We should initialize lxc_fd_list before opendir in
__lxc_fd_collect_inherited in case of opendir returns error.
Signed-off-by: Ken-ichirou MATSUZAWA <chamas@h4.doin.ne.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi,
I have to use the attached patch to allow lxc building in the SUSE build
system. It uses as-needed flag and build thus fails, since -lutil is not
at the appropriate place on the command line.
js
suse labs
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
With some versions of the compiler/headers linux/netlink.h won't compile
if sys/socket.h is defined before it.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Ship the manpages in the source tarball made by 'make dist', and clean
them up only during the 'make maintainer-clean' step. This allows
distributions not to depend on docbook at lxc build time, because the
manpages are already there.
Also update the configure warning message to sound less scary.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This was a leftover from the already-removed
network-destruction-on-container shutdown code.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This is a complement of previous patches d983b93c3a
and af79587587 about inherited fd.
Here this is required for the lxc-execute that have a specific
lxc-init procress.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
"netlink headers not found" implicitely means we have to install the
kernel headers. Make this explicit.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add some traces in the code, so we are able to follow the execution
of the start command with the logger.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The trace is displayed either if the setting fails, change that by
displaying the trace when the setting is successful.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Allow the user to specify an extra fstab file to be added in the
debian configuration. So some optimisations can be done for sharing
objects.
eg: /var/cache/apt/archives mounted in <rootfs>/var/cache/apt/archives
Signed-of-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch fix a problem with the commit d983b93c3a
When the lxc daemonize, it closes fd 0, 1 and 2. But these ones are coming from
inherited fd and they are already in the inherited list of fd. When lxc creates
some file descriptors, they have the number of the previous inherited file
descriptor, so they are closed when we close all the inherited file descriptors.
In order to fix that, the lxc_close_inherited_fd function has been implemented
to close an inherited fd and remove it from the list.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As a previous run may have created a cgroup but died unexpectedly,
the cgroup can be still there when we try to launch the container
again with the same name. This patch removes the directory if it is
present, if this one is not owned by caller or it is in use (that should
not happen), the rmdir will fail with the corresponding errno.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Move the lxc_handler structure definition in the body file and
dynamically allocate it.
lxc_handler becomes an opaque structure for the user.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch makes the intermediate lxc processes to close the
inherited file descriptor. The child process will inherit these fd
in any case and that will be up to it to handle them.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Add a helper to dup the lxc_arguments, so the code making
the copy of the arguments will be more clear.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Make some cleanup around the parameters of lxc-init.
The option mount procfs is not needed as we want to do that
all the time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch makes lxc to detect a specific cgroup dedicated to lxc
which is mounted with the lxc name. That allows to mount different
cgroup in different places with different options (aka subsystems)
and assign one to be used by lxc. If no such mount point is found,
the first cgroup mount point is used.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Before this patch a container was able to be started
without mounted cgroup. (only a warning was logged)
But the lxc-ps is using the /proc/<pid>/cgroup to identify
the lxc container in which pid is running.
So to be consistent between all lxc command I force an error
if cgroup is not mounted at time of lxc-execute or lxc-start.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
There are several cases:
* we run the lxc-create as root, the @path@/var/lib/lxc will be created
* we run the lxc-create as non-root, the creation of the directory will
fail with "permission denied", so we should call lxc-setcap before
* we run lxc-setcap (always as root), we create the directory and set
the permission for everyone.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi Daniel and all,
I am trying to run LXC on the CentOS 5.3 and the Linux kernel 2.6.30.
I found a problem with running the rpmbuild command. The error message
is shown below:
$ rpmbuild -bb lxc.spec
<snip>
/usr/bin/install -c 'lxc-setcap' '/var/tmp/lxc-0.6.2-build/usr/bin/lxc-setcap'
/usr/bin/install -c 'lxc-version' '/var/tmp/lxc-0.6.2-build/usr/bin/lxc-version'
mkdir: cannot create directory `/var/lib/lxc': Permission denied
make[3]: *** [install-exec-local] Error 1
make[3]: Leaving directory `/home/ryousei/rpm/BUILD/lxc-0.6.2/src/lxc'
make[2]: *** [install-am] Error 2
make[2]: Leaving directory `/home/ryousei/rpm/BUILD/lxc-0.6.2/src/lxc'
make[1]: *** [install-recursive] Error 1
make[1]: Leaving directory `/home/ryousei/rpm/BUILD/lxc-0.6.2/src'
make: *** [install-recursive] Error 1
error: Bad exit status from /var/tmp/rpm-tmp.26914 (%install)
RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.26914 (%install)
This patch removes 'install-exec-local' rule in Makefile. It is not necessary,
and it causes rpmbuild failure on the CentOS 5.3.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Make use of the lxc_clone function and do no longer
use the fork_ns function.
The lxc-unshare utility has been changed to always do a fork.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch replaces the clone syscall by the glibc clone making
the code not tied with the syscalls number declaration.
The unshare syscall has been removed as it is not interesting.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Point users in documentation to also enable POSIX capability for
dropping CAP_BOOT.
Signed-off-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This might result in more evident lack of support for POSIX capabilities
enabled as pointed in documentation
Signed-off-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Probably a mention to libcap-2 is worth keeping, though it might be
clearer to point to setcap binary directly.
Signed-off-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Rationale: some distributions don't include /sbin in PATH for regular
users, thus setcap might not be found during configure
Signed-off-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
These options appear in 2.6.29 in different locations, update the sgml
accordingly
Signed-off-by: Filippo Giunchedi <filippo@esaurito.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
I think this explanation is better.
Signed-off-by: Christophe Quintard <christophe.quintard@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
this is the man page update following the
previous git commit 7cbfc4e441
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
lxc-execute has to return the exit code of it's child not others
as today's code would return the exit code of the last child.
We need to track the first process we launched and store its
exit status when it exits. In order to avoid to detect the exit
of this pid several time if the pids number wrap, we put an extra
flag saying the process group is orhpan.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
I did this one change by reading the code
but did not tried to run it.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
the lxc_unlink_nsgroup may fail on ppc
where the stack is not zeroed by default
and because the readlink function do not add trailing null character.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Update the checkpoint and restart regarding the statefile parameter.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Howdy,
I was playing around with LXC containers this past weekend, and
noticed a couple of issues with the lxc-fedora script:
#1: Line 96 should be ${ROOTFS}/etc/sysconfig/network instead of
${ROOTFS}/sysconfig/network
#2 Line 249 contains a reference to $PKG, which isn't used in the
program. I adjusted the variable to point to the correct package, and
use this in the calls to yumdownloader:
PKG="${DISTRO}-release.noarch.rpm"
.....
yumdownloader --destdir="${CACHE}/partial" "${PKG}"
#3 The $CACHE/partial path is escaped unnecessarily:
RPM="rpm --root \"${CACHE}/partial\""
#4 The program assumes yumdownloader will work, which isn't always the
case. I added an if statement to check the return code:
echo "Downloading distribution release file ${PKG}"
yumdownloader --destdir="${CACHE}/partial" "${PKG}"
RESULT=$?
if [ "${RESULT}" != "0" ]; then
echo "Enable to download the distribution release file"
exit 1
fi
#5 The package name passed to yumdownloader is incorrect:
yumdownloader --destdir="${CACHE}/partial" "${DISTRO}-release.noarch.rpm"
On Fedora 10 and 11, this evaluates to:
fedora-release.noarch.rpm
When we need it to evaluate to:
fedora-{RELEASE_VER}.release.noarch
This is fixed in the PKG variable listed above.
A patch that addresses these issues is attached.
Thanks,
- Ryan
Signed-off-by: Matty <matty91@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The current code implies we have to define a utsname in order
to unshare it. This problematic in case of system container because
we want them to set their hostname. As the utsname namespace is
a COW, we can safely unshare it in all the cases.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The capability.h header is broken on fedora 11.
The workaround is to include <sys/types.h> before <sys/capability.h>.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
