[lxc-devel] [PATCH 2/2] arguments: remove trailing slashes for the input lxcpath

In lxc_cmd(), we use snprintf(path, len, "%s/%s/command", lxcpath ? lxcpath : inpath, name); to fill sock name, this assume lxcpath have no trailing slashes, so if we use lxc-info -n test -P /usr/local/var/lib/lxc_anon/ to get a running container's state, we will get state: STOPPED which is wrong,

[lxc-devel] [PATCH 1/2] utils: move remove_trailing_slashes to utils

Signed-off-by: Qiang Huang --- src/lxc/lxccontainer.c | 7 --- src/lxc/utils.c| 7 +++ src/lxc/utils.h| 1 + 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c index ea5a84e..f5d41b3 100644 --- a/src/lxc/lxcconta

[lxc-devel] [PATCH] refactor AppArmor into LSM backend, add SELinux support

Currently, a maximum of one LSM within LXC will be initialized and used. If in the future stacked LSMs become a reality, we can support it without changing the configuration syntax and add support for more than a single LSM at a time to the lsm code. Generic LXC code should note that lsm_process_l

Re: [lxc-devel] [PATCH 1/2] utils: move remove_trailing_slashes to utils

Quoting Qiang Huang (h.huangqi...@huawei.com): > > Signed-off-by: Qiang Huang Acked-by: Serge E. Hallyn > --- > src/lxc/lxccontainer.c | 7 --- > src/lxc/utils.c| 7 +++ > src/lxc/utils.h| 1 + > 3 files changed, 8 insertions(+), 7 deletions(-) > > diff --git a/src/lx

Re: [lxc-devel] [PATCH 2/2] arguments: remove trailing slashes for the input lxcpath

Quoting Qiang Huang (h.huangqi...@huawei.com): > In lxc_cmd(), we use > snprintf(path, len, "%s/%s/command", lxcpath ? lxcpath : inpath, name); > to fill sock name, this assume lxcpath have no trailing slashes, so > if we use > lxc-info -n test -P /usr/local/var/lib/lxc_anon/ > to get a running con

[lxc-devel] [lxc/lxc] e55500: arguments: remove trailing slashes for the input l...

Branch: refs/heads/master Home: https://github.com/lxc/lxc Commit: e555005b15a1d8e95997bd2d72abd0bc230a541d https://github.com/lxc/lxc/commit/e555005b15a1d8e95997bd2d72abd0bc230a541d Author: Qiang Huang Date: 2013-09-24 (Tue, 24 Sep 2013) Changed paths: M src/lxc/argumen

Re: [lxc-devel] [RFC] rootfs pinning

Quoting Rob Landley (r...@landley.net): > On 09/23/2013 11:19:17 AM, Serge Hallyn wrote: > >Quoting Rob Landley (r...@landley.net): > >> On 09/12/2013 01:27:07 PM, Christian Seiler wrote: > >> > Hi there, > >> > > >> > just a quick question: currently, rootfs is pinned with a > >.hold file > >> > i

Re: [lxc-devel] [RFC] rootfs pinning

On Tue, Sep 24, 2013 at 09:41:04AM -0500, Serge Hallyn wrote: > Quoting Rob Landley (r...@landley.net): > > On 09/23/2013 11:19:17 AM, Serge Hallyn wrote: > > >Quoting Rob Landley (r...@landley.net): > > >> On 09/12/2013 01:27:07 PM, Christian Seiler wrote: > > >> > Hi there, > > >> > > > >> > just

[lxc-devel] [PATCH v2 rebased against github master 9d0cda4f] refactor AppArmor into LSM backend, add SELinux support

Currently, a maximum of one LSM within LXC will be initialized and used. If in the future stacked LSMs become a reality, we can support it without changing the configuration syntax and add support for more than a single LSM at a time to the lsm code. Generic LXC code should note that lsm_process_l

Re: [lxc-devel] [RFC] rootfs pinning

On Tue, 2013-09-24 at 10:45 -0400, Stéphane Graber wrote: > On Tue, Sep 24, 2013 at 09:41:04AM -0500, Serge Hallyn wrote: > > Quoting Rob Landley (r...@landley.net): > > > On 09/23/2013 11:19:17 AM, Serge Hallyn wrote: > > > >Quoting Rob Landley (r...@landley.net): > > > >> On 09/12/2013 01:27:07

[lxc-devel] [PATCH 4/4] Automatic mounting: document options in lxc.conf(5) manpage

Signed-off-by: Christian Seiler --- doc/lxc.conf.sgml.in | 99 ++ 1 file changed, 99 insertions(+) diff --git a/doc/lxc.conf.sgml.in b/doc/lxc.conf.sgml.in index dc416e8..d904b56 100644 --- a/doc/lxc.conf.sgml.in +++ b/doc/lxc.conf.sgml.in @@ -65

[lxc-devel] [PATCH 0/4] Automatic mounting improvements

Hi there, I've attached the automatic mounting improvements that were discussed in the thread The patches are against current github master and I've also pushed them to my github:

[lxc-devel] [PATCH 3/4] Automatic mounting: add more ways to mount the cgroup filesystem

This adds quite a few more ways to mount the cgroup filesystem automatically: - Specify ro/rw/mixed: - ro: everything mounted read-only - rw: everything mounted read-write - mixed: only container's own cgroup is rw, rest ro (default) - Add cgroup-full that mo

[lxc-devel] [PATCH 1/4] Automatic mounts: improvements for /proc and /sys

Improve lxc.mount.auto code: allow the user to specify whether to mount certain things read-only or read-write. Also make the code much more easily extensible for the future. Signed-off-by: Christian Seiler --- src/lxc/conf.c| 144 + src/l

[lxc-devel] [PATCH 2/4] Automatic mounting: write lxc.mount.auto in write_config

Signed-off-by: Christian Seiler --- src/lxc/confile.c | 23 +++ 1 file changed, 23 insertions(+) diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 04b8e57..0d5cf1f 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -2002,6 +2002,29 @@ void write_config(FILE *f

Re: [lxc-devel] [RFC] rootfs pinning

Hi there, >> Yep, we discussed this at Plumbers and I think it's really the way >> to >> go, basically remove all of that fs pinning code and just do a >> bind-mount of the rootfs on itself in the container's mountns before >> starting it. > >> That way if the container decideds to remount / ro a

Re: [lxc-devel] [RFC] rootfs pinning

Quoting Christian Seiler (christ...@iwakd.de): > Hi there, > > >> Yep, we discussed this at Plumbers and I think it's really the way > >> to > >> go, basically remove all of that fs pinning code and just do a > >> bind-mount of the rootfs on itself in the container's mountns before > >> starting

Re: [lxc-devel] [PATCH 0/4] Automatic mounting improvements

Quoting Christian Seiler (christ...@iwakd.de): > Hi there, > > I've attached the automatic mounting improvements that were discussed > in the thread > > > The patches are against current github master and I've also pushed them

Re: [lxc-devel] [RFC] rootfs pinning

On Tue, 2013-09-24 at 21:51 +0100, Christian Seiler wrote: > Hi there, > > >> Yep, we discussed this at Plumbers and I think it's really the way > >> to > >> go, basically remove all of that fs pinning code and just do a > >> bind-mount of the rootfs on itself in the container's mountns before >

Re: [lxc-devel] [RFC] rootfs pinning

Quoting Michael H. Warfield (m...@wittsend.com): > No. There's a change there, all right, and thank you for reminding me > of that, but (afaik) it's NOT in the kernel itself. It's a mount > option. It's that bloody MS_SHARED option and, to a lessor extent, There *is* a kernel change which dhans

Re: [lxc-devel] [PATCH] fix some larger memory leaks in cgroup code

Quoting Dwight Engen (dwight.en...@oracle.com): > Don't worry about saved_errno since none of the *_free routines will set it > > Signed-off-by: Dwight Engen Acked-by: Serge E. Hallyn Thanks, sorry for taking so long. I'll rebase this on top of my split-up-meta2 patch and apply > --- > src/

Re: [lxc-devel] [RFC] rootfs pinning

On Tue, 2013-09-24 at 17:19 -0500, Serge Hallyn wrote: > Quoting Michael H. Warfield (m...@wittsend.com): > > No. There's a change there, all right, and thank you for reminding me > > of that, but (afaik) it's NOT in the kernel itself. It's a mount > > option. It's that bloody MS_SHARED option

[lxc-devel] [PATCH 1/2] split up lxc_cgroup_load_meta2

This one's easier to review by looking at the before and after files. It splits up lxc_cgroup_load_meta2() by adding 3 helpers. The result seems easier to reason about. A question I had, is, should the kernel_subsystems ** be freed in the success case? I assumed it was being used elsewhere but

[lxc-devel] [PATCH 2/2] fix some larger memory leaks in cgroup code

From: Dwight Engen Don't worry about saved_errno since none of the *_free routines will set it Signed-off-by: Dwight Engen Signed-off-by: Serge Hallyn --- src/lxc/cgroup.c | 18 ++ 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup

Re: [lxc-devel] [RFC] rootfs pinning

Hi there, > No. There's a change there, all right, and thank you for reminding > me > of that, but (afaik) it's NOT in the kernel itself. It's a mount > option. It's that bloody MS_SHARED option and, to a lessor extent, > MS_SLAVE option that are behind how those things are propagated. > MS_SH