lxc_unshare now takes one or more '-i interfacename' arguments which
will move the named interfaces into the created container.
lxc_unshare now takes -M argument which will cause the standard mounts
(/proc /dev/shm /dev/mqueue) to be auto-mounted inside container.
lxc_unshare now takes '-H hostname' argument to automatically set
the hostname in the container.
lxc_unshare now takes -D argument to automatically daemonize and detach
from the created container, instead of waiting for the container to exit
Signed-off-by: Seth Robertson <srobertson@appcomsci.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
* Update Japanese lxc.conf(5) for commit 508c263ee6
* Remove duplicate line in English lxc.conf(5)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
By setting lxc.network.hwaddr to something like fe:xx:xx:xx:xx:xx each
"x" will be replaced by a random value. If less significant bit of
first byte is "templated", it will be set to 0.
This change introduce also a common randinit() function that could be
used to initialize random generator.
Signed-off-by: gza <lxc@zitta.fr>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Since previously I had found a config item that wasn't being propagated
by lxc-clone, I went through all the config items and made sure that:
a) Each item is documented in lxc.conf
b) Each item is written out by write_config
The only one that isn't is lxc.include, which by its nature only pulls
in other config item types.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The old version of lxc-ls is the wrapper of ls(1). But now it is
python script, so "see also ls(1)" is not needed.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- use this in the busybox template since busybox's init expects
to receive SIGUSR1 to halt
- fix lxc.stopsignal to be output by write_config so lxcapi_clone()
and lxcapi_save_config() will output it
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This makes the arguments between lxc-stop and lxc-autostart more
consistent, so that --shutdown doesn't have two different meanings.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
* lxc-attach(1): Update to the status of kernel 3.8 or higher
* lxc-create(1), lxc-destroy(1): Now lxc-ls don't have "-l" option, so remove
* lxc(7): update description of lxc-ls and lxc-info to current version
* see-also: fix lxc(1) to lxc(7)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
It is desirable to have a mode where a soft shutdown is requested,
but then do a hard shutdown if after some time period the container
has not shut down. This the default behaviour of lxc-stop, but is
not currently possible with lxc-autostart. This change makes this
the default behaviour when shutdown is specified to lxc-autostart.
This will be very useful for init scripts.
An indefinte wait for soft shutdown (though I'm not sure how that
would be useful) is still possible by passing a timeout of 0.
Change default timeout value to 60 seconds to match lxc-stop
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
* Improve Japanese translation
* Fix mis-translation
* Insert linefeed between paragraph, because some paragraph is too
long, so sometimes git send-email could not use.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Commit 5444216 revised -n option from allowing to specify multiple
containers using regex to specifying only one container. But
lxc-info(1) remains original. so
- mark -n required
- remove the description of -n that is included in common options
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
A timeout means wait this long before killing the container.
-s means don't kill the container. timeout defaults to 60
seconds. So if a shutdown is requested, then set timeout to
0.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This introduces a new lxc-autostart binary (and associated manpage)
which will let you start/shutdown/kill/restart any container that's
marked as lxc.start.auto=1. It respects the lxc.start.delay value,
sorts by lxc.start.order and filters by lxc.group.
By default it'll affect all containers that DO NOT have lxc.group
set. If -g is specified, ONLY containers in those group will be
affected. To have a command applied to all containers, the -a
argument can be used.
A -L flag is also offered for distributions wishing to start the
containers themselves while still using LXC's calculated order and
wait delays. Instead of performing the action, it'll print the container
name and (if relevant for the action) the wait time.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
First patch in the set of changes required for container autostart.
This commit adds the new configuration keys and parsers that will then
be used by lxc-start and lxc-stop.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
If the system gets into a bad state, it may become impossible to get
the lxc container locks. We should still be able to stop containers
in that case. Add a -L/--nolock option to specify this behavior.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Once lxc-monitord receives a quit request from lxc-monitor, it will then
return from the mainloop every time an event occurs on any of its fds and
check if it has any clients left. When there are no more it exits. This
allows lxc-monitord to quit immediately instead of waiting the normal 30
seconds for more clients, potentially freeing up lxcpath for unmounting.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
There are scenarios in which we want to execute process with specific
privileges elevated.
An example for this might be executing a process inside the container
securely, with capabilities dropped, but not in container's cgroup so
that we can have per process restrictions inside single container.
Similar to namespaces, privileges to be elevated can be OR'd:
lxc-attach --elevated-privileges='CAP|CGROUP' ...
Backward compatibility with previous versions is retained. In case no
privileges are specified behaviour is the same as before: all of them
are elevated.
Signed-off-by: Nikola Kotur <kotnick@gmail.com>
Acked-By: Christian Seiler <christian@iwakd.de>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
So this implements the changes we discussed yesterday:
- Only one container may be queried at the time
- -n is now required once again
- -H + a single filter only returns the value
- -t/--is-state is now removed
Note that -S is considered as more than a single filter, so -H in that
case only affects the formatting of the values.
For the same reason, I haven't yet implemented the -H + multiple filters
case which we said should return a simple "key: value" output as it
wasn't trivial to re-arrange the stats code to print a different format
(for the other options, it's just a two lines change in the print
functions).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
