Will fallback to no thinpool if not present or if thin pool provided on the command line does not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
On a system with AppArmor enabled, if lxc.se_context is configured but
lxc.aa_profile is not (because the user just wants to use the default
AppArmor profile) lxc was passing the lxc.se_context to be set as the
new AppArmor profile. Determine which configuration item to use based
on which lsm is enabled.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- Add attach test cases
- Moved setting of LSM label later to avoid failure of IPC between parent
and child during attach
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This reworks the mount logic for lxc-start-ephemeral to be as follow:
- Any real (non-bind) entry gets copied to the target fstab
- Any bind-mount from a virtual fs gets copied to the target fstab
- Any remaining bind-mount if confirmed to be valid gets setup as an
overlay.
Extra bind-mounts passed through the -b option are mounted by the
pre-mount script and don't need processing by the fstab generator.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
A callback return value < 0 means there was an error, so print
out an error message. But a rv > 0 is used by the mount_unknown_fs
functions to say "we found the one we want, stop here."
Document this, and only print an error message if rv < 0. Otherwise,
lxc-create -B lvm --fstype ext3 -t ubuntu -n u1
will print an (innocuous) error message about being unable to parse
the config value 'ext3'.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The latest Mandriva distro release was in 2011 and nowadays distro named
OpenMandriva Lx.
Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Ensure /proc and /sys are mounted in the container, otherwise
apparmor_enabled() will fail to find
/sys/module/apparmor/parameters/enabled
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.
It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This fixes a few obvious issues when comparing the make dist output with
the git tree.
- Make all templates non-executable in git
- Remove unused files:
- src/lxc/list.c (empty, only includes the list.h header)
- src/lxc/lxc-destroy.in (replace by lxc_destroy.c)
- Add missing files to dist tarball:
- src/python-lxc/examples/pyconsole.py
- src/python-lxc/examples/pyconsole-vte.py
- Mark all the python API tests executable
- Mark lxc-test-ubuntu executable
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Change the location of linefeed for improving to be read lxc.conf(5) in
Japanese environment.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Two new commands are defined: list_defined_containers() and
list_active_containers(). Both take an lxcpath (NULL means
use the default lxcpath) and return the number of containers
found. If a lxc_container ** is passed in, then an array of
lxc_container's is returned, one for each container found.
The caller must then lxc_container_put() each container and
free the array, as shown in the new list testcase.
If a char ** is passed in, then an array of container names
is returned, after which the caller must free all the names
and the name array, as showsn in the testcase.
Changelog:
Check for the container config file before trying to
create an lxc_container *, to save some work. [ per
stgraber comments]
Add names ** argument to return only container names.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
lxc-plamo now work with any distribution other than Plamo Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Bug found by Vincent Ladeuil <vila+ci@canonical.com>
Fix suggested by Scott Moser <smoser@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:
lxc-create: Libgcrypt warning: missing initialization -
please fix the application
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Just following up here, Serge raised the question of whether or not the
other two invocations of 'tar' in this script need '--numeric-owner'.
They probably should have it, although its of little concern because the
'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for
download, and the only supported ubuntu release without the -root.tar.gz
download is 10.04 at this point.
Anyway, below is a more complete diff, also including a fix as
'--numeric-uid' is not a valid option to tar. The name is
'--numeric-owner'.
Signed-off-by: Scott Moser <smoser@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
