[lxc-devel] [lxc/lxc] 42e560: logs: introduce a thread-local 'current' lxc_confi...

GitHub noreply at github.com
Mon Apr 6 16:12:26 UTC 2015 

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 42e56013ea756be668e6c74d3f45c72ee450a527
      https://github.com/lxc/lxc/commit/42e56013ea756be668e6c74d3f45c72ee450a527
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/Makefile.am
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/confile.c
    M src/lxc/log.c
    M src/lxc/log.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  logs: introduce a thread-local 'current' lxc_config

The logging code uses a global log_fd and log_level to direct
logging (ERROR(), etc).  While the container configuration file allows
for lxc.loglevel and lxc.logfile, those are only used at configuration
file read time to set the global variables.  This works ok in the
lxc front-end programs, but becomes a problem with threaded API users.

The simplest solution would be to not allow per-container configuration
files, but it'd be nice to avoid that.

Passing a logfd or lxc_conf into every ERROR/INFO/etc call is "possible",
but would be a huge complication as there are many functions, including
struct member functions and callbacks, which don't have that info and
would need to get it from somewhere.

So the approach I'm taking here is to say that all real container work
is done inside api calls, and therefore the API calls themselves can
set a thread-local variable indicating which log info to use.  If
unset, then use the global values.  The lxc-* programs, when called
with a '-o logfile' argument, set a global variable to indicate that
the user-specified value should be used.

In this patch:

If the lxc container configuration specifies a loglevel/logfile, only
set the lxc_config's logfd and loglevel according to those, not the
global values.

Each API call is wrapped to set/unset the current_config.  (The few
exceptions are calls which do not result in any log actions)

Update logfile appender to use the logfile specified in lxc_conf if (a)
current_config is set and (b) the lxc-* command did not override it.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 89a4ec737e97fdf2856fda94b816875e98155c82
      https://github.com/lxc/lxc/commit/89a4ec737e97fdf2856fda94b816875e98155c82
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
and we start an unprivileged container t1, it will be in cgroup
3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
then look up 't1's values.  The reasons for this are

1. cgmanager get_value is relative to your own cgroup, so we need
to be sure to be in t1's cgroup or an ancestor
2. we don't want to be in the container's cgroup bc it might freeze us.

But in Ubuntu 15.04 it was decided that
3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
not be writeable by the user, making this fail.

Therefore put all unprivileged cgroups under "lxc/%n".  That way
the "lxc" cgroup should always be owned by the user so that he can
enter.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 7b7d76e00be2c37e073d7c76ebe8b8bbff3e914f
      https://github.com/lxc/lxc/commit/7b7d76e00be2c37e073d7c76ebe8b8bbff3e914f
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: free line at end of check_supports_multiple_controllers

This is only called at startup so it wasn't a big leak, but it is a leak.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 0cc417b20f5cc48e99e5052cde05ed85beae636e
      https://github.com/lxc/lxc/commit/0cc417b20f5cc48e99e5052cde05ed85beae636e
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  lxc-destroy: actually work if underlying fs is overlayfs

One of the 'features' of overlayfs is that depending on whether a file
is on the upper or lower dir you get back a different device from stat.
That breaks our lxc_rmdir_onedev.

So at lxc_rmdir_ondev check the device of the directory being deleted.
If it is overlayfs, then skip the device check.

Note this is unrelated to overlayfs snapshots - in those cases when you
delete a container, /var/lib/lxc/$container/ does not actually have an
overlayfs under it.  Rather, to reproduce this you would

sudo mkdir /opt/{lower,upper,workdir}
sudo mount -t overlayfs -o lower=/opt/lower,upper=/opt/upper,workdir=/opt/workdir \
	lxc /var/lib/lxc
sudo lxc-create -t download -n c1 -- -d ubuntu -r trusty -a amd64
sudo lxc-destroy -n c1

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: Marko Ratkaj <marko.ratkaj at sartura.hr>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: ea7e3744e70e9f29ef6962b70121d785b310317a
      https://github.com/lxc/lxc/commit/ea7e3744e70e9f29ef6962b70121d785b310317a
  Author: Arjun Sreedharan <arjun024 at gmail.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/tests/concurrent.c

  Log Message:
  -----------
  concurrent: check realloc() rc and exit on failure

Signed-off-by: Arjun Sreedharan <arjun024 at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 23befb186298582fccd07eec6083678c35ea9736
      https://github.com/lxc/lxc/commit/23befb186298582fccd07eec6083678c35ea9736
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/cgfs.c
    M src/lxc/cgmanager.c
    M src/lxc/cgroup.c
    M src/lxc/cgroup.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  c/r: teach criu about cgmanager's socket

CRIU needs to be told when something is bind mounted into the container from
the outside as cgmanager's socket is.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 8128cf421081b683bca4610aa2db3e3ed851ab92
      https://github.com/lxc/lxc/commit/8128cf421081b683bca4610aa2db3e3ed851ab92
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M doc/ja/lxc-start-ephemeral.sgml.in
    M doc/lxc-start-ephemeral.sgml.in

  Log Message:
  -----------
  doc: Add '--storage-type' option to lxc-start-ephemeral(1)

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 56e4a18564f8ab3d93c0f2b5f91aa5cff4f171c9
      https://github.com/lxc/lxc/commit/56e4a18564f8ab3d93c0f2b5f91aa5cff4f171c9
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M doc/ja/lxc-start-ephemeral.sgml.in
    M doc/lxc-start-ephemeral.sgml.in

  Log Message:
  -----------
  Add the use of 'attach' to lxc-start-ephemeral(1)

Update for commit 8158c05

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: fad5004627bebe251228450a8a086500d803b9e4
      https://github.com/lxc/lxc/commit/fad5004627bebe251228450a8a086500d803b9e4
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/tests/aa.c

  Log Message:
  -----------
  lxc-test-apparmor: flush the pipe before exiting child

to make sure the parent's read returns.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 428b68dbeb593c03e2a1145c4cce3e070ec6a7c3
      https://github.com/lxc/lxc/commit/428b68dbeb593c03e2a1145c4cce3e070ec6a7c3
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-04-06 (Mon, 06 Apr 2015)

  Changed paths:
    M src/lxc/lxc-start-ephemeral.in

  Log Message:
  -----------
  Fix incomplete destruction of unprivileged ephemeral containers

If an unprivileged ephemeral container is started as follows,

    lxc-start-ephemeral -o trusty -n test_ephemeral

Then an empty directory remains upon exit from the container,

    ~/.local/share/lxc/test_ephemeral/tmpfs/delta0

(The tmpfs filesystem is successfully unmounted, but we seem to lack
permission to delete the delta0 directory).

This issue arose following commits 4799a1e and dd2271e .

The following patch resolves the issue. It has been tested on ubuntu
14.04 with the lxc-daily ppa.
Since gmail screws up the formatting of the patch via line-wrapping
etc, please copy the patch from the issue-tracker rather than from
this email.

Signed-off by: Oleg Freedholm <overlayfs at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/0dbb4b2d3d42...428b68dbeb59

More information about the lxc-devel mailing list