[lxc-devel] [PATCH 1/1] cgroup: set memory.use_hierarchy
But don't fail the container start if that fails. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com --- src/lxc/cgroup.c | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c index 5831e4e..cf1605a 100644 --- a/src/lxc/cgroup.c +++ b/src/lxc/cgroup.c @@ -81,7 +81,7 @@ static bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, boo static int do_setup_cgroup(struct lxc_handler *h, struct lxc_list *cgroup_settings, bool do_devices); static int cgroup_recursive_task_count(const char *cgroup_path); static int count_lines(const char *fn); -static int handle_clone_children(struct cgroup_mount_point *mp, char *cgroup_path); +static int handle_cgroup_settings(struct cgroup_mount_point *mp, char *cgroup_path); struct cgroup_meta_data *lxc_cgroup_load_meta() { @@ -718,7 +718,7 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha if (lxc_string_in_array(ns, (const char **)h-subsystems)) continue; - if (handle_clone_children(mp, info_ptr-cgroup_path) 0) { + if (handle_cgroup_settings(mp, info_ptr-cgroup_path) 0) { ERROR(Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.); goto out_initial_error; } @@ -838,7 +838,7 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha /* if we didn't create the cgroup, then we have to make sure that * further cgroups will be created properly */ - if (handle_clone_children(mp, info_ptr-cgroup_path) 0) { + if (handle_cgroup_settings(mp, info_ptr-cgroup_path) 0) { ERROR(Could not set clone_children to 1 for cpuset hierarchy in pre-existing cgroup.); goto cleanup_from_error; } @@ -1939,9 +1939,23 @@ int count_lines(const char *fn) return n; } -int handle_clone_children(struct cgroup_mount_point *mp, char *cgroup_path) +int handle_cgroup_settings(struct cgroup_mount_point *mp, char *cgroup_path) { int r, saved_errno = 0; + + /* If this is the memory cgroup, we want to enforce hierarchy. +* But don't fail if for some reason we can't. +*/ + if (lxc_string_in_array(memory, (const char **)mp-hierarchy-subsystems)) { + char *cc_path = cgroup_to_absolute_path(mp, cgroup_path, /memory.use_hierarchy); + if (cc_path) { + r = lxc_write_to_file(cc_path, 1, 1, false); + if (r 0) + SYSERROR(failed to set memory.use_hiararchy to 1; continuing); + free(cc_path); + } + } + /* if this is a cpuset hierarchy, we have to set cgroup.clone_children in * the base cgroup, otherwise containers will start with an empty cpuset.mems * and cpuset.cpus and then -- 1.8.3.2 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] cgroup: set memory.use_hierarchy
On Fri, Oct 25, 2013 at 12:16:17AM -0500, Serge Hallyn wrote: But don't fail the container start if that fails. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com --- src/lxc/cgroup.c | 22 ++ 1 file changed, 18 insertions(+), 4 deletions(-) diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c index 5831e4e..cf1605a 100644 --- a/src/lxc/cgroup.c +++ b/src/lxc/cgroup.c @@ -81,7 +81,7 @@ static bool cgroup_devices_has_allow_or_deny(struct lxc_handler *h, char *v, boo static int do_setup_cgroup(struct lxc_handler *h, struct lxc_list *cgroup_settings, bool do_devices); static int cgroup_recursive_task_count(const char *cgroup_path); static int count_lines(const char *fn); -static int handle_clone_children(struct cgroup_mount_point *mp, char *cgroup_path); +static int handle_cgroup_settings(struct cgroup_mount_point *mp, char *cgroup_path); struct cgroup_meta_data *lxc_cgroup_load_meta() { @@ -718,7 +718,7 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha if (lxc_string_in_array(ns, (const char **)h-subsystems)) continue; - if (handle_clone_children(mp, info_ptr-cgroup_path) 0) { + if (handle_cgroup_settings(mp, info_ptr-cgroup_path) 0) { ERROR(Could not set clone_children to 1 for cpuset hierarchy in parent cgroup.); goto out_initial_error; } @@ -838,7 +838,7 @@ extern struct cgroup_process_info *lxc_cgroup_create(const char *name, const cha /* if we didn't create the cgroup, then we have to make sure that * further cgroups will be created properly */ - if (handle_clone_children(mp, info_ptr-cgroup_path) 0) { + if (handle_cgroup_settings(mp, info_ptr-cgroup_path) 0) { ERROR(Could not set clone_children to 1 for cpuset hierarchy in pre-existing cgroup.); goto cleanup_from_error; } @@ -1939,9 +1939,23 @@ int count_lines(const char *fn) return n; } -int handle_clone_children(struct cgroup_mount_point *mp, char *cgroup_path) +int handle_cgroup_settings(struct cgroup_mount_point *mp, char *cgroup_path) { int r, saved_errno = 0; + + /* If this is the memory cgroup, we want to enforce hierarchy. + * But don't fail if for some reason we can't. + */ + if (lxc_string_in_array(memory, (const char **)mp-hierarchy-subsystems)) { + char *cc_path = cgroup_to_absolute_path(mp, cgroup_path, /memory.use_hierarchy); + if (cc_path) { + r = lxc_write_to_file(cc_path, 1, 1, false); + if (r 0) + SYSERROR(failed to set memory.use_hiararchy to 1; continuing); + free(cc_path); + } + } + /* if this is a cpuset hierarchy, we have to set cgroup.clone_children in * the base cgroup, otherwise containers will start with an empty cpuset.mems * and cpuset.cpus and then -- 1.8.3.2 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-create: fix that creation fails if lxc.rootfs is set
Quoting Sheng Yong (shy...@gmail.com): [code] ### lxccontainer.c: if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) goto out; [/code] If lxc.rootfs is set and no failure happens before we check whether the container is already created, the condition will be always true. In out section, lxcapi_destroy() is called to remove rootfs directory indicated by lxc.rootfs. If lxc.rootfs is set, we believe that rootfs is ready. Then the creation should be successful. NOTE: the situation where both -t options and lxc.rootfs are set should be considered. Hi, thanks for the patch. Please sign off commits in the future (you can do this using 'git commit -s'). However, nack to this particular version. How about the below alternative? Subject: [PATCH 1/1] lxcapi_create: don't delete if container already exists 1. don't save the starting config until we've ensured the container does noet yet exist. 2. If the container exists, return false (because creation did not happen) but don't delete the container. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Cc: Sheng Yong shy...@gmail.com --- src/lxc/lxccontainer.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 9aea614..6699e9c 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -1090,6 +1090,7 @@ static bool lxcapi_create(struct lxc_container *c, const char *t, pid_t pid; char *tpath = NULL; int partial_fd; + bool delete_on_err = false; if (!c) return false; @@ -1102,15 +1103,17 @@ static bool lxcapi_create(struct lxc_container *c, const char *t, } } + /* container is already created if we have a config and rootfs.path is accessible */ + if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) + goto out; + + delete_on_err = true; + if (!c-save_config(c, NULL)) { ERROR(failed to save starting configuration for %s\n, c-name); goto out; } - /* container is already created if we have a config and rootfs.path is accessible */ - if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) - goto out; - /* Mark that this container is being created */ if ((partial_fd = create_partial(c)) 0) goto out; @@ -1183,7 +1186,7 @@ out_unlock: out: if (tpath) free(tpath); - if (!bret c) + if (delete_on_err !bret c) lxcapi_destroy(c); return bret; } -- 1.8.1.2 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 1ea59a: cgroup: set memory.use_hierarchy
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 1ea59ad28ab2386ee4e22e456ac29248f13a2e74 https://github.com/lxc/lxc/commit/1ea59ad28ab2386ee4e22e456ac29248f13a2e74 Author: Serge Hallyn serge.hal...@ubuntu.com Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M src/lxc/cgroup.c Log Message: --- cgroup: set memory.use_hierarchy But don't fail the container start if that fails. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Acked-by: Stéphane Graber stgra...@ubuntu.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 2899ab: lxc-alpine: run bootmisc and syslog at boot runlev...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 2899ab0b1a607e7824214590ebe93f76fa7f7c20 https://github.com/lxc/lxc/commit/2899ab0b1a607e7824214590ebe93f76fa7f7c20 Author: Natanael Copa nc...@alpinelinux.org Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M templates/lxc-alpine.in Log Message: --- lxc-alpine: run bootmisc and syslog at boot runlevel The bootmisc script is needed to clean up various temp dirs like /tmp and migrate /var/run to /run if needed. The syslog service is started in 'boot' runlevel when running on real hardware so we do the same for containers. Signed-off-by: Natanael Copa nc...@alpinelinux.org Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Commit: 44f820e30b6fab2094dff1269a137983208b3b6d https://github.com/lxc/lxc/commit/44f820e30b6fab2094dff1269a137983208b3b6d Author: Natanael Copa nc...@alpinelinux.org Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M templates/lxc-alpine.in Log Message: --- lxc-alpine: enable 4 consoles by default We allow 4 consoles in the LXC config file so we can enable 4 in the inittab as well. Signed-off-by: Natanael Copa nc...@alpinelinux.org Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Compare: https://github.com/lxc/lxc/compare/1ea59ad28ab2...44f820e30b6f -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/2] lxc-alpine: run bootmisc and syslog at boot runlevel
Quoting Natanael Copa (nc...@alpinelinux.org): The bootmisc script is needed to clean up various temp dirs like /tmp and migrate /var/run to /run if needed. The syslog service is started in 'boot' runlevel when running on real hardware so we do the same for containers. Signed-off-by: Natanael Copa nc...@alpinelinux.org Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com --- templates/lxc-alpine.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in index 8600a34..2756b89 100644 --- a/templates/lxc-alpine.in +++ b/templates/lxc-alpine.in @@ -140,7 +140,8 @@ EOF mknod -m 666 $rootfs/dev/ptmx c 5 2 # start services -ln -s /etc/init.d/syslog $rootfs/etc/runlevels/default/syslog +ln -s /etc/init.d/bootmisc $rootfs/etc/runlevels/boot/bootmisc +ln -s /etc/init.d/syslog $rootfs/etc/runlevels/boot/syslog return 0 } -- 1.8.4.1 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/2] lxc-alpine: enable 4 consoles by default
Quoting Natanael Copa (nc...@alpinelinux.org): We allow 4 consoles in the LXC config file so we can enable 4 in the inittab as well. Signed-off-by: Natanael Copa nc...@alpinelinux.org Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com --- templates/lxc-alpine.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/templates/lxc-alpine.in b/templates/lxc-alpine.in index 2756b89..258eed4 100644 --- a/templates/lxc-alpine.in +++ b/templates/lxc-alpine.in @@ -103,6 +103,9 @@ configure_alpine() { ::sysinit:/sbin/rc sysinit ::wait:/sbin/rc default tty1:12345:respawn:/sbin/getty 38400 tty1 +tty2:12345:respawn:/sbin/getty 38400 tty2 +tty3:12345:respawn:/sbin/getty 38400 tty3 +tty4:12345:respawn:/sbin/getty 38400 tty4 ::ctrlaltdel:/sbin/reboot ::shutdown:/sbin/rc shutdown EOF -- 1.8.4.1 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Kernel bug? Setuid apps and user namespaces
Quoting Sean Pajot (sean.pa...@execulink.com): On 10/23/2013 12:54 AM, Eric W. Biederman wrote: Sean Pajot sean.pa...@execulink.com writes: On 10/22/2013 03:50 PM, Eric W. Biederman wrote: Serge Hallyn serge.hal...@ubuntu.com writes: Quoting Sean Pajot (sean.pa...@execulink.com): I've been playing with User Namespaces somewhat extensively and I think I've come across a bug in the handling of /proc/$PID/ entries. This is my example case on a 3.10.x kernel: -- /var/lib/lxc/test1/config lxc.rootfs = /lxc/c1 lxc.id_map = u 0 100 10 lxc.id_map = g 0 100 10 lxc.network.type = none lxc.tty = 6 == END On one console login as a non-root user and run su, as an example of a setuid root application. On another console login as root and examine /proc/$(pidof su). You'll find all the files are owned by the nobody user and inaccessible. The reason is on the host you'll find these files are owned by root, uid 0, which is odd because in the container they should be uid 100 from the mappings. I tracked down the cause to kernel source file /fs/proc/base.c function pid_revalidate which contains static references to GLOBAL_ROOT_UID and GLOBAL_ROOT_GID which are always UID 0 on the host. This little patch, which might not be correct in terms of kernel standards, appears to mostly solve the issue. It doesn't affect all entries in /proc/$PID but gets the majority of them. Thoughts or opinions? Awesome - I've seen this bug and so far not had time to dig. The patch offhand looks good to me. Do you mind sending it to lkml? Given the discussion that this has started to create I'm going to hold off on that. Maybe someone else should take over since it sounds like this is going in other directions. ... Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com Well I wasn't expecting that... :) It is definitely worth looking at. I punted on this when I did the initial round of conversions. Tasks that we don't consider dumpable are weird. At first glance this fine. However __task_cred does not return NULL so handling that case is nonsense and confusing. Eric I thought so, but I wanted to have a failsafe since I'm running this code on the same machine I'm typing this message on. This is my first patch that had a chance of making it into the kernel so I'm honestly making things up as I go. I put that there so in the event a NULL cred showed up there would be known symptoms besides an Oops. On my system I still have the ns directory marked as owned by host's uid 0 but since the permissions are 511 (?) and the namespace objects are owned by container's uid 0 it doesn't really impact much. That could probably use fixing but the use cases are generally usable now. That aside, you really think it's okay for inclusion in the kernel with cred!=NULL fixed? Someone needs to read and think through all of the corner cases and see if we can ever have a time when task_dumpable is false but root in the container would not or should not be able to see everything. In particular I am worried about the case of a setuid app calling setns, and entering a lesser privileged user namespace. In my foggy mind that might be a security problem. And there might be other similar crazy cases. But the code itself looks good, and the bug hunting seems solid. If my concerns about a setuid app calling setns are valid what we can likely do with dumpable is record the kuid of the userns root when the task becomes non-dumpable, and use that for i_uid and i_gid. I see calling setns as a process voluntarily putting itself at a the mercy of said namespace. Also there are potential ways to protect yourself, such as not joining the PID namespace as well, so from my naive standpoint it's not that big of a concern. I'd agree. However, I guess an appropriate question is whether there is a reasonable way for lxc to work around this. Maybe clone, fork, and clone(CLONE_NEWPID | CLONE_PARENT) or somesuch (since init has to be pid 1, but we want - iiuc - not be the first task to have done CLONE_NEWUSER)? -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] container creation: support unpriv container creation in user namespaces
On Thu, 2013-10-24 at 21:55 -0500, Serge Hallyn wrote: Quoting Michael H. Warfield (m...@wittsend.com): On Wed, 2013-10-23 at 01:02 +, Serge Hallyn wrote: From: Serge Hallyn serge.hal...@ubuntu.com 1. lxcapi_create: don't try to unshare and mount for dir backed containers It's unnecessary, and breaks unprivileged lxc-create (since unpriv users cannot yet unshare(CLONE_NEWNS)). I saw this and thought I wonder if this fixes the dangling mount problem I described in an earlier message. Nothing to do with being an unpriv user, since it was being run as root, but right smack where that problem seem to be. Just retested with latest from git... Problem gone. This fix seems to have eliminated the dangling mounts on /usr/lib64/lxc/rootfs from lxc-create. It shouldn't, but I thought it might. Can you instrument to confirm whether chroot_into_slave() is called on your host? It does not appear to be getting called in either the code with the hanging mounts (prior to this commit) or in the latest pull from git. I put messages in that, and in setup_rootfs where it's called from and in lxc_setup where setup_rootfs is called from. That all seems to be contained in src/lxc/conf.c. None of those messages show up when I run lxc-create. May be a different story if I'm running lxc-start but this is in creating a template where the hanging mounts were showing up. Looking at the git commit logs for when and what I pulled, the last code with the problem has this as the top commit... commit bc605ac6dd45b3fb52207c79b49e89ab8dfbd9e0 Author: S.Çağlar Onur cag...@10ur.org Date: Sat Oct 19 00:45:03 2013 -0400 The next pull I did pulled in this commit as the forth one down in the logs... commit cf3ef16dc479c102433a82b8ddbb4265d3818cce Author: Serge Hallyn serge.hal...@ubuntu.com Date: Wed Oct 23 01:02:57 2013 + I don't see anything in the commit logs between them that would account for this problem disappearing. I reverted back the changes back to this commit and the problem returned, so it's right there. That commit seems to have fixed the hanging mount problem for some reason and it doesn't seem to be involving chroot_into_slave. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] Use actual length of socket's name for abstract sockets (v3)
The addrlen parameter should be the actual length of socket's name for abstract sockets. Otherwise socket gets padded with NULLs. cat /proc/net/unix | grep lxc [...] : 0003 0001 03 226548 @lxc/ad055575fe28ddd5//var/lib/lxc^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ [...] with this patch; cat /proc/net/unix | grep lxc [...] : 0002 0001 0001 01 109563 @lxc/ad055575fe28ddd5//var/lib/lxc [...] Changes since v1: * check the length of passed-in string Changes since v2: * remove non-abstract socket code path to simplify functions * rename lxc_af_unix_* family to lxc_abstract_unix_* Signed-off-by: S.Çağlar Onur cag...@10ur.org --- src/lxc/af_unix.c | 57 +- src/lxc/af_unix.h | 14 ++--- src/lxc/commands.c | 12 +-- src/lxc/lxc_monitord.c | 2 +- src/lxc/monitor.c | 11 +- 5 files changed, 57 insertions(+), 39 deletions(-) diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 333f05e..ab73963 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -20,6 +20,7 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include stddef.h #include string.h #include unistd.h #include fcntl.h @@ -34,7 +35,7 @@ lxc_log_define(lxc_af_unix, lxc); -int lxc_af_unix_open(const char *path, int type, int flags) +int lxc_abstract_unix_open(const char *path, int type, int flags) { int fd; size_t len; @@ -49,27 +50,26 @@ int lxc_af_unix_open(const char *path, int type, int flags) if (fd 0) return -1; + /* Clear address structure */ memset(addr, 0, sizeof(addr)); if (!path) return fd; addr.sun_family = AF_UNIX; - /* copy entire buffer in case of abstract socket */ - len = sizeof(addr.sun_path); - if (path[0]) { - len = strlen(path); - if (len = sizeof(addr.sun_path)) { - process_lock(); - close(fd); - process_unlock(); - errno = ENAMETOOLONG; - return -1; - } + + len = strlen(path[1]) + 1; + if (len = sizeof(addr.sun_path) - 1) { + process_lock(); + close(fd); + process_unlock(); + errno = ENAMETOOLONG; + return -1; } - memcpy(addr.sun_path, path, len); + /* addr.sun_path[0] has already been set to 0 by memset() */ + strncpy(addr.sun_path[1], path[1], strlen(path[1])); - if (bind(fd, (struct sockaddr *)addr, sizeof(addr))) { + if (bind(fd, (struct sockaddr *)addr, offsetof(struct sockaddr_un, sun_path) + len)) { int tmp = errno; process_lock(); close(fd); @@ -90,7 +90,7 @@ int lxc_af_unix_open(const char *path, int type, int flags) return fd; } -int lxc_af_unix_close(int fd) +int lxc_abstract_unix_close(int fd) { struct sockaddr_un addr; socklen_t addrlen = sizeof(addr); @@ -106,9 +106,10 @@ int lxc_af_unix_close(int fd) return 0; } -int lxc_af_unix_connect(const char *path) +int lxc_abstract_unix_connect(const char *path) { int fd; + size_t len; struct sockaddr_un addr; process_lock(); @@ -120,11 +121,19 @@ int lxc_af_unix_connect(const char *path) memset(addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - /* copy entire buffer in case of abstract socket */ - memcpy(addr.sun_path, path, - path[0]?strlen(path):sizeof(addr.sun_path)); - if (connect(fd, (struct sockaddr *)addr, sizeof(addr))) { + len = strlen(path[1]) + 1; + if (len = sizeof(addr.sun_path) - 1) { + process_lock(); + close(fd); + process_unlock(); + errno = ENAMETOOLONG; + return -1; + } + /* addr.sun_path[0] has already been set to 0 by memset() */ + strncpy(addr.sun_path[1], path[1], strlen(path[1])); + + if (connect(fd, (struct sockaddr *)addr, offsetof(struct sockaddr_un, sun_path) + len)) { int tmp = errno; process_lock(); close(fd); @@ -136,7 +145,7 @@ int lxc_af_unix_connect(const char *path) return fd; } -int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) +int lxc_abstract_unix_send_fd(int fd, int sendfd, void *data, size_t size) { struct msghdr msg = { 0 }; struct iovec iov; @@ -166,7 +175,7 @@ int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) return sendmsg(fd, msg, 0); } -int
[lxc-devel] [PATCH] rpm spec: fix warning: bogus date in %changelog
Mar 24 2009 was actually a Tuesday, maybe Daniel was still recovering from Monday ;) Stranger still that RPM actually checks this!? Signed-off-by: Dwight Engen dwight.en...@oracle.com --- lxc.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc.spec.in b/lxc.spec.in index f4bcd8c..0f7f22f 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -162,7 +162,7 @@ rm -rf %{buildroot} - set attribute for installed files - fix libraries installation -* Mon Mar 24 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.1 +* Tue Mar 24 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.1 - Removed capability setting, let the user to do that through lxc-setcap * Mon Feb 16 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.0 -- 1.8.3.1 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] rpm spec: fix version numbering when building alpha, beta, rc
We want to ensure smooth upgrades when doing rpm -U throughout the release cycle so this change implements the scheme documented at: http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease Signed-off-by: Dwight Engen dwight.en...@oracle.com --- configure.ac | 13 - lxc.spec.in | 18 ++ 2 files changed, 26 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index 2066952..9fedf55 100644 --- a/configure.ac +++ b/configure.ac @@ -1,7 +1,18 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([lxc], [1.0.0.alpha2]) +m4_define([lxc_version_major], 1) +m4_define([lxc_version_minor], 0) +m4_define([lxc_version_micro], 0) +m4_define([lxc_version_beta], [alpha2]) + +m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) +m4_define([lxc_version], + [ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta])]) + +AC_INIT([lxc], [lxc_version]) +AC_SUBST(LXC_VERSION_BASE, lxc_version_base) +AC_SUBST(LXC_VERSION_BETA, lxc_version_beta) AC_CONFIG_SRCDIR([configure.ac]) AC_CONFIG_AUX_DIR([config]) diff --git a/lxc.spec.in b/lxc.spec.in index 0f7f22f..a6c96a2 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -23,11 +23,21 @@ %global with_python %{?_with_python: 1} %{?!_with_python: 0} %global with_lua %{?_with_lua: 1} %{?!_with_lua: 0} +# RPM needs alpha/beta/rc in Release: not Version: to ensure smooth +# package upgrades from alpha-beta-rc-release. For more info see: +# http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease +%if x@LXC_VERSION_BETA@ != x +%global beta_rel @LXC_VERSION_BETA@ +%global beta_dot .%{beta_rel} +%else +%global norm_rel 1 +%endif + Name: @PACKAGE@ -Version: @VERSION@ -Release: 1%{?dist} +Version: @LXC_VERSION_BASE@ +Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org -Source: http://linuxcontainers.org/downloads/%{name}-%{version}.tar.gz +Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz Summary: Linux Containers userspace tools Group: Applications/System License: LGPLv2+ @@ -75,7 +85,7 @@ The %{name}-lua package contains %{name} bindings for lua. %endif %prep -%setup -q +%setup -q -n %{name}-%{version}%{?beta_dot} %build PATH=$PATH:/usr/sbin:/sbin %configure $args \ %if %{with_lua} -- 1.8.3.1 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Use actual length of socket's name for abstract sockets (v3)
Quoting S.Çağlar Onur (cag...@10ur.org): The addrlen parameter should be the actual length of socket's name for abstract sockets. Otherwise socket gets padded with NULLs. cat /proc/net/unix | grep lxc [...] : 0003 0001 03 226548 @lxc/ad055575fe28ddd5//var/lib/lxc^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ [...] with this patch; cat /proc/net/unix | grep lxc [...] : 0002 0001 0001 01 109563 @lxc/ad055575fe28ddd5//var/lib/lxc [...] Changes since v1: * check the length of passed-in string Changes since v2: * remove non-abstract socket code path to simplify functions * rename lxc_af_unix_* family to lxc_abstract_unix_* Signed-off-by: S.Çağlar Onur cag...@10ur.org Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com Note that the added length check in lxc_monitor_open() is not necessary as it is already enforced at lxc_monitor_sock_name(). --- src/lxc/af_unix.c | 57 +- src/lxc/af_unix.h | 14 ++--- src/lxc/commands.c | 12 +-- src/lxc/lxc_monitord.c | 2 +- src/lxc/monitor.c | 11 +- 5 files changed, 57 insertions(+), 39 deletions(-) diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c index 333f05e..ab73963 100644 --- a/src/lxc/af_unix.c +++ b/src/lxc/af_unix.c @@ -20,6 +20,7 @@ * License along with this library; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA */ +#include stddef.h #include string.h #include unistd.h #include fcntl.h @@ -34,7 +35,7 @@ lxc_log_define(lxc_af_unix, lxc); -int lxc_af_unix_open(const char *path, int type, int flags) +int lxc_abstract_unix_open(const char *path, int type, int flags) { int fd; size_t len; @@ -49,27 +50,26 @@ int lxc_af_unix_open(const char *path, int type, int flags) if (fd 0) return -1; + /* Clear address structure */ memset(addr, 0, sizeof(addr)); if (!path) return fd; addr.sun_family = AF_UNIX; - /* copy entire buffer in case of abstract socket */ - len = sizeof(addr.sun_path); - if (path[0]) { - len = strlen(path); - if (len = sizeof(addr.sun_path)) { - process_lock(); - close(fd); - process_unlock(); - errno = ENAMETOOLONG; - return -1; - } + + len = strlen(path[1]) + 1; + if (len = sizeof(addr.sun_path) - 1) { + process_lock(); + close(fd); + process_unlock(); + errno = ENAMETOOLONG; + return -1; } - memcpy(addr.sun_path, path, len); + /* addr.sun_path[0] has already been set to 0 by memset() */ + strncpy(addr.sun_path[1], path[1], strlen(path[1])); - if (bind(fd, (struct sockaddr *)addr, sizeof(addr))) { + if (bind(fd, (struct sockaddr *)addr, offsetof(struct sockaddr_un, sun_path) + len)) { int tmp = errno; process_lock(); close(fd); @@ -90,7 +90,7 @@ int lxc_af_unix_open(const char *path, int type, int flags) return fd; } -int lxc_af_unix_close(int fd) +int lxc_abstract_unix_close(int fd) { struct sockaddr_un addr; socklen_t addrlen = sizeof(addr); @@ -106,9 +106,10 @@ int lxc_af_unix_close(int fd) return 0; } -int lxc_af_unix_connect(const char *path) +int lxc_abstract_unix_connect(const char *path) { int fd; + size_t len; struct sockaddr_un addr; process_lock(); @@ -120,11 +121,19 @@ int lxc_af_unix_connect(const char *path) memset(addr, 0, sizeof(addr)); addr.sun_family = AF_UNIX; - /* copy entire buffer in case of abstract socket */ - memcpy(addr.sun_path, path, -path[0]?strlen(path):sizeof(addr.sun_path)); - if (connect(fd, (struct sockaddr *)addr, sizeof(addr))) { + len = strlen(path[1]) + 1; + if (len = sizeof(addr.sun_path) - 1) { + process_lock(); + close(fd); + process_unlock(); + errno = ENAMETOOLONG; + return -1; + } + /* addr.sun_path[0] has already been set to 0 by memset() */ + strncpy(addr.sun_path[1], path[1], strlen(path[1])); + + if (connect(fd, (struct sockaddr *)addr, offsetof(struct sockaddr_un, sun_path) + len)) { int tmp = errno; process_lock(); close(fd); @@ -136,7 +145,7 @@ int lxc_af_unix_connect(const char *path) return fd; } -int lxc_af_unix_send_fd(int fd, int sendfd, void *data, size_t size) +int lxc_abstract_unix_send_fd(int fd,
Re: [lxc-devel] [PATCH] Eliminate duplicate entries from list_active_containers (v2)
Quoting S.Çağlar Onur (cag...@10ur.org): list_active_containers parses /proc/net/unix which can contain multiple entries for the same container; : 0002 0001 0001 01 273672 @/var/lib/lxc/6/command : 0002 0001 0001 01 274395 @/var/lib/lxc/5/command : 0002 0001 0001 01 273890 @/var/lib/lxc/4/command : 0002 0001 0001 01 273141 @/var/lib/lxc/3/command : 0002 0001 0001 01 273915 @/var/lib/lxc/2/command : 0002 0001 0001 01 273683 @/var/lib/lxc/1/command : 0002 0001 0001 01 273074 @/var/lib/lxc/0/command : 0002 0001 0001 01 273931 @/var/lib/lxc/9/command : 0002 0001 0001 01 273110 @/var/lib/lxc/8/command : 0002 0001 0001 01 273390 @/var/lib/lxc/7/command : 0003 0001 03 275903 @/var/lib/lxc/8/command : 0003 0001 03 276043 @/var/lib/lxc/1/command : 0003 0001 03 273301 @/var/lib/lxc/0/command : 0003 0001 03 275650 @/var/lib/lxc/4/command On this system list_active_containers returns 14 containers while only 10 containers are running. Following patch; * Introduces array_contains function to do a binary search on given array, * Starts to sort arrays inside the add_to_clist and add_to_names functions, * Consumes array_contains in list_active_containers to eliminate duplicates, * Replaces the linear search code in lxcapi_get_interfaces with the new function. Changes since v1: * Do not load containers if a if a container list is not passed in * Fix possible memory leaks in lxcapi_get_ips and lxcapi_get_interfaces if realloc fails Signed-off-by: S.Çağlar Onur cag...@10ur.org Thanks - this looks great. Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com --- src/lxc/lxccontainer.c | 207 ++--- 1 file changed, 126 insertions(+), 81 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 6e6c38c..5b9a14a 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -1242,12 +1242,81 @@ out: return false; } +// used by qsort and bsearch functions for comparing names +static inline int string_cmp(char **first, char **second) +{ + return strcmp(*first, *second); +} + +// used by qsort and bsearch functions for comparing container names +static inline int container_cmp(struct lxc_container **first, struct lxc_container **second) +{ + return strcmp((*first)-name, (*second)-name); +} + +static bool add_to_array(char ***names, char *cname, int pos) +{ + char **newnames = realloc(*names, (pos+1) * sizeof(char *)); + if (!newnames) { + ERROR(Out of memory); + return false; + } + + *names = newnames; + newnames[pos] = strdup(cname); + if (!newnames[pos]) + return false; + + // sort the arrray as we will use binary search on it + qsort(newnames, pos + 1, sizeof(char *), (int (*)(const void *,const void *))string_cmp); + + return true; +} + +static bool add_to_clist(struct lxc_container ***list, struct lxc_container *c, int pos) +{ + struct lxc_container **newlist = realloc(*list, (pos+1) * sizeof(struct lxc_container *)); + if (!newlist) { + ERROR(Out of memory); + return false; + } + + *list = newlist; + newlist[pos] = c; + + // sort the arrray as we will use binary search on it + qsort(newlist, pos + 1, sizeof(struct lxc_container *), (int (*)(const void *,const void *))container_cmp); + + return true; +} + +static char** get_from_array(char ***names, char *cname, int size) +{ + return (char **)bsearch(cname, *names, size, sizeof(char *), (int (*)(const void *, const void *))string_cmp); +} + + +static bool array_contains(char ***names, char *cname, int size) { + if(get_from_array(names, cname, size) != NULL) + return true; + return false; +} + +static bool remove_from_array(char ***names, char *cname, int size) +{ + char **result = get_from_array(names, cname, size); + if (result != NULL) { + free(result); + return true; + } + return false; +} + static char** lxcapi_get_interfaces(struct lxc_container *c) { - int count = 0, i; - bool found = false; + int i, count = 0; struct ifaddrs *interfaceArray = NULL, *tempIfAddr = NULL; - char **interfaces = NULL, **temp; + char **interfaces = NULL; int old_netns = -1, new_netns = -1;
Re: [lxc-devel] [PATCH] rpm spec: fix warning: bogus date in %changelog
Quoting Dwight Engen (dwight.en...@oracle.com): Mar 24 2009 was actually a Tuesday, maybe Daniel was still recovering from Monday ;) Stranger still that RPM actually checks this!? Signed-off-by: Dwight Engen dwight.en...@oracle.com rpm needs a gimme-a-break-im-drunk mode Acked-by: Serge E. Hallyn serge.hal...@ubuntu.com --- lxc.spec.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxc.spec.in b/lxc.spec.in index f4bcd8c..0f7f22f 100644 --- a/lxc.spec.in +++ b/lxc.spec.in @@ -162,7 +162,7 @@ rm -rf %{buildroot} - set attribute for installed files - fix libraries installation -* Mon Mar 24 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.1 +* Tue Mar 24 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.1 - Removed capability setting, let the user to do that through lxc-setcap * Mon Feb 16 2009 Daniel Lezcano daniel.lezc...@free.fr - 0.6.0 -- 1.8.3.1 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9c88ff: Eliminate duplicate entries from list_active_conta...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9c88ff1f95eea1e1b2c06c22fcc09c5cb94bd270 https://github.com/lxc/lxc/commit/9c88ff1f95eea1e1b2c06c22fcc09c5cb94bd270 Author: S.Çağlar Onur cag...@10ur.org Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M src/lxc/lxccontainer.c Log Message: --- Eliminate duplicate entries from list_active_containers (v2) list_active_containers parses /proc/net/unix which can contain multiple entries for the same container; : 0002 0001 0001 01 273672 @/var/lib/lxc/6/command : 0002 0001 0001 01 274395 @/var/lib/lxc/5/command : 0002 0001 0001 01 273890 @/var/lib/lxc/4/command : 0002 0001 0001 01 273141 @/var/lib/lxc/3/command : 0002 0001 0001 01 273915 @/var/lib/lxc/2/command : 0002 0001 0001 01 273683 @/var/lib/lxc/1/command : 0002 0001 0001 01 273074 @/var/lib/lxc/0/command : 0002 0001 0001 01 273931 @/var/lib/lxc/9/command : 0002 0001 0001 01 273110 @/var/lib/lxc/8/command : 0002 0001 0001 01 273390 @/var/lib/lxc/7/command : 0003 0001 03 275903 @/var/lib/lxc/8/command : 0003 0001 03 276043 @/var/lib/lxc/1/command : 0003 0001 03 273301 @/var/lib/lxc/0/command : 0003 0001 03 275650 @/var/lib/lxc/4/command On this system list_active_containers returns 14 containers while only 10 containers are running. Following patch; * Introduces array_contains function to do a binary search on given array, * Starts to sort arrays inside the add_to_clist and add_to_names functions, * Consumes array_contains in list_active_containers to eliminate duplicates, * Replaces the linear search code in lxcapi_get_interfaces with the new function. Changes since v1: * Do not load containers if a if a container list is not passed in * Fix possible memory leaks in lxcapi_get_ips and lxcapi_get_interfaces if realloc fails Signed-off-by: S.Çağlar Onur cag...@10ur.org Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Commit: aae93dd3dd20dd12c6b8f9f0490e2fb877ee3f09 https://github.com/lxc/lxc/commit/aae93dd3dd20dd12c6b8f9f0490e2fb877ee3f09 Author: S.Çağlar Onur cag...@10ur.org Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M src/lxc/af_unix.c M src/lxc/af_unix.h M src/lxc/commands.c M src/lxc/lxc_monitord.c M src/lxc/monitor.c Log Message: --- Use actual length of socket's name for abstract sockets (v3) The addrlen parameter should be the actual length of socket's name for abstract sockets. Otherwise socket gets padded with NULLs. cat /proc/net/unix | grep lxc [...] : 0003 0001 03 226548 @lxc/ad055575fe28ddd5//var/lib/lxc^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@ [...] with this patch; cat /proc/net/unix | grep lxc [...] : 0002 0001 0001 01 109563 @lxc/ad055575fe28ddd5//var/lib/lxc [...] Changes since v1: * check the length of passed-in string Changes since v2: * remove non-abstract socket code path to simplify functions * rename lxc_af_unix_* family to lxc_abstract_unix_* Signed-off-by: S.Çağlar Onur cag...@10ur.org Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Compare: https://github.com/lxc/lxc/compare/44f820e30b6f...aae93dd3dd20 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 7920b1: rpm spec: fix warning: bogus date in %changelog
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 7920b1b43519e21c516731dc1322fe308d69f102 https://github.com/lxc/lxc/commit/7920b1b43519e21c516731dc1322fe308d69f102 Author: Dwight Engen dwight.en...@oracle.com Date: 2013-10-25 (Fri, 25 Oct 2013) Changed paths: M lxc.spec.in Log Message: --- rpm spec: fix warning: bogus date in %changelog Mar 24 2009 was actually a Tuesday, maybe Daniel was still recovering from Monday ;) Stranger still that RPM actually checks this!? Signed-off-by: Dwight Engen dwight.en...@oracle.com Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-create: fix that creation fails if lxc.rootfs is set
On Fri, Oct 25, 2013 at 9:55 PM, Serge Hallyn serge.hal...@ubuntu.comwrote: Quoting Sheng Yong (shy...@gmail.com): [code] ### lxccontainer.c: if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) goto out; [/code] If lxc.rootfs is set and no failure happens before we check whether the container is already created, the condition will be always true. In out section, lxcapi_destroy() is called to remove rootfs directory indicated by lxc.rootfs. If lxc.rootfs is set, we believe that rootfs is ready. Then the creation should be successful. NOTE: the situation where both -t options and lxc.rootfs are set should be considered. Hi, thanks for the patch. Please sign off commits in the future (you can do this using 'git commit -s'). However, nack to this particular version. How about the below alternative? This is much better. Thanks for giving me the suggestion :-) regards, shyodx Subject: [PATCH 1/1] lxcapi_create: don't delete if container already exists 1. don't save the starting config until we've ensured the container does noet yet exist. 2. If the container exists, return false (because creation did not happen) but don't delete the container. Signed-off-by: Serge Hallyn serge.hal...@ubuntu.com Cc: Sheng Yong shy...@gmail.com --- src/lxc/lxccontainer.c | 13 - 1 file changed, 8 insertions(+), 5 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index 9aea614..6699e9c 100644 --- a/src/lxc/lxccontainer.c +++ b/src/lxc/lxccontainer.c @@ -1090,6 +1090,7 @@ static bool lxcapi_create(struct lxc_container *c, const char *t, pid_t pid; char *tpath = NULL; int partial_fd; + bool delete_on_err = false; if (!c) return false; @@ -1102,15 +1103,17 @@ static bool lxcapi_create(struct lxc_container *c, const char *t, } } + /* container is already created if we have a config and rootfs.path is accessible */ + if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) + goto out; + + delete_on_err = true; + if (!c-save_config(c, NULL)) { ERROR(failed to save starting configuration for %s\n, c-name); goto out; } - /* container is already created if we have a config and rootfs.path is accessible */ - if (lxcapi_is_defined(c) c-lxc_conf c-lxc_conf-rootfs.path access(c-lxc_conf-rootfs.path, F_OK) == 0) - goto out; - /* Mark that this container is being created */ if ((partial_fd = create_partial(c)) 0) goto out; @@ -1183,7 +1186,7 @@ out_unlock: out: if (tpath) free(tpath); - if (!bret c) + if (delete_on_err !bret c) lxcapi_destroy(c); return bret; } -- 1.8.1.2 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register http://pubads.g.doubleclick.net/gampad/clk?id=60135991iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel