[lxc-devel] [lxd/master] liblxc: adapt to new config keys
brauner on Github
lxc-bot at linuxcontainers.org
Mon Jul 10 22:54:39 UTC 2017
A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 368 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170710/2ca9853d/attachment.bin>
-------------- next part --------------
From 35e01bcbe998f6d27d660b78698b1ddad010dccd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:37:26 +0200
Subject: [PATCH 01/10] liblxc 2.1: lxc.rootfs -> lxc.rootfs.path
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 22 +++++++++++++++-------
1 file changed, 15 insertions(+), 7 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 2d97d8509..70f18909e 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1341,17 +1341,25 @@ func (c *containerLXC) initLXC() error {
// Deal with a rootfs
if tgtPath == "" {
- // Set the rootfs backend type if supported (must happen before any other lxc.rootfs)
- err := lxcSetConfigItem(cc, "lxc.rootfs.backend", "dir")
- if err == nil {
- value := cc.ConfigItem("lxc.rootfs.backend")
- if len(value) == 0 || value[0] != "dir" {
- lxcSetConfigItem(cc, "lxc.rootfs.backend", "")
+ if !lxc.VersionAtLeast(2, 1, 0) {
+ // Set the rootfs backend type if supported (must happen before any other lxc.rootfs)
+ err := lxcSetConfigItem(cc, "lxc.rootfs.backend", "dir")
+ if err == nil {
+ value := cc.ConfigItem("lxc.rootfs.backend")
+ if len(value) == 0 || value[0] != "dir" {
+ lxcSetConfigItem(cc, "lxc.rootfs.backend", "")
+ }
}
}
// Set the rootfs path
- err = lxcSetConfigItem(cc, "lxc.rootfs", c.RootfsPath())
+ if lxc.VersionAtLeast(2, 1, 0) {
+ rootfsPath := fmt.Sprintf("dir:%s", c.RootfsPath())
+ err = lxcSetConfigItem(cc, "lxc.rootfs.path", rootfsPath)
+ } else {
+ rootfsPath := c.RootfsPath()
+ err = lxcSetConfigItem(cc, "lxc.rootfs", rootfsPath)
+ }
if err != nil {
return err
}
From 778d909491ce1df6c68fd3cecc721c6ddc062b61 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:41:00 +0200
Subject: [PATCH 02/10] liblxc: ipv{4,6} --> ipv{4,6}.address
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 10 ++++++++--
1 file changed, 8 insertions(+), 2 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 70f18909e..8ddc8d427 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -156,11 +156,17 @@ func lxcValidConfig(rawLxc string) error {
if strings.HasPrefix(key, networkKeyPrefix) {
fields := strings.Split(key, ".")
- if len(fields) == 4 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) {
+
+ allowedIPKeys := []string{"ipv4.address", "ipv6.address"}
+ if !lxc.VersionAtLeast(2, 1, 0) {
+ allowedIPKeys = []string{"ipv4", "ipv6"}
+ }
+
+ if len(fields) == 4 && shared.StringInSlice(fields[3], allowedIPKeys) {
continue
}
- if len(fields) == 5 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) && fields[4] == "gateway" {
+ if len(fields) == 5 && shared.StringInSlice(fields[3], allowedIPKeys) && fields[4] == "gateway" {
continue
}
From 5c3274946025b17bfbeb64634243b20bb41d35f3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:42:53 +0200
Subject: [PATCH 03/10] liblxc: lxc.tty --> lxc.tty.max
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 8ddc8d427..2b39df364 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -928,7 +928,11 @@ func (c *containerLXC) initLXC() error {
}
// Setup the console
- err = lxcSetConfigItem(cc, "lxc.tty", "0")
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.tty.max", "0")
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.tty", "0")
+ }
if err != nil {
return err
}
From c8a1faa56c6d88715d3771b8d83ebb616239d7be Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:43:56 +0200
Subject: [PATCH 04/10] liblxc: lxc.pts --> lxc.pty.max
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 2b39df364..4a6686756 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -780,7 +780,11 @@ func (c *containerLXC) initLXC() error {
return err
}
- err = lxcSetConfigItem(cc, "lxc.pts", "1024")
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.pty.max", "1024")
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.pts", "1024")
+ }
if err != nil {
return err
}
From dd56d21d28bf4dec9952f8527aa465693a6fbfd4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:45:10 +0200
Subject: [PATCH 05/10] liblxc: lxc.seccomp --> lxc.seccomp.profile
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 4a6686756..a1c2e46df 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -987,7 +987,11 @@ func (c *containerLXC) initLXC() error {
// Setup Seccomp if necessary
if ContainerNeedsSeccomp(c) {
- err = lxcSetConfigItem(cc, "lxc.seccomp", SeccompProfilePath(c))
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.seccomp.profile", SeccompProfilePath(c))
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.seccomp", SeccompProfilePath(c))
+ }
if err != nil {
return err
}
From 398909b735ee53576687272d81f6ed974148094f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:47:02 +0200
Subject: [PATCH 06/10] liblxc: lxc.loglevel --> lxc.log.level
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index a1c2e46df..d6ea3c292 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -901,7 +901,11 @@ func (c *containerLXC) initLXC() error {
logLevel = "info"
}
- err = lxcSetConfigItem(cc, "lxc.loglevel", logLevel)
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.log.level", logLevel)
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.loglevel", logLevel)
+ }
if err != nil {
return err
}
From 2256169c7197f644da1b04255b8baa6b3719bd0b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:49:11 +0200
Subject: [PATCH 07/10] liblxc: lxc.aa_profile --> lxc.apparmor.profile
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index d6ea3c292..ab55462ed 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -963,7 +963,11 @@ func (c *containerLXC) initLXC() error {
// If confined but otherwise able to use AppArmor, use our own profile
curProfile := aaProfile()
curProfile = strings.TrimSuffix(curProfile, " (enforce)")
- err = lxcSetConfigItem(cc, "lxc.aa_profile", curProfile)
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.apparmor.profile", curProfile)
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.aa_profile", curProfile)
+ }
if err != nil {
return err
}
@@ -982,7 +986,11 @@ func (c *containerLXC) initLXC() error {
profile = fmt.Sprintf("%s//&:%s:", profile, AANamespace(c))
}
- err := lxcSetConfigItem(cc, "lxc.aa_profile", profile)
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.apparmor.profile", profile)
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.aa_profile", profile)
+ }
if err != nil {
return err
}
From 920713528b3d5519e046a4815550270b24b51fe1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:50:25 +0200
Subject: [PATCH 08/10] liblxc: lxc.utsname --> lxc.uts.name
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index ab55462ed..1aae83d1b 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -946,7 +946,11 @@ func (c *containerLXC) initLXC() error {
}
// Setup the hostname
- err = lxcSetConfigItem(cc, "lxc.utsname", c.Name())
+ if lxc.VersionAtLeast(2, 1, 0) {
+ err = lxcSetConfigItem(cc, "lxc.uts.name", c.Name())
+ } else {
+ err = lxcSetConfigItem(cc, "lxc.utsname", c.Name())
+ }
if err != nil {
return err
}
From e926bd88ef7ea47c1388ff469c4300c72ac7ac81 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:52:41 +0200
Subject: [PATCH 09/10] liblxc: lxc.logfile --> lxc.log.file
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 1aae83d1b..632c34a1d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -137,7 +137,7 @@ func lxcValidConfig(rawLxc string) error {
key := strings.ToLower(strings.Trim(membs[0], " \t"))
// Blacklist some keys
- if key == "lxc.logfile" {
+ if key == "lxc.logfile" || key == "lxc.log.file" {
return fmt.Errorf("Setting lxc.logfile is not allowed")
}
From a7731bebe7412c89ead1908b72bb1a56e4cf15ee Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:53:18 +0200
Subject: [PATCH 10/10] liblxc: lxc.syslog --> lxc.log.syslog
Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
lxd/container_lxc.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 632c34a1d..726eb197f 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -141,7 +141,7 @@ func lxcValidConfig(rawLxc string) error {
return fmt.Errorf("Setting lxc.logfile is not allowed")
}
- if key == "lxc.syslog" {
+ if key == "lxc.syslog" || key == "lxc.log.syslog" {
return fmt.Errorf("Setting lxc.syslog is not allowed")
}
More information about the lxc-devel
mailing list