Also: disable the interactive part of ovmd so ol5,6 containers won't
hang if started for the first time with -d. Don't let containers do rawio,
or have access to /dev/rtc0, they can mess up the hosts system clock among
other things.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
lxc-start -c makes the named file/device the container's console, but using
this with a regular file in order to get a log of the console output does
not work very well if you also want to login on the console. This change
implements an additional option (-L) to simply log the console's output to
a file.
Both options can be used separately or together. For example to get a usable
console and log: lxc-start -n name -c /dev/tty8 -L console.log
The console state is cleaned up more when lxc_delete_console is called, and
some of the clean up paths in lxc_create_console were fixed.
The lxc_priv and lxc_unpriv macros were modified to make use of gcc's local
label feature so they can be expanded more than once in the same function.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The previous lxc-shutdown change replaced 'kill SIG<name>' by
'kill -s SIG<name>'. Although this works with busybox where it was tested,
this doesn't actually work with all kill implementations. Some requiring just
the signal name without the prefix.
This changes "-s SIG<name>" by just "-s <name>". Tested with busybox and
standard kill.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Let users append a list of packages they want install in the container
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This allows us to lxc-create 32 bit guests on x86_64 hosts.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This allows specifying what repository to use for the container.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Use awk to parse the output pf 'ps' and the tasks files for the
containers.
Use awk fields to find PID column rather than assume that the PID field
is exactly 5 chars wide and has a leading space ' PID'. This works as
long as the PID field is before the command or other field that include
spaces. This also makes it work with busybox 'ps'.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- avoid getopt --longoptions
- use 'which' instead of 'type' to detect existance of tools
- specify -s SIG<signame> with kill
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We now have the possibility to test for a given state. Use this feature
instead of parsing output with grep or awk
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We cannot assume that the mount source name always starts with 'cgroup'
so we check the filesystem type instead.
Use 'awk' instead of 'grep -E' and as it is a better tool for this job.
This fixes the tool on systems using openrc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We cannot assume that the mount source name always starts with 'cgroup'
so we check the filesystem type instead.
Use 'awk' instead of 'grep -E' and as it is a better tool for this job.
This fixes the tool on systems using openrc.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Use arch-install-scripts for installation.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- use case .. in instead of comparison with globs
- avoid 'local'
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- avoid getopt --longoptions
- use 'which' instead of 'type' to detect existance of tools
- use 'grep -q -w' instead of bash substring variable expansion
${line:0:18}
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
- use case .. in instead of comparison with globs
- avoid 'local'
While here, also avoid 'find ... -printf' which is not supported on busybox
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Clear env before starting a container. Do it right before setting
the container=lxc variable.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
(I'll be out until Jan 2, but in the meantime, here is hopefully a
little newyears gift - this seems to allow lxc-start with / being
MS_SHARED on the host)
When / is MS_SHARED (for instance with f18 and modern arch), lxc-start
fails on pivot_root. The kernel enforces that, when doing pivot_root,
the parent of current->fs->root (as well as the new root and the putold
location) not be MS_SHARED.
To work around this, check /proc/self/mountinfo for a 'shared:' in
the '/' line. If it is there, then create a tiny MS_SLAVE tmpfs dir to
serve as parent of /, recursively bind mount / into /root under that dir,
make it rslave, and chroot into it.
Tested with ubuntu raring image after doing 'mount --make-rshared /'.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Currently, lxc-destory will attempt to destroy a container if it is not in
the RUNNING state, but doing so is not good when the container is FROZEN, or
in other transitional states.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
If you start more than one lxc-start/lxc-execute with the same name at the
same time, or just do an lxc-start/lxc-execute with the name of a container
that is already running, lxc doesn't figure out that the container with this
name is already running until fairly late in the initialization process: ie
when __lxc_start() -> lxc_poll() -> lxc_command_mainloop_add() attempts to
create the same abstract socket name.
By this point a fair amount of initialization has been done that actually
messes up the running container. For example __lxc_start() -> lxc_spawn() ->
lxc_cgroup_create() -> lxc_one_cgroup_create() -> try_to_move_cgname() moves
the running container's cgroup to a name of deadXXXXXX.
The solution in this patch is to use the atomic existence of the abstract
socket name as the indicator that the container is already running. To do
so, I just refactored lxc_command_mainloop_add() into an lxc_command_init()
routine that attempts to bind the socket, and ensure this is called earlier
before much initialization has been done.
In testing, I verified that maincmd_fd was still open at the time of lxc_fini,
so the entire lifetime of the container's run should be covered. The only
explicit close of this fd was in the reboot case of lxcapi_start(), which is
now moved to lxc_fini(), which I think is more appropriate.
Even though it is not checked any more, set maincmd_fd to -1 instead of 0 to
indicate its not open since 0 could be a valid fd.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
For example doing "lxc-execute -n tmpct /bin/bash" will call setup_kmsg(), but
in this case rootfs->mount/dev directory doesn't even exist so the call to
symlink fails with ENOENT. Commit f62b3449 made this failure not fatal, but
we should not even try it when we know it will fail. See similar code in
setup_tty(), setup_console(), etc.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Update add_device_node to use the new set_cgroup_item call instead
of having to figure out the cgroup paths and update the entries manually.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Updates the binding for the two new functions.
This also fixes some problems with the argument checking of
get_config_item that'd otherwise lead to a segfault.
The python binding for set_cgroup_item and get_cgroup_item are pretty
raw as lxc has little control over the cgroup entries.
That means that we don't try to interpret lists as we do for the config
entries.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The python binding was forcing the user to pass a base path to
get_keys() even though the C binding doesn't require it.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
set_cgroup_item takes a pointer to a running container, a cgroup subsystem
name, and a char *value and it mimicks
'lxc-cgroup -n containername subsys value'
get_cgroup_item takes a pointer to a running container, a a cgroup
subsystem name, a destination value * and the length of the value being
sent in, and returns the length of what was read from the cgroup file.
If a 0 len is passed in, then the length of the file is returned. So
you can do
len = c->get_cgroup_item(c, "devices.list", NULL, 0);
v = malloc(len+1);
ret = c->get_cgroup_item(c, "devices.list", v, len);
to read the whole file.
This patch also disables the lxc-init part of the startone test, which
was failing because lxc-init has been moved due to multiarch issues.
The test is salvagable, but saving it was beyond this effort.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This restores an old behaviour where lxc-create can be called without
a template. In such case, only a minimal configuration is built and no
rootfs is created. However the various backingstore code is still used.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Switch the python scripts to using @LXCPATH@.
According to grep, this was the last occurence of a /var/*/lxc
path in the code.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Move to per-template lock (except for oracle that's per-container).
Also ensure that the path used for the lock is relative to LOCALSTATEDIR.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Use LOCALSTATEDIR to generate the path to the cache.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit updates all scripts using mixed indent to a consistent
4 spaces indent.
In the past quite a few of those scripts used tabs to instead of 8 spaces or
instead of 4 spaces, sometimes mixing those in the same line and sometimes
changing the tab width within the same file.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This updates all the templates and the configuration files to consistently
use "key = value" everywhere.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
