[lxc-devel] [GIT] lxc branch, master, updated. be9f766c1ef1c74cb7cdfca97a71757b492b8a5c
Stéphane Graber
stgraber at ubuntu.com
Mon Sep 9 19:38:16 UTC 2013
Hi Daniel,
Thanks for processing the pull request.
It appears you forgot to tag the current HEAD with lxc-1.0.0.alpha1,
could you do that before I rebase the staging branch on master?
Thanks!
Stéphane
On Mon, Sep 09, 2013 at 07:12:09PM +0000, Daniel Lezcano wrote:
> This is an automated email from the git hooks/post-receive script. It was
> generated because a ref change was pushed to the repository containing
> the project "lxc".
>
> The branch, master has been updated
> via be9f766c1ef1c74cb7cdfca97a71757b492b8a5c (commit)
> via f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1 (commit)
> via 5c068da9695bcbfa46e0b3666128e3a533c9ddc7 (commit)
> via 69c757b343b5bbd2543adc4f3f0204d4696515e0 (commit)
> via 2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3 (commit)
> via 3a1675bf08b35bd5a5078f5638048c2c72c3e981 (commit)
> via 330da5fa322cf628aadc425c5be86814530d313e (commit)
> via c25c2970a6aabc45ee6375cc127ed45efea2f9bf (commit)
> via ac8255280d2e4348ab0eba5ec6982edc92ee6fbd (commit)
> via 12e93188de7dfe9ba66e022f9c28aa1f696a22e8 (commit)
> via 44a80d675ffb81ebb1a66a62c162e93a4c5882a0 (commit)
> via 2698b46924ab861b1f39fb11560c852d080e7b02 (commit)
> via eee59f9408398849e9b7fc58dbe68ec176de4d50 (commit)
> via 2a2d36a42512160e7771b2472cb7922423523048 (commit)
> via 1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4 (commit)
> via 59d66af29da6ca8c5fa8cb63a5bbfc443811bb81 (commit)
> via 41c3b7c7ac9b33bc562ebad9ea124912577f2ba5 (commit)
> via 75b5535282453b3442a41df4a3ba6d3058cd6e48 (commit)
> via e34b5d2ef2c329afe6540bbfc298ae631378832e (commit)
> via cd0bcc4958e58a2750cf9086f75649d14c83ac70 (commit)
> via 250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77 (commit)
> via d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda (commit)
> via c66e9b01f04840c5abc34d235dbbb2ec9ca55205 (commit)
> via ca9548ad02238600899a1f86ded308279964e018 (commit)
> via 80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6 (commit)
> via 0f081315a9310bf04fe4bc64b900ec6bac36f85d (commit)
> via 188e0ab60bda276c688ad15877c6d6402081c6c9 (commit)
> via acbb59f50d5196facde837ea377f70e98ce1e6f8 (commit)
> via d75462e4d663c58bde0787fdbe0ef3148e44cdde (commit)
> via 0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6 (commit)
> via dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad (commit)
> via 840295ff4cf11da0938a19f99fef8a1525de8106 (commit)
> via 80507ee8eb66f4f23494caae26f6d2f0b50480b6 (commit)
> via 48c63f8d035045af1103b677b5ec577aec59a5b5 (commit)
> via 5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e (commit)
> via 79622932f21d22db36a0b6cca129f559b5e76108 (commit)
> via cb0c6c020314ee0fea0ce30d209711f7e9c29aaa (commit)
> via 92b0b5bac5717e5281f51340192288050409ad47 (commit)
> via 9069513c69d77b5c22219b43f78ba1554431dd36 (commit)
> via dfb31b25e298d98ea80a699f019308019c6670d8 (commit)
> via 84bdfb2b4c95b24fde5e90e621372fcd6c4d069b (commit)
> via 659aa0618c34cecd388df73936b41d5fb573090d (commit)
> via 5d9598d7d3206d1bede4932e7c8565f1ab309fbc (commit)
> via a09295f841be8add0cbfc2932c59535f0d1365ed (commit)
> via ca6973422d5471281126e9e1884633367479f246 (commit)
> via 01efd4d3d91713fc4f8ca55c7726b8216ed16fc6 (commit)
> via 1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f (commit)
> via b4569e93217fe9a18af35b4475c8f8eac1436759 (commit)
> via fb760f70541c9af728eb2ab0c6175875f7448752 (commit)
> via e14f67a7bfa7065480fc7cd47a45f209a0aee79b (commit)
> via c9ec905567952830d58a14d1e3a3ea4e1f8b0041 (commit)
> via 01bfae14dd898fecf0bd130e47a62a3155f619d0 (commit)
> via 4f17323e79969a98604bc30a8cc24cf083d474c3 (commit)
> via 9c6694b7073a6ebfd1da4950e0c8db4b91530202 (commit)
> via a9cab7e39b101b89470e2e4109c14e7f17218032 (commit)
> via 55c76589fd19e5f04697dcfd0084039cd77ef304 (commit)
> via 37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d (commit)
> via e768f9c0f69df1f02f8252fead6d82648b410bd8 (commit)
> via 511a6936c7062d59dd9335ef16d9165d19c45604 (commit)
> via 1a2e58cf55979749ea76835d0b36327c051c2715 (commit)
> via 5ec279894e8b1275b6cbfaaddb425e8f56639bdc (commit)
> via a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8 (commit)
> via 7f3e12f3e5223c6a6c34bafdf47df86f66078963 (commit)
> via 2e74d6f3744e5aef2e01f1f295472ffdb58f1929 (commit)
> via 120ce443c466fb1d286ffd200ca22a1e9db7284c (commit)
> via 2b89a9c19db30894e2476a5a750c443dee339d70 (commit)
> via ec346ea11f76d0797035c476794104a3230531f9 (commit)
> via 180edd67022017351a6546b4aa79bcaefada01c8 (commit)
> via 590ae889334b01a59606a1a8952d976098bd6123 (commit)
> via bff13ba210ed61f756fc82adce1921f84b43ffe0 (commit)
> via 92adc3e911314a6f90986d8410ec0ff4b82c9f79 (commit)
> via c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15 (commit)
> via 4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b (commit)
> via d24d56d7ee3420bb79238ff84cad07c20cf4757d (commit)
> via e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d (commit)
> via 6fe93aa1877359365a07d9110e0e2dbfb3b0205f (commit)
> via d74325c436457b87b17e3ea598a9eb4ba66e0d49 (commit)
> via 1d374b9725e53d8b099970c1b501d56d599c4772 (commit)
> via fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8 (commit)
> via d44e88c26690a56f9efac58f602dba06c9ec0c90 (commit)
> via d3060bd055eac45c1767e1e80fcaba763eb7477d (commit)
> via d007f8ab3da297ed0de884e0c6e57a66de2fcb42 (commit)
> via bf7d3153c925ca1404662a8fe031da27308f4187 (commit)
> via 3d5e9f4801c0311a6300fc781a4c0a09a6d463fe (commit)
> via d7a09c630b2150636bf4dfb266bc632abd65dfa8 (commit)
> via b7f2846aabb8c1c59b078b4c529e60ea254432f1 (commit)
> via 626ad11bfee3e12e675f51e92920030a6f383b19 (commit)
> via a0e93eeb2293e15a18e6c56271d13907f082c4df (commit)
> via 61a1d519f472c1ac95c641d974401c932f82be66 (commit)
> via 9c4693b853c5a9ab2156544ee3334a082cdba420 (commit)
> via 650468bb4a5c9a6c69b524f574e8d0f315f45c37 (commit)
> via b93aac46f2802b3639c1ac2ed0cf71174673d110 (commit)
> via 01e6b7148046c3f41849d093bc61454279792b80 (commit)
> via b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138 (commit)
> via 070a4b8e68a6bf9a96c24ded47974388c83f1d57 (commit)
> via 20ab58c777136a449b3199e0733b62fa87ecfa61 (commit)
> via 3fb18be95747034bf36f46be11b0eb288b2ec1b4 (commit)
> via baece282266318a9bb527cefc85ebf7b6dd7f10e (commit)
> via 8bb17b7791777538d8f7cc957939fc871843f218 (commit)
> via 79159a86ddb51071055abd7ee08935bc65b9e7a9 (commit)
> via 034a01593a4ae10d6f1e49b71afbfff70cfc226c (commit)
> via 54e339f91785368a7825b2edaad04c2177a1a382 (commit)
> via 65d8ae9c4a66f5ca85289c02dc06d63261c84619 (commit)
> via 1c8e4ee0a08638e35732a0ddd0052ecde49fbecb (commit)
> via 4a0ba80d62c0d8aeb5c9857749659fdf716c380a (commit)
> via b40a606e52c788db85fe1c42d3747483d159b6a5 (commit)
> via 96532523ef90ea6ce3f08ec7d74c3c850b885e50 (commit)
> via d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54 (commit)
> via c9cbb9e51436f84d7871a50776dccacfd8dc196a (commit)
> via 2c495ae35a804e3c12cb9f4826c30295043986ce (commit)
> via d155b47dac549a5c30c0011923274e3744109c91 (commit)
> via 469b57873977afcb5d9f5adb00097c944caedd2a (commit)
> via b60ed720848c8276e4e770d380ec6014768d9923 (commit)
> via b113383b84e5fcd2997a939d3f826a06b109e3d9 (commit)
> via 1aad9e44d65e7c20dabc4c99f57bcf532db66c68 (commit)
> via 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a (commit)
> via 5be56973e5e874a142263dfb164b0b03e18a65f3 (commit)
> via 4165b2c65648b5df521c6e83b1cbad91d0896a00 (commit)
> via 6f259716e75552cf46ee5125bdbd21e34456d0c0 (commit)
> via 8058be395d46cfabf2dacd7df79e95309619986a (commit)
> via 819554fe20bbc0ce720b5ed0d5b8e53aeba6b284 (commit)
> via 5202677243dcda16ab97c07d497174726198f7ab (commit)
> via 27c27d73e1b1a07e3621484fa033206549e2a1f5 (commit)
> via 3ce746862b2a2b33f3de65aeecda0bad1a5dd27c (commit)
> via 868a70afead6cc48a4c883126ea3ef01b6ec57e0 (commit)
> via 6a2e602b1b03617e77dcd4b5f82f34713a970ac4 (commit)
> via dc23c1c817da5c13529432270e51d0f7f3b1e95e (commit)
> via ae13ae0853a246119ddaf9c8cc6d128a21a8988c (commit)
> via 283678ed2ccd88a6ba57fcb28516311adcdb6fac (commit)
> via cbee8106e38f9ffa130c7bf8be325f7f203da67a (commit)
> via 96b3cb407c07915db2cd0542c313a4bff4d1d389 (commit)
> via fb75356a85e3097db77386e7c62836a3ee69217f (commit)
> via 1143ed392d2760e8f7aeee88d570bb0ba151885f (commit)
> via b9b3a92f664fe3966decd0411b25fb6b77425e23 (commit)
> via 3327917f4a991a49ba1562b774c63c45139772eb (commit)
> via 9313e1e628160ca64f9e7fcec6500056c9a0725f (commit)
> via 6cda3f5ac1e3a20a97a419923e587d6bdb1fece9 (commit)
> via b58e60e232a3049d946a3b18e6f21912cd3453f0 (commit)
> via 39ffde307ad83bd407aaa6a0d81682902bab248b (commit)
> via b0f9616f6227f56dce8ca2514610f432ba4fab8a (commit)
> via 18efb001a4498f8fc62ab37f1db552fdf001e798 (commit)
> via ef091cefca5082007678fe82ad01389f7057ca48 (commit)
> via 9c631ea7c2906f41b23f5c8dcc9f6045078879db (commit)
> via 9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349 (commit)
> via 53f3f04845a9eb60064c302e1f95652f665809f1 (commit)
> via 2e599a6a25b533fe63840edc34ee265811b7b814 (commit)
> via 982e7b6ea40ea57923f4f094858424debc1a5f7f (commit)
> via 85b41c7d7f72213199b5cff9525d17f44b49a842 (commit)
> via 37cb98a2b7e5c7b0abf69f261a16d759453492f1 (commit)
> via 1a7cb0850405b271b7bedacd243235f29cd368df (commit)
> via 176d9acb2ec17211a0d69bd2bd99f914fad8d7ad (commit)
> via ae3f8cf9a4a03c62c6c12968b38b2352388df91c (commit)
> via 618fa49dddbedd2b7319c0089dffd8d65aef8369 (commit)
> via 54c30e290876c5fa6e4c7b5a511580793e4777e3 (commit)
> via 37903589a2de0cbd62f94c5fd06d0aa8d57ca140 (commit)
> via b515981702133b9aaea1aff378493f054c14d46c (commit)
> via 5d4d3ebb13705d1e102429c75fc06932f81816dd (commit)
> via 71b0fed669a088675c1344ed68b250e87414c998 (commit)
> via 54b79829e23e01998eeafb8156987937a894af3c (commit)
> via 6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa (commit)
> via fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4 (commit)
> via 38973621a40a5657b067409321d54759520d7951 (commit)
> via 31f58b3fcec322dba1eed71e364335c30500066c (commit)
> via f02abefef9a59658c813e08f86a91fbe09eabf00 (commit)
> via 93dc5327aa0c2b13d619b8bedf893eea983d4d68 (commit)
> via 1af60b514fc9d8da2b4485e9e8845619fb6c6b68 (commit)
> via eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1 (commit)
> via f002c8a7655e42a325ef6bad9fb0844fad4e410b (commit)
> via 4c1f6b67d9b842d9e5c293eea2ff19301ecc5596 (commit)
> via 3155e7f954d4b5d7da528d2a3cd8be254432e3c3 (commit)
> via 63c3090c913142cd19f443b040cdede2c0522ce8 (commit)
> via 44ef0c0c7200ef4e8783387d886d3748da3d50fd (commit)
> via 569bee5cc3d647032573db8f72734faa9307d577 (commit)
> via 0a18b5458b6d0fcad9a82b96f99035254af50c7a (commit)
> via 3a647d582dc759e43c2087f0d906adf77c62ab6c (commit)
> via 3bc449ed24edc4b754cbe0af19fe878d29731f59 (commit)
> via 73e608b21f73509c5f8c7a948cc6d4b0898edb2c (commit)
> via 39dc698cb4025516a3428a68e19da05feb6fc0e9 (commit)
> via 0115f8fd27b1a31d367bb161a121694f92b45e62 (commit)
> via 3db989bad5d58bafac80f448e1dd2d048e791478 (commit)
> via dc5e436e702f0bf4001e3e6e9f855443b2fcf448 (commit)
> via 5790f7b7a76b9ccff662fdd6ff0013b8f218d020 (commit)
> via 64f782ca69c70fd155427a81d69fda593981e770 (commit)
> via 1897e3bcd36af9f3fe6d3649910a9adb93e5e988 (commit)
> via 60bf62d4ae36a48342fb8aee680fbd4b423810b1 (commit)
> via 3e625e2d2e12b919dd9590b97badc6108ee67b1a (commit)
> via 5cee8c5040661f9875bf41cfffd641c87afae8af (commit)
> via df271a59cbfcfbe98fa4bd7af3ae595633539a12 (commit)
> via 2acf77955239ec0046451fa16812d2884e6bd19b (commit)
> via 6a44839f5973f41553349f1b5e77d8db809e60eb (commit)
> via ad5f15151580201b79fc140f664227b494639e81 (commit)
> via 5bb4a226ebec9f3fb678a282a2b2833748d6707b (commit)
> via 65be441e0892b45000b9b3863d407539e56e47a4 (commit)
> via 481624b37b37ffa98b735cf3f94e35d1fbd729e0 (commit)
> via fa9ac567a7f1593c586cca57362f6b542985e5d7 (commit)
> via 20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5 (commit)
> via fca3080f6a46f856c54218a8e478a174382b4c15 (commit)
> via ef6e34eec8d5a9f1447462d6080facb674b3ccdb (commit)
> via 9c83a661397456e1455d739bcadfa38f05ce2fe6 (commit)
> via 92f023dccced28a55ce323253f298e9825fe7da7 (commit)
> via 65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc (commit)
> via c797a220d51d2796355fd60eca50523ffd6fb45e (commit)
> via 71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0 (commit)
> via d1240f0335e0c469b850da467661dfbb8f262727 (commit)
> via 11029c023a12dbe3f3569fcc22f25667686e417f (commit)
> via 40650ea6817286a9587a84bf3ce5d25d10620303 (commit)
> via de09eccbeda214a1ef5a9b7144870defa97e88c4 (commit)
> via dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1 (commit)
> via 148e91f56799f03c868deca8dcad473983a1a2bf (commit)
> via 9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba (commit)
> via 6031a6e5f939bda07d98768d34dafae677a7dfeb (commit)
> via d9e80daf54e15b89b0b08d475b29893be9830be0 (commit)
> via 627fe3b4c3a65535eb53c3d63794705d8f6322d4 (commit)
> via 794fb287b3bd7a6c07f99ec1565c517922287065 (commit)
> via 807732062eab6cd44fb033bfbb37fbb38907aa66 (commit)
> via 58a46e06210a6321c530735f15f66eb648c4657d (commit)
> via 714540763b8b1ac12c029d7760b4e4fe13a69b43 (commit)
> via 304143a823ede4eca52f1d11ae1449995ad503ff (commit)
> via 8d06bd135af4852f24660be965aba2d781223af4 (commit)
> via 566c0d6dce82ee573da01e325c53179ed74350f1 (commit)
> via 7f4717c293fd5ecb9d605bed890cb412314aa8e2 (commit)
> via dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b (commit)
> via f2bbe86da4044c8db39e6eae19541fe2d117bae7 (commit)
> via 3856bc9ff50f2cbd6cb2830619f3594ffea0b344 (commit)
> via 5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7 (commit)
> via 42fb4b1585d5f2073fbfe984acd46b625fd3c6a1 (commit)
> via 91c908ee8ea5aada054cbb7f4203d486c2e9a09e (commit)
> via ab81cef05338e7a553aacca141287034d6daf167 (commit)
> via 7c7ec7a8eded3d3864631165503fedb456e1b779 (commit)
> via 8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3 (commit)
> via d2c8186b4d185d75e81aec02d5a62dde4192c16d (commit)
> via a9bafa108521ac785e846f2ace105c327371c106 (commit)
> via 3c73b55472c096f06fd037c3c0af011be62a432b (commit)
> via a747894428ea38c4a908acacb610fc3de714e0c0 (commit)
> via 8fb86a37daecd05e9ef7f291dd4762be881f88e4 (commit)
> via bec695f3ec43972ad38f06f92ff2db03d8405562 (commit)
> via 8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9 (commit)
> via a2eea3c1974d70bdef74a0af6a14ca3a6fa41704 (commit)
> via 2d4bcb96155c0e4a5d2734017f889b993144e876 (commit)
> via fc7e88640cbdb402aaa048dd74829c8d09dda850 (commit)
> via b85ab7989ebe24629267048cb269b278eeb50490 (commit)
> via 375c2258b24b233832c9ec43ab9c7b3f5dce25fb (commit)
> via e0b0b533feed683ce12c94e11174019a5dac64fc (commit)
> via eee3ba81c88e64b8a732694fc4843a39d5bde491 (commit)
> via ee25a44fd389ed450e3d7ef9513eec19668f2de7 (commit)
> via b338c81b9f0130106eee4b2ff70959c2e62a1fac (commit)
> via 385e7a431a1865017211478741408d505396f9a7 (commit)
> via b164a17f9bfcc3f067dad33d0c38834aa22ca2b1 (commit)
> via ec471210d97ba23b2de618349bdb6dd4145e53e0 (commit)
> via 0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df (commit)
> via a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0 (commit)
> via 1e1bb42a8fca68d9fa9391e6644aeff296479499 (commit)
> via 31a95fecd2e0b1408e9a97e3ae36a7770544d1a2 (commit)
> via ca52dcb55961d75e0163f237c92d225964c786bd (commit)
> via 3baa76fe36bd2b59645a952c3a47a960090c38d2 (commit)
> via 9be53773792fc9e8bd173edc3b7ac7e144875387 (commit)
> via ab1bf971d2db43777cbf3892fb887bf71ce7d155 (commit)
> via 7f95145833bb24f54e037f73ecc37444d6635697 (commit)
> via 33c2c3ec93c17758f37cc2e53f07f7dfe6b72336 (commit)
> via f485f377a1caba11c58da100d3db9a8c6fdeb7d5 (commit)
> via 4f43438c476c3c5fb78d6192238d540108a33cb1 (commit)
> via 6320e49454b0fd86dde7df0af54a2e194ae59821 (commit)
> via 69fe23ff0777390e34a8c0b11ce6037e5aef9109 (commit)
> via f05699d19e27567583b9397a8d529e8aa275f5e1 (commit)
> via 6b7916695264238a490971e8cd87612154fc18b1 (commit)
> via e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2 (commit)
> via 4fa22bfca1e94393aa3fbdc3fdf5516e75d47521 (commit)
> via e51d4895129209cec1c15bda2322136a03ec94b2 (commit)
> via dc7f65454ee88fbd50f4d6f8a7c567eb27107314 (commit)
> via 0a9362f5745a58a3d63354d76182108ea81ecf05 (commit)
> via 15451ecf742bfa38a0732270b36d4a8666d2124e (commit)
> via 6516ad8b01aac298bffe60a8d7d21745f3354a38 (commit)
> via 93d564edc5d69819e85c3fa93368d37ec803a2f9 (commit)
> via fd37327f57a6d53692babcaf69dfbd8f62e59918 (commit)
> via cf0f903326cf3cdd10f834c1bbc627fd81e06044 (commit)
> via 051151de890705173a42bbead40a6125d34ea41b (commit)
> via bbb8a488aeacf8a226d49773fe13798a202a78e2 (commit)
> via 7e1667d76e76eb3d571be5e4b545e8ace6e92187 (commit)
> via ddb17f1f0870ddb1678e34652f54458207cb3bb0 (commit)
> via 599d42525144cf0fcc7de6ac1b576c5c6ae290c2 (commit)
> via a2abaa9ec60a8967611e8c8905698bd01bde5861 (commit)
> via ed4616b1cfbc84dd01caa8546d813e8c5d482921 (commit)
> via 6c5db2af1f706e8f21f2a5f074bada96e9011052 (commit)
> via 2ebec36f271d4ee943281e32feb3552745115347 (commit)
> via 860fc865b0ae0fd6381a8a9a777efdbde0aaefb6 (commit)
> via 23154d5764c06b68a5c154cecd89524ebe747ca1 (commit)
> via 3763ee85915d28737bfebffa136bfb49ef0a2109 (commit)
> via 8de4140644f01180f2fdab55b0ab0f13d1c761c6 (commit)
> via 5a5c35c3a01afec515e688c8366e6f893985518d (commit)
> via 6b28a086310b8715f4655446f4c01d9555ef1786 (commit)
> via a81bad13ec305b885eff2934307d9205d55e0050 (commit)
> via 2c7d90ac6eb4d883d9650d17cd915d958b4e5e66 (commit)
> via 98663823e47ec56ff5a8205a17cc884acbf9cabd (commit)
> via 883f4a1eae77f332059dc0be6f965485a0361ec0 (commit)
> via ce4c4ca43586825a13c1abb4ce13e90d9447a0eb (commit)
> via 8e7da691af29fe1d8b93d2e4acc98eb188ae74cc (commit)
> via 2796cf790f80e8be8dd90238f6789e52bd3cc2ac (commit)
> via e6a19d2683629888175371ed2eeb8a49a7b44873 (commit)
> via 0a2188544a538b421612c90d44e56853a9d64458 (commit)
> via 03027ad99f2759182fbcd3363298ae6adaf88cdb (commit)
> via 4d44e274dcd933327c4f1c1cc7e1f876d08ffa85 (commit)
> via 00b6be440f93131e35e75fb1b34d8d3220590bb5 (commit)
> via 5371906219ff19886169612993efbb8e82f749a7 (commit)
> via 2802732032aeaabe8c793ae76112d9c8ba13ee23 (commit)
> via bb1d227404ff96564877a04ef9299c63f608f543 (commit)
> via 022de5f317014c538e17378b626cf3267625e141 (commit)
> via b6f24d54f54146a0f5de700dac7ffc2ef7624359 (commit)
> via a6537fbbfb0b9d08adc58ae23b873a084e5d479c (commit)
> via a741a85d8e241e9ca773f3cd7575d720837fcb51 (commit)
> via b4e4ca49c792d7320787a6991ce1815d26060d39 (commit)
> via c928f41fc0e79a24e4c43a80fb26b3c46997d91a (commit)
> via 416707883893211a15c031b1f3589bc7cde9bf2b (commit)
> via 586d4e9be1eb13cd9cb77cf6c56ce57e24623c44 (commit)
> via af41709c4243e0fd9dc1fac5f22cdd47316f8277 (commit)
> via bdb539b89bbe123018392bb8c64cb94c13d736a8 (commit)
> via 8767795058ca5b46c8a9e335ad941d8799241716 (commit)
> via 43d1aa34aab1c43bce8f083d024bf54f0246a884 (commit)
> via e649c8032f84b488cac8ea6c8fb9a77c424a0419 (commit)
> via 75129865d48d2293383316f88ce7661e37dde43d (commit)
> via 9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3 (commit)
> via 33892746e373449a8a69a4265d783bf701cb5784 (commit)
> via 6efdcb6a3cc4d06bf64af69b08bc95335f02b79f (commit)
> via fe19f236a2295da1e01ab05ff59853c5a4556811 (commit)
> via 1354f952876e96b456425efc7ed9994caf687028 (commit)
> via 190a2ea88e9820e5e150ce36414233da4bd34b44 (commit)
> via fd95f2402dc70ad41fa2db8fb101f950196458a9 (commit)
> from e9831f83532184caa119f830eee54728084444ba (commit)
>
> Those revisions listed above that are new to this repository have
> not appeared on any other notification email; so we list those
> revisions in full, below.
>
> - Log -----------------------------------------------------------------
> commit be9f766c1ef1c74cb7cdfca97a71757b492b8a5c
> Merge: e9831f8 f756cda
> Author: Daniel Lezcano <daniel.lezcano at free.fr>
> Date: Mon Sep 9 21:07:12 2013 +0200
>
> Merge git://github.com/lxc/lxc
>
> Signed-off-by: Daniel Lezcano <daniel.lezcano at free.fr>
>
> commit f756cda05c4058dd7f5d46f2cf51c3bc7fd002d1
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Fri Sep 6 21:09:57 2013 +0200
>
> configure: enable Lua if found and continue without if not
>
> Search for Lua if no --enable-lua/--disable-lua specified but continue
> without if not found.
>
> If --enable-lua is specified and Lua is not found then return error.
>
> If --disable-lua is specified, then don't search for Lua.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 5c068da9695bcbfa46e0b3666128e3a533c9ddc7
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Sep 6 12:25:47 2013 -0500
>
> lxc_spawn: don't close pinfd until container is stopped
>
> Otherwise containers may be able to remount -o ro their rootfs
> at shutdown.
>
> Reported-by: Harald Dunkel <harri at afaics.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 69c757b343b5bbd2543adc4f3f0204d4696515e0
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Fri Sep 6 09:08:45 2013 +0200
>
> lua: fix logic to enable lua support in configure
>
> When there is no --enable-lua or --with-lua-pc, Lua should not be
> enabled.
>
> This fixes a bug introduced with 12e93188 (configure/makefile:
> Allow specify Lua pkg-config file with --with-lua-pc) that caused
> configure script to fail if lua headers was missing.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 2caf9a97d90a61e5eaf9d7c218e5bcc35dfbfbb3
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Sep 5 20:31:55 2013 -0500
>
> sanity-check number of detected capabilities
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3a1675bf08b35bd5a5078f5638048c2c72c3e981
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Thu Sep 5 16:40:49 2013 -0400
>
> add AS_VAR_COPY for older autoconf versions
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 330da5fa322cf628aadc425c5be86814530d313e
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Thu Sep 5 15:20:44 2013 -0400
>
> lua: fix stats gathering
>
> - remove lxc subdir in cgroup paths (done in commit b98f7d6e)
> - remove extraneous debug printfs
> - remove extra call to stats_clear
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit c25c2970a6aabc45ee6375cc127ed45efea2f9bf
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Thu Sep 5 15:29:20 2013 +0200
>
> lua: implement dirname in C rather than depend on external executable
>
> Instead of popen and run external executable dirname we implement a
> dirname in C in the core module.
>
> We also remove the unused basename function.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit ac8255280d2e4348ab0eba5ec6982edc92ee6fbd
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Thu Sep 5 14:33:28 2013 +0200
>
> lua: implement usleep in C module
>
> So we avoid running os.execute
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 12e93188de7dfe9ba66e022f9c28aa1f696a22e8
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Thu Sep 5 17:13:07 2013 +0200
>
> configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc
>
> Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua
> pkg-config package name. By default it will use 'lua' and try figure
> out which version it is.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 44a80d675ffb81ebb1a66a62c162e93a4c5882a0
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Thu Sep 5 08:45:33 2013 +0200
>
> lua: prepare for Lua 5.2
>
> Adjust code for Lua 5.2 and keep compatibility with Lua 5.1.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 2698b46924ab861b1f39fb11560c852d080e7b02
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Thu Sep 5 15:07:51 2013 -0400
>
> lua: fix a bug in the parsing of /proc/mounts
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit eee59f9408398849e9b7fc58dbe68ec176de4d50
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Sep 5 18:05:34 2013 -0500
>
> clone: don't copy rdepends when not doing a snapshot clone
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2a2d36a42512160e7771b2472cb7922423523048
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Sep 5 17:59:28 2013 -0500
>
> fix typo
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1fb86a7cdc22d22b14d03eb0cbd1aa6702862dd4
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Jun 13 22:43:01 2013 -0500
>
> introduce lxc.cap.keep
>
> The lxc configuration file currently supports 'lxc.cap.drop', a list of
> capabilities to be dropped (using the bounding set) from the container.
> The problem with this is that over time new capabilities are added. So
> an older container configuration file may, over time, become insecure.
>
> Walter has in the past suggested replacing lxc.cap.drop with
> lxc.cap.preserve, which would have the inverse sense - any capabilities
> in that set would be kept, any others would be dropped.
>
> Realistically both have the same problem - the sendmail capabilities
> bug proved that running code with unexpectedly dropped privilege can be
> dangerous. This patch gives the admin a choice: You can use either
> lxc.cap.keep or lxc.cap.drop, not both.
>
> Both continue to be ignored if a user namespace is in use.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 59d66af29da6ca8c5fa8cb63a5bbfc443811bb81
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Sep 5 16:56:54 2013 -0500
>
> bdev: free after bdev_init
>
> (Except in cases where we will immediately exit)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 41c3b7c7ac9b33bc562ebad9ea124912577f2ba5
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Sep 4 17:04:51 2013 -0400
>
> valgrind: fix memory leak on container new/put
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 75b5535282453b3442a41df4a3ba6d3058cd6e48
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Wed Sep 4 17:01:09 2013 +0200
>
> lxc-alpine: add hwaddr for a single macvlan interface
>
> We already add harware address for a single veth interface. Do the same
> with a single macvlan interface.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit e34b5d2ef2c329afe6540bbfc298ae631378832e
> Author: S.Çağlar Onur <caglar at 10ur.org>
> Date: Tue Sep 3 16:21:15 2013 -0400
>
> bdev_copy segfaults if bdevtype is NULL
>
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit cd0bcc4958e58a2750cf9086f75649d14c83ac70
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Tue Sep 3 15:11:07 2013 -0400
>
> tests: Add lxc-test-usernic to the dist tarball
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 250b1eec71b074acdff1c5f6b5a1f0d7d2c20b77
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Tue Sep 3 14:29:46 2013 -0400
>
> licensing: Add missing headers and FSF address
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit d08c3aaebca1ccc47f1f14dcd6fbca39953f8dda
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Tue Sep 3 11:36:09 2013 -0400
>
> ubuntu: iproute is now called iproute2
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit c66e9b01f04840c5abc34d235dbbb2ec9ca55205
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Sep 3 07:56:11 2013 -0500
>
> lua: update license
>
> As with other files, update to be LGPL since these are part
> of the lxc library.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ca9548ad02238600899a1f86ded308279964e018
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 30 17:27:14 2013 -0400
>
> python: Fix api_test to use the new attach() API
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 80bcb05357a90cc9a2e21e942a2b0a53cddfa7a6
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Sep 3 08:08:39 2013 -0500
>
> lxc-commands: add a comment explaining CMD_* rules
>
> We wish to ensure that, henceforth, newer lxc tools are always compatible
> with older lxc monitors. Add a comment to commands.c to explain the
> rule we wish to enforce to this end.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 0f081315a9310bf04fe4bc64b900ec6bac36f85d
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 30 15:51:31 2013 -0500
>
> remove old stale comments (lxc-clone is now implemented)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 188e0ab60bda276c688ad15877c6d6402081c6c9
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 30 15:56:21 2013 -0400
>
> Add a section about licensing to CONTRIBUTING
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit acbb59f50d5196facde837ea377f70e98ce1e6f8
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 30 14:43:09 2013 -0500
>
> fix license text in ubuntu and ubuntu-cloud templates
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d75462e4d663c58bde0787fdbe0ef3148e44cdde
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 30 14:42:20 2013 -0500
>
> fix wrong license text for parts of liblxc library
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 0c69c79b4d86a0bda4a0c1ea2e4cc63d28c7baa6
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 30 12:08:26 2013 -0400
>
> avoid zgrep -q as it's failing on some distros
>
> Reported-by: Filirom1
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit dfa7aa3a836aef5d0f1aebe0f6eeff65d20239ad
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 30 11:47:58 2013 -0400
>
> fedora: Add missing double-quotes.
>
> Reported-by: tlc
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 840295ff4cf11da0938a19f99fef8a1525de8106
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 30 11:43:19 2013 -0400
>
> Fix some typos
>
> Signed-off-by: Dmitry Shachnev <mitya57 at ubuntu.com>
> Reported-by: Vincent Ladeuil
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 80507ee8eb66f4f23494caae26f6d2f0b50480b6
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Aug 29 10:41:19 2013 -0500
>
> start.c: handle potential signal flood
>
> Signalfd does not guarantee that we'll get an event for every signal.
> So if 3 tasks exit at the same time, we may get only one sigchld
> event. Therefore, in signal_handler(), always check whether init has
> exited. Do with with WNOWAIT so that we can still wait4 to cleanup
> the init after lxc_poll() exists (rather than complicating the code).
>
> Note - there is still a race in the kernel which can cause the
> container init to become a defunct child of the host init (!). This
> doesn't solve that, but is a potential (if very unlikely) race which
> apw pointed out while we were trying to create a reproducer for the
> kernel bug.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 48c63f8d035045af1103b677b5ec577aec59a5b5
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Mon Aug 26 13:47:58 2013 +0200
>
> lxc-alpine: create /dev/zero
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5acccf95b2bd1e5ffedf687e527dcad5a54d4c1e
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 23 12:45:15 2013 -0500
>
> config_ipv6: run inet_pton on the addr value without mask
>
> otherwise a "$addr/$mask" results in failure.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 79622932f21d22db36a0b6cca129f559b5e76108
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Aug 22 10:27:40 2013 -0500
>
> api: convert lxc_start
>
> Normal lxc-start usage tends to be "lxc-start -n name [-P lxcpath]".
> This causes $lxcpath/$name/config to be the configuration for the
> container. However, lxc-start is more flexible than that. You can
> specify a custom configuration file, in which case $lxcpath/$name/config
> is not used. You can also (in addition or in place of either of these)
> specify configuration entries one-by-one using "-s lxc.utsname=xxx".
>
> To support this using the API, if we are not using
> $lxcpath/$name/config then we put ourselves into a custom lxcpath
> called (configurable using LXCPATH) /var/lib/lxc_anon. To stop a
> container so created, then, you would use
>
> lxc-stop -P /var/lib/lxc_anon -n name
>
> TODO: we should walk over the list of &defines by hand and set them
> using c->set_config_item. I haven't done that in this patch.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit cb0c6c020314ee0fea0ce30d209711f7e9c29aaa
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Thu Aug 22 15:38:48 2013 -0400
>
> hooks/ubuntu-cloud-prep: add hostname to meta-data
>
> prior to my enabling of the clone hook, the setting of the hostname
> was being done by writing to /etc/hostname. Instead of relying on that
> we're now writing 'local-hostname' into the metadata for the instance.
>
> cloud-init then reads this and sets the hostname properly.
>
> We are also writing /etc/hostname with the new hostname explicitly. This is
> useful/necessary because on network bringup of eth0, dhclient will submit its
> hosname. The updating done by cloud-init occurs to late, and thus
> the dhcp request goes out with the un-configured hostname and dns doens't
> work correctly.
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 92b0b5bac5717e5281f51340192288050409ad47
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 21 16:53:52 2013 -0500
>
> api: convert lxc_wait, lxc_freeze, and lxc_unfreeze
>
> These are the last of the simpler conversions. Start, execute,
> kill, info and attach remain to be done.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit 9069513c69d77b5c22219b43f78ba1554431dd36
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 21 14:35:28 2013 -0500
>
> lxc_cgroup: convert to using API
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit dfb31b25e298d98ea80a699f019308019c6670d8
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 21 14:43:52 2013 -0500
>
> Track snapshot dependencies (v2)
>
> (Will push in a bit barring any objections)
>
> lvm, btrfs, and zfs snapshots each do an ok job of handling deletions
> for us - a btrfs snapshot does fine after the original is removed,
> while zfs and lvm will both refuse to allow the original to be deleted
> while the snapshot exists.
>
> Overlayfs doesn't do this for us. So, for overlayfs snapshots, track
> the dependencies.
>
> When c2 is created as an overlayfs snapshot of dir-backed c1, then
>
> 1. c2's lxc_rdepends file will contain
>
> c1_lxcpath
> c1_lxcname
>
> 2. c1's lxc_snapshots will contain "1"
>
> c1 cannot be deleted so long as lxc_snapshots exists and contains
> a non-zero number.
>
> The contents of lxc_snapshots and lxc_rdepends are protected by
> container_disk_lock() and at lxc_clone by the new container not yet
> being accessible.
>
> (Originally I was going to keep them in the container config, but the
> problem with using $lxcpath/$name/config is that api users could end up
> calling c->save_config() with a cached old value of snapshots/rdepends.)
>
> Changelog:
> aug 21: check for fprintf and fclose failures
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit 84bdfb2b4c95b24fde5e90e621372fcd6c4d069b
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 18:15:06 2013 -0500
>
> avoid very unlikely race due to EEXIST
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 659aa0618c34cecd388df73936b41d5fb573090d
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 18:01:07 2013 -0500
>
> coverity: make indent match nest level
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5d9598d7d3206d1bede4932e7c8565f1ab309fbc
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 17:59:19 2013 -0500
>
> coverity: dont dereference before null check
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a09295f841be8add0cbfc2932c59535f0d1365ed
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 17:54:19 2013 -0500
>
> coverity: don't leak partial_fd
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ca6973422d5471281126e9e1884633367479f246
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 17:48:54 2013 -0500
>
> coverity: don't leak open DIR
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 01efd4d3d91713fc4f8ca55c7726b8216ed16fc6
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 16:58:24 2013 -0500
>
> coverity: correctly handle tpath error case.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1fd9bd50ab0ccea0a6c069147a4bccb0751ca18f
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 16:50:25 2013 -0500
>
> coverity: ftell returns long, not size_t (which is unsigned)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b4569e93217fe9a18af35b4475c8f8eac1436759
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 20 16:29:29 2013 -0500
>
> coverity: don't bother getting template path if we're not going to measure it
>
> This should also fix a memory leak, since we were freeing it under ifdef
> but always allocating it.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fb760f70541c9af728eb2ab0c6175875f7448752
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Mon Aug 19 10:18:37 2013 -0400
>
> ubuntu-cloud-prep: improve overlayfs workaround
>
> the previous 'patch_start' can be vastly simplified now that I better
> understand what the bug was. Instead of wrapping 'start', we only
> need to ensure that /etc/init exists inside the overlayfs, so that the
> directory that upstart watches is guaranteed to be in the overlay, not
> the underlay.
>
> The problem is described under bug 1213925.
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit e14f67a7bfa7065480fc7cd47a45f209a0aee79b
> Author: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>
> Date: Mon Aug 19 13:34:59 2013 +0000
>
> cgroup updates: fix several bugs
>
> 1. add cgroup_get_subsys_abspath() which returns the absolute
> path for a subsystem mount, and use that where needed to actually
> set cgroup values
>
> 2. cgroup_devices_has_{allow,deny}: don't mix int and boolean
> values. Also, accept 'a *:* rwm" as any whitelist entry for
> has_allow().
>
> 3. subsys_lists_match(): fix an off-by-one error in calculating
> updated oldlen. (we need to keep the extra char for '\0')
>
> 4. return -1, not 0, if lxc_cgroup_attach fails to open
> /proc/self/cgroup.
>
> Signed-off-by: Ubuntu <ubuntu at ip-10-181-158-15.ec2.internal>
>
> commit c9ec905567952830d58a14d1e3a3ea4e1f8b0041
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon Aug 19 00:52:44 2013 +0200
>
> python/attach: Add function that returns personality for architecture
>
> Adds the arch_to_personality function that looks up an architecture
> and returns the corresponding personality. This may be used in
> conjunction with the attach/attach_wait keyword argument.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 01bfae14dd898fecf0bd130e47a62a3155f619d0
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon Aug 19 00:52:43 2013 +0200
>
> python/attach: export CLONE_NEW* constants to Python
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4f17323e79969a98604bc30a8cc24cf083d474c3
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon Aug 19 00:52:40 2013 +0200
>
> cgroup: minor bugfixes so start and attach work again
>
> This fixes some minor bugs in the cgroup logic that made start and
> attach fail (at least when all cgroup controllers were mounted
> together).
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9c6694b7073a6ebfd1da4950e0c8db4b91530202
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon Aug 19 00:52:42 2013 +0200
>
> python/attach: Fix minor memory leaks
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a9cab7e39b101b89470e2e4109c14e7f17218032
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon Aug 19 00:52:41 2013 +0200
>
> attach: Fix minor memory leak in environment variable handling
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 55c76589fd19e5f04697dcfd0084039cd77ef304
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Mon Aug 19 14:37:20 2013 +0200
>
> Remove all trailing whitespaces
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 37fc7b9e2eca60e838bf5bf061bd8a8206e4fa9d
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 16:55:40 2013 +0200
>
> Fix lxc-user-nic to work on bionic
>
> This adds a couple of missing includes, uses the local version of
> getline on bionic and replaces getpwuid_r by getpwuid.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit e768f9c0f69df1f02f8252fead6d82648b410bd8
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 16:42:39 2013 +0200
>
> Add missing namespace.h include
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 511a6936c7062d59dd9335ef16d9165d19c45604
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 16:40:48 2013 +0200
>
> Allow building without confstr
>
> We use confstr to grab the default PATH value. If it's not there, just
> use a standard one with bin and sbin for /, /usr and /usr/local.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1a2e58cf55979749ea76835d0b36327c051c2715
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:38:13 2013 +0200
>
> Don't define new_personality when building without personalities
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5ec279894e8b1275b6cbfaaddb425e8f56639bdc
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:35:51 2013 +0200
>
> Add missing sys/socket.h include
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit a3da2f3bd755165c50c5c7fb55c2bfcb042fb3d8
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:35:06 2013 +0200
>
> Define SOCK_CLOEXEC when missing
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 7f3e12f3e5223c6a6c34bafdf47df86f66078963
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:22:28 2013 +0200
>
> Use srand/rand instead of initstate/random
>
> initstate/random doesn't work on bionic, srand/rand works on everything,
> so let's use that.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2e74d6f3744e5aef2e01f1f295472ffdb58f1929
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:10:13 2013 +0200
>
> Include stdio.h in getline.h for FILE
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 120ce443c466fb1d286ffd200ca22a1e9db7284c
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:08:39 2013 +0200
>
> Import local getline copy on bionic
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2b89a9c19db30894e2476a5a750c443dee339d70
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 15:05:52 2013 +0200
>
> Add missing sys/select.h include for fd_set
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit ec346ea11f76d0797035c476794104a3230531f9
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:28:17 2013 +0200
>
> Add missing syscall.h include to utils.h
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 180edd67022017351a6546b4aa79bcaefada01c8
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:25:28 2013 +0200
>
> Add arm defines for __NR_signalfd(4)
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 590ae889334b01a59606a1a8952d976098bd6123
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:22:38 2013 +0200
>
> Android now uses a sane clone() definition
>
> The current Android NDK provides a clone() defintion that's identical to
> eglibc's so we can drop the ifdef from that one.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit bff13ba210ed61f756fc82adce1921f84b43ffe0
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:19:44 2013 +0200
>
> Define BLKGETSIZE64 and LO_FLAGS_AUTOCLEAR
>
> Those two aren't always around (specifically on bionic), so add some
> defines in case they aren't already defined.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 92adc3e911314a6f90986d8410ec0ff4b82c9f79
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:18:15 2013 +0200
>
> Export the local getmntent_r implementation
>
> New code now uses getmntent_r so we need it exported so that it can be
> used when building on bionic.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit c32981c3fb1bf5191052fb1c348bdc8b9e7c1b15
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 11:53:11 2013 +0200
>
> Replace all calls to rindex by strrchr
>
> The two functions are identical but strrchr also works on Bionic.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4ba0d9af63fbf7e9acfa068a1fe36b3d287b9c6b
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 11:47:10 2013 +0200
>
> Add a local implementation of ifaddrs.h
>
> This adds a local ifaddrs implementation to be used on Bionic or other C
> libraries that don't come with a getifaddrs implementation.
>
> This code was written by Kenneth MacKay and is under a two-clause BSD
> license (copyright information in the file headers).
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit d24d56d7ee3420bb79238ff84cad07c20cf4757d
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Fri Aug 16 16:47:32 2013 -0400
>
> ubuntu-cloud-prep: patch /sbin/start for overlayfs
>
> upstart depends on inotify, and overlayfs does not support inotify.
>
> That means that the following results in 'tgt' not running. tgt is simply
> used here as an example of a service that installs an upstart job and
> starts it on package install.
> lxc-clone -s -B overlayfs -o source-precise-amd64 -n test1
> lxc-start -n test1
> ..
> apt-get install tgt
>
> The change here is to modify /sbin/start inside the container so that when
> something explicitly tries 'start', it results in an explicit call to
> 'initctl reload-configuration' so that upstart is aware of the newly
> placed job.
>
> Should overlayfs ever gain inotify support, this should still not cause
> any harm.
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit e3fdf5cc9c60eb97f8520f059ad1a09d3f73509d
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 16 15:50:25 2013 -0500
>
> lxc-clone: default to overlaysf for -s clone of dir
>
> If you go to the trouble to request a -s (snapshot) clone of
> a container which is dir backingstore, then you deserve an
> overlayfs clone.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6fe93aa1877359365a07d9110e0e2dbfb3b0205f
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 16 13:34:36 2013 -0500
>
> cgroup.c: remove spurious ERROR messages
>
> Because they are in probing functions.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit d74325c436457b87b17e3ea598a9eb4ba66e0d49
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 14:57:44 2013 +0200
>
> Replace a few more str(n)dupa by str(n)dup + free
>
> strdup and strndup still don't exist on bionic, so we need to do the
> alloc() call ourselves or free the memory by hand.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1d374b9725e53d8b099970c1b501d56d599c4772
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 16 12:09:02 2013 +0200
>
> Add attach_options.h to the list of included files
>
> Without this, make dist doesn't include it and LXC fails to build.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit fbbf51926e113e5e70d6ea507ed7d1019d0e0aa8
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Aug 15 15:37:30 2013 -0500
>
> document new lxc-create btrfs behavior
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d44e88c26690a56f9efac58f602dba06c9ec0c90
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Aug 15 12:55:50 2013 -0500
>
> bdev: support -B best and -B lvm,dir
>
> -B dev will check whether btrfs, zfs, or lvm can be used,
> in that order, and fall back to dir.
>
> -B lvm,btrfs will try lvm first, then btrfs, then fail.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d3060bd055eac45c1767e1e80fcaba763eb7477d
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Aug 15 12:22:26 2013 -0500
>
> bdev_create: don't default to btrfs if possible
>
> Ideally it would be great to default to a btrfs subvolume for each new
> container created. However, this is not as we previously thought
> without consequence. 'rsync --one-file-system' will not descend into
> btrfs subvolumes. This means that 'lxc-create -B _unset' will cause
> different behavior for rsync -vax /var/lib/lxc based on whether that
> fs is btrfs or not.
>
> So don't do that. If -B is not specified, use -B dir.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d007f8ab3da297ed0de884e0c6e57a66de2fcb42
> Author: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
> Date: Thu Aug 15 14:27:05 2013 +0800
>
> Add subdir-objects option to AM_INIT_AUTOMAKE
>
> Fix build with automake 1.14 and newer, since it requires explicit
> setting now.
>
> Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit bf7d3153c925ca1404662a8fe031da27308f4187
> Author: Michael H. Warfield <mhw at WittsEnd.com>
> Date: Thu Aug 15 13:57:50 2013 -0400
>
> lxc-fedrora: New patch for systemd detection and init configuration.
>
> Satoshi Matsumoto certainly had the right idea and in spotting a bug in
> the lxc-fedora template for systemd detection. Heart was in the right
> spot but patch was not what we needed.
>
> I've looked the patch code over for systemd support and init/upstart
> support and modified the logic appropriately. If /etc/systemd/system
> exists, we'll do the right thing by systemd. If /etc/rc.sysinit exists,
> we'll do the right thing by init / upstart. If both are installed,
> we'll trying and accommodate both in case someone is playing games with
> the two (I've done this).
>
> Patch was trivial, just took more time to actually test it and create
> some containers with it and verify them, than it did to code them.
>
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3d5e9f4801c0311a6300fc781a4c0a09a6d463fe
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue Aug 13 23:04:37 2013 +0200
>
> attach: implement remaining options of lxc_attach_set_environment
>
> This patch implements the extra_env and extra_keep options of
> lxc_attach_set_environment.
>
> The Python implementation, the C container API and the lxc-attach
> utility are able to utilize this feature; lxc-attach has gained two new
> command line options for this.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit d7a09c630b2150636bf4dfb266bc632abd65dfa8
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue May 21 14:57:06 2013 +0200
>
> python: add attach support
>
> Add methods attach() and attach_wait() to the Python API that give
> access to the attach functionality of LXC. Both accept two main
> arguments:
>
> 1. run: A python function that is executed inside the container
> 2. payload: (optional) A parameter that will be passed to the python
> function
>
> Additionally, the following keyword arguments are supported:
>
> attach_flags: How attach should operate, i.e. whether to attach to
> cgroups, whether to drop capabilities, etc. The following
> constants are defined as part of the lxc module that may
> be OR'd together for this option:
> LXC_ATTACH_MOVE_TO_CGROUP
> LXC_ATTACH_DROP_CAPABILITIES
> LXC_ATTACH_SET_PERSONALITY
> LXC_ATTACH_APPARMOR
> LXC_ATTACH_REMOUNT_PROC_SYS
> LXC_ATTACH_DEFAULT
> namespaces: Which namespaces to attach to, as defined as the flags that
> may be passed to the clone(2) system call. Note: maybe we
> should export these flags too.
> personality: The personality of the process, it will be passed to the
> personality(2) syscall. Note: maybe we should provide
> access to the function that converts arch into
> personality.
> initial_cwd: The initial working directory after attaching.
> uid: The user id after attaching.
> gid: The group id after attaching.
> env_policy: The environment policy, may be one of:
> LXC_ATTACH_KEEP_ENV
> LXC_ATTACH_CLEAR_ENV
> extra_env_vars: A list (or tuple) of environment variables (in the form
> KEY=VALUE) that should be set once attach has
> succeeded.
> extra_keep_env: A list (or tuple) of names of environment variables
> that should be kept regardless of policy.
> stdin: A file/socket/... object that should be used as stdin for the
> attached process. (If not a standard Python object, it has to
> implemented the fileno() method and provide a fd as the result.)
> stdout, stderr: See stdin.
>
> attach() returns the PID of the attached process, or -1 on failure.
>
> attach_wait() returns the return code of the attached process after
> that has finished executing, or -1 on failure. Note that if the exit
> status of the process is 255, -1 will also be returned, since attach
> failures result in an exit code of 255.
>
> Two default run functions are also provided in the lxc module:
>
> attach_run_command: Runs the specified command
> attach_run_shell: Runs a shell in the container
>
> Examples (assumeing c is a Container object):
>
> c.attach_wait(lxc.attach_run_command, 'id')
> c.attach_wait(lxc.attach_run_shell)
> def foo():
> print("Hello World")
> # the following line is important, otherwise the exit code of
> # the attached program will be -1
> # sys.exit(0) will also work
> return 0
> c.attach_wait(foo)
> c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'])
> c.attach_wait(lxc.attach_run_command, ['cat', '/proc/self/cgroup'],
> attach_flags=(lxc.LXC_ATTACH_DEFAULT &
> ~lxc.LXC_ATTACH_MOVE_TO_CGROUP))
>
> Note that while it is possible to execute Python code inside the
> container by passing a function (see example), it is unwise to import
> modules, since there is no guarantee that the Python installation
> inside the container is in any way compatible with that outside of it.
> If you want to run Python code directly, please import all modules
> before attaching and only use them within the container.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit b7f2846aabb8c1c59b078b4c529e60ea254432f1
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue Aug 13 21:36:58 2013 +0200
>
> python: improve convert_tuple_to_char_pointer_array
>
> convert_tuple_to_char_pointer_array now also accepts lists and not only
> tuples when converting to a C array. Other fixes:
>
> - some checking that it's actually a list/tuple before trying to
> convert
> - off-by-a-few-bytes allocation error
> (sizeof(char *)*n+1 vs. sizeof(char *)*(n+1)/calloc(...))
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 626ad11bfee3e12e675f51e92920030a6f383b19
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue Aug 13 21:33:19 2013 +0200
>
> apparmor/attach: make sure buffer is NUL-terminated
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit a0e93eeb2293e15a18e6c56271d13907f082c4df
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue May 21 14:57:06 2013 +0200
>
> Add attach support to container C API
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 61a1d519f472c1ac95c641d974401c932f82be66
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue May 21 14:56:00 2013 +0200
>
> Add helper functions to convert va_list of char* to char**.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9c4693b853c5a9ab2156544ee3334a082cdba420
> Author: Christian Seiler <christian at iwakd.de>
> Date: Wed May 8 14:57:35 2013 +0200
>
> lxc-attach: Completely rework lxc-attach and move to API function
>
> - Move attach functionality to a completely new API function for
> attaching to containers. The API functions accepts the name of the
> container, the lxcpath, a structure indicating options for attaching
> and returns the pid of the attached process. The calling thread may
> then use waitpid() or similar to wait for the attached process to
> finish. lxc-attach itself is just a simple wrapper around the new
> API function.
>
> - Use CLONE_PARENT when creating the attached process from the
> intermediate process. This allows the intermediate process to exit
> immediately after attach and the original thread may supervise the
> attached process directly.
>
> - Since the intermediate process exits quickly, its only job is to
> send the original process the pid of the attached process (as seen
> from outside the pidns) and exit. This allows us to simplify the
> synchronisation logic by quite a bit.
>
> - Use O_CLOEXEC / SOCK_CLOEXEC on (hopefully) all FDs opened in the
> main thread by the attach logic so that other threads of the same
> program may safely fork+exec off. Also, use shutdown() on the
> synchronisation socket, so that if another thread forks off without
> exec'ing, the synchronisation will not fail. (Not tested whether
> this solves this issue.)
>
> - Instead of directly specifying a program to execute on the API
> level, one specifies a callback function and a payload. This allows
> code using the API to execute a custom function directly inside the
> container without having to execute a program. Two default callbacks
> are provided directly, one to execute an arbitrary program, another
> to execute a shell. The lxc-attach utility will always use either
> one of these default callbacks.
>
> - More fine-grained control of the attached process on the API level
> (not implemented in lxc-attach utility yet, some may not be sensible):
> * Specify which file descriptors should be stdin/stdout/stderr of
> the newly created process. If fds other than 0/1/2 are
> specified, they will be dup'd in the attached process (and the
> originals closed). This allows e.g. threaded applications to
> specify pipes for communication with the attached process
> without having to modify its own stdin/stdout/stderr before
> running lxc-attach.
> * Specify user and group id for the newly attached process.
> * Specify initial working directory for the newly attached
> process.
> * Fine-grained control on whether to do any, all or none of the
> following: move attached process into the container's init's
> cgroup, drop capabilities of the process, set the processes's
> personality, load the proper apparmor profile and (for partial
> attaches to any but not mount-namespaces) whether to unshare the
> mount namespace and remount /sys and /proc. If additional
> features (SELinux policy, SMACK policy, ...) are implemented,
> flags for those may also be provided.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 650468bb4a5c9a6c69b524f574e8d0f315f45c37
> Author: Christian Seiler <christian at iwakd.de>
> Date: Tue May 21 11:58:35 2013 +0200
>
> Fix return type of read/write utility functions.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit b93aac46f2802b3639c1ac2ed0cf71174673d110
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 14 15:01:40 2013 -0500
>
> lxc-stop: exit with 1 or 2, not -1 or -2.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 01e6b7148046c3f41849d093bc61454279792b80
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 14 14:58:48 2013 -0500
>
> lxc_destroy: print an error if the container is not defined.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b98f7d6ed1b89b6452af4a2b5e27d445e4b3a138
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 9 23:47:37 2013 -0500
>
> cgroups: rework to handle nested containers with multiple and partial mounts
>
> Currently, if you create a container and use the mountcgruop hook,
> you get the /lxc/c1/c1.real cgroup mounted to /. If you then try
> to start containers inside that container, lxc can get confused.
> This patch addresses that, by accepting that the cgroup as found
> in /proc/self/cgroup can be partially hidden by bind mounts.
>
> In this patch:
>
> Add optional 'lxc.cgroup.use' to /etc/lxc/lxc.conf to specify which
> mounted cgroup filesystems lxc should use. So far only the cgroup
> creation respects this.
>
> Keep separate cgroup information for each cgroup mountpoint. So if
> the caller is in devices cgroup /a but cpuset cgroup /b that should
> now be ok.
>
> Change how we decide whether to ignore failure to set devices cgroup
> settings. Actually look to see if our current cgroup already has the
> settings. If not, add them.
>
> Finally, the real reason for this patch: in a nested container,
> /proc/self/cgroup says nothing about where under /sys/fs/cgroup you
> might find yourself. Handle this by searching for our pid in tasks
> files, and keep that info in the cgroup handler.
>
> Also remove all strdupa from cgroup.c (not android-friendly).
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 070a4b8e68a6bf9a96c24ded47974388c83f1d57
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 9 21:08:28 2013 -0500
>
> lxc-user-nic: specify config and db files in autoconf
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 20ab58c777136a449b3199e0733b62fa87ecfa61
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Aug 9 14:48:35 2013 -0500
>
> add lxc-user-nic
>
> It is meant to be run setuid-root to allow unprivileged users to
> tunnel veths from a host bridge to their containers. The program
> looks at /etc/lxc/lxc-usernet which has entries of the form
>
> user type bridge number
>
> The type currently must be veth. Whenver lxc-user-nic creates a
> nic for a user, it records it in /var/lib/lxc/nics (better location
> is needed). That way when a container dies lxc-user-nic can cull
> the dead nic from the list.
>
> The -DISTEST allows lxc-user-nic to be compiled so that it uses
> files under /tmp and doesn't actually create the nic, so that
> unprivileged users can compile and test the code. lxc-test-usernic
> is a script which runs a few tests using lxc-usernic-test, which
> is a version of lxc-user-nic compiled with -DISTEST.
>
> The next step, after issues with this code are raised and addressed,
> is to have lxc-start, when running unprivileged, call out to
> lxc-user-nic (will have to exec so that setuid-root is honored).
> On top of my previous unprivileged-creation patchset, that should
> allow unprivileged users to create and start useful containers.
>
> Also update .gitignore.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3fb18be95747034bf36f46be11b0eb288b2ec1b4
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 14 09:57:12 2013 -0500
>
> hooks/Makefile.am: add ubuntu-cloud-prep
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit baece282266318a9bb527cefc85ebf7b6dd7f10e
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 13 13:45:56 2013 -0500
>
> lxc.conf.sgml.in: note the arguments and environment variables passed to hooks
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8bb17b7791777538d8f7cc957939fc871843f218
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 13 00:05:49 2013 -0500
>
> mountcgroups: use the right configuration file!
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 79159a86ddb51071055abd7ee08935bc65b9e7a9
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Sat Aug 10 05:51:21 2013 -0400
>
> ubuntu-cloud-prep: cleanup, fix bug with userdata
>
> --userdata was broken, completely missing an implementation.
> This adds that implementation back in, makes 'debug' logic
> correct, and then also improves the doc at the top.
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 034a01593a4ae10d6f1e49b71afbfff70cfc226c
> Author: Franz Pletz <fpletz at fnordicwalking.de>
> Date: Mon Aug 12 14:01:39 2013 +0200
>
> lxc-destroy: Fix regular expression for getting rootfs
>
> The `lxc-destroy` script was using a simple `grep` for extracting
> `lxc.rootfs` from the lxc config. This regex also matches commented lines
> and breaks at least removing btrfs subvolumes if the string `lxc.rootfs`
> is mentioned in a comment. Furthermore, due to the unescaped dot in the
> regex it would also match other wrong strings like `lxc rootfs`.
>
> This patch modifies the regular expression to correctly match the beginning
> of the line plus potential whitespace characters and the string
> `lxc.rootfs`.
>
> Signed-off-by: Franz Pletz <fpletz at fnordicwalking.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 54e339f91785368a7825b2edaad04c2177a1a382
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Fri Aug 9 15:37:23 2013 +0100
>
> ubuntu-cloud-prep: fix bad declare of VERBOSITY
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 65d8ae9c4a66f5ca85289c02dc06d63261c84619
> Author: Scott Moser <smoser at ubuntu.com>
> Date: Thu Aug 8 19:16:59 2013 +0100
>
> add a clone hook for ubuntu-cloud images
>
> This allows ability to now specify '--userdata' arguments to 'create' or
> to 'clone'. So now, the following means very fast start of instances with
> different user-data.
>
> $ sudo lxc-create -t ubuntu-cloud -n precise -- \
> -r precise --arch amd64
>
> $ sudo lxc-clone -B overlayfs -o precise -s -n ephem1 \
> --userdata="my.userdata1"
> $ sudo lxc-clone -B overlayfs -o precise -s -n ephem2 \
> --userdata="my.userdata2"
>
> Also present here is
> * an improvement to the static list of Ubuntu releases. It uses
> ubuntu-distro-info if available degrades back to a static list on failure.
> * moving of the replacement variables to the top of the create template This
> is just to make it more obvious what is being replaced and put them in a
> single location.
>
> Signed-off-by: Scott Moser <smoser at ubuntu.com>
>
> commit 1c8e4ee0a08638e35732a0ddd0052ecde49fbecb
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 9 15:06:02 2013 +0200
>
> Cleanup Makefile.am
>
> Remove some dead code and fix identation, no functional change.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 4a0ba80d62c0d8aeb5c9857749659fdf716c380a
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Aug 9 11:32:55 2013 +0200
>
> Replace mktemp() by a new mkifname()
>
> Using mktemp() leads to build time warnings and isn't actually
> appropriate for what we want to do as it's checking for the existence of
> a file and not a network interface.
>
> Replace those calls by an equivalent mkifname() function which uses the
> same template as mktemp but instead checks for existing network
> interfaces.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b40a606e52c788db85fe1c42d3747483d159b6a5
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Aug 6 14:56:48 2013 -0500
>
> Logging: don't confuse command line and config file specified values
>
> Currently if loglevel/logfile are specified on command line in a
> program using LXC api, and that program does any
> container->save_config(), then the new config will be saved with the
> loglevel/logfile specified on command line. This is wrong, especially
> in the case of
>
> cat > lxc.conf << EOF
> lxc.logfile=a
> EOF
>
> lxc-create -t cirros -n c1 -o b
>
> which will result in a container config with lxc.logfile=b.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 96532523ef90ea6ce3f08ec7d74c3c850b885e50
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Aug 5 15:20:29 2013 -0500
>
> lxc-clone: don't s/oldname/newname in the config file and hooks
>
> 1. container hooks should use lxcpath and lxcname from the environment.
> 2. the utsname now gets separately updated
> 3. the rootfs path gets updated by the bdev backend.
> 4. the fstab mount targets should be relative
> 5. the fstab source directories could be separately updated if needed.
>
> This leaves one definate bug: the lxc.logfile does not get updated.
> This made me wonder why it was in the configuration file to begin with.
> Digging deeper, I realized that whatever '-o outfile' you give
> lxc-create gets set in log.c and gets used by the lxc_container object
> we create at write_config(). So if you say
> lxc-create -t cirros -n c1 -o /tmp/out1
> then /var/lib/lxc/c1/config will have lxc.logfile=/tmp/out1 - which is
> clearly wrong. Therefore I leave fixing that for later.
>
> I'm looking for candidates for $p/$n expansion. Note we can't expand
> these at config_utsname() etc, because then lxc-clone would see the
> expanded variable. So we want to read $p/$n verbatim at config_*(),
> and expand them only when they are used. lxc.logfile is an obvious
> good use case. lxc.utsname can do it too, in case you want container
> c1 to be called "c1-whatever". I'm not sure that's worth it though.
> Are there any others, or is that it?
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d273b8abfa24040c8ef0dd73eb1d30ef8dcbec54
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Aug 7 08:53:07 2013 -0500
>
> ubuntu-cloud: remove debugging echo
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit c9cbb9e51436f84d7871a50776dccacfd8dc196a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 26 22:57:10 2013 +0200
>
> cgroups: fix the recently broken setting of clone_children
>
> Several places think that the current cgroup will be NULL rather
> than "/" when we're in the root cgroup. Fix that.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2c495ae35a804e3c12cb9f4826c30295043986ce
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 22 23:59:18 2013 -0500
>
> cgroup_enter: catch write errors
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit d155b47dac549a5c30c0011923274e3744109c91
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 22 15:23:58 2013 -0500
>
> define lxc-usernsexec
>
> It uses the newuidmap and newgidmap program to start a shell in
> a mapped user namespace. While newuidmap and newgidmap are
> setuid-root, lxc-usernsexec is not.
>
> If new{ug}idmap are not available, then this program is not
> built or installed. Otherwise, it will be used to support creating,
> starting, destroying, etc containers by unprivileged users using
> their authorized subuids and subgids.
>
> Example:
> usernsexec -m u:0:100000:1 -- /bin/bash
>
> will, if the user is authorized to use subuid 100000, start a
> bash shell in a user namespace where 100000 on the host is
> mapped to root in the namespace, and the shell is running as
> (privileged) root.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 469b57873977afcb5d9f5adb00097c944caedd2a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 22 14:09:19 2013 -0500
>
> lxclock: use XDG_RUNTIME_DIR for lock if appropriate (v2)
>
> If we are euid==0 or XDG_RUNTIME_DIR is not set, then use
> /run/lock/lxc/$lxcpath/$lxcname as before. Otherwise,
> use $XDG_RUNTIME_DIR/lock/lxc/$lxcpath/$lxcname.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Cc: Stéphane Graber <stephane.graber at canonical.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit b60ed720848c8276e4e770d380ec6014768d9923
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 10 12:35:26 2013 -0700
>
> A few changes for unprivileged lxc-start
>
> When doing reboot test, must add clone_newuser to clone flags, else
> we can't clone(CLONE_NEWPID).
>
> If we don't have caps at lxc-start, don't refuse to start. Drop the
> lxc_caps_check() function altogether as it is unused now.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit b113383b84e5fcd2997a939d3f826a06b109e3d9
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Jul 18 22:46:30 2013 -0500
>
> send current cgroup to lxc_cgroup_create()
>
> This is needed if we're going to have unprivileged users
> create containers inside cgroups which they own.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 1aad9e44d65e7c20dabc4c99f57bcf532db66c68
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 15 20:24:14 2013 -0500
>
> ubuntu-cloud: changes to support unprivileged use
>
> don't try to lock if using a specified tarball
>
> The lock/subsys/lxc-ubuntu-cloud lock is to protect the tarballs
> managed under /var/cache/lxc/cloud-$release. Don't lock if we've
> been handed a tarball.
>
> fake device creation
>
> Unprivileged users can't create devices, so bind mount null, tty, urandom
> and console from the host.
>
> Changelog:
> Jul 22: as Stéphane points out, remove a left-over debug line
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 460bcbd85c97b5a0eac9cf7cead1abde1281cd5a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 8 20:25:06 2013 -0500
>
> lxc-create: support unpriv users
>
> Just make sure we are root if we are asked to deal with something other
> than a directory, and make sure we have permission to create the
> container in the given lxcpath.
>
> The templates will need much more work.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 5be56973e5e874a142263dfb164b0b03e18a65f3
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 8 20:15:29 2013 -0500
>
> templates: require running as root
>
> Up to now lxc-create ensured that you were running as root. Now the
> templates which require root need to do it for themselves. Templates
> which do mknod definately require root.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 4165b2c65648b5df521c6e83b1cbad91d0896a00
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Jul 18 16:08:12 2013 -0500
>
> teach lxc-cirros about the --rootfs argument
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6f259716e75552cf46ee5125bdbd21e34456d0c0
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Jul 17 09:38:28 2013 -0500
>
> ubuntu templates: add some kernel filesystems to container fstab
>
> The debugfs, fusectl, and securityfs may not be mounted inside a
> non-init userns. But mountall hangs waiting for them to be
> mounted. So just pre-mount them using $lxcpath/$name/fstab as
> bind mounts, which will prevent mountall from trying to mount
> them.
>
> If the kernel doesn't provide them, then the bind mount failure
> will be ignored, and mountall in the container will proceed
> without the mount since it is 'optional'. But without these
> bind mounts, starting a container inside a user namespace
> hangs.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 8058be395d46cfabf2dacd7df79e95309619986a
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Jul 16 10:35:02 2013 -0400
>
> clone: only update <rootfs>/etc/hostname if it exists
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 819554fe20bbc0ce720b5ed0d5b8e53aeba6b284
> Author: John McFarlane <john at rockfloat.com>
> Date: Fri Jul 12 14:06:20 2013 -0700
>
> Make get_ips timeout poll configurable
>
> This commit increases the default timeout used by lxc-start-ephemeral
> from 5 to 10, and adds support for an LXC_IP_TIMEOUT override.
>
> Patchset 2:
> - Previous patch used a command line arg.
>
> Signed-off-by: John McFarlane <john at rockfloat.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 5202677243dcda16ab97c07d497174726198f7ab
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Jul 16 08:11:56 2013 -0500
>
> lxccontainer: don't define certain variables if !HAVE_GNUTLS
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 27c27d73e1b1a07e3621484fa033206549e2a1f5
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 15 16:42:15 2013 -0500
>
> userns: clear and save id_map (v2)
>
> Otherwise (a) there is a memory leak when using user namespaces and
> clearing a config, and (b) saving a container configuration file doesn't
> maintain the userns mapping. For instance, if container c1 has
> lxc.id_map configuration entries, then
>
> python3
> import lxc
> c=lxc.Container("c1")
> c.save_config("/tmp/config1")
>
> should show 'lxc.id_map =' entries in /tmp/config1.
>
> Changelog for v2:
> 1. fix incorrect saving of group types (s/'c'/'g')
> 2. fix typo -> idmap->type should be idmap->idtype
>
> Reported-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
> Tested-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit 3ce746862b2a2b33f3de65aeecda0bad1a5dd27c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 12 14:07:23 2013 -0500
>
> lxc_create: prepend pretty header to config file (v2)
>
> Define a sha1sum_file() function in utils.c. Use that in lxcapi_create
> to write out the sha1sum of the template being used. If libgnutls is
> not found, then the template sha1sum simply won't be printed into the
> container config.
>
> This patch also trivially fixes some cases where SYSERROR is used after
> a fclose (masking errno) and missing consts in mkdir_p.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 868a70afead6cc48a4c883126ea3ef01b6ec57e0
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 12 15:33:06 2013 -0500
>
> ubuntu-cloud template: accept --rootfs argument
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6a2e602b1b03617e77dcd4b5f82f34713a970ac4
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 12 14:08:17 2013 -0500
>
> remove old lxc-create script.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit dc23c1c817da5c13529432270e51d0f7f3b1e95e
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 12 09:44:41 2013 -0500
>
> create: add a quiet flag
>
> If set, then fds 0,1,2 will be redirected while the creation
> template is executed.
>
> Note, as Dwight has pointed out, if fd 0 is redirected, then if
> templates ask for input there will be a problem. We could simply
> not redirect fd 0, or we could require that templates work without
> interaction. I'm assuming here that we want to do the latter, but
> I'm open to changing that.
>
> Reported-by: "S.Çağlar Onur" <caglar at 10ur.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ae13ae0853a246119ddaf9c8cc6d128a21a8988c
> Author: zoolook <nbensa+lxcusers at gmail.com>
> Date: Thu Jul 11 20:38:02 2013 -0300
>
> lxc_clone.c: Allow size subfixes for -L parameter
>
> lxc-clone ignores size subfixes (K, M, G) when using -L parameter. The
> following is a quick patch to allow, for example, lxc-clone -L 10G.
>
> Signed-off-by: Norberto Bensa <nbensa at gmail.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 283678ed2ccd88a6ba57fcb28516311adcdb6fac
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jul 5 19:34:55 2013 -0500
>
> Accomodate stricter devices cgroup rules
>
> 3.10 kernel comes with proper hierarchical enforcement of devices
> cgroup. To keep that code somewhat sane, certain things are not
> allowed. Switching from default-allow to default-deny and vice versa
> are not allowed when there are children cgroups. (This *could* be
> simplified in the kernel by checking that all child cgroups are
> unpopulated, but that has not yet been done and may be rejected)
>
> The mountcgroup hook causes lxc-start to break with 3.10 kernels, because
> you cannot write 'a' to devices.deny once you have a child cgroup. With
> this patch, (a) lxcpath is passed to hooks, (b) the cgroup mount hook sets
> the container's devices cgroup, and (c) setup_cgroup() during lxc startup
> ignores failures to write to devices subsystem if we are already in a
> child of the container's new cgroup.
>
> ((a) is not really related to this bug, but is definately needed.
> The followup work of making the other hooks use the passed-in lxcpath
> is still to be done)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit cbee8106e38f9ffa130c7bf8be325f7f203da67a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Jul 10 23:30:29 2013 -0500
>
> lxcapi_create: fix template handling
>
> 1. If no template is passed in, then do not try to execute it. The user
> just wanted to write the configuration.
>
> 2. If template is passed in as a full path, then use that instead of
> constructing '$templatedir/lxc-$template'.
>
> Reported-by: Wanlong Gao <gaowanlong at cn.fujitsu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 96b3cb407c07915db2cd0542c313a4bff4d1d389
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Jul 10 23:29:20 2013 -0500
>
> lxcapi_create: split out the template execution
>
> Make it its own function to make both more readable.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fb75356a85e3097db77386e7c62836a3ee69217f
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Jul 9 14:44:36 2013 -0400
>
> oracle template: use clonehostname hook script
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1143ed392d2760e8f7aeee88d570bb0ba151885f
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Jul 9 16:19:45 2013 -0400
>
> add clonehostname hook
>
> This hook script updates the hostname in various files under /etc in the
> cloned container. In order to do so, the old container name is passed in
> the LXC_SRC_NAME environment variable.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b9b3a92f664fe3966decd0411b25fb6b77425e23
> Author: Michael H. Warfield <mhw at WittsEnd.com>
> Date: Tue Jul 9 15:40:38 2013 -0400
>
> lxc-fedora template - Fix retries, use os-release for release, add utsname.
>
> Hey all!
>
> Patch for the Fedora template. Several things...
>
> 1) A month or so ago, I floated an idea of adding an option for utsname
> which Serge seemed to like but we let it float for more feedback (none
> came).
>
> 2) In private mail to Serge and Stéphane I mentioned the idea of using
> the CPE (Common Platform Enumeration) for host distro and version
> identification. I heard back from Serge but not Stéphane. CPE is a
> standard promoted by NIST and Mitre (along with CVE and CVSS) as part of
> the security community as a common identification mechanism. It's
> supported by RedHat based distros and many others (notable exception
> Ubuntu). I've patched the Fedora template to parse first
> the /etc/os-release file or, alternatively, the /etc/system-release-cpe
> file for the distro ID and version instead of the human
> readable /etc/redhat-release. There's more that can be done with that
> in the realm of cross distro container builds, I suspect.
>
> 3) At the time of working on 1&2 I noticed that the retry logic in the
> Fedora template just didn't seem right. I believe I posted a message
> asking for clarification on that behavior. A recently post in the
> -users list indicating that someone could not create a Fedora 19
> container (because the release ver string was 19-2 and the template was
> only looking for -1) prompted me to rework the retry logic for handling
> the mirror list and servers as well as revamp the download logic to
> properly identify the correct release package.
>
> The patch for all of the above is attached below the jump. It's been
> tested on Fedora 17 through Fedora 19 hosts and has created containers
> for F11, F12, F13, F14, F16, F17, F18, and F19. F15 failed for rpm
> dependency issues that are not worth fixing (IMHO).
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
>
> --
>
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3327917f4a991a49ba1562b774c63c45139772eb
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Jul 9 18:07:26 2013 -0400
>
> fix potential out of bounds pointer deref
>
> I noticed that if find_first_wholeword() is called with word at the very
> beginning of p, we will deref *(p - 1) to see if it is a word boundary.
> Fix by considering p = p0 to be a word boundary.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9313e1e628160ca64f9e7fcec6500056c9a0725f
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Tue Jul 9 18:30:52 2013 -0400
>
> ubuntu: Tweak layout of the config
>
> Just add an extra white line to both templates.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 6cda3f5ac1e3a20a97a419923e587d6bdb1fece9
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Mon Jul 8 13:02:52 2013 -0400
>
> ubuntu: Fix openssh postinst call in >= saucy
>
> The new openssh uses a different mechanism to start/stop the daemon
> which in turn requires a few tweaks in our template to deal with both
> the new and old ways of doing that.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit b58e60e232a3049d946a3b18e6f21912cd3453f0
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Mon Jul 8 11:01:36 2013 -0400
>
> lxc-start-ephemeral: Fix console() and add storage option
>
> The introduction of the new console() python API broke
> lxc-start-ephemeral's console(tty=1) call, I now changed that to
> console() which does the right thing with both API versions.
>
> This also adds a new storage-type option, letting the user choose to use
> a standard directory instead of tmpfs for the container (but still have
> it ephemeral).
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 39ffde307ad83bd407aaa6a0d81682902bab248b
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Mon Jul 8 10:46:20 2013 -0400
>
> python: Update scripts to respect PEP-8 spec
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit b0f9616f6227f56dce8ca2514610f432ba4fab8a
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Mon Jul 8 10:41:32 2013 -0400
>
> python: Re-introduce timeout in get_ips
>
> It turns out that most API users want some kind of timeout option for
> get_ips, so instead of re-implementing it in every single client
> software, let's just have it as a python overlay upstream.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 18efb001a4498f8fc62ab37f1db552fdf001e798
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri Jul 5 12:17:15 2013 -0400
>
> fix sshd template
>
> Commit a0a2066d introduced an lxc subdir into the lxc-init path, but
> this was never reflected in the sshd template. Add it there.
>
> Don't have ssh-keygen ask for passphrase since host keys are not
> supposed to use them.
>
> Don't try to symlink kmsg since /dev is bind mounted readonly.
>
> Read-only bind mount some extra /etc directories, and sysfs which are
> needed by dhclient on Fedora and Oracle Linux. Fix mounting of /proc.
>
> Find sshd in more places by adding some common paths to $PATH, and
> use the found path to it instead of hardcoded /usr/sbin.
>
> Check for ifconfig command, and print out container's IP address.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ef091cefca5082007678fe82ad01389f7057ca48
> Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Date: Wed Jul 3 12:00:53 2013 -0400
>
> lxcapi_set_cgroup_item: remove duplicate == 0
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9c631ea7c2906f41b23f5c8dcc9f6045078879db
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Jul 1 12:38:23 2013 -0400
>
> allow lxc-info to get running container configuration
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9a15a0f3f8faaa5e0d983f11bcf94dcf492c1349
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Jul 1 12:38:15 2013 -0400
>
> fix -c argument handling
>
> commit 829dd918 added parsing of a -c argument to both the common options
> handling and to lxc-start. It is not a common option, and should have only
> been added to lxc-start. Because the common code is processing it, no other
> command can use -c. Remove -c from being processed by the common code.
> Tested that -c still works with lxc-start.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 53f3f04845a9eb60064c302e1f95652f665809f1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jul 1 15:32:25 2013 -0500
>
> lxc_conf_init: make sure strdup succeeded
>
> unlikely as a failure may be...
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2e599a6a25b533fe63840edc34ee265811b7b814
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Fri Jun 28 16:56:51 2013 +0200
>
> lxc-alpine: make --release work when apk exists
>
> Use sed to set the specified alpine release in the copied
> /etc/apk/repositories
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 982e7b6ea40ea57923f4f094858424debc1a5f7f
> Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
> Date: Wed Jun 26 11:15:00 2013 +0300
>
> lxc-alpine: option for specifying the release to be installed
>
> Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 85b41c7d7f72213199b5cff9525d17f44b49a842
> Author: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
> Date: Wed Jun 26 11:14:59 2013 +0300
>
> lxc-alpine: automatic repository selection
>
> pick random server from mirror list
> use the latest stable release
>
> Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 37cb98a2b7e5c7b0abf69f261a16d759453492f1
> Author: Andrew Gilbert <andrewg800 at gmail.com>
> Date: Thu Jun 27 08:09:05 2013 -0500
>
> Add -n differentiation to lxc-netstat
>
> lxc-netstat now only processes an -n argument if it has not previously
> received a value for $name from --name or -n. If it _has_ received such
> a value, it stops processing arguments and leaves the -n for netstat.
> This does not apply to the use of --name after a name has been provided
> by --name or -n; the current behaviour continues. The new behaviour
> makes
> netstat -n <container> -n -a
> behave like
> netstat -n <container> -a -n
> which already will act as though there is '--' between '<container>' and
> '-a' (see line 91 of lxc-netstat.in).
>
> Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1a7cb0850405b271b7bedacd243235f29cd368df
> Author: Andrew Gilbert <andrewg800 at gmail.com>
> Date: Thu Jun 27 08:07:14 2013 -0500
>
> Add double-dash to lxc-netstat re-call arguments
>
> When lxc-netstat was called by lxc-unshare, it would be given the
> arguments intended for netstat from the first invocation, but without
> anything to separate them from the arguments intended for lxc-netstat.
> This meant that netstat arguments like -n would result in lxc-netstat
> trying to process them.
>
> Signed-off-by: Andrew Gilbert <andrewg800 at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 176d9acb2ec17211a0d69bd2bd99f914fad8d7ad
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jun 21 14:16:42 2013 -0500
>
> api_clone: don't remove storage if we haven't created it
>
> In the best case we'll get errors about failing to remove it. In the
> worst case we'll be trying to delete the original container's rootfs.
>
> Reported-by: zoolook <nbensa+lxcusers at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ae3f8cf9a4a03c62c6c12968b38b2352388df91c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Jun 21 14:15:42 2013 -0500
>
> Accept more word delimiters when updating hooks
>
> When updating container names in hook files during a container clone,
> we substitute the new container name for the old any time the old name
> shows up as a separate word. This patch adds the four characters
> '.,_-' as additional delimiters.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 618fa49dddbedd2b7319c0089dffd8d65aef8369
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed Jun 19 14:12:37 2013 -0400
>
> lxc-start-ephemeral: Fix get_ips call
>
> The timeout option in get_ips has been deprecated, so work around it.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 54c30e290876c5fa6e4c7b5a511580793e4777e3
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Jun 18 14:52:24 2013 -0500
>
> conf.c: always strdup rootfs.mount
>
> The reason is that the generic code which handles reading
> lxc.rootfs.mount always frees the old value if not NULL.
> So without this setting lxc.rootfs.mount = /mnt causes
> segfault.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 37903589a2de0cbd62f94c5fd06d0aa8d57ca140
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Jun 13 10:06:15 2013 -0500
>
> don't set up console for lxc-execute
>
> Currently due to some safety checks for !rootfs.path, lxc-execute works
> ok if you do not set lxc.rootfs at all in your lxc.conf. But if you
> set lxc.rootfs = '/', then it sets up console, and when you do an
> lxc-execute, the console appears hung.
>
> However the lxc.rootfs NULL check was just incidental to not dereference
> a NULL pointer. In fact we should not be setting up a console if the
> container isn't running a full-fledged distro with a getty/login
> running on the container's /dev/console.
>
> Have lxc_execute() mark in lxc_conf that this is a lxc-execute and not
> an lxc-start, and don't set up the console.
>
> The issue is documented at https://sourceforge.net/p/lxc/bugs/67/ .
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit b515981702133b9aaea1aff378493f054c14d46c
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Jun 12 08:09:16 2013 -0700
>
> console API improvements
>
> Add a higher level console API that opens a tty/console and runs the
> mainloop as well. Rename existing API to console_getfd(). Use these in
> the python binding.
>
> Allow attaching a console peer after container bootup, including if the
> container was launched with -d. This is made possible by allocation of a
> "proxy" pty as the peer when the console is attached to.
>
> Improve handling of SIGWINCH, the pty size will be correctly set at the
> beginning of a session and future changes when using the lxc_console() API
> will be propagated to it as well.
>
> Refactor some common code between lxc_console.c and console.c. The variable
> wait4q (renamed to saw_escape) was static, making the mainloop callback not
> safe across threads. This wasn't a problem when the callback was in the
> non-threaded lxc-console, but now that it is internal to console.c, we have
> to take care of it. This is now contained in a per-tty state structure.
>
> Don't attempt to open /dev/null as the console peer since /dev/null cannot
> be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed
> to get the console setup (and the log to work) since the case of not having
> a peer at console init time has to be handled to allow for attaching to it
> later.
>
> Move signalfd libc wrapper/replacement to utils.h.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5d4d3ebb13705d1e102429c75fc06932f81816dd
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Wed Jun 12 11:18:04 2013 +0200
>
> lxc-init: continue even if we fail to mount /dev/mqueue
>
> The 'lxc-init' (a lightweight init process used by lxc-execute in place
> of upstart etc) tries to mount /dev/mqueue during startup. If that fails
> (for instance due to missing support for mqueue in kernel) then it
> aborts execution and returns -1. This is unreasonable as very few
> applications actually need /dev/mqueue.
>
> This similar to what we do with /dev/shm.
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 71b0fed669a088675c1344ed68b250e87414c998
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Jun 5 17:37:03 2013 -0500
>
> lxclock: move container locks into /run/lock
>
> Currently the lxc API mutexes configuration file read/writes with a
> lock called $lxcpath/locks/$lxcname. This fails if the container
> is on a rofs.
>
> This patch moves those locks under /run/lock/lxc.
>
> The $lxcpath/$lxcname/partial file is not moved - if you can't
> create it, you probably can't create the container either.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 54b79829e23e01998eeafb8156987937a894af3c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jun 10 11:52:44 2013 -0500
>
> lxc_stop: return success if api_shutdown succeeded
>
> I originally forgot to set ret = 0 if it succeeded, meaning that a
> simple 'lxc-stop -n container1' returns failure even though the
> stop succeeded.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 6e46cfcb0e4fcaa2d920a3c473f83c0a73c68cfa
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jun 10 09:34:06 2013 -0500
>
> conf.c: if we don't specify a rootfs, we still need proc mounted
>
> otherwise we won't be allowed to set an apparmor context (on pid 1)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit fabf7361da4845cd6cf268e0e85c3c6a1c0b0be4
> Author: Qiang Huang <h.huangqiang at huawei.com>
> Date: Fri Jun 7 15:27:32 2013 +0800
>
> lxc-execute: allow lxc-init to log only when we have a valid log level
>
> Right now if we use lxc-execute without log level set, we get error:
> lxc: invalid log priority NOTSET.
> Because we set log level manually in execute_start(), but didn't
> check if we have a valid log level or not, so fix it.
>
> Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 38973621a40a5657b067409321d54759520d7951
> Author: Weng Meiling <wengmeiling.weng at huawei.com>
> Date: Thu Jun 6 19:59:31 2013 +0800
>
> lxc-ps: display process when container is frozen
>
> When we use lxc-ps to show the process, it's more appropriate to
> show process when container is frozen.
>
> Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 31f58b3fcec322dba1eed71e364335c30500066c
> Author: Rui Xiang <rui.xiang at huawei.com>
> Date: Sat Jun 8 18:04:47 2013 +0800
>
> lxc-monitord: remove hard code execvp path of lxc-monitord
>
> Sometimes, the path of lxc tools is not '/usr/bin', but
> '/usr/local/bin' or other. Then execvp lxc-monitord will fail
> in lxc_monitord_spawn.
>
> Signed-off-by: Rui Xiang <rui.xiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit f02abefef9a59658c813e08f86a91fbe09eabf00
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri Jun 7 10:07:36 2013 -0400
>
> fix check for lock acquired
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 93dc5327aa0c2b13d619b8bedf893eea983d4d68
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Jun 5 11:56:30 2013 -0500
>
> lxclock and lxccontainer: switch from flock to fcntl
>
> flock is not supported on nfs. fcntl is at least supported on newer
> (v3 and above) nfs.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Tested-by: zoolook <nbensa+lxcusers at gmail.com>
>
> commit 1af60b514fc9d8da2b4485e9e8845619fb6c6b68
> Author: Weng Meiling <wengmeiling.weng at huawei.com>
> Date: Tue Jun 4 20:52:27 2013 +0800
>
> lxc-ps: fix the display problem with arg --lxc
>
> When we use arg --lxc to show processes in all containers, no
> process displays, so fix it.
>
> (Changelog: Serge: in-line fix of s/;;/;/ at line 69)
>
> Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit eddaaafd1a9b02ba39e5b6b13d40b4a5d37a04e1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Jun 2 15:39:35 2013 -0500
>
> implement loopback backing store
>
> Create a loopfile backed container by doing:
>
> lxc-create -B loop -t template -n name
>
> or
>
> lxc-clone -B loop -o dir1 -n loop1
>
> The rootfs in the configuration file will be
>
> loop:/var/lib/lxc/loop1/rootdev
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit f002c8a7655e42a325ef6bad9fb0844fad4e410b
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jun 3 18:19:01 2013 +0200
>
> lxc_create: support 'lxc-create -t <template> -h'
>
> With the lxc-create script, 'lxc-create -t template -h' used to call
> 'template -h' to get template-specific help. The api based lxc-create
> did not yet support that.
>
> Add a 'helpfn' method to the lxc_arguments, which is called at the end
> of printhelp, and passed the lxc_arguments. Use that in lxc_create to
> reintroduce the desired behavior.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4c1f6b67d9b842d9e5c293eea2ff19301ecc5596
> Author: Qiang Huang <h.huangqiang at huawei.com>
> Date: Mon Jun 3 09:48:14 2013 +0800
>
> lxc-destroy: fix the wrong help info of lxc-destroy
>
> Changelog: jun 3: (Serge) trivial typo fix inline.
>
> Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3155e7f954d4b5d7da528d2a3cd8be254432e3c3
> Author: Qiang Huang <h.huangqiang at huawei.com>
> Date: Mon Jun 3 09:48:13 2013 +0800
>
> lxc-create: fix the typo in help info
>
> Fix typo in help info of lxc-create, and get rid of duplicate
> comments in bdev.h
>
> Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 63c3090c913142cd19f443b040cdede2c0522ce8
> Author: Qiang Huang <h.huangqiang at huawei.com>
> Date: Mon Jun 3 09:48:12 2013 +0800
>
> arguments: should return negative number when error happens
>
> We should return -ENOMEM instead of ENOMEM when realloc fails.
>
> Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 44ef0c0c7200ef4e8783387d886d3748da3d50fd
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Jun 3 10:47:21 2013 -0500
>
> lxcapi_create: don't close stdin/out/err
>
> Otherwise we can't see template progress.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 569bee5cc3d647032573db8f72734faa9307d577
> Author: Natanael Copa <ncopa at alpinelinux.org>
> Date: Tue May 28 10:25:14 2013 +0200
>
> lxc-alpine: download a static package manager if its missing
>
> If the package manager, apk-tools is missing, then:
> - download a static binary and public keys
> - verify the keys against embedded checksum
> - verify the signature of the static binary against the downloaded keys
> - use the verified static binary
>
> Signed-off-by: Natanael Copa <ncopa at alpinelinux.org>
> Signed-off-by: Kaarle Ritvanen <kaarle.ritvanen at datakunkku.fi>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 0a18b5458b6d0fcad9a82b96f99035254af50c7a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 31 16:09:14 2013 +0200
>
> Define LXC_DEFAULT_CONFIG
>
> And use it in place of the various ways we were deducing /etc/lxc/default.conf.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 3a647d582dc759e43c2087f0d906adf77c62ab6c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 31 16:02:33 2013 +0200
>
> configure/makefile: rename default_conf to distro_conf
>
> configure/makefile: rename default_conf to distro_conf, since it is a per-distro
> default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to
> refer to the installed file.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 3bc449ed24edc4b754cbe0af19fe878d29731f59
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 31 07:55:14 2013 -0500
>
> lxccontainer: update locking comment
>
> Update the LOCKING comment.
>
> Take mem_lock in want_daemonize.
>
> convert lxcapi_destroy to not use privlock/slock by hand.
>
> Fix a coverity-found potential dereference of NULL c->lxc_conf.
>
> api_cgroup_get_item() and api_cgroup_set_item(): use disklock,
> not memlock, since the values are set through the cgroup fs on
> the running container.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 73e608b21f73509c5f8c7a948cc6d4b0898edb2c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu May 30 11:22:16 2013 -0500
>
> waitpid at abort to make sure we can rmdir cgroups
>
> If we abort the container start, and don't wait for the init task to be
> reaped after we kill it, then we can't remove the container cgroup
> because it is not empty.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 39dc698cb4025516a3428a68e19da05feb6fc0e9
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 29 12:26:25 2013 -0500
>
> lxccontainer: don't lock around getstate and freeze/unfreeze (v2)
>
> Those go through commands.c and are already mutex'ed that way.
>
> Also remove a unmatched container_disk_unlock in lxcapi_create.
>
> Since is_stopped uses getstate which is no longer locked, rename
> it to drop the _locked suffix.
>
> And convert save_config to taking the disk lock. This way the
> save_ and load_config are mutexing each other, as they should.
>
> Changelog: May 29:
> Per Dwight's comment, take the lock before opening the config
> FILE *.
> Only take disklock at load and save_config when we're using the
> container's config file, not when read/writing from/to another
> file.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit 0115f8fd27b1a31d367bb161a121694f92b45e62
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 28 15:25:41 2013 -0400
>
> add console to lxc api
>
> Make lxc_cmd_console() return the fd from the socket connection to the
> caller. This fd keeps the tty slot allocated until the caller closes
> it. Returning the fd allows for a long lived process to close the fd
> and reuse consoles.
>
> Add API function for console allocation.
>
> Create test program for console API.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3db989bad5d58bafac80f448e1dd2d048e791478
> Author: Qiang Huang <h.huangqiang at huawei.com>
> Date: Mon May 27 19:10:38 2013 +0800
>
> lxc-console: use fd instead of 0 in setup_tios
>
> We should use the fd specified by caller.
>
> Signed-off-by: Qiang Huang <h.huangqiang at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit dc5e436e702f0bf4001e3e6e9f855443b2fcf448
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 28 15:18:22 2013 -0400
>
> lxc.spec.in: remove lxc-shutdown (for commit 3e625e2d)
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5790f7b7a76b9ccff662fdd6ff0013b8f218d020
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 28 15:27:42 2013 -0500
>
> api_clone: call is_stopped_locked() to avoid deadlock.
>
> Technically as Dwight has mentioned we should probably drop the locking
> from api_state() altogether, since those are protected through the
> lxc command system.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 64f782ca69c70fd155427a81d69fda593981e770
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 28 14:07:43 2013 -0500
>
> lxc.conf.sgml.in: fill in missing configuration file statements
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1897e3bcd36af9f3fe6d3649910a9adb93e5e988
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 17 23:23:17 2013 +0200
>
> Move container creation fully into the api
>
> 1. implement bdev->create:
>
> python and lua: send NULL for bdevtype and bdevspecs.
> They'll want to be updated to pass those in in a way that makes
> sense, but I can't think about that right now.
>
> 2. templates: pass --rootfs
>
> If the container is backed by a device which must be mounted (i.e.
> lvm) then pass the actual rootfs mount destination to the
> templates.
>
> Note that the lxc.rootfs can be a mounted block device. The template
> should actually be installing the rootfs under the path where the
> lxc.rootfs is *mounted*.
>
> Still, some people like to run templates by hand and assume purely
> directory backed containers, so continue to support that use case
> (i.e. if no --rootfs is listed).
>
> Make sure the templates don't re-write lxc.rootfs if it is
> already in the config. (Most were already checking for that)
>
> 3. Replace lxc-create script with lxc_create.c program.
>
> Changelog:
> May 24: when creating a container, create $lxcpath/$name/partial,
> and flock it. When done, close that file and unlink it. In
> lxc_container_new() and lxcapi_start(), check for this file. If
> it is locked, create is ongoing. If it exists but is not locked,
> create() was killed - remove the container.
>
> May 24: dont disk-lock during lxcapi_create. The partial lock
> is sufficient.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 60bf62d4ae36a48342fb8aee680fbd4b423810b1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 17 07:20:10 2013 +0200
>
> destroy: implement in the api
>
> This requires implementing bdev->ops->destroy() for each of the backing
> store types. Then implementing lxcapi_clone(), writing lxc_destroy.c
> using the api, and removing the lxc-destroy.in script.
>
> (this also has a few other cleanups, like marking some functions
> static)
>
> Changelog:
> fold into destroy: fix zfs destroy
> destroy: use correct program name in help
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3e625e2d2e12b919dd9590b97badc6108ee67b1a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu May 16 23:03:47 2013 +0200
>
> lxc-stop: use api, remove lxc_shutdown, extend lxc-stop functionality
>
> implement c->reboot(c) in the api.
>
> Also if the container is not running, return -2. Currently
> lxc-stop will return 0, so you cannot tell the difference
> between successfull stopping and noop.
>
> Per stgraber's email:
>
> - Remove lxc-shutdown
> - Change lxc-stop so that:
> * Default behaviour is to call shutdown(), wait 15s for STOPPED, if
> not STOPPED, print a message to the user and call stop() [ NOTE:
> actually 60 seconds per followup thread]
> * We have a -r option to reboot the container (with proper check that
> the container indeed rebooted within the next 15s)
> * We have a -s option to shutdown the container without the automatic
> fallback to stop()
> * Add a -k option allowing a user to just kill a container
> (equivalent to old lxc-stop, no shutdown() call and no delay).
>
> and update manpages.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5cee8c5040661f9875bf41cfffd641c87afae8af
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 24 16:03:22 2013 -0500
>
> locking: update per Dwight's comment
>
> Create three pairs of functions:
> int process_lock(void);
> void process_unlock(void);
> int container_mem_lock(struct lxc_container *c)
> void container_mem_unlock(struct lxc_container *c)
> int container_disk_lock(struct lxc_container *c);
> void container_disk_unlock(struct lxc_container *c);
>
> and use those in lxccontainer.c
>
> process_lock() is to protect the process state among multiple threads.
> container_mem_lock() is to protect a struct container among multiple
> threads. container_disk_lock is to protect a container on disk.
>
> Also remove the lock in lxcapi_init_pid() as Dwight suggested.
>
> Fix a typo (s/container/contain) spotted by Dwight.
>
> More locking fixes are needed, but let's first the the fundamentals
> right. How close does this get us?
>
> Changelog: v2:
> fix lxclock compile
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit df271a59cbfcfbe98fa4bd7af3ae595633539a12
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 22 16:24:00 2013 -0500
>
> lxclock: Replace named sempahore with flock
>
> The problem: if a task is killed while holding a posix semaphore,
> there appears to be no way to have the semaphore be reliably
> autmoatically released. The only trick which seemed promising
> is to store the pid of the lock holder in some file and have
> later lock seekers check whether that task has died.
>
> Instead of going down that route, this patch switches from a
> named posix semaphore to flock. The advantage is that when
> the task is killed, its fds are closed and locks are automatically
> released.
>
> The disadvantage of flock is that we can't rely on it to exclude
> threads. Therefore c->slock must now always be wrapped inside
> c->privlock.
>
> This patch survived basic testing with the lxcapi_create patchset,
> where now killing lxc-create while it was holding the lock did
> not lock up future api commands.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2acf77955239ec0046451fa16812d2884e6bd19b
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Thu May 23 15:44:39 2013 -0400
>
> fix memory leaks in cgroup functions
>
> There were several memory leaks in the cgroup functions, notably in the
> success cases.
>
> The cgpath test program was refactored and additional tests added to it.
> It was used in various modes under valgrind to test that the leaks were
> fixed.
>
> Simplify lxc_cgroup_path_get() and cgroup_path_get by having them return a
> char * instead of an int and an output char * argument. The only return
> values ever used were -1 and 0, which are now handled with NULL and non-NULL
> returns respectively.
>
> Use consistent variable names of cgabspath when refering to an absolute path
> to a cgroup subsystem or file, and cgrelpath when refering to a container
> "group/name" within the cgroup heirarchy.
>
> Remove unused subsystem argument to lxc_cmd_get_cgroup_path().
>
> Remove unused #define MAXPRIOLEN
>
> Make template arg to lxcapi_create() const
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6a44839f5973f41553349f1b5e77d8db809e60eb
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Thu May 23 15:39:03 2013 -0400
>
> consolidate missing C library functions into utils.h
>
> This fixes the build of lxccontainer.c on systems that have __NR_setns
> but not HAVE_SETNS.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ad5f15151580201b79fc140f664227b494639e81
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed May 22 22:28:43 2013 -0400
>
> python: Fix lxc-ls's usage of get_ips()
>
> The recent port of get_ips() from pure python to the C API came with
> a couple of API changes for that function call (as were highlighted in
> the commit message).
>
> I somehow didn't notice that lxc-ls was still calling with the old API
> and so was crashing whenever it was asked to show the ipv4 or ipv6 address.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 5bb4a226ebec9f3fb678a282a2b2833748d6707b
> Author: Michael H. Warfield <mhw at WittsEnd.com>
> Date: Tue May 21 14:17:25 2013 -0400
>
> lxc-fedora template. Cleanup for rootfs.
>
> This is just some minor changes in the way the Fedora template is
> synthesizing the target rootfs_path. Currently, the template uses a
> path with the container in it twice like this:
>
> /var/lib/lxc/rasputin/rasputin/rootfs
>
> This happens because the container name is already contained in the
> "path" and the template appends it a second time. This changes the
> logic to be congruent with other templates such as lxc-arch. The new
> behavior will be to create the rootfs like this:
>
> /var/lib/lxc/rasputin/rootfs
>
> Attached below the jump.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> --
>
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 65be441e0892b45000b9b3863d407539e56e47a4
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 21 11:34:45 2013 -0400
>
> oracle template: mount /dev/shm as tmpfs
>
> sem_open(3) checks that /dev/shm is SHMFS_SUPER_MAGIC. Normally /dev/shm
> is mounted in the initramfs created by dracut, but that won't be run for
> a container so make sure that rc.sysinit mounts /dev/shm.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 481624b37b37ffa98b735cf3f94e35d1fbd729e0
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 21 13:30:09 2013 -0400
>
> fix build with --enable-tests
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fa9ac567a7f1593c586cca57362f6b542985e5d7
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 21 20:31:04 2013 -0500
>
> attach: and cgroup.c: be overly cautious
>
> Realistically (as Dwight points out) it doesn't seem possible that
> getline won't return at least one line in this functions, however
> just to make absolutely sure we don't get a segv on free(NULL),
> check line != NULL before freeing it on exit.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 20fe4e8febe40f6fc4e4c6f52b91f0af0232e6f5
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 21 15:36:32 2013 -0400
>
> fix getline(3) memory leaks
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fca3080f6a46f856c54218a8e478a174382b4c15
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 21 13:15:53 2013 -0400
>
> fix minor gcc 4.7.2 error
>
> lxccontainer.c:874:4: error: ‘for’ loop initial declarations are only
> allowed in C99 mode
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit ef6e34eec8d5a9f1447462d6080facb674b3ccdb
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 17 18:29:12 2013 -0400
>
> extend command processor to handle generic data
>
> Motivation for this change is to have the ability to get the run-time
> configuration items from a container, which may differ from its current
> on disk configuration, or might not be available any other way (for
> example lxc.network.0.veth.pair). In adding this ability it seemed there
> was room for refactoring improvements.
>
> Genericize the command infrastructure so that both command requests and
> responses can have arbitrary data. Consolidate all commands into command.c
> and name them consistently. This allows all the callback routines to be
> made static, reducing exposure.
>
> Return the actual allocated tty for the console command. Don't print the
> init pid in lxc_info if the container isn't actually running. Command
> processing was made more thread safe by removing the static buffer from
> receive_answer(). Refactored command response code to a common routine.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9c83a661397456e1455d739bcadfa38f05ce2fe6
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Apr 26 16:01:58 2013 +0200
>
> lxcapi: Add new get_ips() call
>
> This adds a new get_ips call which takes a family (inet, inet6 or NULL),
> a network interface (or NULL for all) and a scope (0 for global) and returns
> a char** of all the IPs in the container.
>
> This also adds a matching python3 binding (function result is a tuple) and
> deprecates the previous pure-python get_ips() implementation.
>
> WARNING: The python get_ips() call is quite different from the previous
> implementation. The timeout argument has been removed, the family names are
> slightly different (inet/inet6 vs ipv4/ipv6) and an extra scope parameter
> has been added.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 92f023dccced28a55ce323253f298e9825fe7da7
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon May 20 17:54:23 2013 +0200
>
> Implement simple utility functions for reading and writing to fds
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 65fbbb0a0f7bad119aa5f2ac6f3ee041970889fc
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon May 20 17:54:22 2013 +0200
>
> Move declarations of some constants to where they are needed.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit c797a220d51d2796355fd60eca50523ffd6fb45e
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon May 20 17:54:21 2013 +0200
>
> utils.c: Add lxc_wait_for_pid_status routine that returns exit code
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 71b9b8ed262e2d826181bfb79e5d5075ff1a3ff0
> Author: Christian Seiler <christian at iwakd.de>
> Date: Mon May 20 17:54:20 2013 +0200
>
> wait_for_pid: Fix EINTR check
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d1240f0335e0c469b850da467661dfbb8f262727
> Author: Michael H. Warfield <mhw at WittsEnd.com>
> Date: Mon May 20 12:04:38 2013 -0400
>
> lxc-fedora template - systemd console gettys
>
> Hey all...
>
> Patch to the lxc-fedora template to setup gettys on the ttys that are
> enabled in the configuration. The area of the code already had some
> modifications to that service that didn't seem to do anything and would
> get wiped out by an update. I commented that out but subsumed the
> change it was attempting into my command in case it does something on
> another rev somewhere.
>
> This is very similar to the logic in the OpenSuse template but doesn't
> seem to appear in other templates, such as arch, which have to deal with
> systemd. This isn't unique to Fedora. The templates for Fedora,
> ArchLinux, and OpenSuse are the only three that seem to have any
> reference to systemd at all.
>
> Attached below the jump.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> --
>
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 11029c023a12dbe3f3569fcc22f25667686e417f
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 17 18:28:12 2013 -0400
>
> return lxc generated name for veth pair
>
> Doing a get_config_item for lxc.network.0.veth.pair only returns the
> pair name if explicitly given, but it can be useful to know the name
> even if it is the one that lxc autogenerated.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 40650ea6817286a9587a84bf3ce5d25d10620303
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 17 17:40:12 2013 -0400
>
> quiet gcc 4.4.7 warning about saveptr use before initialization
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit de09eccbeda214a1ef5a9b7144870defa97e88c4
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 17 11:25:15 2013 -0500
>
> lxc-create: zfs: consistently use zfsroot, not zfs_root
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit dc92f6c7eec81dc104b3f7873ffd74ec56a1dae1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu May 16 08:22:41 2013 -0500
>
> document clone hooks
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 148e91f56799f03c868deca8dcad473983a1a2bf
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 14 16:10:37 2013 -0500
>
> lxc: add clone hook.
>
> Add a clone hook called from api_clone. Pass arguments to it from
> lxc_clone.c.
>
> The clone update hook is called while the container's bdev is mounted.
> Information about the container is passed in through environment
> variables LXC_ROOTFS_PATH, LXC_NAME, The LXC_ROOTFS_MOUNT, and
> LXC_CONFIG_FILE.
>
> LXC_ROOTFS_MOUNT=/usr/lib/x86_64-linux-gnu/lxc
> LXC_CONFIG_FILE=/var/lib/lxc/demo3/config
> LXC_ROOTFS_PATH=/var/lib/lxc/demo3/rootfs
> LXC_NAME=demo3
>
> So from the hook, updates to the container should be made under
> $LXC_ROOTFS_MOUNT/ .
>
> The hook also receives command line arguments as follows:
> First argument is container name, second is always 'lxc', third
> is the hook name (always clone), then come the arguments which
> were passed to lxc-clone. I.e. when I did:
>
> sudo lxc-clone demo2 demo3 -- hey there dude
>
> the arguments passed in were "demo3 lxc clone hey there dude"
>
> I personally would like to drop the first two arguments. The
> name is available as $LXC_NAME, and the section argument ('lxc')
> is meaningless. However, doing so risks invalidating existing
> hooks.
>
> Soon analogous create and destroy hooks will be added as well.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 9a93d99213da44b5ddf2f5295f6ef3a59d4f1fba
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 15 15:21:24 2013 -0500
>
> cgroup: prevent DOS when a hierachy is mounted multiple times
>
> When starting a container, we walk through all cgroup mounts looking
> for a unique directory name we can use for this container. If the
> name we are trying is in use, we try another name. If it is not in
> use in the first mount we check, we need to check other hierarchies
> as it may exist there. But we weren't checking whether we have already
> checked a subsystem - so that if freezer was mounted twice, we would
> create it in the first mount, see it exists in the second, so start
> over trying in the second mount.
>
> To fix this, keep track of which subsystems we have already checked,
> and do not re-check.
>
> (See http://pad.lv/1176287 for a bug report)
>
> Note we still need to add, at the next: label, the removal of the
> directories we've already created. I'm keeping that for later as
> it's far lower priority than this fix, and I don't want to risk
> introducing a regression for that.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6031a6e5f939bda07d98768d34dafae677a7dfeb
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed May 15 12:27:34 2013 -0400
>
> set non device cgroup items before the cgroup is entered
>
> This allows some special cgroup items such as memory.kmem.limit_in_bytes
> to be successfully set, since they must be set before any task is put
> into the cgroup.
>
> The devices cgroup is setup later giving the container a chance to mount
> file systems before the device it might want to mount from becomes
> unavailable.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d9e80daf54e15b89b0b08d475b29893be9830be0
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed May 15 13:23:12 2013 -0400
>
> doc/lxc.conf minor clarifications
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 627fe3b4c3a65535eb53c3d63794705d8f6322d4
> Author: Michael H. Warfield <mhw at WittsEnd.com>
> Date: Tue May 14 17:45:12 2013 -0400
>
> lxc-fedora-template: autodev, hostname, ARM archs, Raspberry Pi fixes
>
> This took a lot longer for me to get around to it... Sorry.
>
> Patch to the lxc-fedora template.
>
> I didn't get any further comments from my earlier proposal, weeks ago,
> and did get one addition based on comments about properly setting the
> hostname in /etc/hostname, which I've added. I could have broken them
> into separate patches but most are pretty small and minor.
>
> Changes:
>
> * Map armv6l and armv7l architectures to "arm" for yum and repos to
> function properly.
>
> * Detect Fedora Remix distros with no "/etc/fedora-release" file
> (Raspberry Pi) and find proper release versions when "remix" part of the
> file context.
>
> * Change default Fedora container on non-Fedora hosts to Fedora 17.
>
> * Added code for autodev for Fedora systemd containers.
>
> * Added code to set /etc/hostname for Fedora > 14 (systemd).
>
> * Fix a few typos.
>
> Regards,
> Mike
> --
> Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
> /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
> NIC whois: MHW9 | An optimist believes we live in the best of all
> PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
> --
>
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 794fb287b3bd7a6c07f99ec1565c517922287065
> Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Date: Wed May 15 12:08:14 2013 +0300
>
> lxc-busybox: check when bind-mounting host libdirs
>
> The patch removes the behavior of automatically mounting /lib
> and /usr/lib, since this is duplicated a few lines below. It will
> also remove the risk of failing when one of these entries are not
> present on the host - e.g. on a 64bit machine.
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 807732062eab6cd44fb033bfbb37fbb38907aa66
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 14 08:24:27 2013 -0500
>
> lxc-cirros updates
>
> fix userdata consumption
>
> patch for console issue
>
> Signed-off-by: Scott Moser <scott.moser at canonical.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 58a46e06210a6321c530735f15f66eb648c4657d
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 10 00:52:22 2013 -0500
>
> add lxc-cirros
>
> Add a template to create a cirros container. One great thing about
> cirros is that the image you download is 3.5M.
>
> Thanks smoser!
>
> Note by default /etc/inittab doesn't have a /dev/console entry, so you
> don't get a login on the lxc-start console. Adding
>
> console::respawn:/sbin/getty 115200 console
>
> makes that work, but ctrl-c still gets forwarded to init which then
> reboots. So I didn't bother adding console as part of the template
> (yet). Instead I simply lxc-start -d, then lxc-console.
>
> Signed-off-by: Scott Moser <scott.moser at canonical.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 714540763b8b1ac12c029d7760b4e4fe13a69b43
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon May 13 12:03:14 2013 -0400
>
> serialize multiple threads doing lxcapi_start()
>
> The problem is that the fd table is shared between threads and if a thread
> forks() while another thread has an open fd to the monitor, the duped fd
> in the fork()ed child will not get closed, thus causing monitord to stay
> around since it thinks it still has a client. This only happened when
> calling lxcapi_start() in the daemonized case since that is the only time
> we try to get the status from the monitor.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 304143a823ede4eca52f1d11ae1449995ad503ff
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed May 8 16:44:10 2013 -0400
>
> lxc-shutdown: fix lxc_path variable
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8d06bd135af4852f24660be965aba2d781223af4
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 16:40:49 2013 -0400
>
> lxc-monitor multiple paths
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 566c0d6dce82ee573da01e325c53179ed74350f1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 7 19:28:32 2013 -0500
>
> lxc-ps: handle cgroup collisions
>
> A few months ago cgroup handling in lxc was updated so that if
> /sys/fs/cgroup/$cgroup/lxc/$container already exists (most often
> due to another container by the same name under a different lxcpath),
> then /sys/fs/cgroup/$cgroup/lxc/${container}-N would be used.
>
> lxc-ps was never updated to handle this. Fix that.
>
> (Note, the ns cgroup is being special cased there, but I don't
> really believe ns cgroup works any more.)
>
> It would be preferable to rewrite lxc-ps in python or in C, but
> this at least makes the basic lxc-ps work in the case of multiple
> containers with the same name.
>
> Changelog:
> fix missing fi.
> replace 'z1' with '$container' as pointed out by Christian
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 7f4717c293fd5ecb9d605bed890cb412314aa8e2
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue May 7 15:33:42 2013 -0500
>
> conf.c: remove a break
>
> commit ab81cef05338e7a553aacca141287034d6daf167 meant to remove the
> added break, but apparently i had not done 'git add' before commit
> --amend. Remove the added break.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit dd66e5adb38c76e6eecf0e54c5418fd9f7ac3b3b
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:38 2013 -0400
>
> coverity: fix potential dereference NULL returned from malloc
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit f2bbe86da4044c8db39e6eae19541fe2d117bae7
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:33 2013 -0400
>
> coverity: check return from waitpid
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3856bc9ff50f2cbd6cb2830619f3594ffea0b344
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:26 2013 -0400
>
> coverity: clonetest: check correct container is cloned
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5ca6c34bdeb02ea355a0e5ef9ff51581b58c1ee7
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:16 2013 -0400
>
> coverity: condition already checked for
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 42fb4b1585d5f2073fbfe984acd46b625fd3c6a1
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:09 2013 -0400
>
> coverity: open can return 0 as an fd, change error check to < 0
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 91c908ee8ea5aada054cbb7f4203d486c2e9a09e
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue May 7 10:57:03 2013 -0400
>
> coverity: free malloc'ed memory in error case
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit ab81cef05338e7a553aacca141287034d6daf167
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 16:50:32 2013 -0400
>
> coverity: fix dereference NULL return value
>
> also break once we have found root, no need to search the rest of the mounts
>
> Changelog: May 6: Serge: don't add the break. (see m-l)
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 7c7ec7a8eded3d3864631165503fedb456e1b779
> Author: Harald Dunkel <harald.dunkel at aixigo.de>
> Date: Fri May 3 10:53:43 2013 +0200
>
> support alternate container path in lxc-netstat.in
>
> Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8ee3042a5419ea4c9bb0d1c264715f9d9c39bfa3
> Author: Harald Dunkel <harald.dunkel at aixigo.de>
> Date: Fri May 3 10:53:41 2013 +0200
>
> lxc-create: add missing -P option for running lxc-destroy
>
> Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit d2c8186b4d185d75e81aec02d5a62dde4192c16d
> Author: Harald Dunkel <harald.dunkel at aixigo.de>
> Date: Fri May 3 10:53:40 2013 +0200
>
> support alternate container path in lxc-shutdown
>
> Signed-off-by: Harald Dunkel <harald.dunkel at aixigo.de>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a9bafa108521ac785e846f2ace105c327371c106
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 16:50:20 2013 -0400
>
> coverity: fix dereference before NULL check
>
> also fixed some error strings while here
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3c73b55472c096f06fd037c3c0af011be62a432b
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 3 16:36:08 2013 -0500
>
> remove leftover debug cruft (thanks, Dwight)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a747894428ea38c4a908acacb610fc3de714e0c0
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 13:41:40 2013 -0400
>
> coverity: ftell returns a signed value
>
> The check for flen < 0 could never have been true since flen was declared
> to be size_t (unsigned). Declare flen to be long since that is what ftell
> returns.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8fb86a37daecd05e9ef7f291dd4762be881f88e4
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri May 3 12:28:06 2013 -0500
>
> confile.c:config_network_ipv6_gateway: only define gw in needed scope
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit bec695f3ec43972ad38f06f92ff2db03d8405562
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 12:04:07 2013 -0400
>
> coverity: fix leak when ipv6 gw is auto
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8950ee8ebfc9a7f34003f6892b5a7da6aef9fff9
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 12:04:01 2013 -0400
>
> coverity: fix leak in error case
>
> Since lxc_execute() is available through the library and is exposed via
> the API we cannot be sure the caller will immediately exit, so we should
> take care to free the allocated memory.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a2eea3c1974d70bdef74a0af6a14ca3a6fa41704
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Fri May 3 11:29:39 2013 -0400
>
> coverity: ensure string is null terminated, return in
>
> error case
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2d4bcb96155c0e4a5d2734017f889b993144e876
> Author: Weng Meiling <wengmeiling.weng at huawei.com>
> Date: Fri May 3 11:02:48 2013 +0800
>
> lxc_start: free the conf if starting the container fails
>
> When running lxc-start command with valgrind, it reports a memory leak error.
> When lxc-start command fails, the conf which is from malloc has not been released.
> This patch fix the problem.
>
> Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fc7e88640cbdb402aaa048dd74829c8d09dda850
> Author: Weng Meiling <wengmeiling.weng at huawei.com>
> Date: Fri May 3 11:02:40 2013 +0800
>
> add free conf->rcfile in lxc_conf_free
>
> when releasing the conf, add free conf->rcfile which is from malloc
>
> Signed-off-by: Weng Meiling <wengmeiling.weng at huawei.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b85ab7989ebe24629267048cb269b278eeb50490
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu May 2 16:28:10 2013 -0500
>
> ubuntu templates: add comments to show how to enable nesting
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 375c2258b24b233832c9ec43ab9c7b3f5dce25fb
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 1 23:37:05 2013 -0500
>
> clone: a few fixes
>
> clean up error case in clone, which in particular could cause double
> lxc_container_put(c2)
>
> for overlayfs, handle (with error message) all bdev types.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit e0b0b533feed683ce12c94e11174019a5dac64fc
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed May 1 19:07:16 2013 -0400
>
> allow lxc-init to log when rootfs not given
>
> On Mon, 29 Apr 2013 14:44:47 -0500
> Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>
> > Quoting Dwight Engen (dwight.engen at oracle.com):
> > > So I did this, only to realize that lxc-init is passing "none" for
> > > the file anyway, so it currently doesn't intend to log. This makes
> > > me think that passing NULL for lxcpath is the right thing to do in
> > > this patch. If you want me to make it so lxc-init can log, I can do
> > > that but I think it should be in a different change :)
> >
> > That actually would be very useful, but as you say that's a different
> > feature - thanks.
>
> ... and here is said change.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit eee3ba81c88e64b8a732694fc4843a39d5bde491
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed May 1 08:33:12 2013 -0500
>
> templates: deny writes to host's clock (v2)
>
> Don't allow write to /dev/rtc0, and remove sys_time.
>
> Thanks, Christoph.
>
> v2: drop sys_time, sys_module, mac_admin and mac_override in
> all templates.
>
> Reported-by: Christoph Mitasch <cmitasch at thomas-krenn.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ee25a44fd389ed450e3d7ef9513eec19668f2de7
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Apr 30 16:33:18 2013 -0400
>
> log.c: always use dir when lxcpath is not default
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b338c81b9f0130106eee4b2ff70959c2e62a1fac
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 30 14:45:32 2013 -0500
>
> lxc.functions.in: add missing backquote
>
> Reported by both Dwight and S.Çağlar - thanks.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 385e7a431a1865017211478741408d505396f9a7
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 30 14:23:08 2013 -0500
>
> lxc.functions.in: use the right parameter to lxc-config to get lxcpath
>
> Reported-by: S.Çağlar Onur <caglar at 10ur.org>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b164a17f9bfcc3f067dad33d0c38834aa22ca2b1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 30 14:20:40 2013 -0500
>
> remove lxc-clone-sh
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ec471210d97ba23b2de618349bdb6dd4145e53e0
> Author: S.Çağlar Onur <caglar at 10ur.org>
> Date: Tue Apr 30 14:55:04 2013 -0400
>
> Update .gitignore
>
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 0fc0d057c34f3ee10eeb87e3f11405aa79c3b4df
> Author: S.Çağlar Onur <caglar at 10ur.org>
> Date: Tue Apr 30 14:55:03 2013 -0400
>
> silence "sh: 1: zfs: not found" errors on systems without ZFS
>
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> Signed-off-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit a8428dfa2c6a43ee195f4be3e04a519ca1fc6ec0
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Apr 29 22:09:06 2013 +0200
>
> introduce lxc_config
>
> It's a tiny program (exported through the api) wrapping the util.c
> helpers for reading /etc/lxc/lxc.conf variables, and replaces
> the kludgy shell duplication in lxc.functions.in
>
> Changelog: Apr 30: address feedback from Dwight
> (exit error on failure, and use 'lxcpath' as name, not
> 'default_path').
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Dwight Engen <dwight.engen at oracle.com>
>
> commit 1e1bb42a8fca68d9fa9391e6644aeff296479499
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Apr 29 14:50:30 2013 +0200
>
> add vg and zfsroot options to lxc.functions and use in lxc-create
>
> also make sure to drop spaces between = and variable in lxc.conf
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 31a95fecd2e0b1408e9a97e3ae36a7770544d1a2
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sat Apr 27 04:59:11 2013 +0200
>
> allow site-wide customization of zfsroot and lvm vg
>
> /etc/lxc/lxc.conf can contain
>
> zfsroot = custom1
> lvm_vg = vg0
>
> (Otherwise the defaults are 'lxc' for lvm_vg, and 'lxc' for zfsroot)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ca52dcb55961d75e0163f237c92d225964c786bd
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Apr 26 18:00:28 2013 +0200
>
> Several backing store improvements
>
> allow copy clones from other bdevs
>
> for lvm and zfs, as we don't yet support passing options, only default
> VG of 'lxc' and default zfsroot of 'tank' are supported when converting
> another backing store type.
>
> refuse deletion of container which has lvm or zfs snapshots.
> Note that since a zfs clone must be made from a zfs snapshot,
> which is made from the original zfs fs, even after we
> lxc-destroy the snapshotted container we still must manually
> remove the snapshot. This can be handled automatically, by
> looking for snapshots where c1 is the original, c2 is the clone,
> tank/c2 no longer exists, but tank/c1 at c2 does. We can then
> remove tank/c1 at c2 and feel free to remove tank/c1. This patch
> does NOT do that yet.
>
> Make sure not to return when we're a forked child.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 3baa76fe36bd2b59645a952c3a47a960090c38d2
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Apr 26 00:14:37 2013 +0200
>
> implement zfs bdev and clone
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9be53773792fc9e8bd173edc3b7ac7e144875387
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 16 08:07:05 2013 -0500
>
> implement backend drivers and container clone API (v3)
>
> 1. commonize waitpid users to use a single helper. We frequently want
> to run something in a clean namespace, or fork off a script. This
> lets us keep the function doing fork:(1)exec(2)waitpid simpler.
>
> 2. start a blockdev backend implementation. This will be used for
> mounting, copying, and snapshotting container filesystems.
>
> 3. implement btrfs, lvm, directory, and overlayfs backends.
>
> 4. For overlayfs, support a new lxc.rootfs format of
> 'bdevtype:<extra>'. This means you can now use overlayfs-based
> containers without using lxc-start-ephemeral, by using
> lxc.rootfs = overlayfs:/readonly-dir:writeable-dir
>
> 5. add a set of simple clone testcases
>
> 6. Write a new lxc_clone.c based on api clone.
>
> Still to do (there's more, but off top of my head):
>
> 1. support zfs, aufs
> 2. have clone handle other mount entries (right now it only clones
> the rootfs)
> 3. python, lua, and go bindings (not me :)
> 4. lxc-destroy: if lvm backing store, check for snapshots of it.
> (what about directories which have overlayfs clones?)
>
> Changes since v2:
> Initialize random generator when picking new macaddr (reported
> by caglar at 10ur.org)
> Fix wrong use of bitmask flags
> On copy-clone of btrfs, create a subvolume
> lxc_clone.c: respect the command line usage of the old script
> lxc-clone(1): update documentation
> Refuse to try changing backing stores expect to overlayfs, as
> it is not implemented (yet) anyway.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> Conflicts:
> src/lxc/utils.h
>
> commit ab1bf971d2db43777cbf3892fb887bf71ce7d155
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 29 14:54:08 2013 -0400
>
> Create log file in lxcpath for non-system containers
>
> On Fri, 26 Apr 2013 10:18:12 -0500
> Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
>
> > Quoting Dwight Engen (dwight.engen at oracle.com):
> > > On Fri, 26 Apr 2013 09:37:49 -0500
> > > Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> > >
> > > > Quoting Dwight Engen (dwight.engen at oracle.com):
> > > > > Using lxc configured with --enable-configpath-log, and
> > > > > specifying a path to the lxc commands with -P, the log file
> > > > > path is generated with a basename of LOGPATH instead of the
> > > > > lxcpath. This means for example if you do
> > > > >
> > > > > lxc-start -P /tmp/containers -n test01 -l INFO
> > > > >
> > > > > your log file will be
> > > > >
> > > > > /var/lib/lxc/test01/test01.log
> > > > >
> > > > > I was expecting the log to be /tmp/containers/test01/test01.log.
> > > > > This is particularly confusing if you also have test01 on the
> > > > > regular lxcpath. The patch below changes the log file path to be
> > > > > based on lxcpath rather than LOGPATH when lxc is configured with
> > > > > --enable-configpath-log.
> > > > >
> > > > > I think that even in the normal non --enable-configpath-log case
> > > > > we should consider using lxcpath as the base and not having
> > > > > LOGPATH at all, as attempting to create the log files
> > > > > in /var/log is not going to work for regular users on their own
> > > > > lxcpath. If we want that, I'll update the patch to do that as
> > > > > well.
> > > >
> > > >
> > > > Perhaps we should do:
> > > >
> > > > 1. If lxcpath == default_lxc_path(), then first choice is
> > > > LOGPATH, second is lxcpath/container.log
> > > > 2. when opening, if first choice fails, use second choice
> > > > if there is any.
> > > >
> > > > That way 'system' containers will go to /var/log/lxc, as I think
> > > > they should. Custom-lxcpath containers should never go
> > > > to /var/log/lxc, since their names could be dups of containers in
> > > > default_lxc_path(). And if the system is a weird one where
> > > > default_lxc_path is set up so that an unprivileged user can use
> > > > it, then we should log into $lxcpath.
> > >
> > > That sounds good to me. So these rules would apply in both the
> > > regular and --enable-configpath-log cases.
>
> I updated the patch to try to open the log file according to the
> choices given above. Along the way I cleaned up log.c a bit, making
> some things static, grouping external interfaces together, etc...
> Hopefully that doesn't add too much noise.
>
> > > > (Note this patch will trivially conflict with my new lxc_clone.c
> > > > causing it to fail to build - unfortunate result of timing)
> > >
> > > Yeah unfortunately this touches every lxc_log_init() caller. I can
> > > work on the above logic and re-submit after your new lxc_clone
> > > stuff goes in.
> >
> > No no, I'll just need to remember to update mine. Don't hold up on
> > mine, this is just the nature of such collaboration :)
> >
> > > Did you have any thoughts on the XXX what to pass in for lxcpath in
> > > lxc_init? Right now it just falls back to LOGPATH.
> >
> > No - that's a weird one, since lxc_init runs in the container. If
> > there were only system containers I'd say always use LOGPATH.
> > However there are people (apparently :) who use container sharing the
> > host's rootfs...
> >
> > lxc-execute does know the lxcpath. Perhaps we can simply have
> > src/lxc/execute.c:execute_start() look at handler->conf to see if a
> > rootfs is set. If rootfs is NOT set, then pass lxcpath along to
> > lxc-init. Then lxc-init can mostly do the same as the others? (It
> > doesn't use src/lxc/arguments.c, so you'd have to add lxcpath to
> > options[] in lxc-init.c)
>
> So I did this, only to realize that lxc-init is passing "none" for the
> file anyway, so it currently doesn't intend to log. This makes me
> think that passing NULL for lxcpath is the right thing to do in
> this patch. If you want me to make it so lxc-init can log, I can do
> that but I think it should be in a different change :)
>
> --
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 7f95145833bb24f54e037f73ecc37444d6635697
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 29 16:47:35 2013 -0400
>
> fix building docs
>
> Commit 69fe23ff added checking for the older docbook2man back into
> configure, but this breaks building the docs on at least Oracle Linux and
> Fedora when docbook2X is not installed as docbook2man will be found but the
> docs don't actually build with that tool.
>
> This change makes it so the docs can be built with either the older
> docbook2man or the newer 2X tools by using configure to set the dtd
> string to an appropriate value depending on use of docbook2man or
> db2x_docbook2man.
>
> Also fixed a small error in lxc-destroy.sgml.in that was noticed
> by the old tools.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 33c2c3ec93c17758f37cc2e53f07f7dfe6b72336
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Apr 25 15:18:25 2013 -0500
>
> add zfs support to lxc-create and lxc-destroy
>
> This is based on patch from Papp Tamas (thanks). It also does some
> reorganizing of lxc-create to commonize some of the backingstore handling.
>
> I played with it using:
>
> sudo lvcreate -L 100G -n zfs vg0
> sudo zpool create lxc /dev/vg0/zfs
> sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
>
> or you could
>
> qemu-img create zfs.img 100G
> sudo qemu-nbd -c /dev/nbd0 zfs.img
> sudo zpool create lxc /dev/nbd0
> sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
>
> I'll write the bdev.c handler and hook up lxc-clone next.
>
> This also fixses a bug in the sed expression to extract the rootfs from
> container config, which prepended an extra '/' to the rootdev. (That
> caused the zfs list entry not to match at destroy)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Cc: Papp Tamas <tompos at martos.bme.hu>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit f485f377a1caba11c58da100d3db9a8c6fdeb7d5
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Thu Apr 25 12:21:53 2013 -0400
>
> lxc_wait should start monitord
>
> If lxc_wait is called before the container has started the socket will not
> yet have been created and lxc_wait's connect to it will fail. Starting the
> daemon will create the socket for lxc_wait to connect to.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4f43438c476c3c5fb78d6192238d540108a33cb1
> Author: Christian Seiler <christian at iwakd.de>
> Date: Thu Apr 25 13:00:19 2013 +0200
>
> lxc_attach: Use clone() instead of second fork()
>
> Because of an assertion in glibc's fork() wrapper that parent pid and
> pid of child should never be the same, one should avoid fork() after
> attaching to a PID namespace, since the pid inside the namespace may
> coincide with the pid of the parent outside the namespace, thus hitting
> the aforementioned assertion.
>
> This patch just changes the code in the most simple manner to use
> clone() instead of fork(). Since clone() requires a function to be
> called instead of returning 0, we move the code of the child into a
> function child_main.
>
> Signed-off-by: Christian Seiler <christian at iwakd.de>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6320e49454b0fd86dde7df0af54a2e194ae59821
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Thu Apr 25 17:31:34 2013 +0200
>
> lxc.conf: Add reference to capabilities manpage
>
> This adds a reference to capabilities(7) to the lxc.conf manpage.
>
> Signed-off-by: Tomáš Pospíšek <tpo_deb at sourcepole.ch>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 69fe23ff0777390e34a8c0b11ce6037e5aef9109
> Author: Peter Simons <simons at cryp.to>
> Date: Thu Apr 25 12:20:30 2013 +0200
>
> configure: support for the "docbook2man" utility to build the documentation
>
> This adds docbook2man as an alternative name for the docbook compiler.
> As that name was used on Debian based systems for an older version of the tool,
> this change also adds a check so that docbook2man is never used on Debian based
> systems.
>
> Reported-by: Peter Simons <simons at cryp.to>
> Reported-by: Christian Bühler christian at cbuehler.de
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit f05699d19e27567583b9397a8d529e8aa275f5e1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Apr 24 22:47:50 2013 -0500
>
> Revert "monitor.c: sanity check on waitpid return value"
>
> It's reported to errors in parallel starts.
>
> Reported-by: "S.Çağlar Onur" <caglar at 10ur.org>
>
> This reverts commit 6b7916695264238a490971e8cd87612154fc18b1.
>
> commit 6b7916695264238a490971e8cd87612154fc18b1
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Apr 24 19:59:10 2013 -0500
>
> monitor.c: sanity check on waitpid return value
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit e8b9ac8fdfddec6a2eaacd6cdaa968058cf4e1e2
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Apr 24 19:49:59 2013 -0500
>
> close fd on error path
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4fa22bfca1e94393aa3fbdc3fdf5516e75d47521
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Wed Apr 24 15:16:21 2013 -0500
>
> lxc-create: cleanup whenever exiting with error
>
> Otherwise we leave bad containers sitting around and further confuse
> things on retries.
>
> Reported-by: Mukanyiligira Didacienne <siyana223 at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit e51d4895129209cec1c15bda2322136a03ec94b2
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Apr 24 15:06:20 2013 -0400
>
> Allow multiple monitor clients
>
> This fixes a long standing issue that there could only be a single
> lxc-monitor per container.
>
> With this change, a new lxc-monitord daemon is spawned the first time
> lxc-monitor is called against the container and will accept connections
> from any subsequent lxc-monitor.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit dc7f65454ee88fbd50f4d6f8a7c567eb27107314
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed Apr 24 21:38:32 2013 +0200
>
> ubuntu: Don't break when the locale is C.*
>
> Update the code to also match C.* so that C.UTF-8 doesn't make the
> container creation fail.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 0a9362f5745a58a3d63354d76182108ea81ecf05
> Author: S.Çağlar Onur <caglar at 10ur.org>
> Date: Tue Apr 23 17:24:31 2013 -0400
>
> Support starting containers concurrently
>
> Trying to start multiple containers concurrently may cause
> lxc_monitor_read_timeout to fail as select call could be
> interrupted by a signal, handle it.
>
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 15451ecf742bfa38a0732270b36d4a8666d2124e
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed Apr 24 17:24:26 2013 +0200
>
> python: Make the code compatibly with 3.2
>
> The previous change used some 3.3-specific functions.
> We still support 3.2 so revert to 3.2-compatible calls.
>
> Reported-by: S.Çağlar Onur <caglar at 10ur.org>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6516ad8b01aac298bffe60a8d7d21745f3354a38
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed Apr 24 00:50:44 2013 +0200
>
> python: Fix convert_tuple_to_char_pointer_array
>
> This finally fixes a few issues with the magic
> convert_tuple_to_char_pointer_array function.
>
> This now clearly copies the char* from the python object so we don't
> end up keeping reference to those.
>
> Also add the few required free calls to free the content of the array.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 93d564edc5d69819e85c3fa93368d37ec803a2f9
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Wed Apr 24 11:41:45 2013 +0200
>
> cgroup: Remove unused mntent variables
>
> Spotted by coverity, we were now assigning mntent but only every using
> mntent_r, so drop those variables and assignation.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit fd37327f57a6d53692babcaf69dfbd8f62e59918
> Author: S.Çağlar Onur <caglar at 10ur.org>
> Date: Wed Apr 17 17:15:51 2013 -0400
>
> Support stopping containers concurrently
>
> Trying to stop multiple containers concurrently ends up with "cgroup is not mounted" errors as multiple threads corrupts the shared variables.
> Fix that stack corruption and start to use getmntent_r to support stopping multiple containers concurrently.
>
> Signed-off-by: S.Çağlar Onur <caglar at 10ur.org>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit cf0f903326cf3cdd10f834c1bbc627fd81e06044
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 23 08:37:41 2013 -0500
>
> detect APT_PROXY from host apt.conf
>
> Introduce a new HTTP_PROXY variable in /etc/default/lxc. If unset or
> set to none, then behavior continues as before. If set to 'apt', then
> any http::proxy set in apt.conf will be used as http_proxy for
> debootstrap, and specified in the container's
> /etc/apt/apt.conf.d/70proxy. If set to something else, then the
> value of HTTP_PROXY will be used as http_proxy for debootstrap and
> specified in the container's 70proxy.
>
> Changelog: (apr 23) merge the two apt proxy detection functions.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 051151de890705173a42bbead40a6125d34ea41b
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 22 14:02:30 2013 -0400
>
> goto correct cleanup label to ensure fd is closed
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit bbb8a488aeacf8a226d49773fe13798a202a78e2
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Apr 22 15:46:26 2013 -0500
>
> remove needless check for 'line' which cannot be NULl there
>
> (found by coverity)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 7e1667d76e76eb3d571be5e4b545e8ace6e92187
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Mon Apr 22 15:40:57 2013 -0500
>
> cgpath test: don't check path len before checking if it is null
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ddb17f1f0870ddb1678e34652f54458207cb3bb0
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 22 11:16:57 2013 -0400
>
> make lxc_af_unix_open() safely return error on long pathnames
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 599d42525144cf0fcc7de6ac1b576c5c6ae290c2
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Sun Apr 21 22:42:06 2013 +0200
>
> python: Fix get_ips and nesting with lxcpath
>
> When using -P (lxcpath), the parameter path needs to be forwarded
> to the various commands being run but not used by the nested lxc-ls
> as it's relatively unlikely that both the host and the nested containers
> use a custom path.
>
> This isn't ideal but short of having a way to provide the container path
> for every single of the nesting (with potential unlimited depth), it's
> the best we can do.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit a2abaa9ec60a8967611e8c8905698bd01bde5861
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Sun Apr 21 20:09:24 2013 +0200
>
> ubuntu: Various fixes
>
> - Drop disabled entries from allowed devices list
> - Improve generated config layout a bit
> - Drop redundant uname call
> - Re-generate the SSH host keys on container creation
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit ed4616b1cfbc84dd01caa8546d813e8c5d482921
> Author: Christian Bühler <christian at cbuehler.de>
> Date: Sat Apr 20 15:50:13 2013 +0200
>
> Use "uname -m" instead of "arch"
>
> According to "arch"'s manpage, it's identical to "uname -m".
>
> Some distros ship uname but don't ship arch, however all distros ship uname,
> therefore it makes sense to use "uname -m" whenever possible.
>
> Signed-off-by: Christian Bühler <christian at cbuehler.de>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 6c5db2af1f706e8f21f2a5f074bada96e9011052
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Thu Apr 18 22:20:53 2013 +0200
>
> python: Various fixes to the python scripts
>
> This fixes a few issues uncovered by the recent C module fix.
>
> In lxc-start-ephemeral, the hwaddr code wasn't actually working.
> Replace by code that properly iterates through the network interfaces
> and sets a new MAC address for each entry.
>
> In the python overlay, catch the newly emitted KeyError when in
> set_config_item (or setting any previously unset variable would fail).
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2ebec36f271d4ee943281e32feb3552745115347
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Fri Apr 12 11:19:56 2013 +0200
>
> python: Lots of fixes in C extension
>
> Fixes a lot of issues found by a code review done by Barry Warsaw.
>
> Those include:
> - Wrong signature for getters
> - Various memory leaks
> - Various optimizations
> - More consistent return values
> - Proper exception handling
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
> Reported-by: Barry Warsaw <barry at ubuntu.com>
> Acked-by: Barry Warsaw <barry at ubuntu.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 860fc865b0ae0fd6381a8a9a777efdbde0aaefb6
> Author: Richard Weinberger <richard at nod.at>
> Date: Wed Apr 17 23:54:09 2013 +0200
>
> utils: reimplement/fix mkdir_p() (v2)
>
> Reimplement mkdir_p() such that it:
> ...handles relativ paths correctly. (currently it crashes)
> ...does not rely on dirname().
> ...is not recursive.
> ...is shorter. ;-)
>
> Signed-off-by: Richard Weinberger <richard at nod.at>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 23154d5764c06b68a5c154cecd89524ebe747ca1
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Thu Apr 18 10:30:33 2013 +0200
>
> Revert "start: Detect early failure of the new child"
>
> This reverts commit 5a5c35c3a01afec515e688c8366e6f893985518d.
>
> This commit was preventing startup of containers using lxc hooks and
> shutdown of all other containers, requiring the use of a good old
> kill -9 to get rid of lxc-start after a container shutdown.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 3763ee85915d28737bfebffa136bfb49ef0a2109
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Thu Apr 18 10:29:44 2013 +0200
>
> Revert "utils: reimplement/fix mkdir_p()"
>
> This reverts commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6.
>
> This commit was preventing container startup on my machine, making them
> all fail with various "No such file or directory" errors.
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 8de4140644f01180f2fdab55b0ab0f13d1c761c6
> Author: Richard Weinberger <richard at nod.at>
> Date: Wed Apr 17 17:13:40 2013 +0200
>
> utils: reimplement/fix mkdir_p()
>
> Reimplement mkdir_p() such that it:
> ...handles relativ paths correctly. (currently it crashes)
> ...does not rely on dirname().
> ...is not recursive.
> ...is shorter. ;-)
>
> Signed-off-by: Richard Weinberger <richard at nod.at>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5a5c35c3a01afec515e688c8366e6f893985518d
> Author: Richard Weinberger <richard at nod.at>
> Date: Tue Apr 16 23:42:23 2013 +0200
>
> start: Detect early failure of the new child
>
> If the process in the new namespace dies very early
> we have currently no chance to detect this.
> The parent process will just die due to SIGPIPE
> if it write to the fd used for synchronisation and
> nobody will notice the real cause of the problem.
>
> Install a SIGCHLD handler to detect the death.
> Later when the child does execve() to the init within
> the new namespace the handler will be disabled automatically.
>
> Signed-off-by: Richard Weinberger <richard at nod.at>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6b28a086310b8715f4655446f4c01d9555ef1786
> Author: Richard Weinberger <richard at nod.at>
> Date: Tue Apr 16 23:48:16 2013 +0200
>
> init: Fix whitespace damage
>
> While we are here, fix the whitespace damage.
>
> Signed-off-by: Richard Weinberger <richard at nod.at>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit a81bad13ec305b885eff2934307d9205d55e0050
> Author: Richard Weinberger <richard at nod.at>
> Date: Tue Apr 16 23:48:15 2013 +0200
>
> init: unnest interrupt_handler
>
> There is no need to use nested functions voodoo.
>
> Signed-off-by: Richard Weinberger <richard at nod.at>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2c7d90ac6eb4d883d9650d17cd915d958b4e5e66
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Apr 16 11:47:29 2013 -0400
>
> quiet gcc 4.4.7 warning about saveptr use before initialization
>
> The recent change to use strtok_r causes a build warning with this older
> gcc version, so initialize saveptr to NULL to quiet the compiler and
> unbreak the build. There was no warning with gcc 4.7.2 that I
> originally tested with.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 98663823e47ec56ff5a8205a17cc884acbf9cabd
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 16 07:41:17 2013 -0500
>
> fix spacing
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 883f4a1eae77f332059dc0be6f965485a0361ec0
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 16 07:35:05 2013 -0500
>
> mkdir_p: account for '//foo/bar'
>
> As Richard reported, dirname('//') returns //. But mkdir_p only stops
> when called with '/', resulting in infinite recursion when given a
> pathname '//foo/bar'.
>
> Reported-by: richard -rw- weinberger <richard.weinberger at gmail.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit ce4c4ca43586825a13c1abb4ce13e90d9447a0eb
> Author: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Date: Thu Apr 11 16:29:44 2013 +0300
>
> lxc-template: enable chroot + chpasswd functionality for Busybox hosts
>
> This patch supports the scenario where a user wants to install a
> busybox container on a busybox host.
>
> When running the template, in order to change the root password,
> the template needs to do the chroot. On busybox-powered hosts, chroot
> is not part of the coreutils package - it's part of busybox. And the
> busybox implementation or chroot only works if it has /lib in the new
> root populated with the right binaries (or at least that's the
> solution I found to make it work).
>
> The temporarily bind-mounts /lib in the NEWROOT, chroots there,
> changes the password, goes back and unmounts. This set of operations
> is contained in a new MOUNT namespace, using the lxc-unshare call.
>
> Signed-off-by: Bogdan Purcareata <bogdan.purcareata at freescale.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8e7da691af29fe1d8b93d2e4acc98eb188ae74cc
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 15 13:43:14 2013 -0400
>
> fix checking hook script exit code
>
> pclose returns the exit status from wait, we need to check that to see if
> the script itself failed or not. Tested a script that returned 0, 1, and
> also one that did a sleep and then was killed by a signal.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2796cf790f80e8be8dd90238f6789e52bd3cc2ac
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 15 15:28:07 2013 -0400
>
> fortify: use reentrant safe strtok_r
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit e6a19d2683629888175371ed2eeb8a49a7b44873
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 15 15:59:12 2013 -0400
>
> fortify: minor cleanups for unused variables, stricter types
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 0a2188544a538b421612c90d44e56853a9d64458
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 15 15:40:53 2013 -0400
>
> fortify: check the value returned from write(2)
>
> Also check that we wrote the amount we expected to. The write on the pty
> is blocking but we could still get a short write on EINTR, so we should
> SYSERROR it.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 03027ad99f2759182fbcd3363298ae6adaf88cdb
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 15 16:05:36 2013 -0400
>
> fix lxc-attach usage
>
> This makes it match the manpage and be consistent with lxc-execute
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 4d44e274dcd933327c4f1c1cc7e1f876d08ffa85
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 22:57:46 2013 -0500
>
> fix coverity-found errors.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 00b6be440f93131e35e75fb1b34d8d3220590bb5
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 22:44:09 2013 -0500
>
> coverity resource leak fixes
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 5371906219ff19886169612993efbb8e82f749a7
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 22:22:10 2013 -0500
>
> fix coverity-found resource leaks on error paths.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 2802732032aeaabe8c793ae76112d9c8ba13ee23
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 22:16:26 2013 -0500
>
> fix coverity-found resource leaks in config_network_ipv6
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit bb1d227404ff96564877a04ef9299c63f608f543
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 22:02:03 2013 -0500
>
> fix free of alloca()d buffer (found by coverity)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 022de5f317014c538e17378b626cf3267625e141
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:59:02 2013 -0500
>
> fix resource leak of netdev on error path found by coverity
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b6f24d54f54146a0f5de700dac7ffc2ef7624359
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:56:51 2013 -0500
>
> fix resource leak of utsname in error path found by coverity
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a6537fbbfb0b9d08adc58ae23b873a084e5d479c
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:48:49 2013 -0500
>
> genl.c: fix a resource leak found by coverity
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit a741a85d8e241e9ca773f3cd7575d720837fcb51
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:45:00 2013 -0500
>
> lxcapi_create: fix leak of tpath when a container already exists
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit b4e4ca49c792d7320787a6991ce1815d26060d39
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:39:34 2013 -0500
>
> lxc_monitor: make sure msg.name is null terminated (bug found by coverity)
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit c928f41fc0e79a24e4c43a80fb26b3c46997d91a
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:18:53 2013 -0500
>
> ifdef out skipped startone test code
>
> Unfortunately installing a working lxc-init is somewhat hairy and
> distro-dependent. So we skipped it before, but Coverity didn't
> like that, so just ifdef it out.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 416707883893211a15c031b1f3589bc7cde9bf2b
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:17:09 2013 -0500
>
> lxccontaienr: fix missing va_end in error case.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 586d4e9be1eb13cd9cb77cf6c56ce57e24623c44
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Sun Apr 14 21:12:58 2013 -0500
>
> lxcccontainer: add missing va_end found by coverity
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit af41709c4243e0fd9dc1fac5f22cdd47316f8277
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Apr 12 15:15:22 2013 -0500
>
> af_unix.c: fix coverity-found bug: pass addr size
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit bdb539b89bbe123018392bb8c64cb94c13d736a8
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Apr 12 15:11:29 2013 -0500
>
> lxclock: fix coverity-found leak
>
> if sem_init fails, free what we mallocd.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 8767795058ca5b46c8a9e335ad941d8799241716
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Fri Apr 12 15:11:11 2013 -0500
>
> lxclock: indentation
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 43d1aa34aab1c43bce8f083d024bf54f0246a884
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Thu Apr 11 11:43:31 2013 -0500
>
> Fix up struct lxc_container locking
>
> 1. in container_free, set c->privlock to NULL before calling
> sem_destroy, to prevent a window where another thread could call
> sem_wait(c->privlock) while c->privlock is not NULL but is already
> destroyed.
>
> 2. in container_get, check for numthreads < 0 before calling lxclock.
> Once numthreads is 0, it never goes back up.
>
> Following is a comment added to lxccontainer.c:
>
> /*
> * Consider the following case:
> freer | racing get()er
> ==================================================================
> lxc_container_put() | lxc_container_get()
> \ lxclock(c->privlock) | c->numthreads < 1? (no)
> \ c->numthreads = 0 | \ lxclock(c->privlock) -> waits
> \ lxcunlock() | \
> \ lxc_container_free() | \ lxclock() returns
> | \ c->numthreads < 1 -> return 0
> \ \ (free stuff) |
> \ \ sem_destroy(privlock) |
>
> * When the get()er checks numthreads the first time, one of the following
> * is true:
> * 1. freer has set numthreads = 0. get() returns 0
> * 2. freer is between lxclock and setting numthreads to 0. get()er will
> * sem_wait on privlock, get lxclock after freer() drops it, then see
> * numthreads is 0 and exit without touching lxclock again..
> * 3. freer has not yet locked privlock. If get()er runs first, then put()er
> * will see --numthreads = 1 and not call lxc_container_free().
> */
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
> Acked-by: Seth Arnold <seth.arnold at canonical.com>
> Acked-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit e649c8032f84b488cac8ea6c8fb9a77c424a0419
> Author: Stéphane Graber <stgraber at ubuntu.com>
> Date: Thu Apr 11 14:15:21 2013 +0200
>
> python: Fix memory management
>
> Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
>
> commit 75129865d48d2293383316f88ce7661e37dde43d
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Apr 3 14:43:15 2013 -0400
>
> ubuntu template: fix installation when LANG=C
>
> The ubuntu template will silently fail (because it is set -e) on
> the locale-gen command when LANG=C
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 9eee2f7739dbaf82d3b0837de41cdcba5ee4a1d3
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Apr 3 12:31:46 2013 -0400
>
> oracle template: install additional user specified pkgs
>
> Fix lxc-create to not word split template arguments. This makes
> lxc-create -n ol -t oracle -- -r "at cronie wget" work since the argument
> to -r will be passed as one arg instead of three.
>
> Fix oracle template -u option to shift the correct amount.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 33892746e373449a8a69a4265d783bf701cb5784
> Author: Wojciech Izykowski <wizykowski at gmail.com>
> Date: Sat Apr 6 16:33:00 2013 +0200
>
> lxc-start-ephemeral: fixed bug with wrong ssh option (-k instead of -i)
>
> Corrected ssh option for custom key (from -k to -i). Just see ssh
> manpage for justification.
>
> Signed-off-by: Wojciech Izykowski <wizykowski at gmail.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit 6efdcb6a3cc4d06bf64af69b08bc95335f02b79f
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Apr 3 17:08:32 2013 -0400
>
> debian template: set arch when dpkg doesn't exist on host
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
>
> commit fe19f236a2295da1e01ab05ff59853c5a4556811
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Mon Apr 8 12:45:23 2013 -0400
>
> fix wait status in pid reuse case
>
> Commit 37c3dfc9 sets the wait status on only the child pid. It
> intended to match the pid only once to protect against pid reuse but it
> won't because the indicator was reset to 0 every time at the top of the
> loop. If the child pid is reused, the wait status will be set again.
> Fix by setting indicator outside the loop.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 1354f952876e96b456425efc7ed9994caf687028
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Tue Apr 9 09:41:15 2013 -0400
>
> minor documentation fixes / clarification
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit 190a2ea88e9820e5e150ce36414233da4bd34b44
> Author: Dwight Engen <dwight.engen at oracle.com>
> Date: Wed Apr 10 10:49:51 2013 -0400
>
> remove unused lxc_copy_file
>
> Commit e3642c43 added lxc_copy_file for use in 64e1ae63. The use of it
> was removed in commit 1bc60a65. Removing it reduces dead code and the
> footprint of liblxc.
>
> Signed-off-by: Dwight Engen <dwight.engen at oracle.com>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> commit fd95f2402dc70ad41fa2db8fb101f950196458a9
> Author: Serge Hallyn <serge.hallyn at ubuntu.com>
> Date: Tue Apr 9 16:23:05 2013 -0500
>
> lxc.functions: don't let LXC_PATH= line end in failure
>
> Otherwise if called from dash with set -e, dash will exit. This
> causes lxc-clone to fail.
>
> Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
>
> -----------------------------------------------------------------------
>
> Summary of changes:
> .gitignore | 12 +-
> CONTRIBUTING | 24 +
> autogen.sh | 21 +
> config/Makefile.am | 4 +-
> configure.ac | 125 ++-
> doc/Makefile.am | 1 -
> doc/common_options.sgml.in | 2 +-
> doc/legacy/lxc-ls.sgml.in | 8 +-
> doc/lxc-attach.sgml.in | 4 +-
> doc/lxc-cgroup.sgml.in | 4 +-
> doc/lxc-checkconfig.sgml.in | 4 +-
> doc/lxc-checkpoint.sgml.in | 4 +-
> doc/lxc-clone.sgml.in | 150 ++-
> doc/lxc-console.sgml.in | 15 +-
> doc/lxc-create.sgml.in | 16 +-
> doc/lxc-destroy.sgml.in | 21 +-
> doc/lxc-device.sgml.in | 4 +-
> doc/lxc-execute.sgml.in | 12 +-
> doc/lxc-freeze.sgml.in | 4 +-
> doc/lxc-info.sgml.in | 32 +-
> doc/lxc-kill.sgml.in | 4 +-
> doc/lxc-ls.sgml.in | 4 +-
> doc/lxc-monitor.sgml.in | 23 +-
> doc/lxc-netstat.sgml.in | 4 +-
> doc/lxc-ps.sgml.in | 10 +-
> doc/lxc-restart.sgml.in | 4 +-
> doc/lxc-shutdown.sgml.in | 98 --
> doc/lxc-start-ephemeral.sgml.in | 4 +-
> doc/lxc-start.sgml.in | 4 +-
> doc/lxc-stop.sgml.in | 96 ++-
> doc/lxc-top.sgml.in | 4 +-
> doc/lxc-unfreeze.sgml.in | 4 +-
> doc/lxc-unshare.sgml.in | 10 +-
> doc/lxc-version.sgml.in | 4 +-
> doc/lxc-wait.sgml.in | 4 +-
> doc/lxc.conf.sgml.in | 246 ++++-
> doc/lxc.sgml.in | 4 +-
> doc/see_also.sgml.in | 2 +-
> hooks/Makefile.am | 4 +-
> hooks/clonehostname | 29 +
> hooks/mountcgroups | 25 +-
> hooks/mountecryptfsroot | 2 +-
> hooks/ubuntu-cloud-prep | 184 +++
> lxc.spec.in | 3 +-
> runapitests.sh | 18 +
> src/include/getline.c | 29 +
> src/include/getline.h | 31 +
> src/include/ifaddrs.c | 597 +++++++++
> src/include/ifaddrs.h | 54 +
> src/include/lxcmntent.c | 20 +
> src/include/lxcmntent.h | 21 +
> src/include/openpty.c | 36 +-
> src/include/openpty.h | 23 +
> src/lua-lxc/Makefile.am | 4 +-
> src/lua-lxc/core.c | 54 +-
> src/lua-lxc/lxc.lua | 128 +-
> src/lxc/Makefile.am | 77 +-
> src/lxc/af_unix.c | 21 +-
> src/lxc/af_unix.h | 2 +-
> src/lxc/apparmor.c | 25 +-
> src/lxc/apparmor.h | 20 +
> src/lxc/arguments.c | 39 +-
> src/lxc/arguments.h | 24 +-
> src/lxc/attach.c | 643 +++++++++-
> src/lxc/attach.h | 10 +-
> src/lxc/attach_options.h | 120 ++
> src/lxc/bdev.c | 2070 ++++++++++++++++++++++++++++++
> src/lxc/bdev.h | 138 ++
> src/lxc/caps.c | 40 +-
> src/lxc/caps.h | 6 +-
> src/lxc/cgroup.c | 1237 +++++++++++++-----
> src/lxc/cgroup.h | 37 +-
> src/lxc/checkpoint.c | 2 +-
> src/lxc/commands.c | 701 +++++++++--
> src/lxc/commands.h | 83 +-
> src/lxc/conf.c | 390 +++++--
> src/lxc/conf.h | 32 +-
> src/lxc/confile.c | 145 ++-
> src/lxc/confile.h | 2 +-
> src/lxc/console.c | 786 +++++++++---
> src/lxc/console.h | 20 +-
> src/lxc/error.c | 2 +-
> src/lxc/error.h | 2 +-
> src/lxc/execute.c | 45 +-
> src/lxc/freezer.c | 33 +-
> src/lxc/genl.c | 19 +-
> src/lxc/genl.h | 2 +-
> src/lxc/legacy/lxc-ls.in | 2 +-
> src/lxc/list.c | 2 +-
> src/lxc/list.h | 23 +
> src/lxc/log.c | 243 +++--
> src/lxc/log.h | 16 +-
> src/lxc/lxc-checkconfig.in | 2 +-
> src/lxc/lxc-clone.in | 324 -----
> src/lxc/lxc-create.in | 357 -----
> src/lxc/lxc-destroy.in | 63 +-
> src/lxc/lxc-device | 2 +-
> src/lxc/lxc-ls | 11 +-
> src/lxc/lxc-netstat.in | 35 +-
> src/lxc/lxc-ps.in | 31 +-
> src/lxc/lxc-shutdown.in | 151 ---
> src/lxc/lxc-start-ephemeral.in | 28 +-
> src/lxc/lxc-top | 13 +-
> src/lxc/lxc.functions.in | 15 +-
> src/lxc/lxc.h | 62 +-
> src/lxc/lxc_attach.c | 458 ++------
> src/lxc/lxc_cgroup.c | 35 +-
> src/lxc/lxc_checkpoint.c | 4 +-
> src/lxc/lxc_clone.c | 179 +++
> src/lxc/lxc_config.c | 70 +
> src/lxc/lxc_console.c | 192 +---
> src/lxc/lxc_create.c | 246 ++++
> src/lxc/lxc_destroy.c | 103 ++
> src/lxc/lxc_execute.c | 8 +-
> src/lxc/lxc_freeze.c | 30 +-
> src/lxc/lxc_info.c | 43 +-
> src/lxc/lxc_init.c | 96 +-
> src/lxc/lxc_kill.c | 6 +-
> src/lxc/lxc_monitor.c | 38 +-
> src/lxc/lxc_monitord.c | 409 ++++++
> src/lxc/lxc_restart.c | 8 +-
> src/lxc/lxc_start.c | 102 +-
> src/lxc/lxc_stop.c | 127 ++-
> src/lxc/lxc_unfreeze.c | 30 +-
> src/lxc/lxc_unshare.c | 2 +-
> src/lxc/lxc_user_nic.c | 782 +++++++++++
> src/lxc/lxc_usernsexec.c | 417 ++++++
> src/lxc/lxc_wait.c | 18 +-
> src/lxc/lxccontainer.c | 1783 ++++++++++++++++++++++----
> src/lxc/lxccontainer.h | 124 ++-
> src/lxc/lxclock.c | 330 ++++-
> src/lxc/lxclock.h | 94 +-
> src/lxc/lxcseccomp.h | 2 +-
> src/lxc/lxcutmp.c | 4 +-
> src/lxc/lxcutmp.h | 2 +-
> src/lxc/mainloop.c | 9 +-
> src/lxc/mainloop.h | 9 +-
> src/lxc/monitor.c | 243 +++-
> src/lxc/monitor.h | 12 +-
> src/lxc/namespace.c | 4 +-
> src/lxc/namespace.h | 5 +-
> src/lxc/network.c | 8 +-
> src/lxc/network.h | 2 +-
> src/lxc/nl.c | 2 +-
> src/lxc/nl.h | 2 +-
> src/lxc/parse.c | 10 +-
> src/lxc/parse.h | 2 +-
> src/lxc/restart.c | 2 +-
> src/lxc/rtnl.c | 2 +-
> src/lxc/rtnl.h | 2 +-
> src/lxc/seccomp.c | 2 +-
> src/lxc/start.c | 260 +---
> src/lxc/start.h | 6 +-
> src/lxc/state.c | 113 +--
> src/lxc/state.h | 2 +-
> src/lxc/stop.c | 115 --
> src/lxc/sync.c | 2 +-
> src/lxc/sync.h | 2 +-
> src/lxc/utils.c | 405 +++++--
> src/lxc/utils.h | 163 +++-
> src/lxc/version.c | 2 +-
> src/lxc/version.h | 2 +-
> src/python-lxc/examples/api_test.py | 14 +-
> src/python-lxc/examples/pyconsole-vte.py | 80 ++
> src/python-lxc/examples/pyconsole.py | 54 +
> src/python-lxc/lxc.c | 753 ++++++++++--
> src/python-lxc/lxc/__init__.py | 182 ++--
> src/python-lxc/setup.py | 23 +
> src/tests/Makefile.am | 16 +-
> src/tests/cgpath.c | 278 +++--
> src/tests/clonetest.c | 178 +++
> src/tests/console.c | 177 +++
> src/tests/containertests.c | 2 +-
> src/tests/createtest.c | 2 +-
> src/tests/destroytest.c | 2 +-
> src/tests/get_item.c | 2 +-
> src/tests/locktests.c | 258 ++---
> src/tests/lxc-test-usernic | 67 +
> src/tests/saveconfig.c | 2 +-
> src/tests/shutdowntest.c | 2 +-
> src/tests/startone.c | 4 +-
> templates/Makefile.am | 3 +-
> templates/lxc-alpine.in | 130 ++-
> templates/lxc-altlinux.in | 26 +-
> templates/lxc-archlinux.in | 14 +-
> templates/lxc-busybox.in | 53 +-
> templates/lxc-cirros.in | 321 +++++
> templates/lxc-debian.in | 31 +-
> templates/lxc-fedora.in | 231 +++-
> templates/lxc-opensuse.in | 21 +-
> templates/lxc-oracle.in | 32 +-
> templates/lxc-sshd.in | 82 +-
> templates/lxc-ubuntu-cloud.in | 226 ++--
> templates/lxc-ubuntu.in | 132 ++-
> 194 files changed, 16157 insertions(+), 4782 deletions(-)
> delete mode 100644 doc/lxc-shutdown.sgml.in
> create mode 100755 hooks/clonehostname
> create mode 100755 hooks/ubuntu-cloud-prep
> create mode 100644 src/include/ifaddrs.c
> create mode 100644 src/include/ifaddrs.h
> create mode 100644 src/lxc/attach_options.h
> create mode 100644 src/lxc/bdev.c
> create mode 100644 src/lxc/bdev.h
> delete mode 100755 src/lxc/lxc-clone.in
> delete mode 100644 src/lxc/lxc-create.in
> delete mode 100644 src/lxc/lxc-shutdown.in
> create mode 100644 src/lxc/lxc_clone.c
> create mode 100644 src/lxc/lxc_config.c
> create mode 100644 src/lxc/lxc_create.c
> create mode 100644 src/lxc/lxc_destroy.c
> create mode 100644 src/lxc/lxc_monitord.c
> create mode 100644 src/lxc/lxc_user_nic.c
> create mode 100644 src/lxc/lxc_usernsexec.c
> delete mode 100644 src/lxc/stop.c
> create mode 100755 src/python-lxc/examples/pyconsole-vte.py
> create mode 100755 src/python-lxc/examples/pyconsole.py
> create mode 100644 src/tests/clonetest.c
> create mode 100644 src/tests/console.c
> create mode 100755 src/tests/lxc-test-usernic
> create mode 100644 templates/lxc-cirros.in
>
>
> hooks/post-receive
> --
> lxc
>
> ------------------------------------------------------------------------------
> Learn the latest--Visual Studio 2012, SharePoint 2013, SQL 2012, more!
> Discover the easy way to master current and previous Microsoft technologies
> and advance your career. Get an incredible 1,500+ hours of step-by-step
> tutorial videos with LearnDevNow. Subscribe today and save!
> http://pubads.g.doubleclick.net/gampad/clk?id=58041391&iu=/4140/ostg.clktrk
> _______________________________________________
> Lxc-devel mailing list
> Lxc-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20130909/3cb2bbdc/attachment.pgp>
More information about the lxc-devel
mailing list