Hello,
It looks like Dwight's last change introduce a bit of a regression when
running lxc-start -d.
Tracing it down (added a ton of printf all over), it looks like it's
hanging on:
- lxcapi_start
- wait_on_daemonized_start
- lxcapi_wait
- lxc_wait
- lxc_monitor_open
Hi Serge,
>> Only problem: it's not thread-safe... And in contrast to openat() or the
>
> We could just do process_lock() around the whole shebang if we had to.
>
> But I can't think offhand of any reason why we'd ever need to go from
> the socketname back to the lxcpath, so using md5sum really
Hi again,
I was just looking at how to best implement the cgroup mount hook.
Problem now is that the easiest way would be just to create the cgroup
before the clone() (enter is done afterwards anyway) so that the client
has access to handler->pid. Unfortunately, handler->pid is needed for
the ns c
Quoting Dwight Engen (dwight.en...@oracle.com):
> Moving these files should allow $lxcpath to be a read-only fs.
Thanks, nice cleanup too. One concern though - lxc_monitor_sock_name()
just keeps making a longer and longer path, and it's limited to 108
bytes. Is there any reason not to use an abs
This patch adds the lxc.mount.auto configuration option that allows the
user to specify that certain standard filesystems should be
automatically pre-mounted when the container is started.
Currently, four things are implemented:
- /proc (mounted read-write)
- /sys (mounted re
Hi,
I've implemented support to automatically mount the cgroup hierarchy
into the container as discussed on the mailing list. On that occasion,
I also added automatic mounting support for /sys and /proc. All is
controlled by the new lxc.mount.auto option that accepts a list of
parameters, e.g. 'lx
Add funbction to mount cgroup filesystem hierarchy into the container,
allowing only access to the parts that the container should have access
to, but none else.
Signed-off-by: Christian Seiler
---
src/lxc/cgroup.c | 127 ++
src/lxc/cgroup.h |
Signed-off-by: Christian Seiler
---
src/lxc/utils.c | 19 +++
src/lxc/utils.h |1 +
2 files changed, 20 insertions(+)
diff --git a/src/lxc/utils.c b/src/lxc/utils.c
index 2e66585..78b234d 100644
--- a/src/lxc/utils.c
+++ b/src/lxc/utils.c
@@ -658,6 +658,25 @@ char **lxc_nor
This patch splits off ns legacy cgroup handling from main cgroup
handling. It moves the creation of the cgroups before clone(), so that
the child will easily know which cgroups it will later belong to. Since
this is not possible for the renaming of the 'ns' cgroup, keep that
part after clone.
Sign
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> >> Only problem: it's not thread-safe... And in contrast to openat() or the
> >
> > We could just do process_lock() around the whole shebang if we had to.
> >
> > But I can't think offhand of any reason why we'd ever need to go from
On Wed, Sep 11, 2013 at 11:50:54AM -0500, Serge Hallyn wrote:
> If a cgroup hierarchy has ns cgroup composed, then we need to treat
> that differently:
>
> 1. The container init will have already been switched to a new cgroup
> called after its pid.
> 2. We can't move the container init to new dee
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: cea0552efb265fa7e2323d1ac475f1b174c451a1
https://github.com/lxc/lxc/commit/cea0552efb265fa7e2323d1ac475f1b174c451a1
Author: Serge Hallyn
Date: 2013-09-11 (Wed, 11 Sep 2013)
Changed paths:
M src/lxc/cgrou
- Also convert to unix abstract socket
- A simple FNV hash is used instead of SHA-1 since we may not HAVE_GNUTLS
Signed-off-by: Dwight Engen
---
src/lxc/monitor.c | 60 ---
1 file changed, 40 insertions(+), 20 deletions(-)
diff --git a/src/lxc
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> Sorry about 'ns' support in my rewrite, I completely forgot that it's
> removal was not so long ago.
>
> I have a two very minor nit-picky comments:
>
> > +static char *cgroup_rename_nsgroup(char *mountpath, const char *oldname,
> >
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> > Thanks, nice cleanup too. One concern though - lxc_monitor_sock_name()
> > just keeps making a longer and longer path, and it's limited to 108
> > bytes. Is there any reason not to use an abstract unix sock for it?
> > The monitor-
Hi Serge,
> Thanks, nice cleanup too. One concern though - lxc_monitor_sock_name()
> just keeps making a longer and longer path, and it's limited to 108
> bytes. Is there any reason not to use an abstract unix sock for it?
> The monitor-fifo doesn't have the length restriction so
> $rundir/lxc/$
Hi Serge,
Sorry about 'ns' support in my rewrite, I completely forgot that it's
removal was not so long ago.
I have a two very minor nit-picky comments:
> +static char *cgroup_rename_nsgroup(char *mountpath, const char *oldname, int
> pid, const char *name)
> +lxc_cgroup_create(..., int pid)
p
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: 692ba18faeb83e1a92743c198484f18b4fc18bc5
https://github.com/lxc/lxc/commit/692ba18faeb83e1a92743c198484f18b4fc18bc5
Author: Serge Hallyn
Date: 2013-09-11 (Wed, 11 Sep 2013)
Changed paths:
M src/lxc/cgrou
Hi,
I am trying to run a busybox based container on android. However, lxc-start
fails with the following msgs. Any idea what could be wrong here? Thanks
for your time and help!
lxc-start 1378915396.741 WARN lxc_start - inherited fd 8
lxc-start 1378915396.744 WARN lxc_start - inhe
Moving these files should allow $lxcpath to be a read-only fs.
Signed-off-by: Dwight Engen
---
Tested lxc-monitor and lxc-wait as root, do not have environment to test
unprivileged user (XDG_RUNTIME_DIR) case but believe that should work.
src/lxc/lxc_monitord.c | 17 +++
src/lxc/lxc
Quoting Dwight Engen (dwight.en...@oracle.com):
> On Wed, 11 Sep 2013 12:06:47 -0500
> Serge Hallyn wrote:
>
> > Quoting Dwight Engen (dwight.en...@oracle.com):
> > > Moving these files should allow $lxcpath to be a read-only fs.
> >
> > Thanks, nice cleanup too. One concern though -
> > lxc_mo
If a cgroup hierarchy has ns cgroup composed, then we need to treat
that differently:
1. The container init will have already been switched to a new cgroup
called after its pid.
2. We can't move the container init to new deeper cgroup directories.
So, if we detect an ns cgroup, don't bother tryin
On Wed, 11 Sep 2013 12:06:47 -0500
Serge Hallyn wrote:
> Quoting Dwight Engen (dwight.en...@oracle.com):
> > Moving these files should allow $lxcpath to be a read-only fs.
>
> Thanks, nice cleanup too. One concern though -
> lxc_monitor_sock_name() just keeps making a longer and longer path,
>
On Wed, Sep 11, 2013 at 01:16:02PM +0200, Cedric Bosdonnat wrote:
> Hello Stéphane,
>
> On Tue, 2013-09-10 at 12:29 -0400, Stéphane Graber wrote:
> > Yes, the mailing-list is the right way to send patches upstream.
>
> Great.
>
> > Note that we usually require you to add a Signed-off-by tag to y
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: c3cb8580407b6f6b49949e6c58e175eec81db692
https://github.com/lxc/lxc/commit/c3cb8580407b6f6b49949e6c58e175eec81db692
Author: Serge Hallyn
Date: 2013-09-11 (Wed, 11 Sep 2013)
Changed paths:
M src/lxc/appar
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: dd97408ae27220ceccf21357421e390345f3a688
https://github.com/lxc/lxc/commit/dd97408ae27220ceccf21357421e390345f3a688
Author: Stéphane Graber
Date: 2013-09-11 (Wed, 11 Sep 2013)
Changed paths:
M doc/lxc-de
Hello Stéphane,
On Tue, 2013-09-10 at 12:29 -0400, Stéphane Graber wrote:
> Yes, the mailing-list is the right way to send patches upstream.
Great.
> Note that we usually require you to add a Signed-off-by tag to your commits.
> For this time around, I did it for you and pushed to the staging br
27 matches
Mail list logo
