When we daemonize the container and we specify the log file,
the container will use the log file to write the console output.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
It is not easy to follow the cgroup name associated with a container,
so right after the container is created, I rename the cgroup which
is the pid of the creator by the container name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The exit code of the application as reported by lxc-start is:
0-126 exit code of the application itself
128+n signal n received by the application
255 lxc error
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
add the long options to lxc-start
with a small change in lxc_start proto to avoid compilation warning
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When no tty number is specified in the command line,
let the tty service to provide choose one available
tty and provide this one.
The documentation is updated wrt this modification and
I did a little fix to generate the date of the documentation.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Export the fine grain api of lxc to be usable for external
component which wants to have more control on the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Define a handler to store the resource informations for the container.
That allows to factor out some code and will help to encapsulate a
little more the 'start' code which is too big.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch defines a new log category in each file using logging and
replaced the former logging routines with the new ones.
Signed-off-by: Cedric Le Goater <legoater@free.fr>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch fixes compile warnings: ignoring return value of function,
declared with attribute warn_unused_result, and adds error handling.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add signalfd and signalfd4 syscall number definitions for powerpc so
that we may compile even with older platform headers.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
define s390x signalfd for systems with headers which are too
old.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If sys/signalfd.h does not exist, assume that it does not exist
in glibc, rather than that it exists without a corresponding
header file. Note that this version of the signalfd() wrapper
function (unlike the version in glibc) falls back dynamically to
the old signalfd system call if the signalfd4 system call is not
implemented in the currently-running kernel; the version in glibc
chooses the version of the signalfd system call to make via static
build-time configuration.
Signed-off-by: Michael K Johnson <johnsonm@rpath.com>
Signed-off-by: Daniel Lezcnao <dlezcano@fr.ibm.com>
On distros with older headers liblxc fails to build because PR_CAPBSET_DROP is
not defined by including /usr/include/sys/prctl.h. This adds an autoconf
test and, if not present, defines it. When prctl() is called on systems that
do not support PR_CAPBSET_DROP we should expect EINVAL. This case is already
handled by the liblxc code so no further changes are needed.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Dietmar Maurer <dietmar@proxmox.com>
The signalfd function prototype and the signalfd header file is not
defined in the debian Lenny. We want to use this debian version with a
newer kernel.
This patch gives the signalfd function prototype, because the function is
available in the glibc-2.7 which is the version coming with debian Lenny.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove annoying compilation messages and fix tty for the restart.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Retrieve the ttyname and pass it to the lxc_setup function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Return the error code when the exec fails in the child process, that
decreases the granularity of the error given to the user.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Return a lxc-error when for the lxc_configure and lxc_setup function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the most known error to the different API to be followed up by the
caller, so we can later show a better message to the user when something
goes wrong. The error catching is coarse grain right now but will be improved,
step by step.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
The future kernel version will automatically autodestroy the network devices
when the network namespace exits. This is not the case for the current version.
In order to handle the both cases, I added a configuration option to disable
the network destruction when the container exits:
--disable-network-destroy
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
The main difference between lxc_start and lxc_execute is the latter creates
an intermediate process to wait for all the childs. That allows to support
daemons or orphan process group for the pid namespace.
Having such difference makes the code to be duplicate between the two
functions. So instead of doing this, I create an intermediate <init> program
which is in charge to launch the specified command. This command is the
lxc-init program taking different options:
--mount-procfs : mount the proc filesystem before exec'ing the command
--mount-sysfs : mount the sys filesystem before exec'ing the command
A double dash indicates the end of the options of lxc-init and the beginning
of the command to be launched.
To summarize:
* lxc_execute function is no more.
* lxc-execute command uses the lxc_start function and launch the specified
command via lxc-init
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the CAP_SYS_BOOT capability from the bouding set, so we can poweroff,
halt, reboot the container safely without shutting down the real host.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
