[lxc-devel] Passed: lxc/lxc#1760 (lxc-2.0.0.rc4 - db6c925)

[Travis CI]

Build Update for lxc/lxc
-

Build: #1760
Status: Passed

Duration: 1 minute and 22 seconds
Commit: db6c925 (lxc-2.0.0.rc4)
Author: Stéphane Graber
Message: change version to 2.0.0.rc4 in configure.ac

Signed-off-by: Stéphane Graber 

View the changeset: https://github.com/lxc/lxc/compare/lxc-2.0.0.rc4

View the full build log and details: 
https://travis-ci.org/lxc/lxc/builds/112183362

--

You can configure recipients for build notifications in your .travis.yml file. 
See https://docs.travis-ci.com/user/notifications


___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] db6c92: change version to 2.0.0.rc4 in configure.ac

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: db6c92525ee7df7051378fa0724e59efff8b2760
  https://github.com/lxc/lxc/commit/db6c92525ee7df7051378fa0724e59efff8b2760
  Author: Stéphane Graber 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M configure.ac

  Log Message:
  ---
  change version to 2.0.0.rc4 in configure.ac

Signed-off-by: Stéphane Graber 


___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc]

[GitHub]

  Branch: refs/tags/lxc-2.0.0.rc4
  Home:   https://github.com/lxc/lxc
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] implement a docker profile

[hallyn on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1672

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
so that you can easily launch a container in which you can run docker.

Thanks stgraber for the idea.

Signed-off-by: Serge Hallyn 
From f1faa563c9bc6d2a409b5d28d0daf61f7ff0a45e Mon Sep 17 00:00:00 2001
From: Serge Hallyn 
Date: Fri, 26 Feb 2016 16:07:48 -0800
Subject: [PATCH] implement a docker profile

so that you can easily launch a container in which you can run docker.

Thanks stgraber for the idea.

Signed-off-by: Serge Hallyn 
---
 README.md  |  9 +
 lxd/db.go  |  7 ++-
 lxd/db_profiles.go | 24 
 3 files changed, 39 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 5ef61c1..2ccbbb3 100644
--- a/README.md
+++ b/README.md
@@ -273,3 +273,12 @@ Yes. The easiest way to do that is using a privileged 
container:
 
 lxc launch ubuntu priv -c security.privileged=true
 lxc config device add priv homedir disk source=/home/$USER 
path=/home/ubuntu
+
+ How can I run docker inside a LXD container?
+
+Create a container with the migrateable profile:
+
+   lxc launch ubuntu:xenial my-docker-host -p default -p docker
+
+Then run a version of docker with the needed patches, for instance version
+v1.10.0.serge.2 branch of github.com/hallyn/docker.
diff --git a/lxd/db.go b/lxd/db.go
index c4f6cf5..2938306 100644
--- a/lxd/db.go
+++ b/lxd/db.go
@@ -181,7 +181,12 @@ func createDb(db *sql.DB) (err error) {
}
}
 
-   return dbProfileCreateDefault(db)
+   err = dbProfileCreateDefault(db)
+   if err != nil {
+   return err
+   }
+
+   return dbProfileCreateDocker(db)
 }
 
 func dbGetSchema(db *sql.DB) (v int) {
diff --git a/lxd/db_profiles.go b/lxd/db_profiles.go
index 78cfbad..94c69ed 100644
--- a/lxd/db_profiles.go
+++ b/lxd/db_profiles.go
@@ -110,6 +110,30 @@ func dbProfileCreateDefault(db *sql.DB) error {
return nil
 }
 
+func dbProfileCreateDocker(db *sql.DB) error {
+   id, err := dbProfileID(db, "docker")
+   if err != nil {
+   return err
+   }
+
+   if id != -1 {
+   // docker profile already exists
+   return nil
+   }
+
+   config := map[string]string{
+   "security.nesting": "true",
+   "linux.kernel_modules": "overlay, nf_nat",}
+   fusedev := map[string]string {
+"path": "/dev/fuse",
+"type": "unix-char",
+   }
+   devices := map[string]shared.Device{ "fuse": fusedev, }
+
+_, err = dbProfileCreate(db, "docker", config, devices)
+   return err
+}
+
 // Get the profile configuration map from the DB
 func dbProfileConfig(db *sql.DB, name string) (map[string]string, error) {
var key, value string
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Re: [lxc-devel] CGroup Namespaces (v10)

[Serge Hallyn]

Quoting Alban Crequy (alban.cre...@gmail.com):
> Hi,
> 
> On 29 January 2016 at 09:54,   wrote:
> > Hi,
> >
> > following is a revised set of the CGroup Namespace patchset which Aditya
> > Kali has previously sent.  The code can also be found in the cgroupns.v10
> > branch of
> >
> > https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/
> >
> > To summarize the semantics:
> >
> > 1. CLONE_NEWCGROUP re-uses 0x0200, which was previously CLONE_STOPPED
> 
> What's the best way for a userspace application to test at run-time
> whether the kernel supports cgroup namespaces? Would you recommend to
> test if the file /proc/self/ns/cgroup exists?

Yup.
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxd/master] Implement initial simplestreams support

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1671

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
With this, we get the two simplestreams remote and can interact with the remote image store, copy from it, export from it and start containers from it.

The next step will involve implementing sync support into the LXD daemon so that those images can be kept in sync in the background.
From 7a9f057e1f5d53320513af4c152cfb242372f1d3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Tue, 16 Feb 2016 17:18:57 -0500
Subject: [PATCH 1/3] Implement simplestreams support in the client
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber 
---
 client.go   | 182 +--
 config.go   |  35 ++-
 lxc/image.go|   6 +-
 lxc/remote.go   |  34 ++-
 po/lxd.pot  |  99 
 shared/architectures.go |  18 ++
 shared/simplestreams.go | 595 
 7 files changed, 842 insertions(+), 127 deletions(-)
 create mode 100644 shared/simplestreams.go

diff --git a/client.go b/client.go
index 768f27b..c5b1468 100644
--- a/client.go
+++ b/client.go
@@ -37,6 +37,7 @@ type Client struct {
 
Httphttp.Client
websocketDialer websocket.Dialer
+   simplestreams   *shared.SimpleStreams
 }
 
 type ResponseType string
@@ -201,6 +202,17 @@ func NewClient(config *Config, remote string) (*Client, 
error) {
return nil, err
}
c.Config = *config
+   c.Remote = 
+
+   if c.Remote.Protocol == "simplestreams" {
+   ss, err := shared.SimpleStreamsClient(c.Remote.Addr)
+   if err != nil {
+   return nil, err
+   }
+
+   c.simplestreams = ss
+   }
+
return c, nil
 }
 
@@ -554,42 +566,46 @@ func (c *Client) ListContainers() 
([]shared.ContainerInfo, error) {
 }
 
 func (c *Client) CopyImage(image string, dest *Client, copy_aliases bool, 
aliases []string, public bool, progressHandler func(progress string)) error {
-   fingerprint := c.GetAlias(image)
-   if fingerprint == "" {
-   fingerprint = image
+   source := shared.Jmap{
+   "type":"image",
+   "mode":"pull",
+   "server":  c.BaseURL,
+   "protocol":c.Remote.Protocol,
+   "certificate": c.Certificate,
+   "fingerprint": image}
+
+   target := c.GetAlias(image)
+   if target != "" {
+   image = target
}
 
-   info, err := c.GetImageInfo(fingerprint)
+   info, err := c.GetImageInfo(image)
if err != nil {
return err
}
 
-   source := shared.Jmap{
-   "type":"image",
-   "mode":"pull",
-   "server":  c.BaseURL,
-   "certificate": c.Certificate,
-   "fingerprint": fingerprint}
+   if c.Remote.Protocol != "simplestreams" {
+   if !info.Public {
+   var secret string
 
-   if !info.Public {
-   var secret string
+   resp, err := c.post("images/"+image+"/secret", nil, 
Async)
+   if err != nil {
+   return err
+   }
 
-   resp, err := c.post("images/"+fingerprint+"/secret", nil, Async)
-   if err != nil {
-   return err
-   }
+   op, err := resp.MetadataAsOperation()
+   if err != nil {
+   return err
+   }
 
-   op, err := resp.MetadataAsOperation()
-   if err != nil {
-   return err
-   }
+   secret, err = op.Metadata.GetString("secret")
+   if err != nil {
+   return err
+   }
 
-   secret, err = op.Metadata.GetString("secret")
-   if err != nil {
-   return err
+   source["secret"] = secret
}
-
-   source["secret"] = secret
+   source["fingerprint"] = image
}
 
addresses, err := c.Addresses()
@@ -680,11 +696,15 @@ func (c *Client) CopyImage(image string, dest *Client, 
copy_aliases bool, aliase
return err
 }
 
-func (c *Client) ExportImage(image string, target string) (*Response, string, 
error) {
+func (c *Client) ExportImage(image string, target string) (string, error) {
+   if c.Remote.Protocol == 

[lxc-devel] [lxd/master] Export image last use and cache state

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1670

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Signed-off-by: Stéphane Graber 
From 83632e4d1ef69d5ec1fc110d1d48141b23addb4c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 26 Feb 2016 17:40:36 -0500
Subject: [PATCH] Export image last use and cache state
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Stéphane Graber 
---
 lxd/db_images.go  | 20 +---
 shared/image.go   |  2 ++
 specs/rest-api.md |  2 ++
 3 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/lxd/db_images.go b/lxd/db_images.go
index 70f58d3..c845b46 100644
--- a/lxd/db_images.go
+++ b/lxd/db_images.go
@@ -38,7 +38,7 @@ func dbImagesGet(db *sql.DB, public bool) ([]string, error) {
 // enforced by a UNIQUE constraint in the schema.
 func dbImageGet(db *sql.DB, fingerprint string, public bool, strictMatching 
bool) (int, *shared.ImageInfo, error) {
var err error
-   var create, expire, upload *time.Time // These hold the db-returned 
times
+   var create, expire, used, upload *time.Time // These hold the 
db-returned times
 
// The object we'll actually return
image := shared.ImageInfo{}
@@ -47,8 +47,8 @@ func dbImageGet(db *sql.DB, fingerprint string, public bool, 
strictMatching bool
 
// These two humongous things will be filled by the call to 
DbQueryRowScan
outfmt := []interface{}{, , ,
-   , , ,
-   , , }
+   , , , ,
+   , , , }
 
var query string
 
@@ -57,8 +57,8 @@ func dbImageGet(db *sql.DB, fingerprint string, public bool, 
strictMatching bool
inargs = []interface{}{fingerprint}
query = `
 SELECT
-id, fingerprint, filename, size, public, architecture,
-creation_date, expiry_date, upload_date
+id, fingerprint, filename, size, cached, public, architecture,
+creation_date, expiry_date, last_use_date, upload_date
 FROM
 images
 WHERE fingerprint = ?`
@@ -66,8 +66,8 @@ func dbImageGet(db *sql.DB, fingerprint string, public bool, 
strictMatching bool
inargs = []interface{}{fingerprint + "%"}
query = `
 SELECT
-id, fingerprint, filename, size, public, architecture,
-creation_date, expiry_date, upload_date
+id, fingerprint, filename, size, cached, public, architecture,
+creation_date, expiry_date, last_use_date, upload_date
 FROM
 images
 WHERE fingerprint LIKE ?`
@@ -96,6 +96,12 @@ func dbImageGet(db *sql.DB, fingerprint string, public bool, 
strictMatching bool
image.ExpiryDate = time.Time{}
}
 
+   if used != nil {
+   image.LastUsedDate = *used
+   } else {
+   image.LastUsedDate = time.Time{}
+   }
+
image.Architecture, _ = shared.ArchitectureName(arch)
 
// The upload date is enforced by NOT NULL in the schema, so it can 
never be nil.
diff --git a/shared/image.go b/shared/image.go
index c56c997..c2feaaa 100644
--- a/shared/image.go
+++ b/shared/image.go
@@ -22,6 +22,7 @@ type ImageAlias struct {
 type ImageInfo struct {
Aliases  []ImageAlias  `json:"aliases"`
Architecture string`json:"architecture"`
+   Cached   bool  `json:"cached"`
Fingerprint  string`json:"fingerprint"`
Filename string`json:"filename"`
Properties   map[string]string `json:"properties"`
@@ -29,6 +30,7 @@ type ImageInfo struct {
Size int64 `json:"size"`
CreationDate time.Time `json:"created_at"`
ExpiryDate   time.Time `json:"expires_at"`
+   LastUsedDate time.Time `json:"last_used_at"`
UploadDate   time.Time `json:"uploaded_at"`
 }
 
diff --git a/specs/rest-api.md b/specs/rest-api.md
index 1c82ea7..945115c 100644
--- a/specs/rest-api.md
+++ b/specs/rest-api.md
@@ -1101,6 +1101,7 @@ Output:
 }
 ],
 "architecture": "x86_64",
+"cached": false,
 "fingerprint": 
"54c8caac1f61901ed86c68f24af5f5d3672bdc62c71d04f06df3a59e95684473",
 "filename": "ubuntu-trusty-14.04-amd64-server-20160201.tar.xz",
 "properties": {
@@ -1113,6 +1114,7 @@ Output:
 "size": 123792592,
 "created_at": "2016-02-01T21:07:41Z",
 "expires_at": "1970-01-01T00:00:00Z",
+"last_used_at": "1970-01-01T00:00:00Z",
 "uploaded_at": "2016-02-16T00:44:47Z"
 }
 

[lxc-devel] [lxc/lxc] fcca16: cgfs: ignore mount prefix in mountinfo if cgroup n...

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: fcca16bc86c3e08439bc4a7b865213689b6e1c12
  https://github.com/lxc/lxc/commit/fcca16bc86c3e08439bc4a7b865213689b6e1c12
  Author: Serge Hallyn 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/cgfs.c

  Log Message:
  ---
  cgfs: ignore mount prefix in mountinfo if cgroup namespaces are supported

This is not 100% correct, but will suffice until we fix the kernel so that
we can distinguish between bind mounts and namespaced cgroupfs mounts.

Signed-off-by: Serge Hallyn 


  Commit: 992b78d7157f3e2789c84fc5bfc0748d03cc4d1a
  https://github.com/lxc/lxc/commit/992b78d7157f3e2789c84fc5bfc0748d03cc4d1a
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/cgfs.c

  Log Message:
  ---
  Merge pull request #856 from hallyn/2016-02-26/cgfs.cgns.2

cgfs: ignore mount prefix in mountinfo if cgroup namespaces are suppo…


Compare: https://github.com/lxc/lxc/compare/5d55659daae5...992b78d7157f___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] cgfs: ignore mount prefix in mountinfo if cgroup namespaces are suppo…

[hallyn on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/856

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
…rted

This is not 100% correct, but will suffice until we fix the kernel so that
we can distinguish between bind mounts and namespaced cgroupfs mounts.

Signed-off-by: Serge Hallyn 
From fcca16bc86c3e08439bc4a7b865213689b6e1c12 Mon Sep 17 00:00:00 2001
From: Serge Hallyn 
Date: Fri, 26 Feb 2016 13:35:24 -0800
Subject: [PATCH] cgfs: ignore mount prefix in mountinfo if cgroup namespaces
 are supported

This is not 100% correct, but will suffice until we fix the kernel so that
we can distinguish between bind mounts and namespaced cgroupfs mounts.

Signed-off-by: Serge Hallyn 
---
 src/lxc/cgfs.c | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c
index 8c1cb64..16c80eb 100644
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
@@ -418,6 +418,7 @@ static bool find_hierarchy_mountpts( struct 
cgroup_meta_data *meta_data, char **
size_t mount_point_capacity = 0;
size_t token_capacity = 0;
int r;
+   bool is_cgns = cgns_supported();
 
proc_self_mountinfo = fopen_cloexec("/proc/self/mountinfo", "r");
/* if for some reason (because of setns() and pid namespace for 
example),
@@ -512,7 +513,7 @@ static bool find_hierarchy_mountpts( struct 
cgroup_meta_data *meta_data, char **
meta_data->mount_points[mount_point_count++] = mount_point;
 
mount_point->hierarchy = h;
-   if (is_lxcfs)
+   if (is_lxcfs || is_cgns)
mount_point->mount_prefix = strdup("/");
else
mount_point->mount_prefix = strdup(tokens[3]);
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] ea439a: fix cgfs failure for unpriv users

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: ea439aaca19806baab514e67da20ac527de2f96c
  https://github.com/lxc/lxc/commit/ea439aaca19806baab514e67da20ac527de2f96c
  Author: Serge Hallyn 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/cgroup.c
M src/lxc/cgroup.h

  Log Message:
  ---
  fix cgfs failure for unpriv users

Cgmanager was taught awhile ago that only some cgroup controllers are
crucial.  Teach cgfs the same thing.

This patch needs improvement, but will fix failure of lxc without cgmanager
for unprivileged users for now.  In particular, needed improvements include:

1. the check for crucial subsystems needs to include lxc.use
2. we should keep a list of the actually used subsystems so we don't keep
trying to chmod and enter after create has found we couldn't use a particular
subsystem

This fixes unprivileged lxc use.  It does not appear to suffice to fix
nested unprivilegd lxd usage.

Signed-off-by: Serge Hallyn 


  Commit: 5d55659daae5aa70cd579be4bee942a07173440c
  https://github.com/lxc/lxc/commit/5d55659daae5aa70cd579be4bee942a07173440c
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/cgfs.c
M src/lxc/cgmanager.c
M src/lxc/cgroup.c
M src/lxc/cgroup.h

  Log Message:
  ---
  Merge pull request #855 from hallyn/2016-02-26/cgfs.crucial

fix cgfs failure for unpriv users


Compare: https://github.com/lxc/lxc/compare/127ef998ed3d...5d55659daae5___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] fix cgfs failure for unpriv users

[hallyn on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/855

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Cgmanager was taught awhile ago that only some cgroup controllers are
crucial.  Teach cgfs the same thing.

This patch needs improvement, but will fix failure of lxc without cgmanager
for unprivileged users for now.  In particular, needed improvements include:

1. the check for crucial subsystems needs to include lxc.use
2. we should keep a list of the actually used subsystems so we don't keep
trying to chmod and enter after create has found we couldn't use a particular
subsystem

This fixes unprivileged lxc use.  It does not appear to suffice to fix
nested unprivilegd lxd usage.

Signed-off-by: Serge Hallyn 
From 191b86778d1277228eaeab861e50c1ee8f601b42 Mon Sep 17 00:00:00 2001
From: Serge Hallyn 
Date: Fri, 26 Feb 2016 20:03:09 +
Subject: [PATCH] fix cgfs failure for unpriv users

Cgmanager was taught awhile ago that only some cgroup controllers are
crucial.  Teach cgfs the same thing.

This patch needs improvement, but will fix failure of lxc without cgmanager
for unprivileged users for now.  In particular, needed improvements include:

1. the check for crucial subsystems needs to include lxc.use
2. we should keep a list of the actually used subsystems so we don't keep
trying to chmod and enter after create has found we couldn't use a particular
subsystem

This fixes unprivileged lxc use.  It does not appear to suffice to fix
nested unprivilegd lxd usage.

Signed-off-by: Serge Hallyn 
---
 src/lxc/cgfs.c  | 25 -
 src/lxc/cgmanager.c | 15 ---
 src/lxc/cgroup.c| 15 +++
 src/lxc/cgroup.h|  1 +
 4 files changed, 36 insertions(+), 20 deletions(-)

diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c
index e2d8934..8c1cb64 100644
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
@@ -807,6 +807,17 @@ static char *cgroup_rename_nsgroup(const char *mountpath, 
const char *oldname, p
return newname;
 }
 
+static bool is_crucial_hierarchy(struct cgroup_hierarchy *h)
+{
+   char **p;
+
+   for (p = h->subsystems; *p; p++) {
+   if (is_crucial_cgroup_subsystem(*p))
+   return true;
+   }
+   return false;
+}
+
 /* create a new cgroup */
 static struct cgroup_process_info *lxc_cgroupfs_create(const char *name, const 
char *path_pattern, struct cgroup_meta_data *meta_data, const char *sub_pattern)
 {
@@ -974,8 +985,11 @@ static struct cgroup_process_info 
*lxc_cgroupfs_create(const char *name, const c
current_entire_path = NULL;
goto cleanup_name_on_this_level;
} else if (r < 0 && errno != EEXIST) {
-   SYSERROR("Could not create cgroup '%s' in 
'%s'.", current_entire_path, info_ptr->designated_mount_point->mount_point);
-   goto cleanup_from_error;
+   if (is_crucial_hierarchy(info_ptr->hierarchy)) {
+   SYSERROR("Could not create cgroup '%s' 
in '%s'.", current_entire_path, info_ptr->designated_mount_point->mount_point);
+   goto cleanup_from_error;
+   }
+   goto skip;
} else if (r == 0) {
/* successfully created */
r = lxc_grow_array((void 
***)_ptr->created_paths, _ptr->created_paths_capacity, 
info_ptr->created_paths_count + 1, 8);
@@ -999,6 +1013,7 @@ static struct cgroup_process_info 
*lxc_cgroupfs_create(const char *name, const c
goto cleanup_from_error;
}
 
+skip:
/* already existed but path component of 
pattern didn't contain '%n',
 * so this is not an error; but then we don't 
need current_entire_path
 * anymore...
@@ -1180,7 +1195,7 @@ static int lxc_cgroupfs_enter(struct cgroup_process_info 
*info, pid_t pid, bool
 
r = lxc_write_to_file(cgroup_tasks_fn, pid_buf, 
strlen(pid_buf), false);
free(cgroup_tasks_fn);
-   if (r < 0) {
+   if (r < 0 && is_crucial_hierarchy(info_ptr->hierarchy)) {
SYSERROR("Could not add pid %lu to cgroup %s: internal 
error", (unsigned long)pid, cgroup_path);
return -1;
}
@@ -1509,7 +1524,7 @@ static bool cgroupfs_mount_cgroup(void *hdata, const char 
*root, int type)
if (!abs_path)
goto 

[lxc-devel] [lxd/master] Fix hardcoded architecture path in apparmor profile

[stgraber on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxd/pull/1667

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Surely we also want nesting to work on other architectures :)

Signed-off-by: Stéphane Graber 
From 16636f26d7b54d821b6d7ad5847a0c44356013e3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20Graber?= 
Date: Fri, 26 Feb 2016 12:43:44 -0500
Subject: [PATCH] Fix hardcoded architecture path in apparmor profile
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Surely we also want nesting to work on other architectures :)

Signed-off-by: Stéphane Graber 
---
 lxd/apparmor.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lxd/apparmor.go b/lxd/apparmor.go
index b983834..45fe566 100644
--- a/lxd/apparmor.go
+++ b/lxd/apparmor.go
@@ -27,8 +27,8 @@ const NESTING_AA_PROFILE = `
   pivot_root,
   mount /var/lib/lxd/shmounts/ -> /var/lib/lxd/shmounts/,
   mount none -> /var/lib/lxd/shmounts/,
-  mount fstype=proc -> /usr/lib/x86_64-linux-gnu/lxc/**,
-  mount fstype=sysfs -> /usr/lib/x86_64-linux-gnu/lxc/**,
+  mount fstype=proc -> /usr/lib/*/lxc/**,
+  mount fstype=sysfs -> /usr/lib/*/lxc/**,
   mount options=(rw,bind),
   mount options=(rw,rbind),
   deny /dev/.lxd/proc/** rw,
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] fb9d69: lxc-ls: count spaces

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: fb9d69f27fa8aa5bad5bde1a46f868d75241a6f5
  https://github.com/lxc/lxc/commit/fb9d69f27fa8aa5bad5bde1a46f868d75241a6f5
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/lxc_ls.c

  Log Message:
  ---
  lxc-ls: count spaces

Otherwise line wrapping might occur too late.

Signed-off-by: Christian Brauner 


  Commit: e5712bb4415f887df6fb6b67e0d2f21954ee5614
  https://github.com/lxc/lxc/commit/e5712bb4415f887df6fb6b67e0d2f21954ee5614
  Author: Stéphane Graber 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M src/lxc/lxc_ls.c

  Log Message:
  ---
  Merge pull request #852 from brauner/bugfix_branch

lxc-ls: count spaces


Compare: https://github.com/lxc/lxc/compare/c46954935b51...e5712bb4415f___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] 6515fa: lxc-alpine: completely rewrite the template script

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 6515faa115664909351ac241763bcb374ff62608
  https://github.com/lxc/lxc/commit/6515faa115664909351ac241763bcb374ff62608
  Author: Jakub Jirutka 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M config/templates/Makefile.am
A config/templates/alpine.common.conf.in
A config/templates/alpine.userns.conf.in
M configure.ac
M templates/lxc-alpine.in

  Log Message:
  ---
  lxc-alpine: completely rewrite the template script

New template script is more readable and robust, uses cache and external
LXC config file as other templates.

Signed-off-by: Jakub Jirutka 


  Commit: 04fa4e125397e022d99cd8448b221caef3c92452
  https://github.com/lxc/lxc/commit/04fa4e125397e022d99cd8448b221caef3c92452
  Author: Jakub Jirutka 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M templates/lxc-alpine.in

  Log Message:
  ---
  lxc-alpine: make it compatible with ash, replace curl and rsync

Now it runs even on minimal Alpine system without bash, curl, openssl or
rsync.

Signed-off-by: Jakub Jirutka 


  Commit: 5845ac2bb83c2d509cbcb9a869d94b793f18
  https://github.com/lxc/lxc/commit/5845ac2bb83c2d509cbcb9a869d94b793f18
  Author: Jakub Jirutka 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M templates/lxc-alpine.in

  Log Message:
  ---
  lxc-alpine: remove all bashisms, make it compatible with dash

Signed-off-by: Jakub Jirutka 


  Commit: 20f39db782ec0d2197cf3a81e6038fb908159ef6
  https://github.com/lxc/lxc/commit/20f39db782ec0d2197cf3a81e6038fb908159ef6
  Author: Jakub Jirutka 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M templates/lxc-alpine.in

  Log Message:
  ---
  lxc-alpine: cache APK packages instead of rootfs

Signed-off-by: Jakub Jirutka 


  Commit: 1125e053fb0dbaad73437ed02e435f36e766fc2b
  https://github.com/lxc/lxc/commit/1125e053fb0dbaad73437ed02e435f36e766fc2b
  Author: Jakub Jirutka 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M templates/lxc-alpine.in

  Log Message:
  ---
  lxc-alpine: allow to install additional packages

Signed-off-by: Jakub Jirutka 


  Commit: 127ef998ed3d84b64e075213f5f40a4d472a2c95
  https://github.com/lxc/lxc/commit/127ef998ed3d84b64e075213f5f40a4d472a2c95
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M config/templates/Makefile.am
A config/templates/alpine.common.conf.in
A config/templates/alpine.userns.conf.in
M configure.ac
M templates/lxc-alpine.in

  Log Message:
  ---
  Merge pull request #751 from jirutka/alpine-tmpl

Rewrite template script for Alpine Linux


Compare: https://github.com/lxc/lxc/compare/e5712bb4415f...127ef998ed3d___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Re: [lxc-devel] CGroup Namespaces (v10)

[Alban Crequy]

Hi,

On 29 January 2016 at 09:54,   wrote:
> Hi,
>
> following is a revised set of the CGroup Namespace patchset which Aditya
> Kali has previously sent.  The code can also be found in the cgroupns.v10
> branch of
>
> https://git.kernel.org/cgit/linux/kernel/git/sergeh/linux-security.git/
>
> To summarize the semantics:
>
> 1. CLONE_NEWCGROUP re-uses 0x0200, which was previously CLONE_STOPPED

What's the best way for a userspace application to test at run-time
whether the kernel supports cgroup namespaces? Would you recommend to
test if the file /proc/self/ns/cgroup exists?

Thanks!
Alban
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] a3e596: doc: Add LXC_CGNS_AWARE env to Korean lxc.containe...

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: a3e596c3a54bc3330b6f974e3ebf70c1b6bdd24a
  https://github.com/lxc/lxc/commit/a3e596c3a54bc3330b6f974e3ebf70c1b6bdd24a
  Author: Sungbae Yoo 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc.container.conf.sgml.in

  Log Message:
  ---
  doc: Add LXC_CGNS_AWARE env to Korean lxc.container.conf(5)

Update for commit c4cafa0

Signed-off-by: Sungbae Yoo 


  Commit: 1e4fe6112c78b20aa1854dd2b4ef6837d45c9976
  https://github.com/lxc/lxc/commit/1e4fe6112c78b20aa1854dd2b4ef6837d45c9976
  Author: Sungbae Yoo 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc.container.conf.sgml.in

  Log Message:
  ---
  doc: Add the Korean description of cgns apparmor profile in lxc.container.conf

Update for commit 7a126ae

Signed-off-by: Sungbae Yoo 


  Commit: eae7ec6edca67f6b7cb53818cce41290b6cd7138
  https://github.com/lxc/lxc/commit/eae7ec6edca67f6b7cb53818cce41290b6cd7138
  Author: Sungbae Yoo 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc-attach.sgml.in

  Log Message:
  ---
  doc: Update Korean lxc-attach(1)

Update for commit e986ea3

Signed-off-by: Sungbae Yoo 


  Commit: 77fbb4d2d9580887b984ee29cf36042d1384de06
  https://github.com/lxc/lxc/commit/77fbb4d2d9580887b984ee29cf36042d1384de06
  Author: Sungbae Yoo 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc-clone.sgml.in
M doc/ko/lxc-start-ephemeral.sgml.in

  Log Message:
  ---
  doc: Update Korean lxc-clone(1) and lxc-start-ephemeral(1)

Update for commit 2ae6732.

Signed-off-by: Sungbae Yoo 


  Commit: bcd7520a48f77dad266b4a78575cf791439d5c73
  https://github.com/lxc/lxc/commit/bcd7520a48f77dad266b4a78575cf791439d5c73
  Author: Sungbae Yoo 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc-attach.sgml.in
M doc/ko/lxc.container.conf.sgml.in

  Log Message:
  ---
  doc: Add the Korean description that automount is ignored when cgroup 
namespaces are supported.

Update for commit 4608594

Signed-off-by: Sungbae Yoo 


  Commit: c46954935b51f70408d31786d0795872d15b
  https://github.com/lxc/lxc/commit/c46954935b51f70408d31786d0795872d15b
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ko/lxc-attach.sgml.in
M doc/ko/lxc-clone.sgml.in
M doc/ko/lxc-start-ephemeral.sgml.in
M doc/ko/lxc.container.conf.sgml.in

  Log Message:
  ---
  Merge pull request #854 from ysbnim/master

Update Korean manuals


Compare: https://github.com/lxc/lxc/compare/c753bba61591...c46954935b51___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/lxc] f025e6: doc: Update Japanese lxc-attach(1)

[GitHub]

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: f025e64819ea14ea5f87eae652a1666cdcbb640e
  https://github.com/lxc/lxc/commit/f025e64819ea14ea5f87eae652a1666cdcbb640e
  Author: KATOH Yasufumi 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ja/lxc-attach.sgml.in

  Log Message:
  ---
  doc: Update Japanese lxc-attach(1)

Update the description of pty allocation. Update for commit 478dda7.

Signed-off-by: KATOH Yasufumi 


  Commit: c753bba61591a1588d99b34dbff80d402065476a
  https://github.com/lxc/lxc/commit/c753bba61591a1588d99b34dbff80d402065476a
  Author: Christian Brauner 
  Date:   2016-02-26 (Fri, 26 Feb 2016)

  Changed paths:
M doc/ja/lxc-attach.sgml.in

  Log Message:
  ---
  Merge pull request #853 from tenforward/japanese_man

doc: Update Japanese lxc-attach(1)


Compare: https://github.com/lxc/lxc/compare/a71e0967ae9f...c753bba61591___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] Update Korean manuals

[ysbnim on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/854

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Update Korean lxc-attach, lxc-clone, lxc-start-ephemeral, lxc.container.conf
From a3e596c3a54bc3330b6f974e3ebf70c1b6bdd24a Mon Sep 17 00:00:00 2001
From: Sungbae Yoo 
Date: Thu, 25 Feb 2016 15:21:10 +0900
Subject: [PATCH 1/5] doc: Add LXC_CGNS_AWARE env to Korean
 lxc.container.conf(5)

Update for commit c4cafa0

Signed-off-by: Sungbae Yoo 
---
 doc/ko/lxc.container.conf.sgml.in | 19 +++
 1 file changed, 19 insertions(+)

diff --git a/doc/ko/lxc.container.conf.sgml.in 
b/doc/ko/lxc.container.conf.sgml.in
index 6d2d71c..9522a87 100644
--- a/doc/ko/lxc.container.conf.sgml.in
+++ b/doc/ko/lxc.container.conf.sgml.in
@@ -2189,6 +2189,25 @@ mknod errno 0
   
 
   
+  
+
+  
+LXC_CGNS_AWARE
+  
+  
+
+  
+ 이 변수가 지정되지 않았다면, 현재 버전의 lxc는 cgroup 네임스페이스를 지원하지 않는다. 만약 지정되었고 값이 
1이라면, lxc는 cgroup 네임스페이스를 지원하는 것이다. 단, kernel에서의 cgroup 네임스페이스 지원을 보장하는 것이 아님에 
주의해야 한다. lxcfs 마운트 훅에서 사용된다.
+
+  
+
+  
 
 
 

From 1e4fe6112c78b20aa1854dd2b4ef6837d45c9976 Mon Sep 17 00:00:00 2001
From: Sungbae Yoo 
Date: Thu, 25 Feb 2016 15:39:00 +0900
Subject: [PATCH 2/5] doc: Add the Korean description of cgns apparmor profile
 in lxc.container.conf

Update for commit 7a126ae

Signed-off-by: Sungbae Yoo 
---
 doc/ko/lxc.container.conf.sgml.in | 14 --
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/doc/ko/lxc.container.conf.sgml.in 
b/doc/ko/lxc.container.conf.sgml.in
index 9522a87..4b16885 100644
--- a/doc/ko/lxc.container.conf.sgml.in
+++ b/doc/ko/lxc.container.conf.sgml.in
@@ -1611,9 +1611,11 @@ proc proc proc nodev,noexec,nosuid 0 0
If lxc was compiled and installed with apparmor support, and the host
system has apparmor enabled, then the apparmor profile under which the
container should be run can be specified in the container
-   configuration.  The default is lxc-container-default.
+configuration.  The default is 
lxc-container-default-cgns
+   if the host kernel is cgroup namespace aware, or
+   lxc-container-default othewise.
 -->
-lxc가 apparmor를 지원하도록 컴파일된 후 설치되었고, 호스트 시스템에서 apparmor가 활성화되었다면, 컨테이너에서 
따라야할 apparmor 프로파일을 컨테이너 설정에서 지정할 수 있다. 기본값은 
lxc-container-default이다.
+lxc가 apparmor를 지원하도록 컴파일된 후 설치되었고, 호스트 시스템에서 apparmor가 활성화되었다면, 컨테이너에서 
따라야할 apparmor 프로파일을 컨테이너 설정에서 지정할 수 있다. 기본값은 호스트 커널이 cgroup 네임스페이스를 지원하면 
lxc-container-default-cgns이고, 그렇지 않다면 
lxc-container-default이다.
   
   

@@ -1631,6 +1633,14 @@ proc proc proc nodev,noexec,nosuid 0 0
   컨테이너가 apparmor로 인한 제한을 받지 않도록 하려면, 아래와 같이 지정하면 된다.

  lxc.aa_profile = unconfined
+
+ 
+  apparmor 프로파일이 변경되지 않아야 한다면(중첩 컨테이너 안에 있고, 이미 confined된 경우), 아래와 
같이 지정하면 된다.
+
+  lxc.aa_profile = unchanged
  



From eae7ec6edca67f6b7cb53818cce41290b6cd7138 Mon Sep 17 00:00:00 2001
From: Sungbae Yoo 
Date: Fri, 26 Feb 2016 18:39:09 +0900
Subject: [PATCH 3/5] doc: Update Korean lxc-attach(1)

Update for commit e986ea3

Signed-off-by: Sungbae Yoo 
---
 doc/ko/lxc-attach.sgml.in | 38 ++
 1 file changed, 38 insertions(+)

diff --git a/doc/ko/lxc-attach.sgml.in b/doc/ko/lxc-attach.sgml.in
index f8e23f8..cc244d1 100644
--- a/doc/ko/lxc-attach.sgml.in
+++ b/doc/ko/lxc-attach.sgml.in
@@ -91,6 +91,29 @@ by Sungbae Yoo 
   만약 command가 지정되지 않았다면, 
lxc-attach가 현재 실행 중인 쉘이 컨테이너 안에도 있는지 검사하고 이를 실행한다.
   만약 컨테이너 안에 사용자가 존재하지 않거나, nsswitch가 제대로 동작하지 않는 경우에는 이 명령이 실패하게 된다.
 
+
+  
+  이전 버전의 lxc-attach는 단순히 컨테이너의 특정 네임스페이스에 붙어, 쉘을 실행하거나 
pseudo 터미널 할당 없이 특정 명령어를 실행하였다.
+  이는 다른 특권 수준을 갖는 사용자 영역 컨텍스트 간의 전환후 TIOCSTI ioctl를 
호출하여 입력을 가로챌 수 있는 취약점이 있다.
+  새로운 버전의 lxc-attach는 쉘이나 명령어를 실행하기 전에, pseudo 터미널 
마스터/슬레이브 쌍을 할당하고, 터미널을 가리키고 있던 표준 입출력 파일 디스크립터들은 슬레이브 pseudo 터미널로 붙인다. 
lxc-attach는 처음에 컨테이너 내부에 pseudo 터미널을 할당한다. 만약 이것이 실패하면, 호스트에 
할당하고, 이마저 실패하면 할당을 포기한다.
+  터미널을 가리키고 있던 표준 입출력 파일 디스크립터가 아예 없었다면, lxc-attach는 
pseudo 터미널 할당을 시도하지 않는다. 단순히 컨테이너 네임스페이스에 붙어 쉘이나 지정한 명령어만 실행할 뿐이다.
+
 
   
 
@@ -402,6 +425,21 @@ by Sungbae Yoo 
   이러한 문제를 해결하기 위해, -R 옵션이 제공된다. 해당 옵션은 attach되는 프로세스의 
네트워크/pid 네임스페이스를 반영하기 위해 /proc와 
/sys를 다시 마운트한다.
 호스트의 실제 파일시스템에 방해가 되지 않기 위해 마운트 네임스페이스는 공유되지 
않는다(lxc-unshare의 동작과 비슷). /proc와 
/sys 파일시스템을 제외하고 호스트 마운트 네임스페이스와 동일한 새로운 마운트 네임스페이스가 
주어지게 된다.
 
+
+
+  
+  이전 버전의 

[lxc-devel] [lxc/master] doc: Update Japanese lxc-attach(1)

[tenforward on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/853

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Update the description of pty allocation. Update for commit 478dda7.

Signed-off-by: KATOH Yasufumi 
From f025e64819ea14ea5f87eae652a1666cdcbb640e Mon Sep 17 00:00:00 2001
From: KATOH Yasufumi 
Date: Fri, 26 Feb 2016 20:05:09 +0900
Subject: [PATCH] doc: Update Japanese lxc-attach(1)

Update the description of pty allocation. Update for commit 478dda7.

Signed-off-by: KATOH Yasufumi 
---
 doc/ja/lxc-attach.sgml.in | 24 ++--
 1 file changed, 10 insertions(+), 14 deletions(-)

diff --git a/doc/ja/lxc-attach.sgml.in b/doc/ja/lxc-attach.sgml.in
index 7c668ee..8c0a865 100644
--- a/doc/ja/lxc-attach.sgml.in
+++ b/doc/ja/lxc-attach.sgml.in
@@ -94,25 +94,21 @@ by KATOH Yasufumi 
 
   
-  前のバージョンの lxc-attach は、単に指定したコンテナの名前空間にアタッチし、擬似端末 
(pseudo terminal) なしで、シェルもしくは指定したコマンドを実行しました。
+  前のバージョンの lxc-attach は、単に指定したコンテナの名前空間にアタッチし、最初に擬似端末 
(pseudo terminal) を割り当てないで、シェルもしくは指定したコマンドを実行しました。
   これは、異なる特権レベルを持つユーザ空間の実行コンテキストを切り替えた後に、TIOCSTI ioctl 
の呼び出し経由で擬似入力を行うことに対して脆弱となります。
-  新しいバージョンの lxc-attach 
は、擬似端末のマスター/スレーブのペアを割り当てようとします。そしてシェルやコマンドを実行する前に、擬似端末のスレーブ側に対して、ターミナルを参照する標準ファイルディスクリプタをアタッチします。
-  lxc-attach 
は、最初にコンテナ内の擬似端末を割り当てようとします。これが失敗した場合、最終的に処理を諦める前に、ホスト上の擬似端末を割り当てようとします。
+  新しいバージョンの lxc-attach 
は、ホスト上の擬似端末のマスター/スレーブのペアを割り当てようとします。そしてシェルやコマンドを実行する前に、擬似端末のスレーブ側に対して、ターミナルを参照する標準ファイルディスクリプタをアタッチします。
   ターミナルを参照する標準ファイルディスクリプタがない場合は、lxc-attach 
は擬似端末の割り当てを行わないことに注意してください。代わりに、単にコンテナの名前空間にアタッチし、シェルや指定したコマンドを実行します。
 
 
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

[lxc-devel] [lxc/master] lxc-ls: count spaces

[brauner on Github]

The following pull request was submitted through Github.
It can be accessed and reviewed at: https://github.com/lxc/lxc/pull/852

This e-mail was sent by the LXC bot, direct replies will not reach the author
unless they happen to be subscribed to this list.

=== Description (from pull-request) ===
Otherwise line wrapping might occur too late.

Signed-off-by: Christian Brauner 
From fb9d69f27fa8aa5bad5bde1a46f868d75241a6f5 Mon Sep 17 00:00:00 2001
From: Christian Brauner 
Date: Fri, 26 Feb 2016 11:18:47 +0100
Subject: [PATCH] lxc-ls: count spaces

Otherwise line wrapping might occur too late.

Signed-off-by: Christian Brauner 
---
 src/lxc/lxc_ls.c | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lxc/lxc_ls.c b/src/lxc/lxc_ls.c
index 26d4a74..1a9969a 100644
--- a/src/lxc/lxc_ls.c
+++ b/src/lxc/lxc_ls.c
@@ -756,6 +756,7 @@ static void ls_print_names(struct ls *l, struct lengths 
*lht,
len = 0;
} else {
printf(" ");
+   len++;
}
}
if (len > 0)
___
lxc-devel mailing list
lxc-devel@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel