Re: [lxc-devel] [PATCH 2/2] templates: use hardlink detection in rsync
On Mon, 3 Dec 2012 21:25:00 -0600 Serge Hallyn wrote: > Quoting Michael H. Warfield (m...@wittsend.com): > > On Mon, 2012-12-03 at 20:43 -0600, Serge Hallyn wrote: > > > A-ha, actually busybox cp does not support -T, at least here on > > > ubuntu 12.10. So should we go with rsync -ah after all since > > > it's more likely they'll install rsync next to busybox? Or is > > > that not actually likely? > > > > rsync -aH > > Heh, yeah, my patch did have it right in my defense :) > > > Capitalization is critical here. > > > > Option -x (do not cross devices) is not the same as -X (extendended > > attributes). > > > > > -serge > > > > I would like to know where rsync is not available. If rsync is > > In an ultra-minimal busybox based system? > > not sure... > > > available then "rsync -H" is available. > > > > That is my concern with busybox. They are very POSIX compliant and > > I'm not sure this is a POSIX feature. I run into this all the time > > in Android and TinyCore (I've had to recode things to run under > > busybox ash shell under TinyCore). I trust rsync better than cp in > > differing environments for that very reason. I know what rsync > > will support (if it's there). I don't always know what options cp > > will support. > > Ok, so let's stick with my original 2 patches (top of this thread). > > Objections? (Acks?) > > -serge Ack: Dwight Engen Want me to add rsync as a run time dependency in the lxc.spec.in file? -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH RFC] lxc_conf logfile and loglevel support
On 12/03/2012 08:41 PM, Serge Hallyn wrote:
> Add 'lxc.logfile' and 'lxc.loglevel' config items. Values provided on
> the command line override the config items.
>
> Have lxccontainer not set a default loglevel and logfile.
>
> Signed-off-by: Serge Hallyn
Haven't tested it but the code matches what I think we should be doing.
Acked-by: Stéphane Graber
> ---
> src/lxc/conf.c |3 +++
> src/lxc/conf.h |3 +++
> src/lxc/confile.c | 58
> +++-
> src/lxc/log.c | 38 +++
> src/lxc/log.h |4 +++-
> src/lxc/lxccontainer.c |2 +-
> 6 files changed, 105 insertions(+), 3 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 65e19a9..79d96d7 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1877,6 +1877,7 @@ struct lxc_conf *lxc_conf_init(void)
> new->console.slave = -1;
> new->console.name[0] = '\0';
> new->rootfs.mount = default_rootfs_mount;
> + new->loglevel = LXC_LOG_PRIORITY_NOTSET;
> lxc_list_init(&new->cgroup);
> lxc_list_init(&new->network);
> lxc_list_init(&new->mount_list);
> @@ -2725,6 +2726,8 @@ void lxc_conf_free(struct lxc_conf *conf)
> free(conf->ttydir);
> if (conf->fstab)
> free(conf->fstab);
> + if (conf->logfile)
> + free(conf->logfile);
> lxc_clear_config_network(conf);
> #if HAVE_APPARMOR
> if (conf->aa_profile)
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 535823d..694bce4 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -232,6 +232,9 @@ struct lxc_conf {
> #if HAVE_APPARMOR
> char *aa_profile;
> #endif
> + char *logfile;
> + int loglevel;
> +
> #if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
> int lsm_umount_proc;
> #endif
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index bc55f8c..a64ae09 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -55,6 +55,8 @@ static int config_ttydir(const char *, const char *, struct
> lxc_conf *);
> static int config_aa_profile(const char *, const char *, struct lxc_conf *);
> #endif
> static int config_cgroup(const char *, const char *, struct lxc_conf *);
> +static int config_loglevel(const char *, const char *, struct lxc_conf *);
> +static int config_logfile(const char *, const char *, struct lxc_conf *);
> static int config_mount(const char *, const char *, struct lxc_conf *);
> static int config_rootfs(const char *, const char *, struct lxc_conf *);
> static int config_rootfs_mount(const char *, const char *, struct lxc_conf
> *);
> @@ -92,6 +94,8 @@ static struct lxc_config_t config[] = {
> { "lxc.aa_profile",config_aa_profile },
> #endif
> { "lxc.cgroup", config_cgroup },
> + { "lxc.loglevel", config_loglevel },
> + { "lxc.logfile", config_logfile },
> { "lxc.mount",config_mount},
> { "lxc.rootfs.mount", config_rootfs_mount },
> { "lxc.rootfs", config_rootfs },
> @@ -903,6 +907,51 @@ static int config_aa_profile(const char *key, const char
> *value,
> }
> #endif
>
> +static int config_logfile(const char *key, const char *value,
> + struct lxc_conf *lxc_conf)
> +{
> + char *path;
> +
> + // if given a blank entry, null out any previous entries.
> + if (!value || strlen(value) == 0) {
> + if (lxc_conf->logfile) {
> + free(lxc_conf->logfile);
> + lxc_conf->logfile = NULL;
> + }
> + return 0;
> + }
> +
> + path = strdup(value);
> + if (!path) {
> + SYSERROR("failed to strdup '%s': %m", value);
> + return -1;
> + }
> +
> + if (lxc_log_set_file(path)) {
> + free(path);
> + return -1;
> + }
> +
> + if (lxc_conf->logfile)
> + free(lxc_conf->logfile);
> + lxc_conf->logfile = path;
> +
> + return 0;
> +}
> +
> +static int config_loglevel(const char *key, const char *value,
> + struct lxc_conf *lxc_conf)
> +{
> + if (!value || strlen(value) == 0)
> + return 0;
> +
> + if (value[0] >= '0' && value[0] <= '9')
> + lxc_conf->loglevel = atoi(value);
> + else
> + lxc_conf->loglevel = lxc_log_priority_to_int(value);
> + return lxc_log_set_level(lxc_conf->loglevel);
> +}
> +
> static int config_autodev(const char *key, const char *value,
> struct lxc_conf *lxc_conf)
> {
> @@ -1526,7 +1575,7 @@ static int lxc_get_item_network(struct lxc_conf *c,
> char *retv, int inlen)
> int lxc_get_config_item(struct lxc_conf *c, const char *key, char *retv,
> int inlen)
> {
> - char *v = NULL;
> +
[lxc-devel] [PATCH] Install legacy scripts when built without python.
Re-introduce the old lxc-ls script and manpage under a new legacy sub-directory. Those will be installed in place of their python equivalent when LXC is built without --enable-python. Any other script ported to python should be added to those lists. Signed-off-by: Stéphane Graber --- .gitignore| 1 + configure.ac | 2 + doc/Makefile.am | 9 ++- doc/legacy/lxc-ls.sgml.in | 156 ++ src/lxc/Makefile.am | 2 + src/lxc/legacy/lxc-ls.in | 94 6 files changed, 263 insertions(+), 1 deletion(-) create mode 100644 doc/legacy/lxc-ls.sgml.in create mode 100644 src/lxc/legacy/lxc-ls.in diff --git a/.gitignore b/.gitignore index 76c9533..79dd77a 100644 --- a/.gitignore +++ b/.gitignore @@ -64,6 +64,7 @@ src/lxc/lxc-unfreeze src/lxc/lxc-unshare src/lxc/lxc-version src/lxc/lxc-wait +src/lxc/legacy/lxc-ls src/python-lxc/lxc/__pycache__/ diff --git a/configure.ac b/configure.ac index b73e07b..626d202 100644 --- a/configure.ac +++ b/configure.ac @@ -229,6 +229,7 @@ AC_CONFIG_FILES([ doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml + doc/legacy/lxc-ls.sgml doc/rootfs/Makefile @@ -266,6 +267,7 @@ AC_CONFIG_FILES([ src/lxc/lxc-shutdown src/lxc/lxc-start-ephemeral src/lxc/lxc-destroy + src/lxc/legacy/lxc-ls src/python-lxc/Makefile diff --git a/doc/Makefile.am b/doc/Makefile.am index 1617186..86de2fe 100644 --- a/doc/Makefile.am +++ b/doc/Makefile.am @@ -19,7 +19,6 @@ man_MANS = \ lxc-unfreeze.1 \ lxc-monitor.1 \ lxc-wait.1 \ - lxc-ls.1 \ lxc-ps.1 \ lxc-cgroup.1 \ lxc-kill.1 \ @@ -29,15 +28,23 @@ man_MANS = \ \ lxc.7 +if ENABLE_PYTHON +man_MANS += lxc-ls.1 +else +man_MANS += legacy/lxc-ls.1 +endif %.1 : %.sgml $(db2xman) $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true %.5 : %.sgml $(db2xman) $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true %.7 : %.sgml $(db2xman) $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true lxc-%.sgml : common_options.sgml see_also.sgml diff --git a/doc/legacy/lxc-ls.sgml.in b/doc/legacy/lxc-ls.sgml.in new file mode 100644 index 000..c04a4a4 --- /dev/null +++ b/doc/legacy/lxc-ls.sgml.in @@ -0,0 +1,156 @@ + + + +http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [ + + +]> + + + + @LXC_GENERATE_DATE@ + + +lxc-ls +1 + + + +lxc-ls + + + list the containers existing on the system + + + + + + lxc-ls + --active + ls option + + + + +Description + + lxc-ls list the containers existing on the + system. + + + + +Options + + + + + --active + + + + List active containers. + + + + + + + ls options + + + + The option passed to lxc-ls are the + same as the ls command. + + + + + + + + + +Examples + + + lxc-ls -l + + + list all the container and their permissions. + + + + + + lxc-ls --active -1 + + + list active containers and display the list in one column. + + + + + + + + +See Also + + + + ls + 1 + , + + + + + &seealso; + + +Author +Daniel Lezcano daniel.lezc...@free.fr + + + + + diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am index de227c7..bf675f9 100644 --- a/src/lxc/Makefile.am +++ b/src/lxc/Makefile.am @@ -100,6 +100,8 @@ if ENABLE_PYTHON bin_SCRIPTS += lxc-device bin_SCRIPTS += lxc-ls bin_SCRIPTS += lxc-start-ephemeral +else +bin_SCRIPTS += legacy/lxc-ls endif bin_PROGRAMS = \ diff --git a/src/lxc/legacy/lxc-ls.in b/src/lxc/legacy/lxc-ls.in new file mode 100644 index 000..f26572d --- /dev/null +++ b/src/lxc/legacy/lxc-ls.in @@ -0,0 +1,94 @@ +#!/bin/bash + +# +# lxc: linux Container library + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-13
Re: [lxc-devel] [PATCH 2/2] templates: use hardlink detection in rsync
Quoting Dwight Engen (dwight.en...@oracle.com): > On Mon, 3 Dec 2012 21:25:00 -0600 > Serge Hallyn wrote: > > > Quoting Michael H. Warfield (m...@wittsend.com): > > > On Mon, 2012-12-03 at 20:43 -0600, Serge Hallyn wrote: > > > > A-ha, actually busybox cp does not support -T, at least here on > > > > ubuntu 12.10. So should we go with rsync -ah after all since > > > > it's more likely they'll install rsync next to busybox? Or is > > > > that not actually likely? > > > > > > rsync -aH > > > > Heh, yeah, my patch did have it right in my defense :) > > > > > Capitalization is critical here. > > > > > > Option -x (do not cross devices) is not the same as -X (extendended > > > attributes). > > > > > > > -serge > > > > > > I would like to know where rsync is not available. If rsync is > > > > In an ultra-minimal busybox based system? > > > > not sure... > > > > > available then "rsync -H" is available. > > > > > > That is my concern with busybox. They are very POSIX compliant and > > > I'm not sure this is a POSIX feature. I run into this all the time > > > in Android and TinyCore (I've had to recode things to run under > > > busybox ash shell under TinyCore). I trust rsync better than cp in > > > differing environments for that very reason. I know what rsync > > > will support (if it's there). I don't always know what options cp > > > will support. > > > > Ok, so let's stick with my original 2 patches (top of this thread). > > > > Objections? (Acks?) > > > > -serge > > Ack: Dwight Engen > > Want me to add rsync as a run time dependency in the lxc.spec.in > file? Thanks, that would be great. (two patches as is, with acks added, pushed to staging) -serge -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Install legacy scripts when built without python.
Quoting Stéphane Graber (stgra...@ubuntu.com): > Re-introduce the old lxc-ls script and manpage under a new legacy > sub-directory. > > Those will be installed in place of their python equivalent when LXC > is built without --enable-python. > > Any other script ported to python should be added to those lists. > > Signed-off-by: Stéphane Graber Acked-by: Serge E. Hallyn thanks, -serge -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH RFC] lxc_conf logfile and loglevel support
Quoting Stéphane Graber (stgra...@ubuntu.com): > On 12/03/2012 08:41 PM, Serge Hallyn wrote: > > Add 'lxc.logfile' and 'lxc.loglevel' config items. Values provided on > > the command line override the config items. > > > > Have lxccontainer not set a default loglevel and logfile. > > > > Signed-off-by: Serge Hallyn > > Haven't tested it but the code matches what I think we should be doing. > > Acked-by: Stéphane Graber Thanks, pushed to staging. -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] rename physical nics at shutdown
When a physical nic is being set up, store its ifindex and original name
in struct lxc_conf. At reboot, reset the original name.
We can't just go over the original network list in lxc_conf at shutdown
because that may be tweaked in the meantime through the C api. The
saved_nics list is only setup during lxc_spawn(), and restored and
freed after lxc_start.
Without this patch, if you take a container with physical nic eth1
renamed to eth0, start it, shut it down, and restart it, the last
restart will fail.
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1086244
Reported-by: Avijit Ghosh
Signed-off-by: Serge Hallyn
---
src/lxc/conf.c| 28
src/lxc/conf.h|9 +
src/lxc/execute.c |6 --
src/lxc/start.c | 38 ++
4 files changed, 79 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 79d96d7..45e0b31 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1821,6 +1821,21 @@ static int setup_network(struct lxc_list *network)
return 0;
}
+void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf)
+{
+ int i;
+
+ INFO("running to reset %d nic names", conf->num_savednics);
+ for (i=0; inum_savednics; i++) {
+ struct saved_nic *s = &conf->saved_nics[i];
+ INFO("resetting nic %d to %s\n", s->ifindex, s->orig_name);
+ lxc_netdev_rename_by_index(s->ifindex, s->orig_name);
+ free(s->orig_name);
+ }
+ conf->num_savednics = 0;
+ free(conf->saved_nics);
+}
+
static int setup_private_host_hw_addr(char *veth1)
{
struct ifreq ifr;
@@ -2710,6 +2725,18 @@ int lxc_clear_hooks(struct lxc_conf *c, const char *key)
return 0;
}
+void lxc_clear_saved_nics(struct lxc_conf *conf)
+{
+ int i;
+
+ if (!conf->num_savednics)
+ return;
+ for (i=0; i < conf->num_savednics; i++)
+ free(conf->saved_nics[i].orig_name);
+ conf->saved_nics = 0;
+ free(conf->saved_nics);
+}
+
void lxc_conf_free(struct lxc_conf *conf)
{
if (!conf)
@@ -2737,5 +2764,6 @@ void lxc_conf_free(struct lxc_conf *conf)
lxc_clear_cgroups(conf, "lxc.cgroup");
lxc_clear_hooks(conf, "lxc.hook");
lxc_clear_mount_entries(conf);
+ lxc_clear_saved_nics(conf);
free(conf);
}
diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index 694bce4..3f6181f 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -211,6 +211,11 @@ enum lxchooks {
LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
extern char *lxchook_names[NUM_LXC_HOOKS];
+struct saved_nic {
+ int ifindex;
+ char *orig_name;
+};
+
struct lxc_conf {
char *fstab;
int tty;
@@ -221,6 +226,8 @@ struct lxc_conf {
struct utsname *utsname;
struct lxc_list cgroup;
struct lxc_list network;
+ struct saved_nic *saved_nics;
+ int num_savednics;
struct lxc_list mount_list;
struct lxc_list caps;
struct lxc_tty_info tty_info;
@@ -273,4 +280,6 @@ extern int lxc_clear_hooks(struct lxc_conf *c, const char
*key);
*/
extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);
+
+extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
#endif
diff --git a/src/lxc/execute.c b/src/lxc/execute.c
index 487765f..730b793 100644
--- a/src/lxc/execute.c
+++ b/src/lxc/execute.c
@@ -27,7 +27,6 @@
#include
#include
-
#include "log.h"
#include "start.h"
@@ -134,9 +133,12 @@ int lxc_execute(const char *name, char *const argv[], int
quiet,
.argv = argv,
.quiet = quiet
};
+ int ret;
if (lxc_check_inherited(conf, -1))
return -1;
- return __lxc_start(name, conf, &execute_start_ops, &args);
+ ret = __lxc_start(name, conf, &execute_start_ops, &args);
+
+ return ret;
}
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 3e26b27..7320d74 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -579,6 +579,37 @@ out_warn_father:
return -1;
}
+int save_phys_nics(struct lxc_conf *conf)
+{
+ struct lxc_list *iterator;
+
+ lxc_list_for_each(iterator, &conf->network) {
+ struct lxc_netdev *netdev = iterator->elem;
+
+ if (netdev->type != LXC_NET_PHYS)
+ continue;
+ conf->saved_nics = realloc(conf->saved_nics,
+ (conf->num_savednics+1)*sizeof(struct
saved_nic));
+ if (!conf->saved_nics) {
+ SYSERROR("failed to allocate memory");
+ return -1;
+ }
+ conf->saved_nics[conf->num_savednics].ifindex = netdev->ifindex;
+ conf->saved_nics[conf->num_savednics].orig_name =
strdup(netdev->link);
+ if (!conf->saved_nics[conf->num_savednics].orig_name) {
+ SYSERROR("failed
Re: [lxc-devel] [PATCH] Rewrite lxc-ls in python
On 12/03/2012 09:01 PM, Serge Hallyn wrote: > Quoting Stéphane Graber (stgra...@ubuntu.com): >> This rewrite is mostly compatible with the shell version. >> --active and -1 still work and behave as they used to. >> >> This adds --running, --stopped and --frozen as state filters. >> >> A new "fancy" view is also implemented (can be used with --fancy) and >> will show containers in a column-based interface with the following fields: >> - name >> - state >> - ipv4 >> - ipv6 >> - pid of init >> >> Signed-off-by: Stéphane Graber > > modulo the conf magic to install the sh version if python is not > supported, > > Acked-by: Serge E. Hallyn > > thanks, > -serge Applied to staging. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: OpenPGP digital signature -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] Install legacy scripts when built without python.
On 12/04/2012 12:35 PM, Serge Hallyn wrote: > Quoting Stéphane Graber (stgra...@ubuntu.com): >> Re-introduce the old lxc-ls script and manpage under a new legacy >> sub-directory. >> >> Those will be installed in place of their python equivalent when LXC >> is built without --enable-python. >> >> Any other script ported to python should be added to those lists. >> >> Signed-off-by: Stéphane Graber > > Acked-by: Serge E. Hallyn > > thanks, > -serge Applied to staging. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: OpenPGP digital signature -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] rename physical nics at shutdown
On 12/04/2012 01:19 PM, Serge Hallyn wrote:
> When a physical nic is being set up, store its ifindex and original name
> in struct lxc_conf. At reboot, reset the original name.
> We can't just go over the original network list in lxc_conf at shutdown
> because that may be tweaked in the meantime through the C api. The
> saved_nics list is only setup during lxc_spawn(), and restored and
> freed after lxc_start.
>
> Without this patch, if you take a container with physical nic eth1
> renamed to eth0, start it, shut it down, and restart it, the last
> restart will fail.
>
> Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1086244
>
> Reported-by: Avijit Ghosh
> Signed-off-by: Serge Hallyn
Just one comment below, but looks good.
Acked-by: Stéphane Graber
> ---
> src/lxc/conf.c| 28
> src/lxc/conf.h|9 +
> src/lxc/execute.c |6 --
> src/lxc/start.c | 38 ++
> 4 files changed, 79 insertions(+), 2 deletions(-)
>
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 79d96d7..45e0b31 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1821,6 +1821,21 @@ static int setup_network(struct lxc_list *network)
> return 0;
> }
>
> +void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf)
> +{
> + int i;
> +
> + INFO("running to reset %d nic names", conf->num_savednics);
> + for (i=0; inum_savednics; i++) {
> + struct saved_nic *s = &conf->saved_nics[i];
> + INFO("resetting nic %d to %s\n", s->ifindex, s->orig_name);
> + lxc_netdev_rename_by_index(s->ifindex, s->orig_name);
> + free(s->orig_name);
> + }
> + conf->num_savednics = 0;
> + free(conf->saved_nics);
> +}
> +
> static int setup_private_host_hw_addr(char *veth1)
> {
> struct ifreq ifr;
> @@ -2710,6 +2725,18 @@ int lxc_clear_hooks(struct lxc_conf *c, const char
> *key)
> return 0;
> }
>
> +void lxc_clear_saved_nics(struct lxc_conf *conf)
> +{
> + int i;
> +
> + if (!conf->num_savednics)
> + return;
> + for (i=0; i < conf->num_savednics; i++)
> + free(conf->saved_nics[i].orig_name);
> + conf->saved_nics = 0;
> + free(conf->saved_nics);
> +}
> +
> void lxc_conf_free(struct lxc_conf *conf)
> {
> if (!conf)
> @@ -2737,5 +2764,6 @@ void lxc_conf_free(struct lxc_conf *conf)
> lxc_clear_cgroups(conf, "lxc.cgroup");
> lxc_clear_hooks(conf, "lxc.hook");
> lxc_clear_mount_entries(conf);
> + lxc_clear_saved_nics(conf);
> free(conf);
> }
> diff --git a/src/lxc/conf.h b/src/lxc/conf.h
> index 694bce4..3f6181f 100644
> --- a/src/lxc/conf.h
> +++ b/src/lxc/conf.h
> @@ -211,6 +211,11 @@ enum lxchooks {
> LXCHOOK_POSTSTOP, NUM_LXC_HOOKS};
> extern char *lxchook_names[NUM_LXC_HOOKS];
>
> +struct saved_nic {
> + int ifindex;
> + char *orig_name;
> +};
> +
> struct lxc_conf {
> char *fstab;
> int tty;
> @@ -221,6 +226,8 @@ struct lxc_conf {
> struct utsname *utsname;
> struct lxc_list cgroup;
> struct lxc_list network;
> + struct saved_nic *saved_nics;
> + int num_savednics;
> struct lxc_list mount_list;
> struct lxc_list caps;
> struct lxc_tty_info tty_info;
> @@ -273,4 +280,6 @@ extern int lxc_clear_hooks(struct lxc_conf *c, const char
> *key);
> */
>
> extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);
> +
> +extern void lxc_rename_phys_nics_on_shutdown(struct lxc_conf *conf);
> #endif
> diff --git a/src/lxc/execute.c b/src/lxc/execute.c
> index 487765f..730b793 100644
> --- a/src/lxc/execute.c
> +++ b/src/lxc/execute.c
> @@ -27,7 +27,6 @@
> #include
> #include
>
> -
> #include "log.h"
> #include "start.h"
>
> @@ -134,9 +133,12 @@ int lxc_execute(const char *name, char *const argv[],
> int quiet,
> .argv = argv,
> .quiet = quiet
> };
> + int ret;
>
> if (lxc_check_inherited(conf, -1))
> return -1;
>
> - return __lxc_start(name, conf, &execute_start_ops, &args);
> + ret = __lxc_start(name, conf, &execute_start_ops, &args);
> +
> + return ret;
> }
What's the reason for that bit? Looks to me as functionally identical.
> diff --git a/src/lxc/start.c b/src/lxc/start.c
> index 3e26b27..7320d74 100644
> --- a/src/lxc/start.c
> +++ b/src/lxc/start.c
> @@ -579,6 +579,37 @@ out_warn_father:
> return -1;
> }
>
> +int save_phys_nics(struct lxc_conf *conf)
> +{
> + struct lxc_list *iterator;
> +
> + lxc_list_for_each(iterator, &conf->network) {
> + struct lxc_netdev *netdev = iterator->elem;
> +
> + if (netdev->type != LXC_NET_PHYS)
> + continue;
> + conf->saved_nics = realloc(conf->saved_nics,
> + (conf->num_savednics+1)*sizeof(struct
> saved_nic));
> + if (!conf->saved_nics) {
> +
Re: [lxc-devel] [PATCH] rename physical nics at shutdown
Quoting Stéphane Graber (stgra...@ubuntu.com): > > @@ -134,9 +133,12 @@ int lxc_execute(const char *name, char *const argv[], > > int quiet, > > .argv = argv, > > .quiet = quiet > > }; > > + int ret; > > > > if (lxc_check_inherited(conf, -1)) > > return -1; > > > > - return __lxc_start(name, conf, &execute_start_ops, &args); > > + ret = __lxc_start(name, conf, &execute_start_ops, &args); > > + > > + return ret; > > } > > What's the reason for that bit? Looks to me as functionally identical. D'oh - good catch. The reason for it was that at first I had the rename_phys_on_shutdown in the lxc_start callers, not in __lxc_start itself. I moved it right at the end, but forgot about this now- unneeded bit. thanks, -serge -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] make install should create $LXCPATH directory
On 11/29/2012 04:24 PM, Dwight Engen wrote:
> The $LXCPATH (default /var/lib/lxc) directory was not being created by
> make install, so unless it gets created by some other means
> (packaging tools), commands such as lxc-create will fail.
>
> Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber
Applied to staging.
> ---
> Makefile.am | 3 +++
> lxc.spec.in | 1 +
> 2 files changed, 4 insertions(+)
>
> diff --git a/Makefile.am b/Makefile.am
> index f99ad1c..863f8fd 100644
> --- a/Makefile.am
> +++ b/Makefile.am
> @@ -9,6 +9,9 @@ EXTRA_DIST = autogen.sh lxc.spec CONTRIBUTING MAINTAINERS
> ChangeLog
> pcdatadir = $(libdir)/pkgconfig
> pcdata_DATA = lxc.pc
>
> +install-data-local:
> + $(MKDIR_P) $(DESTDIR)$(LXCPATH)
> +
> ChangeLog::
> @touch ChangeLog
>
> diff --git a/lxc.spec.in b/lxc.spec.in
> index 3f4d5b6..bc69d68 100644
> --- a/lxc.spec.in
> +++ b/lxc.spec.in
> @@ -97,6 +97,7 @@ rm -rf %{buildroot}
> %defattr(-,root,root)
> %{_libdir}/*.so.*
> %{_libdir}/%{name}
> +@LXCPATH@
> %attr(4555,root,root) %{_libexecdir}/%{name}/lxc-init
>
> %files devel
>
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 3/3] lxc-device: Show an error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc-device | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/lxc/lxc-device b/src/lxc/lxc-device
index 6c91e67..467df17 100644
--- a/src/lxc/lxc-device
+++ b/src/lxc/lxc-device
@@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't
yet stable")
import argparse
import gettext
import lxc
+import os
import sys
_ = gettext.gettext
@@ -49,6 +50,11 @@ parser.add_argument("--add", action="append", default=[],
metavar="DEVICE",
args = parser.parse_args()
+# The user needs to be uid 0
+if not os.geteuid() == 0:
+parser.error(_("You must be root to run this script. Try running: sudo %s"
+ % (sys.argv[0])))
+
container = lxc.Container(args.container)
if not container.running:
print("The container must be running.")
--
1.8.0
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root
Instead of returning a python stacktrace, check what the current euid is
and show an argparse error message similar to that used in lxc-start-ephemeral.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc-ls | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
index 8a1d1ed..2ad1f7f 100644
--- a/src/lxc/lxc-ls
+++ b/src/lxc/lxc-ls
@@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't
yet stable")
import argparse
import gettext
import lxc
+import os
import re
import sys
@@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER', type=str,
nargs="?",
args = parser.parse_args()
+# Basic checks
+## The user needs to be uid 0
+if not os.geteuid() == 0:
+parser.error(_("You must be root to run this script. Try running: sudo %s"
+ % (sys.argv[0])))
+
# --active is the same as --running --frozen
if args.active:
if not args.state:
--
1.8.0
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 0/3] Make python scripts deal better when non-root
The LXC API currently doesn't work terribly well when the user isn't root for a variety of reasons. The python binding therfore immediately returns an exception if a non-root user tries to access a container object (as the C calls would fail anyway). These commits update the various python scripts to check whether the user is root before invoking the python module so that we can return a nicer error message to the user, suggesting the use of sudo to run the script as root. Stéphane Graber (3): lxc-start-ephemeral: Use argparse errors lxc-ls: Show a simple error message when non-root lxc-device: Show an error message when non-root src/lxc/lxc-device | 6 ++ src/lxc/lxc-ls | 7 +++ src/lxc/lxc-start-ephemeral.in | 11 --- 3 files changed, 17 insertions(+), 7 deletions(-) -- 1.8.0 -- LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial Remotely access PCs and mobile devices and provide instant support Improve your efficiency, and focus on delivering more value-add services Discover what IT Professionals Know. Rescue delivers http://p.sf.net/sfu/logmein_12329d2d ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/3] lxc-start-ephemeral: Use argparse errors
Use argparse's error function instead of our own print + exit.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc-start-ephemeral.in | 11 ---
1 file changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
index ccf6059..e11919f 100644
--- a/src/lxc/lxc-start-ephemeral.in
+++ b/src/lxc/lxc-start-ephemeral.in
@@ -96,20 +96,17 @@ args = parser.parse_args()
# Basic requirements check
## Check that -d and CMD aren't used at the same time
if args.command and args.daemon:
-print(_("You can't use -d and a command at the same time."))
-sys.exit(1)
+parser.error(_("You can't use -d and a command at the same time."))
## The user needs to be uid 0
if not os.geteuid() == 0:
-print(_("You must be root to run this script. Try running: sudo %s" %
-(sys.argv[0])))
-sys.exit(1)
+parser.error(_("You must be root to run this script. Try running: sudo %s"
+ % (sys.argv[0])))
# Load the orig container
orig = lxc.Container(args.orig)
if not orig.defined:
-print(_("Source container '%s' doesn't exist." % args.orig))
-sys.exit(1)
+parser.error(_("Source container '%s' doesn't exist." % args.orig))
# Create the new container paths
dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir="@LXCPATH@")
--
1.8.0
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/3] lxc-start-ephemeral: Use argparse errors
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Use argparse's error function instead of our own print + exit.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxc-start-ephemeral.in | 11 ---
> 1 file changed, 4 insertions(+), 7 deletions(-)
>
> diff --git a/src/lxc/lxc-start-ephemeral.in b/src/lxc/lxc-start-ephemeral.in
> index ccf6059..e11919f 100644
> --- a/src/lxc/lxc-start-ephemeral.in
> +++ b/src/lxc/lxc-start-ephemeral.in
> @@ -96,20 +96,17 @@ args = parser.parse_args()
> # Basic requirements check
> ## Check that -d and CMD aren't used at the same time
> if args.command and args.daemon:
> -print(_("You can't use -d and a command at the same time."))
> -sys.exit(1)
> +parser.error(_("You can't use -d and a command at the same time."))
>
> ## The user needs to be uid 0
> if not os.geteuid() == 0:
> -print(_("You must be root to run this script. Try running: sudo %s" %
> -(sys.argv[0])))
> -sys.exit(1)
> +parser.error(_("You must be root to run this script. Try running: sudo
> %s"
> + % (sys.argv[0])))
>
> # Load the orig container
> orig = lxc.Container(args.orig)
> if not orig.defined:
> -print(_("Source container '%s' doesn't exist." % args.orig))
> -sys.exit(1)
> +parser.error(_("Source container '%s' doesn't exist." % args.orig))
>
> # Create the new container paths
> dest_path = tempfile.mkdtemp(prefix="%s-" % args.orig, dir="@LXCPATH@")
> --
> 1.8.0
>
>
> --
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Instead of returning a python stacktrace, check what the current euid is
> and show an argparse error message similar to that used in
> lxc-start-ephemeral.
>
> Signed-off-by: Stéphane Graber
Wait, you must be root to call lxc-ls at all?
> ---
> src/lxc/lxc-ls | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
> index 8a1d1ed..2ad1f7f 100644
> --- a/src/lxc/lxc-ls
> +++ b/src/lxc/lxc-ls
> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't
> yet stable")
> import argparse
> import gettext
> import lxc
> +import os
> import re
> import sys
>
> @@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER',
> type=str, nargs="?",
>
> args = parser.parse_args()
>
> +# Basic checks
> +## The user needs to be uid 0
> +if not os.geteuid() == 0:
> +parser.error(_("You must be root to run this script. Try running: sudo
> %s"
> + % (sys.argv[0])))
> +
> # --active is the same as --running --frozen
> if args.active:
> if not args.state:
> --
> 1.8.0
>
>
> --
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 3/3] lxc-device: Show an error message when non-root
Quoting Stéphane Graber (stgra...@ubuntu.com):
> Instead of returning a python stacktrace, check what the current euid is
> and show an argparse error message similar to that used in
> lxc-start-ephemeral.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxc-device | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/lxc/lxc-device b/src/lxc/lxc-device
> index 6c91e67..467df17 100644
> --- a/src/lxc/lxc-device
> +++ b/src/lxc/lxc-device
> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API isn't
> yet stable")
> import argparse
> import gettext
> import lxc
> +import os
> import sys
>
> _ = gettext.gettext
> @@ -49,6 +50,11 @@ parser.add_argument("--add", action="append", default=[],
> metavar="DEVICE",
>
> args = parser.parse_args()
>
> +# The user needs to be uid 0
> +if not os.geteuid() == 0:
> +parser.error(_("You must be root to run this script. Try running: sudo
> %s"
> + % (sys.argv[0])))
> +
> container = lxc.Container(args.container)
> if not container.running:
> print("The container must be running.")
> --
> 1.8.0
>
>
> --
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root
On 12/04/2012 04:34 PM, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
>> Instead of returning a python stacktrace, check what the current euid is
>> and show an argparse error message similar to that used in
>> lxc-start-ephemeral.
>>
>> Signed-off-by: Stéphane Graber
>
> Wait, you must be root to call lxc-ls at all?
To be able to grab the state of the container, yes.
In the past anyone could run lxc-ls but the result would vary depending
on whether you were root or not as the active container list would
always be empty if non-root.
I'll put on my todo to see if I can change the code slightly so that I
don't use as_object when getting a simple list of all containers so that
unprivileged user can get the list as long as they don't need any status
information.
With that change, "lxc-ls" would work unprivileged but any of the other
options would required root.
>> ---
>> src/lxc/lxc-ls | 7 +++
>> 1 file changed, 7 insertions(+)
>>
>> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
>> index 8a1d1ed..2ad1f7f 100644
>> --- a/src/lxc/lxc-ls
>> +++ b/src/lxc/lxc-ls
>> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API
>> isn't yet stable")
>> import argparse
>> import gettext
>> import lxc
>> +import os
>> import re
>> import sys
>>
>> @@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER',
>> type=str, nargs="?",
>>
>> args = parser.parse_args()
>>
>> +# Basic checks
>> +## The user needs to be uid 0
>> +if not os.geteuid() == 0:
>> +parser.error(_("You must be root to run this script. Try running: sudo
>> %s"
>> + % (sys.argv[0])))
>> +
>> # --active is the same as --running --frozen
>> if args.active:
>> if not args.state:
>> --
>> 1.8.0
>>
>>
>> --
>> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
>> Remotely access PCs and mobile devices and provide instant support
>> Improve your efficiency, and focus on delivering more value-add services
>> Discover what IT Professionals Know. Rescue delivers
>> http://p.sf.net/sfu/logmein_12329d2d
>> ___
>> Lxc-devel mailing list
>> Lxc-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: OpenPGP digital signature
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 2/3] lxc-ls: Show a simple error message when non-root
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On 12/04/2012 04:34 PM, Serge Hallyn wrote:
> > Quoting Stéphane Graber (stgra...@ubuntu.com):
> >> Instead of returning a python stacktrace, check what the current euid is
> >> and show an argparse error message similar to that used in
> >> lxc-start-ephemeral.
> >>
> >> Signed-off-by: Stéphane Graber
> >
> > Wait, you must be root to call lxc-ls at all?
>
> To be able to grab the state of the container, yes.
>
> In the past anyone could run lxc-ls but the result would vary depending
> on whether you were root or not as the active container list would
> always be empty if non-root.
Not with the lxc-ls in ubuntu, at least, unless lxc-start caller had
a funky umask.
Well, if it's needed for now, then
Acked-by: Serge E. Hallyn
> I'll put on my todo to see if I can change the code slightly so that I
> don't use as_object when getting a simple list of all containers so that
> unprivileged user can get the list as long as they don't need any status
> information.
>
> With that change, "lxc-ls" would work unprivileged but any of the other
> options would required root.
>
> >> ---
> >> src/lxc/lxc-ls | 7 +++
> >> 1 file changed, 7 insertions(+)
> >>
> >> diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
> >> index 8a1d1ed..2ad1f7f 100644
> >> --- a/src/lxc/lxc-ls
> >> +++ b/src/lxc/lxc-ls
> >> @@ -32,6 +32,7 @@ warnings.filterwarnings("ignore", "The python-lxc API
> >> isn't yet stable")
> >> import argparse
> >> import gettext
> >> import lxc
> >> +import os
> >> import re
> >> import sys
> >>
> >> @@ -115,6 +116,12 @@ parser.add_argument("filter", metavar='FILTER',
> >> type=str, nargs="?",
> >>
> >> args = parser.parse_args()
> >>
> >> +# Basic checks
> >> +## The user needs to be uid 0
> >> +if not os.geteuid() == 0:
> >> +parser.error(_("You must be root to run this script. Try running:
> >> sudo %s"
> >> + % (sys.argv[0])))
> >> +
> >> # --active is the same as --running --frozen
> >> if args.active:
> >> if not args.state:
> >> --
> >> 1.8.0
> >>
> >>
> >> --
> >> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> >> Remotely access PCs and mobile devices and provide instant support
> >> Improve your efficiency, and focus on delivering more value-add services
> >> Discover what IT Professionals Know. Rescue delivers
> >> http://p.sf.net/sfu/logmein_12329d2d
> >> ___
> >> Lxc-devel mailing list
> >> Lxc-devel@lists.sourceforge.net
> >> https://lists.sourceforge.net/lists/listinfo/lxc-devel
>
>
> --
> Stéphane Graber
> Ubuntu developer
> http://www.ubuntu.com
>
> --
> LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
> Remotely access PCs and mobile devices and provide instant support
> Improve your efficiency, and focus on delivering more value-add services
> Discover what IT Professionals Know. Rescue delivers
> http://p.sf.net/sfu/logmein_12329d2d
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] python: Update to the device related functions
This commit does the following changes to the python API:
- Rename the add_device API call to add_device_node
- Adds an extra check that the container is running to add_device_node
- Introduces a new add_device_net function
And the following changes to the lxc-device tool:
- Change parser setup to better cope with variable number of arguments
- Add support for network devices (currently auto-detected)
- Support for different names on the host and in the container
Signed-off-by: Stéphane Graber
---
src/lxc/lxc-device | 48 ++
src/python-lxc/lxc/__init__.py | 26 +--
2 files changed, 63 insertions(+), 11 deletions(-)
diff --git a/src/lxc/lxc-device b/src/lxc/lxc-device
index 467df17..db9399d 100644
--- a/src/lxc/lxc-device
+++ b/src/lxc/lxc-device
@@ -42,24 +42,54 @@ gettext.textdomain("lxc-device")
parser = argparse.ArgumentParser(description=_("LXC: Manage devices"),
formatter_class=argparse.RawTextHelpFormatter)
+# Global arguments
parser.add_argument("-n", dest="container", metavar="CONTAINER",
-help=_("Container to add the device to"), required=True)
+help=_("Name of the container to add the device to"),
+required=True)
-parser.add_argument("--add", action="append", default=[], metavar="DEVICE",
-help=_("Add a device"), required=True)
+# Commands
+subparsers = parser.add_subparsers()
+subparser_add = subparsers.add_parser('add', help=_('Add a device'))
+subparser_add.set_defaults(action="add")
+
+subparser_add.add_argument(dest="device", metavar="DEVICE",
+ help=_("Add a device "
+ "(path to a node or interface name)"))
+
+subparser_add.add_argument(dest="name", metavar="NAME", nargs="?",
+ help=_("Use an alternative path or name "
+ "in the container"))
args = parser.parse_args()
-# The user needs to be uid 0
+# Some basic checks
+if not hasattr(args, "action"):
+parser.error(_("You must specify an action."))
+
+## The user needs to be uid 0
if not os.geteuid() == 0:
parser.error(_("You must be root to run this script. Try running: sudo %s"
% (sys.argv[0])))
+## Don't rename if no alternative name
+if not args.name:
+args.name = args.device
+
+## Check that the container is ready
container = lxc.Container(args.container)
if not container.running:
-print("The container must be running.")
-sys.exit(1)
+parser.error("The container must be running.")
+
+# Do the work
+if args.action == "add":
+if os.path.exists("/sys/class/net/%s/" % args.device):
+ret = container.add_device_net(args.device, args.name)
+else:
+ret = container.add_device_node(args.device, args.name)
-for device in args.add:
-container.add_device(device)
-print("Added '%s' to '%s'." % (device, container.name))
+if ret:
+print("Added '%s' to '%s' as '%s'." %
+ (args.device, container.name, args.name))
+else:
+print("Failed to add '%s' to '%s' as '%s'." %
+ (args.device, container.name, args.name))
diff --git a/src/python-lxc/lxc/__init__.py b/src/python-lxc/lxc/__init__.py
index 78852ec..cde4fd1 100644
--- a/src/python-lxc/lxc/__init__.py
+++ b/src/python-lxc/lxc/__init__.py
@@ -154,11 +154,14 @@ class Container(_lxc.Container):
_lxc.Container.__init__(self, name)
self.network = ContainerNetworkList(self)
-def add_device(self, path, destpath=None):
+def add_device_node(self, path, destpath=None):
"""
-Add device to running container.
+Add block/char device to running container.
"""
+if not self.running:
+return False
+
if not destpath:
destpath = path
@@ -214,6 +217,25 @@ class Container(_lxc.Container):
return True
+def add_device_net(self, name, destname=None):
+"""
+Add network device to running container.
+"""
+
+if not self.running:
+return False
+
+if not destname:
+destname = name
+
+if not os.path.exists("/sys/class/net/%s/" % name):
+return False
+
+return subprocess.call(['ip', 'link', 'set',
+'dev', name,
+'netns', str(self.init_pid),
+'name', destname]) == 0
+
def append_config_item(self, key, value):
"""
Append 'value' to 'key', assuming 'key' is a list.
--
1.8.0
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more valu
[lxc-devel] [PATCH] lxc-ls: Update code to allow non-root listing
Re-arrange the code so that we only grab the container object when doing
something more than building a simple list of existing containers.
This means that now the following calls can run unprivileged:
- lxc-ls
- lxc-ls -1
Everything else will still require root privileges.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc-ls | 34 +-
1 file changed, 21 insertions(+), 13 deletions(-)
diff --git a/src/lxc/lxc-ls b/src/lxc/lxc-ls
index 2ad1f7f..98b7861 100644
--- a/src/lxc/lxc-ls
+++ b/src/lxc/lxc-ls
@@ -116,12 +116,6 @@ parser.add_argument("filter", metavar='FILTER', type=str,
nargs="?",
args = parser.parse_args()
-# Basic checks
-## The user needs to be uid 0
-if not os.geteuid() == 0:
-parser.error(_("You must be root to run this script. Try running: sudo %s"
- % (sys.argv[0])))
-
# --active is the same as --running --frozen
if args.active:
if not args.state:
@@ -135,19 +129,33 @@ if not sys.stdout.isatty():
# Turn args.fancy_format into a list
args.fancy_format = args.fancy_format.strip().split(",")
+# Basic checks
+## The user needs to be uid 0
+if not os.geteuid() == 0 and (args.fancy or args.state):
+parser.error(_("You must be root to access advanced container properties. "
+ "Try running: sudo %s"
+ % (sys.argv[0])))
+
# List of containers, stored as dictionaries
containers = []
-for container in lxc.list_containers(as_object=True):
-# Filter by status
-if args.state and container.state not in args.state:
-continue
+for container_name in lxc.list_containers():
+entry = {}
+entry['name'] = container_name
# Apply filter
-if args.filter and not re.match(args.filter, container.name):
+if args.filter and not re.match(args.filter, container_name):
continue
-entry = {}
-entry['name'] = container.name
+# Return before grabbing the object (non-root)
+if not args.state and not args.fancy:
+containers.append(entry)
+continue
+
+container = lxc.Container(container_name)
+
+# Filter by status
+if args.state and container.state not in args.state:
+continue
# Nothing more is needed if we're not printing some fancy output
if not args.fancy:
--
1.8.0
--
LogMeIn Rescue: Anywhere, Anytime Remote support for IT. Free Trial
Remotely access PCs and mobile devices and provide instant support
Improve your efficiency, and focus on delivering more value-add services
Discover what IT Professionals Know. Rescue delivers
http://p.sf.net/sfu/logmein_12329d2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] python: Update to the device related functions
Quoting Stéphane Graber (stgra...@ubuntu.com):
> This commit does the following changes to the python API:
> - Rename the add_device API call to add_device_node
> - Adds an extra check that the container is running to add_device_node
> - Introduces a new add_device_net function
>
> And the following changes to the lxc-device tool:
> - Change parser setup to better cope with variable number of arguments
> - Add support for network devices (currently auto-detected)
> - Support for different names on the host and in the container
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxc-device | 48
> ++
> src/python-lxc/lxc/__init__.py | 26 +--
> 2 files changed, 63 insertions(+), 11 deletions(-)
>
> diff --git a/src/lxc/lxc-device b/src/lxc/lxc-device
> index 467df17..db9399d 100644
> --- a/src/lxc/lxc-device
> +++ b/src/lxc/lxc-device
> @@ -42,24 +42,54 @@ gettext.textdomain("lxc-device")
> parser = argparse.ArgumentParser(description=_("LXC: Manage devices"),
>
> formatter_class=argparse.RawTextHelpFormatter)
>
> +# Global arguments
> parser.add_argument("-n", dest="container", metavar="CONTAINER",
> -help=_("Container to add the device to"), required=True)
> +help=_("Name of the container to add the device to"),
> +required=True)
>
> -parser.add_argument("--add", action="append", default=[], metavar="DEVICE",
> -help=_("Add a device"), required=True)
> +# Commands
> +subparsers = parser.add_subparsers()
> +subparser_add = subparsers.add_parser('add', help=_('Add a device'))
> +subparser_add.set_defaults(action="add")
> +
> +subparser_add.add_argument(dest="device", metavar="DEVICE",
> + help=_("Add a device "
> + "(path to a node or interface name)"))
> +
> +subparser_add.add_argument(dest="name", metavar="NAME", nargs="?",
> + help=_("Use an alternative path or name "
> + "in the container"))
>
> args = parser.parse_args()
>
> -# The user needs to be uid 0
> +# Some basic checks
> +if not hasattr(args, "action"):
> +parser.error(_("You must specify an action."))
> +
> +## The user needs to be uid 0
> if not os.geteuid() == 0:
> parser.error(_("You must be root to run this script. Try running: sudo
> %s"
> % (sys.argv[0])))
>
> +## Don't rename if no alternative name
> +if not args.name:
> +args.name = args.device
> +
> +## Check that the container is ready
> container = lxc.Container(args.container)
> if not container.running:
> -print("The container must be running.")
> -sys.exit(1)
> +parser.error("The container must be running.")
> +
> +# Do the work
> +if args.action == "add":
> +if os.path.exists("/sys/class/net/%s/" % args.device):
> +ret = container.add_device_net(args.device, args.name)
> +else:
> +ret = container.add_device_node(args.device, args.name)
>
> -for device in args.add:
> -container.add_device(device)
> -print("Added '%s' to '%s'." % (device, container.name))
> +if ret:
> +print("Added '%s' to '%s' as '%s'." %
> + (args.device, container.name, args.name))
> +else:
> +print("Failed to add '%s' to '%s' as '%s'." %
> + (args.device, container.name, args.name))
> diff --git a/src/python-lxc/lxc/__init__.py b/src/python-lxc/lxc/__init__.py
> index 78852ec..cde4fd1 100644
> --- a/src/python-lxc/lxc/__init__.py
> +++ b/src/python-lxc/lxc/__init__.py
> @@ -154,11 +154,14 @@ class Container(_lxc.Container):
> _lxc.Container.__init__(self, name)
> self.network = ContainerNetworkList(self)
>
> -def add_device(self, path, destpath=None):
> +def add_device_node(self, path, destpath=None):
> """
> -Add device to running container.
> +Add block/char device to running container.
> """
>
> +if not self.running:
> +return False
> +
> if not destpath:
> destpath = path
>
> @@ -214,6 +217,25 @@ class Container(_lxc.Container):
>
> return True
>
> +def add_device_net(self, name, destname=None):
> +"""
> +Add network device to running container.
> +"""
> +
> +if not self.running:
> +return False
> +
> +if not destname:
> +destname = name
> +
> +if not os.path.exists("/sys/class/net/%s/" % name):
> +return False
> +
> +return subprocess.call(['ip', 'link', 'set',
> +'dev', name,
> +'netns', str(self.init_pid),
> +'name', destname]) == 0
> +
> def append_config_item(self, key, value):
> """
>
