If we don't do this, we'll end up changing the function signatures for the
internal __criu_* functions each time we add a new parameter, which will
get very annoying very quickly. Since we already have the user's arguments
struct, let's just pass that all the way down.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
gcc -Wall warns about uninitialized variables (-Wmaybe-uninitialized), and
-Werror makes it fatal. This change allows the build to succeed by NULL'ifying
the pointer passed to strtok_r().
Note that strtok_r(3) anyway ignores a non-NULL arg3 pointer on the 1st call
with non-NULL arg1 string.
Signed-off-by: Leonid Isaev <leonid.isaev@jila.colorado.edu>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Since specifying lxc.rootfs.backend can lead to performance improvements we
always set it during container creation.
This also fixes a bug. do_bdev_create() tried to be smart and retrieve the lower
directory when bdev->type == overlayfs or aufs thereby cutting the path.
However, this operation is done in ovl_mount() and aufs_mount() and both
functions need the full src path for this. The bug didn't show before because
when creating a overlayfs container with e.g.:
lxc-create -n c -t busybox -B overlayfs
still left bdev->type set to dir and so the code for retrieving the lower dir in
do_bdev_create() was skipped. But by setting lxc.rootfs.backend on container
creation we force bdev->type to be set to e.g. overlayfs and the code gets
executed thereby exposing the bug.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
this enables lxc to perform "disk-less migrations" where memory pages are sent directly to the destination machine instead of being written to the sources filesystem first.
For this, the migrate_opts struct has been added the strings "pageserver_address" and "pageserver_port" so that criu can be told where to look for a pageserver.
Signed-off-by: Niklas Eiling <niklas.eiling@rwth-aachen.de>
Hopefully this will avoid name collisions with any user binaries, since
criu is just an implementation detail.
Closes#907
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
* This are either '.', '..' or a hidden directory.
And this names should not be used for a container
in any case.
* Before this patch, if you created a git repository under lxc.lxcpath (it
can be useful to keep track of the configurations of your containers)
Then, when you run lxc-ls you will get the following output:
# lxc-ls
.git container1 container2 ....
This is because there is a 'config' file inside the '.git' directory.
It is where git stores the configuration of the repository.
And the test lxc-ls does to check if a directory contains a container
is just to check if the 'directory/config' file exists.
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
Check if we're really on a btrfs filesystem before we call btrfs_same_fs().
Otherwise we will report misleading errors although everything went fine.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
With this commit we start to split bdev.{c,h} into modules located in the
subfolder bdev. We start by creating a module for overlay: overlay.{c,h}.
- The functions:
- overlayfs_detect()
- overlayfs_mount()
- overlayfs_umount()
- overlayfs_clonepaths()
- overlayfs_destroy()
- overlayfs_create()
move from bdev.{c,h} to overlay.{c,h}. The only thing that remains in bdev.c
is the static definition of
- static const struct bdev_ops overlayfs_ops
- The functions:
- update_ovl_paths()
- overlay_getlower()
move from lxccontainer.c to overlay.{c,h}. update_ovl_paths() is used to
update absolute paths for overlay lxc.mount.entry entries but it seems to fit
more here than into lxccontainer.c.
The Function overlay_getlower() is used to extract the lower directory for
overlay (and aufs) rootfs. It should at some point become a common helper.
- The functions:
- do_rsync()
- dir_new_path()
remain in bdev.c for now but become extern. We declare them extern in
overlay.c to be able to call them. As the comment to them correctly notices,
they should at some point become common helpers and probably move to
utils.{c,h} or some other more appropriate place.
- The structs:
- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */
are forward declared/put as incomplete types in overlay.h so that the
functions have access to it.
- The header overlay.h is *not* included in bdev.h but only in bdev.c so that
when bdev.h is included the public functions in overlay.h cannot be accessed,
i.e. if an implementation wants to call functions from overlay.h they need to
explicitly include it. (As is e.g. done in the case of lxccontainer.c.)
- The header
- lxc-btrfs.h
also moves to the bdev subfolder.
- Adapt Makefile.am to the new bdev layout.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
This patch adds a new ->migrate API call with three commands:
MIGRATE_DUMP: this is basically just ->checkpoint()
MIGRATE_RESTORE: this is just ->restore()
MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the
container.
A small addition to the (pre-)dump commands is the ability to specify a
previous partial dump directory, so that one can use a pre-dump of a
container.
Finally, this new API call uses a structure to pass options so that it can
be easily extended in the future (e.g. to CRIU's --leave-frozen option in
the future, for potentially smarter failure handling on restore).
v2: remember to flip the return code for legacy ->checkpoint and ->restore
calls
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Instead of *always* resetting the current_config to null, we should only
reset it if this API call set it.
This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into
criu.c, which can call c->init_pid() and not lose the ability to log stuff
afterwards.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
If manual mounting with elevated permissions is required
this can currently only be done in pre-start hooks or before
starting LXC. In both cases the mounts would appear in the
host's namespace.
With this flag the namespace is unshared before the startup
sequence, so that mounts performed in the pre-start hook
don't show up on the host.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Otherwise it gets shortened with the temporary len but never
restored - which will only break API users which do a clone
then continue to use the original container, meaning this is
a hard one to detect.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Closes#694
When we start cloning container c1 to c2, we first save c1's
configuration in c2's as a starting point. We long ago cleared
out the lxc.rootfs entry before saving it, so that if we are
killed before we update the rootfs, c2's rootfs doesn't point
to c1's. Because then lxc-destroy -n c2 would delete c1's rootfs.
But when we introduced the unexpanded_config, we didn't update
this code to clear the rootfs out of the unexpanded_config, which
is what now actually gets saved in write_config().
Do so.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
When using overlay and aufs mounts with lxc.mount.entry users have to specify
absolute paths for upperdir and workdir which will then get created
automatically by mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() in conf.c. When we clone a container with
overlay or aufs lxc.mount.entry entries we need to update these absolute paths.
In order to do this we add the function update_ovl_paths() in
lxccontainer.c. The function updates the mounts in two locations:
1) lxc_conf->mount_list
and
2) lxc_conf->unexpanded_config (by calling clone_update_unexp_ovl_dir())
If we were to only update 2) we would end up with wrong upperdir and workdir
mounts as the absolute paths would still point to the container that serves as
the base for the clone. If we were to only update 1) we would end up with wrong
upperdir and workdir lxc.mount.entry entries in the clone's config as the
absolute paths in upperdir and workdir would still point to the container that
serves as the base for the clone. Updating both will get the job done.
NOTE: This function does not sanitize paths apart from removing trailing
slashes. (So when a user specifies //home//someone/// it will be cleaned to
//home//someone. This is the minimal path cleansing which is also done by
lxc_container_new().) But the mount_entry_create_overlay_dirs() and
mount_entry_create_aufs_dirs() functions both try to be extremely strict about
when to create upperdirs and workdirs. They will only accept sanitized paths,
i.e. they require /home/someone. I think this is a (safety) virtue and we
should consider sanitizing paths in general. In short: update_ovl_paths() does
update all absolute paths to the new container but
mount_entry_create_overlay_dirs() and mount_entry_create_aufs_dirs() will still
refuse to create upperdir and workdir when the updated path is unclean. This
happens easily when e.g. a user calls lxc-clone -o OLD -n NEW -P
//home//chb///.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
I've noticed that a bunch of the code we've included over the past few
weeks has been using 8-spaces rather than tabs, making it all very hard
to read depending on your tabstop setting.
This commit attempts to revert all of that back to proper tabs and fix a
few more cases I've noticed here and there.
No functional changes are included in this commit.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Use pwrite() to write terminating \0-byte
This allows us to use standard string handling functions and we can avoid using
the GNU-extension memmem(). This simplifies removing the container from the
lxc_snapshots file. Wrap strstr() in a while loop to remove duplicate entries.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Commit 6c6892b "fix multithreaded create()" prevented the container
configuration from being saved if the backing store does not need
to be created.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
It is not an error to create a container without a template or rootfs.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
If we currently create clone-snapshots via lxc-clone only the plain total
number of the containers it serves as a base-container is written to the file
"lxc-snapshots". This commit modifies mod_rdep() so it will store the paths and
names to the containers that are clone-snapshots (similar to the "lxc_rdepends"
file for the clones). **Users which still have containers that have a non-empty
(with a number > 0 as an entry) "lxc-snapshots" file in the old format are not
affected by this change. It will be used until all old clones have been
deleted!** For all others, the "lxc_snapshots" file placed under the original
container now looks like this:
/var/lib/lxc
bb
/var/lib/lxc
cc
/opt
dd
This is an example of a container that provides the base for three
clone-snapshots bb, cc, and dd. Where bb and cc both are placed in the usual
path for privileged containers and dd is placed in a custom path.
- Add additional argument to function that takes in the clone-snapshotted
lxc_container.
- Have mod_rdep() write the path and name of the clone-snapshotted container the
file lxc_snapshots of the original container.
- If a clone-snapshot gets deleted the corresponding line in the file
lxc_snapshot of the original container will be deleted and the file updated
via mmap() + memmove() + munmap().
- Adapt has_fs_snapshots().
- **If an lxc-snapshot file in the old format is found we'll keep using it.**
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
- Passing the LXC_CLONE_KEEPNAME flag to do_lxcapi_clone() was not respected and
let to unexpected behaviour for e.g. lxc-clone. We wrap
clear_unexp_config_line() and set_config_item_line() in an appropriate
if-condition.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Latest glibc release actually honours calling setenv with a NULL
pointer by causing SIGSEGV but checking pointers before submitting
to any system function is a good idea anyway.
Signed-off-by: Robert Schiele <rschiele@gmail.com>
This was originally used to propagate the bridge and veth names across
hosts, but now we extract both from the container's config file, and
nothing reads the files that dump_net_info() writes, so let's just get rid
of them.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
When setting lxc.network.veth.pair to get a fixed interface
name the recreation of it after a reboot caused an EEXIST.
-) The reboot flag is now a three-state value. It's set to
1 to request a reboot, and 2 during a reboot until after
lxc_spawn where it is reset to 0.
-) If the reboot is set (!= 0) within instantiate_veth and
a fixed name is used, the interface is now deleted before
being recreated.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Passing the LXC_CLONE_KEEPNAME flag to do_lxcapi_clone() was not respected. We
wrap clear_unexp_config_line() and set_config_item_line() in an appropriate
if-condition.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com>
When starting a daemonized container, only the original parent
thread should return to the caller. The first forked child
immediately exits after forking, but the grandparent child
was in some places returning on error - causing a second instance
of the calling function.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Tycho Andersen <tycho.andersen@canonical.com>
In various places throughout the code, we want to "nullify" the std fds,
opening them to /dev/null or zero or so. Instead, let's unify this code and do
it in such a way that Coverity (probably) won't complain.
v2: use /dev/null for stdin as well
v3: add a comment about use of C's short circuiting
v4: axe comment, check errors on dup2, s/quiet/need_null_stdfds
Reported-by: Coverity
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Commit 37cf711b added a destroy hook, but when it checks
at destroy time whether that hook exists, it assumes that
c->lxc_conf is good. In fact lxc_conf can be NULL, so check
for that.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
commit 507cee3618 moved the close and re-open of fds 0-2 into
do_start. But this means that the lxc monitor itself keeps the
caller's fds 0-2 open, which is wrong for daemonized containers.
Closes#548
Reported-by: Mathieu Le Marec - Pasquet <kiorky@cryptelium.net>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
