From: Daniel Lezcano <dlezcano@fr.ibm.com>
Expand the configure variable specifying the directories in order to use
them directly in the scripts.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added a directory called 'scripts' where is stored two helpers.
The first one allows to create a mini debian container and the
second one to create a sshd container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the script lxc-debian to the package.
This command allows to debootstrap a debian minimal and configure a container
to run it. Several debian can be installed by invoking the command with a
different container name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the plugin header for the checkpoint/restart.
That will allow to integrate different CR solutions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Make the script to call itself, so we can unshare the mount points safely,
they will be automatically unmounted when the command finish.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
lt-lxc-unshare <options> [command]
Options are:
-f : fork and unshare (automatic when unsharing the pids)
-m : unshare the mount points
-p : unshare the pids
-h : unshare the utsname
-i : unshare the sysv ipc
-n : unshare the network
-u <id> : unshare the users and set a new id
if -f or -p is specified, <command> is mandatory)
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add sys admin capability to lxc-netstat to mount /proc/net.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove annoying compilation messages and fix tty for the restart.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When an user tries to look at the pids or network information belonging
to a container not owned by the user. The command silently fails, I changed
that to check the read permission, display an error and exit.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the readonly and noexec options for the mount points.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Retrieve the ttyname and pass it to the lxc_setup function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the setup information to create a console. This temporary code will
be improved to take into account ttys and console.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the ability to do netstat from outside of the container to see
network resources used by the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Return the error code when the exec fails in the child process, that
decreases the granularity of the error given to the user.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Matt Helsley <matthltc@us.ibm.com>
Use the pkgconfig to locate in the lxc scripts the place where .../var/lxc
is.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Disable the test programs compilation by default in order to reduce the
compilation time when generating rpm and dist.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
The man lxc.7 being complete enough, I copy the man to the README file.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Generate the man pages only if the docbook tool is available.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the different man pages for the lxc commands. The generation of the
man pages relies on the docbook tool.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
This modification change the lxc-ps command and adds the lxc-ls command.
The lxc-ps command takes the container name argument and shows the processes
belonging to the specified container. The usual ps argument can be passed to
the lxc-ps to change the output.
Examples:
lxc-ps -n foo --forest
lxc-ps -n foo -o pid=
The lxc-ls command list the container name available on the system. This is
useful to retrieve information for each container.
Examples:
for i in $(lxc-ls); do
lxc-info -n $i
lxc-ps -n $i --forest
done
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Return a lxc-error when for the lxc_configure and lxc_setup function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the most known error to the different API to be followed up by the
caller, so we can later show a better message to the user when something
goes wrong. The error catching is coarse grain right now but will be improved,
step by step.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the error codes and the corresponding strings to the liblxc, so
the error raised to the user can be more understandable.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Do some cleanup in the lxc.h file, remove dead code and move definition to
the right place.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the kill container processes code because it can be implemented with
a very few scripting lines
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Setup the control group when executing the container.
Remove the dead code.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
The future kernel version will automatically autodestroy the network devices
when the network namespace exits. This is not the case for the current version.
In order to handle the both cases, I added a configuration option to disable
the network destruction when the container exits:
--disable-network-destroy
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
This modification change the configuration format. Instead of creating
a 'cgroup' directory with a file per controller, a single file is used
to store the different value for the control groups. That allows to assign
several values to the same controller like "devices.allow" and keep the same
assignation order as defined in the configuration.
In order to keep compatibility, when the old cgroup format is detected, it
is automatically converted to the new format.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When no command is specified is specified for lxc-start, the "/sbin/init"
is automatically used.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Previously, we dropped the CAP_SYS_BOOT capabilty. Unfortunatly if we are
non root user, we are not able to do that. So I had the CAP_SETPCAP to
lxc-execute and lxc-start command line to remove this capabilty.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
