Michel Normand [Fri, 13 Nov 2009 10:48:29 +0000 (11:48 +0100)]
lxc: add a new lxc.mount.entry keyword
The purpose of this new keyword is to save in main config file
all the lines of a provided fstab file.
This will ultimately replace the the lxc.mount keyword
when lxc scripts will use the new keyword.
Warning: I did not validated this patch
in all conditions of provided malformed input string.
Signed-off-by: Michel Normand <michel_mno@laposte.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 13 Nov 2009 10:48:29 +0000 (11:48 +0100)]
Replace create/destroy by a script
The simplification of the container configuration makes
pointless to have so much complexity in the container creation.
Let's remove that and replace by some scripts.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcaon [Fri, 13 Nov 2009 10:48:29 +0000 (11:48 +0100)]
Allows a container to run without previous creation
When a container was created, its configuration is used.
When a container was not created, the configuration specified in
the command line is used, if not configuration file is used,
default values are used.
That allows to create 'volatile' container, like tmp files.
It is useful for example to spawn different container with the
same generic configuration file. That let the user to have its own
repository of configuration files.
And, more important, that fix temporary created container with
lxc-execute to be not deleted when the host crash or the command
is killed.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Andrian Nord [Wed, 4 Nov 2009 13:03:44 +0000 (14:03 +0100)]
configure.ac - allow user to switch off/on documentation generation
Andrian Nord <NightNord@gmail.com>:
>> > > As documentation requires docbook2man to be installed, which is not,
>> > > otherwise, required for proper LXC work or compilation process, it
>> > > might be usefull to be able to switch it off.
Michel Normand <normand@fr.ibm.com>:
> > For me, it is Ok to add a --enable/disable/-doc,
> > but not make configure to fail if no option specified
> > and no docbook2man package.
> >
> > For me it should be optionnal.
> > I like the current behaviour where configure is running without option
> > and is enabling/disabling by itself the doc building.
> > Could you send a new patch with this idea ?
Andrian Nord <NightNord@gmail.com>:
Of course. You mean, that you what default behaviour to remain
auto-detection? That is:
--enable-doc: require docbook2man or fail, generate mans
--enable-doc=auto, or not specified (default): check for docbook2man,
generate mans if found, silently ignore if not found (I suppose
diagnostic message is redundant, as information already contains into
./configure --help)
--disable-doc: never check for docbook2man and don't gen mans
Here comes a patch what do this, as far as I see
(I'm sorry for violating post-rules in previous mail, now I'll do all
right, I hope. Should I attach patch anyway, as it might be usefull
for applying?)
Signed-off-by: Andrian Nord <NightNord@gmail.com> Acked-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 22 Oct 2009 13:33:40 +0000 (15:33 +0200)]
use config.h to define the lxcpath and co
Instead of passing the LXCPATH definition in the compiler
command line, use configure.ac to define the value in the config.h
file and include this file where it is needed.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 22 Oct 2009 13:33:40 +0000 (15:33 +0200)]
remove test directory
These tests are not relevant now. It would be better to write
some real test cases with some script using the lxc cli in order
to check non regression.
I remove these annoying tests I have to port each time a function
prototype is changed.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Wed, 7 Oct 2009 14:06:09 +0000 (16:06 +0200)]
make container to die when parent dies
When the parent of the first process dies, the container stays there
making very difficuly to track it and to kill. We have to use the
lxc-ps --lxc and kill the processes, hoping we kill the init process
of the container. That's not a big deal until we have thousand of
processes in the container :)
We want to keep the parent of the container init always there, this
process is responsible to manage the container, provide tty, notify
the container changing states and ensure self exclusion (eg. avoid
to launch several containers with the same name).
If this process dies, we consider that as a fatal error and we make
the child process to die too. This patch will just add the prctl to
to send a SIGKILL to the container init process when its parent exits
For the point of view of the pid namespace, when the init process dies
all the processes of the namespace are killed too.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Wed, 7 Oct 2009 14:06:09 +0000 (16:06 +0200)]
Simplify the mainloop
The number of fds passed to epoll is just a hint for the kernel.
In our case, we know this is often 2, let's remove this parameter
from lxc_mainloop_open and cleanup the code around the caller of
this function.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Wed, 7 Oct 2009 14:06:09 +0000 (16:06 +0200)]
returns a specific info when we have ECONNREFUSED
When a command can not be send because the connection is refused,
that means the container is stopped. Let's report this specific
case instead of raising an error.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Michel Normand <normand@fr.ibm.com>
Daniel Lezcano [Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)]
handle the stop command
Handle the stop command. The stop command waits for the peer to
disconnect, that means the peer has exited, so it is safe to
return to the user control. By this way, we ensure a stop command
followed by a start or a destroy won't fail with a race condition
because the start command is not yet finised.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Michel Normand <normand@fr.ibm.com>
Michel Normand [Wed, 7 Oct 2009 14:06:08 +0000 (16:06 +0200)]
local struct name changed in mainloop.c
Two files have each their own structure definition with the same
name. The types name don't conflict but in the name of sanity, let's
rename these structures.
not critical isn't it :)
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Wed, 7 Oct 2009 08:05:39 +0000 (10:05 +0200)]
keep rcfile for lxc-execute as already done for lxc-create
The code previously added in lxc-create with
commit d7efa8fcbf0911f93c83dc06a708e7d73833dce3
is also required in lxc-execute.
So make this code common for the two callers.
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Jiri Slaby [Tue, 18 Aug 2009 21:28:42 +0000 (23:28 +0200)]
lxc build fix for Suse
Hi,
I have to use the attached patch to allow lxc building in the SUSE build
system. It uses as-needed flag and build thus fails, since -lutil is not
at the appropriate place on the command line.
js
suse labs
Signed-off-by: Jiri Slaby <jslaby@suse.cz> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Ship the manpages in the source tarball made by 'make dist', and clean
them up only during the 'make maintainer-clean' step. This allows
distributions not to depend on docbook at lxc build time, because the
manpages are already there.
Also update the configure warning message to sound less scary.
Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Mon, 20 Jul 2009 15:57:31 +0000 (17:57 +0200)]
fix closed fd when they are inherited
This patch fix a problem with the commit d983b93c3ad860fa22ef760ae27a944d6000e35a
When the lxc daemonize, it closes fd 0, 1 and 2. But these ones are coming from
inherited fd and they are already in the inherited list of fd. When lxc creates
some file descriptors, they have the number of the previous inherited file
descriptor, so they are closed when we close all the inherited file descriptors.
In order to fix that, the lxc_close_inherited_fd function has been implemented
to close an inherited fd and remove it from the list.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Thu, 16 Jul 2009 14:38:15 +0000 (16:38 +0200)]
Remove the a previous cgroup
As a previous run may have created a cgroup but died unexpectedly,
the cgroup can be still there when we try to launch the container
again with the same name. This patch removes the directory if it is
present, if this one is not owned by caller or it is in use (that should
not happen), the rmdir will fail with the corresponding errno.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Wed, 15 Jul 2009 21:48:22 +0000 (23:48 +0200)]
lxc-start should not hold inheritited fds
This patch makes the intermediate lxc processes to close the
inherited file descriptor. The child process will inherit these fd
in any case and that will be up to it to handle them.
Signed-off-by: Michel Normand <normand@fr.ibm.com>
Daniel Lezcano [Mon, 13 Jul 2009 21:12:10 +0000 (23:12 +0200)]
detect a cgroup named 'lxc'
This patch makes lxc to detect a specific cgroup dedicated to lxc
which is mounted with the lxc name. That allows to mount different
cgroup in different places with different options (aka subsystems)
and assign one to be used by lxc. If no such mount point is found,
the first cgroup mount point is used.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Michel Normand [Mon, 13 Jul 2009 21:12:09 +0000 (23:12 +0200)]
lxc-execute or lxc-start to fail if cgroup not mounted
Before this patch a container was able to be started
without mounted cgroup. (only a warning was logged)
But the lxc-ps is using the /proc/<pid>/cgroup to identify
the lxc container in which pid is running.
So to be consistent between all lxc command I force an error
if cgroup is not mounted at time of lxc-execute or lxc-start.
Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
Daniel Lezcano [Fri, 10 Jul 2009 06:58:27 +0000 (08:58 +0200)]
create the lxc directory with lxc-setcap
There are several cases:
* we run the lxc-create as root, the @path@/var/lib/lxc will be created
* we run the lxc-create as non-root, the creation of the directory will
fail with "permission denied", so we should call lxc-setcap before
* we run lxc-setcap (always as root), we create the directory and set
the permission for everyone.
Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>
I am trying to run LXC on the CentOS 5.3 and the Linux kernel 2.6.30.
I found a problem with running the rpmbuild command. The error message
is shown below:
projects / thirdparty / lxc.git / log
