Re: [lxc-devel] [PATCH] tests: Update lxc-test-unpriv
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Update lxc-test-unpriv to be a bit simpler and more reliable.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/lxc-test-unpriv | 71
> ++-
> 1 file changed, 39 insertions(+), 32 deletions(-)
>
> diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv
> index ce3cc75..ff2a44a 100755
> --- a/src/tests/lxc-test-unpriv
> +++ b/src/tests/lxc-test-unpriv
> @@ -29,14 +29,27 @@ which newuidmap >/dev/null 2>&1 || { echo "'newuidmap'
> command is missing" >&2;
>
> DONE=0
> cleanup() {
> - lxc-stop -P $HDIR/lxcbase -n c1
> + cd
> +
> + run_cmd lxc-stop -n c1 -k
> + pkill -u $(id -u $TUSER) -9
> +
> sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
> - sudo deluser $TUSER
> - rm -rf $HDIR
> +
> + rm -Rf $HDIR /run/user/$(id -u $TUSER)
> +
> + deluser $TUSER
> +
> if [ $DONE -eq 0 ]; then
> - exit $1
> + echo "FAIL"
> + exit 1
> fi
> + echo "PASS"
> +}
> +
> +run_cmd() {
> + sudo -i -u $TUSER env XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $*
> }
>
> # create a test user
> @@ -44,50 +57,44 @@ TUSER=lxcunpriv
> HDIR=/home/$TUSER
>
> trap cleanup EXIT SIGHUP SIGINT SIGTERM
> +set -eu
>
> -deluser $TUSER || true
> +deluser $TUSER && rm -Rf $HDIR || true
> useradd $TUSER
> -sudo mkdir -p $HDIR
> -sudo chown $TUSER $HDIR
> +
> +mkdir -p $HDIR
> echo "$TUSER veth lxcbr0 2" > /etc/lxc/lxc-usernet
> sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
> +
> usermod -v 91-91 -w 91-91 $TUSER
> -mkdir -p $HDIR/lxcbase
> -chown $TUSER $HDIR/lxcbase
> -uid=$(id -u $TUSER)
> -cat >> $HDIR/.bashrc << EOF
> -export HOME=$HDIR
> -export USER=$TUSER
> -EOF
> -chown $TUSER $HDIR/.bashrc
>
> -cat > $HDIR/lxc-usernic.conf << EOF
> +mkdir -p $HDIR/.config/lxc/
> +cat > $HDIR/.config/lxc/default.conf << EOF
> lxc.network.type = veth
> lxc.network.link = lxcbr0
> lxc.id_map = u 0 91
> lxc.id_map = g 0 91
> EOF
> -chown $TUSER $HDIR/lxc-usernic.conf
> -rm -rf /run/lock/lxc/home/$TUSER
> -mkdir -p /run/lock/lxc/home/$TUSER
> -chown $TUSER /run/lock/lxc/home/$TUSER
> +chown -R $TUSER $HDIR
> +
> +mkdir -p /run/user/$(id -u $TUSER)
> +chown -R $TUSER /run/user/$(id -u $TUSER)
> +
> +cd $HDIR
>
> for d in /sys/fs/cgroup/*; do
> - mkdir $d/lxctest
> + [ ! -d $d/lxctest ] && mkdir $d/lxctest
> chown -R $TUSER $d/lxctest
> echo $$ > $d/lxctest/tasks
> done
> -cd $HDIR
> -#export HOME=$HDIR
> -env | awk -F= '{print $1}' | while read line; do export ${line}=; done
> -echo "DOING: lxc-create -P $HDIR/lxcbase -t ubuntu-cloud -n c1 -f
> $HDIR/lxc-usernic.conf"
> -sudo --set-home -u $TUSER lxc-create -P $HDIR/lxcbase -t ubuntu-cloud -n c1
> -f $HDIR/lxc-usernic.conf -l outout -o /tmp/o1
> -#read -p "c1 created, check it now" x
> -sudo --set-home -u $TUSER lxc-start -P $HDIR/lxcbase -n c1 -d
> -
> -p1=`lxc-info -P $HDIR/lxcbase -n c1 -p | awk -F: '{ print $2 }'`
> +
> +run_cmd lxc-create -t download -n c1 -- -d ubuntu -r trusty -a i386
> +run_cmd lxc-start -n c1 -d
> +
> +p1=$(run_cmd lxc-info -n c1 -p -H)
> [ "$p1" != "-1" ] || { echo "Failed to start container c1"; false; }
> -lxc-attach -P $HDIR/lxcbase -n c1 -- ping -c 1 google.com
>
> -echo "All tests passed"
> +run_cmd lxc-info -n c1
> +run_cmd lxc-attach -n c1 -- /bin/true
> +
> DONE=1
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] cgmanager: chown cgroups to the container root
After this patch, starting an unprivileged container using
cgmanager gets the cgroup chown to the container root, so
that it can install the cgmanager (proxy) and make cgroup
requests.
(Still desirable and not in this patch is the automatic setup of
/sys/fs/cgroup/manager/sock, which you can currently do with
two lxc.mount.entries)
Signed-off-by: Serge Hallyn
---
src/lxc/cgmanager.c | 167 +++-
src/lxc/cgroup.c| 8 +++
src/lxc/cgroup.h| 2 +
src/lxc/start.c | 3 +
4 files changed, 178 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index e43e1f7..4f83272 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
@@ -75,6 +75,44 @@ static void cgmanager_disconnected(DBusConnection
*connection)
}
}
+static int send_creds(int sock, int rpid, int ruid, int rgid)
+{
+ struct msghdr msg = { 0 };
+ struct iovec iov;
+ struct cmsghdr *cmsg;
+ struct ucred cred = {
+ .pid = rpid,
+ .uid = ruid,
+ .gid = rgid,
+ };
+ char cmsgbuf[CMSG_SPACE(sizeof(cred))];
+ char buf[1];
+ buf[0] = 'p';
+
+ msg.msg_control = cmsgbuf;
+ msg.msg_controllen = sizeof(cmsgbuf);
+
+ cmsg = CMSG_FIRSTHDR(&msg);
+ cmsg->cmsg_len = CMSG_LEN(sizeof(struct ucred));
+ cmsg->cmsg_level = SOL_SOCKET;
+ cmsg->cmsg_type = SCM_CREDENTIALS;
+ memcpy(CMSG_DATA(cmsg), &cred, sizeof(cred));
+
+ msg.msg_name = NULL;
+ msg.msg_namelen = 0;
+
+ iov.iov_base = buf;
+ iov.iov_len = sizeof(buf);
+ msg.msg_iov = &iov;
+ msg.msg_iovlen = 1;
+
+ if (sendmsg(sock, &msg, 0) < 0) {
+ perror("sendmsg");
+ return -1;
+ }
+ return 0;
+}
+
#define CGMANAGER_DBUS_SOCK "unix:path=/sys/fs/cgroup/cgmanager/sock"
bool lxc_init_cgmanager(void)
{
@@ -120,10 +158,121 @@ static bool lxc_cgmanager_create(const char *controller,
const char *cgroup_path
return false;
}
- // TODO - try to chown the cgroup to the container root
return true;
}
+struct chown_data {
+ const char *controller;
+ const char *cgroup_path;
+};
+
+static int do_chown_cgroup(const char *controller, const char *cgroup_path)
+{
+ int sv[2] = {-1, -1}, optval = 1;
+ char buf[1];
+
+ if (setgid(0) < 0)
+ WARN("Failed to setgid to 0");
+ if (setuid(0) < 0)
+ WARN("Failed to setuid to 0");
+
+ if (socketpair(AF_UNIX, SOCK_DGRAM, 0, sv) < 0) {
+ SYSERROR("Error creating socketpair");
+ exit(1);
+ }
+ if (setsockopt(sv[1], SOL_SOCKET, SO_PASSCRED, &optval, sizeof(optval))
== -1) {
+ SYSERROR("setsockopt failed");
+ exit(1);
+ }
+ if (setsockopt(sv[0], SOL_SOCKET, SO_PASSCRED, &optval, sizeof(optval))
== -1) {
+ SYSERROR("setsockopt failed");
+ exit(1);
+ }
+ if ( cgmanager_chown_scm_sync(NULL, cgroup_manager, controller,
+ cgroup_path, sv[1]) != 0) {
+ ERROR("call to cgmanager_chown_scm_sync failed");
+ return -1;
+ }
+ /* now send credentials */
+
+ fd_set rfds;
+ FD_ZERO(&rfds);
+ FD_SET(sv[0], &rfds);
+ if (select(sv[0]+1, &rfds, NULL, NULL, NULL) < 0) {
+ ERROR("Error getting go-ahead from server: %s",
strerror(errno));
+ return -1;
+ }
+ if (read(sv[0], &buf, 1) != 1) {
+ ERROR("Error getting reply from server over socketpair");
+ return -1;
+ }
+ if (send_creds(sv[0], getpid(), getuid(), getgid())) {
+ ERROR("Error sending pid over SCM_CREDENTIAL");
+ return -1;
+ }
+ FD_ZERO(&rfds);
+ FD_SET(sv[0], &rfds);
+ if (select(sv[0]+1, &rfds, NULL, NULL, NULL) < 0) {
+ ERROR("Error getting go-ahead from server: %s",
strerror(errno));
+ return -1;
+ }
+ if (read(sv[0], &buf, 1) != 1) {
+ ERROR("Error getting reply from server over socketpair");
+ return -1;
+ }
+ if (send_creds(sv[0], getpid(), 0, 0)) {
+ ERROR("Error sending pid over SCM_CREDENTIAL");
+ return -1;
+ }
+ FD_ZERO(&rfds);
+ FD_SET(sv[0], &rfds);
+ if (select(sv[0]+1, &rfds, NULL, NULL, NULL) < 0) {
+ ERROR("Error getting go-ahead from server: %s",
strerror(errno));
+ return -1;
+ }
+ int ret = read(sv[0], buf, 1);
+ close(sv[0]);
+ close(sv[1]);
+ if (ret == 1 && *buf == '1')
+ return 0;
+ return -1;
+}
+
+static int chown_cgroup_wrapper(void *data)
+{
+ struct chown_data *arg = data;
+ return do_chown_cgroup(arg->controller, arg->cgroup_path)
Re: [lxc-devel] [PATCH] tests: Fix createtest
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Drop 60s delay and clear config before loading it.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/createtest.c | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
> diff --git a/src/tests/createtest.c b/src/tests/createtest.c
> index b53c963..ba3a387 100644
> --- a/src/tests/createtest.c
> +++ b/src/tests/createtest.c
> @@ -60,14 +60,13 @@ int main(int argc, char *argv[])
> goto out;
> }
>
> + c->clear_config(c);
> c->load_config(c, NULL);
> c->want_daemonize(c, true);
> if (!c->startl(c, 0, NULL)) {
> fprintf(stderr, "%d: failed to start %s\n", __LINE__, MYNAME);
> goto out;
> }
> - fprintf(stderr, "%d: %s started, you have 60 seconds to test a
> console\n", __LINE__, MYNAME);
> - sleep(60); // wait a minute to let user connect to console
>
> if (!c->stop(c)) {
> fprintf(stderr, "%d: failed to stop %s\n", __LINE__, MYNAME);
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Remove containers after running clonetest
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/clonetest.c | 8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/tests/clonetest.c b/src/tests/clonetest.c
> index b04ab3c..efd673e 100644
> --- a/src/tests/clonetest.c
> +++ b/src/tests/clonetest.c
> @@ -80,9 +80,9 @@ int main(int argc, char *argv[])
> // now test with lvm
> // Only do this if clonetestlvm1 exists - user has to set this up
> // in advance
> - //c2->destroy(c2);
> + c2->destroy(c2);
> lxc_container_put(c2);
> - //c->destroy(c);
> + c->destroy(c);
> lxc_container_put(c);
> c = NULL;
>
> @@ -167,11 +167,11 @@ out:
> lxc_container_put(c3);
> }
> if (c2) {
> - //c2->destroy(c2); // keep around to verify manuall
> + c2->destroy(c2);
> lxc_container_put(c2);
> }
> if (c) {
> - //c->destroy(c);
> + c->destroy(c);
> lxc_container_put(c);
> }
> exit(ret);
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Fix destroy() crash when no config is loaded
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxccontainer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 1520cd3..fbf0824 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -1957,7 +1957,7 @@ static bool lxcapi_destroy(struct lxc_container *c)
> goto out;
> }
>
> - if (!am_unpriv() && c->lxc_conf->rootfs.path &&
> c->lxc_conf->rootfs.mount) {
> + if (!am_unpriv() && c->lxc_conf && c->lxc_conf->rootfs.path &&
> c->lxc_conf->rootfs.mount) {
> r = bdev_init(c->lxc_conf->rootfs.path,
> c->lxc_conf->rootfs.mount, NULL);
> if (r) {
> if (r->ops->destroy(r) < 0) {
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Drop 60s delay in shutdowntest
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Eh, it was useful at one time :)
Acked-by: Serge E. Hallyn
> ---
> src/tests/shutdowntest.c | 2 --
> 1 file changed, 2 deletions(-)
>
> diff --git a/src/tests/shutdowntest.c b/src/tests/shutdowntest.c
> index e8a7126..6e4bb31 100644
> --- a/src/tests/shutdowntest.c
> +++ b/src/tests/shutdowntest.c
> @@ -68,8 +68,6 @@ int main(int argc, char *argv[])
> fprintf(stderr, "%d: failed to start %s\n", __LINE__, MYNAME);
> goto out;
> }
> - fprintf(stderr, "%d: %s started, you have 60 seconds to test a
> console\n", __LINE__, MYNAME);
> - sleep(60); // wait a minute to let user connect to console
>
> if (!c->shutdown(c, 60)) {
> fprintf(stderr, "%d: failed to shut down %s\n", __LINE__,
> MYNAME);
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Fix lxc-test-saveconfig cleanup
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/saveconfig.c | 10 ++
> 1 file changed, 10 insertions(+)
>
> diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c
> index a455294..e87c74d 100644
> --- a/src/tests/saveconfig.c
> +++ b/src/tests/saveconfig.c
> @@ -98,6 +98,16 @@ int main(int argc, char *argv[])
> goto out;
> }
>
> + if (!c->destroy(c)) {
> + fprintf(stderr, "%d: error deleting %s\n", __LINE__, MYNAME);
> + goto out;
> + }
> +
> + if (c->is_defined(c)) {
> + fprintf(stderr, "%d: %s thought it was defined\n", __LINE__,
> MYNAME);
> + goto out;
> + }
> +
> fprintf(stderr, "all lxc_container tests passed for %s\n", c->name);
> ret = 0;
> out:
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Fix shutdown test
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/shutdowntest.c | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/src/tests/shutdowntest.c b/src/tests/shutdowntest.c
> index fc4e8fd..e8a7126 100644
> --- a/src/tests/shutdowntest.c
> +++ b/src/tests/shutdowntest.c
> @@ -61,6 +61,7 @@ int main(int argc, char *argv[])
> goto out;
> }
>
> + c->clear_config(c);
> c->load_config(c, NULL);
> c->want_daemonize(c, true);
> if (!c->startl(c, 0, NULL)) {
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Speed up lxc-test-usernic
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/lxc-test-usernic | 8
> 1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
> index f3194dd..d00b223 100755
> --- a/src/tests/lxc-test-usernic
> +++ b/src/tests/lxc-test-usernic
> @@ -27,7 +27,7 @@ cleanup() {
> (
> set +e
>
> - lxc-stop -n usernic-c1
> + lxc-stop -n usernic-c1 -k
> lxc-destroy -n usernic-c1
>
> sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> @@ -36,7 +36,7 @@ cleanup() {
> brctl delbr usernic-br0
> brctl delbr usernic-br1
>
> - run_cmd "lxc-stop -n b1"
> + run_cmd "lxc-stop -n b1 -k"
> pkill -u $(id -u usernic-user) -9
>
> rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u
> usernic-user)
> @@ -129,7 +129,7 @@ if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx4"; then
> fi
>
> # Shut down and restart the container, should be able to assign more nics
> -run_cmd "lxc-stop -n b1"
> +run_cmd "lxc-stop -n b1 -k"
> run_cmd "lxc-start -n b1 -d"
> p1=$(run_cmd "lxc-info -n b1 -p -H")
>
> @@ -138,7 +138,7 @@ if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx5"; then
> cleanup 1
> fi
>
> -run_cmd "lxc-stop -n b1"
> +run_cmd "lxc-stop -n b1 -k"
>
> # Create a root-owned ns
> lxc-create -t busybox -n usernic-c1
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Tweak lxc-test-ubuntu to be faster
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/lxc-test-ubuntu | 9 +
> 1 file changed, 5 insertions(+), 4 deletions(-)
>
> diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> index 7fa1c89..be69eec 100755
> --- a/src/tests/lxc-test-ubuntu
> +++ b/src/tests/lxc-test-ubuntu
> @@ -23,7 +23,6 @@
> # License along with this library; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
>
> -
> set -e
>
> FAIL() {
> @@ -54,11 +53,13 @@ for template in ubuntu ubuntu-cloud; do
> else
> name=lxc-test-$template
> fi
> +
> lxc-create -t $template -n $name || FAIL "creating $template container"
> lxc-start -n $name -d || FAIL "starting $template container"
> lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> to run"
> +
> for tries in `seq 1 20`; do
> - lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
> '{ print $1}' | head -1`
> + lxcip=$(lxc-info -i -n $name -H | head -1)
> [ -z "$lxcip" ] || break
> sleep 1
> done
> @@ -66,12 +67,12 @@ for template in ubuntu ubuntu-cloud; do
>
> ping -c 1 $lxcip || FAIL "to ping $template container"
> # Check apparmor
> - lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
> $1}'`
> + lxcpid=`lxc-info -n $name -p -H`
> aa=`cat /proc/$lxcpid/attr/current`
> if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a "$aa"
> != "lxc-container-default (enforce)" ]; then
> FAIL " to correctly set apparmor profile (profile is \"$aa\")"
> fi
> - lxc-stop -n $name
> + lxc-stop -n $name -k
> lxc-destroy -n $name
> done
>
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] tests: Rework lxc-test-usernic
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/lxc-test-usernic | 136
> -
> 1 file changed, 74 insertions(+), 62 deletions(-)
>
> diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
> index e641cb9..f3194dd 100755
> --- a/src/tests/lxc-test-usernic
> +++ b/src/tests/lxc-test-usernic
> @@ -21,123 +21,135 @@
> # License along with this library; if not, write to the Free Software
> # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
>
> +DONE=0
> +
> cleanup() {
> - sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> - ifconfig usernic-br0 down
> - ifconfig usernic-br1 down
> - sudo brctl delbr usernic-br0
> - sudo brctl delbr usernic-br1
> - sudo deluser usernic-user
> - su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
> - rm -rf /tmp/usernic-test
> - exit $1
> + (
> + set +e
> +
> + lxc-stop -n usernic-c1
> + lxc-destroy -n usernic-c1
> +
> + sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> + ifconfig usernic-br0 down
> + ifconfig usernic-br1 down
> + brctl delbr usernic-br0
> + brctl delbr usernic-br1
> +
> + run_cmd "lxc-stop -n b1"
> + pkill -u $(id -u usernic-user) -9
> +
> + rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u
> usernic-user)
> +
> + deluser usernic-user
> + ) >/dev/null 2>&1
> +
> + if [ "$DONE" = "1" ]; then
> + echo "PASS"
> + exit 0
> + fi
> +
> + echo "FAIL"
> + exit 1
> +}
> +
> +run_cmd() {
> + sudo -i -u usernic-user env XDG_RUNTIME_DIR=/run/user/$(id -u
> usernic-user) $*
> }
>
> +set -eu
> +trap cleanup EXIT SIGHUP SIGINT SIGTERM
> +
> # create a test user
> deluser usernic-user || true
> useradd usernic-user
> sudo mkdir -p /home/usernic-user
> sudo chown usernic-user /home/usernic-user
> usermod -v 91-91 -w 91-91 usernic-user
> -mkdir -p /tmp/usernic-test/lxcbase
> -chown usernic-user /tmp/usernic-test/lxcbase
> -uid=$(id -u usernic-user)
> -cat > /home/usernic-user/.bashrc << EOF
> -export XDG_RUNTIME_DIR=/run/user/$uid
> -EOF
> -XDG_RUNTIME_DIR=/run/user/$uid
> -export XDG_RUNTIME_DIR=/run/user/$uid
> -mkdir -p /run/user/$uid
> -chown usernic-user /run/user/$uid
> -env
> -echo XXX[
> -su -l usernic-user -c "env"
> -sleep 20
>
> -#
> -cat > /tmp/lxc-usernic.conf << EOF
> +mkdir -p /home/usernic-user/.config/lxc/
> +cat > /home/usernic-user/.config/lxc/default.conf << EOF
> lxc.network.type = empty
> -lxc.id_map = u 0 911000 1
> -lxc.id_map = g 0 911000 1
> +lxc.id_map = u 0 91 1
> +lxc.id_map = g 0 91 1
> EOF
>
> -# Create two test bridges
> +for d in /sys/fs/cgroup/*; do
> + [ ! -d $d/lxctest ] && mkdir $d/lxctest
> + chown -R usernic-user $d/lxctest
> + echo $$ > $d/lxctest/tasks
> +done
> +
> +mkdir -p /run/user/$(id -u usernic-user)
> +chown -R usernic-user /run/user/$(id -u usernic-user) /home/usernic-user
>
> +# Create two test bridges
> brctl addbr usernic-br0
> brctl addbr usernic-br1
> ifconfig usernic-br0 0.0.0.0 up
> ifconfig usernic-br1 0.0.0.0 up
>
> -LXC_USERNIC_PATH=$(ls -1 /usr/lib/*/lxc/lxc-user-nic | head -1)
> -
> # Create three containers
> -su -l usernic-user -c "lxc-create -P /tmp/usernic-test/lxcbase -t busybox -n
> b1 -f /tmp/lxc-usernic.conf"
> -su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
> -p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
> +run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r trusty -a i386"
> +run_cmd "lxc-start -n b1 -d"
> +p1=$(run_cmd "lxc-info -n b1 -p -H")
>
> # Assign one veth, should fail as no allowed entries yet
> -su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx1"
> -if [ $? -eq 0 ]; then
> +if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx1"; then
> echo "FAIL: able to create nic with no entries"
> - cleanup 1
> + exit 1
> fi
>
> # Give him a quota of two
> touch /etc/lxc/lxc-usernet
> -sed -i '/^lxc-usernet/d' /etc/lxc/lxc-usernet
> -echo "lxc-usernet veth usernic-br0 2" >> /etc/lxc/lxc-usernet
> +sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
> +echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
>
> # Assign one veth to second bridge, should fail
> -su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br1 xx1"
> -if [ $? -eq 0 ]; then
> +if run_cmd "lxc-user-nic $p1 veth usernic-br1 xx1"; then
> echo "FAIL: able to create nic with no entries"
> - cleanup 1
> + exit 1
> fi
>
> # Assign two veths, should succeed
> -su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx2"
> -if [ $? -ne 0 ]; then
> +if ! run_cmd "lxc-user-nic $p1 veth user
Re: [lxc-devel] [PATCH] tests: Fix cleanup in lxc-test-unpriv
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/tests/lxc-test-unpriv | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv
> index ff2a44a..1e75eea 100755
> --- a/src/tests/lxc-test-unpriv
> +++ b/src/tests/lxc-test-unpriv
> @@ -34,7 +34,7 @@ cleanup() {
> run_cmd lxc-stop -n c1 -k
> pkill -u $(id -u $TUSER) -9
>
> - sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> + sed -i '/lxcunpriv/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
> sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
>
> rm -Rf $HDIR /run/user/$(id -u $TUSER)
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Fix createtest
Drop 60s delay and clear config before loading it.
Signed-off-by: Stéphane Graber
---
src/tests/createtest.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
diff --git a/src/tests/createtest.c b/src/tests/createtest.c
index b53c963..ba3a387 100644
--- a/src/tests/createtest.c
+++ b/src/tests/createtest.c
@@ -60,14 +60,13 @@ int main(int argc, char *argv[])
goto out;
}
+ c->clear_config(c);
c->load_config(c, NULL);
c->want_daemonize(c, true);
if (!c->startl(c, 0, NULL)) {
fprintf(stderr, "%d: failed to start %s\n", __LINE__, MYNAME);
goto out;
}
- fprintf(stderr, "%d: %s started, you have 60 seconds to test a
console\n", __LINE__, MYNAME);
- sleep(60); // wait a minute to let user connect to console
if (!c->stop(c)) {
fprintf(stderr, "%d: failed to stop %s\n", __LINE__, MYNAME);
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Remove containers after running clonetest
Signed-off-by: Stéphane Graber
---
src/tests/clonetest.c | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/tests/clonetest.c b/src/tests/clonetest.c
index b04ab3c..efd673e 100644
--- a/src/tests/clonetest.c
+++ b/src/tests/clonetest.c
@@ -80,9 +80,9 @@ int main(int argc, char *argv[])
// now test with lvm
// Only do this if clonetestlvm1 exists - user has to set this up
// in advance
- //c2->destroy(c2);
+ c2->destroy(c2);
lxc_container_put(c2);
- //c->destroy(c);
+ c->destroy(c);
lxc_container_put(c);
c = NULL;
@@ -167,11 +167,11 @@ out:
lxc_container_put(c3);
}
if (c2) {
- //c2->destroy(c2); // keep around to verify manuall
+ c2->destroy(c2);
lxc_container_put(c2);
}
if (c) {
- //c->destroy(c);
+ c->destroy(c);
lxc_container_put(c);
}
exit(ret);
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] lxc-start: fix the container leak when daemonize
On 2014/1/24 1:17, Serge Hallyn wrote:
> Quoting Qiang Huang (h.huangqi...@huawei.com):
>> I already reasoned in the added comment, we need this because if not,
>> lxc_container won't be freed when daemon exits, and PID file won't
>> be unlinked either.
>
> I see, but
>
>> What about this:
>>
>> From 80f3862f9c4dbc8a05e79e50c50e79e30ffebc25 Mon Sep 17 00:00:00 2001
>> From: Qiang Huang
>> Date: Thu, 23 Jan 2014 14:25:31 +0800
>> Subject: [PATCH] daemon: add lxc_container_put to free container when daemon
>> exits
>>
>> PID file in lxc_container is unlinked when lxc_container_free,
>> if we leak the container, the PID file also won't be removed
>> after container down.
>>
>> Signed-off-by: Qiang Huang
>
> I was about to ack this, but then it occurred to me that
> this seems to show that the pidfile free shouldn't be done
> through lxc_container_free(). The pidfile always gets
> written right before the reboot: label, and should simply be
> explicitly removed in the place where you are adding a
> lxc_container_put(). That way it is symmetric; by having
> it in lxc_container_free(), it is not.
>
You are right, please review this:
---
>From 4ed573856d9f0ec56b8e522efd40f986a0409aa1 Mon Sep 17 00:00:00 2001
From: Qiang Huang
Date: Fri, 24 Jan 2014 11:41:27 +0800
Subject: [PATCH] lxccontainer: remove PID file after lxc_start return
Make the way symmetric. This also fix the file leak in
daemon model.
Signed-off-by: Qiang Huang
---
src/lxc/lxccontainer.c | 11 ++-
1 file changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 1520cd3..9ebb27e 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -233,11 +233,6 @@ static void lxc_container_free(struct lxc_container *c)
free(c->config_path);
c->config_path = NULL;
}
- if (c->pidfile) {
- unlink(c->pidfile);
- free(c->pidfile);
- c->pidfile = NULL;
- }
free(c);
}
@@ -665,6 +660,12 @@ reboot:
goto reboot;
}
+ if (c->pidfile) {
+ unlink(c->pidfile);
+ free(c->pidfile);
+ c->pidfile = NULL;
+ }
+
if (daemonize)
exit (ret == 0 ? true : false);
else
--
1.8.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] idmap_add_id: fix broken behavior
The geteuid() addition is being made the first element of the lxc_list,
but the first element is just a head whose entry is ignored. Therefore
userns_exec_1() was starting its tasks without the caller's uid mapped
into the namespace.
Signed-off-by: Serge Hallyn
---
src/lxc/conf.c | 52 +---
1 file changed, 25 insertions(+), 27 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index d2942cb..30d0d6b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2170,9 +2170,9 @@ static int setup_caps(struct lxc_list *caps)
DEBUG("drop capability '%s' (%d)", drop_entry, capid);
if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
- SYSERROR("failed to remove %s capability", drop_entry);
- return -1;
-}
+ SYSERROR("failed to remove %s capability", drop_entry);
+ return -1;
+ }
}
@@ -2240,9 +2240,9 @@ static int dropcaps_except(struct lxc_list *caps)
if (caplist[i])
continue;
if (prctl(PR_CAPBSET_DROP, i, 0, 0, 0)) {
- SYSERROR("failed to remove capability %d", i);
- return -1;
-}
+ SYSERROR("failed to remove capability %d", i);
+ return -1;
+ }
}
DEBUG("capabilities have been setup");
@@ -3135,7 +3135,7 @@ int lxc_map_ids(struct lxc_list *idmap, pid_t pid)
* Return true if id was found, false otherwise.
*/
bool get_mapped_rootid(struct lxc_conf *conf, enum idtype idtype,
-unsigned long *val)
+ unsigned long *val)
{
struct lxc_list *it;
struct id_map *map;
@@ -3266,7 +3266,7 @@ int lxc_create_tty(const char *name, struct lxc_conf
*conf)
DEBUG("allocated pty '%s' (%d/%d)",
pty_info->name, pty_info->master, pty_info->slave);
-/* Prevent leaking the file descriptors to the container */
+ /* Prevent leaking the file descriptors to the container */
fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
@@ -3969,29 +3969,31 @@ static struct lxc_list *idmap_add_id(struct lxc_conf
*conf, uid_t uid)
struct lxc_list *new = NULL, *tmp, *it, *next;
struct id_map *entry;
+ new = malloc(sizeof(*new));
+ if (!new) {
+ ERROR("Out of memory building id map");
+ return NULL;
+ }
+ lxc_list_init(new);
+
if (hostid_mapped < 0) {
hostid_mapped = find_unmapped_nsuid(conf);
- if (hostid_mapped < 0) {
- ERROR("Could not find free uid to map");
- return NULL;
- }
- new = malloc(sizeof(*new));
- if (!new) {
- ERROR("Out of memory building id map");
- return NULL;
- }
+ if (hostid_mapped < 0)
+ goto err;
+ tmp = malloc(sizeof(*tmp));
+ if (!tmp)
+ goto err;
entry = malloc(sizeof(*entry));
if (!entry) {
- free(new);
- ERROR("Out of memory building idmap entry");
- return NULL;
+ free(tmp);
+ goto err;
}
- new->elem = entry;
+ tmp->elem = entry;
entry->idtype = ID_TYPE_UID;
entry->nsid = hostid_mapped;
entry->hostid = (unsigned long)uid;
entry->range = 1;
- lxc_list_init(new);
+ lxc_list_add_tail(new, tmp);
}
lxc_list_for_each_safe(it, &conf->id_map, next) {
tmp = malloc(sizeof(*tmp));
@@ -4005,11 +4007,7 @@ static struct lxc_list *idmap_add_id(struct lxc_conf
*conf, uid_t uid)
memset(entry, 0, sizeof(*entry));
memcpy(entry, it->elem, sizeof(*entry));
tmp->elem = entry;
- if (!new) {
- new = tmp;
- lxc_list_init(new);
- } else
- lxc_list_add_tail(new, tmp);
+ lxc_list_add_tail(new, tmp);
}
return new;
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Drop 60s delay in shutdowntest
Signed-off-by: Stéphane Graber
---
src/tests/shutdowntest.c | 2 --
1 file changed, 2 deletions(-)
diff --git a/src/tests/shutdowntest.c b/src/tests/shutdowntest.c
index e8a7126..6e4bb31 100644
--- a/src/tests/shutdowntest.c
+++ b/src/tests/shutdowntest.c
@@ -68,8 +68,6 @@ int main(int argc, char *argv[])
fprintf(stderr, "%d: failed to start %s\n", __LINE__, MYNAME);
goto out;
}
- fprintf(stderr, "%d: %s started, you have 60 seconds to test a
console\n", __LINE__, MYNAME);
- sleep(60); // wait a minute to let user connect to console
if (!c->shutdown(c, 60)) {
fprintf(stderr, "%d: failed to shut down %s\n", __LINE__,
MYNAME);
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] Fix destroy() crash when no config is loaded
Signed-off-by: Stéphane Graber
---
src/lxc/lxccontainer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 1520cd3..fbf0824 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -1957,7 +1957,7 @@ static bool lxcapi_destroy(struct lxc_container *c)
goto out;
}
- if (!am_unpriv() && c->lxc_conf->rootfs.path &&
c->lxc_conf->rootfs.mount) {
+ if (!am_unpriv() && c->lxc_conf && c->lxc_conf->rootfs.path &&
c->lxc_conf->rootfs.mount) {
r = bdev_init(c->lxc_conf->rootfs.path,
c->lxc_conf->rootfs.mount, NULL);
if (r) {
if (r->ops->destroy(r) < 0) {
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Fix lxc-test-saveconfig cleanup
Signed-off-by: Stéphane Graber
---
src/tests/saveconfig.c | 10 ++
1 file changed, 10 insertions(+)
diff --git a/src/tests/saveconfig.c b/src/tests/saveconfig.c
index a455294..e87c74d 100644
--- a/src/tests/saveconfig.c
+++ b/src/tests/saveconfig.c
@@ -98,6 +98,16 @@ int main(int argc, char *argv[])
goto out;
}
+ if (!c->destroy(c)) {
+ fprintf(stderr, "%d: error deleting %s\n", __LINE__, MYNAME);
+ goto out;
+ }
+
+ if (c->is_defined(c)) {
+ fprintf(stderr, "%d: %s thought it was defined\n", __LINE__,
MYNAME);
+ goto out;
+ }
+
fprintf(stderr, "all lxc_container tests passed for %s\n", c->name);
ret = 0;
out:
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Fix shutdown test
Signed-off-by: Stéphane Graber
---
src/tests/shutdowntest.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/tests/shutdowntest.c b/src/tests/shutdowntest.c
index fc4e8fd..e8a7126 100644
--- a/src/tests/shutdowntest.c
+++ b/src/tests/shutdowntest.c
@@ -61,6 +61,7 @@ int main(int argc, char *argv[])
goto out;
}
+ c->clear_config(c);
c->load_config(c, NULL);
c->want_daemonize(c, true);
if (!c->startl(c, 0, NULL)) {
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Speed up lxc-test-usernic
Signed-off-by: Stéphane Graber
---
src/tests/lxc-test-usernic | 8
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
index f3194dd..d00b223 100755
--- a/src/tests/lxc-test-usernic
+++ b/src/tests/lxc-test-usernic
@@ -27,7 +27,7 @@ cleanup() {
(
set +e
- lxc-stop -n usernic-c1
+ lxc-stop -n usernic-c1 -k
lxc-destroy -n usernic-c1
sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
@@ -36,7 +36,7 @@ cleanup() {
brctl delbr usernic-br0
brctl delbr usernic-br1
- run_cmd "lxc-stop -n b1"
+ run_cmd "lxc-stop -n b1 -k"
pkill -u $(id -u usernic-user) -9
rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u
usernic-user)
@@ -129,7 +129,7 @@ if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx4"; then
fi
# Shut down and restart the container, should be able to assign more nics
-run_cmd "lxc-stop -n b1"
+run_cmd "lxc-stop -n b1 -k"
run_cmd "lxc-start -n b1 -d"
p1=$(run_cmd "lxc-info -n b1 -p -H")
@@ -138,7 +138,7 @@ if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx5"; then
cleanup 1
fi
-run_cmd "lxc-stop -n b1"
+run_cmd "lxc-stop -n b1 -k"
# Create a root-owned ns
lxc-create -t busybox -n usernic-c1
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Tweak lxc-test-ubuntu to be faster
Signed-off-by: Stéphane Graber
---
src/tests/lxc-test-ubuntu | 9 +
1 file changed, 5 insertions(+), 4 deletions(-)
diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
index 7fa1c89..be69eec 100755
--- a/src/tests/lxc-test-ubuntu
+++ b/src/tests/lxc-test-ubuntu
@@ -23,7 +23,6 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
-
set -e
FAIL() {
@@ -54,11 +53,13 @@ for template in ubuntu ubuntu-cloud; do
else
name=lxc-test-$template
fi
+
lxc-create -t $template -n $name || FAIL "creating $template container"
lxc-start -n $name -d || FAIL "starting $template container"
lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
to run"
+
for tries in `seq 1 20`; do
- lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
'{ print $1}' | head -1`
+ lxcip=$(lxc-info -i -n $name -H | head -1)
[ -z "$lxcip" ] || break
sleep 1
done
@@ -66,12 +67,12 @@ for template in ubuntu ubuntu-cloud; do
ping -c 1 $lxcip || FAIL "to ping $template container"
# Check apparmor
- lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
$1}'`
+ lxcpid=`lxc-info -n $name -p -H`
aa=`cat /proc/$lxcpid/attr/current`
if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a "$aa"
!= "lxc-container-default (enforce)" ]; then
FAIL " to correctly set apparmor profile (profile is \"$aa\")"
fi
- lxc-stop -n $name
+ lxc-stop -n $name -k
lxc-destroy -n $name
done
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Rework lxc-test-usernic
Signed-off-by: Stéphane Graber
---
src/tests/lxc-test-usernic | 136 -
1 file changed, 74 insertions(+), 62 deletions(-)
diff --git a/src/tests/lxc-test-usernic b/src/tests/lxc-test-usernic
index e641cb9..f3194dd 100755
--- a/src/tests/lxc-test-usernic
+++ b/src/tests/lxc-test-usernic
@@ -21,123 +21,135 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+DONE=0
+
cleanup() {
- sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
- ifconfig usernic-br0 down
- ifconfig usernic-br1 down
- sudo brctl delbr usernic-br0
- sudo brctl delbr usernic-br1
- sudo deluser usernic-user
- su -l usernic-user -c "lxc-stop -P /tmp/usernic-test/lxcbase -n b1"
- rm -rf /tmp/usernic-test
- exit $1
+ (
+ set +e
+
+ lxc-stop -n usernic-c1
+ lxc-destroy -n usernic-c1
+
+ sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
+ ifconfig usernic-br0 down
+ ifconfig usernic-br1 down
+ brctl delbr usernic-br0
+ brctl delbr usernic-br1
+
+ run_cmd "lxc-stop -n b1"
+ pkill -u $(id -u usernic-user) -9
+
+ rm -rf /tmp/usernic-test /home/usernic-user /run/user/$(id -u
usernic-user)
+
+ deluser usernic-user
+ ) >/dev/null 2>&1
+
+ if [ "$DONE" = "1" ]; then
+ echo "PASS"
+ exit 0
+ fi
+
+ echo "FAIL"
+ exit 1
+}
+
+run_cmd() {
+ sudo -i -u usernic-user env XDG_RUNTIME_DIR=/run/user/$(id -u
usernic-user) $*
}
+set -eu
+trap cleanup EXIT SIGHUP SIGINT SIGTERM
+
# create a test user
deluser usernic-user || true
useradd usernic-user
sudo mkdir -p /home/usernic-user
sudo chown usernic-user /home/usernic-user
usermod -v 91-91 -w 91-91 usernic-user
-mkdir -p /tmp/usernic-test/lxcbase
-chown usernic-user /tmp/usernic-test/lxcbase
-uid=$(id -u usernic-user)
-cat > /home/usernic-user/.bashrc << EOF
-export XDG_RUNTIME_DIR=/run/user/$uid
-EOF
-XDG_RUNTIME_DIR=/run/user/$uid
-export XDG_RUNTIME_DIR=/run/user/$uid
-mkdir -p /run/user/$uid
-chown usernic-user /run/user/$uid
-env
-echo XXX[
-su -l usernic-user -c "env"
-sleep 20
-#
-cat > /tmp/lxc-usernic.conf << EOF
+mkdir -p /home/usernic-user/.config/lxc/
+cat > /home/usernic-user/.config/lxc/default.conf << EOF
lxc.network.type = empty
-lxc.id_map = u 0 911000 1
-lxc.id_map = g 0 911000 1
+lxc.id_map = u 0 91 1
+lxc.id_map = g 0 91 1
EOF
-# Create two test bridges
+for d in /sys/fs/cgroup/*; do
+ [ ! -d $d/lxctest ] && mkdir $d/lxctest
+ chown -R usernic-user $d/lxctest
+ echo $$ > $d/lxctest/tasks
+done
+
+mkdir -p /run/user/$(id -u usernic-user)
+chown -R usernic-user /run/user/$(id -u usernic-user) /home/usernic-user
+# Create two test bridges
brctl addbr usernic-br0
brctl addbr usernic-br1
ifconfig usernic-br0 0.0.0.0 up
ifconfig usernic-br1 0.0.0.0 up
-LXC_USERNIC_PATH=$(ls -1 /usr/lib/*/lxc/lxc-user-nic | head -1)
-
# Create three containers
-su -l usernic-user -c "lxc-create -P /tmp/usernic-test/lxcbase -t busybox -n
b1 -f /tmp/lxc-usernic.conf"
-su -l usernic-user -c "lxc-start -P /tmp/usernic-test/lxcbase -n b1 -d"
-p1=`lxc-info -P /tmp/usernic-test/lxcbase -n b1 -p | awk -F: '{ print $2 }'`
+run_cmd "lxc-create -t download -n b1 -- -d ubuntu -r trusty -a i386"
+run_cmd "lxc-start -n b1 -d"
+p1=$(run_cmd "lxc-info -n b1 -p -H")
# Assign one veth, should fail as no allowed entries yet
-su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx1"
-if [ $? -eq 0 ]; then
+if run_cmd "lxc-user-nic $p1 veth usernic-br0 xx1"; then
echo "FAIL: able to create nic with no entries"
- cleanup 1
+ exit 1
fi
# Give him a quota of two
touch /etc/lxc/lxc-usernet
-sed -i '/^lxc-usernet/d' /etc/lxc/lxc-usernet
-echo "lxc-usernet veth usernic-br0 2" >> /etc/lxc/lxc-usernet
+sed -i '/^usernic-user/d' /etc/lxc/lxc-usernet
+echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet
# Assign one veth to second bridge, should fail
-su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br1 xx1"
-if [ $? -eq 0 ]; then
+if run_cmd "lxc-user-nic $p1 veth usernic-br1 xx1"; then
echo "FAIL: able to create nic with no entries"
- cleanup 1
+ exit 1
fi
# Assign two veths, should succeed
-su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx2"
-if [ $? -ne 0 ]; then
+if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx2"; then
echo "FAIL: unable to create first nic"
- cleanup 1
+ exit 1
fi
-su -l usernic-user -c "$LXC_USERNIC_PATH $p1 veth usernic-br0 xx3"
-if [ $? -ne 0 ]; then
+
+if ! run_cmd "lxc-user-nic $p1 veth usernic-br0 xx3"; then
echo "FAIL: unable to create second nic"
[lxc-devel] [PATCH] tests: Fix cleanup in lxc-test-unpriv
Signed-off-by: Stéphane Graber
---
src/tests/lxc-test-unpriv | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv
index ff2a44a..1e75eea 100755
--- a/src/tests/lxc-test-unpriv
+++ b/src/tests/lxc-test-unpriv
@@ -34,7 +34,7 @@ cleanup() {
run_cmd lxc-stop -n c1 -k
pkill -u $(id -u $TUSER) -9
- sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
+ sed -i '/lxcunpriv/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
rm -Rf $HDIR /run/user/$(id -u $TUSER)
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] Last minute template addition - universal image based
Hello,
Due to the recent changes in lxc-plamo.in related to environment
variables, lxc-plamo is now able to create variant containers with
additional environment variables other than the default configuration.
For example:
# Add "09_kernel" category to the default configuration
CATEGORIES="00_base 01_minimum 09_kernel"
/usr/local/share/lxc/templates/lxc-plamo \
--path /build-lxc/containers/LXC_NAME \
--rootfs /build-lxc/containers/LXC_NAME/rootfs \
--name LXC_NAME -r 5.x -a x86_64
# Add "fuga-1.0.0-x86_64.P1.txz" package in "contrib/hoge" category
ADDONPKGS="contrib/hoge/fuga"
/usr/local/share/lxc/templates/lxc-plamo \
--path /build-lxc/containers/LXC_NAME \
--rootfs /build-lxc/containers/LXC_NAME/rootfs \
--name LXC_NAME -r 5.x -a x86_64
So, we would like to turn on the job to your Jenkins server, according
to the configuration matrix below:
# Jenkins: lxc-template-plamo #
[The Configuration Matrix]
+--+-+-+-+
| ARCH/VARIANT | default | mini | full |
+--+-+-+-+
| x86 |*|*|*|
+--+-+-+-+
|x86_64|*|*|*|
+--+-+-+-+
When creating rootfs images corresponding to each variant, the sets of
environment variables to be given are shown below:
[x86,5.x,default](same as the existing configuration)
[x86_64,5.x,default] (same as the existing configuration)
--
(unset CATEGORIES) # using default value in lxc-plamo
(unset EXTRACTGRS) # using default value in lxc-plamo
(unset IGNOREPKGS) # using default value in lxc-plamo
(unset ADDONPKGS) # using default value in lxc-plamo
--
[x86,5.x,mini](similar to P-Plamo-5.2/mini)
[x86_64,5.x,mini] (similar to P-Plamo-5.2/mini64)
--
CATEGORIES="00_base 01_minimum 02_x11 03_xclassics"
(unset EXTRACTGRS) # using default value in lxc-plamo
IGNOREPKGS=""
ADDONPKGS="`echo plamo/04_xapps/{dbus,print.txz/openslp}`
`echo plamo/05_ext/AV.txz/{libao,flac,jack_audio_connection_kit}`
`echo plamo/05_ext/{AV.txz/{libvorbis,libogg,speex},ftgl}`"
--
[x86,5.x,full](similar to P-Plamo-5.2/x86)
[x86_64,5.x,full] (similar to P-Plamo-5.2/x86_64)
--
CATEGORIES="00_base 01_minimum 02_x11 03_xclassics 04_xapps 05_ext
06_xfce 07_kde 08_tex 09_kernel 10_lof 11_mate"
EXTRACTGRS="AVtool Education Hamradio Haskell MUA Virtualization"
IGNOREPKGS=""
ADDONPKGS=""
--
Thanks in advance.
Regards,
TAMUKI Shoichi
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] tests: Update lxc-test-unpriv
Update lxc-test-unpriv to be a bit simpler and more reliable.
Signed-off-by: Stéphane Graber
---
src/tests/lxc-test-unpriv | 71 ++-
1 file changed, 39 insertions(+), 32 deletions(-)
diff --git a/src/tests/lxc-test-unpriv b/src/tests/lxc-test-unpriv
index ce3cc75..ff2a44a 100755
--- a/src/tests/lxc-test-unpriv
+++ b/src/tests/lxc-test-unpriv
@@ -29,14 +29,27 @@ which newuidmap >/dev/null 2>&1 || { echo "'newuidmap'
command is missing" >&2;
DONE=0
cleanup() {
- lxc-stop -P $HDIR/lxcbase -n c1
+ cd
+
+ run_cmd lxc-stop -n c1 -k
+ pkill -u $(id -u $TUSER) -9
+
sed -i '/usernic-user/d' /var/run/lxc/nics /etc/lxc/lxc-usernet
sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
- sudo deluser $TUSER
- rm -rf $HDIR
+
+ rm -Rf $HDIR /run/user/$(id -u $TUSER)
+
+ deluser $TUSER
+
if [ $DONE -eq 0 ]; then
- exit $1
+ echo "FAIL"
+ exit 1
fi
+ echo "PASS"
+}
+
+run_cmd() {
+ sudo -i -u $TUSER env XDG_RUNTIME_DIR=/run/user/$(id -u $TUSER) $*
}
# create a test user
@@ -44,50 +57,44 @@ TUSER=lxcunpriv
HDIR=/home/$TUSER
trap cleanup EXIT SIGHUP SIGINT SIGTERM
+set -eu
-deluser $TUSER || true
+deluser $TUSER && rm -Rf $HDIR || true
useradd $TUSER
-sudo mkdir -p $HDIR
-sudo chown $TUSER $HDIR
+
+mkdir -p $HDIR
echo "$TUSER veth lxcbr0 2" > /etc/lxc/lxc-usernet
sed -i '/^lxcunpriv:/d' /etc/subuid /etc/subgid
+
usermod -v 91-91 -w 91-91 $TUSER
-mkdir -p $HDIR/lxcbase
-chown $TUSER $HDIR/lxcbase
-uid=$(id -u $TUSER)
-cat >> $HDIR/.bashrc << EOF
-export HOME=$HDIR
-export USER=$TUSER
-EOF
-chown $TUSER $HDIR/.bashrc
-cat > $HDIR/lxc-usernic.conf << EOF
+mkdir -p $HDIR/.config/lxc/
+cat > $HDIR/.config/lxc/default.conf << EOF
lxc.network.type = veth
lxc.network.link = lxcbr0
lxc.id_map = u 0 91
lxc.id_map = g 0 91
EOF
-chown $TUSER $HDIR/lxc-usernic.conf
-rm -rf /run/lock/lxc/home/$TUSER
-mkdir -p /run/lock/lxc/home/$TUSER
-chown $TUSER /run/lock/lxc/home/$TUSER
+chown -R $TUSER $HDIR
+
+mkdir -p /run/user/$(id -u $TUSER)
+chown -R $TUSER /run/user/$(id -u $TUSER)
+
+cd $HDIR
for d in /sys/fs/cgroup/*; do
- mkdir $d/lxctest
+ [ ! -d $d/lxctest ] && mkdir $d/lxctest
chown -R $TUSER $d/lxctest
echo $$ > $d/lxctest/tasks
done
-cd $HDIR
-#export HOME=$HDIR
-env | awk -F= '{print $1}' | while read line; do export ${line}=; done
-echo "DOING: lxc-create -P $HDIR/lxcbase -t ubuntu-cloud -n c1 -f
$HDIR/lxc-usernic.conf"
-sudo --set-home -u $TUSER lxc-create -P $HDIR/lxcbase -t ubuntu-cloud -n c1 -f
$HDIR/lxc-usernic.conf -l outout -o /tmp/o1
-#read -p "c1 created, check it now" x
-sudo --set-home -u $TUSER lxc-start -P $HDIR/lxcbase -n c1 -d
-
-p1=`lxc-info -P $HDIR/lxcbase -n c1 -p | awk -F: '{ print $2 }'`
+
+run_cmd lxc-create -t download -n c1 -- -d ubuntu -r trusty -a i386
+run_cmd lxc-start -n c1 -d
+
+p1=$(run_cmd lxc-info -n c1 -p -H)
[ "$p1" != "-1" ] || { echo "Failed to start container c1"; false; }
-lxc-attach -P $HDIR/lxcbase -n c1 -- ping -c 1 google.com
-echo "All tests passed"
+run_cmd lxc-info -n c1
+run_cmd lxc-attach -n c1 -- /bin/true
+
DONE=1
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Update Fedora and CentOS templates for common conf includes.
On Wed, 2014-01-22 at 10:35 -0500, Stéphane Graber wrote: > On Wed, Jan 22, 2014 at 09:29:23AM -0500, Michael H. Warfield wrote: > > On Tue, 2014-01-21 at 20:25 -0500, Stéphane Graber wrote: > > > On Tue, Jan 21, 2014 at 11:56:56AM -0500, Michael H. Warfield wrote: > > > > Update Fedora and CentOS templates for common conf includes. > > > > > > > > This updates the Fedora and CentOS templates to utilize a common > > > > included config. This is largely based on the changes in the Oracle > > > > template with some exceptions. > > > > > > > > Dropping of setpcap (present in the Oracle template) is commented out in > > > > the Fedora template. It seems to cause problems, such as large login > > > > delays with Fedora 20 containers (but not Fedora 19 - strange). > > > > > > > > The Fedora template is further modified to disable > > > > systemd-journald.service > > > > as it is unnecessary in a container and causes serious problems when > > > > running in a Fedora 20 container. > > > > > > > > The Fedora template is also updated to default to Fedora 20 when running > > > > on a non-Fedora host. > > > > > > > > Regards, > > > > Mike > > > > > > > > Signed-off-by: Michael H. Warfield > > > > > > Acked-by: Stéphane Graber > > > > > > I'll setup builds for CentOS 6.5 on amd64 and i386 and for Fedora 19 and > > > 20 also on amd64 and i386. > > > > > > I believe Fedora 20 also supports armhf but that one may need a bit more > > > work to get going (do you know if your template works with armhf?). > > > > Fedora does support armhf in mainline now. Previously it was in aux. > > The template was definitely working with Raspberry Pi armhf with > > Fedora18. That was before they created the "Pidora" respin which broke > > the Fedora template thanks to the name change and some repo changes. > > Since then, I've also done that distro agnostic bootstrap coding. I > > wouldn't be surprised if it was broken, but it should be close. I'll > > have to give it a shot on one of my RPi's. > > > > Regards, > > Mike > The image build worked at least, I still need to actually test the > resulting images to make sure they work though. > Btw, any chance of getting -A working before 1.0 release? Ok, you got it in both the Fedora and CentOS templates. I just posted the patch. I changed it to be "-a" instead of "-A" to correspond with the options in the Oracle and Ubuntu templates as well. Regards Mike -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] Update CentOS and Fedora templates to support archtectures option.
Update CentOS and Fedora templates to support archtecture option.
Added code to the CentOS and Fedora templates so that x86 32 bit containers
may be built on x86_64 platforms. Like archectectures may also be trivially
used as well.
Option added is "-a {arch}".
Additionally cleaned up some bash specific logic.
Signed-off-by: Michael H. Warfield
---
templates/lxc-centos.in | 86 +--
templates/lxc-fedora.in | 104 ++--
2 files changed, 131 insertions(+), 59 deletions(-)
diff --git a/templates/lxc-centos.in b/templates/lxc-centos.in
index 82dc651..18f4e33 100644
--- a/templates/lxc-centos.in
+++ b/templates/lxc-centos.in
@@ -27,8 +27,6 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#Configurations
-arch=$(arch)
-cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$arch
default_path=@LXCPATH@
# Some combinations of the tunning knobs below do not exactly make sense.
@@ -134,22 +132,6 @@ then
fi
fi
-# Map a few architectures to their generic Centos repository archs.
-#
-# CentOS currently doesn't support ARM but it's copied here from
-# the Fedora template for completeness and that it will in the future.
-#
-# The two ARM archs are a bit of a guesstimate for the v5 and v6
-# archs. V6 should have hardware floating point (Rasberry Pi).
-# The "arm" arch is safer (no hardware floating point). So
-# there may be cases where we "get it wrong" for some v6 other
-# than RPi.
-case "$arch" in
-i686) arch=i386 ;;
-armv3l|armv4l|armv5l) arch=arm ;;
-armv6l|armv7l|armv8l) arch=armhfp ;;
-esac
-
force_mknod()
{
# delete a device node if exists, and create a new one
@@ -385,11 +367,11 @@ download_centos()
cat < $REPO_FILE
[base]
name=CentOS-$release - Base
-mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=os
+mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=os
[updates]
name=CentOS-$release - Updates
-mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$arch&repo=updates
+mirrorlist=http://mirrorlist.centos.org/?release=$release&arch=$basearch&repo=updates
EOF
# create minimal device nodes, needed for "yum install" and "yum update"
process
@@ -519,8 +501,7 @@ install_centos()
create_hwaddr()
{
-echo $(dd if=/dev/urandom bs=8 count=1 2>/dev/null | md5sum |
-sed -e 's/\(..\)\(..\)\(..\)\(..\)\(..\).*/fe:\1:\2:\3:\4:\5/')
+openssl rand -hex 5 | sed -e 's/\(..\)/:\1/g; s/^/fe/'
}
copy_configuration()
@@ -630,23 +611,24 @@ usage:
Mandatory args:
-n,--name container name, used to as an identifier for that
container from now on
Optional args:
- -p,--path path to where the container rootfs will be created,
defaults to /var/lib/lxc. The container config will go under /var/lib/lxc in
that case
+ -p,--path path to where the container rootfs will be created,
defaults to /var/lib/lxc/name.
-c,--cleanclean the cache
-R,--release Centos release for the new container. if the host is
Centos, then it will defaultto the host's release.
--fqdn fully qualified domain name (FQDN) for DNS and system
naming
- -A,--arch NOT USED YET. Define what arch the container will be
[i686,x86_64]
+ -a,--arch Define what arch the container will be [i686,x86_64]
-h,--help print this help
EOF
return 0
}
-options=$(getopt -o hp:n:cR: -l help,path:,rootfs:,name:,clean,release:,fqdn:
-- "$@")
+options=$(getopt -o a:hp:n:cR: -l
help,path:,rootfs:,name:,clean,release:,fqdn: -- "$@")
if [ $? -ne 0 ]; then
usage $(basename $0)
exit 1
fi
-eval set -- "$options"
+arch=$(arch)
+eval set -- "$options"
while true
do
case "$1" in
@@ -656,6 +638,7 @@ do
-n|--name) name=$2; shift 2;;
-c|--clean) clean=$2; shift 2;;
-R|--release) release=$2; shift 2;;
+-a|--arch) newarch=$2; shift 2;;
--fqdn) utsname=$2; shift 2;;
--) shift 1; break ;;
*) break ;;
@@ -667,6 +650,51 @@ if [ ! -z "$clean" -a -z "$path" ]; then
exit 0
fi
+basearch=${arch}
+# Map a few architectures to their generic CentOS repository archs.
+# The two ARM archs are a bit of a guesstimate for the v5 and v6
+# archs. V6 should have hardware floating point (Rasberry Pi).
+# The "arm" arch is safer (no hardware floating point). So
+# there may be cases where we "get it wrong" for some v6 other
+# than RPi.
+case "$arch" in
+i686) basearch=i386 ;;
+armv3l|armv4l|armv5l) basearch=arm ;;
+armv6l|armv7l|armv8l) basearch=armhfp ;;
+*) ;;
+esac
+
+# Somebody wants to specify an arch. This is very limited case.
+# i386/i586/i686 on i386/x86_64
+# - or -
+# x86_64 on x86_64
+if [ "${newarch}" != "" -a "${newarch}" != "${arch}" ]
+then
+case "${newarch}" in
+i386|i586|i686)
+if [ "${basearch}"
[lxc-devel] [lxc/lxc] 0b3a65: get_mapped_rootid: fix description
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 0b3a6504e51795e738de8e017c22d209a93bc169 https://github.com/lxc/lxc/commit/0b3a6504e51795e738de8e017c22d209a93bc169 Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/conf.c Log Message: --- get_mapped_rootid: fix description Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 2a9a80: get_mapped_rootid: avoid using (uid_t) -1
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 2a9a80cb1c93064e36ba194659de741f9816528a https://github.com/lxc/lxc/commit/2a9a80cb1c93064e36ba194659de741f9816528a Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/conf.c Log Message: --- get_mapped_rootid: avoid using (uid_t) -1 Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 135495: lxc-clone: support unprivileged use
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 1354955b02bca17d72162f2d61f38e72edea792f https://github.com/lxc/lxc/commit/1354955b02bca17d72162f2d61f38e72edea792f Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/bdev.c M src/lxc/bdev.h M src/lxc/lxccontainer.c M src/lxc/utils.h Log Message: --- lxc-clone: support unprivileged use This also fixes unprivileged use of lxc-snapshot and lxc-rename. Signed-off-by: Serge Hallyn Acked-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] f6639e: cgm_get: support NULL value
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: f6639e3bee908381e5d36732c847e5f22affc278 https://github.com/lxc/lxc/commit/f6639e3bee908381e5d36732c847e5f22affc278 Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgmanager.c Log Message: --- cgm_get: support NULL value Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] cgroupfs: support older kernels without cgroup.clone_children
Hi Serge,
On Thu, Jan 23, 2014 at 11:28:46AM -0600, Serge Hallyn wrote:
> Quoting Robert Vogelgesang (vo...@users.sourceforge.net):
> > > +static long get_value(const char *dir, const char *file)
> > > +{
> > > + FILE *f;
> > > + char path[MAXPATHLEN];
> > > + int ret, retv;
> > > +
> > > + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> > > + if (retv < 0 || retv >= MAXPATHLEN)
> > > + return 0;
> > > + f = fopen(path, "r");
> > > + ret = fscanf(f, "%d", &retv);
> >
> > This is not sufficient, because cpuset.cpus and cpuset.mems do not contain
> > plain decimals, but lists and ranges of decimals. You have to use %s here.
>
> Interesting; I cut-pasted this from code we had quite some time ago,
> else I would in fact have used lxc_read_from_file().
this does only prove that no-one noticed that it did not work "full-spec".
If you copy only the first digit, the cgroup is initialized and works.
The difference is only that it is restricted to using less resources
than the admin might have intended.
>
> So given that in the past few years you are apparently the first person
> to use this without cgroup.clone_children and without ns cgroup, I have
> to ask is there another kernel you could just as easily be using? If
> not then let's proceed; if so then I'd rather yank code that will very
> rarely get tested.
No, I'm only the first person that is using 1.0.0.beta2 under RHEL-6.5.
lxc-0.9.0 does work with the standard RHEL-6 kernel, as long as the
admin doesn't care about cpuset cgroups.
RHEL-6 offers only one kernel for the x86_64 architecture (which is
currently version 2.6.32-431.3.1.el6.x86_64), there are no other
options, at least if you strictly follow Redhat.
>
> (Of course long term I'd like to yank all the cgroupfs code :)
:-)
>
[...]
> > > } else {
> > > /* if we didn't create the cgroup, then we have
> > > to make sure that
> > >* further cgroups will be created properly
> >
> > What about this "else" code path, shouldn't setup_cpuset_if_needed()
> > be called here, too?
> >
> > Note: This comment is followed by a call to handle_cgroup_settings()
> > that has the first argument wrong, as I already wrote to the list
> > yesterday in the "Containers do not start with lxc-1.0.0.beta2 on
> > RHEL-6.5" thread.
>
> I don't seem to have that email, so could you please re-iterate?
I basically comes down to this patch, against the cgroup.c from
the 1.0.0.beta2 tarball:
diff -u lxc-lxc-1.0.0.beta2/src/lxc/cgroup.c.orig
lxc-lxc-1.0.0.beta2/src/lxc/cgroup.c
--- lxc-lxc-1.0.0.beta2/src/lxc/cgroup.c.orig 2014-01-16 01:07:33.0
+0100
+++ lxc-lxc-1.0.0.beta2/src/lxc/cgroup.c2014-01-22 17:50:48.169119388
+0100
@@ -887,7 +887,7 @@
/* if we didn't create the cgroup, then we have
to make sure that
* further cgroups will be created properly
*/
- if (handle_cgroup_settings(mp,
info_ptr->cgroup_path) < 0) {
+ if
(handle_cgroup_settings(info_ptr->designated_mount_point,
info_ptr->cgroup_path) < 0) {
ERROR("Could not set clone_children to
1 for cpuset hierarchy in pre-existing cgroup.");
goto cleanup_from_error;
}
@@ -2005,7 +2005,7 @@
if (r < 1 || buf[0] != '1') {
r = lxc_write_to_file(cc_path, "1", 1, false);
if (r < 0)
- SYSERROR("failed to set
memory.use_hiararchy to 1; continuing");
+ SYSERROR("failed to set
memory.use_hierarchy to 1; continuing");
}
free(cc_path);
}
I noticed this, because I originally had used the same arguments for
my version of setup_cpuset_if_needed(), which did not work. "mp" is
set near the start of lxc_cgroupfs_create() and does not change in
the loop where this call to handle_cgroup_settings() takes place.
Robert
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] bfb1bb: Drop runapitests.sh
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: bfb1bb94c8d86c5e09ff3624aaa6a4bfb2c4c807 https://github.com/lxc/lxc/commit/bfb1bb94c8d86c5e09ff3624aaa6a4bfb2c4c807 Author: Stéphane Graber Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M Makefile.am R runapitests.sh Log Message: --- Drop runapitests.sh This script is outdated and unused. Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] fec822: Revert "cgroupfs: need the full path to setup cpus...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: fec822c4a0612211ed8f32e662183e1cee4f1489 https://github.com/lxc/lxc/commit/fec822c4a0612211ed8f32e662183e1cee4f1489 Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- Revert "cgroupfs: need the full path to setup cpuset" This reverts commit 47f5ede0ec09b393779a7755aa36dc665e2e8fa5. Commit: f6ac3b9eca49a141ee508dc4033e14fae6715946 https://github.com/lxc/lxc/commit/f6ac3b9eca49a141ee508dc4033e14fae6715946 Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- Revert "cgroupfs: get rid of the redundant error info" This reverts commit a8117b3361c9caf1397f4dc9bbb5e6de3af3cdff. Commit: 2edb53c7c8254cba8068a1486d785b40476840db https://github.com/lxc/lxc/commit/2edb53c7c8254cba8068a1486d785b40476840db Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- Revert "cgroup.c: clean up for handle_cgroup_settings" This reverts commit 032e28b7675fd03dc19c7af0182ddb93807c2f96. Commit: 3e45c94884e19b582182abe3f386dc6b8b83047e https://github.com/lxc/lxc/commit/3e45c94884e19b582182abe3f386dc6b8b83047e Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- Revert "bionic: Replace rindex by strrchr" This reverts commit 86f0eb65a0abc651c656ff602b823ba693f675c5. Commit: da10a5c6a261a5bc2f6882732d2f9242c8aa243f https://github.com/lxc/lxc/commit/da10a5c6a261a5bc2f6882732d2f9242c8aa243f Author: Serge Hallyn Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- Revert "cgroupfs: support older kernels without cgroup.clone_children" This reverts commit 0a4d93787d4be78dc5e2873cf7c605c01d383792. Compare: https://github.com/lxc/lxc/compare/ff5e27510540...da10a5c6a261___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Drop runapitests.sh
Quoting Stéphane Graber (stgra...@ubuntu.com):
> This script is outdated and unused.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> Makefile.am| 3 +--
> runapitests.sh | 50 --
> 2 files changed, 1 insertion(+), 52 deletions(-)
> delete mode 100644 runapitests.sh
>
> diff --git a/Makefile.am b/Makefile.am
> index eac2bfd..83714cb 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -8,8 +8,7 @@ EXTRA_DIST = \
> autogen.sh \
> lxc.spec \
> CONTRIBUTING \
> - MAINTAINERS \
> - runapitests.sh
> + MAINTAINERS
>
> RPMARGS =
>
> diff --git a/runapitests.sh b/runapitests.sh
> deleted file mode 100644
> index c1d90eb..000
> --- a/runapitests.sh
> +++ /dev/null
> @@ -1,50 +0,0 @@
> -#!/bin/sh
> -# liblxcapi
> -#
> -# Copyright © 2012 Serge Hallyn .
> -# Copyright © 2012 Canonical Ltd.
> -#
> -# This library is free software; you can redistribute it and/or
> -# modify it under the terms of the GNU Lesser General Public
> -# License as published by the Free Software Foundation; either
> -# version 2.1 of the License, or (at your option) any later version.
> -
> -# This library is distributed in the hope that it will be useful,
> -# but WITHOUT ANY WARRANTY; without even the implied warranty of
> -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> -# Lesser General Public License for more details.
> -
> -# You should have received a copy of the GNU Lesser General Public
> -# License along with this library; if not, write to the Free Software
> -# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> -
> -cleanup() {
> -rm -f /etc/lxc/test-busybox.conf
> -rm -f liblxc.so.0
> -}
> -
> -if [ `id -u` -ne 0 ]; then
> -echo "Run as root"
> -exit 1
> -fi
> -
> -cat > /etc/lxc/test-busybox.conf << EOF
> -lxc.network.type=veth
> -lxc.network.link=lxcbr0
> -lxc.network.flags=up
> -EOF
> -
> -[ -f liblxc.so.0 ] || ln -s src/lxc/liblxc.so ./liblxc.so.0
> -export LD_LIBRARY_PATH=.
> -TESTS="lxc-test-containertests lxc-test-locktests lxc-test-startone"
> -for curtest in $TESTS; do
> -echo "running $curtest"
> -./src/tests/$curtest
> -if [ $? -ne 0 ]; then
> -echo "Test $curtest failed. Stopping"
> -cleanup
> -exit 1
> -fi
> -done
> -echo "All tests passed"
> -cleanup
> --
> 1.8.5.3
>
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] Drop runapitests.sh
This script is outdated and unused.
Signed-off-by: Stéphane Graber
---
Makefile.am| 3 +--
runapitests.sh | 50 --
2 files changed, 1 insertion(+), 52 deletions(-)
delete mode 100644 runapitests.sh
diff --git a/Makefile.am b/Makefile.am
index eac2bfd..83714cb 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -8,8 +8,7 @@ EXTRA_DIST = \
autogen.sh \
lxc.spec \
CONTRIBUTING \
- MAINTAINERS \
- runapitests.sh
+ MAINTAINERS
RPMARGS =
diff --git a/runapitests.sh b/runapitests.sh
deleted file mode 100644
index c1d90eb..000
--- a/runapitests.sh
+++ /dev/null
@@ -1,50 +0,0 @@
-#!/bin/sh
-# liblxcapi
-#
-# Copyright © 2012 Serge Hallyn .
-# Copyright © 2012 Canonical Ltd.
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2.1 of the License, or (at your option) any later version.
-
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-# Lesser General Public License for more details.
-
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the Free Software
-# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
USA
-
-cleanup() {
-rm -f /etc/lxc/test-busybox.conf
-rm -f liblxc.so.0
-}
-
-if [ `id -u` -ne 0 ]; then
-echo "Run as root"
-exit 1
-fi
-
-cat > /etc/lxc/test-busybox.conf << EOF
-lxc.network.type=veth
-lxc.network.link=lxcbr0
-lxc.network.flags=up
-EOF
-
-[ -f liblxc.so.0 ] || ln -s src/lxc/liblxc.so ./liblxc.so.0
-export LD_LIBRARY_PATH=.
-TESTS="lxc-test-containertests lxc-test-locktests lxc-test-startone"
-for curtest in $TESTS; do
-echo "running $curtest"
-./src/tests/$curtest
-if [ $? -ne 0 ]; then
-echo "Test $curtest failed. Stopping"
-cleanup
-exit 1
-fi
-done
-echo "All tests passed"
-cleanup
--
1.8.5.3
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] ff5e27: doc: Add manpage for lxc-config
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ff5e27510540a2ee3c66d8496996313d01bb848f https://github.com/lxc/lxc/commit/ff5e27510540a2ee3c66d8496996313d01bb848f Author: Stéphane Graber Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M configure.ac M doc/Makefile.am A doc/lxc-config.sgml.in Log Message: --- doc: Add manpage for lxc-config Signed-off-by: Stéphane Graber Acked-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] doc: Add manpage for lxc-config
Quoting Stéphane Graber (stgra...@ubuntu.com): > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn > --- > configure.ac | 1 + > doc/Makefile.am| 1 + > doc/lxc-config.sgml.in | 114 > + > 3 files changed, 116 insertions(+) > create mode 100644 doc/lxc-config.sgml.in > > diff --git a/configure.ac b/configure.ac > index 297e760..e5bfbe5 100644 > --- a/configure.ac > +++ b/configure.ac > @@ -587,6 +587,7 @@ AC_CONFIG_FILES([ > doc/lxc-cgroup.sgml > doc/lxc-checkconfig.sgml > doc/lxc-clone.sgml > + doc/lxc-config.sgml > doc/lxc-console.sgml > doc/lxc-create.sgml > doc/lxc-destroy.sgml > diff --git a/doc/Makefile.am b/doc/Makefile.am > index 9ddf53f..bfe887e 100644 > --- a/doc/Makefile.am > +++ b/doc/Makefile.am > @@ -21,6 +21,7 @@ man_MANS = \ > lxc-cgroup.1 \ > lxc-checkconfig.1 \ > lxc-clone.1 \ > + lxc-config.1 \ > lxc-console.1 \ > lxc-create.1 \ > lxc-destroy.1 \ > diff --git a/doc/lxc-config.sgml.in b/doc/lxc-config.sgml.in > new file mode 100644 > index 000..1bd6420 > --- /dev/null > +++ b/doc/lxc-config.sgml.in > @@ -0,0 +1,114 @@ > + > + > + + > + > +]> > + > + > +@LXC_GENERATE_DATE@ > + > +lxc-config > +1 > + > + > + > +lxc-config > + > + > +query LXC system configuration > + > + > + > + > + > +lxc-config > +-l > +item > + > + > + > + > +Description > + > + > +lxc-config queries the lxc system > +configuration and lets you list all valid keys or query > +individual keys for their value. > + > + > + > + > +Options > + > + > + > +-l > + > + > + > +List all supported keys. > + > + > + > + > + > + > +item > + > + > + > +Query the value of the specified key. > + > + > + > + > + > + > +&seealso; > + > + > +Author > +Stéphane Graber stgra...@ubuntu.com > + > + > + > + > -- > 1.8.5.3 > > ___ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] cgroupfs: support older kernels without cgroup.clone_children
Quoting Robert Vogelgesang (vo...@users.sourceforge.net):
> > +static long get_value(const char *dir, const char *file)
> > +{
> > + FILE *f;
> > + char path[MAXPATHLEN];
> > + int ret, retv;
> > +
> > + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> > + if (retv < 0 || retv >= MAXPATHLEN)
> > + return 0;
> > + f = fopen(path, "r");
> > + ret = fscanf(f, "%d", &retv);
>
> This is not sufficient, because cpuset.cpus and cpuset.mems do not contain
> plain decimals, but lists and ranges of decimals. You have to use %s here.
Interesting; I cut-pasted this from code we had quite some time ago,
else I would in fact have used lxc_read_from_file().
So given that in the past few years you are apparently the first person
to use this without cgroup.clone_children and without ns cgroup, I have
to ask is there another kernel you could just as easily be using? If
not then let's proceed; if so then I'd rather yank code that will very
rarely get tested.
(Of course long term I'd like to yank all the cgroupfs code :)
> > /* create a new cgroup */
> > struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const
> > char *path_pattern, struct cgroup_meta_data *meta_data, const char
> > *sub_pattern)
> > {
> > @@ -898,6 +964,8 @@ struct cgroup_process_info *lxc_cgroupfs_create(const
> > char *name, const char *pa
> > if (r < 0)
> > goto cleanup_from_error;
> >
> > info_ptr->created_paths[info_ptr->created_paths_count++] =
> > current_entire_path;
> > +
> > setup_cpuset_if_needed(info_ptr->hierarchy->subsystems,
> > + current_entire_path);
>
> As Qiang Huang already wrote to the list, you need the full path here.
>
I've applied his patch.
> > } else {
> > /* if we didn't create the cgroup, then we have
> > to make sure that
> > * further cgroups will be created properly
>
> What about this "else" code path, shouldn't setup_cpuset_if_needed()
> be called here, too?
>
> Note: This comment is followed by a call to handle_cgroup_settings()
> that has the first argument wrong, as I already wrote to the list
> yesterday in the "Containers do not start with lxc-1.0.0.beta2 on
> RHEL-6.5" thread.
I don't seem to have that email, so could you please re-iterate?
thanks,
-serge
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 47f5ed: cgroupfs: need the full path to setup cpuset
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 47f5ede0ec09b393779a7755aa36dc665e2e8fa5 https://github.com/lxc/lxc/commit/47f5ede0ec09b393779a7755aa36dc665e2e8fa5 Author: Qiang Huang Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- cgroupfs: need the full path to setup cpuset Function file_exists() needs a absolute full path, but we are using current_entire_path which is not. It will get the wrong result from file_exists() and case Segmentation fault when we fopen a non-exist file and try to fscanf from it. Signed-off-by: Qiang Huang Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] a8117b: cgroupfs: get rid of the redundant error info
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: a8117b3361c9caf1397f4dc9bbb5e6de3af3cdff https://github.com/lxc/lxc/commit/a8117b3361c9caf1397f4dc9bbb5e6de3af3cdff Author: Qiang Huang Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M src/lxc/cgroup.c Log Message: --- cgroupfs: get rid of the redundant error info Signed-off-by: Qiang Huang Signed-off-by: Serge Hallyn ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] cgroupfs: need the full path to setup cpuset
Quoting Qiang Huang (h.huangqi...@huawei.com):
> Function file_exists() needs a absolute full path, but we are using
> current_entire_path which is not. It will get the wrong result from
> file_exists() and case Segmentation fault when we fopen a non-exist
> file and try to fscanf from it.
>
> Signed-off-by: Qiang Huang
Acked-by: Serge E. Hallyn
> ---
> src/lxc/cgroup.c | 10 +-
> 1 file changed, 9 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index 4da0e07..34bf126 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -958,12 +958,20 @@ struct cgroup_process_info *lxc_cgroupfs_create(const
> char *name, const char *pa
> goto cleanup_from_error;
> } else if (r == 0) {
> /* successfully created */
> + char *full_path = NULL;
> r = lxc_grow_array((void
> ***)&info_ptr->created_paths, &info_ptr->created_paths_capacity,
> info_ptr->created_paths_count + 1, 8);
> if (r < 0)
> goto cleanup_from_error;
>
> info_ptr->created_paths[info_ptr->created_paths_count++] =
> current_entire_path;
> +
> + full_path = cgroup_to_absolute_path(
> +
> info_ptr->designated_mount_point,
> + current_entire_path, NULL);
> + if (!full_path)
> + goto cleanup_from_error;
>
> setup_cpuset_if_needed(info_ptr->hierarchy->subsystems,
> - current_entire_path);
> + full_path);
> + free(full_path);
> } else {
> /* if we didn't create the cgroup, then we have
> to make sure that
>* further cgroups will be created properly
> --
> 1.8.3
>
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] cgroupfs: support older kernels without cgroup.clone_children
Quoting Robert Vogelgesang (vo...@users.sourceforge.net):
> Hi Serge,
>
> your patch uses the same concept as mine, but it won't work, as noted
> below.
>
> If you can wait until Monday, I could send you a cleaned-up and tested
> version of my patch; I have to do other things today and tomorrow.
Thanks, Monday will be great.
> On Wed, Jan 22, 2014 at 10:49:00AM -0600, Serge Hallyn wrote:
> > When creating a cgroup, detect whether cgroup.clone_children
> > exists. If not, then manually copy the parent's cpuset.cpus
> > and cpuset.mems values.
> >
> > Signed-off-by: Serge Hallyn
> > ---
> > src/lxc/cgroup.c | 72
> >
> > 1 file changed, 72 insertions(+)
> >
> > diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> > index 4482b32..49f1ba1 100644
> > --- a/src/lxc/cgroup.c
> > +++ b/src/lxc/cgroup.c
> > @@ -74,6 +74,7 @@ static int do_setup_cgroup_limits(struct lxc_handler *h,
> > struct lxc_list *cgroup
> > static int cgroup_recursive_task_count(const char *cgroup_path);
> > static int count_lines(const char *fn);
> > static int handle_cgroup_settings(struct cgroup_mount_point *mp, char
> > *cgroup_path);
> > +static void setup_cpuset_if_needed(char **subsystems, char *path);
> >
> > static struct cgroup_ops cgfs_ops;
> > struct cgroup_ops *active_cg_ops = &cgfs_ops;
> > @@ -723,6 +724,71 @@ static char *cgroup_rename_nsgroup(const char
> > *mountpath, const char *oldname, p
> > return newname;
> > }
> >
> > +static long get_value(const char *dir, const char *file)
> > +{
> > + FILE *f;
> > + char path[MAXPATHLEN];
> > + int ret, retv;
> > +
> > + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> > + if (retv < 0 || retv >= MAXPATHLEN)
> > + return 0;
> > + f = fopen(path, "r");
> > + ret = fscanf(f, "%d", &retv);
>
> This is not sufficient, because cpuset.cpus and cpuset.mems do not contain
> plain decimals, but lists and ranges of decimals. You have to use %s here.
>
> I used lxc_read_from_file() to read the values, a buffer of size 128,
> checked if the buffer was large enough, and errored out if it was not.
>
>
> > + fclose(f);
> > + if (ret != 1)
> > + return 0;
> > + return retv;
> > +}
> > +
> > +static void set_value(const char *dir, const char *file, long v)
> > +{
> > + FILE *f;
> > + char path[MAXPATHLEN];
> > + int retv;
> > +
> > + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> > + if (retv < 0 || retv >= MAXPATHLEN)
> > + return;
> > + f = fopen(path, "w");
> > + fprintf(f, "%ld\n", v);
> > + fclose(f);
> > +}
>
> This could be replaced with lxc_write_to_file().
>
> > +
> > +static bool file_exists(const char *dir, const char *file)
> > +{
> > + char path[MAXPATHLEN];
> > + struct stat sb;
> > + int ret;
> > +
> > + ret = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> > + if (ret < 0 || ret >= MAXPATHLEN)
> > + return true;
> > + ret = stat(path, &sb);
> > + return ret == 0;
> > +}
> > +
> > +static void setup_cpuset_if_needed(char **subsystems, char *path)
> > +{
> > + char *parentpath, *p;
> > + long v;
> > +
> > + if (!lxc_string_in_array("cpuset", (const char **) subsystems))
> > + return;
> > + if (file_exists(path, "cgroup.clone_children"))
> > + return;
> > + parentpath = strdup(path);
> > + if (!parentpath)
> > + return;
> > + if ((p = rindex(parentpath, '/')))
> > + *p = '\0';
> > + v = get_value(parentpath, "cpuset.mems");
> > + set_value(path, "cpuset.mems", v);
> > + v = get_value(parentpath, "cpuset.cpus");
> > + set_value(path, "cpuset.cpus", v);
> > + free(parentpath);
> > +}
> > +
> > /* create a new cgroup */
> > struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const
> > char *path_pattern, struct cgroup_meta_data *meta_data, const char
> > *sub_pattern)
> > {
> > @@ -898,6 +964,8 @@ struct cgroup_process_info *lxc_cgroupfs_create(const
> > char *name, const char *pa
> > if (r < 0)
> > goto cleanup_from_error;
> >
> > info_ptr->created_paths[info_ptr->created_paths_count++] =
> > current_entire_path;
> > +
> > setup_cpuset_if_needed(info_ptr->hierarchy->subsystems,
> > + current_entire_path);
>
> As Qiang Huang already wrote to the list, you need the full path here.
>
>
> > } else {
> > /* if we didn't create the cgroup, then we have
> > to make sure that
> > * further cgroups will be created properly
>
> What about this "else" code path, shouldn't setup_cpuset_if_needed()
> be called here, too?
>
> Note: This comment is followed by a call to handle_cgroup_settings()
> that has the first argument wrong, as I already wrote to the list
> yesterday in the "
Re: [lxc-devel] [PATCH] cgroupfs: get rid of the redundant error info
Quoting Qiang Huang (h.huangqi...@huawei.com):
>
> Signed-off-by: Qiang Huang
> ---
Acked-by: Serge E. Hallyn
> src/lxc/cgroup.c | 4 +---
> 1 file changed, 1 insertion(+), 3 deletions(-)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index 34bf126..9513e96 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -976,10 +976,8 @@ struct cgroup_process_info *lxc_cgroupfs_create(const
> char *name, const char *pa
> /* if we didn't create the cgroup, then we have
> to make sure that
>* further cgroups will be created properly
>*/
> - if (handle_cgroup_settings(mp,
> info_ptr->cgroup_path) < 0) {
> - ERROR("Could not set clone_children to
> 1 for cpuset hierarchy in pre-existing cgroup.");
> + if (handle_cgroup_settings(mp,
> info_ptr->cgroup_path) < 0)
> goto cleanup_from_error;
> - }
>
> /* already existed but path component of
> pattern didn't contain '%n',
>* so this is not an error; but then we don't
> need current_entire_path
> --
> 1.8.3
>
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] lxc-start: fix the container leak when daemonize
Quoting Qiang Huang (h.huangqi...@huawei.com):
> I already reasoned in the added comment, we need this because if not,
> lxc_container won't be freed when daemon exits, and PID file won't
> be unlinked either.
I see, but
> What about this:
>
> From 80f3862f9c4dbc8a05e79e50c50e79e30ffebc25 Mon Sep 17 00:00:00 2001
> From: Qiang Huang
> Date: Thu, 23 Jan 2014 14:25:31 +0800
> Subject: [PATCH] daemon: add lxc_container_put to free container when daemon
> exits
>
> PID file in lxc_container is unlinked when lxc_container_free,
> if we leak the container, the PID file also won't be removed
> after container down.
>
> Signed-off-by: Qiang Huang
I was about to ack this, but then it occurred to me that
this seems to show that the pidfile free shouldn't be done
through lxc_container_free(). The pidfile always gets
written right before the reboot: label, and should simply be
explicitly removed in the place where you are adding a
lxc_container_put(). That way it is symmetric; by having
it in lxc_container_free(), it is not.
> ---
> src/lxc/lxccontainer.c | 9 +++--
> 1 file changed, 7 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 28de455..d76e386 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -669,9 +669,14 @@ reboot:
> goto reboot;
> }
>
> - if (daemonize)
> + if (daemonize) {
> + /* When daemon forked, he inherited father's
> + * lxc_container, so here need a put to free
> + * lxc_container.
> + */
> + lxc_container_put(c);
> exit (ret == 0 ? true : false);
> - else
> + } else
> return (ret == 0 ? true : false);
> }
>
> --
> 1.8.3
>
> >
> >>exit (ret == 0 ? true : false);
> >>} else {
> >> --
> >> 1.8.3
> >>
> >>
> >
> > .
> >
>
>
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] doc: Add manpage for lxc-config
Signed-off-by: Stéphane Graber --- configure.ac | 1 + doc/Makefile.am| 1 + doc/lxc-config.sgml.in | 114 + 3 files changed, 116 insertions(+) create mode 100644 doc/lxc-config.sgml.in diff --git a/configure.ac b/configure.ac index 297e760..e5bfbe5 100644 --- a/configure.ac +++ b/configure.ac @@ -587,6 +587,7 @@ AC_CONFIG_FILES([ doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-clone.sgml + doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml diff --git a/doc/Makefile.am b/doc/Makefile.am index 9ddf53f..bfe887e 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -21,6 +21,7 @@ man_MANS = \ lxc-cgroup.1 \ lxc-checkconfig.1 \ lxc-clone.1 \ + lxc-config.1 \ lxc-console.1 \ lxc-create.1 \ lxc-destroy.1 \ diff --git a/doc/lxc-config.sgml.in b/doc/lxc-config.sgml.in new file mode 100644 index 000..1bd6420 --- /dev/null +++ b/doc/lxc-config.sgml.in @@ -0,0 +1,114 @@ + + + + +]> + + +@LXC_GENERATE_DATE@ + +lxc-config +1 + + + +lxc-config + + +query LXC system configuration + + + + + +lxc-config +-l +item + + + + +Description + + +lxc-config queries the lxc system +configuration and lets you list all valid keys or query +individual keys for their value. + + + + +Options + + + +-l + + + +List all supported keys. + + + + + + +item + + + +Query the value of the specified key. + + + + + + +&seealso; + + +Author +Stéphane Graber stgra...@ubuntu.com + + + + -- 1.8.5.3 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] fb261f: doc: Add Japanese lxc.container.conf(5), lxc.syste...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: fb261f53fcad6a04473172c9c9b68ae1cc5afc7b https://github.com/lxc/lxc/commit/fb261f53fcad6a04473172c9c9b68ae1cc5afc7b Author: KATOH Yasufumi Date: 2014-01-23 (Thu, 23 Jan 2014) Changed paths: M configure.ac M doc/ja/Makefile.am M doc/ja/lxc.conf.sgml.in A doc/ja/lxc.container.conf.sgml.in A doc/ja/lxc.system.conf.sgml.in M doc/lxc.system.conf.sgml.in Log Message: --- doc: Add Japanese lxc.container.conf(5), lxc.system.conf(5) and update lxc.conf(5) * update for commit 55fc19a1042bca36ae431cb4a51c2abc0ca4d801 * fix typo in English lxc.system.conf(5) Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] doc: Try to clear some confusion about lxc.conf
Hi! I have translated these man pages into Japanese, and sent pull request on github. https://github.com/lxc/lxc/pull/144 -- KATOH Yasufumi / ka...@jazz.email.ne.jp ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] cgroupfs: support older kernels without cgroup.clone_children
Hi Serge,
your patch uses the same concept as mine, but it won't work, as noted
below.
If you can wait until Monday, I could send you a cleaned-up and tested
version of my patch; I have to do other things today and tomorrow.
On Wed, Jan 22, 2014 at 10:49:00AM -0600, Serge Hallyn wrote:
> When creating a cgroup, detect whether cgroup.clone_children
> exists. If not, then manually copy the parent's cpuset.cpus
> and cpuset.mems values.
>
> Signed-off-by: Serge Hallyn
> ---
> src/lxc/cgroup.c | 72
>
> 1 file changed, 72 insertions(+)
>
> diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
> index 4482b32..49f1ba1 100644
> --- a/src/lxc/cgroup.c
> +++ b/src/lxc/cgroup.c
> @@ -74,6 +74,7 @@ static int do_setup_cgroup_limits(struct lxc_handler *h,
> struct lxc_list *cgroup
> static int cgroup_recursive_task_count(const char *cgroup_path);
> static int count_lines(const char *fn);
> static int handle_cgroup_settings(struct cgroup_mount_point *mp, char
> *cgroup_path);
> +static void setup_cpuset_if_needed(char **subsystems, char *path);
>
> static struct cgroup_ops cgfs_ops;
> struct cgroup_ops *active_cg_ops = &cgfs_ops;
> @@ -723,6 +724,71 @@ static char *cgroup_rename_nsgroup(const char
> *mountpath, const char *oldname, p
> return newname;
> }
>
> +static long get_value(const char *dir, const char *file)
> +{
> + FILE *f;
> + char path[MAXPATHLEN];
> + int ret, retv;
> +
> + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> + if (retv < 0 || retv >= MAXPATHLEN)
> + return 0;
> + f = fopen(path, "r");
> + ret = fscanf(f, "%d", &retv);
This is not sufficient, because cpuset.cpus and cpuset.mems do not contain
plain decimals, but lists and ranges of decimals. You have to use %s here.
I used lxc_read_from_file() to read the values, a buffer of size 128,
checked if the buffer was large enough, and errored out if it was not.
> + fclose(f);
> + if (ret != 1)
> + return 0;
> + return retv;
> +}
> +
> +static void set_value(const char *dir, const char *file, long v)
> +{
> + FILE *f;
> + char path[MAXPATHLEN];
> + int retv;
> +
> + retv = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> + if (retv < 0 || retv >= MAXPATHLEN)
> + return;
> + f = fopen(path, "w");
> + fprintf(f, "%ld\n", v);
> + fclose(f);
> +}
This could be replaced with lxc_write_to_file().
> +
> +static bool file_exists(const char *dir, const char *file)
> +{
> + char path[MAXPATHLEN];
> + struct stat sb;
> + int ret;
> +
> + ret = snprintf(path, MAXPATHLEN, "%s/%s", dir, file);
> + if (ret < 0 || ret >= MAXPATHLEN)
> + return true;
> + ret = stat(path, &sb);
> + return ret == 0;
> +}
> +
> +static void setup_cpuset_if_needed(char **subsystems, char *path)
> +{
> + char *parentpath, *p;
> + long v;
> +
> + if (!lxc_string_in_array("cpuset", (const char **) subsystems))
> + return;
> + if (file_exists(path, "cgroup.clone_children"))
> + return;
> + parentpath = strdup(path);
> + if (!parentpath)
> + return;
> + if ((p = rindex(parentpath, '/')))
> + *p = '\0';
> + v = get_value(parentpath, "cpuset.mems");
> + set_value(path, "cpuset.mems", v);
> + v = get_value(parentpath, "cpuset.cpus");
> + set_value(path, "cpuset.cpus", v);
> + free(parentpath);
> +}
> +
> /* create a new cgroup */
> struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const char
> *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern)
> {
> @@ -898,6 +964,8 @@ struct cgroup_process_info *lxc_cgroupfs_create(const
> char *name, const char *pa
> if (r < 0)
> goto cleanup_from_error;
>
> info_ptr->created_paths[info_ptr->created_paths_count++] =
> current_entire_path;
> +
> setup_cpuset_if_needed(info_ptr->hierarchy->subsystems,
> + current_entire_path);
As Qiang Huang already wrote to the list, you need the full path here.
> } else {
> /* if we didn't create the cgroup, then we have
> to make sure that
>* further cgroups will be created properly
What about this "else" code path, shouldn't setup_cpuset_if_needed()
be called here, too?
Note: This comment is followed by a call to handle_cgroup_settings()
that has the first argument wrong, as I already wrote to the list
yesterday in the "Containers do not start with lxc-1.0.0.beta2 on
RHEL-6.5" thread.
Robert
> @@ -2039,8 +2107,12 @@ static int handle_cgroup_settings(struct
> cgroup_mount_point *mp,
>*/
> if (lxc_string_in_array("cpuset", (const char
> **)mp->hierarchy->sub
