Do as much as possible to allow containers switching from non-systemd to
systemd to work as intended (but nothing that will cause side effects).
Use update-rc.d disable instead of remove so the init scripts are not
re-enabled when the package is updated
Signed-off-by: Cameron Norman <camerontnorman@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Containers with systemd need a somewhat special setup, which I borrowed
and adapted from lxc-fedora. These changes are required so that Debian 8
(jessie) containers work properly, and are a no-op for previous Debian
versions.
Signed-off-by: Antonio Terceiro <terceiro@debian.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Fix a typo in the lines inserted in the default sources.list.
Change the default mirror to http.debian.net which is (supposedly) more
accurate and better than cdn.debian.net for a generic configuration.
Use security.debian.org directly for the {release}/updates repository.
Signed-off-by: Gu1 <gu1@aeroxteam.fr>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
/etc/mtab doesn’t exist after bootstrapping a debian container, and will
be created as regular file after first start.
That leads to at least two errors:
- output of `mount` is wrong and get messed up the more often you
start/stop the container
- /dev/pts/ptmx has wrong permissions
Signed-off-by: Holger Amann <holger@sauspiel.de>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
For all templates except lxc-ubuntu-cloud and lxc-download, detect not
only --mapped-uid but also --mapped-gid and error out. Detecting will
not be done after -- parameter because of non-option parameters.
Also, change the mode of lxc-archlinux.in 100755 to 100644.
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Only the download and ubuntu-cloud templates work with unprivileged
containers, for all others, detect --mapped-uid and error out as early
as possible, recommending the use of the download template.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- [[ ]] -> [ ]
- == -> =
- source -> .
- redirect of fd 200 is error in mksh, use fd 9
- &> /dev/null -> > /dev/null 2>&1
- useless function keyword
- echo -e -> printf
still left bash shebang which did not validate with checkbashism, mostly
due 'type' being reported as bashism
Signed-Off-By: Elan Ruusamäe <glen@delfi.ee>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
This adds the same code to the Debian-based templates (Ubuntu and Ubuntu
Cloud) and also avoids a needless fork.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
1. implement bdev->create:
python and lua: send NULL for bdevtype and bdevspecs.
They'll want to be updated to pass those in in a way that makes
sense, but I can't think about that right now.
2. templates: pass --rootfs
If the container is backed by a device which must be mounted (i.e.
lvm) then pass the actual rootfs mount destination to the
templates.
Note that the lxc.rootfs can be a mounted block device. The template
should actually be installing the rootfs under the path where the
lxc.rootfs is *mounted*.
Still, some people like to run templates by hand and assume purely
directory backed containers, so continue to support that use case
(i.e. if no --rootfs is listed).
Make sure the templates don't re-write lxc.rootfs if it is
already in the config. (Most were already checking for that)
3. Replace lxc-create script with lxc_create.c program.
Changelog:
May 24: when creating a container, create $lxcpath/$name/partial,
and flock it. When done, close that file and unlink it. In
lxc_container_new() and lxcapi_start(), check for this file. If
it is locked, create is ongoing. If it exists but is not locked,
create() was killed - remove the container.
May 24: dont disk-lock during lxcapi_create. The partial lock
is sufficient.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Don't allow write to /dev/rtc0, and remove sys_time.
Thanks, Christoph.
v2: drop sys_time, sys_module, mac_admin and mac_override in
all templates.
Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com>
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
According to "arch"'s manpage, it's identical to "uname -m".
Some distros ship uname but don't ship arch, however all distros ship uname,
therefore it makes sense to use "uname -m" whenever possible.
Signed-off-by: Christian Bühler <christian@cbuehler.de>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Move to per-template lock (except for oracle that's per-container).
Also ensure that the path used for the lock is relative to LOCALSTATEDIR.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This commit updates all scripts using mixed indent to a consistent
4 spaces indent.
In the past quite a few of those scripts used tabs to instead of 8 spaces or
instead of 4 spaces, sometimes mixing those in the same line and sometimes
changing the tab width within the same file.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This updates all the templates and the configuration files to consistently
use "key = value" everywhere.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
I'm not sure whether we want this: is -H ubiquitous?
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Michael H. Warfield <mhw@WittsEnd.com>
Acked-by: Dwight Engen <dwight.engen@oracle.com>
Make 'dir' an explicit backing store type, which accepts '--dir rootfs'
as an option to specify a custom location for the container rootfs. Also
update lxc-destroy to now remove the rootfs separately, as removing
@LXCPATH@/$name may not hit it.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
The DHCP client should be isc-dhcp-client, not isc-dhcp-server.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This adds a SIGINIT and SIGPWR handler in the default inittab for
the Debian template. This allows lxc-shutdown/lxc-restart and their API calls
to properly shutdown or reboot the container.
Signed-off-by: Rex Tsai (蔡志展) <rex.tsai@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
LXC has optional apparmor support, default profile is lxc-container-default.
This change adds a commented "lxc.aa_profile = default" line to all templates,
uncommenting this will bypass apparmor for the container.
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Just wait until the lock is available. That is a nicer behavior
for concurrent lxc-creates.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
At the same time, allow lxc.mount.entry to specify an absolute target
path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev.
Otherwise all such entries are ignored for blockdev-backed containers.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
1. Some templates copy the cached pristine rootfs using 'cp a b' where b is
$lxc_path/$name/rootfs. That doesn't do the right thing if rootfs already
exists, as it will when it is an lvm or other mount. So switch to
'rsync a/ b/'. (cp can be made to work too of course).
2. Update lxc-create to support backing stores. For now only lvm is
implemented.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab
entry, which is getting processed first, did not specify -o newinstance.
This can cause the host's devpts entry mount options to change, as in
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
