[lxc-devel] [lxc/lxc] b870f8: templates: gentoo.common: Add /dev/shm tmpfs mount...

GitHub noreply at github.com
Fri Apr 10 15:31:26 UTC 2015


  Branch: refs/heads/stable-1.1
  Home:   https://github.com/lxc/lxc
  Commit: b870f8d8c4d05526e4b44c0dd044157e8314d425
      https://github.com/lxc/lxc/commit/b870f8d8c4d05526e4b44c0dd044157e8314d425
  Author: Markos Chandras <hwoarang at gentoo.org>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M config/templates/gentoo.common.conf.in

  Log Message:
  -----------
  templates: gentoo.common: Add /dev/shm tmpfs mount entry

/dev/shm needs to be mounted as tmpfs. It's needed by python
and possibly other packages.

Signed-off-by: Markos Chandras <hwoarang at gentoo.org>


  Commit: b538481a7da428c10a1396167b0a8eefd9c483ce
      https://github.com/lxc/lxc/commit/b538481a7da428c10a1396167b0a8eefd9c483ce
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  Skip control tty code for non-ttys

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: f9bae49cf6d647bc2784ac98fc3825a903da453d
      https://github.com/lxc/lxc/commit/f9bae49cf6d647bc2784ac98fc3825a903da453d
  Author: Achton <mail at achton.net>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M README

  Log Message:
  -----------
  Correct typo.

Signed-off-by: Achton Smidt Winther <mail at achton.net>


  Commit: b3eeaf70817cb2542d411ad2ecbc635525b9da4a
      https://github.com/lxc/lxc/commit/b3eeaf70817cb2542d411ad2ecbc635525b9da4a
  Author: Alexandre Létourneau <letourneau.alexandre at gmail.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M templates/lxc-centos.in

  Log Message:
  -----------
  Added a more reliable test for yum --releasever in the centos template
Signed-off-by: Alexandre Létourneau <letourneau.alexandre at gmail.com>


  Commit: bda67c3143755fedda8bd51d389bec325aa69607
      https://github.com/lxc/lxc/commit/bda67c3143755fedda8bd51d389bec325aa69607
  Author: Alexandre Létourneau <letourneau.alexandre at gmail.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M templates/lxc-centos.in

  Log Message:
  -----------
  Now including grep -q
Signed-off-by: Alexandre Letourneau <letourneau.alexandre at gmail.com>


  Commit: 46932d01d95581dbab1e5af9283313c4f2be6e9b
      https://github.com/lxc/lxc/commit/46932d01d95581dbab1e5af9283313c4f2be6e9b
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/Makefile.am
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/confile.c
    M src/lxc/log.c
    M src/lxc/log.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  logs: introduce a thread-local 'current' lxc_config

The logging code uses a global log_fd and log_level to direct
logging (ERROR(), etc).  While the container configuration file allows
for lxc.loglevel and lxc.logfile, those are only used at configuration
file read time to set the global variables.  This works ok in the
lxc front-end programs, but becomes a problem with threaded API users.

The simplest solution would be to not allow per-container configuration
files, but it'd be nice to avoid that.

Passing a logfd or lxc_conf into every ERROR/INFO/etc call is "possible",
but would be a huge complication as there are many functions, including
struct member functions and callbacks, which don't have that info and
would need to get it from somewhere.

So the approach I'm taking here is to say that all real container work
is done inside api calls, and therefore the API calls themselves can
set a thread-local variable indicating which log info to use.  If
unset, then use the global values.  The lxc-* programs, when called
with a '-o logfile' argument, set a global variable to indicate that
the user-specified value should be used.

In this patch:

If the lxc container configuration specifies a loglevel/logfile, only
set the lxc_config's logfd and loglevel according to those, not the
global values.

Each API call is wrapped to set/unset the current_config.  (The few
exceptions are calls which do not result in any log actions)

Update logfile appender to use the logfile specified in lxc_conf if (a)
current_config is set and (b) the lxc-* command did not override it.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 5999ce641a1bcf32228813ec0522bcf83318a2a5
      https://github.com/lxc/lxc/commit/5999ce641a1bcf32228813ec0522bcf83318a2a5
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
and we start an unprivileged container t1, it will be in cgroup
3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
then look up 't1's values.  The reasons for this are

1. cgmanager get_value is relative to your own cgroup, so we need
to be sure to be in t1's cgroup or an ancestor
2. we don't want to be in the container's cgroup bc it might freeze us.

But in Ubuntu 15.04 it was decided that
3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
not be writeable by the user, making this fail.

Therefore put all unprivileged cgroups under "lxc/%n".  That way
the "lxc" cgroup should always be owned by the user so that he can
enter.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: f7fb1b4a50a8366146c3badb957ef25794dbaa08
      https://github.com/lxc/lxc/commit/f7fb1b4a50a8366146c3badb957ef25794dbaa08
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/cgmanager.c

  Log Message:
  -----------
  cgmanager: free line at end of check_supports_multiple_controllers

This is only called at startup so it wasn't a big leak, but it is a leak.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 065d45961052d8439fa5862f4286f64b8f3df283
      https://github.com/lxc/lxc/commit/065d45961052d8439fa5862f4286f64b8f3df283
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/utils.c

  Log Message:
  -----------
  lxc-destroy: actually work if underlying fs is overlayfs

One of the 'features' of overlayfs is that depending on whether a file
is on the upper or lower dir you get back a different device from stat.
That breaks our lxc_rmdir_onedev.

So at lxc_rmdir_ondev check the device of the directory being deleted.
If it is overlayfs, then skip the device check.

Note this is unrelated to overlayfs snapshots - in those cases when you
delete a container, /var/lib/lxc/$container/ does not actually have an
overlayfs under it.  Rather, to reproduce this you would

sudo mkdir /opt/{lower,upper,workdir}
sudo mount -t overlayfs -o lower=/opt/lower,upper=/opt/upper,workdir=/opt/workdir \
	lxc /var/lib/lxc
sudo lxc-create -t download -n c1 -- -d ubuntu -r trusty -a amd64
sudo lxc-destroy -n c1

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Tested-by: Marko Ratkaj <marko.ratkaj at sartura.hr>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 340d5b740c3b5deeff415e55b2458398427118d9
      https://github.com/lxc/lxc/commit/340d5b740c3b5deeff415e55b2458398427118d9
  Author: Arjun Sreedharan <arjun024 at gmail.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/tests/concurrent.c

  Log Message:
  -----------
  concurrent: check realloc() rc and exit on failure

Signed-off-by: Arjun Sreedharan <arjun024 at gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 5da57aeeb40d95ce1d0681dbd55bc5fa350411fe
      https://github.com/lxc/lxc/commit/5da57aeeb40d95ce1d0681dbd55bc5fa350411fe
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/cgfs.c
    M src/lxc/cgmanager.c
    M src/lxc/cgroup.c
    M src/lxc/cgroup.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  c/r: teach criu about cgmanager's socket

CRIU needs to be told when something is bind mounted into the container from
the outside as cgmanager's socket is.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 351766d89800632902d51c64cd9d0bd91f6d8722
      https://github.com/lxc/lxc/commit/351766d89800632902d51c64cd9d0bd91f6d8722
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M doc/ja/lxc-start-ephemeral.sgml.in
    M doc/lxc-start-ephemeral.sgml.in

  Log Message:
  -----------
  Add the use of 'attach' to lxc-start-ephemeral(1)

Update for commit 8158c05

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 43018c9088a9e9127c2297e69f88d35b0238b23c
      https://github.com/lxc/lxc/commit/43018c9088a9e9127c2297e69f88d35b0238b23c
  Author: Serge Hallyn <serge.hallyn at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/tests/aa.c

  Log Message:
  -----------
  lxc-test-apparmor: flush the pipe before exiting child

to make sure the parent's read returns.

Signed-off-by: Serge Hallyn <serge.hallyn at ubuntu.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: f40960a3a3bb4a1a9433fe61a873b7ffc5e57db9
      https://github.com/lxc/lxc/commit/f40960a3a3bb4a1a9433fe61a873b7ffc5e57db9
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxc-start-ephemeral.in

  Log Message:
  -----------
  Fix incomplete destruction of unprivileged ephemeral containers

If an unprivileged ephemeral container is started as follows,

    lxc-start-ephemeral -o trusty -n test_ephemeral

Then an empty directory remains upon exit from the container,

    ~/.local/share/lxc/test_ephemeral/tmpfs/delta0

(The tmpfs filesystem is successfully unmounted, but we seem to lack
permission to delete the delta0 directory).

This issue arose following commits 4799a1e and dd2271e .

The following patch resolves the issue. It has been tested on ubuntu
14.04 with the lxc-daily ppa.
Since gmail screws up the formatting of the patch via line-wrapping
etc, please copy the patch from the issue-tracker rather than from
this email.

Signed-off by: Oleg Freedholm <overlayfs at gmail.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 8eed90689c8a562a82b68d373961d1708b3b6e94
      https://github.com/lxc/lxc/commit/8eed90689c8a562a82b68d373961d1708b3b6e94
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxc_checkpoint.c
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  lxcapi_restore shouldn't steal the calling process

Previously, lxcapi_restore used the calling process as the lxc monitor process
(and just never returned), requiring users to fork before calling it. This, of
course, would cause problems for things like LXD, which can't fork.

Now, restore() forks the monitor as a child of the process that calls it. Users
who want to daemonize the restore process need to fork themselves.
lxc-checkpoint has been updated to reflect this behavior change.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: f3b94d24c8b9bf56057c32bb38643a6b74e0c58d
      https://github.com/lxc/lxc/commit/f3b94d24c8b9bf56057c32bb38643a6b74e0c58d
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  don't hang on some errors in do_restore

Instead, the parent always writes a status to the pipe.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: b75e9e2303a7393649c9fee534c5f5db1e353ff6
      https://github.com/lxc/lxc/commit/b75e9e2303a7393649c9fee534c5f5db1e353ff6
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  Use SYSERROR instead of perror

It is impolite to print stuff to stderror owned by other people, and they might
miss it anyway since it's not in the normal log location.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 504687d50f724eb354f9876613061825e66ec25d
      https://github.com/lxc/lxc/commit/504687d50f724eb354f9876613061825e66ec25d
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/conf.c
    M src/lxc/conf.h
    M src/lxc/list.h
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  c/r: tell CRIU about all external mounts in the config

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 8aaef88871d7a4c6b1d618aa5a486fcdaa0c0cba
      https://github.com/lxc/lxc/commit/8aaef88871d7a4c6b1d618aa5a486fcdaa0c0cba
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  Fix Android build because of getmntent_r

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 29a4a6b0a2c0baf6af0a699c7ee8848726e825f4
      https://github.com/lxc/lxc/commit/29a4a6b0a2c0baf6af0a699c7ee8848726e825f4
  Author: Stéphane Graber <stgraber at ubuntu.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxccontainer.c

  Log Message:
  -----------
  Really fix Android...

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: c48bc12251bef1652e6c117cecc7d4b68a483f92
      https://github.com/lxc/lxc/commit/c48bc12251bef1652e6c117cecc7d4b68a483f92
  Author: teruo-oshida <teruo.oshida at miraclelinux.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M templates/lxc-centos.in

  Log Message:
  -----------
  update path of tty.conf

$container_rootfs may not be used so 'sed' will try to patch
"/etc/init/tty.conf". It must not be correct.

Signed-off-by: Teruo Oshida <teruo.oshida at miraclelinux.com>
Acked-by: Stéphane Graber <stgraber at ubuntu.com>


  Commit: 925036ae1b68dc36ae9be786e2b4eebe33462955
      https://github.com/lxc/lxc/commit/925036ae1b68dc36ae9be786e2b4eebe33462955
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M src/lxc/lxccontainer.c
    M src/lxc/start.c
    M src/lxc/start.h

  Log Message:
  -----------
  c/r: populate clone flags on restore

Since attach asks the restore process what the clone flags were, if we forgot
to set them then the attach command ran in the hosts namespaces instead of the
containers, which is a Very Bad Thing :). Instead, we remember to set the clone
flags in the restore process' handler, so that we report them correctly to any
attach processes who ask.

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: 96d1c0eff21d5e04271864ee7a45e3e473eba71c
      https://github.com/lxc/lxc/commit/96d1c0eff21d5e04271864ee7a45e3e473eba71c
  Author: Tycho Andersen <tycho.andersen at canonical.com>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M .gitignore

  Log Message:
  -----------
  add vim swap files to .gitignore

Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


  Commit: a36c26808a9b13c860bf22199c7639117a8e9142
      https://github.com/lxc/lxc/commit/a36c26808a9b13c860bf22199c7639117a8e9142
  Author: KATOH Yasufumi <karma at jazz.email.ne.jp>
  Date:   2015-04-10 (Fri, 10 Apr 2015)

  Changed paths:
    M doc/ja/lxc-start-ephemeral.sgml.in
    M doc/lxc-start-ephemeral.sgml.in

  Log Message:
  -----------
  doc: Add '--storage-type' option to lxc-start-ephemeral(1)

Signed-off-by: KATOH Yasufumi <karma at jazz.email.ne.jp>
Acked-by: Serge E. Hallyn <serge.hallyn at ubuntu.com>


Compare: https://github.com/lxc/lxc/compare/d51ef6b1df07...a36c26808a9b


More information about the lxc-devel mailing list