On Fri, 20 Jun 2014 17:30:33 -0400 Stéphane Graber <[email protected]> wrote:
> This is a rather massive cleanup of config/templates/* > > As new templates were added, I've noticed that we pretty much all > share the tty/pts configs, some capabilities being dropped and most > of the cgroup configuration. All the userns configs were also almost > identical. > > As a result, this change introduces two new files: > - common.conf.in > - userns.conf.in > > Each is included by the relevant <template>.<type>.conf.in templates, > this means that the individual per-template configs are now overlays > on top of the default config. > > Once we see a specific key becoming popular, we ought to check whether > it should also be applied to the other templates and if more than 50% > of the templates have it set to the same value, that value ought to be > moved to the master config file and then overriden for the templates > that do not use it. > > This change while pretty big and scary, shouldn't be very visible > from a user point of view, the actual changes can be summarized as: > - Extend clonehostname to work with Debian based distros and use it > for all containers. > - lxc.pivotdir is now set to lxc_putold for all templates, this means > that instead of using /mnt in the container, lxc will create and > use /lxc_putold instead. The reason for this is to avoid failures > when the user bind-mounts something else on top of /mnt. > - Some minor cgroup limit changes, the main one I remember is > /dev/console now being writable by all of the redhat based > containers. The rest of the set should be identical with additions in > the per-distro ones. > - Drop binfmtmisc and efivars bind-mounts for non-mountall based > unpriivileged containers as I assumed they got those from > copy/paste from Ubuntu and not because they actually need those > entries. (If I'm wrong, we probably should move those to userns.conf > then). > > Additional investigation and changes to reduce the config delta > between distros would be appreciated. In practice, I only expect > lxc.cap.drop and lxc.mount.entry to really vary between distros > (depending on the init system, the rest should be mostly common. > > I'm marking this as RFC because I haven't done any testing on this yet > and I've got to work on something else right now. I'd appreciate the > input from the affected template maintainers! Hi Stéphane, I looked through this and it looks good to me (one minor comment below). Thanks. > Signed-off-by: Stéphane Graber <[email protected]> > --- [...] > diff --git a/hooks/clonehostname b/hooks/clonehostname > index 8865c2d..e5676af 100755 > --- a/hooks/clonehostname > +++ b/hooks/clonehostname > @@ -20,7 +20,9 @@ > # Note that /etc/hostname is updated by lxc itself > for file in \ > $LXC_ROOTFS_PATH/etc/sysconfig/network \ > - $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* ; > + $LXC_ROOTFS_PATH/etc/sysconfig/network-scripts/ifcfg-* \ > + $LXC_ROOTFS_PATH/etc/hostname \ > + $LXC_ROOTFS_PATH/etc/hosts ; > do > if [ -f $file ]; then > sed -i "s|$LXC_SRC_NAME|$LXC_NAME|" $file As I put in the comment above, I didn't put /etc/hostname into the list in the hook since clone_update_rootfs() already does it, and if we put it here it will override the LXC_CLONE_KEEPNAME flag. _______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
