On 05/27/2011 09:44 AM, Cedric Le Goater wrote:
On 05/23/2011 11:22 PM, Daniel Lezcano wrote:
On 05/21/2011 08:35 PM, Sven Wegener wrote:
It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink.
Signed-off-by: Sven Wegenersven.wege...@stealer.net
Applied.
That would be a nice thing
On 05/24/2011 08:19 PM, Stéphane Graber wrote:
Some small template changes to add Oneiric and fix armel support.
Stéphane Graber (2):
Convert all Debian (and derivative) templates from using 'arch' to
using 'dpkg --print-architecture' as debootstrap does
Add initial oneiric
sven.wege...@stealer.net
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 88d413d5b6d1c2a3afcc7e3fcc0c037730c0abbe
Author: Sven Wegener sven.wege...@stealer.net
Date: Mon May 23 23:12:24 2011 +0200
Add relatime and strictatime mount options
Also add #ifndef for compability
On 05/21/2011 08:35 PM, Sven Wegener wrote:
Also add #ifndef for compability with glibc before 2.12.
Signed-off-by: Sven Wegenersven.wege...@stealer.net
Applied Thanks.
--
What Every C/C++ and Fortran developer Should
On 05/21/2011 08:35 PM, Sven Wegener wrote:
It's OK, if /dev/ptmx points to /dev/pts/ptmx via a symlink.
Signed-off-by: Sven Wegenersven.wege...@stealer.net
Applied.
Thanks Sven.
--
What Every C/C++ and Fortran
On 05/07/2011 01:30 PM, Farcasi Ana-Maria wrote:
Hello,
This commit adds traffic control support (download and upload limit rate)
for lxc containers. At the moment, the changes apply just for veth devices.
In order to do this, we have attached a new structure (lxc_traffic_control)
to struct
files is to be distributed in the lxc tarball. This breaks the
lxc-attach command because the file is not automatically generated at
compile time.
Signed-off-by: Cedric Le Goater c...@fr.ibm.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit
-
commit dfafa5a51397b4d3ced980ca80340f383701f823
Author: Cedric Le Goater legoa...@free.fr
Date: Thu May 5 12:07:51 2011 +0200
lxc-execute: document the '--' option
Signed-off-by: Cedric Le Goater c...@fr.ibm.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
On 04/07/2011 12:29 AM, Nigel McNie wrote:
On 6 April 2011 23:01, Daniel Lezcanodaniel.lezc...@free.fr wrote:
On 04/03/2011 11:14 AM, Nigel McNie wrote:
Hi List,
snip
Nigel,
Thanks a lot, that's a great work and it is exactly what I was hoping
someone will do.
I will be happy to take
On 04/12/2011 04:14 PM, Marco d'Itri wrote:
On Apr 12, Daniel Lezcanodaniel.lezc...@free.fr wrote:
At the first glance udev events are supported in the container. But for
the sake of optimization, I recommend to not use it as it will trigger
the events in all the containers.
This looks
On 04/03/2011 11:14 AM, Nigel McNie wrote:
Hi List,
I saw there was a call for a nice frontend over the lxc commands, and I
needed one, so Martyn Smith and I have come up with lxc-simple [0].
Quoting the docs:
lxc-simple wraps around the low-level commands for controlling linux
containers,
as lxc_log_init() hasn't
been called. This prevents errors from even being printed on
stderr in lxc_caps_init() for example.
Let's make stderr the default appender.
Signed-off-by: Greg Kurz gk...@fr.ibm.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit
On 03/19/2011 04:09 PM, Michael Santos wrote:
Signed-off-by: Michael Santosmichael.san...@gmail.com
---
All patches applied.
Thanks
-- Daniel
--
Enable your software for Intel(R) Active Management Technology to
script to properly use $@ in place of
$*
Signed-off-by: Michel Normand michel@free.fr
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
src/lxc/lxc-ls.in |4 ++--
src/lxc/lxc
On 03/15/2011 08:19 PM, Michel Normand wrote:
this is related to the bug
http://sourceforge.net/tracker/?func=detailaid=3113612group_id=163076atid=826303
that suggested to modify bash lxc script to properly use $@ in place of $*
Signed-off-by: Michel Normandmichel@free.fr
Applied, thanks
On 03/18/2011 06:40 PM, Farcasi Ana-Maria wrote:
Hello,
As mentioned in our previous email, we were having issues getting bandwidth
limitation working on cgroup ( with net_cls ) and tc. We've been running
various tests and scenarios but found no way to enable proper limitation.
Throughout
071a2b8cc9e2f219b7b20378dc0fafded0333176
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Mon Mar 14 21:47:15 2011 +0100
fix mount path
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
src/lxc/conf.c |2 +-
1 files changed
On 03/11/2011 08:47 PM, richard -rw- weinberger wrote:
hi,
i'm using this minimal config:
lxc.utsname = c0
lxc.mount.entry = none /lxc/c0/proc proc defaults 0 0
lxc.rootfs = /lxc/c0/
but lxc does not mount proc into /lxc/c0/proc.
using lxc.mount = /path/to/fstab also does not work.
it's
On 03/10/2011 10:45 PM, richard -rw- weinberger wrote:
hi!
i'm trying to use lxc 0.7.4 on centos 5.5 (kernel 2.6.37.3).
lxc-start fails when i configure a network.
e.g:
lxc-start: failed to create vethivvZMG-vethGjB0lG : Operation not supported
lxc-start: failed to create netdev
On 03/11/2011 02:00 AM, Carlos N. A. Corrêa wrote:
Hi, people.
I'm trying to implement a mechanism to permit the addition of a new network
device to a container on-the-fly.
That would be useful to me in some complex virtual networking scenarios,
where a container need to connect to a
-
commit 525ff3a55575dd376f95f6d54b3521e481f1e3d7
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Mon Mar 7 02:13:18 2011 +0100
lxc-0.7.4.1
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit b693b38534f9046fcb3872033d953eb20c67e358
-
commit d472214b8342a0b705ed40e358cf9caff427042a
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Mon Mar 7 02:08:47 2011 +0100
rename physical device to the original name
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit
-
commit 525ff3a55575dd376f95f6d54b3521e481f1e3d7
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Mon Mar 7 02:13:18 2011 +0100
lxc-0.7.4.1
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit b693b38534f9046fcb3872033d953eb20c67e358
On 02/28/2011 11:20 AM, Farcasi Ana-Maria wrote:
Hi,
Indeed, we were refering to the network bandwidth limitation. Sorry for the
confusion.
We have already done some tests with this limitation using tc and cgroups
and we have reached the conclusion that the classification is done
On 02/28/2011 11:20 AM, Farcasi Ana-Maria wrote:
Hi,
Indeed, we were refering to the network bandwidth limitation. Sorry for the
confusion.
We have already done some tests with this limitation using tc and cgroups
and we have reached the conclusion that the classification is done
when calling locale-gen.
Daniel Lezcano (29):
remove duplicate cgroup header
Remove unused nscgroup field
Change nscgroup interface
encapsulate the ns_cgroup
Move common code to lxc_cgroup_create
use clone_children cgroup's flag
Duplicate lxc-debian
On 02/23/2011 05:24 AM, Rob Landley wrote:
After investigating I don't see any reason sshfs shouldn't work just
fine in a container out of the box (all the network stuff happens in
userspace), but I can't create the FUSE dev node from within the
container because mknod doesn't work from the
On 02/23/2011 05:22 AM, Rob Landley wrote:
It looks like clone flags aren't the only way to create a new namespace,
any existing process can move to a new namespace via unshare(2).
This sounds like you could fairly easily make a super_chroot() function
that does most of the container stuff.
On 02/22/2011 12:22 PM, Maheswara Reddy C - ERS, HCL Tech wrote:
Then it is quite easy. You just have to fork ten times the routine in the
program I gave you in the previous email.
Hi Daniel,
But I want to run two different (fork() run same copy) process/threads in
each namespace, that's
On 02/21/2011 11:08 AM, Daniel Lezcano wrote:
On 02/17/2011 02:49 AM, Rob Landley wrote:
I want to collate the kernel namespaces documentation, man pages, and
add some cgroup docs under a documentation page. This involves changing
the Pages link on the left (to which somebody added a link
On 02/15/2011 01:34 AM, Trent W. Buck wrote:
Daniel Lezcanodaniel.lezc...@free.fr writes:
On 02/11/2011 06:21 AM, Ludovic Guégan wrote:
Hi all,
First, thanks!
I am looking for a way to have a lxc container running inside an Android
device.
So far my goal is to isolate a process as a
On 02/15/2011 08:27 AM, Rob Landley wrote:
On 02/14/2011 06:24 PM, Trent W. Buck wrote:
Sorry about the previous post. I'm awake now.
If I remove the .in from common_options.sgml.in and see_also.sgml.in,
and change lxc-console.sgml.in's prelude to
?xml version='1.0' encoding='UTF-8'?
On 02/15/2011 03:37 PM, Rob Landley wrote:
On 02/15/2011 04:29 AM, Daniel Lezcano wrote:
PS: the extension ought to be .xml, not .sgml, and I recommend you
switch from Emacs' sgml-mode to nxml-mode, which is the default for .xml
files in recent GNU Emacs releases.
I'd rather not get any emacs
On 02/12/2011 04:17 PM, David Ward wrote:
Daniel,
On 02/06/2010 03:29 PM, Daniel Lezcano wrote:
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 4d81ac6..7c72752 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -423,9 +423,8 @@ static int config_network_ipv4(const char
On 02/11/2011 10:55 AM, Ludovic Guégan wrote:
Hi Lezcano!
I am glad to here from you!
Android SDK comes with a modified qemu inside which android runs:
http://developer.android.com/guide/developing/tools/emulator.html
Here you can find how to rebuild the kernel for the emulator (a little
On 02/09/2011 01:07 PM, Maheswara Reddy C - ERS, HCL Tech wrote:
Hi,
How can we create a socket in the specific namespace.
It is not obvious today. You will need to create several processes, each
of them with their own network namespace and via an af_unix socket ask
for a socket creation.
On 02/07/2011 04:19 PM, Rob Landley wrote:
Does the makefile's man page generation stuff do html files? Because if
so I'd like put them on the web page, it's some of the best
documentation on the thing and people trying to learn about containers
can't find it via google...
Yep, you can use
On 02/07/2011 08:19 PM, richard -rw- weinberger wrote:
Hi,
Can KSM (http://lwn.net/Articles/306704/) help LXC?
I guess there are a lot of identical pages when logs of containers are
running.
Yes, absolutely. As it is very CPU consuming that should be optional.
I looked at it last year but I
other notification email; so we list those
revisions in full, below.
- Log -
commit 9dd97e44141558170a4a5f39b3eda645d9cade2d
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Feb 1 12:55:39 2011 +0100
lxc-0.7.4-rc1
829dd9183cbefccdf38f87463fa5c2719e774204
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Feb 1 14:49:40 2011 +0100
lxc-start can output the console to a file
Add the ability to specify a file to output the console.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
-
commit 829dd9183cbefccdf38f87463fa5c2719e774204
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Feb 1 14:49:40 2011 +0100
lxc-start can output the console to a file
Add the ability to specify a file to output the console
; }
exit 0;
end script
respawn
exec /sbin/getty -8 38400 /dev/console
===
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc_start.c |5 +
1 files changed, 5 insertions(+), 0 deletions(-)
diff --git
434d90db57e3d94609b48e2bc3c1e56eac3a
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Sun Jan 23 21:47:12 2011 +0100
suppress udev log output
We use udev within these containers and we prevent the /dev files
to be created with the cgroup whitelist. So when the udevd receives
the event from the kernel
: b3a222e52e4d4be77cc4520a57af1a4a0d8222d1
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
src/lxc/lxc-checkconfig.in |6 --
1 files changed, 4 insertions(+), 2 deletions(-)
hooks/post-receive
--
lxc
On 01/18/2011 01:13 AM, Reto Gantenbein wrote:
Dear developers
I'm trying lxc on my gentoo 2.6.37 and this patch fixes a small thing
that makes people unsure [1]. Please apply it. It's against lxc git
master.
Thanks for your effort in lxc. It's nice to see a native linux container
boolean operator was being used to test the IFF_UP flag.
Signed-off-by: David Ward david.w...@ll.mit.edu
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit 6e35af2e3911b5e8dc6e9091391beb8adfe449c6
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Mon Jan 17 10:18:50 2011 +0100
On 01/17/2011 03:51 AM, David Ward wrote:
Each network interface was brought up regardless of the configuration,
as the wrong boolean operator was being used to test the IFF_UP flag.
Signed-off-by: David Warddavid.w...@ll.mit.edu
---
Applied.
Thanks for the fix !
-- Daniel
On 01/16/2011 07:00 PM, Joerg Gollnick wrote:
Dear all,
while setting up a container on x86_64 (archlinux host/guest) I had trouble
with mounting dev/pts and others from container.fstab and a ssh login does not
work (only ssh container bash -i gives you a shell)
The cause is that conf.c does
-
commit 429a84f4ab9eb0e5b85b9fe94336c56746279b28
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Mon Jan 10 17:58:32 2011 +0100
fix cgroup directory removal
Fix the name of the directory to remove.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
commit
On 01/05/2011 08:53 AM, Rob Landley wrote:
On 01/04/2011 06:52 AM, Daniel Lezcano wrote:
On 01/04/2011 09:36 AM, Rob Landley wrote:
I'm attempting to write a simple HOWTO for setting up a container with
LXC. Unfortunately, console handling is really really brittle and the
only way I've gotten
On 01/04/2011 09:36 AM, Rob Landley wrote:
I'm attempting to write a simple HOWTO for setting up a container with
LXC. Unfortunately, console handling is really really brittle and the
only way I've gotten it to work is kind of unpleasant to document.
Using lxc 0.7.3 (both in debian sid and
On 12/16/2010 04:03 PM, Daniel Baumann wrote:
On 12/16/2010 02:56 PM, Daniel Lezcano wrote:
Yes that makes sense. I will duplicate in order to apply your patches
and then factor out the scripts to a minimal one.
i've got another one for LANG where the locales are generated wrongly
On 12/07/2010 11:10 AM, 贺鹏 wrote:
Hi, all:
did the new kernel 2.6.36 support a full sysfs namespace for tun/tap
device?
I am not sure, but yes it should. sysfs per namespace is in place since
2.6.35 AFAIR.
On 12/02/2010 03:21 PM, Serge E. Hallyn wrote:
Quoting Daniel Lezcano (daniel.lezc...@free.fr):
On 11/30/2010 04:06 AM, Serge E. Hallyn wrote:
Quoting Daniel Lezcano (daniel.lezc...@free.fr):
Looks like we'll be starting small anyway, so let's just try skype. Anyone
interested
-start: Invalid argument - failed to mount ...
errors.
Signed-off-by: Sergey S. Kostyliov rathamah...@gmail.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
src/lxc/conf.c |5
On 10/30/2010 09:05 PM, Sergey S. Kostyliov wrote:
Add support for `dirsync' mount option. MS_DIRSYNC is on of the
mount(2) mountflags so don't send it as extra mount option to avoid:
lxc-start: Invalid argument - failed to mount ...
errors.
Signed-off-by: Sergey S.
-
commit acb0e330161f9b02bd0b351e0a8cc193da4de330
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Oct 26 18:14:47 2010 +0200
set version to 0.7.3
Version 0.7.3
Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr
Fix the coding style, 80 chars lines, etc ...
Fix indentation blocks if ... then ... else ... fi
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/conf.c | 78
1 files changed, 39 insertions(+), 39 deletions(-)
diff --git
, below.
- Log -
commit abbfd20baa348ce1b6b26dd9c2627c5e2f500b69
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Oct 12 10:52:47 2010 +0200
use popen and redirect script output
Change the run_script function to use
On 10/08/2010 05:13 PM, Michael Tokarev wrote:
Stefan Tomanek wrote:
Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr):
Are we sure, we want to add these hooks (pre and post) ? I am not
against adding them, but IMO it is more sane to add them if needed
rather than adding
On 10/07/2010 09:30 AM, Stefan Tomanek wrote:
This commit adds an lxc.network.veth.script configuration option to
specify a script to be executed after creating or configuring the pair
of veth devices. The name of the host sided device is passed as first
argument, so the script can be used to
On 10/07/2010 03:06 PM, Stefan Tomanek wrote:
Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr):
* lxc.network.script.pre:
IMO, it does not make sense because that means it is the host itself
which should be modified, so that fall under the host network
configuration umbrella
on any other notification email; so we list those
revisions in full, below.
- Log -
commit 49d3e78dceea24fcdd09529d1c748b69e19ef63f
Author: Daniel Lezcano daniel.lezc...@free.fr
Date: Tue Oct 5 10:28:31 2010 +0200
update
On 10/03/2010 05:06 PM, Ward, David - 0663 - MITLL wrote:
The 'cgconfig' tool from libcgroup (http://libcg.sourceforge.net) can be used
to mount one or more instances of the cgroup virtual filesystem, instead of
using the 'mount' command. However, cgconfig does not update /etc/mtab,
On 10/04/2010 08:49 PM, Scott Bronson wrote:
Hi, this commit and about 8 others haven't showed up in SourceForge's git
tree.
http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=summary
Is there another git tree that the project is using?
No, I am just waiting a bit in case there are
The rootfs is always located in the mount point now, let's
use it.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/conf.c |5 +++--
1 files changed, 3 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index aae52f4..7755837 100644
--- a/src/lxc/conf.c
The rootfs is always located in rootfs-mount, let's use it for
the tty.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/conf.c |5 -
1 files changed, 4 insertions(+), 1 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 7755837..3da522f 100644
--- a/src/lxc
Split the rootfs setup by mounting the rootfs to the mount
point. This mount point will be used as the facto place where
the rootfs is placed.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/conf.c | 28 +---
1 files changed, 21 insertions(+), 7 deletions
The rootfs/var/run/utmp is located in:
/proc/containerinit/root/var/run/utmp, let's use it.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/utmp.c | 30 +++---
1 files changed, 19 insertions(+), 11 deletions(-)
diff --git a/src/lxc/utmp.c b/src/lxc
Don't display an error when the callback returns an error different
from zero. A value greater than zero may means stop. Let's the caller
to check the error.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/parse.c |4 +---
1 files changed, 1 insertions(+), 3 deletions(-)
diff
Let's initialize rootfs-mount to LXCROOTFSMOUNT. The value
will be overwritten by the configuration in case it is specified.
That will make the code nicer, instead of the ugly rootfs-mount checks.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/conf.c | 27
On 09/07/2010 05:22 PM, jorge espada wrote:
Hi Guys I wanna know if it possible to set up a memory controller for each
container..if so..how can I do? any examples?
Thanks
When you start a container, there is a cgroup created automatically
where all the processes of the container will
On 09/02/2010 11:43 AM, v1t03k wrote:
Hi Guys,
I'm testing here right now some lxc template scripts.
I have here some troubles with setting up a debian instance on Fedora 13
(2.6.34.6-47.fc13.x86_64).
First, I can't setup a lenny system on my Fedora 13 host. I get these
errors:
I:
On 08/27/2010 05:52 PM, Denis Rizaev wrote:
Hi folks.
I tried to mount cgroup fs in container and was surprised that i can see all
cgroups tree. Also i can modify limits for my container and others!!
In my opinion container should see only it's own level of cgroup, not whole
tree.
Is it
547467bddbe54b7812f0df0e9c18a2e1b7091036
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Mon Jul 26 11:01:20 2010 +0200
version 0.7.2
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes:
configure.ac |2 +-
1 files changed, 1
On 07/25/2010 01:57 PM, Denis Rizaev wrote:
Hi guys.
In last versions of lxc lxc-start is very slow. On my system with 15
containers it stucks for ~20 seconds before actual container launch begins.
With strace i see that it does many umounts in /mnt.
Can anyone explain what happens?
lxc
in full, below.
- Log -
commit e239ff31a5c442ac1d006e836bc622371842dfa0
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Fri Jul 23 15:10:38 2010 +0200
Fix bad returned value
In case of error the message will be always
9de28746a5edd2b9ba6fbd79956891ed4692e5d5
Author: Michel Normand norm...@fr.ibm.com
Date: Fri Jul 23 17:17:14 2010 +0200
avoid compile warning in src/lxc/console.c
src/lxc/console.c:143: warning : return type defaults to âintâ
Signed-off-by: Michel Normand norm...@fr.ibm.com
Signed-off-by: Daniel Lezcano
From: Daniel Lezcano daniel.lezc...@free.fr
The list is 'lifo', so when we create the network interfaces, we
do this in the reverse order of the expected one. That is confusing.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/confile.c |4 ++--
src/lxc/list.h|5
-
commit 7a82e9236d94619a1ad7aa6df9e2f10c81dbc344
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Tue Jul 20 13:45:44 2010 +0200
provide a script to set uid bit on cli
Some file systems do not support the file posix capabilities.
The following script set
other notification email; so we list those
revisions in full, below.
- Log -
commit 6f0a42008dab87e1c97bc71319c793315f87a328
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Tue Jul 13 14:51:45 2010 +0200
lxc-init finishes
1c4a945262b8d110c3f8e0655ca50cb05d383c74
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Mon Jul 19 16:04:41 2010 +0200
Remove dead code
This function is no longer used.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
Summary of changes
On 04/01/2010 06:42 AM, Michael H. Warfield wrote:
Daniel,
I'm going to top post here because I've just discovered that we've got a
bigger problem here, related to this whole mess. A much bigger problem
having to do with bind mounts in general.
This is the generalized case here, which
On 07/15/2010 10:07 PM, Ferenc Wagner wrote:
Daniel Lezcanodaniel.lezc...@free.fr writes:
On 06/09/2010 07:56 PM, Ferenc Wagner wrote:
here are basically the same patches, with some obvious errors corrected
and some unrelated documentation added. It actually survived some
On 07/15/2010 02:59 AM, Matt Helsley wrote:
On Fri, Jul 09, 2010 at 07:51:32PM -0700, Sukadev Bhattiprolu wrote:
From: Sukadev Bhattiprolusuka...@linux.vnet.ibm.com
Subject: [PATCH 1/2] Ensure frezer state has changed
A write to the freezer.state file does not gurantee that the state has
From: Ferenc Wagner wf...@niif.hu
Signed-off-by: Ferenc Wagner wf...@niif.hu
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/start.c | 10 +-
1 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 92f44e3..1d4087c 100644
When lxc-init receives a SIGTERM, let's kill all the processes of
the pid namespace with kill -1. So the exit of the container will
happen gracefully with processes death cascade.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc_init.c | 14 --
1 files changed, 12
If lxc-init receives a SIGALRM, a timeout, it kills all the processes
of the container with SIGKILL. That will prevent the container to be
stuck when one process ignore the SIGTERM signal.
Each time a process exits, the timeout is resetted.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
From: Ferenc Wagner wf...@niif.hu
Signed-off-by: Ferenc Wagner wf...@niif.hu
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/start.c | 22 ++
1 files changed, 14 insertions(+), 8 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index dc57bea
On 06/09/2010 07:56 PM, Ferenc Wagner wrote:
Hi,
here are basically the same patches, with some obvious errors corrected
and some unrelated documentation added. It actually survived some
targeted testing in the past days and seems to behave as expected, ie.
# lxc-start -n s -- sh -c trap
This macro is a helper to call a function into a [un]privilegied section.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/caps.h | 33 ++---
1 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index bdc248b
Prevent to specify a file not belonging to us as the output for the console
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/console.c | 11 ++-
1 files changed, 6 insertions(+), 5 deletions(-)
diff --git a/src/lxc/console.c b/src/lxc/console.c
index 1ab2b29..edefc41
Thanks all for the feedbacks.
The following patchset provides an intermediate solution between
all the remarks about the security aspects when running lxc with
the capabilities.
It has the advantage to be compatible with the setuid bit root set
on the lxc-start and lxc-execute.
More work has to
This function is no longer used.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/state.c |8
1 files changed, 0 insertions(+), 8 deletions(-)
diff --git a/src/lxc/state.c b/src/lxc/state.c
index b29ae09..6720011 100644
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/lxc_execute.c |5 -
src/lxc/lxc_start.c |4
2 files changed, 8 insertions(+), 1 deletions(-)
diff --git a/src/lxc/lxc_execute.c b/src/lxc/lxc_execute.c
index c3a0cd7..f480859 100644
--- a/src/lxc/lxc_execute.c
+++ b
With the capabilities, the open of the log file can be done on any
file, making possible to modifify the content of the file.
Let's drop the privilege when opening the file, so we ensure that is
no longer possible.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/log.c |6
is not root, we keep the
capabilies,
switch to real uid, and drop the effective capabilities.
This approach is compatible for root user, lambda + file capabilities
and lambda + setuid.
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
---
src/lxc/Makefile.am |5 +-
src/lxc/caps.c | 135
, below.
- Log -
commit d1c383f39064969b647fd632f8e6614b49fd6cf2
Author: Daniel Lezcano dlezc...@fr.ibm.com
Date: Mon Jul 12 15:13:18 2010 +0200
fix compilation warning
Add missing include.
Signed-off-by: Daniel
On 07/10/2010 04:52 AM, Sukadev Bhattiprolu wrote:
[ ... ]
+ if (!answer.ret) {
+ ret = lxc_unfreeze(handler-name);
+ if (!ret)
+ return 0;
[ ... ]
gcc -DHAVE_CONFIG_H -I. -I../../src -fPIC -DPIC -I../../src -g -O2 -Wall
-MT
ebb9ec72ce494cbee4bb445604d6527fbaefde5b
Author: Tushar Gohad tgo...@mvista.com
Date: Tue Jul 6 23:45:52 2010 +0200
Minor resource name array fix in src/lxc/namespace.c
Signed-off-by: Tushar Gohad tgo...@mvista.com
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com
101 - 200 of 250 matches
Mail list logo
