write on the pty
    is blocking but we could still get a short write on EINTR, so we should
    SYSERROR it.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 03027ad99f2759182fbcd3363298ae6adaf88cdb
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 15 16:05:36 2013 -0400

    fix lxc-attach usage
    
    This makes it match the manpage and be consistent with lxc-execute
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 4d44e274dcd933327c4f1c1cc7e1f876d08ffa85
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 22:57:46 2013 -0500

    fix coverity-found errors.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 00b6be440f93131e35e75fb1b34d8d3220590bb5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 22:44:09 2013 -0500

    coverity resource leak fixes
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 5371906219ff19886169612993efbb8e82f749a7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 22:22:10 2013 -0500

    fix coverity-found resource leaks on error paths.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 2802732032aeaabe8c793ae76112d9c8ba13ee23
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 22:16:26 2013 -0500

    fix coverity-found resource leaks in config_network_ipv6
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit bb1d227404ff96564877a04ef9299c63f608f543
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 22:02:03 2013 -0500

    fix free of alloca()d buffer (found by coverity)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 022de5f317014c538e17378b626cf3267625e141
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:59:02 2013 -0500

    fix resource leak of netdev on error path found by coverity
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b6f24d54f54146a0f5de700dac7ffc2ef7624359
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:56:51 2013 -0500

    fix resource leak of utsname in error path found by coverity
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a6537fbbfb0b9d08adc58ae23b873a084e5d479c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:48:49 2013 -0500

    genl.c: fix a resource leak found by coverity
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit a741a85d8e241e9ca773f3cd7575d720837fcb51
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:45:00 2013 -0500

    lxcapi_create: fix leak of tpath when a container already exists
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit b4e4ca49c792d7320787a6991ce1815d26060d39
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:39:34 2013 -0500

    lxc_monitor: make sure msg.name is null terminated (bug found by coverity)
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit c928f41fc0e79a24e4c43a80fb26b3c46997d91a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:18:53 2013 -0500

    ifdef out skipped startone test code
    
    Unfortunately installing a working lxc-init is somewhat hairy and
    distro-dependent.  So we skipped it before, but Coverity didn't
    like that, so just ifdef it out.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 416707883893211a15c031b1f3589bc7cde9bf2b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:17:09 2013 -0500

    lxccontaienr: fix missing va_end in error case.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 586d4e9be1eb13cd9cb77cf6c56ce57e24623c44
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Sun Apr 14 21:12:58 2013 -0500

    lxcccontainer: add missing va_end found by coverity
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit af41709c4243e0fd9dc1fac5f22cdd47316f8277
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Apr 12 15:15:22 2013 -0500

    af_unix.c: fix coverity-found bug: pass addr size
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit bdb539b89bbe123018392bb8c64cb94c13d736a8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Apr 12 15:11:29 2013 -0500

    lxclock: fix coverity-found leak
    
    if sem_init fails, free what we mallocd.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 8767795058ca5b46c8a9e335ad941d8799241716
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Fri Apr 12 15:11:11 2013 -0500

    lxclock: indentation
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 43d1aa34aab1c43bce8f083d024bf54f0246a884
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Thu Apr 11 11:43:31 2013 -0500

    Fix up struct lxc_container locking
    
    1. in container_free, set c->privlock to NULL before calling
    sem_destroy, to prevent a window where another thread could call
    sem_wait(c->privlock) while c->privlock is not NULL but is already
    destroyed.
    
    2. in container_get, check for numthreads < 0 before calling lxclock.
    Once numthreads is 0, it never goes back up.
    
    Following is a comment added to lxccontainer.c:
    
    /*
     * Consider the following case:
    freer                         |    racing get()er
    ==================================================================
    lxc_container_put()           |   lxc_container_get()
    \ lxclock(c->privlock)        |   c->numthreads < 1? (no)
    \ c->numthreads = 0           |   \ lxclock(c->privlock) -> waits
    \ lxcunlock()                 |   \
    \ lxc_container_free()        |   \ lxclock() returns
                                  |   \ c->numthreads < 1 -> return 0
    \ \ (free stuff)              |
    \ \ sem_destroy(privlock)     |
    
     * When the get()er checks numthreads the first time, one of the following
     * is true:
     * 1. freer has set numthreads = 0.  get() returns 0
     * 2. freer is between lxclock and setting numthreads to 0.  get()er will
     *    sem_wait on privlock, get lxclock after freer() drops it, then see
     *    numthreads is 0 and exit without touching lxclock again..
     * 3. freer has not yet locked privlock.  If get()er runs first, then put()er
     *    will see --numthreads = 1 and not call lxc_container_free().
    */
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
    Acked-by: Seth Arnold <seth.arnold at canonical.com>
    Acked-by: Stéphane Graber <stgraber at ubuntu.com>

commit e649c8032f84b488cac8ea6c8fb9a77c424a0419
Author: Stéphane Graber <stgraber at ubuntu.com>
Date:   Thu Apr 11 14:15:21 2013 +0200

    python: Fix memory management
    
    Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>

commit 75129865d48d2293383316f88ce7661e37dde43d
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Apr 3 14:43:15 2013 -0400

    ubuntu template: fix installation when LANG=C
    
    The ubuntu template will silently fail (because it is set -e) on
    the locale-gen command when LANG=C
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Apr 3 12:31:46 2013 -0400

    oracle template: install additional user specified pkgs
    
    Fix lxc-create to not word split template arguments. This makes
    lxc-create -n ol -t oracle -- -r "at cronie wget" work since the argument
    to -r will be passed as one arg instead of three.
    
    Fix oracle template -u option to shift the correct amount.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 33892746e373449a8a69a4265d783bf701cb5784
Author: Wojciech Izykowski <wizykowski at gmail.com>
Date:   Sat Apr 6 16:33:00 2013 +0200

    lxc-start-ephemeral: fixed bug with wrong ssh option (-k instead of -i)
    
    Corrected ssh option for custom key (from -k to -i). Just see ssh
    manpage for justification.
    
    Signed-off-by: Wojciech Izykowski <wizykowski at gmail.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit 6efdcb6a3cc4d06bf64af69b08bc95335f02b79f
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Apr 3 17:08:32 2013 -0400

    debian template: set arch when dpkg doesn't exist on host
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>

commit fe19f236a2295da1e01ab05ff59853c5a4556811
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Mon Apr 8 12:45:23 2013 -0400

    fix wait status in pid reuse case
    
    Commit 37c3dfc9 sets the wait status on only the child pid. It
    intended to match the pid only once to protect against pid reuse but it
    won't because the indicator was reset to 0 every time at the top of the
    loop. If the child pid is reused, the wait status will be set again.
    Fix by setting indicator outside the loop.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 1354f952876e96b456425efc7ed9994caf687028
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Tue Apr 9 09:41:15 2013 -0400

    minor documentation fixes / clarification
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit 190a2ea88e9820e5e150ce36414233da4bd34b44
Author: Dwight Engen <dwight.engen at oracle.com>
Date:   Wed Apr 10 10:49:51 2013 -0400

    remove unused lxc_copy_file
    
    Commit e3642c43 added lxc_copy_file for use in 64e1ae63. The use of it
    was removed in commit 1bc60a65. Removing it reduces dead code and the
    footprint of liblxc.
    
    Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

commit fd95f2402dc70ad41fa2db8fb101f950196458a9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date:   Tue Apr 9 16:23:05 2013 -0500

    lxc.functions: don't let LXC_PATH= line end in failure
    
    Otherwise if called from dash with set -e, dash will exit.  This
    causes lxc-clone to fail.
    
    Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>

-----------------------------------------------------------------------

Summary of changes:
 .gitignore                               |   12 +-
 CONTRIBUTING                             |   24 +
 autogen.sh                               |   21 +
 config/Makefile.am                       |    4 +-
 configure.ac                             |  125 ++-
 doc/Makefile.am                          |    1 -
 doc/common_options.sgml.in               |    2 +-
 doc/legacy/lxc-ls.sgml.in                |    8 +-
 doc/lxc-attach.sgml.in                   |    4 +-
 doc/lxc-cgroup.sgml.in                   |    4 +-
 doc/lxc-checkconfig.sgml.in              |    4 +-
 doc/lxc-checkpoint.sgml.in               |    4 +-
 doc/lxc-clone.sgml.in                    |  150 ++-
 doc/lxc-console.sgml.in                  |   15 +-
 doc/lxc-create.sgml.in                   |   16 +-
 doc/lxc-destroy.sgml.in                  |   21 +-
 doc/lxc-device.sgml.in                   |    4 +-
 doc/lxc-execute.sgml.in                  |   12 +-
 doc/lxc-freeze.sgml.in                   |    4 +-
 doc/lxc-info.sgml.in                     |   32 +-
 doc/lxc-kill.sgml.in                     |    4 +-
 doc/lxc-ls.sgml.in                       |    4 +-
 doc/lxc-monitor.sgml.in                  |   23 +-
 doc/lxc-netstat.sgml.in                  |    4 +-
 doc/lxc-ps.sgml.in                       |   10 +-
 doc/lxc-restart.sgml.in                  |    4 +-
 doc/lxc-shutdown.sgml.in                 |   98 --
 doc/lxc-start-ephemeral.sgml.in          |    4 +-
 doc/lxc-start.sgml.in                    |    4 +-
 doc/lxc-stop.sgml.in                     |   96 ++-
 doc/lxc-top.sgml.in                      |    4 +-
 doc/lxc-unfreeze.sgml.in                 |    4 +-
 doc/lxc-unshare.sgml.in                  |   10 +-
 doc/lxc-version.sgml.in                  |    4 +-
 doc/lxc-wait.sgml.in                     |    4 +-
 doc/lxc.conf.sgml.in                     |  246 ++++-
 doc/lxc.sgml.in                          |    4 +-
 doc/see_also.sgml.in                     |    2 +-
 hooks/Makefile.am                        |    4 +-
 hooks/clonehostname                      |   29 +
 hooks/mountcgroups                       |   25 +-
 hooks/mountecryptfsroot                  |    2 +-
 hooks/ubuntu-cloud-prep                  |  184 +++
 lxc.spec.in                              |    3 +-
 runapitests.sh                           |   18 +
 src/include/getline.c                    |   29 +
 src/include/getline.h                    |   31 +
 src/include/ifaddrs.c                    |  597 +++++++++
 src/include/ifaddrs.h                    |   54 +
 src/include/lxcmntent.c                  |   20 +
 src/include/lxcmntent.h                  |   21 +
 src/include/openpty.c                    |   36 +-
 src/include/openpty.h                    |   23 +
 src/lua-lxc/Makefile.am                  |    4 +-
 src/lua-lxc/core.c                       |   54 +-
 src/lua-lxc/lxc.lua                      |  128 +-
 src/lxc/Makefile.am                      |   77 +-
 src/lxc/af_unix.c                        |   21 +-
 src/lxc/af_unix.h                        |    2 +-
 src/lxc/apparmor.c                       |   25 +-
 src/lxc/apparmor.h                       |   20 +
 src/lxc/arguments.c                      |   39 +-
 src/lxc/arguments.h                      |   24 +-
 src/lxc/attach.c                         |  643 +++++++++-
 src/lxc/attach.h                         |   10 +-
 src/lxc/attach_options.h                 |  120 ++
 src/lxc/bdev.c                           | 2070 ++++++++++++++++++++++++++++++
 src/lxc/bdev.h                           |  138 ++
 src/lxc/caps.c                           |   40 +-
 src/lxc/caps.h                           |    6 +-
 src/lxc/cgroup.c                         | 1237 +++++++++++++-----
 src/lxc/cgroup.h                         |   37 +-
 src/lxc/checkpoint.c                     |    2 +-
 src/lxc/commands.c                       |  701 +++++++++--
 src/lxc/commands.h                       |   83 +-
 src/lxc/conf.c                           |  390 +++++--
 src/lxc/conf.h                           |   32 +-
 src/lxc/confile.c                        |  145 ++-
 src/lxc/confile.h                        |    2 +-
 src/lxc/console.c                        |  786 +++++++++---
 src/lxc/console.h                        |   20 +-
 src/lxc/error.c                          |    2 +-
 src/lxc/error.h                          |    2 +-
 src/lxc/execute.c                        |   45 +-
 src/lxc/freezer.c                        |   33 +-
 src/lxc/genl.c                           |   19 +-
 src/lxc/genl.h                           |    2 +-
 src/lxc/legacy/lxc-ls.in                 |    2 +-
 src/lxc/list.c                           |    2 +-
 src/lxc/list.h                           |   23 +
 src/lxc/log.c                            |  243 +++--
 src/lxc/log.h                            |   16 +-
 src/lxc/lxc-checkconfig.in               |    2 +-
 src/lxc/lxc-clone.in                     |  324 -----
 src/lxc/lxc-create.in                    |  357 -----
 src/lxc/lxc-destroy.in                   |   63 +-
 src/lxc/lxc-device                       |    2 +-
 src/lxc/lxc-ls                           |   11 +-
 src/lxc/lxc-netstat.in                   |   35 +-
 src/lxc/lxc-ps.in                        |   31 +-
 src/lxc/lxc-shutdown.in                  |  151 ---
 src/lxc/lxc-start-ephemeral.in           |   28 +-
 src/lxc/lxc-top                          |   13 +-
 src/lxc/lxc.functions.in                 |   15 +-
 src/lxc/lxc.h                            |   62 +-
 src/lxc/lxc_attach.c                     |  458 ++------
 src/lxc/lxc_cgroup.c                     |   35 +-
 src/lxc/lxc_checkpoint.c                 |    4 +-
 src/lxc/lxc_clone.c                      |  179 +++
 src/lxc/lxc_config.c                     |   70 +
 src/lxc/lxc_console.c                    |  192 +---
 src/lxc/lxc_create.c                     |  246 ++++
 src/lxc/lxc_destroy.c                    |  103 ++
 src/lxc/lxc_execute.c                    |    8 +-
 src/lxc/lxc_freeze.c                     |   30 +-
 src/lxc/lxc_info.c                       |   43 +-
 src/lxc/lxc_init.c                       |   96 +-
 src/lxc/lxc_kill.c                       |    6 +-
 src/lxc/lxc_monitor.c                    |   38 +-
 src/lxc/lxc_monitord.c                   |  409 ++++++
 src/lxc/lxc_restart.c                    |    8 +-
 src/lxc/lxc_start.c                      |  102 +-
 src/lxc/lxc_stop.c                       |  127 ++-
 src/lxc/lxc_unfreeze.c                   |   30 +-
 src/lxc/lxc_unshare.c                    |    2 +-
 src/lxc/lxc_user_nic.c                   |  782 +++++++++++
 src/lxc/lxc_usernsexec.c                 |  417 ++++++
 src/lxc/lxc_wait.c                       |   18 +-
 src/lxc/lxccontainer.c                   | 1783 ++++++++++++++++++++++----
 src/lxc/lxccontainer.h                   |  124 ++-
 src/lxc/lxclock.c                        |  330 ++++-
 src/lxc/lxclock.h                        |   94 +-
 src/lxc/lxcseccomp.h                     |    2 +-
 src/lxc/lxcutmp.c                        |    4 +-
 src/lxc/lxcutmp.h                        |    2 +-
 src/lxc/mainloop.c                       |    9 +-
 src/lxc/mainloop.h                       |    9 +-
 src/lxc/monitor.c                        |  243 +++-
 src/lxc/monitor.h                        |   12 +-
 src/lxc/namespace.c                      |    4 +-
 src/lxc/namespace.h                      |    5 +-
 src/lxc/network.c                        |    8 +-
 src/lxc/network.h                        |    2 +-
 src/lxc/nl.c                             |    2 +-
 src/lxc/nl.h                             |    2 +-
 src/lxc/parse.c                          |   10 +-
 src/lxc/parse.h                          |    2 +-
 src/lxc/restart.c                        |    2 +-
 src/lxc/rtnl.c                           |    2 +-
 src/lxc/rtnl.h                           |    2 +-
 src/lxc/seccomp.c                        |    2 +-
 src/lxc/start.c                          |  260 +---
 src/lxc/start.h                          |    6 +-
 src/lxc/state.c                          |  113 +--
 src/lxc/state.h                          |    2 +-
 src/lxc/stop.c                           |  115 --
 src/lxc/sync.c                           |    2 +-
 src/lxc/sync.h                           |    2 +-
 src/lxc/utils.c                          |  405 +++++--
 src/lxc/utils.h                          |  163 +++-
 src/lxc/version.c                        |    2 +-
 src/lxc/version.h                        |    2 +-
 src/python-lxc/examples/api_test.py      |   14 +-
 src/python-lxc/examples/pyconsole-vte.py |   80 ++
 src/python-lxc/examples/pyconsole.py     |   54 +
 src/python-lxc/lxc.c                     |  753 ++++++++++--
 src/python-lxc/lxc/__init__.py           |  182 ++--
 src/python-lxc/setup.py                  |   23 +
 src/tests/Makefile.am                    |   16 +-
 src/tests/cgpath.c                       |  278 +++--
 src/tests/clonetest.c                    |  178 +++
 src/tests/console.c                      |  177 +++
 src/tests/containertests.c               |    2 +-
 src/tests/createtest.c                   |    2 +-
 src/tests/destroytest.c                  |    2 +-
 src/tests/get_item.c                     |    2 +-
 src/tests/locktests.c                    |  258 ++---
 src/tests/lxc-test-usernic               |   67 +
 src/tests/saveconfig.c                   |    2 +-
 src/tests/shutdowntest.c                 |    2 +-
 src/tests/startone.c                     |    4 +-
 templates/Makefile.am                    |    3 +-
 templates/lxc-alpine.in                  |  130 ++-
 templates/lxc-altlinux.in                |   26 +-
 templates/lxc-archlinux.in               |   14 +-
 templates/lxc-busybox.in                 |   53 +-
 templates/lxc-cirros.in                  |  321 +++++
 templates/lxc-debian.in                  |   31 +-
 templates/lxc-fedora.in                  |  231 +++-
 templates/lxc-opensuse.in                |   21 +-
 templates/lxc-oracle.in                  |   32 +-
 templates/lxc-sshd.in                    |   82 +-
 templates/lxc-ubuntu-cloud.in            |  226 ++--
 templates/lxc-ubuntu.in                  |  132 ++-
 194 files changed, 16157 insertions(+), 4782 deletions(-)
 delete mode 100644 doc/lxc-shutdown.sgml.in
 create mode 100755 hooks/clonehostname
 create mode 100755 hooks/ubuntu-cloud-prep
 create mode 100644 src/include/ifaddrs.c
 create mode 100644 src/include/ifaddrs.h
 create mode 100644 src/lxc/attach_options.h
 create mode 100644 src/lxc/bdev.c
 create mode 100644 src/lxc/bdev.h
 delete mode 100755 src/lxc/lxc-clone.in
 delete mode 100644 src/lxc/lxc-create.in
 delete mode 100644 src/lxc/lxc-shutdown.in
 create mode 100644 src/lxc/lxc_clone.c
 create mode 100644 src/lxc/lxc_config.c
 create mode 100644 src/lxc/lxc_create.c
 create mode 100644 src/lxc/lxc_destroy.c
 create mode 100644 src/lxc/lxc_monitord.c
 create mode 100644 src/lxc/lxc_user_nic.c
 create mode 100644 src/lxc/lxc_usernsexec.c
 delete mode 100644 src/lxc/stop.c
 create mode 100755 src/python-lxc/examples/pyconsole-vte.py
 create mode 100755 src/python-lxc/examples/pyconsole.py
 create mode 100644 src/tests/clonetest.c
 create mode 100644 src/tests/console.c
 create mode 100755 src/tests/lxc-test-usernic
 create mode 100644 templates/lxc-cirros.in


hooks/post-receive
-- 
lxc




More information about the lxc-devel mailing list