On Thu, 12 Sep 2013 00:27:04 -0400
Stéphane Graber wrote:
> Hello,
>
> It looks like Dwight's last change introduce a bit of a regression
> when running lxc-start -d.
Yikes, sorry I didn't catch that in my testing. My follow on patch
for doing the monitor socket in the abstract space gets rid o
Quoting Dwight Engen (dwight.en...@oracle.com):
> - Also convert to unix abstract socket
> - A simple FNV hash is used instead of SHA-1 since we may not HAVE_GNUTLS
>
> Signed-off-by: Dwight Engen
Acked-by: Serge E. Hallyn
Thanks Dwight! Works great.
> ---
> src/lxc/monitor.c | 60
> ++
Quoting Dwight Engen (dwight.en...@oracle.com):
> On Thu, 12 Sep 2013 00:27:04 -0400
> Stéphane Graber wrote:
>
> > Hello,
> >
> > It looks like Dwight's last change introduce a bit of a regression
> > when running lxc-start -d.
>
> Yikes, sorry I didn't catch that in my testing. My follow on p
Hi Serge,
>> cgroups and have a separate function for the ns cgroup entries? Then
>
> Makes perfect sense to me to do so, yes.
Since you didn't respond and I was in the mood to finish it,
I assumed that you'd be OK with that, see my other set of
patches for automatic cgroup mounting.
-- Christia
Signed-off-by: S.Çağlar Onur
---
.gitignore | 1 +
1 file changed, 1 insertion(+)
diff --git a/.gitignore b/.gitignore
index 8cecb72..660756f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -59,6 +59,7 @@ src/lxc/lxc-netstat
src/lxc/lxc-ps
src/lxc/lxc-restart
src/lxc/lxc-shutdown
+src/lxc/lxc-sna
Quoting Christian Seiler (christ...@iwakd.de):
> Hi again,
>
> I was just looking at how to best implement the cgroup mount hook.
> Problem now is that the easiest way would be just to create the cgroup
> before the clone() (enter is done afterwards anyway) so that the client
> has access to handl
Hi there,
just a quick question: currently, rootfs is pinned with a .hold file in
the parent directory (which btw. does not help against file systems that
are already mounted on the host but directly in the rootfs directory).
The problem with the .hold file is that it doesn't make the directory
ne
Quoting Christian Seiler (christ...@iwakd.de):
> Hi there,
>
> just a quick question: currently, rootfs is pinned with a .hold file in
> the parent directory (which btw. does not help against file systems that
> are already mounted on the host but directly in the rootfs directory).
> The problem w
On Thu, Sep 12, 2013 at 08:27:07PM +0200, Christian Seiler wrote:
> Hi there,
>
> just a quick question: currently, rootfs is pinned with a .hold file in
> the parent directory (which btw. does not help against file systems that
> are already mounted on the host but directly in the rootfs director
Quoting Christian Seiler (christ...@iwakd.de):
> This patch splits off ns legacy cgroup handling from main cgroup
> handling. It moves the creation of the cgroups before clone(), so that
> the child will easily know which cgroups it will later belong to. Since
> this is not possible for the renamin
Quoting Christian Seiler (christ...@iwakd.de):
> Add funbction to mount cgroup filesystem hierarchy into the container,
> allowing only access to the parts that the container should have access
> to, but none else.
>
> Signed-off-by: Christian Seiler
Hm, these last two patches aren't working for
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: 4bee03bc9df2c2437f068f284327aff337cbdaa9
https://github.com/lxc/lxc/commit/4bee03bc9df2c2437f068f284327aff337cbdaa9
Author: S.Çağlar Onur
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M .gitignore
Hi Serge,
>> I could get behind the following:
>>
>>proc- always read-write (no harm AFAICT)
>>sys - default: read-only
>>sys:rw - read-write
>>sys:ro - explicit read-only
>>cgroup:ro - completely ro (including paths)
>>cgroup
Quoting Christian Seiler (christ...@iwakd.de):
> Chane pinning mechanism: Use $rootfs/lxc.hold instead of $rootfs.hold
> (in case $rootfs is a mountpoint itself), but delete the file
> immediately after creating it (but keep it open). This will keep the
> root filesystem busy but does not leave any
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: 368bbc02ba132cd978141f392e610adf3b9dcec8
https://github.com/lxc/lxc/commit/368bbc02ba132cd978141f392e610adf3b9dcec8
Author: Christian Seiler
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M src/lxc/c
On Thu, Sep 12, 2013 at 03:08:26PM -0500, Serge Hallyn wrote:
Awesome, I noticed it was missing when going through lintian output this
morning and added it to my TODO for later this cycle, glad I won't have
to do it myself then :)
Acked-by: Stéphane Graber
> Signed-off-by: Serge Hallyn
> ---
>
Quoting S.Çağlar Onur (cag...@10ur.org):
> Signed-off-by: S.Çağlar Onur
Acked-by: Serge E. Hallyn
applying, thanks.
> ---
> .gitignore | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/.gitignore b/.gitignore
> index 8cecb72..660756f 100644
> --- a/.gitignore
> +++ b/.gitignore
> @@ -
Hi,
I think staging (my head is @ 813a48...) started to stuck while creating
containers concurrently after monitoring related changes.
I observed that issue with the Go bindings first. Then I wrote a test case
to remove Go from the picture and I also thought that having a test case
would be helpf
All - Especially Tony Su,
Couple of people where I work thought you couldn't do what I was trying
to do, that it was "impossible". Oh well. Looks like they were
wrong. :-P It may not be "efficient" but it can be made to work.
Way down below, in-line...
On Mon, 2013-09-09 at 07:28 -0400, Mich
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: b336d7246a324e8973bc449cb35db40b1627be47
https://github.com/lxc/lxc/commit/b336d7246a324e8973bc449cb35db40b1627be47
Author: Serge Hallyn
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M src/lxc/lxc_m
Quoting Christian Seiler (christ...@iwakd.de):
> Add funbction to mount cgroup filesystem hierarchy into the container,
> allowing only access to the parts that the container should have access
> to, but none else.
>
> Signed-off-by: Christian Seiler
Acked-by: Serge E. Hallyn
This looks good t
Hi Serge,
>> Would you agree?
>
> Yup, sounds good. This email should probably be cut-pasted into the
> lxc.conf man page then :)
>
> Should I apply the patch 4/4 as it stands now and the rest can be a
> separate patch?
>
> Oh, one other thing is lxc.mount.auto needs to be added to
> write_con
Quoting S.Çağlar Onur (cag...@10ur.org):
> Signed-off-by: S.Çağlar Onur
Oh, great, thanks :)
Acked-by: Serge E. Hallyn
> ---
> .gitignore | 3 ++
> src/tests/Makefile.am | 6 ++-
> src/tests/concurrent.c | 116
> +
> 3 files ch
Quoting Christian Seiler (christ...@iwakd.de):
> Signed-off-by: Christian Seiler
Acked-by: Serge E. Hallyn
> ---
> src/lxc/utils.c | 19 +++
> src/lxc/utils.h |1 +
> 2 files changed, 20 insertions(+)
>
> diff --git a/src/lxc/utils.c b/src/lxc/utils.c
> index 2e66585..78
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> >> Would you agree?
> >
> > Yup, sounds good. This email should probably be cut-pasted into the
> > lxc.conf man page then :)
> >
> > Should I apply the patch 4/4 as it stands now and the rest can be a
> > separate patch?
> >
> > O
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: f209d63a97a8a2df5324608fee7b0d7a494d69eb
https://github.com/lxc/lxc/commit/f209d63a97a8a2df5324608fee7b0d7a494d69eb
Author: S.Çağlar Onur
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M .gitignore
Signed-off-by: Serge Hallyn
---
configure.ac | 1 +
doc/Makefile.am | 1 +
doc/lxc-snapshot.sgml.in | 152 +++
src/lxc/lxc_snapshot.c | 7 ++-
4 files changed, 158 insertions(+), 3 deletions(-)
create mode 100644 doc/lxc-sn
Chane pinning mechanism: Use $rootfs/lxc.hold instead of $rootfs.hold
(in case $rootfs is a mountpoint itself), but delete the file
immediately after creating it (but keep it open). This will keep the
root filesystem busy but does not leave any unnecessary files lying
around.
Signed-off-by: Christ
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> > Ah, no, mountall just gets upset about some forced readonly
> > mounts. lxc.mount.auto = proc always worked for me. If I do
> >
> > - r = mount("sysfs", path, "sysfs", MS_RDONLY, NULL);
> > + r = mount(
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> >> I could get behind the following:
> >>
> >>proc- always read-write (no harm AFAICT)
> >>sys - default: read-only
> >>sys:rw - read-write
> >>sys:ro - explicit read-only
> >>
Thanks. A few days ago I wrote a short-n-simple little program that
cloned two thread which each did some things with containers. It was
definately racy.
Based on your input I"ll take a closer look at the new monitoring
code.
I'm hoping to take a much closer look next week. I.e. load two
conta
Hi Serge,
Am 12.09.2013 16:43, schrieb Serge Hallyn:
> Quoting Christian Seiler (christ...@iwakd.de):
>> Add funbction to mount cgroup filesystem hierarchy into the
>> container,
>> allowing only access to the parts that the container should have
>> access
>> to, but none else.
>>
>> Signed-off-
Signed-off-by: S.Çağlar Onur
---
.gitignore | 3 ++
src/tests/Makefile.am | 6 ++-
src/tests/concurrent.c | 116 +
3 files changed, 123 insertions(+), 2 deletions(-)
create mode 100644 src/tests/concurrent.c
diff --git a/.gitignor
Quoting Christian Seiler (christ...@iwakd.de):
> Hi Serge,
>
> Am 12.09.2013 16:43, schrieb Serge Hallyn:
> >Quoting Christian Seiler (christ...@iwakd.de):
> >>Add funbction to mount cgroup filesystem hierarchy into the
> >>container,
> >>allowing only access to the parts that the container should
Hi Serge,
> Ah, no, mountall just gets upset about some forced readonly
> mounts. lxc.mount.auto = proc always worked for me. If I do
>
> - r = mount("sysfs", path, "sysfs", MS_RDONLY, NULL);
> + r = mount("sysfs", path, "sysfs", 0, NULL);
> - mount(NULL, path,
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: b45c701178cdc705d26c95f31035c39bab9edf20
https://github.com/lxc/lxc/commit/b45c701178cdc705d26c95f31035c39bab9edf20
Author: Dwight Engen
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M src/lxc/monit
Branch: refs/heads/staging
Home: https://github.com/lxc/lxc
Commit: 813a4837659d5d7a2c0d0abe03c87196747217e9
https://github.com/lxc/lxc/commit/813a4837659d5d7a2c0d0abe03c87196747217e9
Author: Serge Hallyn
Date: 2013-09-12 (Thu, 12 Sep 2013)
Changed paths:
M configure.ac
On Thu, 2013-09-12 at 15:23 -0400, Michael H. Warfield wrote:
> All - Especially Tony Su,
> Couple of people where I work thought you couldn't do what I was trying
> to do, that it was "impossible". Oh well. Looks like they were
> wrong. :-P It may not be "efficient" but it can be made to wor
38 matches
Mail list logo
