]> git.ipfire.org Git - thirdparty/lxc.git/log
thirdparty/lxc.git
9 years agoDon't try to change aa label if we are already apparmor-confined
Serge Hallyn [Mon, 4 Jan 2016 21:20:06 +0000 (21:20 +0000)] 
Don't try to change aa label if we are already apparmor-confined

Closes #1459

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoMerge pull request #743 from tw4452852/buffer_overflow
Stéphane Graber [Mon, 4 Jan 2016 18:09:34 +0000 (13:09 -0500)] 
Merge pull request #743 from tw4452852/buffer_overflow

fix buffer overflow in ifaddrs.c

9 years agoMerge pull request #739 from shindo/fix/python-lxc/pyos-afterfork
Stéphane Graber [Mon, 4 Jan 2016 18:05:59 +0000 (13:05 -0500)] 
Merge pull request #739 from shindo/fix/python-lxc/pyos-afterfork

python-lxc: Call PyOS_AfterFork after attaching to a container

9 years agoMerge pull request #746 from ar45/fix_debian_systemd_getty
Stéphane Graber [Mon, 4 Jan 2016 18:05:04 +0000 (13:05 -0500)] 
Merge pull request #746 from ar45/fix_debian_systemd_getty

Fix #520 - multiple instances of agetty on systemd.

9 years agoNULL pointer deference if nlmsg_reserve() returns NULL for ifi
Wim Coekaerts [Tue, 29 Dec 2015 06:25:58 +0000 (22:25 -0800)] 
NULL pointer deference if nlmsg_reserve() returns NULL for ifi

nlmsg_reserve() might return NULL

        if (nlmsg_len + tlen > nlmsg->cap)
                return NULL;

Also set err = -ENOMEM where appropriate

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agodoc: Improve man pages
KATOH Yasufumi [Mon, 28 Dec 2015 09:55:24 +0000 (18:55 +0900)] 
doc: Improve man pages

* Add long options if not be written
* Remove optional tags in OPTIONS section

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add LXC_SRC_NAME to lxc.container.conf(5)
KATOH Yasufumi [Mon, 28 Dec 2015 09:48:56 +0000 (18:48 +0900)] 
doc: Add LXC_SRC_NAME to lxc.container.conf(5)

only add to English and Japanese docs.

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agonetwork.c:is_wlan() File Leak f
Wim Coekaerts [Tue, 29 Dec 2015 06:23:47 +0000 (22:23 -0800)] 
network.c:is_wlan() File Leak f

network.c:is_wlan() File Leak f f initialized at line 156 with fopen f
leaks when fopen(path, r) != NULL at line 156 and physname == NULL at
line 163.

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agocriu.c: protect from buffer overrun of version in fscanf()
Wim Coekaerts [Sun, 27 Dec 2015 17:29:10 +0000 (09:29 -0800)] 
criu.c: protect from buffer overrun of version in fscanf()

while highly unlikely to happen...
char version[1024];

fscanf(.. %[1024] .., version  );

should leave room for null termination

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoImprove the help of lxc-create
KATOH Yasufumi [Thu, 24 Dec 2015 06:03:39 +0000 (15:03 +0900)] 
Improve the help of lxc-create

* remove unavailable options (-w, -r)
* remove overlapped option (-P)
* classify options according to bdev type

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoDocumenting valueless lxc.cap.drop behaviour
Marko Hauptvogel [Sun, 3 Jan 2016 22:20:47 +0000 (23:20 +0100)] 
Documenting valueless lxc.cap.drop behaviour

From b24b0e16848fbb93402a08efa3950cd59272b8da Mon Sep 17 00:00:00 2001
From: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Date: Sun, 3 Jan 2016 23:07:19 +0100
Subject: [PATCH] Documenting valueless lxc.cap.drop behaviour

Undocummented behaviour since 7d0eb87.

Signed-off-by: Marko Hauptvogel <marko.hauptvogel@googlemail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoAdd support for Linux for SPARC distribution host and template
Wim Coekaerts [Tue, 22 Dec 2015 22:25:00 +0000 (14:25 -0800)] 
Add support for Linux for SPARC distribution host and template

Linux for SPARC is a free community Linux distribution for SPARC hosted by Oracle. See : https://oss.oracle.com/projects/linux-sparc

While the distribution is based on Oracle Linux it does have some differences and since it's not actually Oracle Linux I decided to add a separate template rather than having the Oracle Linux template also support Linux for SPARC.

This patch adds the lxc-template for Linux for SPARC and it also adds Linux for SPARC in the configure.ac as a distribution target to build.

Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoFix #520 - multiple instances of agetty on systemd. 746/head
Aron Podrigal [Fri, 1 Jan 2016 02:04:42 +0000 (21:04 -0500)] 
Fix #520 - multiple instances of agetty on systemd.

Fixes issue with double tty login lxc-console
Ref #520, #484

Signed-off-by: Aron Podrigal <aronp@guaranteedplus.com>
9 years agofix buffer overflow in ifaddrs.c 743/head
tw19881113@gmail.com [Wed, 30 Dec 2015 07:24:43 +0000 (15:24 +0800)] 
fix buffer overflow in ifaddrs.c

jenkins: ok to test

Signed-off-by: Tw <tw19881113@gmail.com>
9 years agoMerge pull request #734 from brauner/2015-12-12/split_bdev_into_modules
Serge Hallyn [Mon, 28 Dec 2015 22:38:25 +0000 (14:38 -0800)] 
Merge pull request #734 from brauner/2015-12-12/split_bdev_into_modules

split bdev into modules: btrfs + rsync

9 years agoAdd <linux/types.h> header to lxcbtrfs.h
Christian Brauner [Mon, 21 Dec 2015 10:38:30 +0000 (11:38 +0100)] 
Add <linux/types.h> header to lxcbtrfs.h

Using

#include <sys/types.h>

is not sufficient to guarantee that __le64 and other types are defined.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSimplify overlay.{c,h}
Christian Brauner [Thu, 17 Dec 2015 23:26:14 +0000 (00:26 +0100)] 
Simplify overlay.{c,h}

The struct

struct ovl_rsync_data {
struct bdev *orig;
struct bdev *new;
};

is simply a duplicate of

struct rsync_data {
struct bdev *orig;
struct bdev *new;
};

So let's replace any references to ovl_rsync_data with rsync_data.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSplit bdev into modules: lxcrsync
Christian Brauner [Thu, 17 Dec 2015 23:24:32 +0000 (00:24 +0100)] 
Split bdev into modules: lxcrsync

The functions:

        - do_rsync();
        - rsync_delta();
        - rsync_delta_wrapper();
        - rsync_rootfs();
        - rsync_rootfs_wrapper();

and the structs

        - struct rsync_data;
        - struct rsync_data_char;

move from bdev.{c,h} to lxcrsync.{c.h}. All functions previously declared as
static become public.

lxcrsync.{c,h} should allow for a reasonable amount of abstraction regarding
our rsync functions. Some of the functions could easily be abstracted.

Adapt Makefile.am to include lxcrsync.{c,h}.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agolxcbtrfs.{c,h} rework declarations and definitions
Christian Brauner [Thu, 17 Dec 2015 20:14:30 +0000 (21:14 +0100)] 
lxcbtrfs.{c,h} rework declarations and definitions

Declare

- btrfs_same_fs();
- btrfs_snapshot();

extern instead of static in lxcbtrfs.h. They are defined in lxcbtrfs.c.

Forward declare/put

- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */

as incomplete types in lxcbtrfs.h so that functions declared and defined in
lxcbtrfs.{c,h} have access to it.

Declare

- dir_new_path();

in lxcbtrfs.c. It is defined in lxccontainer.c.

Move definition of struct

- struct rsync_data_char;

from bdev.c to bdev.h because the functions in lxcbtrfs.{c,h} need to access it.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSplit bdev into modules: btrfs
Christian Brauner [Thu, 17 Dec 2015 19:14:58 +0000 (20:14 +0100)] 
Split bdev into modules: btrfs

Create a module for btrfs: lxcbtrfs.{c,h}.

The functions:

- get_btrfs_subvol_path()
- btrfs_list_get_path_rootid()
- is_btrfs_fs()
- btrfs_detect()
- btrfs_mount()
- btrfs_umount()
- btrfs_subvolume_create()
- btrfs_same_fs()
- btrfs_snapshot()
- btrfs_snapshot_wrapper()
- btrfs_clonepaths()
- btrfs_do_destroy_subvol()
- get_btrfs_tree_idx()
- my_btrfs_tree *create_my_btrfs_tree()
- update_tree_node()
- add_btrfs_tree_node()
- free_btrfs_tree()
- do_remove_btrfs_children()
- btrfs_recursive_destroy()
- btrfs_try_remove_subvol()
- btrfs_destroy()
- btrfs_create()

and the structs:

- struct mytree_node
- struct my_btrfs_tree

move from bdev.{c,h} to lxcbtrfs.{c,h}.

Rename the header file

- lxc-btrfs.h --> lxcbtrfs.h

Adapt Makefile.am to include lxcbtrfs.{c,h} and remove lxc-btrfs.h.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoAdd <linux/types.h> header to lxcbtrfs.h 734/head
Christian Brauner [Mon, 21 Dec 2015 10:38:30 +0000 (11:38 +0100)] 
Add <linux/types.h> header to lxcbtrfs.h

Using

#include <sys/types.h>

is not sufficient to guarantee that __le64 and other types are defined.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSimplify overlay.{c,h}
Christian Brauner [Thu, 17 Dec 2015 23:26:14 +0000 (00:26 +0100)] 
Simplify overlay.{c,h}

The struct

struct ovl_rsync_data {
struct bdev *orig;
struct bdev *new;
};

is simply a duplicate of

struct rsync_data {
struct bdev *orig;
struct bdev *new;
};

So let's replace any references to ovl_rsync_data with rsync_data.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSplit bdev into modules: lxcrsync
Christian Brauner [Thu, 17 Dec 2015 23:24:32 +0000 (00:24 +0100)] 
Split bdev into modules: lxcrsync

The functions:

        - do_rsync();
        - rsync_delta();
        - rsync_delta_wrapper();
        - rsync_rootfs();
        - rsync_rootfs_wrapper();

and the structs

        - struct rsync_data;
        - struct rsync_data_char;

move from bdev.{c,h} to lxcrsync.{c.h}. All functions previously declared as
static become public.

lxcrsync.{c,h} should allow for a reasonable amount of abstraction regarding
our rsync functions. Some of the functions could easily be abstracted.

Adapt Makefile.am to include lxcrsync.{c,h}.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agolxcbtrfs.{c,h} rework declarations and definitions
Christian Brauner [Thu, 17 Dec 2015 20:14:30 +0000 (21:14 +0100)] 
lxcbtrfs.{c,h} rework declarations and definitions

Declare

- btrfs_same_fs();
- btrfs_snapshot();

extern instead of static in lxcbtrfs.h. They are defined in lxcbtrfs.c.

Forward declare/put

- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */

as incomplete types in lxcbtrfs.h so that functions declared and defined in
lxcbtrfs.{c,h} have access to it.

Declare

- dir_new_path();

in lxcbtrfs.c. It is defined in lxccontainer.c.

Move definition of struct

- struct rsync_data_char;

from bdev.c to bdev.h because the functions in lxcbtrfs.{c,h} need to access it.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSplit bdev into modules: btrfs
Christian Brauner [Thu, 17 Dec 2015 19:14:58 +0000 (20:14 +0100)] 
Split bdev into modules: btrfs

Create a module for btrfs: lxcbtrfs.{c,h}.

The functions:

- get_btrfs_subvol_path()
- btrfs_list_get_path_rootid()
- is_btrfs_fs()
- btrfs_detect()
- btrfs_mount()
- btrfs_umount()
- btrfs_subvolume_create()
- btrfs_same_fs()
- btrfs_snapshot()
- btrfs_snapshot_wrapper()
- btrfs_clonepaths()
- btrfs_do_destroy_subvol()
- get_btrfs_tree_idx()
- my_btrfs_tree *create_my_btrfs_tree()
- update_tree_node()
- add_btrfs_tree_node()
- free_btrfs_tree()
- do_remove_btrfs_children()
- btrfs_recursive_destroy()
- btrfs_try_remove_subvol()
- btrfs_destroy()
- btrfs_create()

and the structs:

- struct mytree_node
- struct my_btrfs_tree

move from bdev.{c,h} to lxcbtrfs.{c,h}.

Rename the header file

- lxc-btrfs.h --> lxcbtrfs.h

Adapt Makefile.am to include lxcbtrfs.{c,h} and remove lxc-btrfs.h.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agopython-lxc: Call PyOS_AfterFork after attaching to a container 739/head
Danil Osherov [Thu, 24 Dec 2015 13:54:19 +0000 (16:54 +0300)] 
python-lxc: Call PyOS_AfterFork after attaching to a container

As lxc_attach() calls fork() PyOS_AfterFork should be called in the new
process if the Python interpreter will continue to be used.

Signed-off-by: Danil Osherov <shindo@yandex-team.ru>
9 years agoMerge pull request #738 from ec-m/ec-m_lxc-ls
Serge Hallyn [Wed, 23 Dec 2015 22:36:23 +0000 (14:36 -0800)] 
Merge pull request #738 from ec-m/ec-m_lxc-ls

Fix swap calculation (#737)

9 years agoFix swap calculation 738/head
Eva Charlotte Mayer [Wed, 23 Dec 2015 12:15:26 +0000 (13:15 +0100)] 
Fix swap calculation

Signed-off-by: Eva Charlotte Mayer <eva-charlotte.mayer@posteo.de>
9 years agochange version to 2.0.0.beta1 in configure.ac lxc-2.0.0.beta1
Stéphane Graber [Mon, 21 Dec 2015 17:52:33 +0000 (12:52 -0500)] 
change version to 2.0.0.beta1 in configure.ac

Note that LXC 2.0 remains backward compatible with 1.0, so the ABI
version is 1.2, not 2.0.

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add 'rbd' to the parameter of backingstore in Japanese lxc-create(1)
KATOH Yasufumi [Tue, 15 Dec 2015 11:07:10 +0000 (20:07 +0900)] 
doc: Add 'rbd' to the parameter of backingstore in Japanese lxc-create(1)

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add 'rbd' to the parameter of backingstore in Korean lxc-create(1)
Sungbae Yoo [Tue, 15 Dec 2015 09:47:25 +0000 (09:47 +0000)] 
doc: Add 'rbd' to the parameter of backingstore in Korean lxc-create(1)

Update for commit 60656b3

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add lxc.monitor.unshare to Korean lxc.container.conf(5)
Sungbae Yoo [Mon, 14 Dec 2015 06:20:46 +0000 (06:20 +0000)] 
doc: Add lxc.monitor.unshare to Korean lxc.container.conf(5)

Update for commit a8dfe4e and 6039eaa

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoc/r: bump criu patchlevel for --lsm-profile
Tycho Andersen [Fri, 11 Dec 2015 23:21:54 +0000 (16:21 -0700)] 
c/r: bump criu patchlevel for --lsm-profile

This option is only available in recent master of criu, so let's require
that since we're using it.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoc/r: use --lsm-profile if provided
Tycho Andersen [Fri, 11 Dec 2015 23:21:53 +0000 (16:21 -0700)] 
c/r: use --lsm-profile if provided

Since we can rename a container on a migrate, let's tell CRIU to use the
LSM profile name the user has specified. This change is motivated by LXD,
which sets an LSM profile name based on the container name, so if a user
changes the name of a container during migration, the old profile name
(that criu has saved) won't exist on the new host.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoMerge pull request #724 from brauner/2015-12-12/split_bdev_into_modules
Serge Hallyn [Mon, 21 Dec 2015 03:28:43 +0000 (19:28 -0800)] 
Merge pull request #724 from brauner/2015-12-12/split_bdev_into_modules

split bdev into modules

9 years agoMove remaining overlay helpers to overlay.{c,h} 724/head
Christian Brauner [Tue, 15 Dec 2015 14:19:08 +0000 (15:19 +0100)] 
Move remaining overlay helpers to overlay.{c,h}

Move
- ovl_get_rootfs_dir()
- mount_entry_create_overlay_dirs()

from conf.h to overlay.{c,h} where they belong.

Rename
- mount_entry_create_overlay_dirs() --> ovl_mkdir()

in accordance with the ovl_ prefix naming scheme for types and functions
associated with overlay.

Take the chance to add whitespace between operators where missing.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoUnify naming for overlay types & functions
Christian Brauner [Sun, 13 Dec 2015 18:44:09 +0000 (19:44 +0100)] 
Unify naming for overlay types & functions

Use ovl_ as prefix for types and functions.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoAdapt #includes for bdev.h to bdev/bdev.h
Christian Brauner [Sat, 12 Dec 2015 22:21:55 +0000 (23:21 +0100)] 
Adapt #includes for bdev.h to bdev/bdev.h

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoSplit bdev into modules: overlay
Christian Brauner [Sat, 12 Dec 2015 21:48:33 +0000 (22:48 +0100)] 
Split bdev into modules: overlay

With this commit we start to split bdev.{c,h} into modules located in the
subfolder bdev. We start by creating a module for overlay: overlay.{c,h}.

- The functions:

- overlayfs_detect()
- overlayfs_mount()
- overlayfs_umount()
- overlayfs_clonepaths()
- overlayfs_destroy()
- overlayfs_create()

  move from bdev.{c,h} to overlay.{c,h}. The only thing that remains in bdev.c
  is the static definition of

- static const struct bdev_ops overlayfs_ops

- The functions:

- update_ovl_paths()
- overlay_getlower()

  move from lxccontainer.c to overlay.{c,h}. update_ovl_paths() is used to
  update absolute paths for overlay lxc.mount.entry entries but it seems to fit
  more here than into lxccontainer.c.
  The Function overlay_getlower() is used to extract the lower directory for
  overlay (and aufs) rootfs. It should at some point become a common helper.

- The functions:

- do_rsync()
- dir_new_path()

   remain in bdev.c for now but become extern. We declare them extern in
   overlay.c to be able to call them. As the comment to them correctly notices,
   they should at some point become common helpers and probably move to
   utils.{c,h} or some other more appropriate place.

- The structs:

- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */

  are forward declared/put as incomplete types in overlay.h so that the
  functions have access to it.

- The header overlay.h is *not* included in bdev.h but only in bdev.c so that
  when bdev.h is included the public functions in overlay.h cannot be accessed,
  i.e. if an implementation wants to call functions from overlay.h they need to
  explicitly include it. (As is e.g. done in the case of lxccontainer.c.)

- The header

- lxc-btrfs.h

  also moves to the bdev subfolder.

- Adapt Makefile.am to the new bdev layout.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
9 years agoMerge pull request #727 from fanyeren/patch-17
Stéphane Graber [Tue, 15 Dec 2015 15:59:54 +0000 (10:59 -0500)] 
Merge pull request #727 from fanyeren/patch-17

lxc-top: print new line after flush terminal

9 years agoMerge pull request #719 from liqiu/li-dev2
Stéphane Graber [Tue, 15 Dec 2015 15:56:12 +0000 (10:56 -0500)] 
Merge pull request #719 from liqiu/li-dev2

Return immediately in save_phys_nics if not run as root

9 years agoMerge pull request #721 from armcc/master
Stéphane Graber [Tue, 15 Dec 2015 15:54:53 +0000 (10:54 -0500)] 
Merge pull request #721 from armcc/master

lxc-checkconfig: remove zgrep dependency

9 years agoRefactoring conditional directives.
Wesley M [Tue, 15 Dec 2015 15:47:22 +0000 (10:47 -0500)] 
Refactoring conditional directives.

Signed-off-by: Wesley Marques <wesleymr.27@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agolxc-top: print new line after flush terminal 727/head
fanyeren [Tue, 15 Dec 2015 08:11:38 +0000 (16:11 +0800)] 
lxc-top: print new line after flush terminal

I think this is a common feature for top-like programs.

Signed-off-by: feng xiahou xiahoufeng@yahoo.com
9 years agolxc-checkconfig: remove zgrep dependency 721/head
Andre McCurdy [Fri, 11 Dec 2015 20:35:55 +0000 (12:35 -0800)] 
lxc-checkconfig: remove zgrep dependency

zgrep is a script provided by the 'gzip' package, which may not be
installed on embedded systems etc which use busybox instead of the
standard full-featured utilities.

Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
9 years agoMerge pull request #670 from ksperis/master
Stéphane Graber [Tue, 15 Dec 2015 05:36:02 +0000 (00:36 -0500)] 
Merge pull request #670 from ksperis/master

Add Ceph RBD backingstore.

9 years agoFix mkdir error if it already exist 670/head
Laurent Barbe [Sun, 13 Dec 2015 21:31:42 +0000 (22:31 +0100)] 
Fix mkdir error if it already exist

Signed-off-by: Laurent Barbe <laurent@ksperis.com>
9 years agoFix API break on bdev_specs
Laurent Barbe [Sun, 13 Dec 2015 21:30:30 +0000 (22:30 +0100)] 
Fix API break on bdev_specs

Signed-off-by: Laurent Barbe <laurent@ksperis.com>
9 years agoFix alloca size in rbd_destroy
Laurent Barbe [Wed, 14 Oct 2015 07:52:50 +0000 (09:52 +0200)] 
Fix alloca size in rbd_destroy

Signed-off-by: Laurent Barbe <laurent@ksperis.com>
9 years agodoc: Add 'rbd' to the parameter of backingstore in lxc-create(1)
Laurent Barbe [Mon, 5 Oct 2015 19:58:24 +0000 (21:58 +0200)] 
doc: Add 'rbd' to the parameter of backingstore in lxc-create(1)

Signed-off-by: Laurent Barbe <laurent@ksperis.com>
9 years agoAdd Ceph RBD backingstore
Laurent Barbe [Fri, 2 Oct 2015 10:45:14 +0000 (12:45 +0200)] 
Add Ceph RBD backingstore

With lxc-create, this will create, map and mount a Rados blockdevice.
A valid ceph.conf and ceph.client.admin.keyring is needed in /etc/ceph/
RBD mapping is not manage on reboot.

Signed-off-by: Laurent Barbe <laurent@ksperis.com>
9 years agoReturn immediately in save_phys_nics if not run as root 719/head
Li Qiu [Fri, 11 Dec 2015 05:54:10 +0000 (07:54 +0200)] 
Return immediately in save_phys_nics if not run as root
Physical nic is not instantiated in lxc_create_network

Signed-off-by: Li Qiu <li.qiu@nomovok.com>
9 years agoAdd concise explanations
Christian Brauner [Thu, 10 Dec 2015 04:26:18 +0000 (05:26 +0100)] 
Add concise explanations

- explain functions in list.h
- let lxc_list_len() return size_t instead of int

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoAdd lxc-copy to gitignore
Stéphane Graber [Fri, 11 Dec 2015 06:14:34 +0000 (01:14 -0500)] 
Add lxc-copy to gitignore

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoFix seccomp profile on attach of undefined container
Stéphane Graber [Thu, 10 Dec 2015 23:58:58 +0000 (18:58 -0500)] 
Fix seccomp profile on attach of undefined container

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge Hallyn <serge.hallyn@canonical.com>
9 years agoMerge pull request #717 from fanyeren/patch-4
Stéphane Graber [Fri, 11 Dec 2015 06:09:22 +0000 (01:09 -0500)] 
Merge pull request #717 from fanyeren/patch-4

lxc-top: limit BLKIO to 14 characters

9 years agolxc-top: limit BLKIO to 14 characters 717/head
fanyeren [Fri, 11 Dec 2015 05:56:24 +0000 (13:56 +0800)] 
lxc-top: limit BLKIO to 14 characters

limit BLKIO columns to 10 characters is too small,i think 14 is a better value

Signed-off-by: feng xiahou xiahoufeng@yahoo.com
9 years agoMerge pull request #716 from fanyeren/patch-15
Stéphane Graber [Fri, 11 Dec 2015 05:32:14 +0000 (00:32 -0500)] 
Merge pull request #716 from fanyeren/patch-15

lxc-top: limit CPU to 8 characters

9 years agolxc-top: limit CPU to 8 characters 716/head
fanyeren [Fri, 11 Dec 2015 05:25:52 +0000 (13:25 +0800)] 
lxc-top: limit CPU to 8 characters

limit CPU columns to 8 characters is too small,i think 12 is a better value

9 years agoAdd LUA api get_ips(), get_interfaces(), rename() functions
Andrey Jr. Melnikov [Thu, 10 Dec 2015 18:08:11 +0000 (13:08 -0500)] 
Add LUA api get_ips(), get_interfaces(), rename() functions

Signed-off-by: Andrey Jr. Melnikov <temnota.am@gmail.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoUpdate get_item test after the lxc.mount.entry fix
Stéphane Graber [Thu, 10 Dec 2015 04:45:26 +0000 (23:45 -0500)] 
Update get_item test after the lxc.mount.entry fix

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoMerge pull request #710 from hnakamur/improve_lxc_copy_japanese_manpage
Stéphane Graber [Thu, 10 Dec 2015 04:03:31 +0000 (23:03 -0500)] 
Merge pull request #710 from hnakamur/improve_lxc_copy_japanese_manpage

Improve the lxc-copy Japanese manpage

9 years agofix 'lxc.mount.entry' key when clearing unexpanded config
Serge Hallyn [Thu, 10 Dec 2015 02:12:41 +0000 (02:12 +0000)] 
fix 'lxc.mount.entry' key when clearing unexpanded config

Closes #712

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoc/r: add more logging when restore fails
Tycho Andersen [Tue, 8 Dec 2015 23:08:11 +0000 (16:08 -0700)] 
c/r: add more logging when restore fails

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoc/r: escape cgroups before exec()ing criu
Tycho Andersen [Tue, 8 Dec 2015 23:08:10 +0000 (16:08 -0700)] 
c/r: escape cgroups before exec()ing criu

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agocgroup: add cgroup_escape() call
Tycho Andersen [Tue, 8 Dec 2015 00:07:05 +0000 (17:07 -0700)] 
cgroup: add cgroup_escape() call

We'll use this in the next patch to escape to the root cgroup before we
exec criu.

v2: s/cgm_connected/cmg_needs_disconnect/g

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoAdd LXC_TARGET env to Korean lxc.container.conf(5)
Sungbae Yoo [Fri, 4 Dec 2015 09:13:45 +0000 (09:13 +0000)] 
Add LXC_TARGET env to Korean lxc.container.conf(5)

Update for commit c154af9

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoAdd support for new target plamo to configure.ac
TAMUKI Shoichi [Wed, 9 Dec 2015 03:23:12 +0000 (12:23 +0900)] 
Add support for new target plamo to configure.ac

Add support for new target plamo to specify the linux distribution.
Plamo Linux uses sysvinit.

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoFold dnsmasq command line in lxc-net.in
TAMUKI Shoichi [Tue, 8 Dec 2015 06:02:47 +0000 (15:02 +0900)] 
Fold dnsmasq command line in lxc-net.in

Fold dnsmasq command line at about 80 chars because the line is too
long.

Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoc/r: remove random line continuations
Tycho Andersen [Mon, 7 Dec 2015 23:51:34 +0000 (16:51 -0700)] 
c/r: remove random line continuations

No idea how these got there, but let's get rid of them since they're weird.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoc/r: add a new ->migrate API call
Tycho Andersen [Mon, 30 Nov 2015 22:14:22 +0000 (15:14 -0700)] 
c/r: add a new ->migrate API call

This patch adds a new ->migrate API call with three commands:

MIGRATE_DUMP: this is basically just ->checkpoint()
MIGRATE_RESTORE: this is just ->restore()
MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the
    container.

A small addition to the (pre-)dump commands is the ability to specify a
previous partial dump directory, so that one can use a pre-dump of a
container.

Finally, this new API call uses a structure to pass options so that it can
be easily extended in the future (e.g. to CRIU's --leave-frozen option in
the future, for potentially smarter failure handling on restore).

v2: remember to flip the return code for legacy ->checkpoint and ->restore
    calls

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoc/r: bump criu version requirements
Tycho Andersen [Wed, 2 Dec 2015 21:30:53 +0000 (14:30 -0700)] 
c/r: bump criu version requirements

Since we're relying on 1.8 for the seccomp stuff, let's refuse to use
anything lower than that.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoapi wrapper: only reset the current config if this call set it
Tycho Andersen [Wed, 2 Dec 2015 21:30:52 +0000 (14:30 -0700)] 
api wrapper: only reset the current config if this call set it

Instead of *always* resetting the current_config to null, we should only
reset it if this API call set it.

This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into
criu.c, which can call c->init_pid() and not lose the ability to log stuff
afterwards.

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoprune_init_cgroup: don't dereference NULL
Serge Hallyn [Sat, 5 Dec 2015 00:24:55 +0000 (18:24 -0600)] 
prune_init_cgroup: don't dereference NULL

This is to avoid:

https://errors.ubuntu.com/problem/d640a68bf7343705899d7ca8c6bc070d477cd845

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
9 years agoImprove the lxc-copy Japanese manpage 710/head
Hiroaki Nakamura [Fri, 4 Dec 2015 16:04:08 +0000 (01:04 +0900)] 
Improve the lxc-copy Japanese manpage

Signed-off-by: Hiroaki Nakamura <hnakamur@gmail.com>
9 years agodoc: Add lxc.monitor.unshare to lxc.container.conf(5)
KATOH Yasufumi [Thu, 3 Dec 2015 11:48:18 +0000 (20:48 +0900)] 
doc: Add lxc.monitor.unshare to lxc.container.conf(5)

Update for commit a8dfe4e and 6039eaa

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoAdd LXC_TARGET env to Japanese lxc.container.conf(5)
KATOH Yasufumi [Thu, 3 Dec 2015 09:55:57 +0000 (18:55 +0900)] 
Add LXC_TARGET env to Japanese lxc.container.conf(5)

Update for commit c154af9

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add Japanese manpage for lxc-copy
KATOH Yasufumi [Thu, 3 Dec 2015 09:13:41 +0000 (18:13 +0900)] 
doc: Add Japanese manpage for lxc-copy

Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoConditional compilation for ARM and PPC
Christian Brauner [Thu, 3 Dec 2015 18:24:40 +0000 (19:24 +0100)] 
Conditional compilation for ARM and PPC

Check if symbols SCMP_ARCH_ARM and SCMP_ARCH_PPC are defined.

Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoseccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64
Serge Hallyn [Wed, 2 Dec 2015 22:42:36 +0000 (22:42 +0000)] 
seccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64

Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.

Do that also for ppc64 and arm64.  This allows seccomp-protected armhf
containers to run on arm64.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoapparmor: support lxc.aa_profile = unchanged
Serge Hallyn [Wed, 25 Nov 2015 20:45:08 +0000 (20:45 +0000)] 
apparmor: support lxc.aa_profile = unchanged

In which case lxc will not update the apparmor profile at all.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agodoc: Add Korean manpage for lxc-copy
Sungbae Yoo [Thu, 19 Nov 2015 03:10:25 +0000 (12:10 +0900)] 
doc: Add Korean manpage for lxc-copy

Update for commit 2b47bac

Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agolxc: let lxc-start support wlan phys
fli [Tue, 1 Dec 2015 11:17:29 +0000 (19:17 +0800)] 
lxc: let lxc-start support wlan phys

The commit: e5848d395cb <netdev_move_by_index: support wlan> only
made netdev_move_by_name support wlan, instead of netdev_move_by_index.

Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
to let lxc-start support wlan phys.

Signed-off-by: fupan li <fupan.li@windriver.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agodoc: lxc.monitor.unshare requires CAP_SYS_ADMIN
Wolfgang Bumiller [Wed, 2 Dec 2015 08:03:59 +0000 (09:03 +0100)] 
doc: lxc.monitor.unshare requires CAP_SYS_ADMIN

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoAdded lxc.monitor.unshare
Wolfgang Bumiller [Mon, 30 Nov 2015 07:58:53 +0000 (08:58 +0100)] 
Added lxc.monitor.unshare

If manual mounting with elevated permissions is required
this can currently only be done in pre-start hooks or before
starting LXC. In both cases the mounts would appear in the
host's namespace.
With this flag the namespace is unshared before the startup
sequence, so that mounts performed in the pre-start hook
don't show up on the host.

Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agolog: use the right size for timestamp formatting
Tycho Andersen [Tue, 1 Dec 2015 15:59:30 +0000 (08:59 -0700)] 
log: use the right size for timestamp formatting

v2: get rid of extra debug crap

Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoExport LXC_TARGET env variable in stop hook
Stéphane Graber [Thu, 3 Dec 2015 05:52:58 +0000 (00:52 -0500)] 
Export LXC_TARGET env variable in stop hook

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agodebian: Fix container creation on missing cache
Stéphane Graber [Fri, 20 Nov 2015 05:34:09 +0000 (00:34 -0500)] 
debian: Fix container creation on missing cache

This is currently breaking our daily image builds which happen in a
perfectly clean environment without a Debian keyring and without
anything in /var/cache/lxc

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
9 years agoMerge pull request #702 from hallyn/2015-11-17/comment
Stéphane Graber [Wed, 18 Nov 2015 05:18:54 +0000 (00:18 -0500)] 
Merge pull request #702 from hallyn/2015-11-17/comment

lxc_container struct: add comment about moving member fns

9 years agoMerge pull request #700 from hallyn/2015-11-17/preserve_ns.2
Stéphane Graber [Wed, 18 Nov 2015 05:18:24 +0000 (00:18 -0500)] 
Merge pull request #700 from hallyn/2015-11-17/preserve_ns.2

Better handle preserve_ns behavior

9 years agolxc_container struct: add comment about moving member fns 702/head
Serge Hallyn [Wed, 18 Nov 2015 05:05:37 +0000 (23:05 -0600)] 
lxc_container struct: add comment about moving member fns

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
9 years agoAdd getsubopt implementation for Android
Stéphane Graber [Wed, 18 Nov 2015 01:37:10 +0000 (20:37 -0500)] 
Add getsubopt implementation for Android

Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>
Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
9 years agoMerge pull request #701 from hallyn/fixunexp
Stéphane Graber [Tue, 17 Nov 2015 23:02:10 +0000 (18:02 -0500)] 
Merge pull request #701 from hallyn/fixunexp

lxcapi_clone: restore the unexpanded config len

9 years agolxcapi_clone: restore the unexpanded config len 701/head
Serge Hallyn [Tue, 17 Nov 2015 21:05:05 +0000 (15:05 -0600)] 
lxcapi_clone: restore the unexpanded config len

Otherwise it gets shortened with the temporary len but never
restored - which will only break API users which do a clone
then continue to use the original container, meaning this is
a hard one to detect.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
9 years agoRevert "seccomp: handle inverted arch"
Serge Hallyn [Tue, 17 Nov 2015 20:01:04 +0000 (14:01 -0600)] 
Revert "seccomp: handle inverted arch"

It breaks container starts.

This reverts commit 473ebc77d6762c2ec49fe59983dabc04f695fd01.

9 years agoBetter handle preserve_ns behavior 700/head
Serge Hallyn [Tue, 17 Nov 2015 18:59:05 +0000 (12:59 -0600)] 
Better handle preserve_ns behavior

Commit b6b2b194a8 preserves the container's namespaces for
possible later use in stop hook.  But some kernels don't have
/proc/pid/ns/ns for all the namespaces we may be interested in.
So warn but continue if this is the case.

Implement stgraber's suggested semantics.

 - User requests some namespaces be preserved:
    - If /proc/self/ns is missing => fail (saying kernel misses setns)
    - If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>)
 - User doesn't request some namespaces be preserved:
    - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue
    - If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
9 years agoMerge pull request #692 from fwilson42/master
Stéphane Graber [Tue, 17 Nov 2015 16:43:56 +0000 (11:43 -0500)] 
Merge pull request #692 from fwilson42/master

lxc-ls: use /usr/bin/env to find an appropriate python3 to run

9 years agoMerge pull request #693 from hsoft/debian-keyring
Stéphane Graber [Tue, 17 Nov 2015 16:43:19 +0000 (11:43 -0500)] 
Merge pull request #693 from hsoft/debian-keyring

Fetch Debian archive GPG keyrings when they're not available

9 years agoMerge pull request #697 from hallyn/2015-11-12/seccomp
Stéphane Graber [Tue, 17 Nov 2015 16:42:14 +0000 (11:42 -0500)] 
Merge pull request #697 from hallyn/2015-11-12/seccomp

seccomp: handle inverted arch

9 years agoclone: clear the rootfs out of unexpanded config
Serge Hallyn [Wed, 11 Nov 2015 17:13:25 +0000 (17:13 +0000)] 
clone: clear the rootfs out of unexpanded config

Closes #694

When we start cloning container c1 to c2, we first save c1's
configuration in c2's as a starting point.  We long ago cleared
out the lxc.rootfs entry before saving it, so that if we are
killed before we update the rootfs, c2's rootfs doesn't point
to c1's.  Because then lxc-destroy -n c2 would delete c1's rootfs.

But when we introduced the unexpanded_config, we didn't update
this code to clear the rootfs out of the unexpanded_config, which
is what now actually gets saved in write_config().

Do so.

Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Acked-by: Stéphane Graber <stgraber@ubuntu.com>