KATOH Yasufumi | 27 Mar 10:32 2015
Picon

[PATCH] doc: Add '--storage-type' option to lxc-start-ephemeral(1)

Signed-off-by: KATOH Yasufumi <karma <at> jazz.email.ne.jp>
---
 doc/ja/lxc-start-ephemeral.sgml.in | 15 +++++++++++++++
 doc/lxc-start-ephemeral.sgml.in    | 12 ++++++++++++
 2 files changed, 27 insertions(+)

diff --git a/doc/ja/lxc-start-ephemeral.sgml.in b/doc/ja/lxc-start-ephemeral.sgml.in
index eca2a8b..3102782 100644
--- a/doc/ja/lxc-start-ephemeral.sgml.in
+++ b/doc/ja/lxc-start-ephemeral.sgml.in
 <at>  <at>  -59,6 +59,7  <at>  <at>  by KATOH Yasufumi <karma at jazz.email.ne.jp>
       <arg choice="opt">--bdir</arg>
       <arg choice="opt">--user</arg>
       <arg choice="opt">--key</arg>
+      <arg choice="opt">--storage-type</arg>
       <arg choice="opt">--union-type</arg>
       <arg choice="opt">--keep-data</arg>
       <arg choice="opt">COMMAND</arg>
 <at>  <at>  -171,6 +172,20  <at>  <at>  by KATOH Yasufumi <karma at jazz.email.ne.jp>

       <varlistentry>
         <term>
+          <option><optional>--storage-type</optional></option>
+        </term>
+        <listitem>
+          <para>
+            <!--
+            Specify the type of storage used by the container. Valid types are tmpfs or dir.
+              -->
+            コンテナが使うストレージのタイプ。tmpfs か dir を指定できます。
(Continue reading)

Tycho Andersen | 26 Mar 23:53 2015

[PATCH] c/r: tell CRIU about all external mounts in the config

Signed-off-by: Tycho Andersen <tycho.andersen <at> canonical.com>
---
 src/lxc/conf.c         | 18 +++++++++++---
 src/lxc/conf.h         |  2 ++
 src/lxc/list.h         | 11 +++++++++
 src/lxc/lxccontainer.c | 67 +++++++++++++++++++++++++++++++++++++++++++-------
 4 files changed, 85 insertions(+), 13 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2868708..f9c7e37 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
 <at>  <at>  -2040,18 +2040,16  <at>  <at>  static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab,
 	return ret;
 }

-static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount,
-	const char *lxc_name)
+FILE *write_mount_file(struct lxc_list *mount)
 {
 	FILE *file;
 	struct lxc_list *iterator;
 	char *mount_entry;
-	int ret;

 	file = tmpfile();
 	if (!file) {
 		ERROR("tmpfile error: %m");
-		return -1;
+		return NULL;
(Continue reading)

Tycho Andersen | 26 Mar 16:52 2015

[PATCH] c/r: teach criu about cgmanager's socket

CRIU needs to be told when something is bind mounted into the container from
the outside as cgmanager's socket is.

Signed-off-by: Tycho Andersen <tycho.andersen <at> canonical.com>
---
 src/lxc/cgfs.c         |  1 +
 src/lxc/cgmanager.c    |  1 +
 src/lxc/cgroup.c       |  5 +++++
 src/lxc/cgroup.h       |  7 +++++++
 src/lxc/lxccontainer.c | 16 ++++++++++++++++
 5 files changed, 30 insertions(+)

diff --git a/src/lxc/cgfs.c b/src/lxc/cgfs.c
index 20325fa..11a5925 100644
--- a/src/lxc/cgfs.c
+++ b/src/lxc/cgfs.c
 <at>  <at>  -2403,4 +2403,5  <at>  <at>  static struct cgroup_ops cgfs_ops = {
 	.chown = NULL,
 	.mount_cgroup = cgroupfs_mount_cgroup,
 	.nrtasks = cgfs_nrtasks,
+	.driver = CGFS,
 };
diff --git a/src/lxc/cgmanager.c b/src/lxc/cgmanager.c
index 0932d96..080e382 100644
--- a/src/lxc/cgmanager.c
+++ b/src/lxc/cgmanager.c
 <at>  <at>  -1396,5 +1396,6  <at>  <at>  static struct cgroup_ops cgmanager_ops = {
 	.mount_cgroup = cgm_mount_cgroup,
 	.nrtasks = cgm_get_nrtasks,
 	.disconnect = NULL,
(Continue reading)

Tycho Andersen | 25 Mar 18:05 2015

[PATCH] lxcapi_restore shouldn't steal the calling process

Previously, lxcapi_restore used the calling process as the lxc monitor process
(and just never returned), requiring users to fork before calling it. This, of
course, would cause problems for things like LXD, which can't fork.

Now, restore() forks the monitor as a child of the process that calls it. Users
who want to daemonize the restore process need to fork themselves.
lxc-checkpoint has been updated to reflect this behavior change.

Signed-off-by: Tycho Andersen <tycho.andersen <at> canonical.com>
---
 src/lxc/lxc_checkpoint.c |  48 +++++++++++++++------
 src/lxc/lxccontainer.c   | 109 ++++++++++++++++++++++++++++++++++-------------
 2 files changed, 114 insertions(+), 43 deletions(-)

diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
index cfa08fc..2e76c2e 100644
--- a/src/lxc/lxc_checkpoint.c
+++ b/src/lxc/lxc_checkpoint.c
 <at>  <at>  -20,6 +20,8  <at>  <at> 
 #include <stdio.h>
 #include <errno.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>

 #include <lxc/lxccontainer.h>

 <at>  <at>  -27,6 +29,7  <at>  <at> 
 #include "config.h"
 #include "lxc.h"
(Continue reading)

Ruslan Kuprieiev | 23 Mar 14:42 2015
Picon

lxc-checkpoint error

Hi!

I'm trying to use lxc-checkpoint to dump/restore simple lxc container.
I added:
# hax for criu lxc.console = none lxc.tty = 0 lxc.cgroup.devices.deny = c 5:1 rwm to container config, but when I'm trying to run
l xc-checkpoint -n $name -D $checkpoint_dir -s -v I get:
Error (mount.c:624): 113: ./sys/fs/cgroup/perf_event doesn't have a proper root mount

Could you give me a hint on what is going on?
I also saw that other people do experience the same problem:
http://tycho.ws/blog/2014/09/container-migration.html

Thanks,
Ruslan

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Tycho Andersen | 20 Mar 17:35 2015

[PATCH] lxc-checkpoint -r should actually wait for the restore to happen

From: Tycho Andersen <tycho.andersen <at> canonical.com>

Signed-off-by: Tycho Andersen <tycho.andersen <at> canonical.com>
---
 src/lxc/lxc_checkpoint.c | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
index cfa08fc..8345789 100644
--- a/src/lxc/lxc_checkpoint.c
+++ b/src/lxc/lxc_checkpoint.c
 <at>  <at>  -20,6 +20,8  <at>  <at> 
 #include <stdio.h>
 #include <errno.h>
 #include <unistd.h>
+#include <sys/types.h>
+#include <sys/wait.h>

 #include <lxc/lxccontainer.h>

 <at>  <at>  -168,6 +170,24  <at>  <at>  bool restore(struct lxc_container *c)

 	lxc_container_put(c);

+	if (pid != 0) {
+		int status;
+		pid_t w;
+
+		w = waitpid(pid, &status, 0);
+		if (w == -1) {
+			perror("waitpid");
+			return false;
+		}
+
+		if (WIFEXITED(status)) {
+			return status == 0;
+		} else {
+			fprintf(stderr, "restore process was killed with signal %d\n", WTERMSIG(status));
+			return false;
+		}
+	}
+
 	return ret;
 }

--

-- 
2.1.0

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Serge Hallyn | 19 Mar 19:41 2015

[PATCH] [stable] lxc-net.conf: use +e at teardown

When we are shutting down the lxc network, we should not fail when
things go wrong, as that only makes it harder to clean up later.

See https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1429140 in particular

Signed-off-by: Serge Hallyn <serge.hallyn <at> ubuntu.com>
---
 config/init/upstart/lxc-net.conf | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/config/init/upstart/lxc-net.conf b/config/init/upstart/lxc-net.conf
index 279cd1e..d6b2165 100644
--- a/config/init/upstart/lxc-net.conf
+++ b/config/init/upstart/lxc-net.conf
 <at>  <at>  -23,6 +23,7  <at>  <at>  pre-start script
 	use_iptables_lock="-w"
 	iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
 	cleanup() {
+		set +e
 		# dnsmasq failed to start, clean up the bridge
 		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT
 		iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT
 <at>  <at>  -34,6 +35,7  <at>  <at>  pre-start script
 		iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j
CHECKSUM --checksum-fill
 		ifconfig ${LXC_BRIDGE} down || true
 		brctl delbr ${LXC_BRIDGE} || true
+		set -e
 	}

 	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
 <at>  <at>  -73,6 +75,7  <at>  <at>  post-stop script
 	ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0;

 	if [ -d /sys/class/net/${LXC_BRIDGE} ]; then
+		set +e
 		use_iptables_lock="-w"
 		iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock=""
 		ifconfig ${LXC_BRIDGE} down
 <at>  <at>  -87,6 +90,7  <at>  <at>  post-stop script
 		pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true
 		rm -f ${varrun}/dnsmasq.pid
 		brctl delbr ${LXC_BRIDGE}
+		set -e
 	fi
 	rm -f ${varrun}/network_up
 end script
--

-- 
2.1.4

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
serge | 18 Mar 01:02 2015

[PATCH 1/2] cgmanager: put unprivileged containers under $(curcgroup)/lxc/$(container0

From: Serge Hallyn <serge.hallyn <at> ubuntu.com>

Currently if we are in /user.slice/user-1000.slice/session-c2.scope,
and we start an unprivileged container t1, it will be in cgroup
3:memory:/user.slice/user-1000.slice/session-c2.scope/t1.  If
we then do a 'lxc-cgroup -n t1 freezer.tasks', cgm_get will
first switch to 3:memory:/user.slice/user-1000.slice/session-c2.scope
then look up 't1's values.  The reasons for this are

1. cgmanager get_value is relative to your own cgroup, so we need
to be sure to be in t1's cgroup or an ancestor
2. we don't want to be in the container's cgroup bc it might freeze us.

But in Ubuntu 15.04 it was decided that
3:memory:/user.slice/user-1000.slice/session-c2.scope/tasks should
not be writeable by the user, making this fail.

Therefore put all unprivileged cgroups under "lxc/%n".  That way
the "lxc" cgroup should always be owned by the user so that he can
enter.

Signed-off-by: Serge Hallyn <serge.hallyn <at> ubuntu.com>
---
 src/lxc/utils.c |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index e66a01f..f4abe7d 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
 <at>  <at>  -322,7 +322,7  <at>  <at>  const char *lxc_global_config_value(const char *option_name)
 		sprintf(user_config_path, "%s/.config/lxc/lxc.conf", user_home);
 		sprintf(user_default_config_path, "%s/.config/lxc/default.conf", user_home);
 		sprintf(user_lxc_path, "%s/.local/share/lxc/", user_home);
-		user_cgroup_pattern = strdup("%n");
+		user_cgroup_pattern = strdup("lxc/%n");
 	}
 	else {
 		user_config_path = strdup(LXC_GLOBAL_CONF);
--

-- 
1.7.9.5

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
GitHub | 17 Mar 03:44 2015

[lxc/lxc] d3b630: Skip control tty code for non-ttys

  Branch: refs/heads/master
  Home:   https://github.com/lxc/lxc
  Commit: d3b6301135280d21d0c1c7d427e1c587b3177b69
      https://github.com/lxc/lxc/commit/d3b6301135280d21d0c1c7d427e1c587b3177b69
  Author: Stéphane Graber <stgraber@...>
  Date:   2015-03-16 (Mon, 16 Mar 2015)

  Changed paths:
    M src/lxc/attach.c

  Log Message:
  -----------
  Skip control tty code for non-ttys

Signed-off-by: Stéphane Graber <stgraber@...>
Acked-by: Serge E. Hallyn <serge.hallyn@...>

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Stéphane Graber | 17 Mar 02:54 2015

[PATCH] Skip control tty code for non-ttys

Signed-off-by: Stéphane Graber <stgraber <at> ubuntu.com>
---
 src/lxc/attach.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index faa90fc..69dafd4 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
 <at>  <at>  -985,7 +985,7  <at>  <at>  static int attach_child_main(void* data)
 		new_gid = options->gid;

 	/* setup the control tty */
-	if (options->stdin_fd) {
+	if (options->stdin_fd && isatty(options->stdin_fd)) {
 		if (setsid() < 0) {
 			SYSERROR("unable to setsid");
 			shutdown(ipc_socket, SHUT_RDWR);
--

-- 
1.9.1

_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel
Stéphane Graber | 16 Mar 23:26 2015

LXC 1.0.7 has been released!

Hello everyone,

The first LXC 1.1 bugfix release is now out!

This includes all bugfixes committed to master since the release of LXC 1.1.

As usual, the full announcement and changelog may be found at:
https://linuxcontainers.org/lxc/news/

And our tarballs can be downloaded from:
https://linuxcontainers.org/lxc/downloads/

LXC 1.1 is the latest stable release of LXC. Note that this isn't a long
term support release and it will only be supported for a year.

For production environments, we still recommend using LXC 1.0 which we
will be supporting until April 2019.

Stéphane Graber
On behalf of the LXC development team
_______________________________________________
lxc-devel mailing list
lxc-devel <at> lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-devel

Gmane