[lxc-devel] [PATCH] [v3] Integrated lxc-net service for rpm based platforms.
Michael H. Warfield
mhw at WittsEnd.com
Mon Aug 25 19:00:46 UTC 2014
Version 3 Integration of lxc-net service for rpm based platforms.
Initial version is deprecated and obsoleted by this version.
Version 2 was discussed in private E-Mail
Patch is against current master.
This includes some patches for the SUSE / OpenSUSE platforms.
Regards,
Mike
--
[v3] Integrated lxc-net service for rpm based platforms.
This fixes build and run problems on rpm based platforms (CentOS,
Fedora, Oracle, SUSE) running with the systemd init following the
refactoring of the Ubuntu lxc networking logic into a systemd service.
Added lxc-net.in based on src/lxc/lxc.net and lxc.in for sysvinit
and systemd init systems in parallel with lxc.in.
Added autoconfigure variable for distro specific sysconfigdir and
implemented in both lxc.in and lxc-net.in.
Fixed configure.ac for "OpenSUSE project" return from lsb_release.
Renamed config/etc/default.conf.ubuntu to config/etc/default.conf.lxcbr
and set that as the default for Ubuntu, Fedora, CentOS, Oracle, SUSE,
and OpenSUSE*. Only other things left are "unknown".
Updated lxc-net.service.in for new path to lxc-net script in
LIBEXECDIR instead of DATADIR.
Renamed config/init/sysvinit to config/init/common reflecting the
fact that the code in that directory is common to all three init
paradigms.
Removed src/lxc/lxc.net as it has been replaced by
config/init/common/lxc-net.in installed in /usr/libexec/lxc.
Changed name of lxc-autostart-helper.in to lxc-containers.in
Added the "lxc-net" sysvinit script for sysvinit rpm packaging
(CentOS 6, Oracle 6, etc).
Added autogeneration of /etc/sysconfig/lxc-net for rpm based
distributions into the lxc.spec file.
Added creation of lxc-dnsmasq system user.
Fixed fallbacks for "action" init script verb and lock file
locations.
Fixed potentially uninitialized variable in lxc_user_nic.c which
was causing builds to fail on CentOS and Oracle with warnings
treated as errors.
Fixed lxc.spec.in for several SUSE build gotcha's.
Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
---
config/Makefile.am | 2 +-
config/etc/Makefile.am | 2 +-
config/etc/default.conf.ubuntu | 4 -
config/init/Makefile.am | 2 +-
config/init/systemd/Makefile.am | 14 +---
config/init/systemd/lxc-net.service.in | 4 +-
config/init/systemd/lxc.service.in | 4 +-
config/init/sysvinit/Makefile.am | 14 ----
config/init/sysvinit/lxc.in | 131 ---------------------------------
config/init/upstart/lxc-net.conf | 4 +-
configure.ac | 19 +++--
lxc.spec.in | 110 ++++++++++++++++++++++++++-
src/lxc/Makefile.am | 4 +-
src/lxc/lxc.net | 103 --------------------------
src/lxc/lxc_user_nic.c | 2 +-
15 files changed, 134 insertions(+), 285 deletions(-)
delete mode 100644 config/etc/default.conf.ubuntu
delete mode 100644 config/init/sysvinit/Makefile.am
delete mode 100644 config/init/sysvinit/lxc.in
delete mode 100755 src/lxc/lxc.net
diff --git a/config/Makefile.am b/config/Makefile.am
index 37fd24b..54f8859 100644
--- a/config/Makefile.am
+++ b/config/Makefile.am
@@ -1 +1 @@
-SUBDIRS = apparmor bash etc init selinux templates yum
+SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
diff --git a/config/etc/Makefile.am b/config/etc/Makefile.am
index 03193da..fa8bc2f 100644
--- a/config/etc/Makefile.am
+++ b/config/etc/Makefile.am
@@ -1,7 +1,7 @@
configdir = $(sysconfdir)/lxc
config_DATA = default.conf
-EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
+EXTRA_DIST = default.conf.lxcbr default.conf.libvirt default.conf.unknown
clean-local:
@$(RM) -f default.conf
diff --git a/config/etc/default.conf.ubuntu b/config/etc/default.conf.ubuntu
deleted file mode 100644
index 661718b..0000000
--- a/config/etc/default.conf.ubuntu
+++ /dev/null
@@ -1,4 +0,0 @@
-lxc.network.type = veth
-lxc.network.link = lxcbr0
-lxc.network.flags = up
-lxc.network.hwaddr = 00:16:3e:xx:xx:xx
diff --git a/config/init/Makefile.am b/config/init/Makefile.am
index e2ffe28..dea8e3f 100644
--- a/config/init/Makefile.am
+++ b/config/init/Makefile.am
@@ -1 +1 @@
-SUBDIRS = systemd sysvinit upstart
+SUBDIRS = common systemd upstart
diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
index 5959cd8..6ded467 100644
--- a/config/init/systemd/Makefile.am
+++ b/config/init/systemd/Makefile.am
@@ -6,17 +6,9 @@ EXTRA_DIST = \
$(NULL)
if INIT_SCRIPT_SYSTEMD
-lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status
- $(AM_V_GEN)sed \
- -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \
- -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \
- -e 's|[@]BINDIR[@]|$(bindir)|g' \
- < $< > $@-t && \
- chmod a+x $@-t && \
- mv $@-t $@
-BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service
+BUILT_SOURCES = lxc.service lxc-net.service
-install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper
+install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load
$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
$(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
@@ -25,7 +17,7 @@ uninstall-systemd:
rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service
rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
-pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper
+pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load
install-data-local: install-systemd
uninstall-local: uninstall-systemd
diff --git a/config/init/systemd/lxc-net.service.in b/config/init/systemd/lxc-net.service.in
index 37d1d69..c054702 100644
--- a/config/init/systemd/lxc-net.service.in
+++ b/config/init/systemd/lxc-net.service.in
@@ -6,5 +6,5 @@ Before=lxc.service
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=@DATADIR@/lxc/lxc.net start
-ExecStop=@DATADIR@/lxc/lxc.net stop
+ExecStart=@LIBEXECDIR@/lxc/lxc-net start
+ExecStop=@LIBEXECDIR@/lxc/lxc-net stop
diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
index f64610f..33da987 100644
--- a/config/init/systemd/lxc.service.in
+++ b/config/init/systemd/lxc.service.in
@@ -8,8 +8,8 @@ Type=oneshot
RemainAfterExit=yes
ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup
ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load
-ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start
-ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop
+ExecStart=@LIBEXECDIR@/lxc/lxc-containers start
+ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop
# Environment=BOOTUP=serial
# Environment=CONSOLETYPE=serial
StandardOutput=syslog
diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am
deleted file mode 100644
index 66c190d..0000000
--- a/config/init/sysvinit/Makefile.am
+++ /dev/null
@@ -1,14 +0,0 @@
-EXTRA_DIST = lxc
-
-if INIT_SCRIPT_SYSV
-install-sysvinit: lxc
- $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
- $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
-
-uninstall-sysvinit:
- rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
- rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
-
-install-data-local: install-sysvinit
-uninstall-local: uninstall-sysvinit
-endif
diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
deleted file mode 100644
index 7cad8c8..0000000
--- a/config/init/sysvinit/lxc.in
+++ /dev/null
@@ -1,131 +0,0 @@
-#!/bin/sh
-#
-# lxc Start/Stop LXC autoboot containers
-#
-# chkconfig: 345 99 01
-# description: Starts/Stops all LXC containers configured for autostart.
-#
-### BEGIN INIT INFO
-# Provides: lxc
-# Default-Start: 3 4 5
-# Default-Stop: 0 1 6
-# Short-Description: Bring up/down LXC autostart containers
-# Description: Bring up/down LXC autostart containers
-### END INIT INFO
-
-sysconfdir="@SYSCONFDIR@"
-bindir="@BINDIR@"
-localstatedir="@LOCALSTATEDIR@"
-
-# These can be overridden in @SYSCONFDIR@/sysconfig/lxc
-
-# BOOTGROUPS - What groups should start on bootup?
-# Comma separated list of groups.
-# Leading comma, trailing comma or embedded double
-# comma indicates when the NULL group should be run.
-# Example (default): boot the onboot group first then the NULL group
-BOOTGROUPS="onboot,"
-
-# SHUTDOWNDELAY - Wait time for a container to shut down.
-# ner shutdown can result in lengthy system
-# shutdown times. Even 5 seconds per container can be
-# too long.
-SHUTDOWNDELAY=5
-
-# OPTIONS can be used for anything else.
-# If you want to boot everything then
-# options can be "-a" or "-a -A".
-OPTIONS=
-
-# STOPOPTS are stop options. The can be used for anything else to stop.
-# If you want to kill containers fast, use -k
-STOPOPTS="-a -A -s"
-
-# Source function library.
-test ! -r "$sysconfdir"/rc.d/init.d/functions ||
- . "$sysconfdir"/rc.d/init.d/functions
-
-# provide action() fallback
-if ! type action >/dev/null 2>&1; then
- action() {
- echo "$@"
- }
-fi
-
-# Source any configurable options
-test ! -r "$sysconfdir"/sysconfig/lxc ||
- . "$sysconfdir"/sysconfig/lxc
-
-# Check for needed utility program
-[ -x "$bindir"/lxc-autostart ] || exit 1
-
-# If libvirtd is providing the bridge, it might not be
-# immediately available, so wait a bit for it before starting
-# up the containers or else any that use the bridge will fail
-# to start
-wait_for_bridge()
-{
- [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; }
-
- which ifconfig >/dev/null 2>&1
- if [ $? = 0 ]; then
- cmd="ifconfig -a"
- else
- which ip >/dev/null 2>&1
- if [ $? = 0 ]; then
- cmd="ip link list"
- fi
- fi
- [ -n cmd ] || { return 0; }
-
- BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'`
- if [ -z "$BRNAME" ]; then
- return 0
- fi
-
- for try in `seq 1 30`; do
- eval $cmd |grep "^$BRNAME" >/dev/null 2>&1
- if [ $? = 0 ]; then
- return
- fi
- sleep 1
- done
-}
-
-# See how we were called.
-case "$1" in
- start)
- [ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; }
-
- if [ -n "$BOOTGROUPS" ]
- then
- BOOTGROUPS="-g $BOOTGROUPS"
- fi
-
- # Start containers
- wait_for_bridge
- # Start autoboot containers first then the NULL group "onboot,".
- action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
- touch "$localstatedir"/lock/subsys/lxc
- ;;
- stop)
- if [ -n "$SHUTDOWNDELAY" ]
- then
- SHUTDOWNDELAY="-t $SHUTDOWNDELAY"
- fi
-
- # The stop is serialized and can take excessive time. We need to avoid
- # delaying the system shutdown / reboot as much as we can since it's not
- # parallelized... Even 5 second timout may be too long.
- action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
- rm -f "$localstatedir"/lock/subsys/lxc
- ;;
- restart|reload|force-reload)
- $0 stop
- $0 start
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|reload|force-reload}"
- exit 2
-esac
-exit $?
diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
index 38f6ea3..15460eb 100644
--- a/config/init/upstart/lxc-net.conf
+++ b/config/init/upstart/lxc-net.conf
@@ -4,5 +4,5 @@ author "Serge Hallyn <serge.hallyn at canonical.com>"
start on starting lxc
stop on stopped lxc
-pre-start exec /usr/share/lxc/lxc.net start
-post-stop exec /usr/share/lxc/lxc.net stop
+pre-start exec /usr/libexec/lxc/lxc-net start
+post-stop exec /usr/libexec/lxc/lxc-net stop
diff --git a/configure.ac b/configure.ac
index 1a55521..5d5f974 100644
--- a/configure.ac
+++ b/configure.ac
@@ -60,13 +60,16 @@ if test "z$with_distro" = "z"; then
fi
case $with_distro in
ubuntu|raspbian)
- distroconf=default.conf.ubuntu
+ distroconf=default.conf.lxcbr
+ distrosysconf="$sysconfdir/default"
;;
- redhat|centos|fedora|oracle|oracleserver)
- distroconf=default.conf.libvirt
+ redhat|centos|fedora|oracle|oracleserver|suse|opensuse*)
+ distroconf=default.conf.lxcbr
+ distrosysconf="$sysconfdir/sysconfig"
;;
*)
distroconf=default.conf.unknown
+ distrosysconf="$sysconfdir/default"
;;
esac
AC_MSG_RESULT([$with_distro])
@@ -84,7 +87,7 @@ AC_ARG_WITH([init-script],
case "$with_init_script" in
distro)
case $with_distro in
- fedora)
+ fedora|opensuse*)
init_script=systemd
;;
redhat|centos|oracle|oracleserver)
@@ -520,6 +523,7 @@ AS_AC_EXPAND(LXCPATH, "$with_config_path")
AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf")
AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf")
AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db")
+AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf")
AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path")
AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates")
AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config")
@@ -602,8 +606,9 @@ AC_CONFIG_FILES([
config/bash/Makefile
config/bash/lxc
config/init/Makefile
- config/init/sysvinit/Makefile
- config/init/sysvinit/lxc
+ config/init/common/Makefile
+ config/init/common/lxc-containers
+ config/init/common/lxc-net
config/init/systemd/Makefile
config/init/systemd/lxc.service
config/init/systemd/lxc-net.service
@@ -636,6 +641,8 @@ AC_CONFIG_FILES([
config/templates/ubuntu.userns.conf
config/templates/userns.conf
config/yum/Makefile
+ config/sysconfig/Makefile
+ config/sysconfig/lxc
doc/Makefile
doc/api/Makefile
diff --git a/lxc.spec.in b/lxc.spec.in
index 57912a1..52b6326 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -28,7 +28,16 @@
%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
%global with_systemd 1
%define init_script systemd
+#
+# BuildRequires systemd-units on fedora and rhel
+%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7
BuildRequires: systemd-units
+#
+# BuildRequires systemd on openSUSE and SUSE
+%endif
+%if 0%{?suse_version} >= 1210
+BuildRequires: systemd
+%endif
%else
%global with_systemd 0
%define init_script sysvinit
@@ -53,8 +62,25 @@ Summary: Linux Containers userspace tools
Group: Applications/System
License: LGPLv2+
BuildRoot: %{_tmppath}/%{name}-%{version}-build
-Requires: openssl rsync
-BuildRequires: libcap libcap-devel docbook2X graphviz
+Requires: openssl rsync dnsmasq
+# Note for Suse. The "docbook2X" BuildRequires does properly
+# match docbook2x on Suse in a case insensitive manner
+BuildRequires: libcap libcap-devel docbook2X graphviz libxslt pkgconfig
+
+#
+# Additional packages for openSUSE and SUSE
+#
+%if 0%{?suse_version} >= 1210
+PreReq: permissions
+BuildRequires: libapparmor-devel linux-glibc-devel lsb-release docbook-utils
+
+#
+# libseccomp-devel only needed on i386/i586/i686 and X86_64
+#
+%ifarch %ix86 x86_64
+BuildRequires: libseccomp-devel
+%endif
+%endif
%if %{with_python}
Requires: python3
@@ -105,6 +131,9 @@ PATH=$PATH:/usr/sbin:/sbin %configure $args \
%if %{with_python}
--enable-python \
%endif
+%if "x%{_unitdir}" != "x"
+ --with-systemdsystemunitdir=%{_unitdir} \
+%endif
--disable-rpath \
--with-init-script=%{init_script}
make %{?_smp_mflags}
@@ -117,28 +146,102 @@ find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
%clean
rm -rf %{buildroot}
+%pre
+# Ensure that lxcdnsmasq uid & gid gets correctly allocated
+if getent passwd lxc-dnsmasq >/dev/null 2>&1 ; then : ; else \
+ /usr/sbin/useradd -M -r -s /sbin/nologin \
+ -c "LXC Networking Service" -d %_localstatedir/%name lxc-dnsmasq 2> /dev/null \
+ || exit 1
+fi
+
%post
+# This test should trigger a network configure on a new install.
+if [ ! -f %{_sysconfdir}/sysconfig/lxc-net ] || ! grep -q 'USE_LXC_BRIDGE=' %{_sysconfdir}/sysconfig/lxc-net
+then
+ # Grab a random 10net subnet. Need to add test logic...
+ while [ true ]
+ do
+ SUBNET=10.$(($RANDOM % 256)).$(($RANDOM % 256))
+ if ! ip -4 route ls | grep -q "^$SUBNET"
+ then
+ break
+ fi
+ done
+
+ cat > %{_sysconfdir}/sysconfig/lxc-net <<EOF
+# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
+# containers. Set to "false" if you'll use virbr0 or another existing
+# bridge, or mavlan to your host's NIC.
+USE_LXC_BRIDGE="true"
+
+# If you change the LXC_BRIDGE to something other than lxcbr0, then
+# you will also need to update your /etc/lxc/default.conf as well as the
+# configuration (/var/lib/lxc/<container>/config) for any containers
+# already created using the default config to reflect the new bridge
+# name.
+# If you have the dnsmasq daemon installed, you'll also have to update
+# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
+LXC_BRIDGE="lxcbr0"
+LXC_ADDR="$SUBNET.1"
+LXC_NETMASK="255.255.255.0"
+LXC_NETWORK="$SUBNET.0/24"
+LXC_DHCP_RANGE="$SUBNET.2,$SUBNET.254"
+LXC_DHCP_MAX="253"
+# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
+# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
+# container 'mail1' always get ip address 10.0.3.100.
+#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
+
+# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
+# domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
+# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your
+# host.
+#LXC_DOMAIN="lxc"
+EOF
+fi
+
%post libs -p /sbin/ldconfig
%postun libs -p /sbin/ldconfig
%files
%defattr(-,root,root)
%{_bindir}/*
+# openSUSE/SUSE
+%if 0%{?suse_version} >= 1210
+%dir %{_sysconfdir}/apparmor.d
+%dir %{_sysconfdir}/apparmor.d/abstractions
+%dir %{_sysconfdir}/apparmor.d/abstractions/%{name}
+%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/container-base
+%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/start-container
+%config %{_sysconfdir}/apparmor.d/%{name}-containers
+%dir %{_sysconfdir}/apparmor.d/%{name}
+%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default
+%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-mounting
+%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-nesting
+%config %{_sysconfdir}/apparmor.d/usr.bin.%{name}-start
+%endif
%{_mandir}/man1/lxc*
%{_mandir}/man5/lxc*
%{_mandir}/man7/lxc*
+# not openSUSE/SUSE
+%if %{undefined suse_version}
%{_mandir}/ja/man1/lxc*
%{_mandir}/ja/man5/lxc*
%{_mandir}/ja/man7/lxc*
+%endif
%{_datadir}/doc/*
%{_datadir}/lxc/*
%{_sysconfdir}/bash_completion.d
+%{_sysconfdir}/sysconfig/*
%config(noreplace) %{_sysconfdir}/lxc/*
+%config(noreplace) %{_sysconfdir}/sysconfig/*
%if %{with_systemd}
+%{_unitdir}/lxc-net.service
%{_unitdir}/lxc.service
%else
%{_sysconfdir}/rc.d/init.d/lxc
+%{_sysconfdir}/rc.d/init.d/lxc-net
%endif
%files libs
@@ -154,7 +257,8 @@ rm -rf %{buildroot}
%attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic
%if %{with_systemd}
%attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup
-%attr(555,root,root) %{_libexecdir}/%{name}/lxc-autostart-helper
+%attr(555,root,root) %{_libexecdir}/%{name}/lxc-net
+%attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers
%endif
%if %{with_python}
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index c1a67d6..6543164 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -165,8 +165,7 @@ bin_SCRIPTS = lxc-checkconfig
EXTRA_DIST = \
lxc-device \
lxc-ls \
- lxc-top \
- lxc.net
+ lxc-top
if ENABLE_PYTHON
bin_SCRIPTS += lxc-device
@@ -253,7 +252,6 @@ endif
install-exec-local: install-soPROGRAMS
mkdir -p $(DESTDIR)$(datadir)/lxc
install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
- install -c -m 755 lxc.net $(DESTDIR)$(datadir)/lxc
mv $(DESTDIR)$(libdir)/liblxc.so $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
cd $(DESTDIR)$(libdir); \
ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., ,$(VERSION))); \
diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net
deleted file mode 100755
index 9ec9695..0000000
--- a/src/lxc/lxc.net
+++ /dev/null
@@ -1,103 +0,0 @@
-#!/bin/sh
-set -eu
-
-USE_LXC_BRIDGE="true"
-LXC_BRIDGE="lxcbr0"
-LXC_ADDR="10.0.3.1"
-LXC_NETMASK="255.255.255.0"
-LXC_NETWORK="10.0.3.0/24"
-LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
-LXC_DHCP_MAX="253"
-LXC_DHCP_CONFILE=""
-varrun="/run/lxc"
-LXC_DOMAIN=""
-
-start() {
- [ -f /etc/default/lxc ] && . /etc/default/lxc
-
- [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
-
- use_iptables_lock="-w"
- iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
- cleanup() {
- # dnsmasq failed to start, clean up the bridge
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
- iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
- ifconfig ${LXC_BRIDGE} down || true
- brctl delbr ${LXC_BRIDGE} || true
- }
-
- if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
- if [ ! -f ${varrun}/network_up ]; then
- # bridge exists, but we didn't start it
- stop;
- fi
- exit 0;
- fi
-
- # set up the lxc network
- brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
- echo 1 > /proc/sys/net/ipv4/ip_forward
- mkdir -p ${varrun}
- ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
- iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-
- LXC_DOMAIN_ARG=""
- if [ -n "$LXC_DOMAIN" ]; then
- LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
- fi
- DNSMASQ_USER="lxc-dnsmasq"
- if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
- DNSMASQ_USER="dnsmasq"
- fi
- dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
- touch ${varrun}/network_up
-}
-
-stop() {
- [ -f /etc/default/lxc ] && . /etc/default/lxc
- [ -f "${varrun}/network_up" ] || exit 0;
- # if $LXC_BRIDGE has attached interfaces, don't shut it down
- ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
-
- if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
- use_iptables_lock="-w"
- iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
- ifconfig ${LXC_BRIDGE} down
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
- iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
- iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
- pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
- rm -f ${varrun}/dnsmasq.pid
- brctl delbr ${LXC_BRIDGE}
- fi
- rm -f ${varrun}/network_up
-}
-
-if [ "$1" = start ]; then
- start
-elif [ "$1" = stop ]; then
- stop
-else
- echo "Usage: $0 start|stop" >&2
- exit 1
-fi
-
diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
index 145a35d..7a87503 100644
--- a/src/lxc/lxc_user_nic.c
+++ b/src/lxc/lxc_user_nic.c
@@ -475,7 +475,7 @@ again:
static int rename_in_ns(int pid, char *oldname, char **newnamep)
{
char nspath[MAXPATHLEN];
- int fd = -1, ofd = -1, ret, ifindex;
+ int fd = -1, ofd = -1, ret, ifindex = 0;
bool grab_newname = false;
ret = snprintf(nspath, MAXPATHLEN, "/proc/%d/ns/net", getpid());
--
1.9.3
--
Michael H. Warfield (AI4NB) | (770) 978-7061 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 465 bytes
Desc: This is a digitally signed message part
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140825/bbe89b74/attachment-0001.sig>
More information about the lxc-devel
mailing list