[lxc-devel] [lxc/lxc] 996c63: doc: Update lxc-monitor(1) man page
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 996c63c73eb3859a99ab1e6acf22fc60ab553df9 https://github.com/lxc/lxc/commit/996c63c73eb3859a99ab1e6acf22fc60ab553df9 Author: KATOH Yasufumi Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M doc/ja/lxc-monitor.sgml.in Log Message: --- doc: Update lxc-monitor(1) man page - Update to commit 'fbf050e4c211030eb343008583f76605dfaaef38' - Improve translation Acked-by: Serge E. Hallyn Signed-off-by: Serge E. Hallyn -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] cab158: doc: Remove unnecessary Diagnostic entry in lxc-st...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: cab158ed3c1a8eccd715f28d8a848e2c7c7f8ff6 https://github.com/lxc/lxc/commit/cab158ed3c1a8eccd715f28d8a848e2c7c7f8ff6 Author: KATOH Yasufumi Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M doc/ja/lxc-stop.sgml.in M doc/lxc-stop.sgml.in Log Message: --- doc: Remove unnecessary Diagnostic entry in lxc-stop(1) Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Commit: 99282c429a23a2ffa699ca149bb7f9cd5705646a https://github.com/lxc/lxc/commit/99282c429a23a2ffa699ca149bb7f9cd5705646a Author: KATOH Yasufumi Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M doc/ja/lxc-clone.sgml.in M doc/ja/lxc.conf.sgml.in M doc/lxc-clone.sgml.in M doc/lxc.conf.sgml.in Log Message: --- doc: Fix some typos Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/996c63c73eb3...99282c429a23 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 Author: Renich Bon Ciric Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M templates/lxc-fedora.in Log Message: --- Update lxc-fedora.in Fedora 19's release has no -1 revision; it's a -2 revision actually: ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ Signed-off-by: Renich Bon Ciric Acked-by: Stéphane Graber Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d Author: Stéphane Graber Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M templates/lxc-fedora.in Log Message: --- fedora: Use consistent tab/space indent Signed-off-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] fix lxc-info segv on stopped container
Signed-off-by: Dwight Engen
---
src/lxc/lxc_info.c | 14 --
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
index 23cf789..a4fa3e1 100644
--- a/src/lxc/lxc_info.c
+++ b/src/lxc/lxc_info.c
@@ -124,12 +124,14 @@ int main(int argc, char *argv[])
if (ips) {
char **addresses = c->get_ips(c, NULL, NULL, 0);
- char *address;
- i = 0;
- while (addresses[i]) {
- address = addresses[i];
- printf("ip: \t%s\n", address);
- i++;
+ if (addresses) {
+ char *address;
+ i = 0;
+ while (addresses[i]) {
+ address = addresses[i];
+ printf("ip: \t%s\n", address);
+ i++;
+ }
}
}
--
1.8.1.4
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
Ah Crap... Just when I'm almost done regression testing my updates to the lxc-fedora template... Stéphane, When did this come in? I thought I had already fixed that version gotcha for Fedora 19 (which is now up to -4 in updates) and that it had been committed to staging long before Linux Plumbers. That commit looks like it would conflict with the changes I made to generalize that release logic and bring some sanity to the retry logic. In fact, I was the one that accidentally introduced the tab / space inconsistencies also noted in the log and was cleaning those up in my bit patch I'm working on now. Regards, Mike On Wed, 2013-10-02 at 08:47 -0700, GitHub wrote: > Branch: refs/heads/master > Home: https://github.com/lxc/lxc > Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 > Author: Renich Bon Ciric > Date: 2013-10-02 (Wed, 02 Oct 2013) > > Changed paths: > M templates/lxc-fedora.in > > Log Message: > --- > Update lxc-fedora.in > > Fedora 19's release has no -1 revision; it's a -2 revision actually: > ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ > > Signed-off-by: Renich Bon Ciric > Acked-by: Stéphane Graber > > > Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d > > https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d > Author: Stéphane Graber > Date: 2013-10-02 (Wed, 02 Oct 2013) > > Changed paths: > M templates/lxc-fedora.in > > Log Message: > --- > fedora: Use consistent tab/space indent > > Signed-off-by: Stéphane Graber > > > Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 > > -- > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > ___ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
On Wed, 2013-10-02 at 12:12 -0400, Michael H. Warfield wrote: > Ah Crap... Just when I'm almost done regression testing my updates to > the lxc-fedora template... > Stéphane, > When did this come in? I thought I had already fixed that version > gotcha for Fedora 19 (which is now up to -4 in updates) and that it had > been committed to staging long before Linux Plumbers. That commit looks > like it would conflict with the changes I made to generalize that > release logic and bring some sanity to the retry logic. > In fact, I was the one that accidentally introduced the tab / space > inconsistencies also noted in the log and was cleaning those up in my > bit patch I'm working on now. Ok... Looking at the diff and I can see that the change log looks a bit deceptive and the commit is actually only fixing up the tab / space inconsistency. It's purely a cosmetic fix. The Fedora 19 release change was a red herring. > Regards, > Mike Regards, Mike > On Wed, 2013-10-02 at 08:47 -0700, GitHub wrote: > > Branch: refs/heads/master > > Home: https://github.com/lxc/lxc > > Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > > https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > Author: Renich Bon Ciric > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > Changed paths: > > M templates/lxc-fedora.in > > > > Log Message: > > --- > > Update lxc-fedora.in > > > > Fedora 19's release has no -1 revision; it's a -2 revision actually: > > ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ > > > > Signed-off-by: Renich Bon Ciric > > Acked-by: Stéphane Graber > > > > > > Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > > https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d > > Author: Stéphane Graber > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > Changed paths: > > M templates/lxc-fedora.in > > > > Log Message: > > --- > > fedora: Use consistent tab/space indent > > > > Signed-off-by: Stéphane Graber > > > > > > Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 > > > > -- > > October Webinars: Code for Performance > > Free Intel webinars can help you accelerate application performance. > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > from > > the latest Intel processors and coprocessors. See abstracts and register > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > > ___ > > Lxc-devel mailing list > > Lxc-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/lxc-devel > -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
Oops, sorry if I caused a few conflicts with your upcoming patchset... We had the fedora 19 fix as a pull request on github for a while so I just applied it when going through the outstanding merge proposals this morning. Then git complained about a mixed tab/space in that patch, so I looked at the file and fixed all of those too, which I guess will be the largest source of conflicts with your work... On Wed, Oct 02, 2013 at 12:12:19PM -0400, Michael H. Warfield wrote: > Ah Crap... Just when I'm almost done regression testing my updates to > the lxc-fedora template... > > Stéphane, > > When did this come in? I thought I had already fixed that version > gotcha for Fedora 19 (which is now up to -4 in updates) and that it had > been committed to staging long before Linux Plumbers. That commit looks > like it would conflict with the changes I made to generalize that > release logic and bring some sanity to the retry logic. > > In fact, I was the one that accidentally introduced the tab / space > inconsistencies also noted in the log and was cleaning those up in my > bit patch I'm working on now. > > Regards, > Mike > > On Wed, 2013-10-02 at 08:47 -0700, GitHub wrote: > > Branch: refs/heads/master > > Home: https://github.com/lxc/lxc > > Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > > https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > Author: Renich Bon Ciric > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > Changed paths: > > M templates/lxc-fedora.in > > > > Log Message: > > --- > > Update lxc-fedora.in > > > > Fedora 19's release has no -1 revision; it's a -2 revision actually: > > ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ > > > > Signed-off-by: Renich Bon Ciric > > Acked-by: Stéphane Graber > > > > > > Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > > https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d > > Author: Stéphane Graber > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > Changed paths: > > M templates/lxc-fedora.in > > > > Log Message: > > --- > > fedora: Use consistent tab/space indent > > > > Signed-off-by: Stéphane Graber > > > > > > Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 > > > > -- > > October Webinars: Code for Performance > > Free Intel webinars can help you accelerate application performance. > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > from > > the latest Intel processors and coprocessors. See abstracts and register > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > > ___ > > Lxc-devel mailing list > > Lxc-devel@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/lxc-devel > > -- > Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com >/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ >NIC whois: MHW9 | An optimist believes we live in the best of all > PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] fix lxc-info segv on stopped container
On Wed, Oct 02, 2013 at 12:14:58PM -0400, Dwight Engen wrote:
> Signed-off-by: Dwight Engen
Doh, not sure how I managed to miss that one!
Thanks!
Acked-by: Stéphane Graber
> ---
> src/lxc/lxc_info.c | 14 --
> 1 file changed, 8 insertions(+), 6 deletions(-)
>
> diff --git a/src/lxc/lxc_info.c b/src/lxc/lxc_info.c
> index 23cf789..a4fa3e1 100644
> --- a/src/lxc/lxc_info.c
> +++ b/src/lxc/lxc_info.c
> @@ -124,12 +124,14 @@ int main(int argc, char *argv[])
>
> if (ips) {
> char **addresses = c->get_ips(c, NULL, NULL, 0);
> - char *address;
> - i = 0;
> - while (addresses[i]) {
> - address = addresses[i];
> - printf("ip: \t%s\n", address);
> - i++;
> + if (addresses) {
> + char *address;
> + i = 0;
> + while (addresses[i]) {
> + address = addresses[i];
> + printf("ip: \t%s\n", address);
> + i++;
> + }
> }
> }
>
> --
> 1.8.1.4
>
>
> --
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] bd79cb: fix lxc-info segv on stopped container
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: bd79cb223d32634d66254264096040e86f763588 https://github.com/lxc/lxc/commit/bd79cb223d32634d66254264096040e86f763588 Author: Dwight Engen Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M src/lxc/lxc_info.c Log Message: --- fix lxc-info segv on stopped container Signed-off-by: Dwight Engen Acked-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 01660c: Avoid ldconfig due to cross-compilation problems.
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 01660cccb99433ecb970c534d2c0077a7fe84299 https://github.com/lxc/lxc/commit/01660cccb99433ecb970c534d2c0077a7fe84299 Author: Andrey Mazo Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M src/lxc/Makefile.am Log Message: --- Avoid ldconfig due to cross-compilation problems. Otherwise, it cases problems on cbuild endianness != ctarget endianness setups because /sbin/ldconfig expects elf header in the wrong endianness. Signed-off-by: Andrey Mazo Acked-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
On Wed, 2013-10-02 at 12:19 -0400, Stéphane Graber wrote: > Oops, sorry if I caused a few conflicts with your upcoming patchset... > We had the fedora 19 fix as a pull request on github for a while so I > just applied it when going through the outstanding merge proposals this > morning. > Then git complained about a mixed tab/space in that patch, so I looked > at the file and fixed all of those too, which I guess will be the > largest source of conflicts with your work... Interesting. I wasn't aware that git would do that. Very interesting. I think I have all those tabs cleaned up in my big patch and it should be congruent. I did a fresh clone from github after the resource reorg so I should be reasonably clean with what's in the main branch. Right now, I'm spending hours "walking the dog" (regression testing builds of various versions on various platforms). I just caught a case when building on Oracle and discovered that the Oracle "mount" command didn't support implicit loop devices and required an explicit "-o loop", which I just fixed and I'm back to "walking the dog" again. :-P I think this one would have also caught me on CentOS which I'm going to be testing shortly. > On Wed, Oct 02, 2013 at 12:12:19PM -0400, Michael H. Warfield wrote: > > Ah Crap... Just when I'm almost done regression testing my updates to > > the lxc-fedora template... > > > > Stéphane, > > > > When did this come in? I thought I had already fixed that version > > gotcha for Fedora 19 (which is now up to -4 in updates) and that it had > > been committed to staging long before Linux Plumbers. That commit looks > > like it would conflict with the changes I made to generalize that > > release logic and bring some sanity to the retry logic. > > > > In fact, I was the one that accidentally introduced the tab / space > > inconsistencies also noted in the log and was cleaning those up in my > > bit patch I'm working on now. > > > > Regards, > > Mike > > > > On Wed, 2013-10-02 at 08:47 -0700, GitHub wrote: > > > Branch: refs/heads/master > > > Home: https://github.com/lxc/lxc > > > Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > > > > https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > Author: Renich Bon Ciric > > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > > > Changed paths: > > > M templates/lxc-fedora.in > > > > > > Log Message: > > > --- > > > Update lxc-fedora.in > > > > > > Fedora 19's release has no -1 revision; it's a -2 revision actually: > > > ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ > > > > > > Signed-off-by: Renich Bon Ciric > > > Acked-by: Stéphane Graber > > > > > > > > > Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > > > > https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > Author: Stéphane Graber > > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > > > Changed paths: > > > M templates/lxc-fedora.in > > > > > > Log Message: > > > --- > > > fedora: Use consistent tab/space indent > > > > > > Signed-off-by: Stéphane Graber > > > > > > > > > Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 > > > > > > -- > > > October Webinars: Code for Performance > > > Free Intel webinars can help you accelerate application performance. > > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > > from > > > the latest Intel processors and coprocessors. See abstracts and register > > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > > > ___ > > > Lxc-devel mailing list > > > Lxc-devel@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/lxc-devel > > > > -- > > Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com > >/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > >NIC whois: MHW9 | An optimist believes we live in the best of > > all > > PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! > > > > -- > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > ___ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ N
[lxc-devel] [lxc/lxc] a8aa70: lxc_init: Use sig_atomic_t for was_interrupted
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: a8aa709c9de0e6b4c6174396590e265f7bda75c7 https://github.com/lxc/lxc/commit/a8aa709c9de0e6b4c6174396590e265f7bda75c7 Author: Stéphane Graber Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M src/lxc/lxc_init.c Log Message: --- lxc_init: Use sig_atomic_t for was_interrupted Suggested-by: Markus Elfring Signed-off-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] c61eaa: lxc-fedora: Show usage when no name is passed
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: c61eaadcf87ef9d336992651ff85387de62b8a1a https://github.com/lxc/lxc/commit/c61eaadcf87ef9d336992651ff85387de62b8a1a Author: Stéphane Graber Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M templates/lxc-fedora.in Log Message: --- lxc-fedora: Show usage when no name is passed Reported-by: Anatoly Techtonik Signed-off-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu
>From the file comments:
"""
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
These require the ubuntu lxc package to be installed.
General lxc functionality testing does not belong here.
"""
Signed-off-by: Serge Hallyn
---
configure.ac | 1 +
src/tests/Makefile.am | 4 +++
src/tests/lxc-test-ubuntu | 86 +++
3 files changed, 91 insertions(+)
create mode 100644 src/tests/lxc-test-ubuntu
diff --git a/configure.ac b/configure.ac
index 92a4690..d7f2f03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -51,6 +51,7 @@ case $with_distro in
esac
AC_MSG_RESULT([$with_distro])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
x"$with_distro" = "xubuntu"])
+AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
# Detect the newuidmap tool (required for userns)
AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index 479facc..ef65958 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests
lxc-test-startone \
bin_SCRIPTS = lxc-test-usernic
+if DISTRO_UBUNTU
+bin_SCRIPTS += lxc-test-ubuntu
+endif
+
endif
EXTRA_DIST = \
diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
new file mode 100644
index 000..efe9d0f
--- /dev/null
+++ b/src/tests/lxc-test-ubuntu
@@ -0,0 +1,86 @@
+#!/bin/sh
+
+# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
+# Some features of lxc - networking and LSM configuration for instance -
+# are generally configured by the distro packages. This program
+# tests the Ubuntu configuration.
+
+# These require the ubuntu lxc package to be installed.
+
+# General lxc functionality testing does not belong here.
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+set -e
+
+FAIL() {
+ echo -n "Failed " >&2
+ echo "$*" >&2
+ exit 1
+}
+
+# Only run on a normally configured ubuntu lxc system
+if [ ! -d /sys/class/net/lxcbr0 ]; then
+ echo "lxcbr0 is not configured."
+ exit 0
+fi
+if [ "$(id -u)" != "0" ]; then
+ echo "Must run as root."
+ exit 0
+fi
+if ! which host 2>&1 > /dev/null; then
+ echo "'host' program not found. Please install bind9-host"
+ exit 0
+fi
+
+haveexpect=1
+if ! which expect 2>&1 > /dev/null; then
+ echo "Expect is not installed; skipping some tests"
+ haveexpect=0
+fi
+
+lxcbrip=`ifconfig lxcbr0 | awk -F: '/inet addr/ {print $2}' | awk '{print $1}'`
+
+for template in ubuntu ubuntu-cloud; do
+ # need a different name for each container so dnsmasq doesn't
+ # mess us up with its caching
+ if which uuidgen 2>&1 > /dev/null; then
+ name=$(uuidgen)
+ else
+ name=lxc-test-$template
+ fi
+ lxc-create -t $template -n $name || FAIL "creating $template container"
+ lxc-start -n $name -d || FAIL "starting $template container"
+ lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
to run"
+ for tries in `seq 1 5`; do
+ lxcip=`host $name $lxcbrip | tail -1 | awk '{print $NF}'`
+ echo "$lxcip" | grep NXDOMAIN 2>&1 > /dev/null || break
+ sleep 1
+ done
+ echo "$lxcip" | grep NXDOMAIN 2>&1 > /dev/null && FAIL "Networking
failed to start"
+
+ ping -c 1 $lxcip || FAIL "$template container network is not up"
+ # Check apparmor
+ lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
$1}'`
+ aa=`cat /proc/$lxcpid/attr/current`
+ if [ "$aa" != "lxc-container-default-with-nesting (enforce)" ]; then
+ FAIL "Apparmor status is incorrect (profile is \"$aa\")"
+ fi
+ lxc-stop -n $name
+ lxc-destroy -n $name
+done
+
+exit 0
--
1.8.3.2
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coproc
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu
On Wed, Oct 02, 2013 at 01:11:12PM -0500, Serge Hallyn wrote:
> >From the file comments:
>
> """
> Some features of lxc - networking and LSM configuration for instance -
> are generally configured by the distro packages. This program
> tests the Ubuntu configuration.
>
> These require the ubuntu lxc package to be installed.
>
> General lxc functionality testing does not belong here.
> """
>
> Signed-off-by: Serge Hallyn
So I guess that means we'll need to get our packages to build with
--enable-tests and then find a way to get autopkgtest to use
lxc-test-ubuntu so we don't need to duplicate this in the packaging.
Overall, looks good, just one comment inline further down.
> ---
> configure.ac | 1 +
> src/tests/Makefile.am | 4 +++
> src/tests/lxc-test-ubuntu | 86
> +++
> 3 files changed, 91 insertions(+)
> create mode 100644 src/tests/lxc-test-ubuntu
>
> diff --git a/configure.ac b/configure.ac
> index 92a4690..d7f2f03 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -51,6 +51,7 @@ case $with_distro in
> esac
> AC_MSG_RESULT([$with_distro])
> AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> x"$with_distro" = "xubuntu"])
> +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
>
> # Detect the newuidmap tool (required for userns)
> AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> index 479facc..ef65958 100644
> --- a/src/tests/Makefile.am
> +++ b/src/tests/Makefile.am
> @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests
> lxc-test-startone \
>
> bin_SCRIPTS = lxc-test-usernic
>
> +if DISTRO_UBUNTU
> +bin_SCRIPTS += lxc-test-ubuntu
> +endif
> +
> endif
>
> EXTRA_DIST = \
> diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> new file mode 100644
> index 000..efe9d0f
> --- /dev/null
> +++ b/src/tests/lxc-test-ubuntu
> @@ -0,0 +1,86 @@
> +#!/bin/sh
> +
> +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> +# Some features of lxc - networking and LSM configuration for instance -
> +# are generally configured by the distro packages. This program
> +# tests the Ubuntu configuration.
> +
> +# These require the ubuntu lxc package to be installed.
> +
> +# General lxc functionality testing does not belong here.
> +
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +# Lesser General Public License for more details.
> +
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, write to the Free Software
> +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> +
> +
> +set -e
> +
> +FAIL() {
> + echo -n "Failed " >&2
> + echo "$*" >&2
> + exit 1
> +}
> +
> +# Only run on a normally configured ubuntu lxc system
> +if [ ! -d /sys/class/net/lxcbr0 ]; then
> + echo "lxcbr0 is not configured."
> + exit 0
> +fi
> +if [ "$(id -u)" != "0" ]; then
> + echo "Must run as root."
> + exit 0
> +fi
> +if ! which host 2>&1 > /dev/null; then
> + echo "'host' program not found. Please install bind9-host"
> + exit 0
> +fi
> +
> +haveexpect=1
> +if ! which expect 2>&1 > /dev/null; then
> + echo "Expect is not installed; skipping some tests"
> + haveexpect=0
> +fi
> +
> +lxcbrip=`ifconfig lxcbr0 | awk -F: '/inet addr/ {print $2}' | awk '{print
> $1}'`
> +
> +for template in ubuntu ubuntu-cloud; do
> + # need a different name for each container so dnsmasq doesn't
> + # mess us up with its caching
> + if which uuidgen 2>&1 > /dev/null; then
> + name=$(uuidgen)
> + else
> + name=lxc-test-$template
> + fi
> + lxc-create -t $template -n $name || FAIL "creating $template container"
> + lxc-start -n $name -d || FAIL "starting $template container"
> + lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> to run"
> + for tries in `seq 1 5`; do
> + lxcip=`host $name $lxcbrip | tail -1 | awk '{print $NF}'`
> + echo "$lxcip" | grep NXDOMAIN 2>&1 > /dev/null || break
> + sleep 1
> + done
> + echo "$lxcip" | grep NXDOMAIN 2>&1 > /dev/null && FAIL "Networking
> failed to start"
^ How about using lxc-info -i?
> +
> + ping -c 1 $lxcip || FAIL "$template container network is not up"
> + # Check apparmor
> + lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
> $1}'`
> + aa=`cat /proc
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On Wed, Oct 02, 2013 at 01:11:12PM -0500, Serge Hallyn wrote:
> > >From the file comments:
> >
> > """
> > Some features of lxc - networking and LSM configuration for instance -
> > are generally configured by the distro packages. This program
> > tests the Ubuntu configuration.
> >
> > These require the ubuntu lxc package to be installed.
> >
> > General lxc functionality testing does not belong here.
> > """
> >
> > Signed-off-by: Serge Hallyn
>
> So I guess that means we'll need to get our packages to build with
> --enable-tests and then find a way to get autopkgtest to use
> lxc-test-ubuntu so we don't need to duplicate this in the packaging.
Should we have the tests moved into a separate lxc-tests package?
(And while we're at it put lxc-init into its own package?)
> Overall, looks good, just one comment inline further down.
>
> > ---
> > configure.ac | 1 +
> > src/tests/Makefile.am | 4 +++
> > src/tests/lxc-test-ubuntu | 86
> > +++
> > 3 files changed, 91 insertions(+)
> > create mode 100644 src/tests/lxc-test-ubuntu
> >
> > diff --git a/configure.ac b/configure.ac
> > index 92a4690..d7f2f03 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -51,6 +51,7 @@ case $with_distro in
> > esac
> > AC_MSG_RESULT([$with_distro])
> > AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> > x"$with_distro" = "xubuntu"])
> > +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> >
> > # Detect the newuidmap tool (required for userns)
> > AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> > diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> > index 479facc..ef65958 100644
> > --- a/src/tests/Makefile.am
> > +++ b/src/tests/Makefile.am
> > @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests
> > lxc-test-locktests lxc-test-startone \
> >
> > bin_SCRIPTS = lxc-test-usernic
> >
> > +if DISTRO_UBUNTU
> > +bin_SCRIPTS += lxc-test-ubuntu
> > +endif
> > +
> > endif
> >
> > EXTRA_DIST = \
> > diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> > new file mode 100644
> > index 000..efe9d0f
> > --- /dev/null
> > +++ b/src/tests/lxc-test-ubuntu
> > @@ -0,0 +1,86 @@
> > +#!/bin/sh
> > +
> > +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> > +# Some features of lxc - networking and LSM configuration for instance -
> > +# are generally configured by the distro packages. This program
> > +# tests the Ubuntu configuration.
> > +
> > +# These require the ubuntu lxc package to be installed.
> > +
> > +# General lxc functionality testing does not belong here.
> > +
> > +# This program is free software; you can redistribute it and/or
> > +# modify it under the terms of the GNU Lesser General Public
> > +# License as published by the Free Software Foundation; either
> > +# version 2.1 of the License, or (at your option) any later version.
> > +
> > +# This library is distributed in the hope that it will be useful,
> > +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > +# Lesser General Public License for more details.
> > +
> > +# You should have received a copy of the GNU Lesser General Public
> > +# License along with this library; if not, write to the Free Software
> > +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> > USA
> > +
> > +
> > +set -e
> > +
> > +FAIL() {
> > + echo -n "Failed " >&2
> > + echo "$*" >&2
> > + exit 1
> > +}
> > +
> > +# Only run on a normally configured ubuntu lxc system
> > +if [ ! -d /sys/class/net/lxcbr0 ]; then
> > + echo "lxcbr0 is not configured."
> > + exit 0
> > +fi
> > +if [ "$(id -u)" != "0" ]; then
> > + echo "Must run as root."
> > + exit 0
> > +fi
> > +if ! which host 2>&1 > /dev/null; then
> > + echo "'host' program not found. Please install bind9-host"
> > + exit 0
> > +fi
> > +
> > +haveexpect=1
> > +if ! which expect 2>&1 > /dev/null; then
> > + echo "Expect is not installed; skipping some tests"
> > + haveexpect=0
> > +fi
> > +
> > +lxcbrip=`ifconfig lxcbr0 | awk -F: '/inet addr/ {print $2}' | awk '{print
> > $1}'`
> > +
> > +for template in ubuntu ubuntu-cloud; do
> > + # need a different name for each container so dnsmasq doesn't
> > + # mess us up with its caching
> > + if which uuidgen 2>&1 > /dev/null; then
> > + name=$(uuidgen)
> > + else
> > + name=lxc-test-$template
> > + fi
> > + lxc-create -t $template -n $name || FAIL "creating $template container"
> > + lxc-start -n $name -d || FAIL "starting $template container"
> > + lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> > to run"
> > + for tries in `seq 1 5`; do
> > + lxcip=`host $name $lxcbrip | tail -1 | awk '{print $NF}'`
> > + echo "$lxcip" | grep NXDOMAIN 2
Re: [lxc-devel] [lxc/lxc] 431fdc: Update lxc-fedora.in
On Wed, 2013-10-02 at 12:19 -0400, Stéphane Graber wrote: > Oops, sorry if I caused a few conflicts with your upcoming patchset... > We had the fedora 19 fix as a pull request on github for a while so I > just applied it when going through the outstanding merge proposals this > morning. > Then git complained about a mixed tab/space in that patch, so I looked > at the file and fixed all of those too, which I guess will be the > largest source of conflicts with your work... np... I rebased to the current rep and should have a clean patch ready shortly with "no tabs". :-P Regards, Mike > On Wed, Oct 02, 2013 at 12:12:19PM -0400, Michael H. Warfield wrote: > > Ah Crap... Just when I'm almost done regression testing my updates to > > the lxc-fedora template... > > > > Stéphane, > > > > When did this come in? I thought I had already fixed that version > > gotcha for Fedora 19 (which is now up to -4 in updates) and that it had > > been committed to staging long before Linux Plumbers. That commit looks > > like it would conflict with the changes I made to generalize that > > release logic and bring some sanity to the retry logic. > > > > In fact, I was the one that accidentally introduced the tab / space > > inconsistencies also noted in the log and was cleaning those up in my > > bit patch I'm working on now. > > > > Regards, > > Mike > > > > On Wed, 2013-10-02 at 08:47 -0700, GitHub wrote: > > > Branch: refs/heads/master > > > Home: https://github.com/lxc/lxc > > > Commit: 431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > > > > https://github.com/lxc/lxc/commit/431fdc427247ab1a6189c46d0743e38f30f9e1e9 > > > Author: Renich Bon Ciric > > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > > > Changed paths: > > > M templates/lxc-fedora.in > > > > > > Log Message: > > > --- > > > Update lxc-fedora.in > > > > > > Fedora 19's release has no -1 revision; it's a -2 revision actually: > > > ftp://mirrors.kernel.org/fedora/releases/19/Fedora/x86_64/os/Packages/f/ > > > > > > Signed-off-by: Renich Bon Ciric > > > Acked-by: Stéphane Graber > > > > > > > > > Commit: 8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > > > > https://github.com/lxc/lxc/commit/8983aa6e1e831f690be9cf38ae434a0de8b5107d > > > Author: Stéphane Graber > > > Date: 2013-10-02 (Wed, 02 Oct 2013) > > > > > > Changed paths: > > > M templates/lxc-fedora.in > > > > > > Log Message: > > > --- > > > fedora: Use consistent tab/space indent > > > > > > Signed-off-by: Stéphane Graber > > > > > > > > > Compare: https://github.com/lxc/lxc/compare/99282c429a23...8983aa6e1e83 > > > > > > -- > > > October Webinars: Code for Performance > > > Free Intel webinars can help you accelerate application performance. > > > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most > > > from > > > the latest Intel processors and coprocessors. See abstracts and register > > > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > > > ___ > > > Lxc-devel mailing list > > > Lxc-devel@lists.sourceforge.net > > > https://lists.sourceforge.net/lists/listinfo/lxc-devel > > > > -- > > Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com > >/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ > >NIC whois: MHW9 | An optimist believes we live in the best of > > all > > PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! > > > > -- > October Webinars: Code for Performance > Free Intel webinars can help you accelerate application performance. > Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from > the latest Intel processors and coprocessors. See abstracts and register > > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk > ___ > Lxc-devel mailing list > Lxc-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/lxc-devel -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=6
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu
On Wed, Oct 02, 2013 at 02:21:47PM -0500, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > On Wed, Oct 02, 2013 at 01:11:12PM -0500, Serge Hallyn wrote:
> > > >From the file comments:
> > >
> > > """
> > > Some features of lxc - networking and LSM configuration for instance -
> > > are generally configured by the distro packages. This program
> > > tests the Ubuntu configuration.
> > >
> > > These require the ubuntu lxc package to be installed.
> > >
> > > General lxc functionality testing does not belong here.
> > > """
> > >
> > > Signed-off-by: Serge Hallyn
> >
> > So I guess that means we'll need to get our packages to build with
> > --enable-tests and then find a way to get autopkgtest to use
> > lxc-test-ubuntu so we don't need to duplicate this in the packaging.
>
> Should we have the tests moved into a separate lxc-tests package?
>
> (And while we're at it put lxc-init into its own package?)
Yeah, I think it'd be reasonable to add the following packages for 14.04:
- lxc-init
- lxc-tests
- liblua5.X-lxc
As far as I know all the required dependencies to do that are in main,
so I'll try to remember to do that for the daily builds and then get
that included in the distro when 14.04 opens.
>
> > Overall, looks good, just one comment inline further down.
> >
> > > ---
> > > configure.ac | 1 +
> > > src/tests/Makefile.am | 4 +++
> > > src/tests/lxc-test-ubuntu | 86
> > > +++
> > > 3 files changed, 91 insertions(+)
> > > create mode 100644 src/tests/lxc-test-ubuntu
> > >
> > > diff --git a/configure.ac b/configure.ac
> > > index 92a4690..d7f2f03 100644
> > > --- a/configure.ac
> > > +++ b/configure.ac
> > > @@ -51,6 +51,7 @@ case $with_distro in
> > > esac
> > > AC_MSG_RESULT([$with_distro])
> > > AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> > > x"$with_distro" = "xubuntu"])
> > > +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> > >
> > > # Detect the newuidmap tool (required for userns)
> > > AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> > > diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> > > index 479facc..ef65958 100644
> > > --- a/src/tests/Makefile.am
> > > +++ b/src/tests/Makefile.am
> > > @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests
> > > lxc-test-locktests lxc-test-startone \
> > >
> > > bin_SCRIPTS = lxc-test-usernic
> > >
> > > +if DISTRO_UBUNTU
> > > +bin_SCRIPTS += lxc-test-ubuntu
> > > +endif
> > > +
> > > endif
> > >
> > > EXTRA_DIST = \
> > > diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> > > new file mode 100644
> > > index 000..efe9d0f
> > > --- /dev/null
> > > +++ b/src/tests/lxc-test-ubuntu
> > > @@ -0,0 +1,86 @@
> > > +#!/bin/sh
> > > +
> > > +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> > > +# Some features of lxc - networking and LSM configuration for instance -
> > > +# are generally configured by the distro packages. This program
> > > +# tests the Ubuntu configuration.
> > > +
> > > +# These require the ubuntu lxc package to be installed.
> > > +
> > > +# General lxc functionality testing does not belong here.
> > > +
> > > +# This program is free software; you can redistribute it and/or
> > > +# modify it under the terms of the GNU Lesser General Public
> > > +# License as published by the Free Software Foundation; either
> > > +# version 2.1 of the License, or (at your option) any later version.
> > > +
> > > +# This library is distributed in the hope that it will be useful,
> > > +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > +# Lesser General Public License for more details.
> > > +
> > > +# You should have received a copy of the GNU Lesser General Public
> > > +# License along with this library; if not, write to the Free Software
> > > +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> > > 02110-1301 USA
> > > +
> > > +
> > > +set -e
> > > +
> > > +FAIL() {
> > > + echo -n "Failed " >&2
> > > + echo "$*" >&2
> > > + exit 1
> > > +}
> > > +
> > > +# Only run on a normally configured ubuntu lxc system
> > > +if [ ! -d /sys/class/net/lxcbr0 ]; then
> > > + echo "lxcbr0 is not configured."
> > > + exit 0
> > > +fi
> > > +if [ "$(id -u)" != "0" ]; then
> > > + echo "Must run as root."
> > > + exit 0
> > > +fi
> > > +if ! which host 2>&1 > /dev/null; then
> > > + echo "'host' program not found. Please install bind9-host"
> > > + exit 0
> > > +fi
> > > +
> > > +haveexpect=1
> > > +if ! which expect 2>&1 > /dev/null; then
> > > + echo "Expect is not installed; skipping some tests"
> > > + haveexpect=0
> > > +fi
> > > +
> > > +lxcbrip=`ifconfig lxcbr0 | awk -F: '/inet addr/ {print $2}' | awk
> > > '{print $1}'`
> > > +
> > > +for template in ubuntu ubuntu-cloud; do
> > > + # need a different name for each contai
[lxc-devel] [PATCH 1/1] templates/lxc-fedora Rework for distro independence.
This patch reworks the Fedora template to operate in the most "distro
agnostic" manner possible. It should even run on distros where rpm and
yum are not present and not available or may be incompatible. It
depends on the most basic set of system facilities like rsync but does
require squashfs support also be available to mount a LiveOS runtime.
Based on comments at Linux Plumbers, what I had been referring to as a
"run time environment" or RTE has been renamed in the code to refer to
it as a "bootstrap". It has been tested on Fedora (of course),
OpenSuse, Ubuntu, and Oracle (latest host versions of each) building
Fedora containers of F19 back through F9. Varying levels of database
problems were encountered from F11 and back and are "will not fix" due
to versions being long EOL. F15 and F16 build but do not run "out of
the box" due to systemd version issues and those are also "will not fix"
for the same reasons.
Signed-off-by: Michael H. Warfield
--
diff --git a/templates/lxc-fedora.in b/templates/lxc-fedora.in
index 1386f23..d406012 100644
--- a/templates/lxc-fedora.in
+++ b/templates/lxc-fedora.in
@@ -10,6 +10,7 @@
# Authors:
# Daniel Lezcano
# Ramez Hanna
+# Michael H. Warfield
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -29,6 +30,7 @@
arch=$(uname -m)
cache_base=@LOCALSTATEDIR@/cache/lxc/fedora/$arch
default_path=@LXCPATH@
+# We really need something better here!
root_password=root
# is this fedora?
@@ -148,8 +150,19 @@ EOF
echo "root:$root_password" | chroot $rootfs_path chpasswd
# specifying this in the initial packages doesn't always work.
+# Even though it should have...
echo "installing fedora-release package"
-chroot ${rootfs_path} yum --releasever=${release} -y install fedora-release
+mount -o bind /dev ${rootfs_path}/dev
+mount -t proc proc ${rootfs_path}/proc
+# Always make sure /etc/resolv.conf is up to date in the target!
+cp /etc/resolv.conf ${rootfs_path}/etc/
+# Rebuild the rpm database based on the target rpm version...
+rm -f ${rootfs_path}/var/lib/rpm/__db*
+chroot ${rootfs_path} rpm --rebuilddb
+chroot ${rootfs_path} yum -y install fedora-release
+# This just makes sure the rpm db is synced to that version...
+umount ${rootfs_path}/proc
+umount ${rootfs_path}/dev
# silence some needless startup errors
touch ${rootfs_path}/etc/fstab
@@ -198,6 +211,396 @@ configure_fedora_systemd()
for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service;
done )
}
+### BEGIN Bootstrap Environment Code... Michael H. Warfield /\/\|=mhw=|\/\/
+
+# Ok... Heads up. If you're reading these comments, you're either a
+# template owner or someone wondering how the hell I did this (or, worse,
+# someone in the future trying to maintain it). This code is slightly
+# "evil coding bastard" code with one significant hack / dirty trick
+# that you would probably miss just reading the code below. I'll mark
+# it out with comments.
+#
+# Because of what this code does, it deserves a lot of comments so people
+# can understand WHY I did it this way...
+#
+# Ultimate Objective - Build a Fedora container on a host system which does
+# not have a (complete compatible) version of rpm and/or yum. That basically
+# means damn near any distro other than Fedora and Ubuntu (which has rpm and
+# yum available). Only requirements for this function are rsync and
+# squashfs available to the kernel. If you don't have those, why are you
+# even attempting to build containers?
+#
+# Challenge for this function - Bootstrap a Fedora install bootstrap
+# run time environment which has all the pieces to run rpm and yum and
+# from which we can build targets containers even where the host system
+# has no support for rpm, yum, or fedora.
+#
+# Steps:
+# Stage 0 - Download a Fedora LiveOS squashfs core (netinst core).
+# Stage 1 - Extract filesystem from Stage 0 and update to full rpm & yum
+# Stage 2 - Use Stage 1 to build a rootfs with python, rpm, and yum.
+#
+# Stage 2 becomes our bootstrap file system which can be cached
+# and then used to build other arbitrary vesions of Fedora of a
+# given architecture. Not that this only has to run once for
+# Fedora on a given architecture since rpm and yum can build other
+# versions. We'll arbitrarily pick Fedora 19 to build this. This
+# will need to change as time goes on.
+
+# Programmers Note... A future fall back may be to download the netinst
+# iso image instead of the LiveOS squasfs image and work from that.
+# That may be more general but will introduce another substep
+# (mounting the iso) to the stage0 setup.
+
+# This system is designed to be as autonomous as possible so all whitelists
+# and controlls are self-contained.
+
+# Initial testing - Whitelist nobody. Build for everybody...
+
[lxc-devel] [lxc/lxc] 51e7a8: Check return value of ifa_get_local_ip
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 51e7a87468e56f545cc5efe5d3f93d8890b0b26b https://github.com/lxc/lxc/commit/51e7a87468e56f545cc5efe5d3f93d8890b0b26b Author: Stéphane Graber Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M src/lxc/network.c Log Message: --- Check return value of ifa_get_local_ip Signed-off-by: Stéphane Graber Acked-by: Serge Hallyn -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 8111ad: lxc-checkconfig: suggest modprobe configs
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 8111adfde01598ebb515e4bd271bd0a11775 https://github.com/lxc/lxc/commit/8111adfde01598ebb515e4bd271bd0a11775 Author: Stéphane Graber Date: 2013-10-02 (Wed, 02 Oct 2013) Changed paths: M src/lxc/lxc-checkconfig.in Log Message: --- lxc-checkconfig: suggest modprobe configs give hint to user to modprobe configs (altho could just modprobe it?) Signed-off-by: Elan Ruusamäe Acked-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] Migration of bug tracker from sourceforge to github
Hey everyone, Just wanted to let you know that I just finished going through the 80 or so bug reports we had on sourceforge, closing any that weren't affecting master anymore, moving a few to github and fixing another bunch. So as of now, the only two remaining sourceforge based services are: - website - mailing lists My next step will be the website which I'll spend some time to migrate over to http://linuxcontainers.org The idea is to have a simple website, with a few examples and pointers to documentation for most distributions. I know we tend to be bad at updating websites, so my goal is to make it so we don't have to :) That new website is backed by git (git://github.com/lxc/lxc.github.io) so if you want to help, add content to the site, send patches my way. -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu (v2)
>From the file comments:
"""
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
These require the ubuntu lxc package to be installed.
General lxc functionality testing does not belong here.
"""
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
Signed-off-by: Serge Hallyn
---
configure.ac | 1 +
src/tests/Makefile.am | 4 +++
src/tests/lxc-test-ubuntu | 79 +++
3 files changed, 84 insertions(+)
create mode 100644 src/tests/lxc-test-ubuntu
diff --git a/configure.ac b/configure.ac
index 92a4690..d7f2f03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -51,6 +51,7 @@ case $with_distro in
esac
AC_MSG_RESULT([$with_distro])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
x"$with_distro" = "xubuntu"])
+AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
# Detect the newuidmap tool (required for userns)
AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index 479facc..ef65958 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests
lxc-test-startone \
bin_SCRIPTS = lxc-test-usernic
+if DISTRO_UBUNTU
+bin_SCRIPTS += lxc-test-ubuntu
+endif
+
endif
EXTRA_DIST = \
diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
new file mode 100644
index 000..53d8c45
--- /dev/null
+++ b/src/tests/lxc-test-ubuntu
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
+# Some features of lxc - networking and LSM configuration for instance -
+# are generally configured by the distro packages. This program
+# tests the Ubuntu configuration.
+
+# These require the ubuntu lxc package to be installed.
+
+# General lxc functionality testing does not belong here.
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+set -e
+
+FAIL() {
+ echo -n "Failed " >&2
+ echo "$*" >&2
+ exit 1
+}
+
+# Only run on a normally configured ubuntu lxc system
+if [ ! -d /sys/class/net/lxcbr0 ]; then
+ echo "lxcbr0 is not configured."
+ exit 0
+fi
+if [ "$(id -u)" != "0" ]; then
+ echo "Must run as root."
+ exit 0
+fi
+if ! which host 2>&1 > /dev/null; then
+ echo "'host' program not found. Please install bind9-host"
+ exit 0
+fi
+
+for template in ubuntu ubuntu-cloud; do
+ # need a different name for each container so dnsmasq doesn't
+ # mess us up with its caching
+ if which uuidgen 2>&1 > /dev/null; then
+ name=$(uuidgen)
+ else
+ name=lxc-test-$template
+ fi
+ lxc-create -t $template -n $name || FAIL "creating $template container"
+ lxc-start -n $name -d || FAIL "starting $template container"
+ lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
to run"
+ for tries in `seq 1 20`; do
+ lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
'{ print $1}'`
+ echo "lxcip is .$lxcip. for $name"
+ [ -z "$lxcip" ] || break
+ sleep 1
+ done
+ [ -n "$lxcip" ] || FAIL "to start networking in $template container"
+
+ ping -c 1 $lxcip || FAIL "to ping $template container"
+ # Check apparmor
+ lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
$1}'`
+ aa=`cat /proc/$lxcpid/attr/current`
+ if [ "$aa" != "lxc-container-default-with-nesting (enforce)" ]; then
+ FAIL " to correctly set apparmor profile (profile is \"$aa\")"
+ fi
+ lxc-stop -n $name
+ lxc-destroy -n $name
+done
+
+exit 0
--
1.8.3.2
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/ga
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu (v2)
On Wed, Oct 02, 2013 at 04:48:12PM -0500, Serge Hallyn wrote:
> From the file comments:
>
> """
> Some features of lxc - networking and LSM configuration for instance -
> are generally configured by the distro packages. This program
> tests the Ubuntu configuration.
>
> These require the ubuntu lxc package to be installed.
>
> General lxc functionality testing does not belong here.
> """
>
> changelog v2:
> Switch to lxc-info -i to detect ip address as stgraber suggested
> Don't look for 'expect' as I'm not using it yet.
>
> Signed-off-by: Serge Hallyn
> ---
> configure.ac | 1 +
> src/tests/Makefile.am | 4 +++
> src/tests/lxc-test-ubuntu | 79
> +++
> 3 files changed, 84 insertions(+)
> create mode 100644 src/tests/lxc-test-ubuntu
>
> diff --git a/configure.ac b/configure.ac
> index 92a4690..d7f2f03 100644
> --- a/configure.ac
> +++ b/configure.ac
> @@ -51,6 +51,7 @@ case $with_distro in
> esac
> AC_MSG_RESULT([$with_distro])
> AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> x"$with_distro" = "xubuntu"])
> +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
>
> # Detect the newuidmap tool (required for userns)
> AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> index 479facc..ef65958 100644
> --- a/src/tests/Makefile.am
> +++ b/src/tests/Makefile.am
> @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests
> lxc-test-startone \
>
> bin_SCRIPTS = lxc-test-usernic
>
> +if DISTRO_UBUNTU
> +bin_SCRIPTS += lxc-test-ubuntu
> +endif
> +
> endif
>
> EXTRA_DIST = \
> diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> new file mode 100644
> index 000..53d8c45
> --- /dev/null
> +++ b/src/tests/lxc-test-ubuntu
> @@ -0,0 +1,79 @@
> +#!/bin/sh
> +
> +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> +# Some features of lxc - networking and LSM configuration for instance -
> +# are generally configured by the distro packages. This program
> +# tests the Ubuntu configuration.
> +
> +# These require the ubuntu lxc package to be installed.
> +
> +# General lxc functionality testing does not belong here.
> +
> +# This program is free software; you can redistribute it and/or
> +# modify it under the terms of the GNU Lesser General Public
> +# License as published by the Free Software Foundation; either
> +# version 2.1 of the License, or (at your option) any later version.
> +
> +# This library is distributed in the hope that it will be useful,
> +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> +# Lesser General Public License for more details.
> +
> +# You should have received a copy of the GNU Lesser General Public
> +# License along with this library; if not, write to the Free Software
> +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> USA
> +
> +
> +set -e
> +
> +FAIL() {
> + echo -n "Failed " >&2
> + echo "$*" >&2
> + exit 1
> +}
> +
> +# Only run on a normally configured ubuntu lxc system
> +if [ ! -d /sys/class/net/lxcbr0 ]; then
> + echo "lxcbr0 is not configured."
> + exit 0
> +fi
> +if [ "$(id -u)" != "0" ]; then
> + echo "Must run as root."
> + exit 0
> +fi
> +if ! which host 2>&1 > /dev/null; then
> + echo "'host' program not found. Please install bind9-host"
> + exit 0
> +fi
> +
> +for template in ubuntu ubuntu-cloud; do
> + # need a different name for each container so dnsmasq doesn't
> + # mess us up with its caching
> + if which uuidgen 2>&1 > /dev/null; then
> + name=$(uuidgen)
> + else
> + name=lxc-test-$template
> + fi
> + lxc-create -t $template -n $name || FAIL "creating $template container"
> + lxc-start -n $name -d || FAIL "starting $template container"
> + lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> to run"
> + for tries in `seq 1 20`; do
> + lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
> '{ print $1}'`
That seems to assume we get IPs space separated which we don't:
stgraber@castiana:~/data/code/lxc/lxc$ sudo lxc-info -i -n lxc-dev
ip: 10.0.3.165
ip: 2607:f2c0:f00f:2751:4b4:48b:71db:8726
ip: 2607:f2c0:f00f:2751:65ac:724b:a449:decc
ip: 2607:f2c0:f00f:2751:216:3eff:fe3a:f1c1
So I think you want: "lxc-info -i -n $name | awk -F: '{print $2}' | head -1"
> + echo "lxcip is .$lxcip. for $name"
> + [ -z "$lxcip" ] || break
> + sleep 1
> + done
> + [ -n "$lxcip" ] || FAIL "to start networking in $template container"
> +
> + ping -c 1 $lxcip || FAIL "to ping $template container"
> + # Check apparmor
> + lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
> $1}'`
> + aa=`cat /proc/$lx
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu (v2)
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On Wed, Oct 02, 2013 at 04:48:12PM -0500, Serge Hallyn wrote:
> > From the file comments:
> >
> > """
> > Some features of lxc - networking and LSM configuration for instance -
> > are generally configured by the distro packages. This program
> > tests the Ubuntu configuration.
> >
> > These require the ubuntu lxc package to be installed.
> >
> > General lxc functionality testing does not belong here.
> > """
> >
> > changelog v2:
> > Switch to lxc-info -i to detect ip address as stgraber suggested
> > Don't look for 'expect' as I'm not using it yet.
> >
> > Signed-off-by: Serge Hallyn
> > ---
> > configure.ac | 1 +
> > src/tests/Makefile.am | 4 +++
> > src/tests/lxc-test-ubuntu | 79
> > +++
> > 3 files changed, 84 insertions(+)
> > create mode 100644 src/tests/lxc-test-ubuntu
> >
> > diff --git a/configure.ac b/configure.ac
> > index 92a4690..d7f2f03 100644
> > --- a/configure.ac
> > +++ b/configure.ac
> > @@ -51,6 +51,7 @@ case $with_distro in
> > esac
> > AC_MSG_RESULT([$with_distro])
> > AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> > x"$with_distro" = "xubuntu"])
> > +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> >
> > # Detect the newuidmap tool (required for userns)
> > AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> > diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> > index 479facc..ef65958 100644
> > --- a/src/tests/Makefile.am
> > +++ b/src/tests/Makefile.am
> > @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests
> > lxc-test-locktests lxc-test-startone \
> >
> > bin_SCRIPTS = lxc-test-usernic
> >
> > +if DISTRO_UBUNTU
> > +bin_SCRIPTS += lxc-test-ubuntu
> > +endif
> > +
> > endif
> >
> > EXTRA_DIST = \
> > diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> > new file mode 100644
> > index 000..53d8c45
> > --- /dev/null
> > +++ b/src/tests/lxc-test-ubuntu
> > @@ -0,0 +1,79 @@
> > +#!/bin/sh
> > +
> > +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> > +# Some features of lxc - networking and LSM configuration for instance -
> > +# are generally configured by the distro packages. This program
> > +# tests the Ubuntu configuration.
> > +
> > +# These require the ubuntu lxc package to be installed.
> > +
> > +# General lxc functionality testing does not belong here.
> > +
> > +# This program is free software; you can redistribute it and/or
> > +# modify it under the terms of the GNU Lesser General Public
> > +# License as published by the Free Software Foundation; either
> > +# version 2.1 of the License, or (at your option) any later version.
> > +
> > +# This library is distributed in the hope that it will be useful,
> > +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > +# Lesser General Public License for more details.
> > +
> > +# You should have received a copy of the GNU Lesser General Public
> > +# License along with this library; if not, write to the Free Software
> > +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301
> > USA
> > +
> > +
> > +set -e
> > +
> > +FAIL() {
> > + echo -n "Failed " >&2
> > + echo "$*" >&2
> > + exit 1
> > +}
> > +
> > +# Only run on a normally configured ubuntu lxc system
> > +if [ ! -d /sys/class/net/lxcbr0 ]; then
> > + echo "lxcbr0 is not configured."
> > + exit 0
> > +fi
> > +if [ "$(id -u)" != "0" ]; then
> > + echo "Must run as root."
> > + exit 0
> > +fi
> > +if ! which host 2>&1 > /dev/null; then
> > + echo "'host' program not found. Please install bind9-host"
> > + exit 0
> > +fi
> > +
> > +for template in ubuntu ubuntu-cloud; do
> > + # need a different name for each container so dnsmasq doesn't
> > + # mess us up with its caching
> > + if which uuidgen 2>&1 > /dev/null; then
> > + name=$(uuidgen)
> > + else
> > + name=lxc-test-$template
> > + fi
> > + lxc-create -t $template -n $name || FAIL "creating $template container"
> > + lxc-start -n $name -d || FAIL "starting $template container"
> > + lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> > to run"
> > + for tries in `seq 1 20`; do
> > + lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
> > '{ print $1}'`
>
> That seems to assume we get IPs space separated which we don't:
>
> stgraber@castiana:~/data/code/lxc/lxc$ sudo lxc-info -i -n lxc-dev
> ip: 10.0.3.165
> ip: 2607:f2c0:f00f:2751:4b4:48b:71db:8726
> ip: 2607:f2c0:f00f:2751:65ac:724b:a449:decc
> ip: 2607:f2c0:f00f:2751:216:3eff:fe3a:f1c1
>
> So I think you want: "lxc-info -i -n $name | awk -F: '{print $2}' | head -1"
The second awk doesn't only remove spaces, but tabs as well. Now really
it isn't crucial for how I use them I guess, but there are cas
Re: [lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu (v2)
On Wed, Oct 02, 2013 at 05:09:17PM -0500, Serge Hallyn wrote:
> Quoting Stéphane Graber (stgra...@ubuntu.com):
> > On Wed, Oct 02, 2013 at 04:48:12PM -0500, Serge Hallyn wrote:
> > > From the file comments:
> > >
> > > """
> > > Some features of lxc - networking and LSM configuration for instance -
> > > are generally configured by the distro packages. This program
> > > tests the Ubuntu configuration.
> > >
> > > These require the ubuntu lxc package to be installed.
> > >
> > > General lxc functionality testing does not belong here.
> > > """
> > >
> > > changelog v2:
> > > Switch to lxc-info -i to detect ip address as stgraber suggested
> > > Don't look for 'expect' as I'm not using it yet.
> > >
> > > Signed-off-by: Serge Hallyn
> > > ---
> > > configure.ac | 1 +
> > > src/tests/Makefile.am | 4 +++
> > > src/tests/lxc-test-ubuntu | 79
> > > +++
> > > 3 files changed, 84 insertions(+)
> > > create mode 100644 src/tests/lxc-test-ubuntu
> > >
> > > diff --git a/configure.ac b/configure.ac
> > > index 92a4690..d7f2f03 100644
> > > --- a/configure.ac
> > > +++ b/configure.ac
> > > @@ -51,6 +51,7 @@ case $with_distro in
> > > esac
> > > AC_MSG_RESULT([$with_distro])
> > > AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
> > > x"$with_distro" = "xubuntu"])
> > > +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
> > >
> > > # Detect the newuidmap tool (required for userns)
> > > AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
> > > diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> > > index 479facc..ef65958 100644
> > > --- a/src/tests/Makefile.am
> > > +++ b/src/tests/Makefile.am
> > > @@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests
> > > lxc-test-locktests lxc-test-startone \
> > >
> > > bin_SCRIPTS = lxc-test-usernic
> > >
> > > +if DISTRO_UBUNTU
> > > +bin_SCRIPTS += lxc-test-ubuntu
> > > +endif
> > > +
> > > endif
> > >
> > > EXTRA_DIST = \
> > > diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
> > > new file mode 100644
> > > index 000..53d8c45
> > > --- /dev/null
> > > +++ b/src/tests/lxc-test-ubuntu
> > > @@ -0,0 +1,79 @@
> > > +#!/bin/sh
> > > +
> > > +# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
> > > +# Some features of lxc - networking and LSM configuration for instance -
> > > +# are generally configured by the distro packages. This program
> > > +# tests the Ubuntu configuration.
> > > +
> > > +# These require the ubuntu lxc package to be installed.
> > > +
> > > +# General lxc functionality testing does not belong here.
> > > +
> > > +# This program is free software; you can redistribute it and/or
> > > +# modify it under the terms of the GNU Lesser General Public
> > > +# License as published by the Free Software Foundation; either
> > > +# version 2.1 of the License, or (at your option) any later version.
> > > +
> > > +# This library is distributed in the hope that it will be useful,
> > > +# but WITHOUT ANY WARRANTY; without even the implied warranty of
> > > +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
> > > +# Lesser General Public License for more details.
> > > +
> > > +# You should have received a copy of the GNU Lesser General Public
> > > +# License along with this library; if not, write to the Free Software
> > > +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
> > > 02110-1301 USA
> > > +
> > > +
> > > +set -e
> > > +
> > > +FAIL() {
> > > + echo -n "Failed " >&2
> > > + echo "$*" >&2
> > > + exit 1
> > > +}
> > > +
> > > +# Only run on a normally configured ubuntu lxc system
> > > +if [ ! -d /sys/class/net/lxcbr0 ]; then
> > > + echo "lxcbr0 is not configured."
> > > + exit 0
> > > +fi
> > > +if [ "$(id -u)" != "0" ]; then
> > > + echo "Must run as root."
> > > + exit 0
> > > +fi
> > > +if ! which host 2>&1 > /dev/null; then
> > > + echo "'host' program not found. Please install bind9-host"
> > > + exit 0
> > > +fi
> > > +
> > > +for template in ubuntu ubuntu-cloud; do
> > > + # need a different name for each container so dnsmasq doesn't
> > > + # mess us up with its caching
> > > + if which uuidgen 2>&1 > /dev/null; then
> > > + name=$(uuidgen)
> > > + else
> > > + name=lxc-test-$template
> > > + fi
> > > + lxc-create -t $template -n $name || FAIL "creating $template container"
> > > + lxc-start -n $name -d || FAIL "starting $template container"
> > > + lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
> > > to run"
> > > + for tries in `seq 1 20`; do
> > > + lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
> > > '{ print $1}'`
> >
> > That seems to assume we get IPs space separated which we don't:
> >
> > stgraber@castiana:~/data/code/lxc/lxc$ sudo lxc-info -i -n lxc-dev
> > ip: 10.0.3.165
> > ip: 2607:f2c0:f00f:2751:4b4:48b:71db:8726
> > ip: 2607:f2c0:f00f:2751:6
[lxc-devel] [PATCH] Improve behaviour for unprivileged users
This mostly changes two things:
- Only log to the container's logfile on start/stop/restart/execute
- Call may_control() every time we use the API and return
"Insufficient privileges" on failure.
NOTE: I didn't test every single one of those but I'm fairly confident
in my copy/paste abilities and I confirmed they all build fine at least.
Signed-off-by: Stéphane Graber
---
src/lxc/lxc_attach.c | 3 +++
src/lxc/lxc_cgroup.c | 9 +
src/lxc/lxc_checkpoint.c | 3 +++
src/lxc/lxc_clone.c | 6 ++
src/lxc/lxc_console.c| 8
src/lxc/lxc_create.c | 3 +++
src/lxc/lxc_destroy.c| 8
src/lxc/lxc_freeze.c | 8
src/lxc/lxc_info.c | 8
src/lxc/lxc_kill.c | 3 +++
src/lxc/lxc_monitor.c| 3 +++
src/lxc/lxc_snapshot.c | 8
src/lxc/lxc_stop.c | 5 +
src/lxc/lxc_unfreeze.c | 8
src/lxc/lxc_wait.c | 8
15 files changed, 91 insertions(+)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 4ca00a9..bd4e674 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -188,6 +188,9 @@ int main(int argc, char *argv[])
if (ret)
return ret;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index 2c0508c..b9727a0 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -70,6 +70,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]))
return -1;
@@ -79,6 +82,12 @@ int main(int argc, char *argv[])
c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
if (!c)
return -1;
+
+ if (!c->may_control(c)) {
+ ERROR("Insufficent privileges to control %s:%s",
my_args.lxcpath[0], my_args.name);
+ return -1;
+ }
+
if (!c->is_running(c)) {
ERROR("'%s:%s' is not running", my_args.lxcpath[0],
my_args.name);
lxc_container_put(c);
diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
index ecf19b1..f6a0313 100644
--- a/src/lxc/lxc_checkpoint.c
+++ b/src/lxc/lxc_checkpoint.c
@@ -115,6 +115,9 @@ int main(int argc, char *argv[])
if (ret)
return ret;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
index e0be9da..e01c98b 100644
--- a/src/lxc/lxc_clone.c
+++ b/src/lxc/lxc_clone.c
@@ -160,6 +160,12 @@ int main(int argc, char *argv[])
c1 = lxc_container_new(orig, lxcpath);
if (!c1)
exit(1);
+
+ if (!c1->may_control(c1)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n", orig);
+ return -1;
+ }
+
if (!c1->is_defined(c1)) {
fprintf(stderr, "Error: container %s is not defined\n", orig);
lxc_container_put(c1);
diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
index ea1e999..f5d16fa 100644
--- a/src/lxc/lxc_console.c
+++ b/src/lxc/lxc_console.c
@@ -97,6 +97,9 @@ int main(int argc, char *argv[])
if (ret)
return EXIT_FAILURE;
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_args.quiet, my_args.lxcpath[0]);
if (ret)
@@ -108,6 +111,11 @@ int main(int argc, char *argv[])
exit(EXIT_FAILURE);
}
+ if (!c->may_control(c)) {
+ fprintf(stderr, "Insufficent privileges to control %s\n",
my_args.name);
+ return -1;
+ }
+
if (!c->is_running(c)) {
fprintf(stderr, "%s is not running\n", my_args.name);
exit(EXIT_FAILURE);
diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
index f577e30..98cca32 100644
--- a/src/lxc/lxc_create.c
+++ b/src/lxc/lxc_create.c
@@ -174,6 +174,9 @@ int main(int argc, char *argv[])
if (lxc_arguments_parse(&my_args, argc, argv))
exit(1);
+ if (!my_args.log_file)
+ my_args.log_file = "none";
+
if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
my_args.progname, my_ar
Re: [lxc-devel] Device Namespaces
I think libudev is a solution to a completely different problem. It is
possible I am blind but I just don't see how libudev even attempts to
solve the problem.
The desire is to plop a distro install into a subdirectory. Fire up a
container around it, and let the distro's userspace do it's thing to
manage hotplug events.
devtmpfs can be faked fairly easily.
I don't know about sysfs.
Sending events that say you have hotplugged is the largest practical
problem.
On the minimal side I think the patch below is enough to let us fake up
uevents for the container and make things work. I have heard the words
faking uevents and is a bad thing. But I have not heard a reason or seen
any attempt at explanation. My guess is that we are simply talking
about different problems.
I would like to see someone wire up all of the userspace bits and see
how well hotplug can be made to work before I walk down the path
represented by this patch but it seems reasonable. But I do have
anecdotal reports from someone who walked a similar path that this is
enough to bring up a full desktop system in a container.
Eric
diff --git a/include/linux/netlink.h b/include/linux/netlink.h
index 7a6c396a263b..46d05783da82 100644
--- a/include/linux/netlink.h
+++ b/include/linux/netlink.h
@@ -38,6 +38,7 @@ extern void netlink_table_ungrab(void);
#define NL_CFG_F_NONROOT_RECV (1 << 0)
#define NL_CFG_F_NONROOT_SEND (1 << 1)
+#define NL_CFG_F_IMPERSONATE_KERN (1 << 2)
/* optional Netlink kernel configuration parameters */
struct netlink_kernel_cfg {
diff --git a/lib/kobject_uevent.c b/lib/kobject_uevent.c
index 52e5abbc41db..f75e34397df8 100644
--- a/lib/kobject_uevent.c
+++ b/lib/kobject_uevent.c
@@ -375,9 +375,12 @@ static int uevent_net_init(struct net *net)
struct uevent_sock *ue_sk;
struct netlink_kernel_cfg cfg = {
.groups = 1,
- .flags = NL_CFG_F_NONROOT_RECV,
+ .flags = NL_CFG_F_NONROOT_RECV | NL_CFG_F_IMPERSONATE_KERN,
};
+ if (net->user_ns != &init_user_ns)
+ return 0;
+
ue_sk = kzalloc(sizeof(*ue_sk), GFP_KERNEL);
if (!ue_sk)
return -ENOMEM;
@@ -399,6 +402,9 @@ static void uevent_net_exit(struct net *net)
{
struct uevent_sock *ue_sk;
+ if (net->user_ns != &init_user_ns)
+ return;
+
mutex_lock(&uevent_sock_mutex);
list_for_each_entry(ue_sk, &uevent_sock_list, list) {
if (sock_net(ue_sk->sk) == net)
diff --git a/net/netlink/af_netlink.c b/net/netlink/af_netlink.c
index 0c61b59175dc..71863cc465eb 100644
--- a/net/netlink/af_netlink.c
+++ b/net/netlink/af_netlink.c
@@ -1252,7 +1252,7 @@ static int netlink_release(struct socket *sock)
skb_queue_purge(&sk->sk_write_queue);
- if (nlk->portid) {
+ if (sk_hashed(sk)) {
struct netlink_notify n = {
.net = sock_net(sk),
.protocol = sk->sk_protocol,
@@ -1409,11 +1409,21 @@ static int netlink_bind(struct socket *sock, struct
sockaddr *addr,
return err;
}
- if (nlk->portid) {
+ if (sk_hashed(sk)) {
if (nladdr->nl_pid != nlk->portid)
return -EINVAL;
} else {
- err = nladdr->nl_pid ?
+ bool autobind = nladdr->nl_pid == 0;
+ if (nladdr->nl_pid == 0 && (nladdr->nl_pad == 0x)) {
+ if (!(nl_table[sk->sk_protocol].flags &
NL_CFG_F_IMPERSONATE_KERN))
+ return -EPERM;
+ if (net->user_ns == &init_user_ns)
+ return -EPERM;
+ if (!ns_capable(net->user_ns, CAP_NET_ADMIN))
+ return -EPERM;
+ autobind = false;
+ }
+ err = !autobind ?
netlink_insert(sk, net, nladdr->nl_pid) :
netlink_autobind(sock);
if (err)
@@ -1467,7 +1477,7 @@ static int netlink_connect(struct socket *sock, struct
sockaddr *addr,
if (nladdr->nl_groups && !netlink_capable(sock, NL_CFG_F_NONROOT_SEND))
return -EPERM;
- if (!nlk->portid)
+ if (!sk_hashed(sk))
err = netlink_autobind(sock);
if (err == 0) {
@@ -2228,7 +2238,7 @@ static int netlink_sendmsg(struct kiocb *kiocb, struct
socket *sock,
dst_group = nlk->dst_group;
}
- if (!nlk->portid) {
+ if (!sk_hashed(sk)) {
err = netlink_autobind(sock);
if (err)
goto out;
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, an
Re: [lxc-devel] Device Namespaces
Serge Hallyn writes: >> Glossing over the details. The general problem is some policy exists >> outside of the container that deciedes if an when a container gets a >> serial port and stuffs it in. >> >> The expectation is that system containers will then run the udev >> rules and send the libuevent event. > > I thought the suggestion was that udev on the host would be given > container-specific rules, saying "plop this device into /dev/container1/" > (with /dev/container1 being bind-mounted to $container1_rootfs/dev). That is what I was trying to describe. We still need something that lets the software in the container know it needs to do something. I may be blind but right now short of replacing the internal udev, or modifying the kernel I don't see a solution for letting software in a container know there is a new device it can use. Once we get the notification issue sorted out I think we have enough to bring up a full desktop environment in a container and be able to say we don't need anything else from devices unless someone discovers that checkpoint/restart actually needs minor numbers to be preserved. Eric -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Device Namespaces
Amir Goldstein writes: > What we really like to see is a setns() style API that can be used to > add a device in the context of a namespace in either a "shared" or > "private" mode. I think you mean an "ip link set dev FOO netns XXX" style API. Right now one of the best suggestions on the table is: mkdir -p /dev/container/X ln /dev/zero /dev/container/X/zero ln /dev/null /dev/container/X/null ... With /dev/container/X mounted on /dev for container X. Which seems to cover putting a device in a namespace, while allowing things to still be reasonably managed. There are a few other variations on that scheme but nothing that says we must have kernel support or to create any kind of kernel context beyond which directory the device nodes live in. > This kind of API is a required building block for us to write device > drivers that are namespace aware in a way that userspace will have > enough flexibility for dynamic configuration. > > We are trying to come up with a proposal for that sort of API. When > we have something decent, we shall post it. I really think what you need to write are special drivers that facilitate your use case. For the networking stack we wound up adding veth pairs, and macvlan devices, to handle the common sharing modes. Outside of your sharing situation I am not seeing any need or any advantage of creating devices that are modified to be sharable and I am seeing a lot of disadvantages to implementing things that way. The biggest is that you seem to working independent of the subsystem maintainers of those devices which is generally a poor idea. Unprivileged creation of device nodes we can handle if it can be shown that it is safe to create device nodes. As I understand your problem you are trying to multiplex a device by building a device with a built in stop light. Where one opener can write and the other openers are stopped/dropped. That sounds very similar to macvlan, or ethernet bridging. From the patches you have floated I suspect it would be very simple to build and just need a little bit of glue. Eric -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] Device Namespaces
ebied...@xmission.com (Eric W. Biederman) writes: >> This kind of API is a required building block for us to write device >> drivers that are namespace aware in a way that userspace will have >> enough flexibility for dynamic configuration. >> >> We are trying to come up with a proposal for that sort of API. When >> we have something decent, we shall post it. > > I really think what you need to write are special drivers that > facilitate your use case. Even more practically if you can write special drivers it removes a level of policy from the kernel, and allows those special drivers to use at other times for other occassions. Eric -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/1] add basic lxc-test-ubuntu (v3)
Some features of lxc - networking and LSM configuration for instance -
are generally configured by the distro packages. This program
tests the Ubuntu configuration.
changelog v2:
Switch to lxc-info -i to detect ip address as stgraber suggested
Don't look for 'expect' as I'm not using it yet.
changelog v3:
Make sure to only read one ip address from container.
Signed-off-by: Serge Hallyn
---
configure.ac | 1 +
src/tests/Makefile.am | 4 +++
src/tests/lxc-test-ubuntu | 78 +++
3 files changed, 83 insertions(+)
create mode 100644 src/tests/lxc-test-ubuntu
diff --git a/configure.ac b/configure.ac
index 92a4690..d7f2f03 100644
--- a/configure.ac
+++ b/configure.ac
@@ -51,6 +51,7 @@ case $with_distro in
esac
AC_MSG_RESULT([$with_distro])
AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o
x"$with_distro" = "xubuntu"])
+AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"])
# Detect the newuidmap tool (required for userns)
AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap])
diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
index 479facc..ef65958 100644
--- a/src/tests/Makefile.am
+++ b/src/tests/Makefile.am
@@ -36,6 +36,10 @@ bin_PROGRAMS = lxc-test-containertests lxc-test-locktests
lxc-test-startone \
bin_SCRIPTS = lxc-test-usernic
+if DISTRO_UBUNTU
+bin_SCRIPTS += lxc-test-ubuntu
+endif
+
endif
EXTRA_DIST = \
diff --git a/src/tests/lxc-test-ubuntu b/src/tests/lxc-test-ubuntu
new file mode 100644
index 000..c6573c1
--- /dev/null
+++ b/src/tests/lxc-test-ubuntu
@@ -0,0 +1,78 @@
+#!/bin/sh
+
+# lxc-test-ubuntu: some tests of ubuntu-specific features of lxc.
+# Some features of lxc - networking and LSM configuration for instance -
+# are generally configured by the distro packages. This program
+# tests the Ubuntu configuration.
+
+# These require the ubuntu lxc package to be installed.
+
+# General lxc functionality testing does not belong here.
+
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA
+
+
+set -e
+
+FAIL() {
+ echo -n "Failed " >&2
+ echo "$*" >&2
+ exit 1
+}
+
+# Only run on a normally configured ubuntu lxc system
+if [ ! -d /sys/class/net/lxcbr0 ]; then
+ echo "lxcbr0 is not configured."
+ exit 0
+fi
+if [ "$(id -u)" != "0" ]; then
+ echo "Must run as root."
+ exit 0
+fi
+if ! which host 2>&1 > /dev/null; then
+ echo "'host' program not found. Please install bind9-host"
+ exit 0
+fi
+
+for template in ubuntu ubuntu-cloud; do
+ # need a different name for each container so dnsmasq doesn't
+ # mess us up with its caching
+ if which uuidgen 2>&1 > /dev/null; then
+ name=$(uuidgen)
+ else
+ name=lxc-test-$template
+ fi
+ lxc-create -t $template -n $name || FAIL "creating $template container"
+ lxc-start -n $name -d || FAIL "starting $template container"
+ lxc-wait -n $name -s RUNNING || FAIL "waiting for $template container
to run"
+ for tries in `seq 1 20`; do
+ lxcip=`sudo lxc-info -i -n $name | awk -F: '{ print $2 }' | awk
'{ print $1}' | head -1`
+ [ -z "$lxcip" ] || break
+ sleep 1
+ done
+ [ -n "$lxcip" ] || FAIL "to start networking in $template container"
+
+ ping -c 1 $lxcip || FAIL "to ping $template container"
+ # Check apparmor
+ lxcpid=`lxc-info -n $name -p | awk -F: '{ print $2 }' | awk '{ print
$1}'`
+ aa=`cat /proc/$lxcpid/attr/current`
+ if [ "$aa" != "lxc-container-default-with-nesting (enforce)" ]; then
+ FAIL " to correctly set apparmor profile (profile is \"$aa\")"
+ fi
+ lxc-stop -n $name
+ lxc-destroy -n $name
+done
+
+exit 0
--
1.8.3.2
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-
Re: [lxc-devel] [PATCH] Improve behaviour for unprivileged users
Quoting Stéphane Graber (stgra...@ubuntu.com):
> This mostly changes two things:
> - Only log to the container's logfile on start/stop/restart/execute
> - Call may_control() every time we use the API and return
>"Insufficient privileges" on failure.
>
> NOTE: I didn't test every single one of those but I'm fairly confident
> in my copy/paste abilities and I confirmed they all build fine at least.
>
> Signed-off-by: Stéphane Graber
Acked-by: Serge E. Hallyn
(was going to ask about may_control in lxc-monitor and lxc-attach, but I
see they haven't been converted to use the API yet.)
> ---
> src/lxc/lxc_attach.c | 3 +++
> src/lxc/lxc_cgroup.c | 9 +
> src/lxc/lxc_checkpoint.c | 3 +++
> src/lxc/lxc_clone.c | 6 ++
> src/lxc/lxc_console.c| 8
> src/lxc/lxc_create.c | 3 +++
> src/lxc/lxc_destroy.c| 8
> src/lxc/lxc_freeze.c | 8
> src/lxc/lxc_info.c | 8
> src/lxc/lxc_kill.c | 3 +++
> src/lxc/lxc_monitor.c| 3 +++
> src/lxc/lxc_snapshot.c | 8
> src/lxc/lxc_stop.c | 5 +
> src/lxc/lxc_unfreeze.c | 8
> src/lxc/lxc_wait.c | 8
> 15 files changed, 91 insertions(+)
>
> diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
> index 4ca00a9..bd4e674 100644
> --- a/src/lxc/lxc_attach.c
> +++ b/src/lxc/lxc_attach.c
> @@ -188,6 +188,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
> index 2c0508c..b9727a0 100644
> --- a/src/lxc/lxc_cgroup.c
> +++ b/src/lxc/lxc_cgroup.c
> @@ -70,6 +70,9 @@ int main(int argc, char *argv[])
> if (lxc_arguments_parse(&my_args, argc, argv))
> return -1;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> if (lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
>my_args.progname, my_args.quiet, my_args.lxcpath[0]))
> return -1;
> @@ -79,6 +82,12 @@ int main(int argc, char *argv[])
> c = lxc_container_new(my_args.name, my_args.lxcpath[0]);
> if (!c)
> return -1;
> +
> + if (!c->may_control(c)) {
> + ERROR("Insufficent privileges to control %s:%s",
> my_args.lxcpath[0], my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> ERROR("'%s:%s' is not running", my_args.lxcpath[0],
> my_args.name);
> lxc_container_put(c);
> diff --git a/src/lxc/lxc_checkpoint.c b/src/lxc/lxc_checkpoint.c
> index ecf19b1..f6a0313 100644
> --- a/src/lxc/lxc_checkpoint.c
> +++ b/src/lxc/lxc_checkpoint.c
> @@ -115,6 +115,9 @@ int main(int argc, char *argv[])
> if (ret)
> return ret;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> diff --git a/src/lxc/lxc_clone.c b/src/lxc/lxc_clone.c
> index e0be9da..e01c98b 100644
> --- a/src/lxc/lxc_clone.c
> +++ b/src/lxc/lxc_clone.c
> @@ -160,6 +160,12 @@ int main(int argc, char *argv[])
> c1 = lxc_container_new(orig, lxcpath);
> if (!c1)
> exit(1);
> +
> + if (!c1->may_control(c1)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n", orig);
> + return -1;
> + }
> +
> if (!c1->is_defined(c1)) {
> fprintf(stderr, "Error: container %s is not defined\n", orig);
> lxc_container_put(c1);
> diff --git a/src/lxc/lxc_console.c b/src/lxc/lxc_console.c
> index ea1e999..f5d16fa 100644
> --- a/src/lxc/lxc_console.c
> +++ b/src/lxc/lxc_console.c
> @@ -97,6 +97,9 @@ int main(int argc, char *argv[])
> if (ret)
> return EXIT_FAILURE;
>
> + if (!my_args.log_file)
> + my_args.log_file = "none";
> +
> ret = lxc_log_init(my_args.name, my_args.log_file, my_args.log_priority,
> my_args.progname, my_args.quiet, my_args.lxcpath[0]);
> if (ret)
> @@ -108,6 +111,11 @@ int main(int argc, char *argv[])
> exit(EXIT_FAILURE);
> }
>
> + if (!c->may_control(c)) {
> + fprintf(stderr, "Insufficent privileges to control %s\n",
> my_args.name);
> + return -1;
> + }
> +
> if (!c->is_running(c)) {
> fprintf(stderr, "%s is not running\n", my_args.name);
> exit(EXIT_FAILURE);
> diff --git a/src/lxc/lxc_create.c b/src/lxc/lxc_create.c
> index f577e30..98cca32 100644
> --- a/src/lxc/lxc_create.c
> +++ b/src/lx
Re: [lxc-devel] [PATCH 1/1] templates/lxc-fedora Rework for distro independence.
Quoting Michael H. Warfield (m...@wittsend.com):
> +mount -o loop ../LiveOS/squashfs.img squashfs
Heh, this is unfortunate - since I test things inside containers, now I
have to face the loop device in containers issue :)
For now I just added b 7:0 to my devices whitelist and loosened the
apparmor policy. Fedora build did its thing. Then I removed those
exceptions.
I did have to remove the devices whitelist entries for 4:0 and 4:1.
They are for /dev/tty{0,1} - the real ones, which we don't use
in containers. Since the ubuntu container in which I was testing
didn't have that, I couldn't grant it to the fedora container, but
it doesn't need it.
Other than that, it looks good!
There is a weird glitch, when i first start the container, i type
in username root, then have to hit return again before it shows
me the password prompt. It doesn't accept the password. Second
login attempt works fine. Yum also isn't finding any mirrors, but
that may be a problem local to me.
Will test some more tomorrow.
Thanks!
-serge
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134791&iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
