don't use lxcpath variable for rootfs_path, it's confusing.
if rootfs is passed in and tpath is passed in, return error
before we save a new config, and don't delete the container
make sure to check c->lxc_conf is not NULL before dereferencing it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If lxc.rootfs is specified, we believe rootfs is ready. lxc-start will
check this later. Return true, because the container is created.
Signed-off-by: Sheng Yong <shyodx@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Commit 1ea59ad28 sets memory.use_hierarchy, which means that this test
cannot use memory.swappiness as its dummy cgroup item to set/unset since
writing to it with use_hierarchy set gets -EINVAL. Change test to use
memory.soft_limit_in_bytes instead.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Coverity 1076328 marked this as "Use after free", which it isn't really,
its actually just free()ing the wrong 2nd, 3rd, etc... pointers. Test by
passing two or more args to startl, without this change you get segfault
when free()ing the second pointer/arg.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We want to ensure smooth upgrades when doing rpm -U throughout the
release cycle so this change implements the scheme documented at:
http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The kernel (net/core/dev_ioctl.c:dev_ioctl()) is going to NULL terminate
this name after the copy-in of the ifr, so even though this is a fixed
sized array the last byte isn't usable as part of the name. All the ioctls
we're using go through this code path.
Use the ifr name in the DEBUG message in case it was possibly truncated.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Mar 24 2009 was actually a Tuesday, maybe Daniel was still recovering
from Monday ;) Stranger still that RPM actually checks this!?
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The addrlen parameter should be the actual length of socket's name for abstract sockets. Otherwise socket gets padded with NULLs.
cat /proc/net/unix | grep lxc
[...]
0000000000000000: 00000003 00000000 00000000 0001 03 226548 @lxc/ad055575fe28ddd5//var/lib/lxc^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
[...]
with this patch;
cat /proc/net/unix | grep lxc
[...]
0000000000000000: 00000002 00000000 00010000 0001 01 109563 @lxc/ad055575fe28ddd5//var/lib/lxc
[...]
Changes since v1:
* check the length of passed-in string
Changes since v2:
* remove non-abstract socket code path to simplify functions
* rename lxc_af_unix_* family to lxc_abstract_unix_*
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
list_active_containers parses /proc/net/unix which can contain multiple entries for the same container;
0000000000000000: 00000002 00000000 00010000 0001 01 273672 @/var/lib/lxc/6/command
0000000000000000: 00000002 00000000 00010000 0001 01 274395 @/var/lib/lxc/5/command
0000000000000000: 00000002 00000000 00010000 0001 01 273890 @/var/lib/lxc/4/command
0000000000000000: 00000002 00000000 00010000 0001 01 273141 @/var/lib/lxc/3/command
0000000000000000: 00000002 00000000 00010000 0001 01 273915 @/var/lib/lxc/2/command
0000000000000000: 00000002 00000000 00010000 0001 01 273683 @/var/lib/lxc/1/command
0000000000000000: 00000002 00000000 00010000 0001 01 273074 @/var/lib/lxc/0/command
0000000000000000: 00000002 00000000 00010000 0001 01 273931 @/var/lib/lxc/9/command
0000000000000000: 00000002 00000000 00010000 0001 01 273110 @/var/lib/lxc/8/command
0000000000000000: 00000002 00000000 00010000 0001 01 273390 @/var/lib/lxc/7/command
0000000000000000: 00000003 00000000 00000000 0001 03 275903 @/var/lib/lxc/8/command
0000000000000000: 00000003 00000000 00000000 0001 03 276043 @/var/lib/lxc/1/command
0000000000000000: 00000003 00000000 00000000 0001 03 273301 @/var/lib/lxc/0/command
0000000000000000: 00000003 00000000 00000000 0001 03 275650 @/var/lib/lxc/4/command
On this system list_active_containers returns 14 containers while only 10 containers are running.
Following patch;
* Introduces array_contains function to do a binary search on given array,
* Starts to sort arrays inside the add_to_clist and add_to_names functions,
* Consumes array_contains in list_active_containers to eliminate duplicates,
* Replaces the linear search code in lxcapi_get_interfaces with the new function.
Changes since v1:
* Do not load containers if a if a container list is not passed in
* Fix possible memory leaks in lxcapi_get_ips and lxcapi_get_interfaces if realloc fails
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
We allow 4 consoles in the LXC config file so we can enable 4 in the
inittab as well.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The bootmisc script is needed to clean up various temp dirs like /tmp
and migrate /var/run to /run if needed.
The syslog service is started in 'boot' runlevel when running on real
hardware so we do the same for containers.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
But don't fail the container start if that fails.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Note this results in nics named things like 'lxcuser-0p'. We'll
likely want to pass the requested name to lxc-user-nic, but let's
do that in a separate patch.
If we're not root, we can't create new network itnerfaces to pass
into the container. Instead wait until the container is started,
and call lxc-user-nic to create and assign the nics.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
It needs to be done from the handler, not the container, since
the container may not have the rights.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Changelog:
Jul 22: remove hardcoded path for /bin/chown
Jul 22: use new lxc-usernsexec
Conflicts:
src/lxc/lxccontainer.c
1. lxcapi_create: don't try to unshare and mount for dir backed containers
It's unnecessary, and breaks unprivileged lxc-create (since unpriv users
cannot yet unshare(CLONE_NEWNS)).
2. api_create: chown rootfs
chown rootfs to the host uid to which container root will be mapped
3. create: run template in a mapped user ns
4. use (setuid-root) newxidmap to set id_map if we are not root
This is needed to be able to set userns mappings as an unprivileged
user, for unprivileged lxc-start.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
In a few places we checked for LONG_MIN or LONG_MAX as indication
that strtoul failed. That's not reliable. As suggested in the
manpage, switch to checking errno value.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Those are a bit less obvious than those I pushed directly to master.
All those changes were required to build LXC under clang here.
With this, gcc can be replaced by clang to build LXC so long as you're
not using the python3 binding (as python extensions can't be built under
clang at the moment).
For reference, the clang output for those is: http://paste.ubuntu.com/6292460/
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Since we check /sys/kernel/security/ files when deciding whether
apparmor is enabled, and that might not be mounted in the container,
we cannot re-make the decision at apparmor_process_label_set() time.
Luckily we don't have to - just cache the decision made at
lsm_apparmor_drv_init().
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Note that since we don't drop CAP_SYS_ADMIN, root in the container can
remount proc or sys however they want to, however this at least improves
the default situation.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
When no template file is specified on lxc-create, recieve segfault.
So change not to append header in config when no template is specified.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Remove the union in bdev_specs and store all options if -Bbest is passed. Fixes issue #31.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Fixes rpmlint error "script-without-shebang". Checked other lua modules
and none are installed with execute permission.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The following changes were made to fix rpmlint warnings/errors
- use %global instead of %define
http://fedoraproject.org/wiki/PackagingDrafts/global_preferred_over_define
- change Summary to match .deb
- update License
- do not mention the libcap dependency explicitly, rpm will fill it in
- fix Summary, Description for libs and devel packages
- pass -q to %setup
- add %post for libs to run ldconfig
- explicitly name lxc man paths so pkg doesn't "own" /usr/share/man
- mark /etc/lxc/default.conf as a config file
In addition, while I was here:
- split lua bits into seperate lxc-lua package
- change Description to match .deb
- remove "Version" in changelog entries to follow
http://fedoraproject.org/wiki/Packaging:Guidelines#Changelogs
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The template creates /dev/full for the container but needs also give
permission to access it.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The idea was simply misguided.
If you provide a custom configuration file, you still should be
putting the command sock into the real lxcpath, not an 'anon' one.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If lvs invocation fails or doesn't return any output, then lv flags comparison to false.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
When using the -Bloop option, fstype and fssize arguments were copied
into the lvm struct of bdev specs instead of the loop struct.
Signed-off-by: Sidnei da Silva <sidnei.da.silva@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Will fallback to no thinpool if not present or if thin pool provided on the command line does not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
