From: Daniel Lezcano <dlezcano@fr.ibm.com>
The main difference between lxc_start and lxc_execute is the latter creates
an intermediate process to wait for all the childs. That allows to support
daemons or orphan process group for the pid namespace.
Having such difference makes the code to be duplicate between the two
functions. So instead of doing this, I create an intermediate <init> program
which is in charge to launch the specified command. This command is the
lxc-init program taking different options:
--mount-procfs : mount the proc filesystem before exec'ing the command
--mount-sysfs : mount the sys filesystem before exec'ing the command
A double dash indicates the end of the options of lxc-init and the beginning
of the command to be launched.
To summarize:
* lxc_execute function is no more.
* lxc-execute command uses the lxc_start function and launch the specified
command via lxc-init
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
From: Daniel Lezcano <dlezcano@fr.ibm.com>
CONTRIBUTING file give the guidelines to submit patches to this project.
MAINTAINERS contains the maintainer name and mailing list to send the patches.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Remove the CAP_SYS_BOOT capability from the bouding set, so we can poweroff,
halt, reboot the container safely without shutting down the real host.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
To allow user to properly configure the location of lxcpath (/var/lxc),
it should be build based on variable 'localstatedir' instead of 'prefix'.
By default, localstatedir=$prefix/var
localstatedir can be set by the user during configure:
./configure --localstatedir=/var
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
relies on the file capabilities, when the lxc commands are installed, the
sys/net admin capabilities are given to these files. These capabilities are
not available for the application running inside the container.
compiled the kernel. It relies on /proc/config.gz, if it is not compiled,
the command will simply fail.
If a feature is missing but not mandatory, "disabled" keyword will appear
in yellow, if it is mandatory, it will appear in "red", otherwise the key
word "enabled" will appear in green.
several readers can attend the events from one or several containers.
The syntax of the command has been enhanced to interpret regular expressions.
If you want to monitor foo, lxc-monitor -n foo is the right command. If you
want to monitor foo and bar, you should specify lxc-monitor -n "foo|bar",
if you want to monitor all containers with the name beginning with 'foo',
you have to specify lxc-monitor -n "foo.*". More complex regexp can be specified
in accordance with the POSIX definitions, man regex (7).
The lxc-execute command will automatically create a new container and destroy
it when it dies. If a configuration file is specified and the container does
not exists, the container is created with the configuration file and destroyed
when it dies.
