This moves all of the network handling code into network.{c,h}. This makes what
is going on much clearer. Also it's easier to find relevant code if it is all
in one place.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Older instances of liblxc allowed to specify networks like this:
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxdbr0
lxc.network.name= eth0
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = lxdbr0
lxc.network.name = eth1
Each occurrence of "lxc.network.type" indicated the definition of a new
network. This syntax is not allowed in newer liblxc instances. Instead, network
must carry an index. So in new liblxc these two networks would be translated to:
lxc.net.0.type = veth
lxc.net.0.flags = up
lxc.net.0.link = lxdbr0
lxc.net.0.name= eth0
lxc.net.1.type = veth
lxc.net.1.flags = up
lxc.net.1.link = lxdbr0
lxc.net.1.name = eth1
The update script did not handle this case correctly. It should now.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We use the ifindex as an indicator that liblxc created the network so let's
record it for the unprivileged case as well.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
- lxc-user-nic gains the subcommands {create,delete}
- dup2() STDERR_FILENO as well so that we can show helpful messages in our logs
on failure
- initialize output buffer so that we don't print garbage
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
get_new_nicname() calls lxc_mkifname() which allocates memory and returns it to
the caller. The way get_new_nicname() and get_nic_if_avail() were implemented
they hid that fact by returning a boolean. That doesn't make sense. Let's
rather have them return a pointer to the allocated nic name which the caller
needs to free.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Say we have
lxc.uts.name = c1
lxc.cgroup.dir = lxd/a/b/c
the path for the container's cgroup would be
lxd/a/b/c/c1
When the container is shutdown we should not just try to delete "c1" we should
also try to delete "c", "b", "a", and "lxd". This is to ensure that we don't
leave empty cgroups around thereby increasing the chance that we run into
trouble with cgroup limits. The algorithm for this isn't too costly since we
can simply stop walking upwards at the first rmdir() failure.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Say we have
lxc.uts.name = c1
lxc.cgroup.dir = lxd
the actual path should be
lxd/c1
Right now it would just be
lxd
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
So far, when creating veth devices attached to openvswitch bridges we used to
fork() off a thread on container startup. This thread was kept around until the
container shut down. I have no good explanation why we did it that why but it's
certainly not necessary. Instead, let's fork() off the thread on container
shutdown to delete the veth.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
"lxc.cgroup.dir" can be used to set the name of the directory the container's
cgroup will be created in. For example, setting
lxc.uts.name = c1
lxc.cgroup.dir = lxd
would make liblxc create the cgroup
lxd/c1
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Surfaced while building lxc-2.0.8 on e2k architecture with lcc,
looks like its -Wall is more pedantic than gcc's:
lcc: "conf.c", line 1514: error: unrecognized character escape sequence
[-Werror]
DEBUG("created directory for console and tty devices at \%s\"", path);
^
in expansion of macro "DEBUG" at line 1514
Another byte is a leading whitespace fix while at that.
Signed-off-by: Michael Shigorin <mike@altlinux.org>
Acked-by: Christian Brauner <christian.brauner@ubuntu.com>
- list all cgroup v1 mountpoints
- list all cgroup v2 mountpoints
- report "missing" when no mountpoint for the systemd controller was found
- report "missing" when no mountpoint for the freezer controller was found
Closes https://github.com/lxc/lxd/issues/3687.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>