Stéphane Graber [Fri, 4 Jan 2013 18:56:13 +0000 (13:56 -0500)]
Don't call setup_mount_entries if the list is empty
There's no good reason to call setup_mount_entries if we don't have any
lxc.mount.entry. This also avoids an issue on bionic where the tmpfile()
call in setup_mount_entries requires the presence of /tmp which isn't the
case by default.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 16:51:52 +0000 (11:51 -0500)]
lxc_unshare: Replace getpw*_r by getpw*
Bionic and maybe some other libc implementations lack the _r nss functions.
This replaces our current getpwnam_r and getpwuid_r calls by getpwnam and
getpwuid.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 17:24:18 +0000 (12:24 -0500)]
caps.h: Rename __errno to ___errno
At least bionic defines __errno, so this was causing a conflict in caps.h
leading to build failure. Renaming to ___errno avoids that conflicting
definition.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 17:24:16 +0000 (12:24 -0500)]
Add a bionic_alphasort function on bionic
alphasort doesn't have the right signature on bionic which causes the build to
fail. This implements a new bionic_alphasort function when building on bionic
providing the right signature and a functional equivalent of glibc's alphasort.
This signature problem with alphasort was fixed in upstream bionic but hasn't
been released yet. This commit can therefore be reverted as soon as the
following commit hits the Android NDK: 40e467ec668b59be25491bd44bf348a884d6a68d
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 17:24:14 +0000 (12:24 -0500)]
Workaround missing functions in other libc
Some libc implementation (bionic) is lacking some of the syscall functions
that are present in the glibc.
For those, detect at build time the they are missing and implement a minimal
syscall() wrapper that will essentially give the same result as the glibc
function.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 17:24:13 +0000 (12:24 -0500)]
personality.h: Make the personality code optional
Some platforms don't have personality.h in their C library, this change
adds buildtime detection for the header and turns off the personality setting
code in those cases.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 20 Dec 2012 15:11:03 +0000 (16:11 +0100)]
Don't hard depend on capability.h and libcap
In the effort to make LXC work with non-standard Linux distros, this change
allows for the user to build LXC without capability support through a new
--disable-capabilities option to configure.
This effectively will cause LXC not to link against libcap and will turn all
the _cap_ functions into no-ops.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Thu, 3 Jan 2013 17:24:06 +0000 (12:24 -0500)]
No need to link against rt and util on bionic
When building on bionic, -lrt and -lutil only cause a build failure.
Dropping those fixes the build, so it appears that the symbols are defined
in the main library.
This commit moves -lrt and -lutil under a !IS_BIONIC check.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 8 Jan 2013 17:02:53 +0000 (12:02 -0500)]
Replace all reference to ushort by unsigned short
ushort appears to be a glibc specific type which doesn't exist in
bionic, this commit simply replace all occurences by the equivalent
unsigned short type.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Set umask before populating /dev and restore it after.
According to docs, mknod clears each permission bit whose
corresponding bit in the process umask is set, so we should fix it
before creating device nodes.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Wed, 19 Dec 2012 00:15:33 +0000 (19:15 -0500)]
fix lxc-wait waiting forever for FREEZING, FROZEN, THAWED states
These states are kept by the kernel in the freezer.state cgroup item, and
are never set in handler->state with lxc_set_state(). If lxc transitions
a container to/from the freezer after an lxc-wait for one of the above
states has already started, the lxc-wait will never see the new state. This
change has lxc send the new state to the lxc-monitor socket.
Dwight Engen [Fri, 14 Dec 2012 20:38:35 +0000 (15:38 -0500)]
oracle template: add support for creating ol4 container from ovm template
Also: disable the interactive part of ovmd so ol5,6 containers won't
hang if started for the first time with -d. Don't let containers do rawio,
or have access to /dev/rtc0, they can mess up the hosts system clock among
other things.
Dwight Engen [Thu, 27 Dec 2012 22:01:26 +0000 (17:01 -0500)]
separate console device from console log
lxc-start -c makes the named file/device the container's console, but using
this with a regular file in order to get a log of the console output does
not work very well if you also want to login on the console. This change
implements an additional option (-L) to simply log the console's output to
a file.
Both options can be used separately or together. For example to get a usable
console and log: lxc-start -n name -c /dev/tty8 -L console.log
The console state is cleaned up more when lxc_delete_console is called, and
some of the clean up paths in lxc_create_console were fixed.
The lxc_priv and lxc_unpriv macros were modified to make use of gcc's local
label feature so they can be expanded more than once in the same function.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 2 Jan 2013 18:47:18 +0000 (13:47 -0500)]
kill -s expects the signal name without SIG
The previous lxc-shutdown change replaced 'kill SIG<name>' by
'kill -s SIG<name>'. Although this works with busybox where it was tested,
this doesn't actually work with all kill implementations. Some requiring just
the signal name without the prefix.
This changes "-s SIG<name>" by just "-s <name>". Tested with busybox and
standard kill.
Natanael Copa [Wed, 26 Dec 2012 21:31:56 +0000 (22:31 +0100)]
lxc-ps: use posix shell and awk instead of bash
Use awk to parse the output pf 'ps' and the tasks files for the
containers.
Use awk fields to find PID column rather than assume that the PID field
is exactly 5 chars wide and has a leading space ' PID'. This works as
long as the PID field is before the command or other field that include
spaces. This also makes it work with busybox 'ps'.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Natanael Copa [Tue, 25 Dec 2012 16:08:55 +0000 (17:08 +0100)]
lxc-clone: use posix shell instead of bash
- avoid getopt --longoptions
- use 'which' instead of 'type' to detect existance of tools
- use 'grep -q -w' instead of bash substring variable expansion
${line:0:18}
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Serge Hallyn [Thu, 20 Dec 2012 05:58:44 +0000 (23:58 -0600)]
Support MS_SHARED /
(I'll be out until Jan 2, but in the meantime, here is hopefully a
little newyears gift - this seems to allow lxc-start with / being
MS_SHARED on the host)
When / is MS_SHARED (for instance with f18 and modern arch), lxc-start
fails on pivot_root. The kernel enforces that, when doing pivot_root,
the parent of current->fs->root (as well as the new root and the putold
location) not be MS_SHARED.
To work around this, check /proc/self/mountinfo for a 'shared:' in
the '/' line. If it is there, then create a tiny MS_SLAVE tmpfs dir to
serve as parent of /, recursively bind mount / into /root under that dir,
make it rslave, and chroot into it.
Tested with ubuntu raring image after doing 'mount --make-rshared /'.
Dwight Engen [Tue, 18 Dec 2012 21:12:34 +0000 (16:12 -0500)]
lxc-destroy container only if it is in the STOPPED state
Currently, lxc-destory will attempt to destroy a container if it is not in
the RUNNING state, but doing so is not good when the container is FROZEN, or
in other transitional states.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Tue, 11 Dec 2012 22:05:11 +0000 (17:05 -0500)]
Fix race/corruption with multiple lxc-start, lxc-execute
If you start more than one lxc-start/lxc-execute with the same name at the
same time, or just do an lxc-start/lxc-execute with the name of a container
that is already running, lxc doesn't figure out that the container with this
name is already running until fairly late in the initialization process: ie
when __lxc_start() -> lxc_poll() -> lxc_command_mainloop_add() attempts to
create the same abstract socket name.
By this point a fair amount of initialization has been done that actually
messes up the running container. For example __lxc_start() -> lxc_spawn() ->
lxc_cgroup_create() -> lxc_one_cgroup_create() -> try_to_move_cgname() moves
the running container's cgroup to a name of deadXXXXXX.
The solution in this patch is to use the atomic existence of the abstract
socket name as the indicator that the container is already running. To do
so, I just refactored lxc_command_mainloop_add() into an lxc_command_init()
routine that attempts to bind the socket, and ensure this is called earlier
before much initialization has been done.
In testing, I verified that maincmd_fd was still open at the time of lxc_fini,
so the entire lifetime of the container's run should be covered. The only
explicit close of this fd was in the reboot case of lxcapi_start(), which is
now moved to lxc_fini(), which I think is more appropriate.
Even though it is not checked any more, set maincmd_fd to -1 instead of 0 to
indicate its not open since 0 could be a valid fd.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Dwight Engen [Tue, 11 Dec 2012 17:39:16 +0000 (12:39 -0500)]
Don't attempt to symlink kmsg without rootfs->path
For example doing "lxc-execute -n tmpct /bin/bash" will call setup_kmsg(), but
in this case rootfs->mount/dev directory doesn't even exist so the call to
symlink fails with ENOENT. Commit f62b3449 made this failure not fatal, but
we should not even try it when we know it will fail. See similar code in
setup_tty(), setup_console(), etc.
Stéphane Graber [Fri, 7 Dec 2012 20:47:11 +0000 (15:47 -0500)]
python: Add binding for {get|set}_cgroup_item
Updates the binding for the two new functions.
This also fixes some problems with the argument checking of
get_config_item that'd otherwise lead to a segfault.
The python binding for set_cgroup_item and get_cgroup_item are pretty
raw as lxc has little control over the cgroup entries.
That means that we don't try to interpret lists as we do for the config
entries.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Fri, 7 Dec 2012 00:41:15 +0000 (18:41 -0600)]
api: add set_cgroup_item and get_cgroup_item (to c api)
set_cgroup_item takes a pointer to a running container, a cgroup subsystem
name, and a char *value and it mimicks
'lxc-cgroup -n containername subsys value'
get_cgroup_item takes a pointer to a running container, a a cgroup
subsystem name, a destination value * and the length of the value being
sent in, and returns the length of what was read from the cgroup file.
If a 0 len is passed in, then the length of the file is returned. So
you can do
len = c->get_cgroup_item(c, "devices.list", NULL, 0);
v = malloc(len+1);
ret = c->get_cgroup_item(c, "devices.list", v, len);
to read the whole file.
This patch also disables the lxc-init part of the startone test, which
was failing because lxc-init has been moved due to multiarch issues.
The test is salvagable, but saving it was beyond this effort.
Stéphane Graber [Fri, 7 Dec 2012 15:41:10 +0000 (10:41 -0500)]
lxc-create: Allow for empty or unset template name
This restores an old behaviour where lxc-create can be called without
a template. In such case, only a minimal configuration is built and no
rootfs is created. However the various backingstore code is still used.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 21:47:19 +0000 (16:47 -0500)]
Update for consistent indent
This commit updates all scripts using mixed indent to a consistent
4 spaces indent.
In the past quite a few of those scripts used tabs to instead of 8 spaces or
instead of 4 spaces, sometimes mixing those in the same line and sometimes
changing the tab width within the same file.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 21:47:17 +0000 (16:47 -0500)]
Minor documentation updates
- Update COPYING to the current copy of the LPGL-2.1 license from
common-licences (only difference is some indentation).
- Remove mixed tabs/spaces in CONTRIBUTING
- Make INSTALL fit on 79 cols.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Wed, 5 Dec 2012 22:07:01 +0000 (17:07 -0500)]
oracle template: fixes when using fedora host
Let oracle template work when host is fedora or oracle and the lsb_release
command is not present. Verify the arch given is valid. Don't add lxc.network
section again if already present.
Stéphane Graber [Tue, 4 Dec 2012 22:30:13 +0000 (17:30 -0500)]
python: Update to the device related functions
This commit does the following changes to the python API:
- Rename the add_device API call to add_device_node
- Adds an extra check that the container is running to add_device_node
- Introduces a new add_device_net function
And the following changes to the lxc-device tool:
- Change parser setup to better cope with variable number of arguments
- Add support for network devices (currently auto-detected)
- Support for different names on the host and in the container
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Dec 2012 21:17:09 +0000 (16:17 -0500)]
lxc-device: Show an error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Tue, 4 Dec 2012 21:17:08 +0000 (16:17 -0500)]
lxc-ls: Show a simple error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Tue, 4 Dec 2012 18:00:26 +0000 (12:00 -0600)]
rename physical nics at shutdown
When a physical nic is being set up, store its ifindex and original name
in struct lxc_conf. At reboot, reset the original name.
We can't just go over the original network list in lxc_conf at shutdown
because that may be tweaked in the meantime through the C api. The
saved_nics list is only setup during lxc_spawn(), and restored and
freed after lxc_start.
Dwight Engen [Thu, 29 Nov 2012 21:24:47 +0000 (16:24 -0500)]
make install should create $LXCPATH directory
The $LXCPATH (default /var/lib/lxc) directory was not being created by
make install, so unless it gets created by some other means
(packaging tools), commands such as lxc-create will fail.
Stéphane Graber [Wed, 21 Nov 2012 22:38:27 +0000 (17:38 -0500)]
Rewrite lxc-ls in python
This rewrite is mostly compatible with the shell version.
--active and -1 still work and behave as they used to.
This adds --running, --stopped and --frozen as state filters.
A new "fancy" view is also implemented (can be used with --fancy) and
will show containers in a column-based interface with the following fields:
- name
- state
- ipv4
- ipv6
- pid of init
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>