Unprivledged user should be able to do fuse mounts during start-container.
Specifically this solves the problem for un-priv fuse mounting via
pre-hook.
Signed-off-by: Scott Moser <smoser@brickies.net>
The nftables masquarade rule for IPv6 was using the IPv4 syntax. This
resulted in the following error when starting the lxc-net.service with
LXC_IPV6_NAT="true" and nftables:
Feb 11 18:54:54 pc lxc-net[4936]: Error: conflicting protocols specified: ip6 vs. ip
Feb 11 18:54:54 pc lxc-net[4936]: ^^^^^^^^
Feb 11 18:54:54 pc lxc-net[4917]: Failed to setup lxc-net.
Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE
Feb 11 18:54:54 pc systemd[1]: lxc-net.service: Failed with result 'exit-code'.
Feb 11 18:54:54 pc systemd[1]: Failed to start LXC network bridge setup.
Signed-off-by: Quentin Lyons <36303164+n0p90@users.noreply.github.com>
On openSUSE, our packages are build in the Open Build Service which does
not have a proper systemd installation that you can query to get the
systemdunitdir.
The simplest solution is to re-add the ability to explicitly set the
systemdunitdir (as was previously possible with the autotools build
system in pre-5.0 LXC).
Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>
Since the `lxc` binary is actually provided by lxd, the main
bash-completion file needs to be moved away to not conflict with a bash
completion file provided for the `lxc` binary by lxd.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
Failure executing dnsmasq happens if misc dir is not existed as the
following error messages.
localhost.localdomain systemd[1]: Starting LXC network bridge setup...
localhost.localdomain lxc-net[5754]: dnsmasq: cannot open or create lease file /usr/local/var/lib/misc/dnsmasq.lxcbr0.leases: No such file or directory
localhost.localdomain dnsmasq[5754]: cannot open or create lease file /usr/local/var/lib/misc/dnsmasq.lxcbr0.leases: No such file or directory
localhost.localdomain dnsmasq[5754]: FAILED to start up
localhost.localdomain lxc-net[5727]: Failed to setup lxc-net.
localhost.localdomain lxc-net[5727]: Failed to setup lxc-net.
localhost.localdomain systemd[1]: lxc-net.service: Main process exited, code=exited, status=1/FAILURE
localhost.localdomain systemd[1]: lxc-net.service: Failed with result 'exit-code'.
localhost.localdomain systemd[1]: Failed to start LXC network bridge setup.
Modify 'lxc-net' script to call 'mkdir -p' command if the directory is not
existed before executing dnsmasq daemon.
Signed-off-by: Leesoo Ahn <lsahn@ooseel.net>
When lxc is installed inside an lxc container, trying to bring up
lxc-net with the default parameters will conflict with the networking
setup for lxc on the host. This breaks all networking inside the
container where lxc is installed.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
If a name is a prefix of another word available for completion, adjust
to show all words with given prefix.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
Not really much can be done for this function, as `-m` requires an ID
mapping that has to be manually input, since it will use
`/etc/sub{g,u}id` if not specified.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
List SElinux contexts available. Not clear if this could be only for
root or if normal user with `sudo` is also supported.
Using `Fedora34` for basic testing.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
For `lxc-ls --groups` and `lxc-autostart --groups`.
Support leading comma, trailing comma, embedded double comma.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
Use bash functions for common array operations. Keep code logic somewhat
easy to read for bug hunting.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
For options `-r,--restore` and `-d,--destroy`, we need the container
name to create the list of completion values.
Therefore, it is needed to scan the current command line to check if
there is a container name available.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
When a container name has whitespace in it
(e.g. created by `lxc-create -t download -n "arch linux"` ),
the completion for other commands should be able to work by adding a
backslash to escape it.
Although it may be interesting to support names between quotes, this
would probably means to have to add quotes to all names. Might not be
interesting just due to an edge case.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
Use regex to handle short option `-n`, since short options can be
combined (e.g. `-nd`) as long as at max one requires an argument.
Also consider the case when the arg for the long option is not given
together with `--name=`.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
On pair with how other functions do it. Also, be smarter about adding
whitespace when there are no more completions available for the
parameter.
Signed-off-by: Edênis Freindorfer Azevedo <edenisfa@gmail.com>
Use as much as possible from each command `--help` for completion.
Some options require a long list of completions that should be dumped by
some command option. These are not added here yet.
Examples of those are: `lxc-info --config`, `lxc-execute --define` and
`lxc-start --define`.
Signed-off-by: Edenis Freindorfer Azevedo <edenisfa@gmail.com>
Closes#3093Closes#3602
Add support for nftables firewall rules if `nft` command line
interface is available in the system
Signed-off-by: Pablo Correa Gómez <ablocorrea@hotmail.com>
