[lxc-devel] [PATCH] [v3] Integrated lxc-net service for rpm based platforms.

Stéphane Graber stgraber at ubuntu.com
Tue Aug 26 15:58:45 UTC 2014


I'm doing some testing and iterating on your patch some more to try and
get this to work and be policy compliant for Debian systems too.

The current work is happening at:
https://github.com/stgraber/lxc

I'll send an updated patch once I'm satisfied by the result.


On Mon, Aug 25, 2014 at 03:00:46PM -0400, Michael H. Warfield wrote:
> Version 3 Integration of lxc-net service for rpm based platforms.
> 
> Initial version is deprecated and obsoleted by this version.
> 
> Version 2 was discussed in private E-Mail
> 
> Patch is against current master.
> 
> This includes some patches for the SUSE / OpenSUSE platforms.
> 
> Regards,
> Mike
> 
> -- 
> [v3] Integrated lxc-net service for rpm based platforms.
> 
> This fixes build and run problems on rpm based platforms (CentOS,
> Fedora, Oracle, SUSE) running with the systemd init following the
> refactoring of the Ubuntu lxc networking logic into a systemd service.
> 
> Added lxc-net.in based on src/lxc/lxc.net and lxc.in for sysvinit
> and systemd init systems in parallel with lxc.in.
> 
> Added autoconfigure variable for distro specific sysconfigdir and
> implemented in both lxc.in and lxc-net.in.
> 
> Fixed configure.ac for "OpenSUSE project" return from lsb_release.
> 
> Renamed config/etc/default.conf.ubuntu to config/etc/default.conf.lxcbr
> and set that as the default for Ubuntu, Fedora, CentOS, Oracle, SUSE,
> and OpenSUSE*.  Only other things left are "unknown".
> 
> Updated lxc-net.service.in for new path to lxc-net script in
> LIBEXECDIR instead of DATADIR.
> 
> Renamed config/init/sysvinit to config/init/common reflecting the
> fact that the code in that directory is common to all three init
> paradigms.
> 
> Removed src/lxc/lxc.net as it has been replaced by
> config/init/common/lxc-net.in installed in /usr/libexec/lxc.
> 
> Changed name of lxc-autostart-helper.in to lxc-containers.in
> 
> Added the "lxc-net" sysvinit script for sysvinit rpm packaging
> (CentOS 6, Oracle 6, etc).
> 
> Added autogeneration of /etc/sysconfig/lxc-net for rpm based
> distributions into the lxc.spec file.
> 
> Added creation of lxc-dnsmasq system user.
> 
> Fixed fallbacks for "action" init script verb and lock file
> locations.
> 
> Fixed potentially uninitialized variable in lxc_user_nic.c which
> was causing builds to fail on CentOS and Oracle with warnings
> treated as errors.
> 
> Fixed lxc.spec.in for several SUSE build gotcha's.
> 
> Signed-off-by: Michael H. Warfield <mhw at WittsEnd.com>
> ---
>  config/Makefile.am                     |   2 +-
>  config/etc/Makefile.am                 |   2 +-
>  config/etc/default.conf.ubuntu         |   4 -
>  config/init/Makefile.am                |   2 +-
>  config/init/systemd/Makefile.am        |  14 +---
>  config/init/systemd/lxc-net.service.in |   4 +-
>  config/init/systemd/lxc.service.in     |   4 +-
>  config/init/sysvinit/Makefile.am       |  14 ----
>  config/init/sysvinit/lxc.in            | 131 ---------------------------------
>  config/init/upstart/lxc-net.conf       |   4 +-
>  configure.ac                           |  19 +++--
>  lxc.spec.in                            | 110 ++++++++++++++++++++++++++-
>  src/lxc/Makefile.am                    |   4 +-
>  src/lxc/lxc.net                        | 103 --------------------------
>  src/lxc/lxc_user_nic.c                 |   2 +-
>  15 files changed, 134 insertions(+), 285 deletions(-)
>  delete mode 100644 config/etc/default.conf.ubuntu
>  delete mode 100644 config/init/sysvinit/Makefile.am
>  delete mode 100644 config/init/sysvinit/lxc.in
>  delete mode 100755 src/lxc/lxc.net
> 
> diff --git a/config/Makefile.am b/config/Makefile.am
> index 37fd24b..54f8859 100644
> --- a/config/Makefile.am
> +++ b/config/Makefile.am
> @@ -1 +1 @@
> -SUBDIRS = apparmor bash etc init selinux templates yum
> +SUBDIRS = apparmor bash etc init selinux templates yum sysconfig
> diff --git a/config/etc/Makefile.am b/config/etc/Makefile.am
> index 03193da..fa8bc2f 100644
> --- a/config/etc/Makefile.am
> +++ b/config/etc/Makefile.am
> @@ -1,7 +1,7 @@
>  configdir = $(sysconfdir)/lxc
>  config_DATA = default.conf
>  
> -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown
> +EXTRA_DIST = default.conf.lxcbr default.conf.libvirt default.conf.unknown
>  
>  clean-local:
>  	@$(RM) -f default.conf
> diff --git a/config/etc/default.conf.ubuntu b/config/etc/default.conf.ubuntu
> deleted file mode 100644
> index 661718b..0000000
> --- a/config/etc/default.conf.ubuntu
> +++ /dev/null
> @@ -1,4 +0,0 @@
> -lxc.network.type = veth
> -lxc.network.link = lxcbr0
> -lxc.network.flags = up
> -lxc.network.hwaddr = 00:16:3e:xx:xx:xx
> diff --git a/config/init/Makefile.am b/config/init/Makefile.am
> index e2ffe28..dea8e3f 100644
> --- a/config/init/Makefile.am
> +++ b/config/init/Makefile.am
> @@ -1 +1 @@
> -SUBDIRS = systemd sysvinit upstart
> +SUBDIRS = common systemd upstart
> diff --git a/config/init/systemd/Makefile.am b/config/init/systemd/Makefile.am
> index 5959cd8..6ded467 100644
> --- a/config/init/systemd/Makefile.am
> +++ b/config/init/systemd/Makefile.am
> @@ -6,17 +6,9 @@ EXTRA_DIST = \
>  	$(NULL)
>  
>  if INIT_SCRIPT_SYSTEMD
> -lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status
> -	$(AM_V_GEN)sed                                          \
> -	    -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g'             \
> -	    -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g'       \
> -	    -e 's|[@]BINDIR[@]|$(bindir)|g'                     \
> -	    < $< > $@-t &&                                      \
> -	    chmod a+x $@-t &&                                   \
> -	    mv $@-t $@
> -BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service
> +BUILT_SOURCES = lxc.service lxc-net.service
>  
> -install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load lxc-autostart-helper
> +install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load
>  	$(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR)
>  	$(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/
>  
> @@ -25,7 +17,7 @@ uninstall-systemd:
>  	rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service
>  	rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || :
>  
> -pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper
> +pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load
>  
>  install-data-local: install-systemd
>  uninstall-local: uninstall-systemd
> diff --git a/config/init/systemd/lxc-net.service.in b/config/init/systemd/lxc-net.service.in
> index 37d1d69..c054702 100644
> --- a/config/init/systemd/lxc-net.service.in
> +++ b/config/init/systemd/lxc-net.service.in
> @@ -6,5 +6,5 @@ Before=lxc.service
>  [Service]
>  Type=oneshot
>  RemainAfterExit=yes
> -ExecStart=@DATADIR@/lxc/lxc.net start
> -ExecStop=@DATADIR@/lxc/lxc.net stop
> +ExecStart=@LIBEXECDIR@/lxc/lxc-net start
> +ExecStop=@LIBEXECDIR@/lxc/lxc-net stop
> diff --git a/config/init/systemd/lxc.service.in b/config/init/systemd/lxc.service.in
> index f64610f..33da987 100644
> --- a/config/init/systemd/lxc.service.in
> +++ b/config/init/systemd/lxc.service.in
> @@ -8,8 +8,8 @@ Type=oneshot
>  RemainAfterExit=yes
>  ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup
>  ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load
> -ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start
> -ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop
> +ExecStart=@LIBEXECDIR@/lxc/lxc-containers start
> +ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop
>  # Environment=BOOTUP=serial
>  # Environment=CONSOLETYPE=serial
>  StandardOutput=syslog
> diff --git a/config/init/sysvinit/Makefile.am b/config/init/sysvinit/Makefile.am
> deleted file mode 100644
> index 66c190d..0000000
> --- a/config/init/sysvinit/Makefile.am
> +++ /dev/null
> @@ -1,14 +0,0 @@
> -EXTRA_DIST = lxc
> -
> -if INIT_SCRIPT_SYSV
> -install-sysvinit: lxc
> -	$(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d
> -	$(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> -
> -uninstall-sysvinit:
> -	rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc
> -	rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || :
> -
> -install-data-local: install-sysvinit
> -uninstall-local: uninstall-sysvinit
> -endif
> diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in
> deleted file mode 100644
> index 7cad8c8..0000000
> --- a/config/init/sysvinit/lxc.in
> +++ /dev/null
> @@ -1,131 +0,0 @@
> -#!/bin/sh
> -#
> -# lxc Start/Stop LXC autoboot containers
> -#
> -# chkconfig: 345 99 01
> -# description: Starts/Stops all LXC containers configured for autostart.
> -#
> -### BEGIN INIT INFO
> -# Provides: lxc
> -# Default-Start: 3 4 5
> -# Default-Stop: 0 1 6
> -# Short-Description: Bring up/down LXC autostart containers
> -# Description: Bring up/down LXC autostart containers
> -### END INIT INFO
> -
> -sysconfdir="@SYSCONFDIR@"
> -bindir="@BINDIR@"
> -localstatedir="@LOCALSTATEDIR@"
> -
> -# These can be overridden in @SYSCONFDIR@/sysconfig/lxc
> -
> -# BOOTGROUPS - What groups should start on bootup?
> -#	Comma separated list of groups.
> -#	Leading comma, trailing comma or embedded double
> -#	comma indicates when the NULL group should be run.
> -# Example (default): boot the onboot group first then the NULL group
> -BOOTGROUPS="onboot,"
> -
> -# SHUTDOWNDELAY - Wait time for a container to shut down.
> -#	ner shutdown can result in lengthy system
> -#	shutdown times.  Even 5 seconds per container can be
> -#	too long.
> -SHUTDOWNDELAY=5
> -
> -# OPTIONS can be used for anything else.
> -#	If you want to boot everything then
> -#	options can be "-a" or "-a -A".
> -OPTIONS=
> -
> -# STOPOPTS are stop options.  The can be used for anything else to stop.
> -#	If you want to kill containers fast, use -k
> -STOPOPTS="-a -A -s"
> -
> -# Source function library.
> -test ! -r "$sysconfdir"/rc.d/init.d/functions ||
> -        . "$sysconfdir"/rc.d/init.d/functions
> -
> -# provide action() fallback
> -if ! type action >/dev/null 2>&1; then
> -    action() {
> -        echo "$@"
> -    }
> -fi
> -
> -# Source any configurable options
> -test ! -r "$sysconfdir"/sysconfig/lxc ||
> -        . "$sysconfdir"/sysconfig/lxc
> -
> -# Check for needed utility program
> -[ -x "$bindir"/lxc-autostart ] || exit 1
> -
> -# If libvirtd is providing the bridge, it might not be
> -# immediately available, so wait a bit for it before starting
> -# up the containers or else any that use the bridge will fail
> -# to start
> -wait_for_bridge()
> -{
> -    [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; }
> -
> -    which ifconfig >/dev/null 2>&1
> -    if [ $? = 0 ]; then
> -        cmd="ifconfig -a"
> -    else
> -        which ip >/dev/null 2>&1
> -        if [ $? = 0 ]; then
> -            cmd="ip link list"
> -        fi
> -    fi
> -    [ -n cmd ] || { return 0; }
> -
> -    BRNAME=`grep '^[ 	]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ 	]*//'`
> -    if [ -z "$BRNAME" ]; then
> -	return 0
> -    fi
> -
> -    for try in `seq 1 30`; do
> -	eval $cmd |grep "^$BRNAME" >/dev/null 2>&1
> -	if [ $? = 0 ]; then
> -	    return
> -	fi
> -	sleep 1
> -    done
> -}
> -
> -# See how we were called.
> -case "$1" in
> -  start)
> -	[ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; }
> -
> -	if [ -n "$BOOTGROUPS" ]
> -	then
> -		BOOTGROUPS="-g $BOOTGROUPS"
> -	fi
> -
> -	# Start containers
> -	wait_for_bridge
> -	# Start autoboot containers first then the NULL group "onboot,".
> -	action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS
> -	touch "$localstatedir"/lock/subsys/lxc
> -	;;
> -  stop)
> -	if [ -n "$SHUTDOWNDELAY" ]
> -	then
> -		SHUTDOWNDELAY="-t $SHUTDOWNDELAY"
> -	fi
> -
> -	# The stop is serialized and can take excessive time.  We need to avoid
> -	# delaying the system shutdown / reboot as much as we can since it's not
> -	# parallelized...  Even 5 second timout may be too long.
> -	action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY
> -	rm -f "$localstatedir"/lock/subsys/lxc
> -	;;
> -  restart|reload|force-reload)
> -	$0 stop
> -	$0 start
> -	;;
> -  *)
> -	echo "Usage: $0 {start|stop|restart|reload|force-reload}"
> -	exit 2
> -esac
> -exit $?
> diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
> index 38f6ea3..15460eb 100644
> --- a/config/init/upstart/lxc-net.conf
> +++ b/config/init/upstart/lxc-net.conf
> @@ -4,5 +4,5 @@ author "Serge Hallyn <serge.hallyn at canonical.com>"
>  start on starting lxc
>  stop on stopped lxc
>  
> -pre-start exec /usr/share/lxc/lxc.net start
> -post-stop exec /usr/share/lxc/lxc.net stop
> +pre-start exec /usr/libexec/lxc/lxc-net start
> +post-stop exec /usr/libexec/lxc/lxc-net stop
> diff --git a/configure.ac b/configure.ac
> index 1a55521..5d5f974 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -60,13 +60,16 @@ if test "z$with_distro" = "z"; then
>  fi
>  case $with_distro in
>  	ubuntu|raspbian)
> -		distroconf=default.conf.ubuntu
> +		distroconf=default.conf.lxcbr
> +		distrosysconf="$sysconfdir/default"
>  		;;
> -	redhat|centos|fedora|oracle|oracleserver)
> -		distroconf=default.conf.libvirt
> +	redhat|centos|fedora|oracle|oracleserver|suse|opensuse*)
> +		distroconf=default.conf.lxcbr
> +		distrosysconf="$sysconfdir/sysconfig"
>  		;;
>  	*)
>  		distroconf=default.conf.unknown
> +		distrosysconf="$sysconfdir/default"
>  		;;
>  esac
>  AC_MSG_RESULT([$with_distro])
> @@ -84,7 +87,7 @@ AC_ARG_WITH([init-script],
>  case "$with_init_script" in
>  	distro)
>  		case $with_distro in
> -			fedora)
> +			fedora|opensuse*)
>  				init_script=systemd
>  				;;
>  			redhat|centos|oracle|oracleserver)
> @@ -520,6 +523,7 @@ AS_AC_EXPAND(LXCPATH, "$with_config_path")
>  AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf")
>  AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf")
>  AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db")
> +AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf")
>  AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path")
>  AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates")
>  AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config")
> @@ -602,8 +606,9 @@ AC_CONFIG_FILES([
>  	config/bash/Makefile
>  	config/bash/lxc
>  	config/init/Makefile
> -	config/init/sysvinit/Makefile
> -	config/init/sysvinit/lxc
> +	config/init/common/Makefile
> +	config/init/common/lxc-containers
> +	config/init/common/lxc-net
>  	config/init/systemd/Makefile
>  	config/init/systemd/lxc.service
>  	config/init/systemd/lxc-net.service
> @@ -636,6 +641,8 @@ AC_CONFIG_FILES([
>  	config/templates/ubuntu.userns.conf
>  	config/templates/userns.conf
>  	config/yum/Makefile
> +	config/sysconfig/Makefile
> +	config/sysconfig/lxc
>  
>  	doc/Makefile
>  	doc/api/Makefile
> diff --git a/lxc.spec.in b/lxc.spec.in
> index 57912a1..52b6326 100644
> --- a/lxc.spec.in
> +++ b/lxc.spec.in
> @@ -28,7 +28,16 @@
>  %if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210
>  %global with_systemd 1
>  %define init_script systemd
> +#
> +# BuildRequires systemd-units on fedora and rhel
> +%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7
>  BuildRequires: systemd-units
> +#
> +# BuildRequires systemd on openSUSE and SUSE
> +%endif
> +%if 0%{?suse_version} >= 1210
> +BuildRequires: systemd
> +%endif
>  %else
>  %global with_systemd 0
>  %define init_script sysvinit
> @@ -53,8 +62,25 @@ Summary: Linux Containers userspace tools
>  Group: Applications/System
>  License: LGPLv2+
>  BuildRoot: %{_tmppath}/%{name}-%{version}-build
> -Requires: openssl rsync
> -BuildRequires: libcap libcap-devel docbook2X graphviz
> +Requires: openssl rsync dnsmasq
> +# Note for Suse.  The "docbook2X" BuildRequires does properly
> +# match docbook2x on Suse in a case insensitive manner
> +BuildRequires: libcap libcap-devel docbook2X graphviz libxslt pkgconfig
> +
> +#
> +# Additional packages for openSUSE and SUSE
> +#
> +%if 0%{?suse_version} >= 1210
> +PreReq:   permissions
> +BuildRequires:  libapparmor-devel linux-glibc-devel lsb-release docbook-utils
> +
> +#
> +# libseccomp-devel only needed on i386/i586/i686 and X86_64
> +#
> +%ifarch %ix86 x86_64
> +BuildRequires:  libseccomp-devel
> +%endif
> +%endif
>  
>  %if %{with_python}
>  Requires: python3
> @@ -105,6 +131,9 @@ PATH=$PATH:/usr/sbin:/sbin %configure $args \
>  %if %{with_python}
>    --enable-python \
>  %endif
> +%if "x%{_unitdir}" != "x"
> +  --with-systemdsystemunitdir=%{_unitdir} \
> +%endif
>    --disable-rpath \
>    --with-init-script=%{init_script}
>  make %{?_smp_mflags}
> @@ -117,28 +146,102 @@ find %{buildroot} -type f -name '*.la' -exec rm -f {} ';'
>  %clean
>  rm -rf %{buildroot}
>  
> +%pre
> +# Ensure that lxcdnsmasq uid & gid gets correctly allocated
> +if getent passwd lxc-dnsmasq >/dev/null 2>&1 ; then : ; else \
> + /usr/sbin/useradd -M -r -s /sbin/nologin \
> + -c "LXC Networking Service" -d %_localstatedir/%name lxc-dnsmasq 2> /dev/null \
> + || exit 1
> +fi
> +
>  %post
> +# This test should trigger a network configure on a new install.
> +if [ ! -f %{_sysconfdir}/sysconfig/lxc-net ] || ! grep -q 'USE_LXC_BRIDGE=' %{_sysconfdir}/sysconfig/lxc-net
> +then
> +	# Grab a random 10net subnet.  Need to add test logic...
> +	while [ true ]
> +	do
> +		SUBNET=10.$(($RANDOM % 256)).$(($RANDOM % 256))
> +		if ! ip -4 route ls | grep -q "^$SUBNET"
> +		then
> +			break
> +		fi
> +	done
> +
> +	cat >  %{_sysconfdir}/sysconfig/lxc-net <<EOF
> +# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your
> +# containers.  Set to "false" if you'll use virbr0 or another existing
> +# bridge, or mavlan to your host's NIC.
> +USE_LXC_BRIDGE="true"
> +
> +# If you change the LXC_BRIDGE to something other than lxcbr0, then
> +# you will also need to update your /etc/lxc/default.conf as well as the
> +# configuration (/var/lib/lxc/<container>/config) for any containers
> +# already created using the default config to reflect the new bridge
> +# name.
> +# If you have the dnsmasq daemon installed, you'll also have to update
> +# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon.
> +LXC_BRIDGE="lxcbr0"
> +LXC_ADDR="$SUBNET.1"
> +LXC_NETMASK="255.255.255.0"
> +LXC_NETWORK="$SUBNET.0/24"
> +LXC_DHCP_RANGE="$SUBNET.2,$SUBNET.254"
> +LXC_DHCP_MAX="253"
> +# Uncomment the next line if you'd like to use a conf-file for the lxcbr0
> +# dnsmasq.  For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have
> +# container 'mail1' always get ip address 10.0.3.100.
> +#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
> +
> +# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc
> +# domain.  You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR)
> +# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your
> +# host.
> +#LXC_DOMAIN="lxc"
> +EOF
> +fi
> +
>  %post   libs -p /sbin/ldconfig
>  %postun libs -p /sbin/ldconfig
>  
>  %files
>  %defattr(-,root,root)
>  %{_bindir}/*
> +# openSUSE/SUSE
> +%if 0%{?suse_version} >= 1210
> +%dir  %{_sysconfdir}/apparmor.d
> +%dir  %{_sysconfdir}/apparmor.d/abstractions
> +%dir  %{_sysconfdir}/apparmor.d/abstractions/%{name}
> +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/container-base
> +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/start-container
> +%config %{_sysconfdir}/apparmor.d/%{name}-containers
> +%dir  %{_sysconfdir}/apparmor.d/%{name}
> +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default
> +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-mounting
> +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-nesting
> +%config %{_sysconfdir}/apparmor.d/usr.bin.%{name}-start
> +%endif
>  %{_mandir}/man1/lxc*
>  %{_mandir}/man5/lxc*
>  %{_mandir}/man7/lxc*
> +# not openSUSE/SUSE
> +%if %{undefined suse_version}
>  %{_mandir}/ja/man1/lxc*
>  %{_mandir}/ja/man5/lxc*
>  %{_mandir}/ja/man7/lxc*
> +%endif
>  %{_datadir}/doc/*
>  %{_datadir}/lxc/*
>  %{_sysconfdir}/bash_completion.d
> +%{_sysconfdir}/sysconfig/*
>  %config(noreplace) %{_sysconfdir}/lxc/*
> +%config(noreplace) %{_sysconfdir}/sysconfig/*
>  
>  %if %{with_systemd}
> +%{_unitdir}/lxc-net.service
>  %{_unitdir}/lxc.service
>  %else
>  %{_sysconfdir}/rc.d/init.d/lxc
> +%{_sysconfdir}/rc.d/init.d/lxc-net
>  %endif
>  
>  %files libs
> @@ -154,7 +257,8 @@ rm -rf %{buildroot}
>  %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic
>  %if %{with_systemd}
>  %attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup
> -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-autostart-helper
> +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-net
> +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers
>  %endif
>  
>  %if %{with_python}
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index c1a67d6..6543164 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -165,8 +165,7 @@ bin_SCRIPTS = lxc-checkconfig
>  EXTRA_DIST = \
>  	lxc-device \
>  	lxc-ls \
> -	lxc-top \
> -	lxc.net
> +	lxc-top
>  
>  if ENABLE_PYTHON
>  bin_SCRIPTS += lxc-device
> @@ -253,7 +252,6 @@ endif
>  install-exec-local: install-soPROGRAMS
>  	mkdir -p $(DESTDIR)$(datadir)/lxc
>  	install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc
> -	install -c -m 755 lxc.net $(DESTDIR)$(datadir)/lxc
>  	mv $(DESTDIR)$(libdir)/liblxc.so $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
>  	cd $(DESTDIR)$(libdir); \
>  	ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., ,$(VERSION))); \
> diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net
> deleted file mode 100755
> index 9ec9695..0000000
> --- a/src/lxc/lxc.net
> +++ /dev/null
> @@ -1,103 +0,0 @@
> -#!/bin/sh
> -set -eu
> -
> -USE_LXC_BRIDGE="true"
> -LXC_BRIDGE="lxcbr0"
> -LXC_ADDR="10.0.3.1"
> -LXC_NETMASK="255.255.255.0"
> -LXC_NETWORK="10.0.3.0/24"
> -LXC_DHCP_RANGE="10.0.3.2,10.0.3.254"
> -LXC_DHCP_MAX="253"
> -LXC_DHCP_CONFILE=""
> -varrun="/run/lxc"
> -LXC_DOMAIN=""
> -
> -start() {
> -	[ -f /etc/default/lxc ] && . /etc/default/lxc
> -
> -	[ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; }
> -
> -	use_iptables_lock="-w"
> -	iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
> -	cleanup() {
> -		# dnsmasq failed to start, clean up the bridge
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> -		iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> -		iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> -		iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> -		iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> -		ifconfig ${LXC_BRIDGE} down || true
> -		brctl delbr ${LXC_BRIDGE} || true
> -	}
> -
> -	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> -		if [ ! -f ${varrun}/network_up ]; then
> -			# bridge exists, but we didn't start it
> -			stop;
> -		fi
> -		exit 0;
> -	fi
> -
> -	# set up the lxc network
> -	brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; }
> -	echo 1 > /proc/sys/net/ipv4/ip_forward
> -	mkdir -p ${varrun}
> -	ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up
> -	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> -	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> -	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> -	iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> -	iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> -	iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> -	iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE
> -	iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> -
> -	LXC_DOMAIN_ARG=""
> -	if [ -n "$LXC_DOMAIN" ]; then
> -		LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/"
> -	fi
> -	DNSMASQ_USER="lxc-dnsmasq"
> -	if ! getent passwd ${DNSMASQ_USER} >/dev/null; then
> -		DNSMASQ_USER="dnsmasq"
> -	fi
> -	dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup
> -	touch ${varrun}/network_up
> -}
> -
> -stop() {
> -	[ -f /etc/default/lxc ] && . /etc/default/lxc
> -	[ -f "${varrun}/network_up" ] || exit 0;
> -	# if $LXC_BRIDGE has attached interfaces, don't shut it down
> -	ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;
> -
> -	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
> -		use_iptables_lock="-w"
> -		iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
> -		ifconfig ${LXC_BRIDGE} down
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT
> -		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT
> -		iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT
> -		iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT
> -		iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true
> -		iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
> -		pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
> -		rm -f ${varrun}/dnsmasq.pid
> -		brctl delbr ${LXC_BRIDGE}
> -	fi
> -	rm -f ${varrun}/network_up
> -}
> -
> -if [ "$1" = start ]; then
> -	start
> -elif [ "$1" = stop ]; then
> -	stop
> -else
> -	echo "Usage: $0 start|stop" >&2
> -	exit 1
> -fi
> -
> diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c
> index 145a35d..7a87503 100644
> --- a/src/lxc/lxc_user_nic.c
> +++ b/src/lxc/lxc_user_nic.c
> @@ -475,7 +475,7 @@ again:
>  static int rename_in_ns(int pid, char *oldname, char **newnamep)
>  {
>  	char nspath[MAXPATHLEN];
> -	int fd = -1, ofd = -1, ret, ifindex;
> +	int fd = -1, ofd = -1, ret, ifindex = 0;
>  	bool grab_newname = false;
>  
>  	ret = snprintf(nspath, MAXPATHLEN, "/proc/%d/ns/net", getpid());
> -- 
> 1.9.3
> 
> 
> -- 
> Michael H. Warfield (AI4NB) | (770) 978-7061 |  mhw at WittsEnd.com
>    /\/\|=mhw=|\/\/          | (678) 463-0932 |  http://www.wittsend.com/mhw/
>    NIC whois: MHW9          | An optimist believes we live in the best of all
>  PGP Key: 0x674627FF        | possible worlds.  A pessimist is sure of it!
> 



-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20140826/06ab5071/attachment.sig>


More information about the lxc-devel mailing list