On Tue, 2014-08-26 at 11:58 -0400, Stéphane Graber wrote: > I'm doing some testing and iterating on your patch some more to try and > get this to work and be policy compliant for Debian systems too.
> The current work is happening at: > https://github.com/stgraber/lxc > I'll send an updated patch once I'm satisfied by the result. Excellent. Let me know where there any discrepancies with the Debian policy stuff too, so I can file that for future reference. I suspect there's going to be some more evolution in this area (including refactoring the Upstart lxc.conf code ala the lxc-net.conf code). The Debian / Ubuntu build areas are some of the ones I'm not equipped to test. ITMT, I'm working on some much postponed template work. Regards, Mike > On Mon, Aug 25, 2014 at 03:00:46PM -0400, Michael H. Warfield wrote: > > Version 3 Integration of lxc-net service for rpm based platforms. > > > > Initial version is deprecated and obsoleted by this version. > > > > Version 2 was discussed in private E-Mail > > > > Patch is against current master. > > > > This includes some patches for the SUSE / OpenSUSE platforms. > > > > Regards, > > Mike > > > > -- > > [v3] Integrated lxc-net service for rpm based platforms. > > > > This fixes build and run problems on rpm based platforms (CentOS, > > Fedora, Oracle, SUSE) running with the systemd init following the > > refactoring of the Ubuntu lxc networking logic into a systemd service. > > > > Added lxc-net.in based on src/lxc/lxc.net and lxc.in for sysvinit > > and systemd init systems in parallel with lxc.in. > > > > Added autoconfigure variable for distro specific sysconfigdir and > > implemented in both lxc.in and lxc-net.in. > > > > Fixed configure.ac for "OpenSUSE project" return from lsb_release. > > > > Renamed config/etc/default.conf.ubuntu to config/etc/default.conf.lxcbr > > and set that as the default for Ubuntu, Fedora, CentOS, Oracle, SUSE, > > and OpenSUSE*. Only other things left are "unknown". > > > > Updated lxc-net.service.in for new path to lxc-net script in > > LIBEXECDIR instead of DATADIR. > > > > Renamed config/init/sysvinit to config/init/common reflecting the > > fact that the code in that directory is common to all three init > > paradigms. > > > > Removed src/lxc/lxc.net as it has been replaced by > > config/init/common/lxc-net.in installed in /usr/libexec/lxc. > > > > Changed name of lxc-autostart-helper.in to lxc-containers.in > > > > Added the "lxc-net" sysvinit script for sysvinit rpm packaging > > (CentOS 6, Oracle 6, etc). > > > > Added autogeneration of /etc/sysconfig/lxc-net for rpm based > > distributions into the lxc.spec file. > > > > Added creation of lxc-dnsmasq system user. > > > > Fixed fallbacks for "action" init script verb and lock file > > locations. > > > > Fixed potentially uninitialized variable in lxc_user_nic.c which > > was causing builds to fail on CentOS and Oracle with warnings > > treated as errors. > > > > Fixed lxc.spec.in for several SUSE build gotcha's. > > > > Signed-off-by: Michael H. Warfield <m...@wittsend.com> > > --- > > config/Makefile.am | 2 +- > > config/etc/Makefile.am | 2 +- > > config/etc/default.conf.ubuntu | 4 - > > config/init/Makefile.am | 2 +- > > config/init/systemd/Makefile.am | 14 +--- > > config/init/systemd/lxc-net.service.in | 4 +- > > config/init/systemd/lxc.service.in | 4 +- > > config/init/sysvinit/Makefile.am | 14 ---- > > config/init/sysvinit/lxc.in | 131 > > --------------------------------- > > config/init/upstart/lxc-net.conf | 4 +- > > configure.ac | 19 +++-- > > lxc.spec.in | 110 ++++++++++++++++++++++++++- > > src/lxc/Makefile.am | 4 +- > > src/lxc/lxc.net | 103 -------------------------- > > src/lxc/lxc_user_nic.c | 2 +- > > 15 files changed, 134 insertions(+), 285 deletions(-) > > delete mode 100644 config/etc/default.conf.ubuntu > > delete mode 100644 config/init/sysvinit/Makefile.am > > delete mode 100644 config/init/sysvinit/lxc.in > > delete mode 100755 src/lxc/lxc.net > > > > diff --git a/config/Makefile.am b/config/Makefile.am > > index 37fd24b..54f8859 100644 > > --- a/config/Makefile.am > > +++ b/config/Makefile.am > > @@ -1 +1 @@ > > -SUBDIRS = apparmor bash etc init selinux templates yum > > +SUBDIRS = apparmor bash etc init selinux templates yum sysconfig > > diff --git a/config/etc/Makefile.am b/config/etc/Makefile.am > > index 03193da..fa8bc2f 100644 > > --- a/config/etc/Makefile.am > > +++ b/config/etc/Makefile.am > > @@ -1,7 +1,7 @@ > > configdir = $(sysconfdir)/lxc > > config_DATA = default.conf > > > > -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown > > +EXTRA_DIST = default.conf.lxcbr default.conf.libvirt default.conf.unknown > > > > clean-local: > > @$(RM) -f default.conf > > diff --git a/config/etc/default.conf.ubuntu b/config/etc/default.conf.ubuntu > > deleted file mode 100644 > > index 661718b..0000000 > > --- a/config/etc/default.conf.ubuntu > > +++ /dev/null > > @@ -1,4 +0,0 @@ > > -lxc.network.type = veth > > -lxc.network.link = lxcbr0 > > -lxc.network.flags = up > > -lxc.network.hwaddr = 00:16:3e:xx:xx:xx > > diff --git a/config/init/Makefile.am b/config/init/Makefile.am > > index e2ffe28..dea8e3f 100644 > > --- a/config/init/Makefile.am > > +++ b/config/init/Makefile.am > > @@ -1 +1 @@ > > -SUBDIRS = systemd sysvinit upstart > > +SUBDIRS = common systemd upstart > > diff --git a/config/init/systemd/Makefile.am > > b/config/init/systemd/Makefile.am > > index 5959cd8..6ded467 100644 > > --- a/config/init/systemd/Makefile.am > > +++ b/config/init/systemd/Makefile.am > > @@ -6,17 +6,9 @@ EXTRA_DIST = \ > > $(NULL) > > > > if INIT_SCRIPT_SYSTEMD > > -lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status > > - $(AM_V_GEN)sed \ > > - -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \ > > - -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \ > > - -e 's|[@]BINDIR[@]|$(bindir)|g' \ > > - < $< > $@-t && \ > > - chmod a+x $@-t && \ > > - mv $@-t $@ > > -BUILT_SOURCES = lxc-autostart-helper lxc.service lxc-net.service > > +BUILT_SOURCES = lxc.service lxc-net.service > > > > -install-systemd: lxc.service lxc-net.service lxc-devsetup > > lxc-apparmor-load lxc-autostart-helper > > +install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load > > $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) > > $(INSTALL_DATA) lxc.service lxc-net.service > > $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ > > > > @@ -25,7 +17,7 @@ uninstall-systemd: > > rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service > > rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : > > > > -pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load lxc-autostart-helper > > +pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load > > > > install-data-local: install-systemd > > uninstall-local: uninstall-systemd > > diff --git a/config/init/systemd/lxc-net.service.in > > b/config/init/systemd/lxc-net.service.in > > index 37d1d69..c054702 100644 > > --- a/config/init/systemd/lxc-net.service.in > > +++ b/config/init/systemd/lxc-net.service.in > > @@ -6,5 +6,5 @@ Before=lxc.service > > [Service] > > Type=oneshot > > RemainAfterExit=yes > > -ExecStart=@DATADIR@/lxc/lxc.net start > > -ExecStop=@DATADIR@/lxc/lxc.net stop > > +ExecStart=@LIBEXECDIR@/lxc/lxc-net start > > +ExecStop=@LIBEXECDIR@/lxc/lxc-net stop > > diff --git a/config/init/systemd/lxc.service.in > > b/config/init/systemd/lxc.service.in > > index f64610f..33da987 100644 > > --- a/config/init/systemd/lxc.service.in > > +++ b/config/init/systemd/lxc.service.in > > @@ -8,8 +8,8 @@ Type=oneshot > > RemainAfterExit=yes > > ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup > > ExecStartPre=@LIBEXECDIR@/lxc/lxc-apparmor-load > > -ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start > > -ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop > > +ExecStart=@LIBEXECDIR@/lxc/lxc-containers start > > +ExecStop=@LIBEXECDIR@/lxc/lxc-containers stop > > # Environment=BOOTUP=serial > > # Environment=CONSOLETYPE=serial > > StandardOutput=syslog > > diff --git a/config/init/sysvinit/Makefile.am > > b/config/init/sysvinit/Makefile.am > > deleted file mode 100644 > > index 66c190d..0000000 > > --- a/config/init/sysvinit/Makefile.am > > +++ /dev/null > > @@ -1,14 +0,0 @@ > > -EXTRA_DIST = lxc > > - > > -if INIT_SCRIPT_SYSV > > -install-sysvinit: lxc > > - $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d > > - $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc > > - > > -uninstall-sysvinit: > > - rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc > > - rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : > > - > > -install-data-local: install-sysvinit > > -uninstall-local: uninstall-sysvinit > > -endif > > diff --git a/config/init/sysvinit/lxc.in b/config/init/sysvinit/lxc.in > > deleted file mode 100644 > > index 7cad8c8..0000000 > > --- a/config/init/sysvinit/lxc.in > > +++ /dev/null > > @@ -1,131 +0,0 @@ > > -#!/bin/sh > > -# > > -# lxc Start/Stop LXC autoboot containers > > -# > > -# chkconfig: 345 99 01 > > -# description: Starts/Stops all LXC containers configured for autostart. > > -# > > -### BEGIN INIT INFO > > -# Provides: lxc > > -# Default-Start: 3 4 5 > > -# Default-Stop: 0 1 6 > > -# Short-Description: Bring up/down LXC autostart containers > > -# Description: Bring up/down LXC autostart containers > > -### END INIT INFO > > - > > -sysconfdir="@SYSCONFDIR@" > > -bindir="@BINDIR@" > > -localstatedir="@LOCALSTATEDIR@" > > - > > -# These can be overridden in @SYSCONFDIR@/sysconfig/lxc > > - > > -# BOOTGROUPS - What groups should start on bootup? > > -# Comma separated list of groups. > > -# Leading comma, trailing comma or embedded double > > -# comma indicates when the NULL group should be run. > > -# Example (default): boot the onboot group first then the NULL group > > -BOOTGROUPS="onboot," > > - > > -# SHUTDOWNDELAY - Wait time for a container to shut down. > > -# ner shutdown can result in lengthy system > > -# shutdown times. Even 5 seconds per container can be > > -# too long. > > -SHUTDOWNDELAY=5 > > - > > -# OPTIONS can be used for anything else. > > -# If you want to boot everything then > > -# options can be "-a" or "-a -A". > > -OPTIONS= > > - > > -# STOPOPTS are stop options. The can be used for anything else to stop. > > -# If you want to kill containers fast, use -k > > -STOPOPTS="-a -A -s" > > - > > -# Source function library. > > -test ! -r "$sysconfdir"/rc.d/init.d/functions || > > - . "$sysconfdir"/rc.d/init.d/functions > > - > > -# provide action() fallback > > -if ! type action >/dev/null 2>&1; then > > - action() { > > - echo "$@" > > - } > > -fi > > - > > -# Source any configurable options > > -test ! -r "$sysconfdir"/sysconfig/lxc || > > - . "$sysconfdir"/sysconfig/lxc > > - > > -# Check for needed utility program > > -[ -x "$bindir"/lxc-autostart ] || exit 1 > > - > > -# If libvirtd is providing the bridge, it might not be > > -# immediately available, so wait a bit for it before starting > > -# up the containers or else any that use the bridge will fail > > -# to start > > -wait_for_bridge() > > -{ > > - [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; } > > - > > - which ifconfig >/dev/null 2>&1 > > - if [ $? = 0 ]; then > > - cmd="ifconfig -a" > > - else > > - which ip >/dev/null 2>&1 > > - if [ $? = 0 ]; then > > - cmd="ip link list" > > - fi > > - fi > > - [ -n cmd ] || { return 0; } > > - > > - BRNAME=`grep '^[ ]*lxc.network.link' > > "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'` > > - if [ -z "$BRNAME" ]; then > > - return 0 > > - fi > > - > > - for try in `seq 1 30`; do > > - eval $cmd |grep "^$BRNAME" >/dev/null 2>&1 > > - if [ $? = 0 ]; then > > - return > > - fi > > - sleep 1 > > - done > > -} > > - > > -# See how we were called. > > -case "$1" in > > - start) > > - [ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; } > > - > > - if [ -n "$BOOTGROUPS" ] > > - then > > - BOOTGROUPS="-g $BOOTGROUPS" > > - fi > > - > > - # Start containers > > - wait_for_bridge > > - # Start autoboot containers first then the NULL group "onboot,". > > - action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart > > $OPTIONS $BOOTGROUPS > > - touch "$localstatedir"/lock/subsys/lxc > > - ;; > > - stop) > > - if [ -n "$SHUTDOWNDELAY" ] > > - then > > - SHUTDOWNDELAY="-t $SHUTDOWNDELAY" > > - fi > > - > > - # The stop is serialized and can take excessive time. We need to avoid > > - # delaying the system shutdown / reboot as much as we can since it's not > > - # parallelized... Even 5 second timout may be too long. > > - action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS > > $SHUTDOWNDELAY > > - rm -f "$localstatedir"/lock/subsys/lxc > > - ;; > > - restart|reload|force-reload) > > - $0 stop > > - $0 start > > - ;; > > - *) > > - echo "Usage: $0 {start|stop|restart|reload|force-reload}" > > - exit 2 > > -esac > > -exit $? > > diff --git a/config/init/upstart/lxc-net.conf > > b/config/init/upstart/lxc-net.conf > > index 38f6ea3..15460eb 100644 > > --- a/config/init/upstart/lxc-net.conf > > +++ b/config/init/upstart/lxc-net.conf > > @@ -4,5 +4,5 @@ author "Serge Hallyn <serge.hal...@canonical.com>" > > start on starting lxc > > stop on stopped lxc > > > > -pre-start exec /usr/share/lxc/lxc.net start > > -post-stop exec /usr/share/lxc/lxc.net stop > > +pre-start exec /usr/libexec/lxc/lxc-net start > > +post-stop exec /usr/libexec/lxc/lxc-net stop > > diff --git a/configure.ac b/configure.ac > > index 1a55521..5d5f974 100644 > > --- a/configure.ac > > +++ b/configure.ac > > @@ -60,13 +60,16 @@ if test "z$with_distro" = "z"; then > > fi > > case $with_distro in > > ubuntu|raspbian) > > - distroconf=default.conf.ubuntu > > + distroconf=default.conf.lxcbr > > + distrosysconf="$sysconfdir/default" > > ;; > > - redhat|centos|fedora|oracle|oracleserver) > > - distroconf=default.conf.libvirt > > + redhat|centos|fedora|oracle|oracleserver|suse|opensuse*) > > + distroconf=default.conf.lxcbr > > + distrosysconf="$sysconfdir/sysconfig" > > ;; > > *) > > distroconf=default.conf.unknown > > + distrosysconf="$sysconfdir/default" > > ;; > > esac > > AC_MSG_RESULT([$with_distro]) > > @@ -84,7 +87,7 @@ AC_ARG_WITH([init-script], > > case "$with_init_script" in > > distro) > > case $with_distro in > > - fedora) > > + fedora|opensuse*) > > init_script=systemd > > ;; > > redhat|centos|oracle|oracleserver) > > @@ -520,6 +523,7 @@ AS_AC_EXPAND(LXCPATH, "$with_config_path") > > AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf") > > AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf") > > AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db") > > +AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf") > > AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path") > > AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates") > > AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config") > > @@ -602,8 +606,9 @@ AC_CONFIG_FILES([ > > config/bash/Makefile > > config/bash/lxc > > config/init/Makefile > > - config/init/sysvinit/Makefile > > - config/init/sysvinit/lxc > > + config/init/common/Makefile > > + config/init/common/lxc-containers > > + config/init/common/lxc-net > > config/init/systemd/Makefile > > config/init/systemd/lxc.service > > config/init/systemd/lxc-net.service > > @@ -636,6 +641,8 @@ AC_CONFIG_FILES([ > > config/templates/ubuntu.userns.conf > > config/templates/userns.conf > > config/yum/Makefile > > + config/sysconfig/Makefile > > + config/sysconfig/lxc > > > > doc/Makefile > > doc/api/Makefile > > diff --git a/lxc.spec.in b/lxc.spec.in > > index 57912a1..52b6326 100644 > > --- a/lxc.spec.in > > +++ b/lxc.spec.in > > @@ -28,7 +28,16 @@ > > %if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210 > > %global with_systemd 1 > > %define init_script systemd > > +# > > +# BuildRequires systemd-units on fedora and rhel > > +%if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 > > BuildRequires: systemd-units > > +# > > +# BuildRequires systemd on openSUSE and SUSE > > +%endif > > +%if 0%{?suse_version} >= 1210 > > +BuildRequires: systemd > > +%endif > > %else > > %global with_systemd 0 > > %define init_script sysvinit > > @@ -53,8 +62,25 @@ Summary: Linux Containers userspace tools > > Group: Applications/System > > License: LGPLv2+ > > BuildRoot: %{_tmppath}/%{name}-%{version}-build > > -Requires: openssl rsync > > -BuildRequires: libcap libcap-devel docbook2X graphviz > > +Requires: openssl rsync dnsmasq > > +# Note for Suse. The "docbook2X" BuildRequires does properly > > +# match docbook2x on Suse in a case insensitive manner > > +BuildRequires: libcap libcap-devel docbook2X graphviz libxslt pkgconfig > > + > > +# > > +# Additional packages for openSUSE and SUSE > > +# > > +%if 0%{?suse_version} >= 1210 > > +PreReq: permissions > > +BuildRequires: libapparmor-devel linux-glibc-devel lsb-release > > docbook-utils > > + > > +# > > +# libseccomp-devel only needed on i386/i586/i686 and X86_64 > > +# > > +%ifarch %ix86 x86_64 > > +BuildRequires: libseccomp-devel > > +%endif > > +%endif > > > > %if %{with_python} > > Requires: python3 > > @@ -105,6 +131,9 @@ PATH=$PATH:/usr/sbin:/sbin %configure $args \ > > %if %{with_python} > > --enable-python \ > > %endif > > +%if "x%{_unitdir}" != "x" > > + --with-systemdsystemunitdir=%{_unitdir} \ > > +%endif > > --disable-rpath \ > > --with-init-script=%{init_script} > > make %{?_smp_mflags} > > @@ -117,28 +146,102 @@ find %{buildroot} -type f -name '*.la' -exec rm -f > > {} ';' > > %clean > > rm -rf %{buildroot} > > > > +%pre > > +# Ensure that lxcdnsmasq uid & gid gets correctly allocated > > +if getent passwd lxc-dnsmasq >/dev/null 2>&1 ; then : ; else \ > > + /usr/sbin/useradd -M -r -s /sbin/nologin \ > > + -c "LXC Networking Service" -d %_localstatedir/%name lxc-dnsmasq 2> > > /dev/null \ > > + || exit 1 > > +fi > > + > > %post > > +# This test should trigger a network configure on a new install. > > +if [ ! -f %{_sysconfdir}/sysconfig/lxc-net ] || ! grep -q > > 'USE_LXC_BRIDGE=' %{_sysconfdir}/sysconfig/lxc-net > > +then > > + # Grab a random 10net subnet. Need to add test logic... > > + while [ true ] > > + do > > + SUBNET=10.$(($RANDOM % 256)).$(($RANDOM % 256)) > > + if ! ip -4 route ls | grep -q "^$SUBNET" > > + then > > + break > > + fi > > + done > > + > > + cat > %{_sysconfdir}/sysconfig/lxc-net <<EOF > > +# Leave USE_LXC_BRIDGE as "true" if you want to use lxcbr0 for your > > +# containers. Set to "false" if you'll use virbr0 or another existing > > +# bridge, or mavlan to your host's NIC. > > +USE_LXC_BRIDGE="true" > > + > > +# If you change the LXC_BRIDGE to something other than lxcbr0, then > > +# you will also need to update your /etc/lxc/default.conf as well as the > > +# configuration (/var/lib/lxc/<container>/config) for any containers > > +# already created using the default config to reflect the new bridge > > +# name. > > +# If you have the dnsmasq daemon installed, you'll also have to update > > +# /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. > > +LXC_BRIDGE="lxcbr0" > > +LXC_ADDR="$SUBNET.1" > > +LXC_NETMASK="255.255.255.0" > > +LXC_NETWORK="$SUBNET.0/24" > > +LXC_DHCP_RANGE="$SUBNET.2,$SUBNET.254" > > +LXC_DHCP_MAX="253" > > +# Uncomment the next line if you'd like to use a conf-file for the lxcbr0 > > +# dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have > > +# container 'mail1' always get ip address 10.0.3.100. > > +#LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf > > + > > +# Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc > > +# domain. You can then add "server=/lxc/10.0.3.1' (or your actual > > $LXC_ADDR) > > +# to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your > > +# host. > > +#LXC_DOMAIN="lxc" > > +EOF > > +fi > > + > > %post libs -p /sbin/ldconfig > > %postun libs -p /sbin/ldconfig > > > > %files > > %defattr(-,root,root) > > %{_bindir}/* > > +# openSUSE/SUSE > > +%if 0%{?suse_version} >= 1210 > > +%dir %{_sysconfdir}/apparmor.d > > +%dir %{_sysconfdir}/apparmor.d/abstractions > > +%dir %{_sysconfdir}/apparmor.d/abstractions/%{name} > > +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/container-base > > +%config %{_sysconfdir}/apparmor.d/abstractions/%{name}/start-container > > +%config %{_sysconfdir}/apparmor.d/%{name}-containers > > +%dir %{_sysconfdir}/apparmor.d/%{name} > > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default > > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-mounting > > +%config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-nesting > > +%config %{_sysconfdir}/apparmor.d/usr.bin.%{name}-start > > +%endif > > %{_mandir}/man1/lxc* > > %{_mandir}/man5/lxc* > > %{_mandir}/man7/lxc* > > +# not openSUSE/SUSE > > +%if %{undefined suse_version} > > %{_mandir}/ja/man1/lxc* > > %{_mandir}/ja/man5/lxc* > > %{_mandir}/ja/man7/lxc* > > +%endif > > %{_datadir}/doc/* > > %{_datadir}/lxc/* > > %{_sysconfdir}/bash_completion.d > > +%{_sysconfdir}/sysconfig/* > > %config(noreplace) %{_sysconfdir}/lxc/* > > +%config(noreplace) %{_sysconfdir}/sysconfig/* > > > > %if %{with_systemd} > > +%{_unitdir}/lxc-net.service > > %{_unitdir}/lxc.service > > %else > > %{_sysconfdir}/rc.d/init.d/lxc > > +%{_sysconfdir}/rc.d/init.d/lxc-net > > %endif > > > > %files libs > > @@ -154,7 +257,8 @@ rm -rf %{buildroot} > > %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic > > %if %{with_systemd} > > %attr(555,root,root) %{_libexecdir}/%{name}/lxc-devsetup > > -%attr(555,root,root) %{_libexecdir}/%{name}/lxc-autostart-helper > > +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-net > > +%attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers > > %endif > > > > %if %{with_python} > > diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am > > index c1a67d6..6543164 100644 > > --- a/src/lxc/Makefile.am > > +++ b/src/lxc/Makefile.am > > @@ -165,8 +165,7 @@ bin_SCRIPTS = lxc-checkconfig > > EXTRA_DIST = \ > > lxc-device \ > > lxc-ls \ > > - lxc-top \ > > - lxc.net > > + lxc-top > > > > if ENABLE_PYTHON > > bin_SCRIPTS += lxc-device > > @@ -253,7 +252,6 @@ endif > > install-exec-local: install-soPROGRAMS > > mkdir -p $(DESTDIR)$(datadir)/lxc > > install -c -m 644 lxc.functions $(DESTDIR)$(datadir)/lxc > > - install -c -m 755 lxc.net $(DESTDIR)$(datadir)/lxc > > mv $(DESTDIR)$(libdir)/liblxc.so > > $(DESTDIR)$(libdir)/liblxc.so.$(VERSION) > > cd $(DESTDIR)$(libdir); \ > > ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., > > ,$(VERSION))); \ > > diff --git a/src/lxc/lxc.net b/src/lxc/lxc.net > > deleted file mode 100755 > > index 9ec9695..0000000 > > --- a/src/lxc/lxc.net > > +++ /dev/null > > @@ -1,103 +0,0 @@ > > -#!/bin/sh > > -set -eu > > - > > -USE_LXC_BRIDGE="true" > > -LXC_BRIDGE="lxcbr0" > > -LXC_ADDR="10.0.3.1" > > -LXC_NETMASK="255.255.255.0" > > -LXC_NETWORK="10.0.3.0/24" > > -LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" > > -LXC_DHCP_MAX="253" > > -LXC_DHCP_CONFILE="" > > -varrun="/run/lxc" > > -LXC_DOMAIN="" > > - > > -start() { > > - [ -f /etc/default/lxc ] && . /etc/default/lxc > > - > > - [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; } > > - > > - use_iptables_lock="-w" > > - iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock="" > > - cleanup() { > > - # dnsmasq failed to start, clean up the bridge > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp > > --dport 67 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp > > --dport 67 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp > > --dport 53 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp > > --dport 53 -j ACCEPT > > - iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j > > ACCEPT > > - iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j > > ACCEPT > > - iptables $use_iptables_lock -t nat -D POSTROUTING -s > > ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true > > - iptables $use_iptables_lock -t mangle -D POSTROUTING -o > > ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > > - ifconfig ${LXC_BRIDGE} down || true > > - brctl delbr ${LXC_BRIDGE} || true > > - } > > - > > - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > > - if [ ! -f ${varrun}/network_up ]; then > > - # bridge exists, but we didn't start it > > - stop; > > - fi > > - exit 0; > > - fi > > - > > - # set up the lxc network > > - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; > > stop; exit 0; } > > - echo 1 > /proc/sys/net/ipv4/ip_forward > > - mkdir -p ${varrun} > > - ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up > > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 > > -j ACCEPT > > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 > > -j ACCEPT > > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 > > -j ACCEPT > > - iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 > > -j ACCEPT > > - iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT > > - iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT > > - iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! > > -d ${LXC_NETWORK} -j MASQUERADE > > - iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} > > -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > > - > > - LXC_DOMAIN_ARG="" > > - if [ -n "$LXC_DOMAIN" ]; then > > - LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" > > - fi > > - DNSMASQ_USER="lxc-dnsmasq" > > - if ! getent passwd ${DNSMASQ_USER} >/dev/null; then > > - DNSMASQ_USER="dnsmasq" > > - fi > > - dnsmasq $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order > > --bind-interfaces --pid-file=${varrun}/dnsmasq.pid > > --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range > > ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override > > --except-interface=lo --interface=${LXC_BRIDGE} > > --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases > > --dhcp-authoritative || cleanup > > - touch ${varrun}/network_up > > -} > > - > > -stop() { > > - [ -f /etc/default/lxc ] && . /etc/default/lxc > > - [ -f "${varrun}/network_up" ] || exit 0; > > - # if $LXC_BRIDGE has attached interfaces, don't shut it down > > - ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0; > > - > > - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then > > - use_iptables_lock="-w" > > - iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock="" > > - ifconfig ${LXC_BRIDGE} down > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp > > --dport 67 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp > > --dport 67 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp > > --dport 53 -j ACCEPT > > - iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp > > --dport 53 -j ACCEPT > > - iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j > > ACCEPT > > - iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j > > ACCEPT > > - iptables $use_iptables_lock -t nat -D POSTROUTING -s > > ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true > > - iptables $use_iptables_lock -t mangle -D POSTROUTING -o > > ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill > > - pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || > > true > > - rm -f ${varrun}/dnsmasq.pid > > - brctl delbr ${LXC_BRIDGE} > > - fi > > - rm -f ${varrun}/network_up > > -} > > - > > -if [ "$1" = start ]; then > > - start > > -elif [ "$1" = stop ]; then > > - stop > > -else > > - echo "Usage: $0 start|stop" >&2 > > - exit 1 > > -fi > > - > > diff --git a/src/lxc/lxc_user_nic.c b/src/lxc/lxc_user_nic.c > > index 145a35d..7a87503 100644 > > --- a/src/lxc/lxc_user_nic.c > > +++ b/src/lxc/lxc_user_nic.c > > @@ -475,7 +475,7 @@ again: > > static int rename_in_ns(int pid, char *oldname, char **newnamep) > > { > > char nspath[MAXPATHLEN]; > > - int fd = -1, ofd = -1, ret, ifindex; > > + int fd = -1, ofd = -1, ret, ifindex = 0; > > bool grab_newname = false; > > > > ret = snprintf(nspath, MAXPATHLEN, "/proc/%d/ns/net", getpid()); > > -- > > 1.9.3 > > > > > > -- > > Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com > > /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > > NIC whois: MHW9 | An optimist believes we live in the best of > > all > > PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it! > > > > > > _______________________________________________ > lxc-devel mailing list > lxc-devel@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-devel -- Michael H. Warfield (AI4NB) | (770) 978-7061 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF | possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
_______________________________________________ lxc-devel mailing list lxc-devel@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-devel