While char is a signed type and should have no trouble
storing a "-1" value, getopt_long() will return a value of 255
instead of -1. This has been noticed on powerpc; there's also
some upstream talk about it at [1].
Change variable type from char to int, since it's also the
documented use.
[1] http://stackoverflow.com/questions/17070958/c-why-does-getopt-return-255-on-linux
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Change paths in fstab to be relative to the root and fix a wrong
rootfs_path value.
Signed-off-by: Serge Logvinov <serge.logvinov@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Once lxc-monitord receives a quit request from lxc-monitor, it will then
return from the mainloop every time an event occurs on any of its fds and
check if it has any clients left. When there are no more it exits. This
allows lxc-monitord to quit immediately instead of waiting the normal 30
seconds for more clients, potentially freeing up lxcpath for unmounting.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Adding the epoll events allows the handler to determine what events
happened on the fd.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This introduces a new /usr/share/lxc/config directory containing common
configuration snippets.
The two Ubuntu templates are then simplified to just include the
relevant entries avoiding a whole lot of hardcoded cgroup, capabilities
and mount points configuration.
An extra comment is also added at the top of all generated configuration
files telling the user to look at lxc.conf(5) for more information.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Just like we already had "optional", this adds two new LXC-specific
mount flags:
- create=dir (will do a mkdir_p on the path)
- create=file (will do a mkdir_p on the dirname + a fopen on the path)
This was motivated by some of the needed bind-mounts for the
unprivileged containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
NetworkManager at least expects all veth devices to be called veth*
otherwise it'll consider them as physical interface and try to do DHCP
on them.
This change makes lxc-user-nic use the same function that we use for LXC
itself which will give us standard vethXXXXX kind of interfaces.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
It is now natively implemented in C, the new function takes the same
arguments (same order, different names) and has been confirmed to work
with lxc-device.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Currently, all scripts, specified as "lxc.network.script.up", inherit
lxc-execute's signal mask.
This, for example, includes blocked SIGALRM signal which, in turn, makes
alarm(2), sleep(3) and setitimer(2) functions silently unusable in all programs,
invoked in turn by the "lxc.network.script.up".
To fix this, run_buffer() should restore default signal mask prior to
executing "lxc.network.script.up".
A naive implementation would temprorary unblock all signals just before
calling popen() and block them back immediately after it.
But that would result in an immediate delivery of all pending signals just
after their unblocking.
Thus, we should restore default signal mask exactly in child (after fork())
just before calling exec().
To achieve this, a home-brewed popen() alternative is needed.
The added lxc_popen() and lxc_pclose() are mostly taken from glibc with
several simplifications (as we currently need only "re" mode).
The implementation uses Linux-specific pipe2() system-call,
which is only available since Linux 2.6.27 and supported by glibc since
version 2.9 (according to pipe(2) man-page), but this shouldn't be a
problem as lxc requires a fairly recent kernel too.
lxc_popen()/lxc_pclose() are meant to be direct replacements for their
stdio counterparts, so they perform no process_lock() locking
themselves. (as fopen_cloexec() does)
All existing users of popen()/pclose() are converted to the new
lxc_popen()/lxc_pclose().
(mazo: don't clear close-on-exec flag for parent's end;
place the new functions in utils.c;
convert bdev.c to use the new functions;
coding style fixes;
comments fixes;
commit message tweaks)
Signed-off-by: Ivan Bolsunov <bolsunov@telum.ru>
Signed-off-by: Andrey Mazo <mazo@telum.ru>
This removes all but the following headers from our includes:
- attach_options.h
- lxccontainer.h
- version.h
This also removes the duplicate lxc_version function (lxc_get_version
has been preferred for a while).
lxclock.h is now considered private.
As a result quite a lot of files needed addition of extra includes
previously inherited from lxclock.h.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
So that applications can get the LXC version number at compile time.
This can be used to make applications/bindings that support compiling against
multiple versions of LXC.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds the same code to the Debian-based templates (Ubuntu and Ubuntu
Cloud) and also avoids a needless fork.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
For list configuration entries like capabilities and cgroups
entries, if there is a 'key =' value (i.e. "lxc.cap.drop =")
then clear any loaded entries.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
As mentioned in a previous commit, this does two changes:
- Make want_daemonize return a bool (false on failure, true on success)
- Make both want_daemonize and want_close_all_fds take a "state"
argument so the user can choose to unset those flags.
This commit also updates all occurences of those two functions and turns
the daemonize attribute from an int to a bool.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This extends the list of arguments of start() allowing the user to
request the container be started in the foreground and have control on
whether fds will be closed or not (daemonize=True implies that too).
One problem at the moment however is that while we have functions to set
close_fds and daemonize in the API, we don't have functions to unset
those flags, so those new parameters will only work on the initial call
to start() any further call will use the values of the previous one.
I think it'd make sense to change lxcapi slightly to have daemonize and
close_fds offer a similar interface, both returning booleans and both
accepting a value as a parameter so API users can set the value they
want.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Because if they are not, then we'll fail trying to map that gid into the
container.
The function doesn't change any gids, but lxc-usernsexec always does
setgid(0), so just map getgid() to 0 in the container.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
THe recent reorg of lxc-ubuntu introduced some package installation in
post-process but without first disabling service startup.
As a result, if the cache is a bit out of date and a ssh update is
available, post-process will apply that update (as it does apt-get
install ssh vim) which in turn will attemp to start sshd. This will
either lead to ssh on the host being restarted or if there's no sshd on
the host, will fail the container creation as the postinst will get an
error from upstart.
The fix is very simply to add the same policy-rc.d trick when running
post-process.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This properly regroups the module functions together and then sorts all
other functions alphabetically to match the function and property lists.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Drop any tab as spaces are preferred, get everything to fit the 80char
limit.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
