Re: [lxc-devel] [CRIU] LXC live migrate
On 11/27/2013 09:54 AM, Pavel Emelyanov wrote:
On 11/27/2013 06:19 AM, Qiang Huang wrote:
On 2013/11/27 0:19, Marian Marinov wrote:
On my test setup it works for processes like apache, dovecot and mysql.
However it does not work with containers:
root@s321:~# criu dump -D deb1 -t 19332 --file-locks
(00.004962) Error (namespaces.c:155): Can't dump nested pid namespace for
28352
(00.004985) Error (namespaces.c:321): Can't make pidns id
(00.005327) Error (cr-dump.c:1811): Dumping FAILED.
root@s321:~#
When I try to dump the init process(which I believe I should not do), here
is what I see:
http://pastebin.com/DFC0ADpp
(00.291294) Error (tty.c:222): tty: Unexpected format on path /dev/tty1
(00.291315) Error (cr-dump.c:1491): Dump files (pid: 29702) failed with -1
(00.291892) Error (cr-dump.c:1811): Dumping FAILED.
This is my setup:
19332 ?Ss 0:00 lxc-start -n deb1 -d
28352 ?Ss 0:00 \_ init [3]
28393 ?Ss 0:00 \_ /usr/sbin/apache2 -k start
28419 ?S 0:00 | \_ /usr/sbin/apache2 -k start
28422 ?Sl 0:00 | \_ /usr/sbin/apache2 -k start
28423 ?Sl 0:00 | \_ /usr/sbin/apache2 -k start
28489 ?S 0:00 \_ /bin/sh /usr/bin/mysqld_safe
28620 ?Sl 0:00 | \_ /usr/sbin/mysqld --basedir=/usr
--datadir=/var/lib/mysql --user=mysql
--pid-file=/var/run/mysqld/mysqld.pid --socket=/var/run/mysqld/mysqld.sock
--port
28621 ?S 0:00 | \_ logger -t mysqld -p daemon.error
28598 ?Ss 0:00 \_ /usr/sbin/sshd
29702 pts/0Ss+0:00 \_ /sbin/getty 38400 tty1 linux
I rebooted the container without getty on tty1 and then I got this:
(00.260757) Error (mount.c:255): 86:/dev/tty4 doesn't have a proper root
mount
This is the reason. That's container's console which is a bind mounted tty
from
the host. And since this is an external connection, CRIU doesn't dump one.
There are two ways to resolve this. The first is disable container's console.
It's
fast, but ugly. The second way is supporting one, but it would require criu
hacking.
We should detect, that this is an external tty, decide, that we're OK to
disconnect
it after dump and on restore -- connect it back.
The third one would be to implement lxc-checkpoint and lxc-restart
(which are empty) to invoke CRUI. Then from there you can dump the
container's configuration and restart with.
(00.261007) Error (namespaces.c:445): Namespaces dumping finished with
error 65280
(00.261454) Error (cr-dump.c:1811): Dumping FAILED.
This ithe relevant container config
## Device config
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rm
# mounts point
lxc.mount.entry = devpts dev/pts devpts gid=5,mode=620 0 0
lxc.mount.auto = proc:mixed sys:ro
Am I doing something wrong?
According to the criu TODO list: http://criu.org/Todo
cgroups in container is not supported yet, so I doubt it would work for
normal containers.
AFAIK cgroups are used _inside_ containers only with recent guest templates.
In OpenVZ we use more old ones (and more stable) so haven't meet this yet.
And yes, cgroups are in plans for the nearest future :)
I'm interested in this too, so let's cc CRIU list and find out what is wrong
:)
Marian
Thanks,
Pavel
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Rapidly troubleshoot problems before they affect your business. Most IT
organizations don't have a clear picture of how application performance
affects their revenue. With AppDynamics, you get 100% visibility into your
Java,.NET, PHP application. Start your 15-day FREE TRIAL of AppDynamics Pro!
http://pubads.g.doubleclick.net/gampad/clk?id=84349351iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
[lxc-devel] [GIT] lxc tag, lxc-1.0.0.alpha1, created. 4213373fe5bb5d03d3e0a212a0ef9784b644f162
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-1.0.0.alpha1 has been created at 4213373fe5bb5d03d3e0a212a0ef9784b644f162 (commit) - Log - commit 4213373fe5bb5d03d3e0a212a0ef9784b644f162 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Sep 10 23:55:26 2013 +0200 change version to 1.0.0.alpha1 in configure.ac Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr --- hooks/post-receive -- lxc -- How ServiceNow helps IT people transform IT departments: 1. Consolidate legacy IT systems to a single system of record for IT 2. Standardize and globalize service processes across IT 3. Implement zero-touch automation to replace manual, redundant tasks http://pubads.g.doubleclick.net/gampad/clk?id=5127iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Use container specific domain socket name
On 04/15/2013 07:53 AM, S.Çağlar Onur wrote: Hi Daniel, On Sun, Apr 14, 2013 at 4:42 PM, Daniel Lezcano daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr wrote: On 04/14/2013 09:56 PM, S.Çağlar Onur wrote: Hi all, I had some free time today so I tried to implement something using AF_INET messages over loopback broadcast address. I'm not including the patch here because gmail web interface damages it and that's what I use right now so please use [1] to see it. I'm sending it to get your feedback and will submit it to list if you are OK with that approach. P.S: I used 51423 as the port but of course it can be changed accordingly. [1] https://github.com/caglar10ur/lxc-upstream/commit/123b20e2945ed2b4bc9e6e27b9ef398ec8fcae40.patch Thanks for this code ! It sounds like the approach seems ok. My concern is the same than Serge, what can we do to ensure an event was sent by a container ? We don't want someone to send fake events via UDP. We can't tolerate a simple program messing a container supervisor and all the containers (running an OS instance). Assuming an user, which is not root, can't build an IP packet, we can rely on the IP identification number to detect fake packets, no ? I'm not sure about the right answer of that question. I was under the impression that we are safe since kernel only allows root user to send broadcast packages over loopback interface but I might be completely wrong. I don't find a confirmation about this anywhere. Do you have a pointer ? If it is the case, then that's cool because we are safe on this side. Is your code tested ? I mean, did you validate monitoring the events works with this approach ? Thanks -- Daniel -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Use container specific domain socket name
On 04/14/2013 09:56 PM, S.Çağlar Onur wrote: Hi all, I had some free time today so I tried to implement something using AF_INET messages over loopback broadcast address. I'm not including the patch here because gmail web interface damages it and that's what I use right now so please use [1] to see it. I'm sending it to get your feedback and will submit it to list if you are OK with that approach. P.S: I used 51423 as the port but of course it can be changed accordingly. [1] https://github.com/caglar10ur/lxc-upstream/commit/123b20e2945ed2b4bc9e6e27b9ef398ec8fcae40.patch Thanks for this code ! It sounds like the approach seems ok. My concern is the same than Serge, what can we do to ensure an event was sent by a container ? We don't want someone to send fake events via UDP. We can't tolerate a simple program messing a container supervisor and all the containers (running an OS instance). Assuming an user, which is not root, can't build an IP packet, we can rely on the IP identification number to detect fake packets, no ? On Fri, Apr 12, 2013 at 5:31 PM, Daniel Lezcano daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr wrote: On 04/12/2013 06:55 PM, S.Çağlar Onur wrote: I'm not experienced with it so please forgive me if I'm talking non-sense but what about switching back to using (or abusing depending on your point of view) netlink via libnl? Because it is much more than abusing :) It is hacking the rtnetlink service, which means you filter out the messages not coming from lxc (could be netlink messages about route changes, etc ...) and the different tools relying on this netlink family must ignore lxc messages. I will refresh my memory and implement a prototype based on af_inet messages, that may take awhile because I am very busy for the moment. Regards -- Daniel On Fri, Apr 12, 2013 at 10:02 AM, Serge Hallyn serge.hal...@ubuntu.com mailto:serge.hal...@ubuntu.com mailto:serge.hal...@ubuntu.com mailto:serge.hal...@ubuntu.com wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr): Sorry for jumping so late in the thread but I disagree to use DBUS with LXC because of the dependency with more packages, LXC has been designed to be stand alone, nothing prevent to add more complexity and dependencies but on top of LXC not inside. To answer the previous email Serge sent me, I thought a bit about the mechanism in order to prevent a publish/subscribe approach. The first version used the af_netlink socket to use some kind of message multicast on processes. But it hacked a family of the netlink which was conflicting with the ip_route tool. In order to prevent this conflict I switched temporarly to the AF_UNIX socket while looking for a socket type matching our needs. The AF_IPN (Inter Process Network) could have been perfect but the patchset has been rejected. I think the solution to solve this issue is to use the AF_INET protocol on the loopback using the loopback's broadcast address and filter the messages with the container name. The code should be 'trivial'. One question remains with this approach : which communication port number ? A consideration: right now the the monitors are per-lxcpath. So if user joe is using lxcpath /home/joe/lxcbase, then his lxc-monitor will only hear events for containers under /home/joe/lxcbase. If we use loopback, then events for alllxcpaths on the host will be combined. That may be preferred, or may not be. But in the coming world of per-unprivileged-user containers, where user joe has container c2 in /home/joe/lxcbase/c2, do we want user joe to hear all events relating to system containers (under /var/lib/lxc) or jane's /home/jane/lxcbase containers? It's not so much a noise issue, as we can just make sure to add the lxcpath to each message. It's more a security/privacy concern. -serge -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free
Re: [lxc-devel] [PATCH] Use container specific domain socket name
On 04/12/2013 06:55 PM, S.Çağlar Onur wrote: I'm not experienced with it so please forgive me if I'm talking non-sense but what about switching back to using (or abusing depending on your point of view) netlink via libnl? Because it is much more than abusing :) It is hacking the rtnetlink service, which means you filter out the messages not coming from lxc (could be netlink messages about route changes, etc ...) and the different tools relying on this netlink family must ignore lxc messages. I will refresh my memory and implement a prototype based on af_inet messages, that may take awhile because I am very busy for the moment. Regards -- Daniel On Fri, Apr 12, 2013 at 10:02 AM, Serge Hallyn serge.hal...@ubuntu.com mailto:serge.hal...@ubuntu.com wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr mailto:daniel.lezc...@free.fr): Sorry for jumping so late in the thread but I disagree to use DBUS with LXC because of the dependency with more packages, LXC has been designed to be stand alone, nothing prevent to add more complexity and dependencies but on top of LXC not inside. To answer the previous email Serge sent me, I thought a bit about the mechanism in order to prevent a publish/subscribe approach. The first version used the af_netlink socket to use some kind of message multicast on processes. But it hacked a family of the netlink which was conflicting with the ip_route tool. In order to prevent this conflict I switched temporarly to the AF_UNIX socket while looking for a socket type matching our needs. The AF_IPN (Inter Process Network) could have been perfect but the patchset has been rejected. I think the solution to solve this issue is to use the AF_INET protocol on the loopback using the loopback's broadcast address and filter the messages with the container name. The code should be 'trivial'. One question remains with this approach : which communication port number ? A consideration: right now the the monitors are per-lxcpath. So if user joe is using lxcpath /home/joe/lxcbase, then his lxc-monitor will only hear events for containers under /home/joe/lxcbase. If we use loopback, then events for alllxcpaths on the host will be combined. That may be preferred, or may not be. But in the coming world of per-unprivileged-user containers, where user joe has container c2 in /home/joe/lxcbase/c2, do we want user joe to hear all events relating to system containers (under /var/lib/lxc) or jane's /home/jane/lxcbase containers? It's not so much a noise issue, as we can just make sure to add the lxcpath to each message. It's more a security/privacy concern. -serge -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net mailto:Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- S.Çağlar Onur cag...@10ur.org mailto:cag...@10ur.org -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Use container specific domain socket name
On 04/11/2013 09:53 AM, Stéphane Graber wrote: On 04/11/2013 09:18 AM, Jäkel, Guido wrote: I also think that LXC should have as less dependencies as possible to ease the support for different plattforms has more weight than don't invent things twice. quoting Daniel Lezcano: I think the solution to solve this issue is to use the AF_INET protocol on the loopback using the loopback's broadcast address and filter the messages with the container name. The code should be 'trivial'. May this concept be enhanced in the way that the sender and the receiver don't need to settle on the same host (by using an optional user defined the broadcast address -- the hosts net one)? This may offer the possibility to centralize additional monitoring of actual container states on another completely other host. May it be wise to add the name of the host to the messages? In my personal use case -- a farm with identical LXC hosts and NFS-based filesystems offering to start an container on any of it -- this might offer the possibility to query if an container is already up anywhere. In the moment, i'm using heurisitics like pinging the containers base address or checking some timestamps on the containers rootfs for this. greetings Guido If we're using broadcast on loopback, then no, it won't be very trivial to have this made available on a unicast address and frankly I wouldn't recommend this for security reasons. Yes, as we are doing broadcasting, then we have to use UDP and with the loopback we have the guarantee we don't lose packets (modulo buffer overflow which can be easily detected with a sequence number). The approach is self contained. The need of Jakel makes perfectly sense and IMO, that should be build on top of lxc. A daemon lxcd supervising all the containers and being accessible from the network could be done. That will be a centralized processing of the containers, where the network and the security aspect could addressed based on a publish/subscribe mechanism. We can identify the source of the network traffic on the loopback device (source PID, source UID) but not on something coming from the network, with commands coming from outside the machine, we'd need the usual mess of SSL + authentication which I don't think we want to implement in LXC. I think your best bet for remote control of LXC containers is to wait until we have our own libvirt driver (libvirt-lxcapi) which is on the roadmap for 1.0, then use libvirt's network interface to control your LXC containers. Yes, this is another alternative. Thanks -- Daniel -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Use container specific domain socket name
On 04/10/2013 09:42 PM, Stéphane Graber wrote: On 04/10/2013 08:15 PM, Serge Hallyn wrote: Quoting Christian Seiler (christ...@iwakd.de): Hi there, Let's say I do sudo lxc-monitor -n r1 -n r2 and now do sudo lxc-start -n r1 How do we know to send the 'started' event to the lxc-monitor, since there was not yet a lxc-start daemon running? Just to throw my 2¢ in there - why not use DBus for that? It seems to me that DBus has already solved all of the problems that occur here. And one wouldn't need to care about multi-threading, because one only talks to the DBus daemon itself. Right, so we'd be using dbus's long-running daemon, so that we don't need our own. (which I clarify to point out that they didn't solve this problem :) I'd actually be ok with this, but Stéphane mentioned he doesn't want dbus to become a dependency. It seems to me dbus is pretty much ubiquitous anyway, but I trust he has use cases where it would be an undue burden. -serge Right, one problem with requiring DBus is for the Android port of LXC on which access to a DBus system-bus isn't guaranteed. I also suspect some people who've been using LXC on restricted/embedded platform wouldn't be too happy with us using DBus for our IPC. I however don't think I'd mind us connecting to the DBus system bus and exposing our control API on DBus so long as we don't hard depend on it. I think it's definitely valuable to be able to monitor and control containers over DBus and that it'll open a whole set of new possibilities and fits rather well with our user namespace work (where we'd simply use the session bus), the problem really is about making sure lxc-stop/lxc-wait/lxc-... don't depend on a system bus to be setup. One way to do that is to use something like Upstart did with libnih-dbus where we actually have our own builtin DBus server. If we detect a system bus, we connect to it and expose everything to it, if we don't, we listen on a hard-coded guessable abstract socket but still use the DBus protocol. The advantage of this is that you don't hard-depend on a system bus, systems that don't have it simply connect directly to the abstract socket (similar to our existing monitor socket) but still use the exact same protocol and path as they'd use against the system bus. One trick however is that DBus is usually designed in a way that a single process (daemon) that's either spawned at boot time or DBus-activated owns a specific DBus address. In the case of LXC, this isn't the case. We'd basically need a separate DBus address for every container as we don't actually have a single daemon owning a single address on the bus. (As far as I know two processes can't own different paths on the same address). Yet another proposal I'm just putting out there would be the following: - Keep our monitor protocol mostly as it's, just make it more comprehensive, fix known bugs, ... - Create an OPTIONAL long-lasting management daemon - Have LXC poke that daemon on a pre-defined abstract socket when initializing. If it's there, then either send the container's socket address to that daemon or have lxc-start send status updates back to the daemon every time something changes. - Have that daemon own net.sourceforge.lxc (or whatever name we register) and expose the DBus API on the system bus. - Update the LXC API to always try using DBus by default and only reverting to direct unix sockets if DBus isn't available. This should give us the following benefits: - Works on system without DBus (with our existing problems) - Offers a standard DBus interface to people who want to use it - Transparently integrates with our existing code as an optional feature that just makes things more reliable (at the cost of a bit of memory/cpu). Obviously this comes at the cost of having to code and maintain said daemon and updating the API to handle the DBus/socket fallback. Sorry for jumping so late in the thread but I disagree to use DBUS with LXC because of the dependency with more packages, LXC has been designed to be stand alone, nothing prevent to add more complexity and dependencies but on top of LXC not inside. To answer the previous email Serge sent me, I thought a bit about the mechanism in order to prevent a publish/subscribe approach. The first version used the af_netlink socket to use some kind of message multicast on processes. But it hacked a family of the netlink which was conflicting with the ip_route tool. In order to prevent this conflict I switched temporarly to the AF_UNIX socket while looking for a socket type matching our needs. The AF_IPN (Inter Process Network) could have been perfect but the patchset has been rejected. I think the solution to solve this issue is to use the AF_INET protocol on the loopback using the loopback's broadcast address and filter the messages with the container name. The code should be 'trivial'. One question remains with this approach :
[lxc-devel] [GIT] lxc branch, master, updated. e9831f83532184caa119f830eee54728084444ba
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via e9831f83532184caa119f830eee5472808ba (commit)
via d082b436af679d9dd9d6715c1a1def0726c6be82 (commit)
via 91f7ea5341ffabf81de1c308c62c6d9c9c3db459 (commit)
via 5a3d2e1efa652ed68d1125c688bb1b9b91889778 (commit)
via 6b5d5b974d447cf00ebfbdd3a0574463d849f943 (commit)
via 4bc8b18529e9f0ae86a004b14c2cb677701c51e5 (commit)
via 799f96fdd8fc9c0685fffee5998aab2287ebc25f (commit)
via 818fd9c7529fa22b16f214b4feedaa311497053f (commit)
via f3ca99fd5fe887adbb93ae56ccf629dfdd232070 (commit)
via bb787bc51f0a272f6574fe359f0749302e67c550 (commit)
via 488538117d44ebea9cb548c9b74ccf1a5e4d7551 (commit)
via f63b1efdb4a94019df15a2a52dce039025d94819 (commit)
via a0f379bfec4e341763ba7ed0099ce9cabaccd7c5 (commit)
via 8a63c0a9d9089e6365e5a696455476febed39d6a (commit)
via 9a42db48e0bcf4f34b05a3de1cda23e06f51d131 (commit)
via c13c0e08da7dbfecb52e85233ac6cd17afa5d818 (commit)
via 1fbb470b023351bb002f24325d07ded47f596c85 (commit)
via b3a39ba6bd4c3c3739006775ecef6207f9dcba31 (commit)
via 89d556d83a2eb9c6bbe424a7bb0556f59bb137dc (commit)
via 495c33c8e8329c06e64ce6fca54b9a02a384aba3 (commit)
via 7f145a6d0da7718efd4b260df162d2996811a508 (commit)
via d71d919efbd9b1e7d7b1c51ff9f809f94aedaff3 (commit)
via 675693a5d7f1dc4898a36114171a2815f87eb9bc (commit)
from 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit e9831f83532184caa119f830eee5472808ba
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Fri Apr 5 11:47:48 2013 +0200
lxc-0.9.0
Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr
commit d082b436af679d9dd9d6715c1a1def0726c6be82
Merge: 72280e1 91f7ea5
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Fri Apr 5 11:45:22 2013 +0200
Merge git://github.com/lxc/lxc
Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr
commit 91f7ea5341ffabf81de1c308c62c6d9c9c3db459
Author: Dwight Engen dwight.en...@oracle.com
Date: Mon Apr 1 14:19:36 2013 -0400
gitignore doc/legacy/lxc-ls.1
Signed-off-by: Dwight Engen dwight.en...@oracle.com
Acked-by: Stéphane Graber stgra...@ubuntu.com
commit 5a3d2e1efa652ed68d1125c688bb1b9b91889778
Author: Stéphane Graber stgra...@ubuntu.com
Date: Mon Apr 1 10:36:29 2013 -0400
API shouldn't be calling create for already defined containers or destroy
for non defined ones
Currently it always calls create/destroy which might be confusing for the
code
that checks the return value of those calls to determine whether operation
completed successfully or not.
c = lxc.Container(r)
c.create(ubuntu)
True
c.create(ubuntu)
True
c.create(ubuntu)
True
c.create(ubuntu)
True
c.create(ubuntu)
c.destroy()
True
c.destroy()
lxc-destroy: 'r' does not exist
False
c.destroy()
lxc-destroy: 'r' does not exist
False
New behaviour
c = lxc.Container(r)
c.create('ubuntu')
True
c.create('ubuntu')
False
c.destroy()
True
c.destroy()
False
Tested with following script;
import lxc
c = lxc.Container(abcdef)
print (set, c.set_config_item(lxc.utsname, abcdef))
print (save, c.save_config())
print (create, c.create(ubuntu))
print (create, c.create(ubuntu))
print (destroy, c.destroy())
print (destroy, c.destroy())
print (set, c.set_config_item(lxc.utsname, abcdef))
print (save, c.save_config())
print (destroy, c.destroy())
print (destroy, c.destroy())
Signed-off-by: S.ÃaÄlar Onur cag...@10ur.org
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
commit 6b5d5b974d447cf00ebfbdd3a0574463d849f943
Author: S.ÃaÄlar Onur cag...@10ur.org
Date: Sun Mar 31 23:37:09 2013 -0400
Make lxc.functions return the default lxcpath if /etc/lxc/lxc.conf doesn't
provide one
Currently it returns the default path only if /etc/lxc/lxc.conf missing.
Since default lxc.conf doesn't contain lxcpath variable (this is at least
the case in ubuntu) all tools fails if one doesn't give -P
caglar@qgq:~/Project/lxc/examples$ sudo /usr/bin/lxc-create -n test
lxc-create: no configuration path defined
Signed-off-by: S.ÃaÄlar Onur cag...@10ur.org
Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com
commit 4bc8b18529e9f0ae86a004b14c2cb677701c51e5
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sun Mar 31 17:00:10 2013 -0500
[lxc-devel] [GIT] lxc tag, lxc-0.9.0.rc1, created. 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.9.0.rc1 has been created at 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1 (commit) - Log - commit 72280e1cd55e0fe3971f6fe2daa7b3e0cece56a1 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Mar 19 11:20:16 2013 +0100 lxc-0.9.0.rc1 Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr --- hooks/post-receive -- lxc -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC 0.9~alpha3 pull request
On 02/12/2013 01:50 AM, Stéphane Graber wrote: Hi Daniel, You'll find the 0.9.alpha3 pull request below. Based on what you did last time, the following should do the trick: - Review the pull request - Use git pull --edit --no-ff --stat git://github.com/lxc/lxc.git, that should do a real merge, letting you do a proper Sign-off of the changes. - Update the version number to 0.9~alpha3 - Commit and tag Major changes include: - Android support - New lua binding - User namespace support - Oracle template - Manpage updates - POSIX shell support for most scripts - Improved systemd support - Various API improvements - Logging improvements As usual, we've run the regression tests on the current staging branch and all passed. I also test built on both Ubuntu 13.04 and cross-built to Android 4.2. The staging branch has remained stable pretty much the whole time since the alpha1 release with only some brief regressions that got fixed almost immediately. Thanks to everyone involved! Stéphane - The following changes since commit 56655134e462ceaf86b51838e4e825c2f3964922: Version 0.9.0.alpha2 (2012-12-14 09:42:55 +0100) are available in the git repository at: git://github.com/lxc/lxc.git staging for you to fetch changes up to 83c98d825e4e644b18276dde5deaa555ee36b629: Update Lua API (2013-02-11 17:37:10 -0500) Done. The tarball has been uploaded at: http://lxc.sourceforge.net/download/lxc/lxc-0.9.0.rc1.tar.gz Thanks ! -- Daniel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_mar ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Strange log Message
On 02/22/2013 09:00 AM, Ducos Laurent wrote: Le 18/02/2013 09:44, Ducos Laurent a écrit : Hello I found this message many times on my server since I activated lxc 8425 Time(s): unregister_netdevice: waiting for lo to become free. Usage count = 1 Host bridge: Intel Corporation Xeon E3-1200 RAID bus controller: Hewlett-Packard Company Smart Array G6 controllers 3.5.0-17-generic Intel(R) Xeon(R) CPU E31220 @ 3.10GHz Ethernet controller: Intel Corporation 82574L Gigabit Network Connection -- The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel Error message disappeared when updating to kernel 3.5.0-24 This message is a kernel bug because a refcount has not been released in the network stack. That happens sometime and the fix is in the kernel not in lxc. This is cool this bug has been fixed with a kernel update. Thanks for reporting -- Daniel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Link against pthread when not on bionic.
On 02/19/2013 04:28 PM, Dwight Engen wrote: On Tue, 19 Feb 2013 10:02:37 -0500 Stéphane Graber stgra...@ubuntu.com wrote: On 02/19/2013 09:19 AM, Serge Hallyn wrote: Quoting Natanael Copa (nc...@alpinelinux.org): On Mon, 18 Feb 2013 21:40:42 +0100 Daniel Lezcano daniel.lezc...@free.fr wrote: On 02/18/2013 06:23 PM, Stéphane Graber wrote: dpkg spotted that we're not explicitly linking against pthread even though we use some of its symbols (sem_*). uh ? wait. We shouldn't link against the lib pthread. I don't think sem_* is a symbol coming from the pthread library. Seems to be with uClibc: ncopa-desktop:~$ nm -D /lib/libpthread.so.0.9.32 | grep sem_ d168 T __new_sem_destroy a914 T __new_sem_getvalue a414 T __new_sem_init c219 T sem_close d168 W sem_destroy a914 W sem_getvalue a414 W sem_init c744 T sem_open 6db0 T sem_post 6e00 T sem_timedwait 6f80 T sem_trywait 95c8 T sem_unlink 6fb0 T sem_wait How about let autoconf detect what to link against? @@ -274,6 +274,9 @@ AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/ # Check for some syscalls functions AC_CHECK_FUNCS([setns pivot_root sethostname unshare]) +# find library for sem_* +AC_SEARCH_LIBS(sem_open, [pthread rt]) I like it. thanks. Won't that cause lxc to link against pthread on most distros which based on the previous e-mails is something we want to avoid? If libpthread is where the symbols are, I don't think we have much choice? Yep :s I think Daniel's concern is that by linking with pthread it may cause users to think liblxc.so is thread safe, when it is not. A question that pops to mind is how far from thread safe is liblxc? There are few global variables but I am not sure all the glibc functions used in the code are threads safe. That should be checked ... FWIW the sem_open man page on Fedora 18 only says Link with -pthread. -pthread is different from -lpthread The former will define some env variables used by the glibc (eg. for getpid, errno, etc ...) and link with the libpthread. The latter will just link with libpthread. Yes, but older version use librt. IMO, Natanael's patch should do the trick. I guess we'd want [rt pthread], though as was discussed earlier, it's very likely that this will fail as for some reason the tools don't see that librt contains the sem_* symbols. + # Check for some functions AC_CHECK_LIB(util, openpty) AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent]) -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_feb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Link against pthread when not on bionic.
On 02/18/2013 06:23 PM, Stéphane Graber wrote: dpkg spotted that we're not explicitly linking against pthread even though we use some of its symbols (sem_*). uh ? wait. We shouldn't link against the lib pthread. I don't think sem_* is a symbol coming from the pthread library. Could you give the output of dpkg ? Signed-off-by: Stéphane Graber stgra...@ubuntu.com --- src/lxc/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 8974ca9..a0077aa 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -115,7 +115,7 @@ liblxc_so_LDFLAGS = \ liblxc_so_LDADD = $(CAP_LIBS) $(APPARMOR_LIBS) $(SECCOMP_LIBS) if !IS_BIONIC -liblxc_so_LDADD += -lutil -lrt +liblxc_so_LDADD += -lutil -lrt -lpthread endif bin_SCRIPTS = \ -- The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Link against pthread when not on bionic.
On 02/18/2013 09:46 PM, Stéphane Graber wrote: On 02/18/2013 03:40 PM, Daniel Lezcano wrote: On 02/18/2013 06:23 PM, Stéphane Graber wrote: dpkg spotted that we're not explicitly linking against pthread even though we use some of its symbols (sem_*). uh ? wait. We shouldn't link against the lib pthread. I don't think sem_* is a symbol coming from the pthread library. Could you give the output of dpkg ? From man sem_open: Link with -pthread. -pthread, not -lpthread or -librt As lxc is not thread safe, you should prevent to link against the libpthread because the user will think it is thread safe and that could lead to some unexpected behavior. Linking against librt should be ok. I don't understand the warning of dpkg. Could you check by commenting the lines below if the warning still appear ? #if !IS_BIONIC liblxc_so_LDADD += -lutil -lrt #endif dpkg-shlibdeps output: dpkg-shlibdeps: warning: symbol sem_post used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_open used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_close used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_init used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_timedwait used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_destroy used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries dpkg-shlibdeps: warning: symbol sem_wait used by debian/liblxc0/usr/lib/x86_64-linux-gnu/liblxc.so.0.9.0.alpha3 found in none of the libraries Looking at pthread.so it appears to provide: sem_init sem_destroy sem_open sem_close sem_unlink sem_getvalue sem_wait sem_trywait sem_timedwait sem_post Signed-off-by: Stéphane Graber stgra...@ubuntu.com --- src/lxc/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index 8974ca9..a0077aa 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -115,7 +115,7 @@ liblxc_so_LDFLAGS = \ liblxc_so_LDADD = $(CAP_LIBS) $(APPARMOR_LIBS) $(SECCOMP_LIBS) if !IS_BIONIC -liblxc_so_LDADD += -lutil -lrt +liblxc_so_LDADD += -lutil -lrt -lpthread endif bin_SCRIPTS = \ -- The Go Parallel Website, sponsored by Intel - in partnership with Geeknet, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials, tech docs, whitepapers, evaluation guides, and opinion stories. Check out the most recent posts - join the conversation now. http://goparallel.sourceforge.net/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 56655134e462ceaf86b51838e4e825c2f3964922
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 56655134e462ceaf86b51838e4e825c2f3964922 (commit) via 2a061f55f9496d2c5d315f99fb0c7805fc83f064 (commit) via d2e30e99b48084375071315336cd80a52b69a122 (commit) from d984bb4e751121f1a7c0029ee7df4acf62f2eea4 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 56655134e462ceaf86b51838e4e825c2f3964922 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Dec 14 09:42:55 2012 +0100 Version 0.9.0.alpha2 commit 2a061f55f9496d2c5d315f99fb0c7805fc83f064 Merge: d984bb4 d2e30e9 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Dec 14 09:42:21 2012 +0100 Merge git://github.com/lxc/lxc commit d2e30e99b48084375071315336cd80a52b69a122 Author: Dwight Engen dwight.en...@oracle.com Date: Tue Dec 11 17:05:11 2012 -0500 Fix race/corruption with multiple lxc-start, lxc-execute If you start more than one lxc-start/lxc-execute with the same name at the same time, or just do an lxc-start/lxc-execute with the name of a container that is already running, lxc doesn't figure out that the container with this name is already running until fairly late in the initialization process: ie when __lxc_start() - lxc_poll() - lxc_command_mainloop_add() attempts to create the same abstract socket name. By this point a fair amount of initialization has been done that actually messes up the running container. For example __lxc_start() - lxc_spawn() - lxc_cgroup_create() - lxc_one_cgroup_create() - try_to_move_cgname() moves the running container's cgroup to a name of deadXX. The solution in this patch is to use the atomic existence of the abstract socket name as the indicator that the container is already running. To do so, I just refactored lxc_command_mainloop_add() into an lxc_command_init() routine that attempts to bind the socket, and ensure this is called earlier before much initialization has been done. In testing, I verified that maincmd_fd was still open at the time of lxc_fini, so the entire lifetime of the container's run should be covered. The only explicit close of this fd was in the reboot case of lxcapi_start(), which is now moved to lxc_fini(), which I think is more appropriate. Even though it is not checked any more, set maincmd_fd to -1 instead of 0 to indicate its not open since 0 could be a valid fd. Signed-off-by: Dwight Engen dwight.en...@oracle.com Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com --- Summary of changes: configure.ac |2 +- src/lxc/commands.c | 17 - src/lxc/commands.h |1 + src/lxc/conf.c |1 + src/lxc/lxccontainer.c |3 --- src/lxc/start.c| 10 +- 6 files changed, 24 insertions(+), 10 deletions(-) hooks/post-receive -- lxc -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [GIT] lxc tag, lxc-0.9.0.alpha2, created. 56655134e462ceaf86b51838e4e825c2f3964922
On 12/14/2012 02:30 PM, Stéphane Graber wrote: I wasn't expecting another pull from staging until early February and Crap ! I misunderstood your email. Shall I reset the tree to alpha1 (I am not really in favor of that) ? Or could we let this as it is ? -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc tag, lxc-0.9.0.alpha1, created. d984bb4e751121f1a7c0029ee7df4acf62f2eea4
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.9.0.alpha1 has been created at d984bb4e751121f1a7c0029ee7df4acf62f2eea4 (commit) - Log - commit d984bb4e751121f1a7c0029ee7df4acf62f2eea4 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Dec 13 21:51:03 2012 +0100 Version 0.9.0.alpha1 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC 0.9.alpha1 pull request
On 12/10/2012 11:36 PM, Stéphane Graber wrote: Hi Daniel, You'll find the 0.9.alpha1 pull request below. Based on what you had to do last time in Copenhagen, I believe the following actions are to be done on your side: - Properly tag 0.8, currently we only have a commit but no matching tag, this should be fixed before pulling from staging. I just forgot to push the tags, it is on my local tree. I am not able to push the tree right now because there is an issue on sourceforge with the owners of the git tree. I opened a ticket for that. - Review the pull request - Use git pull --edit --no-ff --stat git://github.com/lxc/lxc.git, that should do a real merge, letting you do a proper Sign-off of the changes. - Update the version number to 0.9.alpha1 (the version number format is to avoid breaking RPM based distros) Why 0.9.alpha1 and not 0.9.0-rc1 ? - Commit and tag Major changes include: - Introduction of the new liblxc API - Python bindings - New tools: - lxc-device - lxc-start-ephemeral - python version of lxc-ls - lxc.autodev support - oracle template - reworked lxc-attach - /etc/lxc/lxc.conf configuration - Switch to new docbook - A lot of other improvements, new features and bugfixes (details below) I've been using the staging branch daily for the past few months and as far as I can tell, all the issues I noticed have been fixed. All of Serge's tests have also passed against today's staging branch and same thing for the few tests I usually run here, so it should be a pretty solid alpha release :) Thanks to everyone involved! Stéphane The following changes since commit 4aa7ac35696b87867b1e85410a80527696ff4d64: Version 0.8.0 (2012-11-11 03:34:22 +0100) are available in the git repository at: git://github.com/lxc/lxc.git staging for you to fetch changes up to 7323456ec3efe23bb7a84164d3e71d4293998f2c: assume LXCPATH took on default localstatedir based value in configure (2012-12-10 12:34:53 -0500) Christian Seiler (6): lxc-start: Add command to retrieve the clone flags used to start the container. lxc-attach: Remodel cgroup attach logic and attach to namespaces again in parent process lxc-attach: Detect which namespaces to attach to dynamically lxc-unshare: Move functions to determine clone flags from command line options to namespace.c lxc-attach: Add -s option to select namespaces to attach to lxc-attach: Add -R option to remount /sys and /proc when only partially attaching Diego Elio Pettenò (1): build: make sure to expand all variables that are substituted. Dwight Engen (29): fix compile without apparmor (against git staging) fix gcc error: typedef redefinition (against git staging) fix expansion of LXCPATH,LXCROOTFSMOUNT,LXCTEMPLATEDIR fix minor spelling error Better rpm database downgrade logic Always rebuild rpm database Fix removal of unneeded startup/shutdown scripts Honor network type and link from lxc-create -f Add distro config file /etc/lxc/lxc.conf Add distro config file /etc/lxc/lxc.conf Reinstate README file in rootfs directory Fix package name needed for building docs with RPM Fix checkconfig to handle kernel memory cgroup name change Fix fd leak in lxc log Fix use of list item memory after free Free allocated configuration memory Ensure argv passed by createl to create is NULL terminated Use autoconf LXCPATH instead of hardcoded LXCDIR Make config api items const Oracle template: make container also boot under libvirt Fix busybox template to not have extra aa_profile hunk Fix build with --enable-tests on Fedora Include lxc-ubuntu when doing make dist Create busybox commands as symlinks instead of hardlinks make install should create $LXCPATH directory Use LXCPATH and LOCALSTATEDIR instead of hardcoded /var make install should create /var/cache/lxc directory lxc.spec: add openssl and rsync as Required since both are used in lxc-clone assume LXCPATH took on default localstatedir based value in configure Frank Scholten (1): Updated README and INSTALL. autogen.sh command should be run before configure. Frederic Crozat (1): ensure btrfs subvolume is removed when container creating fails Jan Kiszka (2): lxc-wait: Add timeout option Add network-down script Natanael Copa (9): lxc-start: add option -p, --pidfile=FILE lxc-create: use posix shell instead of bash lxc-create: fix passing over first argument to template script lxc-create: do not use 'local' lxc-info: add option -t, --state-is=STATE to test for a given test lxc-version: use POSIX shell instead of bash lxc-checkconfig: use
[lxc-devel] [GIT] lxc tag, lxc-0.8.0, created. 4aa7ac35696b87867b1e85410a80527696ff4d64
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.8.0 has been created at 4aa7ac35696b87867b1e85410a80527696ff4d64 (commit) - Log - commit 4aa7ac35696b87867b1e85410a80527696ff4d64 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Sun Nov 11 03:34:22 2012 +0100 Version 0.8.0 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC as an alternative to linux-vserver
On 11/05/2012 02:43 PM, Serge Hallyn wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): The patches are for these are a out-dated but available at git.kernel.org and in the download section of lxc.sourceforge.net. Newer versions are at http://git.kernel.org/?p=linux/kernel/git/ebiederm/user-namespace.git;a=shortlog;h=refs/heads/userns-always-map-user-v70 As I said, I believe he's eyeing 3.8 for the final bits. -serge Hi Serge, thanks for the pointer. I though it was for user ns only. Cool to see Eric is taking care of the final bits of this feature. Thanks -- Daniel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 4aa7ac35696b87867b1e85410a80527696ff4d64
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 4aa7ac35696b87867b1e85410a80527696ff4d64 (commit) via aa69e175ff64267b76f4432e660d64771d89eed3 (commit) from 5480b13b1c0b8b653ba4d5aa4249d93f76d79bf5 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 4aa7ac35696b87867b1e85410a80527696ff4d64 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Sun Nov 11 03:34:22 2012 +0100 Version 0.8.0 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit aa69e175ff64267b76f4432e660d64771d89eed3 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Sun Nov 11 03:32:43 2012 +0100 fix git location Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: MAINTAINERS |2 +- configure.ac |2 +- 2 files changed, 2 insertions(+), 2 deletions(-) hooks/post-receive -- lxc -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_d2d_nov ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 7f99e339363d9f005c9386f60a1d8c0953c85053
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via 7f99e339363d9f005c9386f60a1d8c0953c85053 (commit)
via 773fb9cad76f43540fddb78c7ffef7237a51a06d (commit)
via 8215fe8e4186ebe8cb79fe4b773f5bcffcdc723b (commit)
via 192df6e2eb8ebb1a337c7ba025c57852d38e0d26 (commit)
via c215bff6dfc298bdd6150e11b8c0f76c9d013a0a (commit)
via 0b53175846e704fc4dd4cf8b4590a86db63e50e6 (commit)
via a1bd64823cd5e5afc53ba24940a51151e34b8103 (commit)
via bf7d76cf3ae180820c0a29e0bfbaa97c20ce6a3d (commit)
via d4eb4ab1290def213396611f5946ef3b7f0d83ef (commit)
via 5ae26abb52046b6f21afa06bcbac221c3cf8f1c0 (commit)
via 06a1e1db99844b95e21c3b67964974f9032720ea (commit)
via 3b9bad3d638ea442bfe6ba7e677cd5c6d39c0916 (commit)
via c12e775237976bc0c1cf8afdc7aa766de46d3d40 (commit)
via c6ed4d048deea85ed3bec67c7a04fb6c97009321 (commit)
via 3f16e26c7063f5004cafe4cfd6d084b7e4d08d1f (commit)
via 91a5df88ad29bcbc485baa51eacf0b851c6f4834 (commit)
via 1bd051a6b0a34cb2b2e80584b9fb4643abf1a827 (commit)
via 5d38621d0bb9b398393806b875d612a05e76c06e (commit)
via 8aba484aeaccda2881300ff80e9d7dfaaa842b40 (commit)
via 5d01f6167c2354637e777650558be6d7d69e2579 (commit)
via 6bc424b5c7c8130ffdb6390eae53b32370a755f8 (commit)
via d595c68add4ef33cf273c455238b018729de00a5 (commit)
via b9cb4325d74fb01dc4e71adc211e7e7052471778 (commit)
via b4578c5b380130a41a69b5b49c970157acaf1dbb (commit)
via b97b78abdac34fabcbbf64ba49ec8c78939124b4 (commit)
via 87af3ecd48587775970c0ca731d50183bd24017e (commit)
via 435d40f7e3dc5b99a5fcbc459f79ba6b04238502 (commit)
via 6bf8daf9a2aa0d226bfd5b60c4b1580d17105320 (commit)
via 70542ef9a1d09ce87c7d40ac5ea1706860edec74 (commit)
via 55116c42e767ce795f796fc51cd2ef7d76cf18af (commit)
via b942e67226af9e690bd63ac440b99aedb6becbb3 (commit)
via fbef4590b7b7186890a7d0cb8be0af2780a2df5f (commit)
via d0a36f2c8b2f41399ae709280cd8b4a2f3bb0165 (commit)
via cb26f1a5eee13afe1a561ebf57245cb8629797b9 (commit)
via 337e14712e2bf568db73dd57c709b3364e26d798 (commit)
via 9ac3ffb51777ee48ffbd42ff3625f63dfe948837 (commit)
via 10f73bfa4aece7707f48379b82e5858d1909d98f (commit)
via e7f40d8aaba2c17b8ccb323b5df20a423ef5d0a0 (commit)
via f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0 (commit)
via 33f3de4eaaa4e2084ea6e3695e29da5b736f1095 (commit)
via e470cba076535e4e9732173e0e314e473165478c (commit)
via 542939c31bb73bab55f2fd71243b98f5559597d1 (commit)
via b4df0a1eda252bb7efbd4d7453e9e8a57143c528 (commit)
via 06f5c6328b73aad7b138096295357d803db26efa (commit)
via f1ccde27c038e7fb7e538913505248b36ddd9e65 (commit)
via 4a311c1241805dac5893918854fd40f77b2b6f49 (commit)
via 4d5fb23ad827eda17b64676f527c3f168cd56ebd (commit)
via 8b892c55b077d1716eb130e76f9c9725ecb0f73a (commit)
from 60a742e0afd34e02299f64536df35116d68d888d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 7f99e339363d9f005c9386f60a1d8c0953c85053
Merge: 60a742e 773fb9c
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Wed Oct 31 16:39:50 2012 +0100
Merge branch 'upstream-bugfix' of https://github.com/lxc/lxc
* 'upstream-bugfix' of https://github.com/lxc/lxc: (47 commits)
replace HOOK define with proper code.
Remove lxc-start-ephemeral from configure.ac
revert devtmpfs in ubuntu templates
lxc-ubuntu{-cloud}: Fix missing fi in new devtmpfs code
fix make rpm
display warning when yum missing in fedora template
templates: mount devtmpfs in ubuntu containers
handle clone of btrfs snapshots
if the rootfs is a btrfs subvolume, delete it instead of rm -rf
lxc-debian: replace isc-dhcp-server by isc-dhcp-client
lxc-ls: Scan cgroup mount points from fstype and not device
Allow short -h and -n options to lxc-ps
lxc-ubuntu: fix printing of default user
lxc-debian: specify isc-dhcp-server in package list
try to better handle out of date container caches.
link /dev/kmsg to /dev/console in the container
lxc-clone: fix the '--name' parameter
lxc-ls: Use readlink on $directory
lxc-busybox: Use relative mounts in lxc.mount.entry
busybox: for all lib dirs create mounts only if directories exist
...
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 773fb9cad76f43540fddb78c7ffef7237a51a06d
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Tue Sep 4 13:57:39 2012
[lxc-devel] [GIT] lxc branch, master, updated. 5480b13b1c0b8b653ba4d5aa4249d93f76d79bf5
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via 5480b13b1c0b8b653ba4d5aa4249d93f76d79bf5 (commit)
via a24c5a40dc8c5ae277cd1623afa86b4e7e0dbf19 (commit)
via a3812bf0c756029b0c7b8e3ca74c57728a791ab1 (commit)
via f7a81eeb147c291610cf147418daa9ec8200a17e (commit)
via c4b697f261f1fe756b115f373f50f8de579dc4bb (commit)
from 7f99e339363d9f005c9386f60a1d8c0953c85053 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 5480b13b1c0b8b653ba4d5aa4249d93f76d79bf5
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Wed Oct 31 17:15:25 2012 +0100
clearer error message when interface name to long
Signed-off-by: Tomas Pospisek tpo_...@sourcepole.ch
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit a24c5a40dc8c5ae277cd1623afa86b4e7e0dbf19
Author: Dwight Engen dwight.en...@oracle.com
Date: Wed Oct 31 17:08:13 2012 +0100
Fix lxc-netstat -- argument processing
Commit 21e487f2 introduced the use of getopt, but getopt will fail when
it sees arguments meant for netstat that are not in [short|long]options.
There should not be any ambiguity about arguments with the same letter:
those to the left of the -- are destined for lxc-netstat and those to
the right for the real netstat, which the original code handles by
shifting out all arguments it recognizes before the -- is hit.
Signed-off-by: Dwight Engen dwight.en...@oracle.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit a3812bf0c756029b0c7b8e3ca74c57728a791ab1
Author: Dwight Engen dwight.en...@oracle.com
Date: Thu Oct 25 16:21:53 2012 -0400
Fix lxc-ps -- argument processing
lxc-ps is supposed to pass arguments after the -- on to ps. The problem is
that i is expanded once from $@ and the loop will iterate over all the
arguments that were in $@ at the time of expansion. Inside the loop, there
are shifts (in the name case for example) that are trying to remove more
than a single argument. This changes fixes that and makes lxc-ps work as
documented.
Signed-off-by: Dwight Engen dwight.en...@oracle.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit f7a81eeb147c291610cf147418daa9ec8200a17e
Author: Dwight Engen dwight.en...@oracle.com
Date: Wed Oct 31 17:08:13 2012 +0100
Remove unneeded ksrc spec file macro
Change 910bb4fa obviated the need for the --with-linuxdir configure
option which means that the ksrc rpm macro no longer makes sense either.
Signed-off-by: Dwight Engen dwight.en...@oracle.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit c4b697f261f1fe756b115f373f50f8de579dc4bb
Author: Dwight Engen dwight.en...@oracle.com
Date: Wed Oct 31 17:08:13 2012 +0100
Add %{dist} tag to differentiate RPM distributions and releases
Note that an additional Release field is not necessary for the devel package
as it will follow the primary Release field. For more information on the
dist
tag, see http://fedoraproject.org/wiki/Packaging:DistTag
Signed-off-by: Dwight Engen dwight.en...@oracle.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
Makefile.am|2 +-
lxc.spec.in|4 +---
src/lxc/confile.c |3 ++-
src/lxc/lxc-netstat.in | 13 +
src/lxc/lxc-ps.in |4 ++--
5 files changed, 7 insertions(+), 19 deletions(-)
hooks/post-receive
--
lxc
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_sfd2d_oct
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] fix make rpm
On 10/04/2012 06:28 PM, Dwight Engen wrote: RPM doesn't like - in the version number and gives: error: line 24: Illegal char '-' in: Version: 0.8.0-rc2 Other packages (bind-utils for example) have used . instead of - as a seperator. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] display warning when yum missing in fedora template
On 10/04/2012 07:12 PM, Dwight Engen wrote: This early exit is preventing the warning message that follows it from being shown. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Add %{dist} tag to differentiate RPM distributions and releases
On 10/25/2012 07:06 PM, Dwight Engen wrote: Note that an additional Release field is not necessary for the devel package as it will follow the primary Release field. For more information on the dist tag, see http://fedoraproject.org/wiki/Packaging:DistTag Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Reinstate README file in rootfs directory
On 10/25/2012 07:46 PM, Dwight Engen wrote: Change 5fd8314f removed the README file explaining why the rootfs directory has to exist. Doing so broke the build on Fedora 17 since this directory will not be created by make install and thus the spec file cannot find it. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- doc/rootfs/Makefile.am |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/doc/rootfs/Makefile.am b/doc/rootfs/Makefile.am index c9bb45d..44d24ed 100644 --- a/doc/rootfs/Makefile.am +++ b/doc/rootfs/Makefile.am @@ -1,3 +1,3 @@ READMEdir=@LXCROOTFSMOUNT@ -README_DATA= +README_DATA=README I did not applied it because it has already been fixed by Stephan. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Remove unneeded ksrc spec file macro
On 10/25/2012 09:42 PM, Dwight Engen wrote: Change 910bb4fa obviated the need for the --with-linuxdir configure option which means that the ksrc rpm macro no longer makes sense either. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. Thanks ! -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Fix lxc-ps -- argument processing
On 10/25/2012 10:45 PM, Dwight Engen wrote: From 7531edbca5872537e9cac59d3d51a9f69d93ec2f Mon Sep 17 00:00:00 2001 From: Dwight Engen dwight.en...@oracle.com Date: Thu, 25 Oct 2012 16:21:53 -0400 Subject: [PATCH] Fix lxc-ps -- argument processing lxc-ps is supposed to pass arguments after the -- on to ps. The problem is that i is expanded once from $@ and the loop will iterate over all the arguments that were in $@ at the time of expansion. Inside the loop, there are shifts (in the name case for example) that are trying to remove more than a single argument. This changes fixes that and makes lxc-ps work as documented. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Fix lxc-netstat -- argument processing
On 10/25/2012 11:25 PM, Dwight Engen wrote: Commit 21e487f2 introduced the use of getopt, but getopt will fail when it sees arguments meant for netstat that are not in [short|long]options. There should not be any ambiguity about arguments with the same letter: those to the left of the -- are destined for lxc-netstat and those to the right for the real netstat, which the original code handles by shifting out all arguments it recognizes before the -- is hit. Signed-off-by: Dwight Engen dwight.en...@oracle.com --- Applied. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Please give a clearer error message when the interface name is too long
On 10/28/2012 12:29 PM, tpo2 wrote: Currently when configuring a too long interface name with lxc.network.veth.pair lxc will say: lxc_confile - invalid interface name: veth_haproxy_br0 leaving the user add odds what possibly could be wrong with that name. Please give the user a clearer error message. I suggest to change the error message to interface name '%s' is too long ( %d). The patch below implements this change. Thanks *t Applied. Thanks. -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [GIT] lxc branch, master, updated. 7f99e339363d9f005c9386f60a1d8c0953c85053
Thanks to everyone for fixing this.
I am about to release the 0.8.0 version.
I will wait a couple of days before adding a tag and release it in case
there are some fixes to add.
Please test.
Thanks !
-- Daniel
On 10/31/2012 04:45 PM, Daniel Lezcano wrote:
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via 7f99e339363d9f005c9386f60a1d8c0953c85053 (commit)
via 773fb9cad76f43540fddb78c7ffef7237a51a06d (commit)
via 8215fe8e4186ebe8cb79fe4b773f5bcffcdc723b (commit)
via 192df6e2eb8ebb1a337c7ba025c57852d38e0d26 (commit)
via c215bff6dfc298bdd6150e11b8c0f76c9d013a0a (commit)
via 0b53175846e704fc4dd4cf8b4590a86db63e50e6 (commit)
via a1bd64823cd5e5afc53ba24940a51151e34b8103 (commit)
via bf7d76cf3ae180820c0a29e0bfbaa97c20ce6a3d (commit)
via d4eb4ab1290def213396611f5946ef3b7f0d83ef (commit)
via 5ae26abb52046b6f21afa06bcbac221c3cf8f1c0 (commit)
via 06a1e1db99844b95e21c3b67964974f9032720ea (commit)
via 3b9bad3d638ea442bfe6ba7e677cd5c6d39c0916 (commit)
via c12e775237976bc0c1cf8afdc7aa766de46d3d40 (commit)
via c6ed4d048deea85ed3bec67c7a04fb6c97009321 (commit)
via 3f16e26c7063f5004cafe4cfd6d084b7e4d08d1f (commit)
via 91a5df88ad29bcbc485baa51eacf0b851c6f4834 (commit)
via 1bd051a6b0a34cb2b2e80584b9fb4643abf1a827 (commit)
via 5d38621d0bb9b398393806b875d612a05e76c06e (commit)
via 8aba484aeaccda2881300ff80e9d7dfaaa842b40 (commit)
via 5d01f6167c2354637e777650558be6d7d69e2579 (commit)
via 6bc424b5c7c8130ffdb6390eae53b32370a755f8 (commit)
via d595c68add4ef33cf273c455238b018729de00a5 (commit)
via b9cb4325d74fb01dc4e71adc211e7e7052471778 (commit)
via b4578c5b380130a41a69b5b49c970157acaf1dbb (commit)
via b97b78abdac34fabcbbf64ba49ec8c78939124b4 (commit)
via 87af3ecd48587775970c0ca731d50183bd24017e (commit)
via 435d40f7e3dc5b99a5fcbc459f79ba6b04238502 (commit)
via 6bf8daf9a2aa0d226bfd5b60c4b1580d17105320 (commit)
via 70542ef9a1d09ce87c7d40ac5ea1706860edec74 (commit)
via 55116c42e767ce795f796fc51cd2ef7d76cf18af (commit)
via b942e67226af9e690bd63ac440b99aedb6becbb3 (commit)
via fbef4590b7b7186890a7d0cb8be0af2780a2df5f (commit)
via d0a36f2c8b2f41399ae709280cd8b4a2f3bb0165 (commit)
via cb26f1a5eee13afe1a561ebf57245cb8629797b9 (commit)
via 337e14712e2bf568db73dd57c709b3364e26d798 (commit)
via 9ac3ffb51777ee48ffbd42ff3625f63dfe948837 (commit)
via 10f73bfa4aece7707f48379b82e5858d1909d98f (commit)
via e7f40d8aaba2c17b8ccb323b5df20a423ef5d0a0 (commit)
via f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0 (commit)
via 33f3de4eaaa4e2084ea6e3695e29da5b736f1095 (commit)
via e470cba076535e4e9732173e0e314e473165478c (commit)
via 542939c31bb73bab55f2fd71243b98f5559597d1 (commit)
via b4df0a1eda252bb7efbd4d7453e9e8a57143c528 (commit)
via 06f5c6328b73aad7b138096295357d803db26efa (commit)
via f1ccde27c038e7fb7e538913505248b36ddd9e65 (commit)
via 4a311c1241805dac5893918854fd40f77b2b6f49 (commit)
via 4d5fb23ad827eda17b64676f527c3f168cd56ebd (commit)
via 8b892c55b077d1716eb130e76f9c9725ecb0f73a (commit)
from 60a742e0afd34e02299f64536df35116d68d888d (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit 7f99e339363d9f005c9386f60a1d8c0953c85053
Merge: 60a742e 773fb9c
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Wed Oct 31 16:39:50 2012 +0100
Merge branch 'upstream-bugfix' of https://github.com/lxc/lxc
* 'upstream-bugfix' of https://github.com/lxc/lxc: (47 commits)
replace HOOK define with proper code.
Remove lxc-start-ephemeral from configure.ac
revert devtmpfs in ubuntu templates
lxc-ubuntu{-cloud}: Fix missing fi in new devtmpfs code
fix make rpm
display warning when yum missing in fedora template
templates: mount devtmpfs in ubuntu containers
handle clone of btrfs snapshots
if the rootfs is a btrfs subvolume, delete it instead of rm -rf
lxc-debian: replace isc-dhcp-server by isc-dhcp-client
lxc-ls: Scan cgroup mount points from fstype and not device
Allow short -h and -n options to lxc-ps
lxc-ubuntu: fix printing of default user
lxc-debian: specify isc-dhcp-server in package list
try to better handle out of date container caches.
link /dev/kmsg to /dev/console in the container
lxc-clone: fix the '--name' parameter
lxc-ls: Use
Re: [lxc-devel] [PATCH] Add mechanism for container to notify host about end of boot
On 09/13/2012 05:22 PM, Christian Seiler wrote: This patch adds a simple notification system that allows the container to notify the host (in particular, the lxc-start process) that the boot process has been completed successfully. It also adds an additional status BOOTING that lxc-info may return. This allows the administrator and scripts to distinguish between a fully-running container and a container that is still in the process of booting. The feature sounds reasonable. If nothing is added to the configuration file, the current behavior is not changed, i.e. after lxc-start finishes the initialization, the container is immediately put into the RUNNING state. This ensures backwards compatibility. If lxc.notification.type is set to 'fifo', after lxc-start initialization the container is initially put into the state BOOTING. Also, the FIFO /var/lib/lxc/%s/notification-fifo is created and bind-mounted into the container, by default to /dev/lxc-notify, but this can be changed via the lxc.notification.path configuration setting. It is a bit weird to bind mount this fifo. Furthermore, I would suggest to prevent using a fifo it is prone to problems and could hang the supervisor process (aka lxc-start). Maybe here a simple file in the rootfs let's say rootfs/var/run/lxc-notify would be sufficient. From lxc-start monitor this file and when it is created or modified or whatever, the system running the container is booted. I suggest to decorrelate the states sent by lxc-start to lxc-info and so from this notification mechanism. Inside the container one may execute 'echo RUNNING /dev/lxc-notify' or an equivalent command to notify lxc-start that the container has now booted. Similarly, 'echo STOPPING /dev/lxc-notify' will change the status to STOPPING, which may be done on shutdown. Currently, only RUNNING and STOPPING are allowed, other states are ignored. How the process writing the STOPPING string can know the container is shutting down ? Thanks -- Daniel -- Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://ad.doubleclick.net/clk;258768047;13503038;j? http://info.appdynamics.com/FreeJavaPerformanceDownload.html ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc0.8rc2
On 07/10/2012 02:37 PM, William Dauchy wrote: On Wed, May 2, 2012 at 6:21 PM, William Dauchy wdau...@gmail.com wrote: I saw that lxc-0.8.0-rc2 has been tagged 6 weeks ago (http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=summary) I was wondering why there was no package available in http://lxc.sourceforge.net/download/lxc/ (since rc1 is present) any news about rc2? Yeah, sorry for that. I will upload it ASAP. Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] github staging tree updated
On 06/28/2012 08:16 PM, Serge Hallyn wrote: Hi Daniel, I've refreshed github.com/hallyn/lxc from your upstream tree, gone back through our current ubuntu lxc package, and pushed all the patches from debian and ubuntu which seemed appropriate. The result builds and passes my containers tests (at lp:~serge-hallyn/+junk/lxc-test). Most of these have been sent to lxc-devel before for comments but either not been reviewed, or simply not yet been pulled in. Currently there are 47 patches on top of upstream. branch upstream.1 is current sf.net lxc git head, while upstream.1.withpatches, the default tree, is the one with patches applied. Ignore the master branch. When sf.net lxc git head is updated, I'll pull that in as upstream.2, etc. Every time we add an upstream-appropriate patch to our package, I'll port it and add it to this tree. If it isn't going to be too annoying, I'd like to add a post-commit hook to email lxc-devel. Obviously I'll disable the hook when causing a lot of noise (i.e. rebasing). Ok, sounds good. Let me review them. Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH v2 1/2] Add option to lxc-attach to select specific namespaces
On 05/22/2012 05:58 PM, Christian Seiler wrote: Hi Serge, What about if we update the command interface to add an additional command along the lines of LXC_COMMAND_GET_NSFLAGS or similar, which returns the bitmask of CLONE_* used for starting the container? Then we would have the logic: That works fine for persistent containers which were started without any command line changes. But even with a persistent container with no network section, I could add a network section on the lxc-start command line with '-s' arguments, making the set of cloned namespaces different from what you'd expect from the config file. So there is no good way I can think of, generally, to get that bitmask of CLONE_* flags used for starting the container. You misunderstood me: I don't want to read the configuration file - I want to ask the still-running lxc-start process (that listens on the abstract socket for the container) to give me the flags it used when it was run. Just as it may be asked to return a file descriptor for the console or the PID of the init process. We don't have to generate any file or store anything, we can just keep the information in a simple variable that we return via the command interface in case lxc-attach (or somebody else) asks. That sounds good :) Yep, +1. -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] build: use libtool for linking the library, and link lxc-init statically.
On 03/24/2012 04:22 AM, Diego Elio Pettenò wrote: The shared object versioning on the library (soname) was completely wrong, as the ABI doesn't seem to be guaranteed between one version and the other, so proposing all of them as .so.0 is very wrong. Furthermore you generally want lxc-init static so that you don't have to add (or have a compatible version of) libcap and liblxc within a container you want to use lxc-execute with. To solve the issue, use the good old libtool to take care of the library building, and pass -all-static to the lxc-init linking stage. Also drop the manual rpath handling, and leave it to libtool to manage. Signed-off-by: Diego Elio Pettenòflamee...@flameeyes.eu --- Hi Diego, I tried to apply your patches but it seems they are not in the right format. They appears correctly in the mailer but it is encoded in the source. Is it possible you fix it and resend ? Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 00ad19d4dba5c05401125d4217dc8f4e7fd9403a
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 00ad19d4dba5c05401125d4217dc8f4e7fd9403a (commit) via 2775bb4c5a13d80dbbe57adddb1b302267ccafd5 (commit) via 8edcbf336673d13bb944f817c9974298a77b7860 (commit) via 5e52afd52830c1853e6fc7ec76bd836ff6cfbcc9 (commit) via 7ef0141356454503ab81460290b5dffa32c1f441 (commit) via 1d39a0658370ac104825e796bf90bb96ae0b7027 (commit) via 460a1cf0a9465043652092b11844f026cdad1342 (commit) via ad08bbb704333984b21739e24506d463aea9bb16 (commit) via f10e7166ab7f6d2a6665842b2613dd45d1795cc9 (commit) via 257e5824e485816780035d93084db0852a4bfcee (commit) via e7d04aaea0b66df1bdbd303580c7a6125b7071d1 (commit) via f51db2b39a5006ed74271ffd0b46cbbc27d7bf0b (commit) via 631c07d49cb666f46990d83210d5ac916a700f21 (commit) via 910bb4fa53eddcaba291ee8ce917f161ef49caf0 (commit) from ed55bf5203aca88809d979b289d6b2280a18e79c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 00ad19d4dba5c05401125d4217dc8f4e7fd9403a Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir Support new default location for LXCINITDIR. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 2775bb4c5a13d80dbbe57adddb1b302267ccafd5 Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 make help consistent for other scripts Display help information in a consistent format. Print error messages and help information to stderr. Prefix error messages with the name of the script (for easier debugging as part of larger scripts). Allow help information to be printed as a non-root user. Fix file mode for lxc-checkconfig.in. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 8edcbf336673d13bb944f817c9974298a77b7860 Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 rewrite lxc-ps Use bash instead of perl; eliminates final lxc dependency on perl (beneficial for minimal operating system environments). Modify the cgroup search to only use hierarchies that contain one or more subsystems. When searching, if a hierarchy contains the 'ns' subsystem, do not append '/lxc' to the parent cgroup. Maintain column spacing. Expand container name column as necessary. Properly handle spaces in 'ps' output that are not field separators (for example, try 'lxc-ps -o pid,args'). Fix file mode in repository. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 5e52afd52830c1853e6fc7ec76bd836ff6cfbcc9 Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 refresh lxc-netstat Modify the cgroup search to only use hierarchies that contain one or more subsystems. When searching, if a hierarchy contains the 'ns' subsystem, do not append '/lxc' to the parent cgroup. Change method of bind mounting /proc/pid/net onto /proc/net, to avoid error cannot mount block device /proc/pid/net read-only. Check that user is root. Check that container name is specified before calling 'exec'. Update the help information. Print error messages and help information to stderr. Make indentation consistent. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 7ef0141356454503ab81460290b5dffa32c1f441 Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 refresh lxc-ls Add an '--active' option that lists active containers by searching cgroups. (Otherwise, the directories in /var/lib/lxc are listed.) Modify the cgroup search to only use hierarchies that contain one or more subsystems. When searching, if a hierarchy contains the 'ns' subsystem, do not append '/lxc' to the parent cgroup. Add a '--help' option that prints the command syntax. Print error messages and help information to stderr. Update the documentation. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 1d39a0658370ac104825e796bf90bb96ae0b7027 Author: David Ward david.w...@ll.mit.edu Date: Fri May 4 00:50:15 2012 +0200 cgroup: only touch hierarchies that are bound to subsystems Obtain
Re: [lxc-devel] [PATCHv3 05/14] cgroup: additional fix for deprecated ns subsystem
On 05/02/2012 06:43 PM, Ward, David - 0663 - MITLL wrote: On 21/03/12 19:28, Ward, David - 0663 - MITLL wrote: When a hierarchy contains the 'ns' subsystem, do not append '/lxc' to the parent cgroup. Update surrounding comments for consistency. Signed-off-by: David Warddavid.w...@ll.mit.edu This patch is actually unnecessary. The existing code already handled the 'ns' subsystem; the sequence of function calls is just a bit confusing. All other patches in this set are still valid. Ok. Thanks. -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc-devel Mailing List for Patches
On 04/26/2012 03:58 PM, Ward, David - 0663 - MITLL wrote: It's a bit difficult for me to follow patches when they are going to two separate mailing lists. Would it be possible to limit patches to the lxc-devel list, please? I think that is the intended place for them. Yes. Please, everyone, send the patches to lxc-devel and use the lxc-users mailing list for other topics. I will have a better visibility to the patches, if you also put me directly as recipient to the patches and CC the lxc-devel mailing list. Also, Daniel I am sure you are very busy, but I just wanted to see if there was any timeline for looking at the patches against 0.8.0-rc2 that have been sent to the lists? As more new patches keep coming in, it might make it more difficult to merge things, or mean that less testing has gone into the merged code. Yes, sorry for the delay. I am very busy for the moment but I will try to merge the patches as soon as I receive them in the future. Thanks -- Daniel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PATCH: fixes for openSUSE template
On 04/19/2012 07:58 PM, Frederic Crozat wrote: Le jeudi 19 avril 2012 à 19:39 +0200, Frederic Crozat a écrit : Le jeudi 19 avril 2012 à 19:23 +0200, Frederic Crozat a écrit : Le jeudi 19 avril 2012 à 16:09 +0200, Frederic Crozat a écrit : Hi, I'm attaching a patch which contains various fixes in openSUSE template : - creation of x86 templates based on 12.1 - lxc-clone fixes Please use attached patch, I had forgot other fixes from my tree. And yet another version, because the previous one contained part of the alternative config patch in it. Ok, you can stop laughing, I had still one part of the alternative config patch left. This time, the patch is ok :) :) -- For Developers, A Lot Can Happen In A Second. Boundary is the first to Know...and Tell You. Monitor Your Applications in Ultra-Fine Resolution. Try it FREE! http://p.sf.net/sfu/Boundary-d2dvs2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCHv3 00/14] Assorted fixes against lxc 0.8.0-rc2
On 03/22/2012 12:28 AM, David Ward wrote: v3: Rebase onto 0.8.0-rc2; add cgroup fixes to handle ns subsystem; fix terminology in lxc-cgroup v2: Add changes to scripts (including new '--active' flag for lxc-ls) The following patches address a number of different issues I discovered while building or using lxc (these are not feature patches). They were tested on top of lxc 0.8.0-rc2 under both Fedora 14 and Fedora 16. I am submitting them for inclusion in lxc 0.8.0. Please let me know if you have any questions or concerns. David Ward (14): use syscall numbers from Linux kernel headers lxc-attach: use execvp instead of execve utmp: do not set conf-need_utmp_watch if CAP_SYS_BOOT is not found utmp: support non-rootfs configuration cgroup: additional fix for deprecated ns subsystem lxc-cgroup: use correct terminology cgroup: rearrange code blocks lxc-attach: unify code for attaching a pid to a cgroup cgroup: only touch hierarchies that are bound to subsystems refresh lxc-ls refresh lxc-netstat rewrite lxc-ps make help consistent for other scripts lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir Thanks David for the patchset. I will look at it today. -- Daniel config/linux.m4| 76 -- configure.ac |9 +- doc/lxc-cgroup.sgml.in | 31 +++-- doc/lxc-ls.sgml.in | 17 ++- src/lxc/Makefile.am| 11 -- src/lxc/attach.c | 113 +--- src/lxc/attach.h |9 -- src/lxc/cgroup.c | 210 ++--- src/lxc/cgroup.h |2 +- src/lxc/lxc-checkconfig.in | 15 +- src/lxc/lxc-clone.in | 70 +- src/lxc/lxc-create.in | 96 ++--- src/lxc/lxc-destroy.in | 40 -- src/lxc/lxc-ls.in | 119 src/lxc/lxc-netstat.in | 146 +--- src/lxc/lxc-ps.in | 329 src/lxc/lxc-setcap.in | 37 -- src/lxc/lxc-setuid.in | 36 -- src/lxc/lxc_attach.c | 10 +- src/lxc/lxc_cgroup.c | 22 ++-- src/lxc/start.c|3 +- src/lxc/utmp.c |4 - 22 files changed, 653 insertions(+), 752 deletions(-) delete mode 100644 config/linux.m4 mode change 100755 = 100644 src/lxc/lxc-checkconfig.in mode change 100755 = 100644 src/lxc/lxc-ps.in -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. ed55bf5203aca88809d979b289d6b2280a18e79c
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via ed55bf5203aca88809d979b289d6b2280a18e79c (commit) via 1305dd24af039cefc54bc2f21b04b33b62bb26c8 (commit) via 52c8f624b5f9ef665f33a7aa80e0aa18b91daa4a (commit) via 69182a318c3ba35f56a88891cabad25d9f7985b6 (commit) from f9d0d2cbbf401ffb74c251e75581174d91a02cfc (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ed55bf5203aca88809d979b289d6b2280a18e79c Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Mar 20 23:27:47 2012 +0100 lxc-0.8.0-rc2 commit 1305dd24af039cefc54bc2f21b04b33b62bb26c8 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Mar 19 00:31:40 2012 +0100 Update manpages to reflect some updated options. (which reminds me a lxc-clone manpage still needs to be written) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 52c8f624b5f9ef665f33a7aa80e0aa18b91daa4a Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Mar 19 00:31:40 2012 +0100 ubuntu templates cleanups 1. fix inconsistent use of '--auth-key' (not --auth_key) which broke their usage 2. add --debug option to lxc-ubuntu (which does set -x to show what broke) (idea from Idea from lifeless and benji) 3. fix incorrect assumption about group with -b option. User's default group may not be the same as username. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 69182a318c3ba35f56a88891cabad25d9f7985b6 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Mar 19 00:31:40 2012 +0100 do check for utmp checking at the right time We were doing the check for whether we need to watch utmp from a thread cloned from that which will actually do the utmp watching. As a result, the utmp file was always being watched, even if it didn't need to be. Move the check to the parent thread. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/948623 Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |2 +- doc/lxc-create.sgml.in| 44 - doc/lxc-destroy.sgml.in | 25 ++- doc/lxc-start.sgml.in | 17 ++- doc/lxc.conf.sgml.in | 29 +++ src/lxc/start.c | 14 templates/lxc-ubuntu-cloud.in | 13 +-- templates/lxc-ubuntu.in | 16 ++ 8 files changed, 143 insertions(+), 17 deletions(-) hooks/post-receive -- lxc -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. f9d0d2cbbf401ffb74c251e75581174d91a02cfc
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via f9d0d2cbbf401ffb74c251e75581174d91a02cfc (commit) via fc3c7f7f6e9d8adfc4be943160e4ef902436a25d (commit) from 09f2410e846189e765e39685b350255c196637c1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f9d0d2cbbf401ffb74c251e75581174d91a02cfc Author: InformatiQ rha...@informatiq.org Date: Mon Mar 5 23:53:14 2012 +0100 fix cached rootfs update* fix rootfs path* add handling of systemd Signed-off-by: InformatiQ rha...@informatiq.org Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit fc3c7f7f6e9d8adfc4be943160e4ef902436a25d Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Mar 5 23:53:14 2012 +0100 cgroups: fix broken support for deprecated ns cgroup when using ns cgroup, use /cgroup/init-cgroup rather than /cgroup/init-cgroup/lxc At least lxc-start, lxc-stop, lxc-cgroup, lxc-console and lxc-ls work with this patch. I've tested this in a 2.6.35 kernel with ns cgroup, and in a 3.2 kernel without ns cgroup. Note also that because of the check for container reboot support, if we're using the ns cgroup we now end up with a /cgroup/container/2 cgroup created, empty, by the clone(CLONE_NEWPID). I'm really not sure how much time we want to spend cleaning such things up since ns cgroup is deprecated in kernel. Signed-off-by: Serge Hallyn se...@hallyn.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/cgroup.c| 60 -- src/lxc/lxc-ls.in |6 - templates/lxc-fedora.in | 35 +-- 3 files changed, 68 insertions(+), 33 deletions(-) hooks/post-receive -- lxc -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc tag, lxc-0.8.0-rc1, created. 53af598ef3a589cb5bdf118887ea018f21d1c845
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.8.0-rc1 has been created at 53af598ef3a589cb5bdf118887ea018f21d1c845 (commit) - Log - commit 53af598ef3a589cb5bdf118887ea018f21d1c845 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Mar 2 00:03:18 2012 +0100 lxc-0.8.0-rc1 Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr --- hooks/post-receive -- lxc -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. ce6ce9d662b4ee8c0a10088867826a6725e06f70
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via ce6ce9d662b4ee8c0a10088867826a6725e06f70 (commit) via 49ee6cdcbf79d8b6fa617479ec8ab753ccca923d (commit) via cb014488ee24072579837439389552ce3d6cbb83 (commit) via 99d509541d82f247b3225d243fff5359574817ff (commit) via e073270504f2f5c5df90bfcc4917d2d20b73d1e7 (commit) via 525f00025700ae351b9c53dfb0d5f10a70d6b083 (commit) via 28f2ae839d00373d093234ffbc9bbb4ef5f9d10e (commit) via 3ea24eb8e68ba18e215aec0f10d96f75b23c340b (commit) via e16dad106358ae045cdcb1d86fcf3c85ca76724f (commit) via d79579e87406e8c239014dad04c5d310e553a8dd (commit) via d55bc1adad2f4929d26d91b295115a77ca6a0d05 (commit) via 5170c716339cc57e4df2315f24abd18f7fc05d08 (commit) via 20d816599f954e7e5864d39884cc0de56f9358fd (commit) via 5781a74a8af3057ce7b561f454e2b5b0925b1f76 (commit) via 307cf2a670fc8979b84d888f2720a827bcfa5291 (commit) from aa198728a83e7016cd02583349fce1f5b1a60c66 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ce6ce9d662b4ee8c0a10088867826a6725e06f70 Author: Jon Nordby jono...@gmail.com Date: Thu Feb 23 09:57:26 2012 +0100 fix-automake-1.13 ## 0001-Replace-pkglib_PROGRAMS-with-pkglibexec_PROGRAMS.patch [diff] From 95c566740bba899acc7792c11fcdb3f4d32dcfc9 Mon Sep 17 00:00:00 2001 From: Jon Nordby jono...@gmail.com Date: Fri, 10 Feb 2012 11:38:35 +0100 Subject: [PATCH] Replace pkglib_PROGRAMS with pkglibexec_PROGRAMS Without this change, autogen.sh fails with automake 1.11.3 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 49ee6cdcbf79d8b6fa617479ec8ab753ccca923d Author: Christian Seiler christ...@iwakd.de Date: Thu Feb 23 09:57:14 2012 +0100 Add man page for lxc-attach Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit cb014488ee24072579837439389552ce3d6cbb83 Author: Christian Seiler christ...@iwakd.de Date: Thu Feb 23 09:57:14 2012 +0100 lxc-attach: Drop privileges when attaching to container unless requested otherwise lxc-attach will now put the process that is attached to the container into the correct cgroups corresponding to the container, set the correct personality and drop the privileges. The information is extracted from entries in /proc of the init process of the container. Note that this relies on the (reasonable) assumption that the init process does not in fact drop additional capabilities from its bounding set. Additionally, 2 command line options are added to lxc-attach: One to prevent the capabilities from being dropped and the process from being put into the cgroup (-e, --elevated-privileges) and a second one to explicitly state the architecture which the process will see, (-a, --arch) which defaults to the container's current architecture. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 99d509541d82f247b3225d243fff5359574817ff Author: Christian Seiler christ...@iwakd.de Date: Thu Feb 23 09:57:14 2012 +0100 Move lxc_attach from namespace.c to attach.c and rename it to lxc_attach_to_ns Since lxc-attach helper functions now have an own source file, lxc_attach is moved from namespace.c to attach.c and is renamed to lxc_attach_to_ns, because that better reflects what the function does (attaching to a container can also contain the setting of the process's personality, adding it to the corresponding cgroups and dropping specific capabilities). Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit e073270504f2f5c5df90bfcc4917d2d20b73d1e7 Author: Christian Seiler christ...@iwakd.de Date: Thu Feb 23 09:57:14 2012 +0100 Add attach.[ch]: Helper functions for lxc-attach The following helper functions for lxc-attach are added to a new file attach.c: - lxc_proc_get_context_info: Get cgroup memberships, personality and capability bounding set from /proc for a given process. - lxc_proc_free_context_info: Free the data structure responsible - lxc_attach_proc_to_cgroups: Add the process specified by the pid parameter to the cgroups given by the ctx parameter. - lxc_attach_drop_privs: Drop capabilities to the capability mask given in the ctx parameter. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 525f00025700ae351b9c53dfb0d5f10a70d6b083 Author: Christian Seiler christ...@iwakd.de Date: Thu Feb 23 09:57:14 2012 +0100 Add lxc_config_parse_arch to parse architecture strings Add the function
[lxc-devel] [GIT] lxc branch, master, updated. c75083d7f36ff16ee22b3089b3deacec6a2b3cb9
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via c75083d7f36ff16ee22b3089b3deacec6a2b3cb9 (commit) from ce6ce9d662b4ee8c0a10088867826a6725e06f70 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit c75083d7f36ff16ee22b3089b3deacec6a2b3cb9 Author: Kevin Cernekee cerne...@gmail.com Date: Sun Feb 26 00:49:48 2012 +0100 Add MIPS as a supported architecture The issue is similar to what was fixed in commit e7eb632c for ARM: the configure script errors out because it is unable to set LINUX_SRCARCH. Fix is to add MIPS to the list. Signed-off-by: Kevin Cernekee cerne...@gmail.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: config/linux.m4 |1 + 1 files changed, 1 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH v2] lxc-attach: Consider cgroups/personality/capabilities of container
On 02/17/2012 01:53 PM, Christian Seiler wrote: Hi there, This is the new version of my patch that implements the features discussed in the previous thread. - The current status of the container is now read from /proc/init_pid/*, where init_pid is the pid of the container's init process. - By default: * The attached process acquires the personality of the container (i.e. architecture: 32bit vs. 64bit) * The attached process drops its capabilities according to those of the container * The attached process is put into the same cgroup as the container itself - Overrides: * -a/--arch option to set the architecture which the attached process sees manually * -e/--elevated-privileges option to stop the attached process from being put in the same cgroup as the container and to let it retain the capability bounding set it already posesses. - Add a manual page for lxc-attach(1) Any comments on this? Hi Christian, your patchset is in my tree. I will do some tests and push it. Thanks -- Daniel -- Virtualization Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-attach: Consider cgroup, personality and capabilities when attaching processes to a container
On 02/06/2012 12:20 AM, Christian Seiler wrote: Hi Daniel, thanks for your patches and your analysis. IMO, we have to take into account the process we want to attach could be an admin task and this one may want to have the full permissions within the container. Also that could be an external daemon with the same permissions as the container's processes. So inheriting should be optional as it is up to the administrator to do the right action. Yes, that's why I added the --keep-capabilities option to lxc-attach, to make it possible for the administrator to execute a process inside the container with higher permissions. However, I only included capabilities there; it's true that cgroups may impose an additional constraint. (Especially the device cgroup controller.) On the other hand, the personality (which in LXC context essentially means the architecture such as x86-64 vs. x86-32) is not something I see as a permission, but rather as a general property of the container. So the approach would then be: - default behaviour: use same restrictions as container - command line flag that allows one to ignore cgroups and capabilities - command line option to choose any architecture that's supported by the current running kernel (defaults to the arch of the container) I do strongly think the default behaviour should be to use the same restrictions as the container, as I see that to be the primary use case, take for example lxc-attach -n container -- /etc/init.d/sshd restart This could easily leak privileges - the admin should explicitly state that he/she wants to use elevated privileges if required. +1 The parsing of the configuration file is right at the moment the container has a configuration file and we did not launched the container with the -s lxc.. options, or we did not modify the configuration file after the container is launched. I think it is much more sane to retrieve the needed informations from: * /proc/pid/status : for the capabilities * /proc/pid/cgroup * /proc/pid/personality Wherepid is the init pid of the container we can get through get_init_pid function. Yes, that seems like a reasonable approach. I'd rework the patches as follows: No flags: container's privileges according to /proc -e/--elevated-privileges: maximum privileges (cgroup, capabilities) -a x86/--arch=x86:manually specify the architecture (default to container's arch) Is that agreeable? Yep ! Thanks -- Daniel -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] can LXC works with ip alias?
On 01/30/2012 03:29 AM, MaoXiaoyun wrote: Hi: Recently we are planning to set up a cluster by using LXC. But one problem we facing is it would be to much MAC address. Here is the detail. We plan 1000 lXC in one physical linux server, so there will be 1000 MAC address, suppose we have 100 servers, so total will have 1000 * 100 MAC address, far over the capbility of our switch(Currently our network is big second layer, all MAC addresses are recoreded in core switch). If one server's all container share the same MAC address, but different IP address, much like linux ip alias. There will be only 100 MAC existed. So my question is : is it possilbe to have LXC work with ip alias device? Unfortunately, it is not supported by the kernel and was a big discussion when the network namespace was implemented. Finally the decision was to act the layer 2 for the virtualization. Maybe, the macvlan virtual network driver could be enhanced to accept the same mac address as the link if the macvlan port belongs to another network namespace and then forwards the packets to all the macvlan ports like multicasting. Or any other suggestiones to solve the problem above. Yes, may be you can use the host as a gateway for the containers. -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Improve capability handling in LXC
On 02/01/2012 05:12 PM, Christian Seiler wrote: Hi, I've attached patches that improve capability handling in LXC. I stumbled upon the issue that I wanted to deactivate dmesg from inside containers with a fairly recent kernel. Instead of dropping CAP_SYS_ADMIN, as it was the case with previous kernel versions, one is now supposed to drop CAP_SYSLOG. Unfortunately, LXC doesn't know about it yet. The attached patches do the following: - add CAP_SYSLOG and CAP_WAKE_ALARM to the list of capabilities, since they are new - add a function that determines the maximum number of capabilities the current running kernel (not the one LXC is compiled against) supports - support the specification of numerical IDs for capabilities when using lxc.cap.drop. Then, even if LXC doesn't understand the capability or was compiled against an older kernel, it is still possible to drop that specific capability. Looks good to me. -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-attach: Consider cgroup, personality and capabilities when attaching processes to a container
On 02/03/2012 01:54 PM, Christian Seiler wrote: Hi, As I didn't hear anything on this issue, I looked at it more closely and found found that not only are capabilities currently not dropped from withing lxc, but also the personality is not set correctly and the newly started process is not put in the correct cgroup (circumventing e.g. device restrictions!) when using lxc-attach. I've now created a set of patches that now make sure that every attached process is now - in the correct cgroup of the container - has the correct personality set - drops its capabilities I also added the -f and -s switches to lxc-attach, because it now needs to read the same configuration file as lxc-start to determine the capabilities and personality. Additionally, lxc-attach now has a -k switch, which will inhibit it from dropping the capabilities, so an administrator from the outside may use this to reconfigure things in the container which he now may not have been able to. I hope you are agreeable to this improvement being merged. Hi Christian, thanks for your patches and your analysis. IMO, we have to take into account the process we want to attach could be an admin task and this one may want to have the full permissions within the container. Also that could be an external daemon with the same permissions as the container's processes. So inheriting should be optional as it is up to the administrator to do the right action. The parsing of the configuration file is right at the moment the container has a configuration file and we did not launched the container with the -s lxc.. options, or we did not modify the configuration file after the container is launched. I think it is much more sane to retrieve the needed informations from: * /proc/pid/status : for the capabilities * /proc/pid/cgroup * /proc/pid/personality Where pid is the init pid of the container we can get through get_init_pid function. Thanks -- Daniel -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] setns() syscall perf issue
On 01/24/2012 09:54 PM, Dilip Daya wrote: Would you consider the the following changes to switch_task_namespaces() ?? Hi Dilip, I think you should send this patch to lkml and Cc Eric Biederman. You should have a better than this mailing list where we are focused on the userspace part of the containers. Thanks -- Daniel -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/4] lxc-init: use lxc_mainloop
On 12/05/2011 12:43 PM, Greg Kurz wrote: On Sun, 2011-12-04 at 11:33 +0100, Daniel Lezcano wrote: On 11/08/2011 12:49 PM, Greg Kurz wrote: The goal here is to be able to multiplex several event sources in lxc-init. It will be a lot easier to add I/O driven features: for example, a rexec-like service to start extra commands in a container. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Cedric Le Goater c...@fr.ibm.com --- Hi Greg, the compilation fails with: gcc -I../../src -DLXCROOTFSMOUNT=\/usr/lib/lxc/rootfs\ -DLXCPATH=\/var/lib/lxc\ -DLXCINITDIR=\/usr/lib/lxc\ -g -O2 -Wall -lutil -o lxc-init lxc_init.o liblxc.so -lcap /usr/bin/ld: lxc_init.o: undefined reference to symbol 'login_tty@@GLIBC_2.0' /usr/bin/ld: note: 'login_tty@@GLIBC_2.0' is defined in DSO /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so so try adding it to the linker command line /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status Daniel, Thanks for giving a try to lxc-rexec. I do have a warning about login_tty() when compiling on fedora but not a link issue like what you get. I suggest we first kill the real culprit src/lxc/utmp.h, so that we can *really* include the utmp.h system header. Is that okay for you ? Do you want me to respin a new patchset ? AFAICS, you already killed the utmp.h with the rexec V2 patchset. Maybe the liblxc is not linked with libutil ? -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
On 11/16/2011 05:49 PM, Christian Seiler wrote: Hi, I've run into the same problem as was discussed in BUG #3411497 [1] and on the users mailing list [2]. To solve this, I've decided to implement the patch that was proposed on the mailing list [3]. The attached patch is against current trunk. Since trunk currently doesn't compile for me, I tested the patch against the current Debian package for LXC version 0.7.2. There, it still applies and works as expected for me, the bridge interface still keeps its mac address and the high byte of the mac address of the host veth interface is correctly set to 0xfe. It would be great if this patch or a slightly modified version could be applied to LXC. Hi guys are ok with this patch ? Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/4] lxc-init: use lxc_mainloop
On 11/08/2011 12:49 PM, Greg Kurz wrote: The goal here is to be able to multiplex several event sources in lxc-init. It will be a lot easier to add I/O driven features: for example, a rexec-like service to start extra commands in a container. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Cedric Le Goater c...@fr.ibm.com --- Hi Greg, the compilation fails with: gcc -I../../src -DLXCROOTFSMOUNT=\/usr/lib/lxc/rootfs\ -DLXCPATH=\/var/lib/lxc\ -DLXCINITDIR=\/usr/lib/lxc\ -g -O2 -Wall -lutil -o lxc-init lxc_init.o liblxc.so -lcap /usr/bin/ld: lxc_init.o: undefined reference to symbol 'login_tty@@GLIBC_2.0' /usr/bin/ld: note: 'login_tty@@GLIBC_2.0' is defined in DSO /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so so try adding it to the linker command line /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] change default path for config files to /etc/lxc
On 11/30/2011 01:07 PM, Alexey Shabalin wrote: 2011/10/13 Alexey Shabalin : 2011/9/27 Greg Kurz : On Tue, 2011-09-27 at 14:10 +0200, Frederic Crozat wrote: Le vendredi 26 août 2011 à 16:00 +0400, Alexey Shabalin a écrit : 2011/8/26 Daniel Lezcano : On 08/23/2011 03:56 PM, Alexey Shabalin wrote: Hello. I think the directory /etc better suited for storing configuration files. This patch allows you to specify the location configs as options for ./configure. Is this patch to store the configuraton files in /etc/lxc and the rootfs in /var/lib/lxc ? yes. this patch add new option --with-container-path (default /var/lib/lxc) and change option --with-config-path (default /etc/lxc). If you want to use configs in /var/lib/lxc, you can use --with-config-path=/var/lib/lxc. Any status on this patch ? I don't have any opinion on this patch, but it's likely to conflict with: http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=1c41ddcb4af633ac906f1d7c9ef1dc7d121d7850 I guess it should be rebased and resent. Cheers. Update patch. What about this patch? What about move configs to /etc? I have to respin it on top of git HEAD. Just one question: is the default behavior kept ? Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
On 12/05/2011 12:11 AM, Serge Hallyn wrote:
On 12/04/2011 04:28 AM, Daniel Lezcano wrote:
On 11/16/2011 05:49 PM, Christian Seiler wrote:
Hi,
I've run into the same problem as was discussed in BUG #3411497 [1]
and on
the users mailing list [2]. To solve this, I've decided to implement
the
patch that was proposed on the mailing list [3].
The attached patch is against current trunk. Since trunk currently
doesn't
compile for me, I tested the patch against the current Debian
package for
LXC version 0.7.2. There, it still applies and works as expected for
me,
the bridge interface still keeps its mac address and the high byte
of the
mac address of the host veth interface is correctly set to 0xfe.
It would be great if this patch or a slightly modified version could be
applied to LXC.
Hi guys
are ok with this patch ?
Thanks
-- Daniel
Sorry, where is the patch? I don't find it in the archives. Can
someone send it (inline)?
It was in attachment. Here it is.
From e1b4779a89964ec43fa2bc5f76fafd965c89f73f Mon Sep 17 00:00:00 2001
From: Christian Seiler christ...@iwakd.de
Date: Tue, 15 Nov 2011 18:53:53 +0100
Subject: [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
When used in conjunction with a bridge, veth devices with random addresses
may change the mac address of the bridge itself if the mac address of the
interface newly added is numerically lower than the previous mac address
of the bridge. This is documented kernel behavior. To avoid changing the
host's mac address back and forth when starting and/or stopping containers,
this patch ensures that the high byte of the mac address of the veth
interface visible from the host side is set to 0xfe.
A similar logic is also implemented in libvirt.
Fixes SF bug #3411497
See also:
http://thread.gmane.org/gmane.linux.kernel.containers.lxc.general/2709
---
src/lxc/conf.c | 40
1 files changed, 40 insertions(+), 0 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 613e476..a5d067b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1402,6 +1402,36 @@ static int setup_network(struct lxc_list *network)
return 0;
}
+static int setup_private_host_hw_addr(char *veth1)
+{
+ struct ifreq ifr;
+ int err;
+ int sockfd;
+
+ sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (sockfd 0)
+ return -errno;
+
+ snprintf((char *)ifr.ifr_name, IFNAMSIZ, %s, veth1);
+ err = ioctl(sockfd, SIOCGIFHWADDR, ifr);
+ if (err 0) {
+ close(sockfd);
+ return -errno;
+ }
+
+ ifr.ifr_hwaddr.sa_data[0] = 0xfe;
+ err = ioctl(sockfd, SIOCSIFHWADDR, ifr);
+ close(sockfd);
+ if (err 0)
+ return -errno;
+
+ DEBUG(mac address of host interface '%s' changed to private
%02x:%02x:%02x:%02x:%02x:%02x,
+ veth1, ifr.ifr_hwaddr.sa_data[0] 0xff,
ifr.ifr_hwaddr.sa_data[1] 0xff, ifr.ifr_hwaddr.sa_data[2] 0xff,
+ ifr.ifr_hwaddr.sa_data[3] 0xff, ifr.ifr_hwaddr.sa_data[4]
0xff, ifr.ifr_hwaddr.sa_data[5] 0xff);
+
+ return 0;
+}
+
struct lxc_conf *lxc_conf_init(void)
{
struct lxc_conf *new;
@@ -1455,6 +1485,16 @@ static int instanciate_veth(struct lxc_handler *handler,
struct lxc_netdev *netd
strerror(-err));
return -1;
}
+
+ /* changing the high byte of the mac address to 0xfe, the bridge
interface
+* will always keep the host's mac address and not take the mac address
+* of a container */
+ err = setup_private_host_hw_addr(veth1);
+ if (err) {
+ ERROR(failed to change mac address of host interface '%s' :
%s,
+ veth1, strerror(-err));
+ goto out_delete;
+ }
if (netdev-mtu) {
err = lxc_netdev_set_mtu(veth1, atoi(netdev-mtu));
-- 1.7.2.5
--
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] application container can do the socket communication?
On 11/18/2011 09:39 AM, Greg Kurz wrote: On 11/18/2011 06:40 AM, liu...@neusoft.com wrote: hello everyone! I'm a rookie on the LXC, and i want to know wheather application container can do the socket communication with the host or not ? It depends on your kernel: you need at least 2.6.36 to do that. If yes, what need to configure? Nothing peculiar. Just make sure the socket file is shared with the host. Yes, for more precision. If you configured lxc without a private network stack, the sockets can communicate as they are shared with the system, but if you configure lxc with its own private network stack, you can *only* communicate through an AF_UNIX socket if the socket file is visible in the container's file system (in case mount bind works here). -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9c7c90377cdc655b7d853a43dd93de439a4c1677
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9c7c90377cdc655b7d853a43dd93de439a4c1677 (commit) from 5ddd950537c4f37814ac64a823ec1ab352c07b24 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9c7c90377cdc655b7d853a43dd93de439a4c1677 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Nov 18 16:09:47 2011 +0100 Revert lxc: use -iquote instead of -I This reverts commit a2dea4ea209a8fcf6837668bbe59f350931d1c07. --- Summary of changes: src/lxc/Makefile.am |7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 5ddd950537c4f37814ac64a823ec1ab352c07b24
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 5ddd950537c4f37814ac64a823ec1ab352c07b24 (commit) via a2dea4ea209a8fcf6837668bbe59f350931d1c07 (commit) via f549edcc73bc56ab6a1b58c216e278de169b3772 (commit) via f6267d9011eea5074028dc44b49df3bd3df7443c (commit) via 93718f95af6bc38537b90629d9e5888f341afde9 (commit) from 7bd44bf6f68bfee9044ba783d1c3fc10f5f7650c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5ddd950537c4f37814ac64a823ec1ab352c07b24 Author: Stéphane Graber stgra...@ubuntu.com Date: Thu Nov 10 09:45:52 2011 +0100 Ubuntu template: some tweaks Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit a2dea4ea209a8fcf6837668bbe59f350931d1c07 Author: Greg Kurz gk...@fr.ibm.com Date: Thu Nov 10 09:41:46 2011 +0100 lxc: use -iquote instead of -I To avoid name collisions between local and system header files. For example, if you try to include the pty.h system file, you end up including the one from lxc... Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f549edcc73bc56ab6a1b58c216e278de169b3772 Author: Greg Kurz gk...@fr.ibm.com Date: Thu Nov 10 09:41:46 2011 +0100 lxc: fix erroneous includes The notation is preferrable if the header file is local. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f6267d9011eea5074028dc44b49df3bd3df7443c Author: Alexander Vladimirov id...@vlan1.ru Date: Thu Nov 10 09:41:46 2011 +0100 add lxc-archlinux template Hi, here's the patch which adds Arch linux container template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 93718f95af6bc38537b90629d9e5888f341afde9 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Nov 10 09:41:46 2011 +0100 fix lxc-destroy Add missing 'localstatedir' directory definition. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: .gitignore |1 + configure.ac |1 + src/lxc/Makefile.am|7 +- src/lxc/genl.c |5 +- src/lxc/lxc-destroy.in |1 + src/lxc/lxc_info.c |3 +- src/lxc/mainloop.h |2 +- src/lxc/network.c |5 +- src/lxc/nl.c |3 +- src/lxc/restart.c |3 +- src/lxc/rtnl.c |5 +- src/lxc/start.c|5 +- templates/Makefile.am |3 +- templates/lxc-archlinux.in | 462 templates/lxc-ubuntu.in|5 +- 15 files changed, 496 insertions(+), 15 deletions(-) create mode 100644 templates/lxc-archlinux.in hooks/post-receive -- lxc -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Ubuntu template: Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces
On 11/02/2011 08:17 PM, Stéphane Graber wrote: --- templates/lxc-ubuntu.in |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in index 4f44b03..2be8680 100644 --- a/templates/lxc-ubuntu.in +++ b/templates/lxc-ubuntu.in @@ -179,9 +179,12 @@ lxc.pts = 1024 lxc.rootfs = $rootfs lxc.mount = $path/fstab lxc.arch = $arch -lxc.cap.drop = sys_module mac_override mac_admin +lxc.cap.drop = sys_module lxc.cgroup.devices.deny = a +# Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm Applied. Thanks. -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] lxc-fedora.in: Add missing default release variable
On 10/26/2011 04:29 PM, Tuomas Suutari wrote: The text says that 14 is default, but release=14 was not set anywhere in the script. Signed-off-by: Tuomas Suutari tuomas.suut...@gmail.com --- All patches applied. Thanks ! -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc: introduce lxc_execute()
On 10/17/2011 08:47 PM, Greg Kurz wrote: This patch allows to create application containers with liblxc.so directly. Some code cleanups on the way: - separate ops for lxc_execute() and lxc_start(): the factorisation is wrong here as we may have specific things to do if we're running an application container. It deserves separate ops. - lxc_arguments_dup() is merged in the pre-exec operation: this is a first use for the execute op introduced just above. It's better to build the arguments to execvp() where they're really used. Signed-off-by: Greg Kurz gk...@fr.ibm.com Cc: Cedric Le Goater c...@fr.ibm.com --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Don't list containers w/ active console sessions multiple times
On 09/14/2011 07:03 PM, Rainer Weikusat wrote: From: Rainer Weikusat rweiku...@mobileactivedefense.com The lxc-ls shell script uses netstat -xa to get a listing of AF_UNIX sockets it then parses in order to determine the names of presently running containers. This is wrong because it will list the listening socket and all sockets created by accepting connections on that. This causes the script to display the names of containers with active lxc-console sessions 1 + n times, n being the number of active console sessions. The patch below fixes this by using netstat -xl instead which only displays the listening sockets. Signed-off-by: Rainer Weikusat rweiku...@mobileactivedefense.com --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [Lxc-users] please resend patches
On 09/21/2011 06:57 PM, John Drescher wrote: On Wed, Sep 21, 2011 at 11:53 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 09/21/2011 05:47 PM, Daniel Lezcano wrote: Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. For English people :) September 8th I should have every non spam message from the lxc-users list for at least 1 year in my gmail box. You want just the patch emails? Just the patch emails, I have the patches until September 8th. Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] please resend patches
Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. Is it possible to resend the patches please ? Thanks ! -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] please resend patches
On 09/21/2011 05:47 PM, Daniel Lezcano wrote: Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. For English people :) September 8th Is it possible to resend the patches please ? Thanks ! -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 4e04d515006816bbe629657b85d97476c9de240e
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 4e04d515006816bbe629657b85d97476c9de240e (commit) from 165015211fa9506b11ea1f4540d54b8a99a2f468 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 4e04d515006816bbe629657b85d97476c9de240e Author: Greg Kurz gk...@fr.ibm.com Date: Tue Sep 20 11:18:39 2011 +0200 fix broken lxc-*.in scripts Commit 92c7f6295518decd3989b2790d75551e7d9a broke the following scipts: - lxc-setcap - lxc-setuid - lxc-create This patch adds the missing variables to be substitued by the configure script. Cheers. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-create.in |1 + src/lxc/lxc-setcap.in |4 +++- src/lxc/lxc-setuid.in |4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. f7b98d38f042c403114fd07187dfe7daed44bdda
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via f7b98d38f042c403114fd07187dfe7daed44bdda (commit) from ac70c6cf97c5d52d4ec4c6bfe9552c1550307966 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f7b98d38f042c403114fd07187dfe7daed44bdda Author: InformatiQ rha...@informatiq.org Date: Thu Sep 1 22:24:30 2011 +0200 remove the check for container path as it's done in lxc-create Signed-off-by: InformatiQ rha...@informatiq.org Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-fedora.in |5 - 1 files changed, 0 insertions(+), 5 deletions(-) hooks/post-receive -- lxc -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. be58c6b5b4110a3136f26b69394de725a4318619
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via be58c6b5b4110a3136f26b69394de725a4318619 (commit) via 19a26f82145042062cb2b11292622efb3ccac37f (commit) via f8fee0e2c399af59ee30c62234b47505fbd93725 (commit) via ebdd307db73344fa51a552a10daa8d1fefe9794b (commit) from e6238180c6963bcdbab42258a0f66b1d498c0e13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit be58c6b5b4110a3136f26b69394de725a4318619 Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 .gateway options Man for the gateway option. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 19a26f82145042062cb2b11292622efb3ccac37f Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 add autodetection of the gateway address For veth and macvlan networks, this can look up the host address on the bridge (link) interface and add a default route on the guest to that address. This facilitates a typical setup where guests are bridged together. syntax: lxc.ipv4.gateway = auto lxc.ipv6.gateway = auto Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f8fee0e2c399af59ee30c62234b47505fbd93725 Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 .gateway configuration This directive adds a default route to the guest at startup. syntax: lxc.network.ipv4.gateway = 10.0.0.1 lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit ebdd307db73344fa51a552a10daa8d1fefe9794b Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Tue Aug 30 23:50:00 2011 +0200 Don't log an error when the container is stopped Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc.conf.sgml.in | 43 ++ src/lxc/commands.c |4 +- src/lxc/conf.c | 103 +++ src/lxc/conf.h |6 ++ src/lxc/confile.c| 78 + src/lxc/network.c| 227 ++ src/lxc/network.h| 12 +++ src/lxc/start.c | 10 ++ 8 files changed, 480 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. ac70c6cf97c5d52d4ec4c6bfe9552c1550307966
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via ac70c6cf97c5d52d4ec4c6bfe9552c1550307966 (commit)
via 8534a83e9478ed5c74255341c1b204eec0a585b7 (commit)
via 27078f4422580c39dc451d79be90679992d3137e (commit)
via 29ec8f8473c5e384a8feaddf61dee68b39d069d6 (commit)
via a30ce0ac4db1bac032799da550f747cf17e45d08 (commit)
via 262f4e48a51a55ad9cee06abbcfe4a6ad6166f49 (commit)
from be58c6b5b4110a3136f26b69394de725a4318619 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit ac70c6cf97c5d52d4ec4c6bfe9552c1550307966
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
if after freezing the container the snapshot/rsync fails, unfreeze before
exiting
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 8534a83e9478ed5c74255341c1b204eec0a585b7
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
*add the new opts to help() *set container_running=false
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 27078f4422580c39dc451d79be90679992d3137e
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
* allow cloning of non-snapshot lvm devices
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 29ec8f8473c5e384a8feaddf61dee68b39d069d6
Author: Ramez Hanna rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
lxc-fedora.in
* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit a30ce0ac4db1bac032799da550f747cf17e45d08
Author: Ramez Hanna rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
fix for missing EOF and fstab contents
templates/lxc-fedora.in | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 262f4e48a51a55ad9cee06abbcfe4a6ad6166f49
Author: Alexey Shabalin sh...@altlinux.org
Date: Tue Aug 16 16:00:51 2011 +0400
add lxc-altlinux template
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
.gitignore |1 +
configure.ac |1 +
src/lxc/lxc-clone.in | 108 +-
templates/Makefile.am|1 +
templates/{lxc-fedora.in = lxc-altlinux.in} | 131 +++---
templates/lxc-fedora.in | 38 +---
6 files changed, 190 insertions(+), 90 deletions(-)
copy templates/{lxc-fedora.in = lxc-altlinux.in} (65%)
hooks/post-receive
--
lxc
--
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free Love Thy Logs t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] add lxc.network.ipv[46].gateway configuration
On 08/15/2011 10:58 PM, Matthijs Kooijman wrote: This directive adds a default route to the guest at startup. syntax: lxc.network.ipv4.gateway = 10.0.0.1 lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334 Applied the patchset. Thanks ! -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] touch /fastboot to rootfs before start container
On 08/16/2011 08:01 PM, Matteo Bernardini wrote: for what's worth (if useful to know), slackware uses /etc/fastboot for that purpose: could it be seen as a specific template thingie? in the template for slackware that I'm preparing, for example, I cutted out all mount/fsck from the shell init script checking for a CONTAINER variable... +1 -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Patch to automatically set a gateway inside a container
On 08/15/2011 10:58 PM, Matthijs Kooijman wrote: Hey folks, Here's a small patch series that allows setting up a gateway inside a container. Two modes are supported: Defining a static address in lxc.conf, or taking the configured address from the bridge (link) interface and using that as a gateway. The latter is usefule when a number of containers are bridged together without being bridged into a physical network (instead relying on the host to do routing or NAT for the containers). The first patch enables the static gateway setup and should be pretty straightforward. The second patch enables automatic gateway setup. To get this working, I needed to get the IP address from the bridge interface. This uses the netlink interface, but unlike all other netlink code so far actually uses the reply. Furthermore, netlink does not support filtering at the kernel end, so the RTM_GETADDR message requests _all_ configured addresses. The addresses are returned one per reply message, which are then filtered to find the right address. This requires some complicated code to loop over the reply messages and repeatedly receive more messages in case the buffer wasn't big enough the first time (emperical evidence suggests a second receive is needed when aroudn 100 ipv4 addresses are configured). I suspect that the code could be made a bit more elegant if the functions in nl.c would support returning multiple messsages and/or multiple receives for a single request. In particular, I found a piece of code in netlink_rcv, for which I couldn't figure out what it was supposed to do, or how it would interact with a multiple reply and/or multipe receive scenario: if (msg.msg_flags MSG_TRUNC ret == answer-nlmsghdr.nlmsg_len) return -EMSGSIZE; Any hints? Matthis, that's excellent ! Good work ! Yeah, I think I did not take care of supporting multiple messages with netlink as it was not needed. But in your case, I think that would be worth to support it now :) Thanks ! -- Daniel -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. e6238180c6963bcdbab42258a0f66b1d498c0e13
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via e6238180c6963bcdbab42258a0f66b1d498c0e13 (commit) from 970ab589452637c4ae1ddb807c66be7333f8fdf6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit e6238180c6963bcdbab42258a0f66b1d498c0e13 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 21:47:55 2011 +0200 remove minimal install for ubuntu template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-ubuntu.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- FREE DOWNLOAD - uberSVN with Social Coding for Subversion. Subversion made easy with a complete admin console. Easy to use, easy to manage, easy to install, easy to extend. Get a Free download of the new open ALM Subversion platform now. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 5d42011acbf64b3c942dd4e2f2557a172410fbeb
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 5d42011acbf64b3c942dd4e2f2557a172410fbeb (commit) via 989457599472cba389a09d0279dd752dfbafd842 (commit) via 579ebf1283be785334b840a82b2a988f9383e663 (commit) via d9e2cc0eaddd4dd0701705a42edd8f4c81fe8b43 (commit) from 0b9c21ab8ab3e7a1eacdb087950fe9f680053486 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5d42011acbf64b3c942dd4e2f2557a172410fbeb Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:19:56 2011 +0200 add container init pid with the lxc-info command Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 989457599472cba389a09d0279dd752dfbafd842 Author: InformatiQ rha...@informatiq.org Date: Thu Jul 14 00:41:03 2011 +0300 fix RELEAE_URL to not hardcode the arch Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 579ebf1283be785334b840a82b2a988f9383e663 Author: InformatiQ rha...@informatiq.org Date: Wed Apr 20 23:15:51 2011 +0300 working fedora template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit d9e2cc0eaddd4dd0701705a42edd8f4c81fe8b43 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Aug 9 20:02:31 2011 +0200 lxc-checkconfig takes into account cgroup.clone_children Take into account we may have the clone_children flag on the cgroup, so we ignore cgroup namespace in this case. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-checkconfig.in | 11 ++- src/lxc/lxc_info.c | 45 ++-- templates/lxc-fedora.in| 264 3 files changed, 191 insertions(+), 129 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. c797dcc3d06762859ca07075c607e852fe02d18f
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via c797dcc3d06762859ca07075c607e852fe02d18f (commit) via 858133f52ce4a7eaa0ace709c4cb037ffa408caf (commit) from 5d42011acbf64b3c942dd4e2f2557a172410fbeb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit c797dcc3d06762859ca07075c607e852fe02d18f Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:54:57 2011 +0200 lxc-ps : update the man page for passing the options Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 858133f52ce4a7eaa0ace709c4cb037ffa408caf Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:54:57 2011 +0200 lxc-ps : fix the container name search We don't have to check for the cgroup namespace name because the pid we are looking for is already in the list of the container owned by lxc and retrieved from the abstract socket command name. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc-ps.sgml.in |7 --- src/lxc/lxc-ps.in |9 +++-- 2 files changed, 7 insertions(+), 9 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/11/2011 06:30 PM, Bruno Prémont wrote:
On Wed, 10 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/10/2011 10:10 PM, Bruno Prémont wrote:
Hi Daniel,
[I'm adding containers ml as we had a discussion there some time ago
for this feature]
[ ... ]
+if (cmd == LINUX_REBOOT_CMD_RESTART2)
+if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0)
+return -EFAULT;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
Should there be a return here?
Or does pid_namespace_reboot() never return by submitting signal to
parent?
Yes, it does not return a value, like 'do_notify_parent_cldstop'
So execution flow continues reaching the whole host reboot code?
That's not so good as it then prevents using CAP_SYS_BOOT inside PID namespace
to limit access to rebooting the container from inside as giving a process
inside container CAP_SYS_BOOT would cause host to reboot (and when not given
process inside container would get -EPERM in all cases).
Wouldn't the following be better?:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT))
+return -EPERM;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns) {
+pid_namespace_reboot(pid_ns, cmd, buffer);
+return 0;
+}
+
mutex_lock(reboot_mutex);
switch (cmd) {
...
If I misunderstood, please correct me.
Yep, this is what I did at the beginning but I realized I was closing
the door for future applications using the pid namespaces. The pid
namespace could be used by another kind of application, not a container,
running some administrative tasks so they may want to shutdown the host
from a different pid namespace.
For this reason, to prevent this execution flow, the container has to
drop the CAP_SYS_BOOT in addition of taking care of the SIGCHLD signal
with CLDREBOOT.
--
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc tag, lxc-0.7.5, created. 6371febf3c7d181cb0f11209df67c35f9d7b233b
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.7.5 has been created at 6371febf3c7d181cb0f11209df67c35f9d7b233b (commit) - Log - commit 6371febf3c7d181cb0f11209df67c35f9d7b233b Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Thu Aug 11 19:00:13 2011 +0200 Version 0.7.5 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/11/2011 07:04 PM, Bruno Prémont wrote:
On Thu, 11 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/11/2011 06:30 PM, Bruno Prémont wrote:
On Wed, 10 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/10/2011 10:10 PM, Bruno Prémont wrote:
Hi Daniel,
[I'm adding containers ml as we had a discussion there some time ago
for this feature]
[ ... ]
+if (cmd == LINUX_REBOOT_CMD_RESTART2)
+if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0)
+return -EFAULT;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
Should there be a return here?
Or does pid_namespace_reboot() never return by submitting signal to
parent?
Yes, it does not return a value, like 'do_notify_parent_cldstop'
So execution flow continues reaching the whole host reboot code?
That's not so good as it then prevents using CAP_SYS_BOOT inside PID
namespace
to limit access to rebooting the container from inside as giving a process
inside container CAP_SYS_BOOT would cause host to reboot (and when not given
process inside container would get -EPERM in all cases).
Wouldn't the following be better?:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT))
+return -EPERM;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns) {
+pid_namespace_reboot(pid_ns, cmd, buffer);
+return 0;
+}
+
mutex_lock(reboot_mutex);
switch (cmd) {
...
If I misunderstood, please correct me.
Yep, this is what I did at the beginning but I realized I was closing
the door for future applications using the pid namespaces. The pid
namespace could be used by another kind of application, not a container,
running some administrative tasks so they may want to shutdown the host
from a different pid namespace.
For this reason, to prevent this execution flow, the container has to
drop the CAP_SYS_BOOT in addition of taking care of the SIGCHLD signal
with CLDREBOOT.
Ok, though for later source code readers to know adding/extending comment
would be nice.
Maybe something like
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured
+ * NOTE: if process has CAP_SYS_BOOT it will additionally have the
+ * same effect as if it was not namespaced */
How would all of this integrate with the ongoing work on user namespaces?
Maybe that one should later be the differentiator for who may or may not
trigger the host reboot.
I think if you are in a different user namespace than the init one, the
process won't be able to reboot.
I talked with Serge about that and he should execute the
pid_namespace_reboot if it is 'ns_capable' of rebooting the host.
But I think that does not collide after all.
In addition sending the signal to parent process seems moot as chances are
that parent process will never have the opportunity to see the signal when
the host is being rebooted.
Right.
Then a construct like the following would give a better hint to the reader:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT)) {
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
+
+return -EPERM;
+}
Ok, let me respin the patchset and change that. I will submit the patch
to akpm and lkml. Let's see what they think about this approach.
Thanks
-- Daniel
--
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 970ab589452637c4ae1ddb807c66be7333f8fdf6
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 970ab589452637c4ae1ddb807c66be7333f8fdf6 (commit) via 6f1239c38078bae9900ac8f5c87de4b4bfcf2e07 (commit) from 6371febf3c7d181cb0f11209df67c35f9d7b233b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 970ab589452637c4ae1ddb807c66be7333f8fdf6 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 01:34:49 2011 +0200 make undefined personality non-fatal Just warn, do not exit fatally. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 6f1239c38078bae9900ac8f5c87de4b4bfcf2e07 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 01:34:49 2011 +0200 fix segfault when an unsupported personality is set Bad array len computation. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/confile.c |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/10/2011 10:10 PM, Bruno Prémont wrote: Hi Daniel, [I'm adding containers ml as we had a discussion there some time ago for this feature] [ ... ] +if (cmd == LINUX_REBOOT_CMD_RESTART2) +if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0) +return -EFAULT; + +/* If we are not in the initial pid namespace, we send a signal + * to the parent of this init pid namespace, notifying a shutdown + * occured */ +if (pid_ns != init_pid_ns) +pid_namespace_reboot(pid_ns, cmd, buffer); Should there be a return here? Or does pid_namespace_reboot() never return by submitting signal to parent? Yes, it does not return a value, like 'do_notify_parent_cldstop' Thanks -- Daniel -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PATCH: lxc-ps: blkio instead of ns in /proc/*/cgroup
On 08/07/2011 03:33 AM, Yamamoto - Joe's Web Hosting wrote: Hi In Linux kernel 3.0.0, lxc-ps does not show any container names. I think it's due to the following change: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6-stable.git;a=commit;h=1bdcd78e2445f1ef7097a3ae7ef12e8f9c4fb05f `ns' no longer appears in /proc/*/cgroups. Instead, blkio starts appearing now. Hmm, now we don't have any information to descriminate a cgroup only with a container :/ I think the lxc-ps approach is wrong and we should rely on lxc-start to get the correct information. Let me check, what we can do ... -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc-checkconfig takes into account cgroup.clone_children
Take into account we may have the clone_children flag on the cgroup,
so we ignore cgroup namespace in this case.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc-checkconfig.in | 11 ++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
index ab27b9c..5dcf3a4 100755
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -62,8 +62,17 @@ echo -n Network namespace: is_enabled CONFIG_NET_NS
echo -n Multiple /dev/pts instances: is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
echo --- Control groups ---
+
+CGROUP_MNT_PATH=$(grep -m1 ^cgroup /proc/self/mounts | awk '{ print $2 }')
+
echo -n Cgroup: is_enabled CONFIG_CGROUPS yes
-echo -n Cgroup namespace: is_enabled CONFIG_CGROUP_NS
+
+if [ -f $CGROUP_MNT_PATH/cgroup.clone_children ]; then
+echo -n Cgroup clone_children flag:
+$SETCOLOR_SUCCESS echo -e enabled $SETCOLOR_NORMAL
+else
+echo -n Cgroup namespace: is_enabled CONFIG_CGROUP_NS yes
+fi
echo -n Cgroup device: is_enabled CONFIG_CGROUP_DEVICE
echo -n Cgroup sched: is_enabled CONFIG_CGROUP_SCHED
echo -n Cgroup cpu account: is_enabled CONFIG_CGROUP_CPUACCT
--
1.7.4.1
--
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] issue with inotify and cgroups
On 07/28/2011 12:03 PM, Lou-adrien Fabre wrote: Hi, I'm currently trying to monitor my container's stats from my host, using the cgroup file (especialy cpuacct.usage_percpu), but the problem is that the refresh rate of the cgroup file seems to be quit unstable. So i need to watch for file modification and make my calculation then. I was thinking about using inotify to watch files, but it seems that I'm not getting notifed for any event while the file's content is actualy modified by lxc. lxc does not modify the cgroup files and I think inotify is not supported by the cgroup. The cgroup should be monitored by the event feature: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob;f=Documentation/cgroups/cgroup_event_listener.c;h=3e082f96dc125333a2b32076710a23b78bc17c5f;hb=95b6886526bb510b8370b625a49bc0ab3b8ff10f I never used this feature, so I can not help more but I would be interested by any feedback if you are willing to try it and report your results :) Thanks -- Daniel -- Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5 (commit) from 623f98d8cc0ae38cce244b355a804a7e8e607bc3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5 Author: Serge E. Hallyn se...@hallyn.com Date: Wed Jul 27 16:34:58 2011 +0200 Don't try to add host user's groups in container When '-b user' is specified to lxc-ubuntu container creation template, do not automatically add all the groups of which user is a member on the host, to user's groups in the container. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-ubuntu.in |3 --- 1 files changed, 0 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Reg: Using an ISO image as rootfs for a LXC
On 07/25/2011 08:17 PM, Alphonse Hansel Anthony wrote:
Hi,
I am trying to start a LXC, with a ISO image as the rootfs.
the excerpt of the mount options that I use in lxc.conf
lxc.rootfs = rootfs.iso
lxc.rootfs.mount = /lxc/rootfs
The error that I get while I start the LXC
-
lxc-start: No such file or directory - failed to exec /sbin/init
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'raven'
lxc-start: Device or resource busy - failed to remove cgroup '/cgroup/raven'
--
on closer look at the lxc-start , I found the following
1) the iso image is mounted at the specified location
2) I am also able to stat the /sbin/init file.
I instrumented the code in file ${SRC_FOLDER}/src/lxc/start.c:: static
int start(struct lxc_handler *handler, void* data)
and I am able to stat the file /sbin/init just before execvp, but exec
fails with No such file or directory.
Any help in this regard would be useful.
I created a ISO image and started the container. The container starts as
expected (but the mountall fails because the rootfs is RO.)
Is it possible the iso image contains an extra directory where the
rootfs belongs ? I mean, if you mount the iso image on a directory
'mnt', you should see '/mnt/usr, /mnt/lib, ...' is it the case ?
--
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Reg: Using an ISO image as rootfs for a LXC
On 07/25/2011 10:24 PM, Alphonse Hansel Anthony wrote:
Hi Daniel,
I am using lxc utils (0.7.4.2).
In my case, I am trying to mount the rootfs.iso as / within the
Container and it fails with No such file or directory.
I am just wondering if any additional options are required to make the
mounted ISO visible across pivot_root boundaries, similar to MS_BIND mount
option for files/directories.
Can you copy-paste your lxc.conf file? I would like to cross verify with
options that I had specified.
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.utsname = lucid2
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/lucid2/rootfs.iso
lxc.mount = /var/lib/lxc/lucid2/fstab
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
The second case that you had mentioned works for me.
My rootfs is a directory on the host ( /root/lxcOne )
Mount point for iso with rootfs (/root/lxcOne/mnt)
After I add the mount options in fstab, I am able to view the content in
/root/lxcOne/mnt
directory.
-Alphonse
On Mon, Jul 25, 2011 at 4:04 PM, Daniel Lezcano daniel.lezc...@free.frwrote:
On 07/25/2011 08:17 PM, Alphonse Hansel Anthony wrote:
Hi,
I am trying to start a LXC, with a ISO image as the rootfs.
the excerpt of the mount options that I use in lxc.conf
lxc.rootfs = rootfs.iso
lxc.rootfs.mount = /lxc/rootfs
The error that I get while I start the LXC
-
lxc-start: No such file or directory - failed to exec /sbin/init
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'raven'
lxc-start: Device or resource busy - failed to remove cgroup
'/cgroup/raven'
--
on closer look at the lxc-start , I found the following
1) the iso image is mounted at the specified location
2) I am also able to stat the /sbin/init file.
I instrumented the code in file ${SRC_FOLDER}/src/lxc/start.c:: static
int start(struct lxc_handler *handler, void* data)
and I am able to stat the file /sbin/init just before execvp, but exec
fails with No such file or directory.
Any help in this regard would be useful.
I created a ISO image and started the container. The container starts as
expected (but the mountall fails because the rootfs is RO.)
Is it possible the iso image contains an extra directory where the
rootfs belongs ? I mean, if you mount the iso image on a directory
'mnt', you should see '/mnt/usr, /mnt/lib, ...' is it the case ?
--
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 623f98d8cc0ae38cce244b355a804a7e8e607bc3
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 623f98d8cc0ae38cce244b355a804a7e8e607bc3 (commit) via c440536e7c4cc4836aca2cf3421509aaa8db2365 (commit) via e7eb632cb4365d800939ab20021920468c1ce7db (commit) via c011782c8d83ece9ee883fcd9406433c09f220be (commit) from bcbd102cba31a0054fe4204a39b5e8a411cde42f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 623f98d8cc0ae38cce244b355a804a7e8e607bc3 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 lxc-ubuntu: Allow /dev/fuse to be used in a container As people seem to want it, i.e. https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/800886 Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit c440536e7c4cc4836aca2cf3421509aaa8db2365 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 lxc-ubuntu: don't put devpts in $confdir/container/fstab src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab entry, which is getting processed first, did not specify -o newinstance. This can cause the host's devpts entry mount options to change, as in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636. Note - I messed up. This was applied upstream, but I dropped it in subsequent conversion to lxc-ubuntu template. It therefore needs to be reapplied. Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit e7eb632cb4365d800939ab20021920468c1ce7db Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 Add arm as a supported srcarch Otherwise building on armel fails with checking for linux SRCARCH... configure: error: architecture arm-unknown-linux-gnueabi not supported See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/745884 for details. Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit c011782c8d83ece9ee883fcd9406433c09f220be Author: Joerg Gollnick code4lxc+l...@wurzelbenutzer.de Date: Mon Jul 25 00:22:50 2011 +0200 fix lxc-ps to work with systemd Dear all, while working with systemd I found that lxc-ps -efa does not recognize the container name. Best regards Joerg Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: config/linux.m4 |1 + src/lxc/lxc-ps.in | 19 --- templates/lxc-ubuntu.in |3 ++- 3 files changed, 15 insertions(+), 8 deletions(-) hooks/post-receive -- lxc -- Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. bcbd102cba31a0054fe4204a39b5e8a411cde42f
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via bcbd102cba31a0054fe4204a39b5e8a411cde42f (commit) via c840b37de865195a8742e219b4374d961a21d4d9 (commit) from c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit bcbd102cba31a0054fe4204a39b5e8a411cde42f Author: Serge E. Hallyn se...@hallyn.com Date: Mon Jul 4 00:42:06 2011 +0200 cgroups: support cgroups mounted in multiple places (v3) (sorry for the extra traffic.) With this patch, lxc works for me both with all cgroups mounted with ns cgroup on /cgroup, and with libcgroup mounting all cgroups separately. To do this, instead of looking for one cgroup called 'lxc' or otherwise taking the first cgroup we find, we actually create a container in every mounted cgroup fs. Right now it's done under the root of each fs. We may want to put that under lxc, or, better yet, make that configurable. Changelog: Michael H. Warfield: Handle the case where subsystem doesn't have '.'. Daniel Lezcano: clean up incorrect reentrant use of mntent helpers v3: use the rest of Daniel's cleanups TODO: add a configurable directory name, 'lxc' by default, under which all lxc cgroups are created (i.e. /sys/fs/cgroup/lxc) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com Tested-by: Michael H. Warfield m...@wittsend.com commit c840b37de865195a8742e219b4374d961a21d4d9 Author: Frederic Crozat fcro...@suse.com Date: Mon Jul 4 00:35:52 2011 +0200 templates: add openSUSE template. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Signed-off-by: Frederic Crozat fcro...@suse.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |1 + src/lxc/cgroup.c | 250 +-- src/lxc/cgroup.h |2 +- src/lxc/freezer.c |2 +- src/lxc/lxc.h |8 +- src/lxc/state.c |2 +- templates/Makefile.am |1 + templates/lxc-opensuse.in | 368 + 8 files changed, 517 insertions(+), 117 deletions(-) create mode 100644 templates/lxc-opensuse.in hooks/post-receive -- lxc -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PATCH: openSUSE template for LXC
On 06/27/2011 10:03 AM, Frederic Crozat wrote: Le samedi 25 juin 2011 à 23:25 +0200, Daniel Lezcano a écrit : On 06/24/2011 05:28 PM, Frederic Crozat wrote: Hi all, attached patch is a openSUSE 11.4 template for LXC. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Is it a standalone script or called through lxc-create ? It should be called through lxc-create (just like the other templates). Great ! Thanks for this patch. -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. ebdedce2f6df18b8ecbdc2c67977240aa42f7af8
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via ebdedce2f6df18b8ecbdc2c67977240aa42f7af8 (commit) from 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ebdedce2f6df18b8ecbdc2c67977240aa42f7af8 Author: Serge Hallyn serge.hal...@ubuntu.com Date: Sat Jun 25 15:17:47 2011 +0200 print netdev name, not link, after moving dev into netns Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2 (commit)
via 7c3ab01ffd3f59786fef85a5cbb1718659630f4d (commit)
via c6992ecf0d9a452c1119d56b173859fba76ac713 (commit)
via 8339b4c86a111a38e398f576318632491facb7ad (commit)
via e2b4064f94f47246e5e2e6359b91b57cab0a0652 (commit)
from b722bed2da417532bbc4a12cb36a32ba7bbac783 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
print netdev name, not link, after moving dev into netns
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 7c3ab01ffd3f59786fef85a5cbb1718659630f4d
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
Clarify the template-specific options a bit in lxc-create's help
This does not supplant the need for a manpage, but it's a start.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit c6992ecf0d9a452c1119d56b173859fba76ac713
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
lxc-ubuntu: Default to current ubuntu release.
If can't match any valid release, use lucid.
Signed-off-by: Stéphane Graber stgra...@ubuntu.com
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 8339b4c86a111a38e398f576318632491facb7ad
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
lxc-ubuntu: Base arch detection code on debootstrap's with some additions
when we don't have dpkg or udpkg
Changelog: [seh] Don't take arch from environment
Signed-off-by: Stéphane Graber stgra...@ubuntu.com
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit e2b4064f94f47246e5e2e6359b91b57cab0a0652
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
consolidate ubuntu templates
Consolidate lucid, maverick, natty, and oneiric templates into one 'ubuntu'
template.
Add support for specifying architecture.
Add support for '--trim|-x' option, which removes services like the lucid
template used to. This creates smaller, faster-booting containers, but they
will not be safe with certain upgrades, like mountall or udev. When -x is
not specified for lucid or maverick container, then install lxcguest from
the ubuntu-virt ppa, since it does not exist in the official archives, and
the container is not safe to boot without lxcguest.
Add support for '--bindhome user' option, which will cause /home/user
to be bind-mounted into the container, and create the user with his
original password, shell, and group memberships in the container.
changelog:
june 23:
lxc-ubuntu template: set lxc.arch in config
install lxcguest when NOT trimming the container
lxc-ubuntu: always install lxcguest in postprocess
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
configure.ac |5 +-
doc/lxc-create.sgml.in|2 +-
src/lxc/conf.c|2 +-
src/lxc/lxc-create.in | 13 +-
templates/Makefile.am |5 +-
templates/lxc-maverick.in | 284 --
templates/lxc-natty.in| 285 --
templates/lxc-oneiric.in | 285 --
templates/{lxc-lucid.in = lxc-ubuntu.in} | 371 -
9 files changed, 270 insertions(+), 982 deletions(-)
delete mode 100644 templates/lxc-maverick.in
delete mode 100644 templates/lxc-natty.in
delete mode 100644 templates/lxc-oneiric.in
rename templates/{lxc-lucid.in = lxc-ubuntu.in} (54%)
hooks/post-receive
--
lxc
--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu
Re: [lxc-devel] PATCH: openSUSE template for LXC
On 06/24/2011 05:28 PM, Frederic Crozat wrote: Hi all, attached patch is a openSUSE 11.4 template for LXC. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Is it a standalone script or called through lxc-create ? -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. b722bed2da417532bbc4a12cb36a32ba7bbac783
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via b722bed2da417532bbc4a12cb36a32ba7bbac783 (commit) via be8b5972427bf6d5f83c94b5e50a30cdeba2543a (commit) via e2e0ee250188302b85d2056b354e6c57b9242194 (commit) from 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit b722bed2da417532bbc4a12cb36a32ba7bbac783 Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 lxc-create: pass remaining args to templates This way I can do lxc-create -t ubuntu -f /etc/lxc.conf -n u1 -- -x and have -x passed to the template Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit be8b5972427bf6d5f83c94b5e50a30cdeba2543a Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 Add lxc-clone script Create an lxc-clone script to clone containers. It should probably be factored into helpers and then enhanced, in particular to convert between LVM and non-LVM containers, create non-snapshot LVM clones, support loopback devices, and, when stable enough, to use overlayfs, btrfs, etc. But this is a start. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit e2e0ee250188302b85d2056b354e6c57b9242194 Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 lxc-destroy: delete a rootfs if it is an lvm volume If this is acceptable as is, then I'll try to get a simple lxc-clone out tomorrow (taking into account your comments from last time). Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |1 + lxc.spec.in|1 + src/lxc/Makefile.am|1 + src/lxc/lxc-clone.in | 208 src/lxc/lxc-create.in |2 +- src/lxc/lxc-destroy.in | 10 +++ 6 files changed, 222 insertions(+), 1 deletions(-) create mode 100644 src/lxc/lxc-clone.in hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 (commit) from d755a9e6b4c1c9e968df8ffe902881a8d7516aaa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 2 09:50:38 2011 +0200 set close-on-exec flag on command socket When we accept a connection, we have to set the close-on-exec flag, otherwise that won't be possible to reboot a container through a lxc-console command. Reported-by: Katoh Yasufumi ka...@jazz.email.ne.jp Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/commands.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b (commit) from 57d6d6718dab8913039cb5fba74771e36cdeb5df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 2 09:50:38 2011 +0200 set close-on-exec flag on command socket When we accept a connection, we have to set the close-on-exec flag, otherwise that won't be possible to reboot a container through a lxc-console command. Reported-by: Katoh Yasufumi ka...@jazz.email.ne.jp Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/commands.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PHYS support in 2.6.34?
On 06/01/2011 10:28 PM, Moffatt, Greg wrote: Hi I understand that full support for physical networking devices in a container isn't fully implemented until 2.6.35. How large are the changes that enabled this? I need to have something like this in a 2.6.34 kernel and I'm trying to scope out the effort in backporting these changes. Could someone at least point me to the commits that enabled this? Gah ! I got the patchset for a while but dropped them. It is the sysfs per namespace. All the patches are available in this directory: http://www.kernel.org/pub/linux/kernel/people/gregkh/driver_core/2.6/2.6.34/ The posted patchset is at: http://kerneltrap.com/mailarchive/linux-fsdevel/2010/3/30/6900683 Take care if you are looking for the patchset in another mailing list archive because it was around for a couple of years, so make sure you have the version from March, 2010. That should not be a big deal to backport them as they are applied on a 2.6.34+ Cheers -- Daniel -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. 57d6d6718dab8913039cb5fba74771e36cdeb5df
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via 57d6d6718dab8913039cb5fba74771e36cdeb5df (commit) from 9781dae8cfd83362d29a94e39e84d85b892cad65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 57d6d6718dab8913039cb5fba74771e36cdeb5df Author: Sven Wegener sven.wege...@stealer.net Date: Mon May 23 23:12:24 2011 +0200 Check for existing ptmx symlink It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink. Signed-off-by: Sven Wegener sven.wege...@stealer.net Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
