ontainer?
>> there are a LOT of hard questions when you start talking about running a full
>> system inside a container that do not apply for other use of
>> containers.
>
> Not really mostly the answer is that you say no.
>
> Eric
>
David Lang
-
e something with a lot of knowledge and hooks in the
parent, so it's not just a matter of adding a way to detect "am I in a
container" or not.
when I run things in containers, I want to bind mount some things from the
parent, I want to configure syslog to listen on /dev/log insi
trol of it?
there are a LOT of hard questions when you start talking about running a
full system inside a container that do not apply for other use of
containers.
David Lang
--
All the data continuously generated i
Each network interface was brought up regardless of the configuration,
as the wrong boolean operator was being used to test the IFF_UP flag.
Signed-off-by: David Ward
---
src/lxc/conf.c |4 ++--
1 files changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
int mask = htonl(INADDR_BROADCAST<< (32 - inetdev->prefix));
>+ inetdev->bcast.s_addr = (inetdev->addr.s_addr& mask) | ~mask;
> }
>
> lxc_list_add(&netdev->ipv4, list);
The following would be a lot simpler:
inetdev->bcast.s_ad
utmp.
This replaces the check for "lxc.rootfs" in the configuration.
Signed-off-by: David Ward
---
src/lxc/utmp.c | 21 -
1 files changed, 16 insertions(+), 5 deletions(-)
diff --git a/src/lxc/utmp.c b/src/lxc/utmp.c
index 691c3ef..3356396 100644
--- a/src/l
, lxc checks to see if "/var/run" is shared between the
container and the system by comparing the device and inode numbers. If not,
lxc will watch utmp. This replaces the check for "lxc.rootfs".
Signed-off-by: David Ward
---
src/lxc/utmp.c | 21 -
1 fil
On Sat, May 14, 2011 at 00:15, Serge Hallyn wrote:
>
> I'm curious, whatcha got in mind?
I don't think you have to have something in mind to implement this.
Just that old motto "Be lenient in what you accept&qu
ostly bug fixes.
>
> Just a random observation, but there would appear to be at least a
> couple on the list who consider this to _be_ a new feature.
Me among them, FWIW.
--
David Serrano
--
Simplify data
there any information
linking compatibility between Linux versions and LXC versions?
The two Live nodes are under VERITAS VCS.
2. Do you know if VCS will work with Linux Containers?
Thanks in advance,
David.
uname -a
Linux xx.yy.ie 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86
there any information
linking compatibility between Linux versions and LXC versions?
The two Live nodes are under VERITAS VCS.
2. Do you know if VCS will work with Linux Containers?
Thanks in advance,
David.
uname -a
Linux xx.yy.ie 2.6.18-128.el5 #1 SMP Wed Dec 17 11:41:38 EST 2008 x86_64 x86
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c
27;, which indicates that it
has a real init process and is expected to write to a utmp file
- support for CAP_SYS_BOOT was not found in the kernel, which would
otherwise supersede utmp monitoring
Signed-off-by: David Ward
---
src/lxc/utmp.c |4
1 files changed, 0 insert
ll printed using the old method as well, so now the active containers
just get printed twice.
Assuming that the intention of the above commit was to only list active
containers, do not print the directory names in /var/lib/lxc any longer.
Signed-off-by: David Ward
---
src/lxc/lxc-ls.in |2 -
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 66 -
1 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index cc3910a..c915b52 100644
--- a/src/lxc
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgrou
lxc-ls returns a list of active containers by searching for UNIX sockets
named '/var/lib/lxc//command'. Make the regular expression tighter
for this search, to avoid inadvertently picking up other sockets.
Signed-off-by: David Ward
---
src/lxc/lxc-ls.in |4 ++--
1 files
The following patches address a few issues I discovered while building
or using lxc, including compatibility with systemd. They were tested on
top of lxc 0.8.0-rc1 under Fedora 16. Please let me know if you have
any questions or concerns.
David Ward (9):
use syscall numbers from Linux kernel
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc
r to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 91 ++
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c
27;, which indicates that it
has a real init process and is expected to write to a utmp file
- support for CAP_SYS_BOOT was not found in the kernel, which would
otherwise supersede utmp monitoring
Signed-off-by: David Ward
---
src/lxc/utmp.c |4
1 files changed, 0 insert
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 66 -
1 files changed, 30 insertions(+), 36 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index cc3910a..c915b52 100644
--- a/src/lxc
f you have any questions or concerns.
David Ward (12):
use syscall numbers from Linux kernel headers
lxc-attach: use execvp instead of execve
utmp: do not set conf->need_utmp_watch if CAP_SYS_BOOT is not found
utmp: support non-rootfs configuration
cgroup: rearrange code blocks
lxc-
Print error messages and help information to stderr.
Update the documentation.
Signed-off-by: David Ward
---
doc/lxc-ls.sgml.in | 17 ++-
src/lxc/lxc-ls.in | 112 +++-
2 files changed, 98 insertions(+), 31 deletions(-)
diff --git a/doc/lxc-
r to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 91 ++
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgrou
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
ling 'exec'.
Update the help information.
Print error messages and help information to stderr.
Make indentation consistent.
Signed-off-by: David Ward
---
src/lxc/lxc-netstat.in | 141 +++-
1 files changed, 91 insertions(+), 50 deletions(-)
spaces in 'ps' output that are not field separators
(for example, try 'lxc-ps -o pid,args').
Fix file mode in repository.
Signed-off-by: David Ward
---
src/lxc/lxc-ps.in | 311 +++--
1 files changed, 109 insertions(+), 202 delet
.
Signed-off-by: David Ward
---
src/lxc/lxc-checkconfig.in | 15 +++
src/lxc/lxc-clone.in | 70 +++-
src/lxc/lxc-create.in | 96 ---
src/lxc/lxc-destroy.in | 40 --
src/lxc/lxc-setcap.in
Support new default location for LXCINITDIR.
---
configure.ac |1 +
src/lxc/lxc-setcap.in |1 +
src/lxc/lxc-setuid.in |1 +
3 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/configure.ac b/configure.ac
index 526d22d..5c47dfc 100644
--- a/configure.ac
+++ b/configu
Support new default location for LXCINITDIR.
Signed-off-by: David Ward
---
configure.ac |1 +
src/lxc/lxc-setcap.in |1 +
src/lxc/lxc-setuid.in |1 +
3 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/configure.ac b/configure.ac
index 526d22d..5c47dfc 100644
When a hierarchy contains the 'ns' subsystem, do not append '/lxc'
to the parent cgroup. Update surrounding comments for consistency.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 13 +++--
1 files changed, 7 insertions(+), 6 deletions(-)
diff --git a/src/lx
27;/lxc' to the parent cgroup.
Maintain column spacing. Expand container name column as necessary.
Properly handle spaces in 'ps' output that are not field separators
(for example, try 'lxc-ps -o pid,args').
Fix file mode in repository.
Signed-off-by: D
If CAP_SYS_BOOT is not found in the kernel, the existing value for
conf->need_utmp_watch should be left intact (which will be '1' for
containers started with 'lxc-start', or '0' for containers started
with 'lxc-execute').
Signed-off-by: David Ward
---
lxc-cgroup gets or sets the value of a state object (such as
'cpuset.cpus'), not the value of a subsystem (which would be
just 'cpuset').
Signed-off-by: David Ward
---
doc/lxc-cgroup.sgml.in | 31 +--
src/lxc/cgroup.c |4 ++--
Obtain a list of subsystems from /proc/cgroups, and ignore hierarchies
that are not bound to any of them (especially the 'systemd' hierarchy:
http://www.freedesktop.org/wiki/Software/systemd/PaxControlGroups ).
Signed-off-by: David Ward
---
src/lxc/cgrou
execvp does not require specifying the full path to the executable
(e.g., "ls" instead of "/bin/ls"), making the operation of 'lxc-attach'
consistent with 'lxc-start' and 'lxc-execute'.
Signed-off-by: David Ward
---
src/lxc/lxc_attach.c
__NR_setns is defined in the Linux kernel headers in linux/unistd.h.
The full Linux kernel sources are not necessary for compilation.
Signed-off-by: David Ward
---
config/linux.m4 | 76 ---
configure.ac|8 ++---
src/lxc
do not append '/lxc' to the parent cgroup.
Add a '--help' option that prints the command syntax.
Print error messages and help information to stderr.
Update the documentation.
Signed-off-by: David Ward
---
doc/lxc-ls.sgml.in |
ot feature patches). They were
tested on top of lxc 0.8.0-rc2 under both Fedora 14 and Fedora 16. I am
submitting them for inclusion in lxc 0.8.0. Please let me know if you
have any questions or concerns.
David Ward (14):
use syscall numbers from Linux kernel headers
lxc-attach: use execvp
r to solve a different problem: ignoring hierarchies that are
not bound to any subsystems (like 'systemd').
Signed-off-by: David Ward
---
src/lxc/attach.c | 110 +
src/lxc/attach.h |9
src/lxc/cgroup.c | 97 +
mount block device /proc//net read-only".
Check that user is root. Check that container name is specified
before calling 'exec'.
Update the help information.
Print error messages and help information to stderr.
Make indentation consistent.
Signed-off-by: David
27;, which indicates that it
has a real init process and is expected to write to a utmp file
- support for CAP_SYS_BOOT was not found in the kernel, which would
otherwise supersede utmp monitoring
Signed-off-by: David Ward
---
src/lxc/utmp.c |4
1 files changed, 0 insert
Avoid nesting and improve readability.
Signed-off-by: David Ward
---
src/lxc/cgroup.c | 70 -
1 files changed, 32 insertions(+), 38 deletions(-)
diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c
index f50c74a..8d70951 100644
--- a/src/lxc
.
Signed-off-by: David Ward
---
src/lxc/lxc-checkconfig.in | 15 +++
src/lxc/lxc-clone.in | 70 +++-
src/lxc/lxc-create.in | 96 ---
src/lxc/lxc-destroy.in | 40 --
src/lxc/lxc-setcap.in
Support new default location for LXCINITDIR.
Signed-off-by: David Ward
---
configure.ac |1 +
src/lxc/lxc-setcap.in |1 +
src/lxc/lxc-setuid.in |1 +
3 files changed, 3 insertions(+), 0 deletions(-)
diff --git a/configure.ac b/configure.ac
index c2bf4b0..0c8aa69 100644
/sec.
Is it normal?
Is there any way to improve the performance?
We use Linuxkernel 2.6.38.
We used bridge for networking.
Thanks,
David
--
Dr. Dong-In "David" Kang
Computer Scientist
USC/ISI
-
The child process's environment should be manipulated the same way
by lxc-attach as it would be by lxc-start or lxc-execute.
Signed-off-by: David Ward
---
src/lxc/attach.c | 15 +++
src/lxc/attach.h |1 +
src/lxc/lxc_attach.c |5 +
3 files change
gured.
Signed-off-by: David Ward
---
src/lxc/conf.c |7 ++-
1 files changed, 6 insertions(+), 1 deletions(-)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 965a0d2..6b3f318 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -1129,8 +1129,13 @@ static int setup_rootfs(struct lxc
Hi, lxc-developers,
I had performed
git clone git://lxc.git.sourceforge.net/gitroot/lxc/lxc
and under doc I don't see any man pages.
for a lxc tar gz I downloaded, they are under doc.
Is there a reason man pages are not in git ?
DS
--
Hello,
Thanks for the answer.
Is there a way to generate the man pages after downloaded the
git tree? When I ran "make" the man pages were not generated.
regards,
David
On Thu, Apr 18, 2013 at 2:45 PM, Stéphane Graber wrote:
> On 04/18/2013 01:34 PM, David Shwatrz wrot
Hi,
Great.
After "yum install docbook2X" and
./configure --enable-doc” it worked.
rgs
DS
On Thu, Apr 18, 2013 at 6:31 PM, Stéphane Graber wrote:
> On 04/18/2013 05:13 PM, David Shwatrz wrote:
>> Hello,
>> Thanks for the answer.
>>
>> Is there a way to genera
cgconfig should update /etc/mtab, or
2) lxc should search /proc/mounts instead of /etc/mtab
(change one line in src/lxc/cgroup.c)
Which is the correct solution?
Thanks,
David
--
Start uncovering the many advantag
cal or virtual.
Can the kernel distinguish between network interfaces that were created
inside the namespace, and network interfaces that were moved there?
David
P.S. should I send this message to the netdev list instead?
smime.p7s
The two variables I added have misleading names. I will fix these,
clarify the commit message, and resend shortly.
David
On 02/28/2011 07:08 PM, Ward, David - 0663 - MITLL wrote:
lxc watches /var/run/utmp in the container to monitor its runlevel, so that
it can stop or "reboot" the
On 03/05/2012 06:01 PM, Daniel Lezcano wrote:
On 03/05/2012 02:34 PM, David Ward wrote:
Originally, lxc-ls listed all containers by printing the directory names
in /var/lib/lxc. After commit 65cb447f9b8d1ac8dcf9df24a4f877180444f003,
lxc-ls now finds and prints active containers by searching for
e was any timeline for looking at the patches against 0.8.0-rc2 that
have been sent to the lists? As more new patches keep coming in, it
might make it more difficult to merge things, or mean that less testing
has gone into the merged code.
Thanks!
m. So maybe the
code should also check for the 'netprio' subsystem in the same way?
I'm not sure if this is relevant to your problem, but last month I sent
a patchset that, among other things, fixes lxc to properly handle cgroup
On 21/03/12 19:28, Ward, David - 0663 - MITLL wrote:
When a hierarchy contains the 'ns' subsystem, do not append '/lxc'
to the parent cgroup. Update surrounding comments for consistency.
Signed-off-by: David Ward
This patch is actually unnecessary. The existing code alre
On 11/05/12 10:14, David Kang wrote:
> My group is measuring network performance of LXC.
> We can get 9 Gig/sec between the host machine and the other machine.
> But, between an LXC instance and the other machine, we only get 3.7 Gig/sec.
> We also measured performance between the
dles SIGPWR with the 'power-status-changed' event:
see http://upstart.ubuntu.com/cookbook/upstart_cookbook.pdf )
If existing distros don't handle SIGPWR, then why don't we just modify
the lxc-template so that it does? Or even fix the distro itself so
On 25/05/12 11:28, Ward, David - 0663 - MITLL wrote:
On 25/05/12 10:40, Christian Seiler wrote:
Hi,
my lxc management script uses lxc-stop just for an emergency action
called "fored-stop" and it will be also applied, if a normal "stop"
(alias "halt") action wil
On 21/06/12 05:33, Jäkel, Guido wrote:
Hello Developers,
using Gentoo's lxc-0.8.0_rc1-r4 with a Kernel gentoo-sources-3.3.5 I
observe the following issue concerning the cgroupfs:
For reasons of compatibility I have still mounted the controllers of the
cgroupfs at a single mountpoint /cg
On 21/06/12 09:18, Ward, David - 0663 - MITLL wrote:
On 21/06/12 05:33, Jäkel, Guido wrote:
Hello Developers,
using Gentoo's lxc-0.8.0_rc1-r4 with a Kernel
gentoo-sources-3.3.5 I observe the following issue concerning the
cgroupfs:
For reasons of compatibility I have still mounte
lfils two puropses: It shows you a list of running
containers with some helpful extra information (needs -a, to list them all) and
its nicely parseable by scripts at the same time...
Just FYI, current git now allows you to list running containers only
with the '--active' flag to
mmediately without opening a shell. (This is with Fedora 18 and kernel
3.8.2.)
David
On 01/17/2013 10:53 AM, Serge Hallyn wrote:
Only the container parent needs to keep that fd open. Close it
as soon as the container's first task is spawned. Else it can
show up in /proc/$$/fd in the contain
On 03/10/2013 11:45 PM, Serge Hallyn wrote:
Quoting Ward, David - 0663 - MITLL (david.w...@ll.mit.edu):
Hi Serge,
This patch seems to have introduced a regression. When I use
lxc-execute with a very simple container (which only sets the
utsname), the terminal input is not forwarded to the
dless of whether the container was started with lxc-start or
lxc-execute)...this may need to be adjusted.
Thanks,
David
smime.p7s
Description: S/MIME Cryptographic Signature
--
Symantec Endpoint Protection 12 positione
On 03/12/2013 06:12 PM, Michael H. Warfield wrote:
Hey all.
On Tue, 2013-03-12 at 15:55 -0500, Serge Hallyn wrote:
Quoting Ward, David - 0663 - MITLL (david.w...@ll.mit.edu):
Michael, Serge,
On 01/09/2013 03:38 PM, Michael H. Warfield wrote:
4) clearenv and putenv( "container=lxc&quo
introduces the most basic functionality.
Signed-off-by: Christian Seiler
The original intent of my earlier patch was to avoid different default
behavior between lxc-execute and lxc-attach. That no longer holds. Can
we apply these same changes below to lxc-execute please?
David
---
doc
74 matches
Mail list logo
