| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
| |
commit 985d15b106c8959ff130ba5425c2abbe36dc2cca "fix fdleak and errors
in lxc_create_tty()" created a zero-sized malloc(), causing memory
corruption. use config->tty like all the other code does.
Signed-off-by: Sven Wegener <sven.wegener@stealer.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If you're running (by mistake or typo) (via lxc-start) container that does not
exists it will run with lxc.rootfs=/, meaning that /sbin/init will
restart initialization procedure, efficiently messing host's system,
that may lead to unpredictable results or even destroy (make inaccessible) host
system (by reseting network configuration or something like that).
(Actually, it _did_ destroy system of everyone who tested this).
Actually, I finally lost any meaning of having such a feature for
full-system containers. You may not use hosts's FS - it's described at
above. You may not use some temporary directory - that's nonsense.
This patch forbinds starting container via lxc-start without rcfile and
custom start program, but probably it fixes only small part of problem.
I really don't see much sense in such a feature without ability of
overriding 'default' setting with command line switches. Anyway, default
behaviour should be as save as possible.
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The rcfile is parsed in the lxc_start function. This is not the place
to do that. Let's the caller to do that.
In the meantime, we have the lxc_conf structure filled right before
calling the lxc_start function so we can do some sanity check on the
configuration to not break the system when we launch the container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Currently we allocate veth device with random name on host side,
so that things like firewall rules or accounting does not work
at all. Fix this by recognizing yet anothe keyword to specify
the host-side device name: lxc.network.pair, and use it instead
of random name if specified.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
Fix bad name parameter in the lxc-ps man page.
Signed-off-by: Michel Normand <michel.mno@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
this state is reported when the lxc-freeze command
was issued on the container.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
if, for some reason, openpty() fails, lxc_create_tty() will
leak all previous ptys and leave the config structure in a
inconsistent state (wrt the number of ptys actually opened)
Fix that by explicitly closing all previously opened ptys
in case of failure and by setting number of actually opened
ttys after actual open
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
| |
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
| |
The configuration examples have been moved to doc/lxc/examples.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Ensure that lxc.netdev.link is specified for macvlan interfaces,
since it's required.
While at it, simplify logic in instanciate_macvlan():
remove unnecessary-complicating goto statements (we only
need to perform a cleanup in one place)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
| |
Before, a veth device pair required a link which was treated as
a bridge device. Code crashed if there was no lxc.network.link
specified. Fix that by allowing lxc.network.link to be unset
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
The container will be a directory where the user can store everything,
so we create one directory and store a configuration file inside.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the previous modifications, a temporary directory is created
to mount the rootfs in order to have the system container to remount
itself the '/' directory.
But in case of daemonize, we change the directory, so when the rootfs
is specified with a relative path, we can not access it.
Don't chdir, as that will be done automatically later in the chroot
setup.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
| |
Update the man pages regarding the different modifications.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
Change Checkpoint / Restart API
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
Remove checkpoint / restart dead code.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
Display the 'rcfile' value on error
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
| |
A mindless change to encapsulate a little more the function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
| |
in confile.c we currently have a ton of functions each doing
the same thing. Clean them up by providing common routines
to do the main work.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct lxc_netdev is used to hold information from cnfig file
about a network device/configuration. Make the fields of this
structure to be named similarily with the config file keywords,
namely:
s/ifname/link/ - host-side link for the device (bridge or eth0)
s/newname/name/ - container-side ifname
It is insane to have completely different names in config file
and in structure/variable names :)
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
Update the man pages regarding the modifications around the
configuration option, volatile containers and new configuration
file format.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
This function will be needed for the restart function.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
add capabilities for lxc-checkpoint
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
This is not required immidiately but may be used by other init.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
The command specifies a configuration file => use it
The command does not specify a configuration but the container
was created before, use the configuration.
The command does not specify a configuration and the container
was not created before, use default.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
Typo ;)
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Instead of doing I/O one-byte-at-a-time in lxc_console,
which is slow, let's do it in batches. Only for output
(from container to the host system), since input is most
likely one-byte-at-a-time anyway (from a keyboard).
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I noticed that container's consoles aren't quite useable
(be it lxc-console or lxc-start with getty bound to /dev/console).
The main problem is a complete lack of window resizing support:
when I resize an xterm window with lxc-start or lxc-console, the
"guest" does not know about that and continues to think that the
terminal is 80x25 still.
Is it just a lack of functionality (missing implementation) or
something problematic?
Ok, the attached patch fixes this.
It moves the 'master' variable out of main function so it's
accessible from the signal handler, sets up SIGWINCH handler
to call a (newly created) winsz() function that gets the
current tty size using TIOCGWINSZ ioctl and if that works,
sets up the pty size using TIOCSWINSZ. That same function
is called at the start as well, when setting up the signal
handler.
Signed-off-By: Michael Tokarev <mjt@tls.msk.ru>
Signed-off-By: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Maybe it will be more logical to keep configs into /etc/lxc/?
Or, maybe, just use --with-config-path=/some/path switch into configure,
which could be overridden as user wants to? Something like this one (in
assumption, that this is up to user to create corresponding directory):
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
<lxc/lxc.h> should only include what is needed. This patch removes
all useless headers from lxc.h and fixed other .c files.
Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
without this correction, unable to create a container with a configuration file.
This is a side effect of commit 488624016575d092d56211347b2bbe8367cd339a
Signed-off-by: Michel Normand <michel.mno@free.fr>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recent changes around the configuration tree broke the current
implementation of the lxc-netstat.
Instead of retrieving the init_pid in the /var/lxc/<name>/...,
pick one in the cgroup tasks list.
There is still a restriction with this command making impossible
to run it as non-root, any idea is welcome :(
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Patch moves etc/* contents into doc/examples/ and adds
--disable-examples configure switch which may be used not to install
examples. Default is to install them into ${docdir}/examples (commonly:
/usr/share/doc/lxc/examples)
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
| |
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
This script do not use extract fstab (as done by lxc-debian)
so there is no reason to set the lxc.mount key in config file.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Signed-off-by: Michel Normand <michel_mno@laposte.net>
|
|
|
|
|
|
|
| |
Fix script to not add a fstab file.
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The purpose of this new keyword is to save in main config file
all the lines of a provided fstab file.
This will ultimately replace the the lxc.mount keyword
when lxc scripts will use the new keyword.
Warning: I did not validated this patch
in all conditions of provided malformed input string.
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
in today's code lxc-start to not stop if setup_cgroup is detecting an error
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
lxc should not save in config generated file the name of an
empty file if no additionnal mount point specified by user.
Signed-off-by: Michel Normand <michel_mno@laposte.net>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
The simplification of the container configuration makes
pointless to have so much complexity in the container creation.
Let's remove that and replace by some scripts.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a container was created, its configuration is used.
When a container was not created, the configuration specified in
the command line is used, if not configuration file is used,
default values are used.
That allows to create 'volatile' container, like tmp files.
It is useful for example to spawn different container with the
same generic configuration file. That let the user to have its own
repository of configuration files.
And, more important, that fix temporary created container with
lxc-execute to be not deleted when the host crash or the command
is killed.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix compile failure
commit 884866b3c305f1edd74c9ea7f082d009a86f3fd5 introduces a compile
failure,
make[3]: *** No rule to make target `lock.c', needed by `liblxc_so-lock.o'. Stop.
make[3]: Leaving directory `/home/dhaval/work/lxc/lxc/src/lxc'
make[2]: *** [all-recursive] Error 1
make[2]: Leaving directory `/home/dhaval/work/lxc/lxc/src'
make[1]: *** [all] Error 2
make[1]: Leaving directory `/home/dhaval/work/lxc/lxc/src'
make: *** [all-recursive] Error 1
Remove those entries from the Makefile
Signed-off-by: Dhaval Giani <dhaval@linux.vnet.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
| |
Fix a typo making the abstract af_unix socket name to be wrong.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
The lock is no longer needed as the mutual exclusion and
'is running' check is done via the af_unix command socket.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
| |
The log api may be used by an external component which needs to
access these functions.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
| |
Hi Daniel and all,
The rpmbuild command fails due to an unnecessary *.a entry in the %file list.
This patch removes it from the lxc.spec file.
Signed-off-by: Ryousei Takano <takano-ryousei@aist.go.jp>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
| |
Greetings, I've found a small typo into src/lxc/conf.c that leads to
nulled prefix for ipv6 addresses.
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
| |
I changed the code to have lxc version to reflect the
string set in AC_INIT of configure.ac
rather than to report only the 3 first digits
update: use PACKAGE_VERSION in place of VERSION
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Andrian Nord <NightNord@gmail.com>:
>> > > As documentation requires docbook2man to be installed, which is not,
>> > > otherwise, required for proper LXC work or compilation process, it
>> > > might be usefull to be able to switch it off.
Michel Normand <normand@fr.ibm.com>:
> > For me, it is Ok to add a --enable/disable/-doc,
> > but not make configure to fail if no option specified
> > and no docbook2man package.
> >
> > For me it should be optionnal.
> > I like the current behaviour where configure is running without option
> > and is enabling/disabling by itself the doc building.
> > Could you send a new patch with this idea ?
Andrian Nord <NightNord@gmail.com>:
Of course. You mean, that you what default behaviour to remain
auto-detection? That is:
--enable-doc: require docbook2man or fail, generate mans
--enable-doc=auto, or not specified (default): check for docbook2man,
generate mans if found, silently ignore if not found (I suppose
diagnostic message is redundant, as information already contains into
./configure --help)
--disable-doc: never check for docbook2man and don't gen mans
Here comes a patch what do this, as far as I see
(I'm sorry for violating post-rules in previous mail, now I'll do all
right, I hope. Should I attach patch anyway, as it might be usefull
for applying?)
Signed-off-by: Andrian Nord <NightNord@gmail.com>
Acked-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|
|
|
|
|
|
|
|
|
| |
this is a side effect of my previous patch
that removed the LXCPATH/name/nsgroup file.
9f44c57836626d8eb16c7bba4a5f5d88db74df01
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
|