[lxc-devel] [PATCH] lxc-shutdown: use posix shell instead of bash
- avoid getopt --longoptions
- use 'which' instead of 'type' to detect existance of tools
- specify -s SIG with kill
Signed-off-by: Natanael Copa
---
dash didn't complain when I tested it, but it did not shut down the
container due to busybox init uses other signals for poweroff/reboot.
The poweroff/reboot signal should probably be configurable but thats
other issue.
src/lxc/lxc-shutdown.in | 52 ++---
1 file changed, 28 insertions(+), 24 deletions(-)
diff --git a/src/lxc/lxc-shutdown.in b/src/lxc/lxc-shutdown.in
index c0d1702..cf1d603 100644
--- a/src/lxc/lxc-shutdown.in
+++ b/src/lxc/lxc-shutdown.in
@@ -1,4 +1,4 @@
-#!/bin/bash
+#!/bin/sh
# (C) Copyright Canonical 2011,2012
@@ -41,30 +41,30 @@ dolxcstop()
exit 0
}
-shortoptions='hn:rwt:'
-longoptions='help,name:,wait,reboot,timeout:'
-
-timeout="-1"
-
-getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@")
-if [ $? != 0 ]; then
+usage_err() {
+[ -n "$1" ] && echo "$1" >&2
usage
-exit 1;
-fi
+exit 1
+}
+
+optarg_check() {
+[ -n "$2" ] || usage_err "option '$1' requires an argument"
+}
-eval set -- "$getopt"
+timeout="-1"
reboot=0
dowait=0
-while true; do
-case "$1" in
+while [ $# -gt 0 ]; do
+opt="$1"
+shift
+case "$opt" in
-h|--help)
usage
-exit 1
;;
-n|--name)
-shift
+optarg_check $opt "$1"
lxc_name=$1
shift
;;
@@ -77,19 +77,23 @@ while true; do
shift
;;
-t|--timeout)
-shift
+optarg_check $opt "$1"
timeout=$1
dowait=1
shift
;;
--)
-shift
break;;
+-?)
+usage_err "unknown option '$opt'"
+;;
+-*)
+# split opts -abc into -a -b -c
+set -- $(echo "${opt#-}" | sed 's/\(.\)/ -\1/g') "$@"
+;;
*)
-echo $1
-usage
+usage_err "unknown option '$opt'"
exit 1
-;;
esac
done
@@ -104,8 +108,8 @@ if [ "$(id -u)" != "0" ]; then
exit 1
fi
-type lxc-info > /dev/null || { echo "lxc-info not found."; exit 1; }
-type lxc-wait > /dev/null || { echo "lxc-wait not found."; exit 1; }
+which lxc-info > /dev/null || { echo "lxc-info not found."; exit 1; }
+which lxc-wait > /dev/null || { echo "lxc-wait not found."; exit 1; }
pid=`lxc-info -n $lxc_name -p 2>/dev/null | awk '{ print $2 }'`
if [ "$pid" = "-1" ]; then
@@ -114,10 +118,10 @@ if [ "$pid" = "-1" ]; then
fi
if [ $reboot -eq 1 ]; then
-kill -INT $pid
+kill -s SIGINT $pid
exit 0
else
-kill -PWR $pid
+kill -s SIGPWR $pid
fi
if [ $dowait -eq 0 ]; then
--
1.8.0.2
--
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122712
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] separate console device from console log
lxc-start -c makes the named file/device the container's console, but using
this with a regular file in order to get a log of the console output does
not work very well if you also want to login on the console. This change
implements an additional option (-L) to simply log the console's output to
a file.
Both options can be used separately or together. For example to get a usable
console and log: lxc-start -n name -c /dev/tty8 -L console.log
The console state is cleaned up more when lxc_delete_console is called, and
some of the clean up paths in lxc_create_console were fixed.
The lxc_priv and lxc_unpriv macros were modified to make use of gcc's local
label feature so they can be expanded more than once in the same function.
Signed-off-by: Dwight Engen
---
doc/lxc-start.sgml.in | 28 ++--
src/lxc/arguments.h | 1 +
src/lxc/caps.h| 12 ---
src/lxc/conf.c| 2 ++
src/lxc/conf.h| 2 ++
src/lxc/console.c | 58 +++-
src/lxc/lxc_start.c | 91 ++-
7 files changed, 134 insertions(+), 60 deletions(-)
diff --git a/doc/lxc-start.sgml.in b/doc/lxc-start.sgml.in
index 5c98a25..e4036f4 100644
--- a/doc/lxc-start.sgml.in
+++ b/doc/lxc-start.sgml.in
@@ -51,7 +51,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
lxc-start
-n name
-f config_file
- -c console_file
+ -c console_device
+ -L console_logfile
-d
-p pid_file
-s KEY=VAL
@@ -76,11 +77,6 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
defined, the default isolation is used.
- The orphan process group
- and daemon are not supported by this command, use
- the lxc-execute command instead.
-
-
If no command is specified, lxc-start will
use the default
"/sbin/init" command to run a system
@@ -139,13 +135,25 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
-c,
- --console console_file
+ --console console_device
+
+
+
+ Specify a device to use for the container's console, for example
+/dev/tty8. If this option is not specified the current terminal
+will be used unless -d is specified.
+
+
+
+
+
+
+ -L,
+ --console-log console_logfile
- Specify a file to output the container console. If the
- option is not specified the output will go the terminal
- except if the -d is specified.
+ Specify a file to log the container's console output to.
diff --git a/src/lxc/arguments.h b/src/lxc/arguments.h
index 188c460..5f2ecba 100644
--- a/src/lxc/arguments.h
+++ b/src/lxc/arguments.h
@@ -45,6 +45,7 @@ struct lxc_arguments {
int daemonize;
const char *rcfile;
const char *console;
+ const char *console_log;
const char *pidfile;
/* for lxc-checkpoint/restart */
diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index 0cf8460..88cf09e 100644
--- a/src/lxc/caps.h
+++ b/src/lxc/caps.h
@@ -33,27 +33,29 @@ extern int lxc_caps_last_cap(void);
#define lxc_priv(__lxc_function) \
({ \
+ __label__ out; \
int __ret, __ret2, __errno = 0; \
__ret = lxc_caps_up(); \
if (__ret) \
- goto __out; \
+ goto out; \
__ret = __lxc_function; \
if (__ret) \
__errno = errno;\
__ret2 = lxc_caps_down(); \
- __out: __ret ? errno = __errno,__ret : __ret2; \
+ out:__ret ? errno = __errno,__ret : __ret2; \
})
-#define lxc_unpriv(__lxc_function) \
+#define lxc_unpriv(__lxc_function) \
({ \
+ __label__ out; \
int __ret, __ret2, __errno = 0; \
__ret = lxc_caps_down();\
if (__ret) \
- goto __out; \
+ goto out; \
__ret = __lxc_function; \
if (__ret) \
__errno = errno;\
__ret2 = lxc_caps_up(); \
- __out: __ret ? errno = __errno,__ret : __ret2; \
+ out:__ret ? errno = __errno,_
Re: [lxc-devel] [PATCH] Support MS_SHARED /
On Thu, 2012-12-20 at 09:03 -0600, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > On 12/20/2012 06:58 AM, Serge Hallyn wrote:
> ...
> > /proc/mounts in the container will also end up being polluted by all the
> > mount points from the host, this in itself doesn't cause any big
> > problem, though the container will try (and fail) to unmount all of those.
> > Is there anything we can do to improve that situation or is that a side
> > effect of MS_SHARED that we can't workaround on our end?
> I think it's actually a side effect of pivot-root after chroot. You
> have /orig_root/foo/chroot_root/path/new_pivot/put_old. Then you
> chroot to /orig_root/foo/chroot_root. When you then pivot to
> /path/new_pivot, what ends up in put_old is /orig_root/foo/chroot_root.
> I'm actually not sure you can trim the mounts which were under
> /orig_root. We could figure out ones they are by following the chain
> of mount ids in /proc/self/mountinfo, but we can't reach them to umount
> them.
> It's much like how when you boot a livecd, you see things like
> the rootfs on / as well as /cow on /. You can't reach the rootfs
> which is parent of the /cow on / any more, but it's in the mounts
> table.
> Now I tested, and with a simple setup we can use a much simpler
> patch which just does mount("", "/", NULL, MS_SLAVE|MS_REC, 0);
> for the whole of chroot_into_slave() (and skips the new umount2()
> in start.c). The container then starts, and its mounts table
> is clean.
> Where that won't work is in a livecd or any fancy raid setup,
> where your process's / has a parent which is MS_SHARED.
> Michael, can you show me your /proc/self/mountinfo in a f18
> box?
Freshly installed clean box...
[root@dwarf52 mhw]# cat /proc/self/mountinfo
15 34 0:3 / /proc rw,nosuid,nodev,noexec,relatime shared:5 - proc proc rw
16 34 0:14 / /sys rw,nosuid,nodev,noexec,relatime shared:6 - sysfs sysfs
rw,seclabel
17 34 0:5 / /dev rw,nosuid shared:2 - devtmpfs devtmpfs
rw,seclabel,size=491520k,nr_inodes=122880,mode=755
18 16 0:15 / /sys/kernel/security rw,nosuid,nodev,noexec,relatime shared:7 -
securityfs securityfs rw
19 16 0:13 / /sys/fs/selinux rw,relatime shared:8 - selinuxfs selinuxfs rw
20 17 0:16 / /dev/shm rw,nosuid,nodev shared:3 - tmpfs tmpfs rw,seclabel
21 17 0:10 / /dev/pts rw,nosuid,noexec,relatime shared:4 - devpts devpts
rw,seclabel,gid=5,mode=620,ptmxmode=000
22 34 0:17 / /run rw,nosuid,nodev shared:19 - tmpfs tmpfs rw,seclabel,mode=755
23 16 0:18 / /sys/fs/cgroup rw,nosuid,nodev,noexec shared:9 - tmpfs tmpfs
rw,seclabel,mode=755
24 23 0:19 / /sys/fs/cgroup/systemd rw,nosuid,nodev,noexec,relatime shared:10 -
cgroup cgroup
rw,release_agent=/usr/lib/systemd/systemd-cgroups-agent,name=systemd
25 23 0:20 / /sys/fs/cgroup/cpuset rw,nosuid,nodev,noexec,relatime shared:11 -
cgroup cgroup rw,cpuset
26 23 0:21 / /sys/fs/cgroup/cpu,cpuacct rw,nosuid,nodev,noexec,relatime
shared:12 - cgroup cgroup rw,cpuacct,cpu
27 23 0:22 / /sys/fs/cgroup/memory rw,nosuid,nodev,noexec,relatime shared:13 -
cgroup cgroup rw,memory
28 23 0:23 / /sys/fs/cgroup/devices rw,nosuid,nodev,noexec,relatime shared:14 -
cgroup cgroup rw,devices
29 23 0:24 / /sys/fs/cgroup/freezer rw,nosuid,nodev,noexec,relatime shared:15 -
cgroup cgroup rw,freezer
30 23 0:25 / /sys/fs/cgroup/net_cls rw,nosuid,nodev,noexec,relatime shared:16 -
cgroup cgroup rw,net_cls
31 23 0:26 / /sys/fs/cgroup/blkio rw,nosuid,nodev,noexec,relatime shared:17 -
cgroup cgroup rw,blkio
32 23 0:27 / /sys/fs/cgroup/perf_event rw,nosuid,nodev,noexec,relatime
shared:18 - cgroup cgroup rw,perf_event
34 1 253:1 / / rw,relatime shared:1 - ext4 /dev/mapper/fedora_dwarf52-root
rw,seclabel,data=ordered
35 15 0:29 / /proc/sys/fs/binfmt_misc rw,relatime shared:20 - autofs systemd-1
rw,fd=29,pgrp=1,timeout=300,minproto=5,maxproto=5,direct
37 16 0:30 / /sys/kernel/config rw,relatime shared:21 - configfs configfs rw
39 17 0:31 / /dev/hugepages rw,relatime shared:22 - hugetlbfs hugetlbfs
rw,seclabel
38 17 0:12 / /dev/mqueue rw,relatime shared:23 - mqueue mqueue rw,seclabel
36 16 0:7 / /sys/kernel/debug rw,relatime shared:24 - debugfs debugfs rw
40 34 0:32 / /tmp rw shared:25 - tmpfs tmpfs rw,seclabel
41 34 8:1 / /boot rw,relatime shared:26 - ext4 /dev/sda1
rw,seclabel,data=ordered
42 34 253:2 / /home rw,relatime shared:27 - ext4
/dev/mapper/fedora_dwarf52-home rw,seclabel,data=ordered
74 22 0:33 / /run/user/1000/gvfs rw,nosuid,nodev,relatime shared:57 -
fuse.gvfsd-fuse gvfsd-fuse rw,user_id=1000,group_id=1000
76 16 0:34 / /sys/fs/fuse/connections rw,relatime shared:59 - fusectl fusectl rw
Looks like everything has "shared".
I'll be testing lxc on this beast with and without this patch over the
next couple of days for both systemd and non-systemd containers. I've
got to get 0.9.0a2 built on it first and then go from there.
> > I didn't spend much time reviewing the code itself, but it applied to my
> > local staging tree and built fine, so that's good enough for me :)
