Hi folks,
AFAICS stable-2.0 has got a new tag 2.0.11, including a fix
for CVE-2019-5736. There is no new tag on stable-3.0, even
though the fix appears to be in, too.
Wouldn't it be reasonable to introduce new tags, esp. if a
CVE has been fixed on a LTS branch? Is there something
missing on stab
(literally), waiting for systemd-remount-fs startup script
Of course it still works for RHEL 6, CentOS 6 and 7 as well. I did
not verify earlier CentOS or RHEL releases.
Signed-off-by: Harald Dunkel
Index: lxc-2.0.9/templates/lxc
Hi Christian,
On 12/11/17 4:17 PM, Christian Brauner wrote:
What is the container's config file? liblxc itself does not know what
drbd devices are and cannot create such containers. So I expect your
container's config file to contain a line like:
lxc.rootfs = /data1//rootfs
Here is a sample
Hi Serge,
On 12/11/17 4:40 AM, Serge E. Hallyn wrote:
Quoting Harald Dunkel (ha...@afaics.de):
On 12/07/17 22:30, Serge E. Hallyn wrote:
What filesystem are you using?
ext4 on a drbd block device:
/dev/drbd1 /data1 ext4 rw,noatime,stripe=256,data=ordered 0 0
I have to think drbd would
On 12/07/17 22:30, Serge E. Hallyn wrote:
>
> What filesystem are you using?
ext4 on a drbd block device:
/dev/drbd1 /data1 ext4 rw,noatime,stripe=256,data=ordered 0 0
Regards
Harri
signature.asc
Description: OpenPGP digital signature
___
lxc-deve
Hi folks,
If a LXC server ran for several weeks and if I try to stop a
container, then the server gets stuck for a few minutes (see
attachment).
Please note the
:
[8541088.226013] Task dump for CPU 31:
[8541088.226015] mount R
:
This might be common for all incidents of this kind, bu
On Sat, 29 Jul 2017 14:06:17 +0200
Christian Brauner wrote:
> Merged the patch today. Thanks guys!
>
Would it be possible to merge this change into the 2.0 branch
as well?
Thanx very much
Harri
___
lxc-devel mailing list
lxc-devel@lists.linuxconta
PS:
On Thu, 27 Jul 2017 08:45:49 -0500
"Serge E. Hallyn" wrote:
>
> It looks like these were done by commit
> 44d397891e691ab994a69766cc72e57265b62da1,
> and lxc-2.0.0 does have that commit.
>
44d397891e691ab994a69766cc72e57265b62da1 was created on
Mon Dec 3 09:53:10 2012, i.e. about 18 mon
I verified this on github:
% cd /tmp
% git clone git://github.com/lxc/lxc
Cloning into 'lxc'...
remote: Counting objects: 38059, done.
remote: Compressing objects: 100% (30/30), done.
remote: Total 38059 (delta 19), reused 31 (delta 14), pack-reused 38015
Receiving objects: 100% (38059/38059), 13.
Hi Serge,
apparently all these fixes have been lost on the 2.0 branch:
{hdunkel@dpcl082:lxc (stable-2.0) 507} grep rsync templates/* | grep rootfs
templates/lxc-altlinux.in:rsync -Ha $cache/rootfs/ $rootfs_path/
templates/lxc-centos.in:rsync -a $cache/rootfs/ $rootfs_path/
templates/lxc-d
Is there anything missing? Some feedback would be highly
appreciated.
Harri
On 02/21/2017 04:29 PM, Harald Dunkel wrote:
> Hi folks,
>
> if /etc/lxc/default.conf defines 2 or more bridges, then
> I get a ton of warnings:
>
> # service lxc restart
> [] St
Nitzsch
Signed-off-by: Harald Dunkel
Index: lxc-1.1.5.1/config/init/common/lxc-containers.in
===
--- lxc-1.1.5.1.orig/config/init/common/lxc-containers.in
+++ lxc-1.1.5.1/config/init/common/lxc-containers.in
@@ -51,7 +51,7 @@ fi
# to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi Serge,
On 10/21/16 16:56, Serge E. Hallyn wrote:
> Quoting Harald Dunkel (harald.dun...@aixigo.de):
>> On 10/20/2016 03:39 PM, Serge E. Hallyn wrote:
>>> On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote:
>>&g
Hi Serge,
On 10/21/2016 04:56 PM, Serge E. Hallyn wrote:
>
> lxc-cgroup talks to the container to find out the cgroup it is running
> in. There could for instance be several containers called 'c1' (in
> different lxcpaths), which could be running in cgroups c1, c1.0, and c1.1.
> And for each con
On 10/20/2016 03:39 PM, Serge E. Hallyn wrote:
> On Wed, Oct 19, 2016 at 02:10:59PM +0200, Harald Dunkel wrote:
>>
>> Following the api I am forced to use root permission or some
>> hard-to-configure sudo constructs for monitoring. This is
>> pretty painful.
>&
Hi folks,
using an unprivileged account for monitoring lxc-cgroup
returns a "permission denied" messages for something that
is world readable in the /cgroup directory. Sample:
% lxc-cgroup -P /data1/lxc -n jerry1 memory.usage_in_bytes
lxc-cgroup: tools/lxc_cgroup.c: main: 104 Insufficent privileg
Hi Serge,
On 06/15/16 19:00, Serge E. Hallyn wrote:
> Quoting Harald Dunkel (harald.dun...@aixigo.de):
>>
>> Using "rsync -SHaAX" in lxc-debian it works (on Jessie).
>> Attached you can find a suggested patch for all (lxc 1.1.5).
>
> Thanks this looks good.
Hi Serge,
On 06/14/16 17:10, Serge E. Hallyn wrote:
>
> Well I notice that copy_debian() rsyncs without -X. Does
> adding -X fix it for you?
Using "rsync -SHaAX" in lxc-debian it works (on Jessie).
Attached you can find a suggested patch for all (lxc 1.1.5).
Thanx for your help
Harri
Index:
Hi folks,
Problem: A container setup with "lxc-create -t debian" has
lost its file-based capabilities (used by systemd, ping,
iputils, ...). I didn't check other template scripts, but
since the major suspect is tar (used for creating a cache)
I would assume that this problem is not restricted to D
Hi folks,
would it be possible to have an option "lxc.device" in
the config file, e.g.
lxc.autodev = 1
lxc.device = /dev/vg00/lv01
lxc.device = /dev/vg00/lv02
It should make the block devices available to the client,
similar to the lxc-device script, but before init and t
Hi folks,
I need local resource limits inside each container. Problem:
UID conflicts between containers. Setting lxc.id_map is *highly*
painful, because it just moves the burden to the admin.
An automatic solution to avoid UID and GID conflicts between
containers would be very helpful. Is there h
Hi Serge,
On 07/23/15 15:12, Serge Hallyn wrote:
> Quoting Harald Dunkel (harald.dun...@aixigo.de):
>>
>> My suggestion would be to use the "real" lxcpath (resolving
>> all the symlinks and .. and .) for constructing the abstract
>> socket name.
>
>
Hi Serge,
On 07/22/15 22:55, Serge Hallyn wrote:
> Quoting Harald Dunkel (harald.dun...@aixigo.de):
>>
>> This looks pretty fragile to me. Shouldn't lxc report the same
>> state for both paths, no matter what?
>
> No, because when you start the container, it lis
Hi folks,
please consider this:
# ls -al /var/lib/lxc
lrwxrwxrwx 1 root root 11 Aug 11 2014 /var/lib/lxc -> /export/lxc
# lxc-ls --fancy
NAME STATEIPV4 IPV6 GROUPS AUTOSTART
-
lxchost01 RUNNING 10.123.96.1
Hi folks,
to avoid postprocessing the output of lxc-info, it would be
nice to have an option "--short", e.g.
# lxc-info -n sample -c lxc.start.auto --short
1
My first guess was that '-q' did the trick, but it didn't.
Just a suggestion, of course. Regards
Harri
__
On 04/14/15 15:41, Stéphane Graber wrote:
>
> Ever since LXC 1.0.0 (so over a year now), lxc-ls run as non-root lists
> unprivileged containers stored in ~/.local/share/lxc/
>
Sorry, I didn't know. Do you think a message like
% lxc-ls
~/.local/share/lxc: no such directory
or
On 04/13/15 14:54, Serge Hallyn wrote:
> Can you give us an example?
>
Sure, here is a sample session:
# lxc-create -P /data1/lxc -n sample42 -t debian -- -r jessie
debootstrap is /usr/sbin/debootstrap
Checking cache download in /var/cache/lxc/debian/rootfs-jessie-amd64 ...
Copying rootfs to /da
Hi folks,
I get a weird effect on running lxc-ls without root:
{hdunkel@dpcl082:~ 507} lxc-ls
{hdunkel@dpcl082:~ 508} echo $?
0
{hdunkel@dpcl082:~ 509} lxc-ls -P /var/lib/lxc
.jessiedebbuild template.blog
.mini lxc0
.squeeze oraclient
.
Hi folks,
"lxc-ls" implies a certain similarity to Unix' "ls" command,
some releases ago lxc stopped to ignore hidden container
directories.
Did this happen on purpose? Is there a common config option
for lxc to bring back the expected behavior wrt hidden
directories?
Regards
Harri
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 01/21/15 22:27, Stéphane Graber wrote:
> Hey everyone,
>
> So after doing a fair amount of additional manual testing on it, I've just
> released LXC 1.1 rc1.
>
> That means that from now on, we won't be taking new features and will instead
> w
On Fri, 21 Nov 2014 04:41:00 +
Serge Hallyn wrote:
>
> Michael and/or Stéphane may have other comments , but as you say this
> will not regress non-systemd hosts so looks like a step in the right
> direction to me, thanks.
>
I wonder if this could go to the stable-1.0 branch, too?
Regard
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
The patch seems to work.
Do you think it would be reasonable to include this fix on
the stable-1.0 branch as well?
Thanx anyway. Keep on your good work
Harri
-BEGIN PGP SIGNATURE-
Version: GnuPG v1
iQEcBAEBCAAGBQJTpmhGAAoJEAqeKp
Hi folks,
if I build the top of the 1.0.4 branch on Debian, then the
generated lxc.service file contains bad ExecStart* and ExecStop
options:
% ./autogen.sh ; configure; make
:
:
% grep ^Exec config/init/systemd/lxc.service
ExecStartPre=${exec_prefix}/libexec/lxc/lxc-devsetup
ExecStart=${exec_pre
Hi Michael,
On 06/08/14 18:59, Michael H. Warfield wrote:
>
> I see, reviewing my notes now, that you were the one who brought it up
> back in December last year. Funny too that I just got done doing
> something very very similar for lxc-autostart and the -g/--groups
> parameter (which is a comm
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks
currently I've got 3 container paths on some hosts:
/var/lib/lxclocal containers
/data1/lxc network services
/data2/lxc network services
/data1 and /data2 are part of a high availability setup
(using
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 05/02/14 16:29, Serge Hallyn wrote:
>
> That won't show you the startup msgs as it will attach you to tty1, not
> /dev/console.
>
Surely the alias was just a vague description. The point is being
able to detach from the console, after the cont
I haven't seen this suggested before: How about making
lxc-start -n container
an alias for
lxc-start -n container -d
lxc-console -n container
?
This would allow me to detach from the container, if I
forgot the "-d" for lxc-start.
Regards
Harri
Hi folks,
I tried the fedora template, but it seems the generated
image (Fedora 19 or 20) doesn't start. lxc-start returns
immediately without any message on stderr. Attached is the
debug log file for Fedora 20.
lxc is rc2 of this morning. Host is Debian (sid) with kernel
3.13.3. Creating and boo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
I tried the patch on top of the current HEAD (for Centos): Success.
[root@no3 ~]# ls -al /dev/fd /dev/std*
lrwxrwxrwx 1 root root 13 Feb 14 14:37 /dev/fd -> /proc/self/fd
lrwxrwxrwx 1 root root 15 Feb 14 14:37 /dev/stderr -> /proc/self/fd/2
lrwxrwxr
That was fast.
Thanx very much. Keep on your good work
Harri
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Hi folks,
Problem in LXC (beta4) running a Centos 6.5 client:
# cat <(echo hello)
cat: /dev/fd/63: No such file or directory
On a "real" host /dev/fd is a symlink pointing to /proc/self/fd.
AFAICS only the altlinux template creates this symlink. Debian
seems to provide the link o
On 02/04/14 14:53, Serge Hallyn wrote:
>
> Thanks everyone. I guess my main question was whether '--repo' would
> conflict with the 'additional repos' interpretation (sort of like
> proxy vs. ppa in ubuntu, where one is for fast local mirror while the
> other is for testing upgraded packages befo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Hi folks,
On 02/04/14 02:18, Serge Hallyn wrote:
>
> It looks fine to me, but I'm not quite sure whether users ordinarily would
> want such a repo to be an additional repo or a replacement for the centos
> one. Michael, does this look good to yo
Hi folks,
I would like to contribute a small patch to support a local
repository in the CentOS template.
Distributing git patches by EMail is still new to me. Please mail
if I did not follow the guidelines.
Many thanx
Harri
Harald Dunkel (1):
support a custom CentOS repository
templates
This change introduces a flag --repo to the lxc-centos template
to allow using a local repository (e.g. a loop mounted installer
iso on your web server).
Signed-off-by: Harald Dunkel
---
templates/lxc-centos.in | 14 --
1 file changed, 12 insertions(+), 2 deletions(-)
diff --git a
Hi folks,
AFAICS lxc-autostart -s ignores all containers unless they match
a group or are set to autostart or something. What would you suggest
to stop the rest, e.g. at shutdown time of the server? Is there a
default group without saying?
Of course I tried "lxc-autostart -s -a". No luck.
Regar
46 matches
Mail list logo