Wim Coekaerts [Tue, 22 Dec 2015 22:25:00 +0000 (14:25 -0800)]
Add support for Linux for SPARC distribution host and template
Linux for SPARC is a free community Linux distribution for SPARC hosted by Oracle. See : https://oss.oracle.com/projects/linux-sparc
While the distribution is based on Oracle Linux it does have some differences and since it's not actually Oracle Linux I decided to add a separate template rather than having the Oracle Linux template also support Linux for SPARC.
This patch adds the lxc-template for Linux for SPARC and it also adds Linux for SPARC in the configure.ac as a distribution target to build.
Tycho Andersen [Fri, 11 Dec 2015 23:21:53 +0000 (16:21 -0700)]
c/r: use --lsm-profile if provided
Since we can rename a container on a migrate, let's tell CRIU to use the
LSM profile name the user has specified. This change is motivated by LXD,
which sets an LSM profile name based on the container name, so if a user
changes the name of a container during migration, the old profile name
(that criu has saved) won't exist on the new host.
move from bdev.{c,h} to overlay.{c,h}. The only thing that remains in bdev.c
is the static definition of
- static const struct bdev_ops overlayfs_ops
- The functions:
- update_ovl_paths()
- overlay_getlower()
move from lxccontainer.c to overlay.{c,h}. update_ovl_paths() is used to
update absolute paths for overlay lxc.mount.entry entries but it seems to fit
more here than into lxccontainer.c.
The Function overlay_getlower() is used to extract the lower directory for
overlay (and aufs) rootfs. It should at some point become a common helper.
- The functions:
- do_rsync()
- dir_new_path()
remain in bdev.c for now but become extern. We declare them extern in
overlay.c to be able to call them. As the comment to them correctly notices,
they should at some point become common helpers and probably move to
utils.{c,h} or some other more appropriate place.
- The structs:
- struct bdev; /* defined in bdev.h */
- struct bdev_specs; /* defined in lxccontainer.h */
- struct lxc_conf; /* defined conf.h */
are forward declared/put as incomplete types in overlay.h so that the
functions have access to it.
- The header overlay.h is *not* included in bdev.h but only in bdev.c so that
when bdev.h is included the public functions in overlay.h cannot be accessed,
i.e. if an implementation wants to call functions from overlay.h they need to
explicitly include it. (As is e.g. done in the case of lxccontainer.c.)
- The header
- lxc-btrfs.h
also moves to the bdev subfolder.
- Adapt Makefile.am to the new bdev layout.
Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>
Andre McCurdy [Fri, 11 Dec 2015 20:35:55 +0000 (12:35 -0800)]
lxc-checkconfig: remove zgrep dependency
zgrep is a script provided by the 'gzip' package, which may not be
installed on embedded systems etc which use busybox instead of the
standard full-featured utilities.
Signed-off-by: Andre McCurdy <armccurdy@gmail.com>
Laurent Barbe [Fri, 2 Oct 2015 10:45:14 +0000 (12:45 +0200)]
Add Ceph RBD backingstore
With lxc-create, this will create, map and mount a Rados blockdevice.
A valid ceph.conf and ceph.client.admin.keyring is needed in /etc/ceph/
RBD mapping is not manage on reboot.
Tycho Andersen [Mon, 30 Nov 2015 22:14:22 +0000 (15:14 -0700)]
c/r: add a new ->migrate API call
This patch adds a new ->migrate API call with three commands:
MIGRATE_DUMP: this is basically just ->checkpoint()
MIGRATE_RESTORE: this is just ->restore()
MIGRATE_PRE_DUMP: this can be used to invoke criu's pre-dump command on the
container.
A small addition to the (pre-)dump commands is the ability to specify a
previous partial dump directory, so that one can use a pre-dump of a
container.
Finally, this new API call uses a structure to pass options so that it can
be easily extended in the future (e.g. to CRIU's --leave-frozen option in
the future, for potentially smarter failure handling on restore).
v2: remember to flip the return code for legacy ->checkpoint and ->restore
calls
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Tycho Andersen [Wed, 2 Dec 2015 21:30:52 +0000 (14:30 -0700)]
api wrapper: only reset the current config if this call set it
Instead of *always* resetting the current_config to null, we should only
reset it if this API call set it.
This allows nesting of API calls, e.g. c->checkpoint() can pass stuff into
criu.c, which can call c->init_pid() and not lose the ability to log stuff
afterwards.
Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Wed, 2 Dec 2015 22:42:36 +0000 (22:42 +0000)]
seccomp: support 32-bit arm on arm64, and 32-bit ppc on ppc64
Generally we enforce that a [arch] seccomp section can only be used on [arch].
However, on amd64 we allow [i386] sections for i386 containers, and there we
also take [all] sections and apply them for both 32- and 64-bit.
Do that also for ppc64 and arm64. This allows seccomp-protected armhf
containers to run on arm64.
fli [Tue, 1 Dec 2015 11:17:29 +0000 (19:17 +0800)]
lxc: let lxc-start support wlan phys
The commit: e5848d395cb <netdev_move_by_index: support wlan> only
made netdev_move_by_name support wlan, instead of netdev_move_by_index.
Given netdev_move_by_name is a wrapper of netdev_move_by_index, so here
replacing all of the call to lxc_netdev_move_by_index with lxc_netdev_move_by_name
to let lxc-start support wlan phys.
Signed-off-by: fupan li <fupan.li@windriver.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
If manual mounting with elevated permissions is required
this can currently only be done in pre-start hooks or before
starting LXC. In both cases the mounts would appear in the
host's namespace.
With this flag the namespace is unshared before the startup
sequence, so that mounts performed in the pre-start hook
don't show up on the host.
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 20 Nov 2015 05:34:09 +0000 (00:34 -0500)]
debian: Fix container creation on missing cache
This is currently breaking our daily image builds which happen in a
perfectly clean environment without a Debian keyring and without
anything in /var/cache/lxc
Serge Hallyn [Tue, 17 Nov 2015 21:05:05 +0000 (15:05 -0600)]
lxcapi_clone: restore the unexpanded config len
Otherwise it gets shortened with the temporary len but never
restored - which will only break API users which do a clone
then continue to use the original container, meaning this is
a hard one to detect.
Serge Hallyn [Tue, 17 Nov 2015 18:59:05 +0000 (12:59 -0600)]
Better handle preserve_ns behavior
Commit b6b2b194a8 preserves the container's namespaces for
possible later use in stop hook. But some kernels don't have
/proc/pid/ns/ns for all the namespaces we may be interested in.
So warn but continue if this is the case.
Implement stgraber's suggested semantics.
- User requests some namespaces be preserved:
- If /proc/self/ns is missing => fail (saying kernel misses setns)
- If /proc/self/ns/<namespace> entry is missing => fail (saying kernel misses setns for <namespace>)
- User doesn't request some namespaces be preserved:
- If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue
- If /proc/self/ns/<namespace> entry is missing => log an INFO message (kernel misses setns for <namespace>) and continue
Serge Hallyn [Wed, 11 Nov 2015 17:13:25 +0000 (17:13 +0000)]
clone: clear the rootfs out of unexpanded config
Closes #694
When we start cloning container c1 to c2, we first save c1's
configuration in c2's as a starting point. We long ago cleared
out the lxc.rootfs entry before saving it, so that if we are
killed before we update the rootfs, c2's rootfs doesn't point
to c1's. Because then lxc-destroy -n c2 would delete c1's rootfs.
But when we introduced the unexpanded_config, we didn't update
this code to clear the rootfs out of the unexpanded_config, which
is what now actually gets saved in write_config().
When we create a random container directory with mkdtemp() we set the mode to
0770 otherwise do_lxcapi_clone() will complain about not being able to create
the config.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
When the clone failed we tried to destroy the container. This will lead to a
segfault. Instead simply return -1. Also move the call to free_mnts() after the
put label to free the user specified mounts even when we just goto put.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
This is a complete reimplementation of lxc-clone and lxc-start-ephemeral.
lxc-copy merges the functionalities of lxc-clone + lxc-start-ephemeral.
(1) Cloning containers:
(a) as copy:
lxc-copy -n aa -N bb
(b) as snapshot:
lxc-copy -n aa -N bb -s
(2) Renaming containers:
lxc-copy -n aa -N bb -R
(3) Starting ephemeral containers:
Ephemeral containers are created and started by passing the flag -e /
--ephemeral. Whenever this flag is missing a copy of the container is created.
The flag -e / --ephemeral implies -s / --snapshot.
(a) start ephemeral container daemonized with random name:
lxc-copy -n aa -e
(b) start ephemeral container in foreground mode with random name:
lxc-copy -n aa -e -F
(c) start ephemeral container with specified name in daemonized mode:
Analogous to lxc-start ephemeral containers start in daemonized
mode per default:
lxc-copy -n aa -N bb -e
One can however also explicitly pass -d / --daemon:
lxc-copy -n aa -N bb -e -d
but both commands are equivalent.
(d) start non-ephemeral container in daemonized mode:
lxc-copy -n aa -D -e
(e) start ephemeral container in daemonized mode and keep the original
hostname:
lxc-copy -n aa -K -e
(f) start ephemeral container in daemonized mode and keep the
MAC-address of the original container:
lxc-copy -n aa -M -e
(g) start ephemeral container with custom mounts (additional mounts can
be of type {bind,aufs,overlay}) in daemonized mode:
lxc-copy -n aa -e -m bind=/src:/dest:ro,aufs=/src:/dest,overlay=/src:/dest
(4) Other options:
lxc-copy --help
In order to create a random containername and random upper- and workdirs for
custom mounts we use mkdtemp() to not just create the names but also directly
create the corresponding directories. This will be safer and make the code
considerably shorter.
Signed-off-by: Christian Brauner <christianvanbrauner@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
projects / thirdparty / lxc.git / log
