- remove legacy binaries
- conditionalize creation of docs and tests for the command line tools and the
shared library helper commands
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This allows users to only compile the shared libray without having to compile
any of the command line tools or command helpers for the shared library.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This reverts commit 7995662124.
Before we can merge something like this we need to have it be behind a
configure flag and quite probably be an opt-in feature (--enable-pam).
This should fix Jenkins, PPA builds and the current binary conflicts
between the lxcfs and lxc package builds (snap and archive).
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
This moves pam_cgfs from the LXCFS repo into the LXC repo. This will allow us
to share a bunch of code between the cgroup backends and the pam module. The
next step obviously is to share code.
Closes#1307.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Since we write the label directly without going through the AppArmor API it
doesn't make sense to link against it.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The existing check doesn't work, because when you statically
link a program against libc, any functions not called are not
included. So cap_init() which we check for is not there in
the built binary.
So instead just check whether a "gcc -lcap -static" works.
If libcap.a is not available it will fail, if it is it will
succeed.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
- Merge dhclient-start and dhclient-stop into a single hook.
- Wait for a lease before returning from the hook.
- Generate a logfile when LXC log level is either DEBUG or TRACE.
- Rely on namespace file descriptors for the stop hook.
- Use settings from /<sysconf>/lxc/dhclient.conf if available.
- Attempt to cleanup if dhclient fails to shutdown properly.
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
Add new hooks leveraging dhclient from the host to automatically
configure the container interfaces. This is especially useful for
application containers which rely on an IPAM driver for network
configuration (e.g. Docker).
Signed-off-by: Jonathan Calmels <jcalmels@nvidia.com>
Some toolchains which are not bionic like uclibc does not support
prlimit or prlimit64. In this case, return an error.
Moreover, if prlimit64 is available, use lxc implementation of prlimit.
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Closes#1813
This adds preliminary (but working) support for creating application
containers from OCI formats. Examples:
create a container from a local OCI layout in ../oci:
sudo lxc-create -t oci -n a1 -- -u oci:../oci:alpine
Or, create a container pulling from the docker hub.
sudo lxc-create -t oci -n u1 -- -u docker://ubuntu
The url is specified in the same format as for 'skopeo copy'.
Comments appreciated.
Signed-off-by: Serge Hallyn <shallyn@cisco.com>
This is the cause of the unnecessary extraneous slashes when creating cgroups.
Our lxc.system.conf page also clearly shows "lxc/%n" as example, not "/lxc%n".
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This adds lxc.limit.<name> options consisting of one or two
colon separated numerical values (soft and optional hard
limit). If only one number is specified it'll be used for
both soft and hard limit. Additionally the word 'unlimited'
can be used instead of numbers.
Eg.
lxc.limit.nofile = 30000:32768
lxc.limit.stack = unlimited
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Currently it is impossible to build lxc with --disable-capabilities if
the user has libcap-dev installed on his system as:
- calls to cap_xxx functions are not protected by HAVE_LIBCAP defines.
The whole file is only protected by HAVE_SYS_CAPABILITY_H.
- AC_CHECK_LIB default action-if-found is overriden by [true] so
HAVE_LIBCAP is never written to config.h
This patch replaces all HAVE_SYS_CAPABILITY_H checks by HAVE_LIBCAP
checks (fix#1361)
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Before the change build failed on Gentoo as:
bdev/lxclvm.c: In function 'lvm_detect':
bdev/lxclvm.c:140:4: error: implicit declaration of function 'major' [-Werror=implicit-function-declaration]
major(statbuf.st_rdev), minor(statbuf.st_rdev));
^~~~~
bdev/lxclvm.c:140:28: error: implicit declaration of function 'minor' [-Werror=implicit-function-declaration]
major(statbuf.st_rdev), minor(statbuf.st_rdev));
^~~~~
glibc plans to remove <sys/sysmacros.h> from glibc's <sys/types.h>:
https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html
Gentoo already applied glibc patch to experimental glibc-2.24
to start preparingfor the change.
Autoconf has AC_HEADER_MAJOR to find out which header defines
reqiured macros:
https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Headers.html
This change should also increase portability across other libcs.
Bug: https://bugs.gentoo.org/604360
Signed-off-by: Sergei Trofimovich <siarheit@google.com>
Previously HAVE_LIBGNUTLS was never set in config.h even if gnutls was
detected as AC_CHECK_LIB default action-if-found was overriden by
enable_gnutls=yes
This patch adds an --enable-gnutls option and will call AC_CHECK_LIB
with the default action to write HAVE_LIBGNUTLS in config.h
Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
