* Add lxc.execute.cmd to Japanese lxc.container.conf(5)
* Tweak the description of the "INIT COMMAND" section and lxc.init.cmd
in en and ja man pages.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
lxc_string_split_quoted() splits a string on spaces, but keeps
groups in single or double qoutes together. In other words,
generally what we'd want for argv behavior.
Switch lxc-execute to use this for lxc.execute.cmd.
Switch lxc-oci template to put the lxc.execute.cmd inside single
quotes, because parse_line() will eat those. If we don't do that,
then if we have lxc.execute.cmd = /bin/echo "hello, world", then the
last double quote will disappear.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
Closes#1813
This adds preliminary (but working) support for creating application
containers from OCI formats. Examples:
create a container from a local OCI layout in ../oci:
sudo lxc-create -t oci -n a1 -- -u oci:../oci:alpine
Or, create a container pulling from the docker hub.
sudo lxc-create -t oci -n u1 -- -u docker://ubuntu
The url is specified in the same format as for 'skopeo copy'.
Comments appreciated.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
We need to clear any ifindeces we recorded so liblxc won't have cached stale
data which would cause it to fail on reboot we're we don't re-read the on-disk
config file.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This should satisfy several use cases. The one I tested for was CNI.
I replaced the network configuration in a root owned container with:
lxc.net.0.type = empty
lxc.hook.start-host = /bin/lxc-start-netns
where /bin/lxc-start-netns contained:
=================================
echo "starting" > /tmp/debug
ip link add host1 type veth peer name peer1
ip link set host1 master lxcbr0
ip link set host1 up
ip link set peer1 netns "${LXC_PID}"
=================================
The nic 'peer1' was placed into the container as expected.
For this to work, we pass the container init's pid as LXC_PID in
an environment variable, since lxc-info cannot work at that point.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
We can't rely in general on the presence of an initialized conf on cgroup init
time. One good example are our criu codepaths.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
So far, we silently skipped over limits that failed to be applied which is very
odd. Let's error on when cgroup limits fail to apply.
Closes#1815.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Because the `fetch` wget wrapper outputs files to stdout we may end up in a
situation where wget fails but the files are still created. This can happen
e.g. when the host date is out of sync leading to a failed certificate
check, resulting in the creation of empty key files.
Once the empty files have been created the template will try to use them which
causes the certificate check to fail.
By using `-s` instead of `-f` the template will re-fetch the files unless they
exist AND have a size greater than zero.
Signed-off-by: Rune Juhl Jacobsen <runejuhl@petardo.dk>
