also break once we have found root, no need to search the rest of the mounts
Changelog: May 6: Serge: don't add the break. (see m-l)
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The check for flen < 0 could never have been true since flen was declared
to be size_t (unsigned). Declare flen to be long since that is what ftell
returns.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Since lxc_execute() is available through the library and is exposed via
the API we cannot be sure the caller will immediately exit, so we should
take care to free the allocated memory.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
When running lxc-start command with valgrind, it reports a memory leak error.
When lxc-start command fails, the conf which is from malloc has not been released.
This patch fix the problem.
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
when releasing the conf, add free conf->rcfile which is from malloc
Signed-off-by: Weng Meiling <wengmeiling.weng@huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
clean up error case in clone, which in particular could cause double
lxc_container_put(c2)
for overlayfs, handle (with error message) all bdev types.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
On Mon, 29 Apr 2013 14:44:47 -0500
Serge Hallyn <serge.hallyn@ubuntu.com> wrote:
> Quoting Dwight Engen (dwight.engen@oracle.com):
> > So I did this, only to realize that lxc-init is passing "none" for
> > the file anyway, so it currently doesn't intend to log. This makes
> > me think that passing NULL for lxcpath is the right thing to do in
> > this patch. If you want me to make it so lxc-init can log, I can do
> > that but I think it should be in a different change :)
>
> That actually would be very useful, but as you say that's a different
> feature - thanks.
... and here is said change.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Don't allow write to /dev/rtc0, and remove sys_time.
Thanks, Christoph.
v2: drop sys_time, sys_module, mac_admin and mac_override in
all templates.
Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
It's a tiny program (exported through the api) wrapping the util.c
helpers for reading /etc/lxc/lxc.conf variables, and replaces
the kludgy shell duplication in lxc.functions.in
Changelog: Apr 30: address feedback from Dwight
(exit error on failure, and use 'lxcpath' as name, not
'default_path').
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
/etc/lxc/lxc.conf can contain
zfsroot = custom1
lvm_vg = vg0
(Otherwise the defaults are 'lxc' for lvm_vg, and 'lxc' for zfsroot)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
allow copy clones from other bdevs
for lvm and zfs, as we don't yet support passing options, only default
VG of 'lxc' and default zfsroot of 'tank' are supported when converting
another backing store type.
refuse deletion of container which has lvm or zfs snapshots.
Note that since a zfs clone must be made from a zfs snapshot,
which is made from the original zfs fs, even after we
lxc-destroy the snapshotted container we still must manually
remove the snapshot. This can be handled automatically, by
looking for snapshots where c1 is the original, c2 is the clone,
tank/c2 no longer exists, but tank/c1@c2 does. We can then
remove tank/c1@c2 and feel free to remove tank/c1. This patch
does NOT do that yet.
Make sure not to return when we're a forked child.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
1. commonize waitpid users to use a single helper. We frequently want
to run something in a clean namespace, or fork off a script. This
lets us keep the function doing fork:(1)exec(2)waitpid simpler.
2. start a blockdev backend implementation. This will be used for
mounting, copying, and snapshotting container filesystems.
3. implement btrfs, lvm, directory, and overlayfs backends.
4. For overlayfs, support a new lxc.rootfs format of
'bdevtype:<extra>'. This means you can now use overlayfs-based
containers without using lxc-start-ephemeral, by using
lxc.rootfs = overlayfs:/readonly-dir:writeable-dir
5. add a set of simple clone testcases
6. Write a new lxc_clone.c based on api clone.
Still to do (there's more, but off top of my head):
1. support zfs, aufs
2. have clone handle other mount entries (right now it only clones
the rootfs)
3. python, lua, and go bindings (not me :)
4. lxc-destroy: if lvm backing store, check for snapshots of it.
(what about directories which have overlayfs clones?)
Changes since v2:
Initialize random generator when picking new macaddr (reported
by caglar@10ur.org)
Fix wrong use of bitmask flags
On copy-clone of btrfs, create a subvolume
lxc_clone.c: respect the command line usage of the old script
lxc-clone(1): update documentation
Refuse to try changing backing stores expect to overlayfs, as
it is not implemented (yet) anyway.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Conflicts:
src/lxc/utils.h
On Fri, 26 Apr 2013 10:18:12 -0500
Serge Hallyn <serge.hallyn@ubuntu.com> wrote:
> Quoting Dwight Engen (dwight.engen@oracle.com):
> > On Fri, 26 Apr 2013 09:37:49 -0500
> > Serge Hallyn <serge.hallyn@ubuntu.com> wrote:
> >
> > > Quoting Dwight Engen (dwight.engen@oracle.com):
> > > > Using lxc configured with --enable-configpath-log, and
> > > > specifying a path to the lxc commands with -P, the log file
> > > > path is generated with a basename of LOGPATH instead of the
> > > > lxcpath. This means for example if you do
> > > >
> > > > lxc-start -P /tmp/containers -n test01 -l INFO
> > > >
> > > > your log file will be
> > > >
> > > > /var/lib/lxc/test01/test01.log
> > > >
> > > > I was expecting the log to be /tmp/containers/test01/test01.log.
> > > > This is particularly confusing if you also have test01 on the
> > > > regular lxcpath. The patch below changes the log file path to be
> > > > based on lxcpath rather than LOGPATH when lxc is configured with
> > > > --enable-configpath-log.
> > > >
> > > > I think that even in the normal non --enable-configpath-log case
> > > > we should consider using lxcpath as the base and not having
> > > > LOGPATH at all, as attempting to create the log files
> > > > in /var/log is not going to work for regular users on their own
> > > > lxcpath. If we want that, I'll update the patch to do that as
> > > > well.
> > >
> > >
> > > Perhaps we should do:
> > >
> > > 1. If lxcpath == default_lxc_path(), then first choice is
> > > LOGPATH, second is lxcpath/container.log
> > > 2. when opening, if first choice fails, use second choice
> > > if there is any.
> > >
> > > That way 'system' containers will go to /var/log/lxc, as I think
> > > they should. Custom-lxcpath containers should never go
> > > to /var/log/lxc, since their names could be dups of containers in
> > > default_lxc_path(). And if the system is a weird one where
> > > default_lxc_path is set up so that an unprivileged user can use
> > > it, then we should log into $lxcpath.
> >
> > That sounds good to me. So these rules would apply in both the
> > regular and --enable-configpath-log cases.
I updated the patch to try to open the log file according to the
choices given above. Along the way I cleaned up log.c a bit, making
some things static, grouping external interfaces together, etc...
Hopefully that doesn't add too much noise.
> > > (Note this patch will trivially conflict with my new lxc_clone.c
> > > causing it to fail to build - unfortunate result of timing)
> >
> > Yeah unfortunately this touches every lxc_log_init() caller. I can
> > work on the above logic and re-submit after your new lxc_clone
> > stuff goes in.
>
> No no, I'll just need to remember to update mine. Don't hold up on
> mine, this is just the nature of such collaboration :)
>
> > Did you have any thoughts on the XXX what to pass in for lxcpath in
> > lxc_init? Right now it just falls back to LOGPATH.
>
> No - that's a weird one, since lxc_init runs in the container. If
> there were only system containers I'd say always use LOGPATH.
> However there are people (apparently :) who use container sharing the
> host's rootfs...
>
> lxc-execute does know the lxcpath. Perhaps we can simply have
> src/lxc/execute.c:execute_start() look at handler->conf to see if a
> rootfs is set. If rootfs is NOT set, then pass lxcpath along to
> lxc-init. Then lxc-init can mostly do the same as the others? (It
> doesn't use src/lxc/arguments.c, so you'd have to add lxcpath to
> options[] in lxc-init.c)
So I did this, only to realize that lxc-init is passing "none" for the
file anyway, so it currently doesn't intend to log. This makes me
think that passing NULL for lxcpath is the right thing to do in
this patch. If you want me to make it so lxc-init can log, I can do
that but I think it should be in a different change :)
--
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Commit 69fe23ff added checking for the older docbook2man back into
configure, but this breaks building the docs on at least Oracle Linux and
Fedora when docbook2X is not installed as docbook2man will be found but the
docs don't actually build with that tool.
This change makes it so the docs can be built with either the older
docbook2man or the newer 2X tools by using configure to set the dtd
string to an appropriate value depending on use of docbook2man or
db2x_docbook2man.
Also fixed a small error in lxc-destroy.sgml.in that was noticed
by the old tools.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This is based on patch from Papp Tamas (thanks). It also does some
reorganizing of lxc-create to commonize some of the backingstore handling.
I played with it using:
sudo lvcreate -L 100G -n zfs vg0
sudo zpool create lxc /dev/vg0/zfs
sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
or you could
qemu-img create zfs.img 100G
sudo qemu-nbd -c /dev/nbd0 zfs.img
sudo zpool create lxc /dev/nbd0
sudo lxc-create -B zfs --zfsroot lxc -t ubuntu -n dir2
I'll write the bdev.c handler and hook up lxc-clone next.
This also fixses a bug in the sed expression to extract the rootfs from
container config, which prepended an extra '/' to the rootdev. (That
caused the zfs list entry not to match at destroy)
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Cc: Papp Tamas <tompos@martos.bme.hu>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If lxc_wait is called before the container has started the socket will not
yet have been created and lxc_wait's connect to it will fail. Starting the
daemon will create the socket for lxc_wait to connect to.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Because of an assertion in glibc's fork() wrapper that parent pid and
pid of child should never be the same, one should avoid fork() after
attaching to a PID namespace, since the pid inside the namespace may
coincide with the pid of the parent outside the namespace, thus hitting
the aforementioned assertion.
This patch just changes the code in the most simple manner to use
clone() instead of fork(). Since clone() requires a function to be
called instead of returning 0, we move the code of the child into a
function child_main.
Signed-off-by: Christian Seiler <christian@iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This adds a reference to capabilities(7) to the lxc.conf manpage.
Signed-off-by: Tomáš Pospíšek <tpo_deb@sourcepole.ch>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds docbook2man as an alternative name for the docbook compiler.
As that name was used on Debian based systems for an older version of the tool,
this change also adds a check so that docbook2man is never used on Debian based
systems.
Reported-by: Peter Simons <simons@cryp.to>
Reported-by: Christian Bühler christian@cbuehler.de
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Otherwise we leave bad containers sitting around and further confuse
things on retries.
Reported-by: Mukanyiligira Didacienne <siyana223@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This fixes a long standing issue that there could only be a single
lxc-monitor per container.
With this change, a new lxc-monitord daemon is spawned the first time
lxc-monitor is called against the container and will accept connections
from any subsequent lxc-monitor.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Update the code to also match C.* so that C.UTF-8 doesn't make the
container creation fail.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Trying to start multiple containers concurrently may cause
lxc_monitor_read_timeout to fail as select call could be
interrupted by a signal, handle it.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The previous change used some 3.3-specific functions.
We still support 3.2 so revert to 3.2-compatible calls.
Reported-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This finally fixes a few issues with the magic
convert_tuple_to_char_pointer_array function.
This now clearly copies the char* from the python object so we don't
end up keeping reference to those.
Also add the few required free calls to free the content of the array.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Spotted by coverity, we were now assigning mntent but only every using
mntent_r, so drop those variables and assignation.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Trying to stop multiple containers concurrently ends up with "cgroup is not mounted" errors as multiple threads corrupts the shared variables.
Fix that stack corruption and start to use getmntent_r to support stopping multiple containers concurrently.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
