lxc-ps and lxc-netstat have an unfortunate tendency to break every so
often, produce mostly unreadable output and should be replaced by a
lxc-attach call in 99% of the cases.
In an effort to cleanup the lxc-* namespace, I think those two should
go, so this patch gets rid of them as well as any reference to them in
our documentation.
I also think that lxc-version should disappear as it's only a one line
shell script printing the version string, so having a whole command just
for that seems to be a bit of a waste.
Instead, this patch introduces a new --version common option which all
binaries will automatically inherit and that'll print LXC_VERSION on
stdout and exit 0.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This adds a basic bash auto-completion profile.
It supports 3 things at this time:
- Auto-complete of container name (-n or -o)
- Auto-complete of template name (-t)
- Auto-complete of state names (-s)
It's configured in a way to be as little disruptive as possible, any
argument that's not explicitly handled by the profile will fallack to
bash's default completion.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This updates the Fedora and CentOS templates to utilize a common
included config. This is largely based on the changes in the Oracle
template with some exceptions.
Dropping of setpcap (present in the Oracle template) is commented out in
the Fedora template. It seems to cause problems, such as large login
delays with Fedora 20 containers (but not Fedora 19 - strange).
The Fedora template is further modified to disable systemd-journald.service
as it is unnecessary in a container and causes serious problems when
running in a Fedora 20 container.
The Fedora template is also updated to default to Fedora 20 when running
on a non-Fedora host.
Regards,
Mike
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Checkpoint/restart isn't currently supported, so let's not carry those
binaries around until we have proper CRIU support in the API.
lxc-kill is redundant with lxc-stop -k and has been known to confuse user.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This adds the 3 upstart jobs that we've had in Ubuntu for a while:
- lxc.conf: Main upstart job, triggers lxc-net.conf based on config
- lxc-instance.conf: Triggered by lxc.conf for each auto-started container
- lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ...
In addition, there are two extra config files in /etc/default:
- lxc: Allows setting some values like http proxying, disabling autostart, ...
- lxc-net: Network configuration for the lxcbr0 bridge
This change also disables the sysv script for all distros but Oracle as
the current script won't work on either Ubuntu nor Debian and I suspect
quite a few more distros, so it's not nearly as distro-agnostic as we
thought.
For Debian, only install the upstart jobs and systemd unit.
For Ubuntu, only install the upstart jobs.
This change also moves all the init related stuff to config/init/
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This patch splits out most of the cgroupfs-specific code, so that
cgroup-manager versions can be plugged in. The case I did
not handle is cgroup_enter at lxc_attach. I'm hoping that case can
be greatly simplified, but will worry about it after fleshing out the
cgroup manager handlers.
This also simplify the freezer functions.
This seems to not regress my common tests when running without
cgmanager, but I'd like to do a bit more testing before pushing.
However I was hoping to get some more eyes on this so am sending it
out now.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a new template called "download". It's a fairly simple
template with a minimal set of dependency which will grab any pre-built
image available on https://images.linuxcontainers.org
Note that the serverside is still work in progress (missing SSL support).
Access is done over https by default with a warning being emitted if
fallback to http was required (may be needed for testing, when behind
proxy and with private servers). All index files and tarballs are
gpg-signed with the default pubkeyid contained in the template itself.
The main benefit of this template is to be entirely
distribution-agnostic, any template that can be integrated with the
server build infrastructure will then work on any LXC machine when using
the download template. This template is also compatible with user
namespaces and will hopefully help widden the number of distros that may
work in unprivileged LXC.
This commit also bundles a small change to the template configs to have
the ubuntu template (used by the download template) to work with
unprivileged LXC.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
On suse we have the header in a subdir inside /usr/include, so
pkgconfig has to be used to find out proper CFLAGS.
Signed-off-by: Jiri Slaby <jslaby@suse.cz>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Debian and Ubuntu uses docbook2x-man, but some other distr like suse
uses docbook-to-man. I think all of them should work on LXC.
Signed-off-by: Qiang Huang <h.huangqiang@huawei.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Add pthread_atfork check to configure.ac and uses it when necessary,
Introduces tls.m4 macro for checking thread-local storage support, Puts
values array into thread-local storage
(lxc_global_config_value@src/lxc/utils.c), Removes
static_lock/static_unlock from LXC code.
Lastly, it introduces a warning for bionic users about multithreaded
usage of LXC.
(requires 64b1be2903 to be reverted first)
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This change updates the way init scripts get installed so that more
than one init system can be supported. Instead of installing the
systemd service file from the spec file, it should be installed at
make install time, so that someone compiling from source also gets
the unit file installed.
Update the plamo template to use a lock file not named just
/var/lock/subsys/lxc since the presence of that file is used by
sysv init rc file to know if it should run the K01lxc script. This
also makes it consistent with the other templates which use
/var/lock/subsys/lxc-$template-name.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This introduces a new lxc-autostart binary (and associated manpage)
which will let you start/shutdown/kill/restart any container that's
marked as lxc.start.auto=1. It respects the lxc.start.delay value,
sorts by lxc.start.order and filters by lxc.group.
By default it'll affect all containers that DO NOT have lxc.group
set. If -g is specified, ONLY containers in those group will be
affected. To have a command applied to all containers, the -a
argument can be used.
A -L flag is also offered for distributions wishing to start the
containers themselves while still using LXC's calculated order and
wait delays. Instead of performing the action, it'll print the container
name and (if relevant for the action) the wait time.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit does the following changes:
- Disable rpath by default
- Switch all of our options to --enable-FEATURE in the help
- Add auto-detection of libcap availability
- Add auto-detection of python3 availability
- Always specify the default value in --help
- Add a configuration overview at the end
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This introduces a new /usr/share/lxc/config directory containing common
configuration snippets.
The two Ubuntu templates are then simplified to just include the
relevant entries avoiding a whole lot of hardcoded cgroup, capabilities
and mount points configuration.
An extra comment is also added at the top of all generated configuration
files telling the user to look at lxc.conf(5) for more information.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
So that applications can get the LXC version number at compile time.
This can be used to make applications/bindings that support compiling against
multiple versions of LXC.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds an lxc-centos template for crreating CentOS 5+ templates. It
does NOT create CentOS 4 or earlier containers as these are way past
end of life and no longer supported. It is based on the work of
Fajar A. Nugraha <github@fajar.net> who modified an earlier Fedora
template. His work has been brought LARGELY into congruence with
the current Fedora template. It still lacks the distro agnostic
bootstrap and systemd code from the Fedora template but those should
only be relevant with CentOS 7 when that can of worms pops open
sometime next year or so.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Always build lxc-usernsexec. Else we require having uidmap
installed on the build host for no good reason. And we never
actually used the NEWUIDMAP path we detected.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Conflict occurs between following lines
[...]
269 if (values[i])
270 return values[i];
[...]
and
[...]
309 /* could not find value, use default */
310 values[i] = (*ptr)[1];
[...]
fix it using a specific lock dedicated to that problem as Serge suggested.
Also introduce a new autoconf parameter (--enable-mutex-debugging) to convert mutexes to error reporting type and to provide a stacktrace when locking fails.
Signed-off-by: S.Çağlar Onur <caglar@10ur.org>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
We want to ensure smooth upgrades when doing rpm -U throughout the
release cycle so this change implements the scheme documented at:
http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The latest Mandriva distro release was in 2011 and nowadays distro named
OpenMandriva Lx.
Signed-off-by: Alexander Khryukin <alexander@mezon.ru>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
changelog v3:
Make sure to only read one ip address from container.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Currently, a maximum of one LSM within LXC will be initialized and
used. If in the future stacked LSMs become a reality, we can support it
without changing the configuration syntax and add support for more than
a single LSM at a time to the lsm code.
Generic LXC code should note that lsm_process_label_set() will take
effect "now" for AppArmor, and upon exec() for SELinux.
- fix Oracle template mounting of proc and sysfs, needed when using SELinux
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Character encoding of Japanese man pages is UTF-8. But docbook-utils
can't treat it (and don't have --encoding option that use in
Makefile). So change to Japanese man pages is not generated when
docbook-utils is used.
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Search for Lua if no --enable-lua/--disable-lua specified but continue
without if not found.
If --enable-lua is specified and Lua is not found then return error.
If --disable-lua is specified, then don't search for Lua.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
When there is no --enable-lua or --with-lua-pc, Lua should not be
enabled.
This fixes a bug introduced with 12e93188 (configure/makefile:
Allow specify Lua pkg-config file with --with-lua-pc) that caused
configure script to fail if lua headers was missing.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua
pkg-config package name. By default it will use 'lua' and try figure
out which version it is.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We use confstr to grab the default PATH value. If it's not there, just
use a standard one with bin and sbin for /, /usr and /usr/local.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
initstate/random doesn't work on bionic, srand/rand works on everything,
so let's use that.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This adds a local ifaddrs implementation to be used on Bionic or other C
libraries that don't come with a getifaddrs implementation.
This code was written by Kenneth MacKay and is under a two-clause BSD
license (copyright information in the file headers).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fix build with automake 1.14 and newer, since it requires explicit
setting now.
Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
It uses the newuidmap and newgidmap program to start a shell in
a mapped user namespace. While newuidmap and newgidmap are
setuid-root, lxc-usernsexec is not.
If new{ug}idmap are not available, then this program is not
built or installed. Otherwise, it will be used to support creating,
starting, destroying, etc containers by unprivileged users using
their authorized subuids and subgids.
Example:
usernsexec -m u:0:100000:1 -- /bin/bash
will, if the user is authorized to use subuid 100000, start a
bash shell in a user namespace where 100000 on the host is
mapped to root in the namespace, and the shell is running as
(privileged) root.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Define a sha1sum_file() function in utils.c. Use that in lxcapi_create
to write out the sha1sum of the template being used. If libgnutls is
not found, then the template sha1sum simply won't be printed into the
container config.
This patch also trivially fixes some cases where SYSERROR is used after
a fclose (masking errno) and missing consts in mkdir_p.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
And use it in place of the various ways we were deducing /etc/lxc/default.conf.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
configure/makefile: rename default_conf to distro_conf, since it is a per-distro
default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to
refer to the installed file.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
1. implement bdev->create:
python and lua: send NULL for bdevtype and bdevspecs.
They'll want to be updated to pass those in in a way that makes
sense, but I can't think about that right now.
2. templates: pass --rootfs
If the container is backed by a device which must be mounted (i.e.
lvm) then pass the actual rootfs mount destination to the
templates.
Note that the lxc.rootfs can be a mounted block device. The template
should actually be installing the rootfs under the path where the
lxc.rootfs is *mounted*.
Still, some people like to run templates by hand and assume purely
directory backed containers, so continue to support that use case
(i.e. if no --rootfs is listed).
Make sure the templates don't re-write lxc.rootfs if it is
already in the config. (Most were already checking for that)
3. Replace lxc-create script with lxc_create.c program.
Changelog:
May 24: when creating a container, create $lxcpath/$name/partial,
and flock it. When done, close that file and unlink it. In
lxc_container_new() and lxcapi_start(), check for this file. If
it is locked, create is ongoing. If it exists but is not locked,
create() was killed - remove the container.
May 24: dont disk-lock during lxcapi_create. The partial lock
is sufficient.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This requires implementing bdev->ops->destroy() for each of the backing
store types. Then implementing lxcapi_clone(), writing lxc_destroy.c
using the api, and removing the lxc-destroy.in script.
(this also has a few other cleanups, like marking some functions
static)
Changelog:
fold into destroy: fix zfs destroy
destroy: use correct program name in help
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
implement c->reboot(c) in the api.
Also if the container is not running, return -2. Currently
lxc-stop will return 0, so you cannot tell the difference
between successfull stopping and noop.
Per stgraber's email:
- Remove lxc-shutdown
- Change lxc-stop so that:
* Default behaviour is to call shutdown(), wait 15s for STOPPED, if
not STOPPED, print a message to the user and call stop() [ NOTE:
actually 60 seconds per followup thread]
* We have a -r option to reboot the container (with proper check that
the container indeed rebooted within the next 15s)
* We have a -s option to shutdown the container without the automatic
fallback to stop()
* Add a -k option allowing a user to just kill a container
(equivalent to old lxc-stop, no shutdown() call and no delay).
and update manpages.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Add a template to create a cirros container. One great thing about
cirros is that the image you download is 3.5M.
Thanks smoser!
Note by default /etc/inittab doesn't have a /dev/console entry, so you
don't get a login on the lxc-start console. Adding
console::respawn:/sbin/getty 115200 console
makes that work, but ctrl-c still gets forwarded to init which then
reboots. So I didn't bother adding console as part of the template
(yet). Instead I simply lxc-start -d, then lxc-console.
Signed-off-by: Scott Moser <scott.moser@canonical.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
1. commonize waitpid users to use a single helper. We frequently want
to run something in a clean namespace, or fork off a script. This
lets us keep the function doing fork:(1)exec(2)waitpid simpler.
2. start a blockdev backend implementation. This will be used for
mounting, copying, and snapshotting container filesystems.
3. implement btrfs, lvm, directory, and overlayfs backends.
4. For overlayfs, support a new lxc.rootfs format of
'bdevtype:<extra>'. This means you can now use overlayfs-based
containers without using lxc-start-ephemeral, by using
lxc.rootfs = overlayfs:/readonly-dir:writeable-dir
5. add a set of simple clone testcases
6. Write a new lxc_clone.c based on api clone.
Still to do (there's more, but off top of my head):
1. support zfs, aufs
2. have clone handle other mount entries (right now it only clones
the rootfs)
3. python, lua, and go bindings (not me :)
4. lxc-destroy: if lvm backing store, check for snapshots of it.
(what about directories which have overlayfs clones?)
Changes since v2:
Initialize random generator when picking new macaddr (reported
by caglar@10ur.org)
Fix wrong use of bitmask flags
On copy-clone of btrfs, create a subvolume
lxc_clone.c: respect the command line usage of the old script
lxc-clone(1): update documentation
Refuse to try changing backing stores expect to overlayfs, as
it is not implemented (yet) anyway.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Conflicts:
src/lxc/utils.h
Commit 69fe23ff added checking for the older docbook2man back into
configure, but this breaks building the docs on at least Oracle Linux and
Fedora when docbook2X is not installed as docbook2man will be found but the
docs don't actually build with that tool.
This change makes it so the docs can be built with either the older
docbook2man or the newer 2X tools by using configure to set the dtd
string to an appropriate value depending on use of docbook2man or
db2x_docbook2man.
Also fixed a small error in lxc-destroy.sgml.in that was noticed
by the old tools.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
This adds docbook2man as an alternative name for the docbook compiler.
As that name was used on Debian based systems for an older version of the tool,
this change also adds a check so that docbook2man is never used on Debian based
systems.
Reported-by: Peter Simons <simons@cryp.to>
Reported-by: Christian Bühler christian@cbuehler.de
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
When we install lxc by manual (configure; make; make install),
all files are installed under /usr/local/. Configuration files
and setting files of containers are stored under /usr/local/ too,
however, only log files are stored under /var/log/ not
/usr/local/var/log.
This patch changes the default log path to $localstatedir/log/lxc
(by default $localstatedir is /usr/local/var) where is an ordinary
directory, which is probably expected and unsurprising.
Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Debian 5.0 Lenny turned out of support on the 6th of February 2012.
From now on, the only supported Debian template is lxc-debian.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The python api test script was using @LXCPATH@ for one of its checks.
Now that the lxcpath is exposed by the lxc python module directly, this
can be dropped and api_test.py can now become a simple python file without
needing pre-processing by autoconf.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
got link error liblxc.so: undefined reference to `clock_gettime'
clock_gettime is used by lxclock.c and is in librt, or bionic libc.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
We've been shipping those two hooks for a while in Ubuntu.
Yesterday I reworked them to use the new environment variables and
avoid hardcoding any path that we have available as a variable.
I tested both to work on Ubuntu 13.04 but they should work just as well
on any distro shipping with the cgroup hierarchy in /sys/fs/cgroup and
with ecryptfs available.
Those are intended as example and distros are free to drop them, they
should however be working without any change required, at least on Ubuntu.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Use AC_SEARCH_LIBS to detect what library provides sem_*.
This allows us to stop hardcoding the ld arguments in the various MakeFiles.
Suggested-by: Natanael Copa <ncopa@alpinelinux.org>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS.
This is needed for automake-1.13.
Signed-off-by: Natanael Copa <ncopa@alpinelinux.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Also fix some tabs-as-spaces in lxc_unshare.c itself.
lxc-unshare: run usage() on '-h'
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
And doing so pointed out a bug in lxc-clone itself - it claims
default fssize is 2G. It's not.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
As discussed earlier this week, lxc-setcap and lxc-setuid have been
in pretty bad shape lately. Most if not all distros recommend against
using them or don't ship them at all.
With the ongoing work to get user namespaces working in upstream LXC,
we think it's best to drop those two now as we prepare to land proper
setuid helpers to deal with user namespaces.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Here is a patch to introduce a configurable system-wide
lxcpath. It seems to work with lxc-create, lxc-start,
and basic python3 lxc usage through the api.
For shell functions, a new /usr/share/lxc/lxc.functions is
introduced which sets some of the basic global variables,
including evaluating the right place for lxc_path.
I have not converted any of the other python code, as I was
not sure where we should keep the common functions (i.e.
for now just default_lxc_path()).
configure.ac: add an option for setting the global config file name.
utils: add a default_lxc_path() function
Use default_lxc_path in .c files
define get_lxc_path() and set_lxc_path() in C api
use get_lxc_path() in lua api
create sh helper for getting default path from config file
fix up scripts to use lxc.functions
Changelog:
feb6:
fix lxc_path in lxc.functions
utils.c: as Dwight pointed out, don't close a NULL fin.
utils.c: fix the parsing of lxcpath line
lxc-start: print which rcfile we are using
commands.c: As Dwight alluded to, the sockname handling was just
ridiculous. Clean that up.
use Dwight's recommendation for lxc.functions path: $datadir/lxc
make lxccontainer->get_config_path() return const char *
Per Dwight's suggestion, much nicer than returning strdup.
feb6 (v2):
lxccontainer: set c->config_path before using it.
convert legacy lxc-ls
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This will soon be followed by the introduction of a "real" system wide
/etc/lxc/lxc.conf storing global LXC settings.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The lua binding is based closely on the python binding. Also included are
a test program for excercising the binding, and an lxc-top utility for
showing statistics on running containers.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Until now, if a lxc-* (i.e. lxc-start) command did not specify a logfile
(with -o logfile), the default was effectively 'none'. With this patch,
the default becomes a per-container log file.
If a container config file specifies 'lxc.logfile', that will override
the default. If a '-o logfile' argument is specifed at lxc-start,
then that will override both the default and the configuration file
entry. Finally, '-o none' can be used to avoid having a logfile at
all (in other words, the previous default), and that will override
a lxc.logfile entry in the container configuration file.
If the user does not have rights to open the default, then 'none' will
be used. However, in that case an error will show up on console. (We
can work on removing that if it annoys people, but I think it is
helpful, at least while we're still ironing this set out) If the user
or container configuration file specified a logfile, and the user does
not have rights to open the default, then the action will fail.
One slight "mis-behavior" which I have not fixed (and may not fix) is
that if a lxc.logfile is specified, the default logfile will still
get created before we read the configuration file to find out there
is a lxc.logfile entry.
changelog: Jan 24:
add --enable-configpath-log configure option
When we log to /var/lib/lxc/$container/$container.log, several things
need to be done differently than when we log into /var/log/lxc (for
instance). So give it a configure option so we know what to do
When the user specifies a logfile, we bail if we can't open it. But
when opening the default logfile, the user may not have rights to
open it, so in that case ignore it and continue as if using 'none'.
When using /var/lib/lxc/$c/$c.log, we use $LOGPATH/$name/$name.log.
Otherwise, we use $LOGPATH/$name.log.
When using /var/lib/lxc/$c/$c.log, don't try to create the log path
/var/lib/lxc/$c. It can only not exist if the container doesn't
exist. We don't want to create the directory in that case. When
using /var/log/lxc, then we do want to create the path if it does
not exist.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The logfile changes broke lxc-info and possibly more command line
tools. Revert for now until we get those issues addressed.
This reverts commit 74476cf144.
[ Thanks to Stéphane and Dwight for the feedback on the previous patch ]
Until now, if a lxc-* (i.e. lxc-start) command did not specify a logfile
(with -o logfile), the default was effectively 'none'. With this patch,
the default becomes $LOGPATH/<container>/<container>.log. LOGPATH is
specified at configure time with '--with-log-path='. If unspecified, it
is $LXCPATH, so that logs for container r2 will show up at
/var/lib/lxc/r2/r2/log. LOGPATH must exist, while lxc will make sure to
create $LOGPATH/<name>. As another example, Ubuntu will likely specify
--with-log-path=/var/log/lxc (and place /var/log/lxc into
debian/lxc.dirs), placing r2's logs in /var/log/lxc/r2/r2.log.
If a container config file specifies 'lxc.logfile', that will override
the default. If a '-o logfile' argument is specifed at lxc-start,
then that will override both the default and the configuration file
entry. Finally, '-o none' can be used to avoid having a logfile at
all (in other words, the previous default), and that will override
a lxc.logfile entry in the container configuration file.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
The previous implementation of the openpty check was always returning
'no' as openpty is typically defined in util.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
The Python.h header varies in location by distribution, so instead use
pkg-config to ensure the python3 devel package is installed. Tested with
Ubuntu 12.04 and Fedora 17. Fixes --enable-python on Fedora 17.
Signed-off-by: Dwight Engen <dwight.engen@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Bionic (at least) is missing some of the usual mntent functions.
This adds code defining those that we need when they're missing from the C
library.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This adds code detecting the presence of utmpx.h and in its absence, turns the
utmp related functions into no-ops.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Some libc implementation (bionic) is lacking some of the syscall functions
that are present in the glibc.
For those, detect at build time the they are missing and implement a minimal
syscall() wrapper that will essentially give the same result as the glibc
function.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
