Since lxc-init is a helper program, which doesn't have an usage output
and is only going to be called only internally by lxc-execute, we'll
move it to the libexec dir.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The actual behavior is to mount bind the rootfs to a specific location and
chroot to it. If someone did previously some bind mount in the rootfs they
will be lost in the container.
This fix makes the rootfs to have the submounts in the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi Daniel,
This patch retrieves info from kernel config in
/lib/modules/`uname -r`/build/.config
unless /proc/config.gz exist
Signed-off-by: Kristian Høgh <kfh.lxc@kfh.dk>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Switch the flags and sp for sys_clone for s390.
Without this, lxc-execute gets a segfault on clone (of course).
With this, it succeeds.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
define s390x signalfd for systems with headers which are too
old.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If sys/signalfd.h does not exist, assume that it does not exist
in glibc, rather than that it exists without a corresponding
header file. Note that this version of the signalfd() wrapper
function (unlike the version in glibc) falls back dynamically to
the old signalfd system call if the signalfd4 system call is not
implemented in the currently-running kernel; the version in glibc
chooses the version of the signalfd system call to make via static
build-time configuration.
Signed-off-by: Michael K Johnson <johnsonm@rpath.com>
Signed-off-by: Daniel Lezcnao <dlezcano@fr.ibm.com>
nbargs isn't used for anything in lxc_unshare.c. Remove it.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the ability to lookup usernames and check uids. Bails out early if the given
uid/name does not exist and avoids using atoi() (which is bad because we can't
tell if it parsed an int or a pumpkin).
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The second const qualifier causes gcc to emit a warning. const char *
should be sufficient.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
On distros with older headers liblxc fails to build because PR_CAPBSET_DROP is
not defined by including /usr/include/sys/prctl.h. This adds an autoconf
test and, if not present, defines it. When prctl() is called on systems that
do not support PR_CAPBSET_DROP we should expect EINVAL. This case is already
handled by the liblxc code so no further changes are needed.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
On Mon, 2009-02-09 at 15:43 -0800, Dan Smith wrote:
> DL> It may be possible to use yum like debootstrap for an minbase
> DL> fedora install.
>
> Yep, something like the following should work:
>
> root=/path/to/tmproot
> mkdir -p $root/var/lib/rpm
> rpm --root $root --initdb
> rpm --root $root -Uvfh --nodeps http://fedora.osuosl.org/linux/releases/10/Fedora/i386/os/Packages/fedora-release-10-1.noarch.rpm
> yum --installroot=$root -y groupinstall Base
Looks familiar! ;) I was intrigued by this idea last weekend so I
started such a script. However I only tested it as far as creating a
semi-correct rootfs. With the exception of network configs most of the
configs are still written as for debian. For example I know the selinux
policy enforcement settings need to move, the inittab needs to be
replaced by the proper upstart configs, etc.
Of course it's based heavily on Daniel's excellent lxc-debian script.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the pts configuration when creating a debian container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Factor out some code and especially the parsing of text file functions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Allow to specify a block device as the rootfs. The creation of the
container will try with brute force to determine the file system type.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
The realpath function is more convenient to build the absolute path of
the rootfs.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Instead of using a symlink to the rootfs, just mount bind the rootfs
directory.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Remove some debian services because they don't have sense in a container,
like the hw clock or the unmount of the file systems.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Update the man page with the new devpts instance option.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
The pts new instance is setup conforming the documentation in the
kernel sources, Documentation/filesystems/devpts.txt.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds the configuration for a new pts instance.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When we want to check if a subsystem is enabled, we look at the
presence of a file/directory in the configuration tree files. That
works until we chroot into the rootfs. Some subsystem should be
preferably setup after the chrootfs, making the code simpler and
easier to read. So before setup the different subsystem, I build a
flags set and reuse it later to check if the subsystem is enabled or
not.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Matt Helsley <matthltc@us.ibm.com>
With the release of lenny nearing this patch may soon be useful.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Create the m4 directory if it does not exist
Reported-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Matt Helsley <matthltc@us.ibm.com>
If lxc-debian fails or is interrupted during debootstrap then the next
invocation of lxc-debian breaks because it only checks for the existence
of the directory. This forces the user to remove the cache by hand to
retry the create step.
Let's allow the user to re-run lxc-debian to resume/retry. Store the
cache in a partial-$ARCH directory until debootstrap succeeds. Then move
the valid cache to its final destination.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Dietmar Maurer <dietmar@proxmox.com>
The signalfd function prototype and the signalfd header file is not
defined in the debian Lenny. We want to use this debian version with a
newer kernel.
This patch gives the signalfd function prototype, because the function is
available in the glibc-2.7 which is the version coming with debian Lenny.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Matt Helsley <matthltc@us.ibm.com>
The lxc-debian script does not consistently address the lxc lock as
@LOCALSTATEDIR@/lock/subsys/lxc. Make consistent use of the autotools
substitution to completely enable configure --prefixes.
I also added a comment explaining why some of the paths didn't need
autoconf substitutions for anyone who wants to understand the script.
Also, to separate it from the container contents proper, I moved the
CACHE variable initialization above the container-internal path
variables.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This modification removes the tty configuration file and makes the tty
to be usable with the local tty.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Fixed the type of the opt variable. On the powerpc architecture, that leads
to an infinite loop in the getopt inspection because getopt returns 255
instead of -1 as expected. The opt variable should be an int and not a char.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Removed the release.sh script which is not in the right place in this source
tree.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Removed typo.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
The virtual devices are automatically destroyed when the network namespace
dies for the kernel version >= 2.6.29. Until this version the network devices
have to be destroyed by lxc. This modification checks the version of the
kernel to make lxc to destroy the network devices or not.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Simplified the spec file
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Remove the nsgroup directory when the container dies, otherwise this will
lead to an error when the pids number are recycled
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <daniel.lezcano@free.fr>
Suppress debug mode in the script
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
For some distros (eg. opensuse), when installing with "make install", the
localstatedir is not created. This modification makes this directory to be
created at the install time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Different interface exists for the freezer, "RUNNING" or "THAWED" should
be written to the freezer file, so in case "THAWED", we fall back to
"RUNNING". That allows to support older freezer kernel interface for 2.6.27.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the files which are provided by libtool and automake.
libtoolize has been added to 'bootstrap' command.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
