[lxc-devel] How to import/access raw devices inside the container ?
Hello, Wondering if someone can help me with this: - given a host where some raw devices are setup: raw -qa /dev/raw/raw1: bound to major 7, minor 1 /dev/raw/raw2: bound to major 7, minor 2 /dev/raw/raw3: bound to major 7, minor 3 Added the following entry in config file for the container: lxc.cgroup.devices.allow = b 162:* rwm Yet, the raw devices are not accessible in the container: ls -la /dev/raw/ total 8 drwxr-xr-x 2 root root 4096 Oct 2 09:29 . drwxr-xr-x 6 root root 4096 Oct 8 06:08 .. Any ideas? Thank you, Dragos-- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] How to import/access raw devices inside the container ?
On Tue, Oct 08, 2013 at 07:13:51AM -0700, Gherasim Dragos wrote: > Hello, > > Wondering if someone can help me with this: > > - given a host where some raw devices are setup: > > raw -qa > /dev/raw/raw1: bound to major 7, minor 1 > /dev/raw/raw2: bound to major 7, minor 2 > /dev/raw/raw3: bound to major 7, minor 3 > > Added the following entry in config file for the container: > > lxc.cgroup.devices.allow = b 162:* rwm Hi, The lxc-users mailing-list would probably have been more appropriate for this. Your listing above shows devices that are 7:* yet you're allowing 162:*, that's not going to do you much good :) They also won't be created in the container unless they're created by default by udev or you're getting a matching uevent. As those seem like virtual devices bound to a kernel module, I don't think they'll get auto-created, so you'll need to use mknod in the container to create the node, then you should be able to use it. Note that I also wrote an lxc-device tool which we ship in recent LXC and lets you add new devices to your container after boot (not persistent though). Using lxc-device you should be able to do: lxc-device add -n /dev/raw/raw1 And /dev/raw/raw1 should appear in the container and be usable (you may have to create /dev/raw first, I'm not sure lxc-device creates missing directories). > > Yet, the raw devices are not accessible in the container: > > ls -la /dev/raw/ > total 8 > drwxr-xr-x 2 root root 4096 Oct 2 09:29 . > drwxr-xr-x 6 root root 4096 Oct 8 06:08 .. > > Any ideas? > > Thank you, > Dragos -- Stéphane Graber Ubuntu developer http://www.ubuntu.com signature.asc Description: Digital signature -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 494fd6: lxc-ubuntu-cloud: pass --numeric-owner and -p to u...
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 494fd6b390ecae077375e171230ce78d6784dd43 https://github.com/lxc/lxc/commit/494fd6b390ecae077375e171230ce78d6784dd43 Author: Scott Moser Date: 2013-10-08 (Tue, 08 Oct 2013) Changed paths: M templates/lxc-ubuntu-cloud.in Log Message: --- lxc-ubuntu-cloud: pass --numeric-owner and -p to untar Just following up here, Serge raised the question of whether or not the other two invocations of 'tar' in this script need '--numeric-owner'. They probably should have it, although its of little concern because the 'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for download, and the only supported ubuntu release without the -root.tar.gz download is 10.04 at this point. Anyway, below is a more complete diff, also including a fix as '--numeric-uid' is not a valid option to tar. The name is '--numeric-owner'. Signed-off-by: Scott Moser Acked-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] lxc-ubuntu-cloud: pass --numeric-owner and -p to untar
On Mon, Oct 07, 2013 at 08:41:23PM -0400, Scott Moser wrote:
> On Mon, 7 Oct 2013, Stéphane Graber wrote:
>
> > On Mon, Oct 07, 2013 at 04:16:05PM -0500, Serge Hallyn wrote:
> > > An example of where this can break is if you pass in sshkey to user
> > > ubuntu in the container, where user ubuntu exists with different uid
> > > on host.
> > >
> > > Signed-off-by: Serge Hallyn
> >
> > Acked-by: Stéphane Graber
>
> Just following up here, Serge raised the question of whether or not the
> other two invocations of 'tar' in this script need '--numeric-owner'.
> They probably should have it, although its of little concern because the
> 'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for
> download, and the only supported ubuntu release without the -root.tar.gz
> download is 10.04 at this point.
>
> Anyway, below is a more complete diff, also including a fix as
> '--numeric-uid' is not a valid option to tar. The name is
> '--numeric-owner'.
>
> Signed-off-by: Scott Moser
Acked-by: Stéphane Graber
>
> diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in
> index 47a5fca..a2af003 100644
> --- a/templates/lxc-ubuntu-cloud.in
> +++ b/templates/lxc-ubuntu-cloud.in
> @@ -340,7 +340,7 @@ build_root_tgz()
> echo "Creating new cached cloud image rootfs"
> tar --wildcards -zxf $tarname $imgname
> mount -o loop $imgname $xdir
> -(cd $xdir; tar zcf ../$filename .)
> +(cd $xdir; tar --numeric-owner -cpzf ../$filename .)
> umount $xdir
> rm -f $tarname $imgname
> rmdir $xdir
> @@ -371,7 +371,7 @@ do_extract_rootfs() {
> echo "Extracting container rootfs"
> mkdir -p $rootfs
> cd $rootfs
> -tar -zxf $cache/$filename
> +tar --numeric-owner -xpzf $cache/$filename
> }
>
> if [ -n "$tarball" ]; then
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 9c3bc3: lxc-ubuntu-cloud: Cope with spaces in paths
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 9c3bc32c5789b76b8c42b75d7625377d61e052c1 https://github.com/lxc/lxc/commit/9c3bc32c5789b76b8c42b75d7625377d61e052c1 Author: Stéphane Graber Date: 2013-10-08 (Tue, 08 Oct 2013) Changed paths: M templates/lxc-ubuntu-cloud.in Log Message: --- lxc-ubuntu-cloud: Cope with spaces in paths Reported-by: Scott Moser Signed-off-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH 1/1] templates/lxc-fedora Rework for distro independence.
On Fri, 2013-10-04 at 10:56 -0500, Serge Hallyn wrote:
> Quoting Michael H. Warfield (m...@wittsend.com):
> > Hey Serge,
> >
> > On Wed, 2013-10-02 at 23:39 -0500, Serge Hallyn wrote:
> > > Quoting Michael H. Warfield (m...@wittsend.com):
> > > > +mount -o loop ../LiveOS/squashfs.img squashfs
> >
> > > Heh, this is unfortunate - since I test things inside containers, now I
> > > have to face the loop device in containers issue :)
> >
> > > For now I just added b 7:0 to my devices whitelist and loosened the
> > > apparmor policy. Fedora build did its thing. Then I removed those
> > > exceptions.
> > >
> > > I did have to remove the devices whitelist entries for 4:0 and 4:1.
> >
> > I swear, I thought you meant you had to remove them in the container
> > config of the Ubuntu container you were running this in, just as you had
> > to add the b 7:0 for the loop device. :-P Oh well.
> >
> > > They are for /dev/tty{0,1} - the real ones, which we don't use
> > > in containers. Since the ubuntu container in which I was testing
> > > didn't have that, I couldn't grant it to the fedora container, but
> > > it doesn't need it.
> >
> > > Other than that, it looks good!
> >
> > > There is a weird glitch, when i first start the container, i type
> > > in username root, then have to hit return again before it shows
> > > me the password prompt. It doesn't accept the password. Second
> > > login attempt works fine.
> >
> > I've looked at this some more and it's only happening on the console
> > device that is connected with lxc-start. It's not happening with any of
> That's interesting. Note that when I start an ubuntu container in a
> private user namespace, the lxc-start console also acts differently
> from the other consoles. The shell says there's no job control, and
> sudo refuses to run.
Yeah, I'm seeing the same problem you're seeing on a Fedora host with
all the various containers I have running (Fedora (13,14,17,18,19),
CentOS (5,6), Oracle, OpenSuse, Ubuntu), were we have this weird
behavior of the lxc-start console. It's not dependent on the host
(Ubuntu or Fedora) and it doesn't really seem to be dependent on the
container distro. Not sure what the deal is there. Can't find any
different from "stty -a" for anything...
> So there appears to be *something* that is happening differently
> there. It could be as simple as the distro init is mucking with the
> console in a way it shouldn't, or setsid() is doing something...
> But it would be great if we could get to the bottom of it.
If it's the distro init, all of them are doing it and I think I have a
gmix of sysv init, upstart, and systemd.
BTW... I have all those containers (17 of them) running with autodev =
1 with the devtmpfs patch and they're all running very happily. I
probably won't have that patch posted before next week but I'm pleased
with how it's behaving so far. I had to build my OpenSuse container on
an OpenSuse host and transport it over but it's running happy that way
too. Only ones I haven't tested yet are Alt and Arch.
> -serge
Regards,
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it!
signature.asc
Description: This is a digitally signed message part
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] ebe0ae: doc: Generate Japanese lxc-snapshot(1) man page
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: ebe0aeb19cff9539bd749107d245874774d8a371 https://github.com/lxc/lxc/commit/ebe0aeb19cff9539bd749107d245874774d8a371 Author: KATOH Yasufumi Date: 2013-10-08 (Tue, 08 Oct 2013) Changed paths: M configure.ac M doc/ja/Makefile.am Log Message: --- doc: Generate Japanese lxc-snapshot(1) man page Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Commit: f220889fd2d586ced14f853c303e2887305d5024 https://github.com/lxc/lxc/commit/f220889fd2d586ced14f853c303e2887305d5024 Author: KATOH Yasufumi Date: 2013-10-08 (Tue, 08 Oct 2013) Changed paths: M doc/ja/lxc.conf.sgml.in Log Message: --- doc: Fix Japanese lxc.conf(5) man page Same as the commit 3157e673952bb857caf98666983eb5c0aec831a9 Signed-off-by: KATOH Yasufumi Acked-by: Stéphane Graber Compare: https://github.com/lxc/lxc/compare/9c3bc32c5789...f220889fd2d5 -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] ensure gnutls is initialized before use
Section 7.1.2 of the gnutls info manual states that it must be
initialized with a call to gnutls_global_init before use. This
fixes the syslog warning I was seeing:
lxc-create: Libgcrypt warning: missing initialization -
please fix the application
Signed-off-by: Dwight Engen
---
src/lxc/utils.c | 7 +++
1 file changed, 7 insertions(+)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index dc94a3c..12ed454 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -426,6 +426,13 @@ static inline int lock_fclose(FILE *f)
#if HAVE_LIBGNUTLS
#include
#include
+
+__attribute__((constructor))
+static void gnutls_lxc_init(void)
+{
+ gnutls_global_init();
+}
+
int sha1sum_file(char *fnam, unsigned char *digest)
{
char *buf;
--
1.8.1.4
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [lxc/lxc] 41246c: ensure gnutls is initialized before use
Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: 41246cee3bc2b4215a485dd5da33d65ae5254514 https://github.com/lxc/lxc/commit/41246cee3bc2b4215a485dd5da33d65ae5254514 Author: Dwight Engen Date: 2013-10-08 (Tue, 08 Oct 2013) Changed paths: M src/lxc/utils.c Log Message: --- ensure gnutls is initialized before use Section 7.1.2 of the gnutls info manual states that it must be initialized with a call to gnutls_global_init before use. This fixes the syslog warning I was seeing: lxc-create: Libgcrypt warning: missing initialization - please fix the application Signed-off-by: Dwight Engen Acked-by: Stéphane Graber -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] ensure gnutls is initialized before use
On Tue, Oct 08, 2013 at 12:22:57PM -0400, Dwight Engen wrote:
> Section 7.1.2 of the gnutls info manual states that it must be
> initialized with a call to gnutls_global_init before use. This
> fixes the syslog warning I was seeing:
>
> lxc-create: Libgcrypt warning: missing initialization -
> please fix the application
>
> Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber
> ---
> src/lxc/utils.c | 7 +++
> 1 file changed, 7 insertions(+)
>
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index dc94a3c..12ed454 100644
> --- a/src/lxc/utils.c
> +++ b/src/lxc/utils.c
> @@ -426,6 +426,13 @@ static inline int lock_fclose(FILE *f)
> #if HAVE_LIBGNUTLS
> #include
> #include
> +
> +__attribute__((constructor))
> +static void gnutls_lxc_init(void)
> +{
> + gnutls_global_init();
> +}
> +
> int sha1sum_file(char *fnam, unsigned char *digest)
> {
> char *buf;
> --
> 1.8.1.4
>
>
> --
> October Webinars: Code for Performance
> Free Intel webinars can help you accelerate application performance.
> Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
> the latest Intel processors and coprocessors. See abstracts and register >
> http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk
> ___
> Lxc-devel mailing list
> Lxc-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/lxc-devel
--
Stéphane Graber
Ubuntu developer
http://www.ubuntu.com
signature.asc
Description: Digital signature
--
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] Strange problem (stray mounts) with lxc-create...
Hey all, Since I'm working on testing a bunch of things, including the Fedora templates, I've been creating and destroying a LOT of containers. Every once in a while I get a failure due to failure to mount on... What I find are a large number (half dozen or more) of dangling mounts like this: /dev/mapper/fedora-root on /usr/lib64/lxc/rootfs type ext4 (rw,relatime,seclabel,data=ordered) /dev/mapper/fedora-root on /usr/lib64/lxc/rootfs type ext4 (rw,relatime,seclabel,data=ordered) What I'm finding is that, after running lxc-create, regardless of template, I'm left with one more of these dangling mounts. I can go back and unmount them and then I can do more lxc-creates until it happens again. That's not referenced (afaict) anywhere in the Fedora template and it's affecting all the templates that I can get to run on Fedora. Maybe we're not cleaning something up in there somewhere? I'm running off the git master branch. Regards, Mike -- Michael H. Warfield (AI4NB) | (770) 985-6132 | m...@wittsend.com /\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0x674627FF| possible worlds. A pessimist is sure of it! signature.asc Description: This is a digitally signed message part -- October Webinars: Code for Performance Free Intel webinars can help you accelerate application performance. Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from the latest Intel processors and coprocessors. See abstracts and register > http://pubads.g.doubleclick.net/gampad/clk?id=60134071&iu=/4140/ostg.clktrk___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
