Serge Hallyn
e3a3fecfe7
cgfsng: set cpuset clone_children if needed
...
Sigh.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-08 12:49:52 -08:00
Stéphane Graber
6374c9ec63
Merge pull request #881 from hallyn/2016-03-08/cgfsng.1
...
cgfsng: enter/escape error msgs: differentiate and add errno
2016-03-08 12:04:41 -05:00
Serge Hallyn
d3b00a8f48
cgfsng: enter/escape error msgs: differentiate and add errno
...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-08 09:02:52 -08:00
Serge Hallyn
4ca12a5925
Merge pull request #880 from stgraber/master
...
Remove trailing newlines in log
2016-03-08 08:08:53 -08:00
Stéphane Graber
1c9da8dac4
Remove trailing newlines in log
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-08 09:51:01 -05:00
Stéphane Graber
d551c8cb3f
Merge pull request #879 from hallyn/2016-03-07/debug.aa
...
prevent containers from reading /sys/kernel/debug
2016-03-07 22:13:24 -05:00
Serge Hallyn
537188a8ee
prevent containers from reading /sys/kernel/debug
...
Unprivileged containers cannot read it anyway, but also prevent root
owned containers from doing so. Sadly upstart's mountall won't run
if we try to prevent it from being mounted at all.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-07 19:10:58 -08:00
Stéphane Graber
215486610e
change version to 2.0.0.rc7 in configure.ac
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-07 18:47:50 -05:00
Stéphane Graber
892560848d
Fix dist tarball to include lxc-devsetup
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-07 18:31:27 -05:00
Stéphane Graber
5e8b3276d0
change version to 2.0.0.rc6 in configure.ac
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-07 18:20:40 -05:00
Stéphane Graber
47ee660e46
Merge pull request #875 from hallyn/cgfsng
...
cgfsng: next generation filesystem-backed cgroup implementation
2016-03-07 16:24:44 -05:00
Serge Hallyn
43647298b6
cgfsng: try to chown tasks and cgroup.procs
...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-07 12:58:21 -08:00
Serge Hallyn
554cd166d2
Merge pull request #878 from stgraber/master
...
Fix apparmor
2016-03-07 12:09:36 -08:00
Stéphane Graber
164484ce6c
Merge pull request #872 from clopez/lxc-devsetup-sysvinit-upstart
...
Execute script lxc-devsetup also with sysvinit and upstart.
2016-03-07 15:02:39 -05:00
Stéphane Graber
056f8bba0d
Properly update the generated apparmor profiles
...
Some changes happened but the final profiles weren't generated...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-07 15:01:17 -05:00
Stéphane Graber
eab570bcaf
Revert "allow cgroupfs mounts under /sys/fs/cgroup"
...
This reverts commit 833bf9c2b2
2016-03-07 15:00:05 -05:00
Serge Hallyn
41c33dbec5
cgfsng: print debuginfo if LXC_DEBUG_CGFSNG env variable is set
...
Note this is printing to stdout because it runs before logging is setup.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-07 11:24:41 -08:00
Serge Hallyn
aca7dc6fec
cgfsng - remove the code checking whether devices cgroup lines are already done
...
We may need to revert this, but I *think* we no longer need this
with default configs. The idea iirc was that if caller cannot
write to devices.allow (i.e. is in a user namespace), then ignore
permission failures if the cgroups are already sufficiently setup.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-07 11:17:20 -08:00
Serge Hallyn
d30ec4cbc2
comment fixups
...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-07 11:04:30 -08:00
Stéphane Graber
6a814f486f
Merge pull request #876 from d4s/upstream
...
Added ALTLinux distribution.
2016-03-07 12:56:26 -05:00
Serge Hallyn
c0888dfe26
chmod container cgroup 775
...
so that container root can create sub-cgroups
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-06 01:52:04 -08:00
Denis Pynkin
5c60f99037
Added ALTLinux distribution.
...
- Added ALTLinux distribution.
- Updated template for ALTLinux Sisyphus
Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>
2016-03-05 16:50:32 +03:00
Serge Hallyn
95adfe9316
cgfsng: print error when reaching 1000 failed cgroup creations
...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-05 00:38:54 -08:00
Serge Hallyn
235f1815ab
use strchr in place of index bc bionic
...
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-05 00:36:14 -08:00
Serge Hallyn
a8a0f65d24
Merge pull request #873 from brauner/bugfix_branch
...
lxc-attach: fix redirection - stderr
2016-03-04 20:19:46 -08:00
Serge Hallyn
ccb4cabe02
cgfsng: next generation filesystem-backed cgroup implementation
...
This makes simplifying assumptions: all usable cgroups must be
mounted under /sys/fs/cgroup/controller or /sys/fs/cgroup/contr1,contr2.
Currently this will only work with cgroup namespaces, because
lxc.mount.auto = cgroup is not implemented. So cgfsng_ops_init()
returns NULL if cgroup namespaces are not enabled.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-04 18:19:30 -08:00
Christian Brauner
8d1ea53785
tests: add lxc-test-attach-test
...
Test if the various types of I/O redirection work with lxc-attach.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-05 00:50:34 +01:00
Christian Brauner
d96556572c
lxc-attach: fix redirection - stderr
...
So that we can do things like:
lxc-attach -n a -- sh -c 'echo ERR >&2' > /dev/null
There seems to be no easy way to discern when we need to write to stderr
instead of stdout when we receive an event on the master fd of an allocated
pty. So we're using a "trick"/"hack". We write to STDOUT_FILENO if it refers to
a pty. If STDOUT_FILENO does not refer to a pty we check whether STDERR_FILENO
refers to a pty and if so write to it.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-05 00:38:39 +01:00
Carlos Alberto Lopez Perez
a8c7106328
Execute script lxc-devsetup also with sysvinit and upstart.
...
* This script sets /dev/.lxc which is needed for autodev containers.
* Previously was only executed with systemd. Execute it also with
the other init systems (sysvinit and upstart)
Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>
2016-03-04 18:37:27 +01:00
Christian Brauner
6861fb2291
Merge pull request #871 from ysbnim/master
...
doc: Update Korean lxc-attach(1) and lxc-copy(1), Improve lxc-unshare(1)
2016-03-04 09:54:43 +01:00
Sungbae Yoo
b922759db9
doc: improve lxc-unshare(1)
...
Explain that the pipe symbol needs to be escaped for -s.
Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
2016-03-04 12:01:15 +09:00
Sungbae Yoo
aef119a3fa
doc: improve Korean lxc-attach(1)
...
Explain that the pipe symbol needs to be escaped for -e and -s.
Update for commit 759d521
2016-03-04 11:55:03 +09:00
Sungbae Yoo
273b3837ce
doc: add copy hook explanation to Korean lxc-copy(1)
...
Update for commit cc0607a
2016-03-04 11:28:27 +09:00
Stéphane Graber
b5e6a3768c
change version to 2.0.0.rc5 in configure.ac
...
Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
2016-03-03 10:58:28 -05:00
Stéphane Graber
e31d0f819e
Merge pull request #868 from brauner/bugfix_branch
...
console.{c.h}: add/improve documentation
2016-03-03 10:50:53 -05:00
Christian Brauner
22926b3971
console.{c.h}: add/improve documentation
...
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-03 16:04:17 +01:00
Christian Brauner
c9f5f3598e
Merge pull request #867 from tenforward/plamo
...
plamo: Update release version and repository for getting packages
2016-03-03 11:21:41 +01:00
KATOH Yasufumi
64600fe355
plamo: Update release version and repository for getting packages
...
Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
2016-03-03 18:42:05 +09:00
Christian Brauner
130dae08d6
Merge pull request #866 from tenforward/japanese_man
...
Update Japanese lxc-attach(1) and lxc-copy(1)
2016-03-03 10:16:28 +01:00
KATOH Yasufumi
352470062e
doc: improve Japanese lxc-attach(1)
...
Explain that the pipe symbol needs to be escaped for -e and -s.
Update for commit 759d521
2016-03-03 16:25:09 +09:00
KATOH Yasufumi
79dff39e89
doc: add copy hook explanation to Japanese lxc-copy(1)
...
Update for commit cc0607a
2016-03-03 16:13:35 +09:00
Stéphane Graber
dfc7616801
Merge pull request #865 from hallyn/2016-03-02/cgfs.rmperms
...
2016 03 02/cgfs.rmperms
2016-03-02 19:59:23 -05:00
Serge Hallyn
a17d94a593
lxc-test-unpriv: try to start the container a second time
...
We have nothing else testing this, and it was a real regression in lp
bug 1552355.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-02 16:17:17 -08:00
Serge Hallyn
77afbedf09
cgfs: don't try to remove cgroups we haven't created
...
info_ptr->created_paths_count can be 0, so don't blindly dereference
info_ptr->created_paths[ created_paths_count - 1]. Apparently we never
used to have 0 at the cleanup_name_on_this_level before, but now that
we can fail with -eperm and not just -eexist, we do.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-02 16:11:14 -08:00
Serge Hallyn
4fee80f9d7
cgfs: be less verbose
...
don't always warn about unused cgroups, it's noisy and not helpful
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-02 15:23:33 -08:00
Serge Hallyn
6a9e0f26fe
cgfs: switch to userns when removing cgroup
...
Otherwise unprivileged users may not have the privilege needed to
remove their cgroups.
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2016-03-02 14:24:34 -08:00
Stéphane Graber
de232a51d7
Merge pull request #864 from brauner/bugfix_branch
...
Add features/small improvements to man pages (lxc-attach, lxc-copy)
2016-03-02 10:04:04 -05:00
Christian Brauner
a372480c34
lxc-copy: update help to include hook options
...
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-02 14:14:06 +01:00
Christian Brauner
cc0607a931
lxc-copy: add copy hook explanation to manpage
...
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-02 14:09:56 +01:00
Christian Brauner
759d521b1f
lxc-attach: small improvements to manpage
...
Explain that the pipe symbol needs to be escaped for -e and -s.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
2016-03-02 12:48:38 +01:00
