Currently when a container is shut down, lxc walks the set of all
cgroup paths it created, in reverse order, and tries to remove them.
This doesn't suffice if the container has also created new cgroups.
It'd be impolite to recursively remove all the cgroup paths we created,
since this can include '/lxc' and thereunder all other containers
started since.
This patch changes container shutdown to only delete the container's own
path, but do so recursively. Note that if we fail during startup,
the container won't have created any cgroup paths so it the old
way works fine.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a new template called "download". It's a fairly simple
template with a minimal set of dependency which will grab any pre-built
image available on https://images.linuxcontainers.org
Note that the serverside is still work in progress (missing SSL support).
Access is done over https by default with a warning being emitted if
fallback to http was required (may be needed for testing, when behind
proxy and with private servers). All index files and tarballs are
gpg-signed with the default pubkeyid contained in the template itself.
The main benefit of this template is to be entirely
distribution-agnostic, any template that can be integrated with the
server build infrastructure will then work on any LXC machine when using
the download template. This template is also compatible with user
namespaces and will hopefully help widden the number of distros that may
work in unprivileged LXC.
This commit also bundles a small change to the template configs to have
the ubuntu template (used by the download template) to work with
unprivileged LXC.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This should be the last change of name for those options. This change
basically move them all to lxc.bdev.<backend>.<option>.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
If /proc/self/ns does not exist, then preserve_ns was failing to
initialize the saved_ns[i] to -1. This caused attach_ns() to try
and attach, and of course fail.
Initialize the saved ns values before returning an error.
The return values of preserve_ns and attach_ns were also being
ignored. Honor them.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Instead of having one function for each possible key in lxc.conf which
doesn't really scale and requires an API update for every new key,
switch to a generic lxc_get_global_config_item() function which takes a
key name as argument.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This is a first step in bringing the lxc.conf configfile in line with
the container's format.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The old version of lxc-ls is the wrapper of ls(1). But now it is
python script, so "see also ls(1)" is not needed.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Change all instances of "unsigned long" where referring to a bdev size
to uint64_t; this fixes some overflows on 32-bit machines, where
"unsigned long" is uint32_t. Support all unit-sizes supported by LVM
except 's' and 'e' [bkmgt]. Print a warning and use default bdev-size if
invalid unit-size specified.
Signed-off-by: Stephen Ayotte <stephen.ayotte@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
On suse we have the header in a subdir inside /usr/include, so
pkgconfig has to be used to find out proper CFLAGS.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This happens for instance if you run a test under sudo which
then runs lxc commands under 'su - <someuser>'
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
doxygen and graphviz causes travis vm to download ~400 MB from internet
and causes travis builds to timeouts occasionally.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Debian and Ubuntu uses docbook2x-man, but some other distr like suse
uses docbook-to-man. I think all of them should work on LXC.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- use this in the busybox template since busybox's init expects
to receive SIGUSR1 to halt
- fix lxc.stopsignal to be output by write_config so lxcapi_clone()
and lxcapi_save_config() will output it
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
On my Ubuntu 13.10 system, lxc-ps was always giving empty output. The
output of /proc/$initpid/cgroup was
11:name=systemd:/user/1000.user/c3.session
10:hugetlb:/container
9:perf_event:/container
8:blkio:/container
7:freezer:/container
6:devices:/container
5:memory:/container
4:cpuacct:/container
3:cpu:/container
2:cpuset:/container
Using the cpuset line should be a safer option.
Signed-off-by: Nick Huber <nicholashuber@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This makes the arguments between lxc-stop and lxc-autostart more
consistent, so that --shutdown doesn't have two different meanings.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
* lxc-attach(1): Update to the status of kernel 3.8 or higher
* lxc-create(1), lxc-destroy(1): Now lxc-ls don't have "-l" option, so remove
* lxc(7): update description of lxc-ls and lxc-info to current version
* see-also: fix lxc(1) to lxc(7)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Add pthread_atfork check to configure.ac and uses it when necessary,
Introduces tls.m4 macro for checking thread-local storage support, Puts
values array into thread-local storage
(lxc_global_config_value@src/lxc/utils.c), Removes
static_lock/static_unlock from LXC code.
Lastly, it introduces a warning for bionic users about multithreaded
usage of LXC.
(requires 64b1be2903 to be reverted first)
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This reverts commit 64b1be2903.
Reverting in preparation for another implementation which is
bionic-compatible.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This change updates the way init scripts get installed so that more
than one init system can be supported. Instead of installing the
systemd service file from the spec file, it should be installed at
make install time, so that someone compiling from source also gets
the unit file installed.
Update the plamo template to use a lock file not named just
/var/lock/subsys/lxc since the presence of that file is used by
sysv init rc file to know if it should run the K01lxc script. This
also makes it consistent with the other templates which use
/var/lock/subsys/lxc-$template-name.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane noticed that lxc-snapshot of a dir-backed container
created an overlayfs container. The expectation is that the
user can continue to modify the original container and later make
a new snapshot, but this doesn't work with the existing behavior -
the overlayfs clone will end up with the modified contents.
So add a 'LXC_CLONE_KEEPBDEVTYPE' flag, which c->snapshot()
passes to c->clone().
Also add a LXC_CLONE_MAYBE_SNAPSHOT. If this is set and a
backing store does not support snapshotting, then proceed with
a copy clone.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
It is desirable to have a mode where a soft shutdown is requested,
but then do a hard shutdown if after some time period the container
has not shut down. This the default behaviour of lxc-stop, but is
not currently possible with lxc-autostart. This change makes this
the default behaviour when shutdown is specified to lxc-autostart.
This will be very useful for init scripts.
An indefinte wait for soft shutdown (though I'm not sure how that
would be useful) is still possible by passing a timeout of 0.
Change default timeout value to 60 seconds to match lxc-stop
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Additional logic for dealing with container shutdown / reboot
Fix a problem with CentOS containers and legacy Fedora (<16) containers
not shutting down or rebooting properly. Copy /etc/init.d/halt to
/etc/init.d/lxc-halt, deleting everything from the "hwclock save" and
all after and append a force halt or reboot at the end of the new
script, to prevent reexecing init. Link that script in as
S00lxc-halt in rc0.d and S00lxc-reboot in rc6.d to intercept the
shutdown process before it gets to S01halt / S01reboot causing the hang.
Fixed some typos in the CentOS template that were introduced in the
previous patch for hwaddr settings and missed in regression testing.
Cleaned up some instruction typos and tabs from previous patch.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Mark most of functions that are used within only one file as static.
After 95ee490bbd it's easy to prove they
are not in public API.
Several arrays and structs are also marked static.
This prevents them from being exported from liblxc.so
List of removed previously exported symbols:
bdevs
btrfs_ops
check_autodev
create_partial
dir_ops
dump_stacktrace
get_mapped_rootid
get_next_index
lock_mutex
loop_ops
lvm_ops
lxc_abort
lxcapi_clone
lxc_attach_drop_privs
lxc_attach_get_init_uidgi
lxc_attach_getpwshell
lxc_attach_remount_sys_pr
lxc_attach_set_environmen
lxc_attach_to_ns
lxc_clear_saved_nics
lxc_config_readline
lxc_devs
lxc_free_idmap
lxc_global_config_value
lxc_poll
lxc_proc_get_context_info
lxc_set_state
lxc_spawn
mk_devtmpfs
mount_check_fs
ongoing_create
overlayfs_destroy
overlayfs_ops
prepend_lxc_header
remove_partial
save_phys_nics
setup_pivot_root
signames
static_mutex
thread_mutex
unlock_mutex
unpriv_assign_nic
zfs_ops
Signed-off-by: Andrey Mazo <mazo@telum.ru>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This reverts commit 84e9e19793, because
it breaks bionic builds. The patch is desirable so hopefully we can
come up with a solution or alternate patch soon.
* Improve Japanese translation
* Fix mis-translation
* Insert linefeed between paragraph, because some paragraph is too
long, so sometimes git send-email could not use.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- Add doxygen and graphviz for the API doc build.
- Pass --enable-tests to have the tests built (off by default)
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Backported typo fixes from CentOS template back to Fedora Template
Bumped default rev from Fedora 18 to Fedora 19
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This deals with a reported issue when running and building containers
on a CentOS host system.
Fixed various typos in version checking when running on a CentOS system.
Added logic for differences between point releases (6.5) and rolling (6).
Added version detection logic when running on RHEL systems as well.
Fixed cpe detection string (CentOS is not adhering to their own registration).
Added logic to disable the pam_loginuid.so binary in containers.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
After 95ee490bbd they are not in public
API and are not used throughout the lxc codebase.
This has a bonus of removing workaround for bionic.
Signed-off-by: Andrey Mazo <mazo@telum.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
patch /etc/inittab in plamo container to shutdown when it receives SIGPWR.
(By default, plamo shutdowns to single user mode after 5minutes)
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Travis is a free hosted CI platform for the open source community. It integrates
well with github and enables continous builds/tests for both repository itself
and all the pull requests so that one can quickly see the result of the possible
merge.
This yml file is one of the few required steps to enable travis-ci support for
LXC github repo. One of you guys still need to sign in travis-ci through GitHub OAuth
and enable travis support from its profile page https://travis-ci.org/profile
As an example https://travis-ci.org/caglar10ur/lxc-upstream/builds/15872074 can be seen
changes since v1;
- All external dependencies are now innstalled via before_install section
- Dropped all configure flags as Stéphane suggested
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
