gentoo.moresecure.conf tries to drop the capability CAP_SYS_RESOURCES.
However, that capability doesn't exist, so the container doesn't start.
Change it to CAP_SYS_RESOURCE, according to capabilities(7).
Also correct the same typo in a comment in slackware.common.conf.
Signed-off-by: Karl-Johan Karlsson <creideiki@ferretporn.se>
I think (?) this may be related to our hanging monitor bug. Let's do this
anyway, as it's probably a good idea.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
When container init failed for whatever reason, previously it resulted
in a `SystemError: NULL result without error in PyObject_Call`
This will now result in a RuntimeError with the error message
previously printed to stderr.
Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>
gcc -Wall warns about uninitialized variables (-Wmaybe-uninitialized), and
-Werror makes it fatal. This change allows the build to succeed by NULL'ifying
the pointer passed to strtok_r().
Note that strtok_r(3) anyway ignores a non-NULL arg3 pointer on the 1st call
with non-NULL arg1 string.
Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- /etc(/rc.d)?/init.d/functions does not exist on all distributions
- LSB does not define a message function without an explicit status
- Debian-derived systems add a log_daemon_msg for that
lets define an own log_daemon_msg as echo and try to load LSB init
functions afterwards, which might overload it with a nicer version
that way the init scripts should work on any system, without hard
dependencies on neither LSB nor /etc/init.d/functions
Closes#309#310#311
Signed-off-by: Evgeni Golov <evgeni@debian.org>
pty logging only works correctly when stdout and stderr refer to a pty. If they
do not, we do not dup2() them and lxc_console_cb_con() will never write to the
corresponding log file descriptor.
When redirection on stdout and stderr is used we can safely assume that the user
is already logging to a file or /dev/null and creating an additional pty log
doesn't seem to make sense.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Note that is_crucial_subsystem still lists name=systemd. That is
used in cgfs and cgmanager. Cgmanager is typically setup to create
name=systemd, so it is ok. cgfs uses is_crucial_subsystem() only
to decide whether failure to create or chown a directory should be
terminal. That's ok, because (a) if name=systemd is not mounted then
we won't hit that, and (b) if name=systemd is mounted, then we'd
really still like to set it up for containers.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Using $(date) for LXC_GENERATE_DATE has various flaws:
* formating depends on the locale of the system we execute configure on
* the output is not really a date but more a timestamp
Let's use $(date --utc '+%Y-%m-%d') instead.
While at it, also support SOURCE_DATE_EPOCH [1] to make the build
reproducible
[1] https://reproducible-builds.org/specs/source-date-epoch/
Signed-off-by: Evgeni Golov <evgeni@debian.org>
