Using $(date) for LXC_GENERATE_DATE has various flaws:
* formating depends on the locale of the system we execute configure on
* the output is not really a date but more a timestamp
Let's use $(date --utc '+%Y-%m-%d') instead.
While at it, also support SOURCE_DATE_EPOCH [1] to make the build
reproducible
[1] https://reproducible-builds.org/specs/source-date-epoch/
Signed-off-by: Evgeni Golov <evgeni@debian.org>
* This script sets /dev/.lxc which is needed for autodev containers.
* Previously was only executed with systemd. Execute it also with
the other init systems (sysvinit and upstart)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
New template script is more readable and robust, uses cache and external
LXC config file as other templates.
Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>
- lxc-clone and lxc-start-ephemeral are marked deprecated. We add a
--enable-deprecated flag to configure.ac allowing us to enable these
deprecated executables
- update tests to use lxc-copy instead of lxc-clone
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
lxc-ls nowadays is a C binary so there's no need to keep the python and
shell versions around anymore, remove them from the branch and cleanup
documentation and Makefiles.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Linux for SPARC is a free community Linux distribution for SPARC hosted by Oracle. See : https://oss.oracle.com/projects/linux-sparc
While the distribution is based on Oracle Linux it does have some differences and since it's not actually Oracle Linux I decided to add a separate template rather than having the Oracle Linux template also support Linux for SPARC.
This patch adds the lxc-template for Linux for SPARC and it also adds Linux for SPARC in the configure.ac as a distribution target to build.
Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Add support for new target plamo to specify the linux distribution.
Plamo Linux uses sysvinit.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Newer kernels have added a new restriction: if /proc or /sys on the
host has files or non-empty directories which are over-mounted, and
there is no /proc which fully visible, then it assumes there is a
"security" reason for this. It prevents anyone in a non-initial user
namespace from creating a new proc or sysfs mount.
To work around this, this patch adds a new 'nesting.conf' which can be
lxc.include'd from a container configuration file. It adds a
non-overmounted mount of /proc and /sys under /dev/.lxc, so that the
kernel can see that we're not trying to *hide* things like /proc/uptime.
and /sys/devices/virtual/net. If the host adds this to the config file
for container w1, then container w1 will support unprivileged child
containers.
The nesting.conf file also sets the apparmor profile to the with-nesting
variant, since that is required anyway. This actually means that
supporting nesting isn't really more work than it used to be, just
different. Instead of adding
lxc.aa_profile = lxc-container-default-with-nesting
you now just need to
lxc.include = /usr/share/lxc/config/nesting.conf
(Look, fewer characters :)
Finally, in order to maintain the current apparmor protections on
proc and sys, we make /dev/.lxc/{proc,sys} non-read/writeable.
We don't need to be able to use them, we're just showing the
kernel what's what.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
and don't use it if not. This fixes failure to build with older
cgmanager.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
