Re: [lxc-devel] [PATCH] lxc-start-ephemeral: fixed bug with wrong ssh option (-k instead of -i)
Quoting Wojciech Izykowski (wizykow...@gmail.com): > Changes: > > * corrected ssh option for custom key (from -k to -i). Just see ssh > manpage for justification. > > Regards, > Wojciech Uh, yeah, clearly noone has tried to use that :) Thanks. Acked-by: Serge E. Hallyn > > --- src/lxc/lxc-start-ephemeral.in > +++ src/lxc/lxc-start-ephemeral.in > @@ -287,7 +287,7 @@ if args.user: > cmd += ["-l", args.user] > > if args.key: > -cmd += ["-k", args.key] > +cmd += ["-i", args.key] > > for ip in ips: > ssh_cmd = cmd + [ip] + args.command > > -- > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > ___ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] meeting on lxc with user namespaces?
Quoting erkan yanar (er...@linsenraum.de): > Ahoi Serge, > > On Wed, Jan 16, 2013 at 01:37:04PM -0600, Serge Hallyn wrote: > > Hi, > > > > Now that the core user namespace support is in both the 3.8 kernel > > and in the lxc staging branch, I thought it might be good to have > > a meeting to first make sure everyone understands what it is and > > what it can do, and second to discuss a path for what we want userns > > support in lxc to look like. > > > > are there any recordings about this events? > > regards > Erkan Hi, I wrote up a summary with a link to the irc chat at: http://s3hh.wordpress.com/2013/02/12/user-namespaces-lxc-meeting/ -serge -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] fix wait status in pid reuse case
Commit 37c3dfc9 sets the wait status on only the child pid. It
intended to match the pid only once to protect against pid reuse but it
won't because the indicator was reset to 0 every time at the top of the
loop. If the child pid is reused, the wait status will be set again.
Fix by setting indicator outside the loop.
Signed-off-by: Dwight Engen
---
src/lxc/lxc_init.c | 11 +--
1 file changed, 5 insertions(+), 6 deletions(-)
diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
index 5693da5..c83c2f1 100644
--- a/src/lxc/lxc_init.c
+++ b/src/lxc/lxc_init.c
@@ -63,7 +63,7 @@ int main(int argc, char *argv[])
int err = -1;
char **aargv;
sigset_t mask, omask;
- int i, shutdown = 0;
+ int i, have_status = 0, shutdown = 0;
while (1) {
int ret = getopt_long_only(argc, argv, "", options, NULL);
@@ -162,7 +162,6 @@ int main(int argc, char *argv[])
err = 0;
for (;;) {
int status;
- int orphan = 0;
pid_t waited_pid;
switch (was_interrupted) {
@@ -209,10 +208,10 @@ int main(int argc, char *argv[])
* (not wrapped pid) and continue to wait for
* the end of the orphan group.
*/
- if ((waited_pid != pid) || (orphan ==1))
- continue;
- orphan = 1;
- err = lxc_error_set_and_log(waited_pid, status);
+ if (waited_pid == pid && !have_status) {
+ err = lxc_error_set_and_log(waited_pid, status);
+ have_status = 1;
+ }
}
out:
return err;
--
1.7.12.3
--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] LXC 0.9 release, staging branch re-opened for 1.0
Hello everyone, As you may have noticed, Daniel released LXC 0.9 on Saturday. I've now rebased the staging branch on that and update it on github. I'll be travelling and taking some time off over the next few days but will nevertheless try to get the various patches currently sitting on the mailing-list into staging ASAP. The final tarball may be found at: http://lxc.sourceforge.net/download/lxc/lxc-0.9.0.tar.gz A draft roadmap for 1.0 can be found at: https://wiki.ubuntu.com/LXC/1.0-roadmap Feel free to add items to that list. We'll use the mailing-list to coordinate the work as usual. I don't have any clear timeline for the various milestones of 1.0 yet besides the fact that I'd like to have 1.0 release in February 2014, putting Plumbers (September 2013) pretty much at the middle of the dev cycle. Thanks again for all the work you've done on 0.9 and looking forward to a very exciting 1.0. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: OpenPGP digital signature -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] Something to think about (PGP signing)...
Hey all, With the release of 0.9.0 I started thinking about something. We're not signing those tarballs with PGP or even publishing MD5/SHA-1/SHA-256 checksums on them. That has been kind of a standard practice with a lot of packages, most particularly with anything that can impact security. the Samba packages (I'm on the Samba Team) are all signed and the team signing key has been signed by several of us, including me, that anchors it all the way back to the "dead trees edition" book of the web of trust fingerprints. As we're now opening up the branch heading for 1.0, should we start thinking about establishing a key, getting it signed, and starting to use it for releases? Just food for though. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] fix wait status in pid reuse case
Quoting Dwight Engen (dwight.en...@oracle.com):
> Commit 37c3dfc9 sets the wait status on only the child pid. It
> intended to match the pid only once to protect against pid reuse but it
> won't because the indicator was reset to 0 every time at the top of the
> loop. If the child pid is reused, the wait status will be set again.
> Fix by setting indicator outside the loop.
>
> Signed-off-by: Dwight Engen
Acked-by: Serge E. Hallyn
> ---
> src/lxc/lxc_init.c | 11 +--
> 1 file changed, 5 insertions(+), 6 deletions(-)
>
> diff --git a/src/lxc/lxc_init.c b/src/lxc/lxc_init.c
> index 5693da5..c83c2f1 100644
> --- a/src/lxc/lxc_init.c
> +++ b/src/lxc/lxc_init.c
> @@ -63,7 +63,7 @@ int main(int argc, char *argv[])
> int err = -1;
> char **aargv;
> sigset_t mask, omask;
> - int i, shutdown = 0;
> + int i, have_status = 0, shutdown = 0;
>
> while (1) {
> int ret = getopt_long_only(argc, argv, "", options, NULL);
> @@ -162,7 +162,6 @@ int main(int argc, char *argv[])
> err = 0;
> for (;;) {
> int status;
> - int orphan = 0;
> pid_t waited_pid;
>
> switch (was_interrupted) {
> @@ -209,10 +208,10 @@ int main(int argc, char *argv[])
>* (not wrapped pid) and continue to wait for
>* the end of the orphan group.
>*/
> - if ((waited_pid != pid) || (orphan ==1))
> - continue;
> - orphan = 1;
> - err = lxc_error_set_and_log(waited_pid, status);
> + if (waited_pid == pid && !have_status) {
> + err = lxc_error_set_and_log(waited_pid, status);
> + have_status = 1;
> + }
> }
> out:
> return err;
> --
> 1.7.12.3
>
>
> --
> Minimize network downtime and maximize team effectiveness.
> Reduce network management and security costs.Learn how to hire
> the most talented Cisco Certified professionals. Visit the
> Employer Resources Portal
> http://www.cisco.com/web/learning/employer_resources/index.html
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] minor documentation fixes / clarification
Signed-off-by: Dwight Engen --- doc/legacy/lxc-ls.sgml.in | 4 ++-- doc/lxc-execute.sgml.in | 8 doc/lxc-ps.sgml.in| 6 +++--- doc/lxc-unshare.sgml.in | 6 +++--- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/doc/legacy/lxc-ls.sgml.in b/doc/legacy/lxc-ls.sgml.in index c04a4a4..60c085c 100644 --- a/doc/legacy/lxc-ls.sgml.in +++ b/doc/legacy/lxc-ls.sgml.in @@ -50,7 +50,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA lxc-ls --active - ls option + ls options @@ -79,7 +79,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - ls options + ls options diff --git a/doc/lxc-execute.sgml.in b/doc/lxc-execute.sgml.in index c83a5eb..de233f6 100644 --- a/doc/lxc-execute.sgml.in +++ b/doc/lxc-execute.sgml.in @@ -132,12 +132,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA Signal the end of options and disables further option processing. Any arguments after the -- are treated as - arguments. + arguments to command. - This option is useful when you want to execute, with the - command lxc-execute, a command line - with its own options. + This option is useful when you want specify options + to command and don't want + lxc-execute to interpret them. diff --git a/doc/lxc-ps.sgml.in b/doc/lxc-ps.sgml.in index f20bb02..b0103cf 100644 --- a/doc/lxc-ps.sgml.in +++ b/doc/lxc-ps.sgml.in @@ -52,7 +52,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA --name name --lxc --host - -- ps option + -- ps options @@ -69,7 +69,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA the container associated to processes. - The additionnal specified ps options must not + The additional specified ps options must not remove the default ps header and the pid information, to be able to have the lxc-ps to find the container associated to processes. @@ -119,7 +119,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - ps options + ps options diff --git a/doc/lxc-unshare.sgml.in b/doc/lxc-unshare.sgml.in index 1fbaf0b..5c899b6 100644 --- a/doc/lxc-unshare.sgml.in +++ b/doc/lxc-unshare.sgml.in @@ -49,7 +49,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - lxc-clone + lxc-unshare -s namespaces -u user command @@ -115,7 +115,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA To spawn a new shell with its own UTS (hostname) namespace, - lxc-clone -s UTSNAME /bin/bash + lxc-unshare -s UTSNAME /bin/bash If the hostname is changed in that shell, the change will not be reflected on the host. @@ -123,7 +123,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA To spawn a shell in a new network, pid, and mount namespace, - lxc-clone -s "NETWORK|PID|MOUNT" /bin/bash + lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash The resulting shell will have pid 1 and will see no network interfaces. After re-mounting /proc in that shell, -- 1.7.12.3 -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC 0.9 release, staging branch re-opened for 1.0
Hi there, > A draft roadmap for 1.0 can be found at: > https://wiki.ubuntu.com/LXC/1.0-roadmap > > Feel free to add items to that list. We'll use the mailing-list to > coordinate the work as usual. I've been working on using LXC containers in a Pacemaker (Linux-HA) environment, i.e. writing resource agents (RAs) that manage containers, additional IPs inside containers, managing services inside containers and mounting stuff into containers. It's not quite ready yet (albeit almost), but I was wondering whether you might be interested in including them in the LXC project or you think they'd be better off somewhere else. Regards, Christian -- Minimize network downtime and maximize team effectiveness. Reduce network management and security costs.Learn how to hire the most talented Cisco Certified professionals. Visit the Employer Resources Portal http://www.cisco.com/web/learning/employer_resources/index.html ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] Howto user namespaces?
Hi!
I'm on Linux 3.8 and lxc 0.9.0.
How are the user namespaces in lxc supposed to work?
I've created an opensuse instance using "lxc-create -n foo -t
/usr/share/lxc/templates/lxc-opensuse" and the added these two lines
to the config:
lxc.id_map = u 0 10 1
lxc.id_map = g 0 10 1
But now lxc-start fails.
lxc-start: Operation not permitted - Failed to mount /dev at
/usr/lib64/lxc/rootfs
The following syscall fails:
mount("none", "/usr/lib64/lxc/rootfs/dev", "tmpfs", 0, "size=10")
= -1 EPERM (Operation not permitted)
Am I missing something obvious?
--
Thanks,
//richard
--
Minimize network downtime and maximize team effectiveness.
Reduce network management and security costs.Learn how to hire
the most talented Cisco Certified professionals. Visit the
Employer Resources Portal
http://www.cisco.com/web/learning/employer_resources/index.html
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] Use container specific domain socket name
From: "S.Çağlar Onur"
Otherwise trying to start N containers in parallel gives "lxc_container: bind :
Address already in use" error.
Found while using Go bindings to create/start/stop large number of containers
in parallel so I reproduced the same using Python API to rule out possible Go
related problems.
import lxc
from queue import Empty
from multiprocessing import Process, Queue
def create(q):
while True:
try:
x = q.get(block=False)
c = lxc.Container(str(x))
print("Starting", x)
c.start()
except Empty:
break
if __name__=="__main__":
work_queue = Queue()
for i in range(11):
work_queue.put(i)
process = [Process(target=create, args=(work_queue,)) for i in range(4)]
for p in process:
p.start()
for p in process:
p.join()
caglar@qgq:~/Project$ sudo python3 cstart.py
Starting 0
Starting 1
lxc_container: bind : Address already in use
Starting 3
Starting 4
Starting 2
lxc_container: lxc_container: bind : Address already in use
bind : Address already in uselxc_container: bind : Address already in use
Starting 5
Starting 6
lxc_container: bind : Address already in use
lxc_container: bind : Address already in use
Starting 7
Starting 8
Starting 9
lxc_container: bind : Address already in use
lxc_container: bind : Address already in use
lxc_container: bind : Address already in use
Starting 10
lxc_container: bind : Address already in use
Signed-off-by: S.Çağlar Onur
---
src/lxc/lxc.h |2 +-
src/lxc/lxc_monitor.c |2 +-
src/lxc/monitor.c | 10 +-
src/lxc/state.c |2 +-
4 files changed, 8 insertions(+), 8 deletions(-)
diff --git a/src/lxc/lxc.h b/src/lxc/lxc.h
index db921f0..224d460 100644
--- a/src/lxc/lxc.h
+++ b/src/lxc/lxc.h
@@ -74,7 +74,7 @@ extern int lxc_execute(const char *name, char *const argv[],
int quiet,
* The function will return an fd corresponding to the events
* Returns a file descriptor on success, < 0 otherwise
*/
-extern int lxc_monitor_open(const char *lxcpath);
+extern int lxc_monitor_open(const char *lxcpath, const char *lxcname);
/*
* Read the state of the container if this one has changed
diff --git a/src/lxc/lxc_monitor.c b/src/lxc/lxc_monitor.c
index 0530373..4898377 100644
--- a/src/lxc/lxc_monitor.c
+++ b/src/lxc/lxc_monitor.c
@@ -87,7 +87,7 @@ int main(int argc, char *argv[])
return -1;
}
- fd = lxc_monitor_open(my_args.lxcpath);
+ fd = lxc_monitor_open(my_args.lxcpath, my_args.name);
if (fd < 0)
return -1;
diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c
index afdaf67..2590559 100644
--- a/src/lxc/monitor.c
+++ b/src/lxc/monitor.c
@@ -47,7 +47,7 @@ lxc_log_define(lxc_monitor, lxc);
#define UNIX_PATH_MAX 108
#endif
-static void lxc_monitor_send(struct lxc_msg *msg, const char *lxcpath)
+static void lxc_monitor_send(struct lxc_msg *msg, const char *lxcpath, const
char *lxcname)
{
int fd;
struct sockaddr_un addr = { .sun_family = AF_UNIX };
@@ -59,7 +59,7 @@ static void lxc_monitor_send(struct lxc_msg *msg, const char
*lxcpath)
* should we take a hash of lxcpath? a subset of it?
*/
len = sizeof(addr.sun_path) - 1;
- ret = snprintf(offset, len, "%s/lxc-monitor", lxcpath);
+ ret = snprintf(offset, len, "%s/%s-monitor", lxcpath, lxcname);
if (ret < 0 || ret >= len) {
ERROR("lxcpath too long to open monitor");
return;
@@ -82,10 +82,10 @@ void lxc_monitor_send_state(const char *name, lxc_state_t
state, const char *lxc
strncpy(msg.name, name, sizeof(msg.name));
msg.name[sizeof(msg.name) - 1] = 0;
- lxc_monitor_send(&msg, lxcpath);
+ lxc_monitor_send(&msg, lxcpath, name);
}
-int lxc_monitor_open(const char *lxcpath)
+int lxc_monitor_open(const char *lxcpath, const char *lxcname)
{
struct sockaddr_un addr = { .sun_family = AF_UNIX };
char *offset = &addr.sun_path[1];
@@ -97,7 +97,7 @@ int lxc_monitor_open(const char *lxcpath)
* should we take a hash of lxcpath? a subset of it?
*/
len = sizeof(addr.sun_path) - 1;
- ret = snprintf(offset, len, "%s/lxc-monitor", lxcpath);
+ ret = snprintf(offset, len, "%s/%s-monitor", lxcpath, lxcname);
if (ret < 0 || ret >= len) {
ERROR("lxcpath too long to open monitor");
return -1;
diff --git a/src/lxc/state.c b/src/lxc/state.c
index 3e7e94a..454c02e 100644
--- a/src/lxc/state.c
+++ b/src/lxc/state.c
@@ -201,7 +201,7 @@ extern int lxc_wait(const char *lxcname, const char
*states, int timeout, const
if (fillwaitedstates(states, s))
return -1;
- fd = lxc_monitor_open(lxcpath);
+ fd = lxc_monitor_open(lxcpath, lxcname);
if (fd < 0)
return -1;
--
1.7.10.4
Re: [lxc-devel] [PATCH] minor documentation fixes / clarification
Quoting Dwight Engen (dwight.en...@oracle.com): > Signed-off-by: Dwight Engen > Acked-by: Serge E. Hallyn Note i think your patch was linewrap-damaged. Could you resend (with my ack) or post a github link? > --- > doc/legacy/lxc-ls.sgml.in | 4 ++-- > doc/lxc-execute.sgml.in | 8 > doc/lxc-ps.sgml.in| 6 +++--- > doc/lxc-unshare.sgml.in | 6 +++--- > 4 files changed, 12 insertions(+), 12 deletions(-) > > diff --git a/doc/legacy/lxc-ls.sgml.in b/doc/legacy/lxc-ls.sgml.in > index c04a4a4..60c085c 100644 > --- a/doc/legacy/lxc-ls.sgml.in > +++ b/doc/legacy/lxc-ls.sgml.in > @@ -50,7 +50,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, > MA 02111-1307 USA >lxc-ls >--active > - ls option > + ls options > > > > @@ -79,7 +79,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, > MA 02111-1307 USA > > > - ls options > + ls > options > > > diff --git a/doc/lxc-execute.sgml.in b/doc/lxc-execute.sgml.in > index c83a5eb..de233f6 100644 > --- a/doc/lxc-execute.sgml.in > +++ b/doc/lxc-execute.sgml.in > @@ -132,12 +132,12 @@ Foundation, Inc., 59 Temple Place, Suite 330, > Boston, MA 02111-1307 USA > Signal the end of options and disables further option > processing. Any arguments after the -- are treated as > - arguments. > + arguments to command. > > > - This option is useful when you want to execute, with the > - command lxc-execute, a command line > - with its own options. > + This option is useful when you want specify options > + to command and don't want > + lxc-execute to interpret them. > > > > diff --git a/doc/lxc-ps.sgml.in b/doc/lxc-ps.sgml.in > index f20bb02..b0103cf 100644 > --- a/doc/lxc-ps.sgml.in > +++ b/doc/lxc-ps.sgml.in > @@ -52,7 +52,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, > MA 02111-1307 USA --name > name --lxc >--host > - -- ps option > + -- ps options > > > > @@ -69,7 +69,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, > MA 02111-1307 USA the container associated to processes. > > > - The additionnal specified ps options must not > + The additional specified ps options > must not remove the default ps header and the pid information, > to be able to have the lxc-ps to find > the container associated to processes. > @@ -119,7 +119,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, > Boston, MA 02111-1307 USA > > > - ps options > + ps > options > > > diff --git a/doc/lxc-unshare.sgml.in b/doc/lxc-unshare.sgml.in > index 1fbaf0b..5c899b6 100644 > --- a/doc/lxc-unshare.sgml.in > +++ b/doc/lxc-unshare.sgml.in > @@ -49,7 +49,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, > MA 02111-1307 USA > > > - lxc-clone > + lxc-unshare >-s namespaces >-u user >command > @@ -115,7 +115,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, > Boston, MA 02111-1307 USA > To spawn a new shell with its own UTS (hostname) namespace, > > - lxc-clone -s UTSNAME /bin/bash > + lxc-unshare -s UTSNAME /bin/bash > > If the hostname is changed in that shell, the change will not > be reflected on the host. > @@ -123,7 +123,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, > Boston, MA 02111-1307 USA > To spawn a shell in a new network, pid, and mount namespace, > > - lxc-clone -s "NETWORK|PID|MOUNT" /bin/bash > + lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash > > The resulting shell will have pid 1 and will see no network > interfaces. After re-mounting /proc in that shell, > -- > 1.7.12.3 > > > -- > Minimize network downtime and maximize team effectiveness. > Reduce network management and security costs.Learn how to hire > the most talented Cisco Certified professionals. Visit the > Employer Resources Portal > http://www.cisco.com/web/learning/employer_resources/index.html > ___ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Howto user namespaces?
Quoting richard -rw- weinberger (richard.weinber...@gmail.com):
> Hi!
>
> I'm on Linux 3.8 and lxc 0.9.0.
> How are the user namespaces in lxc supposed to work?
>
> I've created an opensuse instance using "lxc-create -n foo -t
> /usr/share/lxc/templates/lxc-opensuse" and the added these two lines
> to the config:
> lxc.id_map = u 0 10 1
> lxc.id_map = g 0 10 1
>
> But now lxc-start fails.
> lxc-start: Operation not permitted - Failed to mount /dev at
> /usr/lib64/lxc/rootfs
>
> The following syscall fails:
> mount("none", "/usr/lib64/lxc/rootfs/dev", "tmpfs", 0, "size=10")
> = -1 EPERM (Operation not permitted)
>
> Am I missing something obvious?
lxc-create does not yet convert the rootfs to the mapped uids, so you
need to do that manually using uidmapshift. Check the
container-userns-convert script at
https://code.launchpad.net/~serge-hallyn/+junk/nsexec or in the nsexec
package at ppa:serge-hallyn/userns-natty.
-serge
--
Precog is a next-generation analytics platform capable of advanced
analytics on semi-structured data. The platform includes APIs for building
apps and a phenomenal toolset for data science. Developers can use
our toolset for easy data analysis & visualization. Get a free account!
http://www2.precog.com/precogplatform/slashdotnewsletter
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] LXC 0.9 release, staging branch re-opened for 1.0
Quoting Christian Seiler (christ...@iwakd.de): > Hi there, > > > A draft roadmap for 1.0 can be found at: > > https://wiki.ubuntu.com/LXC/1.0-roadmap > > > > Feel free to add items to that list. We'll use the mailing-list to > > coordinate the work as usual. > > I've been working on using LXC containers in a Pacemaker (Linux-HA) > environment, i.e. writing resource agents (RAs) that manage containers, > additional IPs inside containers, managing services inside containers Are they using the api? > and mounting stuff into containers. It's not quite ready yet (albeit > almost), but I was wondering whether you might be interested in > including them in the LXC project or you think they'd be better off > somewhere else. I'd have to take a look to see exactly what they do. It sounds like they are more of a user of lxc so might be better off elsewhere, but I could be misunderstanding. If it's something which would benefit lxc in general then it'd belong. Please do send us a link to the code when you feel ready so we can take a look. thanks, -serge -- Precog is a next-generation analytics platform capable of advanced analytics on semi-structured data. The platform includes APIs for building apps and a phenomenal toolset for data science. Developers can use our toolset for easy data analysis & visualization. Get a free account! http://www2.precog.com/precogplatform/slashdotnewsletter ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
