[lxc-devel] [PATCH] Only bring up network interface if IFF_UP is set
Each network interface was brought up regardless of the configuration,
as the wrong boolean operator was being used to test the IFF_UP flag.
Signed-off-by: David Ward
---
src/lxc/conf.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 2f66e76..a0c5fee 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1217,7 +1217,7 @@ static int setup_netdev(struct lxc_netdev *netdev)
/* empty network namespace */
if (!netdev->ifindex) {
- if (netdev->flags | IFF_UP) {
+ if (netdev->flags & IFF_UP) {
err = lxc_device_up("lo");
if (err) {
ERROR("failed to set the loopback up : %s",
@@ -1281,7 +1281,7 @@ static int setup_netdev(struct lxc_netdev *netdev)
}
/* set the network device up */
- if (netdev->flags | IFF_UP) {
+ if (netdev->flags & IFF_UP) {
int err;
err = lxc_device_up(current_ifname);
--
1.7.1
--
Protect Your Site and Customers from Malware Attacks
Learn about various malware tactics and how to avoid them. Understand
malware threats, the impact they can have on your business, and how you
can protect your company and customers by using code signing.
http://p.sf.net/sfu/oracle-sfdevnl
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
Re: [lxc-devel] [PATCH] fix broadcast compution
Daniel,
On 02/06/2010 03:29 PM, Daniel Lezcano wrote:
>diff --git a/src/lxc/confile.c b/src/lxc/confile.c
>index 4d81ac6..7c72752 100644
>--- a/src/lxc/confile.c
>+++ b/src/lxc/confile.c
>@@ -423,9 +423,8 @@ static int config_network_ipv4(const char *key, char
>*value,
> * prefix and address
> */
> if (!bcast) {
>- inetdev->bcast.s_addr =
>- htonl(INADDR_BROADCAST<< (32 - inetdev->prefix));
>- inetdev->bcast.s_addr&= inetdev->addr.s_addr;
>+ int mask = htonl(INADDR_BROADCAST<< (32 - inetdev->prefix));
>+ inetdev->bcast.s_addr = (inetdev->addr.s_addr& mask) | ~mask;
> }
>
> lxc_list_add(&netdev->ipv4, list);
The following would be a lot simpler:
inetdev->bcast.s_addr = inetdev->addr.s_addr;
inetdev->bcast.s_addr |= htonl(INADDR_BROADCAST>> inetdev->prefix);
David
--
The ultimate all-in-one performance toolkit: Intel(R) Parallel Studio XE:
Pinpoint memory and threading errors before they happen.
Find and fix more than 250 security defects in the development cycle.
Locate bottlenecks in serial and parallel code that limit performance.
http://p.sf.net/sfu/intel-dev2devfeb
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] Watch utmp if /var/run is not shared
lxc watches /var/run/utmp in the container to monitor its runlevel, so that
it can stop or "reboot" the container when appropriate. This should not
happen though if the container shares /var/run/utmp with the system (which
should only be the case if the container does not run init).
Currently this is avoided by requiring that the container has a separate
filesystem root (i.e. "lxc.rootfs" is configured) in order to watch utmp.
However it is also sufficient to share the filesystem root, but to re-mount
/var/run so that there is a separate utmp file. (In the case of Upstart,
/etc/init can be re-mounted as well to allow the container to have its own
set of init scripts. The remainder of the filesystem can still be shared.)
With this change, lxc checks the device ID and inode number of /var/run to
see if the container has re-mounted it as a pre-condition of watching utmp.
This replaces the check for "lxc.rootfs" in the configuration.
Signed-off-by: David Ward
---
src/lxc/utmp.c | 21 -
1 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c
index 691c3ef..3356396 100644
--- a/src/lxc/utmp.c
+++ b/src/lxc/utmp.c
@@ -30,6 +30,7 @@
#include
#include
#include
+#include
#include "conf.h"
#include "cgroup.h"
@@ -221,10 +222,7 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
char path[MAXPATHLEN];
int fd, wd;
struct lxc_utmp *utmp_data;
- struct lxc_conf *conf = handler->conf;
-
- if (!conf->rootfs.path)
- return 0;
+ struct stat container_utmp_stat, system_utmp_stat;
/* We set up a watch for the /var/run directory. We're only interested
* in utmp at the moment, but want to watch for delete and create
@@ -236,11 +234,24 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
return -1;
}
- if (access(path, F_OK)) {
+ if (stat(path, &container_utmp_stat)) {
WARN("'%s' not found", path);
return 0;
}
+ if (stat("/var/run", &system_utmp_stat)) {
+ WARN("'/var/run' not found");
+ return 0;
+ }
+
+ /* Do not watch the /var/run directory if the container shares it with
+* the system.
+*/
+ if ((container_utmp_stat.st_dev == system_utmp_stat.st_dev)
+ && (container_utmp_stat.st_ino == system_utmp_stat.st_ino)) {
+ return 0;
+ }
+
utmp_data = (struct lxc_utmp *)malloc(sizeof(struct lxc_utmp));
if (NULL == utmp_data) {
--
1.7.4
--
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2] Watch utmp if /var/run is not shared
In order to stop or restart a container that runs "init" as its top-level
process, lxc must watch for changes to the "utmp" file (which stores init's
current and previous runlevel) located in /var/run in the container. Because
lxc should only react to the container runlevel (if one exists) and not the
system runlevel, lxc must first check that utmp is not shared between the
container and the system.
Presently, lxc will only watch utmp if the "lxc.rootfs" parameter is set in
the container configuration. However, lxc should also watch utmp if the
filesystem root is shared but "/var/run" has been re-mounted from another
location. (In this scenario, Upstart could be used to control the container
if "/etc/init" has also been re-mounted to a directory that holds Upstart
scripts specifically written for the container.)
With this change, lxc checks to see if "/var/run" is shared between the
container and the system by comparing the device and inode numbers. If not,
lxc will watch utmp. This replaces the check for "lxc.rootfs".
Signed-off-by: David Ward
---
src/lxc/utmp.c | 21 -
1 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c
index 691c3ef..48998ca 100644
--- a/src/lxc/utmp.c
+++ b/src/lxc/utmp.c
@@ -30,6 +30,7 @@
#include
#include
#include
+#include
#include "conf.h"
#include "cgroup.h"
@@ -221,10 +222,7 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
char path[MAXPATHLEN];
int fd, wd;
struct lxc_utmp *utmp_data;
- struct lxc_conf *conf = handler->conf;
-
- if (!conf->rootfs.path)
- return 0;
+ struct stat container_stat, system_stat;
/* We set up a watch for the /var/run directory. We're only interested
* in utmp at the moment, but want to watch for delete and create
@@ -236,11 +234,24 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr,
return -1;
}
- if (access(path, F_OK)) {
+ if (stat(path, &container_stat)) {
WARN("'%s' not found", path);
return 0;
}
+ if (stat("/var/run", &system_stat)) {
+ WARN("'/var/run' not found");
+ return 0;
+ }
+
+ /* Do not watch the /var/run directory if the container shares it with
+* the system.
+*/
+ if ((container_stat.st_dev == system_stat.st_dev)
+ && (container_stat.st_ino == system_stat.st_ino)) {
+ return 0;
+ }
+
utmp_data = (struct lxc_utmp *)malloc(sizeof(struct lxc_utmp));
if (NULL == utmp_data) {
--
1.7.4
--
Free Software Download: Index, Search & Analyze Logs and other IT data in
Real-Time with Splunk. Collect, index and harness all the fast moving IT data
generated by your applications, servers and devices whether physical, virtual
or in the cloud. Deliver compliance at lower cost and gain new business
insights. http://p.sf.net/sfu/splunk-dev2dev
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 2/9] lxc-attach: use execvp instead of execve
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 3571b09..4883327 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -89,7 +89,7 @@ Options :\n\
.checker = NULL,
};
-int main(int argc, char *argv[], char *envp[])
+int main(int argc, char *argv[])
{
int ret;
pid_t pid, init_pid;
@@ -212,7 +212,7 @@ int main(int argc, char *argv[], char *envp[])
lxc_sync_fini(handler);
if (my_args.argc) {
- execve(my_args.argv[0], my_args.argv, envp);
+ execvp(my_args.argv[0], my_args.argv);
SYSERROR("failed to exec '%s'", my_args.argv[0]);
return -1;
}
@@ -232,7 +232,7 @@ int main(int argc, char *argv[], char *envp[])
NULL,
};
- execve(args[0], args, envp);
+ execvp(args[0], args);
SYSERROR("failed to exec '%s'", args[0]);
return -1;
}
--
1.7.1
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 6/9] utmp: support non-rootfs configuration
Having a rootfs is not a necessary condition for monitoring utmp, since /var or /var/run can just be remounted inside the container instead. We should rely on the other two conditions already in place to decide whether to monitor the utmp file: - the container was started with 'lxc-start', which indicates that it has a real init process and is expected to write to a utmp file - support for CAP_SYS_BOOT was not found in the kernel, which would otherwise supersede utmp monitoring Signed-off-by: David Ward --- src/lxc/utmp.c |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c index b6469b0..a7b9b52 100644 --- a/src/lxc/utmp.c +++ b/src/lxc/utmp.c @@ -233,10 +233,6 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr, char path2[MAXPATHLEN]; int fd, wd; struct lxc_utmp *utmp_data; - struct lxc_conf *conf = handler->conf; - - if (!conf->rootfs.path) - return 0; /* We set up a watch for the /var/run directory. We're only interested * in utmp at the moment, but want to watch for delete and create -- 1.7.1 -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 3/9] lxc-ls: only list active containers
Originally, lxc-ls listed all containers by printing the directory names in /var/lib/lxc. After commit 65cb447f9b8d1ac8dcf9df24a4f877180444f003, lxc-ls now finds and prints active containers by searching for open UNIX sockets named '/var/lib/lxc//command'. However, all containers are still printed using the old method as well, so now the active containers just get printed twice. Assuming that the intention of the above commit was to only list active containers, do not print the directory names in /var/lib/lxc any longer. Signed-off-by: David Ward --- src/lxc/lxc-ls.in |2 -- 1 files changed, 0 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc-ls.in b/src/lxc/lxc-ls.in index d200509..b923c56 100644 --- a/src/lxc/lxc-ls.in +++ b/src/lxc/lxc-ls.in @@ -23,8 +23,6 @@ function get_cgroup() mount_point=`echo "$mount_string" |cut -d' ' -f2`; } -ls "$@" $lxcpath - active=$(netstat -xl 2>/dev/null | grep $lxcpath | \ sed -e 's#.*'"$lxcpath/"'\(.*\)/command#\1#'); -- 1.7.1 -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 5/9] utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
src/lxc/start.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index fc2a1b1..1ee7bdf 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -508,7 +508,6 @@ static int do_start(void *data)
SYSERROR("failed to remove CAP_SYS_BOOT capability");
return -1;
}
- handler->conf->need_utmp_watch = 1;
DEBUG("Dropped cap_sys_boot\n");
} else {
DEBUG("Not dropping cap_sys_boot or watching utmp\n");
--
1.7.1
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 7/9] cgroup: rearrange code blocks
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 66 -
1 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index cc3910a..c915b52 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -142,6 +142,7 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
struct mntent *mntent;
char initcgroup[MAXPATHLEN];
FILE *file = NULL;
+ int ret, err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -150,30 +151,27 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
}
while ((mntent = getmntent(file))) {
-
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (!subsystem || hasmntopt_multiple(mntent, subsystem)) {
- int ret;
- ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc",
- mntent->mnt_dir,
- get_init_cgroup(subsystem, NULL,
- initcgroup));
- if (ret < 0 || ret >= MAXPATHLEN)
- goto fail;
- fclose(file);
- DEBUG("using cgroup mounted at '%s'", mnt);
- return 0;
- }
+ if (subsystem && !hasmntopt_multiple(mntent, subsystem))
+ continue;
+
+ ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc", mntent->mnt_dir,
+ get_init_cgroup(subsystem, NULL, initcgroup));
+ if (ret < 0 || ret >= MAXPATHLEN)
+ goto fail;
+
+ DEBUG("using cgroup mounted at '%s'", mnt);
+ err = 0;
+ goto out;
};
fail:
DEBUG("Failed to find cgroup for %s\n",
subsystem ? subsystem : "(NULL)");
-
- fclose(file);
-
- return -1;
+out:
+ endmntent(file);
+ return err;
}
int lxc_ns_is_mounted(void)
@@ -398,18 +396,17 @@ int lxc_cgroup_create(const char *name, pid_t pid)
}
while ((mntent = getmntent(file))) {
-
DEBUG("checking '%s' (%s)", mntent->mnt_dir, mntent->mnt_type);
- if (!strcmp(mntent->mnt_type, "cgroup")) {
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- INFO("[%d] found cgroup mounted at '%s',opts='%s'",
-++found, mntent->mnt_dir, mntent->mnt_opts);
+ INFO("[%d] found cgroup mounted at '%s',opts='%s'",
+++found, mntent->mnt_dir, mntent->mnt_opts);
- err = lxc_one_cgroup_create(name, mntent, pid);
- if (err)
- goto out;
- }
+ err = lxc_one_cgroup_create(name, mntent, pid);
+ if (err)
+ goto out;
};
if (!found)
@@ -485,7 +482,7 @@ int lxc_cgroup_destroy(const char *name)
{
struct mntent *mntent;
FILE *file = NULL;
- int ret, err = -1;
+ int err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -494,18 +491,15 @@ int lxc_cgroup_destroy(const char *name)
}
while ((mntent = getmntent(file))) {
- if (!strcmp(mntent->mnt_type, "cgroup")) {
- ret = lxc_one_cgroup_destroy(mntent, name);
- if (ret) {
- fclose(file);
- return ret;
- }
- err = 0;
- }
- }
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- fclose(file);
+ err = lxc_one_cgroup_destroy(mntent, name);
+ if (err)
+ break;
+ }
+ endmntent(file);
return err;
}
/*
--
1.7.1
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 9/9] cgroup: only touch hierarchies that are bound to subsystems
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 50 --
1 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 06aa1a0..8ccbc50 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -53,6 +53,39 @@ enum {
CGROUP_CLONE_CHILDREN,
};
+/* Check if a mount is a cgroup hierarchy for any subsystem.
+ * Return the first subsystem found (or NULL if none).
+ */
+static char *mount_has_subsystem(const struct mntent *mntent)
+{
+ FILE *f;
+ char *c, *ret;
+ char line[MAXPATHLEN];
+
+ /* read the list of subsystems from the kernel */
+ f = fopen("/proc/cgroups", "r");
+ if (!f)
+ return 0;
+
+ /* skip the first line, which contains column headings */
+ if (!fgets(line, MAXPATHLEN, f))
+ return 0;
+
+ while (fgets(line, MAXPATHLEN, f)) {
+ c = strchr(line, '\t');
+ if (!c)
+ continue;
+ *c = '\0';
+
+ ret = hasmntopt(mntent, line);
+ if (ret)
+ break;
+ }
+
+ fclose(f);
+ return ret;
+}
+
/*
* get_init_cgroup: get the cgroup init is in.
* dsg: preallocated buffer to put the output in
@@ -124,8 +157,15 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (subsystem && !hasmntopt(mntent, subsystem))
- continue;
+
+ if (subsystem) {
+ if (!hasmntopt(mntent, subsystem))
+ continue;
+ }
+ else {
+ if (!mount_has_subsystem(mntent))
+ continue;
+ }
ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc", mntent->mnt_dir,
get_init_cgroup(subsystem, NULL, initcgroup));
@@ -252,6 +292,8 @@ int lxc_cgroup_attach(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -405,6 +447,8 @@ int lxc_cgroup_create(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -502,6 +546,8 @@ int lxc_cgroup_destroy(const char *name)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
err = lxc_one_cgroup_destroy(mntent, name);
if (err)
--
1.7.1
--
Try before you buy = See our experts in action!
The most comprehensive online learning library for Microsoft developers
is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3,
Metro Style Apps, more. Free future releases when you subscribe now!
http://p.sf.net/sfu/learndevnow-dev2
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 4/9] lxc-ls: tighten regex search on open sockets
lxc-ls returns a list of active containers by searching for UNIX sockets named '/var/lib/lxc//command'. Make the regular expression tighter for this search, to avoid inadvertently picking up other sockets. Signed-off-by: David Ward --- src/lxc/lxc-ls.in |4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/lxc/lxc-ls.in b/src/lxc/lxc-ls.in index b923c56..ea68971 100644 --- a/src/lxc/lxc-ls.in +++ b/src/lxc/lxc-ls.in @@ -23,8 +23,8 @@ function get_cgroup() mount_point=`echo "$mount_string" |cut -d' ' -f2`; } -active=$(netstat -xl 2>/dev/null | grep $lxcpath | \ - sed -e 's#.*'"$lxcpath/"'\(.*\)/command#\1#'); +active=$(netstat -xl 2>/dev/null | grep "$lxcpath"'/[^/]*/command' | \ + sed -e 's#.*'"$lxcpath"'/\([^/]*\)/command.*#\1#'); if test -n "$active"; then get_cgroup -- 1.7.1 -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 0/9] Assorted fixes against lxc 0.8.0-rc1
The following patches address a few issues I discovered while building or using lxc, including compatibility with systemd. They were tested on top of lxc 0.8.0-rc1 under Fedora 16. Please let me know if you have any questions or concerns. David Ward (9): use syscall numbers from Linux kernel headers lxc-attach: use execvp instead of execve lxc-ls: only list active containers lxc-ls: tighten regex search on open sockets utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found utmp: support non-rootfs configuration cgroup: rearrange code blocks lxc-attach: unify code for attaching a pid to a cgroup cgroup: only touch hierarchies that are bound to subsystems config/linux.m4 | 76 - configure.ac |8 +-- src/lxc/Makefile.am | 11 --- src/lxc/attach.c | 113 +-- src/lxc/attach.h |9 --- src/lxc/cgroup.c | 183 +++-- src/lxc/cgroup.h |2 +- src/lxc/lxc-ls.in|6 +- src/lxc/lxc_attach.c | 10 ++-- src/lxc/start.c |1 - src/lxc/utmp.c |4 - 11 files changed, 131 insertions(+), 292 deletions(-) delete mode 100644 config/linux.m4 -- Try before you buy = See our experts in action! The most comprehensive online learning library for Microsoft developers is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, MVC3, Metro Style Apps, more. Free future releases when you subscribe now! http://p.sf.net/sfu/learndevnow-dev2 ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH 1/9] use syscall numbers from Linux kernel headers
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc/Makefile.am | 11 ---
src/lxc/attach.c|3 +-
4 files changed, 4 insertions(+), 94 deletions(-)
delete mode 100644 config/linux.m4
diff --git a/config/linux.m4 b/config/linux.m4
deleted file mode 100644
index a4e9fa8..000
--- a/config/linux.m4
+++ /dev/null
@@ -1,76 +0,0 @@
-AC_DEFUN([AC_LINUX],
-[
- AC_LINUX_DIR()
- AC_LINUX_SRCARCH()
-])
-
-AC_DEFUN([AS_TRY_LINUX_DIR],
- [AC_MSG_CHECKING(for Linux in $1)
-
- if test -f "$1/Makefile" ; then
- result=yes
- $2
- else
- result="not found"
- $3
- fi
-
- AC_MSG_RESULT($result)
-])
-
-AC_DEFUN([AC_LINUX_DIR],
-[
- AC_ARG_WITH([linuxdir],
- [AC_HELP_STRING([--with-linuxdir=DIR],
- [specify path to Linux source directory])],
- [LINUX_DIR="${withval}"],
- [LINUX_DIR=default])
-
- dnl if specified, use the specified one
- if test "${LINUX_DIR}" != "default" ; then
- AS_TRY_LINUX_DIR([${LINUX_DIR}], , AC_MSG_ERROR([Linux dir not
found]) )
- fi
-
- dnl if not specified, first try with previously set LINUX_KERNEL_RELEASE
- if test "${LINUX_DIR}" = "default" ; then
- dir="/lib/modules/$LINUX_KERNEL_RELEASE/build";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl next try using the kernel source dir
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux-$LINUX_KERNEL_RELEASE";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl then try a common default of /usr/src/linux
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl if still nothing found, fail
- if test "${LINUX_DIR}" = "default" ; then
- AC_MSG_WARN([Linux source directory not found])
- fi
-
- AC_SUBST(LINUX_DIR)
-])
-
-AC_DEFUN([AC_LINUX_SRCARCH],[
- AC_MSG_CHECKING(for linux SRCARCH)
-
- case "${host}" in
- i[[3456]]86-*) LINUX_SRCARCH=x86;;
- x86_64-*) LINUX_SRCARCH=x86;;
- powerpc*-*) LINUX_SRCARCH=powerpc;;
- s390*-*) LINUX_SRCARCH=s390;;
- arm*-*) LINUX_SRCARCH=arm;;
- mips*-*) LINUX_SRCARCH=mips;;
- sparc*-*) LINUX_SRCARCH=sparc;;
- *) AC_MSG_ERROR([architecture ${host} not supported]);;
- esac
-
- AC_MSG_RESULT(${LINUX_SRCARCH})
- AC_SUBST(LINUX_SRCARCH)
-])
diff --git a/configure.ac b/configure.ac
index b103599..526d22d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,13 +65,13 @@ AC_SUBST(LXCROOTFSMOUNT, "${with_rootfs_path}")
AC_SUBST(LXCINITDIR, ['${libexecdir}/lxc'])
AC_SUBST(LXCTEMPLATEDIR, ['${libdir}/lxc/templates'])
-AC_CHECK_HEADERS([linux/netlink.h linux/genetlink.h],
+AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h],
[],
- AC_MSG_ERROR([netlink headers not found.
Please install the linux kernel headers.]),
+ AC_MSG_ERROR([Please install the Linux kernel
headers.]),
[#include
])
-AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([please install
libcap-devel.]),
+AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([Please install the
libcap development files.]),
[#include
#include ])
AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
@@ -91,8 +91,6 @@ AC_CHECK_HEADERS([sys/signalfd.h])
AC_PROG_GCC_TRADITIONAL
-AC_LINUX
-
if test "x$GCC" = "xyes"; then
CFLAGS="$CFLAGS -Wall"
fi
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 3a3816e..1c26952 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -131,14 +131,3 @@ install-exec-local: install-soPROGRAMS
uninstall-local:
$(RM) $(DESTDIR)$(libdir)/liblxc.so*
-
-namespace.c: setns.h
-
-setns.h:
- -$(CC) $(CPPFLAGS) -M -MT$@
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h >setns.P
- -$(CPP) $(CPPFLAGS) -dM
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h |grep setns > $@
-
-clean-local:
- $(RM) setns.h setns.P
-
--include setns.P
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 33da411..0ca8b39 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -30,6 +30,7 @@
#include
#includ
[lxc-devel] [PATCH 8/9] lxc-attach: unify code for attaching a pid to a cgroup
To attach a new pid to the cgroups for an existing container, we can use
the same method that we did when we started the container: iterate over
all the mounted cgroup hierarchies; find the cgroup that pid 1 is in for
each hierarchy; add 'lxc/' to the end of it; then write the pid to
the 'tasks' file in that cgroup. (The only difference is that we do not
create the cgroup again.) Note that we follow exactly the same iteration
pattern to delete our cgroups when a container is shutdown.
There may be situations where additional cgroups hierarchies are mounted
after the container is started, or the cgroup for pid 1 gets reassigned.
But we currently don't handle any of these cases in the shutdown code or
anywhere else, so it doesn't make sense to try to handle these cases for
lxc-attach by itself. Aside from simplifying the code, this change makes
it easier to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 91 +++--
src/lxc/cgroup.h |2 +-
src/lxc/lxc_attach.c |4 +-
5 files changed, 56 insertions(+), 160 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 0ca8b39..a95b3d3 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -60,10 +60,9 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
FILE *proc_file;
char proc_fn[MAXPATHLEN];
- char *line = NULL, *ptr, *ptr2;
+ char *line = NULL;
size_t line_bufsz = 0;
- int ret, found, l;
- int i;
+ int ret, found;
if (!info) {
SYSERROR("Could not allocate memory.");
@@ -114,117 +113,14 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
goto out_error;
}
- /* read cgroups */
- snprintf(proc_fn, MAXPATHLEN, "/proc/%d/cgroup", pid);
-
- proc_file = fopen(proc_fn, "r");
- if (!proc_file) {
- SYSERROR("Could not open %s", proc_fn);
- goto out_error;
- }
-
- /* we don't really know how many cgroup subsystems there are
-* mounted, so we go through the whole file twice */
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1) {
- /* we assume that all lines containing at least two colons
-* are valid */
- ptr = strchr(line, ':');
- if (ptr && strchr(ptr + 1, ':'))
- i++;
- }
-
- rewind(proc_file);
-
- info->cgroups = calloc(i, sizeof(*(info->cgroups)));
- info->cgroups_count = i;
-
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1 && i <
info->cgroups_count) {
- /* format of the lines is:
-* id:subsystems:path, where subsystems are separated by
-* commas and each subsystem may also be of the form
-* name=xxx if it describes a private named hierarchy
-* we will ignore the id in the following */
- ptr = strchr(line, ':');
- ptr2 = ptr ? strchr(ptr + 1, ':') : NULL;
-
- /* ignore invalid lines */
- if (!ptr || !ptr2) continue;
-
- l = strlen(ptr2) - 1;
- if (ptr2[l] == '\n')
- ptr2[l] = '\0';
-
- info->cgroups[i].subsystems = strndup(ptr + 1, ptr2 - (ptr +
1));
- info->cgroups[i].cgroup = strdup(ptr2 + 1);
-
- i++;
- }
-
- free(line);
- fclose(proc_file);
-
return info;
out_error:
- lxc_proc_free_context_info(info);
+ free(info);
free(line);
return NULL;
}
-void lxc_proc_free_context_info(struct lxc_proc_context_info *info)
-{
- if (!info)
- return;
-
- if (info->cgroups) {
- int i;
- for (i = 0; i < info->cgroups_count; i++) {
- free(info->cgroups[i].subsystems);
- free(info->cgroups[i].cgroup);
- }
- }
- free(info->cgroups);
- free(info);
-}
-
-int lxc_attach_proc_to_cgroups(pid_t pid, struct lxc_proc_context_info *ctx)
-{
- int i, ret;
-
- if (!ctx) {
- ERROR("No valid context supplied when asked to attach "
- "process to cgroups.");
- return -1;
- }
-
- for (i = 0; i < ctx->cgroups_count; i++) {
- char *path;
-
-
[lxc-devel] [PATCHv2 02/12] lxc-attach: use execvp instead of execve
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 3571b09..4883327 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -89,7 +89,7 @@ Options :\n\
.checker = NULL,
};
-int main(int argc, char *argv[], char *envp[])
+int main(int argc, char *argv[])
{
int ret;
pid_t pid, init_pid;
@@ -212,7 +212,7 @@ int main(int argc, char *argv[], char *envp[])
lxc_sync_fini(handler);
if (my_args.argc) {
- execve(my_args.argv[0], my_args.argv, envp);
+ execvp(my_args.argv[0], my_args.argv);
SYSERROR("failed to exec '%s'", my_args.argv[0]);
return -1;
}
@@ -232,7 +232,7 @@ int main(int argc, char *argv[], char *envp[])
NULL,
};
- execve(args[0], args, envp);
+ execvp(args[0], args);
SYSERROR("failed to exec '%s'", args[0]);
return -1;
}
--
1.7.1
--
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 04/12] utmp: support non-rootfs configuration
Having a rootfs is not a necessary condition for monitoring utmp, since /var or /var/run can just be remounted inside the container instead. We should rely on the other two conditions already in place to decide whether to monitor the utmp file: - the container was started with 'lxc-start', which indicates that it has a real init process and is expected to write to a utmp file - support for CAP_SYS_BOOT was not found in the kernel, which would otherwise supersede utmp monitoring Signed-off-by: David Ward --- src/lxc/utmp.c |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c index b6469b0..a7b9b52 100644 --- a/src/lxc/utmp.c +++ b/src/lxc/utmp.c @@ -233,10 +233,6 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr, char path2[MAXPATHLEN]; int fd, wd; struct lxc_utmp *utmp_data; - struct lxc_conf *conf = handler->conf; - - if (!conf->rootfs.path) - return 0; /* We set up a watch for the /var/run directory. We're only interested * in utmp at the moment, but want to watch for delete and create -- 1.7.1 -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 01/12] use syscall numbers from Linux kernel headers
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc/Makefile.am | 11 ---
src/lxc/attach.c|3 +-
4 files changed, 4 insertions(+), 94 deletions(-)
delete mode 100644 config/linux.m4
diff --git a/config/linux.m4 b/config/linux.m4
deleted file mode 100644
index a4e9fa8..000
--- a/config/linux.m4
+++ /dev/null
@@ -1,76 +0,0 @@
-AC_DEFUN([AC_LINUX],
-[
- AC_LINUX_DIR()
- AC_LINUX_SRCARCH()
-])
-
-AC_DEFUN([AS_TRY_LINUX_DIR],
- [AC_MSG_CHECKING(for Linux in $1)
-
- if test -f "$1/Makefile" ; then
- result=yes
- $2
- else
- result="not found"
- $3
- fi
-
- AC_MSG_RESULT($result)
-])
-
-AC_DEFUN([AC_LINUX_DIR],
-[
- AC_ARG_WITH([linuxdir],
- [AC_HELP_STRING([--with-linuxdir=DIR],
- [specify path to Linux source directory])],
- [LINUX_DIR="${withval}"],
- [LINUX_DIR=default])
-
- dnl if specified, use the specified one
- if test "${LINUX_DIR}" != "default" ; then
- AS_TRY_LINUX_DIR([${LINUX_DIR}], , AC_MSG_ERROR([Linux dir not
found]) )
- fi
-
- dnl if not specified, first try with previously set LINUX_KERNEL_RELEASE
- if test "${LINUX_DIR}" = "default" ; then
- dir="/lib/modules/$LINUX_KERNEL_RELEASE/build";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl next try using the kernel source dir
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux-$LINUX_KERNEL_RELEASE";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl then try a common default of /usr/src/linux
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl if still nothing found, fail
- if test "${LINUX_DIR}" = "default" ; then
- AC_MSG_WARN([Linux source directory not found])
- fi
-
- AC_SUBST(LINUX_DIR)
-])
-
-AC_DEFUN([AC_LINUX_SRCARCH],[
- AC_MSG_CHECKING(for linux SRCARCH)
-
- case "${host}" in
- i[[3456]]86-*) LINUX_SRCARCH=x86;;
- x86_64-*) LINUX_SRCARCH=x86;;
- powerpc*-*) LINUX_SRCARCH=powerpc;;
- s390*-*) LINUX_SRCARCH=s390;;
- arm*-*) LINUX_SRCARCH=arm;;
- mips*-*) LINUX_SRCARCH=mips;;
- sparc*-*) LINUX_SRCARCH=sparc;;
- *) AC_MSG_ERROR([architecture ${host} not supported]);;
- esac
-
- AC_MSG_RESULT(${LINUX_SRCARCH})
- AC_SUBST(LINUX_SRCARCH)
-])
diff --git a/configure.ac b/configure.ac
index b103599..526d22d 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,13 +65,13 @@ AC_SUBST(LXCROOTFSMOUNT, "${with_rootfs_path}")
AC_SUBST(LXCINITDIR, ['${libexecdir}/lxc'])
AC_SUBST(LXCTEMPLATEDIR, ['${libdir}/lxc/templates'])
-AC_CHECK_HEADERS([linux/netlink.h linux/genetlink.h],
+AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h],
[],
- AC_MSG_ERROR([netlink headers not found.
Please install the linux kernel headers.]),
+ AC_MSG_ERROR([Please install the Linux kernel
headers.]),
[#include
])
-AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([please install
libcap-devel.]),
+AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([Please install the
libcap development files.]),
[#include
#include ])
AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
@@ -91,8 +91,6 @@ AC_CHECK_HEADERS([sys/signalfd.h])
AC_PROG_GCC_TRADITIONAL
-AC_LINUX
-
if test "x$GCC" = "xyes"; then
CFLAGS="$CFLAGS -Wall"
fi
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 3a3816e..1c26952 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -131,14 +131,3 @@ install-exec-local: install-soPROGRAMS
uninstall-local:
$(RM) $(DESTDIR)$(libdir)/liblxc.so*
-
-namespace.c: setns.h
-
-setns.h:
- -$(CC) $(CPPFLAGS) -M -MT$@
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h >setns.P
- -$(CPP) $(CPPFLAGS) -dM
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h |grep setns > $@
-
-clean-local:
- $(RM) setns.h setns.P
-
--include setns.P
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 33da411..0ca8b39 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -30,6 +30,7 @@
#include
#includ
[lxc-devel] [PATCHv2 05/12] cgroup: rearrange code blocks
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 66 -
1 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index cc3910a..c915b52 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -142,6 +142,7 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
struct mntent *mntent;
char initcgroup[MAXPATHLEN];
FILE *file = NULL;
+ int ret, err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -150,30 +151,27 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
}
while ((mntent = getmntent(file))) {
-
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (!subsystem || hasmntopt_multiple(mntent, subsystem)) {
- int ret;
- ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc",
- mntent->mnt_dir,
- get_init_cgroup(subsystem, NULL,
- initcgroup));
- if (ret < 0 || ret >= MAXPATHLEN)
- goto fail;
- fclose(file);
- DEBUG("using cgroup mounted at '%s'", mnt);
- return 0;
- }
+ if (subsystem && !hasmntopt_multiple(mntent, subsystem))
+ continue;
+
+ ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc", mntent->mnt_dir,
+ get_init_cgroup(subsystem, NULL, initcgroup));
+ if (ret < 0 || ret >= MAXPATHLEN)
+ goto fail;
+
+ DEBUG("using cgroup mounted at '%s'", mnt);
+ err = 0;
+ goto out;
};
fail:
DEBUG("Failed to find cgroup for %s\n",
subsystem ? subsystem : "(NULL)");
-
- fclose(file);
-
- return -1;
+out:
+ endmntent(file);
+ return err;
}
int lxc_ns_is_mounted(void)
@@ -398,18 +396,17 @@ int lxc_cgroup_create(const char *name, pid_t pid)
}
while ((mntent = getmntent(file))) {
-
DEBUG("checking '%s' (%s)", mntent->mnt_dir, mntent->mnt_type);
- if (!strcmp(mntent->mnt_type, "cgroup")) {
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- INFO("[%d] found cgroup mounted at '%s',opts='%s'",
-++found, mntent->mnt_dir, mntent->mnt_opts);
+ INFO("[%d] found cgroup mounted at '%s',opts='%s'",
+++found, mntent->mnt_dir, mntent->mnt_opts);
- err = lxc_one_cgroup_create(name, mntent, pid);
- if (err)
- goto out;
- }
+ err = lxc_one_cgroup_create(name, mntent, pid);
+ if (err)
+ goto out;
};
if (!found)
@@ -485,7 +482,7 @@ int lxc_cgroup_destroy(const char *name)
{
struct mntent *mntent;
FILE *file = NULL;
- int ret, err = -1;
+ int err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -494,18 +491,15 @@ int lxc_cgroup_destroy(const char *name)
}
while ((mntent = getmntent(file))) {
- if (!strcmp(mntent->mnt_type, "cgroup")) {
- ret = lxc_one_cgroup_destroy(mntent, name);
- if (ret) {
- fclose(file);
- return ret;
- }
- err = 0;
- }
- }
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- fclose(file);
+ err = lxc_one_cgroup_destroy(mntent, name);
+ if (err)
+ break;
+ }
+ endmntent(file);
return err;
}
/*
--
1.7.1
--
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 00/12] Assorted fixes against lxc 0.8.0-rc1
v2: Add changes to scripts (including new '--active' flag for lxc-ls) The following patches address a number of different issues I discovered while building or using lxc, including compatibility with systemd. They were tested on top of lxc 0.8.0-rc1 under Fedora 16. Please let me know if you have any questions or concerns. David Ward (12): use syscall numbers from Linux kernel headers lxc-attach: use execvp instead of execve utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found utmp: support non-rootfs configuration cgroup: rearrange code blocks lxc-attach: unify code for attaching a pid to a cgroup cgroup: only touch hierarchies that are bound to subsystems refresh lxc-ls refresh lxc-netstat rewrite lxc-ps make help consistent for other scripts lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir config/linux.m4| 76 --- configure.ac |9 +- doc/lxc-ls.sgml.in | 17 ++- src/lxc/Makefile.am| 11 -- src/lxc/attach.c | 113 +--- src/lxc/attach.h |9 -- src/lxc/cgroup.c | 183 -- src/lxc/cgroup.h |2 +- src/lxc/lxc-checkconfig.in | 15 +- src/lxc/lxc-clone.in | 70 +- src/lxc/lxc-create.in | 96 +++--- src/lxc/lxc-destroy.in | 40 -- src/lxc/lxc-ls.in | 112 src/lxc/lxc-netstat.in | 141 +--- src/lxc/lxc-ps.in | 311 +++ src/lxc/lxc-setcap.in | 37 -- src/lxc/lxc-setuid.in | 36 -- src/lxc/lxc_attach.c | 10 +- src/lxc/start.c|1 - src/lxc/utmp.c |4 - 20 files changed, 588 insertions(+), 705 deletions(-) delete mode 100644 config/linux.m4 mode change 100755 => 100644 src/lxc/lxc-checkconfig.in mode change 100755 => 100644 src/lxc/lxc-ps.in -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 08/12] refresh lxc-ls
Add an '--active' option that lists active containers by searching
cgroups. (Otherwise, the directories in /var/lib/lxc are listed.)
Modify the cgroup search to only use hierarchies that contain one
or more subsystems.
Add a '--help' option that prints the command syntax.
Print error messages and help information to stderr.
Update the documentation.
Signed-off-by: David Ward
---
doc/lxc-ls.sgml.in | 17 ++-
src/lxc/lxc-ls.in | 112 +++-
2 files changed, 98 insertions(+), 31 deletions(-)
diff --git a/doc/lxc-ls.sgml.in b/doc/lxc-ls.sgml.in
index 3ffd4f8..d33e9b3 100644
--- a/doc/lxc-ls.sgml.in
+++ b/doc/lxc-ls.sgml.in
@@ -48,7 +48,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- lxc-ls ls option
+ lxc-ls --active ls
option
@@ -67,6 +67,17 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
+ --active
+
+
+
+ List active containers.
+
+
+
+
+
+
ls options
@@ -94,10 +105,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- lxc-ls -1
+ lxc-ls --active -1
- list all the containers and display the list in one column.
+ list active containers and display the list in one column.
diff --git a/src/lxc/lxc-ls.in b/src/lxc/lxc-ls.in
index d200509..15d4653 100644
--- a/src/lxc/lxc-ls.in
+++ b/src/lxc/lxc-ls.in
@@ -1,39 +1,95 @@
#!/bin/bash
+#
+# lxc: linux Container library
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
localstatedir=@LOCALSTATEDIR@
-lxcpath=@LXCPATH@
+lxc_path=@LXCPATH@
-if [ ! -r $lxcpath ]; then
-exit 0
-fi
+usage()
+{
+ echo "usage: $(basename $0) [--active] [--] [LS_OPTIONS...]" >&2
+}
-function get_cgroup()
+help() {
+ usage
+ echo >&2
+ echo "List containers existing on the system." >&2
+ echo >&2
+ echo " --active list active containers" >&2
+ echo " LS_OPTIONS ls command options (see \`ls --help')" >&2
+}
+
+get_parent_cgroup()
{
- local mount_string
- mount_string=$(mount -t cgroup |grep -E -e '^lxc ')
- if test -n "$mount_string"; then
- mount_point=$(echo $mount_string |cut -d' ' -f3)
- return
- fi
- mount_string=`grep -m1 -E '^[^ \t]+[ \t]+[^ \t]+[ \t]+cgroup'
/proc/self/mounts`;
- if test -z "$mount_string"; then
- echo "failed to find mounted cgroup"
- exit 1
- fi
- mount_point=`echo "$mount_string" |cut -d' ' -f2`;
+ local hierarchies hierarchy fields subsystems init_cgroup mountpoint
+
+ parent_cgroup=""
+
+ # Obtain a list of hierarchies that contain one or more subsystems
+ hierarchies=$(tail -n +2 /proc/cgroups | cut -f 2)
+
+ # Iterate through the list until a suitable hierarchy is found
+ for hierarchy in $hierarchies; do
+ # Obtain information about the init process in the hierarchy
+ fields=$(grep -E "^$hierarchy:" /proc/1/cgroup | head -n 1)
+ if [ -z "$fields" ]; then continue; fi
+ fields=${fields#*:}
+
+ # Get a comma-separated list of the hierarchy's subsystems
+ subsystems=${fields%:*}
+
+ # Get the cgroup of the init process in the hierarchy
+ init_cgroup=${fields#*:}
+
+ # Get the filesystem mountpoint of the hierarchy
+ mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^
]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2)
+ if [ -z "$mountpoint" ]; then continue; fi
+
+ # Return the absolute path to the containers' parent cgroup
+ parent_cgroup="${mountpoint}${init_cgroup%/}/lxc"
+ break
+ done
}
-ls "$@" $lxcpath
+di
[lxc-devel] [PATCHv2 06/12] lxc-attach: unify code for attaching a pid to a cgroup
To attach a new pid to the cgroups for an existing container, we can use
the same method that we did when we started the container: iterate over
all the mounted cgroup hierarchies; find the cgroup that pid 1 is in for
each hierarchy; add 'lxc/' to the end of it; then write the pid to
the 'tasks' file in that cgroup. (The only difference is that we do not
create the cgroup again.) Note that we follow exactly the same iteration
pattern to delete our cgroups when a container is shutdown.
There may be situations where additional cgroups hierarchies are mounted
after the container is started, or the cgroup for pid 1 gets reassigned.
But we currently don't handle any of these cases in the shutdown code or
anywhere else, so it doesn't make sense to try to handle these cases for
lxc-attach by itself. Aside from simplifying the code, this change makes
it easier to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 91 +++--
src/lxc/cgroup.h |2 +-
src/lxc/lxc_attach.c |4 +-
5 files changed, 56 insertions(+), 160 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 0ca8b39..a95b3d3 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -60,10 +60,9 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
FILE *proc_file;
char proc_fn[MAXPATHLEN];
- char *line = NULL, *ptr, *ptr2;
+ char *line = NULL;
size_t line_bufsz = 0;
- int ret, found, l;
- int i;
+ int ret, found;
if (!info) {
SYSERROR("Could not allocate memory.");
@@ -114,117 +113,14 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
goto out_error;
}
- /* read cgroups */
- snprintf(proc_fn, MAXPATHLEN, "/proc/%d/cgroup", pid);
-
- proc_file = fopen(proc_fn, "r");
- if (!proc_file) {
- SYSERROR("Could not open %s", proc_fn);
- goto out_error;
- }
-
- /* we don't really know how many cgroup subsystems there are
-* mounted, so we go through the whole file twice */
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1) {
- /* we assume that all lines containing at least two colons
-* are valid */
- ptr = strchr(line, ':');
- if (ptr && strchr(ptr + 1, ':'))
- i++;
- }
-
- rewind(proc_file);
-
- info->cgroups = calloc(i, sizeof(*(info->cgroups)));
- info->cgroups_count = i;
-
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1 && i <
info->cgroups_count) {
- /* format of the lines is:
-* id:subsystems:path, where subsystems are separated by
-* commas and each subsystem may also be of the form
-* name=xxx if it describes a private named hierarchy
-* we will ignore the id in the following */
- ptr = strchr(line, ':');
- ptr2 = ptr ? strchr(ptr + 1, ':') : NULL;
-
- /* ignore invalid lines */
- if (!ptr || !ptr2) continue;
-
- l = strlen(ptr2) - 1;
- if (ptr2[l] == '\n')
- ptr2[l] = '\0';
-
- info->cgroups[i].subsystems = strndup(ptr + 1, ptr2 - (ptr +
1));
- info->cgroups[i].cgroup = strdup(ptr2 + 1);
-
- i++;
- }
-
- free(line);
- fclose(proc_file);
-
return info;
out_error:
- lxc_proc_free_context_info(info);
+ free(info);
free(line);
return NULL;
}
-void lxc_proc_free_context_info(struct lxc_proc_context_info *info)
-{
- if (!info)
- return;
-
- if (info->cgroups) {
- int i;
- for (i = 0; i < info->cgroups_count; i++) {
- free(info->cgroups[i].subsystems);
- free(info->cgroups[i].cgroup);
- }
- }
- free(info->cgroups);
- free(info);
-}
-
-int lxc_attach_proc_to_cgroups(pid_t pid, struct lxc_proc_context_info *ctx)
-{
- int i, ret;
-
- if (!ctx) {
- ERROR("No valid context supplied when asked to attach "
- "process to cgroups.");
- return -1;
- }
-
- for (i = 0; i < ctx->cgroups_count; i++) {
- char *path;
-
-
[lxc-devel] [PATCHv2 07/12] cgroup: only touch hierarchies that are bound to subsystems
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 50 --
1 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 06aa1a0..8ccbc50 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -53,6 +53,39 @@ enum {
CGROUP_CLONE_CHILDREN,
};
+/* Check if a mount is a cgroup hierarchy for any subsystem.
+ * Return the first subsystem found (or NULL if none).
+ */
+static char *mount_has_subsystem(const struct mntent *mntent)
+{
+ FILE *f;
+ char *c, *ret;
+ char line[MAXPATHLEN];
+
+ /* read the list of subsystems from the kernel */
+ f = fopen("/proc/cgroups", "r");
+ if (!f)
+ return 0;
+
+ /* skip the first line, which contains column headings */
+ if (!fgets(line, MAXPATHLEN, f))
+ return 0;
+
+ while (fgets(line, MAXPATHLEN, f)) {
+ c = strchr(line, '\t');
+ if (!c)
+ continue;
+ *c = '\0';
+
+ ret = hasmntopt(mntent, line);
+ if (ret)
+ break;
+ }
+
+ fclose(f);
+ return ret;
+}
+
/*
* get_init_cgroup: get the cgroup init is in.
* dsg: preallocated buffer to put the output in
@@ -124,8 +157,15 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (subsystem && !hasmntopt(mntent, subsystem))
- continue;
+
+ if (subsystem) {
+ if (!hasmntopt(mntent, subsystem))
+ continue;
+ }
+ else {
+ if (!mount_has_subsystem(mntent))
+ continue;
+ }
ret = snprintf(mnt, MAXPATHLEN, "%s%s/lxc", mntent->mnt_dir,
get_init_cgroup(subsystem, NULL, initcgroup));
@@ -252,6 +292,8 @@ int lxc_cgroup_attach(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -405,6 +447,8 @@ int lxc_cgroup_create(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -502,6 +546,8 @@ int lxc_cgroup_destroy(const char *name)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
err = lxc_one_cgroup_destroy(mntent, name);
if (err)
--
1.7.1
--
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 03/12] utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
src/lxc/start.c |1 -
1 files changed, 0 insertions(+), 1 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index fc2a1b1..1ee7bdf 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -508,7 +508,6 @@ static int do_start(void *data)
SYSERROR("failed to remove CAP_SYS_BOOT capability");
return -1;
}
- handler->conf->need_utmp_watch = 1;
DEBUG("Dropped cap_sys_boot\n");
} else {
DEBUG("Not dropping cap_sys_boot or watching utmp\n");
--
1.7.1
--
Virtualization & Cloud Management Using Capacity Planning
Cloud computing makes use of virtualization - but cloud computing
also focuses on allowing computing to be delivered as a service.
http://www.accelacomm.com/jaw/sfnl/114/51521223/
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 09/12] refresh lxc-netstat
Modify the cgroup search to only use hierarchies that contain one
or more subsystems.
Change method of bind mounting /proc//net onto /proc/net, to
avoid error "cannot mount block device /proc//net read-only".
Check that user is root. Check that container name is specified
before calling 'exec'.
Update the help information.
Print error messages and help information to stderr.
Make indentation consistent.
Signed-off-by: David Ward
---
src/lxc/lxc-netstat.in | 141 +++-
1 files changed, 91 insertions(+), 50 deletions(-)
diff --git a/src/lxc/lxc-netstat.in b/src/lxc/lxc-netstat.in
index 9e7eec3..cfbca9b 100644
--- a/src/lxc/lxc-netstat.in
+++ b/src/lxc/lxc-netstat.in
@@ -1,21 +1,65 @@
#!/bin/bash
-# set -ex
+
+#
+# lxc: linux Container library
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
usage() {
- echo "usage: $(basename $0) --name [netstat options]"
+ echo "usage: $(basename $0) --name NAME [--] [NETSTAT_OPTIONS...]" >&2
}
help() {
usage
- echo
- echo "execute netstat for the specified container"
- echo "with the added netstat options"
- echo
- echo "Options:"
- echo "name : name of the container"
- echo "help : this current help."
- echo
- echo "to be executed as root."
+ echo >&2
+ echo "Execute 'netstat' for the specified container." >&2
+ echo >&2
+ echo " --name NAME specify the container name" >&2
+ echo " NETSTAT_OPTIONS netstat command options (see \`netstat
--help')" >&2
+}
+
+get_parent_cgroup()
+{
+ local hierarchies hierarchy fields subsystems init_cgroup mountpoint
+
+ parent_cgroup=""
+
+ # Obtain a list of hierarchies that contain one or more subsystems
+ hierarchies=$(tail -n +2 /proc/cgroups | cut -f 2)
+
+ # Iterate through the list until a suitable hierarchy is found
+ for hierarchy in $hierarchies; do
+ # Obtain information about the init process in the hierarchy
+ fields=$(grep -E "^$hierarchy:" /proc/1/cgroup | head -n 1)
+ if [ -z "$fields" ]; then continue; fi
+ fields=${fields#*:}
+
+ # Get a comma-separated list of the hierarchy's subsystems
+ subsystems=${fields%:*}
+
+ # Get the cgroup of the init process in the hierarchy
+ init_cgroup=${fields#*:}
+
+ # Get the filesystem mountpoint of the hierarchy
+ mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^
]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2)
+ if [ -z "$mountpoint" ]; then continue; fi
+
+ # Return the absolute path to the containers' parent cgroup
+ parent_cgroup="${mountpoint}${init_cgroup%/}/lxc"
+ break
+ done
}
exec=""
@@ -25,19 +69,24 @@ if [ $# -eq 0 ]; then
exit 1
fi
-for i in "$@"; do
- case $i in
+while true; do
+ case $1 in
-h|--help)
help; exit 1;;
-n|--name)
name=$2; shift 2;;
--exec)
exec="exec"; shift;;
+ --)
+ shift; break;;
+ *)
+ break;
esac
done
-if [ -z "$exec" ]; then
-exec @BINDIR@/lxc-unshare -s MOUNT -- $0 -n $name --exec "$@"
+if [ "$(id -u)" != "0" ]; then
+ echo "$(basename $0): must be run as root" >&2
+ exit 1
fi
if [ -z "$name" ]; then
@@ -45,51 +94,43 @@ if [ -z "$name" ]; then
exit 1
fi
+if [ -z "$exec" ]; then
+ exec @BINDIR@/lxc-unshare -s MOUNT -- $0 -n $name --exec "$@"
+fi
+
lxc-info -n $name 2>&1 | grep -q 'STOPPED'
if [ $? -eq 0 ]; then
- echo "Container $name is not running"
+ echo "
[lxc-devel] [PATCHv2 10/12] rewrite lxc-ps
Use bash instead of perl; eliminates final lxc dependency on perl
(beneficial for minimal operating system environments).
Modify the cgroup search to only use hierarchies that contain one
or more subsystems.
Maintain column spacing. Expand container name column as necessary.
Properly handle spaces in 'ps' output that are not field separators
(for example, try 'lxc-ps -o pid,args').
Fix file mode in repository.
Signed-off-by: David Ward
---
src/lxc/lxc-ps.in | 311 +++--
1 files changed, 109 insertions(+), 202 deletions(-)
mode change 100755 => 100644 src/lxc/lxc-ps.in
diff --git a/src/lxc/lxc-ps.in b/src/lxc/lxc-ps.in
old mode 100755
new mode 100644
index 2fa7b8b..4ea68e6
--- a/src/lxc/lxc-ps.in
+++ b/src/lxc/lxc-ps.in
@@ -1,9 +1,7 @@
-#!/usr/bin/perl
-#
-# lxc-ps
+#!/bin/bash
+
#
-# Authors:
-# Daniel Lezcano
+# lxc: linux Container library
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -19,214 +17,123 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# This script allows to
-# display processes information with related container name if available.
-#
-use strict;
-
-
-# Some globals
-
-our $PS_HEADERS; # String containing headers of the ps output
-our $PS_PID_INDEX;# Index of the PID column in the ps headers
-our @PS_LINES;# Output lines of the ps command
-
-our $LXC_DISPLAY = 0; # By default do not display container information
-our %LXC_NAMES; # Specified container names (if any)
-
-sub get_container_names {
- my $ref_names = shift;
- my $lxcpath = '@LXCPATH@';
-
- open(active, "netstat -xa | grep $lxcpath |") or return;
- while() {
- chomp;
- s#.*$lxcpath/(.*)/command.*#$1#;
- push @$ref_names, $_;
- }
- close active;
-}
-
-sub get_cgroup {
- my $ref_cgroup = shift;
- my $mount_string;
-
- $mount_string=`mount -t cgroup |grep -E -e '^lxc '`;
- if ($mount_string) {
-# use the one 'lxc' cgroup mount if it exists
- chomp($mount_string);
- $$ref_cgroup=`echo "$mount_string" |cut -d' ' -f3`;
- chomp($$ref_cgroup);
- }
- # Otherwise (i.e. cgroup-bin) use the first cgroup mount
- $mount_string=`grep -m1 -E '^[^ \t]+[ \t]+[^ \t]+[ \t]+cgroup'
/proc/self/mounts`;
- unless ($mount_string) {
- die "unable to find mounted cgroup" unless $$ref_cgroup;
- }
- chomp($mount_string);
- $$ref_cgroup=`echo "$mount_string" |cut -d' ' -f2`;
- chomp($$ref_cgroup);
- return;
-}
-
-sub get_pids_in_containers {
- my $ref_names = shift;
- my $ref_cgroup = shift;
- my $ref_pids = shift;
- my $init_cgroup = shift;
- my @pidlist;
-
- for (@{$ref_names}) {
- my $task_file = "$$ref_cgroup/$init_cgroup/lxc/$_/tasks";
-
- $LXC_NAMES{$_} = 1;
- open(tasks, "cat $task_file 2>/dev/null |") or next;
- while () {
- chomp $_;
- push @pidlist, $_;
- }
- close tasks;
- }
- $$ref_pids = join(',', @pidlist);
-}
-
-sub reclaim_pid_index {
-my @headers = split " ", $PS_HEADERS;
-for my $i (0 .. $#headers) {
- if ($headers[$i] eq "PID") {
- $PS_PID_INDEX = $i;
- return;
- }
-}
-print "Cannot find ps PID column !\n";
-exit 1;
-}
-
-sub execute_ps {
-open(ps, "ps @_ |") or die "Cannot execute ps command: $!\n";
-
-$PS_HEADERS = ;
-reclaim_pid_index;
-
-while () {
- push @PS_LINES, $_;
-}
-close ps;
+usage()
+{
+ echo "usage: $(basename $0) [--lxc | --name NAME] [--] [PS_OPTIONS...]"
>&2
}
-sub get_init_cgroup {
-my $filename = "/proc/1/cgroup";
-open(LXC, "$filename");
-my @cgroup = ;
-close LXC;
-my $container = '';
-foreach ( @cgroup ) {
-chomp;
-# find the container name after :/
-s/.*:\///o;
-}
-return $container;
+help() {
+ usage
+ echo >&2
+ echo "List current processes with container names." >&2
+ echo >&2
+ echo " --lxc show processes in all containers" >&2
+ echo " --name NAME show processes in the specified container" >&2
+ echo " (multiple containers can be separated by
commas)" >&2
+ echo " PS_OPTIONSps comman
[lxc-devel] [PATCHv2 11/12] make help consistent for other scripts
Display help information in a consistent format.
Print error messages and help information to stderr. Prefix error
messages with the name of the script (for easier debugging as part
of larger scripts).
Allow help information to be printed as a non-root user.
Fix file mode for lxc-checkconfig.in.
Signed-off-by: David Ward
---
src/lxc/lxc-checkconfig.in | 15 +++
src/lxc/lxc-clone.in | 70 +++-
src/lxc/lxc-create.in | 96 ---
src/lxc/lxc-destroy.in | 40 --
src/lxc/lxc-setcap.in | 36 +++-
src/lxc/lxc-setuid.in | 35 ++-
6 files changed, 158 insertions(+), 134 deletions(-)
mode change 100755 => 100644 src/lxc/lxc-checkconfig.in
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
old mode 100755
new mode 100644
index 39da910..8c2b5e5
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -32,7 +32,7 @@ is_enabled() {
}
if [ ! -f $CONFIG ]; then
-echo "Kernel config $CONFIG not found, looking in other places..."
+echo "Kernel configuration not found at $CONFIG; searching..."
KVER="`uname -r`"
HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
BOOT_CONFIG="/boot/config-$KVER"
@@ -40,15 +40,14 @@ if [ ! -f $CONFIG ]; then
[ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
GREP=grep
if [ ! -f $CONFIG ]; then
-echo
-echo "The kernel configuration can not be retrieved."
-echo "Please recompile with IKCONFIG_PROC, or"
- echo "install the kernel headers, or specify"
- echo "the path to the config file with: CONFIG= lxc-checkconfig"
-echo
+echo "$(basename $0): unable to retrieve kernel configuration" >&2
+echo >&2
+echo "Try recompiling with IKCONFIG_PROC, installing the kernel
headers," >&2
+echo "or specifying the kernel configuration path with:" >&2
+echo " CONFIG= $(basename $0)" >&2
exit 1
else
-echo "Found kernel config file $CONFIG"
+echo "Kernel configuration found at $CONFIG"
fi
fi
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
index 386be30..c7413f2 100644
--- a/src/lxc/lxc-clone.in
+++ b/src/lxc/lxc-clone.in
@@ -24,22 +24,24 @@
set -e
usage() {
-echo "usage: lxc-clone -o -n [-s] [-h] [-L fssize] [-v
vgname] [-p lxc_lv_prefix] [-t fstype]"
+echo "usage: $(basename $0) -o ORIG_NAME -n NEW_NAME [-s] [-h] [-L
FS_SIZE]" >&2
+echo "[-v VG_NAME] [-p LV_PREFIX] [-t FS_TYPE]" >&2
}
help() {
usage
-echo
-echo "creates a lxc system object."
-echo
-echo "Options:"
-echo "orig: name of the original container"
-echo "new : name of the new container"
-echo "-s : make the new rootfs a snapshot of the original"
-echo "fssize : size if creating a new fs. By default, 2G"
-echo "vgname : lvm volume group name, lxc by default"
-echo "lvprefix: lvm volume name prefix, none by default, e.g.
--lvprefix=lxc_ then new lxc lv name will be lxc_newname"
-echo "fstype : new container file system type, ext3 by default (only
works for non-snapshot lvm)"
+echo >&2
+echo "Clone an existing container on the system." >&2
+echo >&2
+echo "Options:" >&2
+echo " -o ORIG_NAME specify the name of the original container" >&2
+echo " -n NEW_NAMEspecify the name of the new container" >&2
+echo " -s make the new rootfs a snapshot of the original" >&2
+echo " -L FS_SIZE specify the new filesystem size (default: 2G)" >&2
+echo " -v VG_NAME specify the new LVM volume group name (default:
lxc)" >&2
+echo " -p LV_PREFIX add a prefix to new LVM logical volume names" >&2
+echo " -t FS_TYPE specify the new filesystem type (default: ext3;" >&2
+echo " only works for non-snapshot LVM)" >&2
}
shortoptions='ho:n:sL:v:p:t:'
@@ -62,8 +64,8 @@ fi
eval set -- "$getopt"
while true; do
-case "$1" in
--h|--help)
+case "$1" in
+-h|--help)
help
exit 1
;;
@@ -102,52 +104,46 @@ while true; do
break
;;
*)
-echo $1
usage
exit 1
;;
-esac
+esac
done
if [ -z
[lxc-devel] [PATCHv2 12/12] lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir
Support new default location for LXCINITDIR. --- configure.ac |1 + src/lxc/lxc-setcap.in |1 + src/lxc/lxc-setuid.in |1 + 3 files changed, 3 insertions(+), 0 deletions(-) diff --git a/configure.ac b/configure.ac index 526d22d..5c47dfc 100644 --- a/configure.ac +++ b/configure.ac @@ -40,6 +40,7 @@ AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) AS_AC_EXPAND(PREFIX, $prefix) AS_AC_EXPAND(LIBDIR, $libdir) AS_AC_EXPAND(BINDIR, $bindir) +AS_AC_EXPAND(LIBEXECDIR, $libexecdir) AS_AC_EXPAND(INCLUDEDIR, $includedir) AS_AC_EXPAND(SYSCONFDIR, $sysconfdir) AS_AC_EXPAND(DATADIR, $datadir) diff --git a/src/lxc/lxc-setcap.in b/src/lxc/lxc-setcap.in index 52d4b48..71e3710 100644 --- a/src/lxc/lxc-setcap.in +++ b/src/lxc/lxc-setcap.in @@ -84,6 +84,7 @@ lxc_dropcaps() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") diff --git a/src/lxc/lxc-setuid.in b/src/lxc/lxc-setuid.in index 0919eac..020dfae 100644 --- a/src/lxc/lxc-setuid.in +++ b/src/lxc/lxc-setuid.in @@ -81,6 +81,7 @@ lxc_dropuid() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") -- 1.7.1 -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv2 w/SignOff 12/12] lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir
Support new default location for LXCINITDIR. Signed-off-by: David Ward --- configure.ac |1 + src/lxc/lxc-setcap.in |1 + src/lxc/lxc-setuid.in |1 + 3 files changed, 3 insertions(+), 0 deletions(-) diff --git a/configure.ac b/configure.ac index 526d22d..5c47dfc 100644 --- a/configure.ac +++ b/configure.ac @@ -40,6 +40,7 @@ AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) AS_AC_EXPAND(PREFIX, $prefix) AS_AC_EXPAND(LIBDIR, $libdir) AS_AC_EXPAND(BINDIR, $bindir) +AS_AC_EXPAND(LIBEXECDIR, $libexecdir) AS_AC_EXPAND(INCLUDEDIR, $includedir) AS_AC_EXPAND(SYSCONFDIR, $sysconfdir) AS_AC_EXPAND(DATADIR, $datadir) diff --git a/src/lxc/lxc-setcap.in b/src/lxc/lxc-setcap.in index 52d4b48..71e3710 100644 --- a/src/lxc/lxc-setcap.in +++ b/src/lxc/lxc-setcap.in @@ -84,6 +84,7 @@ lxc_dropcaps() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") diff --git a/src/lxc/lxc-setuid.in b/src/lxc/lxc-setuid.in index 0919eac..020dfae 100644 --- a/src/lxc/lxc-setuid.in +++ b/src/lxc/lxc-setuid.in @@ -81,6 +81,7 @@ lxc_dropuid() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") -- 1.7.1 -- Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 05/14] cgroup: additional fix for deprecated ns subsystem
When a hierarchy contains the 'ns' subsystem, do not append '/lxc'
to the parent cgroup. Update surrounding comments for consistency.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 13 +++--
1 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 9af199d..e5145f9 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -305,9 +305,9 @@ static int lxc_one_cgroup_create(const char *name,
char initcgroup[MAXPATHLEN];
int flags, ret;
- /* cgparent is the parent dir,
/sys/fs/cgroup///lxc */
+ /* cgparent is the parent dir, e.g.,
/sys/fs/cgroup///lxc */
/* (remember get_init_cgroup() returns a path starting with '/') */
- /* cgname is the full name,
/sys/fs/cgroup///lxc/name */
+ /* cgname is the full name, e.g.,
/sys/fs/cgroup///lxc/name */
ret = snprintf(cginit, MAXPATHLEN, "%s%s", mntent->mnt_dir,
get_init_cgroup(NULL, mntent, initcgroup));
if (ret < 0 || ret >= MAXPATHLEN) {
@@ -315,7 +315,10 @@ static int lxc_one_cgroup_create(const char *name,
return -1;
}
- ret = snprintf(cgparent, MAXPATHLEN, "%s/lxc", cginit);
+ flags = get_cgroup_flags(mntent);
+
+ ret = snprintf(cgparent, MAXPATHLEN, "%s%s", cginit,
+ (flags & CGROUP_NS_CGROUP) ? "" : "/lxc");
if (ret < 0 || ret >= MAXPATHLEN) {
SYSERROR("Failed creating pathname for cgroup parent (%d)\n",
ret);
return -1;
@@ -326,8 +329,6 @@ static int lxc_one_cgroup_create(const char *name,
return -1;
}
- flags = get_cgroup_flags(mntent);
-
/* Do we have the deprecated ns_cgroup subsystem? */
if (flags & CGROUP_NS_CGROUP) {
WARN("using deprecated ns_cgroup");
@@ -356,7 +357,7 @@ static int lxc_one_cgroup_create(const char *name,
return -1;
}
- /* if /sys/fs/cgroup///lxc does not exist, create
it */
+ /* if cgparent does not exist, create it */
if (access(cgparent, F_OK) && mkdir(cgparent, 0755)) {
SYSERROR("failed to create '%s' directory", cgparent);
return -1;
--
1.7.4.1
--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 12/14] rewrite lxc-ps
Use bash instead of perl; eliminates final lxc dependency on perl
(beneficial for minimal operating system environments).
Modify the cgroup search to only use hierarchies that contain one
or more subsystems. When searching, if a hierarchy contains the
'ns' subsystem, do not append '/lxc' to the parent cgroup.
Maintain column spacing. Expand container name column as necessary.
Properly handle spaces in 'ps' output that are not field separators
(for example, try 'lxc-ps -o pid,args').
Fix file mode in repository.
Signed-off-by: David Ward
---
src/lxc/lxc-ps.in | 329 +++-
1 files changed, 120 insertions(+), 209 deletions(-)
mode change 100755 => 100644 src/lxc/lxc-ps.in
diff --git a/src/lxc/lxc-ps.in b/src/lxc/lxc-ps.in
old mode 100755
new mode 100644
index 2fa7b8b..a9923f0
--- a/src/lxc/lxc-ps.in
+++ b/src/lxc/lxc-ps.in
@@ -1,9 +1,7 @@
-#!/usr/bin/perl
-#
-# lxc-ps
+#!/bin/bash
+
#
-# Authors:
-# Daniel Lezcano
+# lxc: linux Container library
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
@@ -19,214 +17,127 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-#
-# This script allows to
-# display processes information with related container name if available.
-#
-use strict;
-
-
-# Some globals
-
-our $PS_HEADERS; # String containing headers of the ps output
-our $PS_PID_INDEX;# Index of the PID column in the ps headers
-our @PS_LINES;# Output lines of the ps command
-
-our $LXC_DISPLAY = 0; # By default do not display container information
-our %LXC_NAMES; # Specified container names (if any)
-
-sub get_container_names {
- my $ref_names = shift;
- my $lxcpath = '@LXCPATH@';
-
- open(active, "netstat -xa | grep $lxcpath |") or return;
- while() {
- chomp;
- s#.*$lxcpath/(.*)/command.*#$1#;
- push @$ref_names, $_;
- }
- close active;
+usage()
+{
+ echo "usage: $(basename $0) [--lxc | --name NAME] [--] [PS_OPTIONS...]"
>&2
}
-sub get_cgroup {
- my $ref_cgroup = shift;
- my $mount_string;
-
- $mount_string=`mount -t cgroup |grep -E -e '^lxc '`;
- if ($mount_string) {
-# use the one 'lxc' cgroup mount if it exists
- chomp($mount_string);
- $$ref_cgroup=`echo "$mount_string" |cut -d' ' -f3`;
- chomp($$ref_cgroup);
- }
- # Otherwise (i.e. cgroup-bin) use the first cgroup mount
- $mount_string=`grep -m1 -E '^[^ \t]+[ \t]+[^ \t]+[ \t]+cgroup'
/proc/self/mounts`;
- unless ($mount_string) {
- die "unable to find mounted cgroup" unless $$ref_cgroup;
- }
- chomp($mount_string);
- $$ref_cgroup=`echo "$mount_string" |cut -d' ' -f2`;
- chomp($$ref_cgroup);
- return;
+help() {
+ usage
+ echo >&2
+ echo "List current processes with container names." >&2
+ echo >&2
+ echo " --lxc show processes in all containers" >&2
+ echo " --name NAME show processes in the specified container" >&2
+ echo " (multiple containers can be separated by
commas)" >&2
+ echo " PS_OPTIONSps command options (see \`ps --help')" >&2
}
-sub get_pids_in_containers {
- my $ref_names = shift;
- my $ref_cgroup = shift;
- my $ref_pids = shift;
- my $init_cgroup = shift;
- my @pidlist;
-
- for (@{$ref_names}) {
- my $task_file = "$$ref_cgroup/$init_cgroup/lxc/$_/tasks";
-
- $LXC_NAMES{$_} = 1;
- open(tasks, "cat $task_file 2>/dev/null |") or next;
- while () {
- chomp $_;
- push @pidlist, $_;
- }
- close tasks;
- }
- $$ref_pids = join(',', @pidlist);
+get_parent_cgroup()
+{
+ local hierarchies hierarchy fields subsystems init_cgroup mountpoint
+
+ parent_cgroup=""
+
+ # Obtain a list of hierarchies that contain one or more subsystems
+ hierarchies=$(tail -n +2 /proc/cgroups | cut -f 2)
+
+ # Iterate through the list until a suitable hierarchy is found
+ for hierarchy in $hierarchies; do
+ # Obtain information about the init process in the hierarchy
+ fields=$(grep -E "^$hierarchy:" /proc/1/cgroup | head -n 1)
+ if [ -z "$fields" ]; then continue; fi
+ fields=${fields#*:}
+
+
[lxc-devel] [PATCHv3 03/14] utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
src/lxc/start.c |3 +--
1 files changed, 1 insertions(+), 2 deletions(-)
diff --git a/src/lxc/start.c b/src/lxc/start.c
index 7af1e37..920ff77 100644
--- a/src/lxc/start.c
+++ b/src/lxc/start.c
@@ -632,8 +632,7 @@ int __lxc_start(const char *name, struct lxc_conf *conf,
handler->data = data;
if (must_drop_cap_sys_boot()) {
- handler->conf->need_utmp_watch = 1;
- DEBUG("Dropping cap_sys_boot and watching utmp\n");
+ DEBUG("Dropping cap_sys_boot\n");
} else {
DEBUG("Not dropping cap_sys_boot or watching utmp\n");
handler->conf->need_utmp_watch = 0;
--
1.7.4.1
--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 06/14] lxc-cgroup: use correct terminology
lxc-cgroup gets or sets the value of a state object (such as
'cpuset.cpus'), not the value of a subsystem (which would be
just 'cpuset').
Signed-off-by: David Ward
---
doc/lxc-cgroup.sgml.in | 31 +--
src/lxc/cgroup.c |4 ++--
src/lxc/lxc_cgroup.c | 22 +++---
3 files changed, 30 insertions(+), 27 deletions(-)
diff --git a/doc/lxc-cgroup.sgml.in b/doc/lxc-cgroup.sgml.in
index 5acd313..8062148 100644
--- a/doc/lxc-cgroup.sgml.in
+++ b/doc/lxc-cgroup.sgml.in
@@ -48,8 +48,8 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- lxc-start -n name
- subsystem value
+ lxc-cgroup -n name
+ state-object value
@@ -58,17 +58,20 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
Description
- lxc-cgroup get or set value from the control
- group associated with the
- container name. If
- no value is specified, the value of
- the subsystem is displayed, otherwise
- it is set. The lxc-cgroup does not assume the
- correctness of the subsystem name, it
- is up to the user to specify the
- right subsystem name.
+ lxc-cgroup gets or sets the value of a
+ state-object (e.g., 'cpuset.cpus')
+ in the container's cgroup for the corresponding subsystem (e.g.,
+ 'cpuset'). If no value is specified, the
+ current value of the state-object is
+ displayed; otherwise it is set.
+
+ Note that lxc-cgroup does not check that the
+ state-object is valid for the running
+ kernel, or that the corresponding subsystem is contained in any
+ mounted cgroup hierarchy.
+
@@ -77,11 +80,11 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- subsystem
+ state-object
- Specify the subsystem control group name.
+ Specify the state object name.
@@ -92,7 +95,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- Specify the subsystem control group value to be set.
+ Specify the value to assign to the state object.
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index e5145f9..f50c74a 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -531,8 +531,8 @@ int lxc_cgroup_path_get(char **path, const char *subsystem,
const char *name)
static charbuf[MAXPATHLEN];
static charretbuf[MAXPATHLEN];
- /* what lxc_cgroup_set calls subsystem is actually the filename, i.e.
- 'devices.allow'. So for our purposee we trim it */
+ /* lxc_cgroup_set passes a state object for the subsystem,
+* so trim it to just the subsystem part */
if (subsystem) {
snprintf(retbuf, MAXPATHLEN, "%s", subsystem);
char *s = index(retbuf, '.');
diff --git a/src/lxc/lxc_cgroup.c b/src/lxc/lxc_cgroup.c
index d5aa5aa..97769a5 100644
--- a/src/lxc/lxc_cgroup.c
+++ b/src/lxc/lxc_cgroup.c
@@ -36,7 +36,7 @@ lxc_log_define(lxc_cgroup_ui, lxc_cgroup);
static int my_checker(const struct lxc_arguments* args)
{
if (!args->argc) {
- lxc_error(args, "missing cgroup subsystem");
+ lxc_error(args, "missing state object");
return -1;
}
return 0;
@@ -49,13 +49,13 @@ static const struct option my_longopts[] = {
static struct lxc_arguments my_args = {
.progname = "lxc-cgroup",
.help = "\
---name=NAME subsystem [value]\n\
+--name=NAME state-object [value]\n\
\n\
-lxc-cgroup get or set subsystem value of cgroup\n\
-associated with the NAME container\n\
+Get or set the value of a state object (for example, 'cpuset.cpus')\n\
+in the container's cgroup for the corresponding subsystem.\n\
\n\
Options :\n\
- -n, --name=NAME NAME for name of the container",
+ -n, --name=NAME container name",
.options = my_longopts,
.parser = NULL,
.checker = my_checker,
@@ -63,7 +63,7 @@ Options :\n\
int main(int argc, char *argv[])
{
- char *subsystem = NULL, *value = NULL;
+ char *state_object = NULL, *value = NULL;
if (lxc_arguments_parse(&my_args, argc, argv))
return -1;
@@ -72,15 +72,15 @@ int main(int argc, char *argv[])
my_args.progname, my_args.quiet))
return -1;
- subsystem = my_args.argv[0];
+ state_object = my_args.argv[0];
if ((argc) > 1)
value = my_args.argv[1];
if (value) {
- if (lxc_cgroup_set(my_args.name, subsystem, value)) {
+
[lxc-devel] [PATCHv3 09/14] cgroup: only touch hierarchies that are bound to subsystems
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 50 --
1 files changed, 48 insertions(+), 2 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index 7d91bbc..e124499 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -53,6 +53,39 @@ enum {
CGROUP_CLONE_CHILDREN,
};
+/* Check if a mount is a cgroup hierarchy for any subsystem.
+ * Return the first subsystem found (or NULL if none).
+ */
+static char *mount_has_subsystem(const struct mntent *mntent)
+{
+ FILE *f;
+ char *c, *ret;
+ char line[MAXPATHLEN];
+
+ /* read the list of subsystems from the kernel */
+ f = fopen("/proc/cgroups", "r");
+ if (!f)
+ return 0;
+
+ /* skip the first line, which contains column headings */
+ if (!fgets(line, MAXPATHLEN, f))
+ return 0;
+
+ while (fgets(line, MAXPATHLEN, f)) {
+ c = strchr(line, '\t');
+ if (!c)
+ continue;
+ *c = '\0';
+
+ ret = hasmntopt(mntent, line);
+ if (ret)
+ break;
+ }
+
+ fclose(f);
+ return ret;
+}
+
/*
* get_init_cgroup: get the cgroup init is in.
* dsg: preallocated buffer to put the output in
@@ -139,8 +172,15 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (subsystem && !hasmntopt(mntent, subsystem))
- continue;
+
+ if (subsystem) {
+ if (!hasmntopt(mntent, subsystem))
+ continue;
+ }
+ else {
+ if (!mount_has_subsystem(mntent))
+ continue;
+ }
flags = get_cgroup_flags(mntent);
ret = snprintf(mnt, MAXPATHLEN, "%s%s%s", mntent->mnt_dir,
@@ -266,6 +306,8 @@ int lxc_cgroup_attach(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -420,6 +462,8 @@ int lxc_cgroup_create(const char *name, pid_t pid)
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
INFO("[%d] found cgroup mounted at '%s',opts='%s'",
++found, mntent->mnt_dir, mntent->mnt_opts);
@@ -519,6 +563,8 @@ int lxc_cgroup_destroy(const char *name)
while ((mntent = getmntent(file))) {
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
+ if (!mount_has_subsystem(mntent))
+ continue;
err = lxc_one_cgroup_destroy(mntent, name);
if (err)
--
1.7.4.1
--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 02/14] lxc-attach: use execvp instead of execve
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c |6 +++---
1 files changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 3571b09..4883327 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -89,7 +89,7 @@ Options :\n\
.checker = NULL,
};
-int main(int argc, char *argv[], char *envp[])
+int main(int argc, char *argv[])
{
int ret;
pid_t pid, init_pid;
@@ -212,7 +212,7 @@ int main(int argc, char *argv[], char *envp[])
lxc_sync_fini(handler);
if (my_args.argc) {
- execve(my_args.argv[0], my_args.argv, envp);
+ execvp(my_args.argv[0], my_args.argv);
SYSERROR("failed to exec '%s'", my_args.argv[0]);
return -1;
}
@@ -232,7 +232,7 @@ int main(int argc, char *argv[], char *envp[])
NULL,
};
- execve(args[0], args, envp);
+ execvp(args[0], args);
SYSERROR("failed to exec '%s'", args[0]);
return -1;
}
--
1.7.4.1
--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 01/14] use syscall numbers from Linux kernel headers
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc/Makefile.am | 11 ---
src/lxc/attach.c|3 +-
4 files changed, 4 insertions(+), 94 deletions(-)
delete mode 100644 config/linux.m4
diff --git a/config/linux.m4 b/config/linux.m4
deleted file mode 100644
index a4e9fa8..000
--- a/config/linux.m4
+++ /dev/null
@@ -1,76 +0,0 @@
-AC_DEFUN([AC_LINUX],
-[
- AC_LINUX_DIR()
- AC_LINUX_SRCARCH()
-])
-
-AC_DEFUN([AS_TRY_LINUX_DIR],
- [AC_MSG_CHECKING(for Linux in $1)
-
- if test -f "$1/Makefile" ; then
- result=yes
- $2
- else
- result="not found"
- $3
- fi
-
- AC_MSG_RESULT($result)
-])
-
-AC_DEFUN([AC_LINUX_DIR],
-[
- AC_ARG_WITH([linuxdir],
- [AC_HELP_STRING([--with-linuxdir=DIR],
- [specify path to Linux source directory])],
- [LINUX_DIR="${withval}"],
- [LINUX_DIR=default])
-
- dnl if specified, use the specified one
- if test "${LINUX_DIR}" != "default" ; then
- AS_TRY_LINUX_DIR([${LINUX_DIR}], , AC_MSG_ERROR([Linux dir not
found]) )
- fi
-
- dnl if not specified, first try with previously set LINUX_KERNEL_RELEASE
- if test "${LINUX_DIR}" = "default" ; then
- dir="/lib/modules/$LINUX_KERNEL_RELEASE/build";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl next try using the kernel source dir
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux-$LINUX_KERNEL_RELEASE";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl then try a common default of /usr/src/linux
- if test "${LINUX_DIR}" = "default" ; then
- dir="/usr/src/linux";
- AS_TRY_LINUX_DIR([${dir}], [LINUX_DIR=${dir}], )
- fi
-
- dnl if still nothing found, fail
- if test "${LINUX_DIR}" = "default" ; then
- AC_MSG_WARN([Linux source directory not found])
- fi
-
- AC_SUBST(LINUX_DIR)
-])
-
-AC_DEFUN([AC_LINUX_SRCARCH],[
- AC_MSG_CHECKING(for linux SRCARCH)
-
- case "${host}" in
- i[[3456]]86-*) LINUX_SRCARCH=x86;;
- x86_64-*) LINUX_SRCARCH=x86;;
- powerpc*-*) LINUX_SRCARCH=powerpc;;
- s390*-*) LINUX_SRCARCH=s390;;
- arm*-*) LINUX_SRCARCH=arm;;
- mips*-*) LINUX_SRCARCH=mips;;
- sparc*-*) LINUX_SRCARCH=sparc;;
- *) AC_MSG_ERROR([architecture ${host} not supported]);;
- esac
-
- AC_MSG_RESULT(${LINUX_SRCARCH})
- AC_SUBST(LINUX_SRCARCH)
-])
diff --git a/configure.ac b/configure.ac
index e8f0cb5..c2bf4b0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -65,13 +65,13 @@ AC_SUBST(LXCROOTFSMOUNT, "${with_rootfs_path}")
AC_SUBST(LXCINITDIR, ['${libexecdir}/lxc'])
AC_SUBST(LXCTEMPLATEDIR, ['${libdir}/lxc/templates'])
-AC_CHECK_HEADERS([linux/netlink.h linux/genetlink.h],
+AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h],
[],
- AC_MSG_ERROR([netlink headers not found.
Please install the linux kernel headers.]),
+ AC_MSG_ERROR([Please install the Linux kernel
headers.]),
[#include
])
-AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([please install
libcap-devel.]),
+AC_CHECK_HEADERS([sys/capability.h], [], AC_MSG_ERROR([Please install the
libcap development files.]),
[#include
#include ])
AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no)
@@ -91,8 +91,6 @@ AC_CHECK_HEADERS([sys/signalfd.h])
AC_PROG_GCC_TRADITIONAL
-AC_LINUX
-
if test "x$GCC" = "xyes"; then
CFLAGS="$CFLAGS -Wall"
fi
diff --git a/src/lxc/Makefile.am b/src/lxc/Makefile.am
index 3a3816e..1c26952 100644
--- a/src/lxc/Makefile.am
+++ b/src/lxc/Makefile.am
@@ -131,14 +131,3 @@ install-exec-local: install-soPROGRAMS
uninstall-local:
$(RM) $(DESTDIR)$(libdir)/liblxc.so*
-
-namespace.c: setns.h
-
-setns.h:
- -$(CC) $(CPPFLAGS) -M -MT$@
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h >setns.P
- -$(CPP) $(CPPFLAGS) -dM
$(LINUX_DIR)/arch/$(LINUX_SRCARCH)/include/asm/unistd.h |grep setns > $@
-
-clean-local:
- $(RM) setns.h setns.P
-
--include setns.P
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 33da411..0ca8b39 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -30,6 +30,7 @@
#include
#includ
[lxc-devel] [PATCHv3 10/14] refresh lxc-ls
Add an '--active' option that lists active containers by searching
cgroups. (Otherwise, the directories in /var/lib/lxc are listed.)
Modify the cgroup search to only use hierarchies that contain one
or more subsystems. When searching, if a hierarchy contains the
'ns' subsystem, do not append '/lxc' to the parent cgroup.
Add a '--help' option that prints the command syntax.
Print error messages and help information to stderr.
Update the documentation.
Signed-off-by: David Ward
---
doc/lxc-ls.sgml.in | 17 ++-
src/lxc/lxc-ls.in | 119 ++-
2 files changed, 102 insertions(+), 34 deletions(-)
diff --git a/doc/lxc-ls.sgml.in b/doc/lxc-ls.sgml.in
index 3ffd4f8..d33e9b3 100644
--- a/doc/lxc-ls.sgml.in
+++ b/doc/lxc-ls.sgml.in
@@ -48,7 +48,7 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- lxc-ls ls option
+ lxc-ls --active ls
option
@@ -67,6 +67,17 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
+ --active
+
+
+
+ List active containers.
+
+
+
+
+
+
ls options
@@ -94,10 +105,10 @@ Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
02111-1307 USA
- lxc-ls -1
+ lxc-ls --active -1
- list all the containers and display the list in one column.
+ list active containers and display the list in one column.
diff --git a/src/lxc/lxc-ls.in b/src/lxc/lxc-ls.in
index a1ad642..11a3b45 100644
--- a/src/lxc/lxc-ls.in
+++ b/src/lxc/lxc-ls.in
@@ -1,43 +1,100 @@
#!/bin/bash
-localstatedir=@LOCALSTATEDIR@
-lxcpath=@LXCPATH@
+#
+# lxc: linux Container library
-if [ ! -r $lxcpath ]; then
-exit 0
-fi
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+
+localstatedir=@LOCALSTATEDIR@
+lxc_path=@LXCPATH@
-function get_cgroup()
+usage()
{
- local mount_string
- mount_string=$(mount -t cgroup |grep -E -e '^lxc ')
- if test -n "$mount_string"; then
- mount_point=$(echo $mount_string |cut -d' ' -f3)
- return
- fi
- mount_string=`grep -m1 -E '^[^ \t]+[ \t]+[^ \t]+[ \t]+cgroup'
/proc/self/mounts`;
- if test -z "$mount_string"; then
- echo "failed to find mounted cgroup"
- exit 1
- fi
- mount_point=`echo "$mount_string" |cut -d' ' -f2`;
+ echo "usage: $(basename $0) [--active] [--] [LS_OPTIONS...]" >&2
}
-ls "$@" $lxcpath
+help() {
+ usage
+ echo >&2
+ echo "List containers existing on the system." >&2
+ echo >&2
+ echo " --active list active containers" >&2
+ echo " LS_OPTIONS ls command options (see \`ls --help')" >&2
+}
+
+get_parent_cgroup()
+{
+ local hierarchies hierarchy fields subsystems init_cgroup mountpoint
+
+ parent_cgroup=""
+
+ # Obtain a list of hierarchies that contain one or more subsystems
+ hierarchies=$(tail -n +2 /proc/cgroups | cut -f 2)
-active=$(netstat -xl 2>/dev/null | grep $lxcpath | \
- sed -e 's#.*'"$lxcpath/"'\(.*\)/command#\1#');
+ # Iterate through the list until a suitable hierarchy is found
+ for hierarchy in $hierarchies; do
+ # Obtain information about the init process in the hierarchy
+ fields=$(grep -E "^$hierarchy:" /proc/1/cgroup | head -n 1)
+ if [ -z "$fields" ]; then continue; fi
+ fields=${fields#*:}
-if test -n "$active"; then
- get_cgroup
- if test -n "$mount_point"; then
- # get cgroup for init
- init_cgroup=`cat /proc/1/cgroup | awk -F: '{ print $3 }' | head
-1`
- if [ ! -d $mount_point/$init_cgroup/lxc ]; then
- cd $mount_point/$init_cgroup
+ # Get a comma-separated list of the hierarchy&#x
[lxc-devel] [PATCHv3 00/14] Assorted fixes against lxc 0.8.0-rc2
v3: Rebase onto 0.8.0-rc2; add cgroup fixes to handle ns subsystem; fix terminology in lxc-cgroup v2: Add changes to scripts (including new '--active' flag for lxc-ls) The following patches address a number of different issues I discovered while building or using lxc (these are not feature patches). They were tested on top of lxc 0.8.0-rc2 under both Fedora 14 and Fedora 16. I am submitting them for inclusion in lxc 0.8.0. Please let me know if you have any questions or concerns. David Ward (14): use syscall numbers from Linux kernel headers lxc-attach: use execvp instead of execve utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found utmp: support non-rootfs configuration cgroup: additional fix for deprecated ns subsystem lxc-cgroup: use correct terminology cgroup: rearrange code blocks lxc-attach: unify code for attaching a pid to a cgroup cgroup: only touch hierarchies that are bound to subsystems refresh lxc-ls refresh lxc-netstat rewrite lxc-ps make help consistent for other scripts lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir config/linux.m4| 76 -- configure.ac |9 +- doc/lxc-cgroup.sgml.in | 31 +++-- doc/lxc-ls.sgml.in | 17 ++- src/lxc/Makefile.am| 11 -- src/lxc/attach.c | 113 +--- src/lxc/attach.h |9 -- src/lxc/cgroup.c | 210 ++--- src/lxc/cgroup.h |2 +- src/lxc/lxc-checkconfig.in | 15 +- src/lxc/lxc-clone.in | 70 +- src/lxc/lxc-create.in | 96 ++--- src/lxc/lxc-destroy.in | 40 -- src/lxc/lxc-ls.in | 119 src/lxc/lxc-netstat.in | 146 +--- src/lxc/lxc-ps.in | 329 src/lxc/lxc-setcap.in | 37 -- src/lxc/lxc-setuid.in | 36 -- src/lxc/lxc_attach.c | 10 +- src/lxc/lxc_cgroup.c | 22 ++-- src/lxc/start.c|3 +- src/lxc/utmp.c |4 - 22 files changed, 653 insertions(+), 752 deletions(-) delete mode 100644 config/linux.m4 mode change 100755 => 100644 src/lxc/lxc-checkconfig.in mode change 100755 => 100644 src/lxc/lxc-ps.in -- 1.7.4.1 -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 08/14] lxc-attach: unify code for attaching a pid to a cgroup
To attach a new pid to the cgroups for an existing container, we can use
the same method that we did when we started the container: iterate over
all the mounted cgroup hierarchies; find the cgroup that pid 1 is in for
each hierarchy; add 'lxc/' to the end of it; then write the pid to
the 'tasks' file in that cgroup. (The only difference is that we do not
create the cgroup again.) Note that we follow exactly the same iteration
pattern to delete our cgroups when a container is shutdown.
There may be situations where additional cgroups hierarchies are mounted
after the container is started, or the cgroup for pid 1 gets reassigned.
But we currently don't handle any of these cases in the shutdown code or
anywhere else, so it doesn't make sense to try to handle these cases for
lxc-attach by itself. Aside from simplifying the code, this change makes
it easier to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 97 +---
src/lxc/cgroup.h |2 +-
src/lxc/lxc_attach.c |4 +-
5 files changed, 61 insertions(+), 161 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 0ca8b39..a95b3d3 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -60,10 +60,9 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
struct lxc_proc_context_info *info = calloc(1, sizeof(*info));
FILE *proc_file;
char proc_fn[MAXPATHLEN];
- char *line = NULL, *ptr, *ptr2;
+ char *line = NULL;
size_t line_bufsz = 0;
- int ret, found, l;
- int i;
+ int ret, found;
if (!info) {
SYSERROR("Could not allocate memory.");
@@ -114,117 +113,14 @@ struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid)
goto out_error;
}
- /* read cgroups */
- snprintf(proc_fn, MAXPATHLEN, "/proc/%d/cgroup", pid);
-
- proc_file = fopen(proc_fn, "r");
- if (!proc_file) {
- SYSERROR("Could not open %s", proc_fn);
- goto out_error;
- }
-
- /* we don't really know how many cgroup subsystems there are
-* mounted, so we go through the whole file twice */
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1) {
- /* we assume that all lines containing at least two colons
-* are valid */
- ptr = strchr(line, ':');
- if (ptr && strchr(ptr + 1, ':'))
- i++;
- }
-
- rewind(proc_file);
-
- info->cgroups = calloc(i, sizeof(*(info->cgroups)));
- info->cgroups_count = i;
-
- i = 0;
- while (getline(&line, &line_bufsz, proc_file) != -1 && i <
info->cgroups_count) {
- /* format of the lines is:
-* id:subsystems:path, where subsystems are separated by
-* commas and each subsystem may also be of the form
-* name=xxx if it describes a private named hierarchy
-* we will ignore the id in the following */
- ptr = strchr(line, ':');
- ptr2 = ptr ? strchr(ptr + 1, ':') : NULL;
-
- /* ignore invalid lines */
- if (!ptr || !ptr2) continue;
-
- l = strlen(ptr2) - 1;
- if (ptr2[l] == '\n')
- ptr2[l] = '\0';
-
- info->cgroups[i].subsystems = strndup(ptr + 1, ptr2 - (ptr +
1));
- info->cgroups[i].cgroup = strdup(ptr2 + 1);
-
- i++;
- }
-
- free(line);
- fclose(proc_file);
-
return info;
out_error:
- lxc_proc_free_context_info(info);
+ free(info);
free(line);
return NULL;
}
-void lxc_proc_free_context_info(struct lxc_proc_context_info *info)
-{
- if (!info)
- return;
-
- if (info->cgroups) {
- int i;
- for (i = 0; i < info->cgroups_count; i++) {
- free(info->cgroups[i].subsystems);
- free(info->cgroups[i].cgroup);
- }
- }
- free(info->cgroups);
- free(info);
-}
-
-int lxc_attach_proc_to_cgroups(pid_t pid, struct lxc_proc_context_info *ctx)
-{
- int i, ret;
-
- if (!ctx) {
- ERROR("No valid context supplied when asked to attach "
- "process to cgroups.");
- return -1;
- }
-
- for (i = 0; i < ctx->cgroups_count; i++) {
- char *path;
-
-
[lxc-devel] [PATCHv3 11/14] refresh lxc-netstat
Modify the cgroup search to only use hierarchies that contain one
or more subsystems. When searching, if a hierarchy contains the
'ns' subsystem, do not append '/lxc' to the parent cgroup.
Change method of bind mounting /proc//net onto /proc/net, to
avoid error "cannot mount block device /proc//net read-only".
Check that user is root. Check that container name is specified
before calling 'exec'.
Update the help information.
Print error messages and help information to stderr.
Make indentation consistent.
Signed-off-by: David Ward
---
src/lxc/lxc-netstat.in | 146 +++
1 files changed, 96 insertions(+), 50 deletions(-)
diff --git a/src/lxc/lxc-netstat.in b/src/lxc/lxc-netstat.in
index 9e7eec3..113c0da 100644
--- a/src/lxc/lxc-netstat.in
+++ b/src/lxc/lxc-netstat.in
@@ -1,21 +1,70 @@
#!/bin/bash
-# set -ex
+
+#
+# lxc: linux Container library
+
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
usage() {
- echo "usage: $(basename $0) --name [netstat options]"
+ echo "usage: $(basename $0) --name NAME [--] [NETSTAT_OPTIONS...]" >&2
}
help() {
usage
- echo
- echo "execute netstat for the specified container"
- echo "with the added netstat options"
- echo
- echo "Options:"
- echo "name : name of the container"
- echo "help : this current help."
- echo
- echo "to be executed as root."
+ echo >&2
+ echo "Execute 'netstat' for the specified container." >&2
+ echo >&2
+ echo " --name NAME specify the container name" >&2
+ echo " NETSTAT_OPTIONS netstat command options (see \`netstat
--help')" >&2
+}
+
+get_parent_cgroup()
+{
+ local hierarchies hierarchy fields subsystems init_cgroup mountpoint
+
+ parent_cgroup=""
+
+ # Obtain a list of hierarchies that contain one or more subsystems
+ hierarchies=$(tail -n +2 /proc/cgroups | cut -f 2)
+
+ # Iterate through the list until a suitable hierarchy is found
+ for hierarchy in $hierarchies; do
+ # Obtain information about the init process in the hierarchy
+ fields=$(grep -E "^$hierarchy:" /proc/1/cgroup | head -n 1)
+ if [ -z "$fields" ]; then continue; fi
+ fields=${fields#*:}
+
+ # Get a comma-separated list of the hierarchy's subsystems
+ subsystems=${fields%:*}
+
+ # Get the cgroup of the init process in the hierarchy
+ init_cgroup=${fields#*:}
+
+ # Get the filesystem mountpoint of the hierarchy
+ mountpoint=$(grep -E "^cgroup [^ ]+ [^ ]+ ([^
]+,)?$subsystems(,[^ ]+)? " /proc/self/mounts | cut -d ' ' -f 2)
+ if [ -z "$mountpoint" ]; then continue; fi
+
+ # Return the absolute path to the containers' parent cgroup
+ # (do not append '/lxc' if the hierarchy contains the 'ns'
subsystem)
+ if [[ ",$subsystems," == *,ns,* ]]; then
+ parent_cgroup="${mountpoint}${init_cgroup%/}"
+ else
+ parent_cgroup="${mountpoint}${init_cgroup%/}/lxc"
+ fi
+ break
+ done
}
exec=""
@@ -25,19 +74,24 @@ if [ $# -eq 0 ]; then
exit 1
fi
-for i in "$@"; do
- case $i in
+while true; do
+ case $1 in
-h|--help)
help; exit 1;;
-n|--name)
name=$2; shift 2;;
--exec)
exec="exec"; shift;;
+ --)
+ shift; break;;
+ *)
+ break;
esac
done
-if [ -z "$exec" ]; then
-exec @BINDIR@/lxc-unshare -s MOUNT -- $0 -n $name --exec "$@"
+if [ "$(id -u)" != "0" ]; then
+ echo "$(basename $0): must be run as root" >
[lxc-devel] [PATCHv3 04/14] utmp: support non-rootfs configuration
Having a rootfs is not a necessary condition for monitoring utmp, since /var or /var/run can just be remounted inside the container instead. We should rely on the other two conditions already in place to decide whether to monitor the utmp file: - the container was started with 'lxc-start', which indicates that it has a real init process and is expected to write to a utmp file - support for CAP_SYS_BOOT was not found in the kernel, which would otherwise supersede utmp monitoring Signed-off-by: David Ward --- src/lxc/utmp.c |4 1 files changed, 0 insertions(+), 4 deletions(-) diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c index b6469b0..a7b9b52 100644 --- a/src/lxc/utmp.c +++ b/src/lxc/utmp.c @@ -233,10 +233,6 @@ int lxc_utmp_mainloop_add(struct lxc_epoll_descr *descr, char path2[MAXPATHLEN]; int fd, wd; struct lxc_utmp *utmp_data; - struct lxc_conf *conf = handler->conf; - - if (!conf->rootfs.path) - return 0; /* We set up a watch for the /var/run directory. We're only interested * in utmp at the moment, but want to watch for delete and create -- 1.7.4.1 -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 07/14] cgroup: rearrange code blocks
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 70 -
1 files changed, 32 insertions(+), 38 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index f50c74a..8d70951 100644
--- a/src/lxc/cgroup.c
+++ b/src/lxc/cgroup.c
@@ -157,6 +157,7 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
struct mntent *mntent;
char initcgroup[MAXPATHLEN];
FILE *file = NULL;
+ int ret, flags, err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -165,32 +166,29 @@ static int get_cgroup_mount(const char *subsystem, char
*mnt)
}
while ((mntent = getmntent(file))) {
-
if (strcmp(mntent->mnt_type, "cgroup"))
continue;
- if (!subsystem || hasmntopt_multiple(mntent, subsystem)) {
- int ret;
- int flags = get_cgroup_flags(mntent);
- ret = snprintf(mnt, MAXPATHLEN, "%s%s%s",
- mntent->mnt_dir,
- get_init_cgroup(subsystem, NULL,
- initcgroup),
- (flags & CGROUP_NS_CGROUP) ? "" :
"/lxc");
- if (ret < 0 || ret >= MAXPATHLEN)
- goto fail;
- fclose(file);
- DEBUG("using cgroup mounted at '%s'", mnt);
- return 0;
- }
+ if (subsystem && !hasmntopt_multiple(mntent, subsystem))
+ continue;
+
+ flags = get_cgroup_flags(mntent);
+ ret = snprintf(mnt, MAXPATHLEN, "%s%s%s", mntent->mnt_dir,
+ get_init_cgroup(subsystem, NULL, initcgroup),
+ (flags & CGROUP_NS_CGROUP) ? "" : "/lxc");
+ if (ret < 0 || ret >= MAXPATHLEN)
+ goto fail;
+
+ DEBUG("using cgroup mounted at '%s'", mnt);
+ err = 0;
+ goto out;
};
fail:
DEBUG("Failed to find cgroup for %s\n",
subsystem ? subsystem : "(NULL)");
-
- fclose(file);
-
- return -1;
+out:
+ endmntent(file);
+ return err;
}
int lxc_ns_is_mounted(void)
@@ -409,18 +407,17 @@ int lxc_cgroup_create(const char *name, pid_t pid)
}
while ((mntent = getmntent(file))) {
-
DEBUG("checking '%s' (%s)", mntent->mnt_dir, mntent->mnt_type);
- if (!strcmp(mntent->mnt_type, "cgroup")) {
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- INFO("[%d] found cgroup mounted at '%s',opts='%s'",
-++found, mntent->mnt_dir, mntent->mnt_opts);
+ INFO("[%d] found cgroup mounted at '%s',opts='%s'",
+++found, mntent->mnt_dir, mntent->mnt_opts);
- err = lxc_one_cgroup_create(name, mntent, pid);
- if (err)
- goto out;
- }
+ err = lxc_one_cgroup_create(name, mntent, pid);
+ if (err)
+ goto out;
};
if (!found)
@@ -498,7 +495,7 @@ int lxc_cgroup_destroy(const char *name)
{
struct mntent *mntent;
FILE *file = NULL;
- int ret, err = -1;
+ int err = -1;
file = setmntent(MTAB, "r");
if (!file) {
@@ -507,18 +504,15 @@ int lxc_cgroup_destroy(const char *name)
}
while ((mntent = getmntent(file))) {
- if (!strcmp(mntent->mnt_type, "cgroup")) {
- ret = lxc_one_cgroup_destroy(mntent, name);
- if (ret) {
- fclose(file);
- return ret;
- }
- err = 0;
- }
- }
+ if (strcmp(mntent->mnt_type, "cgroup"))
+ continue;
- fclose(file);
+ err = lxc_one_cgroup_destroy(mntent, name);
+ if (err)
+ break;
+ }
+ endmntent(file);
return err;
}
/*
--
1.7.4.1
--
This SF email is sponsosred by:
Try Windows Azure free for 90 days Click Here
http://p.sf.net/sfu/sfd2d-msazure
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCHv3 13/14] make help consistent for other scripts
Display help information in a consistent format.
Print error messages and help information to stderr. Prefix error
messages with the name of the script (for easier debugging as part
of larger scripts).
Allow help information to be printed as a non-root user.
Fix file mode for lxc-checkconfig.in.
Signed-off-by: David Ward
---
src/lxc/lxc-checkconfig.in | 15 +++
src/lxc/lxc-clone.in | 70 +++-
src/lxc/lxc-create.in | 96 ---
src/lxc/lxc-destroy.in | 40 --
src/lxc/lxc-setcap.in | 36 +++-
src/lxc/lxc-setuid.in | 35 ++-
6 files changed, 158 insertions(+), 134 deletions(-)
mode change 100755 => 100644 src/lxc/lxc-checkconfig.in
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
old mode 100755
new mode 100644
index 39da910..8c2b5e5
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -32,7 +32,7 @@ is_enabled() {
}
if [ ! -f $CONFIG ]; then
-echo "Kernel config $CONFIG not found, looking in other places..."
+echo "Kernel configuration not found at $CONFIG; searching..."
KVER="`uname -r`"
HEADERS_CONFIG="/lib/modules/$KVER/build/.config"
BOOT_CONFIG="/boot/config-$KVER"
@@ -40,15 +40,14 @@ if [ ! -f $CONFIG ]; then
[ -f "${BOOT_CONFIG}" ] && CONFIG=${BOOT_CONFIG}
GREP=grep
if [ ! -f $CONFIG ]; then
-echo
-echo "The kernel configuration can not be retrieved."
-echo "Please recompile with IKCONFIG_PROC, or"
- echo "install the kernel headers, or specify"
- echo "the path to the config file with: CONFIG= lxc-checkconfig"
-echo
+echo "$(basename $0): unable to retrieve kernel configuration" >&2
+echo >&2
+echo "Try recompiling with IKCONFIG_PROC, installing the kernel
headers," >&2
+echo "or specifying the kernel configuration path with:" >&2
+echo " CONFIG= $(basename $0)" >&2
exit 1
else
-echo "Found kernel config file $CONFIG"
+echo "Kernel configuration found at $CONFIG"
fi
fi
diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in
index 386be30..c7413f2 100644
--- a/src/lxc/lxc-clone.in
+++ b/src/lxc/lxc-clone.in
@@ -24,22 +24,24 @@
set -e
usage() {
-echo "usage: lxc-clone -o -n [-s] [-h] [-L fssize] [-v
vgname] [-p lxc_lv_prefix] [-t fstype]"
+echo "usage: $(basename $0) -o ORIG_NAME -n NEW_NAME [-s] [-h] [-L
FS_SIZE]" >&2
+echo "[-v VG_NAME] [-p LV_PREFIX] [-t FS_TYPE]" >&2
}
help() {
usage
-echo
-echo "creates a lxc system object."
-echo
-echo "Options:"
-echo "orig: name of the original container"
-echo "new : name of the new container"
-echo "-s : make the new rootfs a snapshot of the original"
-echo "fssize : size if creating a new fs. By default, 2G"
-echo "vgname : lvm volume group name, lxc by default"
-echo "lvprefix: lvm volume name prefix, none by default, e.g.
--lvprefix=lxc_ then new lxc lv name will be lxc_newname"
-echo "fstype : new container file system type, ext3 by default (only
works for non-snapshot lvm)"
+echo >&2
+echo "Clone an existing container on the system." >&2
+echo >&2
+echo "Options:" >&2
+echo " -o ORIG_NAME specify the name of the original container" >&2
+echo " -n NEW_NAMEspecify the name of the new container" >&2
+echo " -s make the new rootfs a snapshot of the original" >&2
+echo " -L FS_SIZE specify the new filesystem size (default: 2G)" >&2
+echo " -v VG_NAME specify the new LVM volume group name (default:
lxc)" >&2
+echo " -p LV_PREFIX add a prefix to new LVM logical volume names" >&2
+echo " -t FS_TYPE specify the new filesystem type (default: ext3;" >&2
+echo " only works for non-snapshot LVM)" >&2
}
shortoptions='ho:n:sL:v:p:t:'
@@ -62,8 +64,8 @@ fi
eval set -- "$getopt"
while true; do
-case "$1" in
--h|--help)
+case "$1" in
+-h|--help)
help
exit 1
;;
@@ -102,52 +104,46 @@ while true; do
break
;;
*)
-echo $1
usage
exit 1
;;
-esac
+esac
done
if [ -z
[lxc-devel] [PATCHv3 14/14] lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir
Support new default location for LXCINITDIR. Signed-off-by: David Ward --- configure.ac |1 + src/lxc/lxc-setcap.in |1 + src/lxc/lxc-setuid.in |1 + 3 files changed, 3 insertions(+), 0 deletions(-) diff --git a/configure.ac b/configure.ac index c2bf4b0..0c8aa69 100644 --- a/configure.ac +++ b/configure.ac @@ -40,6 +40,7 @@ AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) AS_AC_EXPAND(PREFIX, $prefix) AS_AC_EXPAND(LIBDIR, $libdir) AS_AC_EXPAND(BINDIR, $bindir) +AS_AC_EXPAND(LIBEXECDIR, $libexecdir) AS_AC_EXPAND(INCLUDEDIR, $includedir) AS_AC_EXPAND(SYSCONFDIR, $sysconfdir) AS_AC_EXPAND(DATADIR, $datadir) diff --git a/src/lxc/lxc-setcap.in b/src/lxc/lxc-setcap.in index 52d4b48..71e3710 100644 --- a/src/lxc/lxc-setcap.in +++ b/src/lxc/lxc-setcap.in @@ -84,6 +84,7 @@ lxc_dropcaps() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") diff --git a/src/lxc/lxc-setuid.in b/src/lxc/lxc-setuid.in index 0919eac..020dfae 100644 --- a/src/lxc/lxc-setuid.in +++ b/src/lxc/lxc-setuid.in @@ -81,6 +81,7 @@ lxc_dropuid() shortoptions='hd' longoptions='help' libdir=@LIBDIR@ +libexecdir=@LIBEXECDIR@ localstatedir=@LOCALSTATEDIR@ getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") -- 1.7.4.1 -- This SF email is sponsosred by: Try Windows Azure free for 90 days Click Here http://p.sf.net/sfu/sfd2d-msazure ___ Lxc-devel mailing list Lxc-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] lxc-attach: Clear environment and set container=lxc
The child process's environment should be manipulated the same way
by lxc-attach as it would be by lxc-start or lxc-execute.
Signed-off-by: David Ward
---
src/lxc/attach.c | 15 +++
src/lxc/attach.h |1 +
src/lxc/lxc_attach.c |5 +
3 files changed, 21 insertions(+), 0 deletions(-)
diff --git a/src/lxc/attach.c b/src/lxc/attach.c
index 2f32025..12adadb 100644
--- a/src/lxc/attach.c
+++ b/src/lxc/attach.c
@@ -277,6 +277,21 @@ int lxc_attach_drop_privs(struct lxc_proc_context_info
*ctx)
return 0;
}
+int lxc_attach_set_environment()
+{
+ if (clearenv()) {
+ SYSERROR("failed to clear environment");
+ /* don't error out though */
+ }
+
+ if (putenv("container=lxc")) {
+ SYSERROR("failed to set environment variable");
+ return -1;
+ }
+
+ return 0;
+}
+
char *lxc_attach_getpwshell(uid_t uid)
{
/* local variables */
diff --git a/src/lxc/attach.h b/src/lxc/attach.h
index 6bbfb42..404ff4c 100644
--- a/src/lxc/attach.h
+++ b/src/lxc/attach.h
@@ -37,6 +37,7 @@ extern struct lxc_proc_context_info
*lxc_proc_get_context_info(pid_t pid);
extern int lxc_attach_to_ns(pid_t other_pid, int which);
extern int lxc_attach_remount_sys_proc();
extern int lxc_attach_drop_privs(struct lxc_proc_context_info *ctx);
+extern int lxc_attach_set_environment();
extern char *lxc_attach_getpwshell(uid_t uid);
diff --git a/src/lxc/lxc_attach.c b/src/lxc/lxc_attach.c
index 678b76d..7fd76ee 100644
--- a/src/lxc/lxc_attach.c
+++ b/src/lxc/lxc_attach.c
@@ -411,6 +411,11 @@ int main(int argc, char *argv[])
return -1;
}
+ if (lxc_attach_set_environment()) {
+ ERROR("could not set environment");
+ return -1;
+ }
+
/* tell parent we are done setting up the container and wait
* until we have been put in the container's cgroup, if
* applicable */
--
1.7.1
--
Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
http://p.sf.net/sfu/appdyn_d2d_mar
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
[lxc-devel] [PATCH] Set all mounts to MS_SLAVE when starting a container without a rootfs
If the filesystem mounts on the host have the MS_SHARED or MS_SLAVE
flag set, and a container without a rootfs is started, then any new
mounts created inside the container are currently propagated into
the host. In addition to mounts placed in the configuration file of
the container or performed manually after startup, the automatic
mounting of /proc by lxc-execute will propagate back into the host,
effectively crippling the entire system. This can be prevented by
setting the MS_SLAVE flag on all mounts (inside the container's own
mount namespace) during startup if a rootfs is not configured.
Signed-off-by: David Ward
---
src/lxc/conf.c |7 ++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 965a0d2..6b3f318 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1129,8 +1129,13 @@ static int setup_rootfs(struct lxc_conf *conf)
{
const struct lxc_rootfs *rootfs = &conf->rootfs;
- if (!rootfs->path)
+ if (!rootfs->path) {
+ if (mount("", "/", NULL, MS_SLAVE|MS_REC, 0)) {
+ SYSERROR("Failed to make / rslave");
+ return -1;
+ }
return 0;
+ }
if (access(rootfs->mount, F_OK)) {
SYSERROR("failed to access to '%s', check it is present",
--
1.7.1
--
Own the Future-IntelĀ® Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest.
Compete for recognition, cash, and the chance to get your game
on Steam. $5K grand prize plus 10 genre and skill prizes.
Submit your demo by 6/6/13. http://p.sf.net/sfu/intel_levelupd2d
___
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel
