The hardcoded URL seems to be broken and 404 error was not
checked. Now the mirror is selected from mirrorlist (instead of
hardcoding to funet.fi) and fetch errors are checked.
Also added a retry loop (with 3 tries) to find a working mirror, since
some of the mirrors are not OK.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
There is no i686 variant of Fedora, but Ubuntu seems to return i686
from the arch command.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The text says that 14 is default, but release=14 was not set anywhere
in the script.
Signed-off-by: Tuomas Suutari <tuomas.suutari@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
It prevents containers from getting a good resolv.conf without doing
ifdown eth0; ifup eth0.
(see pad.lv/880020)
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch adds a private argument to extend the struct
lxc_arguments. This is useful to develop custom lxc commands
outside mainline lxc.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch allows to create application containers with liblxc.so directly.
Some code cleanups on the way:
- separate ops for lxc_execute() and lxc_start(): the factorisation is wrong
here as we may have specific things to do if we're running an application
container. It deserves separate ops.
- lxc_arguments_dup() is merged in the pre-exec operation: this is a first
use for the execute op introduced just above. It's better to build the
arguments to execvp() where they're really used.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Cc: Cedric Le Goater <clg@fr.ibm.com>
Otherwise we end up with a bad container fstab and a container
that won't boot. See
https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/879052
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The lxc-ls shell script uses netstat -xa to get a listing of AF_UNIX
sockets it then parses in order to determine the names of presently
running containers. This is wrong because it will list the
listening socket and all sockets created by accepting connections on
that. This causes the script to display the names of containers with
active lxc-console sessions 1 + n times, n being the number of active
console sessions. The patch below fixes this by using netstat -xl
instead which only displays the listening sockets.
Signed-off-by: Rainer Weikusat <rweikusat@mobileactivedefense.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Thought I had sent this before, but I don't find it anywhere.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If multiple cgroups are mounted under /sys/fs/cgroup, then the
original check ends up looking for /sys/fs/cgroup/cgroup.clone_children,
which does not exist because that is just a tmpfs.
So make sure to check an actual cgroupfs.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
/dev/shm is a symlink to /run/shm, so we need /run/shm
to exist in the container rootfs. Also, /dev/mqueue does
not exist on the host, and can't be created by the container.
But we don't really need it so ignore that.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This isn't particularly reassuring, and will be moot with user
namespaces, but as people are asking for it, turn off sys_module.
While we're at it, turn off mac_admin and mac_override.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
End the command with ';', which is needed, and put the hostname in
quotes (which doesn't really seem needed, but shown in man page).
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Commit 92c7f62955 broke the following scipts:
- lxc-setcap
- lxc-setuid
- lxc-create
This patch adds the missing variables to be substitued by the configure
script.
Cheers.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
As discussed in thread:
http://sourceforge.net/mailarchive/forum.php?thread_name=4E5618C3.5060507%40free.fr&forum_name=lxc-devel
We think it's better for now to only warn the user about a fd leaking into
the container. Also remove the call to readlink() as it isn't really useful
now: since the container will start anyway, the user can look into /proc/../fd
or use lsof or whatever.
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch fixes some makefile/specfile issues when running
rpmbuild with the distributed lxc specfile:
- fixes usage of installation directories for config files,
rootfs, templates and lxc-init so that they're calculated
at make time instead of configure time. Thanks to this,
all installed items go under $RPM_BUILD_ROOT when running
rpmbuild
- introduce --disable-rpath option to configure to avoid
check-rpaths errors when building non-root.
- introduce a lxc-libs package in the default spec file
to allow concurrent installation of 32 bit and 64 bit
libraries.
v2: - fix circular reference in lxc.pc
- ship lxc.pc with lxc-devel
Signed-off-by: Greg Kurz <gkurz@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
For veth and macvlan networks, this can look up the host address on the
bridge (link) interface and add a default route on the guest to that
address. This facilitates a typical setup where guests are bridged
together.
syntax:
lxc.ipv4.gateway = auto
lxc.ipv6.gateway = auto
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This directive adds a default route to the guest at startup.
syntax:
lxc.network.ipv4.gateway = 10.0.0.1
lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The setns syscall is now mainstream but the parameter passing changed.
Let's fix that.
The pid namespace and mount namespace attach are missing for the moment.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We don't have to check for the cgroup namespace name because the
pid we are looking for is already in the list of the container owned by
lxc and retrieved from the abstract socket command name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Take into account we may have the clone_children flag on the cgroup,
so we ignore cgroup namespace in this case.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If ns cgroup is mounted, then when lxc-unshare runs, the kernel automatically
creates a new cgroup for the task. So lxc-unshare tries to delete it. But
if ns cgroup is not mounted, that cgroup does not get created, and now
lxc-unshare spits an error.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319
Forwarded: no
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
like lxc-ps and lxc-ls, lxc-netstat breaks if there is not an 'lxc' cgroup
mount and /etc/mtab is not a link to /proc/mounts.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319
Forwarded: no
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The cgroup mounts created by cgroup-bin do not show up in /etc/mtab.
lxc-ls, as lxc-ps before it, assumes that /etc/mtab is symlinked to
/proc/mounts.
Author: Serge Hallyn <serge.hallyn@canonical.com>
Forwarded: no
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/819319
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If the keyword 'none' is specified for the console name, lxc will ignore creating a console.
That allows to have a rootfs but without a console.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If /var/run is a symlink to /run in the container, then opening
/proc/<pid>/root/var/run/utmp will end up opening the host's utmp.
Therefore the hack detecting shutdown through utmp fails.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
