[lxc-devel] [PATCH] doc: Update Japanese man pages
* lxc-unshare(1): Update for commit c1bb25a831fdd568fb8c899b67a7be63c21f4a10 and 13d8bde96f0a21da92bcf353ad5db3f6f83172c2 * lxc.conf(5): Update for commit 04a243f11d5d4891b427107774d30d058bb191e7 Signed-off-by: KATOH Yasufumi --- doc/ja/lxc-unshare.sgml.in | 93 -- doc/ja/lxc.conf.sgml.in| 16 +++- 2 files changed, 104 insertions(+), 5 deletions(-) diff --git a/doc/ja/lxc-unshare.sgml.in b/doc/ja/lxc-unshare.sgml.in index f40c063..1d04912 100644 --- a/doc/ja/lxc-unshare.sgml.in +++ b/doc/ja/lxc-unshare.sgml.in @@ -57,7 +57,11 @@ by KATOH Yasufumi lxc-unshare -s namespaces - -u user + -u user + -H hostname + -i ifname + -d + -M command @@ -120,11 +124,70 @@ by KATOH Yasufumi 新しいタスクを実行するユーザを指定します. -このオプションはユーザ名前空間を unshare する時のみ有効です. + + + + + + + -H hostname + + + + +新しいコンテナ内でのホスト名を設定します.UTSNAME 名前空間を指定している時のみ有効です. + + + + + + + -i interfacename + + + + +指定したインターフェースをコンテナ内に移動させます.ネットワーク (NETWORK) 名前空間を指定している時のみ有効です.複数のインターフェースをコンテナに移動させるために複数回指定することも可能です. + + + + + + + -d + + + + +デーモンにします (コマンドはコンテナの終了を待ちません). + + + + + + + -M + + + + +コンテナ内でデフォルトのファイルシステム (/proc, /dev/shm, /dev/mqueue) をマウントします.マウント (MOUNT) 名前空間を指定している時のみ有効です. @@ -174,6 +237,28 @@ by KATOH Yasufumi ps の出力は,その名前空間内には他のプロセスが存在しない事を表示するでしょう. + + +新しいネットワーク,PID,マウント,ホスト名 (UTS) 名前空間でシェルを起動するには, + + lxc-unshare -s "NETWORK|PID|MOUNT|UTSNAME" -M -H slave -i veth1 /bin/bash + + + +起動したシェルは PID 1 を持ち,2 つのネットワークインターフェース (lo と veth1) を持ちます. +ホスト名は "slave" となり,/proc は再マウントされます.ps コマンドは,名前空間内には他のプロセスがない状態を表示するでしょう. + &seealso; diff --git a/doc/ja/lxc.conf.sgml.in b/doc/ja/lxc.conf.sgml.in index 1140c7f..18a3ec3 100644 --- a/doc/ja/lxc.conf.sgml.in +++ b/doc/ja/lxc.conf.sgml.in @@ -305,7 +305,7 @@ by KATOH Yasufumi several network virtualization types can be specified for the same container, as well as assigning several network interfaces for one container. The different - virtualization types can be: + virtualization types can sbe: --> コンテナがどの種類のネットワーク仮想化を使うかを指定します. 一つのネットワークの設定ごとに lxc.network.type フィールドを指定します. @@ -315,6 +315,20 @@ by KATOH Yasufumi + none: ホストのネットワーク名前空間を共有します. + これにより,ホストのネットワークデバイスをコンテナ内で使うことが可能になります. + もしコンテナもホストも init として upstart を使っている場合,(例えば) コンテナ内で 'halt' を実行すると,ホストがシャットダウンしてしまうことにもなります. + + + + -- 1.8.4.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc_init.c: error handing for sigaction and sigprocmask
Look through all LXC code and seems like only here are missed.
Signed-off-by: Qiang Huang
---
Maybe this bug can be marked resolved:
https://github.com/lxc/lxc/issues/83
---
src/lxc/lxc_init.c | 46 +++---
1 file changed, 31 insertions(+), 15 deletions(-)
diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index d88a935..a59dd9c 100644
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -123,11 +123,14 @@ int main(int argc, char *argv[])
* mask all the signals so we are safe to install a
* signal handler and to fork
*/
- sigfillset(&mask);
- sigdelset(&mask, SIGILL);
- sigdelset(&mask, SIGSEGV);
- sigdelset(&mask, SIGBUS);
- sigprocmask(SIG_SETMASK, &mask, &omask);
+ if (sigfillset(&mask) ||
+ sigdelset(&mask, SIGILL) ||
+ sigdelset(&mask, SIGSEGV) ||
+ sigdelset(&mask, SIGBUS) ||
+ sigprocmask(SIG_SETMASK, &mask, &omask)) {
+ SYSERROR("failed to set signal mask");
+ exit(EXIT_FAILURE);
+ }
for (i = 1; i < NSIG; i++) {
struct sigaction act;
@@ -143,15 +146,22 @@ int main(int argc, char *argv[])
i == SIGKILL)
continue;
- sigfillset(&act.sa_mask);
- sigdelset(&act.sa_mask, SIGILL);
- sigdelset(&act.sa_mask, SIGSEGV);
- sigdelset(&act.sa_mask, SIGBUS);
- sigdelset(&act.sa_mask, SIGSTOP);
- sigdelset(&act.sa_mask, SIGKILL);
+ if (sigfillset(&act.sa_mask) ||
+ sigdelset(&act.sa_mask, SIGILL) ||
+ sigdelset(&act.sa_mask, SIGSEGV) ||
+ sigdelset(&act.sa_mask, SIGBUS) ||
+ sigdelset(&act.sa_mask, SIGSTOP) ||
+ sigdelset(&act.sa_mask, SIGKILL)) {
+ ERROR("failed to set signal");
+ exit(EXIT_FAILURE);
+ }
+
act.sa_flags = 0;
act.sa_handler = interrupt_handler;
- sigaction(i, &act, NULL);
+ if (sigaction(i, &act, NULL)) {
+ SYSERROR("failed to sigaction");
+ exit(EXIT_FAILURE);
+ }
}
lxc_setup_fs();
@@ -170,7 +180,10 @@ int main(int argc, char *argv[])
for (i = 1; i < NSIG; i++)
signal(i, SIG_DFL);
- sigprocmask(SIG_SETMASK, &omask, NULL);
+ if (sigprocmask(SIG_SETMASK, &omask, NULL)) {
+ SYSERROR("failed to set signal mask");
+ exit(EXIT_FAILURE);
+ }
NOTICE("about to exec '%s'", aargv[0]);
@@ -180,8 +193,11 @@ int main(int argc, char *argv[])
}
/* let's process the signals now */
- sigdelset(&omask, SIGALRM);
- sigprocmask(SIG_SETMASK, &omask, NULL);
+ if (sigdelset(&omask, SIGALRM) ||
+ sigprocmask(SIG_SETMASK, &omask, NULL)) {
+ SYSERROR("failed to set signal mask");
+ exit(EXIT_FAILURE);
+ }
/* no need of other inherited fds but stderr */
close(fileno(stdin));
--
1.8.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] State of templates (wrt lxc-download)
Hey everyone, So I just did a few tests on a standard Ubuntu system, trying to create a container for each distro that LXC supports, results are: alpine FAILED (signature validation failure) altlinuxBROKEN (blows up in a few interesting ways) archlinux BROKEN (requires pacman) centos BUILDABLE (waiting on common config) debian DONE fedora BUILDABLE (waiting on common config) gentoo BUILDABLE (waiting on common config) openmandrivaBROKEN (requires a mandriva host) opensuseBROKEN (requires zypper) oracle DONE plamo DONE ubuntu DONE So in short, if the following templates switch to using config includes, they'll easily be added to the daily builds for lxc-download: - centos - fedora - gentoo alpine should also work but I'm not too sure what's happening, seems to be some kind of gpg validation failure on the package manager itself. I'll try to poke at it some more later. The 4 others simply don't seem to work on a host that's running another distro, so to add those to lxc-download, I'd first need to see them converted to using config includes and once that's done, I'll need an initial rootfs tarball so I can setup a build environment that's running the right distro (one time thing as I'll just have it update from lxc-download afterwards). -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] Initial support for cgmanager
Hi Serge, On Wed, Jan 15, 2014 at 12:19 PM, Serge Hallyn wrote: > Quoting Stéphane Graber (stgra...@ubuntu.com): >> On Tue, Jan 14, 2014 at 04:41:36PM -0600, Serge Hallyn wrote: >> > This patch splits out most of the cgroupfs-specific code, so that >> > cgroup-manager versions can be plugged in. The case I did >> > not handle is cgroup_enter at lxc_attach. I'm hoping that case can >> > be greatly simplified, but will worry about it after fleshing out the >> > cgroup manager handlers. >> > >> > This also simplify the freezer functions. >> > >> > This seems to not regress my common tests when running without >> > cgmanager, but I'd like to do a bit more testing before pushing. >> > However I was hoping to get some more eyes on this so am sending it >> > out now. >> > >> > Signed-off-by: Serge Hallyn >> >> So I haven't spotted anything obviously wrong with it, besides the few >> functions that are currently marked as unimplemented. > >> I also confirmed that the code still builds on all supported platforms >> (without cgmanager), so if it breaks the existing code path, it doesn't >> do so in any obvious way. > > All my testing currently seems to be passing (using cgroupfs driver). > Ideally I'd like to get wider testing. Can anyone suggest a better way > than for me to simply push the patch upstream? Haven't looked at the new code but seems like freezer code is broken on master (or something else changed), this is _without_ cgmanager https://gist.github.com/caglar10ur/8450091 > -serge > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- S.Çağlar Onur ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] skip rootfs pinning for unprivileged containers
Signed-off-by: S.Çağlar Onur
---
src/lxc/start.c | 11 +++
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 6c07e43..fbdfc05 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -782,11 +782,14 @@ static int lxc_spawn(struct lxc_handler *handler)
/*
* if the rootfs is not a blockdev, prevent the container from
* marking it readonly.
+*
+* if the container is unprivileged then skip rootfs pinning
*/
-
- handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
- if (handler->pinfd == -1)
- INFO("failed to pin the container's rootfs");
+ if (lxc_list_empty(&handler->conf->id_map)) {
+ handler->pinfd = pin_rootfs(handler->conf->rootfs.path);
+ if (handler->pinfd == -1)
+ INFO("failed to pin the container's rootfs");
+ }
if (preserve_ns(saved_ns_fd, preserve_mask) < 0)
goto out_delete_net;
--
1.8.3.2
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] d4ef7c: Initial support for cgmanager
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: d4ef7c50ae980d13f6e7a44c595228a8cba9d8f2 https://github.com/lxc/lxc/commit/d4ef7c50ae980d13f6e7a44c595228a8cba9d8f2 Author: Serge Hallyn Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M configure.ac M src/lxc/Makefile.am M src/lxc/attach.c A src/lxc/cgmanager.c M src/lxc/cgroup.c M src/lxc/cgroup.h M src/lxc/commands.c M src/lxc/conf.c M src/lxc/conf.h M src/lxc/freezer.c M src/lxc/lxc.h M src/lxc/start.c M src/lxc/start.h Log Message: --- Initial support for cgmanager This patch splits out most of the cgroupfs-specific code, so that cgroup-manager versions can be plugged in. The case I did not handle is cgroup_enter at lxc_attach. I'm hoping that case can be greatly simplified, but will worry about it after fleshing out the cgroup manager handlers. This also simplify the freezer functions. This seems to not regress my common tests when running without cgmanager, but I'd like to do a bit more testing before pushing. However I was hoping to get some more eyes on this so am sending it out now. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: 6873d6f078d801c36948c2e63c3fc8f58812aeea https://github.com/lxc/lxc/commit/6873d6f078d801c36948c2e63c3fc8f58812aeea Author: Serge Hallyn Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/cgmanager.c Log Message: --- implement cgmanager_remove_cgroup Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Commit: 0086f49995a77fe66ad7573834c941ca5d24f4d2 https://github.com/lxc/lxc/commit/0086f49995a77fe66ad7573834c941ca5d24f4d2 Author: Serge Hallyn Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/cgmanager.c M src/lxc/cgroup.c M src/lxc/cgroup.h M src/lxc/commands.c Log Message: --- stop cmd callback: unfreeze by path only in particular, regular unfreeze uses the cmd api to request the cgroup of the container. If we are already in the lxc-start monitor, we can't use the cmd api. (I knew when I started this would be a problem but then as it didn't reliably crash, I forgot to handle it) Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/9cde0368fbbf...0086f49995a7___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 3fefd6: ubuntu: Don't fail on invalid locale
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 3fefd6e6d5bdd38a0e29587896b9b8bb6db6af2e https://github.com/lxc/lxc/commit/3fefd6e6d5bdd38a0e29587896b9b8bb6db6af2e Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-ubuntu.in Log Message: --- ubuntu: Don't fail on invalid locale Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: 9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08 https://github.com/lxc/lxc/commit/9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-ubuntu-cloud.in Log Message: --- lxc-ubuntu-cloud: Fix cache and lock location Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Compare: https://github.com/lxc/lxc/compare/19668d8b0798...9cde0368fbbf___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] CLONE_PARENT after setns(CLONE_NEWPID)
Quoting Christian Seiler (christ...@iwakd.de):
> Eric W. Biederman writes:
> >So hmm.
> >
> >Because it can do no harm, and because it is a regression let's remove
> >the CLONE_PARENT check and send it stable.
> >
> >diff --git a/kernel/fork.c b/kernel/fork.c
> >index 086fe73..c447fbc 100644
> >--- a/kernel/fork.c
> >+++ b/kernel/fork.c
> >@@ -1174,7 +1174,7 @@ static struct task_struct *copy_process(unsigned long
> >clone_flags,
> > * do not allow it to share a thread group or signal handlers or
> > * parent with the forking task.
> > */
> >- if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
> >+ if (clone_flags & (CLONE_SIGHAND)) {
> > if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
> > (task_active_pid_ns(current) !=
> > current->nsproxy->pid_ns_for_children))
>
> Just a short question, what happened to this patch? As far as I can
> tell, 3.13rc8 doesn't include it, neither does the current 3.12.7. This
> means that lxc-attach currently still doesn't work on 3.12 and probably
> won't work on 3.13 either... (3.11 is fine, see the previous mails in
> this thread.)
So, hm. I didn't realize it hadn't hit upstream, because it's in the
ubuntu kernel (unfortunately wrongly attributed).
However it is in linux-next since Nov 27.
-serge
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] ubuntu: Don't fail on invalid locale
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > templates/lxc-ubuntu.in | 8 > 1 file changed, 4 insertions(+), 4 deletions(-) > > diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in > index d9bb8a4..74d6eb4 100644 > --- a/templates/lxc-ubuntu.in > +++ b/templates/lxc-ubuntu.in > @@ -87,11 +87,11 @@ EOF > > # make sure we have the current locale defined in the container > if [ -z "$LANG" ] || echo $LANG | grep -E -q "^C(\..+)*$"; then > -chroot $rootfs locale-gen en_US.UTF-8 > -chroot $rootfs update-locale LANG=en_US.UTF-8 > +chroot $rootfs locale-gen en_US.UTF-8 || true > +chroot $rootfs update-locale LANG=en_US.UTF-8 || true > else > -chroot $rootfs locale-gen $LANG > -chroot $rootfs update-locale LANG=$LANG > +chroot $rootfs locale-gen $LANG || true > +chroot $rootfs update-locale LANG=$LANG || true > fi > > # generate new SSH keys > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-ubuntu-cloud: Fix cache and lock location
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Oh. Drat. Thanks, I shoulda done that yesterday. Acked-by: Serge E. Hallyn > --- > templates/lxc-ubuntu-cloud.in | 6 -- > 1 file changed, 4 insertions(+), 2 deletions(-) > > diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in > index 2cf86c9..7a3c8c3 100644 > --- a/templates/lxc-ubuntu-cloud.in > +++ b/templates/lxc-ubuntu-cloud.in > @@ -283,8 +283,10 @@ type wget > # determine the url, tarball, and directory names > # download if needed > cache="$STATE_DIR/cache/lxc/cloud-$release" > -STATE_DIR="$HOME/.cache/lxc/" > -cache="$HOME/.cache/lxc/cloud-$release" > +if [ $in_userns -eq 1 ]; then > +STATE_DIR="$HOME/.cache/lxc/" > +cache="$HOME/.cache/lxc/cloud-$release" > +fi > > mkdir -p $cache > > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 19668d: lxc-create: Don't print the help message twice
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 19668d8b0798d4078f17f83241b6c113a0ed1bb0 https://github.com/lxc/lxc/commit/19668d8b0798d4078f17f83241b6c113a0ed1bb0 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/lxc_create.c Log Message: --- lxc-create: Don't print the help message twice The forking logic was wrong, causing both the child and the parent to call the template with -h. Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-create: Don't print the help message twice
Quoting Stéphane Graber (stgra...@ubuntu.com):
> The forking logic was wrong, causing both the child and the parent to
> call the template with -h.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxc_create.c | 9 ++---
> 1 file changed, 6 insertions(+), 3 deletions(-)
>
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index 6d94709..058dc43 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lxc/lxc_create.c
> @@ -107,10 +107,13 @@ static void create_helpfn(const struct lxc_arguments
> *args) {
>
> if (!args->template)
> return;
> - if ((pid = fork()) < 0)
> - return;
> - if (pid)
> +
> + pid = fork();
> + if (pid) {
> wait_for_pid(pid);
> + return;
> + }
> +
> len = strlen(LXCTEMPLATEDIR) + strlen(args->template) + strlen("/lxc-")
> + 1;
> path = alloca(len);
> ret = snprintf(path, len, "%s/lxc-%s", LXCTEMPLATEDIR, args->template);
> --
> 1.8.5.2
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc-ubuntu-cloud: Fix cache and lock location
Signed-off-by: Stéphane Graber --- templates/lxc-ubuntu-cloud.in | 6 -- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in index 2cf86c9..7a3c8c3 100644 --- a/templates/lxc-ubuntu-cloud.in +++ b/templates/lxc-ubuntu-cloud.in @@ -283,8 +283,10 @@ type wget # determine the url, tarball, and directory names # download if needed cache="$STATE_DIR/cache/lxc/cloud-$release" -STATE_DIR="$HOME/.cache/lxc/" -cache="$HOME/.cache/lxc/cloud-$release" +if [ $in_userns -eq 1 ]; then +STATE_DIR="$HOME/.cache/lxc/" +cache="$HOME/.cache/lxc/cloud-$release" +fi mkdir -p $cache -- 1.8.5.2 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc-create: Don't print the help message twice
The forking logic was wrong, causing both the child and the parent to
call the template with -h.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc_create.c | 9 ++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index 6d94709..058dc43 100644
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -107,10 +107,13 @@ static void create_helpfn(const struct lxc_arguments
*args) {
if (!args->template)
return;
- if ((pid = fork()) < 0)
- return;
- if (pid)
+
+ pid = fork();
+ if (pid) {
wait_for_pid(pid);
+ return;
+ }
+
len = strlen(LXCTEMPLATEDIR) + strlen(args->template) + strlen("/lxc-")
+ 1;
path = alloca(len);
ret = snprintf(path, len, "%s/lxc-%s", LXCTEMPLATEDIR, args->template);
--
1.8.5.2
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] ubuntu: Don't fail on invalid locale
Signed-off-by: Stéphane Graber --- templates/lxc-ubuntu.in | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in index d9bb8a4..74d6eb4 100644 --- a/templates/lxc-ubuntu.in +++ b/templates/lxc-ubuntu.in @@ -87,11 +87,11 @@ EOF # make sure we have the current locale defined in the container if [ -z "$LANG" ] || echo $LANG | grep -E -q "^C(\..+)*$"; then -chroot $rootfs locale-gen en_US.UTF-8 -chroot $rootfs update-locale LANG=en_US.UTF-8 +chroot $rootfs locale-gen en_US.UTF-8 || true +chroot $rootfs update-locale LANG=en_US.UTF-8 || true else -chroot $rootfs locale-gen $LANG -chroot $rootfs update-locale LANG=$LANG +chroot $rootfs locale-gen $LANG || true +chroot $rootfs update-locale LANG=$LANG || true fi # generate new SSH keys -- 1.8.5.2 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [Passed] lxc/lxc#80 (lxc-1.0.0.beta2 - deccacf)
Build Update for lxc/lxc - Build: #80 Status: Passed Duration: 2 minutes and 39 seconds Commit: deccacf (lxc-1.0.0.beta2) Author: Stéphane Graber Message: change version to 1.0.0.beta2 in configure.ac Signed-off-by: Stéphane Graber View the changeset: https://github.com/lxc/lxc/compare/lxc-1.0.0.beta2 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/17032521 -- You can configure recipients for build notifications in your .travis.yml file. See http://about.travis-ci.org/docs/user/build-configuration ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 09ec76: Add missing entry to dist target
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 09ec76ceec35921a5fa992ba981c9dfdeab6f204 https://github.com/lxc/lxc/commit/09ec76ceec35921a5fa992ba981c9dfdeab6f204 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M doc/Makefile.am Log Message: --- Add missing entry to dist target Apparently this file has gone over 5 years without getting into a dist tarball! Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] deccac: change version to 1.0.0.beta2 in configure.ac
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: deccacff34d31fef8fd6c2c30d40faa354aefa32 https://github.com/lxc/lxc/commit/deccacff34d31fef8fd6c2c30d40faa354aefa32 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M configure.ac Log Message: --- change version to 1.0.0.beta2 in configure.ac Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/tags/lxc-1.0.0.beta2 Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 7a4016: Add local definition of sethostname to lxc_unshare
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 7a401679393f160322820efa683197f8d589ccc9 https://github.com/lxc/lxc/commit/7a401679393f160322820efa683197f8d589ccc9 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/lxc_unshare.c Log Message: --- Add local definition of sethostname to lxc_unshare sethostname doesn't exist on bionic, so copy/paste the definition of it we have in conf.c Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [Fixed] lxc/lxc#77 (master - 31a1209)
Build Update for lxc/lxc - Build: #77 Status: Fixed Duration: 2 minutes and 14 seconds Commit: 31a1209 (master) Author: Serge Hallyn Message: lxc-unshare: uid_t is unsigned. so we can't use uid==-1 as "don't do setuid" Signed-off-by: Serge Hallyn View the changeset: https://github.com/lxc/lxc/compare/c1bb25a831fd...31a1209de963 View the full build log and details: https://travis-ci.org/lxc/lxc/builds/17028663 -- You can configure recipients for build notifications in your .travis.yml file. See http://about.travis-ci.org/docs/user/build-configuration ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 31a120: lxc-unshare: uid_t is unsigned.
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 31a1209de9633c9ac235e46fcd913f04ea629ca4 https://github.com/lxc/lxc/commit/31a1209de9633c9ac235e46fcd913f04ea629ca4 Author: Serge Hallyn Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/lxc_unshare.c Log Message: --- lxc-unshare: uid_t is unsigned. so we can't use uid==-1 as "don't do setuid" Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [Broken] lxc/lxc#76 (master - c1bb25a)
Build Update for lxc/lxc - Build: #76 Status: Broken Duration: 2 minutes and 16 seconds Commit: c1bb25a (master) Author: Seth Robertson Message: Teach lxc_unshare about interfaces, mounts, hostname, daemonize lxc_unshare now takes one or more '-i interfacename' arguments which will move the named interfaces into the created container. lxc_unshare now takes -M argument which will cause the standard mounts (/proc /dev/shm /dev/mqueue) to be auto-mounted inside container. lxc_unshare now takes '-H hostname' argument to automatically set the hostname in the container. lxc_unshare now takes -D argument to automatically daemonize and detach from the created container, instead of waiting for the container to exit Signed-off-by: Seth Robertson Acked-by: Serge E. Hallyn View the changeset: https://github.com/lxc/lxc/compare/00fe5e1d19de...c1bb25a831fd View the full build log and details: https://travis-ci.org/lxc/lxc/builds/17024916 -- You can configure recipients for build notifications in your .travis.yml file. See http://about.travis-ci.org/docs/user/build-configuration ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 13d8bd: lxc_unshare -u argument useful even with USER name...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 13d8bde96f0a21da92bcf353ad5db3f6f83172c2 https://github.com/lxc/lxc/commit/13d8bde96f0a21da92bcf353ad5db3f6f83172c2 Author: Seth Robertson Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M doc/lxc-unshare.sgml.in M src/lxc/lxc_unshare.c Log Message: --- lxc_unshare -u argument useful even with USER namespace shared Signed-off-by: Seth Robertson Acked-by: Serge E. Hallyn Commit: c1bb25a831fdd568fb8c899b67a7be63c21f4a10 https://github.com/lxc/lxc/commit/c1bb25a831fdd568fb8c899b67a7be63c21f4a10 Author: Seth Robertson Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M doc/lxc-unshare.sgml.in M src/lxc/lxc_unshare.c Log Message: --- Teach lxc_unshare about interfaces, mounts, hostname, daemonize lxc_unshare now takes one or more '-i interfacename' arguments which will move the named interfaces into the created container. lxc_unshare now takes -M argument which will cause the standard mounts (/proc /dev/shm /dev/mqueue) to be auto-mounted inside container. lxc_unshare now takes '-H hostname' argument to automatically set the hostname in the container. lxc_unshare now takes -D argument to automatically daemonize and detach from the created container, instead of waiting for the container to exit Signed-off-by: Seth Robertson Acked-by: Serge E. Hallyn Compare: https://github.com/lxc/lxc/compare/00fe5e1d19de...c1bb25a831fd___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] Fwd: Re: CLONE_PARENT after setns(CLONE_NEWPID)
Sorry, forgot to change the lxc-devel mailing list address when replying
to this old thread...
Original-Nachricht
Betreff: Re: CLONE_PARENT after setns(CLONE_NEWPID)
Datum: Wed, 15 Jan 2014 22:11:18 +0100
Von: Christian Seiler
An: Eric W. Biederman , Oleg Nesterov
Kopie (CC): Serge Hallyn , Andy Lutomirski
, Brad Spengler , lkml
, Andy Whitcroft , Lxc
development list
Eric W. Biederman writes:
So hmm.
Because it can do no harm, and because it is a regression let's remove
the CLONE_PARENT check and send it stable.
diff --git a/kernel/fork.c b/kernel/fork.c
index 086fe73..c447fbc 100644
--- a/kernel/fork.c
+++ b/kernel/fork.c
@@ -1174,7 +1174,7 @@ static struct task_struct *copy_process(unsigned long
clone_flags,
* do not allow it to share a thread group or signal handlers or
* parent with the forking task.
*/
- if (clone_flags & (CLONE_SIGHAND | CLONE_PARENT)) {
+ if (clone_flags & (CLONE_SIGHAND)) {
if ((clone_flags & (CLONE_NEWUSER | CLONE_NEWPID)) ||
(task_active_pid_ns(current) !=
current->nsproxy->pid_ns_for_children))
Just a short question, what happened to this patch? As far as I can
tell, 3.13rc8 doesn't include it, neither does the current 3.12.7. This
means that lxc-attach currently still doesn't work on 3.12 and probably
won't work on 3.13 either... (3.11 is fine, see the previous mails in
this thread.)
-- Christian
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 00fe5e: debian: Switch to config includes
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 00fe5e1d19def221951c1bfcb631b47a2403c951 https://github.com/lxc/lxc/commit/00fe5e1d19def221951c1bfcb631b47a2403c951 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M config/templates/Makefile.am A config/templates/debian.common.conf.in A config/templates/debian.userns.conf.in M configure.ac M templates/lxc-debian.in Log Message: --- debian: Switch to config includes Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] debian: Switch to config includes
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> config/templates/Makefile.am | 2 ++
> config/templates/debian.common.conf.in | 62
> ++
> config/templates/debian.userns.conf.in | 9 +
> configure.ac | 2 ++
> templates/lxc-debian.in| 60 +++-
> 5 files changed, 102 insertions(+), 33 deletions(-)
> create mode 100644 config/templates/debian.common.conf.in
> create mode 100644 config/templates/debian.userns.conf.in
>
> diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
> index 4c71375..c7f5812 100644
> --- a/config/templates/Makefile.am
> +++ b/config/templates/Makefile.am
> @@ -1,6 +1,8 @@
> templatesconfigdir=@LXCTEMPLATECONFIG@
>
> templatesconfig_DATA = \
> + debian.common.conf \
> + debian.userns.conf \
> oracle.common.conf \
> oracle.userns.conf \
> plamo.common.conf \
> diff --git a/config/templates/debian.common.conf.in
> b/config/templates/debian.common.conf.in
> new file mode 100644
> index 000..09e5c40
> --- /dev/null
> +++ b/config/templates/debian.common.conf.in
> @@ -0,0 +1,62 @@
> +# Default pivot location
> +lxc.pivotdir = lxc_putold
> +
> +# Default mount entries
> +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
> +lxc.mount.entry = sysfs sys sysfs defaults 0 0
> +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none
> bind,optional 0 0
> +
> +# Default console settings
> +lxc.tty = 4
> +lxc.pts = 1024
> +
> +# Default capabilities
> +lxc.cap.drop = sys_module mac_admin mac_override sys_time
> +
> +# When using LXC with apparmor, the container will be confined by default.
> +# If you wish for it to instead run unconfined, copy the following line
> +# (uncommented) to the container's configuration file.
> +#lxc.aa_profile = unconfined
> +
> +# To support container nesting on an Ubuntu host while retaining most of
> +# apparmor's added security, use the following two lines instead.
> +#lxc.aa_profile = lxc-container-default-with-nesting
> +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
> +
> +# If you wish to allow mounting block filesystems, then use the following
> +# line instead, and make sure to grant access to the block device and/or loop
> +# devices below in lxc.cgroup.devices.allow.
> +#lxc.aa_profile = lxc-container-default-with-mounting
> +
> +# Default cgroup limits
> +lxc.cgroup.devices.deny = a
> +## Allow any mknod (but not using the node)
> +lxc.cgroup.devices.allow = c *:* m
> +lxc.cgroup.devices.allow = b *:* m
> +## /dev/null and zero
> +lxc.cgroup.devices.allow = c 1:3 rwm
> +lxc.cgroup.devices.allow = c 1:5 rwm
> +## consoles
> +lxc.cgroup.devices.allow = c 5:0 rwm
> +lxc.cgroup.devices.allow = c 5:1 rwm
> +## /dev/{,u}random
> +lxc.cgroup.devices.allow = c 1:8 rwm
> +lxc.cgroup.devices.allow = c 1:9 rwm
> +## /dev/pts/*
> +lxc.cgroup.devices.allow = c 5:2 rwm
> +lxc.cgroup.devices.allow = c 136:* rwm
> +## rtc
> +lxc.cgroup.devices.allow = c 254:0 rm
> +## fuse
> +lxc.cgroup.devices.allow = c 10:229 rwm
> +## tun
> +lxc.cgroup.devices.allow = c 10:200 rwm
> +## full
> +lxc.cgroup.devices.allow = c 1:7 rwm
> +## hpet
> +lxc.cgroup.devices.allow = c 10:228 rwm
> +## kvm
> +lxc.cgroup.devices.allow = c 10:232 rwm
> +## To use loop devices, copy the following line to the container's
> +## configuration file (uncommented).
> +#lxc.cgroup.devices.allow = b 7:* rwm
> diff --git a/config/templates/debian.userns.conf.in
> b/config/templates/debian.userns.conf.in
> new file mode 100644
> index 000..330a2f0
> --- /dev/null
> +++ b/config/templates/debian.userns.conf.in
> @@ -0,0 +1,9 @@
> +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
> +lxc.cgroup.devices.deny =
> +lxc.cgroup.devices.allow =
> +
> +# Extra bind-mounts for userns
> +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
> +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
> +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
> +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
> diff --git a/configure.ac b/configure.ac
> index c34dee1..2d55cd6 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -532,6 +532,8 @@ AC_CONFIG_FILES([
> config/Makefile
> config/etc/Makefile
> config/templates/Makefile
> + config/templates/debian.common.conf
> + config/templates/debian.userns.conf
> config/templates/oracle.common.conf
> config/templates/oracle.userns.conf
> config/templates/plamo.common.conf
> diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
> index f399c0b..5d41396 100644
> --- a/templates/lxc-debian.in
> +++ b/templates/lxc-debian.in
> @@ -21,6 +21,8 @@
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
>
> MIRROR=${MIRROR:-http://cdn.debian.net/debian}
> +LOCALSTATEDI
[lxc-devel] [PATCH] debian: Switch to config includes
Signed-off-by: Stéphane Graber
---
config/templates/Makefile.am | 2 ++
config/templates/debian.common.conf.in | 62 ++
config/templates/debian.userns.conf.in | 9 +
configure.ac | 2 ++
templates/lxc-debian.in| 60 +++-
5 files changed, 102 insertions(+), 33 deletions(-)
create mode 100644 config/templates/debian.common.conf.in
create mode 100644 config/templates/debian.userns.conf.in
diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index 4c71375..c7f5812 100644
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -1,6 +1,8 @@
templatesconfigdir=@LXCTEMPLATECONFIG@
templatesconfig_DATA = \
+ debian.common.conf \
+ debian.userns.conf \
oracle.common.conf \
oracle.userns.conf \
plamo.common.conf \
diff --git a/config/templates/debian.common.conf.in
b/config/templates/debian.common.conf.in
new file mode 100644
index 000..09e5c40
--- /dev/null
+++ b/config/templates/debian.common.conf.in
@@ -0,0 +1,62 @@
+# Default pivot location
+lxc.pivotdir = lxc_putold
+
+# Default mount entries
+lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0
+lxc.mount.entry = sysfs sys sysfs defaults 0 0
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none
bind,optional 0 0
+
+# Default console settings
+lxc.tty = 4
+lxc.pts = 1024
+
+# Default capabilities
+lxc.cap.drop = sys_module mac_admin mac_override sys_time
+
+# When using LXC with apparmor, the container will be confined by default.
+# If you wish for it to instead run unconfined, copy the following line
+# (uncommented) to the container's configuration file.
+#lxc.aa_profile = unconfined
+
+# To support container nesting on an Ubuntu host while retaining most of
+# apparmor's added security, use the following two lines instead.
+#lxc.aa_profile = lxc-container-default-with-nesting
+#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups
+
+# If you wish to allow mounting block filesystems, then use the following
+# line instead, and make sure to grant access to the block device and/or loop
+# devices below in lxc.cgroup.devices.allow.
+#lxc.aa_profile = lxc-container-default-with-mounting
+
+# Default cgroup limits
+lxc.cgroup.devices.deny = a
+## Allow any mknod (but not using the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+## /dev/null and zero
+lxc.cgroup.devices.allow = c 1:3 rwm
+lxc.cgroup.devices.allow = c 1:5 rwm
+## consoles
+lxc.cgroup.devices.allow = c 5:0 rwm
+lxc.cgroup.devices.allow = c 5:1 rwm
+## /dev/{,u}random
+lxc.cgroup.devices.allow = c 1:8 rwm
+lxc.cgroup.devices.allow = c 1:9 rwm
+## /dev/pts/*
+lxc.cgroup.devices.allow = c 5:2 rwm
+lxc.cgroup.devices.allow = c 136:* rwm
+## rtc
+lxc.cgroup.devices.allow = c 254:0 rm
+## fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
+## tun
+lxc.cgroup.devices.allow = c 10:200 rwm
+## full
+lxc.cgroup.devices.allow = c 1:7 rwm
+## hpet
+lxc.cgroup.devices.allow = c 10:228 rwm
+## kvm
+lxc.cgroup.devices.allow = c 10:232 rwm
+## To use loop devices, copy the following line to the container's
+## configuration file (uncommented).
+#lxc.cgroup.devices.allow = b 7:* rwm
diff --git a/config/templates/debian.userns.conf.in
b/config/templates/debian.userns.conf.in
new file mode 100644
index 000..330a2f0
--- /dev/null
+++ b/config/templates/debian.userns.conf.in
@@ -0,0 +1,9 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
diff --git a/configure.ac b/configure.ac
index c34dee1..2d55cd6 100644
--- a/configure.ac
+++ b/configure.ac
@@ -532,6 +532,8 @@ AC_CONFIG_FILES([
config/Makefile
config/etc/Makefile
config/templates/Makefile
+ config/templates/debian.common.conf
+ config/templates/debian.userns.conf
config/templates/oracle.common.conf
config/templates/oracle.userns.conf
config/templates/plamo.common.conf
diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in
index f399c0b..5d41396 100644
--- a/templates/lxc-debian.in
+++ b/templates/lxc-debian.in
@@ -21,6 +21,8 @@
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
MIRROR=${MIRROR:-http://cdn.debian.net/debian}
+LOCALSTATEDIR="@LOCALSTATEDIR@"
+LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
configure_debian()
{
@@ -202,11 +204,11 @@ copy_debian()
install_debian()
{
-cache="@LOCALSTATEDIR@/cache/lxc/debian"
+cache="$LOCALSTATEDIR/cache/lxc/debian"
rootfs=$1
release=$2
arch=$3
-mkdir -p @LOCALSTATEDIR@/lock/sub
[lxc-devel] [PATCH 3/1] stop cmd callback: unfreeze by path only
in particular, regular unfreeze uses the cmd api to request the cgroup
of the container. If we are already in the lxc-start monitor, we can't
use the cmd api.
(I knew when I started this would be a problem but then as it didn't
reliably crash, I forgot to handle it)
Signed-off-by: Serge Hallyn
---
src/lxc/cgmanager.c | 13 +
src/lxc/cgroup.c| 21 +
src/lxc/cgroup.h| 2 ++
src/lxc/commands.c | 2 +-
4 files changed, 37 insertions(+), 1 deletion(-)
diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index 53a1802..21083da 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -358,6 +358,18 @@ out_free:
return false;
}
+static int cgm_unfreeze_fromhandler(struct lxc_handler *handler)
+{
+ struct cgm_data *d = handler->cgroup_info->data;
+
+ if (cgmanager_set_value_sync(NULL, cgroup_manager, "freezer",
d->cgroup_path,
+ "freezer.state", "THAWED") != 0) {
+ ERROR("Error unfreezing %s", d->cgroup_path);
+ return false;
+ }
+ return true;
+}
+
static struct cgroup_ops cgmanager_ops = {
.destroy = cgm_destroy,
.init = cgm_init,
@@ -367,6 +379,7 @@ static struct cgroup_ops cgmanager_ops = {
.get_cgroup = cgm_get_cgroup,
.get = cgm_get,
.set = cgm_set,
+ .unfreeze_fromhandler = cgm_unfreeze_fromhandler,
.name = "cgmanager"
};
#endif
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index efc3e23..2b7eca0 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -2153,6 +2153,21 @@ static char *cgfs_get_cgroup(struct lxc_handler
*handler, const char *subsystem)
return lxc_cgroup_get_hierarchy_path_handler(subsystem, handler);
}
+static int cgfs_unfreeze_fromhandler(struct lxc_handler *handler)
+{
+ char *cgabspath, *cgrelpath;
+ int ret;
+
+ cgrelpath = lxc_cgroup_get_hierarchy_path_handler("freezer", handler);
+ cgabspath = lxc_cgroup_find_abs_path("freezer", cgrelpath, true, NULL);
+ if (!cgabspath)
+ return -1;
+
+ ret = do_cgroup_set(cgabspath, "freezer.state", "THAWED");
+ free(cgabspath);
+ return ret;
+}
+
static struct cgroup_ops cgfs_ops = {
.destroy = cgfs_destroy,
.init = cgfs_init,
@@ -2162,6 +2177,7 @@ static struct cgroup_ops cgfs_ops = {
.get_cgroup = cgfs_get_cgroup,
.get = lxc_cgroupfs_get,
.set = lxc_cgroupfs_set,
+ .unfreeze_fromhandler = cgfs_unfreeze_fromhandler,
.name = "cgroupfs",
};
static void init_cg_ops(void)
@@ -2266,3 +2282,8 @@ int lxc_cgroup_get(const char *filename, char *value,
size_t len, const char *na
init_cg_ops();
return active_cg_ops->get(filename, value, len, name, lxcpath);
}
+
+int lxc_unfreeze_fromhandler(struct lxc_handler *handler)
+{
+ return active_cg_ops->unfreeze_fromhandler(handler);
+}
diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h
index 8316e79..2b5a183 100644
--- a/src/lxc/cgroup.h
+++ b/src/lxc/cgroup.h
@@ -178,6 +178,7 @@ struct cgroup_ops {
char *(*get_cgroup)(struct lxc_handler *handler, const char *subsystem);
int (*set)(const char *filename, const char *value, const char *name,
const char *lxcpath);
int (*get)(const char *filename, char *value, size_t len, const char
*name, const char *lxcpath);
+ int (*unfreeze_fromhandler)(struct lxc_handler *handler);
const char *name;
};
@@ -214,5 +215,6 @@ extern bool cgroup_create_legacy(struct lxc_handler
*handler);
extern char *cgroup_get_cgroup(struct lxc_handler *handler, const char
*subsystem);
extern int lxc_cgroup_set(const char *filename, const char *value, const char
*name, const char *lxcpath);
extern int lxc_cgroup_get(const char *filename, char *value, size_t len, const
char *name, const char *lxcpath);
+extern int lxc_unfreeze_fromhandler(struct lxc_handler *handler);
#endif
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 29aa905..8b42c59 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -591,7 +591,7 @@ static int lxc_cmd_stop_callback(int fd, struct lxc_cmd_req
*req,
memset(&rsp, 0, sizeof(rsp));
rsp.ret = kill(handler->pid, stopsignal);
if (!rsp.ret) {
- ret = lxc_unfreeze(handler->name, handler->lxcpath);
+ ret = lxc_unfreeze_fromhandler(handler);
if (!ret)
return 0;
ERROR("Failed to unfreeze %s:%s", handler->lxcpath,
handler->name);
--
1.8.5.2
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] ceceea: Disable logpath for unprivileged containers
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ceceea1e967453d513484516aab4593f21cdbd89 https://github.com/lxc/lxc/commit/ceceea1e967453d513484516aab4593f21cdbd89 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/log.c Log Message: --- Disable logpath for unprivileged containers Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Disable logpath for unprivileged containers
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/log.c | 5 +
> 1 file changed, 5 insertions(+)
>
> diff --git a/src/lxc/log.c b/src/lxc/log.c
> index b09885c..4a2b7eb 100644
> --- a/src/lxc/log.c
> +++ b/src/lxc/log.c
> @@ -318,6 +318,11 @@ extern int lxc_log_init(const char *name, const char
> *file,
> lxc_logfile_specified = 1;
> ret = __lxc_log_set_file(file, 1);
> } else {
> +
> + /* For now, unprivileged containers have to set -l to get
> logging */
> + if (geteuid())
> + return 0;
> +
> ret = -1;
>
> if (!lxcpath)
> --
> 1.8.5.2
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] Disable logpath for unprivileged containers
Signed-off-by: Stéphane Graber
---
src/lxc/log.c | 5 +
1 file changed, 5 insertions(+)
diff --git a/src/lxc/log.c b/src/lxc/log.c
index b09885c..4a2b7eb 100644
--- a/src/lxc/log.c
+++ b/src/lxc/log.c
@@ -318,6 +318,11 @@ extern int lxc_log_init(const char *name, const char *file,
lxc_logfile_specified = 1;
ret = __lxc_log_set_file(file, 1);
} else {
+
+ /* For now, unprivileged containers have to set -l to get
logging */
+ if (geteuid())
+ return 0;
+
ret = -1;
if (!lxcpath)
--
1.8.5.2
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 0ce294: oracle: Fix running template unprivileged
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 0ce2946360098f936d525ceabd8cb7c60207c005 https://github.com/lxc/lxc/commit/0ce2946360098f936d525ceabd8cb7c60207c005 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M config/templates/oracle.userns.conf.in Log Message: --- oracle: Fix running template unprivileged Without this /dev/console won't exist and upstart will fail to start any job marking as "console output" including the rather important rcS. Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] oracle: Fix running template unprivileged
Quoting Stéphane Graber (stgra...@ubuntu.com): > Without this /dev/console won't exist and upstart will fail to start any > job marking as "console output" including the rather important rcS. > > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > config/templates/oracle.userns.conf.in | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/config/templates/oracle.userns.conf.in > b/config/templates/oracle.userns.conf.in > index dec2ae8..892fa1e 100644 > --- a/config/templates/oracle.userns.conf.in > +++ b/config/templates/oracle.userns.conf.in > @@ -6,6 +6,7 @@ lxc.cgroup.devices.allow = > lxc.devttydir = > > # Extra bind-mounts for userns > +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 > lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 > lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 > lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] oracle: Fix running template unprivileged
Without this /dev/console won't exist and upstart will fail to start any job marking as "console output" including the rather important rcS. Signed-off-by: Stéphane Graber --- config/templates/oracle.userns.conf.in | 1 + 1 file changed, 1 insertion(+) diff --git a/config/templates/oracle.userns.conf.in b/config/templates/oracle.userns.conf.in index dec2ae8..892fa1e 100644 --- a/config/templates/oracle.userns.conf.in +++ b/config/templates/oracle.userns.conf.in @@ -6,6 +6,7 @@ lxc.cgroup.devices.allow = lxc.devttydir = # Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 -- 1.8.5.2 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 2/1] implement cgmanager_remove_cgroup
Signed-off-by: Serge Hallyn
---
src/lxc/cgmanager.c | 11 ---
1 file changed, 8 insertions(+), 3 deletions(-)
diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index 92745dc..53a1802 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -130,10 +130,15 @@ struct cgm_data {
char *cgroup_path;
};
-void cgmanager_remove_cgroup(const char *subsystem, const char *path)
+#define CG_REMOVE_RECURSIVE 1
+void cgmanager_remove_cgroup(const char *controller, const char *path)
{
- // TODO implement
- WARN("%s: not yet implemented", __func__);
+ int existed;
+ if ( cgmanager_remove_sync(NULL, cgroup_manager, controller,
+ path, CG_REMOVE_RECURSIVE, &existed) != 0)
+ ERROR("Error removing %s:%s", controller, path);
+ if (!existed)
+ INFO("cgroup removal attempt: %s:%s did not exist");
}
static void cgm_destroy(struct lxc_handler *handler)
--
1.8.5.2
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] Initial support for cgmanager
On Wed, Jan 15, 2014 at 11:19:41AM -0600, Serge Hallyn wrote: > Quoting Stéphane Graber (stgra...@ubuntu.com): > > On Tue, Jan 14, 2014 at 04:41:36PM -0600, Serge Hallyn wrote: > > > This patch splits out most of the cgroupfs-specific code, so that > > > cgroup-manager versions can be plugged in. The case I did > > > not handle is cgroup_enter at lxc_attach. I'm hoping that case can > > > be greatly simplified, but will worry about it after fleshing out the > > > cgroup manager handlers. > > > > > > This also simplify the freezer functions. > > > > > > This seems to not regress my common tests when running without > > > cgmanager, but I'd like to do a bit more testing before pushing. > > > However I was hoping to get some more eyes on this so am sending it > > > out now. > > > > > > Signed-off-by: Serge Hallyn > > > > So I haven't spotted anything obviously wrong with it, besides the few > > functions that are currently marked as unimplemented. > > > I also confirmed that the code still builds on all supported platforms > > (without cgmanager), so if it breaks the existing code path, it doesn't > > do so in any obvious way. > > All my testing currently seems to be passing (using cgroupfs driver). > Ideally I'd like to get wider testing. Can anyone suggest a better way > than for me to simply push the patch upstream? > > -serge I'm planning on releasing beta2 later today, so I propose we push cgmanager support as the first thing after beta2 is out. That'll then let us stabilize it and test it until rc1 next week. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9e6997: oracle template: convert to common.conf style
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9e69977fa6fe9273cbe166cbb7f9cbbd427b5a01 https://github.com/lxc/lxc/commit/9e69977fa6fe9273cbe166cbb7f9cbbd427b5a01 Author: Dwight Engen Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M config/templates/Makefile.am A config/templates/oracle.common.conf.in A config/templates/oracle.userns.conf.in M configure.ac M templates/lxc-oracle.in Log Message: --- oracle template: convert to common.conf style Signed-off-by: Dwight Engen Acked-by: Stéphane Graber Commit: 91bcb2dd78c6ab7ece70ed461c5cfc2e16b0560e https://github.com/lxc/lxc/commit/91bcb2dd78c6ab7ece70ed461c5cfc2e16b0560e Author: Dwight Engen Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-oracle.in Log Message: --- oracle template: don't sed /etc/init/tty.conf on older releases Signed-off-by: Dwight Engen Acked-by: Stéphane Graber Commit: 563476727b3acb573de04614f4a4a6642da4580c https://github.com/lxc/lxc/commit/563476727b3acb573de04614f4a4a6642da4580c Author: Dwight Engen Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-oracle.in Log Message: --- oracle template: default to 6.5 when no release given or detected Signed-off-by: Dwight Engen Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/04a243f11d5d...563476727b3a___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 3/3] oracle template: default to 6.5 when no release given or detected
On Wed, Jan 15, 2014 at 12:21:57PM -0500, Dwight Engen wrote:
> Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber
> ---
> templates/lxc-oracle.in | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 6df328d..80c2df2 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -713,8 +713,8 @@ else
> if [ $host_distribution = "OracleServer" ]; then
> container_release_version=$host_release_version
> else
> -echo "No release specified with -R, defaulting to 6.4"
> -container_release_version="6.4"
> +echo "No release specified with -R, defaulting to 6.5"
> +container_release_version="6.5"
> fi
> fi
> container_release_major=`echo $container_release_version |awk -F '.'
> '{print $1}'`
> --
> 1.8.3.1
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/3] oracle template: don't sed /etc/init/tty.conf on older releases
On Wed, Jan 15, 2014 at 12:21:52PM -0500, Dwight Engen wrote: > Signed-off-by: Dwight Engen Acked-by: Stéphane Graber > --- > templates/lxc-oracle.in | 4 +++- > 1 file changed, 3 insertions(+), 1 deletion(-) > > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in > index ccc746a..6df328d 100644 > --- a/templates/lxc-oracle.in > +++ b/templates/lxc-oracle.in > @@ -245,7 +245,9 @@ EOF > echo "pts/0">>$container_rootfs/etc/securetty > > # prevent mingetty from calling vhangup(2) since it fails with userns > -sed -i 's|mingetty|mingetty --nohangup|' > $container_rootfs/etc/init/tty.conf > +if [ -f $container_rootfs/etc/init/tty.conf ]; then > +sed -i 's|mingetty|mingetty --nohangup|' > $container_rootfs/etc/init/tty.conf > +fi > > # dont try to unmount /dev/lxc devices > sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~ > /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt > -- > 1.8.3.1 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] plamo: Update template to use wget when download packages
On Thu, Jan 16, 2014 at 01:55:52AM +0900, KATOH Yasufumi wrote:
> Signed-off-by: TAMUKI Shoichi
> Signed-off-by: KATOH Yasufumi
Thanks for that!
Acked-by: Stéphane Graber
> ---
> templates/lxc-plamo.in | 94
> --
> 1 file changed, 45 insertions(+), 49 deletions(-)
>
> diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
> index a40bec7..9af29e4 100644
> --- a/templates/lxc-plamo.in
> +++ b/templates/lxc-plamo.in
> @@ -28,52 +28,35 @@
> # ref. https://github.com/Ponce/lxc-slackware/blob/master/lxc-slackware
> # lxc-ubuntu script
>
> -LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
> +set -eu
>
> [ -r /etc/default/lxc ] && . /etc/default/lxc
>
> +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
> +
> +DOWNLOAD_SCHEME=${DOWNLOAD_SCHEME:-"http"}
> MIRRORSRV=${MIRRORSRV:-"ftp.ne.jp"}
> MIRRORPATH=${MIRRORPATH:-"/Linux/distributions/plamolinux"}
> CATEGORY[0]=${CATEGORY:-"00_base"}
> -PACKAGES[0]=${PACKAGES:-"aaa_base acl at attr bash btrfs_progs bzip2
> -coreutils cracklib dcron devs dhcp dialog dosfstools dump e2fsprogs
> -ed eject etc extipl file findutils gawk glibc grep groff grub gzip
> -hdsetup hibernate_script iproute2 iputils kbd kmod less libcap
> -libgcc libtirpc lilo linux_pam logrotate lvm2 man
> -mdadm microcode_ctl mlocate ncurses net_tools netkit_combo
> -network_configs nvi openbsd_inetd openssh openssl os_prober pciutils
> -pm_utils procinfo_ng procps_ng readline reiserfsprogs rsyslog sed
> -shadow sudo sysfsutils syslinux sysvinit tar tcp_wrappers tcsh
> -timezone traceroute udev unicon_tools util_linux xz zlib"}
> +IGNOREPKG[0]=${IGNOREPKGS:-"grub kernel lilo linux_firmware microcode_ctl"}
> CATEGORY[1]="01_minimum"
> -PACKAGES[1]="FDclone autofs bc berkeley_db bsd_games cpio cpufreqd
> -cpufrequtils fortune_mod gc gdbm gpm hddtemp hdparm keyutils libelf
> -libieee1284 libusb libusb_compat libxml2 libzip linux_howto lm_sensors
> -lshw lsof lv man_pages man_pages_ja nilfs_utils nkf pcre perl popt
> -psmisc python recode rpm2targz ruby screen sg3_utils sharutils sqlite
> -squashfs_lzma sysstat texinfo time tree unzip usbutils utempter which
> -yaml zip zsh"
> +IGNOREPKG[1]="cpufreqd cpufrequtils gpm"
> CATEGORY[2]="01_minimum/alsa.txz"
> -PACKAGES[2]="alsa_lib alsa_plugins alsa_utils"
> +IGNOREPKG[2]=""
> CATEGORY[3]="01_minimum/aspell.txz"
> -PACKAGES[3]="aspell aspell6_en"
> +IGNOREPKG[3]=""
> CATEGORY[4]="01_minimum/devel.txz"
> -PACKAGES[4]="autoconf automake binutils bison cloog cvs diffutils flex
> -g++ gcc gdb gettext gmp indent intltool kernel_headers libc libtool
> -m4 make mpc mpfr onig patch pkg_config ppl pth slang strace yasm"
> +IGNOREPKG[4]=""
> CATEGORY[5]="01_minimum/gnupg_tls.txz"
> -PACKAGES[5]="gnupg gnutls gpgme libassuan libgcrypt libgpg_error libksba
> -libtasn1"
> +IGNOREPKG[5]=""
> CATEGORY[6]="01_minimum/network.txz"
> -PACKAGES[6]="bind bridge_utils curl cyrus_sasl dnsmasq ethtool fetchmail
> -heimdal hostapd iptables iw libidn libiec61883 libnl3 libpcap
> -libraw1394 libssh2 mailx metamail ncftp ntrack parprouted postfix
> -ppp procmail rsync setserial uml_utilities w3m wget wireless_tools
> -wpa_supplicant"
> +IGNOREPKG[6]=""
> CATEGORY[7]="01_minimum/nfs.txz"
> -PACKAGES[7]="libevent libnfsidmap nfs_utils rpcbind"
> +IGNOREPKG[7]=""
> CATEGORY[8]="01_minimum/tcl.txz"
> -PACKAGES[8]="expect itcl tcl tclx"
> +IGNOREPKG[8]=""
> +
> +CATEGORY_PATH=""
>
> download_plamo() {
># check the mini plamo was not already downloaded
> @@ -83,21 +66,36 @@ download_plamo() {
>fi
># download a mini plamo into a cache
>echo "Downloading Plamo-$release minimal..."
> - echo "open $MIRRORSRV" > /tmp/getpkg
> + cd $ptcache
>for i in `seq 0 $((${#CATEGORY[@]} - 1))` ; do
> -for p in ${PACKAGES[$i]} ; do
> - cat <<- EOF >> /tmp/getpkg
> - mget $MIRRORPATH/Plamo-$release/$arch/plamo/${CATEGORY[$i]}/$p-*.t?z
> - EOF
> -done
> +CATEGORYPATH=${MIRRORPATH}/Plamo-${release}/${arch}/plamo/${CATEGORY[$i]}
> +WGETOPT="-nv -r -l1 -e robots=off -nd --no-parent -c --retr-symlinks -A
> .txz"
> +EXCLUDE_OPT=""
> +if [ $DOWNLOAD_SCHEME = "http" ] ; then
> + if [ -n "${IGNOREPKG[$i]}" ] ; then
> +for p in ${IGNOREPKG[$i]} ; do
> + EXCLUDE_OPT="${EXCLUDE_OPT} -R ${p}* "
> +done
> + fi
> + if ! wget ${WGETOPT} ${EXCLUDE_OPT} -X ${CATEGORY_PATH}/old
> http://${MIRRORSRV}${CATEGORYPATH} ; then
> +echo "Failed to download the rootfs, aborting."
> +return 1
> + fi
> +elif [ $DOWNLOAD_SCHEME = "ftp" ] ; then
> + if [ -n "${IGNOREPKG[$i]}" ] ; then
> +for p in ${IGNOREPKG[$i]} ; do
> + EXCLUDE_OPT="${EXCLUDE_OPT} -x ${p} "
> +done
> + fi
> + if ! lftp -c "open ${MIRRORSRV} && cd ${CATEGORYPATH} && mirror -i
> .txz -x old ${EXCLUDE_OPT} -r ." ; then
> +echo "Failed to download
Re: [lxc-devel] [PATCH 1/3] oracle template: convert to common.conf style
On Wed, Jan 15, 2014 at 12:21:44PM -0500, Dwight Engen wrote: > Signed-off-by: Dwight Engen I'll apply this with the small change listed below. Acked-by: Stéphane Graber > --- > config/templates/Makefile.am | 2 ++ > config/templates/oracle.common.conf.in | 45 > ++ > config/templates/oracle.userns.conf.in | 17 + > configure.ac | 2 ++ > templates/lxc-oracle.in| 42 ++- > 5 files changed, 73 insertions(+), 35 deletions(-) > create mode 100644 config/templates/oracle.common.conf.in > create mode 100644 config/templates/oracle.userns.conf.in > > diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am > index dd0dfa4..4c71375 100644 > --- a/config/templates/Makefile.am > +++ b/config/templates/Makefile.am > @@ -1,6 +1,8 @@ > templatesconfigdir=@LXCTEMPLATECONFIG@ > > templatesconfig_DATA = \ > + oracle.common.conf \ > + oracle.userns.conf \ > plamo.common.conf \ > plamo.userns.conf \ > ubuntu-cloud.common.conf \ > diff --git a/config/templates/oracle.common.conf.in > b/config/templates/oracle.common.conf.in > new file mode 100644 > index 000..515c4c8 > --- /dev/null > +++ b/config/templates/oracle.common.conf.in > @@ -0,0 +1,45 @@ > +# Console settings > +lxc.devttydir = lxc > +lxc.tty = 4 > +lxc.pts = 1024 > + > +# Mount entries > +lxc.mount.auto = proc:mixed sys:ro > + > +# Ensure hostname is changed on clone > +lxc.hook.clone = @DATADIR@/lxc/hooks/clonehostname I'll replace that for @LXCHOOKDIR@ > + > +# Capabilities > +# Uncomment these if you don't run anything that needs the capability, and > +# would like the container to run with less privilege. > +# > +# Dropping sys_admin disables container root from doing a lot of things > +# that could be bad like re-mounting lxc fstab entries rw for example, > +# but also disables some useful things like being able to nfs mount, and > +# things that are already namespaced with ns_capable() kernel checks, like > +# hostname(1). > +# lxc.cap.drop = sys_admin > +# lxc.cap.drop = net_raw # breaks dhcp/ping > +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) > +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) > +# lxc.cap.drop = setuid # breaks sshd,nfs statd > +# lxc.cap.drop = audit_control# breaks sshd (set_loginuid failed) > +# lxc.cap.drop = audit_write > +# > +lxc.cap.drop = mac_admin mac_override setfcap setpcap > +lxc.cap.drop = sys_module sys_nice sys_pacct > +lxc.cap.drop = sys_rawio sys_time > + > +# Control Group devices: all denied except those whitelisted > +lxc.cgroup.devices.deny = a > +# Allow any mknod (but not reading/writing the node) > +lxc.cgroup.devices.allow = c *:* m > +lxc.cgroup.devices.allow = b *:* m > +lxc.cgroup.devices.allow = c 1:3 rwm # /dev/null > +lxc.cgroup.devices.allow = c 1:5 rwm # /dev/zero > +lxc.cgroup.devices.allow = c 1:7 rwm # /dev/full > +lxc.cgroup.devices.allow = c 5:0 rwm # /dev/tty > +lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random > +lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom > +lxc.cgroup.devices.allow = c 136:* rwm # /dev/tty[1-4] ptys and lxc > console > +lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx pty master > diff --git a/config/templates/oracle.userns.conf.in > b/config/templates/oracle.userns.conf.in > new file mode 100644 > index 000..dec2ae8 > --- /dev/null > +++ b/config/templates/oracle.userns.conf.in > @@ -0,0 +1,17 @@ > +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices > +lxc.cgroup.devices.deny = > +lxc.cgroup.devices.allow = > + > +# We can't move bind-mounts, so don't use /dev/lxc/ > +lxc.devttydir = > + > +# Extra bind-mounts for userns > +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 > +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 > +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 > +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 > +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 > + > +# Extra fstab entries as mountall can't mount those by itself > +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none > bind,optional 0 0 > +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none > bind,optional 0 0 > diff --git a/configure.ac b/configure.ac > index 44343dc..325dfd4 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -532,6 +532,8 @@ AC_CONFIG_FILES([ > config/Makefile > config/etc/Makefile > config/templates/Makefile > + config/templates/oracle.common.conf > + config/templates/oracle.userns.conf > config/templates/plamo.common.conf > config/templates/plamo.userns.conf > config/templates/ubuntu-cloud.common.conf > diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in > index 6ae60b0..ccc746a 100644 > --- a/templates/lxc-oracle.in >
[lxc-devel] [lxc/lxc] 8adef7: plamo: Update template to use wget when download p...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 8adef7614d4340b4ee44a4441fadd530f48515ed https://github.com/lxc/lxc/commit/8adef7614d4340b4ee44a4441fadd530f48515ed Author: KATOH Yasufumi Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-plamo.in Log Message: --- plamo: Update template to use wget when download packages Signed-off-by: TAMUKI Shoichi Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Commit: 04a243f11d5d4891b427107774d30d058bb191e7 https://github.com/lxc/lxc/commit/04a243f11d5d4891b427107774d30d058bb191e7 Author: Serge Hallyn Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M doc/lxc.conf.sgml.in Log Message: --- lxc.conf: note the 'lxc.network.type = none' option Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/959dd8f250a4...04a243f11d5d___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 3/3] oracle template: default to 6.5 when no release given or detected
Signed-off-by: Dwight Engen
---
templates/lxc-oracle.in | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 6df328d..80c2df2 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -713,8 +713,8 @@ else
if [ $host_distribution = "OracleServer" ]; then
container_release_version=$host_release_version
else
-echo "No release specified with -R, defaulting to 6.4"
-container_release_version="6.4"
+echo "No release specified with -R, defaulting to 6.5"
+container_release_version="6.5"
fi
fi
container_release_major=`echo $container_release_version |awk -F '.'
'{print $1}'`
--
1.8.3.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 2/3] oracle template: don't sed /etc/init/tty.conf on older releases
Signed-off-by: Dwight Engen --- templates/lxc-oracle.in | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in index ccc746a..6df328d 100644 --- a/templates/lxc-oracle.in +++ b/templates/lxc-oracle.in @@ -245,7 +245,9 @@ EOF echo "pts/0">>$container_rootfs/etc/securetty # prevent mingetty from calling vhangup(2) since it fails with userns -sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf +if [ -f $container_rootfs/etc/init/tty.conf ]; then +sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf +fi # dont try to unmount /dev/lxc devices sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~ /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt -- 1.8.3.1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 1/3] oracle template: convert to common.conf style
Signed-off-by: Dwight Engen
---
config/templates/Makefile.am | 2 ++
config/templates/oracle.common.conf.in | 45 ++
config/templates/oracle.userns.conf.in | 17 +
configure.ac | 2 ++
templates/lxc-oracle.in| 42 ++-
5 files changed, 73 insertions(+), 35 deletions(-)
create mode 100644 config/templates/oracle.common.conf.in
create mode 100644 config/templates/oracle.userns.conf.in
diff --git a/config/templates/Makefile.am b/config/templates/Makefile.am
index dd0dfa4..4c71375 100644
--- a/config/templates/Makefile.am
+++ b/config/templates/Makefile.am
@@ -1,6 +1,8 @@
templatesconfigdir=@LXCTEMPLATECONFIG@
templatesconfig_DATA = \
+ oracle.common.conf \
+ oracle.userns.conf \
plamo.common.conf \
plamo.userns.conf \
ubuntu-cloud.common.conf \
diff --git a/config/templates/oracle.common.conf.in
b/config/templates/oracle.common.conf.in
new file mode 100644
index 000..515c4c8
--- /dev/null
+++ b/config/templates/oracle.common.conf.in
@@ -0,0 +1,45 @@
+# Console settings
+lxc.devttydir = lxc
+lxc.tty = 4
+lxc.pts = 1024
+
+# Mount entries
+lxc.mount.auto = proc:mixed sys:ro
+
+# Ensure hostname is changed on clone
+lxc.hook.clone = @DATADIR@/lxc/hooks/clonehostname
+
+# Capabilities
+# Uncomment these if you don't run anything that needs the capability, and
+# would like the container to run with less privilege.
+#
+# Dropping sys_admin disables container root from doing a lot of things
+# that could be bad like re-mounting lxc fstab entries rw for example,
+# but also disables some useful things like being able to nfs mount, and
+# things that are already namespaced with ns_capable() kernel checks, like
+# hostname(1).
+# lxc.cap.drop = sys_admin
+# lxc.cap.drop = net_raw # breaks dhcp/ping
+# lxc.cap.drop = setgid # breaks login (initgroups/setgroups)
+# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd)
+# lxc.cap.drop = setuid # breaks sshd,nfs statd
+# lxc.cap.drop = audit_control# breaks sshd (set_loginuid failed)
+# lxc.cap.drop = audit_write
+#
+lxc.cap.drop = mac_admin mac_override setfcap setpcap
+lxc.cap.drop = sys_module sys_nice sys_pacct
+lxc.cap.drop = sys_rawio sys_time
+
+# Control Group devices: all denied except those whitelisted
+lxc.cgroup.devices.deny = a
+# Allow any mknod (but not reading/writing the node)
+lxc.cgroup.devices.allow = c *:* m
+lxc.cgroup.devices.allow = b *:* m
+lxc.cgroup.devices.allow = c 1:3 rwm # /dev/null
+lxc.cgroup.devices.allow = c 1:5 rwm # /dev/zero
+lxc.cgroup.devices.allow = c 1:7 rwm # /dev/full
+lxc.cgroup.devices.allow = c 5:0 rwm # /dev/tty
+lxc.cgroup.devices.allow = c 1:8 rwm # /dev/random
+lxc.cgroup.devices.allow = c 1:9 rwm # /dev/urandom
+lxc.cgroup.devices.allow = c 136:* rwm # /dev/tty[1-4] ptys and lxc console
+lxc.cgroup.devices.allow = c 5:2 rwm # /dev/ptmx pty master
diff --git a/config/templates/oracle.userns.conf.in
b/config/templates/oracle.userns.conf.in
new file mode 100644
index 000..dec2ae8
--- /dev/null
+++ b/config/templates/oracle.userns.conf.in
@@ -0,0 +1,17 @@
+# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices
+lxc.cgroup.devices.deny =
+lxc.cgroup.devices.allow =
+
+# We can't move bind-mounts, so don't use /dev/lxc/
+lxc.devttydir =
+
+# Extra bind-mounts for userns
+lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0
+lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0
+lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0
+lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0
+lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0
+
+# Extra fstab entries as mountall can't mount those by itself
+lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none
bind,optional 0 0
+lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none
bind,optional 0 0
diff --git a/configure.ac b/configure.ac
index 44343dc..325dfd4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -532,6 +532,8 @@ AC_CONFIG_FILES([
config/Makefile
config/etc/Makefile
config/templates/Makefile
+ config/templates/oracle.common.conf
+ config/templates/oracle.userns.conf
config/templates/plamo.common.conf
config/templates/plamo.userns.conf
config/templates/ubuntu-cloud.common.conf
diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
index 6ae60b0..ccc746a 100644
--- a/templates/lxc-oracle.in
+++ b/templates/lxc-oracle.in
@@ -370,40 +370,22 @@ EOF
container_config_create()
{
echo "Create configuration file $cfg_dir/config"
+mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir"
+
+echo "# Common configuration" >> $cfg_dir/config
+if [ -e "@LXCTEMPLATECONFIG@/oracle.common.conf" ]; then
+echo "lxc.include = @LXCTEMPLATECONFIG@/oracle.common.
Re: [lxc-devel] [PATCH 1/1] Initial support for cgmanager
Quoting Stéphane Graber (stgra...@ubuntu.com): > On Tue, Jan 14, 2014 at 04:41:36PM -0600, Serge Hallyn wrote: > > This patch splits out most of the cgroupfs-specific code, so that > > cgroup-manager versions can be plugged in. The case I did > > not handle is cgroup_enter at lxc_attach. I'm hoping that case can > > be greatly simplified, but will worry about it after fleshing out the > > cgroup manager handlers. > > > > This also simplify the freezer functions. > > > > This seems to not regress my common tests when running without > > cgmanager, but I'd like to do a bit more testing before pushing. > > However I was hoping to get some more eyes on this so am sending it > > out now. > > > > Signed-off-by: Serge Hallyn > > So I haven't spotted anything obviously wrong with it, besides the few > functions that are currently marked as unimplemented. > I also confirmed that the code still builds on all supported platforms > (without cgmanager), so if it breaks the existing code path, it doesn't > do so in any obvious way. All my testing currently seems to be passing (using cgroupfs driver). Ideally I'd like to get wider testing. Can anyone suggest a better way than for me to simply push the patch upstream? -serge ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] lxc.conf: note the 'lxc.network.type = none' option
On Wed, Jan 15, 2014 at 11:13:39AM -0600, Serge Hallyn wrote: > Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber > --- > doc/lxc.conf.sgml.in | 9 + > 1 file changed, 9 insertions(+) > > diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in > index ba10939..cadcc66 100644 > --- a/doc/lxc.conf.sgml.in > +++ b/doc/lxc.conf.sgml.in > @@ -230,6 +230,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, > Boston, MA 02110-1301 USA > > > > + none: will cause the container to share > + the host's network namespace. This means the host > + network devices are usable in the container. It also > + means that if both the container and host have upstart as > + init, 'halt' in a container (for instance) will shut down the > + host. > + > + > + > empty: will create only the loopback > interface. > > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] lxc.conf: note the 'lxc.network.type = none' option
Signed-off-by: Serge Hallyn --- doc/lxc.conf.sgml.in | 9 + 1 file changed, 9 insertions(+) diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in index ba10939..cadcc66 100644 --- a/doc/lxc.conf.sgml.in +++ b/doc/lxc.conf.sgml.in @@ -230,6 +230,15 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + none: will cause the container to share + the host's network namespace. This means the host + network devices are usable in the container. It also + means that if both the container and host have upstart as + init, 'halt' in a container (for instance) will shut down the + host. + + + empty: will create only the loopback interface. -- 1.8.5.2 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] plamo: Update template to use wget when download packages
Signed-off-by: TAMUKI Shoichi
Signed-off-by: KATOH Yasufumi
---
templates/lxc-plamo.in | 94 --
1 file changed, 45 insertions(+), 49 deletions(-)
diff --git a/templates/lxc-plamo.in b/templates/lxc-plamo.in
index a40bec7..9af29e4 100644
--- a/templates/lxc-plamo.in
+++ b/templates/lxc-plamo.in
@@ -28,52 +28,35 @@
# ref. https://github.com/Ponce/lxc-slackware/blob/master/lxc-slackware
# lxc-ubuntu script
-LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
+set -eu
[ -r /etc/default/lxc ] && . /etc/default/lxc
+LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@"
+
+DOWNLOAD_SCHEME=${DOWNLOAD_SCHEME:-"http"}
MIRRORSRV=${MIRRORSRV:-"ftp.ne.jp"}
MIRRORPATH=${MIRRORPATH:-"/Linux/distributions/plamolinux"}
CATEGORY[0]=${CATEGORY:-"00_base"}
-PACKAGES[0]=${PACKAGES:-"aaa_base acl at attr bash btrfs_progs bzip2
-coreutils cracklib dcron devs dhcp dialog dosfstools dump e2fsprogs
-ed eject etc extipl file findutils gawk glibc grep groff grub gzip
-hdsetup hibernate_script iproute2 iputils kbd kmod less libcap
-libgcc libtirpc lilo linux_pam logrotate lvm2 man
-mdadm microcode_ctl mlocate ncurses net_tools netkit_combo
-network_configs nvi openbsd_inetd openssh openssl os_prober pciutils
-pm_utils procinfo_ng procps_ng readline reiserfsprogs rsyslog sed
-shadow sudo sysfsutils syslinux sysvinit tar tcp_wrappers tcsh
-timezone traceroute udev unicon_tools util_linux xz zlib"}
+IGNOREPKG[0]=${IGNOREPKGS:-"grub kernel lilo linux_firmware microcode_ctl"}
CATEGORY[1]="01_minimum"
-PACKAGES[1]="FDclone autofs bc berkeley_db bsd_games cpio cpufreqd
-cpufrequtils fortune_mod gc gdbm gpm hddtemp hdparm keyutils libelf
-libieee1284 libusb libusb_compat libxml2 libzip linux_howto lm_sensors
-lshw lsof lv man_pages man_pages_ja nilfs_utils nkf pcre perl popt
-psmisc python recode rpm2targz ruby screen sg3_utils sharutils sqlite
-squashfs_lzma sysstat texinfo time tree unzip usbutils utempter which
-yaml zip zsh"
+IGNOREPKG[1]="cpufreqd cpufrequtils gpm"
CATEGORY[2]="01_minimum/alsa.txz"
-PACKAGES[2]="alsa_lib alsa_plugins alsa_utils"
+IGNOREPKG[2]=""
CATEGORY[3]="01_minimum/aspell.txz"
-PACKAGES[3]="aspell aspell6_en"
+IGNOREPKG[3]=""
CATEGORY[4]="01_minimum/devel.txz"
-PACKAGES[4]="autoconf automake binutils bison cloog cvs diffutils flex
-g++ gcc gdb gettext gmp indent intltool kernel_headers libc libtool
-m4 make mpc mpfr onig patch pkg_config ppl pth slang strace yasm"
+IGNOREPKG[4]=""
CATEGORY[5]="01_minimum/gnupg_tls.txz"
-PACKAGES[5]="gnupg gnutls gpgme libassuan libgcrypt libgpg_error libksba
-libtasn1"
+IGNOREPKG[5]=""
CATEGORY[6]="01_minimum/network.txz"
-PACKAGES[6]="bind bridge_utils curl cyrus_sasl dnsmasq ethtool fetchmail
-heimdal hostapd iptables iw libidn libiec61883 libnl3 libpcap
-libraw1394 libssh2 mailx metamail ncftp ntrack parprouted postfix
-ppp procmail rsync setserial uml_utilities w3m wget wireless_tools
-wpa_supplicant"
+IGNOREPKG[6]=""
CATEGORY[7]="01_minimum/nfs.txz"
-PACKAGES[7]="libevent libnfsidmap nfs_utils rpcbind"
+IGNOREPKG[7]=""
CATEGORY[8]="01_minimum/tcl.txz"
-PACKAGES[8]="expect itcl tcl tclx"
+IGNOREPKG[8]=""
+
+CATEGORY_PATH=""
download_plamo() {
# check the mini plamo was not already downloaded
@@ -83,21 +66,36 @@ download_plamo() {
fi
# download a mini plamo into a cache
echo "Downloading Plamo-$release minimal..."
- echo "open $MIRRORSRV" > /tmp/getpkg
+ cd $ptcache
for i in `seq 0 $((${#CATEGORY[@]} - 1))` ; do
-for p in ${PACKAGES[$i]} ; do
- cat <<- EOF >> /tmp/getpkg
- mget $MIRRORPATH/Plamo-$release/$arch/plamo/${CATEGORY[$i]}/$p-*.t?z
- EOF
-done
+CATEGORYPATH=${MIRRORPATH}/Plamo-${release}/${arch}/plamo/${CATEGORY[$i]}
+WGETOPT="-nv -r -l1 -e robots=off -nd --no-parent -c --retr-symlinks -A
.txz"
+EXCLUDE_OPT=""
+if [ $DOWNLOAD_SCHEME = "http" ] ; then
+ if [ -n "${IGNOREPKG[$i]}" ] ; then
+for p in ${IGNOREPKG[$i]} ; do
+ EXCLUDE_OPT="${EXCLUDE_OPT} -R ${p}* "
+done
+ fi
+ if ! wget ${WGETOPT} ${EXCLUDE_OPT} -X ${CATEGORY_PATH}/old
http://${MIRRORSRV}${CATEGORYPATH} ; then
+echo "Failed to download the rootfs, aborting."
+return 1
+ fi
+elif [ $DOWNLOAD_SCHEME = "ftp" ] ; then
+ if [ -n "${IGNOREPKG[$i]}" ] ; then
+for p in ${IGNOREPKG[$i]} ; do
+ EXCLUDE_OPT="${EXCLUDE_OPT} -x ${p} "
+done
+ fi
+ if ! lftp -c "open ${MIRRORSRV} && cd ${CATEGORYPATH} && mirror -i .txz
-x old ${EXCLUDE_OPT} -r ." ; then
+echo "Failed to download the rootfs, aborting."
+return 1
+ fi
+else
+ echo "Invalid DOWNLOAD_SCHEME value (can set http or ftp). "
+ return 1
+fi
done
- echo "close" >> /tmp/getpkg
- cd $ptcache
- if ! lftp -f /tmp/getpkg ; then
-echo "Failed to download the rootfs, aborting."
-return 1
- fi
- rm -f /tmp/getpkg
[lxc-devel] Bug reports
Hey everyone, So as you noticed, between yesterday and today, I caught up a bit on all our pending pull requests, patches and some bug reports. We however still have quite a few reports, both actual bugs and minor features that I think would be worthwhile to get into LXC 1.0. The current list is at: https://github.com/lxc/lxc/issues?milestone=1&state=open Some of you have bugs assigned to you, it'd be great if you could try and get them resolved (or discarded if they're not bugs). If you lack the time, please let me know and I'll move them to my own list (or postpone them to a later milestone). Thanks -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] Last minute template addition - universal image based template
Hi, >>> On Wed, 15 Jan 2014 10:13:08 -0500 in message "Re: [lxc-devel] Last minute template addition - universal image based template" Stephane Graber-san wrote: > It may also be worth having lxc-plamo run with -e and have a cleanup > trap handler (look at lxc-download for a good example) so that any > missing command or script error is fatal. OK. I'm improving lxc-plamo now. I have already set -e, but not set -u, so I will add "-u" later. :-) https://github.com/tenforward/lxc/commit/13e0e566beff176a813859f4489f8f5429f1bc30 > By the way, if you want to look at the build logs, they are visible at: > https://jenkins.linuxcontainers.org Thanks!! Now, I'am seeing the console of lxc-template-plamo :-D -- ka...@jazz.email.ne.jp ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] Initial support for cgmanager
On Tue, Jan 14, 2014 at 04:41:36PM -0600, Serge Hallyn wrote: > This patch splits out most of the cgroupfs-specific code, so that > cgroup-manager versions can be plugged in. The case I did > not handle is cgroup_enter at lxc_attach. I'm hoping that case can > be greatly simplified, but will worry about it after fleshing out the > cgroup manager handlers. > > This also simplify the freezer functions. > > This seems to not regress my common tests when running without > cgmanager, but I'd like to do a bit more testing before pushing. > However I was hoping to get some more eyes on this so am sending it > out now. > > Signed-off-by: Serge Hallyn So I haven't spotted anything obviously wrong with it, besides the few functions that are currently marked as unimplemented. I also confirmed that the code still builds on all supported platforms (without cgmanager), so if it breaks the existing code path, it doesn't do so in any obvious way. > --- > configure.ac| 18 +++ > src/lxc/Makefile.am | 18 +++ > src/lxc/attach.c| 6 +- > src/lxc/cgmanager.c | 367 > > src/lxc/cgroup.c| 350 - > src/lxc/cgroup.h| 61 +++-- > src/lxc/commands.c | 13 +- > src/lxc/conf.c | 10 +- > src/lxc/conf.h | 5 +- > src/lxc/freezer.c | 14 -- > src/lxc/lxc.h | 8 -- > src/lxc/start.c | 47 ++- > src/lxc/start.h | 2 +- > 13 files changed, 718 insertions(+), 201 deletions(-) > create mode 100644 src/lxc/cgmanager.c > > diff --git a/configure.ac b/configure.ac > index 8514267..e513bbe 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -240,6 +240,23 @@ AM_COND_IF([ENABLE_SECCOMP], > ]) > ]) > > +# cgmanager > +AC_ARG_ENABLE([cgmanager], > + [AC_HELP_STRING([--enable-cgmanager], [enable cgmanager support > [default=auto]])], > + [], [enable_cgmanager=auto]) > + > +if test "x$enable_cgmanager" = "xauto" ; then > + > AC_CHECK_LIB([cgmanager],[cgmanager_create],[enable_cgmanager=yes],[enable_cgmanager=no]) > +fi > +AM_CONDITIONAL([ENABLE_CGMANAGER], [test "x$enable_cgmanager" = "xyes"]) > + > +AM_COND_IF([ENABLE_CGMANAGER], > + [PKG_CHECK_MODULES([CGMANAGER], [libcgmanager]) > + PKG_CHECK_MODULES([NIH], [libnih >= 1.0.2]) > + PKG_CHECK_MODULES([NIH_DBUS], [libnih-dbus >= 1.0.0]) > + PKG_CHECK_MODULES([DBUS], [dbus-1 >= 1.2.16]) > + ]) > + > # Linux capabilities > AC_ARG_ENABLE([capabilities], > [AC_HELP_STRING([--enable-capabilities], [enable kernel capabilities > support [default=auto]])], > @@ -684,6 +701,7 @@ Security features: > - Linux capabilities: $enable_capabilities > - seccomp: $enable_seccomp > - SELinux: $enable_selinux > + - cgmanager: $enable_cgmanager > > Bindings: > - lua: $enable_lua > diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am > index 1e0232b..34d69a6 100644 > --- a/src/lxc/Makefile.am > +++ b/src/lxc/Makefile.am > @@ -93,6 +93,10 @@ liblxc_so_SOURCES = \ > \ > $(LSM_SOURCES) > > +if ENABLE_CGMANAGER > +liblxc_so_SOURCES += cgmanager.c > +endif > + > if IS_BIONIC > liblxc_so_SOURCES += \ > ../include/ifaddrs.c ../include/ifaddrs.h \ > @@ -122,6 +126,10 @@ if ENABLE_APPARMOR > AM_CFLAGS += -DHAVE_APPARMOR > endif > > +if ENABLE_CGMANAGER > +AM_CFLAGS += -DHAVE_CGMANAGER > +endif > + > if ENABLE_SELINUX > AM_CFLAGS += -DHAVE_SELINUX > endif > @@ -144,6 +152,11 @@ liblxc_so_LDFLAGS = \ > > liblxc_so_LDADD = $(CAP_LIBS) $(APPARMOR_LIBS) $(SECCOMP_LIBS) > > +#if ENABLE_CGMANAGER > +liblxc_so_LDADD += $(CGMANAGER_LIBS) $(DBUS_LIBS) $(NIH_LIBS) > $(NIH_DBUS_LIBS) > +liblxc_so_CFLAGS += $(CGMANAGER_CFLAGS) $(DBUS_CFLAGS) $(NIH_CFLAGS) > $(NIH_DBUS_CFLAGS) > +#endif > + > bin_SCRIPTS = \ > lxc-ps \ > lxc-netstat \ > @@ -245,6 +258,11 @@ LDADD=liblxc.so @CAP_LIBS@ @APPARMOR_LIBS@ @SECCOMP_LIBS@ > lxc_attach_SOURCES = lxc_attach.c > lxc_autostart_SOURCES = lxc_autostart.c > lxc_cgroup_SOURCES = lxc_cgroup.c > +#if ENABLE_CGMANAGER > +lxc_cgroup_SOURCES += cgmanager.c > +lxc_cgroup_LDADD = $(CGMANAGER_LIBS) $(DBUS_LIBS) $(NIH_LIBS) > $(NIH_DBUS_LIBS) $(LDADD) > +lxc_cgroup_CFLAGS = $(CGMANAGER_CFLAGS) $(DBUS_CFLAGS) $(NIH_CFLAGS) > $(NIH_DBUS_CFLAGS) > +#endif > lxc_checkpoint_SOURCES = lxc_checkpoint.c > lxc_config_SOURCES = lxc_config.c > lxc_console_SOURCES = lxc_console.c > diff --git a/src/lxc/attach.c b/src/lxc/attach.c > index 422f24c..de32549 100644 > --- a/src/lxc/attach.c > +++ b/src/lxc/attach.c > @@ -748,7 +748,11 @@ int lxc_attach(const char* name, const char* lxcpath, > lxc_attach_exec_t exec_fun > goto cleanup_error; > } > > - ret = lxc_cgroup_enter(container_info, attached_pid, > false); > + /* > + * TODO - switch over to using a cgroup_operation. We > can't use > +
[lxc-devel] [lxc/lxc] 28bb93: cgroup.c: redefine the valid cgroup name
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 28bb9321e2c55aa93097487e41c3aca95e0c106c https://github.com/lxc/lxc/commit/28bb9321e2c55aa93097487e41c3aca95e0c106c Author: Qiang Huang Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- cgroup.c: redefine the valid cgroup name Signed-off-by: Qiang Huang Acked-by: Stéphane Graber Commit: e8fe3808d06f55827f0e81a0dee824845d13ae80 https://github.com/lxc/lxc/commit/e8fe3808d06f55827f0e81a0dee824845d13ae80 Author: Qiang Huang Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/cgroup.h Log Message: --- cgroup.h: unify the nameing and comments Signed-off-by: Qiang Huang Acked-by: Stéphane Graber Commit: 574c4428e9964f0a8824d8307a1152d2a7925d50 https://github.com/lxc/lxc/commit/574c4428e9964f0a8824d8307a1152d2a7925d50 Author: Qiang Huang Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- cgroup.c: add static keywords as they declared Signed-off-by: Qiang Huang Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/b408e70daff7...574c4428e996___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 959dd8: Fix small mistake with squid-deb-proxy hook
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 959dd8f250a49bd8b3503a7b5f90a242ece5843d https://github.com/lxc/lxc/commit/959dd8f250a49bd8b3503a7b5f90a242ece5843d Author: Chris Glass Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M hooks/squid-deb-proxy-client Log Message: --- Fix small mistake with squid-deb-proxy hook I unfortunately realized that I did not push the latest version of the file. This fixes an issue in the case where we want to create the proxy file in the container (not nested). Signed-off-by: Chris Glass Acked-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/2] cgroup.c: add static keywords as they declared
On Wed, Jan 15, 2014 at 11:32:29PM +0800, Qiang Huang wrote:
> From: Qiang Huang
>
> Signed-off-by: Qiang Huang
Acked-by: Stéphane Graber
> ---
> src/lxc/cgroup.c | 47 +--
> 1 file changed, 29 insertions(+), 18 deletions(-)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index 6d837f9..8030a8b 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -63,7 +63,6 @@ static char **subsystems_from_mount_options(const char
> *mount_options, char **ke
> static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp);
> static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h);
> static bool is_valid_cgroup(const char *name);
> -static int create_or_remove_cgroup(bool remove, struct cgroup_mount_point
> *mp, const char *path, int recurse);
> static int create_cgroup(struct cgroup_mount_point *mp, const char *path);
> static int remove_cgroup(struct cgroup_mount_point *mp, const char *path,
> bool recurse);
> static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, const
> char *path, const char *suffix);
> @@ -1515,7 +1514,9 @@ int lxc_cgroup_nrtasks_handler(struct lxc_handler
> *handler)
> return ret;
> }
>
> -struct cgroup_process_info *lxc_cgroup_process_info_getx(const char
> *proc_pid_cgroup_str, struct cgroup_meta_data *meta)
> +static struct cgroup_process_info *
> +lxc_cgroup_process_info_getx(const char *proc_pid_cgroup_str,
> + struct cgroup_meta_data *meta)
> {
> struct cgroup_process_info *result = NULL;
> FILE *proc_pid_cgroup = NULL;
> @@ -1610,7 +1611,8 @@ out_error:
> return NULL;
> }
>
> -char **subsystems_from_mount_options(const char *mount_options, char
> **kernel_list)
> +static char **subsystems_from_mount_options(const char *mount_options,
> + char **kernel_list)
> {
> char *token, *str, *saveptr = NULL;
> char **result = NULL;
> @@ -1647,7 +1649,7 @@ out_free:
> return NULL;
> }
>
> -void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp)
> +static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp)
> {
> if (!mp)
> return;
> @@ -1656,7 +1658,7 @@ void lxc_cgroup_mount_point_free(struct
> cgroup_mount_point *mp)
> free(mp);
> }
>
> -void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h)
> +static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h)
> {
> if (!h)
> return;
> @@ -1665,7 +1667,7 @@ void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy
> *h)
> free(h);
> }
>
> -bool is_valid_cgroup(const char *name)
> +static bool is_valid_cgroup(const char *name)
> {
> const char *p;
> for (p = name; *p; p++) {
> @@ -1675,7 +1677,8 @@ bool is_valid_cgroup(const char *name)
> return strcmp(name, ".") != 0 && strcmp(name, "..") != 0;
> }
>
> -int create_or_remove_cgroup(bool do_remove, struct cgroup_mount_point *mp,
> const char *path, int recurse)
> +static int create_or_remove_cgroup(bool do_remove,
> + struct cgroup_mount_point *mp, const char *path, int recurse)
> {
> int r, saved_errno = 0;
> char *buf = cgroup_to_absolute_path(mp, path, NULL);
> @@ -1696,17 +1699,19 @@ int create_or_remove_cgroup(bool do_remove, struct
> cgroup_mount_point *mp, const
> return r;
> }
>
> -int create_cgroup(struct cgroup_mount_point *mp, const char *path)
> +static int create_cgroup(struct cgroup_mount_point *mp, const char *path)
> {
> return create_or_remove_cgroup(false, mp, path, false);
> }
>
> -int remove_cgroup(struct cgroup_mount_point *mp, const char *path, bool
> recurse)
> +static int remove_cgroup(struct cgroup_mount_point *mp,
> + const char *path, bool recurse)
> {
> return create_or_remove_cgroup(true, mp, path, recurse);
> }
>
> -char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, const char
> *path, const char *suffix)
> +static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp,
> + const char *path, const char *suffix)
> {
> /* first we have to make sure we subtract the mount point's prefix */
> char *prefix = mp->mount_prefix;
> @@ -1750,7 +1755,8 @@ char *cgroup_to_absolute_path(struct cgroup_mount_point
> *mp, const char *path, c
> return buf;
> }
>
> -struct cgroup_process_info *find_info_for_subsystem(struct
> cgroup_process_info *info, const char *subsystem)
> +static struct cgroup_process_info *
> +find_info_for_subsystem(struct cgroup_process_info *info, const char
> *subsystem)
> {
> struct cgroup_process_info *info_ptr;
> for (info_ptr = info; info_ptr; info_ptr = info_ptr->next) {
> @@ -1762,7 +1768,8 @@ struct cgroup_process_info
> *find_info_for_subsystem(struct cgroup_process_info *
> return NULL;
> }
>
> -int do_cgroup_get(const char *cgroup_path, const char *sub_filename, char
Re: [lxc-devel] [PATCH 2/2] cgroup.h: unify the nameing and comments
On Wed, Jan 15, 2014 at 11:32:30PM +0800, Qiang Huang wrote: > From: Qiang Huang > > Signed-off-by: Qiang Huang Acked-by: Stéphane Graber > --- > src/lxc/cgroup.h | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h > index 3aab12d..a252123 100644 > --- a/src/lxc/cgroup.h > +++ b/src/lxc/cgroup.h > @@ -155,7 +155,7 @@ extern int lxc_cgroup_get(const char *filename, char > *value, size_t len, const c > * Returns path on success, NULL on error. The caller must free() > * the returned path. > */ > -extern char *lxc_cgroup_path_get(const char *subsystem, const char *name, > +extern char *lxc_cgroup_path_get(const char *filename, const char *name, > const char *lxcpath); > > struct lxc_list; > -- > 1.8.3.2 -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] cgroup.c: redefine the valid cgroup name
On Wed, Jan 15, 2014 at 12:09:26PM +0800, Qiang Huang wrote:
>
> Signed-off-by: Qiang Huang
Acked-by: Stéphane Graber
> ---
> src/lxc/cgroup.c | 6 +-
> 1 file changed, 5 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index 6d837f9..69910cc 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -1669,7 +1669,11 @@ bool is_valid_cgroup(const char *name)
> {
> const char *p;
> for (p = name; *p; p++) {
> - if (*p < 32 || *p == 127 || *p == '/')
> + /* Use the ASCII printable characters range(32 - 127)
> + * is reasonable, we kick out 32(SPACE) because it'll
> + * break legacy lxc-ls
> + */
> + if (*p <= 32 || *p >= 127 || *p == '/')
> return false;
> }
> return strcmp(name, ".") != 0 && strcmp(name, "..") != 0;
> --
> 1.8.3
>
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] b408e7: Trailing whitespace
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: b408e70daff7b36ac1f0ef4c86f70072c2f38480 https://github.com/lxc/lxc/commit/b408e70daff7b36ac1f0ef4c86f70072c2f38480 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-archlinux.in Log Message: --- Trailing whitespace Signed-off-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 1/2] cgroup.c: add static keywords as they declared
From: Qiang Huang
Signed-off-by: Qiang Huang
---
src/lxc/cgroup.c | 47 +--
1 file changed, 29 insertions(+), 18 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 6d837f9..8030a8b 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -63,7 +63,6 @@ static char **subsystems_from_mount_options(const char
*mount_options, char **ke
static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp);
static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h);
static bool is_valid_cgroup(const char *name);
-static int create_or_remove_cgroup(bool remove, struct cgroup_mount_point *mp,
const char *path, int recurse);
static int create_cgroup(struct cgroup_mount_point *mp, const char *path);
static int remove_cgroup(struct cgroup_mount_point *mp, const char *path, bool
recurse);
static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, const char
*path, const char *suffix);
@@ -1515,7 +1514,9 @@ int lxc_cgroup_nrtasks_handler(struct lxc_handler
*handler)
return ret;
}
-struct cgroup_process_info *lxc_cgroup_process_info_getx(const char
*proc_pid_cgroup_str, struct cgroup_meta_data *meta)
+static struct cgroup_process_info *
+lxc_cgroup_process_info_getx(const char *proc_pid_cgroup_str,
+struct cgroup_meta_data *meta)
{
struct cgroup_process_info *result = NULL;
FILE *proc_pid_cgroup = NULL;
@@ -1610,7 +1611,8 @@ out_error:
return NULL;
}
-char **subsystems_from_mount_options(const char *mount_options, char
**kernel_list)
+static char **subsystems_from_mount_options(const char *mount_options,
+ char **kernel_list)
{
char *token, *str, *saveptr = NULL;
char **result = NULL;
@@ -1647,7 +1649,7 @@ out_free:
return NULL;
}
-void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp)
+static void lxc_cgroup_mount_point_free(struct cgroup_mount_point *mp)
{
if (!mp)
return;
@@ -1656,7 +1658,7 @@ void lxc_cgroup_mount_point_free(struct
cgroup_mount_point *mp)
free(mp);
}
-void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h)
+static void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h)
{
if (!h)
return;
@@ -1665,7 +1667,7 @@ void lxc_cgroup_hierarchy_free(struct cgroup_hierarchy *h)
free(h);
}
-bool is_valid_cgroup(const char *name)
+static bool is_valid_cgroup(const char *name)
{
const char *p;
for (p = name; *p; p++) {
@@ -1675,7 +1677,8 @@ bool is_valid_cgroup(const char *name)
return strcmp(name, ".") != 0 && strcmp(name, "..") != 0;
}
-int create_or_remove_cgroup(bool do_remove, struct cgroup_mount_point *mp,
const char *path, int recurse)
+static int create_or_remove_cgroup(bool do_remove,
+ struct cgroup_mount_point *mp, const char *path, int recurse)
{
int r, saved_errno = 0;
char *buf = cgroup_to_absolute_path(mp, path, NULL);
@@ -1696,17 +1699,19 @@ int create_or_remove_cgroup(bool do_remove, struct
cgroup_mount_point *mp, const
return r;
}
-int create_cgroup(struct cgroup_mount_point *mp, const char *path)
+static int create_cgroup(struct cgroup_mount_point *mp, const char *path)
{
return create_or_remove_cgroup(false, mp, path, false);
}
-int remove_cgroup(struct cgroup_mount_point *mp, const char *path, bool
recurse)
+static int remove_cgroup(struct cgroup_mount_point *mp,
+const char *path, bool recurse)
{
return create_or_remove_cgroup(true, mp, path, recurse);
}
-char *cgroup_to_absolute_path(struct cgroup_mount_point *mp, const char *path,
const char *suffix)
+static char *cgroup_to_absolute_path(struct cgroup_mount_point *mp,
+const char *path, const char *suffix)
{
/* first we have to make sure we subtract the mount point's prefix */
char *prefix = mp->mount_prefix;
@@ -1750,7 +1755,8 @@ char *cgroup_to_absolute_path(struct cgroup_mount_point
*mp, const char *path, c
return buf;
}
-struct cgroup_process_info *find_info_for_subsystem(struct cgroup_process_info
*info, const char *subsystem)
+static struct cgroup_process_info *
+find_info_for_subsystem(struct cgroup_process_info *info, const char
*subsystem)
{
struct cgroup_process_info *info_ptr;
for (info_ptr = info; info_ptr; info_ptr = info_ptr->next) {
@@ -1762,7 +1768,8 @@ struct cgroup_process_info
*find_info_for_subsystem(struct cgroup_process_info *
return NULL;
}
-int do_cgroup_get(const char *cgroup_path, const char *sub_filename, char
*value, size_t len)
+static int do_cgroup_get(const char *cgroup_path, const char *sub_filename,
+char *value, size_t len)
{
const char *parts[3] = {
cgroup_path,
@@ -1783,7 +1790,8 @@ int do_cgroup_get(const char *cgroup_path, const char
*s
[lxc-devel] [PATCH 2/2] cgroup.h: unify the nameing and comments
From: Qiang Huang Signed-off-by: Qiang Huang --- src/lxc/cgroup.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/cgroup.h b/src/lxc/cgroup.h index 3aab12d..a252123 100644 --- a/src/lxc/cgroup.h +++ b/src/lxc/cgroup.h @@ -155,7 +155,7 @@ extern int lxc_cgroup_get(const char *filename, char *value, size_t len, const c * Returns path on success, NULL on error. The caller must free() * the returned path. */ -extern char *lxc_cgroup_path_get(const char *subsystem, const char *name, +extern char *lxc_cgroup_path_get(const char *filename, const char *name, const char *lxcpath); struct lxc_list; -- 1.8.3.2 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Always try to create lxcpath
On Wed, Jan 15, 2014 at 08:53:52AM -0600, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > Signed-off-by: Stéphane Graber
>
> Acked-by: Serge E. Hallyn
>
> (An error msg there might save some frustration in the future though)
I didn't put one because mkdir_p will raise on itself.
>
> > ---
> > src/lxc/lxc_create.c | 3 +++
> > 1 file changed, 3 insertions(+)
> >
> > diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> > index d02dacc..6d94709 100644
> > --- a/src/lxc/lxc_create.c
> > +++ b/src/lxc/lxc_create.c
> > @@ -206,6 +206,9 @@ int main(int argc, char *argv[])
> > exit(1);
> >
> > if (geteuid()) {
> > + if (mkdir_p(my_args.lxcpath[0], 0755)) {
> > + exit(1);
> > + }
> > if (access(my_args.lxcpath[0], O_RDWR) < 0) {
> > fprintf(stderr, "You lack access to %s\n",
> > my_args.lxcpath[0]);
> > exit(1);
> > --
> > 1.8.5.2
> >
> > ___
> > lxc-devel mailing list
> > lxc-devel@lists.linuxcontainers.org
> > http://lists.linuxcontainers.org/listinfo/lxc-devel
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] Last minute template addition - universal image based template
On Wed, Jan 15, 2014 at 06:40:17PM +0900, KATOH Yasufumi wrote: > Hi, > > I checked rootfs.tar.xz of plamo. But this rootfs is not build > correctly. > > configure_plamo() in lxc-plamo edits $rootfs/etc/rc.d/rc.S,rc.M, but a > part of it was not performed. I guess that a part of editing rc.S,M is > doesn't performed. "ed" command is installed on jenkins host? Oops, good catch, I should have seen the error in the log. It may also be worth having lxc-plamo run with -e and have a cleanup trap handler (look at lxc-download for a good example) so that any missing command or script error is fatal. By the way, if you want to look at the build logs, they are visible at: https://jenkins.linuxcontainers.org > > -- > ka...@jazz.email.ne.jp > # I'm changing lxc-plamo allow to use http :-) > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 040f1c: Always try to create lxcpath
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 040f1c4008a6ffcc8c5553e947bb645a8d233371 https://github.com/lxc/lxc/commit/040f1c4008a6ffcc8c5553e947bb645a8d233371 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M src/lxc/lxc_create.c Log Message: --- Always try to create lxcpath Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: ce68d5b4810e2c8035b21bfb5f742804c104de5a https://github.com/lxc/lxc/commit/ce68d5b4810e2c8035b21bfb5f742804c104de5a Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-debian.in Log Message: --- debian: Support ssh host keys regeneration Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: 07219a02df818cf5bb763622aec4b0972930a42d https://github.com/lxc/lxc/commit/07219a02df818cf5bb763622aec4b0972930a42d Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-ubuntu.in Log Message: --- ubuntu: Fix path to openssh-server's postinst The path isn't relative to @LOCALSTATEDIR@ Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: 0d656b0549e67635ad9c24474b82dfa26e1f4512 https://github.com/lxc/lxc/commit/0d656b0549e67635ad9c24474b82dfa26e1f4512 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-download.in Log Message: --- lxc-download: POSIX doesn't specify -f for chown Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: c1becef2d2d96ce2c782d2b0eb19b24dcd6026d9 https://github.com/lxc/lxc/commit/c1becef2d2d96ce2c782d2b0eb19b24dcd6026d9 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-download.in Log Message: --- lxc-download: Fix wrong option parsing Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: 41670b35b0d7a11c7fa7d04e2535495dc90b76a9 https://github.com/lxc/lxc/commit/41670b35b0d7a11c7fa7d04e2535495dc90b76a9 Author: Stéphane Graber Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M templates/lxc-download.in Log Message: --- lxc-download: Fix undefined DOWNLOAD_FORCE_CACHE Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn Commit: f4e8a9186190660c3cc8b7bcc8c3a90165fba370 https://github.com/lxc/lxc/commit/f4e8a9186190660c3cc8b7bcc8c3a90165fba370 Author: Chris Glass Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M config/templates/ubuntu.common.conf.in Log Message: --- Added a commented squid-deb-proxy hook to ubuntu Added a commented squid-deb-proxy hook to the common ubuntu config file as suggested when merging the squid-deb-proxy-client hook. Signed-off-by: Chris Glass Acked-by: Stéphane Graber Commit: fcdb97df5d3b639d87b136c94e55ec395c2c8df5 https://github.com/lxc/lxc/commit/fcdb97df5d3b639d87b136c94e55ec395c2c8df5 Author: KATOH Yasufumi Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M doc/ja/lxc.conf.sgml.in Log Message: --- doc: Update Japanese lxc.conf(5) Update for commit df2d4205073d3f57543951ca7ffabf891b230634 Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Commit: a3da3d8296d6ff2b9aa1da24830c548c87469404 https://github.com/lxc/lxc/commit/a3da3d8296d6ff2b9aa1da24830c548c87469404 Author: Dwight Engen Date: 2014-01-15 (Wed, 15 Jan 2014) Changed paths: M lxc.spec.in Log Message: --- install only lxc-user-nic setuid Signed-off-by: Dwight Engen Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/b022744452e0...a3da3d8296d6___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-download: POSIX doesn't specify -f for chown
On Wed, Jan 15, 2014 at 08:48:52AM -0600, Serge Hallyn wrote: > Quoting Stéphane Graber (stgra...@ubuntu.com): > > Signed-off-by: Stéphane Graber > > and you were already sending output to /dev/null anyway :) > > Acked-by: Serge E. Hallyn > > Though I would also point out that the man page shows options > coming before the [OWNER][:[GROUP]], which implies there might > be implementations where putting $LXC_MAPPED_UID before the -R > might break. Not sure. Good point, I'll change that when applying. > > > --- > > templates/lxc-download.in | 4 ++-- > > 1 file changed, 2 insertions(+), 2 deletions(-) > > > > diff --git a/templates/lxc-download.in b/templates/lxc-download.in > > index c318041..04f5846 100644 > > --- a/templates/lxc-download.in > > +++ b/templates/lxc-download.in > > @@ -396,7 +396,7 @@ if [ "$DOWNLOAD_USE_CACHE" = "false" ]; then > > echo $DOWNLOAD_BUILD > $LXC_CACHE_PATH/build_id > > > > if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then > > -chown $LXC_MAPPED_UID -Rf $LXC_CACHE_BASE >/dev/null 2>&1 || > > true > > +chown $LXC_MAPPED_UID -R $LXC_CACHE_BASE >/dev/null 2>&1 || > > true > > fi > > echo "The image cache is now ready" > > fi > > @@ -489,7 +489,7 @@ for file in $TEMPLATE_FILES; do > > done > > > > if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then > > -chown $LXC_MAPPED_UID -f $LXC_PATH/config $LXC_PATH/fstab || true > > +chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 > > || true > > fi > > > > if [ -e "$(relevant_file create-message)" ]; then > > -- > > 1.8.5.2 > > > > ___ > > lxc-devel mailing list > > lxc-devel@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-devel > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] doc: Update Japanese lxc.conf(5)
On Wed, Jan 15, 2014 at 06:50:43PM +0900, KATOH Yasufumi wrote: > Update for commit df2d4205073d3f57543951ca7ffabf891b230634 > > Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber > --- > doc/ja/lxc.conf.sgml.in | 14 ++ > 1 file changed, 14 insertions(+) > > diff --git a/doc/ja/lxc.conf.sgml.in b/doc/ja/lxc.conf.sgml.in > index 5e1b410..1140c7f 100644 > --- a/doc/ja/lxc.conf.sgml.in > +++ b/doc/ja/lxc.conf.sgml.in > @@ -453,6 +453,20 @@ by KATOH Yasufumi > > > > + lxc.network.mtu > + > + > + > + > + インターフェースに対する MTU を指定します. > + > + > + > + > + > + > lxc.network.name > > > -- > 1.8.4.4 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] install only lxc-user-nic setuid
On Wed, Jan 15, 2014 at 08:36:28AM -0500, Dwight Engen wrote:
> Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber
> ---
> lxc.spec.in | 10 +-
> 1 file changed, 1 insertion(+), 9 deletions(-)
>
> diff --git a/lxc.spec.in b/lxc.spec.in
> index b1bc649..a4a9e13 100644
> --- a/lxc.spec.in
> +++ b/lxc.spec.in
> @@ -126,15 +126,7 @@ rm -rf %{buildroot}
> %files
> %defattr(-,root,root)
> %{_bindir}/*
> -%attr(4111,root,root) %{_bindir}/lxc-attach
> -%attr(4111,root,root) %{_bindir}/lxc-create
> -%attr(4111,root,root) %{_bindir}/lxc-clone
> -%attr(4111,root,root) %{_bindir}/lxc-start
> -%attr(4111,root,root) %{_bindir}/lxc-netstat
> -%attr(4111,root,root) %{_bindir}/lxc-unshare
> -%attr(4111,root,root) %{_bindir}/lxc-execute
> -%attr(4111,root,root) %{_bindir}/lxc-checkpoint
> -%attr(4111,root,root) %{_bindir}/lxc-restart
> +%attr(4111,root,root) %{_bindir}/lxc-user-nic
> %{_mandir}/man1/lxc*
> %{_mandir}/man5/lxc*
> %{_mandir}/man7/lxc*
> --
> 1.8.3.1
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Always try to create lxcpath
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
(An error msg there might save some frustration in the future though)
> ---
> src/lxc/lxc_create.c | 3 +++
> 1 file changed, 3 insertions(+)
>
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index d02dacc..6d94709 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lxc/lxc_create.c
> @@ -206,6 +206,9 @@ int main(int argc, char *argv[])
> exit(1);
>
> if (geteuid()) {
> + if (mkdir_p(my_args.lxcpath[0], 0755)) {
> + exit(1);
> + }
> if (access(my_args.lxcpath[0], O_RDWR) < 0) {
> fprintf(stderr, "You lack access to %s\n",
> my_args.lxcpath[0]);
> exit(1);
> --
> 1.8.5.2
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-download: Fix undefined DOWNLOAD_FORCE_CACHE
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > templates/lxc-download.in | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/templates/lxc-download.in b/templates/lxc-download.in > index aa93b59..d1d1e5b 100644 > --- a/templates/lxc-download.in > +++ b/templates/lxc-download.in > @@ -35,6 +35,7 @@ DOWNLOAD_KEYID="0xBAEFF88C22F6E216" > DOWNLOAD_KEYSERVER="pool.sks-keyservers.net" > DOWNLOAD_VALIDATE="true" > DOWNLOAD_FLUSH_CACHE="false" > +DOWNLOAD_FORCE_CACHE="false" > DOWNLOAD_MODE="system" > DOWNLOAD_USE_CACHE="false" > DOWNLOAD_URL= > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-download: Fix wrong option parsing
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > templates/lxc-download.in | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/templates/lxc-download.in b/templates/lxc-download.in > index 04f5846..aa93b59 100644 > --- a/templates/lxc-download.in > +++ b/templates/lxc-download.in > @@ -172,7 +172,7 @@ EOF > } > > options=$(getopt -o d:r:a:hl -l dist:,release:,arch:,help,list,variant:,\ > -server:,keyid:,no-validate,flush-cache,force-cache:,name:,path:,\ > +server:,keyid:,no-validate,flush-cache,force-cache,name:,path:,\ > rootfs:,mapped-uid: -- "$@") > > if [ $? -ne 0 ]; then > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-download: POSIX doesn't specify -f for chown
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber and you were already sending output to /dev/null anyway :) Acked-by: Serge E. Hallyn Though I would also point out that the man page shows options coming before the [OWNER][:[GROUP]], which implies there might be implementations where putting $LXC_MAPPED_UID before the -R might break. Not sure. > --- > templates/lxc-download.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/templates/lxc-download.in b/templates/lxc-download.in > index c318041..04f5846 100644 > --- a/templates/lxc-download.in > +++ b/templates/lxc-download.in > @@ -396,7 +396,7 @@ if [ "$DOWNLOAD_USE_CACHE" = "false" ]; then > echo $DOWNLOAD_BUILD > $LXC_CACHE_PATH/build_id > > if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then > -chown $LXC_MAPPED_UID -Rf $LXC_CACHE_BASE >/dev/null 2>&1 || true > +chown $LXC_MAPPED_UID -R $LXC_CACHE_BASE >/dev/null 2>&1 || true > fi > echo "The image cache is now ready" > fi > @@ -489,7 +489,7 @@ for file in $TEMPLATE_FILES; do > done > > if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then > -chown $LXC_MAPPED_UID -f $LXC_PATH/config $LXC_PATH/fstab || true > +chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 > || true > fi > > if [ -e "$(relevant_file create-message)" ]; then > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/2] ubuntu: Fix path to openssh-server's postinst
Quoting Stéphane Graber (stgra...@ubuntu.com): > The path isn't relative to @LOCALSTATEDIR@ > > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > templates/lxc-ubuntu.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in > index a707f5b..d9bb8a4 100644 > --- a/templates/lxc-ubuntu.in > +++ b/templates/lxc-ubuntu.in > @@ -95,7 +95,7 @@ EOF > fi > > # generate new SSH keys > -if [ -x $rootfs$LOCALSTATEDIR/lib/dpkg/info/openssh-server.postinst ]; > then > +if [ -x $rootfs/var/lib/dpkg/info/openssh-server.postinst ]; then > cat > $rootfs/usr/sbin/policy-rc.d << EOF > #!/bin/sh > exit 101 > @@ -104,7 +104,7 @@ EOF > > rm -f $rootfs/etc/ssh/ssh_host_*key* > mv $rootfs/etc/init/ssh.conf $rootfs/etc/init/ssh.conf.disabled > -DPKG_MAINTSCRIPT_PACKAGE=openssh DPKG_MAINTSCRIPT_NAME=postinst > chroot $rootfs $LOCALSTATEDIR/lib/dpkg/info/openssh-server.postinst configure > +DPKG_MAINTSCRIPT_PACKAGE=openssh DPKG_MAINTSCRIPT_NAME=postinst > chroot $rootfs /var/lib/dpkg/info/openssh-server.postinst configure > mv $rootfs/etc/init/ssh.conf.disabled $rootfs/etc/init/ssh.conf > > sed -i "s/root@$(hostname)/root@$hostname/g" > $rootfs/etc/ssh/ssh_host_*.pub > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/2] debian: Support ssh host keys regeneration
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > templates/lxc-debian.in | 24 > 1 file changed, 24 insertions(+) > > diff --git a/templates/lxc-debian.in b/templates/lxc-debian.in > index d6f07b9..f399c0b 100644 > --- a/templates/lxc-debian.in > +++ b/templates/lxc-debian.in > @@ -93,6 +93,30 @@ EOF > chroot $rootfs /usr/sbin/update-rc.d -f hwclock.sh remove > chroot $rootfs /usr/sbin/update-rc.d -f hwclockfirst.sh remove > > +# generate new SSH keys > +if [ -x $rootfs/var/lib/dpkg/info/openssh-server.postinst ]; then > +cat > $rootfs/usr/sbin/policy-rc.d << EOF > +#!/bin/sh > +exit 101 > +EOF > +chmod +x $rootfs/usr/sbin/policy-rc.d > + > +if [ -f $rootfs/etc/init/ssh.conf ]; then > +mv $rootfs/etc/init/ssh.conf $rootfs/etc/init/ssh.conf.disabled > +fi > + > +rm -f $rootfs/etc/ssh/ssh_host_*key* > + > +DPKG_MAINTSCRIPT_PACKAGE=openssh DPKG_MAINTSCRIPT_NAME=postinst > chroot $rootfs /var/lib/dpkg/info/openssh-server.postinst configure > +sed -i "s/root@$(hostname)/root@$hostname/g" > $rootfs/etc/ssh/ssh_host_*.pub > + > +if [ -f "$rootfs/etc/init/ssh.conf.disabled" ]; then > +mv $rootfs/etc/init/ssh.conf.disabled $rootfs/etc/init/ssh.conf > +fi > + > +rm -f $rootfs/usr/sbin/policy-rc.d > +fi > + > # set initial timezone as on host > if [ -f /etc/timezone ]; then > cat /etc/timezone > $rootfs/etc/timezone > -- > 1.8.5.2 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] install only lxc-user-nic setuid
Signed-off-by: Dwight Engen
---
lxc.spec.in | 10 +-
1 file changed, 1 insertion(+), 9 deletions(-)
diff --git a/lxc.spec.in b/lxc.spec.in
index b1bc649..a4a9e13 100644
--- a/lxc.spec.in
+++ b/lxc.spec.in
@@ -126,15 +126,7 @@ rm -rf %{buildroot}
%files
%defattr(-,root,root)
%{_bindir}/*
-%attr(4111,root,root) %{_bindir}/lxc-attach
-%attr(4111,root,root) %{_bindir}/lxc-create
-%attr(4111,root,root) %{_bindir}/lxc-clone
-%attr(4111,root,root) %{_bindir}/lxc-start
-%attr(4111,root,root) %{_bindir}/lxc-netstat
-%attr(4111,root,root) %{_bindir}/lxc-unshare
-%attr(4111,root,root) %{_bindir}/lxc-execute
-%attr(4111,root,root) %{_bindir}/lxc-checkpoint
-%attr(4111,root,root) %{_bindir}/lxc-restart
+%attr(4111,root,root) %{_bindir}/lxc-user-nic
%{_mandir}/man1/lxc*
%{_mandir}/man5/lxc*
%{_mandir}/man7/lxc*
--
1.8.3.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] doc: Update Japanese lxc.conf(5)
Update for commit df2d4205073d3f57543951ca7ffabf891b230634 Signed-off-by: KATOH Yasufumi --- doc/ja/lxc.conf.sgml.in | 14 ++ 1 file changed, 14 insertions(+) diff --git a/doc/ja/lxc.conf.sgml.in b/doc/ja/lxc.conf.sgml.in index 5e1b410..1140c7f 100644 --- a/doc/ja/lxc.conf.sgml.in +++ b/doc/ja/lxc.conf.sgml.in @@ -453,6 +453,20 @@ by KATOH Yasufumi + lxc.network.mtu + + + + + インターフェースに対する MTU を指定します. + + + + + + lxc.network.name -- 1.8.4.4 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] Last minute template addition - universal image based template
Hi, I checked rootfs.tar.xz of plamo. But this rootfs is not build correctly. configure_plamo() in lxc-plamo edits $rootfs/etc/rc.d/rc.S,rc.M, but a part of it was not performed. I guess that a part of editing rc.S,M is doesn't performed. "ed" command is installed on jenkins host? -- ka...@jazz.email.ne.jp # I'm changing lxc-plamo allow to use http :-) ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] Pull request: make ubuntu templates apt proxy aware
Thanks for merging this in! As suggested, here's a trivial commit adding a commented hook to the common Ubuntu template: https://github.com/lxc/lxc/pull/137 - Chris On Tue, Jan 14, 2014 at 6:21 PM, Stéphane Graber wrote: > On Tue, Jan 14, 2014 at 06:07:32PM +0100, Chris Glass wrote: >> Should I post the patch to this list instead or is it simply that >> nobody had time to look at it yet? >> I don't mean to sound pushy at all (sorry if I do), I'm just trying to >> contribute "the right way" :) >> >> Thanks >> >> - Chris > > Nope, that's fine. I've just been busy with other things at the moment. > I hope to have some time to go through github pull requests later today. > > Btw, it's pretty likely that I'll postpone beta2 until tomorrow as I've > got a few more changes to lxc-download which I want to get in before > then. > >> >> On Mon, Jan 13, 2014 at 6:23 PM, Chris Glass >> wrote: >> > (gmail is messing with my signature, that'll teach me to use the web >> > interface) >> > >> > On Mon, Jan 13, 2014 at 6:22 PM, Chris Glass >> > wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> >> Hash: SHA1 >> >> >> >> Hi all, >> >> >> >> Here are the changes I was referring to in my previous email thread - >> >> these changes make the ubuntu templates aware of squid-deb-proxy >> >> servers visible to the host. >> >> >> >> https://github.com/lxc/lxc/pull/134 >> >> >> >> squid-deb-proxy uses avahi to advertise itself, and so installing >> >> squid-deb-proxy-client on the LXC host lets apt autodetect proxy >> >> settings. With this path the proxy settings are consumed by LXC when >> >> both debootstrapping a new image and inside the container itself. >> >> >> >> This makes deploying similar environments (on a development machine >> >> for example, in a CI lab, or for example using juju) *much* faster. >> >> One could achieve similar results by setting APT_PROXY or HTTP_PROXY >> >> when running lxc-create, but the advantage of this patch is that it's >> >> completely automatic. >> >> >> >> The cost for people not using squid-deb-proxy is negligible, this >> >> patch therefore adds the hook to the default ubuntu and ubuntu-cloud >> >> templates. >> >> >> >> Note: this requires "dbus," to be added to the >> >> /etc/apparmor.d/abstractions/lxc/start-container apparmor profile as >> >> Stephane suggested in the previous thread (if not using the PPA >> >> packages). >> >> >> >> >> >> Hope this can be as useful for other people as it has been for me so far, >> >> >> >> - - Chris >> >> >> >> -BEGIN PGP SIGNATURE- >> >> Version: GnuPG v1.4.14 (GNU/Linux) >> >> >> >> iEYEARECAAYFAlLUIH0ACgkQND4mi+cKVzTNLQCfU0S9XAFec79gbsiR+FMgoMwq >> >> piEAnR5S9jmJ6sdaODTRjCOvm4SCMxDb >> >> =OM7W >> >> -END PGP SIGNATURE- >> ___ >> lxc-devel mailing list >> lxc-devel@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-devel > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel > ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
