[lxc-devel] [lxd/master] liblxc: adapt to new config keys

brauner on Github lxc-bot at linuxcontainers.org
Mon Jul 10 22:54:39 UTC 2017 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 368 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20170710/2ca9853d/attachment.bin>
-------------- next part --------------
From 35e01bcbe998f6d27d660b78698b1ddad010dccd Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:37:26 +0200
Subject: [PATCH 01/10] liblxc 2.1: lxc.rootfs -> lxc.rootfs.path

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 2d97d8509..70f18909e 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1341,17 +1341,25 @@ func (c *containerLXC) initLXC() error {
 
 			// Deal with a rootfs
 			if tgtPath == "" {
-				// Set the rootfs backend type if supported (must happen before any other lxc.rootfs)
-				err := lxcSetConfigItem(cc, "lxc.rootfs.backend", "dir")
-				if err == nil {
-					value := cc.ConfigItem("lxc.rootfs.backend")
-					if len(value) == 0 || value[0] != "dir" {
-						lxcSetConfigItem(cc, "lxc.rootfs.backend", "")
+				if !lxc.VersionAtLeast(2, 1, 0) {
+					// Set the rootfs backend type if supported (must happen before any other lxc.rootfs)
+					err := lxcSetConfigItem(cc, "lxc.rootfs.backend", "dir")
+					if err == nil {
+						value := cc.ConfigItem("lxc.rootfs.backend")
+						if len(value) == 0 || value[0] != "dir" {
+							lxcSetConfigItem(cc, "lxc.rootfs.backend", "")
+						}
 					}
 				}
 
 				// Set the rootfs path
-				err = lxcSetConfigItem(cc, "lxc.rootfs", c.RootfsPath())
+				if lxc.VersionAtLeast(2, 1, 0) {
+					rootfsPath := fmt.Sprintf("dir:%s", c.RootfsPath())
+					err = lxcSetConfigItem(cc, "lxc.rootfs.path", rootfsPath)
+				} else {
+					rootfsPath := c.RootfsPath()
+					err = lxcSetConfigItem(cc, "lxc.rootfs", rootfsPath)
+				}
 				if err != nil {
 					return err
 				}

From 778d909491ce1df6c68fd3cecc721c6ddc062b61 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:41:00 +0200
Subject: [PATCH 02/10] liblxc: ipv{4,6} --> ipv{4,6}.address

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 70f18909e..8ddc8d427 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -156,11 +156,17 @@ func lxcValidConfig(rawLxc string) error {
 
 		if strings.HasPrefix(key, networkKeyPrefix) {
 			fields := strings.Split(key, ".")
-			if len(fields) == 4 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) {
+
+			allowedIPKeys := []string{"ipv4.address", "ipv6.address"}
+			if !lxc.VersionAtLeast(2, 1, 0) {
+				allowedIPKeys = []string{"ipv4", "ipv6"}
+			}
+
+			if len(fields) == 4 && shared.StringInSlice(fields[3], allowedIPKeys) {
 				continue
 			}
 
-			if len(fields) == 5 && shared.StringInSlice(fields[3], []string{"ipv4", "ipv6"}) && fields[4] == "gateway" {
+			if len(fields) == 5 && shared.StringInSlice(fields[3], allowedIPKeys) && fields[4] == "gateway" {
 				continue
 			}
 

From 5c3274946025b17bfbeb64634243b20bb41d35f3 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:42:53 +0200
Subject: [PATCH 03/10] liblxc: lxc.tty --> lxc.tty.max

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 8ddc8d427..2b39df364 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -928,7 +928,11 @@ func (c *containerLXC) initLXC() error {
 	}
 
 	// Setup the console
-	err = lxcSetConfigItem(cc, "lxc.tty", "0")
+	if lxc.VersionAtLeast(2, 1, 0) {
+		err = lxcSetConfigItem(cc, "lxc.tty.max", "0")
+	} else {
+		err = lxcSetConfigItem(cc, "lxc.tty", "0")
+	}
 	if err != nil {
 		return err
 	}

From c8a1faa56c6d88715d3771b8d83ebb616239d7be Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:43:56 +0200
Subject: [PATCH 04/10] liblxc: lxc.pts --> lxc.pty.max

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 2b39df364..4a6686756 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -780,7 +780,11 @@ func (c *containerLXC) initLXC() error {
 		return err
 	}
 
-	err = lxcSetConfigItem(cc, "lxc.pts", "1024")
+	if lxc.VersionAtLeast(2, 1, 0) {
+		err = lxcSetConfigItem(cc, "lxc.pty.max", "1024")
+	} else {
+		err = lxcSetConfigItem(cc, "lxc.pts", "1024")
+	}
 	if err != nil {
 		return err
 	}

From dd56d21d28bf4dec9952f8527aa465693a6fbfd4 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:45:10 +0200
Subject: [PATCH 05/10] liblxc: lxc.seccomp --> lxc.seccomp.profile

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 4a6686756..a1c2e46df 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -987,7 +987,11 @@ func (c *containerLXC) initLXC() error {
 
 	// Setup Seccomp if necessary
 	if ContainerNeedsSeccomp(c) {
-		err = lxcSetConfigItem(cc, "lxc.seccomp", SeccompProfilePath(c))
+		if lxc.VersionAtLeast(2, 1, 0) {
+			err = lxcSetConfigItem(cc, "lxc.seccomp.profile", SeccompProfilePath(c))
+		} else {
+			err = lxcSetConfigItem(cc, "lxc.seccomp", SeccompProfilePath(c))
+		}
 		if err != nil {
 			return err
 		}

From 398909b735ee53576687272d81f6ed974148094f Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:47:02 +0200
Subject: [PATCH 06/10] liblxc: lxc.loglevel --> lxc.log.level

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index a1c2e46df..d6ea3c292 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -901,7 +901,11 @@ func (c *containerLXC) initLXC() error {
 		logLevel = "info"
 	}
 
-	err = lxcSetConfigItem(cc, "lxc.loglevel", logLevel)
+	if lxc.VersionAtLeast(2, 1, 0) {
+		err = lxcSetConfigItem(cc, "lxc.log.level", logLevel)
+	} else {
+		err = lxcSetConfigItem(cc, "lxc.loglevel", logLevel)
+	}
 	if err != nil {
 		return err
 	}

From 2256169c7197f644da1b04255b8baa6b3719bd0b Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:49:11 +0200
Subject: [PATCH 07/10] liblxc: lxc.aa_profile --> lxc.apparmor.profile

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index d6ea3c292..ab55462ed 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -963,7 +963,11 @@ func (c *containerLXC) initLXC() error {
 			// If confined but otherwise able to use AppArmor, use our own profile
 			curProfile := aaProfile()
 			curProfile = strings.TrimSuffix(curProfile, " (enforce)")
-			err = lxcSetConfigItem(cc, "lxc.aa_profile", curProfile)
+			if lxc.VersionAtLeast(2, 1, 0) {
+				err = lxcSetConfigItem(cc, "lxc.apparmor.profile", curProfile)
+			} else {
+				err = lxcSetConfigItem(cc, "lxc.aa_profile", curProfile)
+			}
 			if err != nil {
 				return err
 			}
@@ -982,7 +986,11 @@ func (c *containerLXC) initLXC() error {
 				profile = fmt.Sprintf("%s//&:%s:", profile, AANamespace(c))
 			}
 
-			err := lxcSetConfigItem(cc, "lxc.aa_profile", profile)
+			if lxc.VersionAtLeast(2, 1, 0) {
+				err = lxcSetConfigItem(cc, "lxc.apparmor.profile", profile)
+			} else {
+				err = lxcSetConfigItem(cc, "lxc.aa_profile", profile)
+			}
 			if err != nil {
 				return err
 			}

From 920713528b3d5519e046a4815550270b24b51fe1 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:50:25 +0200
Subject: [PATCH 08/10] liblxc: lxc.utsname --> lxc.uts.name

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index ab55462ed..1aae83d1b 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -946,7 +946,11 @@ func (c *containerLXC) initLXC() error {
 	}
 
 	// Setup the hostname
-	err = lxcSetConfigItem(cc, "lxc.utsname", c.Name())
+	if lxc.VersionAtLeast(2, 1, 0) {
+		err = lxcSetConfigItem(cc, "lxc.uts.name", c.Name())
+	} else {
+		err = lxcSetConfigItem(cc, "lxc.utsname", c.Name())
+	}
 	if err != nil {
 		return err
 	}

From e926bd88ef7ea47c1388ff469c4300c72ac7ac81 Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:52:41 +0200
Subject: [PATCH 09/10] liblxc: lxc.logfile --> lxc.log.file

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 1aae83d1b..632c34a1d 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -137,7 +137,7 @@ func lxcValidConfig(rawLxc string) error {
 		key := strings.ToLower(strings.Trim(membs[0], " \t"))
 
 		// Blacklist some keys
-		if key == "lxc.logfile" {
+		if key == "lxc.logfile" || key == "lxc.log.file" {
 			return fmt.Errorf("Setting lxc.logfile is not allowed")
 		}
 

From a7731bebe7412c89ead1908b72bb1a56e4cf15ee Mon Sep 17 00:00:00 2001
From: Christian Brauner <christian.brauner at ubuntu.com>
Date: Tue, 11 Jul 2017 00:53:18 +0200
Subject: [PATCH 10/10] liblxc: lxc.syslog --> lxc.log.syslog

Signed-off-by: Christian Brauner <christian.brauner at ubuntu.com>
---
 lxd/container_lxc.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index 632c34a1d..726eb197f 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -141,7 +141,7 @@ func lxcValidConfig(rawLxc string) error {
 			return fmt.Errorf("Setting lxc.logfile is not allowed")
 		}
 
-		if key == "lxc.syslog" {
+		if key == "lxc.syslog" || key == "lxc.log.syslog" {
 			return fmt.Errorf("Setting lxc.syslog is not allowed")
 		}

More information about the lxc-devel mailing list