Daniel Lezcano [Tue, 20 Jul 2010 11:45:44 +0000 (13:45 +0200)]
remove/restore effective capabilities
This patch adds the functions to drop the 'effective' capabilities and
restore them from the 'permitted' capabilities.
When the command is run as 'root' we do nothing.
When the command is run as 'lambda' user, we drop the effective capabilities
When the command is run as 'root' but real uid is not root, we keep the capabilies,
switch to real uid, and drop the effective capabilities.
This approach is compatible for root user, lambda + file capabilities
and lambda + setuid.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 13 Jul 2010 12:51:45 +0000 (14:51 +0200)]
lxc-init finishes the remaining processes with SIGKILL
If lxc-init receives a SIGALRM, a timeout, it kills all the processes
of the container with SIGKILL. That will prevent the container to be
stuck when one process ignore the SIGTERM signal.
Each time a process exits, the timeout is resetted.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 13 Jul 2010 12:51:45 +0000 (14:51 +0200)]
lxc-init kills all processes with SIGTERM
When lxc-init receives a SIGTERM, let's kill all the processes of
the pid namespace with kill -1. So the exit of the container will
happen gracefully with processes death cascade.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As pointed out by Dan Smith, when a container is being stopped, it must
also be unfrozen after posting the SIGKILL. Otherwise if the container
is frozen when the SIGKILL is posted, the SIGKILL will remain pending
and the lxc-stop command will block until lxc-unfreeze is explicitly
called).
(lxc-stop waits for the container to exit and close the socket but since
the container is frozen, lxc-stop will block).
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Acked-by: Matt Helsley <matthltc@us.ibm.com> Acked-by: Dan Smith <danms@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
A write to the freezer.state file does not gurantee that the state has
changed. To ensure that the freezer state is either FROZEN or THAWED,
read the freezer state and if it has not changed, repeat the write.
Changelog[v2]:
- Minor reorg of code
- Comments from Daniel Lezcano:
- lseek() before each read/write of freezer.state
- Have lxc_freeze_unfreeze() return -1 on error
Signed-off-by: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 6 Jul 2010 19:26:31 +0000 (21:26 +0200)]
close prctl window
If the pdeath signal is set after the synchro we have a window where
the parent exits with the pdeath signal not set.
In order to avoid that, we have to move the prctl before the synchro with
the parent so if the parent exits before we can set the pdeath signal, the
synchro will fail in any case and the container startup will be aborted.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This bug stalked me for a while, but only now it bit me quite
badly... (Lost about an hour of work...)
So the culprit: inside the fstab file for the `lxc.mount` option I
can use options like `ro` together with `bind`. Unfortunately the
kernel just laughs in my face and ignores any options I've put in
there... :) But not any more: I've updated `./src/lxc/conf.c`
(`mount_file_entries` function) so that when it encounters a `bind`
option it executes it twice (one without any extra options, and a
second time with the remount flag set.)
I've marginally (as in my particular case) tested it and it works.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Andrew Phillips [Mon, 14 Jun 2010 09:34:50 +0000 (11:34 +0200)]
support shutdown/reboot with upstart within a system container
Improve resiliency of utmp.c to removal of /var/run/utmp
Add shutdown timer as we transition to shutdown from running to check for the
number of tasks remaining. Improve container state handling. We can't rely on
the previous runlevel being maintained properly.
Signed-off-by: Andrew Phillips <Andrew.Phillips@lmax.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Ferenc Wagner [Fri, 11 Jun 2010 13:56:25 +0000 (15:56 +0200)]
change pivotdir default to mnt
The mnt directory has a good chance to already exist in the new root
filesystem, so creation and removal can be avoided. This also eases
use of read only root filesystems (no configuration necessary).
Signed-off-by: Ferenc Wagner <wferi@niif.hu> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 7 Jun 2010 11:25:30 +0000 (13:25 +0200)]
fix ipv6 acast / mcast restriction
Pointer comparison is buggy as they are never null.
For an ipv6 address configuration, we always zeroed the structure,
hence the bcast and acast structure are equal to in6addr_any.
Any change of this value means the user specified something different
in the configuration file, so we fail gracefully.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 7 Jun 2010 09:33:55 +0000 (11:33 +0200)]
move script templates to an adequate place
At present the lxc-{template} scripts are installed in the $bindir.
This is not the right place as specified by the FHS, so they go to
$libdir/lxc/templates.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Andrew Phillips [Mon, 7 Jun 2010 09:33:55 +0000 (11:33 +0200)]
Fix spec file
After I resynced to git head I noticed that this commit;
http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=d674be08d4b282bb4717c51440811e39d3c2431e
broke the rpm build.
This patch fixes this.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Andrew Phillips <Andrew.Phillips@lmax.com>
Daniel Lezcano [Tue, 1 Jun 2010 16:56:54 +0000 (18:56 +0200)]
fix busybox template
Fix various bug with the busybox template:
* add a warning when busybox is not statically linked
* delete the password for root (chpasswd is not available for all busybox)
* add the new pts option
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 1 Jun 2010 16:56:54 +0000 (18:56 +0200)]
Fix ubuntu template
- Fixed rootfs path.
- Removed network section, it should to be passed to the lxc-create
configuration option in order to concatenate the configuration files
- Generate en_US local instead of de_DE
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Tue, 1 Jun 2010 10:13:32 +0000 (12:13 +0200)]
fix compilation warnings
Fix the following warnings:
console.c: In function ‘console_handler’:
console.c:252: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
console.c:254: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_veth’:
conf.c:1130: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c:1135: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_macvlan’:
conf.c:1206: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
af_unix.c: In function ‘lxc_af_unix_send_fd’:
af_unix.c:124: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_recv_fd’:
af_unix.c:169: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_send_credential’:
af_unix.c:195: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_rcv_credential’:
af_unix.c:237: warning: dereferencing type-punned pointer will break strict-aliasing rules
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 27 May 2010 12:27:13 +0000 (14:27 +0200)]
move lxc-init to $libdir/lxc
As specified by FHS:
/usr/lib includes object files, libraries, and internal binaries that
are not intended to be executed directly by users or shell scripts.
Applications may use a single subdirectory under /usr/lib. If an
application uses a subdirectory, all architecture-dependent data
exclusively used by the application must be placed within that
subdirectory.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 27 May 2010 12:27:13 +0000 (14:27 +0200)]
change the rootfs mount location and add the README
Previous path was $libdir/lxc, changed to $libdir/lxc/rootfs.
Added a README file to be placed in this directory, describing
the purpose of this empty directory. Having a file to be installed
in this directory makes the Makefile to automatically create the
directory at install time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 19:43:53 +0000 (21:43 +0200)]
introduce a sync API
The following patch wrap the calls on the synchronisation
socketpair in a lxc_sync_ API. It hopefully clarifies what
is done in the start sequence to the expense of more lines
of code ...
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 14:54:48 +0000 (16:54 +0200)]
merge lxc_restart() and lxc_start()
now that we have specific operations and specific arguments for each
sequence, lxc_restart() and lxc_start() can easily be merged under
a common subroutine.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cedric Le Goater [Wed, 26 May 2010 14:54:48 +0000 (16:54 +0200)]
replace common start_arg by private start_arg
the following patch moves the start argument in private
structs which are opaque to lxc_spawn(). To achieve this goal,
we need to move the sv[2] socketpair and lxc_handler
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Denis Rizaev [Mon, 24 May 2010 13:06:36 +0000 (15:06 +0200)]
fix initial run level
I did a little investigation about runlevels and i think we can assume
runlevels 2-5 as normal. So, we can check if system was in runlevel 2-5
and proc count is 1 and now we are in 0/6.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Denis Rizaev <Denis.Rizaev@trueoffice.ru>