[lxc-devel] [PATCH 1/1] lxc.conf.sgml.in: fill in missing configuration file statements

Tue, 28 May 2013 12:10:52 -0700 

Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>
---
 doc/lxc.conf.sgml.in | 139 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 139 insertions(+)

diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in
index af8663a..6500e50 100644
--- a/doc/lxc.conf.sgml.in
+++ b/doc/lxc.conf.sgml.in
@@ -76,6 +76,32 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
     </para>
 
     <refsect2>
+      <title>Configuration</title>
+      <para>
+       In order to ease administration of multiple related containers, it
+       is possible to have a container configuration file cause another
+       file to be loaded.  For instance, network configuration
+       can be defined in one common file which is included by multiple
+       containers.  Then, if the containers are moved to another host,
+       only one file may need to be updated.
+      </para>
+
+      <variablelist>
+       <varlistentry>
+         <term>
+           <option>lxc.include</option>
+         </term>
+         <listitem>
+           <para>
+             Specify the file to be included.  The included file must be
+             in the same valid lxc configuration file format.
+           </para>
+         </listitem>
+       </varlistentry>
+      </variablelist>
+    </refsect2>
+
+    <refsect2>
       <title>Architecture</title>
       <para>
        Allows to set the architecture for the container. For example,
@@ -395,6 +421,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
              type, other arguments may be passed:
              veth/macvlan/phys. And finally (host-sided) device name.
            </para>
+           <para>
+             Standard output from the script is logged at debug level.
+             Standard error is not logged, but can be captured by the
+             hook redirecting its standard error to standard output.
+           </para>
          </listitem>
        </varlistentry>
 
@@ -415,6 +446,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
              type, other arguments may be passed:
              veth/macvlan/phys. And finally (host-sided) device name.
            </para>
+           <para>
+             Standard output from the script is logged at debug level.
+             Standard error is not logged, but can be captured by the
+             hook redirecting its standard error to standard output.
+           </para>
          </listitem>
        </varlistentry>
       </variablelist>
@@ -739,6 +775,56 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
     </refsect2>
 
     <refsect2>
+      <title>Apparmor profile</title>
+      <para>
+       If lxc was compiled and installed with apparmor support, and the host
+       system has apparmor enabled, then the apparmor profile under which the
+       container should be run can be specified in the container
+       configuration.  The default is <command>lxc-container-default</command>.
+      </para>
+      <variablelist>
+       <varlistentry>
+         <term>
+           <option>lxc.aa_profile</option>
+         </term>
+         <listitem>
+           <para>
+             Specify the apparmor profile under which the container should
+             be run.  To specify that the container should be unconfined,
+             use
+           </para>
+             <programlisting>lxc.aa_profile = unconfined</programlisting>
+         </listitem>
+       </varlistentry>
+      </variablelist>
+    </refsect2>
+
+    <refsect2>
+      <title>Seccomp configuration</title>
+      <para>
+        A container can be started with a reduced set of available
+       system calls by loading a seccomp profile at startup.  The
+       seccomp configuration file should begin with a version number
+       (which currently must be 1) on the first line, a policy type
+       (which must be 'whitelist') on the second line, followed by a
+       list of allowed system call numbers, one per line.
+      </para>
+      <variablelist>
+       <varlistentry>
+         <term>
+           <option>lxc.seccomp</option>
+         </term>
+         <listitem>
+           <para>
+             Specify a file containing the seccomp configuration to
+             load before the container starts.
+            </para>
+         </listitem>
+       </varlistentry>
+      </variablelist>
+    </refsect2>
+
+    <refsect2>
       <title>UID mappings</title>
       <para>
         A container can be started in a private user namespace with
@@ -775,6 +861,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
         Container hooks are programs or scripts which can be executed
        at various times in a container's lifetime.
       </para>
+      <para>
+        Standard output from the hooks is logged at debug level.
+        Standard error is not logged, but can be captured by the
+        hook redirecting its standard error to standard output.
+      </para>
       <variablelist>
        <varlistentry>
          <term>
@@ -978,6 +1069,54 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
02111-1307 USA
       </variablelist>
 
     </refsect2>
+    <refsect2>
+    <title> Logging</title>
+    <para>
+      Logging can be configured on a per-container basis.  By default,
+      depending upon how the lxc package was compiled, container startup
+      is logged only at the ERROR level, and logged to a file named after
+      the container (with '.log' appended) either under the container path,
+      or under @LOGPATH@.
+    </para>
+    <para>
+      Both the default log level and the log file can be specified in the
+      container configuration file, overriding the default behavior.  Note
+      that the configuration file entries can in turn be overridden by the
+      command line options to <command>lxc-start</command>.
+    </para>
+      <variablelist>
+       <varlistentry>
+         <term>
+           <option>lxc.loglevel</option>
+         </term>
+         <listitem>
+           <para>
+           The level at which to log.  The log level is an integer in
+           the range of 0..8 inclusive, where a lower number means more
+           verbose debugging.  In particular 0 = trace, 1 = debug, 2 =
+           info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 =
+           alert, and 8 = fatal.  If unspecified, the level defaults
+           to 5 (error), so that only errors and above are logged.
+           </para>
+           <para>
+           Note that when a script (such as either a hook script or a
+           network interface up or down script) is called, the script's
+           standard output is logged at level 1, debug.
+           </para>
+         </listitem>
+       </varlistentry>
+       <varlistentry>
+         <term>
+           <option>lxc.logfile</option>
+         </term>
+         <listitem>
+           <para>
+           The file to which logging info should be written.
+           </para>
+         </listitem>
+       </varlistentry>
+      </variablelist>
+    </refsect2>
 
   </refsect1>
 
-- 
1.8.1.2


------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Reply via email to