]> git.proxmox.com Git - mirror_lxc.git/log
mirror_lxc.git
14 years agolxc: add --statefile opt to lxc-checkpoint/restart
Michel Normand [Fri, 2 Apr 2010 16:45:47 +0000 (18:45 +0200)]
lxc: add --statefile opt to lxc-checkpoint/restart

based on patch from: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com>

but also:
* remove the deprecated --directory one.
* change liblxc api of checkpoint/restart to use fd and not string.
* explicitely report error messages for the checkpoint/restart stub functions.

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix lxc-setcap script for lxc-attach
Daniel Lezcano [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
fix lxc-setcap script for lxc-attach

Fix type and missing capability.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agodo not use logfile in lxc_init (V2)
Michel Normand [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
do not use logfile in lxc_init (V2)

The log file in lxc-init is quite useless as the code is trivial.

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agotypo in error message
Michel Normand [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
typo in error message

Wrong variable.

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix lxc-attach returned error
Daniel Lezcano [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
fix lxc-attach returned error

When we try to attach to a container belonging to another user than us,
the command fails as expected but the return code is wrong, so we have
an "unknown error" instead of "permission denied".

The culprit is:

-                     strerror(command.answer.ret));
+                     strerror(-command.answer.ret));

The rest of the code is indentation without code impact.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
14 years agolxc: enter / exec a command inside a container V2
Daniel Lezcano [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
lxc: enter / exec a command inside a container V2

This patch allows to execute a command or enter inside the container:
  * lxc-attach -n <name> [command]

If the <command is not specified>, the lxc-attach will retrieve your uid
and get your shell name and exec it in the container.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoopen the console later
Daniel Lezcano [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
open the console later

Open the console at the setup time, otherwise the openeded
file descriptor will be considered as an inherited fd and the
startup will fail.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: forbid open fds upon startup
Cedric Le Goater [Mon, 22 Mar 2010 10:08:34 +0000 (11:08 +0100)]
lxc: forbid open fds upon startup

This patch modifies the startup of a container to forbid opened
fds, unless these are stdios.

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
14 years agofix kill -1 process
Daniel Lezcano [Fri, 26 Feb 2010 20:12:31 +0000 (21:12 +0100)]
fix kill -1 process

In the process of rollbacking, the handler->pid is not set
we must not kill it. Otherwsise, kill(-1, SIGKILL), ouch ! ...

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd console.h to dist file
Daniel Lezcano [Fri, 26 Feb 2010 20:12:31 +0000 (21:12 +0100)]
add console.h to dist file

Add the console.h file in order to compile the dist file.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix network devices cleanup on error
Daniel Lezcano [Thu, 25 Feb 2010 09:24:13 +0000 (10:24 +0100)]
fix network devices cleanup on error

Delete the network devices when an error occurs before they are moved
to the network namespace (network namespace destruction triggers the
network devices deletion). Otherwise they stay in the system.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix function prototype implementation
Daniel Lezcano [Thu, 25 Feb 2010 09:24:13 +0000 (10:24 +0100)]
fix function prototype implementation

Fix inconsistent function definition regarding the headers.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agodelete network devices by index
Daniel Lezcano [Thu, 25 Feb 2010 09:24:12 +0000 (10:24 +0100)]
delete network devices by index

Add a function to delete the network device by its index.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd missing cgroup include
Daniel Lezcano [Wed, 24 Feb 2010 15:24:55 +0000 (16:24 +0100)]
add missing cgroup include

Fix the warning:

start.c: In function ‘lxc_fini’:
start.c:250: warning: implicit declaration of function ‘lxc_unlink_nsgroup’
start.c: In function ‘lxc_spawn’:
start.c:380: warning: implicit declaration of function ‘lxc_rename_nsgroup’

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoAdd missing stat.h include to start.c
Silas Sewell [Wed, 24 Feb 2010 15:24:55 +0000 (16:24 +0100)]
Add missing stat.h include to start.c

The patch fixes a build error on the devel version of Fedora.

Signed-off-by: Silas Sewell <silas@sewell.ch>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse lazy umount when umount returns EBUSY
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
use lazy umount when umount returns EBUSY

When the umount fails, we force the umount and make the mount point
unaccessible by using a lazy umount.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix no rootfs no console
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
fix no rootfs no console

When there is no rootfs, don't create a console.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoset terminal settings when console is a tty
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
set terminal settings when console is a tty

As the console output can be a tty, we want to have the terminal to
be set as a specific manner to not echo and receive signals from the
keyboard.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoallocate a console to be proxied
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
allocate a console to be proxied

The actual behaviour of the console is messy as:
 * it relies on a heuristic (tty or not, rootfs or not, etc ...)
 * the container init stole the tty and we lose the control

The following patch:
 * allocates a tty
 * maps this tty to the container console
 * proxy the io from the console to the file specified in the configuration
 lxc.console=<file>

That allows to specify a file, a fifo, a $(tty), and can be extended with an
uri like file://mypath, net://1.2.3.4:1234, etc ...
That solves the problem with the heuristic and the container does no longer stole
our current tty.

Note by default, the console output will go to a blackhole if no configuration is
specified making the container showing nothing.

In order to access the console from the tty, use

 lxc-start -n foo -s lxc.console=$(tty)

I propose the make the container to daemonize by default now.

I tried the following:

 in a shell:
  touch /var/lib/lxc/foo/console
  tail --retry -f /var/lib/lxc/foo/console
 in another shell:
  lxc-start -n foo -s lxc.console=/var/lib/lxc/foo/console

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agorename network type enum
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
rename network type enum

Use a prefixed enum to avoid conflict later.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoFix header inclusion
Daniel Lezcano [Wed, 24 Feb 2010 09:57:43 +0000 (10:57 +0100)]
Fix header inclusion

No need to include the lxc_conf structure definition, a forward
declaration is enough.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse a mainloop for the console
Daniel Lezcano [Wed, 24 Feb 2010 09:57:42 +0000 (10:57 +0100)]
use a mainloop for the console

Use the mainloop to manage io of the console.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofactor-out-console code
Daniel Lezcano [Wed, 24 Feb 2010 09:57:42 +0000 (10:57 +0100)]
factor-out-console code

Factor out the console code and encapsulate the code in
functions.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix empty network namespace
Daniel Lezcano [Wed, 24 Feb 2010 09:57:42 +0000 (10:57 +0100)]
fix empty network namespace

When there is an empty network namespace, we must not move the
network device.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix compilation warning
Daniel Lezcano [Wed, 24 Feb 2010 09:57:42 +0000 (10:57 +0100)]
fix compilation warning

Add missing include

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix cpuset configuration with smp only
Daniel Lezcano [Wed, 24 Feb 2010 09:57:42 +0000 (10:57 +0100)]
fix cpuset configuration with smp only

Do not check CPUSET configuration when SMP is not enabled.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoversion 0.6.5
Daniel Lezcano [Fri, 22 Jan 2010 10:45:11 +0000 (11:45 +0100)]
version 0.6.5

Increment to 0.6.5 version.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agounmount failure is not fatal
Daniel Lezcano [Fri, 22 Jan 2010 10:29:10 +0000 (11:29 +0100)]
unmount failure is not fatal

There are several cases where the system can no longer access a mount
point or a mount point configuration makes the algorithm bogus.

For example, we mount something and then we chroot, the mount information
will give an unaccessible path and the container won't be able to start
because this mount point will be unaccessible. But if it's the case, then
we can just warn and continue running the container.

Another case is the path to a mount point is not accessible because there
is another mount point on top of it hiding the mount point. So the umount
will fail and the container won't start.

Easy to reproduce:

mkdir -p /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1

So can we just ignore the error when unmounting and continue to the list again
and again until it shrinks.

At the end, we just display the list of the unmounted points.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agocompilation warning in confile.c
Michel Normand [Thu, 21 Jan 2010 16:21:34 +0000 (17:21 +0100)]
compilation warning in confile.c

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoAdd some define to compile on rhel5u1
Michel Normand [Thu, 21 Jan 2010 16:21:33 +0000 (17:21 +0100)]
Add some define to compile on rhel5u1

the last patch commit 81810dd120291b78daf7c6833e6fcbca0289aad5
make lxc to not compile anymore on rhel5u1

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix tab vs space indentation
Daniel Lezcano [Thu, 21 Jan 2010 14:15:26 +0000 (15:15 +0100)]
fix tab vs space indentation

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agodrop capabilities
Daniel Lezcano [Thu, 21 Jan 2010 13:48:42 +0000 (14:48 +0100)]
drop capabilities

Hello everyone!

I've written a patch which adds a new config keyword
'lxc.cap.drop'. This keyword allows to specify capabilities which are
dropped before executing the container binary.

Example:

lxc.cap.drop = sys_chroot
lxc.cap.drop = mknod
lxc.cap.drop = sys_module

or specify in a single line:

lxc.cap.drop = sys_chroot mknod sys_module

Reworked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd extra line in the busybox script
Daniel Lezcano [Thu, 21 Jan 2010 13:45:00 +0000 (14:45 +0100)]
add extra line in the busybox script

A mindless change.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agotypo in restart and checkpoint
Michel Normand [Thu, 21 Jan 2010 13:34:08 +0000 (14:34 +0100)]
typo in restart and checkpoint

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc-create to run even if not in PATH
Michel Normand [Thu, 21 Jan 2010 13:34:08 +0000 (14:34 +0100)]
lxc-create to run even if not in PATH

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoavoid too long line in lxc-busybox.in
Michel Normand [Thu, 21 Jan 2010 13:34:08 +0000 (14:34 +0100)]
avoid too long line in lxc-busybox.in

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd --define to restart V2
Michel Normand [Thu, 21 Jan 2010 13:34:08 +0000 (14:34 +0100)]
add --define to restart V2

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: typo in scripts/lxc-debian.in
Michel Normand [Tue, 19 Jan 2010 17:45:10 +0000 (18:45 +0100)]
lxc: typo in scripts/lxc-debian.in

warning with git am, white before tab correction

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: remove useless check
Greg Kurz [Tue, 19 Jan 2010 17:45:13 +0000 (18:45 +0100)]
lxc: remove useless check

The handler argument to lxc_fini() is never null.

Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: fix double-close in lxc_[re]spawn() abort path
Greg Kurz [Tue, 19 Jan 2010 17:45:15 +0000 (18:45 +0100)]
lxc: fix double-close in lxc_[re]spawn() abort path

sv[0] has already been closed when reaching out_abort label.

Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: add capabilities for C/R
Michel Normand [Tue, 19 Jan 2010 17:45:16 +0000 (18:45 +0100)]
lxc: add capabilities for C/R

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoRemove useless lines
Clement Calmels [Tue, 19 Jan 2010 17:45:12 +0000 (18:45 +0100)]
Remove useless lines

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: some goto clarification
Greg Kurz [Tue, 19 Jan 2010 17:45:14 +0000 (18:45 +0100)]
lxc: some goto clarification

It makes sense to use goto when there's some rollback work to be done.
And it's nice for code clarity to add an explicit suffix to goto labels.

Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: typo white space src/lxc/network.c
Michel Normand [Tue, 19 Jan 2010 17:45:11 +0000 (18:45 +0100)]
lxc: typo white space src/lxc/network.c

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoAdded -e to lxc-console to change command character (defaults to '^a')
Taisuke Yamada [Mon, 18 Jan 2010 22:08:12 +0000 (23:08 +0100)]
Added -e to lxc-console to change command character (defaults to '^a')

I noticed lxc-console uses '^a' as command-mode prefix to
escape out of console session, so created a patch to make it
configurable. With this, you can do

  lxc-console -n foo -e ^t

and exit the session with 'Ctrl+t q'.

For emacs-binding addicts (like me), it's always nice to
let shell handle '^a' as 'beginning-of-line' command...

Signed-off-by: Taisuke Yamada <tai@rakugaki.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoremove warning in parse.c:80
Clement Calmels [Mon, 18 Jan 2010 22:08:12 +0000 (23:08 +0100)]
remove warning in parse.c:80

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse getline instead of fgets
Clement Calmels [Mon, 18 Jan 2010 22:08:12 +0000 (23:08 +0100)]
use getline instead of fgets

The getline function allocate the needed memory. Fix buffer can lead
to 'hard to find' bug. I don't test the pivot_root part but the other
parts are ok.

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofree struct dirent **namelist
Clement Calmels [Mon, 18 Jan 2010 22:08:12 +0000 (23:08 +0100)]
free struct dirent **namelist

Correct the way the struct dirent **namelist structure is freed.

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix compilation warning
Daniel Lezcano [Thu, 14 Jan 2010 06:43:18 +0000 (07:43 +0100)]
fix compilation warning

lxc_config_define_load should an int

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: add --define to start
Cedric Le Goater [Thu, 14 Jan 2010 06:43:18 +0000 (07:43 +0100)]
lxc: add --define to start

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd --define to restart
Cedric Le Goater [Thu, 14 Jan 2010 06:43:18 +0000 (07:43 +0100)]
add --define to restart

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd --define to execute
Cedric Le Goater [Thu, 14 Jan 2010 06:43:18 +0000 (07:43 +0100)]
add --define to execute

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd interface to assign configuration variable from the command line
Cedric Le Goater [Thu, 14 Jan 2010 06:43:17 +0000 (07:43 +0100)]
add interface to assign configuration variable from the command line

lxc_config_define_add() and lxc_config_define_load() define
the interface to load a list of KEY=VAL buffers in the configuration

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoremove unused variable
Daniel Lezcano [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
remove unused variable

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoexport lxc_config_readline()
Cedric Le Goater [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
export lxc_config_readline()

lxc_config_readline() will be used to parse configuration variable
assigned from the command line with --define

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoSimplify mainloop
Clement Calmels [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
Simplify mainloop

Just use a list instead of array for dynamically allocated stuff. It's
more appropriated.

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoDon't mess descr->ev
Clement Calmels [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
Don't mess descr->ev

A simple test program to show up the issue:

-8<---
#include <stdio.h>
#include <unistd.h>

#include "mainloop.h"

struct lxc_epoll_descr loop;

int cb1(int fd, void *data, struct lxc_epoll_descr *descr)
{
fprintf(stderr, "cb1\n");
        return 1;
}

int cb2(int fd, void *data, struct lxc_epoll_descr *descr)
{
fprintf(stderr, "cb2\n");
        return 1;
}

int main(int argc, char *argv[])
{
        int ret;
        int fds[2];

        ret = pipe(fds);
        if (ret) {
                perror("pipe:");
                return -1;
        }

        ret = lxc_mainloop_open(&loop);
        if (ret) {
                fprintf(stderr, "lxc_mainloop_open: %d\n", ret);
                return -1;
        }

        ret = lxc_mainloop_add_handler(&loop, fds[1], cb1, NULL);
        if (ret) {
                fprintf(stderr, "lxc_mainloop_add_handler(fds[1]): %d\n", ret);
                return -1;
        }

        ret = lxc_mainloop_add_handler(&loop, fds[0], cb2, NULL);
        if (ret) {
                fprintf(stderr, "lxc_mainloop_add_handler(fds[0]): %d\n", ret);
                return -1;
        }

        write(fds[1], &ret, sizeof(ret));

        ret = lxc_mainloop(&loop);
        if (ret) {
        fprintf(stderr, "lxc_mainloop: %d\n", ret);
return -1;
        }

        ret = lxc_mainloop_close(&loop);
        if (ret) {
                fprintf(stderr, "lxc_mainloop_close: %d\n", ret);
                return -1;
        }

        return 0;
}

Compile and run:
$ gcc test.c -o test -I ./src/lxc/ ./src/lxc/liblxc_so-mainloop.o && ./test
cb2

14 years agoIf epoll_ctl fails, the descr->ev array isinconsistent
Clement Calmels [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
If epoll_ctl fails, the descr->ev array isinconsistent

Let's take an example:

fd = open(..) /* fd = 3 for example */

lxc_mainloop_add_handler(descr, fd, cb1, data1) fails.

the program take care of the error, it closes the fd

Later, reopen a fd (get 3 for again)

lxc_mainloop_add_handler(desc, fd, cb2, data2) is ok.

When something happen on fd, cb1 with data1 will be called instead of
cb2 with data2, because descr->ev contains 2 entries for fd == 3.

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix lxc_mainloop_del_handler
Clement Calmels [Wed, 13 Jan 2010 17:51:16 +0000 (18:51 +0100)]
fix lxc_mainloop_del_handler

Fix bad index.

Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse different log categories in commands
Cedric Le Goater [Wed, 13 Jan 2010 17:51:15 +0000 (18:51 +0100)]
use different log categories in commands

lxc_<cmd>.c and <cmd>.c files use the same log category : lxc_<cmd>.
The symbol is multiply defined and linking statically lxc commands is
not possible.

The patch introduces new log categories with a '_ui' suffix to
differentiate the command line interface from the library routine.

Reported-by: Ciprian Dorin, Craciun <ciprian.craciun@gmail.com>
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix lxc_file_cb prototype
Cedric Le Goater [Wed, 13 Jan 2010 17:51:15 +0000 (18:51 +0100)]
fix lxc_file_cb prototype

Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix bad docbook syntax in lxc-create.sgml.in
Daniel Lezcano [Fri, 8 Jan 2010 14:19:20 +0000 (15:19 +0100)]
fix bad docbook syntax in lxc-create.sgml.in

Removed extra </command>.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix misleading error message in lxc_create
Michael Holzt [Fri, 8 Jan 2010 14:19:20 +0000 (15:19 +0100)]
fix misleading error message in lxc_create

When the configuration path does not exist, lxc_create misleadingly
tells that it was not set.

Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoUpdate .gitignore
Michael Holzt [Fri, 8 Jan 2010 14:19:20 +0000 (15:19 +0100)]
Update .gitignore

lxc.pc and scripts/lxc-busybox are missing from .gitignore

Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoRename doc/examples/lxc-complex-config.in to lxc-complex.conf.in
Michael Holzt [Fri, 8 Jan 2010 14:19:20 +0000 (15:19 +0100)]
Rename doc/examples/lxc-complex-config.in to lxc-complex.conf.in

Rename doc/examples/lxc-complex-config.in to lxc-complex.conf.in as all other
examples in this directory have a .conf ending as well.

Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoRemove dead code
Daniel Lezcano [Fri, 8 Jan 2010 14:19:19 +0000 (15:19 +0100)]
Remove dead code

Remove dead code.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse pivot_root instead of chroot
Michael Holtz [Fri, 8 Jan 2010 13:34:13 +0000 (14:34 +0100)]
use pivot_root instead of chroot

lxc currently does a chroot into the target rootfs. chroot is insecure and
can easily be broken, as demonstrated here:

| root@synergy:~# touch /this_is_the_realrootfs_ouch
| # touch /container/webhost/this_is_the_container
| # lxc-start -n webhost /bin/sh
| # ls this*
| this_is_the_container
| # ./breakchroot
| # ls this*
| this_is_the_realrootfs_ouch

code to break chroot taken from
http://www.bpfh.net/simes/computing/chroot-break.html

Now this can be fixed. As our container has his own mount namespace, we can
easily pivot_root into the rootfs and then unmount all old mounts. The patch
attached add a new config keyword which contains the path to a temporary
mount for the old rootfs (inside the container). This stops the chroot break
method shown before.

Example:

| root@synergy:~# grep pivotdir /var/lib/lxc/webhost/config
| lxc.pivotdir = /oldrootfs
| root@synergy:~# ls -lad /container/webhost/oldrootfs
| drwxr-xr-x 2 root root 4096 2010-01-02 03:59 /container/webhost/oldrootfs
| root@synergy:~# lxc-start -n webhost /bin/sh
| # mount -t proc proc /proc
| # cat /proc/mounts
| rootfs / rootfs rw 0 0
| /dev/root / ext3 rw,relatime,errors=remount-ro,data=writeback 0 0
| devpts /dev/console devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
| proc /proc proc rw,relatime 0 0
| # ls this*
| this_is_the_container
| # ./breakchroot
| # ls this*
| this_is_the_container

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holtz <lxc@my.fqdn.org>
14 years agolxc: avoid memory corruption on ppc and s390 V4
Michel Normand [Fri, 8 Jan 2010 13:34:13 +0000 (14:34 +0100)]
lxc: avoid memory corruption on ppc and s390 V4

conf object is on stack and is used in forked process.

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc_cgroup_set not reporting error
Michel Normand [Fri, 8 Jan 2010 13:34:13 +0000 (14:34 +0100)]
lxc_cgroup_set not reporting error

this is a side effect of previous patch I made
on this same function in commit
a6ddef6149858df87cf7ab3c21e2fd34d14cc452

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc: update man and help of lxc-create
Michel Normand [Fri, 8 Jan 2010 13:34:13 +0000 (14:34 +0100)]
lxc: update man and help of lxc-create

few added lines to document the new lxc-create -t option

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix manpage typo
Paul Fee [Tue, 5 Jan 2010 12:11:27 +0000 (13:11 +0100)]
fix manpage typo

Fix and clarify some parts of the lxc.conf man page.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd macvlan vepa and bridge mode
Daniel Lezcano [Mon, 28 Dec 2009 21:10:11 +0000 (22:10 +0100)]
add macvlan vepa and bridge mode

The future kernel 2.6.33 will incorporate the macvlan bridge
mode where all the macvlan will be able to communicate if they are
using the same physical interface. This is an interesting feature
to have containers to communicate together. If we are outside of the
container, we have to setup a macvlan on the same physical interface than
the containers and use it to communicate with them.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agobusybox template
Daniel Lezcano [Sun, 27 Dec 2009 21:36:09 +0000 (22:36 +0100)]
busybox template

This script builds a busybox rootfs and provides the associated
configuration to run the busybox.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadapt lxc-sshd to be a template
Daniel Lezcano [Sun, 27 Dec 2009 21:36:09 +0000 (22:36 +0100)]
adapt lxc-sshd to be a template

Cleanup the script, simplify it and pass the arguments to this
script to be callable by lxc-create template logic.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoadd template option for lxc-create
Daniel Lezcano [Sun, 27 Dec 2009 21:36:09 +0000 (22:36 +0100)]
add template option for lxc-create

The lxc-create command is now able to call a sub script to install
a mini template.
Right now, debian is supported.

The rootfs is stored automatically in <lxcpath>/<name>/rootfs
So the rootfs is a subdirectory of the container configuration directory.

When lxc-destroy is called, the rootfs is deleted with the container
configuration.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agocleanup lxc-debian script
Daniel Lezcano [Sun, 27 Dec 2009 21:36:09 +0000 (22:36 +0100)]
cleanup lxc-debian script

The lxc-debian is epurated and consolidated with a better
error handling.

This script is no longer interactive but it installs in a specified
place the debian rootfs.

This script is not supposed to be called directly so it will fall in
libexec path very soon. This script is called by lxc-create
as a template with the right option and the right place.

The debian network configuration is by dhcp.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix mount entry typo
Daniel Lezcano [Fri, 18 Dec 2009 13:19:59 +0000 (14:19 +0100)]
fix mount entry typo

Added missing carriage-return when adding a new entry.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoIntroduce per netdev priv structure
Jamal Hadi Salim [Tue, 15 Dec 2009 09:14:27 +0000 (10:14 +0100)]
Introduce per netdev priv structure

Some devices like veth or vlans have a bit of extra details that
are specific to them. Example veth.pair and vlan.vlanid.
Separate them from the common so we can update cleanly in the future.

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoAdd VLAN support in config
Jamal Hadi Salim [Tue, 15 Dec 2009 09:14:27 +0000 (10:14 +0100)]
Add VLAN support in config

This adds ability to migrate vlan interfaces into namespaces
by specifying them in a config

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoAdd utility u16 get/put
Jamal Hadi Salim [Tue, 15 Dec 2009 09:14:26 +0000 (10:14 +0100)]
Add utility u16 get/put

Add utility functions to parse a u16 and put a u16 on a
netlink message

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix a compilation warning
Daniel Lezcano [Thu, 26 Nov 2009 15:46:25 +0000 (16:46 +0100)]
fix a compilation warning

lxc_get_cgroup_path is used in the file but the header
defining the function is missing.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years ago"Default" configuration may destroy host system
Andrian Nord [Thu, 26 Nov 2009 15:46:25 +0000 (16:46 +0100)]
"Default" configuration may destroy host system

If you're running (by mistake or typo) (via lxc-start) container that does not
exists it will run with lxc.rootfs=/, meaning that /sbin/init will
restart initialization procedure, efficiently messing host's system,
that may lead to unpredictable results or even destroy (make inaccessible) host
system (by reseting network configuration or something like that).

(Actually, it _did_ destroy system of everyone who tested this).

Actually, I finally lost any meaning of having such a feature for
full-system containers. You may not use hosts's FS - it's described at
above. You may not use some temporary directory - that's nonsense.

This patch forbinds starting container via lxc-start without rcfile and
custom start program, but probably it fixes only small part of problem.
I really don't see much sense in such a feature without ability of
overriding 'default' setting with command line switches. Anyway, default
behaviour should be as save as possible.

Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agopass lxc_conf to the lxc_start function instead of the rcfile
Daniel Lezcano [Thu, 26 Nov 2009 15:46:24 +0000 (16:46 +0100)]
pass lxc_conf to the lxc_start function instead of the rcfile

The rcfile is parsed in the lxc_start function. This is not the place
to do that. Let's the caller to do that.

In the meantime, we have the lxc_conf structure filled right before
calling the lxc_start function so we can do some sanity check on the
configuration to not break the system when we launch the container.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoRemove unnecessary reset of msg.msg_controlle
Jamal Hadi Salim [Thu, 26 Nov 2009 15:46:24 +0000 (16:46 +0100)]
Remove unnecessary reset of msg.msg_controlle

Remove unnecessary reset of msg.msg_controllen

Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agouse correct number of ttys during setup
Sven Wegener [Thu, 26 Nov 2009 15:46:23 +0000 (16:46 +0100)]
use correct number of ttys during setup

commit 985d15b106c8959ff130ba5425c2abbe36dc2cca "fix fdleak and errors
in lxc_create_tty()" created a zero-sized malloc(), causing memory
corruption. use config->tty like all the other code does.

Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agominor cleanups for instanciate_veth()
Michael Tokarev [Thu, 26 Nov 2009 15:46:23 +0000 (16:46 +0100)]
minor cleanups for instanciate_veth()

the same cleanup as in instanciate_macvlan(). Just makes code
shorter and less "jumpy" (as with goto back)

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoallow lxc.network.pair to specify host-side name for veth interface
Michael Tokarev [Thu, 26 Nov 2009 15:46:23 +0000 (16:46 +0100)]
allow lxc.network.pair to specify host-side name for veth interface

Currently we allocate veth device with random name on host side,
so that things like firewall rules or accounting does not work
at all.  Fix this by recognizing yet anothe keyword to specify
the host-side device name: lxc.network.pair, and use it instead
of random name if specified.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc-ps to limit its search to containers
Michel Normand [Thu, 26 Nov 2009 15:46:22 +0000 (16:46 +0100)]
lxc-ps to limit its search to containers

The purpose of this patch is to limit the search
of pids to those in containers by looking at first
in the /cgroup/<name>/tasks  when --lxc or --names options
are specified by user.
The idea is to speedup the output when only few
container names are specified while the machine
is running with many processes.

Signed-off-by: Michel Normand <michel.mno@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc-ls to report also active containers
Michel Normand [Thu, 26 Nov 2009 15:46:22 +0000 (16:46 +0100)]
lxc-ls to report also active containers

With previous changes that allow to start a container
without the need to create it; the lxc-ls was only reporting
the created containers.
With this patch, the lxc-ls is now reporting created and active
containers.

Signed-off-by: Michel Normand <michel.mno@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc-ps typo in man lxc
Michel Normand [Tue, 24 Nov 2009 08:47:27 +0000 (09:47 +0100)]
lxc-ps typo in man lxc

Fix bad name parameter in the lxc-ps man page.

Signed-off-by: Michel Normand <michel.mno@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agolxc-info to report the FROZEN state
Michel Normand [Tue, 24 Nov 2009 08:47:27 +0000 (09:47 +0100)]
lxc-info to report the FROZEN state

this state is reported when the lxc-freeze command
was issued on the container.

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix fdleak and errors in lxc_create_tty()
Michael Tokarev [Tue, 24 Nov 2009 08:47:27 +0000 (09:47 +0100)]
fix fdleak and errors in lxc_create_tty()

if, for some reason, openpty() fails, lxc_create_tty() will
leak all previous ptys and leave the config structure in a
inconsistent state (wrt the number of ptys actually opened)
Fix that by explicitly closing all previously opened ptys
in case of failure and by setting number of actually opened
ttys after actual open

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoversion 0.6.4
Daniel Lezcano [Fri, 20 Nov 2009 14:01:32 +0000 (15:01 +0100)]
version 0.6.4

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agofix rpm generation regarding latest modifications
Daniel Lezcano [Fri, 20 Nov 2009 14:01:31 +0000 (15:01 +0100)]
fix rpm generation regarding latest modifications

The configuration examples have been moved to doc/lxc/examples.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agocheck if lxc.netdev.link is set for macvlan
Michael Tokarev [Fri, 20 Nov 2009 14:01:31 +0000 (15:01 +0100)]
check if lxc.netdev.link is set for macvlan

Ensure that lxc.netdev.link is specified for macvlan interfaces,
since it's required.

While at it, simplify logic in instanciate_macvlan():
remove unnecessary-complicating goto statements (we only
need to perform a cleanup in one place)

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoallow link-less veth devices
Michael Tokarev [Fri, 20 Nov 2009 14:01:31 +0000 (15:01 +0100)]
allow link-less veth devices

Before, a veth device pair required a link which was treated as
a bridge device.  Code crashed if there was no lxc.network.link
specified.  Fix that by allowing lxc.network.link to be unset

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agorollback configuration is a file
Daniel Lezcano [Fri, 20 Nov 2009 14:01:30 +0000 (15:01 +0100)]
rollback configuration is a file

The container will be a directory where the user can store everything,
so we create one directory and store a configuration file inside.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoDo not chdir when daemonize
Daniel Lezcano [Fri, 20 Nov 2009 14:01:30 +0000 (15:01 +0100)]
Do not chdir when daemonize

With the previous modifications, a temporary directory is created
to mount the rootfs in order to have the system container to remount
itself the '/' directory.

But in case of daemonize, we change the directory, so when the rootfs
is specified with a relative path, we can not access it.

Don't chdir, as that will be done automatically later in the chroot
setup.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agoupdate the man pages
Daniel Lezcano [Fri, 20 Nov 2009 14:01:30 +0000 (15:01 +0100)]
update the man pages

Update the man pages regarding the different modifications.

Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
14 years agochange C/R api
Michel Normand [Thu, 19 Nov 2009 14:06:02 +0000 (15:06 +0100)]
change C/R api

Change Checkpoint / Restart API

Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>