[lxc-devel] [lxc/lxc] 79c59e: cgfs: always handle named subsystems by default

2016-01-31 Thread GitHub 
  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 79c59e6b77feb3bf96f58f4bb74ea119b2aeb35c
  https://github.com/lxc/lxc/commit/79c59e6b77feb3bf96f58f4bb74ea119b2aeb35c
  Author: Serge Hallyn 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M src/lxc/cgfs.c

  Log Message:
  ---
  cgfs: always handle named subsystems by default

Previously, name= controllers would be handled if lxc.cgroup.use=@all,
but not if lxc.cgroup.use was unspecified.  Change that, since you cannot
run systemd in a container without it.

Signed-off-by: Serge Hallyn 


  Commit: 3939a22a481a596049e7687cb1499f11c9000c86
  https://github.com/lxc/lxc/commit/3939a22a481a596049e7687cb1499f11c9000c86
  Author: Serge Hallyn 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M src/lxc/cgfs.c

  Log Message:
  ---
  cgfs: prune the init scope from paths

Just as cgmanager does, if we are calculating a task's paths, drop
the trailing '/init.scope'.  We don't want the container to sit under
there.

Signed-off-by: Serge Hallyn 


  Commit: 39938b251df21d433487c065b9afbf119e92e763
  https://github.com/lxc/lxc/commit/39938b251df21d433487c065b9afbf119e92e763
  Author: Stéphane Graber 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M src/lxc/cgfs.c

  Log Message:
  ---
  Merge pull request #785 from hallyn/2016-01-31/cgfs

2016 01 31/cgfs


Compare: https://github.com/lxc/lxc/compare/27a72f2faabb...39938b251df2___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [PATCH] selftests/cgroupns: new test for cgroup namespaces

2016-01-31 Thread Alban Crequy 
From: Alban Crequy <al...@kinvolk.io>

This adds the selftest "cgroupns_test" in order to test the CGroup
Namespace patchset.

cgroupns_test creates two child processes. They perform a list of
actions defined by the array cgroupns_test. This array can easily be
extended to more scenarios without adding much code. They are
synchronized with eventfds to ensure only one action is performed at a
time.

The memory is shared between the processes (CLONE_VM) so each child
process can know the pid of their siblings without extra IPC.

The output explains the scenario being played. Short extract:

> current cgroup: /user.slice/user-0.slice/session-1.scope
> child process #0: check that process #self (pid=482) has cgroup 
> /user.slice/user-0.slice/session-1.scope
> child process #0: unshare cgroupns
> child process #0: move process #self (pid=482) to cgroup cgroup-a/subcgroup-a
> child process #0: join parent cgroupns

The test does not change the mount namespace and does not mount any
new cgroup2 filesystem. Therefore this does not test that the cgroup2
mount is correctly rooted to the cgroupns root at mount time.

Signed-off-by: Alban Crequy <al...@kinvolk.io>
Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com>

---

Changelog:
20160131 - rebase on sergeh/cgroupns.v10 and fix conflicts

20160115 - Detect where cgroup2 is mounted, don't assume
   /sys/fs/cgroup (suggested by sergeh)
 - Check more error conditions (from krnowak's review)
 - Coding style (from krnowak's review)
 - Update error message for Linux >= 4.5 (from krnowak's
   review)

20160104 - Fix coding style (from sergeh's review)
 - Fix printf formatting (from sergeh's review)
 - Fix parsing of /proc/pid/cgroup (from sergeh's review)
 - Fix concatenation of cgroup paths

20151219 - First version

This patch is available in the cgroupns.v10-tests branch of
https://github.com/kinvolk/linux.git
It is rebased on top of Serge Hallyn's cgroupns.v10 branch of
https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/

Test results:

- SUCCESS on kernel cgroupns.v10 booted with systemd.unified_cgroup_hierarchy=1
- SUCCESS on kernel cgroupns.v10 booted with systemd.unified_cgroup_hierarchy=0
---
 tools/testing/selftests/Makefile |   1 +
 tools/testing/selftests/cgroupns/Makefile|  11 +
 tools/testing/selftests/cgroupns/cgroupns_test.c | 445 +++
 3 files changed, 457 insertions(+)
 create mode 100644 tools/testing/selftests/cgroupns/Makefile
 create mode 100644 tools/testing/selftests/cgroupns/cgroupns_test.c

diff --git a/tools/testing/selftests/Makefile b/tools/testing/selftests/Makefile
index b04afc3..b373135 100644
--- a/tools/testing/selftests/Makefile
+++ b/tools/testing/selftests/Makefile
@@ -1,5 +1,6 @@
 TARGETS = breakpoints
 TARGETS += capabilities
+TARGETS += cgroupns
 TARGETS += cpu-hotplug
 TARGETS += efivarfs
 TARGETS += exec
diff --git a/tools/testing/selftests/cgroupns/Makefile 
b/tools/testing/selftests/cgroupns/Makefile
new file mode 100644
index 000..0fdbe0a
--- /dev/null
+++ b/tools/testing/selftests/cgroupns/Makefile
@@ -0,0 +1,11 @@
+CFLAGS += -I../../../../usr/include/
+CFLAGS += -I../../../../include/uapi/
+
+all: cgroupns_test
+
+TEST_PROGS := cgroupns_test
+
+include ../lib.mk
+
+clean:
+   $(RM) cgroupns_test
diff --git a/tools/testing/selftests/cgroupns/cgroupns_test.c 
b/tools/testing/selftests/cgroupns/cgroupns_test.c
new file mode 100644
index 000..71e2336
--- /dev/null
+++ b/tools/testing/selftests/cgroupns/cgroupns_test.c
@@ -0,0 +1,445 @@
+#define _GNU_SOURCE
+
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+
+#include "../kselftest.h"
+
+#define STACK_SIZE 65536
+
+static char cgroup_mountpoint[4096];
+static char root_cgroup[4096];
+
+#define CHILDREN_COUNT 2
+typedef struct {
+   pid_t pid;
+   uint8_t *stack;
+   int start_semfd;
+   int end_semfd;
+} cgroupns_child_t;
+cgroupns_child_t children[CHILDREN_COUNT];
+
+typedef enum {
+   UNSHARE_CGROUPNS,
+   JOIN_CGROUPNS,
+   CHECK_CGROUP,
+   CHECK_CGROUP_WITH_ROOT_PREFIX,
+   MOVE_CGROUP,
+   MOVE_CGROUP_WITH_ROOT_PREFIX,
+} cgroupns_action_t;
+
+static const struct {
+   int actor_id;
+   cgroupns_action_t action;
+   int target_id;
+   char *path;
+} cgroupns_tests[] = {
+   { 0, CHECK_CGROUP_WITH_ROOT_PREFIX, -1, "/"},
+   { 0, CHECK_CGROUP_WITH_ROOT_PREFIX, 0, "/"},
+   { 0, CHECK_CGROUP_WITH_ROOT_PREFIX, 1, "/"},
+   { 1, CHECK_CGROUP_WITH_ROOT_PREFIX, -1, "/"},
+   { 1, CHECK_CGROUP_WITH_ROOT_PREFIX, 0, "/"},
+   { 1, CHECK_CGROUP_WITH_ROOT_PREFIX, 1, "/&

Re: [lxc-devel] cgroup V2 and LXC

2016-01-31 Thread Serge Hallyn 
Quoting Kevin Wilson (wkev...@gmail.com):
> Hi, LXC developers,
> 
> The latest kernel release (4.4) includes initial support to cgroup v2
> with 2 controllers (memory and io). Also it seems that the PIDs
> controller works in cgroup v2, but I do not know if it is officially
> supported in v2.
> 
> Is there any intention to replace the existing cgroup v1 usage in LXC
> by cgroup v2 ? or at least to enable working with both of them ?
> 
> Regards,
> Kevin

Replace, no, support, yes.  I've added support for it to cgmanager, and have
used lxc with the unified hierarchy through cgmanager.  Without cgmanager
it will currently definately not work.  It's worth discussing how we should
handle it - and how init wants us to handle it.   With cgmanager I actually
built in the support so that you could treat it as a legacy hierarchy, and
upstart was happy with that since it used cgmanager.  Systemd will not be
happy with that, and it will be a problem.  The only exception to the "no
tasks in a non-leaf node" rule is for the / cgroup.  So lxc would need to
place init in say /lxc/c1/.leaf, and systemd would have to accept that
/lxc/c1 is the container's cgroup.  A few possibilities:

1. maybe if we place systemd in /lxc/c1/init.scope it will be happy
2. maybe we can teach systemd to accept being in a leaf node
3. maybe we can build an exception into cgroup namespaces such that
a cgns root also is an exception to the no-tasks-in-non-leaf-nodes
rule.  But I doubt that will fly.
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] doc: Add valueless lxc.cap.drop behaviour to Korean man page

2016-01-31 Thread Stéphane Graber 
On Fri, Jan 29, 2016 at 09:28:36AM +, Sungbae Yoo wrote:
> Update for commit 7eff30f
> 
> Signed-off-by: Sungbae Yoo 

Acked-by: Stéphane Graber 

> 
> diff --git a/doc/ko/lxc.container.conf.sgml.in 
> b/doc/ko/lxc.container.conf.sgml.in
> index 2812bf4..82dfacd 100644
> --- a/doc/ko/lxc.container.conf.sgml.in
> +++ b/doc/ko/lxc.container.conf.sgml.in
> @@ -1549,7 +1549,9 @@ proc proc proc nodev,noexec,nosuid 0 0
> 
>   capabilities
>   7
> -   ,
> +  .
> +  If used with no value, lxc will clear any drop capabilities
> +  specified up to this point.
>-->
>컨테이너에서 제거할 capability를 지정한다.
>한 줄에 여러개의 capability를 공백(space)으로 구분하여 정의할 수 있다.
> @@ -1559,6 +1561,7 @@ proc proc proc nodev,noexec,nosuid 0 0
>   capabilities
>   7
> 
> +   값을 공백으로 지정하면, 해당 설정 이전에 지정했던 capability를 모두 취소한다. 
> (lxc.cap.drop에 아무 것도 지정하지 않은 상태가 된다.)
>   
> 
>   
> -- 
> 1.9.1
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] doc: Adapt manpage for Korean lxc-ls to new C implementation

2016-01-31 Thread Stéphane Graber 
On Fri, Jan 29, 2016 at 09:29:34AM +, Sungbae Yoo wrote:
> Update for commit 37cf83e
> 
> Signed-off-by: Sungbae Yoo 

Acked-by: Stéphane Graber 

> 
> diff --git a/doc/ko/lxc-ls.sgml.in b/doc/ko/lxc-ls.sgml.in
> index a6b9f0b..eed5e64 100644
> --- a/doc/ko/lxc-ls.sgml.in
> +++ b/doc/ko/lxc-ls.sgml.in
> @@ -28,6 +28,7 @@ by Sungbae Yoo 
>  
>
> +
>  
>  ]>
>  
> @@ -55,7 +56,6 @@ by Sungbae Yoo 
>  
>lxc-ls
>-1
> -  -P lxcpath
>--active
>--frozen
>--running
> @@ -63,9 +63,8 @@ by Sungbae Yoo 
>-f
>-F format
>-g groups
> -  --nesting
> -  filter
> -  --version
> +  --nesting=NUM
> +  --filter=regex
>  
>
>  
> @@ -99,20 +98,6 @@ by Sungbae Yoo 
>  
>
>   
> -   -P, --lxcpath
> - 
> - 
> -   
> -
> -기본 값과 다른 컨테이너 경로를 사용한다. 기본 값은 @LXCPATH@이다.
> -   
> - 
> -  
> -
> -  
> - 
> --active
>   
>   
> @@ -215,44 +200,32 @@ by Sungbae Yoo 
>  
>
>  
> -  --nesting
> +  --nesting=NUM
>  
>  
>
>  
> -중첩된(nested) 컨테이너들의 리스트를 표시한다.
> +중첩된(nested) 컨테이너들의 리스트를 표시한다. 몇번 중첩된(nested) 컨테이너를 보여줄지 숫자로 지정할 
> 수 있다.
>
>  
>
>  
>
>  
> -  filter
> +  --filter=regex
>  
>  
>
>  
> -lxc-ls 명령어 사용시 컨테이너 이름에 적용할 필터.
> -형식은 정규표현식이다.
> -  
> -
> -  
> -
> -  
> -
> -  --version
> -
> -
> -  
> -
> -버전 정보를 표시한다.
> +lxc-ls 명령어 사용시 컨테이너 이름에 적용할 정규표현식이다. 형식은 
> POSIX 확장 정규표현식이다. 명시적으로 --filter을 사용하지 않고도 사용할 수 있다.
>
>  
>
> @@ -291,6 +264,8 @@ by Sungbae Yoo 
>  
>
>  
> +  
> +
>
>  
>
> -- 
> 1.9.1
> ___
> lxc-devel mailing list
> lxc-devel@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-devel

-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com


signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] 9f436f: Remove wrong command line arg from help output

2016-01-31 Thread GitHub 
  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 9f436f51a12c1a23091cbaf39a8e61aaebbbf724
  https://github.com/lxc/lxc/commit/9f436f51a12c1a23091cbaf39a8e61aaebbbf724
  Author: Christian Brauner 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M src/lxc/lxc_ls.c

  Log Message:
  ---
  Remove wrong command line arg from help output

Signed-off-by: Christian Brauner 
Acked-by: Serge E. Hallyn 


  Commit: 23faab5d6b6276950f83f6a924387cbc4a70deb1
  https://github.com/lxc/lxc/commit/23faab5d6b6276950f83f6a924387cbc4a70deb1
  Author: Sungbae Yoo 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M doc/ja/see_also.sgml.in
M doc/ko/see_also.sgml.in

  Log Message:
  ---
  doc: Add lxc-copy to Korean/Japanese see_also.sgml.in

Signed-off-by: Sungbae Yoo 
Acked-by: Stéphane Graber 


  Commit: 57e1ac96fbcb416e93caacfc2e7045cd07645390
  https://github.com/lxc/lxc/commit/57e1ac96fbcb416e93caacfc2e7045cd07645390
  Author: Sungbae Yoo 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M doc/ko/lxc.container.conf.sgml.in

  Log Message:
  ---
  doc: Add valueless lxc.cap.drop behaviour to Korean man page

Update for commit 7eff30f

Signed-off-by: Sungbae Yoo 
Acked-by: Stéphane Graber 


  Commit: 3fce3181e264b82a092b028d3b42ee932682b62c
  https://github.com/lxc/lxc/commit/3fce3181e264b82a092b028d3b42ee932682b62c
  Author: Sungbae Yoo 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M doc/ko/lxc-ls.sgml.in

  Log Message:
  ---
  doc: Adapt manpage for Korean lxc-ls to new C implementation

Update for commit 37cf83e

Signed-off-by: Sungbae Yoo 
Acked-by: Stéphane Graber 


Compare: https://github.com/lxc/lxc/compare/3a828ee4dfc6...3fce3181e264___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] 27a72f: Fix syntax error in ko/lxc-ls.sgml.in

2016-01-31 Thread GitHub 
  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 27a72f2faabb06fed39cd6119ed80617fd561664
  https://github.com/lxc/lxc/commit/27a72f2faabb06fed39cd6119ed80617fd561664
  Author: Stéphane Graber 
  Date:   2016-01-31 (Sun, 31 Jan 2016)

  Changed paths:
M doc/ko/lxc-ls.sgml.in

  Log Message:
  ---
  Fix syntax error in ko/lxc-ls.sgml.in

Signed-off-by: Stéphane Graber 


___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] Fixed: lxc/lxc#1593 (master - 27a72f2)

2016-01-31 Thread Travis CI 
Build Update for lxc/lxc
-

Build: #1593
Status: Fixed

Duration: 1 minute and 3 seconds
Commit: 27a72f2 (master)
Author: Stéphane Graber
Message: Fix syntax error in ko/lxc-ls.sgml.in

Signed-off-by: Stéphane Graber 

View the changeset: 
https://github.com/lxc/lxc/compare/3fce3181e264...27a72f2faabb

View the full build log and details: 
https://travis-ci.org/lxc/lxc/builds/106008660

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] Broken: lxc/lxc#1592 (master - 3fce318)

2016-01-31 Thread Travis CI 
Build Update for lxc/lxc
-

Build: #1592
Status: Broken

Duration: 53 seconds
Commit: 3fce318 (master)
Author: Sungbae Yoo
Message: doc: Adapt manpage for Korean lxc-ls to new C implementation

Update for commit 37cf83e

Signed-off-by: Sungbae Yoo 
Acked-by: Stéphane Graber 

View the changeset: 
https://github.com/lxc/lxc/compare/3a828ee4dfc6...3fce3181e264

View the full build log and details: 
https://travis-ci.org/lxc/lxc/builds/106004918

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel