Author of the patch : Jonathan Liu <???> posted as a bug fix on the lxc
sourceforge website.
OS: Arch Linux 32-bit
/etc/init.d/rcS do not use full path to syslogd, mount and udhcpc executables.
As busybox requires /proc mounted if CONFIG_BUSYBOX_EXEC_PATH="/proc/self/exe"
to run these commands without full path, the full path should be used in the
startup script as /proc is mounted later in the script.
It also fails to start the machine if /lib64 does not exist on the host system
as there is a mount entry for /lib64 in the config.
The attached patch changes commands in /etc/init.d/rcS to use full path and
adds a check for /lib64 on host before adding lib64 mount entries to config.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Let's export the 'container' variable and let init receive it
as a kernel command line option.
In the upstart init scripts, we can distinguish if we are in a
container context or not.
===============================================================================
# /dev/console - getty
#
# This service maintains a getty on /dev/console from the point the
# system is started until it is shut down again.
# It only runs in lxc containers.
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
env container
pre-start script
[ "x$container" != "xlxc" ] && { stop; exit 0; }
exit 0;
end script
respawn
exec /sbin/getty -8 38400 /dev/console
===============================================================================
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We use udev within these containers and we prevent the /dev files
to be created with the cgroup whitelist. So when the udevd receives
the event from the kernel, it will fail to create some nodes in /dev
and will spit error on the console.
We set the log level to zero, so udev will silently fail.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Rename 'ubuntu' template to 'lucid'
Add new maverick and natty templates, which do much less tweaking
of the environment. These should only be used on a kernel which
supports sysfs tagging for /sys/class/net, as udev will be running
in the container.
The natty template needed to slightly change the installed packages
for dhclient to be correclty installed.
Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Each network interface was brought up regardless of the configuration,
as the wrong boolean operator was being used to test the IFF_UP flag.
Signed-off-by: David Ward <david.ward@ll.mit.edu>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
We should always have the veth host's side up, otherwise if we omit
the up flag in the configurationn, letting the container to configure
its interface, the network will be never enabled as the host's side
is not up.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Dear all,
while setting up a container on x86_64 (archlinux host/guest) I had trouble
with mounting dev/pts and others from container.fstab and a ssh login does not
work (only ssh container bash -i gives you a shell)
The cause is that conf.c does not initialize mntflags.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Change the mount point in the rootfs because we mount the rootfs
in ROOTFSDIR for the pivot. We have to substitute the real mount
path to the new path located in ROOTFSDIR.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Change the code to encapsulate the different mounts point.
* mount on the host fs
* mount relatively to the rootfs
* mount absolutely to the rootfs (broken)
That will make the code cleaner to fix the latter.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Set the function prototype to static as it is not exported and used
somewhere else in the code than this file.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
The following patch fixes the bug where the clone_children compatibility
flag is available with the ns_cgroup subsystem. The 2.6.37 kernel version
should be the only one which is concerned by this modification, please
refer to Documentation/feature-removal-schedule.txt and look for ns_cgroup.
The problem is coming from we check for clone_children and we set it
automatically and then we try to create a new cgroup. As the
ns_cgroup is present the cgroup already exists and we are not allowed
to attach our pid to a new cgroup. The next error will be when we try
to create a new container because we enabled the clone_children flag
and the ns_cgroup is present, it is not allowed by the kernel.
The patch fix this by checking the mount options.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
If the ns_cgroup does not exist, we use the clone_children feature.
Everytime a cgroup is created, we set this compatibility flag and we create
the cgroup manually and add the child task to the cgroup.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
For both the ns_cgroup and the usual cgroup creation, we have to
check if a previous does not exist and remove it if it is empty.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Why not chdir into the root of container right when
the root filesystem is (bind-)mounted, and let all
mount entries to be relative to the container root?
Even more, to warn if lxc.mount[.entry] contains
absolute path for the destination directory (or a
variation of this, absolute and does not start with
container root mount point)?
This way, all mounts will look much more sane, and
it will be much easier to move/clone containers -
by changing only lxc.rootfs.
I do it this way locally since the beginning, by
chdir'ing to the proper directory (rootfs) before
running lxc-start (in a startup script), but this
is now broken in 0.7.3 which bind-mounts rootfs
somewhere in /usr/lib/lxc.
Signed-off-by: Michael Tokarev<mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Add support for `dirsync' mount option. MS_DIRSYNC is on of the
mount(2) mountflags so don't send it as extra mount option to avoid:
lxc-start: Invalid argument - failed to mount ...
errors.
Signed-off-by: Sergey S. Kostyliov <rathamahata@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Don't close the socket when we ask for a console, otherwise this will
make the console slot to be freed, so the next console will use the same
slot leading to an erratic behavior.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
We don't want to drop the capabilities when we are root because that
leads to some problems. For exemple, sudo lxc-start -n foo -o $(tty) fails with
"permission denied".
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>
The capability header makes the inclusion of the loop header to
fail. Moving the inclusion of loop.h before capability.h fixes the
problem.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Fix some compilation warnings:
* include caps.h in lxc_checkpoint and lxc_restart
* check the return of the timer notification read
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Change the run_script function to use popen and to redirect
the output of the script to the log file.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This commit adds an configuration option to specify a script to be
executed after creating and configuring the network used by the
container. The following arguments are passed to the script:
* container name
* config section name (net)
Additional arguments depend on the config section employing a
script hook; the following are used by the network system:
* execution context (up)
* network type (empty/veth/macvlan/phys)
Depending on the network type, other arguments may be passed:
veth/macvlan/phys:
* (host-sided) device name
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
This patch allows to specify an image or a block device.
The image or the block device is mounted on rootfs->mount.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
In the case we use an image for rootfs, if we need to do extra mount
from the host to the rootfs, we have to specify the place where the
image is mounted. This value is configured by the user with the
lxc.rootfs.mount otherwise defaulting to @LXCROOTFSMOUNT@. Let's
export this variable to pkg-config, so the user can use it to build
a correct path to the rootfs.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
