remove the usage of LXCPATH/<name>/nsgroup
in get/set function.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
this also avoid to call two times get_cgroup_mount
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the usage of the directory config for the setup and use the
configuration structure instead.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch makes the configuration to read the configuration
file in order to pass the configuration to the different functions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When the parent of the first process dies, the container stays there
making very difficuly to track it and to kill. We have to use the
lxc-ps --lxc and kill the processes, hoping we kill the init process
of the container. That's not a big deal until we have thousand of
processes in the container :)
We want to keep the parent of the container init always there, this
process is responsible to manage the container, provide tty, notify
the container changing states and ensure self exclusion (eg. avoid
to launch several containers with the same name).
If this process dies, we consider that as a fatal error and we make
the child process to die too. This patch will just add the prctl to
to send a SIGKILL to the container init process when its parent exits
For the point of view of the pid namespace, when the init process dies
all the processes of the namespace are killed too.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The number of fds passed to epoll is just a hint for the kernel.
In our case, we know this is often 2, let's remove this parameter
from lxc_mainloop_open and cleanup the code around the caller of
this function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
this was useless since old commit
576f946d78
that intoduced the cgroup support.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When a command can not be send because the connection is refused,
that means the container is stopped. Let's report this specific
case instead of raising an error.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Like the pid, let's store the state in the handler and modify it
at runtime. Return the value of state with a specific command.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Handle the stop command. The stop command waits for the peer to
disconnect, that means the peer has exited, so it is safe to
return to the user control. By this way, we ensure a stop command
followed by a start or a destroy won't fail with a race condition
because the start command is not yet finised.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
report to command requester the errno if credential failure,
rather than to only close the connection.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
move some code of start.c to new commands.c and to console.c
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Replace the current tty service socket by a general command service
socket and plug for the moment only the existing tty service.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
this is only a code split to show the real functionality of this
function that is not expecting any received data on the connection
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Move the tty service handler to use the mainloop for a future
consistent usage.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Commands should be accepted when they are coming from root.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Two files have each their own structure definition with the same
name. The types name don't conflict but in the name of sanity, let's
rename these structures.
not critical isn't it :)
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The code previously added in lxc-create with
commit d7efa8fcbf
is also required in lxc-execute.
So make this code common for the two callers.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We should initialize lxc_fd_list before opendir in
__lxc_fd_collect_inherited in case of opendir returns error.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.doin.ne.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi,
I have to use the attached patch to allow lxc building in the SUSE build
system. It uses as-needed flag and build thus fails, since -lutil is not
at the appropriate place on the command line.
js
suse labs
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
With some versions of the compiler/headers linux/netlink.h won't compile
if sys/socket.h is defined before it.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Ship the manpages in the source tarball made by 'make dist', and clean
them up only during the 'make maintainer-clean' step. This allows
distributions not to depend on docbook at lxc build time, because the
manpages are already there.
Also update the configure warning message to sound less scary.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This was a leftover from the already-removed
network-destruction-on-container shutdown code.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This is a complement of previous patches d983b93c3a
and af79587587 about inherited fd.
Here this is required for the lxc-execute that have a specific
lxc-init procress.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
"netlink headers not found" implicitely means we have to install the
kernel headers. Make this explicit.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add some traces in the code, so we are able to follow the execution
of the start command with the logger.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The trace is displayed either if the setting fails, change that by
displaying the trace when the setting is successful.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Allow the user to specify an extra fstab file to be added in the
debian configuration. So some optimisations can be done for sharing
objects.
eg: /var/cache/apt/archives mounted in <rootfs>/var/cache/apt/archives
Signed-of-by: Daniel Lezcano <dlezcano@fr.ibm.com>
