This was added before we had bind mounts, instead we now
change ownership when creating disks by passing the
`root_owner` option to mkfs or activating+chown()ing the
paths for subvolumes.
The rationale here is simply that if the host can see all
the mounts, then any program on the host entering a new
mount namespace can keep the mountpoints active.
This can potentially lead to hard-to-track problems with
multiple mount protection or NFS storages not syncing to the
end when stop-migrating a container to another node.
This flag (like lxc.id_map entries) should only be set at
create-time in order to make sure the container's filesystem
has the correct ownerships and permissions.
For this reason modification is not allowed via the API.
An unprivileged containers defines lxc.id_map properties,
and includes $ostype.userns.conf in addition to
$ostype.common.conf in its lxc config.
when an id_map is configured for the container or the
unprivileged flag set (which implies the default userid
map), the file access wrappers (LXC::Setup::Plugin::ct_*
functions) will use the id_map to fixup ownership of created
files.
POSIX capabilities are stored as security.capability xattr.
The --xattrs option alone won't store anything outside the
usernamespace, so we have to specifically ask for this
capability to be included when calling tar.
Note that we deliberately don't store the entire security
namespace as labeling by xattr is common with some security
modules and possibly a planned apparmor feature, too, so
this way we avoid restoring arbitrary lables from dumps and
templates we might not want.
Since these flags are used in two separate files I moved
them to @$PVE::LXC::COMMON_TAR_FLAGS;
The --acls flag for tar (and -A flag for rsync) have also
been added.
Run df on /proc/$pid/root instead of attaching to the
container and running its contained 'df' binary, as this
could create freezed processes of the container is frozen.
Also, since the container PIDs are now used in both loops
they're precached beforehand.
Move ip_is_in_cidr checks on $d->{gw} into the
defined($d->{gw}) guarded if block to avoid warnings and
useless route files being created when using dhcp.
restore: delete config from container after restore
We don't need to leave /etc/vzdump/pct.conf or vps.conf in
the container's directory structure after using it, it only
causes the next backup to have the file twice in the
archive.
restore: make sure only the first pct.conf is extracted
When making a stop/snapshot mode backup of a container that
was already restored from a backup, its /etc/vzdump/pct.conf
file was replacing our newly created one in the archive. We
need to prevent the duplicate file from overwriting our new
one.
redhat: don't use aliases for dual stack networking
A static IPv6 as alias interface for ipv4 doesn't work (RH
has "secondaries" for that), DHCP on aliases doesn't work
either.
The only drawback of putting both in the same file is that
static addresses take longer to be configured if the DHCP
server is slow.
When only an ipv6 address was specified we still tried to
print an ipv4 address which warned and caused additional
newlines to be appended to the file on each start.
parse_ct_mountpoint and parse_lxc_mountpoint are now not usd
in schema verification anymore, so instead of returning
undef on error it can now die.
parse_ct_mountpoint now also gets a $noerr parameter as it
is used in foreach_mountpoint, and to be safe we'll just
skip invalid mountpoints there to avoid unexpected
inconsistent states.
Emmanuel Kasper [Wed, 14 Oct 2015 12:47:23 +0000 (14:47 +0200)]
Add new pct fsck command to check the mountpoints of a container
* the filesystem specific command will be called automatically by fsck
* the -a flag ensures that the filesystem can be fixed without any questions
* the -f flag forces a filesystem check even if the fs seems clean
(flags similar to what the fsck systemd unit uses)
projects / pve-container.git / log