proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-08-14 18:50:40 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
3,014 Commits 6 Branches 17 Tags 29 MiB
C 91.1%
Shell 6.2%
Meson 2.5%
Python 0.2%
d9192f5df7
Go to file
Serge Hallyn d9192f5df7 fix lxc.mount.auto clearing 
the way config_mount was structured, sending 'lxc.mount.auto = '
ended up actually clearing all lxc.mount.entrys.  Fix that by
moving the check for an empty value to after the subkey checks.
Then, actually do the clearing of auto_mounts in config_mount_auto.

The 'strlen(subkey)' check being removed was bogus - the subkey
either known to be 'lxc.mount.entry', else subkey would have been
NULL (and forced a return in the block above).

This would have been clearer if the config_mount() and helper
fns were structured like the rest of confile.c.  It's tempting
to switch it over, but there are subtleties in there so it's
not something to do without a lot of thought and testing.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
2014-10-09 12:31:46 -05:00
config systemd/selinux init scripts fixups 2014-10-08 17:57:33 -04:00
doc doc: Drop lxc.pivotdir from Japanese lxc.container.conf(5) 2014-09-25 16:03:38 -04:00
hooks remove mountcgroup hook entirely 2014-07-17 17:33:45 -05:00
src fix lxc.mount.auto clearing 2014-10-09 12:31:46 -05:00
templates fixups to init script rework 2014-09-29 12:17:11 -04:00
.gitignore fixups to init script rework 2014-09-29 12:17:11 -04:00
.travis.yml travis: Build using the daily PPA 2014-02-12 17:30:12 -05:00
AUTHORS Initial revision 2008-08-06 14:32:29 +00:00
autogen.sh Whitespace fix 2014-02-07 19:36:50 -05:00
configure.ac change version to 1.1.0.alpha1 in configure.ac 2014-10-01 14:23:41 -04:00
CONTRIBUTING Update mailing-list addresses 2013-12-08 17:51:28 -05:00
COPYING Minor documentation updates 2012-12-06 00:02:36 -05:00
INSTALL Minor documentation updates 2012-12-06 00:02:36 -05:00
lxc.pc.in Update maintainers and URLs 2013-10-20 00:48:48 -04:00
lxc.spec.in fixups to init script rework 2014-09-29 12:17:11 -04:00
MAINTAINERS Update mailing-list addresses 2013-12-08 17:51:28 -05:00
Makefile.am Drop runapitests.sh 2014-01-23 14:08:44 -05:00
NEWS Initial revision 2008-08-06 14:32:29 +00:00
README doc: language correction 2014-08-15 21:08:23 -04:00

README 

Please see the COPYING file for details on copying and usage.
Please refer to the INSTALL file for instructions on how to build.

What is lxc:

  The container technology is actively being pushed into the mainstream linux
  kernel. It provides the resource management through the control groups  aka
  process containers and resource isolation through the namespaces.

  The  linux  containers, lxc, aims to use these new functionalities to pro-
  vide a userspace container object which provides full  resource  isolation
  and resource control for an applications or a system.

  The first objective of this project is to make the life easier for the ker-
  nel developers involved in the containers project and  especially  to  con-
  tinue  working  on  the  Checkpoint/Restart  new features. The lxc is small
  enough to easily manage a container with simple command lines and  complete
  enough to be used for other purposes.

Using lxc:

  Refer the lxc* man pages (generated from doc/* files)

Downloading the current source code:

  Source for the latest released version can always be downloaded from
  http://linuxcontainers.org/downloads/

  You can browse the up to the minute source code and change history online.
  http://github.com/lxc/lxc

  For detailed build instruction refer to INSTALL and man lxc man page
  but a short command line should work:
  ./autogen.sh && ./configure && make && sudo make install
  preceded by ./autogen.sh if configure do not exist yet.

Troubleshooting:

  If you get an error message at the autogen.sh or configure stage, make
  sure you have, autoconf, automake, pkg-config, make and gcc installed on
  your machine.

  The configure script will usually give you hints as to what you are missing,
  looking for those in your package manager will usually give you the package
  that you need to install.

  Also pay a close attention to the feature summary showed at the end of
  the configure run, features are automatically enabled/disabled based on
  whether the needed development packages are installed on your machine.
  If you want a feature but don't know what to install, force it with
  --enable-<feature> and look at the error message from configure.

Getting help:

  when you find you need help, you can check out one of the two
  lxc mailing list archives and register if interested:
  http://lists.linuxcontainers.org/listinfo/lxc-devel
  http://lists.linuxcontainers.org/listinfo/lxc-users

Portability:

  lxc  is  still  in  development, so the command syntax and the API can
  change. The version 1.0.0 will be the frozen version.

  lxc is developed and tested on Linux since kernel mainline version 2.6.27
  (without network) and 2.6.29 with network isolation.
  It's compiled with gcc, and should work on most architectures as long as the
  required kernel features are available. This includes (but isn't limited to):
  i686, x86_64, ppc, ppc64, S390, armel and armhf.

AUTHOR
       Daniel Lezcano <daniel.lezcano@free.fr>

Seccomp with LXC
----------------

To restrict a container with seccomp, you must specify a profile which is
basically a whitelist of system calls it may execute.  In the container
config file, add a line like

lxc.seccomp = /var/lib/lxc/q1/seccomp.full

I created a usable (but basically worthless) seccomp.full file using

cat > seccomp.full << EOF
1
whitelist
EOF
for i in `seq 0 300`; do
    echo $i >> seccomp.full
done
for i in `seq 1024 1079`; do
    echo $i >> seccomp.full
done

 -- Serge Hallyn <serge.hallyn@ubuntu.com>  Fri, 27 Jul 2012 15:47:02 +0600