Re: [lxc-devel] [PATCH] oracle template: drop additional capabilities

[Serge Hallyn]

Quoting Dwight Engen (dwight.en...@oracle.com):
> Signed-off-by: Dwight Engen 

Acked-by: Serge E. Hallyn 

You might want to add a pointer to the capabilities(7) manpage for
more details.

> ---
>  templates/lxc-oracle.in | 26 --
>  1 file changed, 24 insertions(+), 2 deletions(-)
> 
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 3242dc4..6a64a33 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -292,10 +292,32 @@ lxc.tty = 4
>  lxc.pts = 1024
>  lxc.rootfs = $container_rootfs
>  lxc.mount = $cfg_dir/fstab
> -lxc.cap.drop = sys_rawio
> -# Networking
> +# Uncomment these if you don't run anything that needs the capability, and   
> +# would like the container to run with less privilege.
> +#
> +# Dropping sys_admin disables container root from doing a lot of things   
> +# that could be bad like re-mounting lxc fstab entries rw for example,
> +# but also disables some useful things like being able to nfs mount, and
> +# things that are already namespaced with ns_capable() kernel checks, like  
> +# hostname(1).  
> +# lxc.cap.drop = sys_admin
> +# lxc.cap.drop = net_raw  # breaks dhcp/ping
> +# lxc.cap.drop = setgid   # breaks login (initgroups/setgroups)
> +# lxc.cap.drop = dac_read_search  # breaks login (pam unix_chkpwd)
> +# lxc.cap.drop = setuid   # breaks sshd,nfs statd
> +# lxc.cap.drop = audit_control# breaks sshd (set_loginuid failed)
> +# lxc.cap.drop = audit_write
> +#
> +lxc.cap.drop = mac_admin mac_override setfcap setpcap
> +lxc.cap.drop = sys_module sys_nice sys_pacct  

I'm a little surprised you'd want sys_nice by default, as opposed to
pointing to some docs for using cgroups to limit resource use by
the containers, with a commented-out 'lxc.cap.drop = sys_nice' for
those who prefer to not bother setting up the cgroups.

> +lxc.cap.drop = sys_rawio sys_time
>  EOF
>  
> +if [ $container_release_major != "4" ]; then
> +echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config
> +fi
> +
> +echo "# Networking" >>$cfg_dir/config
>  # see if the network settings were already specified
>  lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= 
> \t]+' '{ print $2 }'`
>  if [ -z "$lxc_network_type" -a   \
> -- 
> 1.7.11.7
> 
> 
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] oracle template: use url arg to wget repo file

[Serge Hallyn]

Quoting Dwight Engen (dwight.en...@oracle.com):
> Signed-off-by: Dwight Engen 

Acked-by: Serge E. Hallyn 

> ---
>  templates/lxc-oracle.in | 10 +++---
>  1 file changed, 7 insertions(+), 3 deletions(-)
> 
> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
> index 6a64a33..4ccec9f 100644
> --- a/templates/lxc-oracle.in
> +++ b/templates/lxc-oracle.in
> @@ -397,7 +397,11 @@ container_rootfs_create()
>  echo "Downloading release 
> $container_release_major.$container_release_minor for $basearch"
>  
>  # get yum repo file
> -public_yum_url=http://public-yum.oracle.com
> +if [ -n "$repourl" ]; then
> +yum_url=$repourl
> +else
> +yum_url=http://public-yum.oracle.com
> +fi
>  if   [ $container_release_major = "5" ]; then
>  repofile=public-yum-el5.repo
>  elif [ $container_release_major = "6" ]; then
> @@ -406,9 +410,9 @@ container_rootfs_create()
>  die "Unsupported release $container_release_major"
>  fi
>  mkdir -p $container_rootfs/etc/yum.repos.d
> -wget -q $public_yum_url/$repofile -O 
> $container_rootfs/etc/yum.repos.d/$repofile
> +wget -q $yum_url/$repofile -O 
> $container_rootfs/etc/yum.repos.d/$repofile
>  if [ $? -ne 0 ]; then
> -die "Failed to download repo file $public_yum_url/$repofile"
> +die "Failed to download repo file $yum_url/$repofile"
>  fi
>  
>  # yum will take $basearch from host, so force the arch we want
> -- 
> 1.7.11.7
> 
> 
> --
> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
> MVPs and experts. SALE $99.99 this month only -- learn more at:
> http://p.sf.net/sfu/learnmore_122412
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 03/24] Replace all reference to ushort by unsigned short

[Stéphane Graber]

ushort appears to be a glibc specific type which doesn't exist in
bionic, this commit simply replace all occurences by the equivalent
unsigned short type.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/conf.h| 4 ++--
 src/lxc/network.c | 2 +-
 src/lxc/network.h | 2 +-
 src/lxc/nl.c  | 2 +-
 src/lxc/nl.h  | 2 +-
 src/lxc/utils.c   | 2 +-
 src/lxc/utils.h   | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index b576893..fa3aada 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -87,8 +87,8 @@ struct ifla_veth {
 struct ifla_vlan {
uint   flags;
uint   fmask;
-   ushort   vid;
-   ushort   pad;
+   unsigned short   vid;
+   unsigned short   pad;
 };
 
 struct ifla_macvlan {
diff --git a/src/lxc/network.c b/src/lxc/network.c
index f97e685..9a55a48 100644
--- a/src/lxc/network.c
+++ b/src/lxc/network.c
@@ -413,7 +413,7 @@ out:
 }
 
 /* XXX: merge with lxc_macvlan_create */
-int lxc_vlan_create(const char *master, const char *name, ushort vlanid)
+int lxc_vlan_create(const char *master, const char *name, unsigned short 
vlanid)
 {
struct nl_handler nlh;
struct nlmsg *nlmsg = NULL, *answer = NULL;
diff --git a/src/lxc/network.h b/src/lxc/network.h
index 3f45f7f..ff2ea9e 100644
--- a/src/lxc/network.h
+++ b/src/lxc/network.h
@@ -61,7 +61,7 @@ extern int lxc_netdev_set_mtu(const char *name, int mtu);
  */
 extern int lxc_veth_create(const char *name1, const char *name2);
 extern int lxc_macvlan_create(const char *master, const char *name, int mode);
-extern int lxc_vlan_create(const char *master, const char *name, ushort vid);
+extern int lxc_vlan_create(const char *master, const char *name, unsigned 
short vid);
 
 /*
  * Activate forwarding
diff --git a/src/lxc/nl.c b/src/lxc/nl.c
index 06ff401..125fafd 100644
--- a/src/lxc/nl.c
+++ b/src/lxc/nl.c
@@ -79,7 +79,7 @@ extern int nla_put_u32(struct nlmsg *nlmsg, int attr, int 
value)
return nla_put(nlmsg, attr, &value, sizeof(value));
 }
 
-extern int nla_put_u16(struct nlmsg *nlmsg, int attr, ushort value)
+extern int nla_put_u16(struct nlmsg *nlmsg, int attr, unsigned short value)
 {
return nla_put(nlmsg, attr, &value, 2);
 }
diff --git a/src/lxc/nl.h b/src/lxc/nl.h
index 34aeb36..32c08b5 100644
--- a/src/lxc/nl.h
+++ b/src/lxc/nl.h
@@ -169,7 +169,7 @@ int nla_put_u32(struct nlmsg *nlmsg, int attr, int value);
  *
  * Returns 0 on success, < 0 otherwise
  */
-int nla_put_u16(struct nlmsg *nlmsg, int attr, ushort value);
+int nla_put_u16(struct nlmsg *nlmsg, int attr, unsigned short value);
 
 /*
  * nla_put_attr: add an attribute name to a netlink
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 52a463d..2a01f8f 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -149,7 +149,7 @@ extern int lxc_setup_fs(void)
 }
 
 /* borrowed from iproute2 */
-extern int get_u16(ushort *val, const char *arg, int base)
+extern int get_u16(unsigned short *val, const char *arg, int base)
 {
unsigned long res;
char *ptr;
diff --git a/src/lxc/utils.h b/src/lxc/utils.h
index d47c983..cfb526e 100644
--- a/src/lxc/utils.h
+++ b/src/lxc/utils.h
@@ -25,7 +25,7 @@
 
 extern int lxc_copy_file(const char *src, const char *dst);
 extern int lxc_setup_fs(void);
-extern int get_u16(ushort *val, const char *arg, int base);
+extern int get_u16(unsigned short *val, const char *arg, int base);
 extern int mkdir_p(const char *dir, mode_t mode);
 
 #endif
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 08/24] conf.c: Define LO_FLAGS_AUTOCLEAR if it's not

[Stéphane Graber]

LO_FLAGS_AUTOCLEAR isn't defined on bionic, so add an extra ifndef
and set it to its usual value if it's not.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/conf.c | 4 
 1 file changed, 4 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 4f041dc..7e1d10a 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -115,6 +115,10 @@ lxc_log_define(lxc_conf, lxc);
 #define PR_CAPBSET_DROP 24
 #endif
 
+#ifndef LO_FLAGS_AUTOCLEAR
+#define LO_FLAGS_AUTOCLEAR 4
+#endif
+
 char *lxchook_names[NUM_LXC_HOOKS] = {
"pre-start", "pre-mount", "mount", "start", "post-stop" };
 
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 09/24] clone: Support bionic's clone() defintion

[Stéphane Graber]

The clone() call in bionic is very slightly different.
This updates namespace.h to support both glibc and bionic.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/namespace.h | 7 +++
 1 file changed, 7 insertions(+)

diff --git a/src/lxc/namespace.h b/src/lxc/namespace.h
index 109e0bb..e35de60 100644
--- a/src/lxc/namespace.h
+++ b/src/lxc/namespace.h
@@ -26,6 +26,8 @@
 #include 
 #include 
 
+#include "config.h"
+
 #ifndef CLONE_FS
 #  define CLONE_FS0x0200
 #endif
@@ -47,9 +49,14 @@
 #ifndef CLONE_NEWNET
 #  define CLONE_NEWNET0x4000
 #endif
+#ifdef IS_BIONIC
+int clone(int (*fn)(void *), void *child_stack,
+   int flags, void *arg);
+#else
 int clone(int (*fn)(void *), void *child_stack,
int flags, void *arg, ...
/* pid_t *ptid, struct user_desc *tls, pid_t *ctid */ );
+#endif
 
 
 extern pid_t lxc_clone(int (*fn)(void *), void *arg, int flags);
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 00/24 v2] Enable building LXC with bionic libc

[Stéphane Graber]

Version two of the bionic patchset I submitted last week.
This one should address all the issues expressed on the mailing-list.

It was also tested on actual hardware with a 2.6.32 and 3.5 kernel running
Android 4.1.2.
I also did a quick test build on amd64 as well as a crossbuild to eglibc armhf.

Major changes from the previous version include:
 - New re-implementation of getline()
 - libcap support won't be silently dropped, --disable-capabilities is not
   required to turn of capabilities support
 - Full replacement for mntent.h as bionic mis-implement part of it (getmntent)
 - Cherry pick of Serge's chroot commit (from the jan.4 branch)


Serge Hallyn (1):
  create rslave chroot any time pivot_root fails with -EINVAL

Stéphane Graber (23):
  configure.ac: Add code to detect bionic C library
  configure.ac: Cleanup, comments, indent, ...
  Replace all reference to ushort by unsigned short
  Support both getline and fgetln
  No need to link against rt and util on bionic
  Replace get_current_dir_name by getcwd
  Add/remove extra includes
  conf.c: Define LO_FLAGS_AUTOCLEAR if it's not
  clone: Support bionic's clone() defintion
  tty.h: Ship our own minimal openpty.h
  Don't hard depend on capability.h and libcap
  personality.h: Make the personality code optional
  Workaround missing functions in other libc
  Make utmpx.h optional
  Add a bionic_alphasort function on bionic
  Replace strdupa call by standard strdup
  caps.h: Rename __errno to ___errno
  Add local implementation of mntent.h
  conf.c: Cleanup __S_ISTYPE
  lxc_unshare: Replace getpw*_r by getpw*
  tests/Makefile.am: Update for bionic
  Don't call setup_mount_entries if the list is empty
  Makefile.am: Add missing liblxc symlink

 configure.ac  | 149 ++-
 src/include/getline.c |  31 +
 src/include/getline.h |   6 ++
 src/include/mntent.c  | 173 ++
 src/include/mntent.h  |  32 ++
 src/include/openpty.c |  72 +
 src/include/openpty.h |  14 
 src/lxc/Makefile.am   |  27 +++-
 src/lxc/attach.c  |  34 --
 src/lxc/caps.c|   6 +-
 src/lxc/caps.h|  36 +--
 src/lxc/cgroup.c  |   7 +-
 src/lxc/conf.c| 105 --
 src/lxc/conf.h|   5 +-
 src/lxc/confile.c |  40 +---
 src/lxc/confile.h |   2 +
 src/lxc/console.c |  10 ++-
 src/lxc/lxc_attach.c  |  10 ++-
 src/lxc/lxc_unshare.c |  13 ++--
 src/lxc/lxclock.c |   1 +
 src/lxc/namespace.c   |   1 -
 src/lxc/namespace.h   |   9 ++-
 src/lxc/network.c |   2 +-
 src/lxc/network.h |   2 +-
 src/lxc/nl.c  |   2 +-
 src/lxc/nl.h  |   2 +-
 src/lxc/parse.c   |  23 +++
 src/lxc/start.c   |  18 +-
 src/lxc/stop.c|   2 +-
 src/lxc/utils.c   |   2 +-
 src/lxc/utils.h   |   2 +-
 src/lxc/utmp.c|   9 +++
 src/lxc/utmp.h|   9 +++
 src/tests/Makefile.am |   7 +-
 34 files changed, 739 insertions(+), 124 deletions(-)
 create mode 100644 src/include/getline.c
 create mode 100644 src/include/getline.h
 create mode 100644 src/include/mntent.c
 create mode 100644 src/include/mntent.h
 create mode 100644 src/include/openpty.c
 create mode 100644 src/include/openpty.h

-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 05/24] No need to link against rt and util on bionic

[Stéphane Graber]

When building on bionic, -lrt and -lutil only cause a build failure.
Dropping those fixes the build, so it appears that the symbols are defined
in the main library.

This commit moves -lrt and -lutil under a !IS_BIONIC check.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/Makefile.am | 12 ++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 23b6772..6fbd79f 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -92,7 +92,11 @@ liblxc_so_LDFLAGS = \
-shared \
-Wl,-soname,liblxc.so.$(firstword $(subst ., ,$(VERSION)))
 
-liblxc_so_LDADD = -lutil $(CAP_LIBS) $(APPARMOR_LIBS) $(SECCOMP_LIBS) -lrt
+liblxc_so_LDADD = $(CAP_LIBS) $(APPARMOR_LIBS) $(SECCOMP_LIBS)
+
+if !IS_BIONIC
+liblxc_so_LDADD += -lutil -lrt
+endif
 
 bin_SCRIPTS = \
lxc-ps \
@@ -138,7 +142,11 @@ AM_LDFLAGS = -Wl,-E
 if ENABLE_RPATH
 AM_LDFLAGS += -Wl,-rpath -Wl,$(libdir)
 endif
-LDADD=liblxc.so @CAP_LIBS@ @APPARMOR_LIBS@ @SECCOMP_LIBS@ -lrt
+LDADD=liblxc.so @CAP_LIBS@ @APPARMOR_LIBS@ @SECCOMP_LIBS@
+
+if !IS_BIONIC
+LDADD += -lrt
+endif
 
 lxc_attach_SOURCES = lxc_attach.c
 lxc_cgroup_SOURCES = lxc_cgroup.c
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 01/24] configure.ac: Add code to detect bionic C library

[Stéphane Graber]

This adds a new IS_BIONIC define that can be used to detect whether we are
building with eglibc or with bionic.

Signed-off-by: Stéphane Graber 
---
 configure.ac | 16 
 1 file changed, 16 insertions(+)

diff --git a/configure.ac b/configure.ac
index 2add6a3..9694d30 100644
--- a/configure.ac
+++ b/configure.ac
@@ -192,6 +192,22 @@ else
 fi
 AC_SUBST([CAP_LIBS])
 
+# Check for alternate C libraries
+AC_MSG_CHECKING(for bionic libc)
+AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
+[[#ifndef __ANDROID__
+error: Not bionic!
+#endif]])],
+   [is_bionic=yes],
+   [is_bionic=no])
+if test "x$is_bionic" = "xyes"; then
+AC_DEFINE([IS_BIONIC], 1, ["bionic libc"])
+AC_MSG_RESULT([yes])
+else
+AC_MSG_RESULT([no])
+fi
+AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
+
 # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 02/24] configure.ac: Cleanup, comments, indent, ...

[Stéphane Graber]

This commit doesn't do any functional change to configure.ac but does a fair
amount of cleaning up.

It re-orders the various blocks by type (options, checks, expands, ...).
It also consistently uses tabs for indents.

Signed-off-by: Stéphane Graber 
---
 configure.ac | 116 +++
 1 file changed, 61 insertions(+), 55 deletions(-)

diff --git a/configure.ac b/configure.ac
index 9694d30..564df0e 100644
--- a/configure.ac
+++ b/configure.ac
@@ -10,10 +10,11 @@ AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability])
 AC_CANONICAL_HOST
 AM_PROG_CC_C_O
 AC_GNU_SOURCE
-AC_CHECK_PROG(SETCAP, setcap, yes, no, $PATH$PATH_SEPARATOR/sbin)
 
+# Detect the distribution. This is used for the default configuration and
+# for some distro-specific build options.
 AC_MSG_CHECKING([host distribution])
-AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux 
distribution to target: One of redhat, oracle, fedora, suse, gentoo, debian, 
arch, slackware, paldo, mandriva or pardus]))
+AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux 
distribution to target: One of redhat, oracle, fedora, suse, gentoo, debian, 
arch, slackware, paldo, mandriva or pardus.]))
 if test "z$with_distro" = "z"; then
with_distro=`lsb_release -is`
 fi
@@ -49,15 +50,15 @@ case $with_distro in
;;
 esac
 AC_MSG_RESULT([$with_distro])
-
 AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o 
x"$with_distro" = "xubuntu"])
 
+# Allow disabling rpath
 AC_ARG_ENABLE([rpath],
[AC_HELP_STRING([--disable-rpath], [do not set rpath in executables])],
[], [enable_rpath=yes])
-
 AM_CONDITIONAL([ENABLE_RPATH], [test "x$enable_rpath" = "xyes"])
 
+# Documentation (manpages)
 AC_ARG_ENABLE([doc],
[AC_HELP_STRING([--enable-doc], [make mans (require docbook2x-man 
installed) [default=auto]])],
[], [enable_doc=auto])
@@ -74,9 +75,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; 
then
done
 
if test -n "${db2xman}"; then
-   AC_MSG_RESULT(${db2xman})
+   AC_MSG_RESULT([${db2xman}])
else
-   AC_MSG_RESULT(no)
+   AC_MSG_RESULT([no])
if test "x$enable_doc" = "xyes"; then
AC_MSG_ERROR([docbook2x-man required by man request, 
but not found])
fi
@@ -84,7 +85,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; 
then
 
AC_SUBST(db2xman)
 fi
+AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"])
 
+# Apparmor
 AC_ARG_ENABLE([apparmor],
[AC_HELP_STRING([--enable-apparmor], [enable apparmor])],
[], [enable_apparmor=check])
@@ -92,14 +95,14 @@ AC_ARG_ENABLE([apparmor],
 if test "$enable_apparmor" = "check" ; then
AC_CHECK_LIB([apparmor],[aa_change_profile],[enable_apparmor=yes], 
[enable_apparmor=no])
 fi
-
 AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"])
 
 AM_COND_IF([ENABLE_APPARMOR],
-[AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install the 
AppArmor development package in order to compile lxc])])
- AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must 
install the AppArmor development package in order to compile lxc])])
- AC_SUBST([APPARMOR_LIBS], [-lapparmor])])
+   [AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install 
the AppArmor development package in order to compile lxc])])
+   AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must 
install the AppArmor development package in order to compile lxc])])
+   AC_SUBST([APPARMOR_LIBS], [-lapparmor])])
 
+# Seccomp syscall filter
 AC_ARG_ENABLE([seccomp],
[AC_HELP_STRING([--enable-seccomp], [enable seccomp])],
[], [enable_seccomp=check])
@@ -107,119 +110,121 @@ AC_ARG_ENABLE([seccomp],
 if test "$enable_seccomp" = "check" ; then

AC_CHECK_LIB([seccomp],[seccomp_init],[enable_seccomp=yes],[enable_seccomp=no])
 fi
-
 AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"])
 
 AM_COND_IF([ENABLE_SECCOMP],
-[AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the 
seccomp development package in order to compile lxc])])
- AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install 
the seccomp development package in order to compile lxc])])
- AC_SUBST([SECCOMP_LIBS], [-lseccomp])])
+   [AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the 
seccomp development package in order to compile lxc])])
+   AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must 
install the seccomp development package in order to compile lxc])])
+   AC_SUBST([SECCOMP_LIBS], [-lseccomp])])
 
 # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0
 AC_CHECK_TYPES([scmp_filter_ctx], [], [], [#include ])
 
-AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"])
-
+# Con

[lxc-devel] [PATCH 04/24] Support both getline and fgetln

[Stéphane Graber]

Some libc implementations don't have the getline function but instead
have an equivalent fgetln function.

Add code to detect both and use whatever is available.

Signed-off-by: Stéphane Graber 
---
 configure.ac  |  3 +++
 src/include/getline.c | 31 +++
 src/include/getline.h |  6 ++
 src/lxc/Makefile.am   | 10 ++
 src/lxc/attach.c  |  8 
 src/lxc/parse.c   |  8 
 6 files changed, 66 insertions(+)
 create mode 100644 src/include/getline.c
 create mode 100644 src/include/getline.h

diff --git a/configure.ac b/configure.ac
index 564df0e..50e64ff 100644
--- a/configure.ac
+++ b/configure.ac
@@ -216,6 +216,9 @@ AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include 
])
 # Check for optional headers
 AC_CHECK_HEADERS([sys/signalfd.h])
 
+# Check for some functions
+AC_CHECK_FUNCS([getline fgetln])
+
 # Check for some standard binaries
 AC_PROG_GCC_TRADITIONAL
 AC_PROG_SED
diff --git a/src/include/getline.c b/src/include/getline.c
new file mode 100644
index 000..d4117cb
--- /dev/null
+++ b/src/include/getline.c
@@ -0,0 +1,31 @@
+#include 
+#include 
+#include 
+#include 
+
+/*
+ * Emulate glibc getline() via BSD fgetln().
+ * Note that outsize is not changed unless memory is allocated.
+ */
+ssize_t
+getline(char **outbuf, size_t *outsize, FILE *fp)
+{
+size_t len;
+char *buf;
+buf = fgetln(fp, &len);
+
+if (buf == NULL)
+return (-1);
+
+/* Assumes realloc() accepts NULL for ptr (C99) */
+if (*outbuf == NULL || *outsize < len + 1) {
+void *tmp = realloc(*outbuf, len + 1);
+if (tmp == NULL)
+return (-1);
+*outbuf = tmp;
+*outsize = len + 1;
+}
+memcpy(*outbuf, buf, len);
+(*outbuf)[len] = '\0';
+return (len);
+}
diff --git a/src/include/getline.h b/src/include/getline.h
new file mode 100644
index 000..b030d7a
--- /dev/null
+++ b/src/include/getline.h
@@ -0,0 +1,6 @@
+#ifndef _getline_h
+#define _getline_h
+
+extern ssize_t getline(char **outbuf, size_t *outsize, FILE *fp);
+
+#endif
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index bf675f9..23b6772 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -17,6 +17,11 @@ pkginclude_HEADERS = \
lxccontainer.h \
lxclock.h
 
+if IS_BIONIC
+pkginclude_HEADERS += \
+   ../include/getline.h
+endif
+
 sodir=$(libdir)
 # use PROGRAMS to avoid complains from automake
 so_PROGRAMS = liblxc.so
@@ -61,6 +66,11 @@ liblxc_so_SOURCES = \
lxclock.h lxclock.c \
lxccontainer.c lxccontainer.h
 
+if IS_BIONIC
+liblxc_so_SOURCES += \
+   ../include/getline.c ../include/getline.h
+endif
+
 AM_CFLAGS=-I$(top_srcdir)/src \
-DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
-DLXCPATH=\"$(LXCPATH)\" \
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index ec0e083..9b7efbc 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -31,6 +31,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #if !HAVE_DECL_PR_CAPBSET_DROP
@@ -56,6 +57,13 @@ int setns(int fd, int nstype)
 #endif
 }
 
+/* Define getline() if missing from the C library */
+#ifndef HAVE_GETLINE
+#ifdef HAVE_FGETLN
+#include <../include/getline.h>
+#endif
+#endif
+
 struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
 {
struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
diff --git a/src/lxc/parse.c b/src/lxc/parse.c
index 10510c9..b074b04 100644
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@@ -29,8 +29,16 @@
 #include 
 
 #include "parse.h"
+#include "config.h"
 #include 
 
+/* Define getline() if missing from the C library */
+#ifndef HAVE_GETLINE
+#ifdef HAVE_FGETLN
+#include <../include/getline.h>
+#endif
+#endif
+
 lxc_log_define(lxc_parse, lxc);
 
 static int dir_filter(const struct dirent *dirent)
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 06/24] Replace get_current_dir_name by getcwd

[Stéphane Graber]

get_current_dir_name appears to be specific to glibc. Replace that call
by an equivalent getcwd call.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/lxc_attach.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index e292bc4..ba98d73 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -164,7 +164,7 @@ int main(int argc, char *argv[])
}
}
 
-   curdir = get_current_dir_name();
+   curdir = getcwd(NULL, 0);
 
/* determine which namespaces the container was created with
 * by asking lxc-start
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 07/24] Add/remove extra includes

[Stéphane Graber]

While cross-building with bionic, a number of failures were triggered by some
missing includes and in a few cases by extra unused includes.

This commit updates the various headers based on those observations.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/conf.h  | 1 +
 src/lxc/confile.c   | 1 -
 src/lxc/confile.h   | 2 ++
 src/lxc/console.c   | 2 +-
 src/lxc/lxclock.c   | 1 +
 src/lxc/namespace.c | 1 -
 src/lxc/namespace.h | 2 +-
 src/lxc/start.c | 3 +++
 src/lxc/stop.c  | 2 +-
 9 files changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/lxc/conf.h b/src/lxc/conf.h
index fa3aada..1f9b861 100644
--- a/src/lxc/conf.h
+++ b/src/lxc/conf.h
@@ -26,6 +26,7 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 
 #include 
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 1d87227..a725b78 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -27,7 +27,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/src/lxc/confile.h b/src/lxc/confile.h
index a96efce..bfa44ad 100644
--- a/src/lxc/confile.h
+++ b/src/lxc/confile.h
@@ -21,6 +21,8 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
+#include 
+
 #ifndef _confile_h
 #define _confile_h
 
diff --git a/src/lxc/console.c b/src/lxc/console.c
index 1eb3581..5873827 100644
--- a/src/lxc/console.c
+++ b/src/lxc/console.c
@@ -28,7 +28,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 
 #include "log.h"
 #include "conf.h"
diff --git a/src/lxc/lxclock.c b/src/lxc/lxclock.c
index 2d10d77..bbc39ef 100644
--- a/src/lxc/lxclock.c
+++ b/src/lxc/lxclock.c
@@ -19,6 +19,7 @@
 
 #include "lxclock.h"
 #include 
+#include 
 
 #define OFLAG (O_CREAT | O_RDWR)
 #define SEMMODE 0660
diff --git a/src/lxc/namespace.c b/src/lxc/namespace.c
index 3fa027b..d10efdc 100644
--- a/src/lxc/namespace.c
+++ b/src/lxc/namespace.c
@@ -25,7 +25,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
diff --git a/src/lxc/namespace.h b/src/lxc/namespace.h
index 715dffa..109e0bb 100644
--- a/src/lxc/namespace.h
+++ b/src/lxc/namespace.h
@@ -23,7 +23,7 @@
 #ifndef __namespace_h
 #define __namespace_h
 
-#include 
+#include 
 #include 
 
 #ifndef CLONE_FS
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 82a74d8..3452022 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -38,12 +38,14 @@
 #include 
 #include 
 #include 
+#include 
 #include 
 #include 
 #include 
 #include 
 #include 
 #include 
+#include 
 
 #ifdef HAVE_SYS_SIGNALFD_H
 #  include 
@@ -128,6 +130,7 @@ int signalfd(int fd, const sigset_t *mask, int flags)
 #include "namespace.h"
 #include "apparmor.h"
 #include "lxcseccomp.h"
+#include "caps.h"
 
 lxc_log_define(lxc_start, lxc);
 
diff --git a/src/lxc/stop.c b/src/lxc/stop.c
index 884ecce..1cacdca 100644
--- a/src/lxc/stop.c
+++ b/src/lxc/stop.c
@@ -26,7 +26,7 @@
 #include 
 #include 
 #include 
-#include 
+#include 
 #include 
 #include 
 #include 
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 17/24] caps.h: Rename __errno to ___errno

[Stéphane Graber]

At least bionic defines __errno, so this was causing a conflict in caps.h
leading to build failure. Renaming to ___errno avoids that conflicting
definition.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/caps.h | 12 ++--
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index dc3fd6f..b5b8345 100644
--- a/src/lxc/caps.h
+++ b/src/lxc/caps.h
@@ -58,28 +58,28 @@ static inline int lxc_caps_last_cap(void) {
 #define lxc_priv(__lxc_function)   \
({  \
__label__ out;  \
-   int __ret, __ret2, __errno = 0; \
+   int __ret, __ret2, ___errno = 0;\
__ret = lxc_caps_up();  \
if (__ret)  \
goto out;   \
__ret = __lxc_function; \
if (__ret)  \
-   __errno = errno;\
+   ___errno = errno;   \
__ret2 = lxc_caps_down();   \
-   out:__ret ? errno = __errno,__ret : __ret2; \
+   out:__ret ? errno = ___errno,__ret : __ret2;\
})
 
 #define lxc_unpriv(__lxc_function) \
({  \
__label__ out;  \
-   int __ret, __ret2, __errno = 0; \
+   int __ret, __ret2, ___errno = 0;\
__ret = lxc_caps_down();\
if (__ret)  \
goto out;   \
__ret = __lxc_function; \
if (__ret)  \
-   __errno = errno;\
+   ___errno = errno;   \
__ret2 = lxc_caps_up(); \
-   out:__ret ? errno = __errno,__ret : __ret2; \
+   out:__ret ? errno = ___errno,__ret : __ret2;\
})
 #endif
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 14/24] Make utmpx.h optional

[Stéphane Graber]

This adds code detecting the presence of utmpx.h and in its absence, turns the
utmp related functions into no-ops.

Signed-off-by: Stéphane Graber 
---
 configure.ac   | 2 +-
 src/lxc/utmp.c | 9 +
 src/lxc/utmp.h | 9 +
 3 files changed, 19 insertions(+), 1 deletion(-)

diff --git a/configure.ac b/configure.ac
index bc2ddc4..0d50bec 100644
--- a/configure.ac
+++ b/configure.ac
@@ -221,7 +221,7 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
 # Check for some headers
-AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h])
+AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h 
utmpx.h])
 
 # Check for some syscalls functions
 AC_CHECK_FUNCS([setns pivot_root sethostname unshare])
diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c
index a7b9b52..f32ed63 100644
--- a/src/lxc/utmp.c
+++ b/src/lxc/utmp.c
@@ -21,6 +21,10 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
+#include "config.h"
+
+#ifdef HAVE_UTMPX_H
+
 #include 
 #include 
 #include 
@@ -37,7 +41,10 @@
 #include "mainloop.h"
 #include "lxc.h"
 #include "log.h"
+
+#ifndef __USE_GNU
 #define __USE_GNU
+#endif
 #include 
 #undef __USE_GNU
 
@@ -410,3 +417,5 @@ int lxc_utmp_del_timer(struct lxc_epoll_descr *descr,
else
return 0;
 }
+
+#endif
diff --git a/src/lxc/utmp.h b/src/lxc/utmp.h
index ac3eee4..1bd7c23 100644
--- a/src/lxc/utmp.h
+++ b/src/lxc/utmp.h
@@ -21,8 +21,17 @@
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
 
+#include "config.h"
+
 struct lxc_handler;
 struct lxc_epoll_descr;
 
+#ifdef HAVE_UTMPX_H
 int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
  struct lxc_handler *handler);
+#else
+static inline int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
+ struct lxc_handler *handler) {
+   return -1;
+}
+#endif
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 13/24] Workaround missing functions in other libc

[Stéphane Graber]

Some libc implementation (bionic) is lacking some of the syscall functions
that are present in the glibc.

For those, detect at build time the they are missing and implement a minimal
syscall() wrapper that will essentially give the same result as the glibc
function.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 configure.ac |  3 +++
 src/lxc/attach.c | 26 +-
 src/lxc/conf.c   | 31 +--
 3 files changed, 53 insertions(+), 7 deletions(-)

diff --git a/configure.ac b/configure.ac
index 6c0db3c..bc2ddc4 100644
--- a/configure.ac
+++ b/configure.ac
@@ -223,6 +223,9 @@ AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include 
])
 # Check for some headers
 AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h])
 
+# Check for some syscalls functions
+AC_CHECK_FUNCS([setns pivot_root sethostname unshare])
+
 # Check for some functions
 AC_CHECK_FUNCS([getline fgetln openpty])
 
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 9b7efbc..b86d2f4 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -47,15 +47,31 @@
 
 lxc_log_define(lxc_attach, lxc);
 
-int setns(int fd, int nstype)
+/* Define setns() if missing from the C library */
+#ifndef HAVE_SETNS
+static int setns(int fd, int nstype)
 {
-#ifndef __NR_setns
-   errno = ENOSYS;
-   return -1;
+#ifdef __NR_setns
+return syscall(__NR_setns, fd, nstype);
 #else
-   return syscall(__NR_setns, fd, nstype);
+errno = ENOSYS;
+return -1;
 #endif
 }
+#endif
+
+/* Define unshare() if missing from the C library */
+#ifndef HAVE_UNSHARE
+static int unshare(int flags)
+{
+#ifdef __NR_unshare
+return syscall(__NR_unshare, flags);
+#else
+errno = ENOSYS;
+return -1;
+#endif
+}
+#endif
 
 /* Define getline() if missing from the C library */
 #ifndef HAVE_GETLINE
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2136feb..4a2fd22 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -31,6 +31,7 @@
 #include 
 #include 
 #include 
+#include 
 
 #if HAVE_PTY_H
 #include 
@@ -132,11 +133,37 @@ lxc_log_define(lxc_conf, lxc);
 #define LO_FLAGS_AUTOCLEAR 4
 #endif
 
+/* Define pivot_root() if missing from the C library */
+#ifndef HAVE_PIVOT_ROOT
+static int pivot_root(const char * new_root, const char * put_old)
+{
+#ifdef __NR_pivot_root
+return syscall(__NR_pivot_root, new_root, put_old);
+#else
+errno = ENOSYS;
+return -1;
+#endif
+}
+#else
+extern int pivot_root(const char * new_root, const char * put_old);
+#endif
+
+/* Define sethostname() if missing from the C library */
+#ifndef HAVE_SETHOSTNAME
+static int sethostname(const char * name, size_t len)
+{
+#ifdef __NR_sethostname
+return syscall(__NR_sethostname, name, len);
+#else
+errno = ENOSYS;
+return -1;
+#endif
+}
+#endif
+
 char *lxchook_names[NUM_LXC_HOOKS] = {
"pre-start", "pre-mount", "mount", "start", "post-stop" };
 
-extern int pivot_root(const char * new_root, const char * put_old);
-
 typedef int (*instanciate_cb)(struct lxc_handler *, struct lxc_netdev *);
 
 struct mount_opt {
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 12/24] personality.h: Make the personality code optional

[Stéphane Graber]

Some platforms don't have personality.h in their C library, this change
adds buildtime detection for the header and turns off the personality setting
code in those cases.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 configure.ac |  2 +-
 src/lxc/conf.c   |  7 ++-
 src/lxc/confile.c| 16 ++--
 src/lxc/lxc_attach.c |  8 +++-
 4 files changed, 28 insertions(+), 5 deletions(-)

diff --git a/configure.ac b/configure.ac
index 22b45cd..6c0db3c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -221,7 +221,7 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
 # Check for some headers
-AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h])
+AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h])
 
 # Check for some functions
 AC_CHECK_FUNCS([getline fgetln openpty])
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 25b75d7..2136feb 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -48,7 +48,6 @@
 #include 
 #include 
 #include 
-#include 
 
 #include 
 #include 
@@ -74,6 +73,10 @@
 #include 
 #endif
 
+#if HAVE_SYS_PERSONALITY_H
+#include 
+#endif
+
 #include "lxcseccomp.h"
 
 lxc_log_define(lxc_conf, lxc);
@@ -1195,6 +1198,7 @@ out:
 
 static int setup_personality(int persona)
 {
+   #if HAVE_SYS_PERSONALITY_H
if (persona == -1)
return 0;
 
@@ -1204,6 +1208,7 @@ static int setup_personality(int persona)
}
 
INFO("set personality to '0x%x'", persona);
+   #endif
 
return 0;
 }
diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index a725b78..940f0a9 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -31,12 +31,12 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 #include 
 
 #include "parse.h"
+#include "config.h"
 #include "confile.h"
 #include "utils.h"
 
@@ -44,6 +44,10 @@
 #include 
 #include "network.h"
 
+#if HAVE_SYS_PERSONALITY_H
+#include 
+#endif
+
 lxc_log_define(lxc_confile, lxc);
 
 static int config_personality(const char *, const char *, struct lxc_conf *);
@@ -1301,6 +1305,7 @@ int lxc_config_define_load(struct lxc_list *defines, 
struct lxc_conf *conf)
 
 signed long lxc_config_parse_arch(const char *arch)
 {
+   #if HAVE_SYS_PERSONALITY_H
struct per_name {
char *name;
unsigned long per;
@@ -1318,6 +1323,7 @@ signed long lxc_config_parse_arch(const char *arch)
if (!strcmp(pername[i].name, arch))
return pername[i].per;
}
+   #endif
 
return -1;
 }
@@ -1333,18 +1339,22 @@ static int lxc_get_conf_int(struct lxc_conf *c, char 
*retv, int inlen, int v)
 
 static int lxc_get_arch_entry(struct lxc_conf *c, char *retv, int inlen)
 {
-   int len, fulllen = 0;
+   int fulllen = 0;
 
if (!retv)
inlen = 0;
else
memset(retv, 0, inlen);
 
+   #if HAVE_SYS_PERSONALITY_H
+   int len = 0;
+
switch(c->personality) {
case PER_LINUX32: strprint(retv, inlen, "x86"); break;
case PER_LINUX: strprint(retv, inlen, "x86_64"); break;
default: break;
}
+   #endif
 
return fulllen;
 }
@@ -1664,11 +1674,13 @@ void write_config(FILE *fout, struct lxc_conf *c)
fprintf(fout, "lxc.pts = %d\n", c->pts);
if (c->ttydir)
fprintf(fout, "lxc.devttydir = %s\n", c->ttydir);
+   #if HAVE_SYS_PERSONALITY_H
switch(c->personality) {
case PER_LINUX32: fprintf(fout, "lxc.arch = x86\n"); break;
case PER_LINUX: fprintf(fout, "lxc.arch = x86_64\n"); break;
default: break;
}
+   #endif
 #if HAVE_APPARMOR
if (c->aa_profile)
fprintf(fout, "lxc.aa_profile = %s\n", c->aa_profile);
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index ba98d73..851a37a 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -29,19 +29,23 @@
 #include 
 #include 
 #include 
-#include 
 
 #include "attach.h"
 #include "commands.h"
 #include "arguments.h"
 #include "caps.h"
 #include "cgroup.h"
+#include "config.h"
 #include "confile.h"
 #include "start.h"
 #include "sync.h"
 #include "log.h"
 #include "namespace.h"
 
+#if HAVE_SYS_PERSONALITY_H
+#include 
+#endif
+
 lxc_log_define(lxc_attach_ui, lxc);
 
 static const struct option my_longopts[] = {
@@ -273,6 +277,7 @@ int main(int argc, char *argv[])
}
}
 
+   #if HAVE_SYS_PERSONALITY_H
if (new_personality < 0)
new_personality = init_ctx->personality;
 
@@ -281,6 +286,7 @@ int main(int argc, char *argv[])
  strerror(errno));
return -1;
}
+   #endif
 
if (!elevated_privileges && lxc_attach_drop_privs(init_ctx)) {
ERROR("could not drop privileges");
-- 

[lxc-devel] [PATCH 20/24] lxc_unshare: Replace getpw*_r by getpw*

[Stéphane Graber]

Bionic and maybe some other libc implementations lack the _r nss functions.
This replaces our current getpwnam_r and getpwuid_r calls by getpwnam and
getpwuid.

Signed-off-by: Stéphane Graber 
---
 src/lxc/lxc_unshare.c | 13 ++---
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/src/lxc/lxc_unshare.c b/src/lxc/lxc_unshare.c
index 3a848b2..df91456 100644
--- a/src/lxc/lxc_unshare.c
+++ b/src/lxc/lxc_unshare.c
@@ -54,12 +54,9 @@ void usage(char *cmd)
 
 static uid_t lookup_user(const char *optarg)
 {
-   int bufflen = sysconf(_SC_GETPW_R_SIZE_MAX);
-   char buff[bufflen];
char name[sysconf(_SC_LOGIN_NAME_MAX)];
uid_t uid = -1;
-   struct passwd pwent;
-   struct passwd *pent;
+   struct passwd *pwent = NULL;
 
if (!optarg || (optarg[0] == '\0'))
return uid;
@@ -69,13 +66,15 @@ static uid_t lookup_user(const char *optarg)
if (sscanf(optarg, "%s", name) < 1)
return uid;
 
-   if (getpwnam_r(name, &pwent, buff, bufflen, &pent) || !pent) {
+   pwent = getpwnam(name);
+   if (!pwent) {
ERROR("invalid username %s", name);
return uid;
}
-   uid = pent->pw_uid;
+   uid = pwent->pw_uid;
} else {
-   if (getpwuid_r(uid, &pwent, buff, bufflen, &pent) || !pent) {
+   pwent = getpwuid(uid);
+   if (!pwent) {
ERROR("invalid uid %d", uid);
uid = -1;
return uid;
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 19/24] conf.c: Cleanup __S_ISTYPE

[Stéphane Graber]

__S_ISTYPE doesn't exist in all C libraries, so define it if it's missing.
Additionaly, replace one occurence where it wasn't actually needed.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/conf.c | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index e6efcf0..3c44ea5 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -166,6 +166,11 @@ return -1;
 }
 #endif
 
+/* Define __S_ISTYPE if missing from the C library */
+#ifndef __S_ISTYPE
+#define__S_ISTYPE(mode, mask)  (((mode) & S_IFMT) == (mask))
+#endif
+
 char *lxchook_names[NUM_LXC_HOOKS] = {
"pre-start", "pre-mount", "mount", "start", "post-stop" };
 
@@ -590,7 +595,7 @@ int pin_rootfs(const char *rootfs)
return -1;
}
 
-   if (!__S_ISTYPE(s.st_mode, S_IFDIR))
+   if (!S_ISDIR(s.st_mode))
return -2;
 
ret = snprintf(absrootfspin, MAXPATHLEN, "%s%s", absrootfs, ".hold");
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 15/24] Add a bionic_alphasort function on bionic

[Stéphane Graber]

alphasort doesn't have the right signature on bionic which causes the build to
fail. This implements a new bionic_alphasort function when building on bionic
providing the right signature and a functional equivalent of glibc's alphasort.

This signature problem with alphasort was fixed in upstream bionic but hasn't
been released yet. This commit can therefore be reverted as soon as the
following commit hits the Android NDK: 40e467ec668b59be25491bd44bf348a884d6a68d

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/lxc/parse.c | 15 +++
 1 file changed, 15 insertions(+)

diff --git a/src/lxc/parse.c b/src/lxc/parse.c
index b074b04..35da94e 100644
--- a/src/lxc/parse.c
+++ b/src/lxc/parse.c
@@ -39,6 +39,17 @@
 #endif
 #endif
 
+/* Workaround for the broken signature of alphasort() in bionic.
+   This was fixed upstream in 40e467ec668b59be25491bd44bf348a884d6a68d so the
+   workaround can probably be dropped with the next version of the Android NDK.
+ */
+#ifdef IS_BIONIC
+int bionic_alphasort(const struct dirent** a, const struct dirent** b) {
+   return strcoll((*a)->d_name, (*b)->d_name);
+}
+#endif
+
+
 lxc_log_define(lxc_parse, lxc);
 
 static int dir_filter(const struct dirent *dirent)
@@ -55,7 +66,11 @@ int lxc_dir_for_each(const char *name, const char *directory,
struct dirent **namelist;
int n, ret = 0;
 
+#ifdef IS_BIONIC
+   n = scandir(directory, &namelist, dir_filter, bionic_alphasort);
+#else
n = scandir(directory, &namelist, dir_filter, alphasort);
+#endif
if (n < 0) {
SYSERROR("failed to scan %s directory", directory);
return -1;
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 22/24] Don't call setup_mount_entries if the list is empty

[Stéphane Graber]

There's no good reason to call setup_mount_entries if we don't have any
lxc.mount.entry. This also avoids an issue on bionic where the tmpfile()
call in setup_mount_entries requires the presence of /tmp which isn't the
case by default.

Signed-off-by: Stéphane Graber 
---
 src/lxc/conf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 3c44ea5..945c3b8 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -2599,7 +2599,7 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
return -1;
}
 
-   if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, 
name)) {
+   if (!lxc_list_empty(&lxc_conf->mount_list) && 
setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
ERROR("failed to setup the mount entries for '%s'", name);
return -1;
}
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 24/24] Makefile.am: Add missing liblxc symlink

[Stéphane Graber]

Signed-off-by: Stéphane Graber 
---
 src/lxc/Makefile.am | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 8bc7b4b..85d8e77 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -173,6 +173,7 @@ install-exec-local: install-soPROGRAMS
mv $(DESTDIR)$(libdir)/liblxc.so 
$(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
/sbin/ldconfig -l $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
cd $(DESTDIR)$(libdir); \
+   ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., 
,$(VERSION))); \
ln -sf liblxc.so.$(firstword $(subst ., ,$(VERSION))) liblxc.so
 
 uninstall-local:
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 16/24] Replace strdupa call by standard strdup

[Stéphane Graber]

strdupa appears to only exist in the standard glibc but at least not in bionic.
Replace the two strdupa calls we have by a standard strdup.

Signed-off-by: Stéphane Graber 
---
 src/lxc/confile.c | 23 ---
 1 file changed, 16 insertions(+), 7 deletions(-)

diff --git a/src/lxc/confile.c b/src/lxc/confile.c
index 940f0a9..6b75b6a 100644
--- a/src/lxc/confile.c
+++ b/src/lxc/confile.c
@@ -580,7 +580,11 @@ static int config_network_ipv4(const char *key, const char 
*value,
lxc_list_init(list);
list->elem = inetdev;
 
-   addr = strdupa(value);
+   addr = strdup(value);
+   if (!addr) {
+   ERROR("no address specified");
+   return -1;
+   }
 
cursor = strstr(addr, " ");
if (cursor) {
@@ -594,18 +598,15 @@ static int config_network_ipv4(const char *key, const 
char *value,
prefix = slash + 1;
}
 
-   if (!addr) {
-   ERROR("no address specified");
-   return -1;
-   }
-
if (!inet_pton(AF_INET, addr, &inetdev->addr)) {
SYSERROR("invalid ipv4 address: %s", value);
+   free(addr);
return -1;
}
 
if (bcast && !inet_pton(AF_INET, bcast, &inetdev->bcast)) {
SYSERROR("invalid ipv4 broadcast address: %s", value);
+   free(addr);
return -1;
}
 
@@ -624,6 +625,7 @@ static int config_network_ipv4(const char *key, const char 
*value,
 
lxc_list_add(&netdev->ipv4, list);
 
+   free(addr);
return 0;
 }
 
@@ -693,7 +695,12 @@ static int config_network_ipv6(const char *key, const char 
*value,
lxc_list_init(list);
list->elem = inet6dev;
 
-   valdup = strdupa(value);
+   valdup = strdup(value);
+   if (!valdup) {
+   ERROR("no address specified");
+   return -1;
+   }
+
inet6dev->prefix = 64;
slash = strstr(valdup, "/");
if (slash) {
@@ -704,11 +711,13 @@ static int config_network_ipv6(const char *key, const 
char *value,
 
if (!inet_pton(AF_INET6, value, &inet6dev->addr)) {
SYSERROR("invalid ipv6 address: %s", value);
+   free(valdup);
return -1;
}
 
lxc_list_add(&netdev->ipv6, list);
 
+   free(valdup);
return 0;
 }
 
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 11/24] Don't hard depend on capability.h and libcap

[Stéphane Graber]

In the effort to make LXC work with non-standard Linux distros, this change
allows for the user to build LXC without capability support through a new
--disable-capabilities option to configure.

This effectively will cause LXC not to link against libcap and will turn all
the _cap_ functions into no-ops.

Signed-off-by: Stéphane Graber 
---
 configure.ac| 27 +--
 src/lxc/caps.c  |  6 +-
 src/lxc/caps.h  | 24 
 src/lxc/conf.c  | 11 ++-
 src/lxc/start.c | 15 ++-
 5 files changed, 70 insertions(+), 13 deletions(-)

diff --git a/configure.ac b/configure.ac
index ea98f02..22b45cd 100644
--- a/configure.ac
+++ b/configure.ac
@@ -180,17 +180,24 @@ AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h 
linux/genetlink.h],
AC_MSG_ERROR([Please install the Linux kernel 
headers.]),
[#include ])
 
+# Allow disabling libcap support
+AC_ARG_ENABLE([capabilities],
+   [AC_HELP_STRING([--disable-capabilities], [disable kernel 
capabilities])],
+   [], [enable_capabilities=yes])
+
 # Check for libcap support
-AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([Please install the 
libcap development files.]),
-[#include 
-#include ])
-AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
-AC_MSG_CHECKING([linux capabilities])
-if test "x$caplib" = "xyes" ; then
-   CAP_LIBS="-lcap"
-   AC_MSG_RESULT([$CAP_LIBS])
+if test "x$enable_capabilities" = "xyes"; then
+   AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
+   AC_MSG_CHECKING([linux capabilities])
+   if test "x$caplib" = "xyes" ; then
+   CAP_LIBS="-lcap"
+   AC_MSG_RESULT([$CAP_LIBS])
+   else
+   AC_MSG_RESULT([no])
+   AC_MSG_ERROR([You are missing libcap support. If you really 
want to build without kernel capabilities, use --disable-capabilities])
+   fi
 else
-   AC_MSG_ERROR([not found])
+   CAP_LIBS=""
 fi
 AC_SUBST([CAP_LIBS])
 
@@ -214,7 +221,7 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
 # Check for some headers
-AC_CHECK_HEADERS([sys/signalfd.h pty.h])
+AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h])
 
 # Check for some functions
 AC_CHECK_FUNCS([getline fgetln openpty])
diff --git a/src/lxc/caps.c b/src/lxc/caps.c
index 94c134d..53c552b 100644
--- a/src/lxc/caps.c
+++ b/src/lxc/caps.c
@@ -27,13 +27,16 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 
+#include "config.h"
 #include "log.h"
 
 lxc_log_define(lxc_caps, lxc);
 
+#if HAVE_SYS_CAPABILITY_H
+#include 
+
 int lxc_caps_reset(void)
 {
cap_t cap = cap_init();
@@ -258,3 +261,4 @@ int lxc_caps_check(void)
 
return 1;
 }
+#endif
diff --git a/src/lxc/caps.h b/src/lxc/caps.h
index 88cf09e..dc3fd6f 100644
--- a/src/lxc/caps.h
+++ b/src/lxc/caps.h
@@ -20,9 +20,12 @@
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
  */
+#include "config.h"
+
 #ifndef _caps_h
 #define _caps_h
 
+#if HAVE_SYS_CAPABILITY_H
 extern int lxc_caps_reset(void);
 extern int lxc_caps_down(void);
 extern int lxc_caps_up(void);
@@ -30,6 +33,27 @@ extern int lxc_caps_init(void);
 extern int lxc_caps_check(void);
 
 extern int lxc_caps_last_cap(void);
+#else
+static inline int lxc_caps_reset(void) {
+return 0;
+}
+static inline int lxc_caps_down(void) {
+return 0;
+}
+static inline int lxc_caps_up(void) {
+return 0;
+}
+static inline int lxc_caps_init(void) {
+return 0;
+}
+static inline int lxc_caps_check(void) {
+return 1;
+}
+
+static inline int lxc_caps_last_cap(void) {
+return 0;
+}
+#endif
 
 #define lxc_priv(__lxc_function)   \
({  \
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 49bba2a..25b75d7 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -48,7 +48,6 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 
 #include 
@@ -71,6 +70,10 @@
 #include 
 #endif
 
+#if HAVE_SYS_CAPABILITY_H
+#include 
+#endif
+
 #include "lxcseccomp.h"
 
 lxc_log_define(lxc_conf, lxc);
@@ -104,6 +107,7 @@ lxc_log_define(lxc_conf, lxc);
 #define MS_STRICTATIME (1 << 24)
 #endif
 
+#if HAVE_SYS_CAPABILITY_H
 #ifndef CAP_SETFCAP
 #define CAP_SETFCAP 31
 #endif
@@ -115,6 +119,7 @@ lxc_log_define(lxc_conf, lxc);
 #ifndef CAP_MAC_ADMIN
 #define CAP_MAC_ADMIN 33
 #endif
+#endif
 
 #ifndef PR_CAPBSET_DROP
 #define PR_CAPBSET_DROP 24
@@ -199,6 +204,7 @@ static struct mount_opt mount_opt[] = {
{ NULL,0, 0  },
 };
 
+#if HAVE_SYS_CAPABILITY_H
 static struct caps_opt caps_opt[] = {
{ "chown", CAP_CHOWN },
{ "dac_override",  CAP_DAC_OVERRIDE  },
@@ -245,6 +251,9 @@ static struct caps_opt caps_opt[] = {
{ "wake_ala

[lxc-devel] [PATCH 18/24] Add local implementation of mntent.h

[Stéphane Graber]

Bionic (at least) is missing some of the usual mntent functions.
This adds code defining those that we need when they're missing from the C
library.

Signed-off-by: Stéphane Graber 
---
 configure.ac |   2 +-
 src/include/mntent.c | 173 +++
 src/include/mntent.h |  32 ++
 src/lxc/Makefile.am  |   6 +-
 src/lxc/cgroup.c |   7 ++-
 src/lxc/conf.c   |   7 ++-
 6 files changed, 222 insertions(+), 5 deletions(-)
 create mode 100644 src/include/mntent.c
 create mode 100644 src/include/mntent.h

diff --git a/configure.ac b/configure.ac
index 0d50bec..3770e8b 100644
--- a/configure.ac
+++ b/configure.ac
@@ -227,7 +227,7 @@ AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h 
sys/personality.h utmpx.
 AC_CHECK_FUNCS([setns pivot_root sethostname unshare])
 
 # Check for some functions
-AC_CHECK_FUNCS([getline fgetln openpty])
+AC_CHECK_FUNCS([getline fgetln openpty hasmntopt setmntent endmntent])
 
 # Check for some standard binaries
 AC_PROG_GCC_TRADITIONAL
diff --git a/src/include/mntent.c b/src/include/mntent.c
new file mode 100644
index 000..a96cd81
--- /dev/null
+++ b/src/include/mntent.c
@@ -0,0 +1,173 @@
+#include 
+#include 
+#include 
+
+/* Since the values in a line are separated by spaces, a name cannot
+ contain a space. Therefore some programs encode spaces in names
+ by the strings "\040". We undo the encoding when reading an entry.
+ The decoding happens in place. */
+static char *
+decode_name (char *buf)
+{
+char *rp = buf;
+char *wp = buf;
+
+do
+if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '4' && rp[3] == '0')
+{
+/* \040 is a SPACE. */
+*wp++ = ' ';
+rp += 3;
+}
+else if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '1' && rp[3] == '1')
+{
+/* \011 is a TAB. */
+*wp++ = '\t';
+rp += 3;
+}
+else if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '1' && rp[3] == '2')
+{
+/* \012 is a NEWLINE. */
+*wp++ = '\n';
+rp += 3;
+}
+else if (rp[0] == '\\' && rp[1] == '\\')
+{
+/* We have to escape \\ to be able to represent all characters. */
+*wp++ = '\\';
+rp += 1;
+}
+else if (rp[0] == '\\' && rp[1] == '1' && rp[2] == '3' && rp[3] == '4')
+{
+/* \134 is also \\. */
+*wp++ = '\\';
+rp += 3;
+}
+else
+*wp++ = *rp;
+while (*rp++ != '\0');
+
+return buf;
+}
+
+/* Read one mount table entry from STREAM. Returns a pointer to storage
+ reused on the next call, or null for EOF or error (use feof/ferror to
+ check). */
+struct mntent *getmntent_r (FILE *stream, struct mntent *mp, char *buffer, int 
bufsiz)
+{
+char *cp;
+char *head;
+
+do
+{
+char *end_ptr;
+
+if (fgets (buffer, bufsiz, stream) == NULL)
+{
+return NULL;
+}
+
+end_ptr = strchr (buffer, '\n');
+if (end_ptr != NULL) /* chop newline */
+*end_ptr = '\0';
+else
+{
+/* Not the whole line was read. Do it now but forget it. */
+char tmp[1024];
+while (fgets (tmp, sizeof tmp, stream) != NULL)
+if (strchr (tmp, '\n') != NULL)
+break;
+}
+
+head = buffer + strspn (buffer, " \t");
+/* skip empty lines and comment lines: */
+}
+while (head[0] == '\0' || head[0] == '#');
+
+cp = strsep (&head, " \t");
+mp->mnt_fsname = cp != NULL ? decode_name (cp) : (char *) "";
+if (head)
+head += strspn (head, " \t");
+cp = strsep (&head, " \t");
+mp->mnt_dir = cp != NULL ? decode_name (cp) : (char *) "";
+if (head)
+head += strspn (head, " \t");
+cp = strsep (&head, " \t");
+mp->mnt_type = cp != NULL ? decode_name (cp) : (char *) "";
+if (head)
+head += strspn (head, " \t");
+cp = strsep (&head, " \t");
+mp->mnt_opts = cp != NULL ? decode_name (cp) : (char *) "";
+switch (head ? sscanf (head, " %d %d ", &mp->mnt_freq, &mp->mnt_passno) : 
0)
+{
+case 0:
+mp->mnt_freq = 0;
+case 1:
+mp->mnt_passno = 0;
+case 2:
+break;
+}
+
+return mp;
+}
+
+struct mntent *getmntent (FILE *stream)
+{
+static struct mntent m;
+static char *getmntent_buffer;
+
+#define BUFFER_SIZE 4096
+if (getmntent_buffer == NULL) {
+getmntent_buffer = (char *) malloc (BUFFER_SIZE);
+}
+
+return getmntent_r (stream, &m, getmntent_buffer, BUFFER_SIZE);
+#undef BUFFER_SIZE
+}
+
+
+/* Prepare to begin reading and/or writing mount table entries from the
+ beginning of FILE. MODE is as for `fopen'. */
+FILE *setmntent (const char *file, const char *mode)
+{
+/* Extend the mode parameter with "c" to disable cancellation in the
+I/O functions and "e" to set FD_CLOEXEC. */
+size_t modelen = strlen (mode);
+char newmode[modelen + 3];
+me

[lxc-devel] [PATCH 10/24] tty.h: Ship our own minimal openpty.h

[Stéphane Graber]

bionic is missing an openpty() function, so ship our own and only
build it and use it on bionic.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 configure.ac  |  6 ++---
 src/include/openpty.c | 72 +++
 src/include/openpty.h | 14 ++
 src/lxc/Makefile.am   |  6 +++--
 src/lxc/conf.c|  5 
 src/lxc/console.c |  8 +-
 6 files changed, 105 insertions(+), 6 deletions(-)
 create mode 100644 src/include/openpty.c
 create mode 100644 src/include/openpty.h

diff --git a/configure.ac b/configure.ac
index 50e64ff..ea98f02 100644
--- a/configure.ac
+++ b/configure.ac
@@ -213,11 +213,11 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
 # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
 AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
 
-# Check for optional headers
-AC_CHECK_HEADERS([sys/signalfd.h])
+# Check for some headers
+AC_CHECK_HEADERS([sys/signalfd.h pty.h])
 
 # Check for some functions
-AC_CHECK_FUNCS([getline fgetln])
+AC_CHECK_FUNCS([getline fgetln openpty])
 
 # Check for some standard binaries
 AC_PROG_GCC_TRADITIONAL
diff --git a/src/include/openpty.c b/src/include/openpty.c
new file mode 100644
index 000..0c1fecc
--- /dev/null
+++ b/src/include/openpty.c
@@ -0,0 +1,72 @@
+/* Copyright (C) 1998, 1999, 2004 Free Software Foundation, Inc.
+   This file is part of the GNU C Library.
+   Contributed by Zack Weinberg , 1998.
+
+   The GNU C Library is free software; you can redistribute it and/or
+   modify it under the terms of the GNU Lesser General Public
+   License as published by the Free Software Foundation; either
+   version 2.1 of the License, or (at your option) any later version.
+
+   The GNU C Library is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+   Lesser General Public License for more details.
+
+   You should have received a copy of the GNU Lesser General Public
+   License along with the GNU C Library; if not, write to the Free
+   Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
+   02111-1307 USA.  */
+
+#define _XOPEN_SOURCE   /* See feature_test_macros(7) */
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#define _PATH_DEVPTMX "/dev/ptmx"
+
+int openpty (int *amaster, int *aslave, char *name, struct termios *termp,
+   struct winsize *winp)
+{
+   char buf[PATH_MAX];
+   int master, slave;
+
+   master = open(_PATH_DEVPTMX, O_RDWR);
+   if (master == -1)
+   return -1;
+
+   if (grantpt(master))
+   goto fail;
+
+   if (unlockpt(master))
+   goto fail;
+
+   if (ptsname_r(master, buf, sizeof buf))
+   goto fail;
+
+   slave = open(buf, O_RDWR | O_NOCTTY);
+   if (slave == -1)
+   goto fail;
+
+   /* XXX Should we ignore errors here?  */
+   if (termp)
+   tcsetattr(slave, TCSAFLUSH, termp);
+   if (winp)
+   ioctl(slave, TIOCSWINSZ, winp);
+
+   *amaster = master;
+   *aslave = slave;
+   if (name != NULL)
+   strcpy(name, buf);
+
+   return 0;
+
+fail:
+   close(master);
+   return -1;
+}
diff --git a/src/include/openpty.h b/src/include/openpty.h
new file mode 100644
index 000..f5fa152
--- /dev/null
+++ b/src/include/openpty.h
@@ -0,0 +1,14 @@
+#ifndef _openpty_h
+#define _openpty_h
+
+#include 
+#include 
+
+/* Create pseudo tty master slave pair with NAME and set terminal
+   attributes according to TERMP and WINP and return handles for both
+   ends in AMASTER and ASLAVE.  */
+extern int openpty (int *__amaster, int *__aslave, char *__name,
+   const struct termios *__termp,
+   const struct winsize *__winp);
+
+#endif
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 6fbd79f..3d800d5 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -19,7 +19,8 @@ pkginclude_HEADERS = \
 
 if IS_BIONIC
 pkginclude_HEADERS += \
-   ../include/getline.h
+   ../include/getline.h \
+   ../include/openpty.h
 endif
 
 sodir=$(libdir)
@@ -68,7 +69,8 @@ liblxc_so_SOURCES = \
 
 if IS_BIONIC
 liblxc_so_SOURCES += \
-   ../include/getline.c ../include/getline.h
+   ../include/getline.c ../include/getline.h \
+   ../include/openpty.c ../include/openpty.h
 endif
 
 AM_CFLAGS=-I$(top_srcdir)/src \
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 7e1d10a..49bba2a 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -31,7 +31,12 @@
 #include 
 #include 
 #include 
+
+#if HAVE_PTY_H
 #include 
+#else
+#include <../include/openpty.h>
+#endif
 
 #include 
 
diff --git a/src/lxc/console.c b/src/lxc/console.c
index 5873827..88aac84 100644
--- a/src/lxc/console.c
+++ b/src/lxc/console.c
@@ -26,18 +26,24 @@
 #include 
 #include 
 #include 
-#include 
 #include 
 #include 
 
 #include "log.h"
 #include "conf.h"
+#include "config.h"
 #include 

[lxc-devel] [PATCH 23/24] create rslave chroot any time pivot_root fails with -EINVAL

[Stéphane Graber]

From: Serge Hallyn 

Note we still need the function to detect a MS_SHARED /, bc
if we detect that then we need to umount the chroot tmpfs
mount which lxc-start created, whose mount was forwarded to
the host mounts namespace.

Signed-off-by: Serge Hallyn 
Acked-by: Stéphane Graber 
---
 src/lxc/conf.c | 31 ---
 1 file changed, 20 insertions(+), 11 deletions(-)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 945c3b8..09cfa9f 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1163,13 +1163,6 @@ static int setup_rootfs(struct lxc_conf *conf)
return -1;
}
 
-   if (detect_shared_rootfs()) {
-   if (chroot_into_slave(conf)) {
-   ERROR("Failed to chroot into slave /");
-   return -1;
-   }
-   }
-
if (mount_rootfs(rootfs->path, rootfs->mount)) {
ERROR("failed to mount rootfs");
return -1;
@@ -1180,17 +1173,33 @@ static int setup_rootfs(struct lxc_conf *conf)
return 0;
 }
 
-int setup_pivot_root(const struct lxc_rootfs *rootfs)
+static int setup_pivot_root(struct lxc_conf *conf)
 {
+   const struct lxc_rootfs *rootfs = &conf->rootfs;
+
if (!rootfs->path)
return 0;
 
-   if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot)) {
+   if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
+   return 0;
+
+   if (errno != EINVAL) {
ERROR("failed to setup pivot root");
return -1;
}
 
-   return 0;
+   INFO("pivot_root failed.  Trying pivot_root under custom chroot.");
+
+   if (chroot_into_slave(conf)) {
+   ERROR("Failed to chroot into slave /");
+   return -1;
+   }
+
+   if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
+   return 0;
+
+   ERROR("failed to setup pivot root");
+   return -1;
 }
 
 static int setup_pts(int pts)
@@ -2649,7 +2658,7 @@ int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
}
 #endif
 
-   if (setup_pivot_root(&lxc_conf->rootfs)) {
+   if (setup_pivot_root(lxc_conf)) {
ERROR("failed to set rootfs for '%s'", name);
return -1;
}
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

[lxc-devel] [PATCH 21/24] tests/Makefile.am: Update for bionic

[Stéphane Graber]

-lpthread doesn't exist and isn't necessary on bionic.

Signed-off-by: Stéphane Graber 
Acked-by: Serge E. Hallyn 
---
 src/tests/Makefile.am | 7 ++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index fa61f70..90fcafe 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -1,6 +1,11 @@
 if ENABLE_TESTS
 
-LDADD = ../lxc/liblxc.so -lpthread
+LDADD = ../lxc/liblxc.so
+
+if !IS_BIONIC
+LDADD += -lpthread
+endif
+
 lxc_test_containertests_SOURCES = containertests.c
 lxc_test_locktests_SOURCES = locktests.c
 lxc_test_startone_SOURCES = startone.c
-- 
1.8.0


--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Support MS_SHARED /

[Serge Hallyn]

Quoting Dwight Engen (dwight.en...@oracle.com):
> On Mon, 07 Jan 2013 13:26:44 -0500
> "Michael H. Warfield"  wrote:
> 
> > On Tue, 2013-01-08 at 01:32 +0800, Alexander Vladimirov wrote:
> > > 2013/1/8 Serge Hallyn :
> > > > Quoting Alexander Vladimirov
> > > > (alexander.idkfa.vladimi...@gmail.com):
> > > >> Just like on the host:
> > > >> [idkfa@s10 ~]$ ls -la /dev/{null,tty,urandom,zero,full}
> > > >> crw-rw-rw- 1 root root 1, 7 янв  6 13:30 /dev/full
> > > >> crw-rw-rw- 1 root root 1, 3 янв  6 13:30 /dev/null
> > > >> crw-rw-rw- 1 root tty  5, 0 янв  8 00:03 /dev/tty
> > > >> crw-rw-rw- 1 root root 1, 9 янв  6 13:30 /dev/urandom
> > > >> crw-rw-rw- 1 root root 1, 5 янв  6 13:30 /dev/zero
> > > >>
> > > >> For example
> > > >
> > > > You say "for example", implying there is another.  I don't see it
> > > > though. What else is different?
> > 
> > > I'm sure I have encountered error messages about /dev/null
> > > permissions at some point, but I can't reproduce it atm
> 
> I noticed permission problems with /dev/null here on my F17 test box as
> well (dhcp-client-script in the container couldn't >/dev/null), it was
> the SELinux labels, on the host they are:
> 
> drwxr-xr-x. root root system_u:object_r:device_t:s0/dev
> crw-rw-rw-. root root system_u:object_r:null_device_t:s0 /dev/null
> 
> my container has:
> 
> drwxr-xr-x. root root unconfined_u:object_r:default_t:s0 /dev
> crw-rw-rw-. root root unconfined_u:object_r:default_t:s0 /dev/null
> 
> Don't know if this is the cause of what your seeing though.

Would any of you be able to fill in the selinux LSM code in lxc?  I
realistically would not get to that until after user namespace stuff
is upstream and cleaned up.

And this, of course, points to one more thing that'll need to be added -
a container fs relabel before starting the container.

For now, you could do this using either a mount or start hook.

-serge

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] document lxc-console escape sequence and argument

[Stéphane Graber]

On 01/04/2013 03:23 PM, Dwight Engen wrote:
> Signed-off-by: Dwight Engen 

Acked-by: Stéphane Graber 

> ---
>  doc/lxc-console.sgml.in | 23 +--
>  1 file changed, 21 insertions(+), 2 deletions(-)
> 
> diff --git a/doc/lxc-console.sgml.in b/doc/lxc-console.sgml.in
> index 7b32e08..ca2539f 100644
> --- a/doc/lxc-console.sgml.in
> +++ b/doc/lxc-console.sgml.in
> @@ -50,6 +50,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
> 02111-1307 USA
>  
>lxc-console
>-n name
> +  -e escape character
>-t ttynum
>  
>
> @@ -66,8 +67,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
> 02111-1307 USA
>  
>The available tty are free slots taken by this command. That
>means if the container has four ttys available and the command
> -  has been launched four times taking the different tty, the fifth
> -  command will fail because no console will be available.
> +  has been launched four times each taking a different tty, the
> +  fifth command will fail because no console will be available.
>  
>  
>  
> @@ -76,6 +77,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
> 02111-1307 USA
>the state it was before the disconnection.
>  
>  
> +
> +  A keyboard escape sequence may be used to disconnect from the tty
> +  and quit lxc-console. The default escape sequence is .
> +
> +
>
>  
>
> @@ -84,6 +90,19 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 
> 02111-1307 USA
>  
>
>   
> +   -e escape 
> character
> + 
> + 
> +   
> + Specify the escape sequence prefix to use instead of
> +.
> +This may be given as '^letter' or just 'letter'. For example
> +to use  as the escape sequence use -e '^b'.
> +   
> + 
> +  
> +  
> + 
> -t 
> ttynum
>   
>   
> 


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



signature.asc
Description: OpenPGP digital signature
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Set umask before populating /dev and restore it after.

[Stéphane Graber]

On 01/07/2013 10:26 PM, Serge Hallyn wrote:
> Quoting Alexander Vladimirov (alexander.idkfa.vladimi...@gmail.com):
>> According to docs, mknod clears each permission bit whose
>> corresponding bit in the process umask is set, so we should fix it
>> before creating device nodes.
>> ---
> 
> d'oh.  Thank you.
> 
> Acked-by: Serge E. Hallyn 

Pushed to staging.

>>  src/lxc/conf.c | 3 +++
>>  1 file changed, 3 insertions(+)
>>
>> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
>> index 85d72c9..c0a270f 100644
>> --- a/src/lxc/conf.c
>> +++ b/src/lxc/conf.c
>> @@ -963,6 +963,7 @@ static int setup_autodev(char *root)
>>  struct lxc_devs *d;
>>  char path[MAXPATHLEN];
>>  int i;
>> +mode_t cmask;
>>  
>>  INFO("Creating initial consoles under %s/dev\n", root);
>>  
>> @@ -974,6 +975,7 @@ static int setup_autodev(char *root)
>>  run_makedev(path);
>>  
>>  INFO("Populating /dev under %s\n", root);
>> +cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH);
>>  for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) {
>>  d = &lxc_devs[i];
>>  ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name);
>> @@ -985,6 +987,7 @@ static int setup_autodev(char *root)
>>  return -1;
>>  }
>>  }
>> +umask(cmask);
>>  
>>  INFO("Populated /dev under %s\n", root);
>>  return 0;
>> -- 
>> 1.8.1
>>
>>
>> --
>> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
>> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
>> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
>> SALE $99.99 this month only - learn more at:
>> http://p.sf.net/sfu/learnmore_122512
>> ___
>> Lxc-devel mailing list
>> Lxc-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



signature.asc
Description: OpenPGP digital signature
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] oracle template: drop additional capabilities

[Stéphane Graber]

On 01/08/2013 11:59 AM, Serge Hallyn wrote:
> Quoting Dwight Engen (dwight.en...@oracle.com):
>> Signed-off-by: Dwight Engen 
> 
> Acked-by: Serge E. Hallyn 

Pushed to staging.

> You might want to add a pointer to the capabilities(7) manpage for
> more details.
> 
>> ---
>>  templates/lxc-oracle.in | 26 --
>>  1 file changed, 24 insertions(+), 2 deletions(-)
>>
>> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
>> index 3242dc4..6a64a33 100644
>> --- a/templates/lxc-oracle.in
>> +++ b/templates/lxc-oracle.in
>> @@ -292,10 +292,32 @@ lxc.tty = 4
>>  lxc.pts = 1024
>>  lxc.rootfs = $container_rootfs
>>  lxc.mount = $cfg_dir/fstab
>> -lxc.cap.drop = sys_rawio
>> -# Networking
>> +# Uncomment these if you don't run anything that needs the capability, and  
>>  
>> +# would like the container to run with less privilege.
>> +#
>> +# Dropping sys_admin disables container root from doing a lot of things   
>> +# that could be bad like re-mounting lxc fstab entries rw for example,
>> +# but also disables some useful things like being able to nfs mount, and
>> +# things that are already namespaced with ns_capable() kernel checks, like  
>> +# hostname(1).  
>> +# lxc.cap.drop = sys_admin
>> +# lxc.cap.drop = net_raw  # breaks dhcp/ping
>> +# lxc.cap.drop = setgid   # breaks login (initgroups/setgroups)
>> +# lxc.cap.drop = dac_read_search  # breaks login (pam unix_chkpwd)
>> +# lxc.cap.drop = setuid   # breaks sshd,nfs statd
>> +# lxc.cap.drop = audit_control# breaks sshd (set_loginuid failed)
>> +# lxc.cap.drop = audit_write
>> +#
>> +lxc.cap.drop = mac_admin mac_override setfcap setpcap
>> +lxc.cap.drop = sys_module sys_nice sys_pacct  
> 
> I'm a little surprised you'd want sys_nice by default, as opposed to
> pointing to some docs for using cgroups to limit resource use by
> the containers, with a commented-out 'lxc.cap.drop = sys_nice' for
> those who prefer to not bother setting up the cgroups.
> 
>> +lxc.cap.drop = sys_rawio sys_time
>>  EOF
>>  
>> +if [ $container_release_major != "4" ]; then
>> +echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config
>> +fi
>> +
>> +echo "# Networking" >>$cfg_dir/config
>>  # see if the network settings were already specified
>>  lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= 
>> \t]+' '{ print $2 }'`
>>  if [ -z "$lxc_network_type" -a  \
>> -- 
>> 1.7.11.7
>>
>>
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
>> MVPs and experts. SALE $99.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122412
>> ___
>> Lxc-devel mailing list
>> Lxc-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



signature.asc
Description: OpenPGP digital signature
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] oracle template: use url arg to wget repo file

[Stéphane Graber]

On 01/08/2013 12:01 PM, Serge Hallyn wrote:
> Quoting Dwight Engen (dwight.en...@oracle.com):
>> Signed-off-by: Dwight Engen 
> 
> Acked-by: Serge E. Hallyn 

Pushed to staging.

>> ---
>>  templates/lxc-oracle.in | 10 +++---
>>  1 file changed, 7 insertions(+), 3 deletions(-)
>>
>> diff --git a/templates/lxc-oracle.in b/templates/lxc-oracle.in
>> index 6a64a33..4ccec9f 100644
>> --- a/templates/lxc-oracle.in
>> +++ b/templates/lxc-oracle.in
>> @@ -397,7 +397,11 @@ container_rootfs_create()
>>  echo "Downloading release 
>> $container_release_major.$container_release_minor for $basearch"
>>  
>>  # get yum repo file
>> -public_yum_url=http://public-yum.oracle.com
>> +if [ -n "$repourl" ]; then
>> +yum_url=$repourl
>> +else
>> +yum_url=http://public-yum.oracle.com
>> +fi
>>  if   [ $container_release_major = "5" ]; then
>>  repofile=public-yum-el5.repo
>>  elif [ $container_release_major = "6" ]; then
>> @@ -406,9 +410,9 @@ container_rootfs_create()
>>  die "Unsupported release $container_release_major"
>>  fi
>>  mkdir -p $container_rootfs/etc/yum.repos.d
>> -wget -q $public_yum_url/$repofile -O 
>> $container_rootfs/etc/yum.repos.d/$repofile
>> +wget -q $yum_url/$repofile -O 
>> $container_rootfs/etc/yum.repos.d/$repofile
>>  if [ $? -ne 0 ]; then
>> -die "Failed to download repo file $public_yum_url/$repofile"
>> +die "Failed to download repo file $yum_url/$repofile"
>>  fi
>>  
>>  # yum will take $basearch from host, so force the arch we want
>> -- 
>> 1.7.11.7
>>
>>
>> --
>> Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
>> MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
>> with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
>> MVPs and experts. SALE $99.99 this month only -- learn more at:
>> http://p.sf.net/sfu/learnmore_122412
>> ___
>> Lxc-devel mailing list
>> Lxc-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 


-- 
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com



signature.asc
Description: OpenPGP digital signature
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 23/24] create rslave chroot any time pivot_root fails with -EINVAL

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> From: Serge Hallyn 
> 
> Note we still need the function to detect a MS_SHARED /, bc
> if we detect that then we need to umount the chroot tmpfs
> mount which lxc-start created, whose mount was forwarded to
> the host mounts namespace.

Wait I'm confused - I thought this wasn't working for you and you
weren't using it / didn't need it?

For those playing along at home:  in a previous patch I detected /
being MS_SHARED, in which case I created a MS_PRIVATE tmpfs chroot
just to pivot_root out of.  (technically, the parent of the chroot
needs to be private, hence the tmpfs under which we are chrooted into
/root).  This patch moves the creation of a MS_PRIVATE chroot to
much later in the container startup.  It does it anytime pivot_root
fails with -EINVAL, because there are other possible causes of that.
In particular, if you are on a system where / is MS_NOUSER.

> Signed-off-by: Serge Hallyn 
> Acked-by: Stéphane Graber 
> ---
>  src/lxc/conf.c | 31 ---
>  1 file changed, 20 insertions(+), 11 deletions(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 945c3b8..09cfa9f 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -1163,13 +1163,6 @@ static int setup_rootfs(struct lxc_conf *conf)
>   return -1;
>   }
>  
> - if (detect_shared_rootfs()) {
> - if (chroot_into_slave(conf)) {
> - ERROR("Failed to chroot into slave /");
> - return -1;
> - }
> - }
> -
>   if (mount_rootfs(rootfs->path, rootfs->mount)) {
>   ERROR("failed to mount rootfs");
>   return -1;
> @@ -1180,17 +1173,33 @@ static int setup_rootfs(struct lxc_conf *conf)
>   return 0;
>  }
>  
> -int setup_pivot_root(const struct lxc_rootfs *rootfs)
> +static int setup_pivot_root(struct lxc_conf *conf)
>  {
> + const struct lxc_rootfs *rootfs = &conf->rootfs;
> +
>   if (!rootfs->path)
>   return 0;
>  
> - if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot)) {
> + if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
> + return 0;
> +
> + if (errno != EINVAL) {
>   ERROR("failed to setup pivot root");
>   return -1;
>   }
>  
> - return 0;
> + INFO("pivot_root failed.  Trying pivot_root under custom chroot.");
> +
> + if (chroot_into_slave(conf)) {
> + ERROR("Failed to chroot into slave /");
> + return -1;
> + }
> +
> + if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot) == 0)
> + return 0;
> +
> + ERROR("failed to setup pivot root");
> + return -1;
>  }
>  
>  static int setup_pts(int pts)
> @@ -2649,7 +2658,7 @@ int lxc_setup(const char *name, struct lxc_conf 
> *lxc_conf)
>   }
>  #endif
>  
> - if (setup_pivot_root(&lxc_conf->rootfs)) {
> + if (setup_pivot_root(lxc_conf)) {
>   ERROR("failed to set rootfs for '%s'", name);
>   return -1;
>   }
> -- 
> 1.8.0
> 

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 01/24] configure.ac: Add code to detect bionic C library

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> This adds a new IS_BIONIC define that can be used to detect whether we are
> building with eglibc or with bionic.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  configure.ac | 16 
>  1 file changed, 16 insertions(+)
> 
> diff --git a/configure.ac b/configure.ac
> index 2add6a3..9694d30 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -192,6 +192,22 @@ else
>  fi
>  AC_SUBST([CAP_LIBS])
>  
> +# Check for alternate C libraries
> +AC_MSG_CHECKING(for bionic libc)
> +AC_COMPILE_IFELSE([AC_LANG_PROGRAM(
> +[[#ifndef __ANDROID__
> +error: Not bionic!
> +#endif]])],
> +   [is_bionic=yes],
> +   [is_bionic=no])
> +if test "x$is_bionic" = "xyes"; then
> +AC_DEFINE([IS_BIONIC], 1, ["bionic libc"])
> +AC_MSG_RESULT([yes])
> +else
> +AC_MSG_RESULT([no])
> +fi
> +AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
> +
>  # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP
>  AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
>  
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 02/24] configure.ac: Cleanup, comments, indent, ...

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> This commit doesn't do any functional change to configure.ac but does a fair
> amount of cleaning up.
> 
> It re-orders the various blocks by type (options, checks, expands, ...).
> It also consistently uses tabs for indents.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  configure.ac | 116 
> +++
>  1 file changed, 61 insertions(+), 55 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index 9694d30..564df0e 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -10,10 +10,11 @@ AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability])
>  AC_CANONICAL_HOST
>  AM_PROG_CC_C_O
>  AC_GNU_SOURCE
> -AC_CHECK_PROG(SETCAP, setcap, yes, no, $PATH$PATH_SEPARATOR/sbin)
>  
> +# Detect the distribution. This is used for the default configuration and
> +# for some distro-specific build options.
>  AC_MSG_CHECKING([host distribution])
> -AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the 
> Linux distribution to target: One of redhat, oracle, fedora, suse, gentoo, 
> debian, arch, slackware, paldo, mandriva or pardus]))
> +AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the 
> Linux distribution to target: One of redhat, oracle, fedora, suse, gentoo, 
> debian, arch, slackware, paldo, mandriva or pardus.]))
>  if test "z$with_distro" = "z"; then
>   with_distro=`lsb_release -is`
>  fi
> @@ -49,15 +50,15 @@ case $with_distro in
>   ;;
>  esac
>  AC_MSG_RESULT([$with_distro])
> -
>  AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o 
> x"$with_distro" = "xubuntu"])
>  
> +# Allow disabling rpath
>  AC_ARG_ENABLE([rpath],
>   [AC_HELP_STRING([--disable-rpath], [do not set rpath in executables])],
>   [], [enable_rpath=yes])
> -
>  AM_CONDITIONAL([ENABLE_RPATH], [test "x$enable_rpath" = "xyes"])
>  
> +# Documentation (manpages)
>  AC_ARG_ENABLE([doc],
>   [AC_HELP_STRING([--enable-doc], [make mans (require docbook2x-man 
> installed) [default=auto]])],
>   [], [enable_doc=auto])
> @@ -74,9 +75,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = 
> "xauto"; then
>   done
>  
>   if test -n "${db2xman}"; then
> - AC_MSG_RESULT(${db2xman})
> + AC_MSG_RESULT([${db2xman}])
>   else
> - AC_MSG_RESULT(no)
> + AC_MSG_RESULT([no])
>   if test "x$enable_doc" = "xyes"; then
>   AC_MSG_ERROR([docbook2x-man required by man request, 
> but not found])
>   fi
> @@ -84,7 +85,9 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = 
> "xauto"; then
>  
>   AC_SUBST(db2xman)
>  fi
> +AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"])
>  
> +# Apparmor
>  AC_ARG_ENABLE([apparmor],
>   [AC_HELP_STRING([--enable-apparmor], [enable apparmor])],
>   [], [enable_apparmor=check])
> @@ -92,14 +95,14 @@ AC_ARG_ENABLE([apparmor],
>  if test "$enable_apparmor" = "check" ; then
>   AC_CHECK_LIB([apparmor],[aa_change_profile],[enable_apparmor=yes], 
> [enable_apparmor=no])
>  fi
> -
>  AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"])
>  
>  AM_COND_IF([ENABLE_APPARMOR],
> -[AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install the 
> AppArmor development package in order to compile lxc])])
> - AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must 
> install the AppArmor development package in order to compile lxc])])
> - AC_SUBST([APPARMOR_LIBS], [-lapparmor])])
> + [AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install 
> the AppArmor development package in order to compile lxc])])
> + AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must 
> install the AppArmor development package in order to compile lxc])])
> + AC_SUBST([APPARMOR_LIBS], [-lapparmor])])
>  
> +# Seccomp syscall filter
>  AC_ARG_ENABLE([seccomp],
>   [AC_HELP_STRING([--enable-seccomp], [enable seccomp])],
>   [], [enable_seccomp=check])
> @@ -107,119 +110,121 @@ AC_ARG_ENABLE([seccomp],
>  if test "$enable_seccomp" = "check" ; then
>   
> AC_CHECK_LIB([seccomp],[seccomp_init],[enable_seccomp=yes],[enable_seccomp=no])
>  fi
> -
>  AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"])
>  
>  AM_COND_IF([ENABLE_SECCOMP],
> -[AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the 
> seccomp development package in order to compile lxc])])
> - AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must 
> install the seccomp development package in order to compile lxc])])
> - AC_SUBST([SECCOMP_LIBS], [-lseccomp])])
> + [AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the 
> seccomp development package in order to compile lxc])])
> + AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must 
> install the seccomp development package in order to c

Re: [lxc-devel] [PATCH 04/24] Support both getline and fgetln

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> Some libc implementations don't have the getline function but instead
> have an equivalent fgetln function.
> 
> Add code to detect both and use whatever is available.
> 
> Signed-off-by: Stéphane Graber 

My only concern here is that you switch on IS_BIONIC in the makefile,
but on HAVE_GETLINE in the source.

If/when someone uses a libc without HAVE_GETLINE on non-bionic, this
won't work quite right.  It's something we can straighten out with a
later patch, though.

Acked-by: Serge E. Hallyn 

> ---
>  configure.ac  |  3 +++
>  src/include/getline.c | 31 +++
>  src/include/getline.h |  6 ++
>  src/lxc/Makefile.am   | 10 ++
>  src/lxc/attach.c  |  8 
>  src/lxc/parse.c   |  8 
>  6 files changed, 66 insertions(+)
>  create mode 100644 src/include/getline.c
>  create mode 100644 src/include/getline.h
> 
> diff --git a/configure.ac b/configure.ac
> index 564df0e..50e64ff 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -216,6 +216,9 @@ AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include 
> ])
>  # Check for optional headers
>  AC_CHECK_HEADERS([sys/signalfd.h])
>  
> +# Check for some functions
> +AC_CHECK_FUNCS([getline fgetln])
> +
>  # Check for some standard binaries
>  AC_PROG_GCC_TRADITIONAL
>  AC_PROG_SED
> diff --git a/src/include/getline.c b/src/include/getline.c
> new file mode 100644
> index 000..d4117cb
> --- /dev/null
> +++ b/src/include/getline.c
> @@ -0,0 +1,31 @@
> +#include 
> +#include 
> +#include 
> +#include 
> +
> +/*
> + * Emulate glibc getline() via BSD fgetln().
> + * Note that outsize is not changed unless memory is allocated.
> + */
> +ssize_t
> +getline(char **outbuf, size_t *outsize, FILE *fp)
> +{
> +size_t len;
> +char *buf;
> +buf = fgetln(fp, &len);
> +
> +if (buf == NULL)
> +return (-1);
> +
> +/* Assumes realloc() accepts NULL for ptr (C99) */
> +if (*outbuf == NULL || *outsize < len + 1) {
> +void *tmp = realloc(*outbuf, len + 1);
> +if (tmp == NULL)
> +return (-1);
> +*outbuf = tmp;
> +*outsize = len + 1;
> +}
> +memcpy(*outbuf, buf, len);
> +(*outbuf)[len] = '\0';
> +return (len);
> +}
> diff --git a/src/include/getline.h b/src/include/getline.h
> new file mode 100644
> index 000..b030d7a
> --- /dev/null
> +++ b/src/include/getline.h
> @@ -0,0 +1,6 @@
> +#ifndef _getline_h
> +#define _getline_h
> +
> +extern ssize_t getline(char **outbuf, size_t *outsize, FILE *fp);
> +
> +#endif
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index bf675f9..23b6772 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -17,6 +17,11 @@ pkginclude_HEADERS = \
>   lxccontainer.h \
>   lxclock.h
>  
> +if IS_BIONIC
> +pkginclude_HEADERS += \
> + ../include/getline.h
> +endif
> +
>  sodir=$(libdir)
>  # use PROGRAMS to avoid complains from automake
>  so_PROGRAMS = liblxc.so
> @@ -61,6 +66,11 @@ liblxc_so_SOURCES = \
>   lxclock.h lxclock.c \
>   lxccontainer.c lxccontainer.h
>  
> +if IS_BIONIC
> +liblxc_so_SOURCES += \
> + ../include/getline.c ../include/getline.h
> +endif
> +
>  AM_CFLAGS=-I$(top_srcdir)/src \
>   -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
>   -DLXCPATH=\"$(LXCPATH)\" \
> diff --git a/src/lxc/attach.c b/src/lxc/attach.c
> index ec0e083..9b7efbc 100644
> --- a/src/lxc/attach.c
> +++ b/src/lxc/attach.c
> @@ -31,6 +31,7 @@
>  #include 
>  #include 
>  #include 
> +#include 
>  #include 
>  
>  #if !HAVE_DECL_PR_CAPBSET_DROP
> @@ -56,6 +57,13 @@ int setns(int fd, int nstype)
>  #endif
>  }
>  
> +/* Define getline() if missing from the C library */
> +#ifndef HAVE_GETLINE
> +#ifdef HAVE_FGETLN
> +#include <../include/getline.h>
> +#endif
> +#endif
> +
>  struct lxc_proc_context_info *lxc_proc_get_context_info(pid_t pid)
>  {
>   struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
> diff --git a/src/lxc/parse.c b/src/lxc/parse.c
> index 10510c9..b074b04 100644
> --- a/src/lxc/parse.c
> +++ b/src/lxc/parse.c
> @@ -29,8 +29,16 @@
>  #include 
>  
>  #include "parse.h"
> +#include "config.h"
>  #include 
>  
> +/* Define getline() if missing from the C library */
> +#ifndef HAVE_GETLINE
> +#ifdef HAVE_FGETLN
> +#include <../include/getline.h>
> +#endif
> +#endif
> +
>  lxc_log_define(lxc_parse, lxc);
>  
>  static int dir_filter(const struct dirent *dirent)
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https:

Re: [lxc-devel] [PATCH 11/24] Don't hard depend on capability.h and libcap

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> In the effort to make LXC work with non-standard Linux distros, this change
> allows for the user to build LXC without capability support through a new
> --disable-capabilities option to configure.
> 
> This effectively will cause LXC not to link against libcap and will turn all
> the _cap_ functions into no-ops.
> 
> Signed-off-by: Stéphane Graber 

Only one comment - perhaps the msg "
Can't start utmp handler as capabilities aren't supported" should read
"not starting utmp handler as cap_sys_boot cannot be dropped without
capabilities support"?


Acked-by: Serge E. Hallyn 

> ---
>  configure.ac| 27 +--
>  src/lxc/caps.c  |  6 +-
>  src/lxc/caps.h  | 24 
>  src/lxc/conf.c  | 11 ++-
>  src/lxc/start.c | 15 ++-
>  5 files changed, 70 insertions(+), 13 deletions(-)
> 
> diff --git a/configure.ac b/configure.ac
> index ea98f02..22b45cd 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -180,17 +180,24 @@ AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h 
> linux/genetlink.h],
>   AC_MSG_ERROR([Please install the Linux kernel 
> headers.]),
>   [#include ])
>  
> +# Allow disabling libcap support
> +AC_ARG_ENABLE([capabilities],
> + [AC_HELP_STRING([--disable-capabilities], [disable kernel 
> capabilities])],
> + [], [enable_capabilities=yes])
> +
>  # Check for libcap support
> -AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([Please install the 
> libcap development files.]),
> -[#include 
> -#include ])
> -AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
> -AC_MSG_CHECKING([linux capabilities])
> -if test "x$caplib" = "xyes" ; then
> - CAP_LIBS="-lcap"
> - AC_MSG_RESULT([$CAP_LIBS])
> +if test "x$enable_capabilities" = "xyes"; then
> + AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
> + AC_MSG_CHECKING([linux capabilities])
> + if test "x$caplib" = "xyes" ; then
> + CAP_LIBS="-lcap"
> + AC_MSG_RESULT([$CAP_LIBS])
> + else
> + AC_MSG_RESULT([no])
> + AC_MSG_ERROR([You are missing libcap support. If you really 
> want to build without kernel capabilities, use --disable-capabilities])
> + fi
>  else
> - AC_MSG_ERROR([not found])
> + CAP_LIBS=""
>  fi
>  AC_SUBST([CAP_LIBS])
>  
> @@ -214,7 +221,7 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
>  AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
>  
>  # Check for some headers
> -AC_CHECK_HEADERS([sys/signalfd.h pty.h])
> +AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h])
>  
>  # Check for some functions
>  AC_CHECK_FUNCS([getline fgetln openpty])
> diff --git a/src/lxc/caps.c b/src/lxc/caps.c
> index 94c134d..53c552b 100644
> --- a/src/lxc/caps.c
> +++ b/src/lxc/caps.c
> @@ -27,13 +27,16 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  #include 
>  
> +#include "config.h"
>  #include "log.h"
>  
>  lxc_log_define(lxc_caps, lxc);
>  
> +#if HAVE_SYS_CAPABILITY_H
> +#include 
> +
>  int lxc_caps_reset(void)
>  {
>   cap_t cap = cap_init();
> @@ -258,3 +261,4 @@ int lxc_caps_check(void)
>  
>   return 1;
>  }
> +#endif
> diff --git a/src/lxc/caps.h b/src/lxc/caps.h
> index 88cf09e..dc3fd6f 100644
> --- a/src/lxc/caps.h
> +++ b/src/lxc/caps.h
> @@ -20,9 +20,12 @@
>   * License along with this library; if not, write to the Free Software
>   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>   */
> +#include "config.h"
> +
>  #ifndef _caps_h
>  #define _caps_h
>  
> +#if HAVE_SYS_CAPABILITY_H
>  extern int lxc_caps_reset(void);
>  extern int lxc_caps_down(void);
>  extern int lxc_caps_up(void);
> @@ -30,6 +33,27 @@ extern int lxc_caps_init(void);
>  extern int lxc_caps_check(void);
>  
>  extern int lxc_caps_last_cap(void);
> +#else
> +static inline int lxc_caps_reset(void) {
> +return 0;
> +}
> +static inline int lxc_caps_down(void) {
> +return 0;
> +}
> +static inline int lxc_caps_up(void) {
> +return 0;
> +}
> +static inline int lxc_caps_init(void) {
> +return 0;
> +}
> +static inline int lxc_caps_check(void) {
> +return 1;
> +}
> +
> +static inline int lxc_caps_last_cap(void) {
> +return 0;
> +}
> +#endif
>  
>  #define lxc_priv(__lxc_function) \
>   ({  \
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 49bba2a..25b75d7 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -48,7 +48,6 @@
>  #include 
>  #include 
>  #include 
> -#include 
>  #include 
>  
>  #include 
> @@ -71,6 +70,10 @@
>  #include 
>  #endif
>  
> +#if HAVE_SYS_CAPABILITY_H
> +#include 
> +#endif
> +
>  #include "lxcseccomp.h"
>  
>  lxc_log_define(lxc_conf, lxc);
> @@ -104,6 +107,7 @@ lxc_log_define(lxc_conf, lxc);
>  #define MS_STRICTATIME (1 << 24)
>  #endif
>  
> +#if HAVE_SYS_CAPABILITY_H
>  #ifndef CAP_SETFCA

Re: [lxc-devel] [PATCH 14/24] Make utmpx.h optional

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> This adds code detecting the presence of utmpx.h and in its absence, turns the
> utmp related functions into no-ops.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  configure.ac   | 2 +-
>  src/lxc/utmp.c | 9 +
>  src/lxc/utmp.h | 9 +
>  3 files changed, 19 insertions(+), 1 deletion(-)
> 
> diff --git a/configure.ac b/configure.ac
> index bc2ddc4..0d50bec 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -221,7 +221,7 @@ AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"])
>  AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ])
>  
>  # Check for some headers
> -AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h])
> +AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h sys/personality.h 
> utmpx.h])
>  
>  # Check for some syscalls functions
>  AC_CHECK_FUNCS([setns pivot_root sethostname unshare])
> diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c
> index a7b9b52..f32ed63 100644
> --- a/src/lxc/utmp.c
> +++ b/src/lxc/utmp.c
> @@ -21,6 +21,10 @@
>   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>   */
>  
> +#include "config.h"
> +
> +#ifdef HAVE_UTMPX_H
> +
>  #include 
>  #include 
>  #include 
> @@ -37,7 +41,10 @@
>  #include "mainloop.h"
>  #include "lxc.h"
>  #include "log.h"
> +
> +#ifndef __USE_GNU
>  #define __USE_GNU
> +#endif
>  #include 
>  #undef __USE_GNU
>  
> @@ -410,3 +417,5 @@ int lxc_utmp_del_timer(struct lxc_epoll_descr *descr,
>   else
>   return 0;
>  }
> +
> +#endif
> diff --git a/src/lxc/utmp.h b/src/lxc/utmp.h
> index ac3eee4..1bd7c23 100644
> --- a/src/lxc/utmp.h
> +++ b/src/lxc/utmp.h
> @@ -21,8 +21,17 @@
>   * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
>   */
>  
> +#include "config.h"
> +
>  struct lxc_handler;
>  struct lxc_epoll_descr;
>  
> +#ifdef HAVE_UTMPX_H
>  int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
> struct lxc_handler *handler);
> +#else
> +static inline int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
> +   struct lxc_handler *handler) {
> + return -1;
> +}
> +#endif
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 16/24] Replace strdupa call by standard strdup

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> strdupa appears to only exist in the standard glibc but at least not in 
> bionic.
> Replace the two strdupa calls we have by a standard strdup.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  src/lxc/confile.c | 23 ---
>  1 file changed, 16 insertions(+), 7 deletions(-)
> 
> diff --git a/src/lxc/confile.c b/src/lxc/confile.c
> index 940f0a9..6b75b6a 100644
> --- a/src/lxc/confile.c
> +++ b/src/lxc/confile.c
> @@ -580,7 +580,11 @@ static int config_network_ipv4(const char *key, const 
> char *value,
>   lxc_list_init(list);
>   list->elem = inetdev;
>  
> - addr = strdupa(value);
> + addr = strdup(value);
> + if (!addr) {
> + ERROR("no address specified");
> + return -1;
> + }
>  
>   cursor = strstr(addr, " ");
>   if (cursor) {
> @@ -594,18 +598,15 @@ static int config_network_ipv4(const char *key, const 
> char *value,
>   prefix = slash + 1;
>   }
>  
> - if (!addr) {
> - ERROR("no address specified");
> - return -1;
> - }
> -
>   if (!inet_pton(AF_INET, addr, &inetdev->addr)) {
>   SYSERROR("invalid ipv4 address: %s", value);
> + free(addr);
>   return -1;
>   }
>  
>   if (bcast && !inet_pton(AF_INET, bcast, &inetdev->bcast)) {
>   SYSERROR("invalid ipv4 broadcast address: %s", value);
> + free(addr);
>   return -1;
>   }
>  
> @@ -624,6 +625,7 @@ static int config_network_ipv4(const char *key, const 
> char *value,
>  
>   lxc_list_add(&netdev->ipv4, list);
>  
> + free(addr);
>   return 0;
>  }
>  
> @@ -693,7 +695,12 @@ static int config_network_ipv6(const char *key, const 
> char *value,
>   lxc_list_init(list);
>   list->elem = inet6dev;
>  
> - valdup = strdupa(value);
> + valdup = strdup(value);
> + if (!valdup) {
> + ERROR("no address specified");
> + return -1;
> + }
> +
>   inet6dev->prefix = 64;
>   slash = strstr(valdup, "/");
>   if (slash) {
> @@ -704,11 +711,13 @@ static int config_network_ipv6(const char *key, const 
> char *value,
>  
>   if (!inet_pton(AF_INET6, value, &inet6dev->addr)) {
>   SYSERROR("invalid ipv6 address: %s", value);
> + free(valdup);
>   return -1;
>   }
>  
>   lxc_list_add(&netdev->ipv6, list);
>  
> + free(valdup);
>   return 0;
>  }
>  
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Set umask before populating /dev and restore it after.

[Michael H. Warfield]

That does, in fact, catch my case of setting autodev on with a
non-systemd container (F14 in my case).  That case is shot.  Good catch.

Regards,
Mike

On Tue, 2013-01-08 at 09:08 +0800, Alexander Vladimirov wrote:
> According to docs, mknod clears each permission bit whose
> corresponding bit in the process umask is set, so we should fix it
> before creating device nodes.
> ---
>  src/lxc/conf.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 85d72c9..c0a270f 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -963,6 +963,7 @@ static int setup_autodev(char *root)
>   struct lxc_devs *d;
>   char path[MAXPATHLEN];
>   int i;
> + mode_t cmask;
>  
>   INFO("Creating initial consoles under %s/dev\n", root);
>  
> @@ -974,6 +975,7 @@ static int setup_autodev(char *root)
>   run_makedev(path);
>  
>   INFO("Populating /dev under %s\n", root);
> + cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH);
>   for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) {
>   d = &lxc_devs[i];
>   ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name);
> @@ -985,6 +987,7 @@ static int setup_autodev(char *root)
>   return -1;
>   }
>   }
> + umask(cmask);
>  
>   INFO("Populated /dev under %s\n", root);
>   return 0;
> -- 
> 1.8.1
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
> 

-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  m...@wittsend.com
   /\/\|=mhw=|\/\/  | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9  | An optimist believes we live in the best of all
 PGP Key: 0x674627FF| possible worlds.  A pessimist is sure of it!


signature.asc
Description: This is a digitally signed message part
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 18/24] Add local implementation of mntent.h

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> Bionic (at least) is missing some of the usual mntent functions.
> This adds code defining those that we need when they're missing from the C
> library.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

I could see someone in the future deciding that ../include should be
added to -I, which would cause our include/mntent.h to always be
included in favor of the system one (iiuc).  Not sure whether that's
worth worrying about.  If so, perhaps rename to lxcmntent.h?

> ---
>  configure.ac |   2 +-
>  src/include/mntent.c | 173 
> +++
>  src/include/mntent.h |  32 ++
>  src/lxc/Makefile.am  |   6 +-
>  src/lxc/cgroup.c |   7 ++-
>  src/lxc/conf.c   |   7 ++-
>  6 files changed, 222 insertions(+), 5 deletions(-)
>  create mode 100644 src/include/mntent.c
>  create mode 100644 src/include/mntent.h
> 
> diff --git a/configure.ac b/configure.ac
> index 0d50bec..3770e8b 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -227,7 +227,7 @@ AC_CHECK_HEADERS([sys/signalfd.h pty.h sys/capability.h 
> sys/personality.h utmpx.
>  AC_CHECK_FUNCS([setns pivot_root sethostname unshare])
>  
>  # Check for some functions
> -AC_CHECK_FUNCS([getline fgetln openpty])
> +AC_CHECK_FUNCS([getline fgetln openpty hasmntopt setmntent endmntent])
>  
>  # Check for some standard binaries
>  AC_PROG_GCC_TRADITIONAL
> diff --git a/src/include/mntent.c b/src/include/mntent.c
> new file mode 100644
> index 000..a96cd81
> --- /dev/null
> +++ b/src/include/mntent.c
> @@ -0,0 +1,173 @@
> +#include 
> +#include 
> +#include 
> +
> +/* Since the values in a line are separated by spaces, a name cannot
> + contain a space. Therefore some programs encode spaces in names
> + by the strings "\040". We undo the encoding when reading an entry.
> + The decoding happens in place. */
> +static char *
> +decode_name (char *buf)
> +{
> +char *rp = buf;
> +char *wp = buf;
> +
> +do
> +if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '4' && rp[3] == '0')
> +{
> +/* \040 is a SPACE. */
> +*wp++ = ' ';
> +rp += 3;
> +}
> +else if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '1' && rp[3] == '1')
> +{
> +/* \011 is a TAB. */
> +*wp++ = '\t';
> +rp += 3;
> +}
> +else if (rp[0] == '\\' && rp[1] == '0' && rp[2] == '1' && rp[3] == '2')
> +{
> +/* \012 is a NEWLINE. */
> +*wp++ = '\n';
> +rp += 3;
> +}
> +else if (rp[0] == '\\' && rp[1] == '\\')
> +{
> +/* We have to escape \\ to be able to represent all characters. */
> +*wp++ = '\\';
> +rp += 1;
> +}
> +else if (rp[0] == '\\' && rp[1] == '1' && rp[2] == '3' && rp[3] == '4')
> +{
> +/* \134 is also \\. */
> +*wp++ = '\\';
> +rp += 3;
> +}
> +else
> +*wp++ = *rp;
> +while (*rp++ != '\0');
> +
> +return buf;
> +}
> +
> +/* Read one mount table entry from STREAM. Returns a pointer to storage
> + reused on the next call, or null for EOF or error (use feof/ferror to
> + check). */
> +struct mntent *getmntent_r (FILE *stream, struct mntent *mp, char *buffer, 
> int bufsiz)
> +{
> +char *cp;
> +char *head;
> +
> +do
> +{
> +char *end_ptr;
> +
> +if (fgets (buffer, bufsiz, stream) == NULL)
> +{
> +return NULL;
> +}
> +
> +end_ptr = strchr (buffer, '\n');
> +if (end_ptr != NULL) /* chop newline */
> +*end_ptr = '\0';
> +else
> +{
> +/* Not the whole line was read. Do it now but forget it. */
> +char tmp[1024];
> +while (fgets (tmp, sizeof tmp, stream) != NULL)
> +if (strchr (tmp, '\n') != NULL)
> +break;
> +}
> +
> +head = buffer + strspn (buffer, " \t");
> +/* skip empty lines and comment lines: */
> +}
> +while (head[0] == '\0' || head[0] == '#');
> +
> +cp = strsep (&head, " \t");
> +mp->mnt_fsname = cp != NULL ? decode_name (cp) : (char *) "";
> +if (head)
> +head += strspn (head, " \t");
> +cp = strsep (&head, " \t");
> +mp->mnt_dir = cp != NULL ? decode_name (cp) : (char *) "";
> +if (head)
> +head += strspn (head, " \t");
> +cp = strsep (&head, " \t");
> +mp->mnt_type = cp != NULL ? decode_name (cp) : (char *) "";
> +if (head)
> +head += strspn (head, " \t");
> +cp = strsep (&head, " \t");
> +mp->mnt_opts = cp != NULL ? decode_name (cp) : (char *) "";
> +switch (head ? sscanf (head, " %d %d ", &mp->mnt_freq, &mp->mnt_passno) 
> : 0)
> +{
> +case 0:
> +mp->mnt_freq = 0;
> +case 1:
> +mp->mnt_passno = 0;
> +case 2:
> +break;
> +}
> +
> +return mp;
> +}
> +
> +struct mntent *getmntent (FILE *stream)
> +{
> +static struct mntent m

Re: [lxc-devel] [PATCH 20/24] lxc_unshare: Replace getpw*_r by getpw*

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> Bionic and maybe some other libc implementations lack the _r nss functions.
> This replaces our current getpwnam_r and getpwuid_r calls by getpwnam and
> getpwuid.
> 
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  src/lxc/lxc_unshare.c | 13 ++---
>  1 file changed, 6 insertions(+), 7 deletions(-)
> 
> diff --git a/src/lxc/lxc_unshare.c b/src/lxc/lxc_unshare.c
> index 3a848b2..df91456 100644
> --- a/src/lxc/lxc_unshare.c
> +++ b/src/lxc/lxc_unshare.c
> @@ -54,12 +54,9 @@ void usage(char *cmd)
>  
>  static uid_t lookup_user(const char *optarg)
>  {
> - int bufflen = sysconf(_SC_GETPW_R_SIZE_MAX);
> - char buff[bufflen];
>   char name[sysconf(_SC_LOGIN_NAME_MAX)];
>   uid_t uid = -1;
> - struct passwd pwent;
> - struct passwd *pent;
> + struct passwd *pwent = NULL;
>  
>   if (!optarg || (optarg[0] == '\0'))
>   return uid;
> @@ -69,13 +66,15 @@ static uid_t lookup_user(const char *optarg)
>   if (sscanf(optarg, "%s", name) < 1)
>   return uid;
>  
> - if (getpwnam_r(name, &pwent, buff, bufflen, &pent) || !pent) {
> + pwent = getpwnam(name);
> + if (!pwent) {
>   ERROR("invalid username %s", name);
>   return uid;
>   }
> - uid = pent->pw_uid;
> + uid = pwent->pw_uid;
>   } else {
> - if (getpwuid_r(uid, &pwent, buff, bufflen, &pent) || !pent) {
> + pwent = getpwuid(uid);
> + if (!pwent) {
>   ERROR("invalid uid %d", uid);
>   uid = -1;
>   return uid;
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 22/24] Don't call setup_mount_entries if the list is empty

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> There's no good reason to call setup_mount_entries if we don't have any
> lxc.mount.entry. This also avoids an issue on bionic where the tmpfile()
> call in setup_mount_entries requires the presence of /tmp which isn't the
> case by default.
> 
> Signed-off-by: Stéphane Graber 

(There are other ways it could be done I suppose, but this is fine)

Acked-by: Serge E. Hallyn 

> ---
>  src/lxc/conf.c | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/lxc/conf.c b/src/lxc/conf.c
> index 3c44ea5..945c3b8 100644
> --- a/src/lxc/conf.c
> +++ b/src/lxc/conf.c
> @@ -2599,7 +2599,7 @@ int lxc_setup(const char *name, struct lxc_conf 
> *lxc_conf)
>   return -1;
>   }
>  
> - if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, 
> name)) {
> + if (!lxc_list_empty(&lxc_conf->mount_list) && 
> setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) {
>   ERROR("failed to setup the mount entries for '%s'", name);
>   return -1;
>   }
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 24/24] Makefile.am: Add missing liblxc symlink

[Serge Hallyn]

Quoting Stéphane Graber (stgra...@ubuntu.com):
> Signed-off-by: Stéphane Graber 

Acked-by: Serge E. Hallyn 

> ---
>  src/lxc/Makefile.am | 1 +
>  1 file changed, 1 insertion(+)
> 
> diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
> index 8bc7b4b..85d8e77 100644
> --- a/src/lxc/Makefile.am
> +++ b/src/lxc/Makefile.am
> @@ -173,6 +173,7 @@ install-exec-local: install-soPROGRAMS
>   mv $(DESTDIR)$(libdir)/liblxc.so 
> $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
>   /sbin/ldconfig -l $(DESTDIR)$(libdir)/liblxc.so.$(VERSION)
>   cd $(DESTDIR)$(libdir); \
> + ln -sf liblxc.so.$(VERSION) liblxc.so.$(firstword $(subst ., 
> ,$(VERSION))); \
>   ln -sf liblxc.so.$(firstword $(subst ., ,$(VERSION))) liblxc.so
>  
>  uninstall-local:
> -- 
> 1.8.0
> 
> 
> --
> Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
> and more. Get SQL Server skills now (including 2012) with LearnDevNow -
> 200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
> SALE $99.99 this month only - learn more at:
> http://p.sf.net/sfu/learnmore_122512
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Support MS_SHARED / - issues calling MAKEDEV

[Michael H. Warfield]

More on the MAKEDEV debacle...

On Mon, 2013-01-07 at 09:48 -0600, Serge Hallyn wrote:
> Quoting Michael H. Warfield (m...@wittsend.com):
> > On Sun, 2013-01-06 at 06:39 +0800, Alexander Vladimirov wrote:
> > > It is a separate package in Arch Linux and I dont have it installed on
> > > the host, as well as in container since everything works well without
> > > it
> > 
> > Well, that would explain it.  What isn't explained is why we need it.
> 
> (see my previous response)
> 
> > This is the run_makedev() function which is called from setup_autodev()
> > in src/lxc/setup.c just before it tries to populate the .../dev
> > directory in the container.  There's some comments in there about making
> > sure the /dev/vcs* entries are created.

> Right.

> > It's also not clear to me if it's even doing what it perports to do.  It
> > changes to the dev directory and then runs /sbin/MAKEDEV (without
> > checking if it even exists)

> Right, that should be fixed,

> > without a parameter (-d) for the target
> > directory which would seem to me to cause MAKEDEV to attempt to create

> At least my copy of makedev creates the devices in $cwd.

> If adding -d is needed for other distros, of course I have 0 objections.

This whole thing with MAKEDEV is looking more and more like a morass
with no way to cleanly resolve it.

> > the devices in the host /dev and not the container .../dev directory at
> > all.  That actually appears consistent with the behavior I'm seeing.  If
> > I reboot the host system, all those tty devices do not exist in the host

> ?  In the host /dev, or in the /var/lib/lxc/$container/rootfs/dev?

If I reboot the (F17 / F18beta host) without starting any containers, I
have a number of tty devices [0-63] and vcs/vsca devices for [1-6] in
the host /dev.

If I create my own little private ~/dev and cd into it and type "MAKEDEV
-d ${PWD} console" I get something like almost 3800 devices (most of
them tty devices) and no vcs or vcsa devices (so it's not even doing
what it is we're wanting it to do).

Now...  If I start up a container with audodev=1, now I get the 3700+
tty devices created in the host /dev while the container /dev has
tty[1-6] created by lxc-start itself (I specified 6 virtual consoles)
but no vcs / vcsa devices.

Now...  In the MAKEDEV man pages I see this:

== 
MAKEDEV  doesn't actually know anything about devices.  It reads all of
the information from files stored in /etc/makedev.d.
== 

Ok...  So it's off to /etc/makedev.d we go.  The vcs/vcsa devices are
defined in the file 01linux-2.6.x on "$VCSA" lines while console is on a
"$CONSOLE" line.  There's a whole RAFT of various
tty{S,U,E,MX,SR,T,t,USB}{n} devices defined in that file on "$SERIAL"
lines.

The man page documentation on MAKEDEV indicates that "makedev console"
should create the vcs and vcsa devices, but it does not seem to.  But it
does seem to be creating all these devices defined on the $SERIAL lines
whether they exist or not (I suspect that even my Computone Intelliport
Serial board devices are listed in there even though the driver module
is no longer compiled in these kernels at all).

Running "MAKEDEV -d ${PWD} vcsa" created the vcs/vcsa devices under my
private ~/dev but it created a whole pile of them too, not just what's
needed.

If we were to call MAKEDEV at all, shouldn't we use the configuration
directory in the container ( i.e. MAKEDEV -s ${container
rootfs}/etc/makedev.d )?  But, then there's the differences between
MAKEDEV between distros, even if MAKEDEV exists.  Since MAKEDEV is all
configuration driven and varies from distro to distro, I'm not sure
there's a way out of this swamp calling MAKEDEV.

If all we need it for is the vcs / vcsa virtual console snapshot devices
and there's a 1:1 correlation between those and the tty devices,
wouldn't it be better to just create them along side the corresponding
tty devices?

Are we sure we need them?  The tty{n} devices are bind mounts from ptys,
correct?  If so, what is the correct action for the vcs (virtual console
snapshot) and vcsa (virtual console snapshot w/ attributes) devices?
Are snapshots even possible using the ptys that are bound?  Seems to me
that we risk running into problems creating them as devices that could
conflict with the host virtual consoles.

What other devices do we need?  I don't see "MAKEDEV console" on Fedora
creating anything other than this set:

console
tty{n}
tty{A}{n}

We're already creating console and tty{n} and we probably don't need
tty{a}{n} (serial devices are ttyS{n} and USB serial ports would be
ttyUSB{n}).  Maybe it's buying us something more under an Ubuntu host.
I have MAKEDEV version 3.24 from Fedora.

> If the former, I don't see what the container to do to affect the host's
> boot sequence.

It's the former when you call MAKEDEV from within the run_makedev()
function.  The MAKEDEV command defaults to /dev on Fedora unless you
specify the -d option.  Maybe it defaults to ${CWD} on Ubuntu but not in
Fedora or RHEL deriv

Re: [lxc-devel] [PATCH] Support MS_SHARED / - issues calling MAKEDEV

[Serge Hallyn]

Quoting Michael H. Warfield (m...@wittsend.com):
> More on the MAKEDEV debacle...
...
> This whole thing with MAKEDEV is looking more and more like a morass
> with no way to cleanly resolve it.

It sounds like consensus is it should be dropped from staging?

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Support MS_SHARED / - issues calling MAKEDEV

[Alexander Vladimirov]

Well, properly placed hook could do all the things MAKEDEV supposed to do.

2013/1/9 Serge Hallyn :
> Quoting Michael H. Warfield (m...@wittsend.com):
>> More on the MAKEDEV debacle...
> ...
>> This whole thing with MAKEDEV is looking more and more like a morass
>> with no way to cleanly resolve it.
>
> It sounds like consensus is it should be dropped from staging?

--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Support MS_SHARED / - issues calling MAKEDEV

[Michael H. Warfield]

On Wed, 2013-01-09 at 04:31 +0800, Alexander Vladimirov wrote:
> Well, properly placed hook could do all the things MAKEDEV supposed to do.

And would give us the flexibility to worry about things like serial
devices or some USB devices or a few other things that would ordinarily
be populated by udev but don't vary over the life of the container.

> 2013/1/9 Serge Hallyn :
> > Quoting Michael H. Warfield (m...@wittsend.com):
> >> More on the MAKEDEV debacle...
> > ...
> >> This whole thing with MAKEDEV is looking more and more like a morass
> >> with no way to cleanly resolve it.
> >
> > It sounds like consensus is it should be dropped from staging?

+1 for dropping the call to MAKEDEV, yeah.

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  m...@wittsend.com
   /\/\|=mhw=|\/\/  | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9  | An optimist believes we live in the best of all
 PGP Key: 0x674627FF| possible worlds.  A pessimist is sure of it!


signature.asc
Description: This is a digitally signed message part
--
Master SQL Server Development, Administration, T-SQL, SSAS, SSIS, SSRS
and more. Get SQL Server skills now (including 2012) with LearnDevNow -
200+ hours of step-by-step video tutorials by Microsoft MVPs and experts.
SALE $99.99 this month only - learn more at:
http://p.sf.net/sfu/learnmore_122512___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH] Support MS_SHARED / - issues calling MAKEDEV

[Michael H. Warfield]

On Tue, 2013-01-08 at 15:40 -0500, Michael H. Warfield wrote:
> On Wed, 2013-01-09 at 04:31 +0800, Alexander Vladimirov wrote:
> > Well, properly placed hook could do all the things MAKEDEV supposed to do.
> 
> And would give us the flexibility to worry about things like serial
> devices or some USB devices or a few other things that would ordinarily
> be populated by udev but don't vary over the life of the container.
> 
> > 2013/1/9 Serge Hallyn :
> > > Quoting Michael H. Warfield (m...@wittsend.com):
> > >> More on the MAKEDEV debacle...
> > > ...
> > >> This whole thing with MAKEDEV is looking more and more like a morass
> > >> with no way to cleanly resolve it.
> > >
> > > It sounds like consensus is it should be dropped from staging?

> +1 for dropping the call to MAKEDEV, yeah.

Looking at the sources now, removing run_makedev() and the call to is is
pretty trivial.  I've already got a patch for that.

WRT Alexander's suggestion for a hook...  I like that idea but a
question comes up.  I've already got a patch for that hook,
lxc.hook.autodev, as well and it's very close to where the
lxc.hook.mount hooks is located only this one only gets invoked if
autodev=1.  I'm still doing some testing but it looks like this could be
done with the mount hook if we don't care for an isolated autodev one.
OTOH, I can see some value in having a separate hook that only gets
called if autodev is enabled.

Next thought...  I dawns on me that many of these scripts could use some
environment variables, such as the container name, the location of the
rootfs, the location of the conf file, etc, etc.  That way, you could
make the scripts a little more generic.  Problem is that we clear the
environment and set "container=lxc" very early on in the process of
starting up lxc-start.  Wouldn't that be just as effective if both where
done just before execing the container and giving us the ability to pass
environment variables to the hook scripts?  Maybe just AFTER
lxc.hook.start?

> Regards,
> Mike

Regards,
Mike
-- 
Michael H. Warfield (AI4NB) | (770) 985-6132 |  m...@wittsend.com
   /\/\|=mhw=|\/\/  | (678) 463-0932 |  http://www.wittsend.com/mhw/
   NIC whois: MHW9  | An optimist believes we live in the best of all
 PGP Key: 0x674627FF| possible worlds.  A pessimist is sure of it!


signature.asc
Description: This is a digitally signed message part
--
Master Java SE, Java EE, Eclipse, Spring, Hibernate, JavaScript, jQuery
and much more. Keep your Java skills current with LearnJavaNow -
200+ hours of step-by-step video tutorials by Java experts.
SALE $49.99 this month only -- learn more at:
http://p.sf.net/sfu/learnmore_122612 ___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel