This option is only available in recent master of criu, so let's require
that since we're using it.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Since we can rename a container on a migrate, let's tell CRIU to use the
LSM profile name the user has specified. This change is motivated by LXD,
which sets an LSM profile name based on the container name, so if a user
changes the name of a container during migration, the old profile name
(that criu has saved) won't exist on the new host.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Move
- ovl_get_rootfs_dir()
- mount_entry_create_overlay_dirs()
from conf.h to overlay.{c,h} where they belong.
Rename
- mount_entry_create_overlay_dirs() --> ovl_mkdir()
in accordance with the ovl_ prefix naming scheme for types and functions
associated with overlay.
Take the chance to add whitespace between operators where missing.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
With this commit we start to split bdev.{c,h} into modules located in the
subfolder bdev. We start by creating a module for overlay: overlay.{c,h}.
- The functions:
- overlayfs_detect()
- overlayfs_mount()
- overlayfs_umount()
- overlayfs_clonepaths()
- overlayfs_destroy()
- overlayfs_create()
move from bdev.{c,h} to overlay.{c,h}. The only thing that remains in bdev.c
is the static definition of
- static const struct bdev_ops overlayfs_ops
- The functions:
- update_ovl_paths()
- overlay_getlower()
move from lxccontainer.c to overlay.{c,h}. update_ovl_paths() is used to
update absolute paths for overlay lxc.mount.entry entries but it seems to fit
more here than into lxccontainer.c.
The Function overlay_getlower() is used to extract the lower directory for
overlay (and aufs) rootfs. It should at some point become a common helper.
- The functions:
- do_rsync()
- dir_new_path()
remain in bdev.c for now but become extern. We declare them extern in
overlay.c to be able to call them. As the comment to them correctly notices,
they should at some point become common helpers and probably move to
utils.{c,h} or some other more appropriate place.
- The structs:
- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */
are forward declared/put as incomplete types in overlay.h so that the
functions have access to it.
- The header overlay.h is *not* included in bdev.h but only in bdev.c so that
when bdev.h is included the public functions in overlay.h cannot be accessed,
i.e. if an implementation wants to call functions from overlay.h they need to
explicitly include it. (As is e.g. done in the case of lxccontainer.c.)
- The header
- lxc-btrfs.h
also moves to the bdev subfolder.
- Adapt Makefile.am to the new bdev layout.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
zgrep is a script provided by the 'gzip' package, which may not be
installed on embedded systems etc which use busybox instead of the
standard full-featured utilities.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
With lxc-create, this will create, map and mount a Rados blockdevice.
A valid ceph.conf and ceph.client.admin.keyring is needed in /etc/ceph/
RBD mapping is not manage on reboot.
Signed-off-by: Laurent Barbe <laurent@ksperis.com>
- explain functions in list.h
- let lxc_list_len() return size_t instead of int
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We'll use this in the next patch to escape to the root cgroup before we
exec criu.
v2: s/cgm_connected/cmg_needs_disconnect/g
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Add support for new target plamo to specify the linux distribution.
Plamo Linux uses sysvinit.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fold dnsmasq command line at about 80 chars because the line is too
long.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
No idea how these got there, but let's get rid of them since they're weird.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This patch adds a new ->migrate API call with three commands:
MIGRATE_DUMP: this is basically just ->checkpoint()
MIGRATE_RESTORE: this is just ->restore()
MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the
container.
A small addition to the (pre-)dump commands is the ability to specify a
previous partial dump directory, so that one can use a pre-dump of a
container.
Finally, this new API call uses a structure to pass options so that it can
be easily extended in the future (e.g. to CRIU's --leave-frozen option in
the future, for potentially smarter failure handling on restore).
v2: remember to flip the return code for legacy ->checkpoint and ->restore
calls
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Since we're relying on 1.8 for the seccomp stuff, let's refuse to use
anything lower than that.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Instead of *always* resetting the current_config to null, we should only
reset it if this API call set it.
This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into
criu.c, which can call c->init_pid() and not lose the ability to log stuff
afterwards.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Check if symbols SCMP_ARCH_ARM and SCMP_ARCH_PPC are defined.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.
Do that also for ppc64 and arm64. This allows seccomp-protected armhf
containers to run on arm64.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
In which case lxc will not update the apparmor profile at all.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
