[lxc-devel] [lxc/lxc] c4ef8f: tree-wide: use call_cleaner(netns_freeifaddrs)

Brauner Commit: 4c9ffb3e663109b767bb16beafe71b0eb6fb52f7 https://github.com/lxc/lxc/commit/4c9ffb3e663109b767bb16beafe71b0eb6fb52f7 Author: Wolfgang Bumiller Date: 2020-12-08 (Tue, 08 Dec 2020) Changed paths: M src/include/netns_ifaddrs.h M src/lxc/confile.c M src/lxc

[lxc-devel] [lxc/lxc] a76fe4: seccomp: log invalid seccomp notify ids

/eb587451d07873b49e5e573e73e004057875ec64 Author: Wolfgang Bumiller Date: 2020-10-15 (Thu, 15 Oct 2020) Changed paths: M src/lxc/seccomp.c Log Message: --- Merge pull request #3553 from brauner/2020-10-15/seccomp seccomp: bugfixes Compare: https://github.com/lxc/lxc/compare/186ff2beaffa

[lxc-devel] [lxc/lxc] 3a7f78: get the right path in get_cgroup command

Branch: refs/heads/stable-4.0 Home: https://github.com/lxc/lxc Commit: 3a7f78f9203ab7b01211419476eb469fdacfeb9e https://github.com/lxc/lxc/commit/3a7f78f9203ab7b01211419476eb469fdacfeb9e Author: Wolfgang Bumiller Date: 2020-07-03 (Fri, 03 Jul 2020) Changed paths: M src

[lxc-devel] [lxc/lxc] d33bb0: Revert "start: remove unnecessary check for valid ...

Branch: refs/heads/stable-4.0 Home: https://github.com/lxc/lxc Commit: d33bb0fe90d463448d2e014d4180623a5583cb51 https://github.com/lxc/lxc/commit/d33bb0fe90d463448d2e014d4180623a5583cb51 Author: Wolfgang Bumiller Date: 2020-04-06 (Mon, 06 Apr 2020) Changed paths: M src

[lxc-devel] [lxc/lxc] 8dca61: conf: rework and fix leak in userns_exec_1()

after we create the directory. I might come up with something smarter later but for now this will do. Signed-off-by: Christian Brauner Commit: 3e9a732621d35354719d71435039fe7730878d81 https://github.com/lxc/lxc/commit/3e9a732621d35354719d71435039fe7730878d81 Author: Wolfgang Bumiller

[lxc-devel] [lxc/lxc] 6453ba: tree-wide: initialize all auto-cleanup variables

/9af779ca323ba6b880d0acf1a77390b09733227b Author: Wolfgang Bumiller Date: 2019-07-28 (Sun, 28 Jul 2019) Changed paths: M src/lxc/cgroups/cgfsng.c M src/lxc/confile.c Log Message: --- Merge pull request #3102 from brauner/2019-07-22/bugfixes tree-wide: initialize all auto-cleanup variables Compare

[lxc-devel] [lxc/lxc] f2668e: cgfsng: coding style for cgfsng_monitor_create()

f-by: Christian Brauner Commit: b49c4e2de47e1c9dd7526427e809cb750c4edada https://github.com/lxc/lxc/commit/b49c4e2de47e1c9dd7526427e809cb750c4edada Author: Wolfgang Bumiller Date: 2019-02-10 (Sun, 10 Feb 2019) Changed paths: M src/lxc/cgroups/cgfsng.c M src/lxc/macr

[lxc-devel] [lxc/lxc] af1dc7: memory_utils: add memory_utils.h

-unshare: remove stack allocations Signed-off-by: Christian Brauner Commit: d6a4505542bb5702c293033ee1f5b6dc842420bc https://github.com/lxc/lxc/commit/d6a4505542bb5702c293033ee1f5b6dc842420bc Author: Wolfgang Bumiller Date: 2019-02-06 (Wed, 06 Feb 2019) Changed paths: M src

[lxc-devel] [RFC PATCH] cgroup, cpuset: add cpuset.remap_cpus

Changes a cpuset, recursively remapping all its descendants to the new range. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- Currently once a cpuset cgroup has a subdirectory it's impossible to remove cpu without manually recursing through the cgroup file system. The proble

Re: [lxc-devel] [PATCH v2 lxc 1/2] AppArmor: add make-rslave to usr.bin.lxc-start

On Thu, Jun 23, 2016 at 09:52:02AM +0200, Wolfgang Bumiller wrote: > Just noticed this one of the two patches is still applied. I meant *not* applied... sorry :\ > > On Mon, Nov 30, 2015 at 08:58:52AM +0100, Wolfgang Bumiller wrote: > > The profile already contains > > mo

Re: [lxc-devel] [PATCH v2 lxc 1/2] AppArmor: add make-rslave to usr.bin.lxc-start

Just noticed this one of the two patches is still applied. On Mon, Nov 30, 2015 at 08:58:52AM +0100, Wolfgang Bumiller wrote: > The profile already contains > mount options=(rw, make-slave) -> **, > > Which allows going through all mountpoints with make-slave, > so it s

[lxc-devel] apparmor: suse bind-mounts /run{, /lock} to /var{, /lock}

Some OpenSUSE 13.1 and 13.2 seem to misbehave with the current apparmor profile (13.1 boots but I keep seeing mount-denied apparmor messages, while upgrading or using a 13.2 template seems to hang). The templates I'm using here come from: https://openvz.org/Download/template/precreated so they're

[lxc-devel] [PATCH] doc: always enable lxc-device.1

Commit ea4679694 replaced the python implementation with a C one. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/doc/Makefile.am b/doc/Makefile.am index f58c240..0db1f6c 100644 ---

Re: [lxc-devel] [RFC 1/2] lxc-start: added --start-frozen

On Mon, Jan 18, 2016 at 11:18:32PM +, Serge Hallyn wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > --- a/src/lxc/lxccontainer.h > > +++ b/src/lxc/lxccontainer.h > > @@ -245,6 +245,16 @@ struct lxc_container { > > bool (*want_close_all_fds)(st

[lxc-devel] [RFC 0/2] Feature: --start-frozen

: comment fixups For the new function I used 'set_' instead of 'want_' as prefix to make their purpose more obvious. Should I change it to 'want_' or maybe change the cleanup patch to also rename the other functions to 'set_*'? Wolfgang Bumiller (2): lxc-start: added --start-frozen cleanup

[lxc-devel] [RFC 1/2] lxc-start: added --start-frozen

Add the possibility to start a container in a frozen state. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/lxc-start.sgml.in | 12 src/lxc/arguments.h| 3 +++ src/lxc/conf.h | 1 + src/lxc/lxc_start.c| 7 +++ src/lxc/lxccontainer.

[lxc-devel] [RFC 2/2] cleanup: lxc_container::want_* comment descriptions

They change a value and return true on success rather than fetching the value as the comments previously suggested. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- src/lxc/lxccontainer.h | 9 - 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/s

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

> On January 7, 2016 at 8:20 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > On January 7, 2016 at 7:42 PM Serge Hallyn <serge.hal...@ubuntu.com> > > > wrote: > > > Quot

Re: [lxc-devel] [PATCH lxcfs 3/5] fix leak in realloc loop in must_strcat_pid

> On January 8, 2016 at 2:55 AM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > > --- > > lxcfs.c | 2 +- > > 1 file changed, 1 inser

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

> On January 8, 2016 at 9:50 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > wrote: > > > > > On January 7, 2016 at 8:20 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > > On

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

> On January 8, 2016 at 11:23 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > wrote: > > > > > On January 8, 2016 at 9:50 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > > wrote: > > > > > > > > > On January 7,

Re: [lxc-devel] [PATCH lxcfs 4/5] cgfs: fix dorealloc's batch allocation

> On January 8, 2016 at 11:23 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > wrote: > > On January 8, 2016 at 9:50 AM Wolfgang Bumiller <w.bumil...@proxmox.com> > > wrote: > > > On January 7, 2016 at 8:20 PM Serge Hallyn <serge.hal...@ubuntu.com>

[lxc-devel] [PATCH lxcfs 1/5] fix missing dereferencing in must_strcat_pid

Fixes a segfault when reading a /tasks file of a cgroup containing a large number of pids. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- lxcfs.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lxcfs.c b/lxcfs.c index fe5ac3e..767a344 100644 --- a/lxcfs.c

[lxc-devel] [PATCH lxcfs] uptime: fix pid1 and reaper_busy times

- reaper_busy was off by a factor of 10 (possibly originally for precision?) - get_pid1_time was expecting a '1' byte like in the pid_to/from_ns_wrapper functions instead of reading its value which is what is actually written Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- l

Re: [lxc-devel] mountflag propagation from slave to host

> On December 4, 2015 at 10:08 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Not sure this is the right place to ask as I've narrowed it down to > > raw mount commands, but it also affects privileged

[lxc-devel] mountflag propagation from slave to host

Not sure this is the right place to ask as I've narrowed it down to raw mount commands, but it also affects privileged unconfined containers when using bind-mounts to bind _mountpoints_ (not arbitrary subdirectories) into a container (and I found it through some hooks in my containers). For some

[lxc-devel] [PATCH lxc followup] doc: lxc.monitor.unshare requires CAP_SYS_ADMIN

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/lxc.container.conf.sgml.in | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 3b6f698..91b9633 100644 --- a/doc/lxc.container.conf.s

Re: [lxc-devel] [ACK for the set] [PATCH v2 lxc 2/2] Added lxc.monitor.unshare

> On November 30, 2015 at 5:41 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > If manual mounting with elevated permissions is required > > this can currently only be done in pre-start hooks or before &

[lxc-devel] [PATCH v2 lxc 0/2] lxc.monitor.unshare (was [RFC] lxc.start.unshare)

Changes: Patch 1 (AppArmor profile): Acked-by line Patch 2: -) renamed the optiont to lxc.monitor.unshare -) "fixed" documentation (hadn't described the default value correctly). The default is 'off', since that way it doesn't change any existing containers. Wolfgang B

[lxc-devel] [PATCH v2 lxc 1/2] AppArmor: add make-rslave to usr.bin.lxc-start

The profile already contains mount options=(rw, make-slave) -> **, Which allows going through all mountpoints with make-slave, so it seems to make sense to also allow the directly recursive variant with "make-rslave". Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com>

[lxc-devel] [PATCH v2 lxc 2/2] Added lxc.monitor.unshare

in the pre-start hook don't show up on the host. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/lxc.container.conf.sgml.in | 12 src/lxc/conf.h | 3 +++ src/lxc/confile.c | 15 +++ src/lxc/lxccontainer.c | 12 +

Re: [lxc-devel] [RFC lxc 2/2] Added lxc.start.unshare

> > > On November 20, 2015 at 5:24 PM Serge Hallyn > > > wrote: > > > ack on the code. But I want to bikeshed on the name. 'lxc.start.unshare' > > > makes it sound like the container won't be unshared by default. How > (...) > > > > lxc.monitor.unshare makes sense as

Re: [lxc-devel] [RFC lxc 2/2] Added lxc.start.unshare

> Do you think we'll ever want to have the monitor unshare > other namespaces? We could turn this into > > lxc.monitor.unshare = > > but if noone will ever want to do that, then a simpler boolean > flag is nicer. That could be tricky. The only use case I can _imagine_ would be a hidden

[lxc-devel] [RFC lxc 1/2] AppArmor: add make-rslave to usr.bin.lxc-start

The profile already contains mount options=(rw, make-slave) -> **, Which allows going through all mountpoints with make-slave, so it seems to make sense to also allow the directly recursive variant with "make-rslave". Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.

[lxc-devel] [RFC lxc 2/2] Added lxc.start.unshare

in the pre-start hook don't show up on the host. Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/lxc.container.conf.sgml.in | 12 src/lxc/conf.h | 1 + src/lxc/confile.c | 7 +++ src/lxc/lxccontainer.c | 12 4

[lxc-devel] [PATCH v2 lxc] put binary hooks into $libexecdir/lxc/hooks

Better late than never... (things came up) So there, same as before but with libexecdir (and renamed the vars in Makefile.am to 'binhooks*' as it's for binary hooks and 'libexechook*' seemed unnecessarily long. Wolfgang Bumiller (1): hooks: put binary hooks into $libexecdir/lxc/hooks

[lxc-devel] [PATCH v2 lxc] hooks: put binary hooks into $libexecdir/lxc/hooks

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- Changes: 1) Use libexecdir instead of libdir. 2) Variables renamed: 2a) LXCLIBHOOKDIR => LXCBINHOOKDIR (s/LIB/BIN/) 2b) libhooksdir => binhooksdir 2c) libhooks_PROGRAMS => binhooks_PROGRAMS config

Re: [lxc-devel] [RFC lxc] hooks: put binary hooks into $libdir/lxc/hooks

same location here somehow) (There hasn't been a 'libexec' dir on my systems for quite a while :-P) Will resend in a bit. > On Wed, Oct 28, 2015 at 03:47:17PM +0100, Wolfgang Bumiller wrote: > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > > --- > > confi

[lxc-devel] [RFC lxc] hooks: put binary hooks into $libdir/lxc/hooks

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- configure.ac | 1 + hooks/Makefile.am | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/configure.ac b/configure.ac index 874b446..29706cc 100644 --- a/configure.ac +++ b/configure.ac @@ -539,6

[lxc-devel] [RFC lxc] hooks: put binary hooks into $libdir/lxc/hooks

-file-in-usr-share usr/share/lxc/hooks/unmount-namespace Here's a patch to change the directory accordingly. Wolfgang Bumiller (1): hooks: put binary hooks into $libdir/lxc/hooks configure.ac | 1 + hooks/Makefile.am | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) -- 2.1.4

Re: [lxc-devel] [PATCH lxcfs 1/2] lxc mount hook: add missing space before ]

> On October 21, 2015 at 4:01 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Christian Brauner (christianvanbrau...@gmail.com): > > On Wed, Oct 21, 2015 at 01:48:17PM +, Serge Hallyn wrote: > > > Quoting Wolfgang Bumiller (w.bumil..

[lxc-devel] [PATCH lxcfs 2/2] lxc mount hook: whitespace fixup

--- share/lxc.mount.hook.in | 8 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/share/lxc.mount.hook.in b/share/lxc.mount.hook.in index 5ed2d60..f1174be 100755 --- a/share/lxc.mount.hook.in +++ b/share/lxc.mount.hook.in @@ -30,9 +30,9 @@ if [ -d

[lxc-devel] [PATCH lxcfs 1/2] lxc mount hook: add missing space before ]

Otherwise [ interprets the ] as part of the path and also errors about a missing ']' --- share/lxc.mount.hook.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/share/lxc.mount.hook.in b/share/lxc.mount.hook.in index 7194ab8..5ed2d60 100755 --- a/share/lxc.mount.hook.in +++

Re: [lxc-devel] [PATCH v3 7/7] added the unmount-namespace hook

> On October 7, 2015 at 9:45 AM Stéphane Graber wrote: > So, as it turns out, hooks are currently in the main lxc package which > is arch-dependent, so while that's quite possibly the wrong place for > them to be, this change won't need any packaging change right now :) So I

[lxc-devel] systemd-226 and lxcfs

With systemd version 226 systemd apparently runs in a different cgroup (init.scope) which causes problems: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1497420 https://bugzilla.proxmox.com/show_bug.cgi?id=755 Apparently it keeps trying to restart systemd-journald, which is accompanied by

[lxc-devel] [PATCH v3 0/7] stop-hook with namespace access

finding the 'mnt:' argument Wolfgang Bumiller (7): start.c:preserve_ns: added pid parameter preserve container namespace added stop-hook entries run stop hook between STOPPING and STOPPED states pass namespace handles to the stop hook document the stop hook added the unmount-namespace

[lxc-devel] [PATCH v3 1/7] start.c:preserve_ns: added pid parameter

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 0601333..1a7d5a3 100644 --- a/src

[lxc-devel] [PATCH v3 3/7] added stop-hook entries

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/conf.c| 4 +++- src/lxc/conf.h| 2 +- src/lxc/confile.c | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/

[lxc-devel] [PATCH v3 7/7] added the unmount-namespace hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- hooks/Makefile.am | 6 ++ hooks/unmount-namespace.c | 213 ++ 2 files changed, 219 insertions(+) create mode 100644 hooks/unmount-namespace.c diff --git a/hooks/Makefil

[lxc-devel] [PATCH v3 4/7] run stop hook between STOPPING and STOPPED states

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 87fc32f..a1eb961 100644 --- a/src/lxc/start.c +++ b/src

[lxc-devel] [PATCH v3 6/7] document the stop hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- doc/lxc.container.conf.sgml.in | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/doc/lxc.container.conf.s

[lxc-devel] [PATCH v3 5/7] pass namespace handles to the stop hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 21 +++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index a1eb961..d24b586 1006

[lxc-devel] [PATCH v3 2/7] preserve container namespace

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 18 ++ src/lxc/start.h | 1 + 2 files changed, 19 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 1a7d5a3..87

Re: [lxc-devel] [PATCH v2 7/7] added the unmount-namespace hook

s/fd? > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > As mentioned in the thread, I use O_PATH > > in this patch which only exists since Linux 2.6.39, but it should be > > optional and can be removed (it's just an optimization). > > Will wait for the secu

Re: [lxc-devel] [PATCH v2 5/7] pass namespace handles to the stop hook

> On October 2, 2015 at 4:36 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > I'd rather change to > > char *namespaces[LXC_NS_MAX+1]; > > That's good. So with that being the only chang

Re: [lxc-devel] [PATCH v2 5/7] pass namespace handles to the stop hook

I'd rather change to char *namespaces[LXC_NS_MAX+1]; as LXC_NS_MAX is small enough, or should I stick to allocating? > On October 2, 2015 at 4:00 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Serge Hallyn (serge.hal...@ubuntu.com): > > Quoting Wo

Re: [lxc-devel] LXC security issue - affects all supported releases

O_PATH should be optional, openat() should work without it, too. It's mostly an optimization. I have it in my stop-hook patch series, too, so whatever you choose to do here I'll also do the same when I send v3. Perhaps it's enough to #ifndef O_PATH # define O_PATH 0 #endif > On October 2, 2015

Re: [lxc-devel] [PATCH v2 7/7] added the unmount-namespace hook

ang Bumiller <w.bumil...@proxmox.com> > wrote: > > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > --- > hooks/Makefile.am | 6 ++ > hooks/unmount-namespace.c | 180 > ++ > 2 files changed, 186

Re: [lxc-devel] [PATCH v2 5/7] pass namespace handles to the stop hook

> On September 30, 2015 at 6:07 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> > > --- > > src/lxc/start.c | 21 ++

Re: [lxc-devel] [RFC 0/5] stop hook with namespace access

> On September 29, 2015 at 5:41 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > > On September 28, 2015 at 5:14 PM Serge Hallyn <serge.hal...@ubuntu.com> > > > wrote: > > >

[lxc-devel] [PATCH v2 2/7] preserve container namespace

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 18 ++ src/lxc/start.h | 1 + 2 files changed, 19 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 1a7d5a3..87

[lxc-devel] [PATCH v2 0/7] stop hook with namespace access

me if you want it to look different. Wolfgang Bumiller (7): start.c:preserve_ns: added pid parameter preserve container namespace added stop-hook entries run stop hook between STOPPING and STOPPED states pass namespace handles to the stop hook document the stop hook added the unmount

[lxc-devel] [PATCH v2 3/7] added stop-hook entries

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/conf.c| 4 +++- src/lxc/conf.h| 2 +- src/lxc/confile.c | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/

[lxc-devel] [PATCH v2 7/7] added the unmount-namespace hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- hooks/Makefile.am | 6 ++ hooks/unmount-namespace.c | 180 ++ 2 files changed, 186 insertions(+) create mode 100644 hooks/unmount-namespace.c diff --git a/hooks/Makefil

[lxc-devel] [PATCH v2 4/7] run stop hook between STOPPING and STOPPED states

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> Acked-by: Serge E. Hallyn <serge.hal...@ubuntu.com> --- src/lxc/start.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 87fc32f..a1eb961 100644 --- a/src/lxc/start.c +++ b/src

[lxc-devel] [PATCH v2 5/7] pass namespace handles to the stop hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- src/lxc/start.c | 21 +++-- 1 file changed, 19 insertions(+), 2 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index a1eb961..38e7e97 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -486,15 +

[lxc-devel] [PATCH v2 6/7] document the stop hook

Signed-off-by: Wolfgang Bumiller <w.bumil...@proxmox.com> --- doc/lxc.container.conf.sgml.in | 27 +-- 1 file changed, 25 insertions(+), 2 deletions(-) diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index 7b599e5..f1a87e9 100644 ---

Re: [lxc-devel] [RFC 0/5] stop hook with namespace access

> On September 28, 2015 at 5:14 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > Just a quick followup: > > What about actually shipping this in /usr/share/lxc/hooks/ > from lxc/hooks ? Sure, could add it to t

Re: [lxc-devel] [RFC 3/5] added stop-hook entries

> On September 28, 2015 at 5:07 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > No signed-off-by > > Note this will need a very good description in the documentation, > to explain that this w

Re: [lxc-devel] [RFC 5/5] pass namespace handles to the stop hook

> On September 28, 2015 at 5:12 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > > > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > --- (...) > > + rc = asprintf([namespace_count++], > > "%s:/proc/%d/fd/%d", &

Re: [lxc-devel] [RFC 0/5] stop hook with namespace access

Just a quick followup: I thought I'd drop a stop hook example here and a reason for why it's useful. As I mentioned, it's mostly about unmounting NFS mountpoints. However, you could say that that's not usually an issue as the container usually performs a (hopefully) clean shutdown sequence which

[lxc-devel] [RFC 4/5] run stop hook between STOPPING and STOPPED states

--- src/lxc/start.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 87fc32f..a1eb961 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -493,6 +493,8 @@ void lxc_fini(const char *name, struct lxc_handler *handler) */

[lxc-devel] [RFC 2/5] preserve container namespace

--- src/lxc/start.c | 18 ++ src/lxc/start.h | 1 + 2 files changed, 19 insertions(+) diff --git a/src/lxc/start.c b/src/lxc/start.c index 1a7d5a3..87fc32f 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -379,6 +379,7 @@ out_sigfd: struct lxc_handler *lxc_init(const

[lxc-devel] [RFC 1/5] start.c:preserve_ns: added pid parameter

--- src/lxc/start.c | 10 ++ 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 0601333..1a7d5a3 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -124,14 +124,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) { } } -static

[lxc-devel] [RFC 3/5] added stop-hook entries

--- src/lxc/conf.c| 4 +++- src/lxc/conf.h| 2 +- src/lxc/confile.c | 3 +++ 3 files changed, 7 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 0913b22..f81efcd 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -163,7 +163,7 @@ return -1; #endif

[lxc-devel] [RFC 5/5] pass namespace handles to the stop hook

--- src/lxc/start.c | 20 ++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index a1eb961..7a909de 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -486,15 +486,31 @@ out_free: void lxc_fini(const char *name, struct

[lxc-devel] [RFC 0/5] stop hook with namespace access

the container from starting with a broken filesystem without user-intervention). Wolfgang Bumiller (5): start.c:preserve_ns: added pid parameter preserve container namespace added stop-hook entries run stop hook between STOPPING and STOPPED states pass namespace handles to the stop hook src/lxc

Re: [lxc-devel] (Mount) namespaces cleanup

> On September 7, 2015 at 5:44 PM Serge Hallyn <serge.hal...@ubuntu.com> wrote: > Quoting Wolfgang Bumiller (w.bumil...@proxmox.com): > > On Fri, Sep 04, 2015 at 06:09:36PM +, Serge Hallyn wrote: > > > > I'm assuming the cleanup is left to the kernel for w

Re: [lxc-devel] (Mount) namespaces cleanup

On Fri, Sep 04, 2015 at 06:09:36PM +, Serge Hallyn wrote: > > I'm assuming the cleanup is left to the kernel for when the last > > reference to the namespace disappears. However, this can be > > Yes. > > > problematic in some cases. For instance with an NFS mount, which can > > apparently

[lxc-devel] (Mount) namespaces cleanup

I can't seem to find much about the cleanup process of the mount namespace. And in fact, when I start a container, open /proc/$container/ns/mnt with another shell on the host, then stop the container (up to the point where lxc-info shows STOPPED), then enter the namespace via setns(2) I can still

[lxc-devel] loop mounts and #195

We came across lxc's #195 while working on our frontend to support mount entries via lxc.mount.entry. The issue there (despite the change of the title) seems to be just the `loop' option (which ends up passed to mount(2) as part of the `data'). There's already code for loop devices, and a loop

[lxc-devel] seccomp, lxcfs and force-unmount

(I only recently subscribed to the list so forgive me if there's already a thread I should be replying to instead of opening a new one.) So I came across the force-unmount issue where `umount -f` on any of the bind mounts can cause lxcfs on the host to terminate. I find the seccomp solution to

[lxc-devel] [PATCH] make reboot with persistent veth name work

mailbox either. Is this intended? Wolfgang Bumiller (1): pass on reboot flag and delete old veth on reboot src/lxc/conf.c | 6 -- src/lxc/lxccontainer.c | 3 +-- src/lxc/start.c| 2 ++ 3 files changed, 7 insertions(+), 4 deletions(-) -- 2.1.4

[lxc-devel] [PATCH] pass on reboot flag and delete old veth on reboot

is used, the interface is now deleted before being recreated. Signed-off-by: Wolfgang Bumiller w.bumil...@proxmox.com --- src/lxc/conf.c | 6 -- src/lxc/lxccontainer.c | 3 +-- src/lxc/start.c| 2 ++ 3 files changed, 7 insertions(+), 4 deletions(-) diff --git a/src/lxc/conf.c b

Re: [lxc-devel] [PATCH] pass on reboot flag and delete old veth on reboot

For ease of future git history reviewers, please point out specifically that this means setting lxc.network.veth.pair. will do Tested that this does fix the issue, so once you handle the error cases in __lxc_start (easily done with a new label), I'll happily ack - thanks much. I can do