Hello community, here is the log from the commit of package lxc for openSUSE:Factory checked in at 2013-01-14 12:02:22 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/lxc (Old) and /work/SRC/openSUSE:Factory/.lxc.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/lxc/lxc.changes 2012-04-23 09:15:32.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc.changes 2013-01-14 12:02:24.000000000 +0100 @@ -1,0 +2,50 @@ +Fri Jan 11 15:56:54 UTC 2013 - [email protected] + +- Release 0.8.0: + + add support for autodetection of gateway address + + add support for LVM2 and btrfs snapshot in lxc-clone + + add support for apparmor + + support nested cgroups + + lxc no longer depends on perl + + add support for container hooks (pre-start, mount, start, stop, + umount, post-stop) + + templates are moved to /usr/share/lxc/templates +- Remove + Accurately-detect-whether-a-system-supports-clone_children.patch: + merged upstream. +- Add lxc-opensuse-clonefixes.patch: fix openSUSE template + regarding cloning. +- Add 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch: fix + btrfs subvolume when removing a container. +- Add lxc-autodev.patch: fill /dev when starting container (needed + for systemd). +- Update lxc-opensuse-12.2.patch: switch to systemd in container. + +------------------------------------------------------------------- +Fri Jan 11 15:30:21 UTC 2013 - [email protected] + +- Add lxc-opensuse-12.1-fixbuild.patch: fix openSUSE 12.1 container + build. +- Add lxc-opensuse-12.2.patch: + + switch openSUSE template to 12.2 + + install iputils in the default configuration + + autoconfigure gateway if possible + + detect if network is set to 0.0.0.0 and configure DHCP + + bind mount /etc/resolv.conf in container +- Add use-relative-paths-for-container.patch, + fix-lxc-clone-mount-entries.patch and update sles + template: use relative paths for container mount points, fixes + lxc-clone dropping some lxc.mount entries (bnc#789387). +- Add Requires(post) dependency on aaa_base (bnc#786970) for + openSUSE < 12.3. +- Add dhcpcd in default installation in openSUSE template (bnc#776169). +- Add change-hwaddr-on-clone.patch: modify MAC address when cloning + a container (git) +- Add wait-until-container-is-stopped.patch: if destroying a + running container, wait until it is stopped before destroying it. +- Ensure lxc-createconfig uses opensuse template by default. +- Ensure lxc-createconfig correctly detect cidr (bnc#773234). +- Add pivot-root_shared.patch: fix pivot root when / is mounted as + shared (default on 12.3 and later). + +------------------------------------------------------------------- Old: ---- Accurately-detect-whether-a-system-supports-clone_children.patch lxc-0.7.5.tar.gz lxc-checkconfig-kernel-3.patch lxc-opensuse-12.1.patch lxc-snapshot-btrfs-lvm.patch New: ---- 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch change-hwaddr-on-clone.patch lxc-0.8.0.tar.gz lxc-autodev.patch lxc-cgroup-already-running.patch lxc-opensuse-12.2.patch lxc-opensuse-clonefixes.patch pivot-root_shared.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ --- /var/tmp/diff_new_pack.A05nfK/_old 2013-01-14 12:02:25.000000000 +0100 +++ /var/tmp/diff_new_pack.A05nfK/_new 2013-01-14 12:02:25.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package lxc # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: lxc -Version: 0.7.5 +Version: 0.8.0 Release: 0 Url: http://lxc.sourceforge.net/ Summary: Linux containers implementation @@ -26,17 +26,27 @@ Source: http://lxc.sourceforge.net/download/lxc/%{name}-%{version}.tar.gz Source1: README.SUSE Source2: lxc-createconfig.in -# PATCH-FIX-UPSTREAM update openSUSE template to use 12.1 and various fixes -Patch0: lxc-opensuse-12.1.patch -# PATCH-FIX-UPSTREAM lxc-checkconfig-kernel-3.patch bnc#720845 [email protected] -- correctly detect kernel 3.x -Patch1: lxc-checkconfig-kernel-3.patch -Patch2: Accurately-detect-whether-a-system-supports-clone_children.patch -# PATCH-FIX-UPSTREAM lxc-snapshot-btrfs-lvm.patch [email protected] -- backport support for btrfs and lvm based snapshots (git) -Patch3: lxc-snapshot-btrfs-lvm.patch + +# PATCH-FIX-UPSTREAM lxc-opensuse-clonefixes.patch [email protected] -- various fixes in openSUSE template for lxc-clone +Patch0: lxc-opensuse-clonefixes.patch # PATCH-FIX-UPSTREAM lxc-opensuse-tmpfs.patch [email protected] -- fix shutdown in openSUSE container -Patch4: lxc-opensuse-tmpfs.patch +Patch1: lxc-opensuse-tmpfs.patch +# PATCH-FIX-UPSTREAM lxc-cgroup-already-running.patch [email protected] -- warn if container is already running +Patch2: lxc-cgroup-already-running.patch +# PATCH-FIX-UPSTREAM change-hwaddr-on-clone.patch [email protected] -- update network address when cloning a container +Patch3: change-hwaddr-on-clone.patch +# PATCH-FIX-UPSTREAM 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch [email protected] -- ensure btrfs subvolume is destroyed on container creation fails +Patch4: 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch +# PATCH-FIX-UPSTREAM lxc-opensuse-12.2.patch +Patch5: lxc-opensuse-12.2.patch +# PATCH-FIX-UPSTREAM pivot-root_shared.patch [email protected] -- fix pivot root when / is mount as shared +Patch6: pivot-root_shared.patch +# PATCH-FIX-UPSTREAM lxc-autodev.patch [email protected] -- Add lxc.autodev +Patch7: lxc-autodev.patch + BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: docbook-utils +BuildRequires: libapparmor-devel BuildRequires: libcap-devel BuildRequires: pkg-config %if 0%{?suse_version} >= 1130 @@ -46,6 +56,9 @@ %endif Requires: /sbin/setcap Requires: rsync +%if 0%{?suse_version} < 1230 +Requires(post): aaa_base +%endif # needed to create openSUSE containers using template Recommends: build @@ -64,7 +77,6 @@ License: LGPL-2.1 Group: Development/Libraries/C and C++ Requires: %name = %version -Requires: glibc-devel %description devel Lxc header files and library needed for development of containers. @@ -76,6 +88,9 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 %build %configure --disable-examples @@ -96,9 +111,18 @@ %clean %__rm -rf %buildroot -%post -p /sbin/ldconfig +%post +/sbin/ldconfig +%if 0%{?suse_version} < 1230 +%fillup_and_insserv -f -Y boot.cgroup +/etc/init.d/boot.cgroup start 2>/dev/null >/dev/null || : +%endif -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig +%if 0%{?suse_version} < 1230 +%insserv_cleanup +%endif %files %defattr(-,root,root) @@ -106,7 +130,9 @@ %doc README.SUSE %doc .doc/examples %{_libdir}/lib%{name}.so.* +%{_libexecdir}/%name %{_libdir}/%name +%{_datadir}/%name %dir /var/lib/lxc %{_bindir}/%{name}-* %{_mandir}/man[^3]/* @@ -115,6 +141,6 @@ %defattr(-,root,root) %{_includedir}/%name %{_libdir}/lib%{name}.so -%{_datadir}/pkgconfig/%{name}.pc +%{_libdir}/pkgconfig/%{name}.pc %changelog ++++++ 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch ++++++ >From 028d1b3eb110229113dc99f3587fac1f9fca9b0e Mon Sep 17 00:00:00 2001 From: Frederic Crozat <[email protected]> Date: Wed, 14 Nov 2012 16:02:37 +0100 Subject: [PATCH] Ensure btrfs subvolume is destroyed on error --- src/lxc/lxc-create.in | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/lxc-create.in b/src/lxc/lxc-create.in index b21cdc3..124ffd5 100644 --- a/src/lxc/lxc-create.in +++ b/src/lxc/lxc-create.in @@ -237,6 +237,8 @@ cleanup() { if [ $backingstore = "lvm" ]; then umount $rootfs lvremove -f $rootdev + elif [ $backingstore = "btrfs" ]; then + btrfs subvolume delete "$rootfs" fi ${bindir}/lxc-destroy -n $lxc_name echo "$(basename $0): aborted" >&2 -- 1.7.10.4 ++++++ change-hwaddr-on-clone.patch ++++++ Index: lxc-0.8.0/src/lxc/lxc-clone.in =================================================================== --- lxc-0.8.0.orig/src/lxc/lxc-clone.in +++ lxc-0.8.0/src/lxc/lxc-clone.in @@ -275,7 +275,7 @@ mv ${c} ${c}.old ( while read line; do if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then - echo "lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" + echo "lxc.network.hwaddr = 00:16:3e:$((date ; cat /proc/interrupts ) | md5sum | sed -r 's/^(.{6}).*$/\1/;s/([0-9a-f]{2})/\1:/g;s/:$//;')" else echo "$line" fi ++++++ lxc-0.7.5.tar.gz -> lxc-0.8.0.tar.gz ++++++ ++++ 16657 lines of diff (skipped) ++++++ lxc-autodev.patch ++++++ >From c6883f383e587725552f7c71e96ebe1c34ae7c56 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <[email protected]> Date: Thu, 1 Nov 2012 22:27:03 +0100 Subject: [PATCH] Add lxc.autodev Add a container config option to mount and populate /dev in a container. We might want to add options to specify a max size for /dev other than the default 100k, and to specify other devices to create. And maybe someone can think of a better name than autodev. Changelog: Don't error out if we couldn't mknod a /dev/ttyN. Changelog: Describe the option in lxc.conf manpage. Signed-off-by: Serge Hallyn <[email protected]> --- doc/lxc.conf.sgml.in | 25 ++++++++++++++++ src/lxc/conf.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++ src/lxc/conf.h | 1 + src/lxc/confile.c | 12 ++++++++ 4 files changed, 115 insertions(+) Index: lxc-0.8.0/doc/lxc.conf.sgml.in =================================================================== --- lxc-0.8.0.orig/doc/lxc.conf.sgml.in +++ lxc-0.8.0/doc/lxc.conf.sgml.in @@ -482,6 +482,31 @@ Foundation, Inc., 59 Temple Place, Suite </refsect2> <refsect2> + <title>/dev directory</title> + <para> + By default, lxc does nothing with the container's + <filename>/dev</filename>. This allows the container's + <filename>/dev</filename> to be set up as needed in the container + rootfs. If lxc.autodev is to 1, then after mounting the container's + rootfs LXC will mount a fresh tmpfs under <filename>/dev</filename> + (limited to 100k) and fill in a minimal set of initial devices. + </para> + <variablelist> + <varlistentry> + <term> + <option>lxc.autodev</option> + </term> + <listitem> + <para> + Set this to 1 to have LXC mount and populate a minimal + <filename>/dev</filename> when starting the container. + </para> + </listitem> + </varlistentry> + </variablelist> + </refsect2> + + <refsect2> <title>Mount points</title> <para> The mount points section specifies the different places to be Index: lxc-0.8.0/src/lxc/conf.c =================================================================== --- lxc-0.8.0.orig/src/lxc/conf.c +++ lxc-0.8.0/src/lxc/conf.c @@ -636,6 +636,15 @@ static int setup_tty(const struct lxc_ro return -1; } } else { + /* If we populated /dev, then we need to create /dev/ttyN */ + if (access(path, F_OK)) { + ret = creat(path, 0660); + if (ret==-1) { + SYSERROR("error creating %s\n", path); + /* this isn't fatal, continue */ + } else + close(ret); + } if (mount(pty_info->name, path, "none", MS_BIND, 0)) { WARN("failed to mount '%s'->'%s'", pty_info->name, path); @@ -945,6 +954,67 @@ static int chroot_into_slave(struct lxc_ return 0; } +struct lxc_devs { + char *name; + mode_t mode; + int maj; + int min; +}; + +struct lxc_devs lxc_devs[] = { + { "null", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 3 }, + { "zero", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 5 }, + { "full", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 7 }, + { "urandom", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 9 }, + { "random", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 8 }, + { "tty", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 5, 0 }, + { "console", S_IFCHR | S_IRUSR | S_IWUSR, 5, 1 }, +}; + +/* + * Do we want to add options for max size of /dev and a file to + * specify which devices to create? + */ +static int setup_autodev(char *root) +{ + int ret; + struct lxc_devs *d; + char path[MAXPATHLEN]; + int i; + + INFO("Creating and populating /dev under %s\n", root); + ret = snprintf(path, MAXPATHLEN, "%s/dev", root); + if (ret < 0 || ret > MAXPATHLEN) + return -1; + ret = mount("none", path, "tmpfs", 0, "size=100000"); + if (ret) { + SYSERROR("Failed to mount /dev at %s\n", root); + return -1; + } + for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) { + d = &lxc_devs[i]; + ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name); + if (ret < 0 || ret >= MAXPATHLEN) + return -1; + ret = mknod(path, d->mode, makedev(d->maj, d->min)); + if (ret) { + SYSERROR("Error creating %s\n", d->name); + return -1; + } + } + ret = snprintf(path, MAXPATHLEN, "%s/dev/pts", root); + if (ret < 0 || ret >= MAXPATHLEN) + return -1; + ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH); + if (ret) { + SYSERROR("Failed to create /dev/pts in container"); + return -1; + } + + INFO("Populated /dev under %s\n", root); + return 0; +} + static int setup_rootfs(struct lxc_conf *conf) { const struct lxc_rootfs *rootfs = &conf->rootfs; @@ -2282,6 +2352,13 @@ int lxc_setup(const char *name, struct l return -1; } + if (lxc_conf->autodev) { + if (setup_autodev(lxc_conf->rootfs.mount)) { + ERROR("failed to set up /dev in the container"); + return -1; + } + } + if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) { ERROR("failed to setup the mounts for '%s'", name); return -1; Index: lxc-0.8.0/src/lxc/conf.h =================================================================== --- lxc-0.8.0.orig/src/lxc/conf.h +++ lxc-0.8.0/src/lxc/conf.h @@ -229,6 +229,7 @@ struct lxc_conf { #if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */ int lsm_umount_proc; #endif + int autodev; // if 1, mount and fill a /dev at start }; int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf); Index: lxc-0.8.0/src/lxc/confile.c =================================================================== --- lxc-0.8.0.orig/src/lxc/confile.c +++ lxc-0.8.0/src/lxc/confile.c @@ -75,6 +75,7 @@ static int config_network_ipv6(const cha static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf *); static int config_cap_drop(const char *, char *, struct lxc_conf *); static int config_console(const char *, char *, struct lxc_conf *); +static int config_autodev(const char *, char *, struct lxc_conf *); typedef int (*config_cb)(const char *, char *, struct lxc_conf *); @@ -118,6 +119,7 @@ static struct config config[] = { { "lxc.network.ipv6", config_network_ipv6 }, { "lxc.cap.drop", config_cap_drop }, { "lxc.console", config_console }, + { "lxc.autodev", config_autodev }, }; static const size_t config_size = sizeof(config)/sizeof(struct config); @@ -699,6 +701,16 @@ static int config_aa_profile(const char } #endif +static int config_autodev(const char *key, char *value, + struct lxc_conf *lxc_conf) +{ + int v = atoi(value); + + lxc_conf->autodev = v; + + return 0; +} + static int config_cgroup(const char *key, char *value, struct lxc_conf *lxc_conf) { char *token = "lxc.cgroup."; ++++++ lxc-cgroup-already-running.patch ++++++ >From abce2e8ee2cc07c1273dff7786902393a28108de Mon Sep 17 00:00:00 2001 From: Frederic Crozat <[email protected]> Date: Fri, 27 Apr 2012 15:57:02 +0200 Subject: [PATCH] give a hint if old cgroup can't be moved When cgroup can't be moved, it might be a hint container is already running. --- src/lxc/cgroup.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Index: lxc-0.8.0/src/lxc/cgroup.c =================================================================== --- lxc-0.8.0.orig/src/lxc/cgroup.c +++ lxc-0.8.0/src/lxc/cgroup.c @@ -434,6 +434,9 @@ static int lxc_one_cgroup_create(const c if (!access(cgname, F_OK) && rmdir(cgname)) { if (try_to_move_cgname(cgparent, cgname)) { SYSERROR("failed to remove previous cgroup '%s'", cgname); + ERROR("##"); + ERROR("# The container might be already running!"); + ERROR("##"); return -1; } } ++++++ lxc-createconfig.in ++++++ --- /var/tmp/diff_new_pack.A05nfK/_old 2013-01-14 12:02:26.000000000 +0100 +++ /var/tmp/diff_new_pack.A05nfK/_new 2013-01-14 12:02:26.000000000 +0100 @@ -36,7 +36,7 @@ echo "name : name of the container" echo "ipaddr : ip address/cidr of the container" echo "bridge : bridge device for container (br0 if undefined)" - echo "template : template is an accessible template script (sles if undefined)" + echo "template : template is an accessible template script (opensuse if undefined)" } shortoptions='hn:i:b:t:' @@ -44,7 +44,7 @@ lxc_confpath=$HOME templatedir=@LXCTEMPLATEDIR@ lxc_bridge=br0 -lxc_template=sles +lxc_template=opensuse getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") if [ $? != 0 ]; then @@ -104,7 +104,7 @@ fi if [ ! -z "$lxc_ipaddr" ]; then - echo $lxc_ipaddr | grep "/[0-3][0-9]\{0,1\}" + echo $lxc_ipaddr | grep -E '/(([^C9]{0,1}[0-9])|(3[0-2]))$' if [ $? -ne 0 ]; then echo "$lxc_ipaddr is missing a cidr" usage ++++++ lxc-opensuse-12.1.patch -> lxc-opensuse-12.2.patch ++++++ --- /work/SRC/openSUSE:Factory/lxc/lxc-opensuse-12.1.patch 2012-04-23 09:15:31.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.lxc.new/lxc-opensuse-12.2.patch 2013-01-14 12:02:24.000000000 +0100 @@ -1,200 +1,133 @@ -From 44ee8a102e3d8052631fbb119f58a55ce678d039 Mon Sep 17 00:00:00 2001 -From: Frederic Crozat <[email protected]> -Date: Tue, 25 Oct 2011 11:25:18 +0200 -Subject: [PATCH 1/2] templates: update openSUSE template for openSUSE 12.1 - -rely on "build" package, to ensure chroot can be created with -distribution older than 12.1 - -Signed-off-by: Daniel Lezcano <[email protected]> ---- - templates/lxc-opensuse.in | 75 ++++++++++++++++++++++++++++---------------- - 1 files changed, 48 insertions(+), 27 deletions(-) - -diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in -index 811876a..d30147d 100644 ---- a/templates/lxc-opensuse.in -+++ b/templates/lxc-opensuse.in +Index: lxc-0.8.0/templates/lxc-opensuse.in +=================================================================== +--- lxc-0.8.0.orig/templates/lxc-opensuse.in ++++ lxc-0.8.0/templates/lxc-opensuse.in @@ -25,7 +25,7 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA --DISTRO=11.4 -+DISTRO=12.1 +-DISTRO=12.1 ++DISTRO=12.2 configure_opensuse() { -@@ -106,28 +106,11 @@ cons:2345:respawn:/sbin/mingetty --noclear console screen - c1:2345:respawn:/sbin/mingetty --noclear tty1 screen +@@ -34,39 +34,13 @@ configure_opensuse() + + # set network as static, but everything is done by LXC outside the container + cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 +-STARTMODE='manual' ++STARTMODE='auto' + BOOTPROTO='none' EOF -- # patch boot script, no longer needed in openSUSE 12.1 / SLE11-SP2 -- patch --quiet -d $rootfs/etc/init.d/ << EOF ----- boot.orig 2011-05-26 16:03:07.000000000 +0200 --+++ boot 2011-05-26 16:03:19.000000000 +0200 --@@ -98,12 +98,12 @@ -- echo "***************************************************************" -- /sbin/halt -f -- fi --- echo -n "Mounting devtmpfs at /dev" --- mount -n -t devtmpfs -o mode=0755 devtmpfs /dev --- rc_status -v -r --+# echo -n "Mounting devtmpfs at /dev" --+# mount -n -t devtmpfs -o mode=0755 devtmpfs /dev --+# rc_status -v -r -- fi +- # set default route +- IP=$(/sbin/ip route | awk '/default/ { print $3 }') +- echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes - ---cp -axT --remove-destination /lib/udev/devices /dev --+#cp -axT --remove-destination /lib/udev/devices /dev + # create empty fstab + touch $rootfs/etc/fstab + +- # create minimal /dev +- mknod -m 666 $rootfs/dev/random c 1 8 +- mknod -m 666 $rootfs/dev/urandom c 1 9 +- mkdir -m 755 $rootfs/dev/pts +- mkdir -m 1777 $rootfs/dev/shm +- mknod -m 666 $rootfs/dev/tty c 5 0 +- mknod -m 600 $rootfs/dev/console c 5 1 +- mknod -m 666 $rootfs/dev/tty0 c 4 0 +- mknod -m 666 $rootfs/dev/tty1 c 4 1 +- mknod -m 666 $rootfs/dev/tty2 c 4 2 +- mknod -m 666 $rootfs/dev/tty3 c 4 3 +- mknod -m 666 $rootfs/dev/tty4 c 4 4 +- ln -s null $rootfs/dev/tty10 +- mknod -m 666 $rootfs/dev/full c 1 7 +- mknod -m 666 $rootfs/dev/ptmx c 5 2 +- ln -s /proc/self/fd $rootfs/dev/fd +- ln -s /proc/kcore $rootfs/dev/core +- mkdir -m 755 $rootfs/dev/mapper +- mknod -m 600 $rootfs/dev/mapper/control c 10 60 +- mkdir -m 755 $rootfs/dev/net +- mknod -m 666 $rootfs/dev/net/tun c 10 200 - -- if test -d /sys/kernel/debug -a "$HAVE_DEBUGFS" = "1" ; then -- mount -n -t debugfs debugfs /sys/kernel/debug > /dev/null 2>&1 -+ # set /dev/console as securetty -+ cat << EOF >> $rootfs/etc/securetty -+console + # set the hostname + cat <<EOF > $rootfs/etc/HOSTNAME + $hostname +@@ -91,23 +65,6 @@ LOADER_TYPE=none + LOADER_LOCATION=none EOF -+ - cat <<EOF >> $rootfs/etc/sysconfig/boot - # disable root fsck - ROOTFS_FSCK="0" -@@ -136,7 +119,7 @@ EOF - - # remove pointless services in a container -- insserv -r -f -p $rootfs/etc/init.d boot.udev boot.udev_retry boot.md boot.lvm boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog -+ chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd - - echo "Please change root-password !" - echo "root:root" | chroot $rootfs chpasswd -@@ -149,6 +132,12 @@ download_opensuse() - cache=$1 - arch=$2 - -+ if [ ! -x /usr/bin/build ]; then -+ echo "Could not create openSUSE template :" -+ echo "you need to install \"build\" package" -+ return 1 -+ fi -+ - # check the mini opensuse was not already downloaded - mkdir -p "$cache/partial-$arch" +- # cut down inittab +- cat <<EOF > $rootfs/etc/inittab +-id:3:initdefault: +-si::bootwait:/etc/init.d/boot +-l0:0:wait:/etc/init.d/rc 0 +-l1:1:wait:/etc/init.d/rc 1 +-l2:2:wait:/etc/init.d/rc 2 +-l3:3:wait:/etc/init.d/rc 3 +-l6:6:wait:/etc/init.d/rc 6 +-ls:S:wait:/etc/init.d/rc S +-~~:S:respawn:/sbin/sulogin +-p6::ctrlaltdel:/sbin/init 6 +-p0::powerfail:/sbin/init 0 +-cons:2345:respawn:/sbin/mingetty --noclear console screen +-c1:2345:respawn:/sbin/mingetty --noclear tty1 screen +-EOF +- + # set /dev/console as securetty + cat << EOF >> $rootfs/etc/securetty + console +@@ -121,10 +78,15 @@ EOF -@@ -159,18 +148,50 @@ download_opensuse() - # download a mini opensuse into a cache - echo "Downloading opensuse minimal ..." -+ mkdir -p "$cache/partial-$arch-packages" -+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss -+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update -+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update -+ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init -+ cat > $cache/partial-$arch-packages/opensuse.conf << EOF -+Preinstall: aaa_base bash coreutils diffutils -+Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 -+Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam -+Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1 -+Preinstall: liblzma5 libcap2 libpcre0 -+Preinstall: libpopt0 libelf1 liblua5_1 -+ -+RunScripts: aaa_base -+ -+Support: zypper -+Support: patterns-openSUSE-base -+Support: lxc -+Prefer: sysvinit-init -+ -+Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf -+EOF + # remove pointless services in a container +- chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd ++ ln -s /dev/null $rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount ++ ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service ++ ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service ++ ln -s /lib/systemd/system/[email protected] $rootfs/etc/systemd/system/getty.target.wants/[email protected] + -+ CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch -+ chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss -+ chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update -+ chroot $cache/partial-$arch rpm -e patterns-openSUSE-base -+ umount $cache/partial-$arch/proc -+# really clean the image -+ rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg} -+ rm -fr $cache/partial-$arch/dev -+# make sure we have a minimal /dev - mkdir -p "$cache/partial-$arch/dev" - mknod -m 666 $cache/partial-$arch/dev/null c 1 3 - mknod -m 666 $cache/partial-$arch/dev/zero c 1 5 -- zypper --quiet --root $cache/partial-$arch --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss -- zypper --quiet --root $cache/partial-$arch --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update -- zypper --quiet --root $cache/partial-$arch --non-interactive --gpg-auto-import-keys in --auto-agree-with-licenses -t pattern base -- zypper --quiet --root $cache/partial-$arch --non-interactive --gpg-auto-import-keys in +lxc -kbd -patterns-openSUSE-base -+# create mtab symlink -+ rm -f $cache/partial-$arch/etc/mtab -+ ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab - if [ $? -ne 0 ]; then - echo "Failed to download the rootfs, aborting." - return 1 - fi - -+ rm -fr "$cache/partial-$arch-packages" - mv "$1/partial-$arch" "$1/rootfs-$arch" - echo "Download complete." - --- -1.7.7 - - -From 594d9ba1043bdbc3bb0bded71e19a6ed3e724e4d Mon Sep 17 00:00:00 2001 -From: Frederic Crozat <[email protected]> -Date: Wed, 18 Apr 2012 17:17:18 +0200 -Subject: [PATCH] various fixes for openSUSE template: - create /etc/hostname - as symlink to /etc/HOSTNAME (lxc-clone fix) - fix - inadequate space in lxc.mount config (lxc-clone fix) - fix - openSUSE 12.1 template creation on x86 platform - disable - network in container if not configured - configure network - scripts properly - ---- - templates/lxc-opensuse.in | 34 +++++++++++++++++++++++++++++----- - 1 files changed, 29 insertions(+), 5 deletions(-) - -diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in -index 120b2c7..4342150 100644 ---- a/templates/lxc-opensuse.in -+++ b/templates/lxc-opensuse.in -@@ -34,8 +34,8 @@ configure_opensuse() - - # set network as static, but everything is done by LXC outside the container - cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 --STARTMODE='auto' --BOOTPROTO='static' -+STARTMODE='manual' -+BOOTPROTO='none' - EOF ++ touch $rootfs/etc/sysconfig/kernel - # set default route -@@ -71,6 +71,8 @@ EOF - cat <<EOF > $rootfs/etc/HOSTNAME - $hostname - EOF -+ # ensure /etc/hostname is available too -+ ln -s -f HOSTNAME $rootfs/etc/hostname + echo "Please change root-password !" +- echo "root:root" | chroot $rootfs chpasswd ++ echo "root:root" | chpasswd -R $rootfs - # do not use hostname from HOSTNAME variable - cat <<EOF >> $rootfs/etc/sysconfig/cron -@@ -156,10 +158,11 @@ download_opensuse() + return 0 + } +@@ -154,30 +116,45 @@ download_opensuse() + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update + zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update +- zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init ++ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils cat > $cache/partial-$arch-packages/opensuse.conf << EOF Preinstall: aaa_base bash coreutils diffutils - Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 +-Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 -Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam -+Preinstall: libbz2-1 libgcc46 libncurses5 pam ++Preinstall: filesystem fillup glibc grep insserv ++Preinstall: libbz2-1 libgcc47 libncurses5 pam Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1 - Preinstall: liblzma5 libcap2 libpcre0 +-Preinstall: liblzma5 libcap2 libpcre0 ++Preinstall: liblzma5 libcap2 libacl1 libattr1 Preinstall: libpopt0 libelf1 liblua5_1 -+Preinstall: netcfg ++Preinstall: libpcre1 RunScripts: aaa_base -@@ -169,9 +172,21 @@ Support: lxc - Prefer: sysvinit-init - - Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf -+Ignore: patterns-openSUSE-base:polkit-defaults-privs -+Ignore: patterns-openSUSE-base:openSUSE-build-key + Support: zypper + Support: patterns-openSUSE-base + Support: lxc +-Prefer: sysvinit-init ++Support: ncurses-utils ++Support: iputils ++Support: udev ++Support: netcfg ++Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh ++Support: pwdutils rpcbind sysconfig rsyslog + +-Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf ++Ignore: rpm:suse-build-key,build-key ++Ignore: systemd:systemd-presets-branding EOF + if [ "$arch" == "i686" ]; then + mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/ @@ -208,34 +141,59 @@ + fi - CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch -+ CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch ++ CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update - chroot $cache/partial-$arch rpm -e patterns-openSUSE-base -@@ -254,13 +269,22 @@ copy_configuration() - rootfs=$2 +- chroot $cache/partial-$arch rpm -e patterns-openSUSE-base +- umount $cache/partial-$arch/proc + # really clean the image + rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg} + rm -fr $cache/partial-$arch/dev +@@ -261,21 +238,45 @@ copy_configuration() name=$3 -+# only disable network if no network configuration was passed -+grep -q lxc.network.type $path/config -+network_not_configured=$? -+if [ $network_not_configured -eq 1 ]; then -+ cat <<EOF >> $path/config -+lxc.network.type = empty -+EOF -+fi -+ + # only disable network if no network configuration was passed +-grep -q lxc.network.type $path/config ++sed '/^#/d' $path/config | grep -q lxc.network.type + network_not_configured=$? + if [ $network_not_configured -eq 1 ]; then + cat <<EOF >> $path/config + lxc.network.type = empty + EOF ++else ++ type=$(sed '/^#/d; /lxc.network.type/!d; s/.*=[ \t]*//' $path/config) ++ sed '/^#/d' $path/config | grep -q lxc.network.*.gateway ++ gateway_not_configured=$? ++ sed '/^#/d' $path/config | grep -q lxc.network.ipv4 ++ ipv4_not_configured=$? ++ if [ $gateway_not_configured ]; then ++ [ $ipv4_not_configured -eq 0 ] && ipv4=$(sed '/^#/d; /lxc.network.ipv4/!d; /gateway/d; s/.*=[ \t]*//; s/\([[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\).*/\1/' $path/config) ++ if [ "$type" = "veth" -o "$type" = "macvlan" ]; then ++ if [ $ipv4_not_configured -eq 0 -a "$ipv4" != "0.0.0.0" ]; then ++ # set default route ++ IP=$(/sbin/ip route | awk '/default/ { print $3 }') ++ echo "lxc.network.ipv4.gateway = $IP " >> $path/config ++ else ++ # set network as dhcp ++ sed -i -e 's/BOOTPROTO=.*/BOOTPROTO=dhcp/' $rootfs/etc/sysconfig/network/ifcfg-eth0 ++ fi ++ fi ++ fi ++ if [ "$type" != "empty" ]; then ++ echo "#remove next line if host DNS configuration should not be available to container" >> $path/config ++ echo "lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0" >> $path/config ++ fi + fi + cat <<EOF >> $path/config lxc.utsname = $name - +- ++lxc.autodev=1 lxc.tty = 4 lxc.pts = 1024 lxc.rootfs = $rootfs --lxc.mount = $path/fstab -+lxc.mount = $path/fstab + lxc.mount = $path/fstab ++lxc.cap.drop = sys_module mac_admin mac_override mknod - lxc.cgroup.devices.deny = a - # /dev/null and zero --- -1.7.7 - + # When using LXC with apparmor, uncomment the next line to run unconfined: + #lxc.aa_profile = unconfined ++++++ lxc-opensuse-clonefixes.patch ++++++ >From 094f7c36e3ac80be9eb3b1746560965377256467 Mon Sep 17 00:00:00 2001 From: Frederic Crozat <[email protected]> Date: Wed, 18 Apr 2012 17:17:18 +0200 Subject: [PATCH] various fixes for openSUSE template for lxc-clone usage - create /etc/hostname as symlink to /etc/HOSTNAME - fix inadequate space in lxc.mount config, preventing lxc-clone to work --- templates/lxc-opensuse.in | 4 +++- 1 files changed, 3 insertions(+), 1 deletions(-) Index: lxc-0.8.0/templates/lxc-opensuse.in =================================================================== --- lxc-0.8.0.orig/templates/lxc-opensuse.in +++ lxc-0.8.0/templates/lxc-opensuse.in @@ -34,8 +34,8 @@ configure_opensuse() # set network as static, but everything is done by LXC outside the container cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 -STARTMODE='auto' -BOOTPROTO='static' +STARTMODE='manual' +BOOTPROTO='none' EOF # set default route @@ -71,6 +71,8 @@ EOF cat <<EOF > $rootfs/etc/HOSTNAME $hostname EOF + # ensure /etc/hostname is available too + ln -s -f HOSTNAME $rootfs/etc/hostname # do not use hostname from HOSTNAME variable cat <<EOF >> $rootfs/etc/sysconfig/cron @@ -257,13 +259,22 @@ copy_configuration() rootfs=$2 name=$3 +# only disable network if no network configuration was passed +grep -q lxc.network.type $path/config +network_not_configured=$? +if [ $network_not_configured -eq 1 ]; then + cat <<EOF >> $path/config +lxc.network.type = empty +EOF +fi + cat <<EOF >> $path/config lxc.utsname = $name lxc.tty = 4 lxc.pts = 1024 lxc.rootfs = $rootfs -lxc.mount = $path/fstab +lxc.mount = $path/fstab # When using LXC with apparmor, uncomment the next line to run unconfined: #lxc.aa_profile = unconfined ++++++ lxc-opensuse-tmpfs.patch ++++++ --- /var/tmp/diff_new_pack.A05nfK/_old 2013-01-14 12:02:26.000000000 +0100 +++ /var/tmp/diff_new_pack.A05nfK/_new 2013-01-14 12:02:26.000000000 +0100 @@ -9,11 +9,11 @@ templates/lxc-opensuse.in | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) -diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in -index 0946f95..076fe4f 100644 ---- a/templates/lxc-opensuse.in -+++ b/templates/lxc-opensuse.in -@@ -201,6 +201,10 @@ EOF +Index: lxc-0.8.0/templates/lxc-opensuse.in +=================================================================== +--- lxc-0.8.0.orig/templates/lxc-opensuse.in ++++ lxc-0.8.0/templates/lxc-opensuse.in +@@ -188,6 +188,10 @@ EOF # create mtab symlink rm -f $cache/partial-$arch/etc/mtab ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab @@ -24,14 +24,11 @@ if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." return 1 -@@ -307,6 +311,7 @@ EOF +@@ -297,6 +301,7 @@ EOF cat <<EOF > $path/fstab - proc $rootfs/proc proc nodev,noexec,nosuid 0 0 - sysfs $rootfs/sys sysfs defaults 0 0 -+tmpfs $rootfs/run tmpfs mode=0755,nodev,nosuid 0 0 + proc proc proc nodev,noexec,nosuid 0 0 + sysfs sys sysfs defaults 0 0 ++tmpfs run tmpfs mode=0755,nodev,nosuid 0 0 EOF if [ $? -ne 0 ]; then --- -1.7.7 - ++++++ pivot-root_shared.patch ++++++ >From cc28d0b0a66bd956645dc7b8fc85b917711f2472 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <[email protected]> Date: Wed, 19 Dec 2012 23:58:44 -0600 Subject: [PATCH] Support MS_SHARED / MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit (I'll be out until Jan 2, but in the meantime, here is hopefully a little newyears gift - this seems to allow lxc-start with / being MS_SHARED on the host) When / is MS_SHARED (for instance with f18 and modern arch), lxc-start fails on pivot_root. The kernel enforces that, when doing pivot_root, the parent of current->fs->root (as well as the new root and the putold location) not be MS_SHARED. To work around this, check /proc/self/mountinfo for a 'shared:' in the '/' line. If it is there, then create a tiny MS_SLAVE tmpfs dir to serve as parent of /, recursively bind mount / into /root under that dir, make it rslave, and chroot into it. Tested with ubuntu raring image after doing 'mount --make-rshared /'. Signed-off-by: Serge Hallyn <[email protected]> Acked-by: Stéphane Graber <[email protected]> --- src/lxc/conf.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- src/lxc/conf.h | 3 ++ src/lxc/start.c | 8 ++++ 3 files changed, 125 insertions(+), 3 deletions(-) Index: lxc-0.7.5/src/lxc/conf.c =================================================================== --- lxc-0.7.5.orig/src/lxc/conf.c +++ lxc-0.7.5/src/lxc/conf.c @@ -716,8 +716,112 @@ static int setup_rootfs_pivot_root(const return 0; } -static int setup_rootfs(const struct lxc_rootfs *rootfs) +/* + * Detect whether / is mounted MS_SHARED. The only way I know of to + * check that is through /proc/self/mountinfo. + * I'm only checking for /. If the container rootfs or mount location + * is MS_SHARED, but not '/', then you're out of luck - figuring that + * out would be too much work to be worth it. + */ +#define LINELEN 4096 +int detect_shared_rootfs(void) { + char buf[LINELEN], *p; + FILE *f; + int i; + char *p2; + + f = fopen("/proc/self/mountinfo", "r"); + if (!f) + return 0; + while ((p = fgets(buf, LINELEN, f))) { + INFO("looking at .%s.", p); + for (p = buf, i=0; p && i < 4; i++) + p = index(p+1, ' '); + if (!p) + continue; + p2 = index(p+1, ' '); + if (!p2) + continue; + *p2 = '\0'; + INFO("now p is .%s.", p); + if (strcmp(p+1, "/") == 0) { + // this is '/'. is it shared? + p = index(p2+1, ' '); + if (strstr(p, "shared:")) + return 1; + } + } + fclose(f); + return 0; +} + +/* + * I'll forgive you for asking whether all of this is needed :) The + * answer is yes. + * pivot_root will fail if the new root, the put_old dir, or the parent + * of current->fs->root are MS_SHARED. (parent of current->fs_root may + * or may not be current->fs_root - if we assumed it always was, we could + * just mount --make-rslave /). So, + * 1. mount a tiny tmpfs to be parent of current->fs->root. + * 2. make that MS_SLAVE + * 3. make a 'root' directory under that + * 4. mount --rbind / under the $tinyroot/root. + * 5. make that rslave + * 6. chdir and chroot into $tinyroot/root + * 7. $tinyroot will be unmounted by our parent in start.c + */ +static int chroot_into_slave(struct lxc_conf *conf) +{ + char path[MAXPATHLEN]; + const char *destpath = conf->rootfs.mount; + int ret; + + if (mount(destpath, destpath, NULL, MS_BIND, 0)) { + SYSERROR("failed to mount %s bind", destpath); + return -1; + } + if (mount("", destpath, NULL, MS_SLAVE, 0)) { + SYSERROR("failed to make %s slave", destpath); + return -1; + } + if (mount("none", destpath, "tmpfs", 0, "size=10000")) { + SYSERROR("Failed to mount tmpfs / at %s", destpath); + return -1; + } + ret = snprintf(path, MAXPATHLEN, "%s/root", destpath); + if (ret < 0 || ret >= MAXPATHLEN) { + ERROR("out of memory making root path"); + return -1; + } + if (mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) { + SYSERROR("Failed to create /dev/pts in container"); + return -1; + } + if (mount("/", path, NULL, MS_BIND|MS_REC, 0)) { + SYSERROR("Failed to rbind mount / to %s", path); + return -1; + } + if (mount("", destpath, NULL, MS_SLAVE|MS_REC, 0)) { + SYSERROR("Failed to make tmp-/ at %s rslave", path); + return -1; + } + if (chdir(path)) { + SYSERROR("Failed to chdir into tmp-/"); + return -1; + } + if (chroot(path)) { + SYSERROR("Failed to chroot into tmp-/"); + return -1; + } + INFO("Chrooted into tmp-/ at %s\n", path); + return 0; +} + +static int setup_rootfs(struct lxc_conf *conf) +{ + const struct lxc_rootfs *rootfs = &conf->rootfs; + if (!rootfs->path) return 0; @@ -727,6 +831,13 @@ static int setup_rootfs(const struct lxc return -1; } + if (detect_shared_rootfs()) { + if (chroot_into_slave(conf)) { + ERROR("Failed to chroot into slave /"); + return -1; + } + } + if (mount_rootfs(rootfs->path, rootfs->mount)) { ERROR("failed to mount rootfs"); return -1; @@ -848,7 +959,7 @@ static int setup_console(const struct lx return 0; } -static int setup_cgroup(const char *name, struct lxc_list *cgroups) +int setup_cgroup(const char *name, struct lxc_list *cgroups) { struct lxc_list *iterator; struct lxc_cgroup *cg; @@ -1846,7 +1957,7 @@ int lxc_setup(const char *name, struct l return -1; } - if (setup_rootfs(&lxc_conf->rootfs)) { + if (setup_rootfs(lxc_conf)) { ERROR("failed to setup rootfs for '%s'", name); return -1; } Index: lxc-0.7.5/src/lxc/conf.h =================================================================== --- lxc-0.7.5.orig/src/lxc/conf.h +++ lxc-0.7.5/src/lxc/conf.h @@ -227,6 +227,9 @@ extern int lxc_find_gateway_addresses(st extern int lxc_create_tty(const char *name, struct lxc_conf *conf); extern void lxc_delete_tty(struct lxc_tty_info *tty_info); +extern int setup_cgroup(const char *name, struct lxc_list *cgroups); +extern int detect_shared_rootfs(void); + /* * Configure the container from inside */ Index: lxc-0.7.5/src/lxc/start.c =================================================================== --- lxc-0.7.5.orig/src/lxc/start.c +++ lxc-0.7.5/src/lxc/start.c @@ -535,6 +535,14 @@ int lxc_spawn(struct lxc_handler *handle if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CONFIGURE)) return -1; + if (detect_shared_rootfs()) + umount2(handler->conf->rootfs.mount, MNT_DETACH); + + if (setup_cgroup(name, &handler->conf->cgroup)) { + ERROR("failed to setup the cgroups for '%s'", name); + goto out_delete_net; + } + if (handler->ops->post_start(handler, handler->data)) goto out_abort; -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
