![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package lxc.1265 for openSUSE:12.2:Update checked in at 2013-02-05 17:34:43 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.2:Update/lxc.1265 (Old) and /work/SRC/openSUSE:12.2:Update/.lxc.1265.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "lxc.1265", Maintainer is "" Changes: -------- New Changes file: --- /dev/null 2013-01-09 19:40:42.352580873 +0100 +++ /work/SRC/openSUSE:12.2:Update/.lxc.1265.new/lxc.changes 2013-02-05 17:34:46.000000000 +0100 @@ -0,0 +1,230 @@ +------------------------------------------------------------------- +Thu Jan 10 18:29:54 CET 2013 - fcrozat@suse.com + +- Add lxc-opensuse-12.1-fixbuild.patch: fix openSUSE 12.1 container + build (bnc#786245). +- Add lxc-opensuse-12.2.patch: + + switch openSUSE template to 12.2 + + install iputils in the default configuration + + autoconfigure gateway if possible + + detect if network is set to 0.0.0.0 and configure DHCP + + bind mount /etc/resolv.conf in container +- Add use-relative-paths-for-container.patch, + fix-lxc-clone-mount-entries.patch and update sles + template: use relative paths for container mount points, fixes + lxc-clone dropping some lxc.mount entries (bnc#789387). +- Add Requires(post) dependency on aaa_base (bnc#786970). +- Add dhcpcd in default installation in openSUSE template (bnc#776169). +- Add change-hwaddr-on-clone.patch: modify MAC address when cloning + a container (git) +- Add wait-until-container-is-stopped.patch: if destroying a + running container, wait until it is stopped before destroying it. +- Ensure lxc-createconfig uses opensuse template by default. +- Ensure lxc-createconfig correctly detect cidr (bnc#773234). +- Add pivot-root_shared.patch: fix pivot root when / is mounted as + shared (default on 12.3 and later). + +------------------------------------------------------------------- +Fri Apr 20 13:53:41 UTC 2012 - fcrozat@suse.com + +- Add various fixes to opensuse template : + + create /etc/hostname as symlink to /etc/HOSTNAME + (lxc-clone fix) + + fix inadequate space in lxc.mount config (lxc-clone fix) + + disable network in container if not configured + + configure network scripts properly +- Add lxc-snapshot-btrfs-lvm.patch: backport snapshot support, + using btrfs or lvm2. +- Add lxc-opensuse-tmpfs.patch: ensure container shutting down is + correctly detected by LXC. + +------------------------------------------------------------------- +Fri Apr 13 11:36:16 UTC 2012 - fcrozat@suse.com + +- Add lxc-createconfig script to easy LXC configuration + (bnc#723950). + +------------------------------------------------------------------- +Tue Mar 6 21:11:54 CET 2012 - jslaby@suse.de + +- Accurately detect whether a system supports clone_children + (bnc#750470) + +------------------------------------------------------------------- +Tue Jan 10 15:41:45 UTC 2012 - fcrozat@suse.com + +- Drop lxc-file_caps.patch, it is SLES specific, since openSUSE is + now shipping with file capabilities enabled. + +------------------------------------------------------------------- +Fri Jan 6 15:51:32 UTC 2012 - fcrozat@suse.com + +- Update lxc-opensuse-12.1.patch to correctly generate containers + on x86 (bnc#739315). +- Backport some fixes from SLES 11 SP2: + - Add lxc-checkconfig-kernel-3.patch and lxc-file_caps.patch: + fix detection of kernel 3.x and file capabilities (bnc#720845). + - Fix example path in manpages (bnc#723946). + +------------------------------------------------------------------- +Tue Oct 25 11:35:10 UTC 2011 - fcrozat@suse.com + +- Add console to opensuse securetty, since we are in a container. + +------------------------------------------------------------------- +Tue Oct 25 09:32:01 UTC 2011 - fcrozat@suse.com + +- Add lxc-opensuse-12.1.patch: create openSUSE 12.1 containers now +- Add Recommends on build package, which is used by opensuse + template. +- Update README.SUSE to current status for cgroups mountpoint + +------------------------------------------------------------------- +Fri Sep 2 08:26:28 UTC 2011 - fcrozat@suse.com + +- Fix license tag, it is LGPLv2.1+ (using LGPLv2+ tag to be + consistent). + +------------------------------------------------------------------- +Wed Aug 31 11:16:28 UTC 2011 - fcrozat@suse.com + +- Update to 0.7.5: + - add initial lxc-clone feature + - add arm as supported srcarch + - opensuse template is merged + - improve other distribution templates + - support cgroups mounted in multiple places + +------------------------------------------------------------------- +Fri Jun 24 21:33:24 CEST 2011 - jslaby@suse.de + +- kill _service + +------------------------------------------------------------------- +Fri Jun 24 14:09:02 UTC 2011 - fcrozat@suse.com + +- Add lxc-opensuse template. +- package /var/lib/lxc. + +------------------------------------------------------------------- +Fri May 27 21:16:56 CEST 2011 - jslaby@suse.de + +- update to 0.7.4.2 + - exit if allocation fails + - ensure monitored container name is null terminated + - do not put devpts in fstab + +------------------------------------------------------------------- +Thu Mar 24 14:22:15 UTC 2011 - brian@aljex.com + +- update to 0.7.4.1 + - fix mount path + - rename physical device to the original name + +------------------------------------------------------------------- +Mon Feb 28 18:03:32 CET 2011 - jslaby@suse.de + +- update to 0.7.4 final + - fix support for >= 2.6.37 kernels +- update README.SUSE file -- it contained obsolete information + +------------------------------------------------------------------- +Mon Feb 21 17:48:07 CET 2011 - jslaby@suse.de + +- update to 0.7.4-rc1+ + - fix cgroups collision with systemd (bnc#673821) + - lxc-start output-to-file support + - better error reporting + - suppress udev log output + - many fixes + +------------------------------------------------------------------- +Wed Dec 20 10:12:28 CEST 2010 - jslaby@suse.de + +- update to 0.7.3 + - mount the rootfs to the mount directory first + - update the lxc.conf man page + - fix compilation and link errors + - don't play with the capabilities when we are root + +------------------------------------------------------------------- +Wed Oct 6 09:02:28 CEST 2010 - jslaby@suse.de + +- update to 0.7.2 + +------------------------------------------------------------------- +Mon Jul 5 22:24:34 CEST 2010 - jslaby@suse.de + +- update to 0.7.1 + * full list of changes since 0.6.5 at http://lxc.git.sourceforge.net + +------------------------------------------------------------------- +Fri Mar 5 10:22:44 UTC 2010 - lnussel@suse.de + +- add README.SUSE +- add %dir /var/lib/lxc + +------------------------------------------------------------------- +Thu Mar 4 16:33:46 CET 2010 - jslaby@suse.de + +- update to 0.6.5 + +------------------------------------------------------------------- +Wed Aug 19 09:06:17 CEST 2009 - jslaby@suse.de + +- remove stddef.h workaround, linux-kernel-headers are fixed now + +------------------------------------------------------------------- +Tue Aug 18 15:29:26 CEST 2009 - jslaby@suse.de + +- remove mkdir /var/lxc from %post rpm script + +------------------------------------------------------------------- +Mon Aug 17 13:03:00 CEST 2009 - jslaby@suse.de + +- Remove old lxc hack from specfile +- Fix factory build due to broken linux-kernel-headers + (add stddef.h to includes in configure.ac) and lxc automake file + +------------------------------------------------------------------- +Thu Aug 13 08:51:03 UTC 2009 - adrian@suse.de + +- Add Requires to ensure that lxc-setcap is working + +------------------------------------------------------------------- +Mon Aug 10 15:14:40 CEST 2009 - jslaby@suse.de + +- update to 0.6.3 ++++ 33 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.2:Update/.lxc.1265.new/lxc.changes New: ---- Accurately-detect-whether-a-system-supports-clone_children.patch README.SUSE change-hwaddr-on-clone.patch fix-lxc-clone-mount-entries.patch lxc-0.7.5.tar.gz lxc-cgroup-already-running.patch lxc-cgroup-warning.patch lxc-checkconfig-kernel-3.patch lxc-cleanup-network-on-error.patch lxc-createconfig.in lxc-fix-warning-already-running.patch lxc-improve-gateway-detection.patch lxc-opensuse-12.1-fixbuild.patch lxc-opensuse-12.1.patch lxc-opensuse-12.2.patch lxc-opensuse-tmpfs.patch lxc-snapshot-btrfs-lvm.patch lxc.changes lxc.spec pivot-root_shared.patch use-relative-paths-for-container.patch wait-until-container-is-stopped.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ lxc.spec ++++++ # # spec file for package lxc # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: lxc Version: 0.7.5 Release: 0 Url: http://lxc.sourceforge.net/ Summary: Linux containers implementation License: LGPL-2.1+ Group: System/Management Source: http://lxc.sourceforge.net/download/lxc/%{name}-%{version}.tar.gz Source1: README.SUSE Source2: lxc-createconfig.in # PATCH-FIX-UPSTREAM update openSUSE template to use 12.1 and various fixes Patch0: lxc-opensuse-12.1.patch # PATCH-FIX-UPSTREAM lxc-checkconfig-kernel-3.patch bnc#720845 fcrozat@suse.com -- correctly detect kernel 3.x Patch1: lxc-checkconfig-kernel-3.patch Patch2: Accurately-detect-whether-a-system-supports-clone_children.patch # PATCH-FIX-UPSTREAM lxc-snapshot-btrfs-lvm.patch fcrozat@suse.com -- backport support for btrfs and lvm based snapshots (git) Patch3: lxc-snapshot-btrfs-lvm.patch # PATCH-FIX-UPSTREAM lxc-opensuse-tmpfs.patch fcrozat@suse.com -- fix shutdown in openSUSE container Patch4: lxc-opensuse-tmpfs.patch # PATCH-FIX-UPSTREAM lxc-opensuse-12.1-fixbuild.patch bnc#786245 fcrozat@suse.com -- fix build Patch5: lxc-opensuse-12.1-fixbuild.patch # PATCH-FIX-UPSTREAM lxc-cgroup-warning.patch fcrozat@suse.com -- explain cgroups aren't mounted when starting fails Patch6: lxc-cgroup-warning.patch # PATCH-FIX-UPSTREAM lxc-fix-warning-already-running.patch fcrozat@suse.com -- warn if container is already running Patch7: lxc-fix-warning-already-running.patch # PATCH-FIX-UPSTREAM lxc-cleanup-network-on-error.patch fcrozat@suse.com -- cleanup network virtual interface on error Patch8: lxc-cleanup-network-on-error.patch # PATCH-FIX-UPSTREAM lxc-improve-gateway-detection.patch fcrozat@suse.com -- Improve gateway detection Patch9: lxc-improve-gateway-detection.patch # PATCH-FIX-UPSTREAM lxc-cgroup-already-running.patch fcrozat@suse.com -- warn if container is already running Patch10: lxc-cgroup-already-running.patch # PATCH-FIX-UPSTREAM change-hwaddr-on-clone.patch fcrozat@suse.com -- update network address when cloning a container Patch11: change-hwaddr-on-clone.patch # PATCH-FIX-UPSTREAM wait-until-container-is-stopped.patch fcrozat@suse.com -- wait until container is stopped before destroying it Patch12: wait-until-container-is-stopped.patch # PATCH-FIX-UPSTREAM use-relative-paths-for-container.patch fcrozat@suse.com bnc#789387 -- use relative paths for containers Patch13: use-relative-paths-for-container.patch # PATCH-FIX-UPSTREAM fix-lxc-clone-mount-entries.patch fcrozat@suse.com bnc#789387 -- fix lxc.mount entries when using lxc-clone Patch14: fix-lxc-clone-mount-entries.patch # PATCH-FIX-UPSTREAM lxc-opensuse-12.2.patch Patch15: lxc-opensuse-12.2.patch # PATCH-FIX-UPSTREAM pivot-root_shared.patch fcrozat@suse.com -- fix pivot root when / is mount as shared Patch16: pivot-root_shared.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: docbook-utils BuildRequires: libcap-devel BuildRequires: pkg-config %if 0%{?suse_version} >= 1130 BuildRequires: linux-glibc-devel %else BuildRequires: linux-kernel-headers %endif Requires: /sbin/setcap Requires: rsync Requires(post): aaa_base # needed to create openSUSE containers using template Recommends: build %description It provides commands to create and manage containers. It contains a full featured container with the isolation/virtualization of the pids, the ipc, the utsname, the mount points, /proc, /sys, the network and it takes into account the control groups. It is very light, flexible, and provides a set of tools around the container like the monitoring with asynchronous events notification, or the freeze of the container. This package is useful to create Virtual Private Server, or to run isolated applications like bash or sshd. %package devel Summary: Development library for lxc License: LGPL-2.1 Group: Development/Libraries/C and C++ Requires: %name = %version Requires: glibc-devel %description devel Lxc header files and library needed for development of containers. %prep %setup %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 %patch13 -p1 %patch14 -p1 %patch15 -p1 %patch16 -p1 %build %configure --disable-examples %__make %{?_smp_mflags} %__cp %{SOURCE1} . %__rm -rf .doc %__mkdir_p .doc/examples %__cp doc/examples/*.conf .doc/examples %install %makeinstall install -d -m 755 %{buildroot}/var/lib/lxc find %buildroot -type f -name '*.la' -delete ./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:2} chmod a+x %{buildroot}%{_bindir}/lxc-createconfig %clean %__rm -rf %buildroot %post /sbin/ldconfig %fillup_and_insserv -f -Y boot.cgroup /etc/init.d/boot.cgroup start 2>/dev/null >/dev/null || : %postun /sbin/ldconfig %insserv_cleanup %files %defattr(-,root,root) %doc AUTHORS MAINTAINERS COPYING README doc/FAQ.txt %doc README.SUSE %doc .doc/examples %{_libdir}/lib%{name}.so.* %{_libdir}/%name %dir /var/lib/lxc %{_bindir}/%{name}-* %{_mandir}/man[^3]/* %files devel %defattr(-,root,root) %{_includedir}/%name %{_libdir}/lib%{name}.so %{_datadir}/pkgconfig/%{name}.pc %changelog ++++++ Accurately-detect-whether-a-system-supports-clone_children.patch ++++++
From 3e2981d4599962ec069c249460d86ce8ebec7644 Mon Sep 17 00:00:00 2001 From: Serge E. Hallyn <serge.hallyn@canonical.com> Date: Mon, 24 Oct 2011 14:38:30 +0200 Subject: Accurately detect whether a system supports clone_children Patch-upstream: yes
If multiple cgroups are mounted under /sys/fs/cgroup, then the original check ends up looking for /sys/fs/cgroup/cgroup.clone_children, which does not exist because that is just a tmpfs. So make sure to check an actual cgroupfs. Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/lxc-checkconfig.in | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in index 5dcf3a4..30f6186 100755 --- a/src/lxc/lxc-checkconfig.in +++ b/src/lxc/lxc-checkconfig.in @@ -63,7 +63,12 @@ echo -n "Multiple /dev/pts instances: " && is_enabled DEVPTS_MULTIPLE_INSTANCES echo echo "--- Control groups ---" -CGROUP_MNT_PATH=$(grep -m1 "^cgroup" /proc/self/mounts | awk '{ print $2 }') +print_cgroups() { + # print all mountpoints for cgroup filesystems + awk '$1 !~ /#/ && $3 == mp { print $2; } ; END { exit(0); } ' "mp=$1" "$2" ; +} + +CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -1` echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS yes -- 1.7.4.1 ++++++ README.SUSE ++++++ To mount the control group file system on openSUSE 11.3, SLE 11 SP1 and older, perform the following: mkdir /cgroup and add the following line to /etc/fstab: cgroup /cgroup cgroup nofail 0 0 On openSUSE 11.4, SLE 11 SP2 and newer, you can just run: /sbin/insserv boot.cgroup and /sys/fs/cgroup will be mounted for cgroup automatically. ++++++ change-hwaddr-on-clone.patch ++++++
From 7b605a1d1e2ad65c235a43bf61dbd0bc240809c1 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@ubuntu.com> Date: Tue, 31 Jul 2012 16:01:28 +0200 Subject: [PATCH] lxc-clone: update any hwaddrs
Since we are creating a new container it should not share a macaddr with the original container. Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/934256 Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/lxc-clone.in | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in index 4a9f581..78058ec 100644 --- a/src/lxc/lxc-clone.in +++ b/src/lxc/lxc-clone.in @@ -259,6 +259,20 @@ if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then sed -i "s/send host-name.*$/send host-name \"$hostname\";/" $rootfs/etc/dhcp/dhclient.conf fi +c=$lxc_path/$lxc_new/config +# change hwaddrs +mv ${c} ${c}.old +( +while read line; do + if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then + echo "lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" + else + echo $line + fi +done +) < ${c}.old > ${c} +rm -f ${c}.old + # set the hostname cat <<EOF > $rootfs/etc/hostname $hostname -- 1.7.10.4
From 989e861d5c5b4a905efb4eb3f58a3eae9d21f83f Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@ubuntu.com> Date: Tue, 31 Jul 2012 16:04:33 +0200 Subject: [PATCH] lxc-clone.in: put $line in quotes to avoid its expansion
Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/lxc-clone.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in index deb01f7..f20411c 100644 --- a/src/lxc/lxc-clone.in +++ b/src/lxc/lxc-clone.in @@ -271,7 +271,7 @@ while read line; do if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then echo "lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" else - echo $line + echo "$line" fi done ) < ${c}.old > ${c} -- 1.7.10.4 Index: lxc-0.7.5/src/lxc/lxc-clone.in =================================================================== --- lxc-0.7.5.orig/src/lxc/lxc-clone.in +++ lxc-0.7.5/src/lxc/lxc-clone.in @@ -265,13 +265,13 @@ if [ -f $rootfs/etc/dhcp/dhclient.conf ] sed -i "s/send host-name.*$/send host-name \"$hostname\";/" $rootfs/etc/dhcp/dhclient.conf fi -c=$lxc_path/$lxc_new/config +c=$config_path/$lxc_new/config # change hwaddrs mv ${c} ${c}.old ( while read line; do if [ "${line:0:18}" = "lxc.network.hwaddr" ]; then - echo "lxc.network.hwaddr= 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" + echo "lxc.network.hwaddr = 00:16:3e:$((date ; cat /proc/interrupts ) | md5sum | sed -r 's/^(.{6}).*$/\1/;s/([0-9a-f]{2})/\1:/g;s/:$//;')" else echo "$line" fi ++++++ fix-lxc-clone-mount-entries.patch ++++++
From 4d5fb23ad827eda17b64676f527c3f168cd56ebd Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge@amd1.(none)> Date: Fri, 20 Jul 2012 10:38:15 -0500 Subject: [PATCH] lxc-clone: fix handling of lxc.mount entries
The 'lxc.mount =' entry can have more than one space, or tabs, before the =. We only need to disambiguate from 'lxc.mount.entry'. So just check for a space or tab after mount. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> --- src/lxc/lxc-clone.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lxc/lxc-clone.in b/src/lxc/lxc-clone.in index 9292e10..d9ed78c 100644 --- a/src/lxc/lxc-clone.in +++ b/src/lxc/lxc-clone.in @@ -176,7 +176,7 @@ cp $lxc_path/$lxc_orig/config $lxc_path/$lxc_new/config sed -i '/lxc.utsname/d' $lxc_path/$lxc_new/config echo "lxc.utsname = $hostname" >> $lxc_path/$lxc_new/config -grep "lxc.mount =" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount =/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; } +grep "lxc.mount[ \t]" $lxc_path/$lxc_new/config >/dev/null 2>&1 && { sed -i '/lxc.mount[ \t]/d' $lxc_path/$lxc_new/config; echo "lxc.mount = $lxc_path/$lxc_new/fstab" >> $lxc_path/$lxc_new/config; } if [ -e $lxc_path/$lxc_orig/fstab ];then cp $lxc_path/$lxc_orig/fstab $lxc_path/$lxc_new/fstab -- 1.7.10.4 ++++++ lxc-cgroup-already-running.patch ++++++
From abce2e8ee2cc07c1273dff7786902393a28108de Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Fri, 27 Apr 2012 15:57:02 +0200 Subject: [PATCH] give a hint if old cgroup can't be moved
When cgroup can't be moved, it might be a hint container is already running. --- src/lxc/cgroup.c | 3 +++ 1 files changed, 3 insertions(+), 0 deletions(-) Index: lxc-0.7.5/src/lxc/cgroup.c =================================================================== --- lxc-0.7.5.orig/src/lxc/cgroup.c +++ lxc-0.7.5/src/lxc/cgroup.c @@ -185,6 +185,9 @@ static int lxc_one_cgroup_create(const c */ if (!access(cgname, F_OK) && rmdir(cgname)) { SYSERROR("failed to remove previous cgroup '%s'", cgname); + ERROR("##"); + ERROR("# The container might be already running!"); + ERROR("##"); return -1; } ++++++ lxc-cgroup-warning.patch ++++++
From f0e64b8b66e0634cf0eb79728223bc3fdb407523 Mon Sep 17 00:00:00 2001 From: Daniel Lezcano <daniel.lezcano@free.fr> Date: Thu, 5 Jan 2012 22:45:31 +0100 Subject: [PATCH] give explicit error when the cgroup are not found
When the cgroup is not mounted, we silently exit without giving some clues to the user with what is happening. Give some info and an explicit error. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/cgroup.c | 8 +++++++- 1 files changed, 7 insertions(+), 1 deletions(-) diff --git a/src/lxc/cgroup.c b/src/lxc/cgroup.c index a2b823e..6ae67bd 100644 --- a/src/lxc/cgroup.c +++ b/src/lxc/cgroup.c @@ -240,6 +240,7 @@ int lxc_cgroup_create(const char *name, pid_t pid) struct mntent *mntent; FILE *file = NULL; int err = -1; + int found = 0; file = setmntent(MTAB, "r"); if (!file) { @@ -253,13 +254,18 @@ int lxc_cgroup_create(const char *name, pid_t pid) if (!strcmp(mntent->mnt_type, "cgroup")) { - INFO("found cgroup mounted at '%s'", mntent->mnt_dir); + INFO("[%d] found cgroup mounted at '%s',opts='%s'", + ++found, mntent->mnt_dir, mntent->mnt_opts); + err = lxc_one_cgroup_create(name, mntent, pid); if (err) goto out; } }; + if (!found) + ERROR("No cgroup mounted on the system"); + out: endmntent(file); return err; -- 1.7.7 ++++++ lxc-checkconfig-kernel-3.patch ++++++
From 5a4d96d1fd95719ddeb462fff45dbbc7cbbee3df Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Thu, 13 Oct 2011 11:26:56 +0200 Subject: [PATCH] handle kernel 3.x in lxc-checkconfig
Make sure to correctly detect kernel 3.x for file capabilities. --- src/lxc/lxc-checkconfig.in | 17 +++++++++++++---- 1 files changed, 13 insertions(+), 4 deletions(-) diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in index 5dcf3a4..c2c64ba 100755 --- a/src/lxc/lxc-checkconfig.in +++ b/src/lxc/lxc-checkconfig.in @@ -83,12 +83,21 @@ echo "--- Misc ---" echo -n "Veth pair device: " && is_enabled CONFIG_VETH echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q +KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \ + sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/') +if [[ $KVER_MAJOR == 2 ]]; then KVER_MINOR=$($GREP '^# Linux' $CONFIG | \ - sed -r 's/.*2.6.([0-9]{2}).*/\1/') + sed -r 's/.* 2.6.([0-9]{2}).*/\1/') +else +KVER_MINOR=$($GREP '^# Linux' $CONFIG | \ + sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/') +fi echo -n "File capabilities: " && - [[ ${KVER_MINOR} < 33 ]] && is_enabled CONFIG_SECURITY_FILE_CAPABILITIES || - [[ ${KVER_MINOR} > 32 ]] && $SETCOLOR_SUCCESS && echo -e "enabled" && - $SETCOLOR_NORMAL + ( [[ ${KVER_MAJOR} == 2 && ${KVER_MINOR} < 33 ]] && + is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) || + ( [[ ( ${KVER_MAJOR} == 2 && ${KVER_MINOR} > 32 ) || + ${KVER_MAJOR} > 2 ]] && $SETCOLOR_SUCCESS && + echo -e "enabled" && $SETCOLOR_NORMAL ) echo echo "Note : Before booting a new kernel, you can check its configuration" -- 1.7.3.4 ++++++ lxc-cleanup-network-on-error.patch ++++++
From d8f8e35202d9f84ca69cc4c65aeda0febb934e39 Mon Sep 17 00:00:00 2001 From: Daniel Lezcano <daniel.lezcano@free.fr> Date: Thu, 5 Jan 2012 22:45:32 +0100 Subject: [PATCH] Fix network cleanup on error
Network cleanup does not cleanup correctly the virtual interfaces in case of an error. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/conf.c | 16 +++++++++++----- src/lxc/start.c | 1 - 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 41039d7..5e41d38 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -1702,13 +1702,19 @@ void lxc_delete_network(struct lxc_list *network) if (netdev->ifindex == 0) continue; - /* Recent kernels already delete the virtual devices */ - if (netdev->type != LXC_NET_PHYS) + if (netdev->type == LXC_NET_PHYS) { + if (lxc_netdev_rename_by_index(netdev->ifindex, netdev->link)) + WARN("failed to rename to the initial name the " \ + "netdev '%s'", netdev->link); continue; + } - if (lxc_netdev_rename_by_index(netdev->ifindex, netdev->link)) - WARN("failed to rename to the initial name the netdev '%s'", - netdev->link); + /* Recent kernel remove the virtual interfaces when the network + * namespace is destroyed but in case we did not moved the + * interface to the network namespace, we have to destroy it + */ + if (lxc_netdev_delete_by_index(netdev->ifindex)) + WARN("failed to remove interface '%s'", netdev->name); } } diff --git a/src/lxc/start.c b/src/lxc/start.c index 334262d..18f6878 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -490,7 +490,6 @@ int lxc_spawn(struct lxc_handler *handler) } } - /* Create a process in a new set of namespaces */ handler->pid = lxc_clone(do_start, handler, clone_flags); if (handler->pid < 0) { -- 1.7.7 ++++++ lxc-createconfig.in ++++++ #!/bin/bash # # lxc: linux Container library # Authors: # Mike Friesenegger <mikef@suse.com> # Daniel Lezcano <daniel.lezcano@free.fr> # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA usage() { echo "usage: lxc-createconfig -n <name> [-i <ipaddr/cidr>] [-b <bridge>] [-t <template]" } help() { usage echo echo "creates a lxc container config file which can be in" echo "turn used by lxc-create to create the lxc system object." echo echo "Options:" echo "name : name of the container" echo "ipaddr : ip address/cidr of the container" echo "bridge : bridge device for container (br0 if undefined)" echo "template : template is an accessible template script (opensuse if undefined)" } shortoptions='hn:i:b:t:' longoptions='help,name:,ipaddr:,bridge:,template:' lxc_confpath=$HOME templatedir=@LXCTEMPLATEDIR@ lxc_bridge=br0 lxc_template=opensuse getopt=$(getopt -o $shortoptions --longoptions $longoptions -- "$@") if [ $? != 0 ]; then usage exit 1; fi eval set -- "$getopt" while true; do case "$1" in -h|--help) help exit 1 ;; -n|--name) shift lxc_name=$1 lxc_confname=$lxc_name.config shift ;; -i|--ipaddr) shift lxc_ipaddr=$1 shift ;; -b|--bridge) shift lxc_bridge=$1 shift ;; -t|--template) shift lxc_template=$1 shift ;; --) shift break;; *) echo $1 usage exit 1 ;; esac done if [ -z "$lxc_name" ]; then echo "no container name specified" usage exit 1 fi if [ -f "$lxc_confpath/$lxc_confname" ]; then echo "'$lxc_confname' already exists" exit 1 fi if [ ! -z "$lxc_ipaddr" ]; then echo $lxc_ipaddr | grep -E '/(([^C9]{0,1}[0-9])|(3[0-2]))$' if [ $? -ne 0 ]; then echo "$lxc_ipaddr is missing a cidr" usage exit 1 fi fi if [ -z "$lxc_ipaddr" ]; then lxc_ipaddr=DHCP fi if [ ! -z $lxc_bridge ]; then brctl show | grep $lxc_bridge >/dev/null if [ $? -ne 0 ]; then echo "$lxc_bridge not defined" exit 1 fi fi if [ ! -z $lxc_template ]; then type ${templatedir}/lxc-$lxc_template >/dev/null if [ $? -ne 0 ]; then echo "unknown template '$lxc_template'" exit 1 fi fi echo echo "Container Name = " $lxc_name echo "IP Address = " $lxc_ipaddr echo "Bridge = " $lxc_bridge echo echo -n "Create container config? (n): " read ANSWER if [ "$ANSWER" != "y" -a "$ANSWER" != "Y" ] then exit 1 fi echo echo "Creating container config $lxc_confpath/$lxc_confname" # generate a MAC for the IP lxc_hwaddr="02:00:`(date ; cat /proc/interrupts ) | md5sum | sed -r 's/^(.{8}).*$/\1/;s/([0-9a-f]{2})/\1:/g;s/:$//;'`" cat >"$lxc_confpath/$lxc_confname" <<%% lxc.network.type = veth lxc.network.flags = up lxc.network.link = $lxc_bridge lxc.network.hwaddr = $lxc_hwaddr %% if [ ! $lxc_ipaddr = "DHCP" ]; then cat >>"$lxc_confpath/$lxc_confname" <<%% lxc.network.ipv4 = $lxc_ipaddr %% fi cat >>"$lxc_confpath/$lxc_confname" <<%% lxc.network.name = eth0 %% echo echo "Run 'lxc-create -n $lxc_name -f $lxc_confpath/$lxc_confname -t $lxc_template' to create the lxc system object." ++++++ lxc-fix-warning-already-running.patch ++++++
From 97d3756cbe108e564d1a1b6cc23c02d379c3c02e Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge@hallyn.com> Date: Wed, 22 Feb 2012 11:40:16 -0600 Subject: [PATCH] If a container is already running, say so in error msgs.
Otherwise there is no clear indication to the user why the container startup failed. Signed-off-by: Serge Hallyn <serge@hallyn.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/commands.c | 7 ++++++- 1 files changed, 6 insertions(+), 1 deletions(-) diff --git a/src/lxc/commands.c b/src/lxc/commands.c index f323943..1d488ae 100644 --- a/src/lxc/commands.c +++ b/src/lxc/commands.c @@ -271,7 +271,12 @@ extern int lxc_command_mainloop_add(const char *name, fd = lxc_af_unix_open(path, SOCK_STREAM, 0); if (fd < 0) { - ERROR("failed to create the command service point"); + ERROR("failed (%d) to create the command service point %s", errno, offset); + if (errno == EADDRINUSE) { + ERROR("##"); + ERROR("# The container appears to be already running!"); + ERROR("##"); + } return -1; } -- 1.7.7 ++++++ lxc-improve-gateway-detection.patch ++++++ ++++ 774 lines (skipped) ++++++ lxc-opensuse-12.1-fixbuild.patch ++++++ Index: lxc-0.7.5/templates/lxc-opensuse.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-opensuse.in +++ lxc-0.7.5/templates/lxc-opensuse.in @@ -186,7 +186,7 @@ EOF done fi - CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch + CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update chroot $cache/partial-$arch rpm -e patterns-openSUSE-base ++++++ lxc-opensuse-12.1.patch ++++++
From 44ee8a102e3d8052631fbb119f58a55ce678d039 Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Tue, 25 Oct 2011 11:25:18 +0200 Subject: [PATCH 1/2] templates: update openSUSE template for openSUSE 12.1
From 594d9ba1043bdbc3bb0bded71e19a6ed3e724e4d Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Wed, 18 Apr 2012 17:17:18 +0200 Subject: [PATCH] various fixes for openSUSE template: - create /etc/hostname as symlink to /etc/HOSTNAME (lxc-clone fix) - fix inadequate space in lxc.mount config (lxc-clone fix) - fix openSUSE 12.1 template creation on x86 platform - disable network in container if not configured - configure network
rely on "build" package, to ensure chroot can be created with distribution older than 12.1 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- templates/lxc-opensuse.in | 75 ++++++++++++++++++++++++++++---------------- 1 files changed, 48 insertions(+), 27 deletions(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 811876a..d30147d 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -25,7 +25,7 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -DISTRO=11.4 +DISTRO=12.1 configure_opensuse() { @@ -106,28 +106,11 @@ cons:2345:respawn:/sbin/mingetty --noclear console screen c1:2345:respawn:/sbin/mingetty --noclear tty1 screen EOF - # patch boot script, no longer needed in openSUSE 12.1 / SLE11-SP2 - patch --quiet -d $rootfs/etc/init.d/ << EOF ---- boot.orig 2011-05-26 16:03:07.000000000 +0200 -+++ boot 2011-05-26 16:03:19.000000000 +0200 -@@ -98,12 +98,12 @@ - echo "***************************************************************" - /sbin/halt -f - fi -- echo -n "Mounting devtmpfs at /dev" -- mount -n -t devtmpfs -o mode=0755 devtmpfs /dev -- rc_status -v -r -+# echo -n "Mounting devtmpfs at /dev" -+# mount -n -t devtmpfs -o mode=0755 devtmpfs /dev -+# rc_status -v -r - fi - --cp -axT --remove-destination /lib/udev/devices /dev -+#cp -axT --remove-destination /lib/udev/devices /dev - - if test -d /sys/kernel/debug -a "$HAVE_DEBUGFS" = "1" ; then - mount -n -t debugfs debugfs /sys/kernel/debug > /dev/null 2>&1 + # set /dev/console as securetty + cat << EOF >> $rootfs/etc/securetty +console EOF + cat <<EOF >> $rootfs/etc/sysconfig/boot # disable root fsck ROOTFS_FSCK="0" @@ -136,7 +119,7 @@ EOF # remove pointless services in a container - insserv -r -f -p $rootfs/etc/init.d boot.udev boot.udev_retry boot.md boot.lvm boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog + chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd echo "Please change root-password !" echo "root:root" | chroot $rootfs chpasswd @@ -149,6 +132,12 @@ download_opensuse() cache=$1 arch=$2 + if [ ! -x /usr/bin/build ]; then + echo "Could not create openSUSE template :" + echo "you need to install \"build\" package" + return 1 + fi + # check the mini opensuse was not already downloaded mkdir -p "$cache/partial-$arch" @@ -159,18 +148,50 @@ download_opensuse() # download a mini opensuse into a cache echo "Downloading opensuse minimal ..." + mkdir -p "$cache/partial-$arch-packages" + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update + zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update + zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init + cat > $cache/partial-$arch-packages/opensuse.conf << EOF +Preinstall: aaa_base bash coreutils diffutils +Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 +Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam +Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1 +Preinstall: liblzma5 libcap2 libpcre0 +Preinstall: libpopt0 libelf1 liblua5_1 + +RunScripts: aaa_base + +Support: zypper +Support: patterns-openSUSE-base +Support: lxc +Prefer: sysvinit-init + +Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf +EOF + + CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch + chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss + chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update + chroot $cache/partial-$arch rpm -e patterns-openSUSE-base + umount $cache/partial-$arch/proc +# really clean the image + rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg} + rm -fr $cache/partial-$arch/dev +# make sure we have a minimal /dev mkdir -p "$cache/partial-$arch/dev" mknod -m 666 $cache/partial-$arch/dev/null c 1 3 mknod -m 666 $cache/partial-$arch/dev/zero c 1 5 - zypper --quiet --root $cache/partial-$arch --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss - zypper --quiet --root $cache/partial-$arch --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update - zypper --quiet --root $cache/partial-$arch --non-interactive --gpg-auto-import-keys in --auto-agree-with-licenses -t pattern base - zypper --quiet --root $cache/partial-$arch --non-interactive --gpg-auto-import-keys in +lxc -kbd -patterns-openSUSE-base +# create mtab symlink + rm -f $cache/partial-$arch/etc/mtab + ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." return 1 fi + rm -fr "$cache/partial-$arch-packages" mv "$1/partial-$arch" "$1/rootfs-$arch" echo "Download complete." -- 1.7.7 scripts properly --- templates/lxc-opensuse.in | 34 +++++++++++++++++++++++++++++----- 1 files changed, 29 insertions(+), 5 deletions(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 120b2c7..4342150 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -34,8 +34,8 @@ configure_opensuse() # set network as static, but everything is done by LXC outside the container cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 -STARTMODE='auto' -BOOTPROTO='static' +STARTMODE='manual' +BOOTPROTO='none' EOF # set default route @@ -71,6 +71,8 @@ EOF cat <<EOF > $rootfs/etc/HOSTNAME $hostname EOF + # ensure /etc/hostname is available too + ln -s -f HOSTNAME $rootfs/etc/hostname # do not use hostname from HOSTNAME variable cat <<EOF >> $rootfs/etc/sysconfig/cron @@ -156,10 +158,11 @@ download_opensuse() cat > $cache/partial-$arch-packages/opensuse.conf << EOF Preinstall: aaa_base bash coreutils diffutils Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 -Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam +Preinstall: libbz2-1 libgcc46 libncurses5 pam Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1 Preinstall: liblzma5 libcap2 libpcre0 Preinstall: libpopt0 libelf1 liblua5_1 +Preinstall: netcfg RunScripts: aaa_base @@ -169,9 +172,21 @@ Support: lxc Prefer: sysvinit-init Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf +Ignore: patterns-openSUSE-base:polkit-defaults-privs +Ignore: patterns-openSUSE-base:openSUSE-build-key EOF + if [ "$arch" == "i686" ]; then + mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/ + for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i586/*" ; do + ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/ + done + mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686 + for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/update/i586/*" ; do + ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686/ + done + fi - CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch + CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update chroot $cache/partial-$arch rpm -e patterns-openSUSE-base @@ -254,13 +269,22 @@ copy_configuration() rootfs=$2 name=$3 +# only disable network if no network configuration was passed +grep -q lxc.network.type $path/config +network_not_configured=$? +if [ $network_not_configured -eq 1 ]; then + cat <<EOF >> $path/config +lxc.network.type = empty +EOF +fi + cat <<EOF >> $path/config lxc.utsname = $name lxc.tty = 4 lxc.pts = 1024 lxc.rootfs = $rootfs -lxc.mount = $path/fstab +lxc.mount = $path/fstab lxc.cgroup.devices.deny = a # /dev/null and zero -- 1.7.7 ++++++ lxc-opensuse-12.2.patch ++++++ Index: lxc-0.7.5/templates/lxc-opensuse.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-opensuse.in +++ lxc-0.7.5/templates/lxc-opensuse.in @@ -25,7 +25,7 @@ # License along with this library; if not, write to the Free Software # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA -DISTRO=12.1 +DISTRO=12.2 configure_opensuse() { @@ -34,14 +34,10 @@ configure_opensuse() # set network as static, but everything is done by LXC outside the container cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0 -STARTMODE='manual' +STARTMODE='auto' BOOTPROTO='none' EOF - # set default route - IP=$(/sbin/ip route | awk '/default/ { print $3 }') - echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes - # create empty fstab touch $rootfs/etc/fstab @@ -121,7 +117,9 @@ EOF # remove pointless services in a container - chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd + chroot $rootfs /sbin/insserv -r -f boot.udev boot.device-mapper boot.clock boot.swap boot.klog kbd >/dev/null 2>&1 + + touch $rootfs/etc/sysconfig/kernel echo "Please change root-password !" echo "root:root" | chroot $rootfs chpasswd @@ -154,26 +152,31 @@ download_opensuse() zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update - zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init + zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init iputils cat > $cache/partial-$arch-packages/opensuse.conf << EOF Preinstall: aaa_base bash coreutils diffutils -Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1 -Preinstall: libbz2-1 libgcc46 libncurses5 pam +Preinstall: filesystem fillup glibc grep insserv +Preinstall: libbz2-1 libgcc47 libncurses5 pam Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1 -Preinstall: liblzma5 libcap2 libpcre0 +Preinstall: liblzma5 libcap2 libacl1 libattr1 Preinstall: libpopt0 libelf1 liblua5_1 -Preinstall: netcfg +Preinstall: libpcre1 RunScripts: aaa_base Support: zypper Support: patterns-openSUSE-base Support: lxc -Prefer: sysvinit-init +Support: ncurses-utils +Support: iputils +Support: udev +Support: netcfg +Support: sysvinit-init +Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh +Support: pwdutils rpcbind sysconfig rsyslog -Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf -Ignore: patterns-openSUSE-base:polkit-defaults-privs -Ignore: patterns-openSUSE-base:openSUSE-build-key +Ignore: rpm:suse-build-key,build-key +Ignore: systemd:systemd-presets-branding EOF if [ "$arch" == "i686" ]; then mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/ @@ -189,7 +192,6 @@ EOF CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update - chroot $cache/partial-$arch rpm -e patterns-openSUSE-base umount $cache/partial-$arch/proc # really clean the image rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg} @@ -274,12 +276,35 @@ copy_configuration() name=$3 # only disable network if no network configuration was passed -grep -q lxc.network.type $path/config +sed '/^#/d' $path/config | grep -q lxc.network.type network_not_configured=$? if [ $network_not_configured -eq 1 ]; then cat <<EOF >> $path/config lxc.network.type = empty EOF +else + type=$(sed '/^#/d; /lxc.network.type/!d; s/.*=[ \t]*//' $path/config) + sed '/^#/d' $path/config | grep -q lxc.network.*.gateway + gateway_not_configured=$? + sed '/^#/d' $path/config | grep -q lxc.network.ipv4 + ipv4_not_configured=$? + if [ $gateway_not_configured ]; then + [ $ipv4_not_configured -eq 0 ] && ipv4=$(sed '/^#/d; /lxc.network.ipv4/!d; /gateway/d; s/.*=[ \t]*//; s/\([[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\).*/\1/' $path/config) + if [ "$type" = "veth" -o "$type" = "macvlan" ]; then + if [ $ipv4_not_configured -eq 0 -a "$ipv4" != "0.0.0.0" ]; then + # set default route + IP=$(/sbin/ip route | awk '/default/ { print $3 }') + echo "lxc.network.ipv4.gateway = $IP " >> $path/config + else + # set network as dhcp + sed -i -e 's/BOOTPROTO=.*/BOOTPROTO=dhcp/' $rootfs/etc/sysconfig/network/ifcfg-eth0 + fi + fi + fi + if [ "$type" != "empty" ]; then + echo "#remove next line if host DNS configuration should not be available to container" >> $path/config + echo "lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0" >> $path/config + fi fi cat <<EOF >> $path/config ++++++ lxc-opensuse-tmpfs.patch ++++++
From d088de50c551f4941ae24b536057fc57915ee7d7 Mon Sep 17 00:00:00 2001 From: Frederic Crozat <fcrozat@suse.com> Date: Fri, 20 Apr 2012 14:36:53 +0200 Subject: [PATCH] shutdown fixes for openSUSE container
- mount /run on tmpfs outside container - replace /var/run bind mount on /run by a symlink --- templates/lxc-opensuse.in | 5 +++++ 1 files changed, 5 insertions(+), 0 deletions(-) diff --git a/templates/lxc-opensuse.in b/templates/lxc-opensuse.in index 0946f95..076fe4f 100644 --- a/templates/lxc-opensuse.in +++ b/templates/lxc-opensuse.in @@ -201,6 +201,10 @@ EOF # create mtab symlink rm -f $cache/partial-$arch/etc/mtab ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab + +# ensure /var/run and /run are symlinked + rm -fr $cache/partial-$arch/var/run + ln -s -f ../run $cache/partial-$arch/var/run if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." return 1 @@ -307,6 +311,7 @@ EOF cat <<EOF > $path/fstab proc $rootfs/proc proc nodev,noexec,nosuid 0 0 sysfs $rootfs/sys sysfs defaults 0 0 +tmpfs $rootfs/run tmpfs mode=0755,nodev,nosuid 0 0 EOF if [ $? -ne 0 ]; then -- 1.7.7 ++++++ lxc-snapshot-btrfs-lvm.patch ++++++ ++++ 1289 lines (skipped) ++++++ pivot-root_shared.patch ++++++
From cc28d0b0a66bd956645dc7b8fc85b917711f2472 Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@canonical.com> Date: Wed, 19 Dec 2012 23:58:44 -0600 Subject: [PATCH] Support MS_SHARED / MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit
(I'll be out until Jan 2, but in the meantime, here is hopefully a little newyears gift - this seems to allow lxc-start with / being MS_SHARED on the host) When / is MS_SHARED (for instance with f18 and modern arch), lxc-start fails on pivot_root. The kernel enforces that, when doing pivot_root, the parent of current->fs->root (as well as the new root and the putold location) not be MS_SHARED. To work around this, check /proc/self/mountinfo for a 'shared:' in the '/' line. If it is there, then create a tiny MS_SLAVE tmpfs dir to serve as parent of /, recursively bind mount / into /root under that dir, make it rslave, and chroot into it. Tested with ubuntu raring image after doing 'mount --make-rshared /'. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com> --- src/lxc/conf.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++-- src/lxc/conf.h | 3 ++ src/lxc/start.c | 8 ++++ 3 files changed, 125 insertions(+), 3 deletions(-) Index: lxc-0.7.5/src/lxc/conf.c =================================================================== --- lxc-0.7.5.orig/src/lxc/conf.c +++ lxc-0.7.5/src/lxc/conf.c @@ -716,8 +716,112 @@ static int setup_rootfs_pivot_root(const return 0; } -static int setup_rootfs(const struct lxc_rootfs *rootfs) +/* + * Detect whether / is mounted MS_SHARED. The only way I know of to + * check that is through /proc/self/mountinfo. + * I'm only checking for /. If the container rootfs or mount location + * is MS_SHARED, but not '/', then you're out of luck - figuring that + * out would be too much work to be worth it. + */ +#define LINELEN 4096 +int detect_shared_rootfs(void) { + char buf[LINELEN], *p; + FILE *f; + int i; + char *p2; + + f = fopen("/proc/self/mountinfo", "r"); + if (!f) + return 0; + while ((p = fgets(buf, LINELEN, f))) { + INFO("looking at .%s.", p); + for (p = buf, i=0; p && i < 4; i++) + p = index(p+1, ' '); + if (!p) + continue; + p2 = index(p+1, ' '); + if (!p2) + continue; + *p2 = '\0'; + INFO("now p is .%s.", p); + if (strcmp(p+1, "/") == 0) { + // this is '/'. is it shared? + p = index(p2+1, ' '); + if (strstr(p, "shared:")) + return 1; + } + } + fclose(f); + return 0; +} + +/* + * I'll forgive you for asking whether all of this is needed :) The + * answer is yes. + * pivot_root will fail if the new root, the put_old dir, or the parent + * of current->fs->root are MS_SHARED. (parent of current->fs_root may + * or may not be current->fs_root - if we assumed it always was, we could + * just mount --make-rslave /). So, + * 1. mount a tiny tmpfs to be parent of current->fs->root. + * 2. make that MS_SLAVE + * 3. make a 'root' directory under that + * 4. mount --rbind / under the $tinyroot/root. + * 5. make that rslave + * 6. chdir and chroot into $tinyroot/root + * 7. $tinyroot will be unmounted by our parent in start.c + */ +static int chroot_into_slave(struct lxc_conf *conf) +{ + char path[MAXPATHLEN]; + const char *destpath = conf->rootfs.mount; + int ret; + + if (mount(destpath, destpath, NULL, MS_BIND, 0)) { + SYSERROR("failed to mount %s bind", destpath); + return -1; + } + if (mount("", destpath, NULL, MS_SLAVE, 0)) { + SYSERROR("failed to make %s slave", destpath); + return -1; + } + if (mount("none", destpath, "tmpfs", 0, "size=10000")) { + SYSERROR("Failed to mount tmpfs / at %s", destpath); + return -1; + } + ret = snprintf(path, MAXPATHLEN, "%s/root", destpath); + if (ret < 0 || ret >= MAXPATHLEN) { + ERROR("out of memory making root path"); + return -1; + } + if (mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) { + SYSERROR("Failed to create /dev/pts in container"); + return -1; + } + if (mount("/", path, NULL, MS_BIND|MS_REC, 0)) { + SYSERROR("Failed to rbind mount / to %s", path); + return -1; + } + if (mount("", destpath, NULL, MS_SLAVE|MS_REC, 0)) { + SYSERROR("Failed to make tmp-/ at %s rslave", path); + return -1; + } + if (chdir(path)) { + SYSERROR("Failed to chdir into tmp-/"); + return -1; + } + if (chroot(path)) { + SYSERROR("Failed to chroot into tmp-/"); + return -1; + } + INFO("Chrooted into tmp-/ at %s\n", path); + return 0; +} + +static int setup_rootfs(struct lxc_conf *conf) +{ + const struct lxc_rootfs *rootfs = &conf->rootfs; + if (!rootfs->path) return 0; @@ -727,6 +831,13 @@ static int setup_rootfs(const struct lxc return -1; } + if (detect_shared_rootfs()) { + if (chroot_into_slave(conf)) { + ERROR("Failed to chroot into slave /"); + return -1; + } + } + if (mount_rootfs(rootfs->path, rootfs->mount)) { ERROR("failed to mount rootfs"); return -1; @@ -848,7 +959,7 @@ static int setup_console(const struct lx return 0; } -static int setup_cgroup(const char *name, struct lxc_list *cgroups) +int setup_cgroup(const char *name, struct lxc_list *cgroups) { struct lxc_list *iterator; struct lxc_cgroup *cg; @@ -1846,7 +1957,7 @@ int lxc_setup(const char *name, struct l return -1; } - if (setup_rootfs(&lxc_conf->rootfs)) { + if (setup_rootfs(lxc_conf)) { ERROR("failed to setup rootfs for '%s'", name); return -1; } Index: lxc-0.7.5/src/lxc/conf.h =================================================================== --- lxc-0.7.5.orig/src/lxc/conf.h +++ lxc-0.7.5/src/lxc/conf.h @@ -227,6 +227,9 @@ extern int lxc_find_gateway_addresses(st extern int lxc_create_tty(const char *name, struct lxc_conf *conf); extern void lxc_delete_tty(struct lxc_tty_info *tty_info); +extern int setup_cgroup(const char *name, struct lxc_list *cgroups); +extern int detect_shared_rootfs(void); + /* * Configure the container from inside */ Index: lxc-0.7.5/src/lxc/start.c =================================================================== --- lxc-0.7.5.orig/src/lxc/start.c +++ lxc-0.7.5/src/lxc/start.c @@ -535,6 +535,14 @@ int lxc_spawn(struct lxc_handler *handle if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CONFIGURE)) return -1; + if (detect_shared_rootfs()) + umount2(handler->conf->rootfs.mount, MNT_DETACH); + + if (setup_cgroup(name, &handler->conf->cgroup)) { + ERROR("failed to setup the cgroups for '%s'", name); + goto out_delete_net; + } + if (handler->ops->post_start(handler, handler->data)) goto out_abort; ++++++ use-relative-paths-for-container.patch ++++++
From 80a881b232b8955b85b360d4def99e6e680ff61b Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@ubuntu.com> Date: Tue, 31 Jul 2012 16:04:33 +0200 Subject: [PATCH] templates: use relative paths when creating containers
At the same time, allow lxc.mount.entry to specify an absolute target path relative to /var/lib/lxc/CN/rootfs, even if rootfs is a blockdev. Otherwise all such entries are ignored for blockdev-backed containers. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/conf.c | 48 +++++++++++++++++++++++++++++++---------- templates/lxc-debian.in | 4 ++-- templates/lxc-fedora.in | 6 +++--- templates/lxc-lenny.in | 4 ++-- templates/lxc-opensuse.in | 4 ++-- templates/lxc-sshd.in | 16 +++++++------- templates/lxc-ubuntu-cloud.in | 4 ++-- templates/lxc-ubuntu.in | 6 +++--- 8 files changed, 59 insertions(+), 33 deletions(-) Index: lxc-0.7.5/src/lxc/conf.c =================================================================== --- lxc-0.7.5.orig/src/lxc/conf.c +++ lxc-0.7.5/src/lxc/conf.c @@ -981,27 +981,50 @@ static inline int mount_entry_on_systemf } static int mount_entry_on_absolute_rootfs(struct mntent *mntent, - const struct lxc_rootfs *rootfs) + const struct lxc_rootfs *rootfs, + const char *lxc_name) { char *aux; char path[MAXPATHLEN]; unsigned long mntflags; char *mntdata; - int ret = 0; + int r, ret = 0, offset; if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) { ERROR("failed to parse mount option '%s'", mntent->mnt_opts); return -1; } + /* if rootfs->path is a blockdev path, allow container fstab to + * use /var/lib/lxc/CN/rootfs as the target prefix */ + r = snprintf(path, MAXPATHLEN, "/var/lib/lxc/%s/rootfs", lxc_name); + if (r < 0 || r >= MAXPATHLEN) + goto skipvarlib; + + aux = strstr(mntent->mnt_dir, path); + if (aux) { + offset = strlen(path); + goto skipabs; + } + +skipvarlib: aux = strstr(mntent->mnt_dir, rootfs->path); if (!aux) { WARN("ignoring mount point '%s'", mntent->mnt_dir); goto out; } + offset = strlen(rootfs->path); + +skipabs: snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount, - aux + strlen(rootfs->path)); + aux + offset); + if (r < 0 || r >= MAXPATHLEN) { + WARN("pathnme too long for '%s'", mntent->mnt_dir); + ret = -1; + goto out; + } + ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type, mntflags, mntdata); @@ -1035,7 +1058,8 @@ static int mount_entry_on_relative_rootf return ret; } -static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file) +static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file, + const char *lxc_name) { struct mntent *mntent; int ret = -1; @@ -1056,7 +1080,7 @@ static int mount_file_entries(const stru continue; } - if (mount_entry_on_absolute_rootfs(mntent, rootfs)) + if (mount_entry_on_absolute_rootfs(mntent, rootfs, lxc_name)) goto out; } @@ -1067,7 +1091,8 @@ out: return ret; } -static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab) +static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab, + const char *lxc_name) { FILE *file; int ret; @@ -1081,13 +1106,14 @@ static int setup_mount(const struct lxc_ return -1; } - ret = mount_file_entries(rootfs, file); + ret = mount_file_entries(rootfs, file, lxc_name); endmntent(file); return ret; } -static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount) +static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount, + const char *lxc_name) { FILE *file; struct lxc_list *iterator; @@ -1107,7 +1133,7 @@ static int setup_mount_entries(const str rewind(file); - ret = mount_file_entries(rootfs, file); + ret = mount_file_entries(rootfs, file, lxc_name); fclose(file); return ret; @@ -1825,12 +1851,12 @@ int lxc_setup(const char *name, struct l return -1; } - if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) { + if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) { ERROR("failed to setup the mounts for '%s'", name); return -1; } - if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) { + if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list, name)) { ERROR("failed to setup the mount entries for '%s'", name); return -1; } Index: lxc-0.7.5/templates/lxc-debian.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-debian.in +++ lxc-0.7.5/templates/lxc-debian.in @@ -211,8 +211,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm # mounts point -lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0 -lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0 +lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry=sysfs sys sysfs defaults 0 0 EOF if [ $? -ne 0 ]; then Index: lxc-0.7.5/templates/lxc-fedora.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-fedora.in +++ lxc-0.7.5/templates/lxc-fedora.in @@ -224,9 +224,9 @@ lxc.cgroup.devices.allow = c 254:0 rwm EOF cat <<EOF > $config_path/fstab -+proc $rootfs_path/proc proc nodev,noexec,nosuid 0 0 -+devpts $rootfs_path/dev/pts devpts defaults 0 0 -+sysfs $rootfs_path/sys sysfs defaults 0 0 +proc proc proc nodev,noexec,nosuid 0 0 +devpts dev/pts devpts defaults 0 0 +sysfs sys sysfs defaults 0 0 if [ $? -ne 0 ]; then echo "Failed to add configuration" Index: lxc-0.7.5/templates/lxc-lenny.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-lenny.in +++ lxc-0.7.5/templates/lxc-lenny.in @@ -200,8 +200,8 @@ lxc.cgroup.devices.allow = c 5:2 rwm lxc.cgroup.devices.allow = c 254:0 rwm # mounts point -lxc.mount.entry=proc $rootfs/proc proc nodev,noexec,nosuid 0 0 -lxc.mount.entry=sysfs $rootfs/sys sysfs defaults 0 0 +lxc.mount.entry=proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry=sysfs sys sysfs defaults 0 0 EOF if [ $? -ne 0 ]; then Index: lxc-0.7.5/templates/lxc-opensuse.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-opensuse.in +++ lxc-0.7.5/templates/lxc-opensuse.in @@ -310,9 +310,9 @@ lxc.cgroup.devices.allow = c 254:0 rwm EOF cat <<EOF > $path/fstab -proc $rootfs/proc proc nodev,noexec,nosuid 0 0 -sysfs $rootfs/sys sysfs defaults 0 0 -tmpfs $rootfs/run tmpfs mode=0755,nodev,nosuid 0 0 +proc proc proc nodev,noexec,nosuid 0 0 +sysfs sys sysfs defaults 0 0 +tmpfs run tmpfs mode=0755,nodev,nosuid 0 0 EOF if [ $? -ne 0 ]; then Index: lxc-0.7.5/templates/lxc-sshd.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-sshd.in +++ lxc-0.7.5/templates/lxc-sshd.in @@ -100,18 +100,18 @@ cat <<EOF >> $path/config lxc.utsname = $name lxc.pts = 1024 lxc.rootfs = $rootfs -lxc.mount.entry=/dev $rootfs/dev none ro,bind 0 0 -lxc.mount.entry=/lib $rootfs/lib none ro,bind 0 0 -lxc.mount.entry=/bin $rootfs/bin none ro,bind 0 0 -lxc.mount.entry=/usr /$rootfs/usr none ro,bind 0 0 -lxc.mount.entry=/sbin $rootfs/sbin none ro,bind 0 0 -lxc.mount.entry=tmpfs $rootfs/var/run/sshd tmpfs mode=0644 0 0 -lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd $rootfs/sbin/init none bind 0 0 +lxc.mount.entry=/dev dev none ro,bind 0 0 +lxc.mount.entry=/lib lib none ro,bind 0 0 +lxc.mount.entry=/bin bin none ro,bind 0 0 +lxc.mount.entry=/usr usr none ro,bind 0 0 +lxc.mount.entry=/sbin sbin none ro,bind 0 0 +lxc.mount.entry=tmpfs var/run/sshd tmpfs mode=0644 0 0 +lxc.mount.entry=@LXCTEMPLATEDIR@/lxc-sshd sbin/init none bind 0 0 EOF if [ "$(uname -m)" = "x86_64" ]; then cat <<EOF >> $path/config -lxc.mount.entry=/lib64 $rootfs/lib64 none ro,bind 0 0 +lxc.mount.entry=/lib64 lib64 none ro,bind 0 0 EOF fi } Index: lxc-0.7.5/templates/lxc-ubuntu.in =================================================================== --- lxc-0.7.5.orig/templates/lxc-ubuntu.in +++ lxc-0.7.5/templates/lxc-ubuntu.in @@ -200,8 +200,8 @@ lxc.cgroup.devices.allow = c 10:229 rwm EOF cat <<EOF > $path/fstab -proc $rootfs/proc proc nodev,noexec,nosuid 0 0 -sysfs $rootfs/sys sysfs defaults 0 0 +proc proc proc nodev,noexec,nosuid 0 0 +sysfs sys sysfs defaults 0 0 EOF if [ $? -ne 0 ]; then @@ -333,7 +333,7 @@ do_bindhome() # bind-mount the user's path into the container's /home h=`getent passwd $user | cut -d: -f 6` mkdir -p $rootfs/$h - echo "$h $rootfs/$h none bind 0 0" >> $path/fstab + echo "$h $h none bind 0 0" >> $path/fstab # copy /etc/passwd, /etc/shadow, and /etc/group entries into container pwd=`getent passwd $user` ++++++ wait-until-container-is-stopped.patch ++++++
From d1252b84255a12cdf7a488fd4b922a4f1b3ac40f Mon Sep 17 00:00:00 2001 From: Serge Hallyn <serge.hallyn@ubuntu.com> Date: Tue, 31 Jul 2012 16:04:33 +0200 Subject: [PATCH] lxc-destroy: wait until the container is stopped
Signed-off-by: Timothy Chen <tnachen@gmail.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --- src/lxc/lxc-destroy.in | 1 + 1 file changed, 1 insertion(+) Index: lxc-0.7.5/src/lxc/lxc-destroy.in =================================================================== --- lxc-0.7.5.orig/src/lxc/lxc-destroy.in +++ lxc-0.7.5/src/lxc/lxc-destroy.in @@ -87,6 +87,7 @@ lxc-info -n $lxc_name 2>/dev/null | grep if [ $? -eq 0 ]; then if [ $force -eq 1 ]; then lxc-stop -n $lxc_name + lxc-wait -n $lxc_name -s STOPPED else echo "Container $lxc_name is running, aborting the deletion." exit 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org