[lxc-devel] [GIT] lxc branch, master, updated. be9f766c1ef1c74cb7cdfca97a71757b492b8a5c
Daniel Lezcano
git at users.sourceforge.net
Mon Sep 9 19:12:09 UTC 2013
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "lxc".
The branch, master has been updated
via be9f766c1ef1c74cb7cdfca97a71757b492b8a5c (commit)
via f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1 (commit)
via 5c068da9695bcbfa46e0b3666128e3a533c9ddc7 (commit)
via 69c757b343b5bbd2543adc4f3f0204d4696515e0 (commit)
via 2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3 (commit)
via 3a1675bf08b35bd5a5078f5638048c2c72c3e981 (commit)
via 330da5fa322cf628aadc425c5be86814530d313e (commit)
via c25c2970a6aabc45ee6375cc127ed45efea2f9bf (commit)
via ac8255280d2e4348ab0eba5ec6982edc92ee6fbd (commit)
via 12e93188de7dfe9ba66e022f9c28aa1f696a22e8 (commit)
via 44a80d675ffb81ebb1a66a62c162e93a4c5882a0 (commit)
via 2698b46924ab861b1f39fb11560c852d080e7b02 (commit)
via eee59f9408398849e9b7fc58dbe68ec176de4d50 (commit)
via 2a2d36a42512160e7771b2472cb7922423523048 (commit)
via 1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4 (commit)
via 59d66af29da6ca8c5fa8cb63a5bbfc443811bb81 (commit)
via 41c3b7c7ac9b33bc562ebad9ea124912577f2ba5 (commit)
via 75b5535282453b3442a41df4a3ba6d3058cd6e48 (commit)
via e34b5d2ef2c329afe6540bbfc298ae631378832e (commit)
via cd0bcc4958e58a2750cf9086f75649d14c83ac70 (commit)
via 250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77 (commit)
via d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda (commit)
via c66e9b01f04840c5abc34d235dbbb2ec9ca55205 (commit)
via ca9548ad02238600899a1f86ded308279964e018 (commit)
via 80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6 (commit)
via 0f081315a9310bf04fe4bc64b900ec6bac36f85d (commit)
via 188e0ab60bda276c688ad15877c6d6402081c6c9 (commit)
via acbb59f50d5196facde837ea377f70e98ce1e6f8 (commit)
via d75462e4d663c58bde0787fdbe0ef3148e44cdde (commit)
via 0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6 (commit)
via dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad (commit)
via 840295ff4cf11da0938a19f99fef8a1525de8106 (commit)
via 80507ee8eb66f4f23494caae26f6d2f0b50480b6 (commit)
via 48c63f8d035045af1103b677b5ec577aec59a5b5 (commit)
via 5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e (commit)
via 79622932f21d22db36a0b6cca129f559b5e76108 (commit)
via cb0c6c020314ee0fea0ce30d209711f7e9c29aaa (commit)
via 92b0b5bac5717e5281f51340192288050409ad47 (commit)
via 9069513c69d77b5c22219b43f78ba1554431dd36 (commit)
via dfb31b25e298d98ea80a699f019308019c6670d8 (commit)
via 84bdfb2b4c95b24fde5e90e621372fcd6c4d069b (commit)
via 659aa0618c34cecd388df73936b41d5fb573090d (commit)
via 5d9598d7d3206d1bede4932e7c8565f1ab309fbc (commit)
via a09295f841be8add0cbfc2932c59535f0d1365ed (commit)
via ca6973422d5471281126e9e1884633367479f246 (commit)
via 01efd4d3d91713fc4f8ca55c7726b8216ed16fc6 (commit)
via 1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f (commit)
via b4569e93217fe9a18af35b4475c8f8eac1436759 (commit)
via fb760f70541c9af728eb2ab0c6175875f7448752 (commit)
via e14f67a7bfa7065480fc7cd47a45f209a0aee79b (commit)
via c9ec905567952830d58a14d1e3a3ea4e1f8b0041 (commit)
via 01bfae14dd898fecf0bd130e47a62a3155f619d0 (commit)
via 4f17323e79969a98604bc30a8cc24cf083d474c3 (commit)
via 9c6694b7073a6ebfd1da4950e0c8db4b91530202 (commit)
via a9cab7e39b101b89470e2e4109c14e7f17218032 (commit)
via 55c76589fd19e5f04697dcfd0084039cd77ef304 (commit)
via 37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d (commit)
via e768f9c0f69df1f02f8252fead6d82648b410bd8 (commit)
via 511a6936c7062d59dd9335ef16d9165d19c45604 (commit)
via 1a2e58cf55979749ea76835d0b36327c051c2715 (commit)
via 5ec279894e8b1275b6cbfaaddb425e8f56639bdc (commit)
via a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8 (commit)
via 7f3e12f3e5223c6a6c34bafdf47df86f66078963 (commit)
via 2e74d6f3744e5aef2e01f1f295472ffdb58f1929 (commit)
via 120ce443c466fb1d286ffd200ca22a1e9db7284c (commit)
via 2b89a9c19db30894e2476a5a750c443dee339d70 (commit)
via ec346ea11f76d0797035c476794104a3230531f9 (commit)
via 180edd67022017351a6546b4aa79bcaefada01c8 (commit)
via 590ae889334b01a59606a1a8952d976098bd6123 (commit)
via bff13ba210ed61f756fc82adce1921f84b43ffe0 (commit)
via 92adc3e911314a6f90986d8410ec0ff4b82c9f79 (commit)
via c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15 (commit)
via 4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b (commit)
via d24d56d7ee3420bb79238ff84cad07c20cf4757d (commit)
via e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d (commit)
via 6fe93aa1877359365a07d9110e0e2dbfb3b0205f (commit)
via d74325c436457b87b17e3ea598a9eb4ba66e0d49 (commit)
via 1d374b9725e53d8b099970c1b501d56d599c4772 (commit)
via fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8 (commit)
via d44e88c26690a56f9efac58f602dba06c9ec0c90 (commit)
via d3060bd055eac45c1767e1e80fcaba763eb7477d (commit)
via d007f8ab3da297ed0de884e0c6e57a66de2fcb42 (commit)
via bf7d3153c925ca1404662a8fe031da27308f4187 (commit)
via 3d5e9f4801c0311a6300fc781a4c0a09a6d463fe (commit)
via d7a09c630b2150636bf4dfb266bc632abd65dfa8 (commit)
via b7f2846aabb8c1c59b078b4c529e60ea254432f1 (commit)
via 626ad11bfee3e12e675f51e92920030a6f383b19 (commit)
via a0e93eeb2293e15a18e6c56271d13907f082c4df (commit)
via 61a1d519f472c1ac95c641d974401c932f82be66 (commit)
via 9c4693b853c5a9ab2156544ee3334a082cdba420 (commit)
via 650468bb4a5c9a6c69b524f574e8d0f315f45c37 (commit)
via b93aac46f2802b3639c1ac2ed0cf71174673d110 (commit)
via 01e6b7148046c3f41849d093bc61454279792b80 (commit)
via b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138 (commit)
via 070a4b8e68a6bf9a96c24ded47974388c83f1d57 (commit)
via 20ab58c777136a449b3199e0733b62fa87ecfa61 (commit)
via 3fb18be95747034bf36f46be11b0eb288b2ec1b4 (commit)
via baece282266318a9bb527cefc85ebf7b6dd7f10e (commit)
via 8bb17b7791777538d8f7cc957939fc871843f218 (commit)
via 79159a86ddb51071055abd7ee08935bc65b9e7a9 (commit)
via 034a01593a4ae10d6f1e49b71afbfff70cfc226c (commit)
via 54e339f91785368a7825b2edaad04c2177a1a382 (commit)
via 65d8ae9c4a66f5ca85289c02dc06d63261c84619 (commit)
via 1c8e4ee0a08638e35732a0ddd0052ecde49fbecb (commit)
via 4a0ba80d62c0d8aeb5c9857749659fdf716c380a (commit)
via b40a606e52c788db85fe1c42d3747483d159b6a5 (commit)
via 96532523ef90ea6ce3f08ec7d74c3c850b885e50 (commit)
via d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54 (commit)
via c9cbb9e51436f84d7871a50776dccacfd8dc196a (commit)
via 2c495ae35a804e3c12cb9f4826c30295043986ce (commit)
via d155b47dac549a5c30c0011923274e3744109c91 (commit)
via 469b57873977afcb5d9f5adb00097c944caedd2a (commit)
via b60ed720848c8276e4e770d380ec6014768d9923 (commit)
via b113383b84e5fcd2997a939d3f826a06b109e3d9 (commit)
via 1aad9e44d65e7c20dabc4c99f57bcf532db66c68 (commit)
via 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a (commit)
via 5be56973e5e874a142263dfb164b0b03e18a65f3 (commit)
via 4165b2c65648b5df521c6e83b1cbad91d0896a00 (commit)
via 6f259716e75552cf46ee5125bdbd21e34456d0c0 (commit)
via 8058be395d46cfabf2dacd7df79e95309619986a (commit)
via 819554fe20bbc0ce720b5ed0d5b8e53aeba6b284 (commit)
via 5202677243dcda16ab97c07d497174726198f7ab (commit)
via 27c27d73e1b1a07e3621484fa033206549e2a1f5 (commit)
via 3ce746862b2a2b33f3de65aeecda0bad1a5dd27c (commit)
via 868a70afead6cc48a4c883126ea3ef01b6ec57e0 (commit)
via 6a2e602b1b03617e77dcd4b5f82f34713a970ac4 (commit)
via dc23c1c817da5c13529432270e51d0f7f3b1e95e (commit)
via ae13ae0853a246119ddaf9c8cc6d128a21a8988c (commit)
via 283678ed2ccd88a6ba57fcb28516311adcdb6fac (commit)
via cbee8106e38f9ffa130c7bf8be325f7f203da67a (commit)
via 96b3cb407c07915db2cd0542c313a4bff4d1d389 (commit)
via fb75356a85e3097db77386e7c62836a3ee69217f (commit)
via 1143ed392d2760e8f7aeee88d570bb0ba151885f (commit)
via b9b3a92f664fe3966decd0411b25fb6b77425e23 (commit)
via 3327917f4a991a49ba1562b774c63c45139772eb (commit)
via 9313e1e628160ca64f9e7fcec6500056c9a0725f (commit)
via 6cda3f5ac1e3a20a97a419923e587d6bdb1fece9 (commit)
via b58e60e232a3049d946a3b18e6f21912cd3453f0 (commit)
via 39ffde307ad83bd407aaa6a0d81682902bab248b (commit)
via b0f9616f6227f56dce8ca2514610f432ba4fab8a (commit)
via 18efb001a4498f8fc62ab37f1db552fdf001e798 (commit)
via ef091cefca5082007678fe82ad01389f7057ca48 (commit)
via 9c631ea7c2906f41b23f5c8dcc9f6045078879db (commit)
via 9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349 (commit)
via 53f3f04845a9eb60064c302e1f95652f665809f1 (commit)
via 2e599a6a25b533fe63840edc34ee265811b7b814 (commit)
via 982e7b6ea40ea57923f4f094858424debc1a5f7f (commit)
via 85b41c7d7f72213199b5cff9525d17f44b49a842 (commit)
via 37cb98a2b7e5c7b0abf69f261a16d759453492f1 (commit)
via 1a7cb0850405b271b7bedacd243235f29cd368df (commit)
via 176d9acb2ec17211a0d69bd2bd99f914fad8d7ad (commit)
via ae3f8cf9a4a03c62c6c12968b38b2352388df91c (commit)
via 618fa49dddbedd2b7319c0089dffd8d65aef8369 (commit)
via 54c30e290876c5fa6e4c7b5a511580793e4777e3 (commit)
via 37903589a2de0cbd62f94c5fd06d0aa8d57ca140 (commit)
via b515981702133b9aaea1aff378493f054c14d46c (commit)
via 5d4d3ebb13705d1e102429c75fc06932f81816dd (commit)
via 71b0fed669a088675c1344ed68b250e87414c998 (commit)
via 54b79829e23e01998eeafb8156987937a894af3c (commit)
via 6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa (commit)
via fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4 (commit)
via 38973621a40a5657b067409321d54759520d7951 (commit)
via 31f58b3fcec322dba1eed71e364335c30500066c (commit)
via f02abefef9a59658c813e08f86a91fbe09eabf00 (commit)
via 93dc5327aa0c2b13d619b8bedf893eea983d4d68 (commit)
via 1af60b514fc9d8da2b4485e9e8845619fb6c6b68 (commit)
via eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1 (commit)
via f002c8a7655e42a325ef6bad9fb0844fad4e410b (commit)
via 4c1f6b67d9b842d9e5c293eea2ff19301ecc5596 (commit)
via 3155e7f954d4b5d7da528d2a3cd8be254432e3c3 (commit)
via 63c3090c913142cd19f443b040cdede2c0522ce8 (commit)
via 44ef0c0c7200ef4e8783387d886d3748da3d50fd (commit)
via 569bee5cc3d647032573db8f72734faa9307d577 (commit)
via 0a18b5458b6d0fcad9a82b96f99035254af50c7a (commit)
via 3a647d582dc759e43c2087f0d906adf77c62ab6c (commit)
via 3bc449ed24edc4b754cbe0af19fe878d29731f59 (commit)
via 73e608b21f73509c5f8c7a948cc6d4b0898edb2c (commit)
via 39dc698cb4025516a3428a68e19da05feb6fc0e9 (commit)
via 0115f8fd27b1a31d367bb161a121694f92b45e62 (commit)
via 3db989bad5d58bafac80f448e1dd2d048e791478 (commit)
via dc5e436e702f0bf4001e3e6e9f855443b2fcf448 (commit)
via 5790f7b7a76b9ccff662fdd6ff0013b8f218d020 (commit)
via 64f782ca69c70fd155427a81d69fda593981e770 (commit)
via 1897e3bcd36af9f3fe6d3649910a9adb93e5e988 (commit)
via 60bf62d4ae36a48342fb8aee680fbd4b423810b1 (commit)
via 3e625e2d2e12b919dd9590b97badc6108ee67b1a (commit)
via 5cee8c5040661f9875bf41cfffd641c87afae8af (commit)
via df271a59cbfcfbe98fa4bd7af3ae595633539a12 (commit)
via 2acf77955239ec0046451fa16812d2884e6bd19b (commit)
via 6a44839f5973f41553349f1b5e77d8db809e60eb (commit)
via ad5f15151580201b79fc140f664227b494639e81 (commit)
via 5bb4a226ebec9f3fb678a282a2b2833748d6707b (commit)
via 65be441e0892b45000b9b3863d407539e56e47a4 (commit)
via 481624b37b37ffa98b735cf3f94e35d1fbd729e0 (commit)
via fa9ac567a7f1593c586cca57362f6b542985e5d7 (commit)
via 20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5 (commit)
via fca3080f6a46f856c54218a8e478a174382b4c15 (commit)
via ef6e34eec8d5a9f1447462d6080facb674b3ccdb (commit)
via 9c83a661397456e1455d739bcadfa38f05ce2fe6 (commit)
via 92f023dccced28a55ce323253f298e9825fe7da7 (commit)
via 65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc (commit)
via c797a220d51d2796355fd60eca50523ffd6fb45e (commit)
via 71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0 (commit)
via d1240f0335e0c469b850da467661dfbb8f262727 (commit)
via 11029c023a12dbe3f3569fcc22f25667686e417f (commit)
via 40650ea6817286a9587a84bf3ce5d25d10620303 (commit)
via de09eccbeda214a1ef5a9b7144870defa97e88c4 (commit)
via dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1 (commit)
via 148e91f56799f03c868deca8dcad473983a1a2bf (commit)
via 9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba (commit)
via 6031a6e5f939bda07d98768d34dafae677a7dfeb (commit)
via d9e80daf54e15b89b0b08d475b29893be9830be0 (commit)
via 627fe3b4c3a65535eb53c3d63794705d8f6322d4 (commit)
via 794fb287b3bd7a6c07f99ec1565c517922287065 (commit)
via 807732062eab6cd44fb033bfbb37fbb38907aa66 (commit)
via 58a46e06210a6321c530735f15f66eb648c4657d (commit)
via 714540763b8b1ac12c029d7760b4e4fe13a69b43 (commit)
via 304143a823ede4eca52f1d11ae1449995ad503ff (commit)
via 8d06bd135af4852f24660be965aba2d781223af4 (commit)
via 566c0d6dce82ee573da01e325c53179ed74350f1 (commit)
via 7f4717c293fd5ecb9d605bed890cb412314aa8e2 (commit)
via dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b (commit)
via f2bbe86da4044c8db39e6eae19541fe2d117bae7 (commit)
via 3856bc9ff50f2cbd6cb2830619f3594ffea0b344 (commit)
via 5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7 (commit)
via 42fb4b1585d5f2073fbfe984acd46b625fd3c6a1 (commit)
via 91c908ee8ea5aada054cbb7f4203d486c2e9a09e (commit)
via ab81cef05338e7a553aacca141287034d6daf167 (commit)
via 7c7ec7a8eded3d3864631165503fedb456e1b779 (commit)
via 8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3 (commit)
via d2c8186b4d185d75e81aec02d5a62dde4192c16d (commit)
via a9bafa108521ac785e846f2ace105c327371c106 (commit)
via 3c73b55472c096f06fd037c3c0af011be62a432b (commit)
via a747894428ea38c4a908acacb610fc3de714e0c0 (commit)
via 8fb86a37daecd05e9ef7f291dd4762be881f88e4 (commit)
via bec695f3ec43972ad38f06f92ff2db03d8405562 (commit)
via 8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9 (commit)
via a2eea3c1974d70bdef74a0af6a14ca3a6fa41704 (commit)
via 2d4bcb96155c0e4a5d2734017f889b993144e876 (commit)
via fc7e88640cbdb402aaa048dd74829c8d09dda850 (commit)
via b85ab7989ebe24629267048cb269b278eeb50490 (commit)
via 375c2258b24b233832c9ec43ab9c7b3f5dce25fb (commit)
via e0b0b533feed683ce12c94e11174019a5dac64fc (commit)
via eee3ba81c88e64b8a732694fc4843a39d5bde491 (commit)
via ee25a44fd389ed450e3d7ef9513eec19668f2de7 (commit)
via b338c81b9f0130106eee4b2ff70959c2e62a1fac (commit)
via 385e7a431a1865017211478741408d505396f9a7 (commit)
via b164a17f9bfcc3f067dad33d0c38834aa22ca2b1 (commit)
via ec471210d97ba23b2de618349bdb6dd4145e53e0 (commit)
via 0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df (commit)
via a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0 (commit)
via 1e1bb42a8fca68d9fa9391e6644aeff296479499 (commit)
via 31a95fecd2e0b1408e9a97e3ae36a7770544d1a2 (commit)
via ca52dcb55961d75e0163f237c92d225964c786bd (commit)
via 3baa76fe36bd2b59645a952c3a47a960090c38d2 (commit)
via 9be53773792fc9e8bd173edc3b7ac7e144875387 (commit)
via ab1bf971d2db43777cbf3892fb887bf71ce7d155 (commit)
via 7f95145833bb24f54e037f73ecc37444d6635697 (commit)
via 33c2c3ec93c17758f37cc2e53f07f7dfe6b72336 (commit)
via f485f377a1caba11c58da100d3db9a8c6fdeb7d5 (commit)
via 4f43438c476c3c5fb78d6192238d540108a33cb1 (commit)
via 6320e49454b0fd86dde7df0af54a2e194ae59821 (commit)
via 69fe23ff0777390e34a8c0b11ce6037e5aef9109 (commit)
via f05699d19e27567583b9397a8d529e8aa275f5e1 (commit)
via 6b7916695264238a490971e8cd87612154fc18b1 (commit)
via e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2 (commit)
via 4fa22bfca1e94393aa3fbdc3fdf5516e75d47521 (commit)
via e51d4895129209cec1c15bda2322136a03ec94b2 (commit)
via dc7f65454ee88fbd50f4d6f8a7c567eb27107314 (commit)
via 0a9362f5745a58a3d63354d76182108ea81ecf05 (commit)
via 15451ecf742bfa38a0732270b36d4a8666d2124e (commit)
via 6516ad8b01aac298bffe60a8d7d21745f3354a38 (commit)
via 93d564edc5d69819e85c3fa93368d37ec803a2f9 (commit)
via fd37327f57a6d53692babcaf69dfbd8f62e59918 (commit)
via cf0f903326cf3cdd10f834c1bbc627fd81e06044 (commit)
via 051151de890705173a42bbead40a6125d34ea41b (commit)
via bbb8a488aeacf8a226d49773fe13798a202a78e2 (commit)
via 7e1667d76e76eb3d571be5e4b545e8ace6e92187 (commit)
via ddb17f1f0870ddb1678e34652f54458207cb3bb0 (commit)
via 599d42525144cf0fcc7de6ac1b576c5c6ae290c2 (commit)
via a2abaa9ec60a8967611e8c8905698bd01bde5861 (commit)
via ed4616b1cfbc84dd01caa8546d813e8c5d482921 (commit)
via 6c5db2af1f706e8f21f2a5f074bada96e9011052 (commit)
via 2ebec36f271d4ee943281e32feb3552745115347 (commit)
via 860fc865b0ae0fd6381a8a9a777efdbde0aaefb6 (commit)
via 23154d5764c06b68a5c154cecd89524ebe747ca1 (commit)
via 3763ee85915d28737bfebffa136bfb49ef0a2109 (commit)
via 8de4140644f01180f2fdab55b0ab0f13d1c761c6 (commit)
via 5a5c35c3a01afec515e688c8366e6f893985518d (commit)
via 6b28a086310b8715f4655446f4c01d9555ef1786 (commit)
via a81bad13ec305b885eff2934307d9205d55e0050 (commit)
via 2c7d90ac6eb4d883d9650d17cd915d958b4e5e66 (commit)
via 98663823e47ec56ff5a8205a17cc884acbf9cabd (commit)
via 883f4a1eae77f332059dc0be6f965485a0361ec0 (commit)
via ce4c4ca43586825a13c1abb4ce13e90d9447a0eb (commit)
via 8e7da691af29fe1d8b93d2e4acc98eb188ae74cc (commit)
via 2796cf790f80e8be8dd90238f6789e52bd3cc2ac (commit)
via e6a19d2683629888175371ed2eeb8a49a7b44873 (commit)
via 0a2188544a538b421612c90d44e56853a9d64458 (commit)
via 03027ad99f2759182fbcd3363298ae6adaf88cdb (commit)
via 4d44e274dcd933327c4f1c1cc7e1f876d08ffa85 (commit)
via 00b6be440f93131e35e75fb1b34d8d3220590bb5 (commit)
via 5371906219ff19886169612993efbb8e82f749a7 (commit)
via 2802732032aeaabe8c793ae76112d9c8ba13ee23 (commit)
via bb1d227404ff96564877a04ef9299c63f608f543 (commit)
via 022de5f317014c538e17378b626cf3267625e141 (commit)
via b6f24d54f54146a0f5de700dac7ffc2ef7624359 (commit)
via a6537fbbfb0b9d08adc58ae23b873a084e5d479c (commit)
via a741a85d8e241e9ca773f3cd7575d720837fcb51 (commit)
via b4e4ca49c792d7320787a6991ce1815d26060d39 (commit)
via c928f41fc0e79a24e4c43a80fb26b3c46997d91a (commit)
via 416707883893211a15c031b1f3589bc7cde9bf2b (commit)
via 586d4e9be1eb13cd9cb77cf6c56ce57e24623c44 (commit)
via af41709c4243e0fd9dc1fac5f22cdd47316f8277 (commit)
via bdb539b89bbe123018392bb8c64cb94c13d736a8 (commit)
via 8767795058ca5b46c8a9e335ad941d8799241716 (commit)
via 43d1aa34aab1c43bce8f083d024bf54f0246a884 (commit)
via e649c8032f84b488cac8ea6c8fb9a77c424a0419 (commit)
via 75129865d48d2293383316f88ce7661e37dde43d (commit)
via 9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3 (commit)
via 33892746e373449a8a69a4265d783bf701cb5784 (commit)
via 6efdcb6a3cc4d06bf64af69b08bc95335f02b79f (commit)
via fe19f236a2295da1e01ab05ff59853c5a4556811 (commit)
via 1354f952876e96b456425efc7ed9994caf687028 (commit)
via 190a2ea88e9820e5e150ce36414233da4bd34b44 (commit)
via fd95f2402dc70ad41fa2db8fb101f950196458a9 (commit)
from e9831f83532184caa119f830eee54728084444ba (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit be9f766c1ef1c74cb7cdfca97a71757b492b8a5c
Merge: e9831f8 f756cda
Author: Daniel Lezcano <daniel.lezcano at free.fr>
Date: Mon Sep 9 21:07:12 2013 +0200
Merge git://github.com/lxc/lxc
Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>
commit f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Fri Sep 6 21:09:57 2013 +0200
configure: enable Lua if found and continue without if not
Search for Lua if no --enable-lua/--disable-lua specified but continue
without if not found.
If --enable-lua is specified and Lua is not found then return error.
If --disable-lua is specified, then don't search for Lua.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 5c068da9695bcbfa46e0b3666128e3a533c9ddc7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Sep 6 12:25:47 2013 -0500
lxc_spawn: don't close pinfd until container is stopped
Otherwise containers may be able to remount -o ro their rootfs
at shutdown.
Reported-by: Harald Dunkel <harri at afaics.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 69c757b343b5bbd2543adc4f3f0204d4696515e0
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Fri Sep 6 09:08:45 2013 +0200
lua: fix logic to enable lua support in configure
When there is no --enable-lua or --with-lua-pc, Lua should not be
enabled.
This fixes a bug introduced with 12e93188 (configure/makefile:
Allow specify Lua pkg-config file with --with-lua-pc) that caused
configure script to fail if lua headers was missing.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Sep 5 20:31:55 2013 -0500
sanity-check number of detected capabilities
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3a1675bf08b35bd5a5078f5638048c2c72c3e981
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu Sep 5 16:40:49 2013 -0400
add AS_VAR_COPY for older autoconf versions
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 330da5fa322cf628aadc425c5be86814530d313e
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu Sep 5 15:20:44 2013 -0400
lua: fix stats gathering
- remove lxc subdir in cgroup paths (done in commit b98f7d6e)
- remove extraneous debug printfs
- remove extra call to stats_clear
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit c25c2970a6aabc45ee6375cc127ed45efea2f9bf
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Thu Sep 5 15:29:20 2013 +0200
lua: implement dirname in C rather than depend on external executable
Instead of popen and run external executable dirname we implement a
dirname in C in the core module.
We also remove the unused basename function.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit ac8255280d2e4348ab0eba5ec6982edc92ee6fbd
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Thu Sep 5 14:33:28 2013 +0200
lua: implement usleep in C module
So we avoid running os.execute
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 12e93188de7dfe9ba66e022f9c28aa1f696a22e8
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Thu Sep 5 17:13:07 2013 +0200
configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc
Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua
pkg-config package name. By default it will use 'lua' and try figure
out which version it is.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 44a80d675ffb81ebb1a66a62c162e93a4c5882a0
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Thu Sep 5 08:45:33 2013 +0200
lua: prepare for Lua 5.2
Adjust code for Lua 5.2 and keep compatibility with Lua 5.1.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 2698b46924ab861b1f39fb11560c852d080e7b02
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Thu Sep 5 15:07:51 2013 -0400
lua: fix a bug in the parsing of /proc/mounts
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit eee59f9408398849e9b7fc58dbe68ec176de4d50
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Sep 5 18:05:34 2013 -0500
clone: don't copy rdepends when not doing a snapshot clone
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2a2d36a42512160e7771b2472cb7922423523048
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Sep 5 17:59:28 2013 -0500
fix typo
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Jun 13 22:43:01 2013 -0500
introduce lxc.cap.keep
The lxc configuration file currently supports 'lxc.cap.drop', a list of
capabilities to be dropped (using the bounding set) from the container.
The problem with this is that over time new capabilities are added. So
an older container configuration file may, over time, become insecure.
Walter has in the past suggested replacing lxc.cap.drop with
lxc.cap.preserve, which would have the inverse sense - any capabilities
in that set would be kept, any others would be dropped.
Realistically both have the same problem - the sendmail capabilities
bug proved that running code with unexpectedly dropped privilege can be
dangerous. This patch gives the admin a choice: You can use either
lxc.cap.keep or lxc.cap.drop, not both.
Both continue to be ignored if a user namespace is in use.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 59d66af29da6ca8c5fa8cb63a5bbfc443811bb81
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Sep 5 16:56:54 2013 -0500
bdev: free after bdev_init
(Except in cases where we will immediately exit)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 41c3b7c7ac9b33bc562ebad9ea124912577f2ba5
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Sep 4 17:04:51 2013 -0400
valgrind: fix memory leak on container new/put
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 75b5535282453b3442a41df4a3ba6d3058cd6e48
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Wed Sep 4 17:01:09 2013 +0200
lxc-alpine: add hwaddr for a single macvlan interface
We already add harware address for a single veth interface. Do the same
with a single macvlan interface.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e34b5d2ef2c329afe6540bbfc298ae631378832e
Author: S.ÃaÄlar Onur <caglar at 10ur.org>
Date: Tue Sep 3 16:21:15 2013 -0400
bdev_copy segfaults if bdevtype is NULL
Signed-off-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit cd0bcc4958e58a2750cf9086f75649d14c83ac70
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Sep 3 15:11:07 2013 -0400
tests: Add lxc-test-usernic to the dist tarball
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Sep 3 14:29:46 2013 -0400
licensing: Add missing headers and FSF address
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Sep 3 11:36:09 2013 -0400
ubuntu: iproute is now called iproute2
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit c66e9b01f04840c5abc34d235dbbb2ec9ca55205
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Sep 3 07:56:11 2013 -0500
lua: update license
As with other files, update to be LGPL since these are part
of the lxc library.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ca9548ad02238600899a1f86ded308279964e018
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 30 17:27:14 2013 -0400
python: Fix api_test to use the new attach() API
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Sep 3 08:08:39 2013 -0500
lxc-commands: add a comment explaining CMD_* rules
We wish to ensure that, henceforth, newer lxc tools are always compatible
with older lxc monitors. Add a comment to commands.c to explain the
rule we wish to enforce to this end.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 0f081315a9310bf04fe4bc64b900ec6bac36f85d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 30 15:51:31 2013 -0500
remove old stale comments (lxc-clone is now implemented)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 188e0ab60bda276c688ad15877c6d6402081c6c9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 30 15:56:21 2013 -0400
Add a section about licensing to CONTRIBUTING
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit acbb59f50d5196facde837ea377f70e98ce1e6f8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 30 14:43:09 2013 -0500
fix license text in ubuntu and ubuntu-cloud templates
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d75462e4d663c58bde0787fdbe0ef3148e44cdde
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 30 14:42:20 2013 -0500
fix wrong license text for parts of liblxc library
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 30 12:08:26 2013 -0400
avoid zgrep -q as it's failing on some distros
Reported-by: Filirom1
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 30 11:47:58 2013 -0400
fedora: Add missing double-quotes.
Reported-by: tlc
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 840295ff4cf11da0938a19f99fef8a1525de8106
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 30 11:43:19 2013 -0400
Fix some typos
Signed-off-by: Dmitry Shachnev <mitya57 at ubuntu.com>
Reported-by: Vincent Ladeuil
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 80507ee8eb66f4f23494caae26f6d2f0b50480b6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Aug 29 10:41:19 2013 -0500
start.c: handle potential signal flood
Signalfd does not guarantee that we'll get an event for every signal.
So if 3 tasks exit at the same time, we may get only one sigchld
event. Therefore, in signal_handler(), always check whether init has
exited. Do with with WNOWAIT so that we can still wait4 to cleanup
the init after lxc_poll() exists (rather than complicating the code).
Note - there is still a race in the kernel which can cause the
container init to become a defunct child of the host init (!). This
doesn't solve that, but is a potential (if very unlikely) race which
apw pointed out while we were trying to create a reproducer for the
kernel bug.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 48c63f8d035045af1103b677b5ec577aec59a5b5
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Mon Aug 26 13:47:58 2013 +0200
lxc-alpine: create /dev/zero
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 23 12:45:15 2013 -0500
config_ipv6: run inet_pton on the addr value without mask
otherwise a "$addr/$mask" results in failure.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 79622932f21d22db36a0b6cca129f559b5e76108
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Aug 22 10:27:40 2013 -0500
api: convert lxc_start
Normal lxc-start usage tends to be "lxc-start -n name [-P lxcpath]".
This causes $lxcpath/$name/config to be the configuration for the
container. However, lxc-start is more flexible than that. You can
specify a custom configuration file, in which case $lxcpath/$name/config
is not used. You can also (in addition or in place of either of these)
specify configuration entries one-by-one using "-s lxc.utsname=xxx".
To support this using the API, if we are not using
$lxcpath/$name/config then we put ourselves into a custom lxcpath
called (configurable using LXCPATH) /var/lib/lxc_anon. To stop a
container so created, then, you would use
lxc-stop -P /var/lib/lxc_anon -n name
TODO: we should walk over the list of &defines by hand and set them
using c->set_config_item. I haven't done that in this patch.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit cb0c6c020314ee0fea0ce30d209711f7e9c29aaa
Author: Scott Moser <smoser at ubuntu.com>
Date: Thu Aug 22 15:38:48 2013 -0400
hooks/ubuntu-cloud-prep: add hostname to meta-data
prior to my enabling of the clone hook, the setting of the hostname
was being done by writing to /etc/hostname. Instead of relying on that
we're now writing 'local-hostname' into the metadata for the instance.
cloud-init then reads this and sets the hostname properly.
We are also writing /etc/hostname with the new hostname explicitly. This is
useful/necessary because on network bringup of eth0, dhclient will submit its
hosname. The updating done by cloud-init occurs to late, and thus
the dhcp request goes out with the un-configured hostname and dns doens't
work correctly.
Signed-off-by: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 92b0b5bac5717e5281f51340192288050409ad47
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 21 16:53:52 2013 -0500
api: convert lxc_wait, lxc_freeze, and lxc_unfreeze
These are the last of the simpler conversions. Start, execute,
kill, info and attach remain to be done.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit 9069513c69d77b5c22219b43f78ba1554431dd36
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 21 14:35:28 2013 -0500
lxc_cgroup: convert to using API
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit dfb31b25e298d98ea80a699f019308019c6670d8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 21 14:43:52 2013 -0500
Track snapshot dependencies (v2)
(Will push in a bit barring any objections)
lvm, btrfs, and zfs snapshots each do an ok job of handling deletions
for us - a btrfs snapshot does fine after the original is removed,
while zfs and lvm will both refuse to allow the original to be deleted
while the snapshot exists.
Overlayfs doesn't do this for us. So, for overlayfs snapshots, track
the dependencies.
When c2 is created as an overlayfs snapshot of dir-backed c1, then
1. c2's lxc_rdepends file will contain
c1_lxcpath
c1_lxcname
2. c1's lxc_snapshots will contain "1"
c1 cannot be deleted so long as lxc_snapshots exists and contains
a non-zero number.
The contents of lxc_snapshots and lxc_rdepends are protected by
container_disk_lock() and at lxc_clone by the new container not yet
being accessible.
(Originally I was going to keep them in the container config, but the
problem with using $lxcpath/$name/config is that api users could end up
calling c->save_config() with a cached old value of snapshots/rdepends.)
Changelog:
aug 21: check for fprintf and fclose failures
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit 84bdfb2b4c95b24fde5e90e621372fcd6c4d069b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 18:15:06 2013 -0500
avoid very unlikely race due to EEXIST
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 659aa0618c34cecd388df73936b41d5fb573090d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 18:01:07 2013 -0500
coverity: make indent match nest level
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5d9598d7d3206d1bede4932e7c8565f1ab309fbc
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 17:59:19 2013 -0500
coverity: dont dereference before null check
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a09295f841be8add0cbfc2932c59535f0d1365ed
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 17:54:19 2013 -0500
coverity: don't leak partial_fd
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ca6973422d5471281126e9e1884633367479f246
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 17:48:54 2013 -0500
coverity: don't leak open DIR
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 01efd4d3d91713fc4f8ca55c7726b8216ed16fc6
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 16:58:24 2013 -0500
coverity: correctly handle tpath error case.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 16:50:25 2013 -0500
coverity: ftell returns long, not size_t (which is unsigned)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b4569e93217fe9a18af35b4475c8f8eac1436759
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 20 16:29:29 2013 -0500
coverity: don't bother getting template path if we're not going to measure it
This should also fix a memory leak, since we were freeing it under ifdef
but always allocating it.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fb760f70541c9af728eb2ab0c6175875f7448752
Author: Scott Moser <smoser at ubuntu.com>
Date: Mon Aug 19 10:18:37 2013 -0400
ubuntu-cloud-prep: improve overlayfs workaround
the previous 'patch_start' can be vastly simplified now that I better
understand what the bug was. Instead of wrapping 'start', we only
need to ensure that /etc/init exists inside the overlayfs, so that the
directory that upstart watches is guaranteed to be in the overlay, not
the underlay.
The problem is described under bug 1213925.
Signed-off-by: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e14f67a7bfa7065480fc7cd47a45f209a0aee79b
Author: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>
Date: Mon Aug 19 13:34:59 2013 +0000
cgroup updates: fix several bugs
1. add cgroup_get_subsys_abspath() which returns the absolute
path for a subsystem mount, and use that where needed to actually
set cgroup values
2. cgroup_devices_has_{allow,deny}: don't mix int and boolean
values. Also, accept 'a *:* rwm" as any whitelist entry for
has_allow().
3. subsys_lists_match(): fix an off-by-one error in calculating
updated oldlen. (we need to keep the extra char for '\0')
4. return -1, not 0, if lxc_cgroup_attach fails to open
/proc/self/cgroup.
Signed-off-by: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>
commit c9ec905567952830d58a14d1e3a3ea4e1f8b0041
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Aug 19 00:52:44 2013 +0200
python/attach: Add function that returns personality for architecture
Adds the arch_to_personality function that looks up an architecture
and returns the corresponding personality. This may be used in
conjunction with the attach/attach_wait keyword argument.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 01bfae14dd898fecf0bd130e47a62a3155f619d0
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Aug 19 00:52:43 2013 +0200
python/attach: export CLONE_NEW* constants to Python
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 4f17323e79969a98604bc30a8cc24cf083d474c3
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Aug 19 00:52:40 2013 +0200
cgroup: minor bugfixes so start and attach work again
This fixes some minor bugs in the cgroup logic that made start and
attach fail (at least when all cgroup controllers were mounted
together).
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9c6694b7073a6ebfd1da4950e0c8db4b91530202
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Aug 19 00:52:42 2013 +0200
python/attach: Fix minor memory leaks
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a9cab7e39b101b89470e2e4109c14e7f17218032
Author: Christian Seiler <christian at iwakd.de>
Date: Mon Aug 19 00:52:41 2013 +0200
attach: Fix minor memory leak in environment variable handling
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 55c76589fd19e5f04697dcfd0084039cd77ef304
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Aug 19 14:37:20 2013 +0200
Remove all trailing whitespaces
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 16:55:40 2013 +0200
Fix lxc-user-nic to work on bionic
This adds a couple of missing includes, uses the local version of
getline on bionic and replaces getpwuid_r by getpwuid.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit e768f9c0f69df1f02f8252fead6d82648b410bd8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 16:42:39 2013 +0200
Add missing namespace.h include
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 511a6936c7062d59dd9335ef16d9165d19c45604
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 16:40:48 2013 +0200
Allow building without confstr
We use confstr to grab the default PATH value. If it's not there, just
use a standard one with bin and sbin for /, /usr and /usr/local.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 1a2e58cf55979749ea76835d0b36327c051c2715
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:38:13 2013 +0200
Don't define new_personality when building without personalities
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 5ec279894e8b1275b6cbfaaddb425e8f56639bdc
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:35:51 2013 +0200
Add missing sys/socket.h include
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:35:06 2013 +0200
Define SOCK_CLOEXEC when missing
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 7f3e12f3e5223c6a6c34bafdf47df86f66078963
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:22:28 2013 +0200
Use srand/rand instead of initstate/random
initstate/random doesn't work on bionic, srand/rand works on everything,
so let's use that.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2e74d6f3744e5aef2e01f1f295472ffdb58f1929
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:10:13 2013 +0200
Include stdio.h in getline.h for FILE
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 120ce443c466fb1d286ffd200ca22a1e9db7284c
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:08:39 2013 +0200
Import local getline copy on bionic
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2b89a9c19db30894e2476a5a750c443dee339d70
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 15:05:52 2013 +0200
Add missing sys/select.h include for fd_set
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit ec346ea11f76d0797035c476794104a3230531f9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:28:17 2013 +0200
Add missing syscall.h include to utils.h
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 180edd67022017351a6546b4aa79bcaefada01c8
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:25:28 2013 +0200
Add arm defines for __NR_signalfd(4)
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 590ae889334b01a59606a1a8952d976098bd6123
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:22:38 2013 +0200
Android now uses a sane clone() definition
The current Android NDK provides a clone() defintion that's identical to
eglibc's so we can drop the ifdef from that one.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit bff13ba210ed61f756fc82adce1921f84b43ffe0
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:19:44 2013 +0200
Define BLKGETSIZE64 and LO_FLAGS_AUTOCLEAR
Those two aren't always around (specifically on bionic), so add some
defines in case they aren't already defined.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 92adc3e911314a6f90986d8410ec0ff4b82c9f79
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:18:15 2013 +0200
Export the local getmntent_r implementation
New code now uses getmntent_r so we need it exported so that it can be
used when building on bionic.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 11:53:11 2013 +0200
Replace all calls to rindex by strrchr
The two functions are identical but strrchr also works on Bionic.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 11:47:10 2013 +0200
Add a local implementation of ifaddrs.h
This adds a local ifaddrs implementation to be used on Bionic or other C
libraries that don't come with a getifaddrs implementation.
This code was written by Kenneth MacKay and is under a two-clause BSD
license (copyright information in the file headers).
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit d24d56d7ee3420bb79238ff84cad07c20cf4757d
Author: Scott Moser <smoser at ubuntu.com>
Date: Fri Aug 16 16:47:32 2013 -0400
ubuntu-cloud-prep: patch /sbin/start for overlayfs
upstart depends on inotify, and overlayfs does not support inotify.
That means that the following results in 'tgt' not running. tgt is simply
used here as an example of a service that installs an upstart job and
starts it on package install.
lxc-clone -s -B overlayfs -o source-precise-amd64 -n test1
lxc-start -n test1
..
apt-get install tgt
The change here is to modify /sbin/start inside the container so that when
something explicitly tries 'start', it results in an explicit call to
'initctl reload-configuration' so that upstart is aware of the newly
placed job.
Should overlayfs ever gain inotify support, this should still not cause
any harm.
Signed-off-by: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 16 15:50:25 2013 -0500
lxc-clone: default to overlaysf for -s clone of dir
If you go to the trouble to request a -s (snapshot) clone of
a container which is dir backingstore, then you deserve an
overlayfs clone.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 6fe93aa1877359365a07d9110e0e2dbfb3b0205f
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 16 13:34:36 2013 -0500
cgroup.c: remove spurious ERROR messages
Because they are in probing functions.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit d74325c436457b87b17e3ea598a9eb4ba66e0d49
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 14:57:44 2013 +0200
Replace a few more str(n)dupa by str(n)dup + free
strdup and strndup still don't exist on bionic, so we need to do the
alloc() call ourselves or free the memory by hand.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1d374b9725e53d8b099970c1b501d56d599c4772
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 16 12:09:02 2013 +0200
Add attach_options.h to the list of included files
Without this, make dist doesn't include it and LXC fails to build.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Aug 15 15:37:30 2013 -0500
document new lxc-create btrfs behavior
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d44e88c26690a56f9efac58f602dba06c9ec0c90
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Aug 15 12:55:50 2013 -0500
bdev: support -B best and -B lvm,dir
-B dev will check whether btrfs, zfs, or lvm can be used,
in that order, and fall back to dir.
-B lvm,btrfs will try lvm first, then btrfs, then fail.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d3060bd055eac45c1767e1e80fcaba763eb7477d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Aug 15 12:22:26 2013 -0500
bdev_create: don't default to btrfs if possible
Ideally it would be great to default to a btrfs subvolume for each new
container created. However, this is not as we previously thought
without consequence. 'rsync --one-file-system' will not descend into
btrfs subvolumes. This means that 'lxc-create -B _unset' will cause
different behavior for rsync -vax /var/lib/lxc based on whether that
fs is btrfs or not.
So don't do that. If -B is not specified, use -B dir.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d007f8ab3da297ed0de884e0c6e57a66de2fcb42
Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Date: Thu Aug 15 14:27:05 2013 +0800
Add subdir-objects option to AM_INIT_AUTOMAKE
Fix build with automake 1.14 and newer, since it requires explicit
setting now.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit bf7d3153c925ca1404662a8fe031da27308f4187
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: Thu Aug 15 13:57:50 2013 -0400
lxc-fedrora: New patch for systemd detection and init configuration.
Satoshi Matsumoto certainly had the right idea and in spotting a bug in
the lxc-fedora template for systemd detection. Heart was in the right
spot but patch was not what we needed.
I've looked the patch code over for systemd support and init/upstart
support and modified the logic appropriately. If /etc/systemd/system
exists, we'll do the right thing by systemd. If /etc/rc.sysinit exists,
we'll do the right thing by init / upstart. If both are installed,
we'll trying and accommodate both in case someone is playing games with
the two (I've done this).
Patch was trivial, just took more time to actually test it and create
some containers with it and verify them, than it did to code them.
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3d5e9f4801c0311a6300fc781a4c0a09a6d463fe
Author: Christian Seiler <christian at iwakd.de>
Date: Tue Aug 13 23:04:37 2013 +0200
attach: implement remaining options of lxc_attach_set_environment
This patch implements the extra_env and extra_keep options of
lxc_attach_set_environment.
The Python implementation, the C container API and the lxc-attach
utility are able to utilize this feature; lxc-attach has gained two new
command line options for this.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit d7a09c630b2150636bf4dfb266bc632abd65dfa8
Author: Christian Seiler <christian at iwakd.de>
Date: Tue May 21 14:57:06 2013 +0200
python: add attach support
Add methods attach() and attach_wait() to the Python API that give
access to the attach functionality of LXC. Both accept two main
arguments:
1. run: A python function that is executed inside the container
2. payload: (optional) A parameter that will be passed to the python
function
Additionally, the following keyword arguments are supported:
attach_flags: How attach should operate, i.e. whether to attach to
cgroups, whether to drop capabilities, etc. The following
constants are defined as part of the lxc module that may
be OR'd together for this option:
LXC_ATTACH_MOVE_TO_CGROUP
LXC_ATTACH_DROP_CAPABILITIES
LXC_ATTACH_SET_PERSONALITY
LXC_ATTACH_APPARMOR
LXC_ATTACH_REMOUNT_PROC_SYS
LXC_ATTACH_DEFAULT
namespaces: Which namespaces to attach to, as defined as the flags that
may be passed to the clone(2) system call. Note: maybe we
should export these flags too.
personality: The personality of the process, it will be passed to the
personality(2) syscall. Note: maybe we should provide
access to the function that converts arch into
personality.
initial_cwd: The initial working directory after attaching.
uid: The user id after attaching.
gid: The group id after attaching.
env_policy: The environment policy, may be one of:
LXC_ATTACH_KEEP_ENV
LXC_ATTACH_CLEAR_ENV
extra_env_vars: A list (or tuple) of environment variables (in the form
KEY=VALUE) that should be set once attach has
succeeded.
extra_keep_env: A list (or tuple) of names of environment variables
that should be kept regardless of policy.
stdin: A file/socket/... object that should be used as stdin for the
attached process. (If not a standard Python object, it has to
implemented the fileno() method and provide a fd as the result.)
stdout, stderr: See stdin.
attach() returns the PID of the attached process, or -1 on failure.
attach_wait() returns the return code of the attached process after
that has finished executing, or -1 on failure. Note that if the exit
status of the process is 255, -1 will also be returned, since attach
failures result in an exit code of 255.
Two default run functions are also provided in the lxc module:
attach_run_command: Runs the specified command
attach_run_shell: Runs a shell in the container
Examples (assumeing c is a Container object):
c.attach_wait(lxc.attach_run_command, 'id')
c.attach_wait(lxc.attach_run_shell)
def foo():
print("Hello World")
# the following line is important, otherwise the exit code of
# the attached program will be -1
# sys.exit(0) will also work
return 0
c.attach_wait(foo)
c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'])
c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'],
attach_flags=(lxc.LXC_ATTACH_DEFAULT &
~lxc.LXC_ATTACH_MOVE_TO_CGROUP))
Note that while it is possible to execute Python code inside the
container by passing a function (see example), it is unwise to import
modules, since there is no guarantee that the Python installation
inside the container is in any way compatible with that outside of it.
If you want to run Python code directly, please import all modules
before attaching and only use them within the container.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit b7f2846aabb8c1c59b078b4c529e60ea254432f1
Author: Christian Seiler <christian at iwakd.de>
Date: Tue Aug 13 21:36:58 2013 +0200
python: improve convert_tuple_to_char_pointer_array
convert_tuple_to_char_pointer_array now also accepts lists and not only
tuples when converting to a C array. Other fixes:
- some checking that it's actually a list/tuple before trying to
convert
- off-by-a-few-bytes allocation error
(sizeof(char *)*n+1 vs. sizeof(char *)*(n+1)/calloc(...))
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 626ad11bfee3e12e675f51e92920030a6f383b19
Author: Christian Seiler <christian at iwakd.de>
Date: Tue Aug 13 21:33:19 2013 +0200
apparmor/attach: make sure buffer is NUL-terminated
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a0e93eeb2293e15a18e6c56271d13907f082c4df
Author: Christian Seiler <christian at iwakd.de>
Date: Tue May 21 14:57:06 2013 +0200
Add attach support to container C API
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 61a1d519f472c1ac95c641d974401c932f82be66
Author: Christian Seiler <christian at iwakd.de>
Date: Tue May 21 14:56:00 2013 +0200
Add helper functions to convert va_list of char* to char**.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 9c4693b853c5a9ab2156544ee3334a082cdba420
Author: Christian Seiler <christian at iwakd.de>
Date: Wed May 8 14:57:35 2013 +0200
lxc-attach: Completely rework lxc-attach and move to API function
- Move attach functionality to a completely new API function for
attaching to containers. The API functions accepts the name of the
container, the lxcpath, a structure indicating options for attaching
and returns the pid of the attached process. The calling thread may
then use waitpid() or similar to wait for the attached process to
finish. lxc-attach itself is just a simple wrapper around the new
API function.
- Use CLONE_PARENT when creating the attached process from the
intermediate process. This allows the intermediate process to exit
immediately after attach and the original thread may supervise the
attached process directly.
- Since the intermediate process exits quickly, its only job is to
send the original process the pid of the attached process (as seen
from outside the pidns) and exit. This allows us to simplify the
synchronisation logic by quite a bit.
- Use O_CLOEXEC / SOCK_CLOEXEC on (hopefully) all FDs opened in the
main thread by the attach logic so that other threads of the same
program may safely fork+exec off. Also, use shutdown() on the
synchronisation socket, so that if another thread forks off without
exec'ing, the synchronisation will not fail. (Not tested whether
this solves this issue.)
- Instead of directly specifying a program to execute on the API
level, one specifies a callback function and a payload. This allows
code using the API to execute a custom function directly inside the
container without having to execute a program. Two default callbacks
are provided directly, one to execute an arbitrary program, another
to execute a shell. The lxc-attach utility will always use either
one of these default callbacks.
- More fine-grained control of the attached process on the API level
(not implemented in lxc-attach utility yet, some may not be sensible):
* Specify which file descriptors should be stdin/stdout/stderr of
the newly created process. If fds other than 0/1/2 are
specified, they will be dup'd in the attached process (and the
originals closed). This allows e.g. threaded applications to
specify pipes for communication with the attached process
without having to modify its own stdin/stdout/stderr before
running lxc-attach.
* Specify user and group id for the newly attached process.
* Specify initial working directory for the newly attached
process.
* Fine-grained control on whether to do any, all or none of the
following: move attached process into the container's init's
cgroup, drop capabilities of the process, set the processes's
personality, load the proper apparmor profile and (for partial
attaches to any but not mount-namespaces) whether to unshare the
mount namespace and remount /sys and /proc. If additional
features (SELinux policy, SMACK policy, ...) are implemented,
flags for those may also be provided.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 650468bb4a5c9a6c69b524f574e8d0f315f45c37
Author: Christian Seiler <christian at iwakd.de>
Date: Tue May 21 11:58:35 2013 +0200
Fix return type of read/write utility functions.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit b93aac46f2802b3639c1ac2ed0cf71174673d110
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 14 15:01:40 2013 -0500
lxc-stop: exit with 1 or 2, not -1 or -2.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 01e6b7148046c3f41849d093bc61454279792b80
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 14 14:58:48 2013 -0500
lxc_destroy: print an error if the container is not defined.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 9 23:47:37 2013 -0500
cgroups: rework to handle nested containers with multiple and partial mounts
Currently, if you create a container and use the mountcgruop hook,
you get the /lxc/c1/c1.real cgroup mounted to /. If you then try
to start containers inside that container, lxc can get confused.
This patch addresses that, by accepting that the cgroup as found
in /proc/self/cgroup can be partially hidden by bind mounts.
In this patch:
Add optional 'lxc.cgroup.use' to /etc/lxc/lxc.conf to specify which
mounted cgroup filesystems lxc should use. So far only the cgroup
creation respects this.
Keep separate cgroup information for each cgroup mountpoint. So if
the caller is in devices cgroup /a but cpuset cgroup /b that should
now be ok.
Change how we decide whether to ignore failure to set devices cgroup
settings. Actually look to see if our current cgroup already has the
settings. If not, add them.
Finally, the real reason for this patch: in a nested container,
/proc/self/cgroup says nothing about where under /sys/fs/cgroup you
might find yourself. Handle this by searching for our pid in tasks
files, and keep that info in the cgroup handler.
Also remove all strdupa from cgroup.c (not android-friendly).
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 070a4b8e68a6bf9a96c24ded47974388c83f1d57
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 9 21:08:28 2013 -0500
lxc-user-nic: specify config and db files in autoconf
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 20ab58c777136a449b3199e0733b62fa87ecfa61
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Aug 9 14:48:35 2013 -0500
add lxc-user-nic
It is meant to be run setuid-root to allow unprivileged users to
tunnel veths from a host bridge to their containers. The program
looks at /etc/lxc/lxc-usernet which has entries of the form
user type bridge number
The type currently must be veth. Whenver lxc-user-nic creates a
nic for a user, it records it in /var/lib/lxc/nics (better location
is needed). That way when a container dies lxc-user-nic can cull
the dead nic from the list.
The -DISTEST allows lxc-user-nic to be compiled so that it uses
files under /tmp and doesn't actually create the nic, so that
unprivileged users can compile and test the code. lxc-test-usernic
is a script which runs a few tests using lxc-usernic-test, which
is a version of lxc-user-nic compiled with -DISTEST.
The next step, after issues with this code are raised and addressed,
is to have lxc-start, when running unprivileged, call out to
lxc-user-nic (will have to exec so that setuid-root is honored).
On top of my previous unprivileged-creation patchset, that should
allow unprivileged users to create and start useful containers.
Also update .gitignore.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3fb18be95747034bf36f46be11b0eb288b2ec1b4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 14 09:57:12 2013 -0500
hooks/Makefile.am: add ubuntu-cloud-prep
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit baece282266318a9bb527cefc85ebf7b6dd7f10e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 13 13:45:56 2013 -0500
lxc.conf.sgml.in: note the arguments and environment variables passed to hooks
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8bb17b7791777538d8f7cc957939fc871843f218
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 13 00:05:49 2013 -0500
mountcgroups: use the right configuration file!
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 79159a86ddb51071055abd7ee08935bc65b9e7a9
Author: Scott Moser <smoser at ubuntu.com>
Date: Sat Aug 10 05:51:21 2013 -0400
ubuntu-cloud-prep: cleanup, fix bug with userdata
--userdata was broken, completely missing an implementation.
This adds that implementation back in, makes 'debug' logic
correct, and then also improves the doc at the top.
Signed-off-by: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 034a01593a4ae10d6f1e49b71afbfff70cfc226c
Author: Franz Pletz <fpletz at fnordicwalking.de>
Date: Mon Aug 12 14:01:39 2013 +0200
lxc-destroy: Fix regular expression for getting rootfs
The `lxc-destroy` script was using a simple `grep` for extracting
`lxc.rootfs` from the lxc config. This regex also matches commented lines
and breaks at least removing btrfs subvolumes if the string `lxc.rootfs`
is mentioned in a comment. Furthermore, due to the unescaped dot in the
regex it would also match other wrong strings like `lxc rootfs`.
This patch modifies the regular expression to correctly match the beginning
of the line plus potential whitespace characters and the string
`lxc.rootfs`.
Signed-off-by: Franz Pletz <fpletz at fnordicwalking.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 54e339f91785368a7825b2edaad04c2177a1a382
Author: Scott Moser <smoser at ubuntu.com>
Date: Fri Aug 9 15:37:23 2013 +0100
ubuntu-cloud-prep: fix bad declare of VERBOSITY
Signed-off-by: Scott Moser <smoser at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 65d8ae9c4a66f5ca85289c02dc06d63261c84619
Author: Scott Moser <smoser at ubuntu.com>
Date: Thu Aug 8 19:16:59 2013 +0100
add a clone hook for ubuntu-cloud images
This allows ability to now specify '--userdata' arguments to 'create' or
to 'clone'. So now, the following means very fast start of instances with
different user-data.
$ sudo lxc-create -t ubuntu-cloud -n precise -- \
-r precise --arch amd64
$ sudo lxc-clone -B overlayfs -o precise -s -n ephem1 \
--userdata="my.userdata1"
$ sudo lxc-clone -B overlayfs -o precise -s -n ephem2 \
--userdata="my.userdata2"
Also present here is
* an improvement to the static list of Ubuntu releases. It uses
ubuntu-distro-info if available degrades back to a static list on failure.
* moving of the replacement variables to the top of the create template This
is just to make it more obvious what is being replaced and put them in a
single location.
Signed-off-by: Scott Moser <smoser at ubuntu.com>
commit 1c8e4ee0a08638e35732a0ddd0052ecde49fbecb
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 9 15:06:02 2013 +0200
Cleanup Makefile.am
Remove some dead code and fix identation, no functional change.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 4a0ba80d62c0d8aeb5c9857749659fdf716c380a
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Aug 9 11:32:55 2013 +0200
Replace mktemp() by a new mkifname()
Using mktemp() leads to build time warnings and isn't actually
appropriate for what we want to do as it's checking for the existence of
a file and not a network interface.
Replace those calls by an equivalent mkifname() function which uses the
same template as mktemp but instead checks for existing network
interfaces.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b40a606e52c788db85fe1c42d3747483d159b6a5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Aug 6 14:56:48 2013 -0500
Logging: don't confuse command line and config file specified values
Currently if loglevel/logfile are specified on command line in a
program using LXC api, and that program does any
container->save_config(), then the new config will be saved with the
loglevel/logfile specified on command line. This is wrong, especially
in the case of
cat > lxc.conf << EOF
lxc.logfile=a
EOF
lxc-create -t cirros -n c1 -o b
which will result in a container config with lxc.logfile=b.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 96532523ef90ea6ce3f08ec7d74c3c850b885e50
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Aug 5 15:20:29 2013 -0500
lxc-clone: don't s/oldname/newname in the config file and hooks
1. container hooks should use lxcpath and lxcname from the environment.
2. the utsname now gets separately updated
3. the rootfs path gets updated by the bdev backend.
4. the fstab mount targets should be relative
5. the fstab source directories could be separately updated if needed.
This leaves one definate bug: the lxc.logfile does not get updated.
This made me wonder why it was in the configuration file to begin with.
Digging deeper, I realized that whatever '-o outfile' you give
lxc-create gets set in log.c and gets used by the lxc_container object
we create at write_config(). So if you say
lxc-create -t cirros -n c1 -o /tmp/out1
then /var/lib/lxc/c1/config will have lxc.logfile=/tmp/out1 - which is
clearly wrong. Therefore I leave fixing that for later.
I'm looking for candidates for $p/$n expansion. Note we can't expand
these at config_utsname() etc, because then lxc-clone would see the
expanded variable. So we want to read $p/$n verbatim at config_*(),
and expand them only when they are used. lxc.logfile is an obvious
good use case. lxc.utsname can do it too, in case you want container
c1 to be called "c1-whatever". I'm not sure that's worth it though.
Are there any others, or is that it?
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Aug 7 08:53:07 2013 -0500
ubuntu-cloud: remove debugging echo
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit c9cbb9e51436f84d7871a50776dccacfd8dc196a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 26 22:57:10 2013 +0200
cgroups: fix the recently broken setting of clone_children
Several places think that the current cgroup will be NULL rather
than "/" when we're in the root cgroup. Fix that.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2c495ae35a804e3c12cb9f4826c30295043986ce
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 22 23:59:18 2013 -0500
cgroup_enter: catch write errors
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit d155b47dac549a5c30c0011923274e3744109c91
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 22 15:23:58 2013 -0500
define lxc-usernsexec
It uses the newuidmap and newgidmap program to start a shell in
a mapped user namespace. While newuidmap and newgidmap are
setuid-root, lxc-usernsexec is not.
If new{ug}idmap are not available, then this program is not
built or installed. Otherwise, it will be used to support creating,
starting, destroying, etc containers by unprivileged users using
their authorized subuids and subgids.
Example:
usernsexec -m u:0:100000:1 -- /bin/bash
will, if the user is authorized to use subuid 100000, start a
bash shell in a user namespace where 100000 on the host is
mapped to root in the namespace, and the shell is running as
(privileged) root.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 469b57873977afcb5d9f5adb00097c944caedd2a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 22 14:09:19 2013 -0500
lxclock: use XDG_RUNTIME_DIR for lock if appropriate (v2)
If we are euid==0 or XDG_RUNTIME_DIR is not set, then use
/run/lock/lxc/$lxcpath/$lxcname as before. Otherwise,
use $XDG_RUNTIME_DIR/lock/lxc/$lxcpath/$lxcname.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Cc: Stéphane Graber <stephane.graber at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit b60ed720848c8276e4e770d380ec6014768d9923
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 10 12:35:26 2013 -0700
A few changes for unprivileged lxc-start
When doing reboot test, must add clone_newuser to clone flags, else
we can't clone(CLONE_NEWPID).
If we don't have caps at lxc-start, don't refuse to start. Drop the
lxc_caps_check() function altogether as it is unused now.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit b113383b84e5fcd2997a939d3f826a06b109e3d9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Jul 18 22:46:30 2013 -0500
send current cgroup to lxc_cgroup_create()
This is needed if we're going to have unprivileged users
create containers inside cgroups which they own.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 1aad9e44d65e7c20dabc4c99f57bcf532db66c68
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 15 20:24:14 2013 -0500
ubuntu-cloud: changes to support unprivileged use
don't try to lock if using a specified tarball
The lock/subsys/lxc-ubuntu-cloud lock is to protect the tarballs
managed under /var/cache/lxc/cloud-$release. Don't lock if we've
been handed a tarball.
fake device creation
Unprivileged users can't create devices, so bind mount null, tty, urandom
and console from the host.
Changelog:
Jul 22: as Stéphane points out, remove a left-over debug line
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 8 20:25:06 2013 -0500
lxc-create: support unpriv users
Just make sure we are root if we are asked to deal with something other
than a directory, and make sure we have permission to create the
container in the given lxcpath.
The templates will need much more work.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 5be56973e5e874a142263dfb164b0b03e18a65f3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 8 20:15:29 2013 -0500
templates: require running as root
Up to now lxc-create ensured that you were running as root. Now the
templates which require root need to do it for themselves. Templates
which do mknod definately require root.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 4165b2c65648b5df521c6e83b1cbad91d0896a00
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Jul 18 16:08:12 2013 -0500
teach lxc-cirros about the --rootfs argument
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 6f259716e75552cf46ee5125bdbd21e34456d0c0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Jul 17 09:38:28 2013 -0500
ubuntu templates: add some kernel filesystems to container fstab
The debugfs, fusectl, and securityfs may not be mounted inside a
non-init userns. But mountall hangs waiting for them to be
mounted. So just pre-mount them using $lxcpath/$name/fstab as
bind mounts, which will prevent mountall from trying to mount
them.
If the kernel doesn't provide them, then the bind mount failure
will be ignored, and mountall in the container will proceed
without the mount since it is 'optional'. But without these
bind mounts, starting a container inside a user namespace
hangs.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 8058be395d46cfabf2dacd7df79e95309619986a
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Jul 16 10:35:02 2013 -0400
clone: only update <rootfs>/etc/hostname if it exists
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 819554fe20bbc0ce720b5ed0d5b8e53aeba6b284
Author: John McFarlane <john at rockfloat.com>
Date: Fri Jul 12 14:06:20 2013 -0700
Make get_ips timeout poll configurable
This commit increases the default timeout used by lxc-start-ephemeral
from 5 to 10, and adds support for an LXC_IP_TIMEOUT override.
Patchset 2:
- Previous patch used a command line arg.
Signed-off-by: John McFarlane <john at rockfloat.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 5202677243dcda16ab97c07d497174726198f7ab
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Jul 16 08:11:56 2013 -0500
lxccontainer: don't define certain variables if !HAVE_GNUTLS
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 27c27d73e1b1a07e3621484fa033206549e2a1f5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 15 16:42:15 2013 -0500
userns: clear and save id_map (v2)
Otherwise (a) there is a memory leak when using user namespaces and
clearing a config, and (b) saving a container configuration file doesn't
maintain the userns mapping. For instance, if container c1 has
lxc.id_map configuration entries, then
python3
import lxc
c=lxc.Container("c1")
c.save_config("/tmp/config1")
should show 'lxc.id_map =' entries in /tmp/config1.
Changelog for v2:
1. fix incorrect saving of group types (s/'c'/'g')
2. fix typo -> idmap->type should be idmap->idtype
Reported-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
Tested-by: Dwight Engen <dwight.engen at oracle.com>
commit 3ce746862b2a2b33f3de65aeecda0bad1a5dd27c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 12 14:07:23 2013 -0500
lxc_create: prepend pretty header to config file (v2)
Define a sha1sum_file() function in utils.c. Use that in lxcapi_create
to write out the sha1sum of the template being used. If libgnutls is
not found, then the template sha1sum simply won't be printed into the
container config.
This patch also trivially fixes some cases where SYSERROR is used after
a fclose (masking errno) and missing consts in mkdir_p.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 868a70afead6cc48a4c883126ea3ef01b6ec57e0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 12 15:33:06 2013 -0500
ubuntu-cloud template: accept --rootfs argument
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 6a2e602b1b03617e77dcd4b5f82f34713a970ac4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 12 14:08:17 2013 -0500
remove old lxc-create script.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit dc23c1c817da5c13529432270e51d0f7f3b1e95e
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 12 09:44:41 2013 -0500
create: add a quiet flag
If set, then fds 0,1,2 will be redirected while the creation
template is executed.
Note, as Dwight has pointed out, if fd 0 is redirected, then if
templates ask for input there will be a problem. We could simply
not redirect fd 0, or we could require that templates work without
interaction. I'm assuming here that we want to do the latter, but
I'm open to changing that.
Reported-by: "S.ÃaÄlar Onur" <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ae13ae0853a246119ddaf9c8cc6d128a21a8988c
Author: zoolook <nbensa+lxcusers at gmail.com>
Date: Thu Jul 11 20:38:02 2013 -0300
lxc_clone.c: Allow size subfixes for -L parameter
lxc-clone ignores size subfixes (K, M, G) when using -L parameter. The
following is a quick patch to allow, for example, lxc-clone -L 10G.
Signed-off-by: Norberto Bensa <nbensa at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 283678ed2ccd88a6ba57fcb28516311adcdb6fac
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jul 5 19:34:55 2013 -0500
Accomodate stricter devices cgroup rules
3.10 kernel comes with proper hierarchical enforcement of devices
cgroup. To keep that code somewhat sane, certain things are not
allowed. Switching from default-allow to default-deny and vice versa
are not allowed when there are children cgroups. (This *could* be
simplified in the kernel by checking that all child cgroups are
unpopulated, but that has not yet been done and may be rejected)
The mountcgroup hook causes lxc-start to break with 3.10 kernels, because
you cannot write 'a' to devices.deny once you have a child cgroup. With
this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets
the container's devices cgroup, and (c) setup_cgroup() during lxc startup
ignores failures to write to devices subsystem if we are already in a
child of the container's new cgroup.
((a) is not really related to this bug, but is definately needed.
The followup work of making the other hooks use the passed-in lxcpath
is still to be done)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit cbee8106e38f9ffa130c7bf8be325f7f203da67a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Jul 10 23:30:29 2013 -0500
lxcapi_create: fix template handling
1. If no template is passed in, then do not try to execute it. The user
just wanted to write the configuration.
2. If template is passed in as a full path, then use that instead of
constructing '$templatedir/lxc-$template'.
Reported-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 96b3cb407c07915db2cd0542c313a4bff4d1d389
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Jul 10 23:29:20 2013 -0500
lxcapi_create: split out the template execution
Make it its own function to make both more readable.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fb75356a85e3097db77386e7c62836a3ee69217f
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Jul 9 14:44:36 2013 -0400
oracle template: use clonehostname hook script
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1143ed392d2760e8f7aeee88d570bb0ba151885f
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Jul 9 16:19:45 2013 -0400
add clonehostname hook
This hook script updates the hostname in various files under /etc in the
cloned container. In order to do so, the old container name is passed in
the LXC_SRC_NAME environment variable.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b9b3a92f664fe3966decd0411b25fb6b77425e23
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: Tue Jul 9 15:40:38 2013 -0400
lxc-fedora template - Fix retries, use os-release for release, add utsname.
Hey all!
Patch for the Fedora template. Several things...
1) A month or so ago, I floated an idea of adding an option for utsname
which Serge seemed to like but we let it float for more feedback (none
came).
2) In private mail to Serge and Stéphane I mentioned the idea of using
the CPE (Common Platform Enumeration) for host distro and version
identification. I heard back from Serge but not Stéphane. CPE is a
standard promoted by NIST and Mitre (along with CVE and CVSS) as part of
the security community as a common identification mechanism. It's
supported by RedHat based distros and many others (notable exception
Ubuntu). I've patched the Fedora template to parse first
the /etc/os-release file or, alternatively, the /etc/system-release-cpe
file for the distro ID and version instead of the human
readable /etc/redhat-release. There's more that can be done with that
in the realm of cross distro container builds, I suspect.
3) At the time of working on 1&2 I noticed that the retry logic in the
Fedora template just didn't seem right. I believe I posted a message
asking for clarification on that behavior. A recently post in the
-users list indicating that someone could not create a Fedora 19
container (because the release ver string was 19-2 and the template was
only looking for -1) prompted me to rework the retry logic for handling
the mirror list and servers as well as revamp the download logic to
properly identify the correct release package.
The patch for all of the above is attached below the jump. It's been
tested on Fedora 17 through Fedora 19 hosts and has created containers
for F11, F12, F13, F14, F16, F17, F18, and F19. F15 failed for rpm
dependency issues that are not worth fixing (IMHO).
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
--
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3327917f4a991a49ba1562b774c63c45139772eb
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Jul 9 18:07:26 2013 -0400
fix potential out of bounds pointer deref
I noticed that if find_first_wholeword() is called with word at the very
beginning of p, we will deref *(p - 1) to see if it is a word boundary.
Fix by considering p = p0 to be a word boundary.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9313e1e628160ca64f9e7fcec6500056c9a0725f
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Tue Jul 9 18:30:52 2013 -0400
ubuntu: Tweak layout of the config
Just add an extra white line to both templates.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 6cda3f5ac1e3a20a97a419923e587d6bdb1fece9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Jul 8 13:02:52 2013 -0400
ubuntu: Fix openssh postinst call in >= saucy
The new openssh uses a different mechanism to start/stop the daemon
which in turn requires a few tweaks in our template to deal with both
the new and old ways of doing that.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit b58e60e232a3049d946a3b18e6f21912cd3453f0
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Jul 8 11:01:36 2013 -0400
lxc-start-ephemeral: Fix console() and add storage option
The introduction of the new console() python API broke
lxc-start-ephemeral's console(tty=1) call, I now changed that to
console() which does the right thing with both API versions.
This also adds a new storage-type option, letting the user choose to use
a standard directory instead of tmpfs for the container (but still have
it ephemeral).
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 39ffde307ad83bd407aaa6a0d81682902bab248b
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Jul 8 10:46:20 2013 -0400
python: Update scripts to respect PEP-8 spec
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit b0f9616f6227f56dce8ca2514610f432ba4fab8a
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Mon Jul 8 10:41:32 2013 -0400
python: Re-introduce timeout in get_ips
It turns out that most API users want some kind of timeout option for
get_ips, so instead of re-implementing it in every single client
software, let's just have it as a python overlay upstream.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 18efb001a4498f8fc62ab37f1db552fdf001e798
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri Jul 5 12:17:15 2013 -0400
fix sshd template
Commit a0a2066d introduced an lxc subdir into the lxc-init path, but
this was never reflected in the sshd template. Add it there.
Don't have ssh-keygen ask for passphrase since host keys are not
supposed to use them.
Don't try to symlink kmsg since /dev is bind mounted readonly.
Read-only bind mount some extra /etc directories, and sysfs which are
needed by dhclient on Fedora and Oracle Linux. Fix mounting of /proc.
Find sshd in more places by adding some common paths to $PATH, and
use the found path to it instead of hardcoded /usr/sbin.
Check for ifconfig command, and print out container's IP address.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ef091cefca5082007678fe82ad01389f7057ca48
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: Wed Jul 3 12:00:53 2013 -0400
lxcapi_set_cgroup_item: remove duplicate == 0
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9c631ea7c2906f41b23f5c8dcc9f6045078879db
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Jul 1 12:38:23 2013 -0400
allow lxc-info to get running container configuration
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Jul 1 12:38:15 2013 -0400
fix -c argument handling
commit 829dd918 added parsing of a -c argument to both the common options
handling and to lxc-start. It is not a common option, and should have only
been added to lxc-start. Because the common code is processing it, no other
command can use -c. Remove -c from being processed by the common code.
Tested that -c still works with lxc-start.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 53f3f04845a9eb60064c302e1f95652f665809f1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jul 1 15:32:25 2013 -0500
lxc_conf_init: make sure strdup succeeded
unlikely as a failure may be...
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2e599a6a25b533fe63840edc34ee265811b7b814
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Fri Jun 28 16:56:51 2013 +0200
lxc-alpine: make --release work when apk exists
Use sed to set the specified alpine release in the copied
/etc/apk/repositories
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 982e7b6ea40ea57923f4f094858424debc1a5f7f
Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date: Wed Jun 26 11:15:00 2013 +0300
lxc-alpine: option for specifying the release to be installed
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 85b41c7d7f72213199b5cff9525d17f44b49a842
Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Date: Wed Jun 26 11:14:59 2013 +0300
lxc-alpine: automatic repository selection
pick random server from mirror list
use the latest stable release
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 37cb98a2b7e5c7b0abf69f261a16d759453492f1
Author: Andrew Gilbert <andrewg800 at gmail.com>
Date: Thu Jun 27 08:09:05 2013 -0500
Add -n differentiation to lxc-netstat
lxc-netstat now only processes an -n argument if it has not previously
received a value for $name from --name or -n. If it _has_ received such
a value, it stops processing arguments and leaves the -n for netstat.
This does not apply to the use of --name after a name has been provided
by --name or -n; the current behaviour continues. The new behaviour
makes
netstat -n <container> -n -a
behave like
netstat -n <container> -a -n
which already will act as though there is '--' between '<container>' and
'-a' (see line 91 of lxc-netstat.in).
Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1a7cb0850405b271b7bedacd243235f29cd368df
Author: Andrew Gilbert <andrewg800 at gmail.com>
Date: Thu Jun 27 08:07:14 2013 -0500
Add double-dash to lxc-netstat re-call arguments
When lxc-netstat was called by lxc-unshare, it would be given the
arguments intended for netstat from the first invocation, but without
anything to separate them from the arguments intended for lxc-netstat.
This meant that netstat arguments like -n would result in lxc-netstat
trying to process them.
Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 176d9acb2ec17211a0d69bd2bd99f914fad8d7ad
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jun 21 14:16:42 2013 -0500
api_clone: don't remove storage if we haven't created it
In the best case we'll get errors about failing to remove it. In the
worst case we'll be trying to delete the original container's rootfs.
Reported-by: zoolook <nbensa+lxcusers at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ae3f8cf9a4a03c62c6c12968b38b2352388df91c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Jun 21 14:15:42 2013 -0500
Accept more word delimiters when updating hooks
When updating container names in hook files during a container clone,
we substitute the new container name for the old any time the old name
shows up as a separate word. This patch adds the four characters
'.,_-' as additional delimiters.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 618fa49dddbedd2b7319c0089dffd8d65aef8369
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Jun 19 14:12:37 2013 -0400
lxc-start-ephemeral: Fix get_ips call
The timeout option in get_ips has been deprecated, so work around it.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 54c30e290876c5fa6e4c7b5a511580793e4777e3
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Jun 18 14:52:24 2013 -0500
conf.c: always strdup rootfs.mount
The reason is that the generic code which handles reading
lxc.rootfs.mount always frees the old value if not NULL.
So without this setting lxc.rootfs.mount = /mnt causes
segfault.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 37903589a2de0cbd62f94c5fd06d0aa8d57ca140
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Jun 13 10:06:15 2013 -0500
don't set up console for lxc-execute
Currently due to some safety checks for !rootfs.path, lxc-execute works
ok if you do not set lxc.rootfs at all in your lxc.conf. But if you
set lxc.rootfs = '/', then it sets up console, and when you do an
lxc-execute, the console appears hung.
However the lxc.rootfs NULL check was just incidental to not dereference
a NULL pointer. In fact we should not be setting up a console if the
container isn't running a full-fledged distro with a getty/login
running on the container's /dev/console.
Have lxc_execute() mark in lxc_conf that this is a lxc-execute and not
an lxc-start, and don't set up the console.
The issue is documented at https://sourceforge.net/p/lxc/bugs/67/ .
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit b515981702133b9aaea1aff378493f054c14d46c
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Jun 12 08:09:16 2013 -0700
console API improvements
Add a higher level console API that opens a tty/console and runs the
mainloop as well. Rename existing API to console_getfd(). Use these in
the python binding.
Allow attaching a console peer after container bootup, including if the
container was launched with -d. This is made possible by allocation of a
"proxy" pty as the peer when the console is attached to.
Improve handling of SIGWINCH, the pty size will be correctly set at the
beginning of a session and future changes when using the lxc_console() API
will be propagated to it as well.
Refactor some common code between lxc_console.c and console.c. The variable
wait4q (renamed to saw_escape) was static, making the mainloop callback not
safe across threads. This wasn't a problem when the callback was in the
non-threaded lxc-console, but now that it is internal to console.c, we have
to take care of it. This is now contained in a per-tty state structure.
Don't attempt to open /dev/null as the console peer since /dev/null cannot
be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed
to get the console setup (and the log to work) since the case of not having
a peer at console init time has to be handled to allow for attaching to it
later.
Move signalfd libc wrapper/replacement to utils.h.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5d4d3ebb13705d1e102429c75fc06932f81816dd
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Wed Jun 12 11:18:04 2013 +0200
lxc-init: continue even if we fail to mount /dev/mqueue
The 'lxc-init' (a lightweight init process used by lxc-execute in place
of upstart etc) tries to mount /dev/mqueue during startup. If that fails
(for instance due to missing support for mqueue in kernel) then it
aborts execution and returns -1. This is unreasonable as very few
applications actually need /dev/mqueue.
This similar to what we do with /dev/shm.
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 71b0fed669a088675c1344ed68b250e87414c998
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Jun 5 17:37:03 2013 -0500
lxclock: move container locks into /run/lock
Currently the lxc API mutexes configuration file read/writes with a
lock called $lxcpath/locks/$lxcname. This fails if the container
is on a rofs.
This patch moves those locks under /run/lock/lxc.
The $lxcpath/$lxcname/partial file is not moved - if you can't
create it, you probably can't create the container either.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 54b79829e23e01998eeafb8156987937a894af3c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jun 10 11:52:44 2013 -0500
lxc_stop: return success if api_shutdown succeeded
I originally forgot to set ret = 0 if it succeeded, meaning that a
simple 'lxc-stop -n container1' returns failure even though the
stop succeeded.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jun 10 09:34:06 2013 -0500
conf.c: if we don't specify a rootfs, we still need proc mounted
otherwise we won't be allowed to set an apparmor context (on pid 1)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4
Author: Qiang Huang <h.huangqiang at huawei.com>
Date: Fri Jun 7 15:27:32 2013 +0800
lxc-execute: allow lxc-init to log only when we have a valid log level
Right now if we use lxc-execute without log level set, we get error:
lxc: invalid log priority NOTSET.
Because we set log level manually in execute_start(), but didn't
check if we have a valid log level or not, so fix it.
Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 38973621a40a5657b067409321d54759520d7951
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date: Thu Jun 6 19:59:31 2013 +0800
lxc-ps: display process when container is frozen
When we use lxc-ps to show the process, it's more appropriate to
show process when container is frozen.
Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 31f58b3fcec322dba1eed71e364335c30500066c
Author: Rui Xiang <rui.xiang at huawei.com>
Date: Sat Jun 8 18:04:47 2013 +0800
lxc-monitord: remove hard code execvp path of lxc-monitord
Sometimes, the path of lxc tools is not '/usr/bin', but
'/usr/local/bin' or other. Then execvp lxc-monitord will fail
in lxc_monitord_spawn.
Signed-off-by: Rui Xiang <rui.xiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit f02abefef9a59658c813e08f86a91fbe09eabf00
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri Jun 7 10:07:36 2013 -0400
fix check for lock acquired
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 93dc5327aa0c2b13d619b8bedf893eea983d4d68
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Jun 5 11:56:30 2013 -0500
lxclock and lxccontainer: switch from flock to fcntl
flock is not supported on nfs. fcntl is at least supported on newer
(v3 and above) nfs.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: zoolook <nbensa+lxcusers at gmail.com>
commit 1af60b514fc9d8da2b4485e9e8845619fb6c6b68
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date: Tue Jun 4 20:52:27 2013 +0800
lxc-ps: fix the display problem with arg --lxc
When we use arg --lxc to show processes in all containers, no
process displays, so fix it.
(Changelog: Serge: in-line fix of s/;;/;/ at line 69)
Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Jun 2 15:39:35 2013 -0500
implement loopback backing store
Create a loopfile backed container by doing:
lxc-create -B loop -t template -n name
or
lxc-clone -B loop -o dir1 -n loop1
The rootfs in the configuration file will be
loop:/var/lib/lxc/loop1/rootdev
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit f002c8a7655e42a325ef6bad9fb0844fad4e410b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jun 3 18:19:01 2013 +0200
lxc_create: support 'lxc-create -t <template> -h'
With the lxc-create script, 'lxc-create -t template -h' used to call
'template -h' to get template-specific help. The api based lxc-create
did not yet support that.
Add a 'helpfn' method to the lxc_arguments, which is called at the end
of printhelp, and passed the lxc_arguments. Use that in lxc_create to
reintroduce the desired behavior.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 4c1f6b67d9b842d9e5c293eea2ff19301ecc5596
Author: Qiang Huang <h.huangqiang at huawei.com>
Date: Mon Jun 3 09:48:14 2013 +0800
lxc-destroy: fix the wrong help info of lxc-destroy
Changelog: jun 3: (Serge) trivial typo fix inline.
Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3155e7f954d4b5d7da528d2a3cd8be254432e3c3
Author: Qiang Huang <h.huangqiang at huawei.com>
Date: Mon Jun 3 09:48:13 2013 +0800
lxc-create: fix the typo in help info
Fix typo in help info of lxc-create, and get rid of duplicate
comments in bdev.h
Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 63c3090c913142cd19f443b040cdede2c0522ce8
Author: Qiang Huang <h.huangqiang at huawei.com>
Date: Mon Jun 3 09:48:12 2013 +0800
arguments: should return negative number when error happens
We should return -ENOMEM instead of ENOMEM when realloc fails.
Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 44ef0c0c7200ef4e8783387d886d3748da3d50fd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Jun 3 10:47:21 2013 -0500
lxcapi_create: don't close stdin/out/err
Otherwise we can't see template progress.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 569bee5cc3d647032573db8f72734faa9307d577
Author: Natanael Copa <ncopa at alpinelinux.org>
Date: Tue May 28 10:25:14 2013 +0200
lxc-alpine: download a static package manager if its missing
If the package manager, apk-tools is missing, then:
- download a static binary and public keys
- verify the keys against embedded checksum
- verify the signature of the static binary against the downloaded keys
- use the verified static binary
Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 0a18b5458b6d0fcad9a82b96f99035254af50c7a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 31 16:09:14 2013 +0200
Define LXC_DEFAULT_CONFIG
And use it in place of the various ways we were deducing /etc/lxc/default.conf.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 3a647d582dc759e43c2087f0d906adf77c62ab6c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 31 16:02:33 2013 +0200
configure/makefile: rename default_conf to distro_conf
configure/makefile: rename default_conf to distro_conf, since it is a per-distro
default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to
refer to the installed file.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 3bc449ed24edc4b754cbe0af19fe878d29731f59
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 31 07:55:14 2013 -0500
lxccontainer: update locking comment
Update the LOCKING comment.
Take mem_lock in want_daemonize.
convert lxcapi_destroy to not use privlock/slock by hand.
Fix a coverity-found potential dereference of NULL c->lxc_conf.
api_cgroup_get_item() and api_cgroup_set_item(): use disklock,
not memlock, since the values are set through the cgroup fs on
the running container.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 73e608b21f73509c5f8c7a948cc6d4b0898edb2c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu May 30 11:22:16 2013 -0500
waitpid at abort to make sure we can rmdir cgroups
If we abort the container start, and don't wait for the init task to be
reaped after we kill it, then we can't remove the container cgroup
because it is not empty.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 39dc698cb4025516a3428a68e19da05feb6fc0e9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 29 12:26:25 2013 -0500
lxccontainer: don't lock around getstate and freeze/unfreeze (v2)
Those go through commands.c and are already mutex'ed that way.
Also remove a unmatched container_disk_unlock in lxcapi_create.
Since is_stopped uses getstate which is no longer locked, rename
it to drop the _locked suffix.
And convert save_config to taking the disk lock. This way the
save_ and load_config are mutexing each other, as they should.
Changelog: May 29:
Per Dwight's comment, take the lock before opening the config
FILE *.
Only take disklock at load and save_config when we're using the
container's config file, not when read/writing from/to another
file.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit 0115f8fd27b1a31d367bb161a121694f92b45e62
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 28 15:25:41 2013 -0400
add console to lxc api
Make lxc_cmd_console() return the fd from the socket connection to the
caller. This fd keeps the tty slot allocated until the caller closes
it. Returning the fd allows for a long lived process to close the fd
and reuse consoles.
Add API function for console allocation.
Create test program for console API.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3db989bad5d58bafac80f448e1dd2d048e791478
Author: Qiang Huang <h.huangqiang at huawei.com>
Date: Mon May 27 19:10:38 2013 +0800
lxc-console: use fd instead of 0 in setup_tios
We should use the fd specified by caller.
Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit dc5e436e702f0bf4001e3e6e9f855443b2fcf448
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 28 15:18:22 2013 -0400
lxc.spec.in: remove lxc-shutdown (for commit 3e625e2d)
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5790f7b7a76b9ccff662fdd6ff0013b8f218d020
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 28 15:27:42 2013 -0500
api_clone: call is_stopped_locked() to avoid deadlock.
Technically as Dwight has mentioned we should probably drop the locking
from api_state() altogether, since those are protected through the
lxc command system.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 64f782ca69c70fd155427a81d69fda593981e770
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 28 14:07:43 2013 -0500
lxc.conf.sgml.in: fill in missing configuration file statements
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1897e3bcd36af9f3fe6d3649910a9adb93e5e988
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 17 23:23:17 2013 +0200
Move container creation fully into the api
1. implement bdev->create:
python and lua: send NULL for bdevtype and bdevspecs.
They'll want to be updated to pass those in in a way that makes
sense, but I can't think about that right now.
2. templates: pass --rootfs
If the container is backed by a device which must be mounted (i.e.
lvm) then pass the actual rootfs mount destination to the
templates.
Note that the lxc.rootfs can be a mounted block device. The template
should actually be installing the rootfs under the path where the
lxc.rootfs is *mounted*.
Still, some people like to run templates by hand and assume purely
directory backed containers, so continue to support that use case
(i.e. if no --rootfs is listed).
Make sure the templates don't re-write lxc.rootfs if it is
already in the config. (Most were already checking for that)
3. Replace lxc-create script with lxc_create.c program.
Changelog:
May 24: when creating a container, create $lxcpath/$name/partial,
and flock it. When done, close that file and unlink it. In
lxc_container_new() and lxcapi_start(), check for this file. If
it is locked, create is ongoing. If it exists but is not locked,
create() was killed - remove the container.
May 24: dont disk-lock during lxcapi_create. The partial lock
is sufficient.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 60bf62d4ae36a48342fb8aee680fbd4b423810b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 17 07:20:10 2013 +0200
destroy: implement in the api
This requires implementing bdev->ops->destroy() for each of the backing
store types. Then implementing lxcapi_clone(), writing lxc_destroy.c
using the api, and removing the lxc-destroy.in script.
(this also has a few other cleanups, like marking some functions
static)
Changelog:
fold into destroy: fix zfs destroy
destroy: use correct program name in help
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3e625e2d2e12b919dd9590b97badc6108ee67b1a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu May 16 23:03:47 2013 +0200
lxc-stop: use api, remove lxc_shutdown, extend lxc-stop functionality
implement c->reboot(c) in the api.
Also if the container is not running, return -2. Currently
lxc-stop will return 0, so you cannot tell the difference
between successfull stopping and noop.
Per stgraber's email:
- Remove lxc-shutdown
- Change lxc-stop so that:
* Default behaviour is to call shutdown(), wait 15s for STOPPED, if
not STOPPED, print a message to the user and call stop() [ NOTE:
actually 60 seconds per followup thread]
* We have a -r option to reboot the container (with proper check that
the container indeed rebooted within the next 15s)
* We have a -s option to shutdown the container without the automatic
fallback to stop()
* Add a -k option allowing a user to just kill a container
(equivalent to old lxc-stop, no shutdown() call and no delay).
and update manpages.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5cee8c5040661f9875bf41cfffd641c87afae8af
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 24 16:03:22 2013 -0500
locking: update per Dwight's comment
Create three pairs of functions:
int process_lock(void);
void process_unlock(void);
int container_mem_lock(struct lxc_container *c)
void container_mem_unlock(struct lxc_container *c)
int container_disk_lock(struct lxc_container *c);
void container_disk_unlock(struct lxc_container *c);
and use those in lxccontainer.c
process_lock() is to protect the process state among multiple threads.
container_mem_lock() is to protect a struct container among multiple
threads. container_disk_lock is to protect a container on disk.
Also remove the lock in lxcapi_init_pid() as Dwight suggested.
Fix a typo (s/container/contain) spotted by Dwight.
More locking fixes are needed, but let's first the the fundamentals
right. How close does this get us?
Changelog: v2:
fix lxclock compile
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit df271a59cbfcfbe98fa4bd7af3ae595633539a12
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 22 16:24:00 2013 -0500
lxclock: Replace named sempahore with flock
The problem: if a task is killed while holding a posix semaphore,
there appears to be no way to have the semaphore be reliably
autmoatically released. The only trick which seemed promising
is to store the pid of the lock holder in some file and have
later lock seekers check whether that task has died.
Instead of going down that route, this patch switches from a
named posix semaphore to flock. The advantage is that when
the task is killed, its fds are closed and locks are automatically
released.
The disadvantage of flock is that we can't rely on it to exclude
threads. Therefore c->slock must now always be wrapped inside
c->privlock.
This patch survived basic testing with the lxcapi_create patchset,
where now killing lxc-create while it was holding the lock did
not lock up future api commands.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2acf77955239ec0046451fa16812d2884e6bd19b
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu May 23 15:44:39 2013 -0400
fix memory leaks in cgroup functions
There were several memory leaks in the cgroup functions, notably in the
success cases.
The cgpath test program was refactored and additional tests added to it.
It was used in various modes under valgrind to test that the leaks were
fixed.
Simplify lxc_cgroup_path_get() and cgroup_path_get by having them return a
char * instead of an int and an output char * argument. The only return
values ever used were -1 and 0, which are now handled with NULL and non-NULL
returns respectively.
Use consistent variable names of cgabspath when refering to an absolute path
to a cgroup subsystem or file, and cgrelpath when refering to a container
"group/name" within the cgroup heirarchy.
Remove unused subsystem argument to lxc_cmd_get_cgroup_path().
Remove unused #define MAXPRIOLEN
Make template arg to lxcapi_create() const
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 6a44839f5973f41553349f1b5e77d8db809e60eb
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu May 23 15:39:03 2013 -0400
consolidate missing C library functions into utils.h
This fixes the build of lxccontainer.c on systems that have __NR_setns
but not HAVE_SETNS.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ad5f15151580201b79fc140f664227b494639e81
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed May 22 22:28:43 2013 -0400
python: Fix lxc-ls's usage of get_ips()
The recent port of get_ips() from pure python to the C API came with
a couple of API changes for that function call (as were highlighted in
the commit message).
I somehow didn't notice that lxc-ls was still calling with the old API
and so was crashing whenever it was asked to show the ipv4 or ipv6 address.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 5bb4a226ebec9f3fb678a282a2b2833748d6707b
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: Tue May 21 14:17:25 2013 -0400
lxc-fedora template. Cleanup for rootfs.
This is just some minor changes in the way the Fedora template is
synthesizing the target rootfs_path. Currently, the template uses a
path with the container in it twice like this:
/var/lib/lxc/rasputin/rasputin/rootfs
This happens because the container name is already contained in the
"path" and the template appends it a second time. This changes the
logic to be congruent with other templates such as lxc-arch. The new
behavior will be to create the rootfs like this:
/var/lib/lxc/rasputin/rootfs
Attached below the jump.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
--
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 65be441e0892b45000b9b3863d407539e56e47a4
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 21 11:34:45 2013 -0400
oracle template: mount /dev/shm as tmpfs
sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC. Normally /dev/shm
is mounted in the initramfs created by dracut, but that won't be run for
a container so make sure that rc.sysinit mounts /dev/shm.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 481624b37b37ffa98b735cf3f94e35d1fbd729e0
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 21 13:30:09 2013 -0400
fix build with --enable-tests
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fa9ac567a7f1593c586cca57362f6b542985e5d7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 21 20:31:04 2013 -0500
attach: and cgroup.c: be overly cautious
Realistically (as Dwight points out) it doesn't seem possible that
getline won't return at least one line in this functions, however
just to make absolutely sure we don't get a segv on free(NULL),
check line != NULL before freeing it on exit.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 21 15:36:32 2013 -0400
fix getline(3) memory leaks
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fca3080f6a46f856c54218a8e478a174382b4c15
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 21 13:15:53 2013 -0400
fix minor gcc 4.7.2 error
lxccontainer.c:874:4: error: âforâ loop initial declarations are only
allowed in C99 mode
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit ef6e34eec8d5a9f1447462d6080facb674b3ccdb
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 17 18:29:12 2013 -0400
extend command processor to handle generic data
Motivation for this change is to have the ability to get the run-time
configuration items from a container, which may differ from its current
on disk configuration, or might not be available any other way (for
example lxc.network.0.veth.pair). In adding this ability it seemed there
was room for refactoring improvements.
Genericize the command infrastructure so that both command requests and
responses can have arbitrary data. Consolidate all commands into command.c
and name them consistently. This allows all the callback routines to be
made static, reducing exposure.
Return the actual allocated tty for the console command. Don't print the
init pid in lxc_info if the container isn't actually running. Command
processing was made more thread safe by removing the static buffer from
receive_answer(). Refactored command response code to a common routine.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9c83a661397456e1455d739bcadfa38f05ce2fe6
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Apr 26 16:01:58 2013 +0200
lxcapi: Add new get_ips() call
This adds a new get_ips call which takes a family (inet, inet6 or NULL),
a network interface (or NULL for all) and a scope (0 for global) and returns
a char** of all the IPs in the container.
This also adds a matching python3 binding (function result is a tuple) and
deprecates the previous pure-python get_ips() implementation.
WARNING: The python get_ips() call is quite different from the previous
implementation. The timeout argument has been removed, the family names are
slightly different (inet/inet6 vs ipv4/ipv6) and an extra scope parameter
has been added.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 92f023dccced28a55ce323253f298e9825fe7da7
Author: Christian Seiler <christian at iwakd.de>
Date: Mon May 20 17:54:23 2013 +0200
Implement simple utility functions for reading and writing to fds
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc
Author: Christian Seiler <christian at iwakd.de>
Date: Mon May 20 17:54:22 2013 +0200
Move declarations of some constants to where they are needed.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit c797a220d51d2796355fd60eca50523ffd6fb45e
Author: Christian Seiler <christian at iwakd.de>
Date: Mon May 20 17:54:21 2013 +0200
utils.c: Add lxc_wait_for_pid_status routine that returns exit code
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0
Author: Christian Seiler <christian at iwakd.de>
Date: Mon May 20 17:54:20 2013 +0200
wait_for_pid: Fix EINTR check
Signed-off-by: Christian Seiler <christian at iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d1240f0335e0c469b850da467661dfbb8f262727
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: Mon May 20 12:04:38 2013 -0400
lxc-fedora template - systemd console gettys
Hey all...
Patch to the lxc-fedora template to setup gettys on the ttys that are
enabled in the configuration. The area of the code already had some
modifications to that service that didn't seem to do anything and would
get wiped out by an update. I commented that out but subsumed the
change it was attempting into my command in case it does something on
another rev somewhere.
This is very similar to the logic in the OpenSuse template but doesn't
seem to appear in other templates, such as arch, which have to deal with
systemd. This isn't unique to Fedora. The templates for Fedora,
ArchLinux, and OpenSuse are the only three that seem to have any
reference to systemd at all.
Attached below the jump.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
--
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 11029c023a12dbe3f3569fcc22f25667686e417f
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 17 18:28:12 2013 -0400
return lxc generated name for veth pair
Doing a get_config_item for lxc.network.0.veth.pair only returns the
pair name if explicitly given, but it can be useful to know the name
even if it is the one that lxc autogenerated.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 40650ea6817286a9587a84bf3ce5d25d10620303
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 17 17:40:12 2013 -0400
quiet gcc 4.4.7 warning about saveptr use before initialization
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit de09eccbeda214a1ef5a9b7144870defa97e88c4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 17 11:25:15 2013 -0500
lxc-create: zfs: consistently use zfsroot, not zfs_root
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu May 16 08:22:41 2013 -0500
document clone hooks
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 148e91f56799f03c868deca8dcad473983a1a2bf
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 14 16:10:37 2013 -0500
lxc: add clone hook.
Add a clone hook called from api_clone. Pass arguments to it from
lxc_clone.c.
The clone update hook is called while the container's bdev is mounted.
Information about the container is passed in through environment
variables LXC_ROOTFS_PATH, LXC_NAME, The LXC_ROOTFS_MOUNT, and
LXC_CONFIG_FILE.
LXC_ROOTFS_MOUNT=/usr/lib/x86_64-linux-gnu/lxc
LXC_CONFIG_FILE=/var/lib/lxc/demo3/config
LXC_ROOTFS_PATH=/var/lib/lxc/demo3/rootfs
LXC_NAME=demo3
So from the hook, updates to the container should be made under
$LXC_ROOTFS_MOUNT/ .
The hook also receives command line arguments as follows:
First argument is container name, second is always 'lxc', third
is the hook name (always clone), then come the arguments which
were passed to lxc-clone. I.e. when I did:
sudo lxc-clone demo2 demo3 -- hey there dude
the arguments passed in were "demo3 lxc clone hey there dude"
I personally would like to drop the first two arguments. The
name is available as $LXC_NAME, and the section argument ('lxc')
is meaningless. However, doing so risks invalidating existing
hooks.
Soon analogous create and destroy hooks will be added as well.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 15 15:21:24 2013 -0500
cgroup: prevent DOS when a hierachy is mounted multiple times
When starting a container, we walk through all cgroup mounts looking
for a unique directory name we can use for this container. If the
name we are trying is in use, we try another name. If it is not in
use in the first mount we check, we need to check other hierarchies
as it may exist there. But we weren't checking whether we have already
checked a subsystem - so that if freezer was mounted twice, we would
create it in the first mount, see it exists in the second, so start
over trying in the second mount.
To fix this, keep track of which subsystems we have already checked,
and do not re-check.
(See http://pad.lv/1176287 for a bug report)
Note we still need to add, at the next: label, the removal of the
directories we've already created. I'm keeping that for later as
it's far lower priority than this fix, and I don't want to risk
introducing a regression for that.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 6031a6e5f939bda07d98768d34dafae677a7dfeb
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed May 15 12:27:34 2013 -0400
set non device cgroup items before the cgroup is entered
This allows some special cgroup items such as memory.kmem.limit_in_bytes
to be successfully set, since they must be set before any task is put
into the cgroup.
The devices cgroup is setup later giving the container a chance to mount
file systems before the device it might want to mount from becomes
unavailable.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d9e80daf54e15b89b0b08d475b29893be9830be0
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed May 15 13:23:12 2013 -0400
doc/lxc.conf minor clarifications
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 627fe3b4c3a65535eb53c3d63794705d8f6322d4
Author: Michael H. Warfield <mhw at WittsEnd.com>
Date: Tue May 14 17:45:12 2013 -0400
lxc-fedora-template: autodev, hostname, ARM archs, Raspberry Pi fixes
This took a lot longer for me to get around to it... Sorry.
Patch to the lxc-fedora template.
I didn't get any further comments from my earlier proposal, weeks ago,
and did get one addition based on comments about properly setting the
hostname in /etc/hostname, which I've added. I could have broken them
into separate patches but most are pretty small and minor.
Changes:
* Map armv6l and armv7l architectures to "arm" for yum and repos to
function properly.
* Detect Fedora Remix distros with no "/etc/fedora-release" file
(Raspberry Pi) and find proper release versions when "remix" part of the
file context.
* Change default Fedora container on non-Fedora hosts to Fedora 17.
* Added code for autodev for Fedora systemd containers.
* Added code to set /etc/hostname for Fedora > 14 (systemd).
* Fix a few typos.
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
--
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 794fb287b3bd7a6c07f99ec1565c517922287065
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: Wed May 15 12:08:14 2013 +0300
lxc-busybox: check when bind-mounting host libdirs
The patch removes the behavior of automatically mounting /lib
and /usr/lib, since this is duplicated a few lines below. It will
also remove the risk of failing when one of these entries are not
present on the host - e.g. on a 64bit machine.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 807732062eab6cd44fb033bfbb37fbb38907aa66
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 14 08:24:27 2013 -0500
lxc-cirros updates
fix userdata consumption
patch for console issue
Signed-off-by: Scott Moser <scott.moser at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 58a46e06210a6321c530735f15f66eb648c4657d
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 10 00:52:22 2013 -0500
add lxc-cirros
Add a template to create a cirros container. One great thing about
cirros is that the image you download is 3.5M.
Thanks smoser!
Note by default /etc/inittab doesn't have a /dev/console entry, so you
don't get a login on the lxc-start console. Adding
console::respawn:/sbin/getty 115200 console
makes that work, but ctrl-c still gets forwarded to init which then
reboots. So I didn't bother adding console as part of the template
(yet). Instead I simply lxc-start -d, then lxc-console.
Signed-off-by: Scott Moser <scott.moser at canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 714540763b8b1ac12c029d7760b4e4fe13a69b43
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon May 13 12:03:14 2013 -0400
serialize multiple threads doing lxcapi_start()
The problem is that the fd table is shared between threads and if a thread
forks() while another thread has an open fd to the monitor, the duped fd
in the fork()ed child will not get closed, thus causing monitord to stay
around since it thinks it still has a client. This only happened when
calling lxcapi_start() in the daemonized case since that is the only time
we try to get the status from the monitor.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 304143a823ede4eca52f1d11ae1449995ad503ff
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed May 8 16:44:10 2013 -0400
lxc-shutdown: fix lxc_path variable
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8d06bd135af4852f24660be965aba2d781223af4
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 16:40:49 2013 -0400
lxc-monitor multiple paths
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 566c0d6dce82ee573da01e325c53179ed74350f1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 7 19:28:32 2013 -0500
lxc-ps: handle cgroup collisions
A few months ago cgroup handling in lxc was updated so that if
/sys/fs/cgroup/$cgroup/lxc/$container already exists (most often
due to another container by the same name under a different lxcpath),
then /sys/fs/cgroup/$cgroup/lxc/${container}-N would be used.
lxc-ps was never updated to handle this. Fix that.
(Note, the ns cgroup is being special cased there, but I don't
really believe ns cgroup works any more.)
It would be preferable to rewrite lxc-ps in python or in C, but
this at least makes the basic lxc-ps work in the case of multiple
containers with the same name.
Changelog:
fix missing fi.
replace 'z1' with '$container' as pointed out by Christian
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7f4717c293fd5ecb9d605bed890cb412314aa8e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue May 7 15:33:42 2013 -0500
conf.c: remove a break
commit ab81cef05338e7a553aacca141287034d6daf167 meant to remove the
added break, but apparently i had not done 'git add' before commit
--amend. Remove the added break.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:38 2013 -0400
coverity: fix potential dereference NULL returned from malloc
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit f2bbe86da4044c8db39e6eae19541fe2d117bae7
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:33 2013 -0400
coverity: check return from waitpid
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 3856bc9ff50f2cbd6cb2830619f3594ffea0b344
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:26 2013 -0400
coverity: clonetest: check correct container is cloned
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:16 2013 -0400
coverity: condition already checked for
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 42fb4b1585d5f2073fbfe984acd46b625fd3c6a1
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:09 2013 -0400
coverity: open can return 0 as an fd, change error check to < 0
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 91c908ee8ea5aada054cbb7f4203d486c2e9a09e
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue May 7 10:57:03 2013 -0400
coverity: free malloc'ed memory in error case
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit ab81cef05338e7a553aacca141287034d6daf167
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 16:50:32 2013 -0400
coverity: fix dereference NULL return value
also break once we have found root, no need to search the rest of the mounts
Changelog: May 6: Serge: don't add the break. (see m-l)
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7c7ec7a8eded3d3864631165503fedb456e1b779
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date: Fri May 3 10:53:43 2013 +0200
support alternate container path in lxc-netstat.in
Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date: Fri May 3 10:53:41 2013 +0200
lxc-create: add missing -P option for running lxc-destroy
Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit d2c8186b4d185d75e81aec02d5a62dde4192c16d
Author: Harald Dunkel <harald.dunkel at aixigo.de>
Date: Fri May 3 10:53:40 2013 +0200
support alternate container path in lxc-shutdown
Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a9bafa108521ac785e846f2ace105c327371c106
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 16:50:20 2013 -0400
coverity: fix dereference before NULL check
also fixed some error strings while here
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3c73b55472c096f06fd037c3c0af011be62a432b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 3 16:36:08 2013 -0500
remove leftover debug cruft (thanks, Dwight)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a747894428ea38c4a908acacb610fc3de714e0c0
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 13:41:40 2013 -0400
coverity: ftell returns a signed value
The check for flen < 0 could never have been true since flen was declared
to be size_t (unsigned). Declare flen to be long since that is what ftell
returns.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8fb86a37daecd05e9ef7f291dd4762be881f88e4
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri May 3 12:28:06 2013 -0500
confile.c:config_network_ipv6_gateway: only define gw in needed scope
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit bec695f3ec43972ad38f06f92ff2db03d8405562
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 12:04:07 2013 -0400
coverity: fix leak when ipv6 gw is auto
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 12:04:01 2013 -0400
coverity: fix leak in error case
Since lxc_execute() is available through the library and is exposed via
the API we cannot be sure the caller will immediately exit, so we should
take care to free the allocated memory.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a2eea3c1974d70bdef74a0af6a14ca3a6fa41704
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Fri May 3 11:29:39 2013 -0400
coverity: ensure string is null terminated, return in
error case
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2d4bcb96155c0e4a5d2734017f889b993144e876
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date: Fri May 3 11:02:48 2013 +0800
lxc_start: free the conf if starting the container fails
When running lxc-start command with valgrind, it reports a memory leak error.
When lxc-start command fails, the conf which is from malloc has not been released.
This patch fix the problem.
Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fc7e88640cbdb402aaa048dd74829c8d09dda850
Author: Weng Meiling <wengmeiling.weng at huawei.com>
Date: Fri May 3 11:02:40 2013 +0800
add free conf->rcfile in lxc_conf_free
when releasing the conf, add free conf->rcfile which is from malloc
Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b85ab7989ebe24629267048cb269b278eeb50490
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu May 2 16:28:10 2013 -0500
ubuntu templates: add comments to show how to enable nesting
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 375c2258b24b233832c9ec43ab9c7b3f5dce25fb
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 1 23:37:05 2013 -0500
clone: a few fixes
clean up error case in clone, which in particular could cause double
lxc_container_put(c2)
for overlayfs, handle (with error message) all bdev types.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e0b0b533feed683ce12c94e11174019a5dac64fc
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed May 1 19:07:16 2013 -0400
allow lxc-init to log when rootfs not given
On Mon, 29 Apr 2013 14:44:47 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Dwight Engen (dwight.engen at oracle.com):
> > So I did this, only to realize that lxc-init is passing "none" for
> > the file anyway, so it currently doesn't intend to log. This makes
> > me think that passing NULL for lxcpath is the right thing to do in
> > this patch. If you want me to make it so lxc-init can log, I can do
> > that but I think it should be in a different change :)
>
> That actually would be very useful, but as you say that's a different
> feature - thanks.
... and here is said change.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit eee3ba81c88e64b8a732694fc4843a39d5bde491
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed May 1 08:33:12 2013 -0500
templates: deny writes to host's clock (v2)
Don't allow write to /dev/rtc0, and remove sys_time.
Thanks, Christoph.
v2: drop sys_time, sys_module, mac_admin and mac_override in
all templates.
Reported-by: Christoph Mitasch <cmitasch at thomas-krenn.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ee25a44fd389ed450e3d7ef9513eec19668f2de7
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Apr 30 16:33:18 2013 -0400
log.c: always use dir when lxcpath is not default
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b338c81b9f0130106eee4b2ff70959c2e62a1fac
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 30 14:45:32 2013 -0500
lxc.functions.in: add missing backquote
Reported by both Dwight and S.ÃaÄlar - thanks.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 385e7a431a1865017211478741408d505396f9a7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 30 14:23:08 2013 -0500
lxc.functions.in: use the right parameter to lxc-config to get lxcpath
Reported-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b164a17f9bfcc3f067dad33d0c38834aa22ca2b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 30 14:20:40 2013 -0500
remove lxc-clone-sh
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ec471210d97ba23b2de618349bdb6dd4145e53e0
Author: S.ÃaÄlar Onur <caglar at 10ur.org>
Date: Tue Apr 30 14:55:04 2013 -0400
Update .gitignore
Signed-off-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df
Author: S.ÃaÄlar Onur <caglar at 10ur.org>
Date: Tue Apr 30 14:55:03 2013 -0400
silence "sh: 1: zfs: not found" errors on systems without ZFS
Signed-off-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Apr 29 22:09:06 2013 +0200
introduce lxc_config
It's a tiny program (exported through the api) wrapping the util.c
helpers for reading /etc/lxc/lxc.conf variables, and replaces
the kludgy shell duplication in lxc.functions.in
Changelog: Apr 30: address feedback from Dwight
(exit error on failure, and use 'lxcpath' as name, not
'default_path').
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Dwight Engen <dwight.engen at oracle.com>
commit 1e1bb42a8fca68d9fa9391e6644aeff296479499
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Apr 29 14:50:30 2013 +0200
add vg and zfsroot options to lxc.functions and use in lxc-create
also make sure to drop spaces between = and variable in lxc.conf
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 31a95fecd2e0b1408e9a97e3ae36a7770544d1a2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sat Apr 27 04:59:11 2013 +0200
allow site-wide customization of zfsroot and lvm vg
/etc/lxc/lxc.conf can contain
zfsroot = custom1
lvm_vg = vg0
(Otherwise the defaults are 'lxc' for lvm_vg, and 'lxc' for zfsroot)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ca52dcb55961d75e0163f237c92d225964c786bd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Apr 26 18:00:28 2013 +0200
Several backing store improvements
allow copy clones from other bdevs
for lvm and zfs, as we don't yet support passing options, only default
VG of 'lxc' and default zfsroot of 'tank' are supported when converting
another backing store type.
refuse deletion of container which has lvm or zfs snapshots.
Note that since a zfs clone must be made from a zfs snapshot,
which is made from the original zfs fs, even after we
lxc-destroy the snapshotted container we still must manually
remove the snapshot. This can be handled automatically, by
looking for snapshots where c1 is the original, c2 is the clone,
tank/c2 no longer exists, but tank/c1 at c2 does. We can then
remove tank/c1 at c2 and feel free to remove tank/c1. This patch
does NOT do that yet.
Make sure not to return when we're a forked child.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 3baa76fe36bd2b59645a952c3a47a960090c38d2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Apr 26 00:14:37 2013 +0200
implement zfs bdev and clone
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 9be53773792fc9e8bd173edc3b7ac7e144875387
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 16 08:07:05 2013 -0500
implement backend drivers and container clone API (v3)
1. commonize waitpid users to use a single helper. We frequently want
to run something in a clean namespace, or fork off a script. This
lets us keep the function doing fork:(1)exec(2)waitpid simpler.
2. start a blockdev backend implementation. This will be used for
mounting, copying, and snapshotting container filesystems.
3. implement btrfs, lvm, directory, and overlayfs backends.
4. For overlayfs, support a new lxc.rootfs format of
'bdevtype:<extra>'. This means you can now use overlayfs-based
containers without using lxc-start-ephemeral, by using
lxc.rootfs = overlayfs:/readonly-dir:writeable-dir
5. add a set of simple clone testcases
6. Write a new lxc_clone.c based on api clone.
Still to do (there's more, but off top of my head):
1. support zfs, aufs
2. have clone handle other mount entries (right now it only clones
the rootfs)
3. python, lua, and go bindings (not me :)
4. lxc-destroy: if lvm backing store, check for snapshots of it.
(what about directories which have overlayfs clones?)
Changes since v2:
Initialize random generator when picking new macaddr (reported
by caglar at 10ur.org)
Fix wrong use of bitmask flags
On copy-clone of btrfs, create a subvolume
lxc_clone.c: respect the command line usage of the old script
lxc-clone(1): update documentation
Refuse to try changing backing stores expect to overlayfs, as
it is not implemented (yet) anyway.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Conflicts:
src/lxc/utils.h
commit ab1bf971d2db43777cbf3892fb887bf71ce7d155
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 29 14:54:08 2013 -0400
Create log file in lxcpath for non-system containers
On Fri, 26 Apr 2013 10:18:12 -0500
Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Dwight Engen (dwight.engen at oracle.com):
> > On Fri, 26 Apr 2013 09:37:49 -0500
> > Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> >
> > > Quoting Dwight Engen (dwight.engen at oracle.com):
> > > > Using lxc configured with --enable-configpath-log, and
> > > > specifying a path to the lxc commands with -P, the log file
> > > > path is generated with a basename of LOGPATH instead of the
> > > > lxcpath. This means for example if you do
> > > >
> > > > lxc-start -P /tmp/containers -n test01 -l INFO
> > > >
> > > > your log file will be
> > > >
> > > > /var/lib/lxc/test01/test01.log
> > > >
> > > > I was expecting the log to be /tmp/containers/test01/test01.log.
> > > > This is particularly confusing if you also have test01 on the
> > > > regular lxcpath. The patch below changes the log file path to be
> > > > based on lxcpath rather than LOGPATH when lxc is configured with
> > > > --enable-configpath-log.
> > > >
> > > > I think that even in the normal non --enable-configpath-log case
> > > > we should consider using lxcpath as the base and not having
> > > > LOGPATH at all, as attempting to create the log files
> > > > in /var/log is not going to work for regular users on their own
> > > > lxcpath. If we want that, I'll update the patch to do that as
> > > > well.
> > >
> > >
> > > Perhaps we should do:
> > >
> > > 1. If lxcpath == default_lxc_path(), then first choice is
> > > LOGPATH, second is lxcpath/container.log
> > > 2. when opening, if first choice fails, use second choice
> > > if there is any.
> > >
> > > That way 'system' containers will go to /var/log/lxc, as I think
> > > they should. Custom-lxcpath containers should never go
> > > to /var/log/lxc, since their names could be dups of containers in
> > > default_lxc_path(). And if the system is a weird one where
> > > default_lxc_path is set up so that an unprivileged user can use
> > > it, then we should log into $lxcpath.
> >
> > That sounds good to me. So these rules would apply in both the
> > regular and --enable-configpath-log cases.
I updated the patch to try to open the log file according to the
choices given above. Along the way I cleaned up log.c a bit, making
some things static, grouping external interfaces together, etc...
Hopefully that doesn't add too much noise.
> > > (Note this patch will trivially conflict with my new lxc_clone.c
> > > causing it to fail to build - unfortunate result of timing)
> >
> > Yeah unfortunately this touches every lxc_log_init() caller. I can
> > work on the above logic and re-submit after your new lxc_clone
> > stuff goes in.
>
> No no, I'll just need to remember to update mine. Don't hold up on
> mine, this is just the nature of such collaboration :)
>
> > Did you have any thoughts on the XXX what to pass in for lxcpath in
> > lxc_init? Right now it just falls back to LOGPATH.
>
> No - that's a weird one, since lxc_init runs in the container. If
> there were only system containers I'd say always use LOGPATH.
> However there are people (apparently :) who use container sharing the
> host's rootfs...
>
> lxc-execute does know the lxcpath. Perhaps we can simply have
> src/lxc/execute.c:execute_start() look at handler->conf to see if a
> rootfs is set. If rootfs is NOT set, then pass lxcpath along to
> lxc-init. Then lxc-init can mostly do the same as the others? (It
> doesn't use src/lxc/arguments.c, so you'd have to add lxcpath to
> options[] in lxc-init.c)
So I did this, only to realize that lxc-init is passing "none" for the
file anyway, so it currently doesn't intend to log. This makes me
think that passing NULL for lxcpath is the right thing to do in
this patch. If you want me to make it so lxc-init can log, I can do
that but I think it should be in a different change :)
--
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7f95145833bb24f54e037f73ecc37444d6635697
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 29 16:47:35 2013 -0400
fix building docs
Commit 69fe23ff added checking for the older docbook2man back into
configure, but this breaks building the docs on at least Oracle Linux and
Fedora when docbook2X is not installed as docbook2man will be found but the
docs don't actually build with that tool.
This change makes it so the docs can be built with either the older
docbook2man or the newer 2X tools by using configure to set the dtd
string to an appropriate value depending on use of docbook2man or
db2x_docbook2man.
Also fixed a small error in lxc-destroy.sgml.in that was noticed
by the old tools.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 33c2c3ec93c17758f37cc2e53f07f7dfe6b72336
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Apr 25 15:18:25 2013 -0500
add zfs support to lxc-create and lxc-destroy
This is based on patch from Papp Tamas (thanks). It also does some
reorganizing of lxc-create to commonize some of the backingstore handling.
I played with it using:
sudo lvcreate -L 100G -n zfs vg0
sudo zpool create lxc /dev/vg0/zfs
sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
or you could
qemu-img create zfs.img 100G
sudo qemu-nbd -c /dev/nbd0 zfs.img
sudo zpool create lxc /dev/nbd0
sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
I'll write the bdev.c handler and hook up lxc-clone next.
This also fixses a bug in the sed expression to extract the rootfs from
container config, which prepended an extra '/' to the rootdev. (That
caused the zfs list entry not to match at destroy)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Cc: Papp Tamas <tompos at martos.bme.hu>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit f485f377a1caba11c58da100d3db9a8c6fdeb7d5
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Thu Apr 25 12:21:53 2013 -0400
lxc_wait should start monitord
If lxc_wait is called before the container has started the socket will not
yet have been created and lxc_wait's connect to it will fail. Starting the
daemon will create the socket for lxc_wait to connect to.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 4f43438c476c3c5fb78d6192238d540108a33cb1
Author: Christian Seiler <christian at iwakd.de>
Date: Thu Apr 25 13:00:19 2013 +0200
lxc_attach: Use clone() instead of second fork()
Because of an assertion in glibc's fork() wrapper that parent pid and
pid of child should never be the same, one should avoid fork() after
attaching to a PID namespace, since the pid inside the namespace may
coincide with the pid of the parent outside the namespace, thus hitting
the aforementioned assertion.
This patch just changes the code in the most simple manner to use
clone() instead of fork(). Since clone() requires a function to be
called instead of returning 0, we move the code of the child into a
function child_main.
Signed-off-by: Christian Seiler <christian at iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 6320e49454b0fd86dde7df0af54a2e194ae59821
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Apr 25 17:31:34 2013 +0200
lxc.conf: Add reference to capabilities manpage
This adds a reference to capabilities(7) to the lxc.conf manpage.
Signed-off-by: Tomáš PospÃÅ¡ek <tpo_deb at sourcepole.ch>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 69fe23ff0777390e34a8c0b11ce6037e5aef9109
Author: Peter Simons <simons at cryp.to>
Date: Thu Apr 25 12:20:30 2013 +0200
configure: support for the "docbook2man" utility to build the documentation
This adds docbook2man as an alternative name for the docbook compiler.
As that name was used on Debian based systems for an older version of the tool,
this change also adds a check so that docbook2man is never used on Debian based
systems.
Reported-by: Peter Simons <simons at cryp.to>
Reported-by: Christian Bühler christian at cbuehler.de
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit f05699d19e27567583b9397a8d529e8aa275f5e1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Apr 24 22:47:50 2013 -0500
Revert "monitor.c: sanity check on waitpid return value"
It's reported to errors in parallel starts.
Reported-by: "S.ÃaÄlar Onur" <caglar at 10ur.org>
This reverts commit 6b7916695264238a490971e8cd87612154fc18b1.
commit 6b7916695264238a490971e8cd87612154fc18b1
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Apr 24 19:59:10 2013 -0500
monitor.c: sanity check on waitpid return value
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Apr 24 19:49:59 2013 -0500
close fd on error path
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 4fa22bfca1e94393aa3fbdc3fdf5516e75d47521
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Wed Apr 24 15:16:21 2013 -0500
lxc-create: cleanup whenever exiting with error
Otherwise we leave bad containers sitting around and further confuse
things on retries.
Reported-by: Mukanyiligira Didacienne <siyana223 at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit e51d4895129209cec1c15bda2322136a03ec94b2
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Apr 24 15:06:20 2013 -0400
Allow multiple monitor clients
This fixes a long standing issue that there could only be a single
lxc-monitor per container.
With this change, a new lxc-monitord daemon is spawned the first time
lxc-monitor is called against the container and will accept connections
from any subsequent lxc-monitor.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit dc7f65454ee88fbd50f4d6f8a7c567eb27107314
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Apr 24 21:38:32 2013 +0200
ubuntu: Don't break when the locale is C.*
Update the code to also match C.* so that C.UTF-8 doesn't make the
container creation fail.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 0a9362f5745a58a3d63354d76182108ea81ecf05
Author: S.ÃaÄlar Onur <caglar at 10ur.org>
Date: Tue Apr 23 17:24:31 2013 -0400
Support starting containers concurrently
Trying to start multiple containers concurrently may cause
lxc_monitor_read_timeout to fail as select call could be
interrupted by a signal, handle it.
Signed-off-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 15451ecf742bfa38a0732270b36d4a8666d2124e
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Apr 24 17:24:26 2013 +0200
python: Make the code compatibly with 3.2
The previous change used some 3.3-specific functions.
We still support 3.2 so revert to 3.2-compatible calls.
Reported-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 6516ad8b01aac298bffe60a8d7d21745f3354a38
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Apr 24 00:50:44 2013 +0200
python: Fix convert_tuple_to_char_pointer_array
This finally fixes a few issues with the magic
convert_tuple_to_char_pointer_array function.
This now clearly copies the char* from the python object so we don't
end up keeping reference to those.
Also add the few required free calls to free the content of the array.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 93d564edc5d69819e85c3fa93368d37ec803a2f9
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Wed Apr 24 11:41:45 2013 +0200
cgroup: Remove unused mntent variables
Spotted by coverity, we were now assigning mntent but only every using
mntent_r, so drop those variables and assignation.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit fd37327f57a6d53692babcaf69dfbd8f62e59918
Author: S.ÃaÄlar Onur <caglar at 10ur.org>
Date: Wed Apr 17 17:15:51 2013 -0400
Support stopping containers concurrently
Trying to stop multiple containers concurrently ends up with "cgroup is not mounted" errors as multiple threads corrupts the shared variables.
Fix that stack corruption and start to use getmntent_r to support stopping multiple containers concurrently.
Signed-off-by: S.ÃaÄlar Onur <caglar at 10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit cf0f903326cf3cdd10f834c1bbc627fd81e06044
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 23 08:37:41 2013 -0500
detect APT_PROXY from host apt.conf
Introduce a new HTTP_PROXY variable in /etc/default/lxc. If unset or
set to none, then behavior continues as before. If set to 'apt', then
any http::proxy set in apt.conf will be used as http_proxy for
debootstrap, and specified in the container's
/etc/apt/apt.conf.d/70proxy. If set to something else, then the
value of HTTP_PROXY will be used as http_proxy for debootstrap and
specified in the container's 70proxy.
Changelog: (apr 23) merge the two apt proxy detection functions.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 051151de890705173a42bbead40a6125d34ea41b
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 22 14:02:30 2013 -0400
goto correct cleanup label to ensure fd is closed
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit bbb8a488aeacf8a226d49773fe13798a202a78e2
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Apr 22 15:46:26 2013 -0500
remove needless check for 'line' which cannot be NULl there
(found by coverity)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 7e1667d76e76eb3d571be5e4b545e8ace6e92187
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Mon Apr 22 15:40:57 2013 -0500
cgpath test: don't check path len before checking if it is null
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ddb17f1f0870ddb1678e34652f54458207cb3bb0
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 22 11:16:57 2013 -0400
make lxc_af_unix_open() safely return error on long pathnames
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 599d42525144cf0fcc7de6ac1b576c5c6ae290c2
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Sun Apr 21 22:42:06 2013 +0200
python: Fix get_ips and nesting with lxcpath
When using -P (lxcpath), the parameter path needs to be forwarded
to the various commands being run but not used by the nested lxc-ls
as it's relatively unlikely that both the host and the nested containers
use a custom path.
This isn't ideal but short of having a way to provide the container path
for every single of the nesting (with potential unlimited depth), it's
the best we can do.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a2abaa9ec60a8967611e8c8905698bd01bde5861
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Sun Apr 21 20:09:24 2013 +0200
ubuntu: Various fixes
- Drop disabled entries from allowed devices list
- Improve generated config layout a bit
- Drop redundant uname call
- Re-generate the SSH host keys on container creation
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit ed4616b1cfbc84dd01caa8546d813e8c5d482921
Author: Christian Bühler <christian at cbuehler.de>
Date: Sat Apr 20 15:50:13 2013 +0200
Use "uname -m" instead of "arch"
According to "arch"'s manpage, it's identical to "uname -m".
Some distros ship uname but don't ship arch, however all distros ship uname,
therefore it makes sense to use "uname -m" whenever possible.
Signed-off-by: Christian Bühler <christian at cbuehler.de>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 6c5db2af1f706e8f21f2a5f074bada96e9011052
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Apr 18 22:20:53 2013 +0200
python: Various fixes to the python scripts
This fixes a few issues uncovered by the recent C module fix.
In lxc-start-ephemeral, the hwaddr code wasn't actually working.
Replace by code that properly iterates through the network interfaces
and sets a new MAC address for each entry.
In the python overlay, catch the newly emitted KeyError when in
set_config_item (or setting any previously unset variable would fail).
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2ebec36f271d4ee943281e32feb3552745115347
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Fri Apr 12 11:19:56 2013 +0200
python: Lots of fixes in C extension
Fixes a lot of issues found by a code review done by Barry Warsaw.
Those include:
- Wrong signature for getters
- Various memory leaks
- Various optimizations
- More consistent return values
- Proper exception handling
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Reported-by: Barry Warsaw <barry at ubuntu.com>
Acked-by: Barry Warsaw <barry at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 860fc865b0ae0fd6381a8a9a777efdbde0aaefb6
Author: Richard Weinberger <richard at nod.at>
Date: Wed Apr 17 23:54:09 2013 +0200
utils: reimplement/fix mkdir_p() (v2)
Reimplement mkdir_p() such that it:
...handles relativ paths correctly. (currently it crashes)
...does not rely on dirname().
...is not recursive.
...is shorter. ;-)
Signed-off-by: Richard Weinberger <richard at nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 23154d5764c06b68a5c154cecd89524ebe747ca1
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Apr 18 10:30:33 2013 +0200
Revert "start: Detect early failure of the new child"
This reverts commit 5a5c35c3a01afec515e688c8366e6f893985518d.
This commit was preventing startup of containers using lxc hooks and
shutdown of all other containers, requiring the use of a good old
kill -9 to get rid of lxc-start after a container shutdown.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 3763ee85915d28737bfebffa136bfb49ef0a2109
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Apr 18 10:29:44 2013 +0200
Revert "utils: reimplement/fix mkdir_p()"
This reverts commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6.
This commit was preventing container startup on my machine, making them
all fail with various "No such file or directory" errors.
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6
Author: Richard Weinberger <richard at nod.at>
Date: Wed Apr 17 17:13:40 2013 +0200
utils: reimplement/fix mkdir_p()
Reimplement mkdir_p() such that it:
...handles relativ paths correctly. (currently it crashes)
...does not rely on dirname().
...is not recursive.
...is shorter. ;-)
Signed-off-by: Richard Weinberger <richard at nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 5a5c35c3a01afec515e688c8366e6f893985518d
Author: Richard Weinberger <richard at nod.at>
Date: Tue Apr 16 23:42:23 2013 +0200
start: Detect early failure of the new child
If the process in the new namespace dies very early
we have currently no chance to detect this.
The parent process will just die due to SIGPIPE
if it write to the fd used for synchronisation and
nobody will notice the real cause of the problem.
Install a SIGCHLD handler to detect the death.
Later when the child does execve() to the init within
the new namespace the handler will be disabled automatically.
Signed-off-by: Richard Weinberger <richard at nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 6b28a086310b8715f4655446f4c01d9555ef1786
Author: Richard Weinberger <richard at nod.at>
Date: Tue Apr 16 23:48:16 2013 +0200
init: Fix whitespace damage
While we are here, fix the whitespace damage.
Signed-off-by: Richard Weinberger <richard at nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit a81bad13ec305b885eff2934307d9205d55e0050
Author: Richard Weinberger <richard at nod.at>
Date: Tue Apr 16 23:48:15 2013 +0200
init: unnest interrupt_handler
There is no need to use nested functions voodoo.
Signed-off-by: Richard Weinberger <richard at nod.at>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2c7d90ac6eb4d883d9650d17cd915d958b4e5e66
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Apr 16 11:47:29 2013 -0400
quiet gcc 4.4.7 warning about saveptr use before initialization
The recent change to use strtok_r causes a build warning with this older
gcc version, so initialize saveptr to NULL to quiet the compiler and
unbreak the build. There was no warning with gcc 4.7.2 that I
originally tested with.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit 98663823e47ec56ff5a8205a17cc884acbf9cabd
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 16 07:41:17 2013 -0500
fix spacing
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 883f4a1eae77f332059dc0be6f965485a0361ec0
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 16 07:35:05 2013 -0500
mkdir_p: account for '//foo/bar'
As Richard reported, dirname('//') returns //. But mkdir_p only stops
when called with '/', resulting in infinite recursion when given a
pathname '//foo/bar'.
Reported-by: richard -rw- weinberger <richard.weinberger at gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit ce4c4ca43586825a13c1abb4ce13e90d9447a0eb
Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Date: Thu Apr 11 16:29:44 2013 +0300
lxc-template: enable chroot + chpasswd functionality for Busybox hosts
This patch supports the scenario where a user wants to install a
busybox container on a busybox host.
When running the template, in order to change the root password,
the template needs to do the chroot. On busybox-powered hosts, chroot
is not part of the coreutils package - it's part of busybox. And the
busybox implementation or chroot only works if it has /lib in the new
root populated with the right binaries (or at least that's the
solution I found to make it work).
The temporarily bind-mounts /lib in the NEWROOT, chroots there,
changes the password, goes back and unmounts. This set of operations
is contained in a new MOUNT namespace, using the lxc-unshare call.
Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 8e7da691af29fe1d8b93d2e4acc98eb188ae74cc
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 15 13:43:14 2013 -0400
fix checking hook script exit code
pclose returns the exit status from wait, we need to check that to see if
the script itself failed or not. Tested a script that returned 0, 1, and
also one that did a sleep and then was killed by a signal.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 2796cf790f80e8be8dd90238f6789e52bd3cc2ac
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 15 15:28:07 2013 -0400
fortify: use reentrant safe strtok_r
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit e6a19d2683629888175371ed2eeb8a49a7b44873
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 15 15:59:12 2013 -0400
fortify: minor cleanups for unused variables, stricter types
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 0a2188544a538b421612c90d44e56853a9d64458
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 15 15:40:53 2013 -0400
fortify: check the value returned from write(2)
Also check that we wrote the amount we expected to. The write on the pty
is blocking but we could still get a short write on EINTR, so we should
SYSERROR it.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 03027ad99f2759182fbcd3363298ae6adaf88cdb
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 15 16:05:36 2013 -0400
fix lxc-attach usage
This makes it match the manpage and be consistent with lxc-execute
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 4d44e274dcd933327c4f1c1cc7e1f876d08ffa85
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 22:57:46 2013 -0500
fix coverity-found errors.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 00b6be440f93131e35e75fb1b34d8d3220590bb5
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 22:44:09 2013 -0500
coverity resource leak fixes
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 5371906219ff19886169612993efbb8e82f749a7
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 22:22:10 2013 -0500
fix coverity-found resource leaks on error paths.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 2802732032aeaabe8c793ae76112d9c8ba13ee23
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 22:16:26 2013 -0500
fix coverity-found resource leaks in config_network_ipv6
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit bb1d227404ff96564877a04ef9299c63f608f543
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 22:02:03 2013 -0500
fix free of alloca()d buffer (found by coverity)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 022de5f317014c538e17378b626cf3267625e141
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:59:02 2013 -0500
fix resource leak of netdev on error path found by coverity
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b6f24d54f54146a0f5de700dac7ffc2ef7624359
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:56:51 2013 -0500
fix resource leak of utsname in error path found by coverity
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a6537fbbfb0b9d08adc58ae23b873a084e5d479c
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:48:49 2013 -0500
genl.c: fix a resource leak found by coverity
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit a741a85d8e241e9ca773f3cd7575d720837fcb51
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:45:00 2013 -0500
lxcapi_create: fix leak of tpath when a container already exists
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit b4e4ca49c792d7320787a6991ce1815d26060d39
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:39:34 2013 -0500
lxc_monitor: make sure msg.name is null terminated (bug found by coverity)
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit c928f41fc0e79a24e4c43a80fb26b3c46997d91a
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:18:53 2013 -0500
ifdef out skipped startone test code
Unfortunately installing a working lxc-init is somewhat hairy and
distro-dependent. So we skipped it before, but Coverity didn't
like that, so just ifdef it out.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 416707883893211a15c031b1f3589bc7cde9bf2b
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:17:09 2013 -0500
lxccontaienr: fix missing va_end in error case.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 586d4e9be1eb13cd9cb77cf6c56ce57e24623c44
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Sun Apr 14 21:12:58 2013 -0500
lxcccontainer: add missing va_end found by coverity
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit af41709c4243e0fd9dc1fac5f22cdd47316f8277
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Apr 12 15:15:22 2013 -0500
af_unix.c: fix coverity-found bug: pass addr size
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit bdb539b89bbe123018392bb8c64cb94c13d736a8
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Apr 12 15:11:29 2013 -0500
lxclock: fix coverity-found leak
if sem_init fails, free what we mallocd.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 8767795058ca5b46c8a9e335ad941d8799241716
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Fri Apr 12 15:11:11 2013 -0500
lxclock: indentation
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 43d1aa34aab1c43bce8f083d024bf54f0246a884
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Thu Apr 11 11:43:31 2013 -0500
Fix up struct lxc_container locking
1. in container_free, set c->privlock to NULL before calling
sem_destroy, to prevent a window where another thread could call
sem_wait(c->privlock) while c->privlock is not NULL but is already
destroyed.
2. in container_get, check for numthreads < 0 before calling lxclock.
Once numthreads is 0, it never goes back up.
Following is a comment added to lxccontainer.c:
/*
* Consider the following case:
freer | racing get()er
==================================================================
lxc_container_put() | lxc_container_get()
\ lxclock(c->privlock) | c->numthreads < 1? (no)
\ c->numthreads = 0 | \ lxclock(c->privlock) -> waits
\ lxcunlock() | \
\ lxc_container_free() | \ lxclock() returns
| \ c->numthreads < 1 -> return 0
\ \ (free stuff) |
\ \ sem_destroy(privlock) |
* When the get()er checks numthreads the first time, one of the following
* is true:
* 1. freer has set numthreads = 0. get() returns 0
* 2. freer is between lxclock and setting numthreads to 0. get()er will
* sem_wait on privlock, get lxclock after freer() drops it, then see
* numthreads is 0 and exit without touching lxclock again..
* 3. freer has not yet locked privlock. If get()er runs first, then put()er
* will see --numthreads = 1 and not call lxc_container_free().
*/
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Seth Arnold <seth.arnold at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>
commit e649c8032f84b488cac8ea6c8fb9a77c424a0419
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: Thu Apr 11 14:15:21 2013 +0200
python: Fix memory management
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
commit 75129865d48d2293383316f88ce7661e37dde43d
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Apr 3 14:43:15 2013 -0400
ubuntu template: fix installation when LANG=C
The ubuntu template will silently fail (because it is set -e) on
the locale-gen command when LANG=C
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Apr 3 12:31:46 2013 -0400
oracle template: install additional user specified pkgs
Fix lxc-create to not word split template arguments. This makes
lxc-create -n ol -t oracle -- -r "at cronie wget" work since the argument
to -r will be passed as one arg instead of three.
Fix oracle template -u option to shift the correct amount.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 33892746e373449a8a69a4265d783bf701cb5784
Author: Wojciech Izykowski <wizykowski at gmail.com>
Date: Sat Apr 6 16:33:00 2013 +0200
lxc-start-ephemeral: fixed bug with wrong ssh option (-k instead of -i)
Corrected ssh option for custom key (from -k to -i). Just see ssh
manpage for justification.
Signed-off-by: Wojciech Izykowski <wizykowski at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit 6efdcb6a3cc4d06bf64af69b08bc95335f02b79f
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Apr 3 17:08:32 2013 -0400
debian template: set arch when dpkg doesn't exist on host
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
commit fe19f236a2295da1e01ab05ff59853c5a4556811
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Mon Apr 8 12:45:23 2013 -0400
fix wait status in pid reuse case
Commit 37c3dfc9 sets the wait status on only the child pid. It
intended to match the pid only once to protect against pid reuse but it
won't because the indicator was reset to 0 every time at the top of the
loop. If the child pid is reused, the wait status will be set again.
Fix by setting indicator outside the loop.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 1354f952876e96b456425efc7ed9994caf687028
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Tue Apr 9 09:41:15 2013 -0400
minor documentation fixes / clarification
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit 190a2ea88e9820e5e150ce36414233da4bd34b44
Author: Dwight Engen <dwight.engen at oracle.com>
Date: Wed Apr 10 10:49:51 2013 -0400
remove unused lxc_copy_file
Commit e3642c43 added lxc_copy_file for use in 64e1ae63. The use of it
was removed in commit 1bc60a65. Removing it reduces dead code and the
footprint of liblxc.
Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
commit fd95f2402dc70ad41fa2db8fb101f950196458a9
Author: Serge Hallyn <serge.hallyn at ubuntu.com>
Date: Tue Apr 9 16:23:05 2013 -0500
lxc.functions: don't let LXC_PATH= line end in failure
Otherwise if called from dash with set -e, dash will exit. This
causes lxc-clone to fail.
Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
-----------------------------------------------------------------------
Summary of changes:
.gitignore | 12 +-
CONTRIBUTING | 24 +
autogen.sh | 21 +
config/Makefile.am | 4 +-
configure.ac | 125 ++-
doc/Makefile.am | 1 -
doc/common_options.sgml.in | 2 +-
doc/legacy/lxc-ls.sgml.in | 8 +-
doc/lxc-attach.sgml.in | 4 +-
doc/lxc-cgroup.sgml.in | 4 +-
doc/lxc-checkconfig.sgml.in | 4 +-
doc/lxc-checkpoint.sgml.in | 4 +-
doc/lxc-clone.sgml.in | 150 ++-
doc/lxc-console.sgml.in | 15 +-
doc/lxc-create.sgml.in | 16 +-
doc/lxc-destroy.sgml.in | 21 +-
doc/lxc-device.sgml.in | 4 +-
doc/lxc-execute.sgml.in | 12 +-
doc/lxc-freeze.sgml.in | 4 +-
doc/lxc-info.sgml.in | 32 +-
doc/lxc-kill.sgml.in | 4 +-
doc/lxc-ls.sgml.in | 4 +-
doc/lxc-monitor.sgml.in | 23 +-
doc/lxc-netstat.sgml.in | 4 +-
doc/lxc-ps.sgml.in | 10 +-
doc/lxc-restart.sgml.in | 4 +-
doc/lxc-shutdown.sgml.in | 98 --
doc/lxc-start-ephemeral.sgml.in | 4 +-
doc/lxc-start.sgml.in | 4 +-
doc/lxc-stop.sgml.in | 96 ++-
doc/lxc-top.sgml.in | 4 +-
doc/lxc-unfreeze.sgml.in | 4 +-
doc/lxc-unshare.sgml.in | 10 +-
doc/lxc-version.sgml.in | 4 +-
doc/lxc-wait.sgml.in | 4 +-
doc/lxc.conf.sgml.in | 246 ++++-
doc/lxc.sgml.in | 4 +-
doc/see_also.sgml.in | 2 +-
hooks/Makefile.am | 4 +-
hooks/clonehostname | 29 +
hooks/mountcgroups | 25 +-
hooks/mountecryptfsroot | 2 +-
hooks/ubuntu-cloud-prep | 184 +++
lxc.spec.in | 3 +-
runapitests.sh | 18 +
src/include/getline.c | 29 +
src/include/getline.h | 31 +
src/include/ifaddrs.c | 597 +++++++++
src/include/ifaddrs.h | 54 +
src/include/lxcmntent.c | 20 +
src/include/lxcmntent.h | 21 +
src/include/openpty.c | 36 +-
src/include/openpty.h | 23 +
src/lua-lxc/Makefile.am | 4 +-
src/lua-lxc/core.c | 54 +-
src/lua-lxc/lxc.lua | 128 +-
src/lxc/Makefile.am | 77 +-
src/lxc/af_unix.c | 21 +-
src/lxc/af_unix.h | 2 +-
src/lxc/apparmor.c | 25 +-
src/lxc/apparmor.h | 20 +
src/lxc/arguments.c | 39 +-
src/lxc/arguments.h | 24 +-
src/lxc/attach.c | 643 +++++++++-
src/lxc/attach.h | 10 +-
src/lxc/attach_options.h | 120 ++
src/lxc/bdev.c | 2070 ++++++++++++++++++++++++++++++
src/lxc/bdev.h | 138 ++
src/lxc/caps.c | 40 +-
src/lxc/caps.h | 6 +-
src/lxc/cgroup.c | 1237 +++++++++++++-----
src/lxc/cgroup.h | 37 +-
src/lxc/checkpoint.c | 2 +-
src/lxc/commands.c | 701 +++++++++--
src/lxc/commands.h | 83 +-
src/lxc/conf.c | 390 +++++--
src/lxc/conf.h | 32 +-
src/lxc/confile.c | 145 ++-
src/lxc/confile.h | 2 +-
src/lxc/console.c | 786 +++++++++---
src/lxc/console.h | 20 +-
src/lxc/error.c | 2 +-
src/lxc/error.h | 2 +-
src/lxc/execute.c | 45 +-
src/lxc/freezer.c | 33 +-
src/lxc/genl.c | 19 +-
src/lxc/genl.h | 2 +-
src/lxc/legacy/lxc-ls.in | 2 +-
src/lxc/list.c | 2 +-
src/lxc/list.h | 23 +
src/lxc/log.c | 243 +++--
src/lxc/log.h | 16 +-
src/lxc/lxc-checkconfig.in | 2 +-
src/lxc/lxc-clone.in | 324 -----
src/lxc/lxc-create.in | 357 -----
src/lxc/lxc-destroy.in | 63 +-
src/lxc/lxc-device | 2 +-
src/lxc/lxc-ls | 11 +-
src/lxc/lxc-netstat.in | 35 +-
src/lxc/lxc-ps.in | 31 +-
src/lxc/lxc-shutdown.in | 151 ---
src/lxc/lxc-start-ephemeral.in | 28 +-
src/lxc/lxc-top | 13 +-
src/lxc/lxc.functions.in | 15 +-
src/lxc/lxc.h | 62 +-
src/lxc/lxc_attach.c | 458 ++------
src/lxc/lxc_cgroup.c | 35 +-
src/lxc/lxc_checkpoint.c | 4 +-
src/lxc/lxc_clone.c | 179 +++
src/lxc/lxc_config.c | 70 +
src/lxc/lxc_console.c | 192 +---
src/lxc/lxc_create.c | 246 ++++
src/lxc/lxc_destroy.c | 103 ++
src/lxc/lxc_execute.c | 8 +-
src/lxc/lxc_freeze.c | 30 +-
src/lxc/lxc_info.c | 43 +-
src/lxc/lxc_init.c | 96 +-
src/lxc/lxc_kill.c | 6 +-
src/lxc/lxc_monitor.c | 38 +-
src/lxc/lxc_monitord.c | 409 ++++++
src/lxc/lxc_restart.c | 8 +-
src/lxc/lxc_start.c | 102 +-
src/lxc/lxc_stop.c | 127 ++-
src/lxc/lxc_unfreeze.c | 30 +-
src/lxc/lxc_unshare.c | 2 +-
src/lxc/lxc_user_nic.c | 782 +++++++++++
src/lxc/lxc_usernsexec.c | 417 ++++++
src/lxc/lxc_wait.c | 18 +-
src/lxc/lxccontainer.c | 1783 ++++++++++++++++++++++----
src/lxc/lxccontainer.h | 124 ++-
src/lxc/lxclock.c | 330 ++++-
src/lxc/lxclock.h | 94 +-
src/lxc/lxcseccomp.h | 2 +-
src/lxc/lxcutmp.c | 4 +-
src/lxc/lxcutmp.h | 2 +-
src/lxc/mainloop.c | 9 +-
src/lxc/mainloop.h | 9 +-
src/lxc/monitor.c | 243 +++-
src/lxc/monitor.h | 12 +-
src/lxc/namespace.c | 4 +-
src/lxc/namespace.h | 5 +-
src/lxc/network.c | 8 +-
src/lxc/network.h | 2 +-
src/lxc/nl.c | 2 +-
src/lxc/nl.h | 2 +-
src/lxc/parse.c | 10 +-
src/lxc/parse.h | 2 +-
src/lxc/restart.c | 2 +-
src/lxc/rtnl.c | 2 +-
src/lxc/rtnl.h | 2 +-
src/lxc/seccomp.c | 2 +-
src/lxc/start.c | 260 +---
src/lxc/start.h | 6 +-
src/lxc/state.c | 113 +--
src/lxc/state.h | 2 +-
src/lxc/stop.c | 115 --
src/lxc/sync.c | 2 +-
src/lxc/sync.h | 2 +-
src/lxc/utils.c | 405 +++++--
src/lxc/utils.h | 163 +++-
src/lxc/version.c | 2 +-
src/lxc/version.h | 2 +-
src/python-lxc/examples/api_test.py | 14 +-
src/python-lxc/examples/pyconsole-vte.py | 80 ++
src/python-lxc/examples/pyconsole.py | 54 +
src/python-lxc/lxc.c | 753 ++++++++++--
src/python-lxc/lxc/__init__.py | 182 ++--
src/python-lxc/setup.py | 23 +
src/tests/Makefile.am | 16 +-
src/tests/cgpath.c | 278 +++--
src/tests/clonetest.c | 178 +++
src/tests/console.c | 177 +++
src/tests/containertests.c | 2 +-
src/tests/createtest.c | 2 +-
src/tests/destroytest.c | 2 +-
src/tests/get_item.c | 2 +-
src/tests/locktests.c | 258 ++---
src/tests/lxc-test-usernic | 67 +
src/tests/saveconfig.c | 2 +-
src/tests/shutdowntest.c | 2 +-
src/tests/startone.c | 4 +-
templates/Makefile.am | 3 +-
templates/lxc-alpine.in | 130 ++-
templates/lxc-altlinux.in | 26 +-
templates/lxc-archlinux.in | 14 +-
templates/lxc-busybox.in | 53 +-
templates/lxc-cirros.in | 321 +++++
templates/lxc-debian.in | 31 +-
templates/lxc-fedora.in | 231 +++-
templates/lxc-opensuse.in | 21 +-
templates/lxc-oracle.in | 32 +-
templates/lxc-sshd.in | 82 +-
templates/lxc-ubuntu-cloud.in | 226 ++--
templates/lxc-ubuntu.in | 132 ++-
194 files changed, 16157 insertions(+), 4782 deletions(-)
delete mode 100644 doc/lxc-shutdown.sgml.in
create mode 100755 hooks/clonehostname
create mode 100755 hooks/ubuntu-cloud-prep
create mode 100644 src/include/ifaddrs.c
create mode 100644 src/include/ifaddrs.h
create mode 100644 src/lxc/attach_options.h
create mode 100644 src/lxc/bdev.c
create mode 100644 src/lxc/bdev.h
delete mode 100755 src/lxc/lxc-clone.in
delete mode 100644 src/lxc/lxc-create.in
delete mode 100644 src/lxc/lxc-shutdown.in
create mode 100644 src/lxc/lxc_clone.c
create mode 100644 src/lxc/lxc_config.c
create mode 100644 src/lxc/lxc_create.c
create mode 100644 src/lxc/lxc_destroy.c
create mode 100644 src/lxc/lxc_monitord.c
create mode 100644 src/lxc/lxc_user_nic.c
create mode 100644 src/lxc/lxc_usernsexec.c
delete mode 100644 src/lxc/stop.c
create mode 100755 src/python-lxc/examples/pyconsole-vte.py
create mode 100755 src/python-lxc/examples/pyconsole.py
create mode 100644 src/tests/clonetest.c
create mode 100644 src/tests/console.c
create mode 100755 src/tests/lxc-test-usernic
create mode 100644 templates/lxc-cirros.in
hooks/post-receive
--
lxc
More information about the lxc-devel
mailing list