KATOH Yasufumi | 23 Apr 10:21 2014
Picon

Convert punctuation marks in Japanese man pages

Hi,

I sent pull requests on github (on master and stable-1.0). This
converts punctuation marks from FULLWIDTH COMMA, FULLWIDTH FULL
STOP(period) to IDEOGRAPHIC COMMA, IDEOGRAPHIC FULL STOP in Japanese
man pages. The contents of Japanese man pages do not change at all.

This is because many Japanese use IDEOGRAPHIC COMMA/FULL STOP rather
than FULLWIDTH COMMA/FULL STOP.

  https://github.com/lxc/lxc/pull/204
  https://github.com/lxc/lxc/pull/205

--

-- 
KATOH Yasufumi
_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Dwight Engen | 21 Apr 15:18 2014
Picon

[PATCH] coverity: fix fd leak in error case (1011105)

I inadvertently introduced this with commit 8bf1e61e.

Signed-off-by: Dwight Engen <dwight.engen <at> oracle.com>
---
 src/lxc/monitor.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index 4ca4000..f356adf 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
 <at>  <at>  -106,8 +106,10  <at>  <at>  static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath)
 		return;
 	}

-	if (fcntl(fd, F_SETFL, O_WRONLY) < 0)
+	if (fcntl(fd, F_SETFL, O_WRONLY) < 0) {
+		close(fd);
 		return;
+	}

 	ret = write(fd, msg, sizeof(*msg));
 	if (ret != sizeof(*msg)) {
--

-- 
1.9.0

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
(Continue reading)

Sheng Yong | 18 Apr 17:30 2014
Picon

add '-m | --menuconfig' functionality to lxc-create

Hi, all

These 4 patches create interactive interface for lxc-create. lxdialog
and mconf are used directly from linux kernel. mconf and corresponding
config file are installed at $datadir/lxc/scripts/.

'-m | --menuconfig' option forks a new task and executes mconf. After
menuconfig, a default .config file is saved at the current directory.
lxc-create reads and parses .config, then fills the lxc_arguments.

thanks,
shyodx 

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Ducos Laurent | 17 Apr 14:07 2014

root and ubuntu pass

Hello
Is it possible to secure the password generated by debian and ubuntu templates like this ?
password=$(apg -a 0 -M ncl -n 1 -x 10 -m 8)
echo "$user:$password" | chroot $rootfs chpasswd
echo "$user password is $password  !"
root:root or ubuntu:ubuntu by default is very insecure


-- Laurent Ducos Administrateur système et réseaux laurent.ducos-zkl4Dl7PsEhWk0Htik3J/w@public.gmane.org 09 74 77 07 16
_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Serge Hallyn | 16 Apr 21:04 2014

[PATCH 1/1] snapshots: move snapshot directory

Originally we kept snapshots under /var/lib/lxcsnaps.  If a
separate btrfs is mounted at /var/lib/lxc, then we can't
make btrfs snapshots under /var/lib/lxcsnaps.

This patch moves the default directory to /var/lib/lxc/lxcsnaps.
If /var/lib/lxcsnaps already exists, then use that.  Don't allow
any container to be used with the name 'lxcsnaps'.

Signed-off-by: Serge Hallyn <serge.hallyn <at> ubuntu.com>
---
 src/lxc/lxccontainer.c | 49 +++++++++++++++++++++++++++++++++++++++----------
 src/lxc/lxccontainer.h |  4 ++--
 2 files changed, 41 insertions(+), 12 deletions(-)

diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index c90b564..1059961 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
 <at>  <at>  -2823,16 +2823,42  <at>  <at>  static int get_next_index(const char *lxcpath, char *cname)
 	}
 }

+static bool get_snappath_dir(struct lxc_container *c, char *snappath)
+{
+	int ret;
+	/*
+	 * If the old style snapshot path exists, use it
+	 * /var/lib/lxc -> /var/lib/lxcsnaps
+	 */
+	ret = snprintf(snappath, MAXPATHLEN, "%ssnaps", c->config_path);
+	if (ret < 0 || ret >= MAXPATHLEN)
+		return false;
+	if (dir_exists(snappath)) {
+		ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
+		if (ret < 0 || ret >= MAXPATHLEN)
+			return false;
+		return true;
+	}
+
+	/*
+	 * Use the new style path
+	 * /var/lib/lxc -> /var/lib/lxc + /lxcsnaps/ + c->name + \0
+	 */
+	ret = snprintf(snappath, MAXPATHLEN, "%s/lxcsnaps/%s", c->config_path, c->name);
+	if (ret < 0 || ret >= MAXPATHLEN)
+		return false;
+	return true;
+}
+
 static int lxcapi_snapshot(struct lxc_container *c, const char *commentfile)
 {
 	int i, flags, ret;
 	struct lxc_container *c2;
 	char snappath[MAXPATHLEN], newname[20];

-	// /var/lib/lxc -> /var/lib/lxcsnaps \0
-	ret = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
-	if (ret < 0 || ret >= MAXPATHLEN)
+	if (!get_snappath_dir(c, snappath)) {
 		return -1;
+	}
 	i = get_next_index(snappath, c->name);

 	if (mkdir_p(snappath, 0755) < 0) {
 <at>  <at>  -2966,7 +2992,7  <at>  <at>  static char *get_timestamp(char* snappath, char *name)
 static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **ret_snaps)
 {
 	char snappath[MAXPATHLEN], path2[MAXPATHLEN];
-	int dirlen, count = 0, ret;
+	int count = 0, ret;
 	struct dirent dirent, *direntp;
 	struct lxc_snapshot *snaps =NULL, *nsnaps;
 	DIR *dir;
 <at>  <at>  -2974,9 +3000,7  <at>  <at>  static int lxcapi_snapshot_list(struct lxc_container *c, struct lxc_snapshot **r
 	if (!c || !lxcapi_is_defined(c))
 		return -1;

-	// snappath is ${lxcpath}snaps/${lxcname}/
-	dirlen = snprintf(snappath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
-	if (dirlen < 0 || dirlen >= MAXPATHLEN) {
+	if (!get_snappath_dir(c, snappath)) {
 		ERROR("path name too long");
 		return -1;
 	}
 <at>  <at>  -3044,7 +3068,7  <at>  <at>  out_free:
 static bool lxcapi_snapshot_restore(struct lxc_container *c, const char *snapname, const char *newname)
 {
 	char clonelxcpath[MAXPATHLEN];
-	int flags = 0,ret;
+	int flags = 0;
 	struct lxc_container *snap, *rest;
 	struct bdev *bdev;
 	bool b = false;
 <at>  <at>  -3067,8 +3091,7  <at>  <at>  static bool lxcapi_snapshot_restore(struct lxc_container *c, const char *snapnam
 			return false;
 		}
 	}
-	ret = snprintf(clonelxcpath, MAXPATHLEN, "%ssnaps/%s", c->config_path, c->name);
-	if (ret < 0 || ret >= MAXPATHLEN) {
+	if (!get_snappath_dir(c, clonelxcpath)) {
 		bdev_put(bdev);
 		return false;
 	}
 <at>  <at>  -3284,6 +3307,12  <at>  <at>  struct lxc_container *lxc_container_new(const char *name, const char *configpath
 {
 	struct lxc_container *c;

+	if (!name)
+		return NULL;
+
+	if (strcmp(name, "lxcsnaps") == 0)
+		return NULL;
+
 	c = malloc(sizeof(*c));
 	if (!c) {
 		fprintf(stderr, "failed to malloc lxc_container\n");
diff --git a/src/lxc/lxccontainer.h b/src/lxc/lxccontainer.h
index ba15ab7..946a662 100644
--- a/src/lxc/lxccontainer.h
+++ b/src/lxc/lxccontainer.h
 <at>  <at>  -649,7 +649,7  <at>  <at>  struct lxc_container {
 	 * \brief Create a container snapshot.
 	 *
 	 * Assuming default paths, snapshots will be created as
-	 * \c /var/lib/lxcsnaps/\<c\>/snap\<n\>
+	 * \c /var/lib/lxc/lxcsnaps/\<c\>/snap\<n\>
 	 * where \c \<c\> represents the container name and \c \<n\>
 	 * represents the zero-based snapshot number.
 	 *
 <at>  <at>  -691,7 +691,7  <at>  <at>  struct lxc_container {
 	 *  fail if the  snapshot is overlay-based, since the snapshots
 	 *  will pin the original container.
 	 * \note As an example, if the container exists as \c /var/lib/lxc/c1, snapname might be \c 'snap0'
-	 *  (representing \c /var/lib/lxcsnaps/c1/snap0). If \p newname is \p c2,
+	 *  (representing \c /var/lib/lxc/lxcsnaps/c1/snap0). If \p newname is \p c2,
 	 *  then \c snap0 will be copied to \c /var/lib/lxc/c2.
 	 */
 	bool (*snapshot_restore)(struct lxc_container *c, const char *snapname, const char *newname);
--

-- 
1.8.3.2

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Serge Hallyn | 16 Apr 18:01 2014

[PATCH 1/1] lxc startup: manually mark every shared mount entry as slave

If you 'ip netns add x1', this creates /run/netns and /run/netns/x1
as shared mounts.  When a container starts, it umounts these after
pivot_root, and the umount is propagated to the host.

Worse, doing mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) does not
suffice to change those, even after binding /proc/mounts onto
/etc/mtab.

So, I give up.  Do this manually, walking over /proc/self/mountinfo
and changing the mount propagation on everything marked as shared.

With this patch, lxc-start no longer unmounts /run/netns/* on the
host.

Signed-off-by: Serge Hallyn <serge.hallyn <at> ubuntu.com>
---
 src/lxc/conf.c | 68 ++++++++++++++++++++++++++++++++++++++++++++++++++++------
 1 file changed, 62 insertions(+), 6 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 06235fb..4052c5f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
 <at>  <at>  -3706,6 +3706,66  <at>  <at>  void tmp_proc_unmount(struct lxc_conf *lxc_conf)
 	}
 }

+static void null_endofword(char *word)
+{
+	while (*word && *word != ' ' && *word != '\t')
+		word++;
+	*word = '\0';
+}
+
+/*
+ * skip  <at> nfields spaces in  <at> src
+ */
+static char *get_field(char *src, int nfields)
+{
+	char *p = src;
+	int i;
+
+	for (i = 0; i < nfields; i++) {
+		while (*p && *p != ' ' && *p != '\t')
+			p++;
+		if (!p)
+			break;
+		p++;
+	}
+	return p;
+}
+
+static void remount_all_slave(void)
+{
+	/* walk /proc/mounts and change any shared entries to slave */
+	FILE *f = fopen("/proc/self/mountinfo", "r");
+	char *line = NULL;
+	size_t len = 0;
+
+	if (!f) {
+		SYSERROR("Failed to open /proc/self/mountinfo to mark all shared");
+		ERROR("Continuing container startup...");
+		return;
+	}
+
+	while (getline(&line, &len, f) != -1) {
+		char *target, *opts;
+		target = get_field(line, 4);
+		if (!target)
+			continue;
+		opts = get_field(target, 2);
+		if (!opts)
+			continue;
+		null_endofword(opts);
+		if (!strstr(opts, "shared"))
+			continue;
+		null_endofword(target);
+		if (mount(NULL, target, NULL, MS_SLAVE, NULL)) {
+			SYSERROR("Failed to make %s rslave", target);
+			ERROR("Continuing...");
+		}
+	}
+	fclose(f);
+	if (line)
+		free(line);
+}
+
 int lxc_setup(struct lxc_handler *handler)
 {
 	const char *name = handler->name;
 <at>  <at>  -3713,12 +3773,6  <at>  <at>  int lxc_setup(struct lxc_handler *handler)
 	const char *lxcpath = handler->lxcpath;
 	void *data = handler->data;

-	if (detect_shared_rootfs()) {
-		if (mount(NULL, "/", NULL, MS_SLAVE|MS_REC, NULL)) {
-			SYSERROR("Failed to make / rslave");
-			ERROR("Continuing...");
-		}
-	}
 	if (detect_ramfs_rootfs()) {
 		if (chroot_into_slave(lxc_conf)) {
 			ERROR("Failed to chroot into slave /");
 <at>  <at>  -3726,6 +3780,8  <at>  <at>  int lxc_setup(struct lxc_handler *handler)
 		}
 	}

+	remount_all_slave();
+
 	if (lxc_conf->inherit_ns_fd[LXC_NS_UTS] == -1) {
 		if (setup_utsname(lxc_conf->utsname)) {
 			ERROR("failed to setup the utsname for '%s'", name);
--

-- 
1.9.1

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Serge Hallyn | 16 Apr 16:40 2014

snapshots location

Hi,

Some time ago someone pointed out that the current lxc snapshot location
isn't ideal.  If you have a btrfs mounted at /var/lib/lxc, then the
snapshot locatoni /var/lib/lxcsnaps is not btrfs.

So I'm proposing that

1. we move the snapshot location to /var/lib/lxc/lxcsnaps
2. lxc_container_new() refuses 'lxcsnaps' as a container name
3. snapshot actions first check whether /var/lib/lxcsnaps exists; if so,
   and it is non-empty, then uses it.  Otherwise it uses the new
   location.

Any objections?  I didn't want to do this because I didn't want any
cruft under LXCPATH, but I think I'm ok with it, and I don't think
anyone should be bothering to ls /var/lib/lxc anymore, lxc-ls is so
much nicer.

-serge
_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
GitHub | 15 Apr 23:10 2014

[lxc/lxc] 5135b5: cppcheck: fix unchecked realloc in lxc_info.c

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: 5135b555bb3b406288cb24da8425daeaf3e38dde
      https://github.com/lxc/lxc/commit/5135b555bb3b406288cb24da8425daeaf3e38dde
  Author: Serge Hallyn <serge.hallyn@...>
  Date:   2014-04-15 (Tue, 15 Apr 2014)

  Changed paths:
    M src/lxc/lxc_info.c

  Log Message:
  -----------
  cppcheck: fix unchecked realloc in lxc_info.c

Signed-off-by: Serge Hallyn <serge.hallyn@...>
Acked-by: St├ęphane Graber <stgraber@...>

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Serge Hallyn | 15 Apr 22:53 2014

[PATCH 1/1] cppcheck: fix unchecked realloc in lxc_info.c

Signed-off-by: Serge Hallyn <serge.hallyn <at> ubuntu.com>
---
 src/lxc/lxc_info.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
index 24d6f9b..e1e39c0 100644
--- a/src/lxc/lxc_info.c
+++ b/src/lxc/lxc_info.c
 <at>  <at>  -50,9 +50,13  <at>  <at>  static int filter_count = 0;

 static int my_parser(struct lxc_arguments* args, int c, char* arg)
 {
+	char **newk;
 	switch (c) {
 	case 'c':
-		key = realloc(key, keys+1 * sizeof(key[0]));
+		newk = realloc(key, keys+1 * sizeof(key[0]));
+		if (!newk)
+			return -1;
+		key = newk;
 		key[keys] = arg;
 		keys++;
 		break;
--

-- 
1.9.1

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
William Dauchy | 14 Apr 15:18 2014
Picon

call to setup_dev_symlinks with lxc.autodev

Hello,

I'm looking for a way to not execute setup_dev_symlinks. In my case I'm
using lxc-start with a read only filesystem.
so:
!lxc_conf->is_execute && setup_dev_symlinks(&lxc_conf->rootfs))
will probably fail

I saw there was:
               ret = symlink(d->oldpath, path);
               if (ret && errno != EEXIST) { }
but in my case I need to manually access the /dev directory in order to
make it return EEXIST.

I was wondering if we could avoid setup_dev_symlinks call in case of
autodev = 0 for example?

Thanks,
--

-- 
William
_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Valentin LAB | 11 Apr 10:46 2014

lxc-create and template API issues

Hi,

I'm having troubles migrating our lxc template from ubuntu 12.04 basic 
install to new 14.04 version. One of the major differences is that we 
can't lxc-attach or lxc-start the LXC being built. I need to do this to 
launch several startup scripts in the LXC to finish the set up.

This request seems quite normal to me, and other templates seems to 
struggle to do the same. Mostly using chroot.

For example, I see that lxc-fedora does some chroot... but this requires 
to make some mount (for /dev and /proc). And if anything goes wrong 
(Ctrl-C from the user, or the script does not finishing well for any 
reason (server unreachable), lxc-create will try to "rm -rf" the 
container rootfs (because the template script returned a non 0 
status)... leading to remove all in /dev or trying to remove things in 
/proc... And this will remove /dev/* on the host also. Yikes !

Ensuring having the template return 0 status in case of error just to 
avoid the big nasty deletion is perverse at best, or to umount properly 
these devices is cumbersome and error prone (and this even if all went 
right in the script you've launched on the LXC): Any "apt-get 
install..." could spawn services that get re-parented to PID 1 and 
they'll hook up to files in "/dev" and "/proc"... This means that umount 
will be refused unless you manage to pin and kill every process that 
were created in the chroot, and this is not trivial.

This means that the lxc-fedora could have a big nasty bug leading to 
deleting content of /dev/* on the host if you happen to Ctrl-C at the 
bad moment... (I didn't check this). Of course you can rebuild /dev on 
most system quite easily, but if you don't do it, your host system is 
broken by simply launching lxc-create -t fedora and cancelling it at the 
bad moment...

The best solution I have found so far is to move the new "partial" file 
location in /var/lib/lxc/my_container/partial, so that lxc-start work 
again, and let me start the container and lxc-attach some commands.

Of course, all this feels really wrong.

What am I doing wrong ? Do you have any suggestion ?

I must add that I use some sort of configurable templates that allows me 
to feed shell scripts (pretty like juju charms hooks/install) to build 
different services at lxc-create time. This worked very well in 12.04. 
The scripts are various and are meant to be run inside the container to 
set-up specific services automatically.

Thanks for your insights,

--

-- 
Valentin LAB

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Gmane