[lxc-devel] [lxd/master] actually surface the last used update error
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/2615
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
Signed-off-by: Tycho Andersen
From f7b55179e6799507a4a92c926767cfd6db461fdd Mon Sep 17 00:00:00 2001
From: Tycho Andersen
Date: Tue, 15 Nov 2016 11:26:11 -0700
Subject: [PATCH] actually surface the last used update error
Signed-off-by: Tycho Andersen
---
lxd/container_lxc.go | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lxd/container_lxc.go b/lxd/container_lxc.go
index fec0f2e..d178fdb 100644
--- a/lxd/container_lxc.go
+++ b/lxd/container_lxc.go
@@ -1470,7 +1470,7 @@ func (c *containerLXC) startCommon() (string, error) {
// Update time container was last started
err = dbContainerLastUsedUpdate(c.daemon.db, c.id, time.Now().UTC())
if err != nil {
- fmt.Printf("Error updating last used: %v", err)
+ return "", fmt.Errorf("Error updating last used: %v", err)
}
return configPath, nil
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] lxc-checkpoint: automatically detect if --external or --veth-pair
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1303
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
With the criu release 2.8 criu deprecated the --veth-pair command-line
option in favor of --external:
f2037e6 veth: Make --external support --veth-pair
git tag --contains f2037e6d3445fc400
v2.8
With this commit lxc-checkpoint will automatically switch between
the new and old command-line option dependent on the detected
criu version.
For criu version older than 2.8 something like this will be used:
--veth-pair eth0=vethYOK6RW@lxcbr0
and starting with criu version 2.8 it will look like this:
--external veth[eth0]:vethCRPEYL@lxcbr0
Signed-off-by: Adrian Reber
From b202b34ebc51e6df9928f44e5f434d775644af22 Mon Sep 17 00:00:00 2001
From: Adrian Reber
Date: Tue, 15 Nov 2016 15:47:31 +
Subject: [PATCH] lxc-checkpoint: automatically detect if --external or
--veth-pair
With the criu release 2.8 criu deprecated the --veth-pair command-line
option in favor of --external:
f2037e6 veth: Make --external support --veth-pair
git tag --contains f2037e6d3445fc400
v2.8
With this commit lxc-checkpoint will automatically switch between
the new and old command-line option dependent on the detected
criu version.
For criu version older than 2.8 something like this will be used:
--veth-pair eth0=vethYOK6RW@lxcbr0
and starting with criu version 2.8 it will look like this:
--external veth[eth0]:vethCRPEYL@lxcbr0
Signed-off-by: Adrian Reber
---
src/lxc/criu.c | 37 -
1 file changed, 32 insertions(+), 5 deletions(-)
diff --git a/src/lxc/criu.c b/src/lxc/criu.c
index 9523af3..8f96014 100644
--- a/src/lxc/criu.c
+++ b/src/lxc/criu.c
@@ -58,6 +58,7 @@
#define CRIU_GITID_PATCHLEVEL 0
#define CRIU_IN_FLIGHT_SUPPORT "2.4"
+#define CRIU_EXTERNAL_NOT_VETH "2.8"
lxc_log_define(lxc_criu, lxc);
@@ -482,7 +483,19 @@ static void exec_criu(struct criu_opts *opts)
lxc_list_for_each(it, &opts->c->lxc_conf->network) {
char eth[128], *veth;
+ char fmt[16];
struct lxc_netdev *n = it->elem;
+ bool external_not_veth;
+
+ if (strcmp(opts->criu_version, CRIU_EXTERNAL_NOT_VETH)
>= 0) {
+ /* Since criu version 2.8 the usage of
--veth-pair
+* has been deprecated:
+* git tag --contains f2037e6d3445fc400
+* v2.8 */
+ external_not_veth = true;
+ } else {
+ external_not_veth = false;
+ }
if (n->name) {
if (strlen(n->name) >= sizeof(eth))
@@ -498,10 +511,21 @@ static void exec_criu(struct criu_opts *opts)
case LXC_NET_VETH:
veth = n->priv.veth_attr.pair;
- if (n->link)
- ret = snprintf(buf, sizeof(buf),
"veth[%s]:%s@%s", eth, veth, n->link);
- else
- ret = snprintf(buf, sizeof(buf),
"veth[%s]:%s", eth, veth);
+ if (n->link) {
+ if (external_not_veth)
+ strncpy(fmt, "veth[%s]:%s@%s",
sizeof(fmt));
+ else
+ strncpy(fmt, "%s=%s@%s",
sizeof(fmt));
+
+ ret = snprintf(buf, sizeof(buf), fmt,
eth, veth, n->link);
+ } else {
+ if (external_not_veth)
+ strncpy(fmt, "veth[%s]:%s",
sizeof(fmt));
+ else
+ strncpy(fmt, "%s=%s",
sizeof(fmt));
+
+ ret = snprintf(buf, sizeof(buf), fmt,
eth, veth);
+ }
if (ret < 0 || ret >= sizeof(buf))
goto err;
break;
@@ -524,7 +548,10 @@ static void exec_criu(struct criu_opts *opts)
goto err;
}
- DECLARE_ARG("--external");
+ if (external_not_veth)
+ DECLARE_ARG("--external");
+ else
+ DECLARE_ARG("--veth-pair");
DECLARE_ARG(buf);
netnr++;
[lxc-devel] [lxc/lxc] 657f89: cgroups: use %zu format specifier to print size_t
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 657f890799ad5809ad83a77c69ede2e335835ec4 https://github.com/lxc/lxc/commit/657f890799ad5809ad83a77c69ede2e335835ec4 Author: Christian Brauner Date: 2016-11-15 (Tue, 15 Nov 2016) Changed paths: M src/lxc/cgroups/cgfsng.c Log Message: --- cgroups: use %zu format specifier to print size_t Signed-off-by: Christian Brauner Commit: 471a304df4fff53b8fdf63248c1fdfca56428473 https://github.com/lxc/lxc/commit/471a304df4fff53b8fdf63248c1fdfca56428473 Author: Stéphane Graber Date: 2016-11-15 (Tue, 15 Nov 2016) Changed paths: M src/lxc/cgroups/cgfsng.c Log Message: --- Merge pull request #1301 from brauner/2016-11-15/isolcpus cgroups: use %zu format specifier to print size_t Compare: https://github.com/lxc/lxc/compare/a8bae5522a2d...471a304df4ff___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9f99a3: lxc-checkpoint: enable dirty memory tracking in cr...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9f99a33fa97a81d395b6522fe7bd51e0ef6af454 https://github.com/lxc/lxc/commit/9f99a33fa97a81d395b6522fe7bd51e0ef6af454 Author: Adrian Reber Date: 2016-11-15 (Tue, 15 Nov 2016) Changed paths: M src/lxc/criu.c M src/lxc/tools/lxc_checkpoint.c Log Message: --- lxc-checkpoint: enable dirty memory tracking in criu CRIU supports dirty memory tracking to take incremental checkpoints. Incremental checkpoints are one way of reducing downtime during migration. The first checkpoint dumps all the memory pages and the second (and third, and fourth, ...) only dumps pages which have changed. Most of the necessary code has already been implemented. This just adds the existing functionality to lxc-checkpoint: -p, --pre-dumpOnly pre-dump the memory of the container. Container keeps on running and following checkpoints will only dump the changes. --predump-dir=DIR path to images from previous dump (relative to -D) The following is an example from a container running CentOS 7 with psql and tomcat: # lxc-checkpoint -n c7 -D /tmp/cp -p Container keeps on running # du -h /tmp/cp 229M /tmp/cp Sync initial checkpoint to destination # rsync -a /tmp/cp host2:/tmp/ Sync file-system # rsync -a /var/lib/lxc/c7 host2:/var/lib/lxc/ Final dump; container is stopped # lxc-checkpoint -n c7 -D /tmp/cp --predump-dir=../cp -s # du -h /tmp/cp2 90M/tmp/cp2 After transferring the second (incremental checkpoint) and the changes to the container's file system the container can be restored on the second host by pointing lxc-checkpoint to the second checkpoint directory: # lxc-checkpoint -n c7 -D /tmp/cp2 -r Signed-off-by: Adrian Reber Commit: a8bae5522a2dd4b5064baae13492bae981e9e3ca https://github.com/lxc/lxc/commit/a8bae5522a2dd4b5064baae13492bae981e9e3ca Author: Stéphane Graber Date: 2016-11-15 (Tue, 15 Nov 2016) Changed paths: M src/lxc/criu.c M src/lxc/tools/lxc_checkpoint.c Log Message: --- Merge pull request #1299 from adrianreber/master lxc-checkpoint: enable dirty memory tracking in criu Compare: https://github.com/lxc/lxc/compare/748c52b52c6f...a8bae5522a2d___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/master] separate the limiting from the namespaced cgroup root
The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/1302
This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.
=== Description (from pull-request) ===
When cgroup namespaces are enabled a privileged container
with mixed cgroups has full write access to its own root
cgroup effectively allowing it to overwrite values written
from the outside or configured via lxc.cgroup.*.
This patch causes an additional 'inner/' directory to be
created in all cgroups if cgroup namespaces and cgfsng are
being used in order to combat this.
This is a request for comments, it currently has the subdirectory name
hardcoded and is non-optional. All of this could of course be made
configurable if a "feature" like this is acceptable. It seems to only be
necessary for privileged containers which are, well, "privileged" after
all, but cgroup limits do seem pointless if they can't be enforced even
when it's privileged containers we're dealing with.
On the other hand for unprivileged containers maybe this could allow us to
make the entire directory the container sees as root cgroup writable by
the container? (Not sure about this, currently we only chown
`cgroup.procs` and `tasks`, and otherwise the container can only create
subdirectories.)
PS: I'm not sure whether criu.c needs special code there, but from the
host's point of view it's a subdirectory within the container's cgroup,
only the point at which `CLONE_NEWCGROUP` is used is moved, so only the
container's inner view changes.
From 573aa03c27c5cb969a4ccf58e6a63bb89efc861d Mon Sep 17 00:00:00 2001
From: Wolfgang Bumiller
Date: Tue, 15 Nov 2016 09:20:24 +0100
Subject: [PATCH] separate the limiting from the namespaced cgroup root
When cgroup namespaces are enabled a privileged container
with mixed cgroups has full write access to its own root
cgroup effectively allowing it to overwrite values written
from the outside or configured via lxc.cgroup.*.
This patch causes an additional 'inner/' directory to be
created in all cgroups if cgroup namespaces and cgfsng are
being used in order to combat this.
Signed-off-by: Wolfgang Bumiller
---
src/lxc/cgroups/cgfs.c | 15 --
src/lxc/cgroups/cgfsng.c| 70 +
src/lxc/cgroups/cgmanager.c | 15 --
src/lxc/cgroups/cgroup.c| 12
src/lxc/cgroups/cgroup.h| 12
src/lxc/criu.c | 2 +-
src/lxc/start.c | 21 --
7 files changed, 113 insertions(+), 34 deletions(-)
diff --git a/src/lxc/cgroups/cgfs.c b/src/lxc/cgroups/cgfs.c
index 8499200..0152477 100644
--- a/src/lxc/cgroups/cgfs.c
+++ b/src/lxc/cgroups/cgfs.c
@@ -2383,12 +2383,15 @@ static void cgfs_destroy(void *hdata, struct lxc_conf
*conf)
free(d);
}
-static inline bool cgfs_create(void *hdata)
+static inline bool cgfs_create(void *hdata, bool inner)
{
struct cgfs_data *d = hdata;
struct cgroup_process_info *i;
struct cgroup_meta_data *md;
+ if (inner)
+ return true;
+
if (!d)
return false;
md = d->meta;
@@ -2399,12 +2402,15 @@ static inline bool cgfs_create(void *hdata)
return true;
}
-static inline bool cgfs_enter(void *hdata, pid_t pid)
+static inline bool cgfs_enter(void *hdata, pid_t pid, bool inner)
{
struct cgfs_data *d = hdata;
struct cgroup_process_info *i;
int ret;
+ if (inner)
+ return true;
+
if (!d)
return false;
i = d->info;
@@ -2646,13 +2652,16 @@ static bool do_cgfs_chown(char *cgroup_path, struct
lxc_conf *conf)
return true;
}
-static bool cgfs_chown(void *hdata, struct lxc_conf *conf)
+static bool cgfs_chown(void *hdata, struct lxc_conf *conf, bool inner)
{
struct cgfs_data *d = hdata;
struct cgroup_process_info *info_ptr;
char *cgpath;
bool r = true;
+ if (inner)
+ return true;
+
if (!d)
return false;
diff --git a/src/lxc/cgroups/cgfsng.c b/src/lxc/cgroups/cgfsng.c
index 1e38335..d156616 100644
--- a/src/lxc/cgroups/cgfsng.c
+++ b/src/lxc/cgroups/cgfsng.c
@@ -1249,14 +1249,20 @@ struct cgroup_ops *cgfsng_ops_init(void)
return &cgfsng_ops;
}
-static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname)
+static bool create_path_for_hierarchy(struct hierarchy *h, char *cgname, bool
inner)
{
- h->fullcgpath = must_make_path(h->mountpoint, h->base_cgroup, cgname,
NULL);
- if (dir_exists(h->fullcgpath)) // it must not already exist
- return false;
- if (!handle_cpuset_hierarchy(h, cgname))
- return false;
- return mkdir_p(h->fullcgpath, 0755) == 0;
+ char *path;
+ if (inner) {
+ path = must_make_path(h->fullcgpath, "inner", NULL);
+
