This also changes the help exit status of lxc-unshare and lxc-usernsexec. So
far they did exit(EXIT_FAILURE) whereas all other tools do exit(EXIT_SUCCESS).
Let's align them with the rest of the tools. This should be safe to do.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Stéphane Graber [Wed, 17 Aug 2016 19:42:34 +0000 (15:42 -0400)]
Use full GPG fingerprint instead of long IDs.
With how easy it is to create a collision on a short ID nowadays and
given that the user doesn't actually have to remember or manually enter
the key ID, lets just use the full fingerprint from now on.
- Assume that the module name is "overlay" per default and not "overlayfs".
- Assume that the overlay version we are using requires a workdir.
- When we mount an overlay filesystem and we fail with ENODEV retry once with
the module name we haven't already used.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
So far we accidently used close() on the original file descriptor. (After
fdopen() the original fd is considered private and should not be used anymore.
The close operations should be performed on the new file handle. We did the
correct thing on error but not on success.) Using close() on the original fd
caused "Text file busy" errors and prevented the cloned tmpfs container from
starting.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
So far we've simply been using RUNTIME_PATH for the privileged and unprivileged
case. We should actually use XDG_RUNTIME_DIR for the unprivileged case.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
When a container c is on a btrfs filesystem but is directory backed, copying
the container will default to snapshot. This is because of
should_default_to_snapshot() returning true in this case because c is on a
btrfs filesystem. We should make sure that should_default_to_snapshot() only
returns true, when c itself is a btrfs subvolume.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
KATOH Yasufumi [Fri, 12 Aug 2016 08:29:55 +0000 (17:29 +0900)]
doc: Update Japanese lxc-attach(1)
* Add undocumented options (-v/--set-var, --keep-var, -f/--rcfile)
* Change order of option in SYNOPSIS (-L that is placed after "command")
* Add long options in SYNOPSIS
KATOH Yasufumi [Fri, 12 Aug 2016 08:04:15 +0000 (17:04 +0900)]
doc: Update lxc-attach(1)
* Add undocumented options (-v/--set-var, --keep-var, -f/--rcfile)
* Change order of option in SYNOPSIS (-L that is placed after "command")
* Add long options in SYNOPSIS
Otherwise a container with a non-standard configuration file
can be started but not attached to.
Fixes the following case:
# lxc-start -n ct -f /different/path/my.config
# lxc-attach -n ct
Error: container ct is not defined
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
Add a new logger: syslog and Print the VM name in the logs
To activate it specify lxc.syslog = <afacility>
For now the available facilities are: daemon, local[0-7] others will be
rejected
syslog got only activated after the function that checks for inheritance
of fd is passed in order to make sure the syslog fd is not inherited
and prevent the creation of the fd is any log have been issued during
the checks (which would end up in an infinite loop)
Signed-off-by: Fatih ACAR <fatih.acar@gandi.net> Signed-off-by: Ahmed Amamou <ahmed@gandi.net> Signed-off-by: Baptiste Daroussin <bapt@gandi.net> Signed-off-by: William Dauchy <william@gandi.net>
This fixes a double free corruption on container-requested
reboots when lxc_spawn() fails before receiving the ttys, as
lxc_fini() (part of __lxc_start()'s cleanup) calls
lxc_delete_tty().
Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com>
lxc-checkpoint will fail because process createdy by lxc-attach has
incorrect cgroup ns. It needs to use "setns" instead of "unshare"
to set cgroup ns.
bdev/bdev.c: In function 'detect_fs':
bdev/bdev.c:686:2: error: implicit declaration of function 'getline' [-Werror=implicit-function-declaration]
while (getline(&line, &linelen, f) != -1) {
^
Signed-off-by: Christian Brauner <cbrauner@suse.de>
criu.c: In function ‘exec_criu’:
criu.c:310:4: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format=]
ret = sprintf(ghost_limit, "%lu", opts->user->ghost_limit);
^
In file included from criu.c:42:0:
log.h:285:9: error: format ‘%lu’ expects argument of type ‘long unsigned int’, but argument 3 has type ‘uint64_t’ [-Werror=format=]
struct lxc_log_locinfo locinfo = LXC_LOG_LOCINFO_INIT; \
^
criu.c:312:5: note: in expansion of macro ‘ERROR’
ERROR("failed to print ghost limit %lu", opts->user->ghost_limit);
^
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Place an ephemeral container started with -e flag on a tmpfs. Restrictions are
that you cannot request the data to be kept while placing the container on a
tmpfs, that either overlay or aufs backing storage must be used, and that the
storage backend of the original container must be a directory.
For ephemeral snapshots backed by overlay or aufs filesystems, a fresh tmpfs
is mounted over the containers directory if the user requests it. This should
be the easiest options. Anything else would require us to change the current
mount-layout of overlay and aufs snapshots. (A standard overlay or aufs
snapshot clone currently has the layout:
The fact that upperdir and workdir are not placed in a common subfolder under
the container directory has the consequence that we cannot simply mount a fresh
tmpfs under upperdir and workdir because overlay expects them to be on the same
filesystem.)
Because we mount a fresh tmpfs over the directory of the container the updated
/etc/hostname file created during the clone residing in the upperdir (currently
named "delta0" by default) will be hidden. Hence, if the user requests that the
old name is not to be kept for the clone, we recreate this file on the tmpfs.
This should be all that is required to restore the exact behaviour we would get
with a normal clone.
NOTE: If the container is rebooted all changes made to it are lost. This is not
easy to prevent since each reboot remounts the rootfs again.
Signed-off-by: Christian Brauner <cbrauner@suse.de>
Adrian Reber [Fri, 15 Jul 2016 08:54:30 +0000 (10:54 +0200)]
c/r: make local function static
This is a minimal commit which makes the function 'do_restore()' static
as it is not used anywhere else in the code. This also removes a
trailing space my editor complained about.
Adrian Reber [Mon, 4 Jul 2016 14:58:09 +0000 (16:58 +0200)]
c/r: drop in-flight connections during CRIU dump
Shortly after CRIU 2.3 has been released a patch has been added to skip
in-flight TCP connections. In-flight connections are not completely
established connections (SYN, SYN-ACK). Skipping in-flight TCP
connections means that the client has to re-initiate the connection
establishment.
This patch stores the CRIU version detected during version check, so
that during dump/checkpoint options can be dynamically enabled depending
on the available CRIU version.
v2:
* use the newly introduced criu version interface
* add an option to disable skipping in-flight connections
Adrian Reber [Mon, 11 Jul 2016 19:55:43 +0000 (21:55 +0200)]
c/r: initialize migrate_opts properly
The commit "c/r: add support for CRIU's --action-script" breaks
lxc-checkpoint on the command-line. It produces errors like:
sh: $'\260\366\b\001': command not found
and then it fails. src/lxc/criu.c expects migrate_opts->action_script to
be either NULL, then it is ignored, or to actually contain the name of
an action scripts.
As the struct migrate_opts has not static storage is has to be explicitly
initialized or the value of the structure's members is indeterminate.
projects / thirdparty / lxc.git / log
