pclose returns the exit status from wait, we need to check that to see if
the script itself failed or not. Tested a script that returned 0, 1, and
also one that did a sleep and then was killed by a signal.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Also check that we wrote the amount we expected to. The write on the pty
is blocking but we could still get a short write on EINTR, so we should
SYSERROR it.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This makes it match the manpage and be consistent with lxc-execute
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Unfortunately installing a working lxc-init is somewhat hairy and
distro-dependent. So we skipped it before, but Coverity didn't
like that, so just ifdef it out.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
1. in container_free, set c->privlock to NULL before calling
sem_destroy, to prevent a window where another thread could call
sem_wait(c->privlock) while c->privlock is not NULL but is already
destroyed.
2. in container_get, check for numthreads < 0 before calling lxclock.
Once numthreads is 0, it never goes back up.
Following is a comment added to lxccontainer.c:
/*
* Consider the following case:
freer | racing get()er
==================================================================
lxc_container_put() | lxc_container_get()
\ lxclock(c->privlock) | c->numthreads < 1? (no)
\ c->numthreads = 0 | \ lxclock(c->privlock) -> waits
\ lxcunlock() | \
\ lxc_container_free() | \ lxclock() returns
| \ c->numthreads < 1 -> return 0
\ \ (free stuff) |
\ \ sem_destroy(privlock) |
* When the get()er checks numthreads the first time, one of the following
* is true:
* 1. freer has set numthreads = 0. get() returns 0
* 2. freer is between lxclock and setting numthreads to 0. get()er will
* sem_wait on privlock, get lxclock after freer() drops it, then see
* numthreads is 0 and exit without touching lxclock again..
* 3. freer has not yet locked privlock. If get()er runs first, then put()er
* will see --numthreads = 1 and not call lxc_container_free().
*/
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The ubuntu template will silently fail (because it is set -e) on
the locale-gen command when LANG=C
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fix lxc-create to not word split template arguments. This makes
lxc-create -n ol -t oracle -- -r "at cronie wget" work since the argument
to -r will be passed as one arg instead of three.
Fix oracle template -u option to shift the correct amount.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Corrected ssh option for custom key (from -k to -i). Just see ssh
manpage for justification.
Signed-off-by: Wojciech Izykowski <wizykowski@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Commit 37c3dfc9 sets the wait status on only the child pid. It
intended to match the pid only once to protect against pid reuse but it
won't because the indicator was reset to 0 every time at the top of the
loop. If the child pid is reused, the wait status will be set again.
Fix by setting indicator outside the loop.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Commit e3642c43 added lxc_copy_file for use in 64e1ae63. The use of it
was removed in commit 1bc60a65. Removing it reduces dead code and the
footprint of liblxc.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Currently it returns the default path only if /etc/lxc/lxc.conf missing.
Since default lxc.conf doesn't contain lxcpath variable (this is at least the case in ubuntu) all tools fails if one doesn't give -P
caglar@qgq:~/Project/lxc/examples$ sudo /usr/bin/lxc-create -n test
lxc-create: no configuration path defined
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Otherwise, as an example, if doing 'lxc-create -t debian' while
there is a 'debian' directory, lxc-create will fail to do the
right thing.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This patch introduces the --clear-env and --keep-env options for
lxc-attach, that allows the user to specify whether the environment
should be passed on inside the container or not.
This is to be expanded upon in later versions, this patch only
introduces the most basic functionality.
Signed-off-by: Christian Seiler <christian@iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The following rationale is for using the -t option:
Currently, lxc-shutdown uses a subprocess for the timeout handling,
where a 'sleep $TIMEOUT' is executed, which will kill the main process
after the timeout has occurred, thus causing the main process to stop
the container hard with lxc-stop.
On the other hand, if the timeout is not reached, the main process
kills the subprocess. The trouble now is that if you kill a shell that
is running in the background, the kill will only take effect as soon as
the program currently running in the shell exits.
This in turn means that the subprocess will never terminate before
reaching the timeout. In an interactive shell, this does not matter,
since people will just not notice the process and lxc-shutdown returns
immediately. In a non-interactive enironment, however, there may be
circumstances that cause the calling program to wait until even that
subprocess is terminated, which means that shutdown will always take as
long as the timeout, even if the container shuts down quite a bit
earlier.
This change makes sure that also all subprocesses of the background
process are killed from the main process. This will immediately
terminate the background process, thus ensuring the desired behaviour.
Signed-off-by: Christian Seiler <christian@iwakd.de>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Though it's more subtle than that. If the file doesn't exist or we
can't access it, then don't record it. But if we have parse errors,
then do.
This is mainly to help out API users who try to read a container
configuration file before calling c->create(). If the file doesn't
exist, then without this patch the subsequent create() will not
use the default /etc/lxc/default.conf. The API user could check
for the file ahead of time, but this check makes his life easier
without costing us anything.
Signed-off-by: S.Çağlar Onur" <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This patch fixes a small typo in the man page.
Signed-off-by: Matthias Brugger <matthias.bgg@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
All of this needs a rewrite/redesign, and that will be coming (details
below), but for now
You can start 'non-ephemeral ephemeral' containers using
lxc-start-ephemeral -o oldname -n newname --keep-data
When you shut that down, the container stick around and can be
restarted. Now lxc-clone will recognize such a container by the
presence of the delta0/ which contains the read-write overlayfs
layer. This means you can do incremental development of containers,
i.e.
lxc-create -t ubuntu -n r1
lxc-start-ephemeral --keep-data -o r1 -n r1-2
# make some changes, poweroff
lxc-clone -o r1-2 -n r1-3
# make some changes...
lxc-clone -o r1-3 -n r1-4
# etc...
Now, as for design changes... from a higher level
1. lxc-clone should be re-written in c and exported through the
api.
2. lxc-clone should support overlayfs and aufs
3. lxc-start-ephemeral should become a thin layer which clones a
container, starts and stops and destroys it.
at a lower level,
1. the api should support container->setup_mounts
2. lxc-clone should be written as a set of backend classes which
can copy mounts to each other. So when you load a container
which is lvm-backed, it creates a lvm backend class. That
class instance can be converted into a loopback or qemu-nbd
or directory backed class. A directory-backed class can be
converted into a overlayfs or aufs backed class, which (a)
uses the dirctory-backed class as the read-only base, and (b)
pins the base container (so it can't be deleted until all
snapshots are deleted).
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The -n/--name option of lxc-start-ephemeral was never implemented
even though it was documented in the manpage.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
If the filesystem mounts on the host have the MS_SHARED or MS_SLAVE
flag set, and a container without a rootfs is started, then any new
mounts created inside the container are currently propagated into
the host. In addition to mounts placed in the configuration file of
the container or performed manually after startup, the automatic
mounting of /proc by lxc-execute will propagate back into the host,
effectively crippling the entire system. This can be prevented by
setting the MS_SLAVE flag on all mounts (inside the container's own
mount namespace) during startup if a rootfs is not configured.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This updates the various checks to match the grid below:
== lxc-ubuntu support per architecture ==
amd64: amd64, i386, armel, armhf, powerpc
i386: i386, armel, armhf, powerpc
armel: armel, armhf
armhf: armhf, armel
powerpc: powerpc
== lxc-ubuntu-cloud support per architecture ==
amd64: amd64, i386
i386: i386
armel: armel, armhf
armhf: armhf, armel
Note that most of the foreign architectures on x86 are supported
through the use of qemu-user-static. This one however isn't yet
support for cloud images (I'll send a patch for 1.0).
Also, qemu-user-static is technically able to emulate amd64 on i386
but qemu-debootstrap doesn't appear to know that and fails quite miserably.
We may also want to add a test for amd64 kernel but i386 userspace, which
is a valid combination that allows running an amd64 container on an i386
host without requiring emulation, but that's for another patch.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This is mostly to make debuild happy as it doesn't tolerate any
leftover file when building twice in a row.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
I recently noticed that the generated tarballs with "make dist"
were incomplete unless the configure script was run on a machine
with all possible build dependencies.
That's wrong as you clearly don't need those dependencies to generate
the tarball. This change fixes that.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Recent testing on Ubuntu armhf showed that the python module was
failing to import. After some time tracking the issue down, the problem
was identified as being a non-terminated list of get/setters.
This commit fixes that issue as well as a few other potential ones that
were identified during debugging.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The child process's environment should be manipulated the same way
by lxc-attach as it would be by lxc-start or lxc-execute.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
When we install lxc by manual (configure; make; make install),
all files are installed under /usr/local/. Configuration files
and setting files of containers are stored under /usr/local/ too,
however, only log files are stored under /var/log/ not
/usr/local/var/log.
This patch changes the default log path to $localstatedir/log/lxc
(by default $localstatedir is /usr/local/var) where is an ordinary
directory, which is probably expected and unsurprising.
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
