Changes since v1:
* check the length of passed-in string
Changes since v2:
* remove non-abstract socket code path to simplify functions
* rename lxc_af_unix_* family to lxc_abstract_unix_*
On this system list_active_containers returns 14 containers while only 10 containers are running.
Following patch;
* Introduces array_contains function to do a binary search on given array,
* Starts to sort arrays inside the add_to_clist and add_to_names functions,
* Consumes array_contains in list_active_containers to eliminate duplicates,
* Replaces the linear search code in lxcapi_get_interfaces with the new function.
Changes since v1:
* Do not load containers if a if a container list is not passed in
* Fix possible memory leaks in lxcapi_get_ips and lxcapi_get_interfaces if realloc fails
Serge Hallyn [Wed, 23 Oct 2013 15:52:37 +0000 (10:52 -0500)]
start: use lxc-user-nic if we are not root
Note this results in nics named things like 'lxcuser-0p'. We'll
likely want to pass the requested name to lxc-user-nic, but let's
do that in a separate patch.
If we're not root, we can't create new network itnerfaces to pass
into the container. Instead wait until the container is started,
and call lxc-user-nic to create and assign the nics.
Serge Hallyn [Thu, 24 Oct 2013 16:35:55 +0000 (11:35 -0500)]
strtoul: check errno
In a few places we checked for LONG_MIN or LONG_MAX as indication
that strtoul failed. That's not reliable. As suggested in the
manpage, switch to checking errno value.
Stéphane Graber [Thu, 24 Oct 2013 01:50:43 +0000 (21:50 -0400)]
clang: Remaining changes
Those are a bit less obvious than those I pushed directly to master.
All those changes were required to build LXC under clang here.
With this, gcc can be replaced by clang to build LXC so long as you're
not using the python3 binding (as python extensions can't be built under
clang at the moment).
For reference, the clang output for those is: http://paste.ubuntu.com/6292460/
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 24 Oct 2013 01:54:13 +0000 (20:54 -0500)]
apparmor: cache the are-we-enabled decision
Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Dwight Engen [Wed, 23 Oct 2013 21:03:40 +0000 (17:03 -0400)]
oracle template: restrict writeability in /proc and /sys
Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Tue, 22 Oct 2013 20:33:26 +0000 (16:33 -0400)]
update rpm .spec file
The following changes were made to fix rpmlint warnings/errors
- use %global instead of %define
http://fedoraproject.org/wiki/PackagingDrafts/global_preferred_over_define
- change Summary to match .deb
- update License
- do not mention the libcap dependency explicitly, rpm will fill it in
- fix Summary, Description for libs and devel packages
- pass -q to %setup
- add %post for libs to run ldconfig
- explicitly name lxc man paths so pkg doesn't "own" /usr/share/man
- mark /etc/lxc/default.conf as a config file
In addition, while I was here:
- split lua bits into seperate lxc-lua package
- change Description to match .deb
- remove "Version" in changelog entries to follow
http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs
Sidnei da Silva [Mon, 19 Aug 2013 22:34:19 +0000 (19:34 -0300)]
Add a --thinpool argument to lxc-create, to use thin pool backed lvm when creating the container. When cloning a container backed by a thin pool, the clone will default to the same thin pool.
Dwight Engen [Fri, 18 Oct 2013 18:31:53 +0000 (14:31 -0400)]
use proper config item depending on which lsm is enabled
On a system with AppArmor enabled, if lxc.se_context is configured but
lxc.aa_profile is not (because the user just wants to use the default
AppArmor profile) lxc was passing the lxc.se_context to be set as the
new AppArmor profile. Determine which configuration item to use based
on which lsm is enabled.
Stéphane Graber [Fri, 18 Oct 2013 17:27:46 +0000 (13:27 -0400)]
lxc-start-ephemeral: Fix broken mount logic
This reworks the mount logic for lxc-start-ephemeral to be as follow:
- Any real (non-bind) entry gets copied to the target fstab
- Any bind-mount from a virtual fs gets copied to the target fstab
- Any remaining bind-mount if confirmed to be valid gets setup as an
overlay.
Extra bind-mounts passed through the -b option are mounted by the
pre-mount script and don't need processing by the fstab generator.
Serge Hallyn [Fri, 18 Oct 2013 15:31:27 +0000 (10:31 -0500)]
parse.c: don't print error message on callback rv > 0
A callback return value < 0 means there was an error, so print
out an error message. But a rv > 0 is used by the mount_unknown_fs
functions to say "we found the one we want, stop here."
Document this, and only print an error message if rv < 0. Otherwise,
lxc-create -B lvm --fstype ext3 -t ubuntu -n u1
will print an (innocuous) error message about being unable to parse
the config value 'ext3'.
This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.
It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Stéphane Graber [Tue, 15 Oct 2013 15:17:55 +0000 (11:17 -0400)]
Make 'make dist' match git content
This fixes a few obvious issues when comparing the make dist output with
the git tree.
- Make all templates non-executable in git
- Remove unused files:
- src/lxc/list.c (empty, only includes the list.h header)
- src/lxc/lxc-destroy.in (replace by lxc_destroy.c)
- Add missing files to dist tarball:
- src/python-lxc/examples/pyconsole.py
- src/python-lxc/examples/pyconsole-vte.py
- Mark all the python API tests executable
- Mark lxc-test-ubuntu executable
Serge Hallyn [Fri, 11 Oct 2013 15:44:39 +0000 (10:44 -0500)]
define list container api (v2)
Two new commands are defined: list_defined_containers() and
list_active_containers(). Both take an lxcpath (NULL means
use the default lxcpath) and return the number of containers
found. If a lxc_container ** is passed in, then an array of
lxc_container's is returned, one for each container found.
The caller must then lxc_container_put() each container and
free the array, as shown in the new list testcase.
If a char ** is passed in, then an array of container names
is returned, after which the caller must free all the names
and the name array, as showsn in the testcase.
Changelog:
Check for the container config file before trying to
create an lxc_container *, to save some work. [ per
stgraber comments]
Add names ** argument to return only container names.
Dwight Engen [Thu, 10 Oct 2013 16:59:04 +0000 (12:59 -0400)]
fix clone prototype
gcc was complaining with:
reboot.c:33: error: conflicting types for ‘clone’
/usr/include/bits/sched.h:83: note: previous declaration of ‘clone’ was here
KATOH Yasufumi [Wed, 9 Oct 2013 10:00:32 +0000 (19:00 +0900)]
template: Add Plamo Linux template
This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Dwight Engen [Tue, 8 Oct 2013 16:22:57 +0000 (12:22 -0400)]
ensure gnutls is initialized before use
Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:
lxc-create: Libgcrypt warning: missing initialization -
please fix the application
Scott Moser [Tue, 8 Oct 2013 00:41:23 +0000 (20:41 -0400)]
lxc-ubuntu-cloud: pass --numeric-owner and -p to untar
Just following up here, Serge raised the question of whether or not the
other two invocations of 'tar' in this script need '--numeric-owner'.
They probably should have it, although its of little concern because the
'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for
download, and the only supported ubuntu release without the -root.tar.gz
download is 10.04 at this point.
Anyway, below is a more complete diff, also including a fix as
'--numeric-uid' is not a valid option to tar. The name is
'--numeric-owner'.
Signed-off-by: Scott Moser <smoser@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Dwight Engen [Fri, 4 Oct 2013 17:45:59 +0000 (13:45 -0400)]
always include the ja manpage sources in make dist
These need to be in the dist tarball even if the host packaging system
doesn't have docbook2x, otherwise configure will fail to find them. Also,
the build system may have docbook2x, even if the packaging system does not.
Dwight Engen [Fri, 4 Oct 2013 17:46:05 +0000 (13:46 -0400)]
fix errors when using docbook2man
docbook2man picks up some errors that docbook2x does not, fixing them
isn't harmful to docbook2x. The only real change is adding <para> and
<citerefentry> tags.
This patches the Fedora template to insure that the legacy network
startup scripts are enabled when NetworkManager has not been installed
in the container (default).
It also fixes a login problem with pam_loginuid.so in a container.
https://bugzilla.redhat.com/show_bug.cgi?id=966807
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
-- Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 4 Oct 2013 02:41:59 +0000 (22:41 -0400)]
lxc-ubuntu: Remove trim option
Container trimming is a bad idea in general, Ubuntu since 12.04 allows
standard systems to run in containers and we've got separate code to
deal with 10.04, so let's just drop trim.
templates/lxc-fedora Rework for distro independence.
This patch reworks the Fedora template to operate in the most "distro
agnostic" manner possible. It should even run on distros where rpm and
yum are not present and not available or may be incompatible. It
depends on the most basic set of system facilities like rsync but does
require squashfs support also be available to mount a LiveOS runtime.
Based on comments at Linux Plumbers, what I had been referring to as a
"run time environment" or RTE has been renamed in the code to refer to
it as a "bootstrap". It has been tested on Fedora (of course),
OpenSuse, Ubuntu, and Oracle (latest host versions of each) building
Fedora containers of F19 back through F9. Varying levels of database
problems were encountered from F11 and back and are "will not fix" due
to versions being long EOL. F15 and F16 build but do not run "out of
the box" due to systemd version issues and those are also "will not fix"
for the same reasons.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 3 Oct 2013 03:30:31 +0000 (22:30 -0500)]
add basic lxc-test-ubuntu (v3)
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
changelog v3:
Make sure to only read one ip address from container.
Stéphane Graber [Wed, 2 Oct 2013 22:25:37 +0000 (18:25 -0400)]
Improve behaviour for unprivileged users
This mostly changes two things:
- Only log to the container's logfile on start/stop/restart/execute
- Call may_control() every time we use the API and return
"Insufficient privileges" on failure.
NOTE: I didn't test every single one of those but I'm fairly confident
in my copy/paste abilities and I confirmed they all build fine at least.