Re: [libvirt] [PATCH v2] lxc: Refresh capabilities if they have never been initalized

On Mon, Dec 09, 2019 at 02:58:51PM -0500, Cole Robinson wrote: > Adjust virLXCDriverGetCapabilities to fill in driver->caps if it is > empty, regardless of the passed 'refresh' value. This matches the > pattern used in virQEMUDriverGetCapabilities > > This fixes LXC XML startup parsing for me >

[libvirt] [PATCH v2] lxc: Refresh capabilities if they have never been initalized

Adjust virLXCDriverGetCapabilities to fill in driver->caps if it is empty, regardless of the passed 'refresh' value. This matches the pattern used in virQEMUDriverGetCapabilities This fixes LXC XML startup parsing for me Signed-off-by: Cole Robinson --- v2: Use the

[libvirt] [PATCH] src: lxc: Fix typo in a Makefile variable

In commit 0985a9597bb0348d46c0d18dc548a676bf0ad8e2 we stopped distributing generated source file. This is done by prepending binary_SOURCES variable with "nodist_". However, there is a typo - the prefix is "nodst_" instead of "nodist_". Signed-off-by: Michal Privoznik --- Pushed under trivial

[libvirt] [PATCH] Revert "lxc: Try harder to stop/reboot containers"

This reverts commit 14b6a1854fb4c02c5fb2f51679f8ff099f28f53c. If virLXCDomainSetRunlevel returns -1 this indicates a serious error / failure that must be propagated to the caller. We must not carry on with other shutdown methods in this case. If virLXCDomainSetRunlevel return 0, this indicates

Re: [libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

On 11/11/18 12:46 PM, Julio Faracco wrote: > Em sáb, 10 de nov de 2018 às 11:17, John Ferlan escreveu: >> >> >> >> On 11/9/18 12:30 PM, Julio Faracco wrote: >>> This patch introduce the new settings for LXC 3.0 or higher. The older >>> versions keep the compatibility to deprecated settings for

Re: [libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

On 11/12/18 6:13 AM, Daniel P. Berrangé wrote: > On Fri, Nov 09, 2018 at 03:30:59PM -0200, Julio Faracco wrote: >> This patch introduce the new settings for LXC 3.0 or higher. The older >> versions keep the compatibility to deprecated settings for LXC, but >> after release 3.0, the compatibility

Re: [libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

On Fri, Nov 09, 2018 at 03:30:59PM -0200, Julio Faracco wrote: > This patch introduce the new settings for LXC 3.0 or higher. The older > versions keep the compatibility to deprecated settings for LXC, but > after release 3.0, the compatibility was removed. This commit adds the > support to the

Re: [libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

Em sáb, 10 de nov de 2018 às 11:17, John Ferlan escreveu: > > > > On 11/9/18 12:30 PM, Julio Faracco wrote: > > This patch introduce the new settings for LXC 3.0 or higher. The older > > versions keep the compatibility to deprecated settings for LXC, but > > after release 3.0, the compatibility

Re: [libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

On 11/9/18 12:30 PM, Julio Faracco wrote: > This patch introduce the new settings for LXC 3.0 or higher. The older > versions keep the compatibility to deprecated settings for LXC, but > after release 3.0, the compatibility was removed. This commit adds the > support to the refactored settings.

[libvirt] [PATCH v3] lxc: Include support to lxc version 3.0 or higher.

This patch introduce the new settings for LXC 3.0 or higher. The older versions keep the compatibility to deprecated settings for LXC, but after release 3.0, the compatibility was removed. This commit adds the support to the refactored settings. v1-v2: Michal's suggestions to handle differences

Re: [libvirt] [PATCH v2] lxc: Clang is complaining about possible NULL pointer.

On Wed, Nov 07, 2018 at 04:23:47PM -0500, John Ferlan wrote: On 11/7/18 3:57 PM, Julio Faracco wrote: The array "mount" inside lxc_container is not being checked before for loop. Clang syntax scan is complaining about this segmentation fault. Signed-off-by: Julio Faracco ---

Re: [libvirt] [PATCH v2] lxc: Clang is complaining about possible NULL pointer.

On 11/7/18 3:57 PM, Julio Faracco wrote: > The array "mount" inside lxc_container is not being checked before for > loop. Clang syntax scan is complaining about this segmentation fault. > > Signed-off-by: Julio Faracco > --- > src/lxc/lxc_container.c | 14 -- > 1 file changed, 8

[libvirt] [PATCH v2] lxc: Clang is complaining about possible NULL pointer.

The array "mount" inside lxc_container is not being checked before for loop. Clang syntax scan is complaining about this segmentation fault. Signed-off-by: Julio Faracco --- src/lxc/lxc_container.c | 14 -- 1 file changed, 8 insertions(+), 6 deletions(-) diff --git

Re: [libvirt] [PATCH v2] lxc: Include support to lxc version 3.0 or higher.

On 11/5/18 1:57 PM, Julio Faracco wrote: > This patch introduce the new settings for LXC 3.0 or higher. The older > versions keep the compatibility to deprecated settings for LXC, but > after release 3.0, the compatibility was removed. This commit adds the > support to the refactored settings.

Re: [libvirt] [PATCH v2] lxc: Include support to lxc version 3.0 or higher.

On Monday, 5 November 2018 19:57:24 CET Julio Faracco wrote: > This patch introduce the new settings for LXC 3.0 or higher. The older > versions keep the compatibility to deprecated settings for LXC, but > after release 3.0, the compatibility was removed. This commit adds the > support to the

[libvirt] [PATCH v2] lxc: Include support to lxc version 3.0 or higher.

This patch introduce the new settings for LXC 3.0 or higher. The older versions keep the compatibility to deprecated settings for LXC, but after release 3.0, the compatibility was removed. This commit adds the support to the refactored settings. Signed-off-by: Julio Faracco ---

Re: [libvirt] [PATCH RFC] lxc: Include support to lxc version 3.0 and higher.

On 10/01/2018 04:18 AM, Julio Faracco wrote: > This patch introduce the new settings for LXC 3.0 and higher. The older > versions keep the compatibility to deprecated settings for LXC, but > after release 3.0, the compatibility was removed. This commit adds the > support to the refactored

Re: [libvirt] [PATCH RFC] lxc: Include support to lxc version 3.0 and higher.

For further reference: https://lists.linuxcontainers.org/pipermail/lxc-devel/2018-April/017663.html Em dom, 30 de set de 2018 às 23:24, Julio Faracco escreveu: > > Hi guys, > > I put the RFC mark because I don't know if this is the best way to > enhance the support for LXC 3.0. Considering this

Re: [libvirt] [PATCH RFC] lxc: Include support to lxc version 3.0 and higher.

Hi guys, I put the RFC mark because I don't know if this is the best way to enhance the support for LXC 3.0. Considering this patch, I can use both o version without any issue, but I would like to see other points of view. I'm not completely right about this approach. -- Julio Cesar Faracco Em

[libvirt] [PATCH RFC] lxc: Include support to lxc version 3.0 and higher.

This patch introduce the new settings for LXC 3.0 and higher. The older versions keep the compatibility to deprecated settings for LXC, but after release 3.0, the compatibility was removed. This commit adds the support to the refactored settings. Signed-off-by: Julio Faracco ---

Re: [libvirt] [RFC PATCH] lxc: Up back the veth interfaces by default

Hi again, Le jeudi 11 janvier 2018 à 18:08 +0100, Benjamin Cama a écrit : > Upping an interface without configuring it is not a “cardinal sin” but a > sensible way to achieve auto-configuration, e.g. with IPv6 SLAAC (RFC > 4862). If NetworkManager has troube with interfaces having only a >

[libvirt] [RFC PATCH] lxc: Up back the veth interfaces by default

Upping an interface without configuring it is not a “cardinal sin” but a sensible way to achieve auto-configuration, e.g. with IPv6 SLAAC (RFC 4862). If NetworkManager has troube with interfaces having only a link-local address, this is a bug in NetworkManager, not in libvirt; it should listen for

Re: [libvirt] [PATCH v2] lxc: monitor now holds a reference to the domain

On 08.12.2016 16:29, Cédric Bosdonnat wrote: > If the monitor doesn't hold a reference to the domain object > the object may be destroyed before the monitor actually stops. > --- > v2: Moved vm ref upper, removed vm unref in error case. > > src/lxc/lxc_monitor.c | 3 ++- > 1 file changed, 2

[libvirt] [PATCH v2] lxc: monitor now holds a reference to the domain

If the monitor doesn't hold a reference to the domain object the object may be destroyed before the monitor actually stops. --- v2: Moved vm ref upper, removed vm unref in error case. src/lxc/lxc_monitor.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git

Re: [libvirt] [ 3/5] lxc domain allow to set peer address

On Mon, Apr 04, 2016 at 09:00:04PM +, Vasiliy Tolstov wrote: > Signed-off-by: Vasiliy Tolstov > --- > src/lxc/lxc_container.c | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c > index

[libvirt] [ 3/5] lxc domain allow to set peer address

Signed-off-by: Vasiliy Tolstov --- src/lxc/lxc_container.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 348bbfbc01fc..a1deb0c00d4c 100644 --- a/src/lxc/lxc_container.c +++

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Just a one-time announcement - beside the git tree at github.com/hallyn/libresource there is also a mailing list now at https://lists.linuxcontainers.org/listinfo/libresource-devel I don't really intend to be a driving developer on it, but will happily review and discuss and help where I can.

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 24, 2015 at 03:53:24PM +, Serge Hallyn wrote: > > Quoting Daniel P. Berrange (berra...@redhat.com): > > > On Thu, Sep 24, 2015 at 02:41:49PM +, Serge Hallyn wrote: > > > > Quoting Fabio Kung (fabio.k...@gmail.com): > > > > >

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Thu, Sep 24, 2015 at 02:41:49PM +, Serge Hallyn wrote: > Quoting Fabio Kung (fabio.k...@gmail.com): > > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn > > wrote: > > > > > > Ok, so I could create a project on github, but that doesn't come with > > > a m-l. Last I

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Fabio Kung (fabio.k...@gmail.com): > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn > wrote: > > > > Ok, so I could create a project on github, but that doesn't come with > > a m-l. Last I used it, sf was problematic. Any other suggestions for > > where to host

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 24, 2015 at 02:41:49PM +, Serge Hallyn wrote: > > Quoting Fabio Kung (fabio.k...@gmail.com): > > > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn > > > wrote: > > > > > > > > Ok, so I could create a

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Thu, Sep 24, 2015 at 03:53:24PM +, Serge Hallyn wrote: > Quoting Daniel P. Berrange (berra...@redhat.com): > > On Thu, Sep 24, 2015 at 02:41:49PM +, Serge Hallyn wrote: > > > Quoting Fabio Kung (fabio.k...@gmail.com): > > > > On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn > > > >

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

anywhere. > > > > > > > > Correct, unfortunately. > > > > > > > > > > > > > For the same reasons you cited above, and because everyeone is rolling > > > > > their own at fuse level, I still think that a libresource and pa

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Wed, Sep 16, 2015 at 12:29 PM, Serge Hallyn wrote: > > Ok, so I could create a project on github, but that doesn't come with > a m-l. Last I used it, sf was problematic. Any other suggestions for > where to host a mailing list? Might the github issue tracker

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

you cited above, and because everyeone is rolling > > their own at fuse level, I still think that a libresource and patches > > to proc tools to use them, is the right way to go. We have no shortage > > of sample code for the functions doing the actual work, between libvirt

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

mment-58255159 > > > > > > so maybe this never went anywhere. > > > > Correct, unfortunately. > > > > > > > For the same reasons you cited above, and because everyeone is rolling > > > their own at fuse level, I still think that a libresource and patches &g

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

asons you cited above, and because everyeone is rolling > > > > their own at fuse level, I still think that a libresource and patches > > > > to proc tools to use them, is the right way to go. We have no shortage > > > > of sample code for the functions doing

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

ce and patches > to proc tools to use them, is the right way to go. We have no shortage > of sample code for the functions doing the actual work, between libvirt, > lxc, docker, etc :) > > Should we just go ahead and start a libresource github project? +1, if there's momentum on this I be

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > We already have a fuse mount to reflect the cgroup memory restrictions > in the container. This commit adds the same for the number of available > CPUs. Only the CPUs listed by virProcessGetAffinity are shown in the > container's

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

Quoting Daniel P. Berrange (berra...@redhat.com): > On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > > We already have a fuse mount to reflect the cgroup memory restrictions > > in the container. This commit adds the same for the number of available > > CPUs. Only the CPUs

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

searching, but http://fabiokung.com/2014/03/13/memory-inside-linux-containers/ I can't find anything called 'libmymem', and in 2014 he said https://github.com/docker/docker/issues/8427#issuecomment-58255159 so maybe this never went anywhere. For the same reasons you cited above, and because e

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Mon, 2015-09-07 at 15:21 +0200, Cedric Bosdonnat wrote: > > The more minor concern I have is around the implementation. AFAIR, > > the > > /proc/cpuinfo file contents is not standardized across > > architectures, > > so I'm concerned whether your parsing code is robust on non-x86 > > arches. >

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Mon, Sep 07, 2015 at 03:39:13PM +, Serge Hallyn wrote: > Quoting Daniel P. Berrange (berra...@redhat.com): > > On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > > > We already have a fuse mount to reflect the cgroup memory restrictions > > > in the container. This commit

Re: [libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

On Mon, 2015-09-07 at 13:23 +0100, Daniel P. Berrange wrote: > On Thu, Sep 03, 2015 at 11:51:16AM +0200, Cédric Bosdonnat wrote: > > We already have a fuse mount to reflect the cgroup memory restrictions > > in the container. This commit adds the same for the number of available > > CPUs. Only the

[libvirt] [PATCH v2] lxc: fuse mount for /proc/cpuinfo

We already have a fuse mount to reflect the cgroup memory restrictions in the container. This commit adds the same for the number of available CPUs. Only the CPUs listed by virProcessGetAffinity are shown in the container's cpuinfo. --- src/lxc/lxc_container.c | 42 ---

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

On Thu, Aug 27, 2015 at 04:47:24PM -0600, Eric Blake wrote: On 08/27/2015 04:38 PM, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

Eric Blake wrote: On 08/27/2015 04:38 PM, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers.

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

Daniel P. Berrange wrote: On Tue, Aug 11, 2015 at 10:25:19AM +0200, Peter Krempa wrote: On Tue, Aug 11, 2015 at 09:18:23 +0100, Daniel Berrange wrote: On Mon, Aug 10, 2015 at 12:49:55PM -0600, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e,

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

On 08/27/2015 04:38 PM, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. I guess we should probably do this in

Re: [libvirt] [PATCH v3] lxc: Inherit namespace feature

On 08/14/2015 08:09 AM, Daniel P. Berrange wrote: From: Imran Khan ik.n...@gmail.com This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [

Re: [libvirt] [PATCH v4] lxc: Inherit namespace feature

On Thu, Aug 20, 2015 at 07:16:17PM +0530, ik.nitk wrote: This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ].

[libvirt] [PATCH v4] lxc: Inherit namespace feature

This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker networking option in which you can give

Re: [libvirt] [PATCH v3] lxc: Inherit namespace feature

On 14.08.2015 14:09, Daniel P. Berrange wrote: From: Imran Khan ik.n...@gmail.com This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [

[libvirt] [PATCH v3] lxc: Inherit namespace feature

From: Imran Khan ik.n...@gmail.com This patch adds feature for lxc containers to inherit namespaces. This is very similar to what lxc-tools or docker provides. Look for man lxc-start and you will find that you can pass command args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

On Mon, Aug 10, 2015 at 12:49:55PM -0600, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. Conflicts:

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

On Tue, Aug 11, 2015 at 10:25:19AM +0200, Peter Krempa wrote: On Tue, Aug 11, 2015 at 09:18:23 +0100, Daniel Berrange wrote: On Mon, Aug 10, 2015 at 12:49:55PM -0600, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic

Re: [libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

On Tue, Aug 11, 2015 at 09:18:23 +0100, Daniel Berrange wrote: On Mon, Aug 10, 2015 at 12:49:55PM -0600, Jim Fehlig wrote: This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was

[libvirt] [PATCH] Revert LXC: show used memory as 0 when domain is not active

This reverts commit 1ce7c1d20cfd5afb26d2dbc88201085d52415d0e, which introduced a significant semantic change to the virDomainGetInfo() API. Additionally, the change was only made to 2 of the 15 virt drivers. Conflicts: src/qemu/qemu_driver.c Signed-off-by: Jim Fehlig jfeh...@suse.com ---

Re: [libvirt] [PATCH v2] lxc: don't up the veth interfaces unless explicitly asked to

On 24.04.2015 15:52, Lubomir Rintel wrote: Upping an interface for no reason and not configuring it is a cardinal sin. With the default addrgenmode if eui64 it sticks a link-local address to the interface. That is not good, as NetworkManager would see an address configured, assume the

[libvirt] [PATCH v2] lxc: don't up the veth interfaces unless explicitly asked to

Upping an interface for no reason and not configuring it is a cardinal sin. With the default addrgenmode if eui64 it sticks a link-local address to the interface. That is not good, as NetworkManager would see an address configured, assume the interface is already configured and won't touch it

Re: [libvirt] [PATCH v2] lxc: create the required directories upon driver start

Hi Lubomir, On Wed, 2015-04-08 at 19:16 +0200, Lubomir Rintel wrote: /var/run may reside on a tmpfs and we fail to create the PID file if /var/run/lxc does not exist. I would enhance the commit message with something like this: Since commit 0a8addc1, the lxc driver's state directory isn't

[libvirt] [PATCH v2] lxc: create the required directories upon driver start

/var/run may reside on a tmpfs and we fail to create the PID file if /var/run/lxc does not exist. [cbosdon...@suse.com: use cfg-stateDir instead of LXC_STATE_DIR] Signed-off-by: Lubomir Rintel lkund...@v3.sk --- src/lxc/lxc_driver.c | 7 +++ 1 file changed, 7 insertions(+) diff --git

Re: [libvirt] [PATCH v3] lxc: fix show the wrong xml when guest start failed

On 02/04/2015 08:42 AM, Luyao Huang wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1176503 When guest start failed, libvirt will keep the current vm-def, this will make a issue that we cannot get a right xml after guest start failed. And don't call the stop/release hook to do some

Re: [libvirt] [PATCH v3] lxc: fix show the wrong xml when guest start failed

On 02/13/2015 04:45 AM, John Ferlan wrote: On 02/04/2015 08:42 AM, Luyao Huang wrote: https://bugzilla.redhat.com/show_bug.cgi?id=1176503 When guest start failed, libvirt will keep the current vm-def, this will make a issue that we cannot get a right xml after guest start failed. And don't

[libvirt] [PATCH v3] lxc: fix show the wrong xml when guest start failed

https://bugzilla.redhat.com/show_bug.cgi?id=1176503 When guest start failed, libvirt will keep the current vm-def, this will make a issue that we cannot get a right xml after guest start failed. And don't call the stop/release hook to do some other clean work. Call virLXCProcessCleanup to help

Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

-Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Chen Hanxiao Sent: Monday, December 22, 2014 11:57 AM To: libvir-list@redhat.com Subject: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce

Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

Am 24.12.2014 um 03:23 schrieb Chen, Hanxiao: -Original Message- From: Richard Weinberger [mailto:richard.weinber...@gmail.com] Sent: Wednesday, December 24, 2014 5:36 AM To: Eric Blake Cc: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com Subject: Re: [libvirt] [PATCH RFC] LXC: don't

Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

/net/ipv4, /proc/sys/net/ipv4, NULL, MS_BIND, false, false, true }, { /.oldroot/proc/sys/net/ipv6, /proc/sys/net/ipv6, NULL, MS_BIND, false, false, true }, You can set skipUserNS for these. But I *really* would like to see /proc and /sys mounted RW as default. Please see my comment to: [libvirt

Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

-Original Message- From: Richard Weinberger [mailto:richard.weinber...@gmail.com] Sent: Wednesday, December 24, 2014 5:36 AM To: Eric Blake Cc: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com Subject: Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

Re: [libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

On 12/21/2014 08:57 PM, Chen Hanxiao wrote: s/namespce/namespace/ in the subject line If we enabled user ns and provided a uid/gid map, we do not need to mount /proc, /sys as readonly. Leave it to kernel for protection. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com ---

[libvirt] [PATCH RFC] LXC: don't RO mount /proc, /sys when user namespce enabled

If we enabled user ns and provided a uid/gid map, we do not need to mount /proc, /sys as readonly. Leave it to kernel for protection. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 6 ++ 1 file changed, 6 insertions(+) diff --git

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Chen Hanxiao Sent: Friday, July 25, 2014 2:40 PM To: libvir-list@redhat.com Subject: [libvirt] [PATCH RFC] LXC: add HOME environment variable We lacked of HOME environment

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

On 09/04/2014 03:58 AM, Chen, Hanxiao wrote: The kernel sets up $HOME for the init process. Therefore any init can assume that $HOME is set. libvirt currently violates that implicit rule. Ah ok, that makese sense then. ACK Could anyone help to push this patch according to Dan's ACK?

Re: [libvirt] [PATCH] libvirt: lxc: Add Get/Set vcpus for lxc

On 2014/8/22 17:50, Li Yang wrote: 1.Add function to get vcpu count for lxc(vcpucount) 2.Add function to set vcpu count for lxc(setvcpus) Signed-off-by: Li Yang liyang.f...@cn.fujitsu.com --- src/lxc/lxc_driver.c | 159 ++ 1 files

[libvirt] [PATCH] libvirt: lxc: Add Get/Set vcpus for lxc

1.Add function to get vcpu count for lxc(vcpucount) 2.Add function to set vcpu count for lxc(setvcpus) Signed-off-by: Li Yang liyang.f...@cn.fujitsu.com --- src/lxc/lxc_driver.c | 159 ++ 1 files changed, 159 insertions(+), 0 deletions(-) diff

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

Hanxiao Sent: Friday, July 25, 2014 2:40 PM To: libvir-list@redhat.com Subject: [libvirt] [PATCH RFC] LXC: add HOME environment variable We lacked of HOME environment variable, set 'HOME=/' as default. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Chen Hanxiao Sent: Friday, July 25, 2014 2:40 PM To: libvir-list@redhat.com Subject: [libvirt] [PATCH RFC] LXC: add HOME environment variable We lacked of HOME environment variable, set 'HOME=/' as default

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

: [libvirt] [PATCH RFC] LXC: add HOME environment variable We lacked of HOME environment variable, set 'HOME=/' as default. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- src/lxc/lxc_container.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/lxc

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

); virCommandAddEnvString(cmd, TERM=linux); virCommandAddEnvString(cmd, container=lxc-libvirt); +virCommandAddEnvString(cmd, HOME=/); virCommandAddEnvPair(cmd, container_uuid, uuidstr); if (nttyPaths 1) virCommandAddEnvPair(cmd, container_ttys, virBufferCurrentContent(buf)); Looks

Re: [libvirt] [PATCH RFC] LXC: add HOME environment variable

ping -Original Message- From: libvir-list-boun...@redhat.com [mailto:libvir-list-boun...@redhat.com] On Behalf Of Chen Hanxiao Sent: Friday, July 25, 2014 2:40 PM To: libvir-list@redhat.com Subject: [libvirt] [PATCH RFC] LXC: add HOME environment variable We lacked of HOME

[libvirt] [PATCHv3] Rework lxc apparmor profile

cleanup examples/apparmor/Makefile.am | 6 +- examples/apparmor/TEMPLATE.lxc| 15 examples/apparmor/{TEMPLATE = TEMPLATE.qemu} | 2 +- examples/apparmor/libvirt-lxc | 119 +++--- src/security/security_apparmor.c

Re: [libvirt] [PATCHv3] Rework lxc apparmor profile

On 07/15/2014 03:02 AM, Cédric Bosdonnat wrote: Rework the apparmor lxc profile abstraction to mimic ubuntu's container-default. This profile allows quite a lot, but strives to restrict access to dangerous resources. Removing the explicit authorizations to bash, systemd and cron files,

[libvirt] [PATCH v3] LXC: add support for --config in setmem command

In lxc, we could not use setmem command with --config options. This patch will add support for this. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v3: add max_balloon check for AFFECT_CONFIG v2: use virDomainSetMemoryFlagsEnsureACL remove redundant domain running check

Re: [libvirt] [PATCH v3] LXC: add support for --config in setmem command

On 07/11/2014 11:26 AM, Chen Hanxiao wrote: In lxc, we could not use setmem command with --config options. This patch will add support for this. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v3: add max_balloon check for AFFECT_CONFIG v2: use

[libvirt] [PATCHv2 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

--- src/security/virt-aa-helper.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b5f66f3..c8f17f9 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1342,10 +1342,13 @@

Re: [libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

Quoting Cédric Bosdonnat (cbosdon...@suse.com): --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Hi, I'm acking this anyway bc I think you're right, but I'm trying to think of a case where this would still be useful. What if we want to allow only a

Re: [libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

On 07/11/2014 09:22 AM, Serge Hallyn wrote: Quoting Cédric Bosdonnat (cbosdon...@suse.com): --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Hi, I'm acking this anyway bc I think you're right, but I'm trying to think of a case where this would

Re: [libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

On Fri, 2014-07-11 at 11:03 -0600, Eric Blake wrote: On 07/11/2014 09:22 AM, Serge Hallyn wrote: Quoting Cédric Bosdonnat (cbosdon...@suse.com): --- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) Hi, I'm acking this anyway bc I think

Re: [libvirt] [PATCHv2 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

On 07/11/2014 07:01 AM, Cédric Bosdonnat wrote: --- src/security/virt-aa-helper.c | 5 - 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b5f66f3..c8f17f9 100644 --- a/src/security/virt-aa-helper.c +++

Re: [libvirt] [PATCH v2] LXC: add support for --config in setmem command

On 07/08/2014 10:32 AM, Chen Hanxiao wrote: In lxc, we could not use setmem command with --config options. This patch will add support for this. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: use virDomainSetMemoryFlagsEnsureACL remove redundant domain running check

Re: [libvirt] [PATCH v2] LXC: add support for --config in setmem command

-Original Message- From: Ján Tomko [mailto:jto...@redhat.com] Sent: Thursday, July 10, 2014 9:40 PM -if (virDomainSetMemoryEnsureACL(dom-conn, vm-def) 0) +if (virDomainSetMemoryFlagsEnsureACL(dom-conn, vm-def, flags) 0) +goto cleanup; + +if (!(caps =

[libvirt] [PATCH 1/2] Don't output libvirt-UUID.files for LXC apparmor profiles

--- src/security/virt-aa-helper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index b5f66f3..d563b98 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1342,7 +1342,8 @@

[libvirt] [PATCH v2] LXC: add support for --config in setmem command

In lxc, we could not use setmem command with --config options. This patch will add support for this. Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: use virDomainSetMemoryFlagsEnsureACL remove redundant domain running check src/lxc/lxc_driver.c | 48

Re: [libvirt] [PATCH] virt-lxc-convert: make free return values in bytes

On 07/04/2014 03:58 PM, Cédric Bosdonnat wrote: Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while free may give us values in a different unit by default: force free to output bytes with -b flag. --- examples/lxcconvert/virt-lxc-convert | 2 +- 1 file changed, 1

[libvirt] [PATCH] virt-lxc-convert: make free return values in bytes

Tiny fix for virt-lxc-convert: we are setting memory values in bytes, while free may give us values in a different unit by default: force free to output bytes with -b flag. --- examples/lxcconvert/virt-lxc-convert | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git

[libvirt] [PATCH v2] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING

fix: virsh -c lxc:/// memtune DOMAIN error: Unable to get number of memory parameters error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: also fix a similar issue in lxcDomainGetSchedulerParametersFlags

Re: [libvirt] [PATCH v2] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING

On 06/24/2014 09:24 AM, Chen Hanxiao wrote: fix: virsh -c lxc:/// memtune DOMAIN error: Unable to get number of memory parameters error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: also fix a similar issue

Re: [libvirt] [PATCH v2] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING

-Original Message- From: Ján Tomko [mailto:jto...@redhat.com] Sent: Tuesday, June 24, 2014 4:57 PM To: Chen, Hanxiao/陈 晗霄; libvir-list@redhat.com Subject: Re: [libvirt] [PATCH v2] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING On 06/24/2014 09:24 AM, Chen Hanxiao

[libvirt] [PATCH v3] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING

fix: virsh -c lxc:/// memtune DOMAIN error: Unable to get number of memory parameters error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: also fix a similar issue in lxcDomainGetSchedulerParametersFlags v3: fix

Re: [libvirt] [PATCH v3] LXC: trivially support flag VIR_DRV_FEATURE_TYPED_PARAM_STRING

On 06/24/2014 11:44 AM, Chen Hanxiao wrote: fix: virsh -c lxc:/// memtune DOMAIN error: Unable to get number of memory parameters error: unsupported flags (0x4) in function lxcDomainGetMemoryParameters Signed-off-by: Chen Hanxiao chenhanx...@cn.fujitsu.com --- v2: also fix a similar issue

  1   2   3   >