lxc-plamo now work with any distribution other than Plamo Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Bug found by Vincent Ladeuil <vila+ci@canonical.com>
Fix suggested by Scott Moser <smoser@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:
lxc-create: Libgcrypt warning: missing initialization -
please fix the application
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Just following up here, Serge raised the question of whether or not the
other two invocations of 'tar' in this script need '--numeric-owner'.
They probably should have it, although its of little concern because the
'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for
download, and the only supported ubuntu release without the -root.tar.gz
download is 10.04 at this point.
Anyway, below is a more complete diff, also including a fix as
'--numeric-uid' is not a valid option to tar. The name is
'--numeric-owner'.
Signed-off-by: Scott Moser <smoser@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
These need to be in the dist tarball even if the host packaging system
doesn't have docbook2x, otherwise configure will fail to find them. Also,
the build system may have docbook2x, even if the packaging system does not.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
docbook2man picks up some errors that docbook2x does not, fixing them
isn't harmful to docbook2x. The only real change is adding <para> and
<citerefentry> tags.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This patches the Fedora template to insure that the legacy network
startup scripts are enabled when NetworkManager has not been installed
in the container (default).
It also fixes a login problem with pam_loginuid.so in a container.
https://bugzilla.redhat.com/show_bug.cgi?id=966807
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
--
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
They are the real /dev/tty{0,1}, which are physical consoles. Lxc
bind-mounts over them. Don't let the container use these!
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Container trimming is a bad idea in general, Ubuntu since 12.04 allows
standard systems to run in containers and we've got separate code to
deal with 10.04, so let's just drop trim.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This patch reworks the Fedora template to operate in the most "distro
agnostic" manner possible. It should even run on distros where rpm and
yum are not present and not available or may be incompatible. It
depends on the most basic set of system facilities like rsync but does
require squashfs support also be available to mount a LiveOS runtime.
Based on comments at Linux Plumbers, what I had been referring to as a
"run time environment" or RTE has been renamed in the code to refer to
it as a "bootstrap". It has been tested on Fedora (of course),
OpenSuse, Ubuntu, and Oracle (latest host versions of each) building
Fedora containers of F19 back through F9. Varying levels of database
problems were encountered from F11 and back and are "will not fix" due
to versions being long EOL. F15 and F16 build but do not run "out of
the box" due to systemd version issues and those are also "will not fix"
for the same reasons.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
changelog v3:
Make sure to only read one ip address from container.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This mostly changes two things:
- Only log to the container's logfile on start/stop/restart/execute
- Call may_control() every time we use the API and return
"Insufficient privileges" on failure.
NOTE: I didn't test every single one of those but I'm fairly confident
in my copy/paste abilities and I confirmed they all build fine at least.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
give hint to user to modprobe configs (altho could just modprobe it?)
Signed-off-by: Elan Ruusamäe <glen@delfi.ee>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Otherwise, it cases problems on cbuild endianness != ctarget endianness
setups because /sbin/ldconfig expects elf header in the wrong endianness.
Signed-off-by: Andrey Mazo <ahippo@yandex.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
* sync current English man pages on master branch
* delete lxc-shutdown.sgml.in
* add lxc-snapshot.sgml.in
* update FSF address (same as 250b1eec71)
* remove trailing whitespaces in legacy/lxc-ls.sgml.in (same as 8900b9eb25)
- When doing the selinux change, I noticed that there was a lot of
duplication of code in handing string configuration items, so I
refactored this into a common function.
- Added a config_string_max that can be passed a maximum acceptable
length, used to limit ttydir to NAME_MAX.
- The behavior of config_seccomp was different than other strings: if the
item was already defined, then the second attempt to set it would fail
instead of just replacing the value. Changed to just replace the value.
- Remove unused key and lxc_conf arguments to config_path_item().
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The original rationale for this was to make sure that if
lxcpath was /home/serge/lxcbase, then then lockdir
(/run/user/serge/lock/lxc/home/serge/lxcbase) would be
owned by the same user as /home/serge/lxcbase.
The only user who can chown to other uids (without CAP_CHOWN
added to fP) is root, who shouldn't be mucking with non-root
owned containers anyway. In the meantime this causes a bunch
of noise for arguably no benefit.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This is an api function which will return false if the container
is running, and the caller may not talk to its monitor over its
command socket. Otherwise - if the container is not running, or
the caller may access it - it returns true.
We can use this in several tools early on to prevent the segvs
etc which we currently get.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
