lxc_log_init() should be called in each main() of a command
to define the default log priority and log file.
Signed-off-by: Cedric Le Goater <legoater@free.fr>
Acked-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
exclude generated tarball from git managed files
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This is required to be able to make the build
on a machine that mount lxc source but not all
machine filesystem.
.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Set the close on exec flag on the pty fd so they are automatically
closed when execing the container.
Signed-off-by: Môshe van der Sterre <me@moshe.nl>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hello,
It took me some thinking to figure out DEVPTS_MULTIPLE_INSTANCES was disabled.
Maybe checking for it in lxc-checkconfig will be helpfull to others.
Greetings,
Môshe van der Sterre
Signed-off-by: Môshe van der Sterre <moshevds@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
At present the 'init' file is deleted from the 'stop' function and
I don't remember why it is done in this place :)
The 'init' file is removed from the 'start' when the first process
has been deleted.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As the state of the container is monitored with the netlink,
the file state is no longer used to watch the state changes.
The previous hack, which adds a tempo of 200ms, is removed and
that makes the container being created, started, stopped, destroyed
faster, we gain 1 second in a container lifecycle. One second is
too much if we launch thousand of containers, one by one like for
example in a tests suite.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch fixes compile warnings: ignoring return value of function,
declared with attribute warn_unused_result, and adds error handling.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The current code assumes that localstatedir is equal to $(prefix)/var,
thus failing for example on debian, where prefix is /usr and
localstatedir is /var. This patch fixes this by expanding LXCPATH just
once in configure.ac to $(localstatedir)/lib/lxc and expanding that
variable everywhere else.
install-exec-local is changed to just do one mkdir -p, and taking into
account of the DESTDIR variable, user for example for packaging.
Changing the permission of LXCPATH is done in lxc-setcap
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
'uname -m' seems to be more general to get the machine's architecture
type. Ubunbu 8.10 (and also all debian based distros?) does not have
arch(1).
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds the mtu option setting for the lxc-fedora script.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds the mtu option setting for the lxc-debian script.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
"I checked lxc-0.6.1 and your commit 75d09f83b8
(set mtu for netdev).
I found a problem of the MTU size of br0. In the current code,
device_set_mtu() is
called after bridge_attach(), so the MTU size of br0 is set to the
default MTU size
of veth0 (i.e., 1500 bytes).
This causes performance degradation as I reported.
We need to modify to call device_set_mtu() before bridge_attach()"
Now that we have the network functions accessible, do not longer
use the lxc_configure_veth, lxc_configure_macvlan and split
the configuration of the veth in order to create it, configure it
and finally attach it to the bridge.
Reported-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Ryousei Takano <takano-ryousei@aist.go.jp>
The network functions are too encapsulated and do not allow
flexibility. Export all these api and prepare the changes for the
next patch to set the mtu.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Hi Daniel,
This patch removes unused variable 'strmtu' and fix an incorrect variable name.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Instead of having the capabilities to be set automatically,
it will be up to the user to set them through a specific
script 'lxc-setcap'.
After installing the lxc tools, if we want them to be available,
for a non-root user, lxc-setcap will set the needed capabilities.
If, after thinking it, we want to remove the capabilities,
the 'lxc-setcap -d' will do this for us.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Acked-by: Guido Trotter <ultrotter@google.com>
When setting the mtu size at the veth creation, the mtu is only set
on one side of the veth tunnel, the one attached to the bridge.
I changed a little the code and added the device_set_mtu function so
it is called after the veth has been created on both side.
That moves the mtu veth specific code inside the veth function creation.
Hopefully this code could be reused later for different future network
configuration (eg. ip tunnel).
The mtu option will be simply ignored in case of macvlan network configuration
because the macvlan network device inherit the mtu of the physical link.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi Daniel,
I resent my patch. I hope to fix folding failure.
This patch allows users to specify the MTU size of the veth interface.
It helps to use jumbo frames on the container.
Changes from v1:
- Fix failing if the 'mtu' is not specified.
- Delete the 'mtu' entry at time of lxc-destroy.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add signalfd and signalfd4 syscall number definitions for powerpc so
that we may compile even with older platform headers.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
s/accessible/accessed/ because the optionality of the possibility is
already expressed by the 'can be' in front of it.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
It might be handy for the user to specify a different kernel config file
to check, perhaps the one of a kernel he's about to build. To allow that
we only set the CONFIG variable if it's not present in the environment
before. Also, if CONFIG is not found and we resort to a different file,
we say it explicitely, to avoid typos on the user's part resulting in
silently checking a different config than the one the user wanted.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The current version of lxc-checkconfig falls back to searching in
/lib/modules/$KVER/build/.config if it doesn't find the config. In some
systems, though, the config will be installed in /boot/config-$KVER, so
we'll look there as well.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Since lxc-init is a helper program, which doesn't have an usage output
and is only going to be called only internally by lxc-execute, we'll
move it to the libexec dir.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The actual behavior is to mount bind the rootfs to a specific location and
chroot to it. If someone did previously some bind mount in the rootfs they
will be lost in the container.
This fix makes the rootfs to have the submounts in the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Hi Daniel,
This patch retrieves info from kernel config in
/lib/modules/`uname -r`/build/.config
unless /proc/config.gz exist
Signed-off-by: Kristian Høgh <kfh.lxc@kfh.dk>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Switch the flags and sp for sys_clone for s390.
Without this, lxc-execute gets a segfault on clone (of course).
With this, it succeeds.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
define s390x signalfd for systems with headers which are too
old.
Signed-off-by: Serge Hallyn <serue@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If sys/signalfd.h does not exist, assume that it does not exist
in glibc, rather than that it exists without a corresponding
header file. Note that this version of the signalfd() wrapper
function (unlike the version in glibc) falls back dynamically to
the old signalfd system call if the signalfd4 system call is not
implemented in the currently-running kernel; the version in glibc
chooses the version of the signalfd system call to make via static
build-time configuration.
Signed-off-by: Michael K Johnson <johnsonm@rpath.com>
Signed-off-by: Daniel Lezcnao <dlezcano@fr.ibm.com>
nbargs isn't used for anything in lxc_unshare.c. Remove it.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the ability to lookup usernames and check uids. Bails out early if the given
uid/name does not exist and avoids using atoi() (which is bad because we can't
tell if it parsed an int or a pumpkin).
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The second const qualifier causes gcc to emit a warning. const char *
should be sufficient.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
On distros with older headers liblxc fails to build because PR_CAPBSET_DROP is
not defined by including /usr/include/sys/prctl.h. This adds an autoconf
test and, if not present, defines it. When prctl() is called on systems that
do not support PR_CAPBSET_DROP we should expect EINVAL. This case is already
handled by the liblxc code so no further changes are needed.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
On Mon, 2009-02-09 at 15:43 -0800, Dan Smith wrote:
> DL> It may be possible to use yum like debootstrap for an minbase
> DL> fedora install.
>
> Yep, something like the following should work:
>
> root=/path/to/tmproot
> mkdir -p $root/var/lib/rpm
> rpm --root $root --initdb
> rpm --root $root -Uvfh --nodeps http://fedora.osuosl.org/linux/releases/10/Fedora/i386/os/Packages/fedora-release-10-1.noarch.rpm
> yum --installroot=$root -y groupinstall Base
Looks familiar! ;) I was intrigued by this idea last weekend so I
started such a script. However I only tested it as far as creating a
semi-correct rootfs. With the exception of network configs most of the
configs are still written as for debian. For example I know the selinux
policy enforcement settings need to move, the inittab needs to be
replaced by the proper upstart configs, etc.
Of course it's based heavily on Daniel's excellent lxc-debian script.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the pts configuration when creating a debian container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
