Re: [lxc-devel] How does the console work in most recent release?
On 01/04/2011 09:36 AM, Rob Landley wrote: I'm attempting to write a simple HOWTO for setting up a container with LXC. Unfortunately, console handling is really really brittle and the only way I've gotten it to work is kind of unpleasant to document. Using lxc 0.7.3 (both in debian sid and built from source myself), I can lxc-create a container, and when I run lxc-start it launches init in the container. But the console is screwy. If my init program is just a command shell, the first key I type will crash lxc-start with an I/O error. (Wrapping said shell with a script to redirect stdin/stdout/stderr to various /dev character devices doesn't seem to improve matters.) Using the busybox template and the busybox-i686 binary off of busybox.net, it runs init and connects to the various tty devices, and this somehow prevents lxc-start from crashing. But if I press enter to active this console like it says, the resulting shell prompt is completely unusable. If I'm running from an actual TTY device, then some of the keys I type go to the container and some don't. If my console is connected to a PTY when I run lxc-start (such as if I ssh in and run lxc-start from the ssh session), _none_ of the characters I type go to the shell prompt. To get a usable shell prompt in the container, what I have to do is lxc-start in one window, ssh into the server to get a fresh terminal, and then run lxc-console in that second terminal. That's the only magic sequence I've found so far that works. The attached html file is a long drawn-out reproduction sequence for this. I tried downloading lxc-git to see if this is already fixed, but running autoconf doesn't seem to want to produce a ./configure file for me. (configure.ac:8: error: possibly undefined macro: AM_CONFIG_HEADER) I'm really not an autoconf expert (the whole thing is just a horrible idea at the design level), so have no idea what I'm doing wrong there. Hi Rob, there is a small bug when installing the template in the inittab, it should be: ::sysinit:/etc/init.d/rcS tty1::respawn:/bin/getty -L tty1 115200 vt100 console::askfirst:/bin/sh Otherwise, I think the busybox version you are using is bogus. I had the same problem than you but I installed busybox-1.18.1, compiled as static, ran the template script, modified the inittab and it works like a charm. Thanks for reporting the problem -- Daniel -- Learn how Oracle Real Application Clusters (RAC) One Node allows customers to consolidate database storage, standardize their database environment, and, should the need arise, upgrade to a full multi-node Oracle RAC database without downtime or disruption http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 429a84f4ab9eb0e5b85b9fe94336c56746279b28
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 429a84f4ab9eb0e5b85b9fe94336c56746279b28 (commit) via 5193cc3d9366791bc0de70274ca8ca3f111430b8 (commit) from 57f61aa7504fc965b0c3dca2e1553ad535eacfd8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 429a84f4ab9eb0e5b85b9fe94336c56746279b28 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Jan 10 17:58:32 2011 +0100 fix cgroup directory removal Fix the name of the directory to remove. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 5193cc3d9366791bc0de70274ca8ca3f111430b8 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Sun Jan 9 23:53:19 2011 +0100 fix the ns_cgroup vs clone_children The following patch fixes the bug where the clone_children compatibility flag is available with the ns_cgroup subsystem. The 2.6.37 kernel version should be the only one which is concerned by this modification, please refer to Documentation/feature-removal-schedule.txt and look for ns_cgroup. The problem is coming from we check for clone_children and we set it automatically and then we try to create a new cgroup. As the ns_cgroup is present the cgroup already exists and we are not allowed to attach our pid to a new cgroup. The next error will be when we try to create a new container because we enabled the clone_children flag and the ns_cgroup is present, it is not allowed by the kernel. The patch fix this by checking the mount options. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/cgroup.c | 84 + 1 files changed, 77 insertions(+), 7 deletions(-) hooks/post-receive -- lxc -- Gaining the trust of online customers is vital for the success of any company that requires sensitive data to be transmitted over the Web. Learn how to best implement a security strategy that keeps consumers' information secure and instills the confidence they need to proceed with transactions. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Mounting of filesystems from fstab file
On 01/16/2011 07:00 PM, Joerg Gollnick wrote: Dear all, while setting up a container on x86_64 (archlinux host/guest) I had trouble with mounting dev/pts and others from container.fstab and a ssh login does not work (only ssh container bash -i gives you a shell) The cause is that conf.c does not initialize mntflags. Best regards Joerg --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -880,7 +880,8 @@ static int parse_mntopts(const char *mntopts, unsigned long *mntflags, char *s, *data; char *p, *saveptr = NULL; - *mntdata = NULL; + *mntdata = NULL; +*mntflags = 0UL; if (!mntopts) return 0; Good catch, Thanks ! Applied. -- Daniel -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. b0efbac48e8646ba62aca04b43acaa887ef4ec81
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via b0efbac48e8646ba62aca04b43acaa887ef4ec81 (commit) via 6e35af2e3911b5e8dc6e9091391beb8adfe449c6 (commit) from 91656ce587b99ae193e5de7e12ec9d9a5a78caa0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit b0efbac48e8646ba62aca04b43acaa887ef4ec81 Author: David Ward david.w...@ll.mit.edu Date: Mon Jan 17 10:18:50 2011 +0100 Only bring up network interface if IFF_UP is set Each network interface was brought up regardless of the configuration, as the wrong boolean operator was being used to test the IFF_UP flag. Signed-off-by: David Ward david.w...@ll.mit.edu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 6e35af2e3911b5e8dc6e9091391beb8adfe449c6 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Jan 17 10:18:50 2011 +0100 set veth host's side always up We should always have the veth host's side up, otherwise if we omit the up flag in the configurationn, letting the container to configure its interface, the network will be never enabled as the host's side is not up. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c | 15 ++- 1 files changed, 6 insertions(+), 9 deletions(-) hooks/post-receive -- lxc -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Only bring up network interface if IFF_UP is set
On 01/17/2011 03:51 AM, David Ward wrote: Each network interface was brought up regardless of the configuration, as the wrong boolean operator was being used to test the IFF_UP flag. Signed-off-by: David Warddavid.w...@ll.mit.edu --- Applied. Thanks for the fix ! -- Daniel -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. fb4c7e28291f013ae30e21108177556fdff870d1
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via fb4c7e28291f013ae30e21108177556fdff870d1 (commit) from b0efbac48e8646ba62aca04b43acaa887ef4ec81 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit fb4c7e28291f013ae30e21108177556fdff870d1 Author: Reto Gantenbein reto.gantenb...@linuxmonk.ch Date: Tue Jan 18 00:45:17 2011 +0100 Adds correct file capa detection for 2.6.32 The kernel compile parameter was removed with kernel release 2.6.33 Since then file capabilities are enabled by default kernel commit: b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-checkconfig.in |6 -- 1 files changed, 4 insertions(+), 2 deletions(-) hooks/post-receive -- lxc -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [patch] Fix lxc-checkconfig for kernel 2.6.32
On 01/18/2011 01:13 AM, Reto Gantenbein wrote: Dear developers I'm trying lxc on my gentoo 2.6.37 and this patch fixes a small thing that makes people unsure [1]. Please apply it. It's against lxc git master. Thanks for your effort in lxc. It's nice to see a native linux container virtualization merging. Kind regards, Reto Gantenbein [1]: https://bugs.archlinux.org/task/22386?project=0 Applied. Thanks Reto ! -- Daniel -- Protect Your Site and Customers from Malware Attacks Learn about various malware tactics and how to avoid them. Understand malware threats, the impact they can have on your business, and how you can protect your company and customers by using code signing. http://p.sf.net/sfu/oracle-sfdevnl ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 434d90db57e3d94609b48e2bc3c17777e56eac3a
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 434d90db57e3d94609b48e2bc3c1e56eac3a (commit) from 27b39fd49dade95796fc05f1583e4a6f6fcbc598 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 434d90db57e3d94609b48e2bc3c1e56eac3a Author: Daniel Lezcano daniel.lezc...@free.fr Date: Sun Jan 23 21:47:12 2011 +0100 suppress udev log output We use udev within these containers and we prevent the /dev files to be created with the cgroup whitelist. So when the udevd receives the event from the kernel, it will fail to create some nodes in /dev and will spit error on the console. We set the log level to zero, so udev will silently fail. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-maverick.in |3 +++ templates/lxc-natty.in|3 +++ 2 files changed, 6 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/2] export env variable in lxc_start
Let's export the 'container' variable and let init receive it
as a kernel command line option.
In the upstart init scripts, we can distinguish if we are in a
container context or not.
===
# /dev/console - getty
#
# This service maintains a getty on /dev/console from the point the
# system is started until it is shut down again.
# It only runs in lxc containers.
start on stopped rc RUNLEVEL=[2345]
stop on runlevel [!2345]
env container
pre-start script
[ x$container != xlxc ] { stop; exit 0; }
exit 0;
end script
respawn
exec /sbin/getty -8 38400 /dev/console
===
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc_start.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c
index 661764a..4f3d964 100644
--- a/src/lxc/lxc_start.c
+++ b/src/lxc/lxc_start.c
@@ -117,6 +117,11 @@ int main(int argc, char *argv[])
my_args.progname, my_args.quiet))
return err;
+ if (putenv(container=lxc)) {
+ SYSERROR(failed to set environment variable);
+ return err;
+ }
+
/* rcfile is specified in the cli option */
if (my_args.rcfile)
rcfile = (char *)my_args.rcfile;
--
1.7.1
--
Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)!
Finally, a world-class log management solution at an even better price-free!
Download using promo code Free_Logger_4_Dev2Dev. Offer expires
February 28th, so secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsight-sfd2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9dd97e44141558170a4a5f39b3eda645d9cade2d
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9dd97e44141558170a4a5f39b3eda645d9cade2d (commit) via dfb8f06a3b1d35d736ce95ea121d4019ea391b26 (commit) via 0f1c997258912380e315ddeb5684e1f3847d8695 (commit) via 9f53d717c4fea7bb2a493d911da0abbe9c78aef5 (commit) from b09ecaf30367648a246d2e01c3a288a7653cc613 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9dd97e44141558170a4a5f39b3eda645d9cade2d Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Feb 1 12:55:39 2011 +0100 lxc-0.7.4-rc1 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit dfb8f06a3b1d35d736ce95ea121d4019ea391b26 Author: Cedric Le Goater c...@fr.ibm.com Date: Fri Jan 21 11:01:43 2011 +0100 take into account new configure option --with-linuxdir Signed-off-by: Cedric Le Goater c...@fr.ibm.com commit 0f1c997258912380e315ddeb5684e1f3847d8695 Author: Clement Calmels clement.calm...@fr.ibm.com Date: Thu Jan 20 10:59:33 2011 +0100 generate setns syscall number Signed-off-by: Clement Calmels clement.calm...@fr.ibm.com Signed-off-by: Cedric Le Goater c...@fr.ibm.com commit 9f53d717c4fea7bb2a493d911da0abbe9c78aef5 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Feb 1 11:42:29 2011 +0100 lxc-attach gives a better error message Don't assume the user knows the kernel internals :) Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: Makefile.am |2 +- config/linux.m4 | 73 +++ configure.ac|4 ++- lxc.spec.in |3 +- src/lxc/Makefile.am | 14 +- src/lxc/namespace.c | 20 +- 6 files changed, 99 insertions(+), 17 deletions(-) create mode 100644 config/linux.m4 hooks/post-receive -- lxc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 829dd9183cbefccdf38f87463fa5c2719e774204
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 829dd9183cbefccdf38f87463fa5c2719e774204 (commit) from 9dd97e44141558170a4a5f39b3eda645d9cade2d (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 829dd9183cbefccdf38f87463fa5c2719e774204 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Feb 1 14:49:40 2011 +0100 lxc-start can output the console to a file Add the ability to specify a file to output the console. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc-start.sgml.in | 18 +- src/lxc/arguments.c |1 + src/lxc/arguments.h |1 + src/lxc/lxc_start.c | 49 - 4 files changed, 51 insertions(+), 18 deletions(-) hooks/post-receive -- lxc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc tag, lxc-0.7.4-rc1, created. 829dd9183cbefccdf38f87463fa5c2719e774204
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.7.4-rc1 has been created at 829dd9183cbefccdf38f87463fa5c2719e774204 (commit) - Log - commit 829dd9183cbefccdf38f87463fa5c2719e774204 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Feb 1 14:49:40 2011 +0100 lxc-start can output the console to a file Add the ability to specify a file to output the console. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- Special Offer-- Download ArcSight Logger for FREE (a $49 USD value)! Finally, a world-class log management solution at an even better price-free! Download using promo code Free_Logger_4_Dev2Dev. Offer expires February 28th, so secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsight-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Putting man pages on website?
On 02/07/2011 04:19 PM, Rob Landley wrote: Does the makefile's man page generation stuff do html files? Because if so I'd like put them on the web page, it's some of the best documentation on the thing and people trying to learn about containers can't find it via google... Yep, you can use docbook2html on the sgml files located in the doc directory of lxc's source tree. Sauf indication contraire ci-dessus: Compagnie IBM France Siège Social : Tour Descartes, 2, avenue Gambetta, La Défense 5, 92400 Courbevoie RCS Nanterre 552 118 465 Forme Sociale : S.A.S. Capital Social : 542.737.118 ? SIREN/SIRET : 552 118 465 02430 -- The modern datacenter depends on network connectivity to access resources and provide services. The best practices for maximizing a physical server's connectivity to a physical network are well understood - see how these rules translate into the virtual world? http://p.sf.net/sfu/oracle-sfdevnlfb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Kernel Samepage Merging
On 02/07/2011 08:19 PM, richard -rw- weinberger wrote: Hi, Can KSM (http://lwn.net/Articles/306704/) help LXC? I guess there are a lot of identical pages when logs of containers are running. Yes, absolutely. As it is very CPU consuming that should be optional. I looked at it last year but I have no idea on how to use the madvice syscall ... Hints are welcome :) -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Socket creation in namespace
On 02/09/2011 01:07 PM, Maheswara Reddy C - ERS, HCL Tech wrote: Hi, How can we create a socket in the specific namespace. It is not obvious today. You will need to create several processes, each of them with their own network namespace and via an af_unix socket ask for a socket creation. Otherwise, there is a kernel patch around allowing to attach a container, hence you can attach + create a socket + detach. http://lxc.sourceforge.net/patches/linux/2.6.35/2.6.35-lxc1/patches/ Thanks -- Daniel -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc on android?
On 02/11/2011 10:55 AM, Ludovic Guégan wrote: Hi Lezcano! I am glad to here from you! Android SDK comes with a modified qemu inside which android runs: http://developer.android.com/guide/developing/tools/emulator.html Here you can find how to rebuild the kernel for the emulator (a little old, i let you adapt): http://stackoverflow.com/questions/1809774/android-kernel-compile-and-test-with-android-emulator Great ! thanks for the pointer. Android use a fairly recent kernel but a different libc (bionic). There are two approaches to solve this: - port lxc-commands to bionic - link statically liblxc against glic (compiled with the Android toolchain) We can statically link against the glibc for the proof of concept but in the mid/long term that won't be suitable for an embedded system. I think we should port lxc to bionic and factor out/improve the lxc code. Am i correct? On Fri, Feb 11, 2011 at 5:40 PM, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 02/11/2011 06:21 AM, Ludovic Guégan wrote: Hi all, First, thanks! I am looking for a way to have a lxc container running inside an Android device. So far my goal is to isolate a process as a proof of concept. Android use the bionic lic and not the gnu libc. Do you have feed-back regarding the difficulties/challenges i can face during this Android port? I am interested to help you on this. I am not familiar with the development on Android, I guess we have to check first the kernel version it is running on. Is it the 2.6.37.6 ? And then check the namespace + cgroup functionalities are compiled in. Do you know if there is a virtual machine for Android which facilitate the development ? As well as a configuration file for the kernel ? lxc uses some recent syscalls (timerfd, signalfd, etc ...) we have to check the corresponding C functions are available in this 'lic' library. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] fix broadcast compution
On 02/12/2011 04:17 PM, David Ward wrote:
Daniel,
On 02/06/2010 03:29 PM, Daniel Lezcano wrote:
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4d81ac6..7c72752 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -423,9 +423,8 @@ static int config_network_ipv4(const char *key,
char *value,
* prefix and address
*/
if (!bcast) {
-inetdev-bcast.s_addr =
-htonl(INADDR_BROADCAST (32 - inetdev-prefix));
-inetdev-bcast.s_addr= inetdev-addr.s_addr;
+int mask = htonl(INADDR_BROADCAST (32 - inetdev-prefix));
+inetdev-bcast.s_addr = (inetdev-addr.s_addr mask) | ~mask;
}
lxc_list_add(netdev-ipv4, list);
The following would be a lot simpler:
inetdev-bcast.s_addr = inetdev-addr.s_addr;
inetdev-bcast.s_addr |= htonl(INADDR_BROADCAST inetdev-prefix);
Right :)
--
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc on android?
On 02/15/2011 01:34 AM, Trent W. Buck wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 02/11/2011 06:21 AM, Ludovic Guégan wrote: Hi all, First, thanks! I am looking for a way to have a lxc container running inside an Android device. So far my goal is to isolate a process as a proof of concept. Android use the bionic lic and not the gnu libc. Do you have feed-back regarding the difficulties/challenges i can face during this Android port? I am interested to help you on this. I am not familiar with the development on Android, I guess we have to check first the kernel version it is running on. Is it the 2.6.37.6 ? And then check the namespace + cgroup functionalities are compiled in. Do you know if there is a virtual machine for Android which facilitate the development ? As well as a configuration file for the kernel ? lxc uses some recent syscalls (timerfd, signalfd, etc ...) we have to check the corresponding C functions are available in this 'lic' library. That was a typo. He's talking about Google's NIH'd libc: http://android.git.kernel.org/?p=platform/bionic.git According to Wikipedia's libc article (where that link is from), it is based mostly on libc from BSD. Android 2.3 ships 2.6.35 [0], CyanogenMod 2.3 apparently ships .37. [0] http://developer.android.com/sdk/android-2.3-highlights.html Thank for the pointers ! -- Daniel -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Putting man pages on website?
On 02/15/2011 08:27 AM, Rob Landley wrote: On 02/14/2011 06:24 PM, Trent W. Buck wrote: Sorry about the previous post. I'm awake now. If I remove the .in from common_options.sgml.in and see_also.sgml.in, and change lxc-console.sgml.in's prelude to ?xml version='1.0' encoding='UTF-8'? ?xml-stylesheet type=text/xsl href=http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl;? !DOCTYPE refentry PUBLIC -//OASIS//DTD DocBook XML V4.4//EN http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd; [ !ENTITY commonoptions SYSTEM common_options.sgml !ENTITY seealso SYSTEM see_also.sgml ] Then I can generate a manpage: $ xsltproc lxc-console.sgml.in Cool! That worked. (docbook2html still doesn't, but xsltproc did.) Except I'm trying to produce html output. Hmmm... xsltproc /usr/share/xml/docbook/stylesheet/docbook-xsl/html/docbook.xsl lxc-start.sgml.in temp.html Yay! So I have to rename two files, edit each source file, and use a build process with a very long ubuntu-specific absolute path. Not ideal, but it gives me something to post on the web page... Note that I had to bump the version number of to at least 4.0, because older versions are so old that they're not even hosted anymore. It's probably advisable to migrate to the latest docbook4 DTD (4.5). With the same source files, I can generate XHTML 1.1: $ xsltproc http://docbook.sourceforge.net/release/xsl/current/xhtml-1_1/docbook.xsl lxc-console.sgml.inlxc-console.xhtml Ah, that's better. (Note: the xhtml spec died, you probably want just current/html/docbook.xsl instead of xhtml-1.1.) It might be possible to declare both stylesheets at once in the file itself, but I can't work out how. To get this to work, I installed xsltproc and docbook-xsl on a lucid system. I *think* the latter isn't strictly necessary; it just allows xsltproc to translate the above URL to a local XSL stylesheet instead of downloading it each time. PS: the extension ought to be .xml, not .sgml, and I recommend you switch from Emacs' sgml-mode to nxml-mode, which is the default for .xml files in recent GNU Emacs releases. I'd rather not get any emacs on me. But this should be enough to put something on the website. Thanks. Won't be easier man2html ? -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Putting man pages on website?
On 02/15/2011 03:37 PM, Rob Landley wrote: On 02/15/2011 04:29 AM, Daniel Lezcano wrote: PS: the extension ought to be .xml, not .sgml, and I recommend you switch from Emacs' sgml-mode to nxml-mode, which is the default for .xml files in recent GNU Emacs releases. I'd rather not get any emacs on me. But this should be enough to put something on the website. Thanks. Won't be easier man2html ? No. Converting a modernish human readable angle bracket delimited format into another modernish human readable angle bracket delimited format is a lot easier and more reliable than producing a typesetting language for daisy wheel printers from the 1970's and then running a pile of regex heuristics to try to parse it back. Under the covers that's a bit like running it through babelfish twice. Years ago I helped debug Doclifter, which is a gigantic pile of heuristics and attempts at AI to translate man pages into docbook, badly. It's written in python. Here's a description of _some_ of the heuristics it uses: http://www.catb.org/~esr/doclifter/doclifter.html The purpose of that package (and the reason you don't really hear about it anymore) was to let people do a one time conversion, to stop maintaining troff sources and instead convert to something anybody under the age of 50 still understood. Lots of packages did such one time conversions a decade ago, and ever since they've maintained their man pages in a source format _other_ than troff macros. The package you suggested is essentially a pile of perl regexes to do something similar, only less thorough and targeting HTML directly instead of docbook (from which you can also produce a PDF). It has similar problems parsing the horrors of troff: http://trac.osgeo.org/grass/ticket/612 Both are dealing with an easier problem these days because nobody really maintains troff and all those macro packages as a source format anymore, so it's all generated from other source formats by programs like pod2man with recognizable idiosyncrasies that don't exercise all the corner cases of the ancient dead macro languages. (This wasn't true when doclifter was written, but a decade's a long time on the internet...) Ok, fair enough :) -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Updating the web page?
On 02/21/2011 11:08 AM, Daniel Lezcano wrote: On 02/17/2011 02:49 AM, Rob Landley wrote: I want to collate the kernel namespaces documentation, man pages, and add some cgroup docs under a documentation page. This involves changing the Pages link on the left (to which somebody added a link to html man pages dated last year that I didn't know about). How do you edit that list of links? The other thing I don't know (which is probably related) is how do you do a relative link in wordpress? (Do I hardware in index.php or is there a way to get the wordpress infrastructure to supply the base URL on its own in case it changes in future?) I think Michel knows how to do that (Cc'ed). Rob, you should log to sourceforge with sftp. sftp rlandley,l...@frs.sourceforge.net then change to the directory htdocs/man, in this place upload the man pages. When Michel ported the old web site to the wordpress, it reused the old website skeleton and put on top of it wordpress. -- The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE: Pinpoint memory and threading errors before they happen. Find and fix more than 250 security defects in the development cycle. Locate bottlenecks in serial and parallel code that limit performance. http://p.sf.net/sfu/intel-dev2devfeb ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] do pid1 and pid2 run in the same network namespace
On 02/22/2011 12:22 PM, Maheswara Reddy C - ERS, HCL Tech wrote:
Then it is quite easy. You just have to fork ten times the routine in the
program I gave you in the previous email.
Hi Daniel,
But I want to run two different (fork() run same copy) process/threads in
each namespace, that's why I am using clone() which take function pointer of
each process/thered to start.
Have fun ;)
#includeerrno.h
#includesched.h
#includestdio.h
#includeunistd.h
#includestdlib.h
#includesys/types.h
#includesys/wait.h
#define NRNS 10
int myroutine1(void)
{
return 0;
}
int myroutine2(void)
{
return 0;
}
int main(int argc, char *argv[])
{
int i;
pid_t pid;
for (i = 0; i NRNS; i++) {
/* create a new network namespace for my childs */
if (unshare(CLONE_NEWNET)) {
perror(unshare);
return 1;
}
pid = fork();
if (pid 0) {
perror(fork);
return 1;
}
if (!pid)
exit(myroutine1());
pid = fork();
if (pid 0) {
perror(fork2);
return 1;
}
if (!pid)
exit(myroutine2());
}
/* create a new netns to not share with the last one
* At the end we have 10 netns + 1 this one
*/
if (unshare(CLONE_NEWNET)) {
perror(unshare2);
return 1;
}
for (;;) {
pid = wait(NULL);
if (pid 0) {
if (errno == ECHILD)
return 0;
if (errno == EINTR)
continue;
perror(wait);
return 1;
}
}
}
--
Index, Search Analyze Logs and other IT data in Real-Time with Splunk
Collect, index and harness all the fast moving IT data generated by your
applications, servers and devices whether physical, virtual or in the cloud.
Deliver compliance at lower cost and gain new business insights.
Free Software Download: http://p.sf.net/sfu/splunk-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Anybody used FUSE in a container?
On 02/23/2011 05:24 AM, Rob Landley wrote: After investigating I don't see any reason sshfs shouldn't work just fine in a container out of the box (all the network stuff happens in userspace), but I can't create the FUSE dev node from within the container because mknod doesn't work from the container's root. Isn't the cgroup whitelist preventing the node creation ? You should add to the container's configuration file the line: lxc.cgroup.devices.allow = c 10:229 rwm (and may be create /dev/fuse) I thought the point of linking in a capabilities library was to let the container's root do that sort of thing? What's the status of dev namespaces in current vanilla -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Anybody looked at unshare(2)?
On 02/23/2011 05:22 AM, Rob Landley wrote: It looks like clone flags aren't the only way to create a new namespace, any existing process can move to a new namespace via unshare(2). This sounds like you could fairly easily make a super_chroot() function that does most of the container stuff. The hard part would be doing mount points, device setup, and TTY I/O. (How much of this requires a host daemon? I still haven't properly investigated how the current container TTY stuff behind lxc-console works...) The problem with unshare is you can not create a new pid namespace. -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] lxc-0.7.4 released
Hello, lxc-0.7.4 is released. Thanks all for your contributions ! Notes: == * Bug fixes / improvements * make compatible with the clone_children cgroup flag * maverick and natty templates * fixed regression from lxc-0.7.3 regarding the mount points ChangeLog: == Amit Uttamchandani (1): Fixed a small typo in lxc-debian template Cedric Le Goater (1): take into account new configure option --with-linuxdir Clement Calmels (1): generate setns syscall number Daniel Baumann (6): Setting default suite to squeeze in debian template. Setting default mirror to cdn.debian.net in debian template. Creating missing tty device nodes for squeeze in debian template. Disabling unneeded checkroot.sh initscript in debian template. Correcting include argument when calling debootstrap. Correcting charset argument when calling locale-gen. Daniel Lezcano (29): remove duplicate cgroup header Remove unused nscgroup field Change nscgroup interface encapsulate the ns_cgroup Move common code to lxc_cgroup_create use clone_children cgroup's flag Duplicate lxc-debian to lxc-lenny fix the ns_cgroup vs clone_children fix cgroup directory removal set function static mindless changes to conform indentation encapsulate mount point code substitute the absolute rootfs mount path fix busybox inittab template add missing template in Makefile fix clone_children path add lxc-lenny template set veth host's side always up suppress udev log output export env variable in lxc_start Fix paths in the lxc-busybox template lxc-attach gives a better error message lxc-0.7.4-rc1 lxc-start can output the console to a file fix empty network configuration fix broadcast compution update configuration wrt to the broadcast address Simplify broadcast computation lxc-0.7.4 David Ward (1): Only bring up network interface if IFF_UP is set Jan Niehusmann (1): Update file capa detection for kernels =2.6.37 Joerg Gollnick (1): Fix mntflags initialization Michael Tokarev (1): Make mount paths relative to rootfs Reto Gantenbein (1): Adds correct file capa detection for 2.6.32 The kernel compile parameter was removed with kernel release 2.6.33 Since then file capabilities are enabled by default kernel commit: b3a222e52e4d4be77cc4520a57af1a4a0d8222d1 Rob Landley (1): fix lxc-checkpoint and lxc-restart sgml labels Serge Hallyn (1): Update ubuntu templates Sergey S. Kostyliov (1): add support for dirsync mount option -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc final thesis
On 02/28/2011 11:20 AM, Farcasi Ana-Maria wrote: Hi, Indeed, we were refering to the network bandwidth limitation. Sorry for the confusion. We have already done some tests with this limitation using tc and cgroups and we have reached the conclusion that the classification is done correctly, but the limitation of the bandwidth is not done at all. Here we have attached our results [1]. We also found this kind of experiments done by some other persons too and they reached the same conclusion. An example is that from the link [2]. We were thinking to take a look in the kernel too, to see if we can do something to make the limitation work correctly. Is it a wrong path? My knowledge on network bandwidth limitations is poor, so I am not sure. Are you sure we need a cgroup for bandwidth limitations ? Shouldn't apply to a specific network device ? so we can assign a bandwidth limitation to the network device of the container ? Also, we are open to work on other features for lxc, too if there is something to be done. Great ! Welcome ! There is a lot of stuff todo, here is a quick list: kernel: * cgroup disk/file quotas lxc userspace core: * routes configuration * more network configuration (tun/tap) lxc scripts: * a comprehensive tool to create containers (eg. a configuration wizard) The idea with the lxc tools is there are some low level, highly configurable, binaries and on top of that there is a bigger script using these binaries and providing a most common configuration, very secure and isolated. Something similar to how is invoked git. For example: lxc-start, lxc-create, lxc-destroy and the upper tool equivalent is lxc start, lxc create, lxc destroy. [1] http://swarm.cs.pub.ro/~irinap/lxc_test [2] https://lists.linux-foundation.org/pipermail/containers/2009-June/018595.html -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc final thesis
On 02/28/2011 11:20 AM, Farcasi Ana-Maria wrote: Hi, Indeed, we were refering to the network bandwidth limitation. Sorry for the confusion. We have already done some tests with this limitation using tc and cgroups and we have reached the conclusion that the classification is done correctly, but the limitation of the bandwidth is not done at all. Here we have attached our results [1]. I just noticed Andre added the network bandwidth limitations from outside of the container using the side of the pair device veth on the host. http://andre.people.digirati.com.br/lxc-create.sh -- Free Software Download: Index, Search Analyze Logs and other IT data in Real-Time with Splunk. Collect, index and harness all the fast moving IT data generated by your applications, servers and devices whether physical, virtual or in the cloud. Deliver compliance at lower cost and gain new business insights. http://p.sf.net/sfu/splunk-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. d472214b8342a0b705ed40e358cf9caff427042a
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via d472214b8342a0b705ed40e358cf9caff427042a (commit) via b84f58b9fb720fa951031e2311cdf8fef8a46a28 (commit) from daa5d3fd90cd55539e623ad1bdf444ae2077b3c6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit d472214b8342a0b705ed40e358cf9caff427042a Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 rename physical device to the original name Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit b84f58b9fb720fa951031e2311cdf8fef8a46a28 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 factor out networking configuration code Change the name of the functions and factor some of them. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c| 34 +- src/lxc/network.c | 126 - src/lxc/network.h | 37 +--- 3 files changed, 79 insertions(+), 118 deletions(-) hooks/post-receive -- lxc -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.1, created. 525ff3a55575dd376f95f6d54b3521e481f1e3d7
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.1 has been created at 525ff3a55575dd376f95f6d54b3521e481f1e3d7 (commit) - Log - commit 525ff3a55575dd376f95f6d54b3521e481f1e3d7 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:13:18 2011 +0100 lxc-0.7.4.1 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit b693b38534f9046fcb3872033d953eb20c67e358 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 rename physical device to the original name Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit edfb9a57cf23369aeece9d829bb2930dfd404abc Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 factor out networking configuration code Change the name of the functions and factor some of them. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, created. 525ff3a55575dd376f95f6d54b3521e481f1e3d7
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been created at 525ff3a55575dd376f95f6d54b3521e481f1e3d7 (commit) - Log - commit 525ff3a55575dd376f95f6d54b3521e481f1e3d7 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:13:18 2011 +0100 lxc-0.7.4.1 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit b693b38534f9046fcb3872033d953eb20c67e358 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 rename physical device to the original name Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit edfb9a57cf23369aeece9d829bb2930dfd404abc Author: Daniel Lezcano daniel.lezc...@free.fr Date: Mon Mar 7 02:08:47 2011 +0100 factor out networking configuration code Change the name of the functions and factor some of them. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- What You Don't Know About Data Connectivity CAN Hurt You This paper provides an overview of data connectivity, details its effect on application quality, and explores various alternative solutions. http://p.sf.net/sfu/progress-d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc_veth_create() fails
On 03/10/2011 10:45 PM, richard -rw- weinberger wrote: hi! i'm trying to use lxc 0.7.4 on centos 5.5 (kernel 2.6.37.3). lxc-start fails when i configure a network. e.g: lxc-start: failed to create vethivvZMG-vethGjB0lG : Operation not supported lxc-start: failed to create netdev lxc-start: failed to create the network lxc-start: failed to spawn 'c0' lxc-start: No such file or directory - failed to remove cgroup '/cgroup/c0' it fails within lxc_veth_create(): err = netlink_transaction(nlh, nlmsg, answer); err becomes -95. within netlink_transaction() this condition leads to the error. answer-nlmsghdr.nlmsg_type == NLMSG_ERROR this is my configuration: lxc.utsname = c0 lxc.network.type = veth lxc.network.flags = up lxc.network.link = bridge0 lxc.network.hwaddr = a1:b2:c3:d4:e5:f6 lxc.network.ipv4 = 10.0.2.41/24 lxc.network.name = eth0 lxc.mount = /lxc/_cfg/c0/fstab lxc.rootfs = /lxc/c0/ any ideas why it fails? without a network configuration it works fine... Is it possible the veth's kernel module is not loaded and module auto-load is disabled ? -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Hot-add network devices in LXC
On 03/11/2011 02:00 AM, Carlos N. A. Corrêa wrote: Hi, people. I'm trying to implement a mechanism to permit the addition of a new network device to a container on-the-fly. That would be useful to me in some complex virtual networking scenarios, where a container need to connect to a newborn bridge and I can't stand to lxc-stop/modify config manually/lxc-start. I'm thinking about: 1. Hacking commands.(h|c) to create a new callback for hot netdev addition 2. Implement the callback through a call to instanciate_(veth|macvlan|etc) 3. Updating lxc_handler-conf-network by adding a new netdev to the list Could this be accomplished some other way? Do you think that it could be useful to others? At the first glance, that sounds good. -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc 0.7.4 does not mount anything
On 03/11/2011 08:47 PM, richard -rw- weinberger wrote: hi, i'm using this minimal config: lxc.utsname = c0 lxc.mount.entry = none /lxc/c0/proc proc defaults 0 0 lxc.rootfs = /lxc/c0/ but lxc does not mount proc into /lxc/c0/proc. using lxc.mount = /path/to/fstab also does not work. it's also not only proc, it does not mount anything. mounting within the container works fine. but i want do drop cap_sys_admin. to test the issue i'm using this command: strace -f /opt/lxc/bin/lxc-start -n c0 -- /bin/ps log.txt 21 /bin/ps writes: Error, do this: mount -t proc none /proc so, /proc is not mounted. i double checked it using /bin/bash as init... log.txt is attached. you can see proc gets never mounted to /lxc/c0/proc/ is this a configuration error or a bug? Hi Richard, can you give the output of the log file in DEBUG mode ? lxc-start -o file -l DEBUG -n ... file can be $(tty) -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 071a2b8cc9e2f219b7b20378dc0fafded0333176
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 071a2b8cc9e2f219b7b20378dc0fafded0333176 (commit) from d472214b8342a0b705ed40e358cf9caff427042a (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 071a2b8cc9e2f219b7b20378dc0fafded0333176 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Mar 14 21:47:15 2011 +0100 fix mount path Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc final thesis
On 03/18/2011 06:40 PM, Farcasi Ana-Maria wrote: Hello, As mentioned in our previous email, we were having issues getting bandwidth limitation working on cgroup ( with net_cls ) and tc. We've been running various tests and scenarios but found no way to enable proper limitation. Throughout our testing we've created a virtual machine running a 2.6.35 kernel where the limitation was indeed working. We've browsed recent commits in the Linux-2.6 kernel source code and discovered that ever since version 2.6.35 (actually ever since this commit[1] was integrated), there is a change in getting the packet classid - the classid is stored and read as a member of a struct sock. As this is also used by LXC, it means that ever since 2.6.35, bandwidth limitation using tc is working for cgroups. In order to prove this, we've compiled the latest 2.6.34 and 2.6.35 kernels (2.6.34.8 and 2.6.35.11). We've used tc, cgroup (net_cls) and iperf to test this. On the latter version ( 2.6.35.11 ) the limitation is working accordingly, while on the former ( 2.6.34.8 ) the limitation is not working at all. We believe the above mentioned commit[1] is responsible for solving this issue and post-2.6.35 kernels should have no problems using cgroup-based bandwidth limitation (for example, within LXC). We were thinking whether it would be a good idea to integrate an option for bandwidth limitation into an LXC container configuration file (such as lxc.network.bwlimit). This would allow a rapid setup of an LXC container and network limitation. This could, of course, be set up using tc (it would take a bit more effort, though). What do you think? Hi Irina and Ana, Thanks for investigating this, it is very useful. Adding the setup to lxc is a good idea and I will be happy to merge upstream your modifications to take into account the bandwidth limitations. As far as I remember the bandwidth limitations is for download and upload no ? If it is the case, I would recommend to use the options: lxc.network.bandwidth.download = value lxc.network.bandwidth.upload = value I thought another feature would be interesting, the network provisioning. I don't if it is supported by the kernel (I don't think so) but if we can assign for example 1GB of download/upload to the container and when it is reached the network become stuck until we add more provisioning, that could be very useful. What do you think ? Thanks -- Daniel javascript:void(0); -- Colocation vs. Managed Hosting A question and answer guide to determining the best fit for your organization - today and in the future. http://p.sf.net/sfu/internap-sfd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/5] lxc_unshare: edit help output
On 03/19/2011 04:09 PM, Michael Santos wrote: Signed-off-by: Michael Santosmichael.san...@gmail.com --- All patches applied. Thanks -- Daniel -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 1a91da6ca6b3679944757cad2aef93d85ea33ed0
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 1a91da6ca6b3679944757cad2aef93d85ea33ed0 (commit) from 0411a75203ef20037ff5d9ac59c10ca5890e8fc8 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 1a91da6ca6b3679944757cad2aef93d85ea33ed0 Author: Michel Normand michel@free.fr Date: Tue Mar 15 20:19:07 2011 +0100 lxc-* tools are vulnerable for arguments with spaces this is related to the bug http://sourceforge.net/tracker/?func=detailaid=3113612group_id=163076atid=826303 that suggested to modify bash lxc script to properly use $@ in place of $* Signed-off-by: Michel Normand michel@free.fr Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-ls.in |4 ++-- src/lxc/lxc-netstat.in |6 +++--- src/lxc/lxc-setcap.in |4 ++-- src/lxc/lxc-setuid.in |6 +++--- 4 files changed, 10 insertions(+), 10 deletions(-) hooks/post-receive -- lxc -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-* tools are vulnerable for arguments with spaces
On 03/15/2011 08:19 PM, Michel Normand wrote: this is related to the bug http://sourceforge.net/tracker/?func=detailaid=3113612group_id=163076atid=826303 that suggested to modify bash lxc script to properly use $@ in place of $* Signed-off-by: Michel Normandmichel@free.fr Applied, thanks Michel. -- Daniel -- Enable your software for Intel(R) Active Management Technology to meet the growing manageability and security demands of your customers. Businesses are taking advantage of Intel(R) vPro (TM) technology - will your software be a part of the solution? Download the Intel(R) Manageability Checker today! http://p.sf.net/sfu/intel-dev2devmar ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc-simple: porcelain over lxc commands
On 04/03/2011 11:14 AM, Nigel McNie wrote: Hi List, I saw there was a call for a nice frontend over the lxc commands, and I needed one, so Martyn Smith and I have come up with lxc-simple [0]. Quoting the docs: lxc-simple wraps around the low-level commands for controlling linux containers, to make it easier to manage containers for the common case - which is creating containers that work in a similar fashion to vservers or jails. Synopsis: lxc [name] create [-u] --template=[lucid|maverick|etc...] lxc [name] destroy lxc [name] start|stop|restart lxc [name] enter lxc [name] console lxc status It's very rough, however it's a starting point. We'd very much like feedback on it. In particular, we'd like to know if it looks like a reasonable implementation/approach that could be part of lxc upstream? If not, how could it be adjusted to suit? Nigel, Thanks a lot, that's a great work and it is exactly what I was hoping someone will do. I will be happy to take upstream these new commands. A mindless remark, I would prefer to rename the lxc restart to lxc reboot to not collide with the checkpoint/restart when it will be implemented. I suspect some modifications will be necessary to polish the code but it does no matter as we can take it upstream and do the polishing work after this merge. It will be necessary to check the dependencies with configure and be able to disable the porcelain commands for the embedded systems, but it is not a big deal at all. Thanks -- Daniel -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 25df6b78d2d013ee12e63ca80db3e572d89dcd6c
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 25df6b78d2d013ee12e63ca80db3e572d89dcd6c (commit) via 63e0f402aa028c02d15fc5fa7066b77a45877e83 (commit) from 1a91da6ca6b3679944757cad2aef93d85ea33ed0 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 25df6b78d2d013ee12e63ca80db3e572d89dcd6c Author: Greg Kurz gk...@fr.ibm.com Date: Wed Apr 6 13:41:44 2011 +0200 lxc: default log appender on stderr The default appender for logs is currently the file one: this make macros from log.h unusable as long as lxc_log_init() hasn't been called. This prevents errors from even being printed on stderr in lxc_caps_init() for example. Let's make stderr the default appender. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 63e0f402aa028c02d15fc5fa7066b77a45877e83 Author: Cedric Le Goater c...@fr.ibm.com Date: Mon Apr 4 17:05:47 2011 +0200 lxc-attach: fix access permissions of /proc/$pid/ns Signed-off-by: Cedric Le Goater c...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/log.c |3 ++- src/lxc/namespace.c |2 +- 2 files changed, 3 insertions(+), 2 deletions(-) hooks/post-receive -- lxc -- Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] lxc-simple: porcelain over lxc commands
On 04/07/2011 12:29 AM, Nigel McNie wrote: On 6 April 2011 23:01, Daniel Lezcanodaniel.lezc...@free.fr wrote: On 04/03/2011 11:14 AM, Nigel McNie wrote: Hi List, snip Nigel, Thanks a lot, that's a great work and it is exactly what I was hoping someone will do. I will be happy to take upstream these new commands. A mindless remark, I would prefer to rename the lxc restart to lxc reboot to not collide with the checkpoint/restart when it will be implemented. I suspect some modifications will be necessary to polish the code but it does no matter as we can take it upstream and do the polishing work after this merge. It will be necessary to check the dependencies with configure and be able to disable the porcelain commands for the embedded systems, but it is not a big deal at all. Thanks -- Daniel Hi Daniel, Great! If we are to rename the command 'reboot', then it may confuse people who are expecting start/stop/restart from daemons etc - maybe we could rename start/stop to be boot/halt as well then? For the low levels command, boot/halt/reboot do not make sense as we can launch an application but for a higher level component doing system containers (VPS), that would make sense. As far as I understood, this is the case for the lxc porcelain commands, right ? Or, although I don't know anything about the checkpointing stuff, maybe those commands could be checkpoint/restore? Mmh, usually it is checkpoint/restart or dump/restore. The lxc-checkpoint and lxc-restart commands already exist. They are empty command but defined for the API so the kernel developer can hack and use these commands. I'm happy to keep contributing to the code and its maintenance once it's merged in, but you're probably the best person to do the merge. I know very little about how lxc works, having only worked with the debian ubuntu packaging. I haven't even checked out the git repo before now. Let me know if there's anything I can do to assist though. Yes, please: * submit your porcelain command as a patch (cf CONTRIBUTING) on top of the lxc head git repo. * update the MAINTAINERS file adding a porcelain section where you add your name, so people will Cc you when contributing to your commands Submitting as a patch will help us to review and comment. For me it will be easier to apply, test and play with it. It is a big piece, so I assume some round trips will be needed before merging but I will be happy to merge it as soon it will be ready. Thanks a lot for this contribution -- Daniel ps : sorry for the delay, I was out for a week. -- Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Bug#620921: Detecting a non-root container
On 04/12/2011 04:14 PM, Marco d'Itri wrote: On Apr 12, Daniel Lezcanodaniel.lezc...@free.fr wrote: At the first glance udev events are supported in the container. But for the sake of optimization, I recommend to not use it as it will trigger the events in all the containers. This looks wrong... containers should not be able to trigger events which affect the host system. Yes, I agree. This is something we should take care at the kernel level. -- Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. dfafa5a51397b4d3ced980ca80340f383701f823
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via dfafa5a51397b4d3ced980ca80340f383701f823 (commit) via 43de51b7441cbe02fc4479a4bbfb58c6d0356999 (commit) from 25df6b78d2d013ee12e63ca80db3e572d89dcd6c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit dfafa5a51397b4d3ced980ca80340f383701f823 Author: Cedric Le Goater legoa...@free.fr Date: Thu May 5 12:07:51 2011 +0200 lxc-execute: document the '--' option Signed-off-by: Cedric Le Goater c...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 43de51b7441cbe02fc4479a4bbfb58c6d0356999 Author: Cedric Le Goater c...@fr.ibm.com Date: Thu May 5 12:07:51 2011 +0200 lxc: fix bogus header file The lxc/ prefix is missing in start.h. This breaks the inclusion of the header file lxc/conf.h in external source code. Signed-off-by: Cedric Le Goater c...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc-execute.sgml.in | 16 src/lxc/conf.h |2 +- 2 files changed, 17 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- WhatsUp Gold - Download Free Network Management Software The most intuitive, comprehensive, and cost-effective network management toolset available today. Delivers lowest initial acquisition cost and overall TCO of any competing solution. http://p.sf.net/sfu/whatsupgold-sd ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] traffic control setup
On 05/07/2011 01:30 PM, Farcasi Ana-Maria wrote: Hello, This commit adds traffic control support (download and upload limit rate) for lxc containers. At the moment, the changes apply just for veth devices. In order to do this, we have attached a new structure (lxc_traffic_control) to struct lxc_netdev. This structure contains values for download and upload rate limits and can be extended with other traffic control options. In the configuration file the user has to complete the options for limiting traffic and to attach a script that handles the limitation (in the upscript option). We have attached here an example of script - lxc_upscript.sh. The lines in the configuration file that deal with limitation are: lxc.network.download.rate lxc.network.upload.rate lxc.network.up.script We have also attached an example of configuration file - conf_example.conf. The body of the patch is: Hi Ana-Maria and Irina, sorry for the delay. You hooked the code to use the script, that sounds not a bad idea but I would prefer to embed the traffic control code inside lxc for an embedded system. I think there is a bit more work to do in the network.c part to add the netlink message to set the upload and download rate. Thanks -- Daniel -- What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 820339bd965d6ca4c0dc11b783d689a3efc0cc68
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 820339bd965d6ca4c0dc11b783d689a3efc0cc68 (commit) via 476d4cf1750fa9a43304ee7cd175e3298dc2faa8 (commit) from f66331efb095656e555d65e413808dc8d3f71587 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 820339bd965d6ca4c0dc11b783d689a3efc0cc68 Author: Cedric Le Goater c...@fr.ibm.com Date: Fri May 20 11:37:16 2011 +0200 lxc: don't install setns.h 'setns.h' is not an lxc interface. Also, a side effect of this declaration of 'setns.h' in the lxc header files is to be distributed in the lxc tarball. This breaks the lxc-attach command because the file is not automatically generated at compile time. Signed-off-by: Cedric Le Goater c...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 476d4cf1750fa9a43304ee7cd175e3298dc2faa8 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri May 13 22:29:34 2011 +0200 ignore non-lxc configuration line We ignore the line of in the configuration file not beginning by lxc. So we can mix the configuration file with another information used for another component through the lxc library. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/Makefile.am |3 +-- src/lxc/confile.c | 12 2 files changed, 9 insertions(+), 6 deletions(-) hooks/post-receive -- lxc -- What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 77890c6d6b198b68808a7ec3d0c4f0dbe87c0374
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 77890c6d6b198b68808a7ec3d0c4f0dbe87c0374 (commit) via 88d413d5b6d1c2a3afcc7e3fcc0c037730c0abbe (commit) from 820339bd965d6ca4c0dc11b783d689a3efc0cc68 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 77890c6d6b198b68808a7ec3d0c4f0dbe87c0374 Author: Sven Wegener sven.wege...@stealer.net Date: Mon May 23 23:12:24 2011 +0200 Check for existing ptmx symlink It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink. Signed-off-by: Sven Wegener sven.wege...@stealer.net Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 88d413d5b6d1c2a3afcc7e3fcc0c037730c0abbe Author: Sven Wegener sven.wege...@stealer.net Date: Mon May 23 23:12:24 2011 +0200 Add relatime and strictatime mount options Also add #ifndef for compability with glibc before 2.12. Signed-off-by: Sven Wegener sven.wege...@stealer.net Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c | 61 +++ 1 files changed, 39 insertions(+), 22 deletions(-) hooks/post-receive -- lxc -- What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Add relatime and strictatime mount options
On 05/21/2011 08:35 PM, Sven Wegener wrote: Also add #ifndef for compability with glibc before 2.12. Signed-off-by: Sven Wegenersven.wege...@stealer.net Applied Thanks. -- What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Check for existing ptmx symlink
On 05/21/2011 08:35 PM, Sven Wegener wrote: It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink. Signed-off-by: Sven Wegenersven.wege...@stealer.net Applied. Thanks Sven. -- What Every C/C++ and Fortran developer Should Know! Read this article and learn how Intel has extended the reach of its next-generation tools to help Windows* and Linux* C/C++ and Fortran developers boost performance applications - including clusters. http://p.sf.net/sfu/intel-dev2devmay ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 0/2] Template update for Oneiric and armel
On 05/24/2011 08:19 PM, Stéphane Graber wrote: Some small template changes to add Oneiric and fix armel support. Stéphane Graber (2): Convert all Debian (and derivative) templates from using 'arch' to using 'dpkg --print-architecture' as debootstrap does Add initial oneiric template .gitignore|1 + configure.ac |1 + templates/Makefile.am |1 + templates/lxc-debian.in |9 +-- templates/lxc-lenny.in|9 +-- templates/lxc-lucid.in|9 +-- templates/lxc-maverick.in |9 +-- templates/lxc-natty.in|9 +-- templates/lxc-oneiric.in | 285 + 9 files changed, 293 insertions(+), 40 deletions(-) create mode 100644 templates/lxc-oneiric.in Applied. thanks Stéphane ! -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. 57d6d6718dab8913039cb5fba74771e36cdeb5df
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via 57d6d6718dab8913039cb5fba74771e36cdeb5df (commit) from 9781dae8cfd83362d29a94e39e84d85b892cad65 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 57d6d6718dab8913039cb5fba74771e36cdeb5df Author: Sven Wegener sven.wege...@stealer.net Date: Mon May 23 23:12:24 2011 +0200 Check for existing ptmx symlink It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink. Signed-off-by: Sven Wegener sven.wege...@stealer.net Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Check for existing ptmx symlink
On 05/27/2011 09:44 AM, Cedric Le Goater wrote: On 05/23/2011 11:22 PM, Daniel Lezcano wrote: On 05/21/2011 08:35 PM, Sven Wegener wrote: It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink. Signed-off-by: Sven Wegenersven.wege...@stealer.net Applied. That would be a nice thing to have in the lxc-0.7.4.X branch : http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=shortlog;h=refs/heads/lxc-0.7.4.X Done. -- vRanger cuts backup time in half-while increasing security. With the market-leading solution for virtual backup and recovery, you get blazing-fast, flexible, and affordable data protection. Download your free trial now. http://p.sf.net/sfu/quest-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 (commit) from d755a9e6b4c1c9e968df8ffe902881a8d7516aaa (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 2 09:50:38 2011 +0200 set close-on-exec flag on command socket When we accept a connection, we have to set the close-on-exec flag, otherwise that won't be possible to reboot a container through a lxc-console command. Reported-by: Katoh Yasufumi ka...@jazz.email.ne.jp Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/commands.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b (commit) from 57d6d6718dab8913039cb5fba74771e36cdeb5df (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 2 09:50:38 2011 +0200 set close-on-exec flag on command socket When we accept a connection, we have to set the close-on-exec flag, otherwise that won't be possible to reboot a container through a lxc-console command. Reported-by: Katoh Yasufumi ka...@jazz.email.ne.jp Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/commands.c |5 + 1 files changed, 5 insertions(+), 0 deletions(-) hooks/post-receive -- lxc -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PHYS support in 2.6.34?
On 06/01/2011 10:28 PM, Moffatt, Greg wrote: Hi I understand that full support for physical networking devices in a container isn't fully implemented until 2.6.35. How large are the changes that enabled this? I need to have something like this in a 2.6.34 kernel and I'm trying to scope out the effort in backporting these changes. Could someone at least point me to the commits that enabled this? Gah ! I got the patchset for a while but dropped them. It is the sysfs per namespace. All the patches are available in this directory: http://www.kernel.org/pub/linux/kernel/people/gregkh/driver_core/2.6/2.6.34/ The posted patchset is at: http://kerneltrap.com/mailarchive/linux-fsdevel/2010/3/30/6900683 Take care if you are looking for the patchset in another mailing list archive because it was around for a couple of years, so make sure you have the version from March, 2010. That should not be a big deal to backport them as they are applied on a 2.6.34+ Cheers -- Daniel -- Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. b722bed2da417532bbc4a12cb36a32ba7bbac783
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via b722bed2da417532bbc4a12cb36a32ba7bbac783 (commit) via be8b5972427bf6d5f83c94b5e50a30cdeba2543a (commit) via e2e0ee250188302b85d2056b354e6c57b9242194 (commit) from 9ccb2dbcd2c437ca8cc867814ba0412a3fe55420 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit b722bed2da417532bbc4a12cb36a32ba7bbac783 Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 lxc-create: pass remaining args to templates This way I can do lxc-create -t ubuntu -f /etc/lxc.conf -n u1 -- -x and have -x passed to the template Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit be8b5972427bf6d5f83c94b5e50a30cdeba2543a Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 Add lxc-clone script Create an lxc-clone script to clone containers. It should probably be factored into helpers and then enhanced, in particular to convert between LVM and non-LVM containers, create non-snapshot LVM clones, support loopback devices, and, when stable enough, to use overlayfs, btrfs, etc. But this is a start. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit e2e0ee250188302b85d2056b354e6c57b9242194 Author: Serge E. Hallyn se...@hallyn.com Date: Fri Jun 24 00:42:24 2011 +0200 lxc-destroy: delete a rootfs if it is an lvm volume If this is acceptable as is, then I'll try to get a simple lxc-clone out tomorrow (taking into account your comments from last time). Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |1 + lxc.spec.in|1 + src/lxc/Makefile.am|1 + src/lxc/lxc-clone.in | 208 src/lxc/lxc-create.in |2 +- src/lxc/lxc-destroy.in | 10 +++ 6 files changed, 222 insertions(+), 1 deletions(-) create mode 100644 src/lxc/lxc-clone.in hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, lxc-0.7.4.X, updated. ebdedce2f6df18b8ecbdc2c67977240aa42f7af8
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, lxc-0.7.4.X has been updated via ebdedce2f6df18b8ecbdc2c67977240aa42f7af8 (commit) from 967b34569424d2ec7ae7f27e64b1ad9bb2ea124b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit ebdedce2f6df18b8ecbdc2c67977240aa42f7af8 Author: Serge Hallyn serge.hal...@ubuntu.com Date: Sat Jun 25 15:17:47 2011 +0200 print netdev name, not link, after moving dev into netns Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2 (commit)
via 7c3ab01ffd3f59786fef85a5cbb1718659630f4d (commit)
via c6992ecf0d9a452c1119d56b173859fba76ac713 (commit)
via 8339b4c86a111a38e398f576318632491facb7ad (commit)
via e2b4064f94f47246e5e2e6359b91b57cab0a0652 (commit)
from b722bed2da417532bbc4a12cb36a32ba7bbac783 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
print netdev name, not link, after moving dev into netns
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 7c3ab01ffd3f59786fef85a5cbb1718659630f4d
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
Clarify the template-specific options a bit in lxc-create's help
This does not supplant the need for a manpage, but it's a start.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit c6992ecf0d9a452c1119d56b173859fba76ac713
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
lxc-ubuntu: Default to current ubuntu release.
If can't match any valid release, use lucid.
Signed-off-by: Stéphane Graber stgra...@ubuntu.com
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 8339b4c86a111a38e398f576318632491facb7ad
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
lxc-ubuntu: Base arch detection code on debootstrap's with some additions
when we don't have dpkg or udpkg
Changelog: [seh] Don't take arch from environment
Signed-off-by: Stéphane Graber stgra...@ubuntu.com
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit e2b4064f94f47246e5e2e6359b91b57cab0a0652
Author: Serge Hallyn serge.hal...@ubuntu.com
Date: Sat Jun 25 15:17:47 2011 +0200
consolidate ubuntu templates
Consolidate lucid, maverick, natty, and oneiric templates into one 'ubuntu'
template.
Add support for specifying architecture.
Add support for '--trim|-x' option, which removes services like the lucid
template used to. This creates smaller, faster-booting containers, but they
will not be safe with certain upgrades, like mountall or udev. When -x is
not specified for lucid or maverick container, then install lxcguest from
the ubuntu-virt ppa, since it does not exist in the official archives, and
the container is not safe to boot without lxcguest.
Add support for '--bindhome user' option, which will cause /home/user
to be bind-mounted into the container, and create the user with his
original password, shell, and group memberships in the container.
changelog:
june 23:
lxc-ubuntu template: set lxc.arch in config
install lxcguest when NOT trimming the container
lxc-ubuntu: always install lxcguest in postprocess
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
configure.ac |5 +-
doc/lxc-create.sgml.in|2 +-
src/lxc/conf.c|2 +-
src/lxc/lxc-create.in | 13 +-
templates/Makefile.am |5 +-
templates/lxc-maverick.in | 284 --
templates/lxc-natty.in| 285 --
templates/lxc-oneiric.in | 285 --
templates/{lxc-lucid.in = lxc-ubuntu.in} | 371 -
9 files changed, 270 insertions(+), 982 deletions(-)
delete mode 100644 templates/lxc-maverick.in
delete mode 100644 templates/lxc-natty.in
delete mode 100644 templates/lxc-oneiric.in
rename templates/{lxc-lucid.in = lxc-ubuntu.in} (54%)
hooks/post-receive
--
lxc
--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense..
http://p.sf.net/sfu
Re: [lxc-devel] PATCH: openSUSE template for LXC
On 06/24/2011 05:28 PM, Frederic Crozat wrote: Hi all, attached patch is a openSUSE 11.4 template for LXC. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Is it a standalone script or called through lxc-create ? -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense.. http://p.sf.net/sfu/splunk-d2d-c1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PATCH: openSUSE template for LXC
On 06/27/2011 10:03 AM, Frederic Crozat wrote: Le samedi 25 juin 2011 à 23:25 +0200, Daniel Lezcano a écrit : On 06/24/2011 05:28 PM, Frederic Crozat wrote: Hi all, attached patch is a openSUSE 11.4 template for LXC. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Is it a standalone script or called through lxc-create ? It should be called through lxc-create (just like the other templates). Great ! Thanks for this patch. -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. bcbd102cba31a0054fe4204a39b5e8a411cde42f
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via bcbd102cba31a0054fe4204a39b5e8a411cde42f (commit) via c840b37de865195a8742e219b4374d961a21d4d9 (commit) from c1c75c04a6b7d7926b6eaaf45309d35d7650f6d2 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit bcbd102cba31a0054fe4204a39b5e8a411cde42f Author: Serge E. Hallyn se...@hallyn.com Date: Mon Jul 4 00:42:06 2011 +0200 cgroups: support cgroups mounted in multiple places (v3) (sorry for the extra traffic.) With this patch, lxc works for me both with all cgroups mounted with ns cgroup on /cgroup, and with libcgroup mounting all cgroups separately. To do this, instead of looking for one cgroup called 'lxc' or otherwise taking the first cgroup we find, we actually create a container in every mounted cgroup fs. Right now it's done under the root of each fs. We may want to put that under lxc, or, better yet, make that configurable. Changelog: Michael H. Warfield: Handle the case where subsystem doesn't have '.'. Daniel Lezcano: clean up incorrect reentrant use of mntent helpers v3: use the rest of Daniel's cleanups TODO: add a configurable directory name, 'lxc' by default, under which all lxc cgroups are created (i.e. /sys/fs/cgroup/lxc) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com Tested-by: Michael H. Warfield m...@wittsend.com commit c840b37de865195a8742e219b4374d961a21d4d9 Author: Frederic Crozat fcro...@suse.com Date: Mon Jul 4 00:35:52 2011 +0200 templates: add openSUSE template. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Signed-off-by: Frederic Crozat fcro...@suse.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |1 + src/lxc/cgroup.c | 250 +-- src/lxc/cgroup.h |2 +- src/lxc/freezer.c |2 +- src/lxc/lxc.h |8 +- src/lxc/state.c |2 +- templates/Makefile.am |1 + templates/lxc-opensuse.in | 368 + 8 files changed, 517 insertions(+), 117 deletions(-) create mode 100644 templates/lxc-opensuse.in hooks/post-receive -- lxc -- All of the data generated in your IT infrastructure is seriously valuable. Why? It contains a definitive record of application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-d2d-c2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 623f98d8cc0ae38cce244b355a804a7e8e607bc3
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 623f98d8cc0ae38cce244b355a804a7e8e607bc3 (commit) via c440536e7c4cc4836aca2cf3421509aaa8db2365 (commit) via e7eb632cb4365d800939ab20021920468c1ce7db (commit) via c011782c8d83ece9ee883fcd9406433c09f220be (commit) from bcbd102cba31a0054fe4204a39b5e8a411cde42f (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 623f98d8cc0ae38cce244b355a804a7e8e607bc3 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 lxc-ubuntu: Allow /dev/fuse to be used in a container As people seem to want it, i.e. https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/800886 Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit c440536e7c4cc4836aca2cf3421509aaa8db2365 Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 lxc-ubuntu: don't put devpts in $confdir/container/fstab src/lxc/conf.c will explicitly mount it anyway. Furthermore, the fstab entry, which is getting processed first, did not specify -o newinstance. This can cause the host's devpts entry mount options to change, as in https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/607636. Note - I messed up. This was applied upstream, but I dropped it in subsequent conversion to lxc-ubuntu template. It therefore needs to be reapplied. Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit e7eb632cb4365d800939ab20021920468c1ce7db Author: Serge Hallyn serge.hal...@canonical.com Date: Mon Jul 25 00:22:50 2011 +0200 Add arm as a supported srcarch Otherwise building on armel fails with checking for linux SRCARCH... configure: error: architecture arm-unknown-linux-gnueabi not supported See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/745884 for details. Signed-off-by: Serge Hallyn serge.hal...@canonical.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit c011782c8d83ece9ee883fcd9406433c09f220be Author: Joerg Gollnick code4lxc+l...@wurzelbenutzer.de Date: Mon Jul 25 00:22:50 2011 +0200 fix lxc-ps to work with systemd Dear all, while working with systemd I found that lxc-ps -efa does not recognize the container name. Best regards Joerg Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: config/linux.m4 |1 + src/lxc/lxc-ps.in | 19 --- templates/lxc-ubuntu.in |3 ++- 3 files changed, 15 insertions(+), 8 deletions(-) hooks/post-receive -- lxc -- Magic Quadrant for Content-Aware Data Loss Prevention Research study explores the data loss prevention market. Includes in-depth analysis on the changes within the DLP market, and the criteria used to evaluate the strengths and weaknesses of these DLP solutions. http://www.accelacomm.com/jaw/sfnl/114/51385063/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Reg: Using an ISO image as rootfs for a LXC
On 07/25/2011 08:17 PM, Alphonse Hansel Anthony wrote:
Hi,
I am trying to start a LXC, with a ISO image as the rootfs.
the excerpt of the mount options that I use in lxc.conf
lxc.rootfs = rootfs.iso
lxc.rootfs.mount = /lxc/rootfs
The error that I get while I start the LXC
-
lxc-start: No such file or directory - failed to exec /sbin/init
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'raven'
lxc-start: Device or resource busy - failed to remove cgroup '/cgroup/raven'
--
on closer look at the lxc-start , I found the following
1) the iso image is mounted at the specified location
2) I am also able to stat the /sbin/init file.
I instrumented the code in file ${SRC_FOLDER}/src/lxc/start.c:: static
int start(struct lxc_handler *handler, void* data)
and I am able to stat the file /sbin/init just before execvp, but exec
fails with No such file or directory.
Any help in this regard would be useful.
I created a ISO image and started the container. The container starts as
expected (but the mountall fails because the rootfs is RO.)
Is it possible the iso image contains an extra directory where the
rootfs belongs ? I mean, if you mount the iso image on a directory
'mnt', you should see '/mnt/usr, /mnt/lib, ...' is it the case ?
--
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Reg: Using an ISO image as rootfs for a LXC
On 07/25/2011 10:24 PM, Alphonse Hansel Anthony wrote:
Hi Daniel,
I am using lxc utils (0.7.4.2).
In my case, I am trying to mount the rootfs.iso as / within the
Container and it fails with No such file or directory.
I am just wondering if any additional options are required to make the
mounted ISO visible across pivot_root boundaries, similar to MS_BIND mount
option for files/directories.
Can you copy-paste your lxc.conf file? I would like to cross verify with
options that I had specified.
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = br0
lxc.utsname = lucid2
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = /var/lib/lxc/lucid2/rootfs.iso
lxc.mount = /var/lib/lxc/lucid2/fstab
lxc.cgroup.devices.deny = a
# /dev/null and zero
lxc.cgroup.devices.allow = c 1:3 rwm
lxc.cgroup.devices.allow = c 1:5 rwm
# consoles
lxc.cgroup.devices.allow = c 5:1 rwm
lxc.cgroup.devices.allow = c 5:0 rwm
lxc.cgroup.devices.allow = c 4:0 rwm
lxc.cgroup.devices.allow = c 4:1 rwm
# /dev/{,u}random
lxc.cgroup.devices.allow = c 1:9 rwm
lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
lxc.cgroup.devices.allow = c 254:0 rwm
The second case that you had mentioned works for me.
My rootfs is a directory on the host ( /root/lxcOne )
Mount point for iso with rootfs (/root/lxcOne/mnt)
After I add the mount options in fstab, I am able to view the content in
/root/lxcOne/mnt
directory.
-Alphonse
On Mon, Jul 25, 2011 at 4:04 PM, Daniel Lezcano daniel.lezc...@free.frwrote:
On 07/25/2011 08:17 PM, Alphonse Hansel Anthony wrote:
Hi,
I am trying to start a LXC, with a ISO image as the rootfs.
the excerpt of the mount options that I use in lxc.conf
lxc.rootfs = rootfs.iso
lxc.rootfs.mount = /lxc/rootfs
The error that I get while I start the LXC
-
lxc-start: No such file or directory - failed to exec /sbin/init
lxc-start: invalid sequence number 1. expected 2
lxc-start: failed to spawn 'raven'
lxc-start: Device or resource busy - failed to remove cgroup
'/cgroup/raven'
--
on closer look at the lxc-start , I found the following
1) the iso image is mounted at the specified location
2) I am also able to stat the /sbin/init file.
I instrumented the code in file ${SRC_FOLDER}/src/lxc/start.c:: static
int start(struct lxc_handler *handler, void* data)
and I am able to stat the file /sbin/init just before execvp, but exec
fails with No such file or directory.
Any help in this regard would be useful.
I created a ISO image and started the container. The container starts as
expected (but the mountall fails because the rootfs is RO.)
Is it possible the iso image contains an extra directory where the
rootfs belongs ? I mean, if you mount the iso image on a directory
'mnt', you should see '/mnt/usr, /mnt/lib, ...' is it the case ?
--
Storage Efficiency Calculator
This modeling tool is based on patent-pending intellectual property that
has been used successfully in hundreds of IBM storage optimization engage-
ments, worldwide. Store less, Store more with what you own, Move data to
the right place. Try It Now! http://www.accelacomm.com/jaw/sfnl/114/51427378/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5 (commit) from 623f98d8cc0ae38cce244b355a804a7e8e607bc3 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9e4fcfa115ec306baf8cbc86dd0fd97678425ab5 Author: Serge E. Hallyn se...@hallyn.com Date: Wed Jul 27 16:34:58 2011 +0200 Don't try to add host user's groups in container When '-b user' is specified to lxc-ubuntu container creation template, do not automatically add all the groups of which user is a member on the host, to user's groups in the container. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-ubuntu.in |3 --- 1 files changed, 0 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] issue with inotify and cgroups
On 07/28/2011 12:03 PM, Lou-adrien Fabre wrote: Hi, I'm currently trying to monitor my container's stats from my host, using the cgroup file (especialy cpuacct.usage_percpu), but the problem is that the refresh rate of the cgroup file seems to be quit unstable. So i need to watch for file modification and make my calculation then. I was thinking about using inotify to watch files, but it seems that I'm not getting notifed for any event while the file's content is actualy modified by lxc. lxc does not modify the cgroup files and I think inotify is not supported by the cgroup. The cgroup should be monitored by the event feature: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob;f=Documentation/cgroups/cgroup_event_listener.c;h=3e082f96dc125333a2b32076710a23b78bc17c5f;hb=95b6886526bb510b8370b625a49bc0ab3b8ff10f I never used this feature, so I can not help more but I would be interested by any feedback if you are willing to try it and report your results :) Thanks -- Daniel -- Got Input? Slashdot Needs You. Take our quick survey online. Come on, we don't ask for help often. Plus, you'll get a chance to win $100 to spend on ThinkGeek. http://p.sf.net/sfu/slashdot-survey ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc-checkconfig takes into account cgroup.clone_children
Take into account we may have the clone_children flag on the cgroup,
so we ignore cgroup namespace in this case.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc-checkconfig.in | 11 ++-
1 files changed, 10 insertions(+), 1 deletions(-)
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
index ab27b9c..5dcf3a4 100755
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -62,8 +62,17 @@ echo -n Network namespace: is_enabled CONFIG_NET_NS
echo -n Multiple /dev/pts instances: is_enabled DEVPTS_MULTIPLE_INSTANCES
echo
echo --- Control groups ---
+
+CGROUP_MNT_PATH=$(grep -m1 ^cgroup /proc/self/mounts | awk '{ print $2 }')
+
echo -n Cgroup: is_enabled CONFIG_CGROUPS yes
-echo -n Cgroup namespace: is_enabled CONFIG_CGROUP_NS
+
+if [ -f $CGROUP_MNT_PATH/cgroup.clone_children ]; then
+echo -n Cgroup clone_children flag:
+$SETCOLOR_SUCCESS echo -e enabled $SETCOLOR_NORMAL
+else
+echo -n Cgroup namespace: is_enabled CONFIG_CGROUP_NS yes
+fi
echo -n Cgroup device: is_enabled CONFIG_CGROUP_DEVICE
echo -n Cgroup sched: is_enabled CONFIG_CGROUP_SCHED
echo -n Cgroup cpu account: is_enabled CONFIG_CGROUP_CPUACCT
--
1.7.4.1
--
uberSVN's rich system and user administration capabilities and model
configuration take the hassle out of deploying and managing Subversion and
the tools developers use with it. Learn more about uberSVN and get a free
download at: http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/10/2011 10:10 PM, Bruno Prémont wrote: Hi Daniel, [I'm adding containers ml as we had a discussion there some time ago for this feature] [ ... ] +if (cmd == LINUX_REBOOT_CMD_RESTART2) +if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0) +return -EFAULT; + +/* If we are not in the initial pid namespace, we send a signal + * to the parent of this init pid namespace, notifying a shutdown + * occured */ +if (pid_ns != init_pid_ns) +pid_namespace_reboot(pid_ns, cmd, buffer); Should there be a return here? Or does pid_namespace_reboot() never return by submitting signal to parent? Yes, it does not return a value, like 'do_notify_parent_cldstop' Thanks -- Daniel -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] PATCH: lxc-ps: blkio instead of ns in /proc/*/cgroup
On 08/07/2011 03:33 AM, Yamamoto - Joe's Web Hosting wrote: Hi In Linux kernel 3.0.0, lxc-ps does not show any container names. I think it's due to the following change: http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6-stable.git;a=commit;h=1bdcd78e2445f1ef7097a3ae7ef12e8f9c4fb05f `ns' no longer appears in /proc/*/cgroups. Instead, blkio starts appearing now. Hmm, now we don't have any information to descriminate a cgroup only with a container :/ I think the lxc-ps approach is wrong and we should rely on lxc-start to get the correct information. Let me check, what we can do ... -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 5d42011acbf64b3c942dd4e2f2557a172410fbeb
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 5d42011acbf64b3c942dd4e2f2557a172410fbeb (commit) via 989457599472cba389a09d0279dd752dfbafd842 (commit) via 579ebf1283be785334b840a82b2a988f9383e663 (commit) via d9e2cc0eaddd4dd0701705a42edd8f4c81fe8b43 (commit) from 0b9c21ab8ab3e7a1eacdb087950fe9f680053486 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5d42011acbf64b3c942dd4e2f2557a172410fbeb Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:19:56 2011 +0200 add container init pid with the lxc-info command Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 989457599472cba389a09d0279dd752dfbafd842 Author: InformatiQ rha...@informatiq.org Date: Thu Jul 14 00:41:03 2011 +0300 fix RELEAE_URL to not hardcode the arch Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 579ebf1283be785334b840a82b2a988f9383e663 Author: InformatiQ rha...@informatiq.org Date: Wed Apr 20 23:15:51 2011 +0300 working fedora template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit d9e2cc0eaddd4dd0701705a42edd8f4c81fe8b43 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Aug 9 20:02:31 2011 +0200 lxc-checkconfig takes into account cgroup.clone_children Take into account we may have the clone_children flag on the cgroup, so we ignore cgroup namespace in this case. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-checkconfig.in | 11 ++- src/lxc/lxc_info.c | 45 ++-- templates/lxc-fedora.in| 264 3 files changed, 191 insertions(+), 129 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. c797dcc3d06762859ca07075c607e852fe02d18f
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via c797dcc3d06762859ca07075c607e852fe02d18f (commit) via 858133f52ce4a7eaa0ace709c4cb037ffa408caf (commit) from 5d42011acbf64b3c942dd4e2f2557a172410fbeb (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit c797dcc3d06762859ca07075c607e852fe02d18f Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:54:57 2011 +0200 lxc-ps : update the man page for passing the options Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 858133f52ce4a7eaa0ace709c4cb037ffa408caf Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Aug 11 17:54:57 2011 +0200 lxc-ps : fix the container name search We don't have to check for the cgroup namespace name because the pid we are looking for is already in the list of the container owned by lxc and retrieved from the abstract socket command name. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc-ps.sgml.in |7 --- src/lxc/lxc-ps.in |9 +++-- 2 files changed, 7 insertions(+), 9 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/11/2011 06:30 PM, Bruno Prémont wrote:
On Wed, 10 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/10/2011 10:10 PM, Bruno Prémont wrote:
Hi Daniel,
[I'm adding containers ml as we had a discussion there some time ago
for this feature]
[ ... ]
+if (cmd == LINUX_REBOOT_CMD_RESTART2)
+if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0)
+return -EFAULT;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
Should there be a return here?
Or does pid_namespace_reboot() never return by submitting signal to
parent?
Yes, it does not return a value, like 'do_notify_parent_cldstop'
So execution flow continues reaching the whole host reboot code?
That's not so good as it then prevents using CAP_SYS_BOOT inside PID namespace
to limit access to rebooting the container from inside as giving a process
inside container CAP_SYS_BOOT would cause host to reboot (and when not given
process inside container would get -EPERM in all cases).
Wouldn't the following be better?:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT))
+return -EPERM;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns) {
+pid_namespace_reboot(pid_ns, cmd, buffer);
+return 0;
+}
+
mutex_lock(reboot_mutex);
switch (cmd) {
...
If I misunderstood, please correct me.
Yep, this is what I did at the beginning but I realized I was closing
the door for future applications using the pid namespaces. The pid
namespace could be used by another kind of application, not a container,
running some administrative tasks so they may want to shutdown the host
from a different pid namespace.
For this reason, to prevent this execution flow, the container has to
drop the CAP_SYS_BOOT in addition of taking care of the SIGCHLD signal
with CLDREBOOT.
--
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc tag, lxc-0.7.5, created. 6371febf3c7d181cb0f11209df67c35f9d7b233b
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The tag, lxc-0.7.5 has been created at 6371febf3c7d181cb0f11209df67c35f9d7b233b (commit) - Log - commit 6371febf3c7d181cb0f11209df67c35f9d7b233b Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Thu Aug 11 19:00:13 2011 +0200 Version 0.7.5 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [RFC] catching sys_reboot syscall
On 08/11/2011 07:04 PM, Bruno Prémont wrote:
On Thu, 11 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/11/2011 06:30 PM, Bruno Prémont wrote:
On Wed, 10 August 2011 Daniel Lezcano daniel.lezc...@free.fr wrote:
On 08/10/2011 10:10 PM, Bruno Prémont wrote:
Hi Daniel,
[I'm adding containers ml as we had a discussion there some time ago
for this feature]
[ ... ]
+if (cmd == LINUX_REBOOT_CMD_RESTART2)
+if (strncpy_from_user(buffer[0], arg, sizeof(buffer) - 1) 0)
+return -EFAULT;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
Should there be a return here?
Or does pid_namespace_reboot() never return by submitting signal to
parent?
Yes, it does not return a value, like 'do_notify_parent_cldstop'
So execution flow continues reaching the whole host reboot code?
That's not so good as it then prevents using CAP_SYS_BOOT inside PID
namespace
to limit access to rebooting the container from inside as giving a process
inside container CAP_SYS_BOOT would cause host to reboot (and when not given
process inside container would get -EPERM in all cases).
Wouldn't the following be better?:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT))
+return -EPERM;
+
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns) {
+pid_namespace_reboot(pid_ns, cmd, buffer);
+return 0;
+}
+
mutex_lock(reboot_mutex);
switch (cmd) {
...
If I misunderstood, please correct me.
Yep, this is what I did at the beginning but I realized I was closing
the door for future applications using the pid namespaces. The pid
namespace could be used by another kind of application, not a container,
running some administrative tasks so they may want to shutdown the host
from a different pid namespace.
For this reason, to prevent this execution flow, the container has to
drop the CAP_SYS_BOOT in addition of taking care of the SIGCHLD signal
with CLDREBOOT.
Ok, though for later source code readers to know adding/extending comment
would be nice.
Maybe something like
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured
+ * NOTE: if process has CAP_SYS_BOOT it will additionally have the
+ * same effect as if it was not namespaced */
How would all of this integrate with the ongoing work on user namespaces?
Maybe that one should later be the differentiator for who may or may not
trigger the host reboot.
I think if you are in a different user namespace than the init one, the
process won't be able to reboot.
I talked with Serge about that and he should execute the
pid_namespace_reboot if it is 'ns_capable' of rebooting the host.
But I think that does not collide after all.
In addition sending the signal to parent process seems moot as chances are
that parent process will never have the opportunity to see the signal when
the host is being rebooted.
Right.
Then a construct like the following would give a better hint to the reader:
...
+
+/* We only trust the superuser with rebooting the system. */
+if (!capable(CAP_SYS_BOOT)) {
+/* If we are not in the initial pid namespace, we send a signal
+ * to the parent of this init pid namespace, notifying a shutdown
+ * occured */
+if (pid_ns != init_pid_ns)
+pid_namespace_reboot(pid_ns, cmd, buffer);
+
+return -EPERM;
+}
Ok, let me respin the patchset and change that. I will submit the patch
to akpm and lkml. Let's see what they think about this approach.
Thanks
-- Daniel
--
Get a FREE DOWNLOAD! and learn more about uberSVN rich system,
user administration capabilities and model configuration. Take
the hassle out of deploying and managing Subversion and the
tools developers use with it.
http://p.sf.net/sfu/wandisco-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 970ab589452637c4ae1ddb807c66be7333f8fdf6
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 970ab589452637c4ae1ddb807c66be7333f8fdf6 (commit) via 6f1239c38078bae9900ac8f5c87de4b4bfcf2e07 (commit) from 6371febf3c7d181cb0f11209df67c35f9d7b233b (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 970ab589452637c4ae1ddb807c66be7333f8fdf6 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 01:34:49 2011 +0200 make undefined personality non-fatal Just warn, do not exit fatally. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 6f1239c38078bae9900ac8f5c87de4b4bfcf2e07 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 01:34:49 2011 +0200 fix segfault when an unsupported personality is set Bad array len computation. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/confile.c |9 ++--- 1 files changed, 6 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Get a FREE DOWNLOAD! and learn more about uberSVN rich system, user administration capabilities and model configuration. Take the hassle out of deploying and managing Subversion and the tools developers use with it. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. e6238180c6963bcdbab42258a0f66b1d498c0e13
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via e6238180c6963bcdbab42258a0f66b1d498c0e13 (commit) from 970ab589452637c4ae1ddb807c66be7333f8fdf6 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit e6238180c6963bcdbab42258a0f66b1d498c0e13 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Aug 12 21:47:55 2011 +0200 remove minimal install for ubuntu template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-ubuntu.in |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) hooks/post-receive -- lxc -- FREE DOWNLOAD - uberSVN with Social Coding for Subversion. Subversion made easy with a complete admin console. Easy to use, easy to manage, easy to install, easy to extend. Get a Free download of the new open ALM Subversion platform now. http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Patch to automatically set a gateway inside a container
On 08/15/2011 10:58 PM, Matthijs Kooijman wrote: Hey folks, Here's a small patch series that allows setting up a gateway inside a container. Two modes are supported: Defining a static address in lxc.conf, or taking the configured address from the bridge (link) interface and using that as a gateway. The latter is usefule when a number of containers are bridged together without being bridged into a physical network (instead relying on the host to do routing or NAT for the containers). The first patch enables the static gateway setup and should be pretty straightforward. The second patch enables automatic gateway setup. To get this working, I needed to get the IP address from the bridge interface. This uses the netlink interface, but unlike all other netlink code so far actually uses the reply. Furthermore, netlink does not support filtering at the kernel end, so the RTM_GETADDR message requests _all_ configured addresses. The addresses are returned one per reply message, which are then filtered to find the right address. This requires some complicated code to loop over the reply messages and repeatedly receive more messages in case the buffer wasn't big enough the first time (emperical evidence suggests a second receive is needed when aroudn 100 ipv4 addresses are configured). I suspect that the code could be made a bit more elegant if the functions in nl.c would support returning multiple messsages and/or multiple receives for a single request. In particular, I found a piece of code in netlink_rcv, for which I couldn't figure out what it was supposed to do, or how it would interact with a multiple reply and/or multipe receive scenario: if (msg.msg_flags MSG_TRUNC ret == answer-nlmsghdr.nlmsg_len) return -EMSGSIZE; Any hints? Matthis, that's excellent ! Good work ! Yeah, I think I did not take care of supporting multiple messages with netlink as it was not needed. But in your case, I think that would be worth to support it now :) Thanks ! -- Daniel -- uberSVN's rich system and user administration capabilities and model configuration take the hassle out of deploying and managing Subversion and the tools developers use with it. Learn more about uberSVN and get a free download at: http://p.sf.net/sfu/wandisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] touch /fastboot to rootfs before start container
On 08/16/2011 08:01 PM, Matteo Bernardini wrote: for what's worth (if useful to know), slackware uses /etc/fastboot for that purpose: could it be seen as a specific template thingie? in the template for slackware that I'm preparing, for example, I cutted out all mount/fsck from the shell init script checking for a CONTAINER variable... +1 -- EMC VNX: the world's simplest storage, starting under $10K The only unified storage solution that offers unified management Up to 160% more powerful than alternatives and 25% more efficient. Guaranteed. http://p.sf.net/sfu/emc-vnx-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. be58c6b5b4110a3136f26b69394de725a4318619
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via be58c6b5b4110a3136f26b69394de725a4318619 (commit) via 19a26f82145042062cb2b11292622efb3ccac37f (commit) via f8fee0e2c399af59ee30c62234b47505fbd93725 (commit) via ebdd307db73344fa51a552a10daa8d1fefe9794b (commit) from e6238180c6963bcdbab42258a0f66b1d498c0e13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit be58c6b5b4110a3136f26b69394de725a4318619 Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 .gateway options Man for the gateway option. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 19a26f82145042062cb2b11292622efb3ccac37f Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 add autodetection of the gateway address For veth and macvlan networks, this can look up the host address on the bridge (link) interface and add a default route on the guest to that address. This facilitates a typical setup where guests are bridged together. syntax: lxc.ipv4.gateway = auto lxc.ipv6.gateway = auto Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f8fee0e2c399af59ee30c62234b47505fbd93725 Author: Matthijs Kooijman matth...@stdin.nl Date: Tue Aug 30 23:50:23 2011 +0200 .gateway configuration This directive adds a default route to the guest at startup. syntax: lxc.network.ipv4.gateway = 10.0.0.1 lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit ebdd307db73344fa51a552a10daa8d1fefe9794b Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Tue Aug 30 23:50:00 2011 +0200 Don't log an error when the container is stopped Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: doc/lxc.conf.sgml.in | 43 ++ src/lxc/commands.c |4 +- src/lxc/conf.c | 103 +++ src/lxc/conf.h |6 ++ src/lxc/confile.c| 78 + src/lxc/network.c| 227 ++ src/lxc/network.h| 12 +++ src/lxc/start.c | 10 ++ 8 files changed, 480 insertions(+), 3 deletions(-) hooks/post-receive -- lxc -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. ac70c6cf97c5d52d4ec4c6bfe9552c1550307966
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project lxc.
The branch, master has been updated
via ac70c6cf97c5d52d4ec4c6bfe9552c1550307966 (commit)
via 8534a83e9478ed5c74255341c1b204eec0a585b7 (commit)
via 27078f4422580c39dc451d79be90679992d3137e (commit)
via 29ec8f8473c5e384a8feaddf61dee68b39d069d6 (commit)
via a30ce0ac4db1bac032799da550f747cf17e45d08 (commit)
via 262f4e48a51a55ad9cee06abbcfe4a6ad6166f49 (commit)
from be58c6b5b4110a3136f26b69394de725a4318619 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -
commit ac70c6cf97c5d52d4ec4c6bfe9552c1550307966
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
if after freezing the container the snapshot/rsync fails, unfreeze before
exiting
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 8534a83e9478ed5c74255341c1b204eec0a585b7
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
*add the new opts to help() *set container_running=false
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 27078f4422580c39dc451d79be90679992d3137e
Author: InformatiQ rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
* allow cloning of non-snapshot lvm devices
Signed-off-by: InformatiQ rha...@informatiq.org
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
Acked-by: Serge Hallyn serge.hal...@canonical.com
commit 29ec8f8473c5e384a8feaddf61dee68b39d069d6
Author: Ramez Hanna rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
lxc-fedora.in
* if not running on fedora host amd -R is not set, use fedora 14 as default
* trap SIGHUP SIGINT SIGTERM, and cleanup before exiting
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit a30ce0ac4db1bac032799da550f747cf17e45d08
Author: Ramez Hanna rha...@informatiq.org
Date: Wed Aug 31 00:20:09 2011 +0200
fix for missing EOF and fstab contents
templates/lxc-fedora.in | 10 +-
1 file changed, 5 insertions(+), 5 deletions(-)
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 262f4e48a51a55ad9cee06abbcfe4a6ad6166f49
Author: Alexey Shabalin sh...@altlinux.org
Date: Tue Aug 16 16:00:51 2011 +0400
add lxc-altlinux template
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
.gitignore |1 +
configure.ac |1 +
src/lxc/lxc-clone.in | 108 +-
templates/Makefile.am|1 +
templates/{lxc-fedora.in = lxc-altlinux.in} | 131 +++---
templates/lxc-fedora.in | 38 +---
6 files changed, 190 insertions(+), 90 deletions(-)
copy templates/{lxc-fedora.in = lxc-altlinux.in} (65%)
hooks/post-receive
--
lxc
--
Special Offer -- Download ArcSight Logger for FREE!
Finally, a world-class log management solution at an even better
price-free! And you'll get a free Love Thy Logs t-shirt when you
download Logger. Secure your free ArcSight Logger TODAY!
http://p.sf.net/sfu/arcsisghtdev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] add lxc.network.ipv[46].gateway configuration
On 08/15/2011 10:58 PM, Matthijs Kooijman wrote: This directive adds a default route to the guest at startup. syntax: lxc.network.ipv4.gateway = 10.0.0.1 lxc.network.ipv6.gateway = 2001:db8:85a3::8a2e:370:7334 Applied the patchset. Thanks ! -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. f7b98d38f042c403114fd07187dfe7daed44bdda
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via f7b98d38f042c403114fd07187dfe7daed44bdda (commit) from ac70c6cf97c5d52d4ec4c6bfe9552c1550307966 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit f7b98d38f042c403114fd07187dfe7daed44bdda Author: InformatiQ rha...@informatiq.org Date: Thu Sep 1 22:24:30 2011 +0200 remove the check for container path as it's done in lxc-create Signed-off-by: InformatiQ rha...@informatiq.org Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: templates/lxc-fedora.in |5 - 1 files changed, 0 insertions(+), 5 deletions(-) hooks/post-receive -- lxc -- Special Offer -- Download ArcSight Logger for FREE! Finally, a world-class log management solution at an even better price-free! And you'll get a free Love Thy Logs t-shirt when you download Logger. Secure your free ArcSight Logger TODAY! http://p.sf.net/sfu/arcsisghtdev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 4e04d515006816bbe629657b85d97476c9de240e
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 4e04d515006816bbe629657b85d97476c9de240e (commit) from 165015211fa9506b11ea1f4540d54b8a99a2f468 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 4e04d515006816bbe629657b85d97476c9de240e Author: Greg Kurz gk...@fr.ibm.com Date: Tue Sep 20 11:18:39 2011 +0200 fix broken lxc-*.in scripts Commit 92c7f6295518decd3989b2790d75551e7d9a broke the following scipts: - lxc-setcap - lxc-setuid - lxc-create This patch adds the missing variables to be substitued by the configure script. Cheers. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/lxc-create.in |1 + src/lxc/lxc-setcap.in |4 +++- src/lxc/lxc-setuid.in |4 +++- 3 files changed, 7 insertions(+), 2 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] please resend patches
Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. Is it possible to resend the patches please ? Thanks ! -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] please resend patches
On 09/21/2011 05:47 PM, Daniel Lezcano wrote: Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. For English people :) September 8th Is it possible to resend the patches please ? Thanks ! -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [Lxc-users] please resend patches
On 09/21/2011 06:57 PM, John Drescher wrote: On Wed, Sep 21, 2011 at 11:53 AM, Daniel Lezcano daniel.lezc...@free.fr wrote: On 09/21/2011 05:47 PM, Daniel Lezcano wrote: Hi all, my laptop was stolen yesterday. My email backup history ends to 08/09/2011. For English people :) September 8th I should have every non spam message from the lxc-users list for at least 1 year in my gmail box. You want just the patch emails? Just the patch emails, I have the patches until September 8th. Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2dcopy1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc: introduce lxc_execute()
On 10/17/2011 08:47 PM, Greg Kurz wrote: This patch allows to create application containers with liblxc.so directly. Some code cleanups on the way: - separate ops for lxc_execute() and lxc_start(): the factorisation is wrong here as we may have specific things to do if we're running an application container. It deserves separate ops. - lxc_arguments_dup() is merged in the pre-exec operation: this is a first use for the execute op introduced just above. It's better to build the arguments to execvp() where they're really used. Signed-off-by: Greg Kurz gk...@fr.ibm.com Cc: Cedric Le Goater c...@fr.ibm.com --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Don't list containers w/ active console sessions multiple times
On 09/14/2011 07:03 PM, Rainer Weikusat wrote: From: Rainer Weikusat rweiku...@mobileactivedefense.com The lxc-ls shell script uses netstat -xa to get a listing of AF_UNIX sockets it then parses in order to determine the names of presently running containers. This is wrong because it will list the listening socket and all sockets created by accepting connections on that. This causes the script to display the names of containers with active lxc-console sessions 1 + n times, n being the number of active console sessions. The patch below fixes this by using netstat -xl instead which only displays the listening sockets. Signed-off-by: Rainer Weikusat rweiku...@mobileactivedefense.com --- Applied. -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] lxc-fedora.in: Add missing default release variable
On 10/26/2011 04:29 PM, Tuomas Suutari wrote: The text says that 14 is default, but release=14 was not set anywhere in the script. Signed-off-by: Tuomas Suutari tuomas.suut...@gmail.com --- All patches applied. Thanks ! -- The demand for IT networking professionals continues to grow, and the demand for specialized networking skills is growing even more rapidly. Take a complimentary Learning@Cisco Self-Assessment and learn about Cisco certifications, training, and career opportunities. http://p.sf.net/sfu/cisco-dev2dev ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 5ddd950537c4f37814ac64a823ec1ab352c07b24
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 5ddd950537c4f37814ac64a823ec1ab352c07b24 (commit) via a2dea4ea209a8fcf6837668bbe59f350931d1c07 (commit) via f549edcc73bc56ab6a1b58c216e278de169b3772 (commit) via f6267d9011eea5074028dc44b49df3bd3df7443c (commit) via 93718f95af6bc38537b90629d9e5888f341afde9 (commit) from 7bd44bf6f68bfee9044ba783d1c3fc10f5f7650c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 5ddd950537c4f37814ac64a823ec1ab352c07b24 Author: Stéphane Graber stgra...@ubuntu.com Date: Thu Nov 10 09:45:52 2011 +0100 Ubuntu template: some tweaks Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit a2dea4ea209a8fcf6837668bbe59f350931d1c07 Author: Greg Kurz gk...@fr.ibm.com Date: Thu Nov 10 09:41:46 2011 +0100 lxc: use -iquote instead of -I To avoid name collisions between local and system header files. For example, if you try to include the pty.h system file, you end up including the one from lxc... Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f549edcc73bc56ab6a1b58c216e278de169b3772 Author: Greg Kurz gk...@fr.ibm.com Date: Thu Nov 10 09:41:46 2011 +0100 lxc: fix erroneous includes The notation is preferrable if the header file is local. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit f6267d9011eea5074028dc44b49df3bd3df7443c Author: Alexander Vladimirov id...@vlan1.ru Date: Thu Nov 10 09:41:46 2011 +0100 add lxc-archlinux template Hi, here's the patch which adds Arch linux container template Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 93718f95af6bc38537b90629d9e5888f341afde9 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Nov 10 09:41:46 2011 +0100 fix lxc-destroy Add missing 'localstatedir' directory definition. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: .gitignore |1 + configure.ac |1 + src/lxc/Makefile.am|7 +- src/lxc/genl.c |5 +- src/lxc/lxc-destroy.in |1 + src/lxc/lxc_info.c |3 +- src/lxc/mainloop.h |2 +- src/lxc/network.c |5 +- src/lxc/nl.c |3 +- src/lxc/restart.c |3 +- src/lxc/rtnl.c |5 +- src/lxc/start.c|5 +- templates/Makefile.am |3 +- templates/lxc-archlinux.in | 462 templates/lxc-ubuntu.in|5 +- 15 files changed, 496 insertions(+), 15 deletions(-) create mode 100644 templates/lxc-archlinux.in hooks/post-receive -- lxc -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Ubuntu template: Allow mknod (fixing udev upgrades) and drop mac_override and mac_admin from lxc.cap.drop as apparmor has/will have support for namespaces
On 11/02/2011 08:17 PM, Stéphane Graber wrote: --- templates/lxc-ubuntu.in |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in index 4f44b03..2be8680 100644 --- a/templates/lxc-ubuntu.in +++ b/templates/lxc-ubuntu.in @@ -179,9 +179,12 @@ lxc.pts = 1024 lxc.rootfs = $rootfs lxc.mount = $path/fstab lxc.arch = $arch -lxc.cap.drop = sys_module mac_override mac_admin +lxc.cap.drop = sys_module lxc.cgroup.devices.deny = a +# Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m # /dev/null and zero lxc.cgroup.devices.allow = c 1:3 rwm lxc.cgroup.devices.allow = c 1:5 rwm Applied. Thanks. -- RSA(R) Conference 2012 Save $700 by Nov 18 Register now http://p.sf.net/sfu/rsa-sfdev2dev1 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] application container can do the socket communication?
On 11/18/2011 09:39 AM, Greg Kurz wrote: On 11/18/2011 06:40 AM, liu...@neusoft.com wrote: hello everyone! I'm a rookie on the LXC, and i want to know wheather application container can do the socket communication with the host or not ? It depends on your kernel: you need at least 2.6.36 to do that. If yes, what need to configure? Nothing peculiar. Just make sure the socket file is shared with the host. Yes, for more precision. If you configured lxc without a private network stack, the sockets can communicate as they are shared with the system, but if you configure lxc with its own private network stack, you can *only* communicate through an AF_UNIX socket if the socket file is visible in the container's file system (in case mount bind works here). -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [GIT] lxc branch, master, updated. 9c7c90377cdc655b7d853a43dd93de439a4c1677
This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project lxc. The branch, master has been updated via 9c7c90377cdc655b7d853a43dd93de439a4c1677 (commit) from 5ddd950537c4f37814ac64a823ec1ab352c07b24 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log - commit 9c7c90377cdc655b7d853a43dd93de439a4c1677 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri Nov 18 16:09:47 2011 +0100 Revert lxc: use -iquote instead of -I This reverts commit a2dea4ea209a8fcf6837668bbe59f350931d1c07. --- Summary of changes: src/lxc/Makefile.am |7 +-- 1 files changed, 1 insertions(+), 6 deletions(-) hooks/post-receive -- lxc -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
On 11/16/2011 05:49 PM, Christian Seiler wrote: Hi, I've run into the same problem as was discussed in BUG #3411497 [1] and on the users mailing list [2]. To solve this, I've decided to implement the patch that was proposed on the mailing list [3]. The attached patch is against current trunk. Since trunk currently doesn't compile for me, I tested the patch against the current Debian package for LXC version 0.7.2. There, it still applies and works as expected for me, the bridge interface still keeps its mac address and the high byte of the mac address of the host veth interface is correctly set to 0xfe. It would be great if this patch or a slightly modified version could be applied to LXC. Hi guys are ok with this patch ? Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/4] lxc-init: use lxc_mainloop
On 11/08/2011 12:49 PM, Greg Kurz wrote: The goal here is to be able to multiplex several event sources in lxc-init. It will be a lot easier to add I/O driven features: for example, a rexec-like service to start extra commands in a container. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Cedric Le Goater c...@fr.ibm.com --- Hi Greg, the compilation fails with: gcc -I../../src -DLXCROOTFSMOUNT=\/usr/lib/lxc/rootfs\ -DLXCPATH=\/var/lib/lxc\ -DLXCINITDIR=\/usr/lib/lxc\ -g -O2 -Wall -lutil -o lxc-init lxc_init.o liblxc.so -lcap /usr/bin/ld: lxc_init.o: undefined reference to symbol 'login_tty@@GLIBC_2.0' /usr/bin/ld: note: 'login_tty@@GLIBC_2.0' is defined in DSO /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so so try adding it to the linker command line /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] change default path for config files to /etc/lxc
On 11/30/2011 01:07 PM, Alexey Shabalin wrote: 2011/10/13 Alexey Shabalin : 2011/9/27 Greg Kurz : On Tue, 2011-09-27 at 14:10 +0200, Frederic Crozat wrote: Le vendredi 26 août 2011 à 16:00 +0400, Alexey Shabalin a écrit : 2011/8/26 Daniel Lezcano : On 08/23/2011 03:56 PM, Alexey Shabalin wrote: Hello. I think the directory /etc better suited for storing configuration files. This patch allows you to specify the location configs as options for ./configure. Is this patch to store the configuraton files in /etc/lxc and the rootfs in /var/lib/lxc ? yes. this patch add new option --with-container-path (default /var/lib/lxc) and change option --with-config-path (default /etc/lxc). If you want to use configs in /var/lib/lxc, you can use --with-config-path=/var/lib/lxc. Any status on this patch ? I don't have any opinion on this patch, but it's likely to conflict with: http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=1c41ddcb4af633ac906f1d7c9ef1dc7d121d7850 I guess it should be rebased and resent. Cheers. Update patch. What about this patch? What about move configs to /etc? I have to respin it on top of git HEAD. Just one question: is the default behavior kept ? Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
On 12/05/2011 12:11 AM, Serge Hallyn wrote:
On 12/04/2011 04:28 AM, Daniel Lezcano wrote:
On 11/16/2011 05:49 PM, Christian Seiler wrote:
Hi,
I've run into the same problem as was discussed in BUG #3411497 [1]
and on
the users mailing list [2]. To solve this, I've decided to implement
the
patch that was proposed on the mailing list [3].
The attached patch is against current trunk. Since trunk currently
doesn't
compile for me, I tested the patch against the current Debian
package for
LXC version 0.7.2. There, it still applies and works as expected for
me,
the bridge interface still keeps its mac address and the high byte
of the
mac address of the host veth interface is correctly set to 0xfe.
It would be great if this patch or a slightly modified version could be
applied to LXC.
Hi guys
are ok with this patch ?
Thanks
-- Daniel
Sorry, where is the patch? I don't find it in the archives. Can
someone send it (inline)?
It was in attachment. Here it is.
From e1b4779a89964ec43fa2bc5f76fafd965c89f73f Mon Sep 17 00:00:00 2001
From: Christian Seiler christ...@iwakd.de
Date: Tue, 15 Nov 2011 18:53:53 +0100
Subject: [PATCH] Set high byte of mac addresses for host veth devices to 0xfe
When used in conjunction with a bridge, veth devices with random addresses
may change the mac address of the bridge itself if the mac address of the
interface newly added is numerically lower than the previous mac address
of the bridge. This is documented kernel behavior. To avoid changing the
host's mac address back and forth when starting and/or stopping containers,
this patch ensures that the high byte of the mac address of the veth
interface visible from the host side is set to 0xfe.
A similar logic is also implemented in libvirt.
Fixes SF bug #3411497
See also:
http://thread.gmane.org/gmane.linux.kernel.containers.lxc.general/2709
---
src/lxc/conf.c | 40
1 files changed, 40 insertions(+), 0 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 613e476..a5d067b 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1402,6 +1402,36 @@ static int setup_network(struct lxc_list *network)
return 0;
}
+static int setup_private_host_hw_addr(char *veth1)
+{
+ struct ifreq ifr;
+ int err;
+ int sockfd;
+
+ sockfd = socket(AF_INET, SOCK_DGRAM, 0);
+ if (sockfd 0)
+ return -errno;
+
+ snprintf((char *)ifr.ifr_name, IFNAMSIZ, %s, veth1);
+ err = ioctl(sockfd, SIOCGIFHWADDR, ifr);
+ if (err 0) {
+ close(sockfd);
+ return -errno;
+ }
+
+ ifr.ifr_hwaddr.sa_data[0] = 0xfe;
+ err = ioctl(sockfd, SIOCSIFHWADDR, ifr);
+ close(sockfd);
+ if (err 0)
+ return -errno;
+
+ DEBUG(mac address of host interface '%s' changed to private
%02x:%02x:%02x:%02x:%02x:%02x,
+ veth1, ifr.ifr_hwaddr.sa_data[0] 0xff,
ifr.ifr_hwaddr.sa_data[1] 0xff, ifr.ifr_hwaddr.sa_data[2] 0xff,
+ ifr.ifr_hwaddr.sa_data[3] 0xff, ifr.ifr_hwaddr.sa_data[4]
0xff, ifr.ifr_hwaddr.sa_data[5] 0xff);
+
+ return 0;
+}
+
struct lxc_conf *lxc_conf_init(void)
{
struct lxc_conf *new;
@@ -1455,6 +1485,16 @@ static int instanciate_veth(struct lxc_handler *handler,
struct lxc_netdev *netd
strerror(-err));
return -1;
}
+
+ /* changing the high byte of the mac address to 0xfe, the bridge
interface
+* will always keep the host's mac address and not take the mac address
+* of a container */
+ err = setup_private_host_hw_addr(veth1);
+ if (err) {
+ ERROR(failed to change mac address of host interface '%s' :
%s,
+ veth1, strerror(-err));
+ goto out_delete;
+ }
if (netdev-mtu) {
err = lxc_netdev_set_mtu(veth1, atoi(netdev-mtu));
-- 1.7.2.5
--
All the data continuously generated in your IT infrastructure
contains a definitive record of customers, application performance,
security threats, fraudulent activity, and more. Splunk takes this
data and makes sense of it. IT sense. And common sense.
http://p.sf.net/sfu/splunk-novd2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/4] lxc-init: use lxc_mainloop
On 12/05/2011 12:43 PM, Greg Kurz wrote: On Sun, 2011-12-04 at 11:33 +0100, Daniel Lezcano wrote: On 11/08/2011 12:49 PM, Greg Kurz wrote: The goal here is to be able to multiplex several event sources in lxc-init. It will be a lot easier to add I/O driven features: for example, a rexec-like service to start extra commands in a container. Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Cedric Le Goater c...@fr.ibm.com --- Hi Greg, the compilation fails with: gcc -I../../src -DLXCROOTFSMOUNT=\/usr/lib/lxc/rootfs\ -DLXCPATH=\/var/lib/lxc\ -DLXCINITDIR=\/usr/lib/lxc\ -g -O2 -Wall -lutil -o lxc-init lxc_init.o liblxc.so -lcap /usr/bin/ld: lxc_init.o: undefined reference to symbol 'login_tty@@GLIBC_2.0' /usr/bin/ld: note: 'login_tty@@GLIBC_2.0' is defined in DSO /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so so try adding it to the linker command line /usr/lib/gcc/i686-linux-gnu/4.6.1/../../../i386-linux-gnu/libutil.so: could not read symbols: Invalid operation collect2: ld returned 1 exit status Daniel, Thanks for giving a try to lxc-rexec. I do have a warning about login_tty() when compiling on fedora but not a link issue like what you get. I suggest we first kill the real culprit src/lxc/utmp.h, so that we can *really* include the utmp.h system header. Is that okay for you ? Do you want me to respin a new patchset ? AFAICS, you already killed the utmp.h with the rexec V2 patchset. Maybe the liblxc is not linked with libutil ? -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] setns() syscall perf issue
On 01/24/2012 09:54 PM, Dilip Daya wrote: Would you consider the the following changes to switch_task_namespaces() ?? Hi Dilip, I think you should send this patch to lkml and Cc Eric Biederman. You should have a better than this mailing list where we are focused on the userspace part of the containers. Thanks -- Daniel -- Keep Your Developer Skills Current with LearnDevNow! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] can LXC works with ip alias?
On 01/30/2012 03:29 AM, MaoXiaoyun wrote: Hi: Recently we are planning to set up a cluster by using LXC. But one problem we facing is it would be to much MAC address. Here is the detail. We plan 1000 lXC in one physical linux server, so there will be 1000 MAC address, suppose we have 100 servers, so total will have 1000 * 100 MAC address, far over the capbility of our switch(Currently our network is big second layer, all MAC addresses are recoreded in core switch). If one server's all container share the same MAC address, but different IP address, much like linux ip alias. There will be only 100 MAC existed. So my question is : is it possilbe to have LXC work with ip alias device? Unfortunately, it is not supported by the kernel and was a big discussion when the network namespace was implemented. Finally the decision was to act the layer 2 for the virtualization. Maybe, the macvlan virtual network driver could be enhanced to accept the same mac address as the link if the macvlan port belongs to another network namespace and then forwards the packets to all the macvlan ports like multicasting. Or any other suggestiones to solve the problem above. Yes, may be you can use the host as a gateway for the containers. -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Improve capability handling in LXC
On 02/01/2012 05:12 PM, Christian Seiler wrote: Hi, I've attached patches that improve capability handling in LXC. I stumbled upon the issue that I wanted to deactivate dmesg from inside containers with a fairly recent kernel. Instead of dropping CAP_SYS_ADMIN, as it was the case with previous kernel versions, one is now supposed to drop CAP_SYSLOG. Unfortunately, LXC doesn't know about it yet. The attached patches do the following: - add CAP_SYSLOG and CAP_WAKE_ALARM to the list of capabilities, since they are new - add a function that determines the maximum number of capabilities the current running kernel (not the one LXC is compiled against) supports - support the specification of numerical IDs for capabilities when using lxc.cap.drop. Then, even if LXC doesn't understand the capability or was compiled against an older kernel, it is still possible to drop that specific capability. Looks good to me. -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
