Without this /dev/console won't exist and upstart will fail to start any
job marking as "console output" including the rather important rcS.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
I unfortunately realized that I did not push the latest version of the
file. This fixes an issue in the case where we want to create the proxy
file in the container (not nested).
Signed-off-by: Chris Glass <tribaal@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Added a commented squid-deb-proxy hook to the common ubuntu config file
as suggested when merging the squid-deb-proxy-client hook.
Signed-off-by: Chris Glass <tribaal@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
If we start container with rcfile(see comments in lxc_start.c), it
is possible that we have no config file in /usr/local/var/lib/lxc.
So when we try lxc_stop, lxc_container_new will not load any config
so we'll get c->lxc_conf = NULL.
In that case, we'll get Segmentation fault in lxcapi_shutdown, a
simple check would fix this.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Instead of always returning -1 and call SYSERROR when the child returns
non-zero. Have userns_exec_1 always return the return value from the
function it's calling and let the caller do the error handling (as is
already done by its only caller).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
It's been brought to my attention that the read-only mount of /proc/sys
is causing problems to archlinux users, so instead just have LXC mount
proc and sysfs normally (read-write).
Reported-by: John Lane <john@lane.uk.net>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This is a reissue of two previous patches along with some additional
changes for hardening the root password process based on discussions
on-list.
--
This patch modifies the lxc-fedora and lxc-centos templates for 3 things.
1) Extensively modifies root password generation, storage, and management
based on discussions on the devel list.
Root passwords are hardened and have advanced configurability.
A static password may be provided.
A password based on a template may be generated, including ${RANDOM}.
A password may be generated through mktmp using a template with X's.
Root passwords default to expired, initially.
Passwords may optionally be echoed to stdout at container creation. (no)
Passwords may optionally be stored in ${rootfs_path}/tmp_root_pass. (yes)
Users may be optionally forced to change the password at creation time. (no)
Default is to generate a pattern based password and store, no force change.
All of this may be overridden by environment variables through
conditional assignment.
2) Random static hardware addresses are generated for all configured
interfaces.
3) Add code to create sysv init style scripts to intercept shutdown and
reboot to prevent init restart and hang for CentOS and legacy Fedora
systems on shutdown, reboot, init 0, and init 6. This solves a variety
of hang conditions but only affects newly created containers. Does
not have any impact on systemd based containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Pretty much the only case where we do NOT want to daemonize
a container start is lxc-start. So make c->daemonize true
by default, and have lxc-start set it to false.
If there are existing API users who rely on daemonize by
default, then they will be broken by this. It seems we should
do this before beta1 if we're going to do it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This makes the ubuntu and ubuntu-cloud templates automatically aware of apt
proxy settings when the LXC host has "squid-deb-proxy-client" installed. This
makes installations *much* faster when a suitable squid-deb-proxy is
found on the network (or installed on the host).
Signed-off-by: Chris Glass <tribaal@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- [[ ]] -> [ ]
- == -> =
- source -> .
- redirect of fd 200 is error in mksh, use fd 9
- &> /dev/null -> > /dev/null 2>&1
- useless function keyword
- echo -e -> printf
still left bash shebang which did not validate with checkbashism, mostly
due 'type' being reported as bashism
Signed-Off-By: Elan Ruusamäe <glen@delfi.ee>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a new --force-cache parameter which will force use of the
cache even for expired images.
An expired image is now only flushed from the cache once a new one is
successfuly downloaded (to avoid destroying the local cache when the
host doesn't have internet connectivity).
The ID of the build in cache is also tracked so that we don't
re-download something we already have (should only happen if we don't
have a new build published by the time the previous one expires).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Instead of hardcoding --exclude=./dev/*, use a new metadata file
"excludes" which lists all the paths or patterns to exclude during
extraction (one per line).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
* Update Japanese lxc.conf(5) for commit 508c263ee6
* Remove duplicate line in English lxc.conf(5)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- show full path to failed download location
- change test to -f in case meta.tar.xz:templates has a blank line it
won't attempt to sed a directory
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Some functions which wanted to know about cgroup paths were located
in other files. Move them into cgroup.c, so that all knowledge of
the cgroup backend can be colocated.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The removed chunk is already defined in utils.h which
is included in modified files.
Signed-off-by: Luka Perkov <luka.perkov@sartura.hr>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
By setting lxc.network.hwaddr to something like fe:xx:xx:xx:xx:xx each
"x" will be replaced by a random value. If less significant bit of
first byte is "templated", it will be set to 0.
This change introduce also a common randinit() function that could be
used to initialize random generator.
Signed-off-by: gza <lxc@zitta.fr>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
