Re: [Lxc-users] lxc-start on openvz tempate
On Thu, 2010-06-24 at 08:55 +0200, Daniel Lezcano wrote: : - snip Console output is not defaulting to the current tty, so you have to specify lxc-start -n fsn -s lxc.console=$(tty) That will be fixed for 0.7.1, I will release probably tomorrow. Will that also be including the ro bind mount options as discussed in some other threads? I would like to deploy and test that and test to see if remounting still propagates ro/rw changes between containers. Thanks -- Daniel Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-start on openvz tempate
Papp Tamás wrote, On 2010. 06. 24. 21:43: Daniel Lezcano wrote, On 2010. 06. 24. 8:55: Console output is not defaulting to the current tty, so you have to specify lxc-start -n fsn -s lxc.console=$(tty) That will be fixed for 0.7.1, I will release probably tomorrow. I've just realized, what do you mean. My problem is not the lack of console messages, but the functionality. It's just not working, for example I can't ping it. But right now this is the smaller problem. The bigger is that I cannot stop or destroy it properly: $ lxc-start -l DEBUG -o $(tty) -n fsn -s lxc.console=$(tty) lxc-start 1277408070.110 DEBUGlxc_conf - allocated pty '/dev/pts/1' (4/5) lxc-start 1277408070.110 DEBUGlxc_conf - allocated pty '/dev/pts/2' (6/7) lxc-start 1277408070.110 DEBUGlxc_conf - allocated pty '/dev/pts/3' (8/9) lxc-start 1277408070.110 DEBUGlxc_conf - allocated pty '/dev/pts/4' (10/11) lxc-start 1277408070.110 INFO lxc_conf - tty's configured lxc-start 1277408070.111 DEBUGlxc_start - sigchild handler set lxc-start 1277408070.111 INFO lxc_start - 'fsn' is initialized lxc-start 1277408070.184 DEBUGlxc_cgroup - using cgroup mounted at '/cgroup' lxc-start 1277408070.184 ERRORlxc_cgroup - Device or resource busy - failed to remove previous cgroup '/cgroup/fsn' lxc-start: Device or resource busy - failed to remove previous cgroup '/cgroup/fsn' lxc-start 1277408070.184 ERRORlxc_start - failed to spawn 'fsn' lxc-start: failed to spawn 'fsn' lxc-start 1277408070.184 DEBUGlxc_cgroup - using cgroup mounted at '/cgroup' lxc-start 1277408070.184 ERRORlxc_cgroup - Device or resource busy - failed to remove cgroup '/cgroup/fsn' lxc-start: Device or resource busy - failed to remove cgroup '/cgroup/fsn' $ ls /cgroup/fsn cgroup.procs cpuset.mem_exclusive cpuset.sched_relax_domain_level memory.limit_in_bytes memory.swappiness cpuacct.stat cpuset.mem_hardwall cpu.shares memory.max_usage_in_bytes memory.usage_in_bytes cpuacct.usage cpuset.memory_migrate devices.allowmemory.memsw.failcnt memory.use_hierarchy cpuacct.usage_percpu cpuset.memory_pressure devices.deny memory.memsw.limit_in_bytes net_cls.classid cpu.rt_period_us cpuset.memory_spread_page devices.list memory.memsw.max_usage_in_bytes notify_on_release cpu.rt_runtime_us cpuset.memory_spread_slab freezer.statememory.memsw.usage_in_bytes tasks cpuset.cpu_exclusive cpuset.mems memory.failcnt memory.soft_limit_in_bytes cpuset.cpus cpuset.sched_load_balance memory.force_empty memory.stat $ lxc-destroy -n fsn $ ls /cgroup/fsn cgroup.procs cpuset.mem_exclusive cpuset.sched_relax_domain_level memory.limit_in_bytes memory.swappiness cpuacct.stat cpuset.mem_hardwall cpu.shares memory.max_usage_in_bytes memory.usage_in_bytes cpuacct.usage cpuset.memory_migrate devices.allowmemory.memsw.failcnt memory.use_hierarchy cpuacct.usage_percpu cpuset.memory_pressure devices.deny memory.memsw.limit_in_bytes net_cls.classid cpu.rt_period_us cpuset.memory_spread_page devices.list memory.memsw.max_usage_in_bytes notify_on_release cpu.rt_runtime_us cpuset.memory_spread_slab freezer.statememory.memsw.usage_in_bytes tasks cpuset.cpu_exclusive cpuset.mems memory.failcnt memory.soft_limit_in_bytes cpuset.cpus cpuset.sched_load_balance memory.force_empty memory.stat I'm really confused:( I user lxc on other Lucid servers with no problem. BTW, I don't know whether it matters or not, this morning: Jun 24 09:24:24 sopranos kernel: [142852.638965] BUG: unable to handle kernel paging request at ffb3 Jun 24 09:24:24 sopranos kernel: [142852.643127] IP: [812b4045] kref_put+0x25/0x70 Jun 24 09:24:24 sopranos kernel: [142852.643127] PGD 1003067 PUD 1004067 PMD 0 Jun 24 09:24:24 sopranos kernel: [142852.643127] Oops: 0002 [#14] SMP Jun 24 09:24:24 sopranos kernel: [142852.643127] last sysfs file: /sys/devices/platform/i5k_amb.0/temp4_alarm Jun 24 09:24:24 sopranos kernel: [142852.643127] CPU 5 Jun 24 09:24:24 sopranos kernel: [142852.643127] Modules linked in: bridge stp xfs exportfs i5000_edac edac_core i5k_amb fbcon tileblit font bitblit softcursor vga16fb vgastate lp serio_raw shpchp parport raid10 raid456 async_raid6_recov async_pq raid6_pq async_xor async_memcpy async_tx raid1 raid0 multipath linear dm_raid45
[Lxc-users] lxc-0.7.1 released
Hi All, Notes: == Bug fixes only. ChangeLog: == Ciprian Dorin, Craciun (1): lxc to apply mount options for bind mounts Daniel Lezcano (6): fix sshd template fix bad free when reading the configuration file fix default console to /dev/tty fix /proc not mounted in debian container remove bad default console option in ubuntu template -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] patch for read-only bind-mount
On 06/22/2010 07:25 AM, John Brendler wrote: lxc fails to make read-only bind mounts as documented. Read-only bind mounts are important to many use cases. A simple patch has been submitted to the lxc-devel mailing list (by Ciprian Dorin), but when I last checked, it was not clear if any action had been taken on it. It is clear, however, that the bug still exists in release 0.7.0. I have tested the patch, and it fixes the problem in both 0.6.5 and 0.7.0. I have been using it for a couple months. This is where the patch was submitted to the lxc-devel list.- http://sourceforge.net/mailarchive/forum.php?thread_name=4B9E0AE0.9000100%40free.frforum_name=lxc-devel I think this patch should be implemented (when it is convenient to do so). This is a significant loss of functionality that effects the security of a security-oriented application. So I am posting so that others know the patch exists and also to see what should be done to get this included in the next release. Details: - In short, a line like this in a container's configuration file should have the effect of bind-mounting the file (e.g. /sbin directory below) within the container and making it *read-only*: lxc.mount.entry = /sbin /lxc/container07/sbin none ro,bind 0 0 Or in a fstab-formatted file referred to by a lxc.mount entry in the config file, it would simply be: /sbin /lxc/container07/sbin none ro,bind 0 0 Unfortunately, it doesn't work. It bind-mounts, but gives a little warning that it appears to mounted read-write. This is easily confirmed by writing and deleting files in the filesystems that should have been mounted read-only. This is unforunate, considering the whole point of these tools is secure compartmentalization. Normally, a read-only bind mount requires two steps: mount -o bind /sbin /lxc/container07/sbin mount -o remount,ro /lxc/container07/sbin So, one may work around this bug by executing a script (after starting the container) to carry out that second step, remounting the appropriate things in read-only mode. But this shouldn't be necessary, since handling read-only bind-mounts are an intended feature of the lxc tools. The patch is very simple and does seem to fix the problem nicely. Barring regressions I may not be aware of, I, for one, would like to see it implemented. I am using it as a means to re-use the host operating system's files, in read-only bind-mounts, with exceptions overlaid on top of them (rather than having to maintain an additional and separate guest operating system filesystem). With the patch, this seems to work quite well. John, I merged the Ciprian's patch and released the 0.7.1 with it. Thanks for pointing the problem. -- Daniel -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-start on openvz tempate
Daniel Lezcano wrote, On 2010. 06. 24. 22:38: That's probably mean the container is already running. Did you checked with lxc-ps --name fsn ? Well, you are right. But shouldn't it also show it with lxc-ps --lxc ? $ lxc-destroy -n fsn That will destroy the container, remove the container's configuration, rootfs, etc ... The cgroup is destroyed when the container exits not with lxc-destroy. I just write it, as nothing cat help. At this point, you will have to create your container again. Of course I did, but lxc-stop don't stop it. Also I tried with 0.7.1. [..] I'v just successfully stopped the container after trying it a couple of times. Finally I could start it successfully. Thank for your help, tamas -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
Re: [Lxc-users] lxc-start on openvz tempate
On 06/24/2010 11:16 PM, Papp Tamás wrote: Daniel Lezcano wrote, On 2010. 06. 24. 22:38: That's probably mean the container is already running. Did you checked with lxc-ps --name fsn ? Well, you are right. But shouldn't it also show it with lxc-ps --lxc ? Yes, correct. The --lxc option will show all the containers. [ ... ] Finally I could start it successfully. Cool :) Thank for your help, You are welcome. -- Daniel -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky parental unit. See the prize list and enter to win: http://p.sf.net/sfu/thinkgeek-promo ___ Lxc-users mailing list Lxc-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-users
