On Fri, Jul 3, 2015 at 1:55 PM, Martin Kletzander <mklet...@redhat.com> wrote:
> On Tue, Jun 23, 2015 at 04:38:57PM +0200, Richard Weinberger wrote:
>>
>> Instead of creating symlinks, bind mount the devices to
>> /dev/pts/XY.
>> Using bind mounts it is no
On Tue, Jun 23, 2015 at 3:18 PM, Richard Weinberger <rich...@nod.at> wrote:
> Userspace does not expect that the initial console
> is a controlling TTY. systemd can deal with that, others not.
> On sysv init distros getty will fail to spawn a controlling on
> /dev/console o
On Wed, Jun 24, 2015 at 11:19 AM, Martin Kletzander <mklet...@redhat.com> wrote:
> On Tue, Jun 23, 2015 at 01:48:42PM +0200, Richard Weinberger wrote:
>>
>> The LXC driver uses virSetUIDGID() to become UID/GID 0.
>> It passes an empty groups list to virSetUI
Am 01.07.2015 um 11:40 schrieb Martin Kletzander:
On Tue, Jun 30, 2015 at 07:54:25PM +0200, Richard Weinberger wrote:
Am 30.06.2015 um 19:12 schrieb Martin Kletzander:
Hmm, very strange. What guest container are you using?
I tried with a Debian jessi and had user namespace enabled.
Sorry
Am 30.06.2015 um 19:12 schrieb Martin Kletzander:
Hmm, very strange. What guest container are you using?
I tried with a Debian jessi and had user namespace enabled.
Sorry for the late reply. I used simple one. Only gentoo's stage 3
unpacked into a directory, no special settings used for
Am 26.06.2015 um 15:09 schrieb Martin Kletzander:
On Tue, Jun 23, 2015 at 04:38:57PM +0200, Richard Weinberger wrote:
Instead of creating symlinks, bind mount the devices to
/dev/pts/XY.
Using bind mounts it is no longer needed to add pts devices
to files like /dev/securetty.
I guess you
Am 22.06.2015 um 16:51 schrieb Daniel P. Berrange:
On Mon, Jun 22, 2015 at 04:40:37PM +0200, Richard Weinberger wrote:
Hi!
Why is libvirt-lxc issuing a setsid() in lxcContainerSetupFDs()?
To me it seems like a hack to have a controlling TTY if PID 1 is /bin/bash.
I honestly can't remember
Am 22.06.2015 um 16:51 schrieb Daniel P. Berrange:
Also note systemd uses the device via /dev/console, not /dev/tty1
and with 'container_ttys' we've told it not to use /dev/tty1 for
gettys. So maybe it deals with /dev/console in a different way
than it would if it were /dev/tty1
BTW: Why are
Instead of creating symlinks, bind mount the devices to
/dev/pts/XY.
Using bind mounts it is no longer needed to add pts devices
to files like /dev/securetty.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_container.c | 38 +-
1 file changed
Am 23.06.2015 um 14:18 schrieb Richard Weinberger:
Am 22.06.2015 um 16:51 schrieb Daniel P. Berrange:
On Mon, Jun 22, 2015 at 04:40:37PM +0200, Richard Weinberger wrote:
Hi!
Why is libvirt-lxc issuing a setsid() in lxcContainerSetupFDs()?
To me it seems like a hack to have a controlling TTY
/bash.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_container.c | 14 +-
1 file changed, 1 insertion(+), 13 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 11e9514..7d531e2 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc
supplementary groups.
In most cases this issue is unoticed as libvirtd runs as UID/GID 0
without any supplementary groups.
Signed-off-by: Richard Weinberger rich...@nod.at
---
I've marked that patch as RFC as I'm not sure if all users of virSetUIDGID()
expect this behavior too.
Thanks,
//richard
---
src
Hi!
Why is libvirt-lxc issuing a setsid() in lxcContainerSetupFDs()?
To me it seems like a hack to have a controlling TTY if PID 1 is /bin/bash.
If one runs a sysv init style distro (like Debian) in libvirt-lxc the setsid()
has
a major downside, when getty spawns a login shell on /dev/tty1 it
Am 16.06.2015 um 14:31 schrieb Daniel P. Berrange:
Thanks Richard / Eric for the suggested patches. I'll apply Eric's
simplified patch to libvirt now, and backport it to our stable
libvirt branches.
Thank you Daniel!
--
libvir-list mailing list
libvir-list@redhat.com
[CC'ing libvirt-lxc folks]
Am 28.05.2015 um 23:32 schrieb Eric W. Biederman:
Richard Weinberger rich...@nod.at writes:
Am 28.05.2015 um 21:57 schrieb Eric W. Biederman:
FWIW, it breaks also libvirt-lxc:
Error: internal error: guest failed to start: Failed to re-mount /proc/sys
on /proc
Am 11.03.2015 um 10:36 schrieb Richard Weinberger:
Am 11.03.2015 um 03:30 schrieb Chen, Hanxiao:
@@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool
userns_enabled)
bool bindOverReadonly;
virLXCBasicMountInfo const *mnt = lxcBasicMounts[i];
+/* When
Am 19.03.2015 um 18:28 schrieb Daniel P. Berrange:
On Thu, Mar 19, 2015 at 06:04:57PM +0100, Richard Weinberger wrote:
Am 19.03.2015 um 17:58 schrieb Daniel P. Berrange:
On Thu, Mar 19, 2015 at 05:54:32PM +0100, Richard Weinberger wrote:
Am 11.03.2015 um 10:36 schrieb Richard Weinberger:
Am
Am 19.03.2015 um 17:58 schrieb Daniel P. Berrange:
On Thu, Mar 19, 2015 at 05:54:32PM +0100, Richard Weinberger wrote:
Am 11.03.2015 um 10:36 schrieb Richard Weinberger:
Am 11.03.2015 um 03:30 schrieb Chen, Hanxiao:
@@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool
userns_enabled
Am 11.03.2015 um 03:30 schrieb Chen, Hanxiao:
@@ -826,8 +829,25 @@ static int lxcContainerMountBasicFS(bool
userns_enabled)
bool bindOverReadonly;
virLXCBasicMountInfo const *mnt = lxcBasicMounts[i];
+/* When enable userns but disable netns, kernel will
+
On Mon, Jul 14, 2014 at 12:01 PM, Chen Hanxiao
chenhanx...@cn.fujitsu.com wrote:
kernel commit 7dc5dbc879bd0779924b5132a48b731a0bc04a1e
forbid us doing a fresh mount for sysfs
when enable userns but disable netns.
This patch will create a bind mount in this senario.
Sorry for exhuming an
Ryan,
Am 23.02.2015 um 18:37 schrieb Ryan Cleere:
Richard,
I have to disagree that it should require idmap. It is true that without
idmap the container can freely set it's own rlimits, but I believe this
functionality could be useful to
containers that don't run /sbin/init. What I mean
On Fri, Jan 30, 2015 at 4:32 PM, Ryan Cleere rcle...@gmail.com wrote:
I guess I don't really have an argument for or against removing some of them
from rlimits. The original patch that I wrote and we use internally only
allowed setting of RLIMIT_NOFILE, but when I went to publish it back to
,
Daniel
Daniel P. Berrange (1):
lxc: Stop mouning /proc and /sys read only
src/lxc/lxc_container.c | 15 +++
1 file changed, 11 insertions(+), 4 deletions(-)
Acked-by: Richard Weinberger rich...@nod.at
Thanks,
//richard
--
libvir-list mailing list
libvir-list@redhat.com
https
Am 08.01.2015 um 14:45 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We have historically done a number of things with LXC that are
somewhat questionable in retrospect
1. Mounted /proc/sys
Am 08.01.2015 um 15:06 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 03:02:59PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:45 schrieb Daniel P. Berrange:
On Thu, Jan 08, 2015 at 02:36:36PM +0100, Richard Weinberger wrote:
Am 08.01.2015 um 14:02 schrieb Daniel P. Berrange:
We
Am 24.12.2014 um 03:23 schrieb Chen, Hanxiao:
-Original Message-
From: Richard Weinberger [mailto:richard.weinber...@gmail.com]
Sent: Wednesday, December 24, 2014 5:36 AM
To: Eric Blake
Cc: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com
Subject: Re: [libvirt] [PATCH RFC] LXC: don't
On Wed, Dec 10, 2014 at 10:40 AM, Cédric Bosdonnat cbosdon...@suse.com wrote:
Some programs want to change some values for the network interfaces
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
allows wicked to work on openSUSE 13.2+.
Reusing the
On Mon, Dec 22, 2014 at 4:12 PM, Eric Blake ebl...@redhat.com wrote:
On 12/21/2014 08:57 PM, Chen Hanxiao wrote:
s/namespce/namespace/ in the subject line
If we enabled user ns and provided a uid/gid map,
we do not need to mount /proc, /sys as readonly.
Leave it to kernel for protection.
Am 12.12.2014 um 10:33 schrieb Daniel P. Berrange:
On Thu, Dec 11, 2014 at 10:06:40PM +0100, Richard Weinberger wrote:
On Tue, Dec 9, 2014 at 10:47 AM, Cédric Bosdonnat cbosdon...@suse.com
wrote:
Some programs want to change some values for the network interfaces
configuration in /proc/sys
On Tue, Dec 9, 2014 at 10:47 AM, Cédric Bosdonnat cbosdon...@suse.com wrote:
Some programs want to change some values for the network interfaces
configuration in /proc/sys/net/ipv[46] folders. Giving RW access on them
allows wicked to work on openSUSE 13.2+.
In order to mount those folders RW
Am 26.11.2014 um 00:15 schrieb Richard Weinberger:
Eric,
On Thu, Aug 21, 2014 at 4:09 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Richard Weinberger rich...@nod.at writes:
Am 21.08.2014 15:12, schrieb Christoph Hellwig:
On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman
Am 28.11.2014 um 06:33 schrieb Martin Pitt:
Hello all,
Cameron Norman [2014-11-27 12:26 -0800]:
On Wed, Nov 26, 2014 at 1:29 PM, Richard Weinberger rich...@nod.at wrote:
Hi!
I run a Linux container setup with openSUSE 13.1/2 as guest distro.
After some time containers slow down
Am 26.11.2014 um 22:29 schrieb Richard Weinberger:
Hi!
I run a Linux container setup with openSUSE 13.1/2 as guest distro.
After some time containers slow down.
An investigation showed that the containers slow down because a lot of stale
user sessions slow down almost all systemd tools
Am 26.11.2014 um 05:51 schrieb Martin Kletzander:
On Tue, Nov 25, 2014 at 04:19:48PM +0100, Richard Weinberger wrote:
On Tue, Nov 25, 2014 at 9:21 AM, Cedric Bosdonnat cbosdon...@suse.com
wrote:
On Tue, 2014-11-25 at 08:42 +0100, Martin Kletzander wrote:
On Mon, Nov 24, 2014 at 09:54:44PM
Am 26.11.2014 um 09:25 schrieb Cedric Bosdonnat:
Hi Martin,
On Wed, 2014-11-26 at 05:51 +0100, Martin Kletzander wrote:
Instead of papering over the issue in libvirt better ship a non-broken
iproute2
in openSUSE 13.2.
real fix:
Am 26.11.2014 um 10:16 schrieb Cedric Bosdonnat:
On Wed, 2014-11-26 at 09:34 +0100, Richard Weinberger wrote:
Am 26.11.2014 um 09:25 schrieb Cedric Bosdonnat:
Hi Martin,
On Wed, 2014-11-26 at 05:51 +0100, Martin Kletzander wrote:
Instead of papering over the issue in libvirt better ship
Am 26.11.2014 um 14:23 schrieb Eric Blake:
On 11/26/2014 02:25 AM, Richard Weinberger wrote:
So I think we should keep that for those running the buggy 3.16.
openSUSE has to fix their package and to serve a bugfix update, full stop.
Thought that may not happen only to openSUSE
Hi!
I run a Linux container setup with openSUSE 13.1/2 as guest distro.
After some time containers slow down.
An investigation showed that the containers slow down because a lot of stale
user sessions slow down almost all systemd tools, mostly systemctl.
loginctl reports many thousand sessions.
On Tue, Nov 25, 2014 at 9:21 AM, Cedric Bosdonnat cbosdon...@suse.com wrote:
On Tue, 2014-11-25 at 08:42 +0100, Martin Kletzander wrote:
On Mon, Nov 24, 2014 at 09:54:44PM +0100, Cédric Bosdonnat wrote:
Due to a change (or bug?) in ip link implementation, the command
'ip link add vnet0...'
Eric,
On Thu, Aug 21, 2014 at 4:09 PM, Eric W. Biederman
ebied...@xmission.com wrote:
Richard Weinberger rich...@nod.at writes:
Am 21.08.2014 15:12, schrieb Christoph Hellwig:
On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote:
Richard Weinberger richard.weinber...@gmail.com
On Fri, Oct 10, 2014 at 2:03 PM, Cédric Bosdonnat cbosdon...@suse.com wrote:
Hi all,
Here is a rebased version of v2. Nothing changed except the 'since' version
number
in the added doc that has been updated.
--
Cedric
Cédric Bosdonnat (16):
Forgot to cleanup ifname_guest* in domain
Am 29.09.2014 11:13, schrieb Chen, Hanxiao:
I'm not sure this commit could help
because reproduce this issue looks like so unpredictable.
Yeah, maybe.
I did some tests in the last weekend,
unfortunately, I could not reproduce it again with both 208 and 215...
Same here. So far I was unable
Hi!
Sometimes libvirt (1.2.7) becomes unable to start any container.
Logs show only:
error : virDBusCall:1429 : error from service: CreateMachine: Input/output error
It looks like dbus_connection_send_with_reply_and_block() returns EIO.
Has anyone else seen this kind of issue?
I'm currently a
Chen,
Am 26.09.2014 10:23, schrieb Chen, Hanxiao:
Has anyone else seen this kind of issue?
I'm currently a bit puzzled where to look for the root cause.
Maybe it is related to dbus.
Could you share your XML config?
Guess it's something with systemd.
There you go:
domain type='lxc'
Chen,
Am 26.09.2014 11:49, schrieb Chen, Hanxiao:
Hi Richard,
-Original Message-
From: Richard Weinberger [mailto:rich...@nod.at]
Sent: Friday, September 26, 2014 4:59 PM
To: Chen, Hanxiao/陈 晗霄; Richard Weinberger; libvir-list@redhat.com
Subject: Re: [libvirt] CreateMachine: Input
Chen,
Am 26.09.2014 11:54, schrieb Richard Weinberger:
On fedora20 with systemd 208, upstream libvirt,
I could reproduce it.
We're also on systemd 208.
I have an idea, maybe we need this commit in our systemd:
http://lists.freedesktop.org/archives/systemd-commits/2014-July/006543.html
Am 26.09.2014 19:40, schrieb Guido Günther:
On Fri, Sep 26, 2014 at 10:06:39AM +0200, Richard Weinberger wrote:
Hi!
Sometimes libvirt (1.2.7) becomes unable to start any container.
Logs show only:
error : virDBusCall:1429 : error from service: CreateMachine: Input/output
error
It looks
On Thu, Aug 21, 2014 at 4:09 PM, Eric W. Biederman
ebied...@xmission.com wrote:
It looks like commit 87b47932f40a11280584bce260cbdb3b5f9e8b7d in
git.kernel.org/cgit/linux/kernel/git/ebiederm/user-namespace.git for-next
unbreaks libvirt-lxc.
I hope it hits Linus tree and -stable before the
Am 29.08.2014 12:03, schrieb Daniel Veillard:
On Wed, Aug 27, 2014 at 08:45:29PM +0200, Richard Weinberger wrote:
On Wed, Aug 27, 2014 at 9:18 AM, Daniel Veillard veill...@redhat.com wrote:
So I tagged 1.2.8-rc1 in git and made tarball and signed rpms
Can you please sign the tarball too
Am 28.08.2014 09:14, schrieb Daniel Veillard:
On Wed, Aug 27, 2014 at 08:45:29PM +0200, Richard Weinberger wrote:
On Wed, Aug 27, 2014 at 9:18 AM, Daniel Veillard veill...@redhat.com wrote:
So I tagged 1.2.8-rc1 in git and made tarball and signed rpms
Can you please sign the tarball too
Cedric,
Am 27.08.2014 09:33, schrieb Cedric Bosdonnat:
Hi Richard,
On Tue, 2014-08-26 at 22:32 +0200, Richard Weinberger wrote:
On Tue, Aug 26, 2014 at 3:20 PM, Cédric Bosdonnat cbosdon...@suse.com
wrote:
Hi all,
Here is the whole series resent with a major addition: the functions
used
On Wed, Aug 27, 2014 at 9:18 AM, Daniel Veillard veill...@redhat.com wrote:
So I tagged 1.2.8-rc1 in git and made tarball and signed rpms
Can you please sign the tarball too?
--
Thanks,
//richard
--
libvir-list mailing list
libvir-list@redhat.com
On Tue, Aug 26, 2014 at 3:20 PM, Cédric Bosdonnat cbosdon...@suse.com wrote:
Hi all,
Here is the whole series resent with a major addition: the functions
used to set the IP and add a route now use libnl when possible. The idea
behind this is to avoid requiring iproute2 or ifconfig installed
Am 21.08.2014 06:53, schrieb Eric W. Biederman:
The bugs fixed are security issues, so if we have to break a small
number of userspace applications we will. Anything that we can
reasonably do to avoid regressions will be done.
Could you please look at my user-namespace.git#for-next branch I
Am 21.08.2014 08:29, schrieb Richard Weinberger:
Am 21.08.2014 06:53, schrieb Eric W. Biederman:
The bugs fixed are security issues, so if we have to break a small
number of userspace applications we will. Anything that we can
reasonably do to avoid regressions will be done.
Could you
Am 21.08.2014 15:12, schrieb Christoph Hellwig:
On Wed, Aug 20, 2014 at 09:53:49PM -0700, Eric W. Biederman wrote:
Richard Weinberger richard.weinber...@gmail.com writes:
On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman ebied...@xmission.com
wrote:
This commit breaks libvirt-lxc.
libvirt
On Wed, Aug 6, 2014 at 2:57 AM, Eric W. Biederman ebied...@xmission.com wrote:
Linus,
Please pull the for-linus branch from the git tree:
git://git.kernel.org/pub/scm/linux/kernel/git/ebiederm/user-namespace.git
for-linus
HEAD: 344470cac42e887e68cfb5bdfa6171baf27f1eb5 proc: Point
Am 14.08.2014 14:35, schrieb Ján Tomko:
On 07/28/2014 10:59 PM, Richard Weinberger wrote:
The gid value passed to devpts has to be translated by hand as
virLXCControllerSetupDevPTS() is called before setting up the user
and group mappings.
Otherwise devpts will use an unmapped gid and openpty
On Mon, Aug 11, 2014 at 11:13 AM, Daniel P. Berrange
berra...@redhat.com wrote:
On Tue, Aug 05, 2014 at 02:40:53AM +, chenhanx...@cn.fujitsu.com wrote:
ping
-Original Message-
From: libvir-list-boun...@redhat.com
[mailto:libvir-list-boun...@redhat.com]
On Behalf Of Chen
Hi!
How can I cryptographically verify libvirt releases?
There are no signature/hash files in http://libvirt.org/sources/.
All I see is that your git release tags are PGP signed.
So, anyone who cares has to ignore everything in http://libvirt.org/sources/
and needs to regenerate the tarball from
Am 29.07.2014 05:45, schrieb chenhanx...@cn.fujitsu.com:
-Original Message-
From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com]
On Behalf Of Richard Weinberger
Sent: Tuesday, July 29, 2014 4:59 AM
To: libvir-list@redhat.com
Cc: Richard Weinberger; da
sane to me.
Reviewed-by: Richard Weinberger rich...@nod.at
--
Thanks,
//richard
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Jul 30, 2014 at 8:14 PM, Cedric Bosdonnat cbosdon...@suse.com wrote:
Hi all,
On Fri, 2014-07-25 at 17:03 +0200, Cédric Bosdonnat wrote:
Uses the new virDomainNetDef ips to set the IP addresses on the network
interfaces in the container.
---
src/lxc/lxc_container.c | 20
Hi!
Kernel commit 23adbe12 (fs,userns: Change inode_capable to
capable_wrt_inode_uidgid)
uncovered a libvirt-lxc issue.
Starting with that commit the kernel correctly checks also the gid of an inode.
Sadly this change breaks libvirt-lxc in a way such that openpty() will always
fail
with -EPERM
Am 28.07.2014 16:37, schrieb Daniel P. Berrange:
On Mon, Jul 28, 2014 at 04:25:56PM +0200, Richard Weinberger wrote:
Hi!
Kernel commit 23adbe12 (fs,userns: Change inode_capable to
capable_wrt_inode_uidgid)
uncovered a libvirt-lxc issue.
Starting with that commit the kernel correctly checks
to capable_wrt_inode_uidgid)
uncovered that issue.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_controller.c | 25 +++--
1 file changed, 23 insertions(+), 2 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 2d220eb..82ecf12
Am 03.07.2014 09:15, schrieb Cedric Bosdonnat:
On Wed, 2014-07-02 at 23:00 +0200, Richard Weinberger wrote:
On Wed, Jul 2, 2014 at 3:57 PM, Cédric Bosdonnat cbosdon...@suse.com wrote:
This patch series allows users to configure the network device name in the
LXC container. I intentionaly
On Wed, Jul 2, 2014 at 3:57 PM, Cédric Bosdonnat cbosdon...@suse.com wrote:
This patch series allows users to configure the network device name in the
LXC container. I intentionaly didn't allow this for hostdev net interfaces
as the NIC would be returned with a different name to the host and we
On Mon, Jun 2, 2014 at 6:22 PM, Daniel P. Berrange berra...@redhat.com wrote:
IIUC, we'd need to recursively chown the files under /proc/sys/net to
give them the remapped UID/GID of the root user in the container, in
order that they can be used.
So overall I think we'd have to do
- Make
On Fri, May 16, 2014 at 7:53 PM, Daniel P. Berrange berra...@redhat.com wrote:
Hi Libvirt team,
A number of opensource projects have weekly meetings between their community
of contributors to facilitate their day-to-day working and particularly
to resolve roadblocks that people are having.
On Mon, May 5, 2014 at 5:14 PM, Dwight Engen dwight.en...@oracle.com wrote:
When a console is configured, /dev/console and /dev/tty1 are created as
symlinks to the same underlying pts. This causes problems since a
separate getty will be spawned for /dev/console and /dev/tty1, but they
are each
Hi!
My KVM hosts share the same filesystem and I'm facing an issue using
managedsave.
If I save vmX using managedsave on hostA and restore it later using
virsh restore in hostB
the qemu process consumes 100% CPU and makes no progress.
On the other hand, if I save vmX using save the restore works
On Fri, May 2, 2014 at 2:16 PM, Daniel P. Berrange berra...@redhat.com wrote:
On Fri, May 02, 2014 at 02:08:28PM +0200, Richard Weinberger wrote:
Hi!
My KVM hosts share the same filesystem and I'm facing an issue using
managedsave.
If I save vmX using managedsave on hostA and restore
On Fri, May 2, 2014 at 2:26 PM, Daniel P. Berrange berra...@redhat.com wrote:
On Fri, May 02, 2014 at 02:21:08PM +0200, Richard Weinberger wrote:
On Fri, May 2, 2014 at 2:16 PM, Daniel P. Berrange berra...@redhat.com
wrote:
On Fri, May 02, 2014 at 02:08:28PM +0200, Richard Weinberger wrote
On Fri, May 2, 2014 at 2:16 PM, Daniel P. Berrange berra...@redhat.com wrote:
On Fri, May 02, 2014 at 02:08:28PM +0200, Richard Weinberger wrote:
Hi!
My KVM hosts share the same filesystem and I'm facing an issue using
managedsave.
If I save vmX using managedsave on hostA and restore
On Fri, May 2, 2014 at 3:43 PM, Laine Stump la...@laine.org wrote:
On 05/02/2014 03:38 PM, Richard Weinberger wrote:
On Fri, May 2, 2014 at 2:16 PM, Daniel P. Berrange berra...@redhat.com
wrote:
On Fri, May 02, 2014 at 02:08:28PM +0200, Richard Weinberger wrote:
Hi!
My KVM hosts share
On Fri, May 2, 2014 at 4:36 PM, Laine Stump la...@laine.org wrote:
On 05/02/2014 04:52 PM, Richard Weinberger wrote:
On Fri, May 2, 2014 at 3:43 PM, Laine Stump la...@laine.org wrote:
On 05/02/2014 03:38 PM, Richard Weinberger wrote:
On Fri, May 2, 2014 at 2:16 PM, Daniel P. Berrange berra
Commit b9dd878f (util: make it easier to grab only regular command exit)
changed the call semantics of virCommandRun() and therefore of virRun()
too. But lxcCheckNetNsSupport() was not updated.
As consequence of this lxcCheckNetNsSupport always failed and broke LXC.
Signed-off-by: Richard
Am 24.02.2014 13:20, schrieb Daniel P. Berrange:
On Fri, Feb 14, 2014 at 02:25:55PM +0100, Richard Weinberger wrote:
diff --git a/src/util/vircgroup.c b/src/util/vircgroup.c
index a6d60c5..4bef0db 100644
--- a/src/util/vircgroup.c
+++ b/src/util/vircgroup.c
@@ -3253,6 +3253,66 @@ cleanup
Hi!
If we suspend a LXC domain libvirt freezes all tasks in the cgroup using the
process freezer.
Upon destroy libvirt tries to kill all tasks using SIGTERM and later SIGKILL,
but as they are frozen
the tasks are unkillable.
This seems to confuse libvirt, all tasks remain but libvirt forgets
Am 14.02.2014 11:21, schrieb Stephan Sachse:
this patch works for me. container is starting fine. but a login
(ssh/console) is not possible.
Thanks for testing!
But I fear my patch is not the culprit for your login issues.
host: centos6
kernel: 3.13.2
libvirt: 1.2.1 (+ lxc: Add
Am 14.02.2014 11:30, schrieb Daniel P. Berrange:
On Fri, Feb 14, 2014 at 08:49:07AM +0100, Richard Weinberger wrote:
Am 13.02.2014 18:16, schrieb Daniel P. Berrange:
On Tue, Feb 11, 2014 at 11:51:26PM +0100, Richard Weinberger wrote:
Due to security concerns we delegate only
Am 14.02.2014 13:42, schrieb Stephan Sachse:
agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted
agetty[38]: /dev/tty1: cannot get controlling tty: Operation not permitted
agetty[38]: /dev/tty1: cannot set process group: Inappropriate ioctl for
device
Is this really
Add a new helper function to change the permissions
of a control group.
This function is needed for user namespaces, we need to chmod()
the cgroup to the initial uid/gid such that systemd is allowed to
use the cgroup.
Signed-off-by: Richard Weinberger rich...@nod.at
---
Changes between v1 and v2
On Fri, Feb 14, 2014 at 2:17 PM, Tom Kuther t...@kuther.net wrote:
Am 14.02.2014 13:42, schrieb Stephan Sachse:
set LogLevel to DEBUG3. keyexchange is down. put then hangs for some
time und sshd dies
sshd[269]: debug1: KEX done [preauth]
sshd[269]: debug1: userauth-request for user root
Currently we enforce that every container has a cgroup.
So we can delete these two !priv-cgroup branches.
Signed-off-by: Richard Weinberger rich...@nod.at
---
Hi!
Maybe I miss something but I think we can delete these two !priv-cgroup
branches.
If virLXCCgroupCreate() returns NULL the LXC
Am 14.02.2014 15:30, schrieb Daniel P. Berrange:
On Fri, Feb 14, 2014 at 03:21:01PM +0100, Richard Weinberger wrote:
Currently we enforce that every container has a cgroup.
So we can delete these two !priv-cgroup branches.
Signed-off-by: Richard Weinberger rich...@nod.at
---
Hi!
Maybe I
Destroying a suspended domain needs special action.
We cannot simply terminate all process because they are frozen.
Do deal with that we send them SIGKILL and thaw them.
Upon wakeup the process sees the pending signal and dies immediately.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src
Am 14.02.2014 08:10, schrieb Martin Kletzander:
On Thu, Feb 13, 2014 at 05:15:22PM +, Daniel P. Berrange wrote:
From: Richard Weinberger rich...@nod.at
Add a new helper function to change the permissions of a control
group. This function is needed for user namespaces, we need to
chmod
Am 13.02.2014 18:16, schrieb Daniel P. Berrange:
On Tue, Feb 11, 2014 at 11:51:26PM +0100, Richard Weinberger wrote:
Due to security concerns we delegate only VIR_CGROUP_CONTROLLER_SYSTEMD
to containers.
Currently it is not safe to allow a container access to a resource
controller.
We
Add a new helper function to change the permissions
of a control group.
This function is needed for user namespaces, we need to chmod()
the cgroup to the initial uid/gid such that systemd is allowed to
use the cgroup.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/libvirt_private.syms
Am 11.02.2014 13:05, schrieb Daniel P. Berrange:
On Sat, Feb 08, 2014 at 06:37:43PM +0100, Richard Weinberger wrote:
Add a new helper function to change the permissions
of a control group.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_controller.c | 7 +++
src/util
Due to security concerns we delegate only VIR_CGROUP_CONTROLLER_SYSTEMD
to containers.
Currently it is not safe to allow a container access to a resource controller.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_container.c | 3 ++-
src/util/vircgroup.c| 5 -
src/util
Add a new helper function to change the permissions
of a control group.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_controller.c | 7 +++
src/util/vircgroup.c | 43 +++
src/util/vircgroup.h | 2 ++
3 files changed, 52
These two patches fix the issue that control groups are unusable if
user namespaces are enabled.
We have to chown() the control group to the correct user.
As the container mounts the control group and only the controller
is allowed to chown() the mount point we need a new barrier to synchronize
Add another barrier to give the controller a chance to
setup additional things after the container setup is done.
This new barrier is needed to chown() the cgroup after
the container has mounted it.
Signed-off-by: Richard Weinberger rich...@nod.at
---
src/lxc/lxc_container.c | 16
Hi!
I'm trying to get rid of a hack to make systemd (kind of) work in
Linux containers on libvirt.
The hack can be found in the first mail of [0].
systemd folks told me that systemd needs a name=systemd cgroup [0],
which makes perfectly sense to me.
I found that libvirt does this already, but
Am Montag, 16. Dezember 2013, 10:51:01 schrieb Daniel P. Berrange:
On Sun, Dec 15, 2013 at 07:09:19PM +0100, Richard Weinberger wrote:
On Fri, Jul 26, 2013 at 5:48 PM, Daniel P. Berrange berra...@redhat.com
wrote:
+char *virSystemdMakeScopeName(const char *name
On Fri, Jul 26, 2013 at 5:48 PM, Daniel P. Berrange berra...@redhat.com wrote:
From: Daniel P. Berrange berra...@redhat.com
There are some interesting escaping rules to consider when dealing
with systemd slice/scope names. Thus it is helpful to have APIs
for formatting names
Signed-off-by:
,
//richard
Regards,
Jim
Daniel P. Berrange wrote:
On Wed, Jul 17, 2013 at 11:33:22PM +0200, Richard Weinberger wrote:
Am 12.07.2013 03:36, schrieb Gao feng:
On 07/11/2013 07:58 PM, Richard Weinberger wrote:
Am 11.07.2013 11:49, schrieb Daniel P. Berrange:
On Thu
1 - 100 of 140 matches
Mail list logo