Change the license from GPL to LGPL to avoid a tricky license situation
for liblxc.so.
Signed-off-by: Jonas Eriksson <jonas.eriksson@enea.com>
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
lxc.id_map bug when writing directly to /proc/pid/[ug]id_map
There's some code in src/lxc/conf.c that sets up the UID/GID mapping. It
can use the external newuidmap/newgidmap tools, or it can write to
/proc/pid/[ug]id_map directly. The latter case is broken: lines are written
without a newline (\n) at the end. This patch fixes that. Note that
I did not check if the newuidmap/newgidmap case still works. It should,
but I wasn't able to test it.
Signed-off-by: Miquel van Smoorenburg <mikevs@xs4all.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This sets lxc_log_define to what should be appropriate values for all
existing binaries that call lxc_log_init.
The name is lxc_<bin name>_ui for anything that's user visible and
lxc_<bin name> for anything that's not.
The parent is set to "lxc" for anything using the API and to the
matching C file name for anything that isn't.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- configure fails to compile the cgmanager test without -lnih -lnih-dbus
- fix include path from cgmanger commit f1d9bd1a
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
In current LXC, loglevel and logfile are write-once functions.
That behaviour was appropriate when those two were first introduced
(pre-API) but with current API, one would expect to be able to
set_config_item those multiple times.
So instead, introduce lxc_log_options_no_override which when called
turns those two config keys read-only and have all existing binaries
which use log_init call that function once they're done setting the
value requested by the user.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
That way templates can fix group ownership alongside uid ownership.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Only the download and ubuntu-cloud templates work with unprivileged
containers, for all others, detect --mapped-uid and error out as early
as possible, recommending the use of the download template.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This change introduces a flag --repo to the lxc-centos template
to allow using a local repository (e.g. a loop mounted installer
iso on your web server).
Signed-off-by: Harald Dunkel <harri@afaics.de>
Acked-by: Michael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If a user in cgroup /a/b/c does 'lxc-start -n u1', then u1
should be started under /a/b/c/u1. However if he does
'sudo lxc-start -n u1', then that cgroup shoudl start under
/lxc/u1.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
With this change, shutdown() will no longer call stop() after the
timeout, instead it'll just return false and it's up to the caller to
then call stop() if appropriate.
This also updates the bindings, tests and other scripts.
lxc-stop is then updated to do proper option checking and use shutdown,
stop or reboot as appropriate.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
In order for attach to work, the container owner must be able to
write to the tasks file. Therefore we make the container's cgroup
owned by the container root group, but the container owner uid.
So for the container root to be allowed to create new cgroups, it
needs group write perms.
With this patch, an unprivileged container with an
lxc.mount.auto = cgroup entry entry can run the cgproxy and pass
all cgmanager tests.
Acls would have been another way to do this, but are not yet being
used/exported by cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The timeout argument should be handled as follows:
-1 => Wait forever
0 => Don't wait
> 0 => Wait for timeout seconds
Without this patch, the 0 case is mapped to -1.
Signed-off-by: Robert Vogelgesang <vogel@users.sourceforge.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This introduces a new lxc.rootfs.options which lets you pass new
mountflags/mountdata when mounting the root filesystem.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
To be more consistent with other cgroup_ops methods, in the hopes
of having less return-value-related mixups.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If it (or any variation thereof) is in the container configuration,
then mount /sys/fs/cgroup/cgmanager.lower (if it exists) or
/sys/fs/cgroup/cgmanager into the container so it can run a
cgproxy.
Also make sure to clear our groups when we start or attach to a
container. Else with unprivileged containers we end up with
lots of nogroups listed in /proc/1/status.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The cgroupfs-specific code is moved from attach.c to cgroup.c.
lxc-cgmanager now only chgrps the container's cgroup, so that the
unprivileged user still owns the tasks file allowing him to enter
the container cgroup (for attach).
Some other changes rolled into the cgmanager update:
Make the list of subsystems not per-handler, as it will not change. As
a result, the only state we need to keep in the per-handler cgroup data
is the char *cgroup_path, so we can drop the cgm_data struct altogether.
Catch nih errors (as not doing so causes later crashes).
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
| host arch | arm64 | armhf | armel |
-------------------------------------
| arm64 | X | X | X |
| armhf | | X | X |
| armel | | X | X |
-------------------------------------
Although optional, all existing arm64 silicon supports 32bit instructions.
armel/armhf is only a userspace change, so they are interchangeable.
However armhf isn't supported on all armel platforms (e.g. armv6) but
all those we support have hard-float.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
* ppc64el images now exist and generally function.
Instead of failing because an arch isnt in the list,
let that check happen by ability to download something.
* update the hard coded ubuntu releases to know about 'trusty'
and drop no longer supported releases (consistent with behavior
when distro-info is available)
* shorten the logic that decides if host and container arch
are supported.
* support skipping "invalid arch" check entirely via undocumented
variable UCTEMPLATE_SKIP_ARCH_CHECK.
* update usage to reference 'tryreleased' as the default 'stream'
* give good error message if user tries 'released' and there
is no released version available.
Signed-off-by: Scott Moser <smoser@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Change lxc-stop's argument parsing so that it matches what the help option
and the man page both describe.
Signed-off-by: Robert Vogelgesang <vogel@users.sourceforge.net>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Without enabling INCLUDE_SUSv2 in busybox, we need to use head's -n argument,
rather than -#.
Signed-off-by: Christopher Larson <kergoth@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
userns_exec_1() clones a new task to manipulate. We don't
need to fork before calling that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This fixes the following compile errors with uClibc:
lxc_snapshot.c: In function 'print_file':
lxc_snapshot.c:71:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &sz, f) != -1) {
^
cc1: all warnings being treated as errors
lxc_usernsexec.c: In function 'read_default_map':
lxc_usernsexec.c:181:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &sz, fin) != -1) {
^
cc1: all warnings being treated as errors
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This fixes various compile errors when building with musl libc. For
example:
In file included from start.c:66:0:
monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
start.c: In function 'setup_signal_fd':
start.c:202:2: error: implicit declaration of function 'sigfillset' [-Werror=implicit-function-declaration]
if (sigfillset(&mask) ||
^
...
In file included from freezer.c:36:0:
monitor.h:39:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
...
In file included from cgroup.c:45:0:
conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function)
char veth1[IFNAMSIZ]; /* needed for deconf */
^
cgroup.c: In function 'find_cgroup_subsystems':
cgroup.c:230:3: error: implicit declaration of function 'strdup' [-Werror=implicit-function-declaration]
(*kernel_subsystems)[kernel_subsystems_count] = strdup(line);
^
...
In file included from conf.c:65:0:
conf.h:87:13: error: 'IFNAMSIZ' undeclared here (not in a function)
char veth1[IFNAMSIZ]; /* needed for deconf */
^
In file included from conf.c:66:0:
conf.c: In function 'run_buffer':
log.h:263:9: error: implicit declaration of function 'strsignal' [-Werror=implicit-function-declaration]
struct lxc_log_locinfo locinfo = LXC_LOG_LOCINFO_INIT; \
^
...
af_unix.c: In function 'lxc_abstract_unix_send_credential':
af_unix.c:208:9: error: variable 'cred' has initializer but incomplete type
struct ucred cred = {
^
af_unix.c:209:3: error: unknown field 'pid' specified in initializer
.pid = getpid(),
^
af_unix.c:209:3: error: excess elements in struct initializer [-Werror]
af_unix.c:209:3: error: (near initialization for 'cred') [-Werror]
af_unix.c:210:3: error: unknown field 'uid' specified in initializer
.uid = getuid(),
^
af_unix.c:210:3: error: excess elements in struct initializer [-Werror]
af_unix.c:210:3: error: (near initialization for 'cred') [-Werror]
af_unix.c:211:3: error: unknown field 'gid' specified in initializer
.gid = getgid(),
^
and more...
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
utmpx.h is specified in POSIX but utmpxname is not so we check for
utmpxname in configure script.
This fixes the following compile error with musl libc:
lxcutmp.c: In function 'utmp_get_runlevel':
lxcutmp.c:249:2: error: implicit declaration of function 'utmpxname' [-Werror=implicit-function-declaration]
if (!access(path, F_OK) && !utmpxname(path))
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Instead rely on struct ethhdr from net/ethernet.h
This fixes build error with musl libc:
In file included from /usr/include/linux/if_bridge.h:17:0,
from network.c:47:
/usr/include/linux/if_ether.h:133:8: error: redefinition of 'struct ethhdr'
struct ethhdr {
^
In file included from /usr/include/net/ethernet.h:10:0,
from network.c:42:
/usr/include/netinet/if_ether.h:93:8: note: originally defined here
struct ethhdr {
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This fixes compile error with musl libc:
In file included from start.c:66:0:
monitor.h:38:12: error: 'NAME_MAX' undeclared here (not in a function)
char name[NAME_MAX+1];
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This fixes the following error with musl libc:
In file included from start.c:59:0:
log.h: In function 'lxc_log_priority_to_int':
log.h:136:2: error: implicit declaration of function 'strcasecmp' [-Werror=implicit-function-declaration]
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This fixes compile error when build with musl libc:
conf.h:92:2: error: unknown type name 'uint'
uint fmask;
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
poll.h is defined in POSIX:
http://pubs.opengroup.org/onlinepubs/009695399/functions/poll.html
This fixes a compile warning when building with musl libc:
In file included from start.c:46:0:
/usr/include/sys/poll.h:1:2: error: #warning redirecting incorrect #include <sys
/poll.h> to <poll.h> [-Werror=cpp]
#warning redirecting incorrect #include <sys/poll.h> to <poll.h>
^
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
lxc_map_ids can call system(3), which on error from the
spawned process returns > 0. No path should return > 0
when it meant success. So check the lxc_map_ids() value
to be != rather than just < 0.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Move the test of mp->need_cpuset_init to a logically better place.
Avoid misleading error messages.
Signed-off-by: Robert Vogelgesang <vogel@users.sourceforge.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
lxc_monitord_spawn() in src/lxc/monitor.c contained "umask(0);", and
because of this, lxc-monitord created lxc-monitord.log with mode 0666.
World-writeable log files are bad, so remove this umask(0).
Signed-off-by: Robert Vogelgesang <vogel@users.sourceforge.net>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If we have a bad config file entry, fail. Otherwise lxc-start
will proceed with a partial configuration.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Remove a memory leak on error path.
Only try to initialize cpuset if cgroup.clonechildren does not exist.
Bump the max value we read from cpuset.{cpus,mems} to 1024.
If cpuset.cpus or .mems is already initialized but is too long, don't fail.
If parent's cpuset.cpus or .mems is too long, record an error and fail.
If anyone actually runs into this, we can simply allocate the required
length as needed, but we don't expect anyone to run into this.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
