The mnt directory has a good chance to already exist in the new root
filesystem, so creation and removal can be avoided. This also eases
use of read only root filesystems (no configuration necessary).
Signed-off-by: Ferenc Wagner <wferi@niif.hu>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Fix the following warnings:
console.c: In function ‘console_handler’:
console.c:252: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
console.c:254: warning: ignoring return value of ‘write’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_veth’:
conf.c:1130: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c:1135: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
conf.c: In function ‘instanciate_macvlan’:
conf.c:1206: warning: ignoring return value of ‘mktemp’, declared with attribute warn_unused_result
af_unix.c: In function ‘lxc_af_unix_send_fd’:
af_unix.c:124: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_recv_fd’:
af_unix.c:169: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_send_credential’:
af_unix.c:195: warning: dereferencing type-punned pointer will break strict-aliasing rules
af_unix.c: In function ‘lxc_af_unix_rcv_credential’:
af_unix.c:237: warning: dereferencing type-punned pointer will break strict-aliasing rules
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
That breaks the reboot because when we reexec, fd 0 and fd 1 will be
closed and these one are created by lxc, not inherited.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The removal does not account for possible leading path components that
were also created during creation of pivotdir.
Signed-off-by: Ferenc Wagner <wferi@niif.hu>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As we defined a path where to mount the rootfs, we can use without
ambiguity because it is defined by default at compile time or by the
configuration.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We have pivot_dir and rootfs defined in lxc_conf structure.
Let's encapsulate them in a rootfs structure.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Ferenc Wagner <wferi@niif.hu> writes:
> Daniel Lezcano <dlezcano@fr.ibm.com> writes:
>
>> Ferenc Wagner wrote:
>>
>>> Daniel Lezcano <daniel.lezcano@free.fr> writes:
>>>
>>>> Ferenc Wagner wrote:
>>>>
>>>>> While playing with lxc-start, I noticed that /tmp is infested by
>>>>> empty lxc-r* directories: [...] Ok, this name comes from lxc-rootfs
>>>>> in conf.c:setup_rootfs. After setup_rootfs_pivot_root returns, the
>>>>> original /tmp is not available anymore, so rmdir(tmpname) at the
>>>>> bottom of setup_rootfs can't achieve much. Why is this temporary
>>>>> name needed anyway? Is pivoting impossible without it?
>>>>
>>>> That was put in place with chroot, before pivot_root, so the distro's
>>>> scripts can remount their '/' without failing.
>>>>
>>>> Now we have pivot_root, I suppose we can change that to something cleaner...
>>>
>>> Like simply nuking it? Shall I send a patch?
>>
>> Sure, if we can kill it, I will be glad to take your patch :)
>
> I can't see any reason why lxc-start couldn't do without that temporary
> recursive bind mount of the original root. If neither do you, I'll
> patch it out and see if it still flies.
For my purposes the patch below works fine. I only run applications,
though, not full systems, so wider testing is definitely needed.
Thanks,
Feri.
>From 98b24c13f809f18ab8969fb4d84defe6f812b25c Mon Sep 17 00:00:00 2001
Date: Thu, 6 May 2010 14:47:39 +0200
That was put in place before lxc-start started using pivot_root, so
the distro scripts can remount / without problems.
Signed-off-by: Ferenc Wagner <wferi@niif.hu>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
First of all, when trying to start a container in a read-only root
lxc-start complains:
lxc-start: Read-only file system - can't make temporary mountpoint
This is in conf.c:setup_rootfs_pivot_root() function. That function
uses optional parameter "lxc.pivotdir", or creates (and later removes)
a temporary directory for pivot_root. Obviously there's no way to
create a directory in a read-only filesystem.
But lxc.pivotdir does not work either. In the function mentioned above
it is used with leading dot (eg. if I specify "lxc.pivotdir=pivot" in
the config file the pivot_root() syscall will be made to ".pivot" with
leading dot, not to "pivot"), but later on it is used without that dot,
and fails:
lxc-start: No such file or directory - failed to open /pivot/proc/mounts
lxc-start: No such file or directory - failed to read or parse mount list '/pivot/proc/mounts'
lxc-start: failed to pivot_root to '/stage/t'
(that's with "lxc.pivotdir = pivot" in the config file). After symlinking
pivot to .pivot it still fails:
lxc-start: Device or resource busy - could not unmount old rootfs
lxc-start: failed to pivot_root to '/stage/t'
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Reported-by: Michael Tokarev <mjt@tls.msk.ru>
There is only one such perror call, so remove it in nl.c
In this same patch, verify that all functions of nl.c and network.c
are reporting a -errno value in case of error;
value that is reported in lxc log by the callers in conf.c
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When the reboot is detected, reboot the container.
That needs to set all file descriptor opened by lxc-start
to be flagged with the close-on-exec flag, otherwise when
re-execing ourself, we inherit our own fd.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Open the console at the setup time, otherwise the openeded
file descriptor will be considered as an inherited fd and the
startup will fail.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Delete the network devices when an error occurs before they are moved
to the network namespace (network namespace destruction triggers the
network devices deletion). Otherwise they stay in the system.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When the umount fails, we force the umount and make the mount point
unaccessible by using a lazy umount.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The actual behaviour of the console is messy as:
* it relies on a heuristic (tty or not, rootfs or not, etc ...)
* the container init stole the tty and we lose the control
The following patch:
* allocates a tty
* maps this tty to the container console
* proxy the io from the console to the file specified in the configuration
lxc.console=<file>
That allows to specify a file, a fifo, a $(tty), and can be extended with an
uri like file://mypath, net://1.2.3.4:1234, etc ...
That solves the problem with the heuristic and the container does no longer stole
our current tty.
Note by default, the console output will go to a blackhole if no configuration is
specified making the container showing nothing.
In order to access the console from the tty, use
lxc-start -n foo -s lxc.console=$(tty)
I propose the make the container to daemonize by default now.
I tried the following:
in a shell:
touch /var/lib/lxc/foo/console
tail --retry -f /var/lib/lxc/foo/console
in another shell:
lxc-start -n foo -s lxc.console=/var/lib/lxc/foo/console
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
There are several cases where the system can no longer access a mount
point or a mount point configuration makes the algorithm bogus.
For example, we mount something and then we chroot, the mount information
will give an unaccessible path and the container won't be able to start
because this mount point will be unaccessible. But if it's the case, then
we can just warn and continue running the container.
Another case is the path to a mount point is not accessible because there
is another mount point on top of it hiding the mount point. So the umount
will fail and the container won't start.
Easy to reproduce:
mkdir -p /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1/dir2
mount -t tmpfs tmpfs /tmp/dir1
So can we just ignore the error when unmounting and continue to the list again
and again until it shrinks.
At the end, we just display the list of the unmounted points.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
the last patch commit 81810dd120
make lxc to not compile anymore on rhel5u1
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hello everyone!
I've written a patch which adds a new config keyword
'lxc.cap.drop'. This keyword allows to specify capabilities which are
dropped before executing the container binary.
Example:
lxc.cap.drop = sys_chroot
lxc.cap.drop = mknod
lxc.cap.drop = sys_module
or specify in a single line:
lxc.cap.drop = sys_chroot mknod sys_module
Reworked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holzt <lxc@my.fqdn.org>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The getline function allocate the needed memory. Fix buffer can lead
to 'hard to find' bug. I don't test the pivot_root part but the other
parts are ok.
Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
lxc currently does a chroot into the target rootfs. chroot is insecure and
can easily be broken, as demonstrated here:
| root@synergy:~# touch /this_is_the_realrootfs_ouch
| # touch /container/webhost/this_is_the_container
| # lxc-start -n webhost /bin/sh
| # ls this*
| this_is_the_container
| # ./breakchroot
| # ls this*
| this_is_the_realrootfs_ouch
code to break chroot taken from
http://www.bpfh.net/simes/computing/chroot-break.html
Now this can be fixed. As our container has his own mount namespace, we can
easily pivot_root into the rootfs and then unmount all old mounts. The patch
attached add a new config keyword which contains the path to a temporary
mount for the old rootfs (inside the container). This stops the chroot break
method shown before.
Example:
| root@synergy:~# grep pivotdir /var/lib/lxc/webhost/config
| lxc.pivotdir = /oldrootfs
| root@synergy:~# ls -lad /container/webhost/oldrootfs
| drwxr-xr-x 2 root root 4096 2010-01-02 03:59 /container/webhost/oldrootfs
| root@synergy:~# lxc-start -n webhost /bin/sh
| # mount -t proc proc /proc
| # cat /proc/mounts
| rootfs / rootfs rw 0 0
| /dev/root / ext3 rw,relatime,errors=remount-ro,data=writeback 0 0
| devpts /dev/console devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0
| proc /proc proc rw,relatime 0 0
| # ls this*
| this_is_the_container
| # ./breakchroot
| # ls this*
| this_is_the_container
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michael Holtz <lxc@my.fqdn.org>
conf object is on stack and is used in forked process.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The future kernel 2.6.33 will incorporate the macvlan bridge
mode where all the macvlan will be able to communicate if they are
using the same physical interface. This is an interesting feature
to have containers to communicate together. If we are outside of the
container, we have to setup a macvlan on the same physical interface than
the containers and use it to communicate with them.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Some devices like veth or vlans have a bit of extra details that
are specific to them. Example veth.pair and vlan.vlanid.
Separate them from the common so we can update cleanly in the future.
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This adds ability to migrate vlan interfaces into namespaces
by specifying them in a config
Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca>
Acked-by: Daniel Lezcano <daniel.lezcano@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
commit 985d15b106 "fix fdleak and errors
in lxc_create_tty()" created a zero-sized malloc(), causing memory
corruption. use config->tty like all the other code does.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
the same cleanup as in instanciate_macvlan(). Just makes code
shorter and less "jumpy" (as with goto back)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Currently we allocate veth device with random name on host side,
so that things like firewall rules or accounting does not work
at all. Fix this by recognizing yet anothe keyword to specify
the host-side device name: lxc.network.pair, and use it instead
of random name if specified.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
if, for some reason, openpty() fails, lxc_create_tty() will
leak all previous ptys and leave the config structure in a
inconsistent state (wrt the number of ptys actually opened)
Fix that by explicitly closing all previously opened ptys
in case of failure and by setting number of actually opened
ttys after actual open
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Ensure that lxc.netdev.link is specified for macvlan interfaces,
since it's required.
While at it, simplify logic in instanciate_macvlan():
remove unnecessary-complicating goto statements (we only
need to perform a cleanup in one place)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Before, a veth device pair required a link which was treated as
a bridge device. Code crashed if there was no lxc.network.link
specified. Fix that by allowing lxc.network.link to be unset
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
struct lxc_netdev is used to hold information from cnfig file
about a network device/configuration. Make the fields of this
structure to be named similarily with the config file keywords,
namely:
s/ifname/link/ - host-side link for the device (bridge or eth0)
s/newname/name/ - container-side ifname
It is insane to have completely different names in config file
and in structure/variable names :)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
<lxc/lxc.h> should only include what is needed. This patch removes
all useless headers from lxc.h and fixed other .c files.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The purpose of this new keyword is to save in main config file
all the lines of a provided fstab file.
This will ultimately replace the the lxc.mount keyword
when lxc scripts will use the new keyword.
Warning: I did not validated this patch
in all conditions of provided malformed input string.
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
in today's code lxc-start to not stop if setup_cgroup is detecting an error
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The simplification of the container configuration makes
pointless to have so much complexity in the container creation.
Let's remove that and replace by some scripts.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Greetings, I've found a small typo into src/lxc/conf.c that leads to
nulled prefix for ipv6 addresses.
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Instead of passing the LXCPATH definition in the compiler
command line, use configure.ac to define the value in the config.h
file and include this file where it is needed.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the usage of the directory config for the setup and use the
configuration structure instead.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch makes the configuration to read the configuration
file in order to pass the configuration to the different functions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The code previously added in lxc-create with
commit d7efa8fcbf
is also required in lxc-execute.
So make this code common for the two callers.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add some traces in the code, so we are able to follow the execution
of the start command with the logger.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The trace is displayed either if the setting fails, change that by
displaying the trace when the setting is successful.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
When no name is specified in the configuration file for an interface,
let the system to choose one nice name like "eth".
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This is useless because error is already reported by the functions
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
and report error message as soon as detected error in these two functions
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <normand@fr.ibm.com>
do it in all cli, except:
* the usage functions that will be removed by another patch
* the lxc_init that need more work
* the lxc_priority that is not used anymore
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch defines a new log category in each file using logging and
replaced the former logging routines with the new ones.
Signed-off-by: Cedric Le Goater <legoater@free.fr>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Set the close on exec flag on the pty fd so they are automatically
closed when execing the container.
Signed-off-by: Môshe van der Sterre <me@moshe.nl>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
