Add a new logger: syslog and Print the VM name in the logs
To activate it specify lxc.syslog = <afacility>
For now the available facilities are: daemon, local[0-7] others will be
rejected
syslog got only activated after the function that checks for inheritance
of fd is passed in order to make sure the syslog fd is not inherited
and prevent the creation of the fd is any log have been issued during
the checks (which would end up in an infinite loop)
Signed-off-by: Fatih ACAR <fatih.acar@gandi.net> Signed-off-by: Ahmed Amamou <ahmed@gandi.net> Signed-off-by: Baptiste Daroussin <bapt@gandi.net> Signed-off-by: William Dauchy <william@gandi.net>
lxc-checkpoint will fail because process createdy by lxc-attach has
incorrect cgroup ns. It needs to use "setns" instead of "unshare"
to set cgroup ns.
bdev/bdev.c: In function 'detect_fs':
bdev/bdev.c:686:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &linelen, f) != -1) {
^
Signed-off-by: Christian Brauner <cbrauner@suse.de>
criu.c: In function ‘exec_criu’:
criu.c:310:4: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format=]
ret = sprintf(ghost_limit, "%lu", opts->user->ghost_limit);
^
In file included from criu.c:42:0:
log.h:285:9: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format=]
struct lxc_log_locinfo locinfo = LXC_LOG_LOCINFO_INIT; \
^
criu.c:312:5: note: in expansion of macro ‘ERROR’
ERROR("failed to print ghost limit %lu", opts->user->ghost_limit);
^
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Place an ephemeral container started with -e flag on a tmpfs. Restrictions are
that you cannot request the data to be kept while placing the container on a
tmpfs, that either overlay or aufs backing storage must be used, and that the
storage backend of the original container must be a directory.
For ephemeral snapshots backed by overlay or aufs filesystems, a fresh tmpfs
is mounted over the containers directory if the user requests it. This should
be the easiest options. Anything else would require us to change the current
mount-layout of overlay and aufs snapshots. (A standard overlay or aufs
snapshot clone currently has the layout:
The fact that upperdir and workdir are not placed in a common subfolder under
the container directory has the consequence that we cannot simply mount a fresh
tmpfs under upperdir and workdir because overlay expects them to be on the same
filesystem.)
Because we mount a fresh tmpfs over the directory of the container the updated
/etc/hostname file created during the clone residing in the upperdir (currently
named "delta0" by default) will be hidden. Hence, if the user requests that the
old name is not to be kept for the clone, we recreate this file on the tmpfs.
This should be all that is required to restore the exact behaviour we would get
with a normal clone.
NOTE: If the container is rebooted all changes made to it are lost. This is not
easy to prevent since each reboot remounts the rootfs again.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Adrian Reber [Fri, 15 Jul 2016 08:54:30 +0000 (10:54 +0200)]
c/r: make local function static
This is a minimal commit which makes the function 'do_restore()' static
as it is not used anywhere else in the code. This also removes a
trailing space my editor complained about.
Adrian Reber [Mon, 4 Jul 2016 14:58:09 +0000 (16:58 +0200)]
c/r: drop in-flight connections during CRIU dump
Shortly after CRIU 2.3 has been released a patch has been added to skip
in-flight TCP connections. In-flight connections are not completely
established connections (SYN, SYN-ACK). Skipping in-flight TCP
connections means that the client has to re-initiate the connection
establishment.
This patch stores the CRIU version detected during version check, so
that during dump/checkpoint options can be dynamically enabled depending
on the available CRIU version.
v2:
* use the newly introduced criu version interface
* add an option to disable skipping in-flight connections
Adrian Reber [Mon, 11 Jul 2016 19:55:43 +0000 (21:55 +0200)]
c/r: initialize migrate_opts properly
The commit "c/r: add support for CRIU's --action-script" breaks
lxc-checkpoint on the command-line. It produces errors like:
sh: $'\260\366\b\001': command not found
and then it fails. src/lxc/criu.c expects migrate_opts->action_script to
be either NULL, then it is ignored, or to actually contain the name of
an action scripts.
As the struct migrate_opts has not static storage is has to be explicitly
initialized or the value of the structure's members is indeterminate.
- If version != NULL criu_version_ok() stores the detected criu version in
version. Allocates memory for version which must be freed by caller.
- If version == NULL criu_version_ok() will return true when the version
matches, false in all other cases.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
First, we're doing this so long a there is any cgroup config item -
even if no devices ones. Then if devices is not available we fail.
This was leading to Rob E's mysterious startup failures.
Secondly, we're not even using this info. The user was removed
awhile back.
Antonio Terceiro [Wed, 29 Jun 2016 17:58:35 +0000 (14:58 -0300)]
lxc-debian: fix regression when creating wheezy containers
The regression was introduced by commit 3c39b0b7a2b445e08d2e2aecb05566075f4f3423 which makes it possible to
create working stretch containers by forcinig `init` to be in the
included package list.
However, `init` didn't exit before jessie, so now for wheezy we
explicitly include `sysvinit`; sysvinit on wheezy is essential,
so it would already be included anyway.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
Preetam D'Souza [Tue, 28 Jun 2016 03:12:12 +0000 (23:12 -0400)]
Include all lxcmntent.h function declarations on Bionic
Newer versions of Android (5.0+, aka API Level 21+) include mntent.h,
which declares setmntent and endmntent. This hits an edge
case with the preprocessor checks in lxcmntent.h because HAVE_SETMNTENT
and HAVE_ENDMNTENT are both defined (in Bionic's mntent.h), but conf.c
always includes lxcmntent.h on Bionic! As a result, we get compiler
warnings of implicit function declarations for setmntent endmntent.
This patch always includes setmntent/endmntent/hasmntopt function
declarations on Bionic, which gets rid of these warnings.
Tycho Andersen [Mon, 27 Jun 2016 22:24:09 +0000 (22:24 +0000)]
c/r: use criu's "full" mode for cgroups
A while ago cgroup modes were introduced to CRIU, which slightly changed
the behavior w.r.t. cgroups under the hood. What we're really after is
criu's --full mode, i.e. even if a particular cgroup directory exists
(in particular /lxc/$container[-$number] will, since we create it), we
should restore perms on that cgroup.
Things worked just fine for actual properties (except "special" properties
as criu refers to them, which I've just sent a patch for) because liblxc
creates no subdirectories, just the TLD.
Stéphane Graber [Mon, 27 Jun 2016 19:15:15 +0000 (15:15 -0400)]
apparmor: Update mount states handling
Properly list all of the states and the right apparmor stanza for them,
then comment them all as actually enabling this would currently let the
user bypass apparmor entirely.
Antonio Terceiro [Fri, 17 Jun 2016 22:00:56 +0000 (19:00 -0300)]
lxc-debian: make sure init is installed
init 1.34 is not "Essential" anymore, in order to make it not required
on minimal chroots, docker containers, etc. Because of that we now need
to manually include it on systems that are expected to boot.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
Laurent Vivier [Mon, 13 Jun 2016 12:34:06 +0000 (14:34 +0200)]
lxc-debian: allow to specify a binfmt interpreter
If you specify an interpreter path with "-I" or "--interpreter-path",
the architecture of the debian container can differ from the one of
the host.
Before creating the container, binfmt must be configured on the host:
the script checks the name of the interpreter in /proc/sys/fs/binfmt_misc/
to know where to install it in the container.
Aleksandr Mezin [Mon, 6 Jun 2016 01:50:59 +0000 (07:50 +0600)]
python-lxc: follow global rpath setting for autotools builds
When LXC is configured with --enable-rpath, I expect Python bindings
to be able to find the library in a non-standard location, just like
LXC command-line tools.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Jesse Pretorius [Fri, 3 Jun 2016 15:33:25 +0000 (16:33 +0100)]
Move apt-transport-https to global packages_template
In many environments the preference is to configure containers with
apt mirrors that are SSL-secured.
When building containers using the download template this can't be
done unless an insecure mirror is first used to install the
apt-transport-https package, then the sources reconfigured to
use the https URL.
When building containers without using the download template this
can't be done unless the container creator specifically includes
this package in the package list at build time. It seems more
intuitive to me to have the package installed by default.
Commit 396f75abb3d319adc7d871b94b08bc6bb9c49585 added the package
to the minbase variant, but this variant is not used by the download
template build process. The build process instead specifies no
variant, so this patch moves the package from the packages_template
package list in the minbase variant to the global packages_template
package list, ensuring that this package is included in all Ubuntu
build images that use the lxc-ubuntu template.
Aleksandr Mezin [Mon, 30 May 2016 21:13:24 +0000 (03:13 +0600)]
python-lxc: use setuptools instead of distutils
setuptools is recommended by Python Packaging Guide
https://python-packaging-user-guide.readthedocs.io/en/latest/current/
It contains some useful extensions like 'develop' command. Also it
is required for building wheels AFAIK.
The only downside is an extra build-time dependency. setuptools are
packaged in both Debian and Ubuntu (python3-setuptools), as well as
other major distros, so it shouldn't be an issue, I think.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
Aleksandr Mezin [Sat, 28 May 2016 07:40:15 +0000 (13:40 +0600)]
python-lxc: change distribution name _lxc -> lxc
Distribution name starting with underscore is considered invalid by
many tools. For example, you can't list such name in
install_requires in your setup.py.
Signed-off-by: Aleksandr Mezin <mezin.alexander@gmail.com>
projects / mirror_lxc.git / log