Sidnei da Silva [Mon, 19 Aug 2013 22:34:19 +0000 (19:34 -0300)]
Add a --thinpool argument to lxc-create, to use thin pool backed lvm when creating the container. When cloning a container backed by a thin pool, the clone will default to the same thin pool.
Dwight Engen [Fri, 18 Oct 2013 18:31:53 +0000 (14:31 -0400)]
use proper config item depending on which lsm is enabled
On a system with AppArmor enabled, if lxc.se_context is configured but
lxc.aa_profile is not (because the user just wants to use the default
AppArmor profile) lxc was passing the lxc.se_context to be set as the
new AppArmor profile. Determine which configuration item to use based
on which lsm is enabled.
Stéphane Graber [Fri, 18 Oct 2013 17:27:46 +0000 (13:27 -0400)]
lxc-start-ephemeral: Fix broken mount logic
This reworks the mount logic for lxc-start-ephemeral to be as follow:
- Any real (non-bind) entry gets copied to the target fstab
- Any bind-mount from a virtual fs gets copied to the target fstab
- Any remaining bind-mount if confirmed to be valid gets setup as an
overlay.
Extra bind-mounts passed through the -b option are mounted by the
pre-mount script and don't need processing by the fstab generator.
Serge Hallyn [Fri, 18 Oct 2013 15:31:27 +0000 (10:31 -0500)]
parse.c: don't print error message on callback rv > 0
A callback return value < 0 means there was an error, so print
out an error message. But a rv > 0 is used by the mount_unknown_fs
functions to say "we found the one we want, stop here."
Document this, and only print an error message if rv < 0. Otherwise,
lxc-create -B lvm --fstype ext3 -t ubuntu -n u1
will print an (innocuous) error message about being unable to parse
the config value 'ext3'.
This fix is coming from Debian bug:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122
The reason for the hardcoded gid= and mode= is because of the fix for
CVE-2013-2207 which removes pt_chown from glibc and so requires proper
write access to devpts.
It looks like the "tty" group is guaranteed to be gid=5 on at least all
RedHat based and Debian based systems. So this hardcode gid shouldn't be
a big problem. If we however support any distro where that's not the
case, we'll need to implement an extra lxc.conf option and matching
template changes.
Stéphane Graber [Tue, 15 Oct 2013 15:17:55 +0000 (11:17 -0400)]
Make 'make dist' match git content
This fixes a few obvious issues when comparing the make dist output with
the git tree.
- Make all templates non-executable in git
- Remove unused files:
- src/lxc/list.c (empty, only includes the list.h header)
- src/lxc/lxc-destroy.in (replace by lxc_destroy.c)
- Add missing files to dist tarball:
- src/python-lxc/examples/pyconsole.py
- src/python-lxc/examples/pyconsole-vte.py
- Mark all the python API tests executable
- Mark lxc-test-ubuntu executable
Serge Hallyn [Fri, 11 Oct 2013 15:44:39 +0000 (10:44 -0500)]
define list container api (v2)
Two new commands are defined: list_defined_containers() and
list_active_containers(). Both take an lxcpath (NULL means
use the default lxcpath) and return the number of containers
found. If a lxc_container ** is passed in, then an array of
lxc_container's is returned, one for each container found.
The caller must then lxc_container_put() each container and
free the array, as shown in the new list testcase.
If a char ** is passed in, then an array of container names
is returned, after which the caller must free all the names
and the name array, as showsn in the testcase.
Changelog:
Check for the container config file before trying to
create an lxc_container *, to save some work. [ per
stgraber comments]
Add names ** argument to return only container names.
Dwight Engen [Thu, 10 Oct 2013 16:59:04 +0000 (12:59 -0400)]
fix clone prototype
gcc was complaining with:
reboot.c:33: error: conflicting types for ‘clone’
/usr/include/bits/sched.h:83: note: previous declaration of ‘clone’ was here
KATOH Yasufumi [Wed, 9 Oct 2013 10:00:32 +0000 (19:00 +0900)]
template: Add Plamo Linux template
This template allows to create Plamo Linux container on Plamo
Linux. Plamo Linux is Japanese distribution, which is originally based
on Slackware Linux.
Dwight Engen [Tue, 8 Oct 2013 16:22:57 +0000 (12:22 -0400)]
ensure gnutls is initialized before use
Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:
lxc-create: Libgcrypt warning: missing initialization -
please fix the application
Scott Moser [Tue, 8 Oct 2013 00:41:23 +0000 (20:41 -0400)]
lxc-ubuntu-cloud: pass --numeric-owner and -p to untar
Just following up here, Serge raised the question of whether or not the
other two invocations of 'tar' in this script need '--numeric-owner'.
They probably should have it, although its of little concern because the
'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for
download, and the only supported ubuntu release without the -root.tar.gz
download is 10.04 at this point.
Anyway, below is a more complete diff, also including a fix as
'--numeric-uid' is not a valid option to tar. The name is
'--numeric-owner'.
Signed-off-by: Scott Moser <smoser@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>
Dwight Engen [Fri, 4 Oct 2013 17:45:59 +0000 (13:45 -0400)]
always include the ja manpage sources in make dist
These need to be in the dist tarball even if the host packaging system
doesn't have docbook2x, otherwise configure will fail to find them. Also,
the build system may have docbook2x, even if the packaging system does not.
Dwight Engen [Fri, 4 Oct 2013 17:46:05 +0000 (13:46 -0400)]
fix errors when using docbook2man
docbook2man picks up some errors that docbook2x does not, fixing them
isn't harmful to docbook2x. The only real change is adding <para> and
<citerefentry> tags.
This patches the Fedora template to insure that the legacy network
startup scripts are enabled when NetworkManager has not been installed
in the container (default).
It also fixes a login problem with pam_loginuid.so in a container.
https://bugzilla.redhat.com/show_bug.cgi?id=966807
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com>
-- Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Stéphane Graber [Fri, 4 Oct 2013 02:41:59 +0000 (22:41 -0400)]
lxc-ubuntu: Remove trim option
Container trimming is a bad idea in general, Ubuntu since 12.04 allows
standard systems to run in containers and we've got separate code to
deal with 10.04, so let's just drop trim.
templates/lxc-fedora Rework for distro independence.
This patch reworks the Fedora template to operate in the most "distro
agnostic" manner possible. It should even run on distros where rpm and
yum are not present and not available or may be incompatible. It
depends on the most basic set of system facilities like rsync but does
require squashfs support also be available to mount a LiveOS runtime.
Based on comments at Linux Plumbers, what I had been referring to as a
"run time environment" or RTE has been renamed in the code to refer to
it as a "bootstrap". It has been tested on Fedora (of course),
OpenSuse, Ubuntu, and Oracle (latest host versions of each) building
Fedora containers of F19 back through F9. Varying levels of database
problems were encountered from F11 and back and are "will not fix" due
to versions being long EOL. F15 and F16 build but do not run "out of
the box" due to systemd version issues and those are also "will not fix"
for the same reasons.
Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Serge Hallyn [Thu, 3 Oct 2013 03:30:31 +0000 (22:30 -0500)]
add basic lxc-test-ubuntu (v3)
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
changelog v3:
Make sure to only read one ip address from container.
Stéphane Graber [Wed, 2 Oct 2013 22:25:37 +0000 (18:25 -0400)]
Improve behaviour for unprivileged users
This mostly changes two things:
- Only log to the container's logfile on start/stop/restart/execute
- Call may_control() every time we use the API and return
"Insufficient privileges" on failure.
NOTE: I didn't test every single one of those but I'm fairly confident
in my copy/paste abilities and I confirmed they all build fine at least.
- When doing the selinux change, I noticed that there was a lot of
duplication of code in handing string configuration items, so I
refactored this into a common function.
- Added a config_string_max that can be passed a maximum acceptable
length, used to limit ttydir to NAME_MAX.
- The behavior of config_seccomp was different than other strings: if the
item was already defined, then the second attempt to set it would fail
instead of just replacing the value. Changed to just replace the value.
- Remove unused key and lxc_conf arguments to config_path_item().
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
The original rationale for this was to make sure that if
lxcpath was /home/serge/lxcbase, then then lockdir
(/run/user/serge/lock/lxc/home/serge/lxcbase) would be
owned by the same user as /home/serge/lxcbase.
The only user who can chown to other uids (without CAP_CHOWN
added to fP) is root, who shouldn't be mucking with non-root
owned containers anyway. In the meantime this causes a bunch
of noise for arguably no benefit.
This is an api function which will return false if the container
is running, and the caller may not talk to its monitor over its
command socket. Otherwise - if the container is not running, or
the caller may access it - it returns true.
We can use this in several tools early on to prevent the segvs
etc which we currently get.
Christian Seiler [Tue, 24 Sep 2013 20:45:08 +0000 (22:45 +0200)]
Automatic mounting: add more ways to mount the cgroup filesystem
This adds quite a few more ways to mount the cgroup filesystem
automatically:
- Specify ro/rw/mixed:
- ro: everything mounted read-only
- rw: everything mounted read-write
- mixed: only container's own cgroup is rw, rest ro
(default)
- Add cgroup-full that mounts the entire cgroup tree to the
corresponding directories. ro/rw/mixed also apply here.
Signed-off-by: Christian Seiler <christian@iwakd.de> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
Christian Seiler [Tue, 24 Sep 2013 20:45:06 +0000 (22:45 +0200)]
Automatic mounts: improvements for /proc and /sys
Improve lxc.mount.auto code: allow the user to specify whether to mount
certain things read-only or read-write. Also make the code much more
easily extensible for the future.
Signed-off-by: Christian Seiler <christian@iwakd.de> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>
- change get_template_path() to only return NULL or non-NULL since one of
the callers was doing a free(-1) which caused the segfault. Handle the
NULL template case in the lxcapi_create() caller.
- make sure to free(tpath) in the sha1sum_file() failure case
Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>
refactor AppArmor into LSM backend, add SELinux support
Currently, a maximum of one LSM within LXC will be initialized and
used. If in the future stacked LSMs become a reality, we can support it
without changing the configuration syntax and add support for more than
a single LSM at a time to the lsm code.
Generic LXC code should note that lsm_process_label_set() will take
effect "now" for AppArmor, and upon exec() for SELinux.
- fix Oracle template mounting of proc and sysfs, needed when using SELinux
This one's easier to review by looking at the before and after files. It
splits up lxc_cgroup_load_meta2() by adding 3 helpers.
The result seems easier to reason about. A question I had, is, should
the kernel_subsystems ** be freed in the success case? I assumed it was
being used elsewhere but I can't find where. Currently it is only being
freed in the error case. I suspect we want to free it in the success
case as well.
projects / thirdparty / lxc.git / log
