Michel Normand [Mon, 20 Apr 2009 20:10:59 +0000 (22:10 +0200)]
make the libtoolize files to be copy not
This is required to be able to make the build
on a machine that mount lxc source but not all
machine filesystem.
. Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds support for various mount options. It is also able to pass extra
mount option data to mount(2). For example, it allows users to mount aufs file
system at lxc_start time.
See the thread
http://sourceforge.net/mailarchive/forum.php?thread_name=E6D98D6C-F633-419A-9424-F24EBB3E11D9%40aist.go.jp&forum_name=lxc-devel
for details.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 31 Mar 2009 11:55:44 +0000 (13:55 +0200)]
speed container creation/destruction
As the state of the container is monitored with the netlink,
the file state is no longer used to watch the state changes.
The previous hack, which adds a tempo of 200ms, is removed and
that makes the container being created, started, stopped, destroyed
faster, we gain 1 second in a container lifecycle. One second is
too much if we launch thousand of containers, one by one like for
example in a tests suite.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Guido Trotter [Mon, 30 Mar 2009 09:12:13 +0000 (10:12 +0100)]
$(localstatedir) != $(prefix)/var
The current code assumes that localstatedir is equal to $(prefix)/var,
thus failing for example on debian, where prefix is /usr and
localstatedir is /var. This patch fixes this by expanding LXCPATH just
once in configure.ac to $(localstatedir)/lib/lxc and expanding that
variable everywhere else.
install-exec-local is changed to just do one mkdir -p, and taking into
account of the DESTDIR variable, user for example for packaging.
Changing the permission of LXCPATH is done in lxc-setcap
Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
I found a problem of the MTU size of br0. In the current code,
device_set_mtu() is
called after bridge_attach(), so the MTU size of br0 is set to the
default MTU size
of veth0 (i.e., 1500 bytes).
This causes performance degradation as I reported.
We need to modify to call device_set_mtu() before bridge_attach()"
Now that we have the network functions accessible, do not longer
use the lxc_configure_veth, lxc_configure_macvlan and split
the configuration of the veth in order to create it, configure it
and finally attach it to the bridge.
Daniel Lezcano [Thu, 26 Mar 2009 10:32:22 +0000 (11:32 +0100)]
change the api to export the network functions
The network functions are too encapsulated and do not allow
flexibility. Export all these api and prepare the changes for the
next patch to set the mtu.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Daniel Lezcano [Tue, 24 Mar 2009 12:56:37 +0000 (13:56 +0100)]
Use a specific script to set the capabilities
Instead of having the capabilities to be set automatically,
it will be up to the user to set them through a specific
script 'lxc-setcap'.
After installing the lxc tools, if we want them to be available,
for a non-root user, lxc-setcap will set the needed capabilities.
If, after thinking it, we want to remove the capabilities,
the 'lxc-setcap -d' will do this for us.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Acked-by: Guido Trotter <ultrotter@google.com>
Daniel Lezcano [Sun, 22 Mar 2009 21:52:17 +0000 (22:52 +0100)]
set mtu for netdev
When setting the mtu size at the veth creation, the mtu is only set
on one side of the veth tunnel, the one attached to the bridge.
I changed a little the code and added the device_set_mtu function so
it is called after the veth has been created on both side.
That moves the mtu veth specific code inside the veth function creation.
Hopefully this code could be reused later for different future network
configuration (eg. ip tunnel).
The mtu option will be simply ignored in case of macvlan network configuration
because the macvlan network device inherit the mtu of the physical link.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Guido Trotter [Wed, 18 Mar 2009 17:53:32 +0000 (17:53 +0000)]
lxc-checkconfig: Allow to override grep and config
It might be handy for the user to specify a different kernel config file
to check, perhaps the one of a kernel he's about to build. To allow that
we only set the CONFIG variable if it's not present in the environment
before. Also, if CONFIG is not found and we resort to a different file,
we say it explicitely, to avoid typos on the user's part resulting in
silently checking a different config than the one the user wanted.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Guido Trotter [Wed, 18 Mar 2009 17:53:31 +0000 (17:53 +0000)]
lxc-checkconfig: look in one more place
The current version of lxc-checkconfig falls back to searching in
/lib/modules/$KVER/build/.config if it doesn't find the config. In some
systems, though, the config will be installed in /boot/config-$KVER, so
we'll look there as well.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Guido Trotter [Wed, 18 Mar 2009 17:27:27 +0000 (17:27 +0000)]
Install lxc-init in libexec dir
Since lxc-init is a helper program, which doesn't have an usage output
and is only going to be called only internally by lxc-execute, we'll
move it to the libexec dir.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Wed, 11 Mar 2009 09:20:05 +0000 (10:20 +0100)]
Use the rbind mount for the rootfs
The actual behavior is to mount bind the rootfs to a specific location and
chroot to it. If someone did previously some bind mount in the rootfs they
will be lost in the container.
This fix makes the rootfs to have the submounts in the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If sys/signalfd.h does not exist, assume that it does not exist
in glibc, rather than that it exists without a corresponding
header file. Note that this version of the signalfd() wrapper
function (unlike the version in glibc) falls back dynamically to
the old signalfd system call if the signalfd4 system call is not
implemented in the currently-running kernel; the version in glibc
chooses the version of the signalfd system call to make via static
build-time configuration.
Signed-off-by: Michael K Johnson <johnsonm@rpath.com> Signed-off-by: Daniel Lezcnao <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: Add username and uid lookup/check.
Add the ability to lookup usernames and check uids. Bails out early if the given
uid/name does not exist and avoids using atoi() (which is bad because we can't
tell if it parsed an int or a pumpkin).
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: Handle missing PR_CAPBSET_DROP definition
On distros with older headers liblxc fails to build because PR_CAPBSET_DROP is
not defined by including /usr/include/sys/prctl.h. This adds an autoconf
test and, if not present, defines it. When prctl() is called on systems that
do not support PR_CAPBSET_DROP we should expect EINVAL. This case is already
handled by the liblxc code so no further changes are needed.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: create a fedore template container
On Mon, 2009-02-09 at 15:43 -0800, Dan Smith wrote:
> DL> It may be possible to use yum like debootstrap for an minbase
> DL> fedora install.
>
> Yep, something like the following should work:
>
> root=/path/to/tmproot
> mkdir -p $root/var/lib/rpm
> rpm --root $root --initdb
> rpm --root $root -Uvfh --nodeps http://fedora.osuosl.org/linux/releases/10/Fedora/i386/os/Packages/fedora-release-10-1.noarch.rpm
> yum --installroot=$root -y groupinstall Base
Looks familiar! ;) I was intrigued by this idea last weekend so I
started such a script. However I only tested it as far as creating a
semi-correct rootfs. With the exception of network configs most of the
configs are still written as for debian. For example I know the selinux
policy enforcement settings need to move, the inittab needs to be
replaced by the proper upstart configs, etc.
Of course it's based heavily on Daniel's excellent lxc-debian script.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 12 Feb 2009 14:47:10 +0000 (14:47 +0000)]
build a set of flags for the different enabled subsystems
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When we want to check if a subsystem is enabled, we look at the
presence of a file/directory in the configuration tree files. That
works until we chroot into the rootfs. Some subsystem should be
preferably setup after the chrootfs, making the code simpler and
easier to read. So before setup the different subsystem, I build a
flags set and reuse it later to check if the subsystem is enabled or
not.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 5 Feb 2009 12:03:47 +0000 (12:03 +0000)]
handle interruption/failure of lxc-debian more gracefully
From: Matt Helsley <matthltc@us.ibm.com>
If lxc-debian fails or is interrupted during debootstrap then the next
invocation of lxc-debian breaks because it only checks for the existence
of the directory. This forces the user to remove the cache by hand to
retry the create step.
Let's allow the user to re-run lxc-debian to resume/retry. Store the
cache in a partial-$ARCH directory until debootstrap succeeds. Then move
the valid cache to its final destination.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 2 Feb 2009 14:50:00 +0000 (14:50 +0000)]
Add signalfd function definition
From: Dietmar Maurer <dietmar@proxmox.com>
The signalfd function prototype and the signalfd header file is not
defined in the debian Lenny. We want to use this debian version with a
newer kernel.
This patch gives the signalfd function prototype, because the function is
available in the glibc-2.7 which is the version coming with debian Lenny.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 29 Jan 2009 10:50:28 +0000 (10:50 +0000)]
Complete use of autoconf prefix in lxc-debian
From: Matt Helsley <matthltc@us.ibm.com>
The lxc-debian script does not consistently address the lxc lock as
@LOCALSTATEDIR@/lock/subsys/lxc. Make consistent use of the autotools
substitution to completely enable configure --prefixes.
I also added a comment explaining why some of the paths didn't need
autoconf substitutions for anyone who wants to understand the script.
Also, to separate it from the container contents proper, I moved the
CACHE variable initialization above the container-internal path
variables.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 26 Jan 2009 19:43:46 +0000 (19:43 +0000)]
Fixed bad variable type
From: Daniel Lezcano <daniel.lezcano@free.fr>
Fixed the type of the opt variable. On the powerpc architecture, that leads
to an infinite loop in the getopt inspection because getopt returns 255
instead of -1 as expected. The opt variable should be an int and not a char.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Sun, 25 Jan 2009 23:29:24 +0000 (23:29 +0000)]
Check the kernel feature
From: Daniel Lezcano <daniel.lezcano@free.fr>
The virtual devices are automatically destroyed when the network namespace
dies for the kernel version >= 2.6.29. Until this version the network devices
have to be destroyed by lxc. This modification checks the version of the
kernel to make lxc to destroy the network devices or not.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 5 Jan 2009 19:19:46 +0000 (19:19 +0000)]
Create the localstatedir when installing the commands
From: Daniel Lezcano <dlezcano@fr.ibm.com>
For some distros (eg. opensuse), when installing with "make install", the
localstatedir is not created. This modification makes this directory to be
created at the install time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 5 Jan 2009 18:36:23 +0000 (18:36 +0000)]
Add freezer compatibility for older interface
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Different interface exists for the freezer, "RUNNING" or "THAWED" should
be written to the freezer file, so in case "THAWED", we fall back to
"RUNNING". That allows to support older freezer kernel interface for 2.6.27.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
projects / mirror_lxc.git / log