Serge E. Hallyn [Thu, 23 Jun 2011 22:42:24 +0000 (00:42 +0200)]
Add lxc-clone script
Create an lxc-clone script to clone containers. It should probably
be factored into helpers and then enhanced, in particular to convert
between LVM and non-LVM containers, create non-snapshot LVM clones,
support loopback devices, and, when stable enough, to use
overlayfs, btrfs, etc.
But this is a start.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 2 Jun 2011 07:50:38 +0000 (09:50 +0200)]
set close-on-exec flag on command socket
When we accept a connection, we have to set the close-on-exec flag,
otherwise that won't be possible to reboot a container through a
lxc-console command.
Reported-by: Katoh Yasufumi <karma@jazz.email.ne.jp> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Fri, 20 May 2011 09:37:16 +0000 (11:37 +0200)]
lxc: don't install setns.h
'setns.h' is not an lxc interface.
Also, a side effect of this declaration of 'setns.h' in the lxc header
files is to be distributed in the lxc tarball. This breaks the
lxc-attach command because the file is not automatically generated at
compile time.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 13 May 2011 20:29:34 +0000 (22:29 +0200)]
ignore non-lxc configuration line
We ignore the line of in the configuration file not beginning by "lxc."
So we can mix the configuration file with another information used for
another component through the lxc library.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 6 May 2011 23:33:33 +0000 (01:33 +0200)]
templates: don't put devpts in $confdir/container/fstab
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Serge E. Hallyn [Fri, 6 May 2011 23:33:33 +0000 (01:33 +0200)]
templates: don't put devpts in $confdir/container/fstab
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
I believe the lenny, fedora, and debian templates also will need an
update.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Greg Kurz [Wed, 6 Apr 2011 11:41:44 +0000 (13:41 +0200)]
lxc: default log appender on stderr
The default appender for logs is currently the file one: this
make macros from log.h unusable as long as lxc_log_init() hasn't
been called. This prevents errors from even being printed on
stderr in lxc_caps_init() for example.
Let's make stderr the default appender.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Tue, 15 Mar 2011 19:19:07 +0000 (20:19 +0100)]
lxc-* tools are vulnerable for arguments with spaces
this is related to the bug
http://sourceforge.net/tracker/?func=detail&aid=3113612&group_id=163076&atid=826303
that suggested to modify bash lxc script to properly use "$@" in place of "$*"
Signed-off-by: Michel Normand <michel.mno@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
lxc_cgroup_path_get currently cache the cgroup mount point plus the
container name at the same time, making every call of the function
returning the same value.
It mean that actually every call to lxc_cgroup_get with a different
container name will in fact use the same container name as used for
the primary call.
I join a patch to fix that, still doing some caching, but only caching
the cgroup moint point this time. This patch actually work for me, as
I am using the liblxc for retrieving statistics about all running
containers, using lxc_cgroup_get to retrieve every interesting values.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Jan Niehusmann [Sat, 26 Feb 2011 09:18:19 +0000 (10:18 +0100)]
Update file capa detection for kernels >=2.6.37
The comment containing the version number at the beginning of the kernel
config file changed its format with 2.6.37. This trivial patch makes the
grep less specific, so it triggers for both formats.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 27 Jan 2011 23:24:54 +0000 (00:24 +0100)]
Fix paths in the lxc-busybox template
Author of the patch : Jonathan Liu <???> posted as a bug fix on the lxc
sourceforge website.
OS: Arch Linux 32-bit
/etc/init.d/rcS do not use full path to syslogd, mount and udhcpc executables.
As busybox requires /proc mounted if CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
to run these commands without full path, the full path should be used in the
startup script as /proc is mounted later in the script.
It also fails to start the machine if /lib64 does not exist on the host system
as there is a mount entry for /lib64 in the config.
The attached patch changes commands in /etc/init.d/rcS to use full path and
adds a check for /lib64 on host before adding lib64 mount entries to config.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
# /dev/console - getty
#
# This service maintains a getty on /dev/console from the point the
# system is started until it is shut down again.
# It only runs in lxc containers.
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
Daniel Lezcano [Sun, 23 Jan 2011 20:47:12 +0000 (21:47 +0100)]
suppress udev log output
We use udev within these containers and we prevent the /dev files
to be created with the cgroup whitelist. So when the udevd receives
the event from the kernel, it will fail to create some nodes in /dev
and will spit error on the console.
We set the log level to zero, so udev will silently fail.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Serge Hallyn [Sat, 22 Jan 2011 20:59:40 +0000 (21:59 +0100)]
Update ubuntu templates
Rename 'ubuntu' template to 'lucid'
Add new maverick and natty templates, which do much less tweaking
of the environment. These should only be used on a kernel which
supports sysfs tagging for /sys/class/net, as udev will be running
in the container.
The natty template needed to slightly change the installed packages
for dhclient to be correclty installed.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Reto Gantenbein [Mon, 17 Jan 2011 23:45:17 +0000 (00:45 +0100)]
Adds correct file capa detection for >2.6.32 The kernel compile parameter was removed with kernel release 2.6.33 Since then file capabilities are enabled by default kernel commit: b3a222e52e4d4be77cc4520a57af1a4a0d8222d1
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 17 Jan 2011 09:18:50 +0000 (10:18 +0100)]
set veth host's side always up
We should always have the veth host's side up, otherwise if we omit
the up flag in the configurationn, letting the container to configure
its interface, the network will be never enabled as the host's side
is not up.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Joerg Gollnick [Sun, 16 Jan 2011 18:40:46 +0000 (19:40 +0100)]
Fix mntflags initialization
Dear all,
while setting up a container on x86_64 (archlinux host/guest) I had trouble
with mounting dev/pts and others from container.fstab and a ssh login does not
work (only ssh container bash -i gives you a shell)
The cause is that conf.c does not initialize mntflags.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 13 Jan 2011 15:25:14 +0000 (16:25 +0100)]
substitute the absolute rootfs mount path
Change the mount point in the rootfs because we mount the rootfs
in ROOTFSDIR for the pivot. We have to substitute the real mount
path to the new path located in ROOTFSDIR.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Sun, 9 Jan 2011 22:53:19 +0000 (23:53 +0100)]
fix the ns_cgroup vs clone_children
The following patch fixes the bug where the clone_children compatibility
flag is available with the ns_cgroup subsystem. The 2.6.37 kernel version
should be the only one which is concerned by this modification, please
refer to Documentation/feature-removal-schedule.txt and look for ns_cgroup.
The problem is coming from we check for clone_children and we set it
automatically and then we try to create a new cgroup. As the
ns_cgroup is present the cgroup already exists and we are not allowed
to attach our pid to a new cgroup. The next error will be when we try
to create a new container because we enabled the clone_children flag
and the ns_cgroup is present, it is not allowed by the kernel.
The patch fix this by checking the mount options.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 17 Dec 2010 10:43:37 +0000 (11:43 +0100)]
use clone_children cgroup's flag
If the ns_cgroup does not exist, we use the clone_children feature.
Everytime a cgroup is created, we set this compatibility flag and we create
the cgroup manually and add the child task to the cgroup.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michael Tokarev [Fri, 17 Dec 2010 10:43:36 +0000 (11:43 +0100)]
Make mount paths relative to rootfs
Why not chdir into the root of container right when
the root filesystem is (bind-)mounted, and let all
mount entries to be relative to the container root?
Even more, to warn if lxc.mount[.entry] contains
absolute path for the destination directory (or a
variation of this, absolute and does not start with
container root mount point)?
This way, all mounts will look much more sane, and
it will be much easier to move/clone containers -
by changing only lxc.rootfs.
I do it this way locally since the beginning, by
chdir'ing to the proper directory (rootfs) before
running lxc-start (in a startup script), but this
is now broken in 0.7.3 which bind-mounts rootfs
somewhere in /usr/lib/lxc.
Signed-off-by: Michael Tokarev<mjt@tls.msk.ru> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 26 Oct 2010 15:42:38 +0000 (17:42 +0200)]
fix multiple console for a container
Don't close the socket when we ask for a console, otherwise this will
make the console slot to be freed, so the next console will use the same
slot leading to an erratic behavior.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Daniel Lezcano [Tue, 26 Oct 2010 15:42:37 +0000 (17:42 +0200)]
don't play with the capabilities when we are root
We don't want to drop the capabilities when we are root because that
leads to some problems. For exemple, sudo lxc-start -n foo -o $(tty) fails with
"permission denied".
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Stefan Tomanek [Tue, 12 Oct 2010 08:52:47 +0000 (10:52 +0200)]
add lxc.network.script.up configuration hook
This commit adds an configuration option to specify a script to be
executed after creating and configuring the network used by the
container. The following arguments are passed to the script:
* container name
* config section name (net)
Additional arguments depend on the config section employing a
script hook; the following are used by the network system:
* execution context (up)
* network type (empty/veth/macvlan/phys)
Depending on the network type, other arguments may be passed:
veth/macvlan/phys:
* (host-sided) device name
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Sun, 3 Oct 2010 21:09:36 +0000 (23:09 +0200)]
add rootfs mount dir variable to pkg-config
In the case we use an image for rootfs, if we need to do extra mount
from the host to the rootfs, we have to specify the place where the
image is mounted. This value is configured by the user with the
lxc.rootfs.mount otherwise defaulting to @LXCROOTFSMOUNT@. Let's
export this variable to pkg-config, so the user can use it to build
a correct path to the rootfs.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Sun, 3 Oct 2010 21:09:36 +0000 (23:09 +0200)]
Don't display an error in lxc_file_for_each_line
Don't display an error when the callback returns an error different
from zero. A value greater than zero may means "stop". Let's the caller
to check the error.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 13 Sep 2010 13:36:20 +0000 (15:36 +0200)]
configure container architecture
When a container is installed with 32bits binaries while we are
running on a 64bits host, inside the container we are seen as
64bits arch. That leads to some problems for the package updates
because the scripts will download 64bits packages instead of 32bits.
This patch defines a configuration variable to set the architecture
of the container.
lxc.arch = i686 | x86 | x86_64 | amd64
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 23 Jul 2010 13:10:38 +0000 (15:10 +0200)]
Fix bad returned value
In case of error the message will be always truncated.
We check the message was truncated with the total size
received which means the kernel as more info to give.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>