This removes any existing uid check in the python3 binding and tools,
replacing those by .controllable where appropriate.
Extra checks are also added to make lxc-ls work as a user, returning as
much information as can possibly be retrieved.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This moves vim back to the default list of packages, drops the duplicate
ssh entry which means that unless extra packages are passed through
--packages, container creation won't invoke apt-get anymore.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Otherwise one cannot create two containers with different releases
(let's say saucy [cached] and raring [not caced]) if both are not
cached on the local filesystem already. The lock blocks cached
one to move forward until not cached one finishes it's downloads.
Fix that by seperating locks using release names
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
While char is a signed type and should have no trouble
storing a "-1" value, getopt_long() will return a value of 255
instead of -1. This has been noticed on powerpc; there's also
some upstream talk about it at [1].
Change variable type from char to int, since it's also the
documented use.
[1] http://stackoverflow.com/questions/17070958/c-why-does-getopt-return-255-on-linux
Signed-off-by: Bogdan Purcareata <bogdan.purcareata@freescale.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Change paths in fstab to be relative to the root and fix a wrong
rootfs_path value.
Signed-off-by: Serge Logvinov <serge.logvinov@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Once lxc-monitord receives a quit request from lxc-monitor, it will then
return from the mainloop every time an event occurs on any of its fds and
check if it has any clients left. When there are no more it exits. This
allows lxc-monitord to quit immediately instead of waiting the normal 30
seconds for more clients, potentially freeing up lxcpath for unmounting.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Adding the epoll events allows the handler to determine what events
happened on the fd.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This introduces a new /usr/share/lxc/config directory containing common
configuration snippets.
The two Ubuntu templates are then simplified to just include the
relevant entries avoiding a whole lot of hardcoded cgroup, capabilities
and mount points configuration.
An extra comment is also added at the top of all generated configuration
files telling the user to look at lxc.conf(5) for more information.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Just like we already had "optional", this adds two new LXC-specific
mount flags:
- create=dir (will do a mkdir_p on the path)
- create=file (will do a mkdir_p on the dirname + a fopen on the path)
This was motivated by some of the needed bind-mounts for the
unprivileged containers.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
NetworkManager at least expects all veth devices to be called veth*
otherwise it'll consider them as physical interface and try to do DHCP
on them.
This change makes lxc-user-nic use the same function that we use for LXC
itself which will give us standard vethXXXXX kind of interfaces.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
It is now natively implemented in C, the new function takes the same
arguments (same order, different names) and has been confirmed to work
with lxc-device.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Currently, all scripts, specified as "lxc.network.script.up", inherit
lxc-execute's signal mask.
This, for example, includes blocked SIGALRM signal which, in turn, makes
alarm(2), sleep(3) and setitimer(2) functions silently unusable in all programs,
invoked in turn by the "lxc.network.script.up".
To fix this, run_buffer() should restore default signal mask prior to
executing "lxc.network.script.up".
A naive implementation would temprorary unblock all signals just before
calling popen() and block them back immediately after it.
But that would result in an immediate delivery of all pending signals just
after their unblocking.
Thus, we should restore default signal mask exactly in child (after fork())
just before calling exec().
To achieve this, a home-brewed popen() alternative is needed.
The added lxc_popen() and lxc_pclose() are mostly taken from glibc with
several simplifications (as we currently need only "re" mode).
The implementation uses Linux-specific pipe2() system-call,
which is only available since Linux 2.6.27 and supported by glibc since
version 2.9 (according to pipe(2) man-page), but this shouldn't be a
problem as lxc requires a fairly recent kernel too.
lxc_popen()/lxc_pclose() are meant to be direct replacements for their
stdio counterparts, so they perform no process_lock() locking
themselves. (as fopen_cloexec() does)
All existing users of popen()/pclose() are converted to the new
lxc_popen()/lxc_pclose().
(mazo: don't clear close-on-exec flag for parent's end;
place the new functions in utils.c;
convert bdev.c to use the new functions;
coding style fixes;
comments fixes;
commit message tweaks)
Signed-off-by: Ivan Bolsunov <bolsunov@telum.ru>
Signed-off-by: Andrey Mazo <mazo@telum.ru>
This removes all but the following headers from our includes:
- attach_options.h
- lxccontainer.h
- version.h
This also removes the duplicate lxc_version function (lxc_get_version
has been preferred for a while).
lxclock.h is now considered private.
As a result quite a lot of files needed addition of extra includes
previously inherited from lxclock.h.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
So that applications can get the LXC version number at compile time.
This can be used to make applications/bindings that support compiling against
multiple versions of LXC.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds the same code to the Debian-based templates (Ubuntu and Ubuntu
Cloud) and also avoids a needless fork.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
