Signed-off-by: Serge Hallyn
---
doc/lxc-destroy.sgml.in | 9 +
1 file changed, 9 insertions(+)
diff --git a/doc/lxc-destroy.sgml.in b/doc/lxc-destroy.sgml.in
index fe06f52..a6431e0 100644
--- a/doc/lxc-destroy.sgml.in
+++ b/doc/lxc-destroy.sgml.in
@@ -83,6 +83,15 @@ Foundation, Inc., 59
Sorry, I forgot to post to the list...
Original-Nachricht
Betreff: Re: [lxc-devel] lxc-attach: NSS handling
Datum: Tue, 05 Mar 2013 00:01:55 +0100
Von: Christian Seiler
An: Serge Hallyn
Hi Serge,
> So if you resend the patchset, I'd suggest this patch first, the
> /bin/sh as
Quoting Stéphane Graber (stgra...@ubuntu.com):
> On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> > Signed-off-by: Serge Hallyn
>
> Do we need a similar update to the manpage or is it using the common
> options include?
It's in the list of common options, but it looks like that list is
not being in
On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
> ---
> src/lxc/lxccontainer.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 3eaf41e..404f60a 100644
> --- a/s
On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
> ---
> src/lxc/lxccontainer.c | 3 ++-
> 1 file changed, 2 insertions(+), 1 deletion(-)
>
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index bcfc8b6..3eaf41e 100644
> --- a
On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> As Kees pointed out, write() errors can be delayed and returned as
> close() errors. So don't ignore error on close when writing the
> userns id mapping.
>
> Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
> ---
> src/lxc/conf.c | 10 ++
On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
> ---
> src/lxc/af_unix.c | 6 ++
> 1 file changed, 6 insertions(+)
>
> diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
> index 2a34828..f6c65fb 100644
> --- a/src/lxc/af_unix.c
> +++ b/
On 03/04/2013 03:43 PM, Serge Hallyn wrote:
> Signed-off-by: Serge Hallyn
Do we need a similar update to the manpage or is it using the common
options include?
Acked-by: Stéphane Graber
> ---
> src/lxc/lxc-destroy.in | 20 +---
> 1 file changed, 13 insertions(+), 7 deletions(-
Quoting Christian Seiler (christ...@iwakd.de):
> Hi there,
>
> I've run into the problem multiple times now that lxc-attach can't
> detect the default shell of my current user properly, since the NSS
> implementations of host and container are incompatible.
>
> One of the patches I just sent to t
Quoting Christian Seiler (christ...@iwakd.de):
> Hi,
>
> I've attached three additional patches for possible improvements to
> lxc-attach.
>
> The first two I think should be applied directly, they do the
> following:
>
> 1) Create a sane fallback to /bin/sh if it is impossible to detect
>
Add a monitor command to get the cgroup for a running container. This
allows container r1 started from /var/lib/lxc and container r1 started
from /home/ubuntu/lxcbase to pick unique cgroup directories (which
will be /sys/fs/cgroup/$subsys/lxc/r1 and .../r1-1), and all the lxc-*
tools to get that p
As Kees pointed out, write() errors can be delayed and returned as
close() errors. So don't ignore error on close when writing the
userns id mapping.
Signed-off-by: Serge Hallyn
---
src/lxc/conf.c | 10 ++
1 file changed, 6 insertions(+), 4 deletions(-)
diff --git a/src/lxc/conf.c b/sr
Signed-off-by: Serge Hallyn
---
src/lxc/lxc-destroy.in | 20 +---
1 file changed, 13 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc-destroy.in b/src/lxc/lxc-destroy.in
index 6464e52..1c68f9d 100644
--- a/src/lxc/lxc-destroy.in
+++ b/src/lxc/lxc-destroy.in
@@ -26,7 +26,7 @
Signed-off-by: Serge Hallyn
---
src/lxc/lxccontainer.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index 3eaf41e..404f60a 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -791,7 +791,7 @@ static bool lxcapi
Signed-off-by: Serge Hallyn
---
src/lxc/lxccontainer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
index bcfc8b6..3eaf41e 100644
--- a/src/lxc/lxccontainer.c
+++ b/src/lxc/lxccontainer.c
@@ -692,7 +692,8 @@ static bool lxca
Signed-off-by: Serge Hallyn
---
src/lxc/af_unix.c | 6 ++
1 file changed, 6 insertions(+)
diff --git a/src/lxc/af_unix.c b/src/lxc/af_unix.c
index 2a34828..f6c65fb 100644
--- a/src/lxc/af_unix.c
+++ b/src/lxc/af_unix.c
@@ -56,12 +56,16 @@ int lxc_af_unix_open(const char *path, int type, int
Hi there,
I've run into the problem multiple times now that lxc-attach can't
detect the default shell of my current user properly, since the NSS
implementations of host and container are incompatible.
One of the patches I just sent to the list mitigates that by having a
fallback - use /bin/sh. Th
When attaching to a container with a user namespace, try to detect the
user and group ids of init via /proc and attach as that same user. Only
if that is unsuccessful, fall back to (0, 0).
Signed-off-by: Christian Seiler
---
src/lxc/attach.c | 53 +++
Hi,
I've attached three additional patches for possible improvements to
lxc-attach.
The first two I think should be applied directly, they do the
following:
1) Create a sane fallback to /bin/sh if it is impossible to detect
the container's shell because of incompatible nss implementations
This patch implements the -u and -g options for lxc-attach that allows
the user to ask for a specific user and group id when attaching to a
container.
NOTE: DO NOT APPLY THIS PATCH JUST YET, THERE ARE SECURITY IMPLICATIONS
THAT HAVE TO BE CONSIDERED BEFORE DOING SO. THIS IS JUST A DRAFT.
---
src/
If the NSS implementation of the host and the container is
incompatible, getpwuid() will fail and the shell of the user in the
container cannot be determined. In that case, don't simply fail, but
rather default to /bin/sh. Since this code path is only executed when
attaching to a container without
Quoting Serge Hallyn (serge.hal...@ubuntu.com):
> Quoting Christian Seiler (christ...@iwakd.de):
> > When you clone a new user_ns, the child cannot write to the fds
> > opened by the parent. Hnadle this by doing an extra fork. The
> > grandparent hangs around and waits for its child to tell it th
Hi Serge,
> (Note - no signed-off-by in this patch. How are you generating them?
> I'd recommend either using git-send-email, or get format-patch...)
Oh, I didn't know git format-patch had a --signoff option, I always
added the line manually when committing and this time I just forgot it.
;-)
>
Quoting Christian Seiler (christ...@iwakd.de):
> When you clone a new user_ns, the child cannot write to the fds
> opened by the parent. Hnadle this by doing an extra fork. The
> grandparent hangs around and waits for its child to tell it the
> pid of of the grandchild, which will be the one atta
Quoting Christian Seiler (christ...@iwakd.de):
> Since lxc_attach now works with two fork()s anyway due to user
> namespaces, the code for attaching to cgroups can be simplified again.
>
> This patch removes the prepare/finish/dispose functions for attaching
> to cgroups and just keeps the lxc_cgr
25 matches
Mail list logo
