Fix determination of $oldroot from the config file. The old code had the '
in the wrong place and didn't account for whitespace between the = and
the rootfs.
Set $rootfs based on $oldroot instead of forcing it to be in
$lxc_path/$lxc_new/rootfs. This allows for btrfs snapshot to be made even if
$lxc_path isn't on the same filesystem. If $oldroot isn't a subvolume,
fall back to making a copy.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
The DHCP client should be isc-dhcp-client, not isc-dhcp-server.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
lxc-ls --active now scans mount points that have the 'cgroup' filesystem
type and not the 'cgroup' device name (which is ignored anyway and may be
anything).
Signed-off-by: Christian Seiler <christian@iwakd.de>
Cc: Serge Hallyn <serge.hallyn@ubuntu.com>
For a lucid container, apt-get update before installing the source package for
add-apt-repository, so that apt-get does not fail.
If apt-get dist-upgrade fails, suggest running lxc-create with -F.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This way init log messages can be seen on the console. If containerized
syslog ever comes around, we can get rid of this.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
lxc-ls was failing in cases where $directory is a symlink to another
directory. Instead have $directory be generated from the output of
readlink -f "$lxc_path".
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
To make it easier to clone/rename the container, replace hardcoded
entries (with rootfs in the destination path) by rootfs-relative entries.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
These variables are not expanded correctly in doc/lxc-create.sgml.in
and a workaround is in place to ensure ${localstatedir}, and ${datadir}
are set in the various shell scripts that use it. There is no workaround
to ensure ${datadir} is set in src/lxc/lxc-create.in, nor is
${localstatedir} set in templates/lxc-altlinux.in so I think that these
are currently broken.
Using AS_AC_EXPAND instead of AC_SUBST fixes these problems and removes
the need for the workarounds. In addition the lxc-start-ephemeral.in
script can be autoconf'ed instead of sed'ed by the makefile.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
I was getting raw nroff ".SH DESCRIPTION" in my man pages. This fixes
the synopsis cmd args so that doesn't happen. Added replaceable to a few
arguments.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
This fixes a case where lxc.utsname would be set empty as copy_configuration
wasn't getting the container name.
Signed-off-by: Rex Tsai (蔡志展) <rex.tsai@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a SIGINIT and SIGPWR handler in the default inittab for
the Debian template. This allows lxc-shutdown/lxc-restart and their API calls
to properly shutdown or reboot the container.
Signed-off-by: Rex Tsai (蔡志展) <rex.tsai@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
configure.ac used to set the template path to /usr/share/lxc/templates.
Instead use ${datadir} to make it follow ${prefix}.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
If rootfs is a symbolic link but not to a block device, then do a separate
rm of its contents. We have to do this because, out of cowardice, we call
rm with --one-filesystem.
Removing the '-o -h $rootdev' is ok, because if $rootdev is a symbolic
link to a block device (including lvm blockdev) then -b will still return
true.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
That means, don't try to pin a null rootfs, and don't try to mount /proc
since /var/lib/lxc/root/proc doesn't exist to be mounted onto.
The apparmor patches are not yet upstream, so this patch will not go
upstream by itself.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
When passing '--userdata somefile' to the ubuntu-cloud template, a user
may pass a relative pathname. The template uses the filename after
changing current directory, so store the full pathname for the userdata
file instead of a potential relative pathname.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
On Debian and Ubuntu, the default host-name field in dhclient.conf is
set to either "<hostname>" or "gethostname()" both of which get replaced
by the machine's hostname at query time.
The sed call currently present in lxc-clone hardcodes the hostname in
dhclient.conf, causing dpkg to prompt on isc-dhcp updates.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
By default we use mnt, but that means that lxc fstab entries do not work
when placed under the container's /mnt/.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Now that initscripts in Debian and Ubuntu has been updated to no longer
do silly things with /dev/shm and /run/shm on installation/update, the
check needs updating to detect any remaining broken case and fix it.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Starting a container with insufficient privilege (correctly) fails
during lxc_init. However, if starting a daemonized container, we
daemonize before we get to that check. Therefore while the
container will fail to start, and the logfile will show this, the
'lxc-start -n x -d' command will return success. For ease of
scripting, do a check for the required privilege before we exit.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This saves quite a bit of space in the cache and containers.
See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1037626 for the
original bug report.
Reported-by: Fajar A. Nugraha <list@fajar.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If user calls 'lxc-create -t ubuntu -- -h' (as opposed to
'lxc-create -t ubuntu -h') then the ubuntu template will print its
help then exit 0. Then lxc-create does not cleanup. So detect this
in lxc-create.
The 'lxc.mount =' entry can have more than one space, or tabs, before the =.
We only need to disambiguate from 'lxc.mount.entry'. So just check for a
space or tab after mount.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Otherwise after cloning an lvm+xfs container you can't run the
original and clone at the same time.
Based on a patch by Maurizio Sambati posted at
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1013549
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
CAP_LAST_CAP in linux/capability.h doesn't always match what the kernel
actually supports. If the kernel supports fewer capabilities, then a
cap_get_flag for an unsupported capability returns -EINVAL.
Recognize that, and don't fail when initializing capabilities when this
happens, rather accept that we've reached the last capability.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Make the prototypes and functions match between apparmor.{c,h}
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When a container has dpkg >= 1.16.2, use dpkg --add-architecture
for multi-arch configuration on foreign architecture containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Just wait until the lock is available. That is a nicer behavior
for concurrent lxc-creates.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Otherwise a container name with a dash confuses ls
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
It segfaults otherwise trying to execute &NULL.
We could alternatively guess at a command to execute, such as a
shell, but invariably there would be cases where the command we
guess does not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Using mnt means that lxc fstab entries do not work when placed under
the container's /mnt/ (i.e. /mnt/etc).
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
