Re: [lxc-devel] LXC container fails to start by complaining that it is unable to unmount the old pivot-root

2010-02-02 Thread Daniel Lezcano
Andrian Nord wrote: On Mon, Feb 01, 2010 at 01:54:15PM -0500, Michael H. Warfield wrote: On Mon, 2010-02-01 at 19:46 +0200, Ciprian Dorin, Craciun wrote: Hello all! I have a quite strange problem: the container fails to start and complains about being unable to unmount the

[lxc-devel] [patch 03/10] use a mainloop for the console

2010-02-04 Thread Daniel Lezcano
Use the mainloop to manage io of the console. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/lxc_console.c | 163 ++ 1 file changed, 88 insertions(+), 75 deletions(-) Index: lxc/src/lxc/lxc_console.c

[lxc-devel] [patch 02/10] factor-out-console code

2010-02-04 Thread Daniel Lezcano
Factore out the console code and encapsulate the code in functions. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/lxc_console.c | 67 -- 1 file changed, 43 insertions(+), 24 deletions(-) Index: lxc/src/lxc/lxc_console.c

[lxc-devel] [patch 07/10] count the number of tasks in the container

2010-02-04 Thread Daniel Lezcano
This patch adds a function to count the number of tasks in the container. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/cgroup.c | 27 +++ src/lxc/cgroup.h |2 +- 2 files changed, 28 insertions(+), 1 deletion(-) Index: lxc/src/lxc/cgroup.c

[lxc-devel] [patch 05/10] rename network type enum

2010-02-04 Thread Daniel Lezcano
Use a prefixed enum to avoid conflict later. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c| 14 +++--- src/lxc/conf.h| 12 ++-- src/lxc/confile.c | 10 +- 3 files changed, 18 insertions(+), 18 deletions(-) Index: lxc/src/lxc/conf.c

Re: [lxc-devel] read-only container root

2010-02-15 Thread Daniel Lezcano
Michael Tokarev wrote: lxc-start: No such file or directory - failed to mount a new instance of '/dev/pts' I'm experimenting with a read-only root fs in the container. So far it does not work. First of all, when trying to start a container in a read-only root lxc-start complains:

[lxc-devel] [GIT] lxc branch, master, updated. 6a3111b87e838561db952255a3770a1e85eb361b

2010-02-24 Thread Daniel Lezcano
- commit 6a3111b87e838561db952255a3770a1e85eb361b Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Wed Feb 24 16:24:55 2010 +0100 add missing cgroup include Fix the warning: start.c: In function ‘lxc_fini’: start.c:250: warning: implicit declaration

Re: [lxc-devel] [Lxc-users] child setpgid [...] : No such process

2010-03-12 Thread Daniel Lezcano
l...@zitta.fr wrote: Le 12/03/2010 13:51, Daniel Lezcano a écrit : l...@zitta.fr wrote: Le 11/03/2010 19:47, Daniel Lezcano a écrit : l...@zitta.fr wrote: I created a new container (karmic), then I type any command there is curious message, but it works

Re: [lxc-devel] Fixed (hacked) LXC to apply mount options for bind mounts

2010-03-15 Thread Daniel Lezcano
Ciprian Dorin, Craciun wrote: On Mon, Mar 8, 2010 at 11:35 PM, Ciprian Dorin, Craciun ciprian.crac...@gmail.com wrote: Hello all! This bug stalked me for a while, but only now it bit me quite badly... (Lost about an hour of work...) So the culprit: inside the fstab file for

Re: [lxc-devel] share_via_fs patch for 2.6.33 ?

2010-04-16 Thread Daniel Lezcano
Ryousei Takano wrote: Hi Daniel, On Apr 17, 2010, at 4:10 AM, Daniel Lezcano wrote: Daniel Lezcano wrote: Julian Thomé wrote: Hello mailing list, Daniel Lezcano wrote a patch to make it possible to connect to a unix domain socket, which belongs to another network namespace. The patch

Re: [lxc-devel] [PATCH] Unshare user namespace as well

2010-05-04 Thread Daniel Lezcano
Mikhail Gusarov wrote: Unshare user namespace to make sure setrlimit and other per-user limits are accounted properly in containers Signed-off-by: Mikhail Gusarov dotted...@dottedmag.net --- src/lxc/start.c |2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git

Re: [lxc-devel] lxc-start leaves temporary pivot dir behind

2010-05-06 Thread Daniel Lezcano
Ferenc Wagner wrote: Ferenc Wagner wf...@niif.hu writes: Daniel Lezcano dlezc...@fr.ibm.com writes: Ferenc Wagner wrote: Daniel Lezcano daniel.lezc...@free.fr writes: Ferenc Wagner wrote: While playing with lxc-start, I noticed that /tmp is infested by empty lxc-r* directories

Re: [lxc-devel] lxc-unshare woes and signal forwarding in lxc-start

2010-05-06 Thread Daniel Lezcano
Ferenc Wagner wrote: Daniel Lezcano daniel.lezc...@free.fr writes: Ferenc Wagner wrote: Daniel Lezcano daniel.lezc...@free.fr writes: Ferenc Wagner wrote: I'd like to use lxc-start as a wrapper, invisible to the parent and the (jailed) child

Re: [lxc-devel] use defined rootfs mount point regression?

2010-05-21 Thread Daniel Lezcano
On 05/20/2010 10:40 PM, Nathan Lynch wrote: Hi, $ find /tmp/tmp.zNMDgzalhM -print /tmp/tmp.zNMDgzalhM /tmp/tmp.zNMDgzalhM/proc /tmp/tmp.zNMDgzalhM/dev /tmp/tmp.zNMDgzalhM/dev/shm /tmp/tmp.zNMDgzalhM/bin /tmp/tmp.zNMDgzalhM/bin/true /tmp/tmp.zNMDgzalhM/lib64

[lxc-devel] [GIT] lxc branch, master, updated. b8da590f0e90f70baa2c29488db554d55507db0d

2010-05-27 Thread Daniel Lezcano
b8da590f0e90f70baa2c29488db554d55507db0d Author: Michel Normand norm...@fr.ibm.com Date: Thu May 27 14:26:09 2010 +0200 lxc-kill man update about SIGSTOP and SIGKILL Signed-off-by: Michel Normand norm...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

[lxc-devel] [GIT] lxc branch, master, updated. 0cd0cf5c1559c1de2eaa471728fde63f0f7a1db2

2010-05-27 Thread Daniel Lezcano
0cd0cf5c1559c1de2eaa471728fde63f0f7a1db2 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Thu May 27 16:27:15 2010 +0200 remove unused field These fields were moved to another structure but not removed from there. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

[lxc-devel] [GIT] lxc branch, master, updated. d674be08d4b282bb4717c51440811e39d3c2431e

2010-05-27 Thread Daniel Lezcano
- commit d674be08d4b282bb4717c51440811e39d3c2431e Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu May 27 14:27:13 2010 +0200 move lxc-init to $libdir/lxc As specified by FHS: /usr/lib includes object files, libraries, and internal binaries

[lxc-devel] [GIT] lxc branch, master, updated. b3df193c5035ac866de1e4e9d484431ce707c4ad

2010-05-28 Thread Daniel Lezcano
b3df193c5035ac866de1e4e9d484431ce707c4ad Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Fri May 28 11:49:25 2010 +0200 fix whitespace Fix whitespace. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c

[lxc-devel] [GIT] lxc branch, master, updated. 5045eedff022d8efe004741898254578b146c1eb

2010-05-28 Thread Daniel Lezcano
- commit 5045eedff022d8efe004741898254578b146c1eb Author: Daniel Lezcano daniel.lezc...@free.fr Date: Fri May 28 17:39:11 2010 +0200 disable rootfs automatic detection Avoid a warning at compile time by disabling temporary the code. Signed-off

Re: [lxc-devel] releasing 0.6.6 soon

2010-05-30 Thread Daniel Lezcano
On 05/29/2010 01:15 AM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: I will release a 0.6.6 version. If someone noticed a bug or has a patch to send, please let me know before I put a tag. I'd really like to see some sort of signal forwarding in lxc-start, and

[lxc-devel] [GIT] lxc branch, master, updated. 5fad0874c3ff58afeb5c427a7ef1d211d3c5ce37

2010-06-01 Thread Daniel Lezcano
5fad0874c3ff58afeb5c427a7ef1d211d3c5ce37 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Tue Jun 1 12:24:17 2010 +0200 fix compilation warning Fix compilation warning: lxc_console.c: In function ‘master_handler’: lxc_console.c:175: warning: ignoring return value of ‘write’, declared with attribute

[lxc-devel] [PATCH 1/4] ubunutu template

2010-06-01 Thread Daniel Lezcano
From: Willem Meier wilhelm.me...@fh-kl.de Ubuntu [lucid] template script. Allows to create an ubuntu container with the template options. Signed-off-by: Willem Meier wilhelm.me...@fh-kl.de Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- configure.ac |1 + scripts/Makefile.am

[lxc-devel] [PATCH 2/4] Fix ubuntu template

2010-06-01 Thread Daniel Lezcano
From: Daniel Lezcano daniel.lezc...@free.fr - Fixed rootfs path. - Removed network section, it should to be passed to the lxc-create configuration option in order to concatenate the configuration files - Generate en_US local instead of de_DE Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

[lxc-devel] [PATCH 4/4] fix busybox template

2010-06-01 Thread Daniel Lezcano
Fix various bug with the busybox template: * add a warning when busybox is not statically linked * delete the password for root (chpasswd is not available for all busybox) * add the new pts option Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- scripts/lxc-busybox.in | 14

[lxc-devel] [GIT] lxc branch, master, updated. c147356ac8a11a6249aa4528b285609058e12b82

2010-06-02 Thread Daniel Lezcano
- commit c147356ac8a11a6249aa4528b285609058e12b82 Author: Greg Kurz gk...@fr.ibm.com Date: Wed Jun 2 15:03:34 2010 +0200 kill white spaces in lxc_init.c Signed-off-by: Greg Kurz gk...@fr.ibm.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit

[lxc-devel] [GIT] lxc branch, master, updated. 5b406adb506fff621e03be524b1529f31846b0f7

2010-06-02 Thread Daniel Lezcano
-kl.de Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: scripts/lxc-ubuntu.in | 16 1 files changed, 8 insertions(+), 8 deletions(-) hooks/post-receive -- lxc

Re: [lxc-devel] [PATCH 0/7] Last minute signal stuff (now in separate mails)

2010-06-07 Thread Daniel Lezcano
On 06/06/2010 11:07 PM, Ferenc Wagner wrote: Hi, The first part is some tinkering to make lxc compile under Debian Lenny. The dangerous part is the signal forwarding and the process group business I was playing with recently. It contains Greg's idea about setting the foreground process

[lxc-devel] [GIT] lxc branch, master, updated. dd04402dd9c26127973dc5836d2befa28496f125

2010-06-07 Thread Daniel Lezcano
dd04402dd9c26127973dc5836d2befa28496f125 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jun 7 11:33:56 2010 +0200 update .gitignore with new location Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 09d1bd237e75e4b3d915b8ae5f979eb883833563 Author: Ferenc Wagner wf...@niif.hu Date: Mon

Re: [lxc-devel] [PATCH 0/7] Last minute signal stuff (now in separate mails)

2010-06-07 Thread Daniel Lezcano
On 06/07/2010 12:37 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/06/2010 11:07 PM, Ferenc Wagner wrote: The first part is some tinkering to make lxc compile under Debian Lenny. The dangerous part is the signal forwarding and the process group

[lxc-devel] [GIT] lxc branch, master, updated. 79881dc61f912321f3004531711071a051f80220

2010-06-07 Thread Daniel Lezcano
79881dc61f912321f3004531711071a051f80220 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jun 7 13:25:30 2010 +0200 fix ipv6 acast / mcast restriction Pointer comparison is buggy as they are never null. For an ipv6 address configuration, we always zeroed the structure, hence the bcast and acast structure

[lxc-devel] [GIT] lxc branch, master, updated. 89875e177f53385b556c5e33ec32bf4de4ae5a89

2010-06-07 Thread Daniel Lezcano
- commit 89875e177f53385b556c5e33ec32bf4de4ae5a89 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jun 7 14:31:56 2010 +0200 update .gitignore Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 7ddc8f2451f714659aa9d1ba720a34a525926be5 Author: Daniel Lezcano

Re: [lxc-devel] [PATCH 0/7] Last minute signal stuff (now in separate mails)

2010-06-07 Thread Daniel Lezcano
On 06/07/2010 03:27 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/07/2010 12:37 PM, Ferenc Wagner wrote: there's another failure I get on my work machine (with my original patchset with the above errors corrected): gcc -I../../src -g -O2 -g -Wall -O2 -Wall

Re: [lxc-devel] [PATCH 4/5] generalize the name of the signal handler

2010-06-10 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Signed-off-by: Ferenc Wagnerwf...@niif.hu +1 -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky

Re: [lxc-devel] [PATCH 1/5] start child in its own process group, and put it into the foreground

2010-06-10 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Signed-off-by: Ferenc Wagnerwf...@niif.hu --- src/lxc/start.c | 17 + 1 files changed, 17 insertions(+), 0 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index b69ac88..7bbcf5a 100644 --- a/src/lxc/start.c +++

Re: [lxc-devel] [PATCH 2/5] lxc-start isn't in the foreground anymore, so TTY signals don't reach it

2010-06-10 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Signed-off-by: Ferenc Wagnerwf...@niif.hu --- src/lxc/start.c |9 - src/lxc/utils.h | 29 ++--- 2 files changed, 2 insertions(+), 36 deletions(-) Yeah, cleanup ! +1 diff --git a/src/lxc/start.c

Re: [lxc-devel] [PATCH 3/5] forward signals to the container init

2010-06-10 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Signed-off-by: Ferenc Wagnerwf...@niif.hu +1 -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE to the lucky

Re: [lxc-devel] [PATCH 5/5] document rootfs options

2010-06-10 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Signed-off-by: Ferenc Wagnerwf...@niif.hu Great, Thanks ! +1 -- ThinkGeek and WIRED's GeekDad team up for the Ultimate GeekDad Father's Day Giveaway. ONE MASSIVE PRIZE

[lxc-devel] [GIT] lxc branch, master, updated. b0badabd2d3ec9c8506651bbb4900cc0ec3f8a16

2010-06-14 Thread Daniel Lezcano
for the number of tasks remaining. Improve container state handling. We can't rely on the previous runlevel being maintained properly. Signed-off-by: Andrew Phillips andrew.phill...@lmax.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

Re: [lxc-devel] [RFC][PATCH][lxc]: unfreeze while stopping

2010-06-15 Thread Daniel Lezcano
On 06/09/2010 07:29 PM, Sukadev Bhattiprolu wrote: Michel Normand [norm...@fr.ibm.com] wrote: | Le mardi 08 juin 2010 à 19:07 -0700, Sukadev Bhattiprolu a écrit : | I am not too sure, but if user wants to stop a container is there a | reason not to implicitly unfreeze the container and stop

Re: [lxc-devel] [PATCH 0/2] some cleanup around lxc-create

2010-06-15 Thread Daniel Lezcano
On 06/15/2010 01:59 PM, Ferenc Wagner wrote: Hi, I had a go against lxc-create trying to debug the console issue. There is still a serious issue: the template scripts use some 'arch' binary, which isn't present on my system. What is that? Why not use 'uname -m' instead? There is no

Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation

2010-06-15 Thread Daniel Lezcano
On 06/15/2010 04:47 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/15/2010 02:13 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/10/2010 11:47 PM, Ferenc Wagner wrote: If you provide me with an example (and some description of

Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation

2010-06-15 Thread Daniel Lezcano
On 06/15/2010 02:13 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/10/2010 11:47 PM, Ferenc Wagner wrote: If you provide me with an example (and some description of lxc.console), I can give it some testing and concretize this pure guesswork.

[lxc-devel] [GIT] lxc branch, master, updated. 0830689d862752819db9552b2ba8ef58fe7cafaa

2010-06-16 Thread Daniel Lezcano
@LIBEXECDIR@ replacement Forgotten part of commit d674be08d4b282bb4717c51440811e39d3c2431e Signed-off-by: Panagiotis H.M. Issaris ta...@issaris.org Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com commit 4d67c1301b9cf6587b0cc2e42f4e61ed6c29097c Author: Ferenc Wagner wf...@niif.hu

[lxc-devel] [GIT] lxc tag, lxc-0.7.0, created. f7a5fb7cf5677ea7b8e8ffc4603cff5089771b10

2010-06-17 Thread Daniel Lezcano
- commit f7a5fb7cf5677ea7b8e8ffc4603cff5089771b10 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Thu Jun 17 14:04:15 2010 +0200 change version number to 0.7.0 Finally, I did it :) Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

[lxc-devel] [GIT] lxc branch, master, updated. 8119235833dc0861c34086f639a60546cda2739c

2010-06-17 Thread Daniel Lezcano
- commit 8119235833dc0861c34086f639a60546cda2739c Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 17 22:44:23 2010 +0200 fix bad free when reading the configuration file We change the initial pointer when parsing the line, the address we are trying

[lxc-devel] [GIT] lxc branch, master, updated. a7dff83460f259c934da8eb2aef0eac5b437b808

2010-06-22 Thread Daniel Lezcano
- commit a7dff83460f259c934da8eb2aef0eac5b437b808 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Wed Jun 23 00:44:13 2010 +0200 fix /proc not mounted in debian container Mount some systemm fs for the container. By default, /proc is no longer mounted in debian

Re: [lxc-devel] Fixed (hacked) LXC to apply mount options for bind mounts

2010-06-23 Thread Daniel Lezcano
On 03/08/2010 10:35 PM, Ciprian Dorin, Craciun wrote: Hello all! This bug stalked me for a while, but only now it bit me quite badly... (Lost about an hour of work...) So the culprit: inside the fstab file for the `lxc.mount` option I can use options like `ro` together with

[lxc-devel] [GIT] lxc branch, master, updated. 78bdcd081edd6cc20587fb5c531445a2fb20f6d8

2010-06-24 Thread Daniel Lezcano
- commit 78bdcd081edd6cc20587fb5c531445a2fb20f6d8 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 24 09:47:14 2010 +0200 remove bad default console option in ubuntu template Remove this options as by default container console goes to the tty or /dev/null

[lxc-devel] [GIT] lxc tag, lxc-0.7.1, created. 78bdcd081edd6cc20587fb5c531445a2fb20f6d8

2010-06-24 Thread Daniel Lezcano
- commit 78bdcd081edd6cc20587fb5c531445a2fb20f6d8 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Thu Jun 24 09:47:14 2010 +0200 remove bad default console option in ubuntu template Remove this options as by default container console goes

[lxc-devel] [GIT] lxc branch, master, updated. ebb9ec72ce494cbee4bb445604d6527fbaefde5b

2010-07-06 Thread Daniel Lezcano
ebb9ec72ce494cbee4bb445604d6527fbaefde5b Author: Tushar Gohad tgo...@mvista.com Date: Tue Jul 6 23:45:52 2010 +0200 Minor resource name array fix in src/lxc/namespace.c Signed-off-by: Tushar Gohad tgo...@mvista.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

Re: [lxc-devel] [PATCH RESENT] - Minor resource name array fix in src/lxc/namespace.c

2010-07-06 Thread Daniel Lezcano
On 07/06/2010 12:03 AM, Tushar Gohad wrote: Google's mailer sent out the last email with wrong MIME type for the patch attachment. This message should have the patch in correct format. Thanks. Applied, thanks Tushar !

Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation

2010-07-12 Thread Daniel Lezcano
On 06/09/2010 07:56 PM, Ferenc Wagner wrote: Hi, here are basically the same patches, with some obvious errors corrected and some unrelated documentation added. It actually survived some targeted testing in the past days and seems to behave as expected, ie. # lxc-start -n s -- sh -c trap

[lxc-devel] [patch -lxc 2/6] add a macro to wrap a privilegied function

2010-07-12 Thread Daniel Lezcano
This macro is a helper to call a function into a [un]privilegied section. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/caps.h | 33 ++--- 1 files changed, 30 insertions(+), 3 deletions(-) diff --git a/src/lxc/caps.h b/src/lxc/caps.h index bdc248b

[lxc-devel] [patch -lxc 5/6] fix console overwrite any file

2010-07-12 Thread Daniel Lezcano
Prevent to specify a file not belonging to us as the output for the console Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/console.c | 11 ++- 1 files changed, 6 insertions(+), 5 deletions(-) diff --git a/src/lxc/console.c b/src/lxc/console.c index 1ab2b29..edefc41

[lxc-devel] fix security holes when running lxc as non-root

2010-07-12 Thread Daniel Lezcano
Thanks all for the feedbacks. The following patchset provides an intermediate solution between all the remarks about the security aspects when running lxc with the capabilities. It has the advantage to be compatible with the setuid bit root set on the lxc-start and lxc-execute. More work has to

[lxc-devel] [patch -lxc 6/6] Remove dead code

2010-07-12 Thread Daniel Lezcano
This function is no longer used. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/state.c |8 1 files changed, 0 insertions(+), 8 deletions(-) diff --git a/src/lxc/state.c b/src/lxc/state.c index b29ae09..6720011 100644 --- a/src/lxc/state.c +++ b/src/lxc/state.c

[lxc-devel] [patch -lxc 3/6] initialize capabilities for lxc-start and lxc-execute

2010-07-12 Thread Daniel Lezcano
Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/lxc_execute.c |5 - src/lxc/lxc_start.c |4 2 files changed, 8 insertions(+), 1 deletions(-) diff --git a/src/lxc/lxc_execute.c b/src/lxc/lxc_execute.c index c3a0cd7..f480859 100644 --- a/src/lxc/lxc_execute.c +++ b

[lxc-devel] [patch -lxc 4/6] fix log appending to any file

2010-07-12 Thread Daniel Lezcano
With the capabilities, the open of the log file can be done on any file, making possible to modifify the content of the file. Let's drop the privilege when opening the file, so we ensure that is no longer possible. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/log.c |6

[lxc-devel] [patch -lxc 1/6] remove/restore effective capabilities

2010-07-12 Thread Daniel Lezcano
is not root, we keep the capabilies, switch to real uid, and drop the effective capabilities. This approach is compatible for root user, lambda + file capabilities and lambda + setuid. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/Makefile.am |5 +- src/lxc/caps.c | 135

[lxc-devel] [GIT] lxc branch, master, updated. d1c383f39064969b647fd632f8e6614b49fd6cf2

2010-07-12 Thread Daniel Lezcano
, below. - Log - commit d1c383f39064969b647fd632f8e6614b49fd6cf2 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jul 12 15:13:18 2010 +0200 fix compilation warning Add missing include. Signed-off-by: Daniel

Re: [lxc-devel] [PATCH 2/2] Must unfreeze while stopping container

2010-07-12 Thread Daniel Lezcano
On 07/10/2010 04:52 AM, Sukadev Bhattiprolu wrote: [ ... ] + if (!answer.ret) { + ret = lxc_unfreeze(handler-name); + if (!ret) + return 0; [ ... ] gcc -DHAVE_CONFIG_H -I. -I../../src -fPIC -DPIC -I../../src -g -O2 -Wall -MT

Re: [lxc-devel] [PATCH 0/5] Signal stuff v2 and some documentation

2010-07-15 Thread Daniel Lezcano
On 07/15/2010 10:07 PM, Ferenc Wagner wrote: Daniel Lezcanodaniel.lezc...@free.fr writes: On 06/09/2010 07:56 PM, Ferenc Wagner wrote: here are basically the same patches, with some obvious errors corrected and some unrelated documentation added. It actually survived some

Re: [lxc-devel] [PATCH 1/2]: Ensure freezer state has changed

2010-07-15 Thread Daniel Lezcano
On 07/15/2010 02:59 AM, Matt Helsley wrote: On Fri, Jul 09, 2010 at 07:51:32PM -0700, Sukadev Bhattiprolu wrote: From: Sukadev Bhattiprolusuka...@linux.vnet.ibm.com Subject: [PATCH 1/2] Ensure frezer state has changed A write to the freezer.state file does not gurantee that the state has

[lxc-devel] [patch -lxc 2/4] generalize the name of the signal handler

2010-07-15 Thread Daniel Lezcano
From: Ferenc Wagner wf...@niif.hu Signed-off-by: Ferenc Wagner wf...@niif.hu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/start.c | 10 +- 1 files changed, 5 insertions(+), 5 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index 92f44e3..1d4087c 100644

[lxc-devel] [patch -lxc 3/4] lxc-init kills all processes with SIGTERM

2010-07-15 Thread Daniel Lezcano
When lxc-init receives a SIGTERM, let's kill all the processes of the pid namespace with kill -1. So the exit of the container will happen gracefully with processes death cascade. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/lxc_init.c | 14 -- 1 files changed, 12

[lxc-devel] [patch -lxc 4/4] lxc-init finishes the remaining processes with SIGKILL

2010-07-15 Thread Daniel Lezcano
If lxc-init receives a SIGALRM, a timeout, it kills all the processes of the container with SIGKILL. That will prevent the container to be stuck when one process ignore the SIGTERM signal. Each time a process exits, the timeout is resetted. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com

[lxc-devel] [patch -lxc 1/4] forward signals to the container init

2010-07-15 Thread Daniel Lezcano
From: Ferenc Wagner wf...@niif.hu Signed-off-by: Ferenc Wagner wf...@niif.hu Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/start.c | 22 ++ 1 files changed, 14 insertions(+), 8 deletions(-) diff --git a/src/lxc/start.c b/src/lxc/start.c index dc57bea

[lxc-devel] [GIT] lxc branch, master, updated. 6f0a42008dab87e1c97bc71319c793315f87a328

2010-07-19 Thread Daniel Lezcano
other notification email; so we list those revisions in full, below. - Log - commit 6f0a42008dab87e1c97bc71319c793315f87a328 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Tue Jul 13 14:51:45 2010 +0200 lxc-init finishes

[lxc-devel] [GIT] lxc branch, master, updated. 1c4a945262b8d110c3f8e0655ca50cb05d383c74

2010-07-19 Thread Daniel Lezcano
1c4a945262b8d110c3f8e0655ca50cb05d383c74 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jul 19 16:04:41 2010 +0200 Remove dead code This function is no longer used. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes

Re: [lxc-devel] a container can remount ro the host's mount point

2010-07-19 Thread Daniel Lezcano
On 04/01/2010 06:42 AM, Michael H. Warfield wrote: Daniel, I'm going to top post here because I've just discovered that we've got a bigger problem here, related to this whole mess. A much bigger problem having to do with bind mounts in general. This is the generalized case here, which

[lxc-devel] [GIT] lxc branch, master, updated. 7a82e9236d94619a1ad7aa6df9e2f10c81dbc344

2010-07-20 Thread Daniel Lezcano
- commit 7a82e9236d94619a1ad7aa6df9e2f10c81dbc344 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Tue Jul 20 13:45:44 2010 +0200 provide a script to set uid bit on cli Some file systems do not support the file posix capabilities. The following script set

[lxc-devel] [patch -lxc 1/2] fix inverted network interface creation

2010-07-22 Thread Daniel Lezcano
From: Daniel Lezcano daniel.lezc...@free.fr The list is 'lifo', so when we create the network interfaces, we do this in the reverse order of the expected one. That is confusing. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/confile.c |4 ++-- src/lxc/list.h|5

[lxc-devel] [GIT] lxc branch, master, updated. e239ff31a5c442ac1d006e836bc622371842dfa0

2010-07-23 Thread Daniel Lezcano
in full, below. - Log - commit e239ff31a5c442ac1d006e836bc622371842dfa0 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Fri Jul 23 15:10:38 2010 +0200 Fix bad returned value In case of error the message will be always

[lxc-devel] [GIT] lxc branch, master, updated. 9de28746a5edd2b9ba6fbd79956891ed4692e5d5

2010-07-23 Thread Daniel Lezcano
9de28746a5edd2b9ba6fbd79956891ed4692e5d5 Author: Michel Normand norm...@fr.ibm.com Date: Fri Jul 23 17:17:14 2010 +0200 avoid compile warning in src/lxc/console.c src/lxc/console.c:143: warning : return type defaults to ‘int’ Signed-off-by: Michel Normand norm...@fr.ibm.com Signed-off-by: Daniel Lezcano

Re: [lxc-devel] Very slow lxc-start

2010-07-25 Thread Daniel Lezcano
On 07/25/2010 01:57 PM, Denis Rizaev wrote: Hi guys. In last versions of lxc lxc-start is very slow. On my system with 15 containers it stucks for ~20 seconds before actual container launch begins. With strace i see that it does many umounts in /mnt. Can anyone explain what happens? lxc

[lxc-devel] [GIT] lxc branch, master, updated. 547467bddbe54b7812f0df0e9c18a2e1b7091036

2010-07-26 Thread Daniel Lezcano
547467bddbe54b7812f0df0e9c18a2e1b7091036 Author: Daniel Lezcano dlezc...@fr.ibm.com Date: Mon Jul 26 11:01:20 2010 +0200 version 0.7.2 Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: configure.ac |2 +- 1 files changed, 1

Re: [lxc-devel] cgroup isolation

2010-08-30 Thread Daniel Lezcano
On 08/27/2010 05:52 PM, Denis Rizaev wrote: Hi folks. I tried to mount cgroup fs in container and was surprised that i can see all cgroups tree. Also i can modify limits for my container and others!! In my opinion container should see only it's own level of cgroup, not whole tree. Is it

Re: [lxc-devel] Fedora 13 lxc-debian / lxc-fedora templates

2010-09-05 Thread Daniel Lezcano
On 09/02/2010 11:43 AM, v1t03k wrote: Hi Guys, I'm testing here right now some lxc template scripts. I have here some troubles with setting up a debian instance on Fedora 13 (2.6.34.6-47.fc13.x86_64). First, I can't setup a lenny system on my Fedora 13 host. I get these errors: I:

Re: [lxc-devel] LXC-Cgroup memory controller

2010-09-07 Thread Daniel Lezcano
On 09/07/2010 05:22 PM, jorge espada wrote: Hi Guys I wanna know if it possible to set up a memory controller for each container..if so..how can I do? any examples? Thanks When you start a container, there is a cgroup created automatically where all the processes of the container will

[lxc-devel] [PATCH 2/8] use the rootfs mount point for the console

2010-10-03 Thread Daniel Lezcano
The rootfs is always located in the mount point now, let's use it. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c |5 +++-- 1 files changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index aae52f4..7755837 100644 --- a/src/lxc/conf.c

[lxc-devel] [PATCH 3/8] use the rootfs mount point for the tty's

2010-10-03 Thread Daniel Lezcano
The rootfs is always located in rootfs-mount, let's use it for the tty. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c |5 - 1 files changed, 4 insertions(+), 1 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 7755837..3da522f 100644 --- a/src/lxc

[lxc-devel] [PATCH 1/8] mount the rootfs to the mount directory first

2010-10-03 Thread Daniel Lezcano
Split the rootfs setup by mounting the rootfs to the mount point. This mount point will be used as the facto place where the rootfs is placed. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c | 28 +--- 1 files changed, 21 insertions(+), 7 deletions

[lxc-devel] [PATCH 5/8] Use container's proc to setup the utmp watching

2010-10-03 Thread Daniel Lezcano
The rootfs/var/run/utmp is located in: /proc/containerinit/root/var/run/utmp, let's use it. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/utmp.c | 30 +++--- 1 files changed, 19 insertions(+), 11 deletions(-) diff --git a/src/lxc/utmp.c b/src/lxc

[lxc-devel] [PATCH 6/8] Don't display an error in lxc_file_for_each_line

2010-10-03 Thread Daniel Lezcano
Don't display an error when the callback returns an error different from zero. A value greater than zero may means stop. Let's the caller to check the error. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/parse.c |4 +--- 1 files changed, 1 insertions(+), 3 deletions(-) diff

[lxc-devel] [PATCH 4/8] Initialize default mount point

2010-10-03 Thread Daniel Lezcano
Let's initialize rootfs-mount to LXCROOTFSMOUNT. The value will be overwritten by the configuration in case it is specified. That will make the code nicer, instead of the ugly rootfs-mount checks. Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c | 27

Re: [lxc-devel] Erroneous cgroup is not mounted when using cgconfig (libcgroup)

2010-10-04 Thread Daniel Lezcano
On 10/03/2010 05:06 PM, Ward, David - 0663 - MITLL wrote: The 'cgconfig' tool from libcgroup (http://libcg.sourceforge.net) can be used to mount one or more instances of the cgroup virtual filesystem, instead of using the 'mount' command. However, cgconfig does not update /etc/mtab,

Re: [lxc-devel] Commits not showing up in git?

2010-10-04 Thread Daniel Lezcano
On 10/04/2010 08:49 PM, Scott Bronson wrote: Hi, this commit and about 8 others haven't showed up in SourceForge's git tree. http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=summary Is there another git tree that the project is using? No, I am just waiting a bit in case there are

[lxc-devel] [GIT] lxc branch, master, updated. 49d3e78dceea24fcdd09529d1c748b69e19ef63f

2010-10-05 Thread Daniel Lezcano
on any other notification email; so we list those revisions in full, below. - Log - commit 49d3e78dceea24fcdd09529d1c748b69e19ef63f Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Oct 5 10:28:31 2010 +0200 update

Re: [lxc-devel] [PATCH] add lxc.network.veth.script configuration hook

2010-10-07 Thread Daniel Lezcano
On 10/07/2010 09:30 AM, Stefan Tomanek wrote: This commit adds an lxc.network.veth.script configuration option to specify a script to be executed after creating or configuring the pair of veth devices. The name of the host sided device is passed as first argument, so the script can be used to

Re: [lxc-devel] [PATCH] add lxc.network.veth.script configuration hook

2010-10-07 Thread Daniel Lezcano
On 10/07/2010 03:06 PM, Stefan Tomanek wrote: Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr): * lxc.network.script.pre: IMO, it does not make sense because that means it is the host itself which should be modified, so that fall under the host network configuration umbrella

Re: [lxc-devel] [PATCH] add lxc.network.script(.pre|.post|) configuration hooks

2010-10-08 Thread Daniel Lezcano
On 10/08/2010 05:13 PM, Michael Tokarev wrote: Stefan Tomanek wrote: Dies schrieb Daniel Lezcano (daniel.lezc...@free.fr): Are we sure, we want to add these hooks (pre and post) ? I am not against adding them, but IMO it is more sane to add them if needed rather than adding

[lxc-devel] [PATCH 1/2] fix Coding Style

2010-10-12 Thread Daniel Lezcano
Fix the coding style, 80 chars lines, etc ... Fix indentation blocks if ... then ... else ... fi Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- src/lxc/conf.c | 78 1 files changed, 39 insertions(+), 39 deletions(-) diff --git

[lxc-devel] [GIT] lxc branch, master, updated. abbfd20baa348ce1b6b26dd9c2627c5e2f500b69

2010-10-12 Thread Daniel Lezcano
, below. - Log - commit abbfd20baa348ce1b6b26dd9c2627c5e2f500b69 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Oct 12 10:52:47 2010 +0200 use popen and redirect script output Change the run_script function to use

[lxc-devel] [GIT] lxc tag, lxc-0.7.3, created. acb0e330161f9b02bd0b351e0a8cc193da4de330

2010-10-26 Thread Daniel Lezcano
- commit acb0e330161f9b02bd0b351e0a8cc193da4de330 Author: Daniel Lezcano daniel.lezc...@free.fr Date: Tue Oct 26 18:14:47 2010 +0200 set version to 0.7.3 Version 0.7.3 Signed-off-by: Daniel Lezcano daniel.lezc...@free.fr

[lxc-devel] [GIT] lxc branch, master, updated. 968fbd36057db3132c68a63700e42929e5df5e2d

2010-10-30 Thread Daniel Lezcano
-start: Invalid argument - failed to mount ... errors. Signed-off-by: Sergey S. Kostyliov rathamah...@gmail.com Signed-off-by: Daniel Lezcano dlezc...@fr.ibm.com --- Summary of changes: src/lxc/conf.c |5

Re: [lxc-devel] [PATCH] add support for dirsync mount option

2010-10-30 Thread Daniel Lezcano
On 10/30/2010 09:05 PM, Sergey S. Kostyliov wrote: Add support for `dirsync' mount option. MS_DIRSYNC is on of the mount(2) mountflags so don't send it as extra mount option to avoid: lxc-start: Invalid argument - failed to mount ... errors. Signed-off-by: Sergey S.

Re: [lxc-devel] [Lxc-users] regular lxc development call?

2010-12-02 Thread Daniel Lezcano
On 12/02/2010 03:21 PM, Serge E. Hallyn wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): On 11/30/2010 04:06 AM, Serge E. Hallyn wrote: Quoting Daniel Lezcano (daniel.lezc...@free.fr): Looks like we'll be starting small anyway, so let's just try skype. Anyone interested

Re: [lxc-devel] did the new kernel 2.6.36 support a full sysfs namespace for tun/tap device?

2010-12-07 Thread Daniel Lezcano
On 12/07/2010 11:10 AM, 贺鹏 wrote: Hi, all: did the new kernel 2.6.36 support a full sysfs namespace for tun/tap device? I am not sure, but yes it should. sysfs per namespace is in place since 2.6.35 AFAIR.

Re: [lxc-devel] [PATCH 1/4] Setting default suite to squeeze in debian template.

2010-12-16 Thread Daniel Lezcano
On 12/16/2010 04:03 PM, Daniel Baumann wrote: On 12/16/2010 02:56 PM, Daniel Lezcano wrote: Yes that makes sense. I will duplicate in order to apply your patches and then factor out the scripts to a minimal one. i've got another one for LANG where the locales are generated wrongly

Re: [lxc-devel] How does the console work in most recent release?

2011-01-05 Thread Daniel Lezcano
On 01/05/2011 08:53 AM, Rob Landley wrote: On 01/04/2011 06:52 AM, Daniel Lezcano wrote: On 01/04/2011 09:36 AM, Rob Landley wrote: I'm attempting to write a simple HOWTO for setting up a container with LXC. Unfortunately, console handling is really really brittle and the only way I've gotten

  1   2   3   >