If sys/signalfd.h does not exist, assume that it does not exist
in glibc, rather than that it exists without a corresponding
header file. Note that this version of the signalfd() wrapper
function (unlike the version in glibc) falls back dynamically to
the old signalfd system call if the signalfd4 system call is not
implemented in the currently-running kernel; the version in glibc
chooses the version of the signalfd system call to make via static
build-time configuration.
Signed-off-by: Michael K Johnson <johnsonm@rpath.com> Signed-off-by: Daniel Lezcnao <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: Add username and uid lookup/check.
Add the ability to lookup usernames and check uids. Bails out early if the given
uid/name does not exist and avoids using atoi() (which is bad because we can't
tell if it parsed an int or a pumpkin).
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: Handle missing PR_CAPBSET_DROP definition
On distros with older headers liblxc fails to build because PR_CAPBSET_DROP is
not defined by including /usr/include/sys/prctl.h. This adds an autoconf
test and, if not present, defines it. When prctl() is called on systems that
do not support PR_CAPBSET_DROP we should expect EINVAL. This case is already
handled by the liblxc code so no further changes are needed.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Matt Helsley [Sun, 8 Mar 2009 16:09:27 +0000 (17:09 +0100)]
liblxc: create a fedore template container
On Mon, 2009-02-09 at 15:43 -0800, Dan Smith wrote:
> DL> It may be possible to use yum like debootstrap for an minbase
> DL> fedora install.
>
> Yep, something like the following should work:
>
> root=/path/to/tmproot
> mkdir -p $root/var/lib/rpm
> rpm --root $root --initdb
> rpm --root $root -Uvfh --nodeps http://fedora.osuosl.org/linux/releases/10/Fedora/i386/os/Packages/fedora-release-10-1.noarch.rpm
> yum --installroot=$root -y groupinstall Base
Looks familiar! ;) I was intrigued by this idea last weekend so I
started such a script. However I only tested it as far as creating a
semi-correct rootfs. With the exception of network configs most of the
configs are still written as for debian. For example I know the selinux
policy enforcement settings need to move, the inittab needs to be
replaced by the proper upstart configs, etc.
Of course it's based heavily on Daniel's excellent lxc-debian script.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 12 Feb 2009 14:47:10 +0000 (14:47 +0000)]
build a set of flags for the different enabled subsystems
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When we want to check if a subsystem is enabled, we look at the
presence of a file/directory in the configuration tree files. That
works until we chroot into the rootfs. Some subsystem should be
preferably setup after the chrootfs, making the code simpler and
easier to read. So before setup the different subsystem, I build a
flags set and reuse it later to check if the subsystem is enabled or
not.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 5 Feb 2009 12:03:47 +0000 (12:03 +0000)]
handle interruption/failure of lxc-debian more gracefully
From: Matt Helsley <matthltc@us.ibm.com>
If lxc-debian fails or is interrupted during debootstrap then the next
invocation of lxc-debian breaks because it only checks for the existence
of the directory. This forces the user to remove the cache by hand to
retry the create step.
Let's allow the user to re-run lxc-debian to resume/retry. Store the
cache in a partial-$ARCH directory until debootstrap succeeds. Then move
the valid cache to its final destination.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 2 Feb 2009 14:50:00 +0000 (14:50 +0000)]
Add signalfd function definition
From: Dietmar Maurer <dietmar@proxmox.com>
The signalfd function prototype and the signalfd header file is not
defined in the debian Lenny. We want to use this debian version with a
newer kernel.
This patch gives the signalfd function prototype, because the function is
available in the glibc-2.7 which is the version coming with debian Lenny.
Signed-off-by: Dietmar Maurer <dietmar@proxmox.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 29 Jan 2009 10:50:28 +0000 (10:50 +0000)]
Complete use of autoconf prefix in lxc-debian
From: Matt Helsley <matthltc@us.ibm.com>
The lxc-debian script does not consistently address the lxc lock as
@LOCALSTATEDIR@/lock/subsys/lxc. Make consistent use of the autotools
substitution to completely enable configure --prefixes.
I also added a comment explaining why some of the paths didn't need
autoconf substitutions for anyone who wants to understand the script.
Also, to separate it from the container contents proper, I moved the
CACHE variable initialization above the container-internal path
variables.
Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 26 Jan 2009 19:43:46 +0000 (19:43 +0000)]
Fixed bad variable type
From: Daniel Lezcano <daniel.lezcano@free.fr>
Fixed the type of the opt variable. On the powerpc architecture, that leads
to an infinite loop in the getopt inspection because getopt returns 255
instead of -1 as expected. The opt variable should be an int and not a char.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Sun, 25 Jan 2009 23:29:24 +0000 (23:29 +0000)]
Check the kernel feature
From: Daniel Lezcano <daniel.lezcano@free.fr>
The virtual devices are automatically destroyed when the network namespace
dies for the kernel version >= 2.6.29. Until this version the network devices
have to be destroyed by lxc. This modification checks the version of the
kernel to make lxc to destroy the network devices or not.
Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 5 Jan 2009 19:19:46 +0000 (19:19 +0000)]
Create the localstatedir when installing the commands
From: Daniel Lezcano <dlezcano@fr.ibm.com>
For some distros (eg. opensuse), when installing with "make install", the
localstatedir is not created. This modification makes this directory to be
created at the install time.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 5 Jan 2009 18:36:23 +0000 (18:36 +0000)]
Add freezer compatibility for older interface
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Different interface exists for the freezer, "RUNNING" or "THAWED" should
be written to the freezer file, so in case "THAWED", we fall back to
"RUNNING". That allows to support older freezer kernel interface for 2.6.27.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Tue, 9 Dec 2008 09:43:15 +0000 (09:43 +0000)]
Enqueue cgroup value in the right order
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Use the list_add_tail function to add the elements at the end of the list
so when the cgroup elements are setup, they will be stored in the file
in the right order.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Fri, 28 Nov 2008 15:36:51 +0000 (15:36 +0000)]
Added a script directory for containers creation helper scripts
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added a directory called 'scripts' where is stored two helpers.
The first one allows to create a mini debian container and the
second one to create a sshd container.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Thu, 27 Nov 2008 22:09:56 +0000 (22:09 +0000)]
Added lxc-debian command
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Added the script lxc-debian to the package.
This command allows to debootstrap a debian minimal and configure a container
to run it. Several debian can be installed by invoking the command with a
different container name.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Wed, 26 Nov 2008 17:34:52 +0000 (17:34 +0000)]
Add the more simple utility to unshare the namespaces.
From: Daniel Lezcano <dlezcano@fr.ibm.com>
lt-lxc-unshare <options> [command]
Options are:
-f : fork and unshare (automatic when unsharing the pids)
-m : unshare the mount points
-p : unshare the pids
-h : unshare the utsname
-i : unshare the sysv ipc
-n : unshare the network
-u <id> : unshare the users and set a new id
if -f or -p is specified, <command> is mandatory)
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Tue, 25 Nov 2008 17:01:56 +0000 (17:01 +0000)]
Add read permission checking for the container
From: Daniel Lezcano <dlezcano@fr.ibm.com>
When an user tries to look at the pids or network information belonging
to a container not owned by the user. The command silently fails, I changed
that to check the read permission, display an error and exit.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Tue, 18 Nov 2008 09:40:05 +0000 (09:40 +0000)]
List the available containers and the processes belonging to such container.
From: Daniel Lezcano <dlezcano@fr.ibm.com>
This modification change the lxc-ps command and adds the lxc-ls command.
The lxc-ps command takes the container name argument and shows the processes
belonging to the specified container. The usual ps argument can be passed to
the lxc-ps to change the output.
Examples:
lxc-ps -n foo --forest
lxc-ps -n foo -o pid=
The lxc-ls command list the container name available on the system. This is
useful to retrieve information for each container.
Examples:
for i in $(lxc-ls); do
lxc-info -n $i
lxc-ps -n $i --forest
done
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
dlezcano [Mon, 17 Nov 2008 16:01:34 +0000 (16:01 +0000)]
Add return error status in the different functions
From: Daniel Lezcano <dlezcano@fr.ibm.com>
Add the most known error to the different API to be followed up by the
caller, so we can later show a better message to the user when something
goes wrong. The error catching is coarse grain right now but will be improved,
step by step.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
projects / thirdparty / lxc.git / log
