Re: [lxc-devel] [PATCH] ubuntu templates: don't check for $rootfs/run/shm
On Thu, Aug 07, 2014 at 03:23:48AM +, Serge Hallyn wrote: /dev/shm must be turned from a directory into a symlink to /run/shm. The templates do this only if they find -d $rootfs/run/shm. Since /run will be a tmpfs, checking for it in the rootfs is silly. It also is currently broken as ubuntu cloud images have an empty /run. (this should fix https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1353734) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com --- templates/lxc-ubuntu-cloud.in | 2 +- templates/lxc-ubuntu.in | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in index 5de1dbd..c4eb5ca 100644 --- a/templates/lxc-ubuntu-cloud.in +++ b/templates/lxc-ubuntu-cloud.in @@ -122,7 +122,7 @@ EOF # get bind mounted to the host's /run/shm. So try to rmdir # it, and in case that fails move it out of the way. # NOTE: This can only be removed once 12.04 goes out of support -if [ ! -L $rootfs/dev/shm ] [ -d $rootfs/run/shm ] [ -e $rootfs/dev/shm ]; then +if [ ! -L $rootfs/dev/shm ] [ -e $rootfs/dev/shm ]; then rmdir $rootfs/dev/shm 2/dev/null || mv $rootfs/dev/shm $rootfs/dev/shm.bak ln -s /run/shm $rootfs/dev/shm fi diff --git a/templates/lxc-ubuntu.in b/templates/lxc-ubuntu.in index e54b558..43d4817 100644 --- a/templates/lxc-ubuntu.in +++ b/templates/lxc-ubuntu.in @@ -620,7 +620,7 @@ EOF # get bind mounted to the host's /run/shm. So try to rmdir # it, and in case that fails move it out of the way. # NOTE: This can only be removed once 12.04 goes out of support -if [ ! -L $rootfs/dev/shm ] [ -d $rootfs/run/shm ] [ -e $rootfs/dev/shm ]; then +if [ ! -L $rootfs/dev/shm ] [ -e $rootfs/dev/shm ]; then rmdir $rootfs/dev/shm 2/dev/null || mv $rootfs/dev/shm $rootfs/dev/shm.bak ln -s /run/shm $rootfs/dev/shm fi -- 2.1.0.rc1 ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] clean autodev dir on container exit
Hello,
We received this patch on github: https://github.com/lxc/lxc/pull/289.patch
While it does appear to make sense to me that we don't want cruft piling
up in /dev, especially on systems creating hundreds/thousands of
temporary containers, Serge told me that this may have been done by
design.
So I'm forwarding this one to the list to get some feedback from Mike
and whoever else is involved with that autodev stuff :)
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
---BeginMessage---
When lxc.autodev = 1, LXC creates automatically a /dev/.lxc/name.hash
folder to put container's devices in so that they are visible from both
the host and the container itself.
On container exit (ne it normal or not), this folder was not cleaned
which made /dev folder grow continuously.
We fix this by adding a new `int lxc_delete_autodev(struct lxc_handler
*handler)` called from `static void lxc_fini(const char *name, struct
lxc_handler *handler)`.
Signed-off-by: Jean-Tiare LE BIGOT jean-tiare.le-bi...@ovh.net
---
src/lxc/conf.c | 78 -
src/lxc/conf.h | 1 +
src/lxc/start.c | 1 +
3 files changed, 68 insertions(+), 12 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 473d076..3ba118d 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -288,6 +288,9 @@ static struct caps_opt caps_opt[] = {
static struct caps_opt caps_opt[] = {};
#endif
+const char *dev_base_path = /dev/.lxc;
+const char *dev_user_path = /dev/.lxc/user;
+
static int run_buffer(char *buffer)
{
struct lxc_popen_FILE *f;
@@ -1259,13 +1262,11 @@ static char *mk_devtmpfs(const char *name, char *path,
const char *lxcpath)
struct stat s;
char tmp_path[MAXPATHLEN];
char fstype[MAX_FSTYPE_LEN];
- char *base_path = /dev/.lxc;
- char *user_path = /dev/.lxc/user;
uint64_t hash;
- if ( 0 != access(base_path, F_OK) || 0 != stat(base_path, s) || 0 ==
S_ISDIR(s.st_mode) ) {
+ if ( 0 != access(dev_base_path, F_OK) || 0 != stat(dev_base_path, s)
|| 0 == S_ISDIR(s.st_mode) ) {
/* This is just making /dev/.lxc it better work or we're done */
- ret = mkdir(base_path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH |
S_IXOTH);
+ ret = mkdir(dev_base_path, S_IRWXU | S_IRGRP | S_IXGRP |
S_IROTH | S_IXOTH);
if ( ret ) {
SYSERROR( Unable to create /dev/.lxc for autodev );
return NULL;
@@ -1299,19 +1300,19 @@ static char *mk_devtmpfs(const char *name, char *path,
const char *lxcpath)
}
}
- if ( 0 != access(user_path, F_OK) || 0 != stat(user_path, s) || 0 ==
S_ISDIR(s.st_mode) ) {
+ if ( 0 != access(dev_user_path, F_OK) || 0 != stat(dev_user_path, s)
|| 0 == S_ISDIR(s.st_mode) ) {
/*
* This is making /dev/.lxc/user path for non-priv users.
* If this doesn't work, we'll have to fall back in the
* case of non-priv users. It's mode 1777 like /tmp.
*/
- ret = mkdir(user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
+ ret = mkdir(dev_user_path, S_IRWXU | S_IRWXG | S_IRWXO |
S_ISVTX);
if ( ret ) {
/* Issue an error but don't fail yet! */
ERROR(Unable to create /dev/.lxc/user);
}
/* Umask tends to screw us up here */
- chmod(user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
+ chmod(dev_user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
}
/*
@@ -1326,18 +1327,18 @@ static char *mk_devtmpfs(const char *name, char *path,
const char *lxcpath)
hash = fnv_64a_buf(tmp_path, ret, FNV1A_64_INIT);
- ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016 PRIx64, base_path,
name, hash);
+ ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016 PRIx64,
dev_base_path, name, hash);
if (ret 0 || ret = MAXPATHLEN)
return NULL;
if ( 0 != access(tmp_path, F_OK) || 0 != stat(tmp_path, s) || 0 ==
S_ISDIR(s.st_mode) ) {
ret = mkdir(tmp_path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH |
S_IXOTH);
if ( ret ) {
- /* Something must have failed with the base_path...
-* Maybe unpriv user. Try user_path now... */
+ /* Something must have failed with the dev_base_path...
+* Maybe unpriv user. Try dev_user_path now... */
INFO(Setup in /dev/.lxc failed. Trying
/dev/.lxc/user. );
- ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016
PRIx64, user_path, name, hash);
+ ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016
PRIx64, dev_user_path, name, hash);
if (ret 0 || ret = MAXPATHLEN)
Re: [lxc-devel] [PATCH] clean autodev dir on container exit
Quoting Jean-Tiare LE BIGOT (jean-tiare.le-bi...@ovh.net): On 08/08/2014 06:41 PM, Serge Hallyn wrote: Quoting Stéphane Graber (stgra...@ubuntu.com): Hello, We received this patch on github: https://github.com/lxc/lxc/pull/289.patch While it does appear to make sense to me that we don't want cruft piling up in /dev, especially on systems creating hundreds/thousands of temporary containers, Serge told me that this may have been done by design. Right, I wasn't sure whether Michael wanted those to persist. If not, then great let's apply as is. If so, then how about if we have lxc check at start time whether the dir already existed - if so it leaves it be, else it removes it at shutdown? Or maybe I can just add a check to see if the container has a valid configuration path. If it is not valid, container has been created via the API AND not persisted, hence not persistent. Sounds good. In addition we might want both lxc-destroy and the auto-cleanup in lxc-start-ephemeral (if needed) to call that cleanup fn. ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 0a188a: lxc-start: Add -F (foreground) option
Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 0a188a3f51c1b015afda5677c7e090ed9c41141b https://github.com/lxc/lxc/commit/0a188a3f51c1b015afda5677c7e090ed9c41141b Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M doc/lxc-start.sgml.in M src/lxc/lxc_start.c Log Message: --- lxc-start: Add -F (foreground) option Introduce a new -F option (no-op for now) as an opposite of -d. Signed-off-by: Stéphane Graber stgra...@ubuntu.com Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com Commit: 15d7099dc947f7427bd5d47e877f769e5383a269 https://github.com/lxc/lxc/commit/15d7099dc947f7427bd5d47e877f769e5383a269 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M templates/lxc-download.in Log Message: --- download: Have wget retry 3 times This forces wget to retry if it gets a network error. Signed-off-by: Stéphane Graber stgra...@ubuntu.com Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com Commit: 601b7c260d59802559827f49c92f996c6f55dd80 https://github.com/lxc/lxc/commit/601b7c260d59802559827f49c92f996c6f55dd80 Author: Dwight Engen dwight.en...@oracle.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M config/Makefile.am A config/selinux/Makefile.am A config/selinux/lxc.if A config/selinux/lxc.te M configure.ac M doc/lxc.container.conf.sgml.in Log Message: --- provide an example SELinux policy for older releases The virtd_lxc_t type provided by the default RHEL/CentOS/Oracle 6.5 policy is an unconfined_domain(), so it doesn't really enforce anything. This change will provide a link in the documentation to an example policy that does confine containers. On more recent distributions with new enough policy, it is recommended not to use this sample policy, but to use the types already available on the system from /etc/selinux/targeted/contexts/lxc_contexts, ie: process = system_u:system_r:svirt_lxc_net_t:s0 file = system_u:object_r:svirt_sandbox_file_t:s0 Signed-off-by: Dwight Engen dwight.en...@oracle.com Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com Commit: 6affb6ef1e5088cdad5e04b090c2ca136b960561 https://github.com/lxc/lxc/commit/6affb6ef1e5088cdad5e04b090c2ca136b960561 Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M src/lxc/conf.c M src/lxc/conf.h M src/lxc/lxc_usernsexec.c M src/lxc/lxccontainer.c Log Message: --- print a helpful message if creating unpriv container with no idmap This gives me: ubuntu@c-t1:~$ lxc-create -t download -n u1 lxc_container: No mapping for container root lxc_container: Error chowning /home/ubuntu/.local/share/lxc/u1/rootfs to container root lxc_container: You must either run as root, or define uid mappings lxc_container: To pass uid mappings to lxc-create, you could create lxc_container: ~/.config/lxc/default.conf: lxc_container: lxc.include = /etc/lxc/default.conf lxc_container: lxc.id_map = u 0 10 65536 lxc_container: lxc.id_map = g 0 10 65536 lxc_container: Error creating backing store type (none) for u1 lxc_container: Error creating container u1 when I create a container without having an id mapping defined. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Commit: 29cb3e8f35a803ab733fa0f001eb67bf9e9f4188 https://github.com/lxc/lxc/commit/29cb3e8f35a803ab733fa0f001eb67bf9e9f4188 Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M src/lxc/conf.c Log Message: --- use non-thread-safe getpwuid and getpwgid for android We only call it (so far) after doing a fork(), so this is fine. If we ever need such a thing from threaded context, we'll simply need to write our own version for android. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com Commit: 0750fdbf40046bf96b272c52dd7c986bcb6a66be https://github.com/lxc/lxc/commit/0750fdbf40046bf96b272c52dd7c986bcb6a66be Author: KATOH Yasufumi ka...@jazz.email.ne.jp Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M doc/ja/lxc-start.sgml.in Log Message: --- doc: Add -F option to Japanese lxc-start(1) Update for commit 476d302 Signed-off-by: KATOH Yasufumi ka...@jazz.email.ne.jp Acked-by: Stéphane Graber stgra...@ubuntu.com Commit: f6f07ecd1f52b95e2c371df48af5be4f5851d356 https://github.com/lxc/lxc/commit/f6f07ecd1f52b95e2c371df48af5be4f5851d356 Author: KATOH Yasufumi ka...@jazz.email.ne.jp Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M doc/ja/lxc.container.conf.sgml.in Log Message: --- doc: Update the description of SELinux in Japanese lxc.container.conf(5) Update for commit 719fae0 Signed-off-by: KATOH Yasufumi ka...@jazz.email.ne.jp Acked-by: Stéphane
[lxc-devel] [PATCH 1/1] log_path: free on lxc_conf free (for master)
This is for the master branch, to fix a memleak on conf free.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
src/lxc/conf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 237bad4..531a588 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4482,6 +4482,8 @@ void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
return;
+ if (conf-console.log_path)
+ free(conf-console.log_path);
if (conf-console.path)
free(conf-console.path);
if (conf-rootfs.mount)
--
2.1.0.rc1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH -stable] add lxc.console.logpath
logpath has been supported through lxc-start command line, but not
through the API. Since the lxc.console is now required to be a device,
support lxc.console.logfile to be a simple file to which console output
will be logged.
clear_config_item is not supported, as it isn't for lxc.console, bc
you can do 'lxc.console.logfile =' to clear it.
(This patch is for stable-1.0)
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
doc/lxc.container.conf.sgml.in | 17 ++---
src/lxc/conf.c | 2 ++
src/lxc/confile.c | 12
3 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 0cf1639..88a5f05 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -536,13 +536,24 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
variablelist
varlistentry
term
- optionlxc.console/option
+ optionlxc.console.logfile/option
/term
listitem
para
Specify a path to a file where the console output will
- be written. The keyword 'none' will simply disable the
- console. This is dangerous once if have a rootfs with a
+ be written.
+ /para
+ /listitem
+ /varlistentry
+ varlistentry
+ term
+ optionlxc.console/option
+ /term
+ listitem
+ para
+ Specify a path to a device to which the console will be
+ attached. The keyword 'none' will simply disable the
+ console. This is dangerous once if have a rootfs with a
console device file where the application can write, the
messages will fall in the host.
/para
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a90c57c..7fb6e6f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4390,6 +4390,8 @@ void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
return;
+ if (conf-console.log_path)
+ free(conf-console.log_path);
if (conf-console.path)
free(conf-console.path);
if (conf-rootfs.mount)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4c3338d..dcd9518 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -88,6 +88,7 @@ static int config_network_ipv6_gateway(const char *, const
char *, struct lxc_co
static int config_cap_drop(const char *, const char *, struct lxc_conf *);
static int config_cap_keep(const char *, const char *, struct lxc_conf *);
static int config_console(const char *, const char *, struct lxc_conf *);
+static int config_console_logfile(const char *, const char *, struct lxc_conf
*);
static int config_seccomp(const char *, const char *, struct lxc_conf *);
static int config_includefile(const char *, const char *, struct lxc_conf *);
static int config_network_nic(const char *, const char *, struct lxc_conf *);
@@ -142,6 +143,7 @@ static struct lxc_config_t config[] = {
{ lxc.network., config_network_nic },
{ lxc.cap.drop, config_cap_drop },
{ lxc.cap.keep, config_cap_keep },
+ { lxc.console.logfile, config_console_logfile },
{ lxc.console, config_console },
{ lxc.seccomp, config_seccomp },
{ lxc.include, config_includefile },
@@ -1564,6 +1566,12 @@ static int config_console(const char *key, const char
*value,
return config_path_item(lxc_conf-console.path, value);
}
+static int config_console_logfile(const char *key, const char *value,
+ struct lxc_conf *lxc_conf)
+{
+ return config_path_item(lxc_conf-console.log_path, value);
+}
+
static int config_includefile(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
@@ -2160,6 +2168,8 @@ int lxc_get_config_item(struct lxc_conf *c, const char
*key, char *retv,
return lxc_get_cgroup_entry(c, retv, inlen, key + 11);
else if (strcmp(key, lxc.utsname) == 0)
v = c-utsname ? c-utsname-nodename : NULL;
+ else if (strcmp(key, lxc.console.logfile) == 0)
+ v = c-console.log_path;
else if (strcmp(key, lxc.console) == 0)
v = c-console.path;
else if (strcmp(key, lxc.rootfs.mount) == 0)
@@ -2410,6 +2420,8 @@ void write_config(FILE *fout, struct lxc_conf *c)
}
if (c-console.path)
fprintf(fout, lxc.console = %s\n, c-console.path);
+ if (c-console.log_path)
+ fprintf(fout, lxc.console.logfile = %s\n,
c-console.log_path);
if (c-rootfs.path)
fprintf(fout, lxc.rootfs = %s\n, c-rootfs.path);
if (c-rootfs.mount strcmp(c-rootfs.mount,
[lxc-devel] [lxc/lxc] b91f00: log_path: free on lxc_conf free (for master)
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: b91f00d3473bc320cba1a00ff9c0c87a44f2c21a https://github.com/lxc/lxc/commit/b91f00d3473bc320cba1a00ff9c0c87a44f2c21a Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M src/lxc/conf.c Log Message: --- log_path: free on lxc_conf free (for master) This is for the master branch, to fix a memleak on conf free. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] log_path: free on lxc_conf free (for master)
On Fri, Aug 08, 2014 at 06:27:24PM +, Serge Hallyn wrote:
This is for the master branch, to fix a memleak on conf free.
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Acked-by: Stéphane Graber stgra...@ubuntu.com
---
src/lxc/conf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 237bad4..531a588 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4482,6 +4482,8 @@ void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
return;
+ if (conf-console.log_path)
+ free(conf-console.log_path);
if (conf-console.path)
free(conf-console.path);
if (conf-rootfs.mount)
--
2.1.0.rc1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 4d772b: Do not allow snapshots of LVM backed containers
Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: 4d772b5d2dc3e1be60d13c71e415934153e00a50 https://github.com/lxc/lxc/commit/4d772b5d2dc3e1be60d13c71e415934153e00a50 Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M src/lxc/bdev.c M src/lxc/bdev.h M src/lxc/lxccontainer.c Log Message: --- Do not allow snapshots of LVM backed containers They don't work right now, so until we fix that, don't allow it. (This patch is for stable-1.0) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH -stable] Do not allow snapshots of LVM backed containers
On Fri, Aug 08, 2014 at 06:31:45PM +, Serge Hallyn wrote:
They don't work right now, so until we fix that, don't allow it.
(This patch is for stable-1.0)
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Acked-by: Stéphane Graber stgra...@ubuntu.com
---
src/lxc/bdev.c | 22 ++
src/lxc/bdev.h | 2 ++
src/lxc/lxccontainer.c | 6 ++
3 files changed, 30 insertions(+)
diff --git a/src/lxc/bdev.c b/src/lxc/bdev.c
index 8d907af..5e45fa9 100644
--- a/src/lxc/bdev.c
+++ b/src/lxc/bdev.c
@@ -520,6 +520,7 @@ static const struct bdev_ops dir_ops = {
.destroy = dir_destroy,
.create = dir_create,
.can_snapshot = false,
+ .can_backup = true,
};
@@ -784,6 +785,7 @@ static const struct bdev_ops zfs_ops = {
.destroy = zfs_destroy,
.create = zfs_create,
.can_snapshot = true,
+ .can_backup = true,
};
//
@@ -1179,6 +1181,7 @@ static const struct bdev_ops lvm_ops = {
.destroy = lvm_destroy,
.create = lvm_create,
.can_snapshot = true,
+ .can_backup = false,
};
/*
@@ -1858,6 +1861,7 @@ static const struct bdev_ops btrfs_ops = {
.destroy = btrfs_destroy,
.create = btrfs_create,
.can_snapshot = true,
+ .can_backup = true,
};
//
@@ -2129,6 +2133,7 @@ static const struct bdev_ops loop_ops = {
.destroy = loop_destroy,
.create = loop_create,
.can_snapshot = false,
+ .can_backup = true,
};
//
@@ -2426,6 +2431,7 @@ static const struct bdev_ops overlayfs_ops = {
.destroy = overlayfs_destroy,
.create = overlayfs_create,
.can_snapshot = true,
+ .can_backup = true,
};
//
@@ -2703,6 +2709,7 @@ static const struct bdev_ops aufs_ops = {
.destroy = aufs_destroy,
.create = aufs_create,
.can_snapshot = true,
+ .can_backup = true,
};
@@ -2769,6 +2776,9 @@ struct bdev *bdev_init(const char *src, const char
*dst, const char *mntopts)
struct bdev *bdev;
const struct bdev_type *q;
+ if (!src)
+ return NULL;
+
q = bdev_query(src);
if (!q)
return NULL;
@@ -2855,6 +2865,18 @@ bool bdev_is_dir(const char *path)
return ret;
}
+bool bdev_can_backup(struct lxc_conf *conf)
+{
+ struct bdev *bdev = bdev_init(conf-rootfs.path, NULL, NULL);
+ bool ret;
+
+ if (!bdev)
+ return false;
+ ret = bdev-ops-can_backup;
+ bdev_put(bdev);
+ return ret;
+}
+
/*
* is an unprivileged user allowed to make this kind of snapshot
*/
diff --git a/src/lxc/bdev.h b/src/lxc/bdev.h
index 3dcb961..0907fb7 100644
--- a/src/lxc/bdev.h
+++ b/src/lxc/bdev.h
@@ -48,6 +48,7 @@ struct bdev_ops {
const char *cname, const char *oldpath, const char
*lxcpath,
int snap, uint64_t newsize, struct lxc_conf *conf);
bool can_snapshot;
+ bool can_backup;
};
/*
@@ -71,6 +72,7 @@ struct bdev {
char *overlay_getlower(char *p);
bool bdev_is_dir(const char *path);
+bool bdev_can_backup(struct lxc_conf *conf);
/*
* Instantiate a bdev object. The src is used to determine which blockdev
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 5166614..22373bf 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -2865,6 +2865,12 @@ static int lxcapi_snapshot(struct lxc_container *c,
const char *commentfile)
if (!c || !lxcapi_is_defined(c))
return -1;
+ if (!bdev_can_backup(c-lxc_conf)) {
+ ERROR(%s's backing store cannot be backed up., c-name);
+ ERROR(Your container must use another backing store type.);
+ return -1;
+ }
+
// /var/lib/lxc - /var/lib/lxcsnaps \0
ret = snprintf(snappath, MAXPATHLEN, %ssnaps/%s, c-config_path,
c-name);
if (ret 0 || ret = MAXPATHLEN)
--
2.1.0.rc1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH -stable] add lxc.console.logpath
On Fri, Aug 08, 2014 at 06:34:38PM +, Serge Hallyn wrote:
logpath has been supported through lxc-start command line, but not
through the API. Since the lxc.console is now required to be a device,
support lxc.console.logfile to be a simple file to which console output
will be logged.
clear_config_item is not supported, as it isn't for lxc.console, bc
you can do 'lxc.console.logfile =' to clear it.
(This patch is for stable-1.0)
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
Acked-by: Stéphane Graber stgra...@ubuntu.com
---
doc/lxc.container.conf.sgml.in | 17 ++---
src/lxc/conf.c | 2 ++
src/lxc/confile.c | 12
3 files changed, 28 insertions(+), 3 deletions(-)
diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in
index 0cf1639..88a5f05 100644
--- a/doc/lxc.container.conf.sgml.in
+++ b/doc/lxc.container.conf.sgml.in
@@ -536,13 +536,24 @@ Foundation, Inc., 51 Franklin Street, Fifth Floor,
Boston, MA 02110-1301 USA
variablelist
varlistentry
term
- optionlxc.console/option
+ optionlxc.console.logfile/option
/term
listitem
para
Specify a path to a file where the console output will
- be written. The keyword 'none' will simply disable the
- console. This is dangerous once if have a rootfs with a
+ be written.
+ /para
+ /listitem
+ /varlistentry
+ varlistentry
+ term
+ optionlxc.console/option
+ /term
+ listitem
+ para
+ Specify a path to a device to which the console will be
+ attached. The keyword 'none' will simply disable the
+ console. This is dangerous once if have a rootfs with a
console device file where the application can write, the
messages will fall in the host.
/para
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index a90c57c..7fb6e6f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -4390,6 +4390,8 @@ void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
return;
+ if (conf-console.log_path)
+ free(conf-console.log_path);
if (conf-console.path)
free(conf-console.path);
if (conf-rootfs.mount)
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4c3338d..dcd9518 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -88,6 +88,7 @@ static int config_network_ipv6_gateway(const char *, const
char *, struct lxc_co
static int config_cap_drop(const char *, const char *, struct lxc_conf *);
static int config_cap_keep(const char *, const char *, struct lxc_conf *);
static int config_console(const char *, const char *, struct lxc_conf *);
+static int config_console_logfile(const char *, const char *, struct
lxc_conf *);
static int config_seccomp(const char *, const char *, struct lxc_conf *);
static int config_includefile(const char *, const char *, struct lxc_conf *);
static int config_network_nic(const char *, const char *, struct lxc_conf *);
@@ -142,6 +143,7 @@ static struct lxc_config_t config[] = {
{ lxc.network., config_network_nic },
{ lxc.cap.drop, config_cap_drop },
{ lxc.cap.keep, config_cap_keep },
+ { lxc.console.logfile, config_console_logfile },
{ lxc.console, config_console },
{ lxc.seccomp, config_seccomp },
{ lxc.include, config_includefile },
@@ -1564,6 +1566,12 @@ static int config_console(const char *key, const char
*value,
return config_path_item(lxc_conf-console.path, value);
}
+static int config_console_logfile(const char *key, const char *value,
+ struct lxc_conf *lxc_conf)
+{
+ return config_path_item(lxc_conf-console.log_path, value);
+}
+
static int config_includefile(const char *key, const char *value,
struct lxc_conf *lxc_conf)
{
@@ -2160,6 +2168,8 @@ int lxc_get_config_item(struct lxc_conf *c, const char
*key, char *retv,
return lxc_get_cgroup_entry(c, retv, inlen, key + 11);
else if (strcmp(key, lxc.utsname) == 0)
v = c-utsname ? c-utsname-nodename : NULL;
+ else if (strcmp(key, lxc.console.logfile) == 0)
+ v = c-console.log_path;
else if (strcmp(key, lxc.console) == 0)
v = c-console.path;
else if (strcmp(key, lxc.rootfs.mount) == 0)
@@ -2410,6 +2420,8 @@ void write_config(FILE *fout, struct lxc_conf *c)
}
if (c-console.path)
fprintf(fout, lxc.console = %s\n, c-console.path);
+ if (c-console.log_path)
+ fprintf(fout, lxc.console.logfile = %s\n,
c-console.log_path);
if (c-rootfs.path)
[lxc-devel] [lxc/lxc] a21f8a: add lxc.console.logpath
Branch: refs/heads/stable-1.0 Home: https://github.com/lxc/lxc Commit: a21f8a049ab2c5a379834522aeb2683621f0bca4 https://github.com/lxc/lxc/commit/a21f8a049ab2c5a379834522aeb2683621f0bca4 Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-08-08 (Fri, 08 Aug 2014) Changed paths: M doc/lxc.container.conf.sgml.in M src/lxc/conf.c M src/lxc/confile.c Log Message: --- add lxc.console.logpath logpath has been supported through lxc-start command line, but not through the API. Since the lxc.console is now required to be a device, support lxc.console.logfile to be a simple file to which console output will be logged. clear_config_item is not supported, as it isn't for lxc.console, bc you can do 'lxc.console.logfile =' to clear it. (This patch is for stable-1.0) Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/dpm-upstream-trusty Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 6c1a51: Initialize git-dpm
Branch: refs/heads/dpm-trusty Home: https://github.com/lxc/lxc Commit: 6c1a518cd99411a2209ce0c8e615e59931897024 https://github.com/lxc/lxc/commit/6c1a518cd99411a2209ce0c8e615e59931897024 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: A debian/.git-dpm A debian/source/format Log Message: --- Initialize git-dpm Commit: 3d85bf6a1893fc59e7655ac41f08c331e937ee43 https://github.com/lxc/lxc/commit/3d85bf6a1893fc59e7655ac41f08c331e937ee43 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: A debian/changelog A debian/compat A debian/control A debian/copyright A debian/liblxc1.install A debian/lxc-dev.install A debian/lxc-templates.install A debian/lxc-tests.lintian-overrides A debian/lxc.apport A debian/lxc.default A debian/lxc.dirs A debian/lxc.dnsmasq A debian/lxc.install A debian/lxc.lintian-overrides A debian/lxc.maintscript A debian/lxc.postinst A debian/lxc.postrm A debian/lxc.preinst A debian/python3-lxc.examples A debian/python3-lxc.install A debian/rules A debian/tests/control A debian/tests/exercise A debian/watch Log Message: --- initial packaging Commit: f51257997333641c54bcfd089de42712336488ce https://github.com/lxc/lxc/commit/f51257997333641c54bcfd089de42712336488ce Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: M src/lxc/cgmanager.c Log Message: --- cgmanager: don't call nih_dbus_setup it actually sets us up to run the nih_mainloop, but we will never run that. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com Commit: 15e1ef8b865c644b0709dfafc10902c51aa87cb8 https://github.com/lxc/lxc/commit/15e1ef8b865c644b0709dfafc10902c51aa87cb8 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: M debian/.git-dpm A debian/patches/0001-cgmanager-don-t-call-nih_dbus_setup.patch A debian/patches/series M src/lxc/cgmanager.c Log Message: --- merge patched-trusty into trusty Commit: 3e63cd69f6f3e373de496c5debbb47e3b801151b https://github.com/lxc/lxc/commit/3e63cd69f6f3e373de496c5debbb47e3b801151b Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-13 (Fri, 13 Jun 2014) Changed paths: M debian/.git-dpm Log Message: --- record new upstream branch created by importing lxc_1.0.4.orig.tar.gz Commit: 0abb5640af21dddfe0d799c85a887e1a8880a507 https://github.com/lxc/lxc/commit/0abb5640af21dddfe0d799c85a887e1a8880a507 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-13 (Fri, 13 Jun 2014) Changed paths: M Makefile.in R TODO M config/apparmor/Makefile.in M config/apparmor/abstractions/container-base M config/apparmor/container-rules M config/apparmor/container-rules.base M config/init/systemd/Makefile.am M config/init/systemd/Makefile.in M config/init/systemd/lxc-devsetup M config/init/systemd/lxc.service A config/init/systemd/lxc.service.in M config/init/sysvinit/Makefile.in M config/init/sysvinit/lxc A config/init/sysvinit/lxc.in M config/init/upstart/lxc.conf M config/yum/Makefile.am M config/yum/Makefile.in M config/yum/lxc-patch.py M configure M configure.ac M debian/.git-dpm R debian/patches/0001-cgmanager-don-t-call-nih_dbus_setup.patch R debian/patches/series M doc/ja/common_options.sgml.in M doc/ja/legacy/lxc-ls.sgml.in M doc/ja/lxc-attach.sgml.in M doc/ja/lxc-autostart.sgml.in M doc/ja/lxc-cgroup.sgml.in M doc/ja/lxc-checkconfig.sgml.in M doc/ja/lxc-clone.sgml.in M doc/ja/lxc-config.sgml.in M doc/ja/lxc-console.sgml.in M doc/ja/lxc-create.sgml.in M doc/ja/lxc-destroy.sgml.in M doc/ja/lxc-device.sgml.in M doc/ja/lxc-execute.sgml.in M doc/ja/lxc-freeze.sgml.in M doc/ja/lxc-info.sgml.in M doc/ja/lxc-ls.sgml.in M doc/ja/lxc-monitor.sgml.in M doc/ja/lxc-snapshot.sgml.in M doc/ja/lxc-start-ephemeral.sgml.in M doc/ja/lxc-start.sgml.in M doc/ja/lxc-stop.sgml.in M doc/ja/lxc-top.sgml.in M doc/ja/lxc-unfreeze.sgml.in M doc/ja/lxc-unshare.sgml.in M doc/ja/lxc-user-nic.sgml.in M doc/ja/lxc-usernet.sgml.in M doc/ja/lxc-usernsexec.sgml.in M doc/ja/lxc-wait.sgml.in M doc/ja/lxc.conf.sgml.in M doc/ja/lxc.container.conf.sgml.in M doc/ja/lxc.sgml.in M doc/ja/lxc.system.conf.sgml.in M doc/lxc-autostart.sgml.in M doc/lxc-clone.sgml.in M doc/lxc-create.sgml.in M doc/lxc-ls.sgml.in M doc/lxc.container.conf.sgml.in M lxc.spec M lxc.spec.in M src/config.h.in M src/lxc/af_unix.h M src/lxc/arguments.h M src/lxc/attach.c M
[lxc-devel] [lxc/lxc] c6b4cc: pristine-tar data for lxc_1.0.3.orig.tar.gz
Branch: refs/heads/pristine-tar Home: https://github.com/lxc/lxc Commit: c6b4ccd7677c994a330c9b3ba7c9b81794cbeafc https://github.com/lxc/lxc/commit/c6b4ccd7677c994a330c9b3ba7c9b81794cbeafc Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: A lxc_1.0.3.orig.tar.gz.delta A lxc_1.0.3.orig.tar.gz.id Log Message: --- pristine-tar data for lxc_1.0.3.orig.tar.gz Commit: bf3bf6540433256351b01d950f80a7e81d5e9a95 https://github.com/lxc/lxc/commit/bf3bf6540433256351b01d950f80a7e81d5e9a95 Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-06-05 (Thu, 05 Jun 2014) Changed paths: M lxc_1.0.3.orig.tar.gz.delta Log Message: --- pristine-tar data for lxc_1.0.3.orig.tar.gz Commit: 0aa705d9ff0c49c27300e65ef9fa379b110558aa https://github.com/lxc/lxc/commit/0aa705d9ff0c49c27300e65ef9fa379b110558aa Author: Stéphane Graber stgra...@ubuntu.com Date: 2014-07-14 (Mon, 14 Jul 2014) Changed paths: A lxc_1.0.5.orig.tar.gz.delta A lxc_1.0.5.orig.tar.gz.id Log Message: --- pristine-tar data for lxc_1.0.5.orig.tar.gz Compare: https://github.com/lxc/lxc/compare/c6b4ccd7677c^...0aa705d9ff0c___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/pristine-tar Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/dpm-trusty Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/dpm-utopic Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/dpm-upstream-utopic Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [lxc/lxc]
Branch: refs/heads/dpm-upstream-trusty Home: https://github.com/lxc/lxc ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [lxc/lxc]
On Fri, Aug 08, 2014 at 11:43:40AM -0700, GitHub wrote: Branch: refs/heads/dpm-upstream-utopic Home: https://github.com/lxc/lxc Sorry for the mess, pushed stuff to the wrong repository :( -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature ___ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] clean autodev dir on container exit
On Fri, 2014-08-08 at 16:41 +, Serge Hallyn wrote:
Quoting Stéphane Graber (stgra...@ubuntu.com):
Hello,
We received this patch on github: https://github.com/lxc/lxc/pull/289.patch
While it does appear to make sense to me that we don't want cruft piling
up in /dev, especially on systems creating hundreds/thousands of
temporary containers, Serge told me that this may have been done by
design.
Right, I wasn't sure whether Michael wanted those to persist. If not, then
great let's apply as is. If so, then how about if we have lxc check at
start time whether the dir already existed - if so it leaves it be, else it
removes it at shutdown?
It was intended to be persistent for the duration the host is up. It
does not persist over host reboots. The intent was to not be destroying
and recreating those areas in devtmpfs when ever a container reboots and
points back at the same path. It would then also preserve any udev
changes (which could be a plus or could be a minus).
I don't have a real strong preference.
Regards,
Mike
So I'm forwarding this one to the list to get some feedback from Mike
and whoever else is involved with that autodev stuff :)
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
Date: Sat, 2 Aug 2014 14:35:02 +0200
From: Jean-Tiare LE BIGOT jean-tiare.le-bi...@ovh.net
Subject: [PATCH] clean autodev dir on container exit
When lxc.autodev = 1, LXC creates automatically a
/dev/.lxc/name.hash
folder to put container's devices in so that they are visible from both
the host and the container itself.
On container exit (ne it normal or not), this folder was not cleaned
which made /dev folder grow continuously.
We fix this by adding a new `int lxc_delete_autodev(struct lxc_handler
*handler)` called from `static void lxc_fini(const char *name, struct
lxc_handler *handler)`.
Signed-off-by: Jean-Tiare LE BIGOT jean-tiare.le-bi...@ovh.net
---
src/lxc/conf.c | 78
-
src/lxc/conf.h | 1 +
src/lxc/start.c | 1 +
3 files changed, 68 insertions(+), 12 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 473d076..3ba118d 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -288,6 +288,9 @@ static struct caps_opt caps_opt[] = {
static struct caps_opt caps_opt[] = {};
#endif
+const char *dev_base_path = /dev/.lxc;
+const char *dev_user_path = /dev/.lxc/user;
+
static int run_buffer(char *buffer)
{
struct lxc_popen_FILE *f;
@@ -1259,13 +1262,11 @@ static char *mk_devtmpfs(const char *name, char
*path, const char *lxcpath)
struct stat s;
char tmp_path[MAXPATHLEN];
char fstype[MAX_FSTYPE_LEN];
- char *base_path = /dev/.lxc;
- char *user_path = /dev/.lxc/user;
uint64_t hash;
- if ( 0 != access(base_path, F_OK) || 0 != stat(base_path, s) || 0 ==
S_ISDIR(s.st_mode) ) {
+ if ( 0 != access(dev_base_path, F_OK) || 0 != stat(dev_base_path, s)
|| 0 == S_ISDIR(s.st_mode) ) {
/* This is just making /dev/.lxc it better work or we're done */
- ret = mkdir(base_path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH |
S_IXOTH);
+ ret = mkdir(dev_base_path, S_IRWXU | S_IRGRP | S_IXGRP |
S_IROTH | S_IXOTH);
if ( ret ) {
SYSERROR( Unable to create /dev/.lxc for autodev );
return NULL;
@@ -1299,19 +1300,19 @@ static char *mk_devtmpfs(const char *name, char
*path, const char *lxcpath)
}
}
- if ( 0 != access(user_path, F_OK) || 0 != stat(user_path, s) || 0 ==
S_ISDIR(s.st_mode) ) {
+ if ( 0 != access(dev_user_path, F_OK) || 0 != stat(dev_user_path, s)
|| 0 == S_ISDIR(s.st_mode) ) {
/*
* This is making /dev/.lxc/user path for non-priv users.
* If this doesn't work, we'll have to fall back in the
* case of non-priv users. It's mode 1777 like /tmp.
*/
- ret = mkdir(user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
+ ret = mkdir(dev_user_path, S_IRWXU | S_IRWXG | S_IRWXO |
S_ISVTX);
if ( ret ) {
/* Issue an error but don't fail yet! */
ERROR(Unable to create /dev/.lxc/user);
}
/* Umask tends to screw us up here */
- chmod(user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
+ chmod(dev_user_path, S_IRWXU | S_IRWXG | S_IRWXO | S_ISVTX);
}
/*
@@ -1326,18 +1327,18 @@ static char *mk_devtmpfs(const char *name, char
*path, const char *lxcpath)
hash = fnv_64a_buf(tmp_path, ret, FNV1A_64_INIT);
- ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016 PRIx64, base_path,
name, hash);
+ ret = snprintf(tmp_path, MAXPATHLEN, %s/%s.%016 PRIx64,
dev_base_path, name, hash);
if (ret 0 || ret =
[lxc-devel] [PATCH 2/2] monitor: fix sockname calculation for long lxcpaths
A long enough lxcpath (and small PATH_MAX through crappy defines) can cause
the creation of the string to be hashed to fail. So just use alloca to
get the size string we need.
More importantly, while I can't explain it, if lxcpath is too long, setting
sockname[sizeof(addr-sun_path)-2] to \0 simply doesn't seem to work. So set
sockname[sizeof(addr-sun_path)-3] to \0, which does work.
With this, and with
lxc.lxcpath =
/opt/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789/lxc0123456789
in /etc/lxc/lxc.conf, I can run lxc-wait just fine. Without it, it fails
(as does lxc-start -d, which uses lxc_wait to verify the container started)
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
src/lxc/monitor.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 7c6dbb4..59b02b3 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -142,7 +142,7 @@ int lxc_monitor_sock_name(const char *lxcpath, struct
sockaddr_un *addr) {
size_t len;
int ret;
char *sockname = addr-sun_path[1];
- char path[PATH_MAX+18];
+ char *path;
uint64_t hash;
/* addr.sun_path is only 108 bytes, so we hash the full name and
@@ -150,18 +150,20 @@ int lxc_monitor_sock_name(const char *lxcpath, struct
sockaddr_un *addr) {
*/
memset(addr, 0, sizeof(*addr));
addr-sun_family = AF_UNIX;
- len = sizeof(addr-sun_path) - 1;
- ret = snprintf(path, sizeof(path), lxc/%s/monitor-sock, lxcpath);
- if (ret 0 || ret = sizeof(path)) {
- ERROR(lxcpath %s too long for monitor unix socket, lxcpath);
+ len = strlen(lxcpath) + 18;
+ path = alloca(len);
+ ret = snprintf(path, len, lxc/%s/monitor-sock, lxcpath);
+ if (ret 0 || ret = len) {
+ ERROR(memory error creating monitor path);
return -1;
}
+ len = sizeof(addr-sun_path) - 1;
hash = fnv_64a_buf(path, ret, FNV1A_64_INIT);
ret = snprintf(sockname, len, lxc/%016 PRIx64 /%s, hash, lxcpath);
if (ret 0)
return -1;
- sockname[sizeof(addr-sun_path)-2] = '\0';
+ sockname[sizeof(addr-sun_path)-3] = '\0';
INFO(using monitor sock name %s, sockname);
return 0;
}
--
2.1.0.rc1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/2] command socket: use hash if needed
Hey Serge,
On Fri, Aug 8, 2014 at 8:28 PM, Serge Hallyn serge.hal...@ubuntu.com wrote:
The container command socket is an abstract unix socket containing
the lxcpath and container name. Those can be too long. In that case,
use the hash of the lxcpath and lxcname. Continue to use the path and
name if possible to avoid any back compat issues.
Last time I tried this [1] I ended up breaking list_active_containers
as it parses /proc/unix/net, do we still have that problem?
[1]
https://lists.linuxcontainers.org/pipermail/lxc-devel/2014-February/008145.html
Cheers,
Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com
---
src/lxc/commands.c | 32 +++-
1 file changed, 27 insertions(+), 5 deletions(-)
diff --git a/src/lxc/commands.c b/src/lxc/commands.c
index 458d41e..f46efc5 100644
--- a/src/lxc/commands.c
+++ b/src/lxc/commands.c
@@ -28,6 +28,7 @@
#include fcntl.h
#include poll.h
#include sys/socket.h
+#include inttypes.h
#include sys/un.h
#include sys/param.h
#include malloc.h
@@ -74,24 +75,45 @@
lxc_log_define(lxc_commands, lxc);
static int fill_sock_name(char *path, int len, const char *name,
- const char *inpath)
+ const char *lxcpath)
{
- const char *lxcpath = NULL;
+ char *tmppath;
+ size_t tmplen;
+ uint64_t hash;
int ret;
- if (!inpath) {
+ if (!lxcpath) {
lxcpath = lxc_global_config_value(lxc.lxcpath);
if (!lxcpath) {
ERROR(Out of memory getting lxcpath);
return -1;
}
}
- ret = snprintf(path, len, %s/%s/command, lxcpath ? lxcpath :
inpath, name);
+
+ ret = snprintf(path, len, %s/%s/command, lxcpath, name);
+ if (ret 0) {
+ ERROR(Error writing to command sock path);
+ return -1;
+ }
+ if (ret len)
+ return 0;
+
+ /* ret = len; lxcpath or name is too long. hash both */
+ tmplen = strlen(name) + strlen(lxcpath) + 2;
+ tmppath = alloca(tmplen);
+ ret = snprintf(tmppath, tmplen, %s/%s, lxcpath, name);
+ if (ret 0 || ret = tmplen) {
+ ERROR(memory error);
+ return -1;
+ }
+ hash = fnv_64a_buf(tmppath, ret, FNV1A_64_INIT);
+ ret = snprintf(path, len, lxc/%016 PRIx64 /cmd_sock, hash);
if (ret 0 || ret = len) {
- ERROR(Name too long);
+ ERROR(Command socket name too long);
return -1;
}
+
return 0;
}
--
2.1.0.rc1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
--
S.Çağlar Onur cag...@10ur.org
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
[lxc-devel] [PATCH] introduce --with-distro=raspbian
Raspberry Pi kernel finally supports all the bits required by LXC [1]
This patch makes ./configure --with-distro=raspbian to install lxcbr0 based
config file and upstart jobs.
Also src/lxc/lxc.net now checks the existence of the lxc-dnsmasq user (and
fallbacks to dnsmasq)
RPI users still need to pass MIRROR=http://archive.raspbian.org/raspbian/;
parameter to lxc-create to pick the correct packages
MIRROR=http://archive.raspbian.org/raspbian/ lxc-create -t debian -n rpi
[Could be applied to stable-1.0 if you cherry-pick
7157a508ba3015b830877a5e4d6ca9debb3fd064]
[1] https://github.com/raspberrypi/linux/issues/176
Signed-off-by: S.Çağlar Onur cag...@10ur.org
---
configure.ac| 6 +++---
src/lxc/lxc.net | 6 +-
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/configure.ac b/configure.ac
index 720fac4..462217e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -59,7 +59,7 @@ if test z$with_distro = z; then
with_distro=unknown
fi
case $with_distro in
- ubuntu)
+ ubuntu|raspbian)
distroconf=default.conf.ubuntu
;;
redhat|centos|fedora|oracle|oracleserver)
@@ -70,7 +70,7 @@ case $with_distro in
;;
esac
AC_MSG_RESULT([$with_distro])
-AM_CONDITIONAL([HAVE_DEBIAN], [test x$with_distro = xdebian -o
x$with_distro = xubuntu])
+AM_CONDITIONAL([HAVE_DEBIAN], [test x$with_distro = xdebian -o
x$with_distro = xubuntu -o x$with_distro = xraspbian])
AM_CONDITIONAL([DISTRO_UBUNTU], [test x$with_distro = xubuntu])
# Check for init system type
@@ -88,7 +88,7 @@ case $with_init_script in
redhat|centos|oracle|oracleserver)
init_script=sysvinit
;;
- debian)
+ debian|raspbian)
init_script=upstart,systemd
;;
ubuntu)
diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net
index 5ea4f1d..9ec9695 100755
--- a/src/lxc/lxc.net
+++ b/src/lxc/lxc.net
@@ -59,7 +59,11 @@ start() {
if [ -n $LXC_DOMAIN ]; then
LXC_DOMAIN_ARG=-s $LXC_DOMAIN -S /$LXC_DOMAIN/
fi
- dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces
--pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE}
--listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE}
--dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo
--interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
+ DNSMASQ_USER=lxc-dnsmasq
+ if ! getent passwd ${DNSMASQ_USER} /dev/null; then
+ DNSMASQ_USER=dnsmasq
+ fi
+ dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order
--bind-interfaces --pid-file=${varrun}/dnsmasq.pid
--conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range
${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override
--except-interface=lo --interface=${LXC_BRIDGE}
--dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases
--dhcp-authoritative || cleanup
touch ${varrun}/network_up
}
--
1.9.1
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
