[lxc-devel] Patch: fix kernel 3.x detection
Hi,
attached patch fixes File capabilities detection when running under
kernel 3.x.
--
Frederic Crozat
SUSE
>From 5a4d96d1fd95719ddeb462fff45dbbc7cbbee3df Mon Sep 17 00:00:00 2001
From: Frederic Crozat
Date: Thu, 13 Oct 2011 11:26:56 +0200
Subject: [PATCH] handle kernel 3.x in lxc-checkconfig
Make sure to correctly detect kernel 3.x for file capabilities.
---
src/lxc/lxc-checkconfig.in | 17 +
1 files changed, 13 insertions(+), 4 deletions(-)
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
index 5dcf3a4..c2c64ba 100755
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -83,12 +83,21 @@ echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q
+KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
+sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
+if [[ $KVER_MAJOR == 2 ]]; then
KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
-sed -r 's/.*2.6.([0-9]{2}).*/\1/')
+sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
+else
+KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
+sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
+fi
echo -n "File capabilities: " &&
-[[ ${KVER_MINOR} < 33 ]] && is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ||
-[[ ${KVER_MINOR} > 32 ]] && $SETCOLOR_SUCCESS && echo -e "enabled" &&
-$SETCOLOR_NORMAL
+( [[ ${KVER_MAJOR} == 2 && ${KVER_MINOR} < 33 ]] &&
+ is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) ||
+( [[ ( ${KVER_MAJOR} == 2 && ${KVER_MINOR} > 32 ) ||
+ ${KVER_MAJOR} > 2 ]] && $SETCOLOR_SUCCESS &&
+ echo -e "enabled" && $SETCOLOR_NORMAL )
echo
echo "Note : Before booting a new kernel, you can check its configuration"
--
1.7.3.4
--
All the data continuously generated in your IT infrastructure contains a
definitive record of customers, application performance, security
threats, fraudulent activity and more. Splunk takes this data and makes
sense of it. Business sense. IT sense. Common sense.
http://p.sf.net/sfu/splunk-d2d-oct___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc_cgroup_append_task_1of3() helper_1of2
On 10/06/2011 02:59 PM, "Axel Schöner" wrote: > Hi, > > the new patchset consists of 3 patches: > patch_1of3_lxc_cgroup_append_task_helper_cgroup > patch_2of3_lxc_cgroup_append_task_helper_namespace > patch_3of3_lxc_cgroup_append_task_in_lxc_attach Hi guys, I have been very busy the last weeks but I will look at the patches everyone has sent now. Be patient and sorry for the delay. Thanks -- Daniel -- All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity and more. Splunk takes this data and makes sense of it. Business sense. IT sense. Common sense. http://p.sf.net/sfu/splunk-d2d-oct ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] add ALTLinux template
> On 08/16/2011 02:14 PM, Alexey Shabalin wrote:
>> Hello.
>> This patch add template for ALTLinux. (based on fedora template)
>> Thanks.
> Applied.
Update ALTLinux template.
--
Alexey Shabalin
diff --git a/templates/lxc-altlinux.in b/templates/lxc-altlinux.in
index a64367f..3aba77b 100644
--- a/templates/lxc-altlinux.in
+++ b/templates/lxc-altlinux.in
@@ -27,7 +27,7 @@
#Configurations
arch=$(arch)
cache_base=/var/cache/lxc/altlinux/$arch
-default_path=/var/lib/lxc
+default_path=@LXCPATH@
default_profile=default
profile_dir=/etc/lxc/profiles
root_password=rooter
@@ -44,15 +44,38 @@ configure_altlinux()
mkdir -p $rootfs_path/selinux
echo 0 > $rootfs_path/selinux/enforce
- # configure the network using the dhcp
- mkdir -p ${rootfs_path}/etc/net/ifaces/eth0
-cat < ${rootfs_path}/etc/net/ifaces/eth0/options
-BOOTPROTO=dhcp
+mkdir -p ${rootfs_path}/etc/net/ifaces/veth0
+cat < ${rootfs_path}/etc/net/ifaces/veth0/options
+BOOTPROTO=${BOOTPROTO}
ONBOOT=yes
NM_CONTROLLED=no
TYPE=eth
EOF
+if [ ${BOOTPROTO} != "dhcp" ]; then
+# ip address
+cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv4address
+${ipv4}
+EOF
+
+cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv4route
+${gw}
+EOF
+
+cat < ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf
+nameserver ${dns}
+EOF
+
+cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv6address
+${ipv6}
+EOF
+
+cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv6route
+${gw6}
+EOF
+
+fi
+
# set the hostname
cat < ${rootfs_path}/etc/sysconfig/network
NETWORKING=yes
@@ -66,10 +89,11 @@ EOF
127.0.0.1 localhost.localdomain localhost $name
EOF
# Allow to login at virsh console. loginuid.so doen't work in the absence of auditd.
-sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
+#sed -i 's/^.*loginuid.so.*$/\#&/' ${rootfs_path}/etc/pam.d/common-login
# Allow root to login at virsh console
echo "pts/0" >> ${rootfs_path}/etc/securetty
+echo "console" >> ${rootfs_path}/etc/securetty
chroot ${rootfs_path} chkconfig network on
chroot ${rootfs_path} chkconfig syslogd on
@@ -78,12 +102,17 @@ EOF
chroot ${rootfs_path} chkconfig fbsetfont off
#chroot ${rootfs_path} chkconfig keytable off
-subst 's/^\([0-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab
+echo "c1:2345:respawn:/sbin/mingetty --noclear console" >> ${rootfs_path}/etc/inittab
subst 's,\/dev\/tty12,/var/log/syslog/console,' ${rootfs_path}/etc/syslog.conf
+# touch file for fastboot
+touch ${rootfs_path}/fastboot
+chattr +i ${rootfs_path}/fastboot
+
dev_path="${rootfs_path}/dev"
-rm -rf $dev_path
-mkdir -p $dev_path
+rm -rf ${dev_path}
+mkdir -p ${dev_path}
mknod -m 666 ${dev_path}/null c 1 3
mknod -m 666 ${dev_path}/zero c 1 5
mknod -m 644 ${dev_path}/random c 1 8
@@ -91,15 +120,23 @@ EOF
mkdir -m 755 ${dev_path}/pts
mkdir -m 1777 ${dev_path}/shm
mknod -m 666 ${dev_path}/tty c 5 0
-mknod -m 666 ${dev_path}/tty0 c 4 0
-mknod -m 666 ${dev_path}/tty1 c 4 1
-mknod -m 666 ${dev_path}/tty2 c 4 2
-mknod -m 666 ${dev_path}/tty3 c 4 3
-mknod -m 666 ${dev_path}/tty4 c 4 4
+chown root:tty ${dev_path}/tty
+mknod -m 600 ${dev_path}/tty0 c 4 0
+mknod -m 600 ${dev_path}/tty1 c 4 1
+mknod -m 600 ${dev_path}/tty2 c 4 2
+mknod -m 600 ${dev_path}/tty3 c 4 3
+mknod -m 600 ${dev_path}/tty4 c 4 4
mknod -m 600 ${dev_path}/console c 5 1
mknod -m 666 ${dev_path}/full c 1 7
mknod -m 600 ${dev_path}/initctl p
mknod -m 666 ${dev_path}/ptmx c 5 2
+chown root:tty ${dev_path}/ptmx
+ln -s /proc/self/fd ${dev_path}/fd
+ln -s /proc/kcore ${dev_path}/core
+mkdir -m 755 ${dev_path}/mapper
+mknod -m 600 ${dev_path}/mapper/control c 10 236
+mkdir -m 755 ${dev_path}/net
+mknod -m 666 ${dev_path}/net/tun c 10 200
echo "setting root passwd to $root_password"
echo "root:$root_password" | chroot $rootfs_path chpasswd
@@ -212,8 +249,30 @@ lxc.mount = $config_path/fstab
lxc.network.type = $lxc_network_type
lxc.network.flags = up
lxc.network.link = $lxc_network_link
-lxc.network.name = eth0
+lxc.network.name = veth0
lxc.network.mtu = 1500
+EOF
+if [ ! -z ${ipv4} ]; then
+cat <> $config_path/config
+lxc.network.ipv4 = $ipv4
+EOF
+fi
+if [ ! -z ${gw} ]; then
+cat <> $config_path/config
+lxc.network.ipv4.gateway = $gw
+EOF
+fi
+if [ ! -z ${ipv6} ]; then
+cat <> $config_path/config
+lxc.network.ipv6 = $ipv6
+EOF
+fi
+if [ ! -z ${gw6} ]; then
+cat <> $config_path/config
+lxc.network.ipv6.gateway = $gw6
+EOF
+fi
+cat <> $config_path/config
#cgroups
lxc.cgroup.devices.deny = a
# /dev/null and zero
@@ -230,12 +289,11 @@ lxc.cgroup.devices.allow = c 1:8 rwm
lxc.cgroup.devices.allow = c 136:* rwm
lxc.cgroup.devices.allow = c 5:2 rwm
# rtc
-lx
Re: [lxc-devel] [PATCH] change default path for config files to /etc/lxc
2011/9/27 Greg Kurz :
> On Tue, 2011-09-27 at 14:10 +0200, Frederic Crozat wrote:
>> Le vendredi 26 août 2011 à 16:00 +0400, Alexey Shabalin a écrit :
>> > 2011/8/26 Daniel Lezcano :
>> > > On 08/23/2011 03:56 PM, Alexey Shabalin wrote:
>> > >> Hello.
>> > >> I think the directory /etc better suited for storing configuration
>> > >> files.
>> > >> This patch allows you to specify the location configs as options for
>> > >> ./configure.
>> > >
>> > > Is this patch to store the configuraton files in /etc/lxc and the rootfs
>> > > in /var/lib/lxc ?
>> >
>> > yes.
>> > this patch add new option --with-container-path (default /var/lib/lxc)
>> > and change option --with-config-path (default /etc/lxc).
>> > If you want to use configs in /var/lib/lxc, you can use
>> > --with-config-path=/var/lib/lxc.
>>
>> Any status on this patch ?
>>
>
> I don't have any opinion on this patch, but it's likely to conflict
> with:
>
> http://lxc.git.sourceforge.net/git/gitweb.cgi?p=lxc/lxc;a=commit;h=1c41ddcb4af633ac906f1d7c9ef1dc7d121d7850
>
> I guess it should be rebased and resent.
>
> Cheers.
Update patch.
--
Alexey Shabalin
From f539bfc70955c03e87804de649a01cc94fb3bab8 Mon Sep 17 00:00:00 2001
From: Alexey Shabalin
Date: Tue, 23 Aug 2011 16:35:23 +0300
Subject: [PATCH] - Change --with-config-path in configure for define path for
config files. - Add --with-container-path to configure for
define path for containers repository. Allow install config
files for containers to /etc/lxc dir. For old way you can
use same --with-config-path and --with-container-path.
Conflicts:
configure.ac
src/lxc/lxc-clone.in
templates/lxc-debian.in
templates/lxc-fedora.in
Signed-off-by: Alexey Shabalin
---
configure.ac | 13 ++---
src/lxc/lxc-clone.in | 32 +---
src/lxc/lxc-create.in |8 +---
src/lxc/lxc-destroy.in|6 --
src/lxc/lxc_execute.c |2 +-
src/lxc/lxc_restart.c |2 +-
src/lxc/lxc_start.c |2 +-
templates/lxc-busybox.in | 11 ++-
templates/lxc-debian.in | 11 ++-
templates/lxc-fedora.in |5 +++--
templates/lxc-lenny.in|7 ---
templates/lxc-opensuse.in | 11 ++-
templates/lxc-sshd.in |9 +
templates/lxc-ubuntu.in | 11 ++-
14 files changed, 75 insertions(+), 55 deletions(-)
diff --git a/configure.ac b/configure.ac
index 6fa8c4a..c6e35b2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -49,8 +49,14 @@ AS_AC_EXPAND(DOCDIR, $docdir)
AC_ARG_WITH([config-path],
[AC_HELP_STRING(
[--with-config-path=dir],
- [lxc configuration repository path]
- )], [], [with_config_path=['${localstatedir}/lib/lxc']])
+ [lxc configuration files path]
+ )], [], [with_config_path="${sysconfdir}/lxc"])
+
+AC_ARG_WITH([container-path],
+ [AC_HELP_STRING(
+ [--with-container-path=dir],
+ [lxc containers repository path]
+ )], [], [with_container_path="${localstatedir}/lib/lxc"])
AC_ARG_WITH([rootfs-path],
[AC_HELP_STRING(
@@ -60,7 +66,8 @@ AC_ARG_WITH([rootfs-path],
AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)")
-AC_SUBST(LXCPATH, "${with_config_path}")
+AC_SUBST(LXCETCPATH, "${with_config_path}")
+AC_SUBST(LXCPATH, "${with_container_path}")
AC_SUBST(LXCROOTFSMOUNT, "${with_rootfs_path}")
AC_SUBST(LXCINITDIR, ['${libdir}/lxc'])
AC_SUBST(LXCTEMPLATEDIR, ['${libdir}/lxc/templates'])
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
index 657486d..e3ce836 100644
--- a/src/lxc/lxc-clone.in
+++ b/src/lxc/lxc-clone.in
@@ -42,7 +42,8 @@ help() {
shortoptions='ho:n:sL:v:p:t:'
longoptions='help,orig:,name:,snapshot,fssize:,vgname:,lvprefix:,fstype:'
-lxc_path=/var/lib/lxc
+lxc_path=@LXCPATH@
+config_path=@LXCETCPATH@
bindir=/usr/bin
snapshot=no
lxc_size=2G
@@ -137,12 +138,12 @@ if [ ! -r $lxc_path ]; then
exit 1
fi
-if [ ! -d "$lxc_path/$lxc_orig" ]; then
+if [ ! -d "$lxc_path/$lxc_orig" -o ! -f "$config_path/$lxc_orig/config" ]; then
echo "'$lxc_orig' does not exist"
exit 1
fi
-if [ -d "$lxc_path/$lxc_new" ]; then
+if [ -d "$lxc_path/$lxc_new" -o -f "$config_path/$lxc_new/config" ]; then
echo "'$lxc_new' already exists"
exit 1
fi
@@ -150,19 +151,20 @@ fi
trap "${bindir}/lxc-destroy -n $lxc_new; echo aborted; exit 1" SIGHUP SIGINT SIGTERM
mkdir -p $lxc_path/$lxc_new
+mkdir -p $config_path/$lxc_new
hostname=$lxc_new
echo "Tweaking configuration"
-cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config
-sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config
-echo "lxc.utsname = $hostname" >> $lxc_path/$lxc_new/config
+cp $config_path/$lxc_orig/config $config_path/$lxc_new/config
+sed -i '/lxc.utsname/d' $config_path/$lxc_new/config
+echo "lxc.utsname = $hostname" >> $config_path/$lxc_new/config
-grep "lxc.mount =" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; }
+grep "lxc.mount =" $conf
