Daniel Lezcano [Tue, 1 Jun 2010 16:56:54 +0000 (18:56 +0200)]
fix busybox template
Fix various bug with the busybox template:
* add a warning when busybox is not statically linked
* delete the password for root (chpasswd is not available for all busybox)
* add the new pts option
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 1 Jun 2010 16:56:54 +0000 (18:56 +0200)]
Fix ubuntu template
- Fixed rootfs path.
- Removed network section, it should to be passed to the lxc-create
configuration option in order to concatenate the configuration files
- Generate en_US local instead of de_DE
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 1 Jun 2010 10:13:32 +0000 (12:13 +0200)]
fix compilation warnings
Fix the following warnings:
console.c: In function ‘console_handler’:
console.c:252: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
console.c:254: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_veth’:
conf.c:1130: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c:1135: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_macvlan’:
conf.c:1206: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
af_unix.c: In function ‘lxc_af_unix_send_fd’:
af_unix.c:124: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_recv_fd’:
af_unix.c:169: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_send_credential’:
af_unix.c:195: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_rcv_credential’:
af_unix.c:237: warning: dereferencing type-punned pointer will break strict-aliasing rules
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 27 May 2010 12:27:13 +0000 (14:27 +0200)]
move lxc-init to $libdir/lxc
As specified by FHS:
/usr/lib includes object files, libraries, and internal binaries that
are not intended to be executed directly by users or shell scripts.
Applications may use a single subdirectory under /usr/lib. If an
application uses a subdirectory, all architecture-dependent data
exclusively used by the application must be placed within that
subdirectory.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 27 May 2010 12:27:13 +0000 (14:27 +0200)]
change the rootfs mount location and add the README
Previous path was $libdir/lxc, changed to $libdir/lxc/rootfs.
Added a README file to be placed in this directory, describing
the purpose of this empty directory. Having a file to be installed
in this directory makes the Makefile to automatically create the
directory at install time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 19:43:53 +0000 (21:43 +0200)]
introduce a sync API
The following patch wrap the calls on the synchronisation
socketpair in a lxc_sync_ API. It hopefully clarifies what
is done in the start sequence to the expense of more lines
of code ...
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 14:54:48 +0000 (16:54 +0200)]
merge lxc_restart() and lxc_start()
now that we have specific operations and specific arguments for each
sequence, lxc_restart() and lxc_start() can easily be merged under
a common subroutine.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 14:54:48 +0000 (16:54 +0200)]
replace common start_arg by private start_arg
the following patch moves the start argument in private
structs which are opaque to lxc_spawn(). To achieve this goal,
we need to move the sv[2] socketpair and lxc_handler
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Denis Rizaev [Mon, 24 May 2010 13:06:36 +0000 (15:06 +0200)]
fix initial run level
I did a little investigation about runlevels and i think we can assume
runlevels 2-5 as normal. So, we can check if system was in runlevel 2-5
and proc count is 1 and now we are in 0/6.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Denis Rizaev <Denis.Rizaev@trueoffice.ru>
Daniel Lezcano [Wed, 12 May 2010 21:44:28 +0000 (23:44 +0200)]
add a configure option to set a rootfs mount point
Add a configure option to set a mount point path when using a rootfs,
that will replace the actual behavior which creates uneeded /tmp/lxc**
directories.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Ferenc Wagner [Mon, 10 May 2010 09:50:10 +0000 (11:50 +0200)]
no need to use a temporary directory for pivoting
Ferenc Wagner <wferi@niif.hu> writes:
> Daniel Lezcano <dlezcano@fr.ibm.com> writes:
>
>> Ferenc Wagner wrote:
>>
>>> Daniel Lezcano <daniel.lezcano@free.fr> writes:
>>>
>>>> Ferenc Wagner wrote:
>>>>
>>>>> While playing with lxc-start, I noticed that /tmp is infested by
>>>>> empty lxc-r* directories: [...] Ok, this name comes from lxc-rootfs
>>>>> in conf.c:setup_rootfs. After setup_rootfs_pivot_root returns, the
>>>>> original /tmp is not available anymore, so rmdir(tmpname) at the
>>>>> bottom of setup_rootfs can't achieve much. Why is this temporary
>>>>> name needed anyway? Is pivoting impossible without it?
>>>>
>>>> That was put in place with chroot, before pivot_root, so the distro's
>>>> scripts can remount their '/' without failing.
>>>>
>>>> Now we have pivot_root, I suppose we can change that to something cleaner...
>>>
>>> Like simply nuking it? Shall I send a patch?
>>
>> Sure, if we can kill it, I will be glad to take your patch :)
>
> I can't see any reason why lxc-start couldn't do without that temporary
> recursive bind mount of the original root. If neither do you, I'll
> patch it out and see if it still flies.
For my purposes the patch below works fine. I only run applications,
though, not full systems, so wider testing is definitely needed.
Guillaume Zitta [Mon, 10 May 2010 09:50:10 +0000 (11:50 +0200)]
make lxc-checkconfig more explicit
With a friend, we installed lxc on his server.
We spend 1 hour on the kernel config because we didn't knew :
- that lxc-checkconfig is a bash script and it can check a config before
running it
- which kernel config item whas not good
- that CONFIG_SECURITY_FILE_CAPABILITIES is obsolete since 2.6.33
So, here is a patch for lxc-checkconfig that could save time for lxc newbies
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Modified-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Guillaume Zitta <lxc@zitta.fr>
Daniel Lezcano [Mon, 10 May 2010 09:50:09 +0000 (11:50 +0200)]
update INSTALL file
"lxc configure does not exist. You need to run ./autogen.sh to create it.
I think it needs to either be documented in INSTALL or you provide ./configure"
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Reported-by: Jamal Hadi Salim <hadi@cyberus.ca>
Daniel Lezcano [Mon, 10 May 2010 09:50:09 +0000 (11:50 +0200)]
fix pivot_root temporary directory
First of all, when trying to start a container in a read-only root
lxc-start complains:
lxc-start: Read-only file system - can't make temporary mountpoint
This is in conf.c:setup_rootfs_pivot_root() function. That function
uses optional parameter "lxc.pivotdir", or creates (and later removes)
a temporary directory for pivot_root. Obviously there's no way to
create a directory in a read-only filesystem.
But lxc.pivotdir does not work either. In the function mentioned above
it is used with leading dot (eg. if I specify "lxc.pivotdir=pivot" in
the config file the pivot_root() syscall will be made to ".pivot" with
leading dot, not to "pivot"), but later on it is used without that dot,
and fails:
lxc-start: No such file or directory - failed to open /pivot/proc/mounts
lxc-start: No such file or directory - failed to read or parse mount list '/pivot/proc/mounts'
lxc-start: failed to pivot_root to '/stage/t'
(that's with "lxc.pivotdir = pivot" in the config file). After symlinking
pivot to .pivot it still fails:
lxc-start: Device or resource busy - could not unmount old rootfs
lxc-start: failed to pivot_root to '/stage/t'
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Reported-by: Michael Tokarev <mjt@tls.msk.ru>
Daniel Lezcano [Mon, 10 May 2010 09:50:09 +0000 (11:50 +0200)]
Fix console infinite loop
When the client console exits, the mainloop goes in an infinite loop
as the handler is not removed and we are notified from the disconnection
indefinitely.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 7 May 2010 12:37:05 +0000 (14:37 +0200)]
do not exit mainloop when child is stopped
When the init container is stopped, we don't check this condition
and we assume the child exited and we wait indefinitely for the child
to exit while this one is stopped.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Thu, 29 Apr 2010 08:03:59 +0000 (10:03 +0200)]
lxc: remove perror call in nl.c (V2)
There is only one such perror call, so remove it in nl.c
In this same patch, verify that all functions of nl.c and network.c
are reporting a -errno value in case of error;
value that is reported in lxc log by the callers in conf.c
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
lxc-kill send a signal to the process 1 of the container.
If this command is used on an application container ran by
lxc-execute, the lxc-init will receive the signal and will forward it to
the process 2 which is the command specified in the command line.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com> Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 8 Apr 2010 07:44:23 +0000 (09:44 +0200)]
change to the same directory when attaching
This patch will try to change the default "/" directory to the
directory we were before attaching. In order to work correctly,
the path has to exist in the container, that makes sense with a
shared file system without rootfs.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 8 Apr 2010 07:44:23 +0000 (09:44 +0200)]
restart the container at reboot
When the reboot is detected, reboot the container.
That needs to set all file descriptor opened by lxc-start
to be flagged with the close-on-exec flag, otherwise when
re-execing ourself, we inherit our own fd.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 8 Apr 2010 07:44:23 +0000 (09:44 +0200)]
count the number of tasks in the container
This patch adds a function to count the number of tasks in the
container. The result is not reliable as it may change with a fork
or an exit, but in some cases, for example, there is only one task, or
the container is frozen, the result is accurate.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Fri, 2 Apr 2010 16:45:47 +0000 (18:45 +0200)]
lxc: add --statefile opt to lxc-checkpoint/restart
based on patch from: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>
but also:
* remove the deprecated --directory one.
* change liblxc api of checkpoint/restart to use fd and not string.
* explicitely report error messages for the checkpoint/restart stub functions.
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
do not use logfile in lxc_init (V2)
The log file in lxc-init is quite useless as the code is trivial.
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
fix lxc-attach returned error
When we try to attach to a container belonging to another user than us,
the command fails as expected but the return code is wrong, so we have
an "unknown error" instead of "permission denied".
Daniel Lezcano [Thu, 25 Feb 2010 09:24:13 +0000 (10:24 +0100)]
fix network devices cleanup on error
Delete the network devices when an error occurs before they are moved
to the network namespace (network namespace destruction triggers the
network devices deletion). Otherwise they stay in the system.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
projects / mirror_lxc.git / log