This fixes a case where lxc.utsname would be set empty as copy_configuration
wasn't getting the container name.
Signed-off-by: Rex Tsai (蔡志展) <rex.tsai@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a SIGINIT and SIGPWR handler in the default inittab for
the Debian template. This allows lxc-shutdown/lxc-restart and their API calls
to properly shutdown or reboot the container.
Signed-off-by: Rex Tsai (蔡志展) <rex.tsai@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
configure.ac used to set the template path to /usr/share/lxc/templates.
Instead use ${datadir} to make it follow ${prefix}.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
If rootfs is a symbolic link but not to a block device, then do a separate
rm of its contents. We have to do this because, out of cowardice, we call
rm with --one-filesystem.
Removing the '-o -h $rootdev' is ok, because if $rootdev is a symbolic
link to a block device (including lvm blockdev) then -b will still return
true.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
That means, don't try to pin a null rootfs, and don't try to mount /proc
since /var/lib/lxc/root/proc doesn't exist to be mounted onto.
The apparmor patches are not yet upstream, so this patch will not go
upstream by itself.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
When passing '--userdata somefile' to the ubuntu-cloud template, a user
may pass a relative pathname. The template uses the filename after
changing current directory, so store the full pathname for the userdata
file instead of a potential relative pathname.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
On Debian and Ubuntu, the default host-name field in dhclient.conf is
set to either "<hostname>" or "gethostname()" both of which get replaced
by the machine's hostname at query time.
The sed call currently present in lxc-clone hardcodes the hostname in
dhclient.conf, causing dpkg to prompt on isc-dhcp updates.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
By default we use mnt, but that means that lxc fstab entries do not work
when placed under the container's /mnt/.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Now that initscripts in Debian and Ubuntu has been updated to no longer
do silly things with /dev/shm and /run/shm on installation/update, the
check needs updating to detect any remaining broken case and fix it.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Starting a container with insufficient privilege (correctly) fails
during lxc_init. However, if starting a daemonized container, we
daemonize before we get to that check. Therefore while the
container will fail to start, and the logfile will show this, the
'lxc-start -n x -d' command will return success. For ease of
scripting, do a check for the required privilege before we exit.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This saves quite a bit of space in the cache and containers.
See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1037626 for the
original bug report.
Reported-by: Fajar A. Nugraha <list@fajar.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If user calls 'lxc-create -t ubuntu -- -h' (as opposed to
'lxc-create -t ubuntu -h') then the ubuntu template will print its
help then exit 0. Then lxc-create does not cleanup. So detect this
in lxc-create.
The 'lxc.mount =' entry can have more than one space, or tabs, before the =.
We only need to disambiguate from 'lxc.mount.entry'. So just check for a
space or tab after mount.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Otherwise after cloning an lvm+xfs container you can't run the
original and clone at the same time.
Based on a patch by Maurizio Sambati posted at
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1013549
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
actually supports. If the kernel supports fewer capabilities, then a
cap_get_flag for an unsupported capability returns -EINVAL.
Recognize that, and don't fail when initializing capabilities when this
happens, rather accept that we've reached the last capability.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Make the prototypes and functions match between apparmor.{c,h}
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When a container has dpkg >= 1.16.2, use dpkg --add-architecture
for multi-arch configuration on foreign architecture containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Just wait until the lock is available. That is a nicer behavior
for concurrent lxc-creates.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Otherwise a container name with a dash confuses ls
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
It segfaults otherwise trying to execute &NULL.
We could alternatively guess at a command to execute, such as a
shell, but invariably there would be cases where the command we
guess does not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Using mnt means that lxc fstab entries do not work when placed under
the container's /mnt/ (i.e. /mnt/etc).
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Commits 15da01b393 and
2e44ed1e64 conflicted and resulted in
some duplicate functionality. Drop the poorer version of that block.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
- Update list of extra packages for debootstrap to only include vim
and ssh. The others were only relevant when we were still using the
minbase variant. (LP: #996839)
- Drop any hardcoded Ubuntu version check and replace by feature
checks instead.
- Format lxc-ubuntu to consistently use 4-spaces indent instead of
mixed spaces/tabs.
- Update default /etc/network/interfaces to include the header.
- Update default /etc/hosts to match that of a regular Ubuntu system.
- Drop support for end-of-life releases (gutsy on sparc).
- Make sure /etc/resolv.conf is valid before running any apt command.
- Update template help message for release and arch parameters.
- Switch default Ubuntu version from lucid to precise.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When installing a non-native architecture, the template
installs a bunch of packages of the native architecture to work around
existing limitations of qemu-user-static, mostly related to netlink.
The current code would install upstart of the host architecture but
force the amd64 version of the others. This was just a mistake done
while testing/developping the code. Fixing now to always install
the native architecture version of all of them.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
lxc-init used to be under /usr/lib/lxc. Now it is under
/usr/lib/<multiarch>/lxc, but old containers will still have it under
/usr/lib/lxc. So search for a valid lxc-init to run.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Ben Howard <ben.howard@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This would be done (though done wrongly) by mounted-dev.conf, but
that doesn't run because we don't mount /dev.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Ben Howard <ben.howard@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
An absolute path will be interpreted as absolute with respect to the
parent's namespace.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
At the same time, allow lxc.mount.entry to specify an absolute target
path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev.
Otherwise all such entries are ignored for blockdev-backed containers.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
