commit lxc.1694 for openSUSE:12.3:Update

3 Jun 2013

Hello community,

here is the log from the commit of package lxc.1694 for openSUSE:12.3:Update checked in at 2013-06-03 10:59:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/lxc.1694 (Old)
 and      /work/SRC/openSUSE:12.3:Update/.lxc.1694.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "lxc.1694"

Changes:
--------
New Changes file:

--- /dev/null	2013-05-23 01:40:31.032032505 +0200
+++ /work/SRC/openSUSE:12.3:Update/.lxc.1694.new/lxc.changes	2013-06-03 10:59:14.000000000 +0200
@@ -0,0 +1,301 @@
+-------------------------------------------------------------------
+Wed Apr 24 12:12:32 UTC 2013 - fcrozat@suse.com
+
+- Ensure umask is called before creating device nodes (bnc#816456).
+  + Added lxc-autodev.patch
+
+-------------------------------------------------------------------
+Wed Apr 24 08:11:11 UTC 2013 - jslaby@suse.com
+
+- Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch:
+  Fix checkconfig to handle kernel memory cgroup name change
+  (bnc#807215)
+
+-------------------------------------------------------------------
+Tue Feb 26 14:33:41 UTC 2013 - mvyskocil@suse.com
+
+- clean cache if a distro version in template does not match
+  with files in a cache (bnc#804435#c19)
+
+-------------------------------------------------------------------
+Tue Feb 26 09:58:10 UTC 2013 - mvyskocil@suse.com
+
+- run zypper ar only if .repo file does not exists
+  fixes a partial created repos (bnc#804435#c16)
+
+-------------------------------------------------------------------
+Wed Feb 20 16:21:03 UTC 2013 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.3.patch: update template to openSUSE 12.3
+
+-------------------------------------------------------------------
+Tue Feb 19 10:59:39 UTC 2013 - jslaby@suse.com
+
+- lxc-opensuse-extend-base.patch: lxc-opensuse: extend base
+  (bnc#804232)
+- lxc-opensuse-proper-failure.patch: lxc-opensuse: proper failure
+- remove change-hwaddr-on-clone.patch as it was fixed upstream
+  already
+
+-------------------------------------------------------------------
+Mon Jan 21 09:26:57 UTC 2013 - fcrozat@suse.com
+
+- Update pivot-root_shared.patch with upstream patch to build with
+  old version of kernel headers.
+- Check for /etc/init.d/boot.cgroup presence before starting it in
+  %post.
+
+-------------------------------------------------------------------
+Fri Jan 11 15:56:54 UTC 2013 - fcrozat@suse.com
+
+- Release 0.8.0:
+  + add support for autodetection of gateway address
+  + add support for LVM2 and btrfs snapshot in lxc-clone
+  + add support for apparmor
+  + support nested cgroups
+  + lxc no longer depends on perl
+  + add support for container hooks (pre-start, mount, start, stop,
+    umount, post-stop)
+  + templates are moved to /usr/share/lxc/templates
+- Remove
+  Accurately-detect-whether-a-system-supports-clone_children.patch:
+  merged upstream.
+- Add lxc-opensuse-clonefixes.patch: fix openSUSE template
+  regarding cloning.
+- Add 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch: fix
+  btrfs subvolume when removing a container.
+- Add lxc-autodev.patch: fill /dev when starting container (needed
+  for systemd).
+- Update lxc-opensuse-12.2.patch: switch to systemd in container.
+
+-------------------------------------------------------------------
+Fri Jan 11 15:30:21 UTC 2013 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.1-fixbuild.patch: fix openSUSE 12.1 container
+  build.
+- Add lxc-opensuse-12.2.patch:
+  + switch openSUSE template to 12.2
+  + install iputils in the default configuration
+  + autoconfigure gateway if possible
+  + detect if network is set to 0.0.0.0 and configure DHCP
+  + bind mount /etc/resolv.conf in container
+- Add use-relative-paths-for-container.patch,
+  fix-lxc-clone-mount-entries.patch and update sles
+  template: use relative paths for container mount points, fixes
+  lxc-clone dropping some lxc.mount entries (bnc#789387).
+- Add Requires(post) dependency on aaa_base (bnc#786970) for
+  openSUSE < 12.3.
+- Add dhcpcd in default installation in openSUSE template (bnc#776169).
+- Add change-hwaddr-on-clone.patch: modify MAC address when cloning
+  a container (git)
+- Add wait-until-container-is-stopped.patch: if destroying a
+  running container, wait until it is stopped before destroying it.
+- Ensure lxc-createconfig uses opensuse template by default.
+- Ensure lxc-createconfig correctly detect cidr (bnc#773234).
+- Add pivot-root_shared.patch: fix pivot root when / is mounted as
+  shared (default on 12.3 and later).
+
+-------------------------------------------------------------------
+Fri Apr 20 13:53:41 UTC 2012 - fcrozat@suse.com
+
+- Add various fixes to opensuse template :
+  + create /etc/hostname as symlink to /etc/HOSTNAME 
+    (lxc-clone fix)
+  + fix inadequate space in lxc.mount config (lxc-clone fix)
+  + disable network in container if not configured
+  + configure network scripts properly
+- Add lxc-snapshot-btrfs-lvm.patch: backport snapshot support,
+  using btrfs or lvm2.
+- Add lxc-opensuse-tmpfs.patch: ensure container shutting down is
+  correctly detected by LXC.
+
+-------------------------------------------------------------------
+Fri Apr 13 11:36:16 UTC 2012 - fcrozat@suse.com
+
+- Add lxc-createconfig script to easy LXC configuration
+  (bnc#723950).
+
+-------------------------------------------------------------------
+Tue Mar  6 21:11:54 CET 2012 - jslaby@suse.de
+
+- Accurately detect whether a system supports clone_children
+  (bnc#750470)
+
+-------------------------------------------------------------------
+Tue Jan 10 15:41:45 UTC 2012 - fcrozat@suse.com
+
+- Drop lxc-file_caps.patch, it is SLES specific, since openSUSE is
+  now shipping with file capabilities enabled.
+
+-------------------------------------------------------------------
+Fri Jan  6 15:51:32 UTC 2012 - fcrozat@suse.com
+
+- Update lxc-opensuse-12.1.patch to correctly generate containers
+  on x86 (bnc#739315).
+- Backport some fixes from SLES 11 SP2:
+  - Add lxc-checkconfig-kernel-3.patch and lxc-file_caps.patch:
+    fix detection of kernel 3.x and file capabilities (bnc#720845).
+  - Fix example path in manpages (bnc#723946).
+
+-------------------------------------------------------------------
+Tue Oct 25 11:35:10 UTC 2011 - fcrozat@suse.com
+
+- Add console to opensuse securetty, since we are in a container.
+
+-------------------------------------------------------------------
+Tue Oct 25 09:32:01 UTC 2011 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.1.patch: create openSUSE 12.1 containers now
+- Add Recommends on build package, which is used by opensuse
+  template.
+- Update README.SUSE to current status for cgroups mountpoint
+
+-------------------------------------------------------------------
+Fri Sep  2 08:26:28 UTC 2011 - fcrozat@suse.com
+
+- Fix license tag, it is LGPLv2.1+ (using LGPLv2+ tag to be
+  consistent).
+
+-------------------------------------------------------------------
+Wed Aug 31 11:16:28 UTC 2011 - fcrozat@suse.com
+
+- Update to 0.7.5:
+  - add initial lxc-clone feature
+  - add arm as supported srcarch
+  - opensuse template is merged
+  - improve other distribution templates
+  - support cgroups mounted in multiple places
+
+-------------------------------------------------------------------
+Fri Jun 24 21:33:24 CEST 2011 - jslaby@suse.de
+
+- kill _service
+
+-------------------------------------------------------------------
+Fri Jun 24 14:09:02 UTC 2011 - fcrozat@suse.com
+
+- Add lxc-opensuse template.
+- package /var/lib/lxc.
+
+-------------------------------------------------------------------
+Fri May 27 21:16:56 CEST 2011 - jslaby@suse.de
+
+- update to 0.7.4.2
+  - exit if allocation fails
+  - ensure monitored container name is null terminated
+  - do not put devpts in fstab
+
+-------------------------------------------------------------------
+Thu Mar 24 14:22:15 UTC 2011 - brian@aljex.com
+
+- update to 0.7.4.1
+  - fix mount path
+  - rename physical device to the original name
+
+-------------------------------------------------------------------
+Mon Feb 28 18:03:32 CET 2011 - jslaby@suse.de
+
++++ 104 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.lxc.1694.new/lxc.changes

New:
----
  0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch
  Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch
  README.SUSE
  lxc-0.8.0.tar.gz
  lxc-autodev.patch
  lxc-cgroup-already-running.patch
  lxc-createconfig.in
  lxc-opensuse-12.2.patch
  lxc-opensuse-12.3.patch
  lxc-opensuse-clonefixes.patch
  lxc-opensuse-extend-base.patch
  lxc-opensuse-proper-failure.patch
  lxc-opensuse-tmpfs.patch
  lxc.changes
  lxc.spec
  pivot-root_shared.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ lxc.spec ++++++
#
# spec file for package lxc
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           lxc
Version:        0.8.0
Release:        0
Url:            http://lxc.sourceforge.net/
Summary:        Linux containers implementation
License:        LGPL-2.1+
Group:          System/Management
Source:         http://lxc.sourceforge.net/download/lxc/%{name}-%{version}.tar.gz
Source1:        README.SUSE
Source2:        lxc-createconfig.in

# PATCH-FIX-UPSTREAM lxc-opensuse-clonefixes.patch fcrozat@suse.com -- various fixes in openSUSE template for lxc-clone
Patch0:         lxc-opensuse-clonefixes.patch
# PATCH-FIX-UPSTREAM lxc-opensuse-tmpfs.patch fcrozat@suse.com -- fix shutdown in openSUSE container
Patch1:         lxc-opensuse-tmpfs.patch
# PATCH-FIX-UPSTREAM lxc-cgroup-already-running.patch fcrozat@suse.com -- warn if container is already running
Patch2:         lxc-cgroup-already-running.patch
# PATCH-FIX-UPSTREAM 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch fcrozat@suse.com -- ensure btrfs subvolume is destroyed on container creation fails
Patch4:         0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch
# PATCH-FIX-UPSTREAM lxc-opensuse-12.2.patch
Patch5:         lxc-opensuse-12.2.patch
# PATCH-FIX-UPSTREAM pivot-root_shared.patch fcrozat@suse.com -- fix pivot root when / is mount as shared
Patch6:         pivot-root_shared.patch
# PATCH-FIX-UPSTREAM lxc-autodev.patch fcrozat@suse.com -- Add lxc.autodev
Patch7:         lxc-autodev.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-extend-base.patch jslaby@suse.com -- Add missing package to base
Patch8:         lxc-opensuse-extend-base.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-proper-failure.patch jslaby@suse.com -- Proper failure on repository addition error
Patch9:         lxc-opensuse-proper-failure.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-12.3.patch fcrozat@suse.com -- Switch openSUSE template to 12.3
Patch10:        lxc-opensuse-12.3.patch
Patch11:        Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch

BuildRoot:      %{_tmppath}/%{name}-%{version}-build
BuildRequires:  docbook-utils
BuildRequires:  libapparmor-devel
BuildRequires:  libcap-devel
BuildRequires:  pkg-config
%if 0%{?suse_version} >= 1130
BuildRequires:  linux-glibc-devel
%else
BuildRequires:  linux-kernel-headers
%endif
Requires:       /sbin/setcap
Requires:       rsync
%if 0%{?suse_version} < 1230
Requires(post): aaa_base
%endif
# needed to create openSUSE containers using template
Recommends:     build

%description
It provides commands to create and manage containers. It contains a
full featured container with the isolation/virtualization of the pids,
the ipc, the utsname, the mount points, /proc, /sys, the network and it
takes into account the control groups. It is very light, flexible, and
provides a set of tools around the container like the monitoring with
asynchronous events notification, or the freeze of the container. This
package is useful to create Virtual Private Server, or to run isolated
applications like bash or sshd.

%package devel
Summary:        Development library for lxc
License:        LGPL-2.1
Group:          Development/Libraries/C and C++
Requires:       %name = %version

%description devel
Lxc header files and library needed for development of containers.

%prep
%setup
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1

%build
%configure --disable-examples
%__make %{?_smp_mflags}
%__cp %{SOURCE1} .
%__rm -rf .doc
%__mkdir_p .doc/examples
%__cp doc/examples/*.conf .doc/examples

%install
%makeinstall
install -d -m 755 %{buildroot}/var/lib/lxc
find %buildroot -type f -name '*.la' -delete

./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:2}
chmod a+x %{buildroot}%{_bindir}/lxc-createconfig

%clean
%__rm -rf %buildroot

%post
/sbin/ldconfig
%if 0%{?suse_version} < 1230
if [ -x /etc/init.d/boot.cgroup ]; then 
%fillup_and_insserv -f -Y boot.cgroup
/etc/init.d/boot.cgroup start 2>/dev/null >/dev/null || :
fi
%endif

%postun
/sbin/ldconfig
%if 0%{?suse_version} < 1230
%insserv_cleanup
%endif

%files
%defattr(-,root,root)
%doc AUTHORS MAINTAINERS COPYING README doc/FAQ.txt
%doc README.SUSE
%doc .doc/examples
%{_libdir}/lib%{name}.so.*
%{_libexecdir}/%name
%{_libdir}/%name
%{_datadir}/%name
%dir /var/lib/lxc
%{_bindir}/%{name}-*
%{_mandir}/man[^3]/*

%files devel
%defattr(-,root,root)
%{_includedir}/%name
%{_libdir}/lib%{name}.so
%{_libdir}/pkgconfig/%{name}.pc

%changelog
++++++ 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch ++++++
...
From 028d1b3eb110229113dc99f3587fac1f9fca9b0e Mon Sep 17 00:00:00 2001
From: Frederic Crozat 
Date: Wed, 14 Nov 2012 16:02:37 +0100
Subject: [PATCH] Ensure btrfs subvolume is destroyed on error
---
 src/lxc/lxc-create.in |    2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/lxc/lxc-create.in b/src/lxc/lxc-create.in
index b21cdc3..124ffd5 100644
--- a/src/lxc/lxc-create.in
+++ b/src/lxc/lxc-create.in
@@ -237,6 +237,8 @@ cleanup() {
     if [ $backingstore = "lvm" ]; then
         umount $rootfs
         lvremove -f $rootdev
+    elif [ $backingstore = "btrfs" ]; then
+        btrfs subvolume delete "$rootfs"
     fi
     ${bindir}/lxc-destroy -n $lxc_name
     echo "$(basename $0): aborted" >&2
-- 
1.7.10.4

++++++ Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch ++++++
From: Dwight Engen 
Date: Wed, 14 Nov 2012 12:03:56 -0500
Subject: Fix checkconfig to handle kernel memory cgroup name change
Patch-mainline: 0.9.0
References: bnc#807215

The kernel config option for the memory cgroup was changed in 3.6
from CONFIG_CGROUP_MEM_RES_CTLR to CONFIG_MEMCG with commit c255a458.

Signed-off-by: Dwight Engen 
Acked-by: Stéphane Graber 
Signed-off-by: Jiri Slaby 
---
 src/lxc/lxc-checkconfig.in | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
index 8c2b5e5..8263c17 100644
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -68,6 +68,15 @@ print_cgroups() {
 }
 
 CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -1`
+KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
+    sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
+if [[ $KVER_MAJOR == 2 ]]; then
+KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
+    sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
+else
+KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
+    sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
+fi
 
 echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS yes
 
@@ -80,22 +89,18 @@ fi
 echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
 echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
 echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
-echo -n "Cgroup memory controller: " && is_enabled CONFIG_CGROUP_MEM_RES_CTLR
+echo -n "Cgroup memory controller: " 
+if [ $KVER_MAJOR -ge 3 -a $KVER_MINOR -ge 6 ]; then
+    is_enabled CONFIG_MEMCG
+else
+    is_enabled CONFIG_CGROUP_MEM_RES_CTLR
+fi
 is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS
 echo
 echo "--- Misc ---"
 echo -n "Veth pair device: " && is_enabled CONFIG_VETH
 echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
 echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q
-KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
-    sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
-if [[ $KVER_MAJOR == 2 ]]; then
-KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
-    sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
-else
-KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
-    sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
-fi
 echo -n "File capabilities: " &&
     ( [[ ${KVER_MAJOR} == 2 && ${KVER_MINOR} < 33 ]] &&
        is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) ||
-- 
1.8.2.1

++++++ README.SUSE ++++++
To mount the control group file system on openSUSE 11.3, SLE 11 SP1 and older,
perform the following:
mkdir /cgroup
and add the following line to /etc/fstab:
cgroup               /cgroup               cgroup    nofail                0 0

On openSUSE 11.4, SLE 11 SP2 and newer, you can just run:
/sbin/insserv boot.cgroup
and /sys/fs/cgroup will be mounted for cgroup automatically.
++++++ lxc-autodev.patch ++++++
...
From c6883f383e587725552f7c71e96ebe1c34ae7c56 Mon Sep 17 00:00:00 2001
From: Serge Hallyn 
Date: Thu, 1 Nov 2012 22:27:03 +0100
Subject: [PATCH] Add lxc.autodev
Add a container config option to mount and populate /dev in a container.

We might want to add options to specify a max size for /dev other than
the default 100k, and to specify other devices to create.  And maybe
someone can think of a better name than autodev.

Changelog: Don't error out if we couldn't mknod a /dev/ttyN.
Changelog: Describe the option in lxc.conf manpage.

Signed-off-by: Serge Hallyn 
---
 doc/lxc.conf.sgml.in |   25 ++++++++++++++++
 src/lxc/conf.c       |   77 ++++++++++++++++++++++++++++++++++++++++++++++++++
 src/lxc/conf.h       |    1 +
 src/lxc/confile.c    |   12 ++++++++
 4 files changed, 115 insertions(+)

Index: lxc-0.8.0/doc/lxc.conf.sgml.in
===================================================================
--- lxc-0.8.0.orig/doc/lxc.conf.sgml.in
+++ lxc-0.8.0/doc/lxc.conf.sgml.in
@@ -482,6 +482,31 @@ Foundation, Inc., 59 Temple Place, Suite
     </refsect2>
 
     <refsect2>
+      <title>/dev directory</title>
+      <para>
+	By default, lxc does nothing with the container's
+	<filename>/dev</filename>.  This allows the container's
+	<filename>/dev</filename> to be set up as needed in the container
+	rootfs.  If lxc.autodev is to 1, then after mounting the container's
+	rootfs LXC will mount a fresh tmpfs under <filename>/dev</filename>
+	(limited to 100k) and fill in a minimal set of initial devices.
+      </para>
+      <variablelist>
+	<varlistentry>
+	  <term>
+	    <option>lxc.autodev</option>
+	  </term>
+	  <listitem>
+	    <para>
+	      Set this to 1 to have LXC mount and populate a minimal
+	      <filename>/dev</filename> when starting the container.
+	    </para>
+	  </listitem>
+	</varlistentry>
+      </variablelist>
+    </refsect2>
+
+    <refsect2>
       <title>Mount points</title>
       <para>
 	The mount points section specifies the different places to be
Index: lxc-0.8.0/src/lxc/conf.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/conf.c
+++ lxc-0.8.0/src/lxc/conf.c
@@ -640,6 +640,15 @@ static int setup_tty(const struct lxc_ro
 				return -1;
 			}
 		} else {
+			/* If we populated /dev, then we need to create /dev/ttyN */
+			if (access(path, F_OK)) {
+				ret = creat(path, 0660);
+				if (ret==-1) {
+					SYSERROR("error creating %s\n", path);
+					/* this isn't fatal, continue */
+				} else
+					close(ret);
+			}
 			if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
 				WARN("failed to mount '%s'->'%s'",
 						pty_info->name, path);
@@ -949,6 +958,70 @@ static int chroot_into_slave(struct lxc_
 	return 0;
 }
 
+struct lxc_devs {
+	char *name;
+	mode_t mode;
+	int maj;
+	int min;
+};
+
+struct lxc_devs lxc_devs[] = {
+	{ "null",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 3	},
+	{ "zero",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 5	},
+	{ "full",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 7	},
+	{ "urandom",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 9	},
+	{ "random",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 8	},
+	{ "tty",	S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 5, 0	},
+	{ "console",	S_IFCHR | S_IRUSR | S_IWUSR,	       5, 1	},
+};
+
+/*
+ * Do we want to add options for max size of /dev and a file to
+ * specify which devices to create?
+ */
+static int setup_autodev(char *root)
+{
+	int ret;
+	struct lxc_devs *d;
+	char path[MAXPATHLEN];
+	int i;
+	mode_t cmask;
+
+	INFO("Creating and populating /dev under %s\n", root);
+	ret = snprintf(path, MAXPATHLEN, "%s/dev", root);
+	if (ret < 0 || ret > MAXPATHLEN)
+		return -1;
+	ret = mount("none", path, "tmpfs", 0, "size=100000");
+	if (ret) {
+		SYSERROR("Failed to mount /dev at %s\n", root);
+		return -1;
+	}
+ 	cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH);
+	for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) {
+		d = &lxc_devs[i];
+		ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name);
+		if (ret < 0 || ret >= MAXPATHLEN)
+			return -1;
+		ret = mknod(path, d->mode, makedev(d->maj, d->min));
+		if (ret) {
+			SYSERROR("Error creating %s\n", d->name);
+			return -1;
+		}
+	}
+	ret = snprintf(path, MAXPATHLEN, "%s/dev/pts", root);
+	if (ret < 0 || ret >= MAXPATHLEN)
+		return -1;
+	ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+	if (ret) {
+		SYSERROR("Failed to create /dev/pts in container");
+		return -1;
+	}
+	umask(cmask);
+
+	INFO("Populated /dev under %s\n", root);
+	return 0;
+}
+
 static int setup_rootfs(struct lxc_conf *conf)
 {
 	const struct lxc_rootfs *rootfs = &conf->rootfs;
@@ -2286,6 +2359,13 @@ int lxc_setup(const char *name, struct l
 		return -1;
 	}
 
+	if (lxc_conf->autodev) {
+		if (setup_autodev(lxc_conf->rootfs.mount)) {
+			ERROR("failed to set up /dev in the container");
+			return -1;
+		}
+	}
+
 	if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
 		ERROR("failed to setup the mounts for '%s'", name);
 		return -1;
Index: lxc-0.8.0/src/lxc/conf.h
===================================================================
--- lxc-0.8.0.orig/src/lxc/conf.h
+++ lxc-0.8.0/src/lxc/conf.h
@@ -229,6 +229,7 @@ struct lxc_conf {
 #if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
 	int lsm_umount_proc;
 #endif
+	int autodev;  // if 1, mount and fill a /dev at start
 };
 
 int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);
Index: lxc-0.8.0/src/lxc/confile.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/confile.c
+++ lxc-0.8.0/src/lxc/confile.c
@@ -75,6 +75,7 @@ static int config_network_ipv6(const cha
 static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf *);
 static int config_cap_drop(const char *, char *, struct lxc_conf *);
 static int config_console(const char *, char *, struct lxc_conf *);
+static int config_autodev(const char *, char *, struct lxc_conf *);
 
 typedef int (*config_cb)(const char *, char *, struct lxc_conf *);
 
@@ -118,6 +119,7 @@ static struct config config[] = {
 	{ "lxc.network.ipv6",         config_network_ipv6         },
 	{ "lxc.cap.drop",             config_cap_drop             },
 	{ "lxc.console",              config_console              },
+	{ "lxc.autodev",              config_autodev              },
 };
 
 static const size_t config_size = sizeof(config)/sizeof(struct config);
@@ -699,6 +701,16 @@ static int config_aa_profile(const char
 }
 #endif
 
+static int config_autodev(const char *key, char *value,
+			  struct lxc_conf *lxc_conf)
+{
+	int v = atoi(value);
+
+	lxc_conf->autodev = v;
+
+	return 0;
+}
+
 static int config_cgroup(const char *key, char *value, struct lxc_conf *lxc_conf)
 {
 	char *token = "lxc.cgroup.";
++++++ lxc-cgroup-already-running.patch ++++++
...
From abce2e8ee2cc07c1273dff7786902393a28108de Mon Sep 17 00:00:00 2001
From: Frederic Crozat 
Date: Fri, 27 Apr 2012 15:57:02 +0200
Subject: [PATCH] give a hint if old cgroup can't be moved
When cgroup can't be moved, it might be a hint container is already
running.
---
 src/lxc/cgroup.c |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

Index: lxc-0.8.0/src/lxc/cgroup.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/cgroup.c
+++ lxc-0.8.0/src/lxc/cgroup.c
@@ -434,6 +434,9 @@ static int lxc_one_cgroup_create(const c
 	if (!access(cgname, F_OK) && rmdir(cgname)) {
 		if (try_to_move_cgname(cgparent, cgname)) {
 			SYSERROR("failed to remove previous cgroup '%s'", cgname);
+			ERROR("##");
+			ERROR("# The container might be already running!");
+			ERROR("##");
 			return -1;
 		}
 	}
++++++ lxc-createconfig.in ++++++
#!/bin/bash

#
# lxc: linux Container library

# Authors:
# Mike Friesenegger 
# Daniel Lezcano 

# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.

# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
# Lesser General Public License for more details.

# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA


usage() {
    echo "usage: lxc-createconfig -n <name> [-i ] [-b <bridge>] [-t /dev/null
    if [ $? -ne 0 ]; then
        echo "$lxc_bridge not defined"
        exit 1
    fi
fi

if [ ! -z $lxc_template ]; then
    type ${templatedir}/lxc-$lxc_template >/dev/null
    if [ $? -ne 0 ]; then
        echo "unknown template '$lxc_template'"
        exit 1
    fi
fi

echo
echo "Container Name            = " $lxc_name
echo "IP Address                = " $lxc_ipaddr
echo "Bridge                    = " $lxc_bridge
echo
echo -n "Create container config? (n): "
read ANSWER
if [ "$ANSWER" != "y" -a "$ANSWER" != "Y" ]
then
    exit 1
fi
echo
echo "Creating container config $lxc_confpath/$lxc_confname"

# generate a MAC for the IP
lxc_hwaddr="02:00:`(date ; cat /proc/interrupts ) | md5sum | sed -r 's/^(.{8}).*$/\1/;s/([0-9a-f]{2})/\1:/g;s/:$//;'`"

cat >"$lxc_confpath/$lxc_confname" <<%%
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = $lxc_bridge
lxc.network.hwaddr = $lxc_hwaddr
%%
if [ ! $lxc_ipaddr = "DHCP" ]; then
    cat >>"$lxc_confpath/$lxc_confname" <<%%
lxc.network.ipv4 = $lxc_ipaddr
%%
fi
cat >>"$lxc_confpath/$lxc_confname" <<%%
lxc.network.name = eth0
%%

echo
echo "Run 'lxc-create -n $lxc_name -f $lxc_confpath/$lxc_confname -t $lxc_template' to create the lxc system object."
++++++ lxc-opensuse-12.2.patch ++++++
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -25,7 +25,7 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
-DISTRO=12.1
+DISTRO=12.2
 
 configure_opensuse()
 {
@@ -34,39 +34,13 @@ configure_opensuse()
 
    # set network as static, but everything is done by LXC outside the container
    cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
-STARTMODE='manual'
+STARTMODE='auto'
 BOOTPROTO='none'
 EOF
 
-   # set default route
-   IP=$(/sbin/ip route | awk '/default/ { print $3 }')
-   echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes
-
    # create empty fstab
    touch $rootfs/etc/fstab
 
-    # create minimal /dev
-    mknod -m 666 $rootfs/dev/random c 1 8
-    mknod -m 666 $rootfs/dev/urandom c 1 9
-    mkdir -m 755 $rootfs/dev/pts
-    mkdir -m 1777 $rootfs/dev/shm
-    mknod -m 666 $rootfs/dev/tty c 5 0
-    mknod -m 600 $rootfs/dev/console c 5 1
-    mknod -m 666 $rootfs/dev/tty0 c 4 0
-    mknod -m 666 $rootfs/dev/tty1 c 4 1
-    mknod -m 666 $rootfs/dev/tty2 c 4 2
-    mknod -m 666 $rootfs/dev/tty3 c 4 3
-    mknod -m 666 $rootfs/dev/tty4 c 4 4
-    ln -s null $rootfs/dev/tty10
-    mknod -m 666 $rootfs/dev/full c 1 7
-    mknod -m 666 $rootfs/dev/ptmx c 5 2
-    ln -s /proc/self/fd $rootfs/dev/fd
-    ln -s /proc/kcore $rootfs/dev/core
-    mkdir -m 755 $rootfs/dev/mapper
-    mknod -m 600 $rootfs/dev/mapper/control c 10 60
-    mkdir -m 755 $rootfs/dev/net
-    mknod -m 666 $rootfs/dev/net/tun c 10 200
-
     # set the hostname
     cat <<EOF > $rootfs/etc/HOSTNAME
 $hostname
@@ -91,23 +65,6 @@ LOADER_TYPE=none
 LOADER_LOCATION=none
 EOF
 
-    # cut down inittab
-    cat <<EOF > $rootfs/etc/inittab
-id:3:initdefault:
-si::bootwait:/etc/init.d/boot
-l0:0:wait:/etc/init.d/rc 0
-l1:1:wait:/etc/init.d/rc 1
-l2:2:wait:/etc/init.d/rc 2
-l3:3:wait:/etc/init.d/rc 3
-l6:6:wait:/etc/init.d/rc 6
-ls:S:wait:/etc/init.d/rc S
-~~:S:respawn:/sbin/sulogin
-p6::ctrlaltdel:/sbin/init 6
-p0::powerfail:/sbin/init 0
-cons:2345:respawn:/sbin/mingetty --noclear console screen
-c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
-EOF
-
     # set /dev/console as securetty
     cat << EOF >> $rootfs/etc/securetty
 console
@@ -121,10 +78,15 @@ EOF
 
 
     # remove pointless services in a container
-    chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd
+    ln -s /dev/null $rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount
+    ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service
+    ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service
+    ln -s /lib/systemd/system/getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+
+    touch $rootfs/etc/sysconfig/kernel
 
     echo "Please change root-password !"
-    echo "root:root" | chroot $rootfs chpasswd
+    echo "root:root" | chpasswd -R $rootfs
 
     return 0
 }
@@ -154,30 +116,45 @@ download_opensuse()
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
-    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init
+    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils
     cat > $cache/partial-$arch-packages/opensuse.conf << EOF
 Preinstall: aaa_base bash coreutils diffutils
-Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1
-Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam
+Preinstall: filesystem fillup glibc grep insserv
+Preinstall: libbz2-1 libgcc47 libncurses5 pam
 Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
-Preinstall: liblzma5 libcap2 libpcre0
+Preinstall: liblzma5 libcap2 libacl1 libattr1
 Preinstall: libpopt0 libelf1 liblua5_1
+Preinstall: libpcre1
 
 RunScripts: aaa_base
 
 Support: zypper
 Support: patterns-openSUSE-base
 Support: lxc
-Prefer: sysvinit-init
+Support: ncurses-utils
+Support: iputils
+Support: udev
+Support: netcfg
+Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh
+Support: pwdutils rpcbind sysconfig rsyslog
 
-Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf
+Ignore: rpm:suse-build-key,build-key
+Ignore: systemd:systemd-presets-branding
 EOF
+    if [ "$arch" == "i686" ]; then
+        mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/
+        for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i586/*" ; do
+            ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/
+        done
+        mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686
+        for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/update/i586/*" ; do
+            ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686/
+	done
+    fi
 
-    CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem  --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch
+    CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem  --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch
     chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
     chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
-    chroot $cache/partial-$arch rpm -e patterns-openSUSE-base
-    umount $cache/partial-$arch/proc
 #   really clean the image
     rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
     rm -fr $cache/partial-$arch/dev
@@ -261,21 +238,45 @@ copy_configuration()
     name=$3
 
 # only disable network if no network configuration was passed
-grep -q lxc.network.type $path/config
+sed '/^#/d' $path/config | grep -q lxc.network.type
 network_not_configured=$?
 if [ $network_not_configured -eq 1 ]; then
    cat <<EOF >> $path/config
 lxc.network.type = empty
 EOF
+else
+   type=$(sed '/^#/d; /lxc.network.type/!d; s/.*=[ \t]*//' $path/config)
+   sed '/^#/d' $path/config | grep -q lxc.network.*.gateway
+   gateway_not_configured=$?
+   sed '/^#/d' $path/config | grep -q lxc.network.ipv4
+   ipv4_not_configured=$?
+   if [ $gateway_not_configured ]; then
+     [ $ipv4_not_configured -eq 0 ] && ipv4=$(sed '/^#/d; /lxc.network.ipv4/!d; /gateway/d; s/.*=[ \t]*//; s/\([[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\).*/\1/' $path/config)
+     if [ "$type" = "veth" -o "$type" = "macvlan" ]; then
+      if [ $ipv4_not_configured -eq 0 -a "$ipv4" != "0.0.0.0" ]; then
+       # set default route
+       IP=$(/sbin/ip route | awk '/default/ { print $3 }')
+       echo "lxc.network.ipv4.gateway = $IP " >> $path/config
+      else
+	   # set network as dhcp
+	   sed -i -e 's/BOOTPROTO=.*/BOOTPROTO=dhcp/' $rootfs/etc/sysconfig/network/ifcfg-eth0
+      fi
+     fi
+   fi
+   if [ "$type" != "empty" ]; then
+       echo "#remove next line if host DNS configuration should not be available to container" >> $path/config
+       echo "lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0" >> $path/config
+   fi
 fi
 
     cat <<EOF >> $path/config
 lxc.utsname = $name
-
+lxc.autodev=1
 lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
 lxc.mount = $path/fstab
+lxc.cap.drop = sys_module mac_admin mac_override mknod
 
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.aa_profile = unconfined
++++++ lxc-opensuse-12.3.patch ++++++
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -25,7 +25,7 @@
 # License along with this library; if not, write to the Free Software
 # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 
-DISTRO=12.2
+DISTRO=12.3
 
 configure_opensuse()
 {
@@ -58,7 +58,6 @@ EOF
 127.0.0.1 localhost $hostname
 EOF
 
-    # disable various services
     # disable yast->bootloader in container
     cat <<EOF > $rootfs/etc/sysconfig/bootloader
 LOADER_TYPE=none
@@ -81,7 +80,14 @@ EOF
     ln -s /dev/null $rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount
     ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service
     ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service
-    ln -s /lib/systemd/system/getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+    sed -e 's/ConditionPathExists=.*//' /usr/lib/systemd/system/getty@.service > $rootfs/etc/systemd/system/getty@.service
+    ln -s getty@.service $rootfs/etc/systemd/system/getty@tty1.service
+    ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+    ln -s -f ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty1.service
+    ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty2.service
+    ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty3.service
+    ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty4.service
+
 
     touch $rootfs/etc/sysconfig/kernel
 
@@ -113,15 +119,19 @@ download_opensuse()
     # download a mini opensuse into a cache
     echo "Downloading opensuse minimal ..."
     mkdir -p "$cache/partial-$arch-packages"
-    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
-    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+    if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/repo-oss.repo ]]; then
+        zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
+    fi
+    if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/update.repo ]]; then
+        zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+    fi
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1
-    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar || return 1
+    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar rsyslog || return 1
     cat > $cache/partial-$arch-packages/opensuse.conf << EOF
 Preinstall: aaa_base bash coreutils diffutils
-Preinstall: filesystem fillup glibc grep insserv
-Preinstall: libbz2-1 libgcc47 libncurses5 pam
-Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
+Preinstall: filesystem fillup glibc grep insserv-compat
+Preinstall: libbz2-1 libgcc_s1 libncurses5 pam
+Preinstall: permissions libreadline6 rpm sed tar libz1 libselinux1
 Preinstall: liblzma5 libcap2 libacl1 libattr1
 Preinstall: libpopt0 libelf1 liblua5_1
 Preinstall: libpcre1
@@ -135,8 +145,8 @@ Support: ncurses-utils
 Support: iputils
 Support: udev
 Support: netcfg
-Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh
-Support: pwdutils rpcbind sysconfig rsyslog
+Support: dhcpcd hwinfo insserv-compat module-init-tools openSUSE-release openssh
+Support: pwdutils rpcbind sysconfig
 
 Ignore: rpm:suse-build-key,build-key
 Ignore: systemd:systemd-presets-branding
@@ -208,6 +218,15 @@ install_opensuse()
 
 	arch=$(arch)
 
+        if [[ -f $cache/rootfs-$arch/etc/os-release ]]; then
+            source $cache/rootfs-$arch/etc/os-release
+            if [[ ${DISTRO} != ${VERSION_ID} ]]; then
+                echo "openSUSE version in template don't match with cached system"
+                echo "Cleaning cache ..."
+                rm -rf "$cache/rootfs-$arch"
+            fi
+        fi
+
 	echo "Checking cache download in $cache/rootfs-$arch ... "
 	if [ ! -e "$cache/rootfs-$arch" ]; then
 	    download_opensuse $cache $arch
++++++ lxc-opensuse-clonefixes.patch ++++++
...
From 094f7c36e3ac80be9eb3b1746560965377256467 Mon Sep 17 00:00:00 2001
From: Frederic Crozat 
Date: Wed, 18 Apr 2012 17:17:18 +0200
Subject: [PATCH] various fixes for openSUSE template for lxc-clone usage
- create /etc/hostname as symlink to /etc/HOSTNAME
- fix inadequate space in lxc.mount config, preventing lxc-clone to work
---
 templates/lxc-opensuse.in |    4 +++-
 1 files changed, 3 insertions(+), 1 deletions(-)

Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -34,8 +34,8 @@ configure_opensuse()
 
    # set network as static, but everything is done by LXC outside the container
    cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
-STARTMODE='auto'
-BOOTPROTO='static'
+STARTMODE='manual'
+BOOTPROTO='none'
 EOF
 
    # set default route
@@ -71,6 +71,8 @@ EOF
     cat <<EOF > $rootfs/etc/HOSTNAME
 $hostname
 EOF
+    # ensure /etc/hostname is available too
+    ln -s -f HOSTNAME $rootfs/etc/hostname
 
     # do not use hostname from HOSTNAME variable
     cat <<EOF >> $rootfs/etc/sysconfig/cron
@@ -257,13 +259,22 @@ copy_configuration()
     rootfs=$2
     name=$3
 
+# only disable network if no network configuration was passed
+grep -q lxc.network.type $path/config
+network_not_configured=$?
+if [ $network_not_configured -eq 1 ]; then
+   cat <<EOF >> $path/config
+lxc.network.type = empty
+EOF
+fi
+
     cat <<EOF >> $path/config
 lxc.utsname = $name
 
 lxc.tty = 4
 lxc.pts = 1024
 lxc.rootfs = $rootfs
-lxc.mount  = $path/fstab
+lxc.mount = $path/fstab
 
 # When using LXC with apparmor, uncomment the next line to run unconfined:
 #lxc.aa_profile = unconfined
++++++ lxc-opensuse-extend-base.patch ++++++
From: Jiri Slaby 
Subject: lxc-opensuse: extend base
References: bnc#804232

Base no longer provides bash, sed and tar, but we need those. So add them.

---
 templates/lxc-opensuse.in |    2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -116,7 +116,7 @@ download_opensuse()
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
     zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
-    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils
+    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar
     cat > $cache/partial-$arch-packages/opensuse.conf << EOF
 Preinstall: aaa_base bash coreutils diffutils
 Preinstall: filesystem fillup glibc grep insserv
++++++ lxc-opensuse-proper-failure.patch ++++++
From: Jiri Slaby 
Subject: lxc-opensuse: proper failure

Fail if something goes wrong. We used to continue and show one failure
after another.
---
 templates/lxc-opensuse.in |   14 +++++++-------
 1 file changed, 7 insertions(+), 7 deletions(-)

--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -113,10 +113,10 @@ download_opensuse()
     # download a mini opensuse into a cache
     echo "Downloading opensuse minimal ..."
     mkdir -p "$cache/partial-$arch-packages"
-    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
-    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
-    zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
-    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar
+    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
+    zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+    zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1
+    zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar || return 1
     cat > $cache/partial-$arch-packages/opensuse.conf << EOF
 Preinstall: aaa_base bash coreutils diffutils
 Preinstall: filesystem fillup glibc grep insserv
@@ -152,9 +152,9 @@ EOF
 	done
     fi
 
-    CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem  --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch
-    chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
-    chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
+    CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem  --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch || return 1
+    chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss || return 1
+    chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
 #   really clean the image
     rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
     rm -fr $cache/partial-$arch/dev
++++++ lxc-opensuse-tmpfs.patch ++++++
...
From d088de50c551f4941ae24b536057fc57915ee7d7 Mon Sep 17 00:00:00 2001
From: Frederic Crozat 
Date: Fri, 20 Apr 2012 14:36:53 +0200
Subject: [PATCH] shutdown fixes for openSUSE container
- mount /run on tmpfs outside container
- replace /var/run bind mount on /run by a symlink
---
 templates/lxc-opensuse.in |    5 +++++
 1 files changed, 5 insertions(+), 0 deletions(-)

Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -188,6 +188,10 @@ EOF
 #   create mtab symlink
     rm -f $cache/partial-$arch/etc/mtab
     ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab
+
+# ensure /var/run and /run are symlinked
+    rm -fr $cache/partial-$arch/var/run
+    ln -s -f ../run $cache/partial-$arch/var/run
     if [ $? -ne 0 ]; then
 	echo "Failed to download the rootfs, aborting."
 	return 1
@@ -297,6 +301,7 @@ EOF
     cat <<EOF > $path/fstab
 proc            proc         proc	nodev,noexec,nosuid 0 0
 sysfs           sys          sysfs	defaults  0 0
+tmpfs           run          tmpfs	mode=0755,nodev,nosuid 0 0
 EOF
 
     if [ $? -ne 0 ]; then
++++++ pivot-root_shared.patch ++++++
...
From cc28d0b0a66bd956645dc7b8fc85b917711f2472 Mon Sep 17 00:00:00 2001
From: Serge Hallyn 
Date: Wed, 19 Dec 2012 23:58:44 -0600
Subject: [PATCH] Support MS_SHARED /
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(I'll be out until Jan 2, but in the meantime, here is hopefully a
little newyears gift - this seems to allow lxc-start with / being
MS_SHARED on the host)

When / is MS_SHARED (for instance with f18 and modern arch), lxc-start
fails on pivot_root.  The kernel enforces that, when doing pivot_root,
the parent of current->fs->root (as well as the new root and the putold
location) not be MS_SHARED.

To work around this, check /proc/self/mountinfo for a 'shared:' in
the '/' line.  If it is there, then create a tiny MS_SLAVE tmpfs dir to
serve as parent of /, recursively bind mount / into /root under that dir,
make it rslave, and chroot into it.

Tested with ubuntu raring image after doing 'mount --make-rshared /'.

Signed-off-by: Serge Hallyn 
Acked-by: Stéphane Graber 
---
 src/lxc/conf.c  |  117 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
 src/lxc/conf.h  |    3 ++
 src/lxc/start.c |    8 ++++
 3 files changed, 125 insertions(+), 3 deletions(-)

Index: lxc-0.7.5/src/lxc/conf.c
===================================================================
--- lxc-0.7.5.orig/src/lxc/conf.c
+++ lxc-0.7.5/src/lxc/conf.c
@@ -716,8 +716,112 @@ static int setup_rootfs_pivot_root(const
 	return 0;
 }
 
-static int setup_rootfs(const struct lxc_rootfs *rootfs)
+/*
+ * Detect whether / is mounted MS_SHARED.  The only way I know of to
+ * check that is through /proc/self/mountinfo.
+ * I'm only checking for /.  If the container rootfs or mount location
+ * is MS_SHARED, but not '/', then you're out of luck - figuring that
+ * out would be too much work to be worth it.
+ */
+#define LINELEN 4096
+int detect_shared_rootfs(void)
 {
+	char buf[LINELEN], *p;
+	FILE *f;
+	int i;
+	char *p2;
+
+	f = fopen("/proc/self/mountinfo", "r");
+	if (!f)
+		return 0;
+	while ((p = fgets(buf, LINELEN, f))) {
+		INFO("looking at .%s.", p);
+		for (p = buf, i=0; p && i < 4; i++)
+			p = index(p+1, ' ');
+		if (!p)
+			continue;
+		p2 = index(p+1, ' ');
+		if (!p2)
+			continue;
+		*p2 = '\0';
+		INFO("now p is .%s.", p);
+		if (strcmp(p+1, "/") == 0) {
+			// this is '/'.  is it shared?
+			p = index(p2+1, ' ');
+			if (strstr(p, "shared:"))
+				return 1;
+		}
+	}
+	fclose(f);
+	return 0;
+}
+
+/*
+ * I'll forgive you for asking whether all of this is needed :)  The
+ * answer is yes.
+ * pivot_root will fail if the new root, the put_old dir, or the parent
+ * of current->fs->root are MS_SHARED.  (parent of current->fs_root may
+ * or may not be current->fs_root - if we assumed it always was, we could
+ * just mount --make-rslave /).  So,
+ *    1. mount a tiny tmpfs to be parent of current->fs->root.
+ *    2. make that MS_SLAVE
+ *    3. make a 'root' directory under that
+ *    4. mount --rbind / under the $tinyroot/root.
+ *    5. make that rslave
+ *    6. chdir and chroot into $tinyroot/root
+ *    7. $tinyroot will be unmounted by our parent in start.c
+ */
+static int chroot_into_slave(struct lxc_conf *conf)
+{
+	char path[MAXPATHLEN];
+	const char *destpath = conf->rootfs.mount;
+	int ret;
+
+	if (mount(destpath, destpath, NULL, MS_BIND, 0)) {
+		SYSERROR("failed to mount %s bind", destpath);
+		return -1;
+	}
+	if (mount("", destpath, NULL, MS_SLAVE, 0)) {
+		SYSERROR("failed to make %s slave", destpath);
+		return -1;
+	}
+	if (mount("none", destpath, "tmpfs", 0, "size=10000")) {
+		SYSERROR("Failed to mount tmpfs / at %s", destpath);
+		return -1;
+	}
+	ret = snprintf(path, MAXPATHLEN, "%s/root", destpath);
+	if (ret < 0 || ret >= MAXPATHLEN) {
+		ERROR("out of memory making root path");
+		return -1;
+	}
+	if (mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) {
+		SYSERROR("Failed to create /dev/pts in container");
+		return -1;
+	}
+	if (mount("/", path, NULL, MS_BIND|MS_REC, 0)) {
+		SYSERROR("Failed to rbind mount / to %s", path);
+		return -1;
+	}
+	if (mount("", destpath, NULL, MS_SLAVE|MS_REC, 0)) {
+		SYSERROR("Failed to make tmp-/ at %s rslave", path);
+		return -1;
+	}
+	if (chdir(path)) {
+		SYSERROR("Failed to chdir into tmp-/");
+		return -1;
+	}
+	if (chroot(path)) {
+		SYSERROR("Failed to chroot into tmp-/");
+		return -1;
+	}
+	INFO("Chrooted into tmp-/ at %s\n", path);
+	return 0;
+}
+
+static int setup_rootfs(struct lxc_conf *conf)
+{
+	const struct lxc_rootfs *rootfs = &conf->rootfs;
+
 	if (!rootfs->path)
 		return 0;
 
@@ -727,6 +831,13 @@ static int setup_rootfs(const struct lxc
 		return -1;
 	}
 
+	if (detect_shared_rootfs()) {
+		if (chroot_into_slave(conf)) {
+			ERROR("Failed to chroot into slave /");
+			return -1;
+		}
+	}
+
 	if (mount_rootfs(rootfs->path, rootfs->mount)) {
 		ERROR("failed to mount rootfs");
 		return -1;
@@ -848,7 +959,7 @@ static int setup_console(const struct lx
 	return 0;
 }
 
-static int setup_cgroup(const char *name, struct lxc_list *cgroups)
+int setup_cgroup(const char *name, struct lxc_list *cgroups)
 {
 	struct lxc_list *iterator;
 	struct lxc_cgroup *cg;
@@ -1846,7 +1957,7 @@ int lxc_setup(const char *name, struct l
 		return -1;
 	}
 
-	if (setup_rootfs(&lxc_conf->rootfs)) {
+	if (setup_rootfs(lxc_conf)) {
 		ERROR("failed to setup rootfs for '%s'", name);
 		return -1;
 	}
Index: lxc-0.7.5/src/lxc/conf.h
===================================================================
--- lxc-0.7.5.orig/src/lxc/conf.h
+++ lxc-0.7.5/src/lxc/conf.h
@@ -227,6 +227,9 @@ extern int lxc_find_gateway_addresses(st
 extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
 extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
 
+extern int setup_cgroup(const char *name, struct lxc_list *cgroups);
+extern int detect_shared_rootfs(void);
+
 /*
  * Configure the container from inside
  */
Index: lxc-0.7.5/src/lxc/start.c
===================================================================
--- lxc-0.7.5.orig/src/lxc/start.c
+++ lxc-0.7.5/src/lxc/start.c
@@ -535,6 +535,14 @@ int lxc_spawn(struct lxc_handler *handle
 	if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CONFIGURE))
 		return -1;
 
+	if (detect_shared_rootfs())
+		umount2(handler->conf->rootfs.mount, MNT_DETACH);
+
+	if (setup_cgroup(name, &handler->conf->cgroup)) {
+		ERROR("failed to setup the cgroups for '%s'", name);
+		goto out_delete_net;
+	}
+
 	if (handler->ops->post_start(handler, handler->data))
 		goto out_abort;
...
From 859a6da0fac5d214230f8a52777277b5147532fb Mon Sep 17 00:00:00 2001
From: Natanael Copa 
Date: Tue, 25 Dec 2012 10:53:50 +0100
Subject: [PATCH] define MS_SHARED if needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes build on uClibc.

Signed-off-by: Natanael Copa 
Acked-by: Stéphane Graber 
---
 src/lxc/conf.c |    4 ++++
 1 file changed, 4 insertions(+)

diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 96940b3..c82e759 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -87,6 +87,10 @@ lxc_log_define(lxc_conf, lxc);
 #define MNT_DETACH 2
 #endif
 
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
+#endif
+
 #ifndef MS_RELATIME
 #define MS_RELATIME (1 << 21)
 #endif
-- 
1.7.10.4

-- 
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org

    

commit lxc.1694 for openSUSE:12.3:Update

root＠hilbert.suse.de