[lxc-devel] [lxc/lxc] ff074c: container start: clone newcgroup immediately
GitHub
noreply at github.com
Thu Nov 17 17:35:35 UTC 2016
Branch: refs/heads/stable-2.0
Home: https://github.com/lxc/lxc
Commit: ff074c81940cd6c81533d50aed84c86210db69cf
https://github.com/lxc/lxc/commit/ff074c81940cd6c81533d50aed84c86210db69cf
Author: Serge Hallyn <serge at hallyn.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
container start: clone newcgroup immediately
rather than waiting and later unsharing.
This "makes the creation of a new cgroup early enough that the existing
cgroup mounts are visible. Which means any fancy permission checks
I dream will work on a future version of liblxc."
This also includes what should be a tiny improvement regarding netns,
though it's conceivable it'll break something. Remember that with new
kernels we need to unshare netns after we've become the root user in the
new userns, so that netns files are owned by that root. But we were
passing the unfiltered handler->clone_flags to the original clone().
This just resulted in a temporary extra netns generation, but still
worked since our target netns, which we passed our devices into, was
created late enough.
Signed-off-by: Serge Hallyn <serge at hallyn.com>
Signed-off-by: "Eric W. Biederman" <ebiederm at xmission.com>
Commit: ff88c8155031929e677a6212a46410a42a7241cc
https://github.com/lxc/lxc/commit/ff88c8155031929e677a6212a46410a42a7241cc
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M lxc.spec.in
Log Message:
-----------
use python3_sitearch for including the python code
Closes: #502
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 727b60d603fd32cb0ba822141925085ff28bbf15
https://github.com/lxc/lxc/commit/727b60d603fd32cb0ba822141925085ff28bbf15
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M lxc.spec.in
Log Message:
-----------
fix rpm build, include all built files, but only once
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 125736f22c32877b87fdfe72520a8535a2dcab36
https://github.com/lxc/lxc/commit/125736f22c32877b87fdfe72520a8535a2dcab36
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfs.c
Log Message:
-----------
cgfs: fix invalid free()
And let's be on the safe side by NULLing free()ed variables.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: a3ed64707fb71b6f2fcf603e755c5da07ab3aec5
https://github.com/lxc/lxc/commit/a3ed64707fb71b6f2fcf603e755c5da07ab3aec5
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M templates/lxc-opensuse.in
Log Message:
-----------
find OpenSUSE's build also as obs-build
this is how it is shipped in Debian and Ubuntu
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 8c4c5641930fcf132ff8562b0558e40f9801dd39
https://github.com/lxc/lxc/commit/8c4c5641930fcf132ff8562b0558e40f9801dd39
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/tools/lxc_ls.c
Log Message:
-----------
improve help text for --fancy and --fancy-format
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: e5a8e4e15b7da892884cb62d17c181c6e18f1d4b
https://github.com/lxc/lxc/commit/e5a8e4e15b7da892884cb62d17c181c6e18f1d4b
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M doc/ja/lxc-ls.sgml.in
M doc/ko/lxc-ls.sgml.in
M doc/lxc-ls.sgml.in
Log Message:
-----------
improve wording of the help page for lxc-ls
it's "list of columns", not "list of column"
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: f43e73609fa70b5eeb89d6565800c2e19195467c
https://github.com/lxc/lxc/commit/f43e73609fa70b5eeb89d6565800c2e19195467c
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfs.c
Log Message:
-----------
cgfs: add print_cgfs_init_debuginfo()
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 613fe8e9cc71cfa757f7daad22de81e015ec84fb
https://github.com/lxc/lxc/commit/613fe8e9cc71cfa757f7daad22de81e015ec84fb
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfs.c
Log Message:
-----------
cgfs: skip empty entries under /proc/self/cgroup
If cgroupv2 is enabled either alone or together with legacy hierarchies
/proc/self/cgroup can contain entries of the form:
0::/
These entries need to be skipped.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 45aec6a1e3ea6450bfcdc83bf71d5ba9c2910fa3
https://github.com/lxc/lxc/commit/45aec6a1e3ea6450bfcdc83bf71d5ba9c2910fa3
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfs.c
Log Message:
-----------
cgfs: explicitly check for NULL
Somehow this implementation of a cgroupfs backend decided to use the hierarchy
numbers it detects in /proc/cgroups and /proc/self/cgroups as indices for
the hierarchy struct. Controller numbering usually starts at 1 but may start at
0 if:
a) the controller is not mounted on a cgroups v1 hierarchy;
b) the controller is bound to the cgroups v2 single unified hierarchy; or
c) the controller is disabled
To avoid having to rework our fallback backend significantly, we should
explicitly check for each controller if hierarchy[i] != NULL.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 037f33c494499b62404f330df5e1f4f7fe70cf9e
https://github.com/lxc/lxc/commit/037f33c494499b62404f330df5e1f4f7fe70cf9e
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/tools/lxc_stop.c
Log Message:
-----------
tools: use correct exit code for lxc-stop
When the container is already running our manpage promises to exit with 2.
Let's make it so.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 1fe2570ec0edf1bef45efbc1cfde4578122add8e
https://github.com/lxc/lxc/commit/1fe2570ec0edf1bef45efbc1cfde4578122add8e
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: explicitly emit bind mounts as criu arguments
We switched to --ext-mount-map auto because of "system" (liblxc) added
mounts like the cgmanager socket that weren't in the config file. This had
the added advantage that we could drop all the mount processing code,
because we no longer needed an --ext-mount-map argument.
The problem here is that mounts can move between hosts. While
--ext-mount-map auto does its best to detect this situation, it explicitly
disallows moves that change the path name. In LXD, we bind mount
/var/lib/lxd/shmounts/$container to /dev/.lxd-mounts for each container,
and so when a container is renamed in a migration, the name changes.
--ext-mount-map auto won't detect this, and so the migration fails.
We *could* implement mount rewriting in CRIU, but my experience with cgroup
and apparmor rewriting is that this is painful and error prone. Instead, it
is much easier to go back to explicitly listing --ext-mount-map arguments
from the config file, and allow the source of the bind to change. We leave
--ext-mount-map auto to catch any stragling (or future) system added
mounts.
I believe this should fix Launchpad Bug 1580765
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: bc2250ffe8138fc62f9bf264d675424407b97ceb
https://github.com/lxc/lxc/commit/bc2250ffe8138fc62f9bf264d675424407b97ceb
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/log.h
Log Message:
-----------
log: bump LXC_LOG_BUFFER_SIZE to 4096
We need to log longer lines due to CRIU arguments.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: 27866a41a3b217cd81ed8cbc8fa5d2413e94a3c1
https://github.com/lxc/lxc/commit/27866a41a3b217cd81ed8cbc8fa5d2413e94a3c1
Author: Wolfgang Bumiller <w.bumiller at proxmox.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/conf.c
M src/lxc/conf.h
M src/lxc/start.c
Log Message:
-----------
conf: merge network namespace move & rename on shutdown
On shutdown we move physical network interfaces back to the
host namespace and rename them afterwards as well as in the
later lxc_network_delete() step. However, if the device had
a name which already exists in the host namespace then the
moving fails and so do the subsequent rename attempts. When
the namespace ceases to exist the devices finally end up
in the host namespace named 'dev<ID>' by the kernel.
In order to avoid this, we do the moving and renaming in a
single step (lxc_netdev_move_by_*()'s move & rename happen
in a single netlink transaction).
Signed-off-by: Wolfgang Bumiller <w.bumiller at proxmox.com>
Commit: 31348e680474d2280ba6c294f6270c0954f96d5b
https://github.com/lxc/lxc/commit/31348e680474d2280ba6c294f6270c0954f96d5b
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: save criu's stdout during dump too
This also allows us to commonize some bits of the dup2 code.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: d0a4b88cdb144497df94497bf05179f0a3ac7b0f
https://github.com/lxc/lxc/commit/d0a4b88cdb144497df94497bf05179f0a3ac7b0f
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: remove extra \ns from logs
The macros put a \n in for us, so let's not put another one in.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: 87a06d9d1e88e93e2902caefce69b37bd75c1a63
https://github.com/lxc/lxc/commit/87a06d9d1e88e93e2902caefce69b37bd75c1a63
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
c/r: fix off-by-one error
When we read sizeof(buf) bytes here, we'd write off the end of the array,
which is bad :)
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: 5048abad35f582e6d63567840a49b8f1ef429391
https://github.com/lxc/lxc/commit/5048abad35f582e6d63567840a49b8f1ef429391
Author: Tycho Andersen <tycho.andersen at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/lxccontainer.c
Log Message:
-----------
c/r: check state before doing a checkpoint/restore
This would already fail, but with a not-as-good error message. Let's make
the error better.
Signed-off-by: Tycho Andersen <tycho.andersen at canonical.com>
Commit: 20c16a76f136ada196c234d3bad8723ffdb76904
https://github.com/lxc/lxc/commit/20c16a76f136ada196c234d3bad8723ffdb76904
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/start.c
Log Message:
-----------
start: CLONE_NEWCGROUP after we have setup cgroups
If we do it earlier we end up with a wrong view of /proc/self/cgroup. For
example, assume we unshare(CLONE_NEWCGROUP) first, and then create the cgroup
for the container, say /sys/fs/cgroup/cpuset/lxc/c, then /proc/self/cgroup
would show us:
8:cpuset:/lxc/c
whereas it should actually show
8:cpuset:/
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 57af0c7ac52bd1880c394124bc2424246f0faa5f
https://github.com/lxc/lxc/commit/57af0c7ac52bd1880c394124bc2424246f0faa5f
Author: mgariepy <mgariepy at users.noreply.github.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M templates/lxc-centos.in
Log Message:
-----------
create symlink for /var/run
this patch create /var/run link to point to /run.
This will fix various issue present when /var/run is persistent.
Signed-off-by: Marc Gariepy <gariepy.marc at gmail.com>
Commit: 798ee9ba238385965c308fa8682d35cbdaeceb35
https://github.com/lxc/lxc/commit/798ee9ba238385965c308fa8682d35cbdaeceb35
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/utils.c
M src/lxc/utils.h
Log Message:
-----------
utils: add lxc_append_string()
lxc_append_string() appends strings without separator. This is mostly useful
for reading in whole files line-by-line.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: b50cf4ac51462c56f1a35c4312075b07c72e7f5f
https://github.com/lxc/lxc/commit/b50cf4ac51462c56f1a35c4312075b07c72e7f5f
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfsng.c
M src/lxc/utils.c
Log Message:
-----------
cgroups: remove isolated cpus from cpuset.cpus
In case the system was booted with
isolcpus=n_i-n_j,n_k,n_m
we cannot simply copy the cpuset.cpus file from our parent cgroup. For example,
in the root cgroup cpuset.cpus will contain all of the cpus including the
isolated cpus. Copying the values of the root cgroup into a child cgroup will
lead to a wrong view in /proc/self/status: For the root cgroup
/sys/fs/cgroup/cpuset /proc/self/status will correctly show
Cpus_allowed_list: 0-1,3
even though cpuset.cpus will show
0-3
However, initializing a subcgroup in the cpuset controller by copying the
cpuset.cpus setting from the root cgroup will cause /proc/self/status to
incorrectly show
Cpus_allowed_list: 0-3
Hence, we need to make sure to remove the isolated cpus from cpuset.cpus. Seth
has argued that this is not a kernel bug but by design. So let us be the smart
guys and fix this in liblxc.
The solution is straightforward: To avoid having to work with raw cpulist
strings we create cpumasks based on uint32_t bit arrays.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 3a5495cf2f6c1806f5a91d699448b15b510f146e
https://github.com/lxc/lxc/commit/3a5495cf2f6c1806f5a91d699448b15b510f146e
Author: Po-Hsu Lin <po-hsu.lin at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/tests/lxc-test-apparmor-mount
M src/tests/lxc-test-autostart
M src/tests/lxc-test-unpriv
M src/tests/lxc-test-usernic.in
M templates/lxc-ubuntu-cloud.in
Log Message:
-----------
Update Ubuntu release name: add zesty and remove wily
Add zesty to KNOWN_RELEASES
Remove EOL wily from KNOWN_RELEASES
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Commit: 26312a76c8a1078976a5b391ece4f650a6f1b000
https://github.com/lxc/lxc/commit/26312a76c8a1078976a5b391ece4f650a6f1b000
Author: Po-Hsu Lin <po-hsu.lin at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M templates/lxc-ubuntu-cloud.in
Log Message:
-----------
templates: add squashfs support to lxc-ubuntu-cloud.in
Add squashfs format file support for lxc-ubuntu-cloud.in
Signed-off-by: Po-Hsu Lin <po-hsu.lin at canonical.com>
Commit: dafe5349cb3fa86b163d56c05231a56b8f0c36b4
https://github.com/lxc/lxc/commit/dafe5349cb3fa86b163d56c05231a56b8f0c36b4
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: skip v2 hierarchy entry
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: d2b51fd10886f9c23c1f237c7ce1abaaa843067e
https://github.com/lxc/lxc/commit/d2b51fd10886f9c23c1f237c7ce1abaaa843067e
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M config/init/sysvinit/lxc-net.in
Log Message:
-----------
also stop lxc-net in runlevels 0 and 6
there is no reason to not do this :)
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 991c1b955ab88047d5915fb58f7e27e9bf3478e8
https://github.com/lxc/lxc/commit/991c1b955ab88047d5915fb58f7e27e9bf3478e8
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M .gitignore
Log Message:
-----------
add lxc.egg-info to gitignore
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 50066905b4aa6cb6df5f62a5f34a2db98dd504a7
https://github.com/lxc/lxc/commit/50066905b4aa6cb6df5f62a5f34a2db98dd504a7
Author: Evgeni Golov <evgeni at debian.org>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M config/bash/Makefile.am
M configure.ac
Log Message:
-----------
install bash completion where pkg-config tells us to
Signed-off-by: Evgeni Golov <evgeni at debian.org>
Commit: 134bceb3cdc23f9459f50ece92be0a6d2c84a211
https://github.com/lxc/lxc/commit/134bceb3cdc23f9459f50ece92be0a6d2c84a211
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/conf.c
Log Message:
-----------
conf: do not use %m format specifier
This is a GNU extension and some libcs might be missing it.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 8da006e44b58824d803fe6586fb5174e8e2ebb6a
https://github.com/lxc/lxc/commit/8da006e44b58824d803fe6586fb5174e8e2ebb6a
Author: Stéphane Graber <stgraber at ubuntu.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M templates/lxc-debian.in
Log Message:
-----------
debian: Don't depend on libui-dialog-perl
This package doesn't exist in stretch anymore, and it's unclear why we
were depending on a library to begin with (as opposed to having it
brought by whatever needs it).
Signed-off-by: Stéphane Graber <stgraber at ubuntu.com>
Commit: bf5174e0b22913f118a7962f3445a8813d0a4163
https://github.com/lxc/lxc/commit/bf5174e0b22913f118a7962f3445a8813d0a4163
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: use %zu format specifier to print size_t
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Commit: 85031ca01bc4b71e2777e31316de73b0d22ed637
https://github.com/lxc/lxc/commit/85031ca01bc4b71e2777e31316de73b0d22ed637
Author: Adrian Reber <areber at redhat.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/criu.c
Log Message:
-----------
lxc-checkpoint: automatically detect if --external or --veth-pair
With the criu release 2.8 criu deprecated the --veth-pair command-line
option in favor of --external:
f2037e6 veth: Make --external support --veth-pair
git tag --contains f2037e6d3445fc400
v2.8
With this commit lxc-checkpoint will automatically switch between
the new and old command-line option dependent on the detected
criu version.
For criu version older than 2.8 something like this will be used:
--veth-pair eth0=vethYOK6RW at lxcbr0
and starting with criu version 2.8 it will look like this:
--external veth[eth0]:vethCRPEYL at lxcbr0
Signed-off-by: Adrian Reber <areber at redhat.com>
Commit: d3795ab5f0308ee1cb83e47b0ad12e2eb1ffb3a4
https://github.com/lxc/lxc/commit/d3795ab5f0308ee1cb83e47b0ad12e2eb1ffb3a4
Author: Christian Brauner <christian.brauner at canonical.com>
Date: 2016-11-17 (Thu, 17 Nov 2016)
Changed paths:
M src/lxc/cgroups/cgfsng.c
Log Message:
-----------
cgroups: prevent segfault in cgfsng
When we set LXC_DEBUG_CGFSNG=1 we print out info about detected cgroup
hierarchies. When there's no named cgroup mounted we need to make sure that we
don't try to index an unallocated pointer.
Signed-off-by: Christian Brauner <christian.brauner at canonical.com>
Compare: https://github.com/lxc/lxc/compare/8511da278af5...d3795ab5f030
More information about the lxc-devel
mailing list