[lxc-devel] [lxd/master] Bugfixes

Wed Jun 22 16:59:17 UTC 2016

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 301 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20160622/e1e611f1/attachment.bin>
-------------- next part --------------
From 7f52ac647f481ddcbdbc6ded789f0f6c50ddaaf0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 21 Jun 2016 18:42:20 -0400
Subject: [PATCH 1/5] Make devices cgroup config more readable
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 3afb3e6..8a6586d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -371,7 +371,21 @@ func (c *containerLXC) initLXC() error {
 			return err
 		}
 
-		for _, dev := range []string{"c *:* m", "b *:* m", "c 5:0 rwm", "c 5:1 rwm", "c 1:5 rwm", "c 1:7 rwm", "c 1:3 rwm", "c 1:8 rwm", "c 1:9 rwm", "c 5:2 rwm", "c 136:* rwm"} {
+		devices := []string{
+			"b *:* m",     // Allow mknod of block devices
+			"c *:* m",     // Allow mknod of char devices
+			"c 136:* rwm", // /dev/pts devices
+			"c 1:3 rwm",   // /dev/null
+			"c 1:5 rwm",   // /dev/zero
+			"c 1:7 rwm",   // /dev/full
+			"c 1:8 rwm",   // /dev/random
+			"c 1:9 rwm",   // /dev/urandom
+			"c 5:0 rwm",   // /dev/tty
+			"c 5:1 rwm",   // /dev/console
+			"c 5:2 rwm",   // /dev/ptmx
+		}
+
+		for _, dev := range devices {
 			err = lxcSetConfigItem(cc, "lxc.cgroup.devices.allow", dev)
 			if err != nil {
 				return err

From 65daaf5eef9b6097d95f6a979cf809ac3b1c1005 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 21 Jun 2016 18:43:10 -0400
Subject: [PATCH 2/5] Setup /dev/fuse by default
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go | 24 +++++++++++++-----------
 1 file changed, 13 insertions(+), 11 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 8a6586d..b340aab 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -328,6 +328,7 @@ func (c *containerLXC) initLXC() error {
 	}
 
 	bindMounts := []string{
+		"/dev/fuse",
 		"/proc/sys/fs/binfmt_misc",
 		"/sys/firmware/efi/efivars",
 		"/sys/fs/fuse/connections",
@@ -372,17 +373,18 @@ func (c *containerLXC) initLXC() error {
 		}
 
 		devices := []string{
-			"b *:* m",     // Allow mknod of block devices
-			"c *:* m",     // Allow mknod of char devices
-			"c 136:* rwm", // /dev/pts devices
-			"c 1:3 rwm",   // /dev/null
-			"c 1:5 rwm",   // /dev/zero
-			"c 1:7 rwm",   // /dev/full
-			"c 1:8 rwm",   // /dev/random
-			"c 1:9 rwm",   // /dev/urandom
-			"c 5:0 rwm",   // /dev/tty
-			"c 5:1 rwm",   // /dev/console
-			"c 5:2 rwm",   // /dev/ptmx
+			"b *:* m",      // Allow mknod of block devices
+			"c *:* m",      // Allow mknod of char devices
+			"c 136:* rwm",  // /dev/pts devices
+			"c 1:3 rwm",    // /dev/null
+			"c 1:5 rwm",    // /dev/zero
+			"c 1:7 rwm",    // /dev/full
+			"c 1:8 rwm",    // /dev/random
+			"c 1:9 rwm",    // /dev/urandom
+			"c 5:0 rwm",    // /dev/tty
+			"c 5:1 rwm",    // /dev/console
+			"c 5:2 rwm",    // /dev/ptmx
+			"c 10:229 rwm", // /dev/fuse
 		}
 
 		for _, dev := range devices {

From 53332466b816a91c57b4c65a306ef2bc129b5a85 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 21 Jun 2016 19:23:43 -0400
Subject: [PATCH 3/5] Better handle bind mounts
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 lxd/container_lxc.go | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index b340aab..6fd0ee4 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -346,9 +346,20 @@ func (c *containerLXC) initLXC() error {
 	}
 
 	for _, mnt := range bindMounts {
-		err = lxcSetConfigItem(cc, "lxc.mount.entry", fmt.Sprintf("%s %s none rbind,create=dir,optional", mnt, strings.TrimPrefix(mnt, "/")))
-		if err != nil {
-			return err
+		if !shared.PathExists(mnt) {
+			continue
+		}
+
+		if shared.IsDir(mnt) {
+			err = lxcSetConfigItem(cc, "lxc.mount.entry", fmt.Sprintf("%s %s none rbind,create=dir,optional", mnt, strings.TrimPrefix(mnt, "/")))
+			if err != nil {
+				return err
+			}
+		} else {
+			err = lxcSetConfigItem(cc, "lxc.mount.entry", fmt.Sprintf("%s %s none bind,create=file,optional", mnt, strings.TrimPrefix(mnt, "/")))
+			if err != nil {
+				return err
+			}
 		}
 	}
 

From db3b37c9e4eab46bb7e965199cf608e3a5b3b219 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber at ubuntu.com>
Date: Tue, 21 Jun 2016 20:34:37 -0400
Subject: [PATCH 4/5] Update repository URL for xgettext-go
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
---
 Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 2b08f8e..85a23e2 100644
--- a/Makefile
+++ b/Makefile
@@ -82,7 +82,7 @@ update-po:
 	done
 
 update-pot:
-	go get -v -x github.com/ubuntu-core/snappy/i18n/xgettext-go/
+	go get -v -x github.com/snapcore/snapd/i18n/xgettext-go/
 	xgettext-go -o po/$(DOMAIN).pot --add-comments-tag=TRANSLATORS: --sort-output --package-name=$(DOMAIN) --msgid-bugs-address=lxc-devel at lists.linuxcontainers.org --keyword=i18n.G --keyword-plural=i18n.NG *.go shared/*.go lxc/*.go lxd/*.go
 
 

From fa65edef8f6a6b4e77d607029e69844839b38c23 Mon Sep 17 00:00:00 2001
From: Nicolas Lastra <nicolas.san at gmail.com>
Date: Wed, 22 Jun 2016 12:58:19 -0400
Subject: [PATCH 5/5] Update README.md

The example to mount shared folder inside container from host was improved.

Closes #2123

Signed-off-by: Nicolas O. Lastra <nicolas.san at gmail.com>
---
 README.md | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e8d3d68..56599bf 100644
--- a/README.md
+++ b/README.md
@@ -311,8 +311,16 @@ lxc-devel, and we can escalate to CRIU lists as necessary.
 
 Yes. The easiest way to do that is using a privileged container:
 
-    lxc launch ubuntu priv -c security.privileged=true
-    lxc config device add priv homedir disk source=/home/$USER path=/home/ubuntu
+1.a) create a container.
+
+    lxc launch ubuntu privilegedContainerName -c security.privileged=true
+    
+1.b) or, if your container already exists.
+
+        lxc config set privilegedContainerName security.privileged true
+2) then.
+
+    lxc config device add privilegedContainerName shareName disk source=/home/$USER path=/home/ubuntu
 
 #### How can I run docker inside a LXD container?
 
