Given commit 330ae3d350:
lxccontainer: detect if we should send SIGRTMIN+3
This is required by systemd to cleanly shutdown. Other init systems should not
have SIGRTMIN+3 in the blocked signals set.
we should stop symlinking halt.target to sigpwr.target for systemd.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
otherwise the generated docs have the full build path in them
and nonbody cares that the files were built in
/build/lxc-_BVY2u/lxc-2.0.4/src/lxc/
Signed-off-by: Evgeni Golov <evgeni@debian.org>
Previously, we write a "success" status but tried to parse the pid. This
meant that we wouldn't notice a successful restore but failure to parse the
pid, which was a little strange.
We still don't know the child pid, so we will end up with a restored
process tree and a running container, but at least in this case the API
will return false indicating that something failed.
We could kill(-1, 9) in this case, but since liblxc runs as root sometimes
(e.g. LXD), that would be a Very Bad Thing.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
All we really needed a unique temp file for was passing the pid. Since CRIU
opened this with O_EXCL | O_CREAT, this was "safe" (users could still
overwrite it afterwards, but the monitor would immediately die since the
only valid number in there was the init process).
In any case, we can just read /proc/self/tid/children, which lists the
child process.
Closes#1150
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
MIPS processors implement 3 ABIs: o32, n64 and n32 (similar to x32). The kernel
treats each ABI separately so syscalls disallowed on "all" arches should be
added to all three seccomp sets. This is implemented by expanding compat_arch
and compat_ctx to accept two compat architectures.
After this, the MIPS hostarch detection code and config section code is added.
Signed-off-by: James Cowgill <james410@cowgill.org.uk>
This also changes the help exit status of lxc-unshare and lxc-usernsexec. So
far they did exit(EXIT_FAILURE) whereas all other tools do exit(EXIT_SUCCESS).
Let's align them with the rest of the tools. This should be safe to do.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
With how easy it is to create a collision on a short ID nowadays and
given that the user doesn't actually have to remember or manually enter
the key ID, lets just use the full fingerprint from now on.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
It doesn't have any effect on what lxc-top does and is only
accepted on account of being part of the common option list.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
In almost all commands it's a useful addition to the -n
switch which is a common option, too.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
- Assume that the module name is "overlay" per default and not "overlayfs".
- Assume that the overlay version we are using requires a workdir.
- When we mount an overlay filesystem and we fail with ENODEV retry once with
the module name we haven't already used.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
