Dwight Engen [Tue, 11 Dec 2012 22:05:11 +0000 (17:05 -0500)]
Fix race/corruption with multiple lxc-start, lxc-execute
If you start more than one lxc-start/lxc-execute with the same name at the
same time, or just do an lxc-start/lxc-execute with the name of a container
that is already running, lxc doesn't figure out that the container with this
name is already running until fairly late in the initialization process: ie
when __lxc_start() -> lxc_poll() -> lxc_command_mainloop_add() attempts to
create the same abstract socket name.
By this point a fair amount of initialization has been done that actually
messes up the running container. For example __lxc_start() -> lxc_spawn() ->
lxc_cgroup_create() -> lxc_one_cgroup_create() -> try_to_move_cgname() moves
the running container's cgroup to a name of deadXXXXXX.
The solution in this patch is to use the atomic existence of the abstract
socket name as the indicator that the container is already running. To do
so, I just refactored lxc_command_mainloop_add() into an lxc_command_init()
routine that attempts to bind the socket, and ensure this is called earlier
before much initialization has been done.
In testing, I verified that maincmd_fd was still open at the time of lxc_fini,
so the entire lifetime of the container's run should be covered. The only
explicit close of this fd was in the reboot case of lxcapi_start(), which is
now moved to lxc_fini(), which I think is more appropriate.
Even though it is not checked any more, set maincmd_fd to -1 instead of 0 to
indicate its not open since 0 could be a valid fd.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Tue, 11 Dec 2012 17:39:16 +0000 (12:39 -0500)]
Don't attempt to symlink kmsg without rootfs->path
For example doing "lxc-execute -n tmpct /bin/bash" will call setup_kmsg(), but
in this case rootfs->mount/dev directory doesn't even exist so the call to
symlink fails with ENOENT. Commit f62b3449 made this failure not fatal, but
we should not even try it when we know it will fail. See similar code in
setup_tty(), setup_console(), etc.
Stéphane Graber [Fri, 7 Dec 2012 20:47:11 +0000 (15:47 -0500)]
python: Add binding for {get|set}_cgroup_item
Updates the binding for the two new functions.
This also fixes some problems with the argument checking of
get_config_item that'd otherwise lead to a segfault.
The python binding for set_cgroup_item and get_cgroup_item are pretty
raw as lxc has little control over the cgroup entries.
That means that we don't try to interpret lists as we do for the config
entries.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 7 Dec 2012 00:41:15 +0000 (18:41 -0600)]
api: add set_cgroup_item and get_cgroup_item (to c api)
set_cgroup_item takes a pointer to a running container, a cgroup subsystem
name, and a char *value and it mimicks
'lxc-cgroup -n containername subsys value'
get_cgroup_item takes a pointer to a running container, a a cgroup
subsystem name, a destination value * and the length of the value being
sent in, and returns the length of what was read from the cgroup file.
If a 0 len is passed in, then the length of the file is returned. So
you can do
len = c->get_cgroup_item(c, "devices.list", NULL, 0);
v = malloc(len+1);
ret = c->get_cgroup_item(c, "devices.list", v, len);
to read the whole file.
This patch also disables the lxc-init part of the startone test, which
was failing because lxc-init has been moved due to multiarch issues.
The test is salvagable, but saving it was beyond this effort.
Stéphane Graber [Fri, 7 Dec 2012 15:41:10 +0000 (10:41 -0500)]
lxc-create: Allow for empty or unset template name
This restores an old behaviour where lxc-create can be called without
a template. In such case, only a minimal configuration is built and no
rootfs is created. However the various backingstore code is still used.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 21:47:19 +0000 (16:47 -0500)]
Update for consistent indent
This commit updates all scripts using mixed indent to a consistent
4 spaces indent.
In the past quite a few of those scripts used tabs to instead of 8 spaces or
instead of 4 spaces, sometimes mixing those in the same line and sometimes
changing the tab width within the same file.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 21:47:17 +0000 (16:47 -0500)]
Minor documentation updates
- Update COPYING to the current copy of the LPGL-2.1 license from
common-licences (only difference is some indentation).
- Remove mixed tabs/spaces in CONTRIBUTING
- Make INSTALL fit on 79 cols.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 22:07:01 +0000 (17:07 -0500)]
oracle template: fixes when using fedora host
Let oracle template work when host is fedora or oracle and the lsb_release
command is not present. Verify the arch given is valid. Don't add lxc.network
section again if already present.
Stéphane Graber [Tue, 4 Dec 2012 22:30:13 +0000 (17:30 -0500)]
python: Update to the device related functions
This commit does the following changes to the python API:
- Rename the add_device API call to add_device_node
- Adds an extra check that the container is running to add_device_node
- Introduces a new add_device_net function
And the following changes to the lxc-device tool:
- Change parser setup to better cope with variable number of arguments
- Add support for network devices (currently auto-detected)
- Support for different names on the host and in the container
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Dec 2012 21:17:09 +0000 (16:17 -0500)]
lxc-device: Show an error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Dec 2012 21:17:08 +0000 (16:17 -0500)]
lxc-ls: Show a simple error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 4 Dec 2012 18:00:26 +0000 (12:00 -0600)]
rename physical nics at shutdown
When a physical nic is being set up, store its ifindex and original name
in struct lxc_conf. At reboot, reset the original name.
We can't just go over the original network list in lxc_conf at shutdown
because that may be tweaked in the meantime through the C api. The
saved_nics list is only setup during lxc_spawn(), and restored and
freed after lxc_start.
Dwight Engen [Thu, 29 Nov 2012 21:24:47 +0000 (16:24 -0500)]
make install should create $LXCPATH directory
The $LXCPATH (default /var/lib/lxc) directory was not being created by
make install, so unless it gets created by some other means
(packaging tools), commands such as lxc-create will fail.
Stéphane Graber [Wed, 21 Nov 2012 22:38:27 +0000 (17:38 -0500)]
Rewrite lxc-ls in python
This rewrite is mostly compatible with the shell version.
--active and -1 still work and behave as they used to.
This adds --running, --stopped and --frozen as state filters.
A new "fancy" view is also implemented (can be used with --fancy) and
will show containers in a column-based interface with the following fields:
- name
- state
- ipv4
- ipv6
- pid of init
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Fri, 30 Nov 2012 16:49:25 +0000 (11:49 -0500)]
Create busybox commands as symlinks instead of hardlinks
I was getting a "Too many links" error when creating a busybox container on
a btrfs file system. This change has the template create the links as
symlinks instead. It also generates the list of commands to be symlinked from
busybox itself instead of a hardcoded list in the template.
Also set the root password to root, to match what other templates do.
Stéphane Graber [Mon, 3 Dec 2012 14:29:27 +0000 (09:29 -0500)]
lxc-create: Script cleanup
- Removes the mixed tabs/spaces, replacing by standard 4 spaces indent.
- Fix a bunch of bashisms.
- Use shell syntax for and/or in if statements instead of the "test" syntax.
- Improve block spacing a bit.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 30 Nov 2012 21:55:54 +0000 (16:55 -0500)]
lxc-create: Store template information in config
Change lxc-create to add the name of the template, checksum and any parameters
to the container's configuration.
This makes it easier to debug and figure out exactly how a container was built.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Thu, 29 Nov 2012 18:27:37 +0000 (13:27 -0500)]
Include lxc-ubuntu when doing make dist
Removing templates/lxc-ubuntu from configure.ac makes it so that it is
not included in the tarball that make dist builds (and therefore also
breaks the rpm build).
Serge Hallyn [Thu, 29 Nov 2012 16:46:46 +0000 (10:46 -0600)]
Description: run MAKEDEV console when doing lxc.autodev
mounted-dev.conf won't be running that in container's userspace as it
previously would have, so make sure that all the devices it would have
created (other than ones which lxc later finagles) get created.
To achieve this, we have to first mount /dev, then run MAKEDEV, then
run setup_autodev to populate the rest of /dev.
Dwight Engen [Wed, 28 Nov 2012 21:51:37 +0000 (16:51 -0500)]
Fix build with --enable-tests on Fedora
When using --enable-tests on Fedora, the linker complains with:
"undefined reference to symbol sem_getvalue", which nm shows to be in
libpthread not librt. Build tested on Fedora, Oracle Linux, and Ubuntu.
Stéphane Graber [Wed, 28 Nov 2012 23:29:56 +0000 (18:29 -0500)]
lxc-ubuntu: Guess a list of langpacks to install
In addition to creating the current locale in the container, also
try to scan the host and extra the list of langpacks installed there,
then pass that list to debootstrap as additional packages to install.
On distros that don't have dpkg, only language-pack-en will be installed.
The code will always ensure that language-pack-en is ALWAYS installed in the
target, similar to what Ubuntu does with its various media.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Thu, 29 Nov 2012 15:13:10 +0000 (10:13 -0500)]
Fix busybox template to not have extra aa_profile hunk
Both 69d66f1e and f02ce27d added the aa_profile = unconfined hunk, but only
the first was needed, maybe a merge error? The second one causes the
template to get an error on the EOF line. This essentially reverts f02ce27d.
Dwight Engen [Mon, 26 Nov 2012 20:28:14 +0000 (15:28 -0500)]
Make config api items const
This makes it easier to write a binding, and presents a cleaner API. Use
strdupa in a few places to get mutable strings for tokenizing / parsing.
Also change the argv type in lxcapi_start and lxcapi_create to match
that of execv(3).
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Mon, 26 Nov 2012 20:57:53 +0000 (15:57 -0500)]
Use autoconf LXCPATH instead of hardcoded LXCDIR
LXCDIR is only used in lxc_container_new, whereas LXCPATH is used throughout
the rest of lxc, and even in the same file as lxc_container_new (for example
create_container_dir()).
Dwight Engen [Mon, 26 Nov 2012 17:18:06 +0000 (12:18 -0500)]
Free allocated configuration memory
Most of these were found with valgrind by repeatedly doing lxc_container_new
followed by lxc_container_put. Also free memory when config items are
re-parsed, as happens when lxcapi_set_config_item() is called. Refactored
path type config items to use a common underlying routine.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Mon, 26 Nov 2012 17:17:58 +0000 (12:17 -0500)]
Fix use of list item memory after free
Valgrind showed use of ->next field after item has been free()ed.
Introduce a lxc_list_for_each_safe() which allows traversal of a list
when the body of the loop may remove the currently iterated item.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Mon, 26 Nov 2012 17:17:51 +0000 (12:17 -0500)]
Fix fd leak in lxc log
lxc_log_init will leak an fd when it is called by a long running
program that may call lxc_container_new multiple times. Fix by
only opening the log if it is not already open.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 1 Nov 2012 21:27:03 +0000 (22:27 +0100)]
Add lxc.autodev
Add a container config option to mount and populate /dev in a container.
We might want to add options to specify a max size for /dev other than
the default 100k, and to specify other devices to create. And maybe
someone can think of a better name than autodev.
Changelog: Don't error out if we couldn't mknod a /dev/ttyN.
Changelog: Describe the option in lxc.conf manpage.
Natanael Copa [Fri, 16 Nov 2012 16:01:55 +0000 (17:01 +0100)]
lxc-create: use posix shell instead of bash
- use '[ -x /path/prog ]' instead of 'type /path/prog'
- avoid getopt --longoptions
- add \ at after && and || when those are at end of line
- make sure condition expands to empty string if variable is empty
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Stéphane Graber [Mon, 12 Nov 2012 21:20:53 +0000 (16:20 -0500)]
lxc-ls: Don't exit 1 when no container or help
lxc-ls is currently exiting with return code 1 when called with --help
or when called on a system without containers.
This behaviour isn't documented in the manpage and isn't terribly intuitive.
It's been the source of quite a few weird failures in scripts running with
set -e.
As a user calling --help is a voluntary action, lxc-ls should exit 0.
Also, as lxc-ls's goal is solely to list containers, showing an error and
exiting with return code 1 when there's no container seems counter-intuitive
and error-prone.
Stéphane Graber [Mon, 12 Nov 2012 20:38:50 +0000 (15:38 -0500)]
Detect which name to use for docbook2x-man
docbook2x-man doesn't have the same name on Debian based systems as
on RedHat based systems, add some magic to configure.ac to detect and
substitute the proper name in Makefile.am
Peter Simons [Sat, 20 Oct 2012 09:47:22 +0000 (11:47 +0200)]
Update documentation to Docbook 4.5
The package 'docbook-tools' [1] required to format Docbook 3.0 into man pages
has been obsoleted a long time ago and can no longer be downloaded from its
former homepage. Recent versions of that package -- now called 'docbook2X' --,
cannot deal with that old markup format anymore (and don't support the '-w all'
command line switch either). To remedy these issues, all SGML files have been
updated to Docbook 4.5 so that recent versions of docbook2man can process them.
Stéphane Graber [Mon, 12 Nov 2012 19:39:43 +0000 (14:39 -0500)]
Fix check against LXCROOTFSMOUNT to use strcmp
The check for conf->rootfs.mount not being equal to LXCROOTFSMOUNT
wasn't done with strcmp which was leading to undefined behaviour
and triggered gcc warnings.
projects / mirror_lxc.git / log