Hello community,
here is the log from the commit of package lxc.1694 for openSUSE:12.3:Update checked in at 2013-06-03 10:59:12
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/lxc.1694 (Old)
and /work/SRC/openSUSE:12.3:Update/.lxc.1694.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "lxc.1694"
Changes:
--------
New Changes file:
--- /dev/null 2013-05-23 01:40:31.032032505 +0200
+++ /work/SRC/openSUSE:12.3:Update/.lxc.1694.new/lxc.changes 2013-06-03 10:59:14.000000000 +0200
@@ -0,0 +1,301 @@
+-------------------------------------------------------------------
+Wed Apr 24 12:12:32 UTC 2013 - fcrozat@suse.com
+
+- Ensure umask is called before creating device nodes (bnc#816456).
+ + Added lxc-autodev.patch
+
+-------------------------------------------------------------------
+Wed Apr 24 08:11:11 UTC 2013 - jslaby@suse.com
+
+- Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch:
+ Fix checkconfig to handle kernel memory cgroup name change
+ (bnc#807215)
+
+-------------------------------------------------------------------
+Tue Feb 26 14:33:41 UTC 2013 - mvyskocil@suse.com
+
+- clean cache if a distro version in template does not match
+ with files in a cache (bnc#804435#c19)
+
+-------------------------------------------------------------------
+Tue Feb 26 09:58:10 UTC 2013 - mvyskocil@suse.com
+
+- run zypper ar only if .repo file does not exists
+ fixes a partial created repos (bnc#804435#c16)
+
+-------------------------------------------------------------------
+Wed Feb 20 16:21:03 UTC 2013 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.3.patch: update template to openSUSE 12.3
+
+-------------------------------------------------------------------
+Tue Feb 19 10:59:39 UTC 2013 - jslaby@suse.com
+
+- lxc-opensuse-extend-base.patch: lxc-opensuse: extend base
+ (bnc#804232)
+- lxc-opensuse-proper-failure.patch: lxc-opensuse: proper failure
+- remove change-hwaddr-on-clone.patch as it was fixed upstream
+ already
+
+-------------------------------------------------------------------
+Mon Jan 21 09:26:57 UTC 2013 - fcrozat@suse.com
+
+- Update pivot-root_shared.patch with upstream patch to build with
+ old version of kernel headers.
+- Check for /etc/init.d/boot.cgroup presence before starting it in
+ %post.
+
+-------------------------------------------------------------------
+Fri Jan 11 15:56:54 UTC 2013 - fcrozat@suse.com
+
+- Release 0.8.0:
+ + add support for autodetection of gateway address
+ + add support for LVM2 and btrfs snapshot in lxc-clone
+ + add support for apparmor
+ + support nested cgroups
+ + lxc no longer depends on perl
+ + add support for container hooks (pre-start, mount, start, stop,
+ umount, post-stop)
+ + templates are moved to /usr/share/lxc/templates
+- Remove
+ Accurately-detect-whether-a-system-supports-clone_children.patch:
+ merged upstream.
+- Add lxc-opensuse-clonefixes.patch: fix openSUSE template
+ regarding cloning.
+- Add 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch: fix
+ btrfs subvolume when removing a container.
+- Add lxc-autodev.patch: fill /dev when starting container (needed
+ for systemd).
+- Update lxc-opensuse-12.2.patch: switch to systemd in container.
+
+-------------------------------------------------------------------
+Fri Jan 11 15:30:21 UTC 2013 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.1-fixbuild.patch: fix openSUSE 12.1 container
+ build.
+- Add lxc-opensuse-12.2.patch:
+ + switch openSUSE template to 12.2
+ + install iputils in the default configuration
+ + autoconfigure gateway if possible
+ + detect if network is set to 0.0.0.0 and configure DHCP
+ + bind mount /etc/resolv.conf in container
+- Add use-relative-paths-for-container.patch,
+ fix-lxc-clone-mount-entries.patch and update sles
+ template: use relative paths for container mount points, fixes
+ lxc-clone dropping some lxc.mount entries (bnc#789387).
+- Add Requires(post) dependency on aaa_base (bnc#786970) for
+ openSUSE < 12.3.
+- Add dhcpcd in default installation in openSUSE template (bnc#776169).
+- Add change-hwaddr-on-clone.patch: modify MAC address when cloning
+ a container (git)
+- Add wait-until-container-is-stopped.patch: if destroying a
+ running container, wait until it is stopped before destroying it.
+- Ensure lxc-createconfig uses opensuse template by default.
+- Ensure lxc-createconfig correctly detect cidr (bnc#773234).
+- Add pivot-root_shared.patch: fix pivot root when / is mounted as
+ shared (default on 12.3 and later).
+
+-------------------------------------------------------------------
+Fri Apr 20 13:53:41 UTC 2012 - fcrozat@suse.com
+
+- Add various fixes to opensuse template :
+ + create /etc/hostname as symlink to /etc/HOSTNAME
+ (lxc-clone fix)
+ + fix inadequate space in lxc.mount config (lxc-clone fix)
+ + disable network in container if not configured
+ + configure network scripts properly
+- Add lxc-snapshot-btrfs-lvm.patch: backport snapshot support,
+ using btrfs or lvm2.
+- Add lxc-opensuse-tmpfs.patch: ensure container shutting down is
+ correctly detected by LXC.
+
+-------------------------------------------------------------------
+Fri Apr 13 11:36:16 UTC 2012 - fcrozat@suse.com
+
+- Add lxc-createconfig script to easy LXC configuration
+ (bnc#723950).
+
+-------------------------------------------------------------------
+Tue Mar 6 21:11:54 CET 2012 - jslaby@suse.de
+
+- Accurately detect whether a system supports clone_children
+ (bnc#750470)
+
+-------------------------------------------------------------------
+Tue Jan 10 15:41:45 UTC 2012 - fcrozat@suse.com
+
+- Drop lxc-file_caps.patch, it is SLES specific, since openSUSE is
+ now shipping with file capabilities enabled.
+
+-------------------------------------------------------------------
+Fri Jan 6 15:51:32 UTC 2012 - fcrozat@suse.com
+
+- Update lxc-opensuse-12.1.patch to correctly generate containers
+ on x86 (bnc#739315).
+- Backport some fixes from SLES 11 SP2:
+ - Add lxc-checkconfig-kernel-3.patch and lxc-file_caps.patch:
+ fix detection of kernel 3.x and file capabilities (bnc#720845).
+ - Fix example path in manpages (bnc#723946).
+
+-------------------------------------------------------------------
+Tue Oct 25 11:35:10 UTC 2011 - fcrozat@suse.com
+
+- Add console to opensuse securetty, since we are in a container.
+
+-------------------------------------------------------------------
+Tue Oct 25 09:32:01 UTC 2011 - fcrozat@suse.com
+
+- Add lxc-opensuse-12.1.patch: create openSUSE 12.1 containers now
+- Add Recommends on build package, which is used by opensuse
+ template.
+- Update README.SUSE to current status for cgroups mountpoint
+
+-------------------------------------------------------------------
+Fri Sep 2 08:26:28 UTC 2011 - fcrozat@suse.com
+
+- Fix license tag, it is LGPLv2.1+ (using LGPLv2+ tag to be
+ consistent).
+
+-------------------------------------------------------------------
+Wed Aug 31 11:16:28 UTC 2011 - fcrozat@suse.com
+
+- Update to 0.7.5:
+ - add initial lxc-clone feature
+ - add arm as supported srcarch
+ - opensuse template is merged
+ - improve other distribution templates
+ - support cgroups mounted in multiple places
+
+-------------------------------------------------------------------
+Fri Jun 24 21:33:24 CEST 2011 - jslaby@suse.de
+
+- kill _service
+
+-------------------------------------------------------------------
+Fri Jun 24 14:09:02 UTC 2011 - fcrozat@suse.com
+
+- Add lxc-opensuse template.
+- package /var/lib/lxc.
+
+-------------------------------------------------------------------
+Fri May 27 21:16:56 CEST 2011 - jslaby@suse.de
+
+- update to 0.7.4.2
+ - exit if allocation fails
+ - ensure monitored container name is null terminated
+ - do not put devpts in fstab
+
+-------------------------------------------------------------------
+Thu Mar 24 14:22:15 UTC 2011 - brian@aljex.com
+
+- update to 0.7.4.1
+ - fix mount path
+ - rename physical device to the original name
+
+-------------------------------------------------------------------
+Mon Feb 28 18:03:32 CET 2011 - jslaby@suse.de
+
++++ 104 more lines (skipped)
++++ between /dev/null
++++ and /work/SRC/openSUSE:12.3:Update/.lxc.1694.new/lxc.changes
New:
----
0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch
Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch
README.SUSE
lxc-0.8.0.tar.gz
lxc-autodev.patch
lxc-cgroup-already-running.patch
lxc-createconfig.in
lxc-opensuse-12.2.patch
lxc-opensuse-12.3.patch
lxc-opensuse-clonefixes.patch
lxc-opensuse-extend-base.patch
lxc-opensuse-proper-failure.patch
lxc-opensuse-tmpfs.patch
lxc.changes
lxc.spec
pivot-root_shared.patch
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ lxc.spec ++++++
#
# spec file for package lxc
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
Name: lxc
Version: 0.8.0
Release: 0
Url: http://lxc.sourceforge.net/
Summary: Linux containers implementation
License: LGPL-2.1+
Group: System/Management
Source: http://lxc.sourceforge.net/download/lxc/%{name}-%{version}.tar.gz
Source1: README.SUSE
Source2: lxc-createconfig.in
# PATCH-FIX-UPSTREAM lxc-opensuse-clonefixes.patch fcrozat@suse.com -- various fixes in openSUSE template for lxc-clone
Patch0: lxc-opensuse-clonefixes.patch
# PATCH-FIX-UPSTREAM lxc-opensuse-tmpfs.patch fcrozat@suse.com -- fix shutdown in openSUSE container
Patch1: lxc-opensuse-tmpfs.patch
# PATCH-FIX-UPSTREAM lxc-cgroup-already-running.patch fcrozat@suse.com -- warn if container is already running
Patch2: lxc-cgroup-already-running.patch
# PATCH-FIX-UPSTREAM 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch fcrozat@suse.com -- ensure btrfs subvolume is destroyed on container creation fails
Patch4: 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch
# PATCH-FIX-UPSTREAM lxc-opensuse-12.2.patch
Patch5: lxc-opensuse-12.2.patch
# PATCH-FIX-UPSTREAM pivot-root_shared.patch fcrozat@suse.com -- fix pivot root when / is mount as shared
Patch6: pivot-root_shared.patch
# PATCH-FIX-UPSTREAM lxc-autodev.patch fcrozat@suse.com -- Add lxc.autodev
Patch7: lxc-autodev.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-extend-base.patch jslaby@suse.com -- Add missing package to base
Patch8: lxc-opensuse-extend-base.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-proper-failure.patch jslaby@suse.com -- Proper failure on repository addition error
Patch9: lxc-opensuse-proper-failure.patch
# PATCH-FIX-OPENSUSE lxc-opensuse-12.3.patch fcrozat@suse.com -- Switch openSUSE template to 12.3
Patch10: lxc-opensuse-12.3.patch
Patch11: Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: docbook-utils
BuildRequires: libapparmor-devel
BuildRequires: libcap-devel
BuildRequires: pkg-config
%if 0%{?suse_version} >= 1130
BuildRequires: linux-glibc-devel
%else
BuildRequires: linux-kernel-headers
%endif
Requires: /sbin/setcap
Requires: rsync
%if 0%{?suse_version} < 1230
Requires(post): aaa_base
%endif
# needed to create openSUSE containers using template
Recommends: build
%description
It provides commands to create and manage containers. It contains a
full featured container with the isolation/virtualization of the pids,
the ipc, the utsname, the mount points, /proc, /sys, the network and it
takes into account the control groups. It is very light, flexible, and
provides a set of tools around the container like the monitoring with
asynchronous events notification, or the freeze of the container. This
package is useful to create Virtual Private Server, or to run isolated
applications like bash or sshd.
%package devel
Summary: Development library for lxc
License: LGPL-2.1
Group: Development/Libraries/C and C++
Requires: %name = %version
%description devel
Lxc header files and library needed for development of containers.
%prep
%setup
%patch0 -p1
%patch1 -p1
%patch2 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%build
%configure --disable-examples
%__make %{?_smp_mflags}
%__cp %{SOURCE1} .
%__rm -rf .doc
%__mkdir_p .doc/examples
%__cp doc/examples/*.conf .doc/examples
%install
%makeinstall
install -d -m 755 %{buildroot}/var/lib/lxc
find %buildroot -type f -name '*.la' -delete
./config.status --file=%{buildroot}%{_bindir}/lxc-createconfig:%{S:2}
chmod a+x %{buildroot}%{_bindir}/lxc-createconfig
%clean
%__rm -rf %buildroot
%post
/sbin/ldconfig
%if 0%{?suse_version} < 1230
if [ -x /etc/init.d/boot.cgroup ]; then
%fillup_and_insserv -f -Y boot.cgroup
/etc/init.d/boot.cgroup start 2>/dev/null >/dev/null || :
fi
%endif
%postun
/sbin/ldconfig
%if 0%{?suse_version} < 1230
%insserv_cleanup
%endif
%files
%defattr(-,root,root)
%doc AUTHORS MAINTAINERS COPYING README doc/FAQ.txt
%doc README.SUSE
%doc .doc/examples
%{_libdir}/lib%{name}.so.*
%{_libexecdir}/%name
%{_libdir}/%name
%{_datadir}/%name
%dir /var/lib/lxc
%{_bindir}/%{name}-*
%{_mandir}/man[^3]/*
%files devel
%defattr(-,root,root)
%{_includedir}/%name
%{_libdir}/lib%{name}.so
%{_libdir}/pkgconfig/%{name}.pc
%changelog
++++++ 0001-Ensure-btrfs-subvolume-is-destroyed-on-error.patch ++++++
From 028d1b3eb110229113dc99f3587fac1f9fca9b0e Mon Sep 17 00:00:00 2001
From: Frederic Crozat
Date: Wed, 14 Nov 2012 16:02:37 +0100
Subject: [PATCH] Ensure btrfs subvolume is destroyed on error
---
src/lxc/lxc-create.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/lxc/lxc-create.in b/src/lxc/lxc-create.in
index b21cdc3..124ffd5 100644
--- a/src/lxc/lxc-create.in
+++ b/src/lxc/lxc-create.in
@@ -237,6 +237,8 @@ cleanup() {
if [ $backingstore = "lvm" ]; then
umount $rootfs
lvremove -f $rootdev
+ elif [ $backingstore = "btrfs" ]; then
+ btrfs subvolume delete "$rootfs"
fi
${bindir}/lxc-destroy -n $lxc_name
echo "$(basename $0): aborted" >&2
--
1.7.10.4
++++++ Fix-checkconfig-to-handle-kernel-memory-cgroup-name-.patch ++++++
From: Dwight Engen
Date: Wed, 14 Nov 2012 12:03:56 -0500
Subject: Fix checkconfig to handle kernel memory cgroup name change
Patch-mainline: 0.9.0
References: bnc#807215
The kernel config option for the memory cgroup was changed in 3.6
from CONFIG_CGROUP_MEM_RES_CTLR to CONFIG_MEMCG with commit c255a458.
Signed-off-by: Dwight Engen
Acked-by: Stéphane Graber
Signed-off-by: Jiri Slaby
---
src/lxc/lxc-checkconfig.in | 25 +++++++++++++++----------
1 file changed, 15 insertions(+), 10 deletions(-)
diff --git a/src/lxc/lxc-checkconfig.in b/src/lxc/lxc-checkconfig.in
index 8c2b5e5..8263c17 100644
--- a/src/lxc/lxc-checkconfig.in
+++ b/src/lxc/lxc-checkconfig.in
@@ -68,6 +68,15 @@ print_cgroups() {
}
CGROUP_MNT_PATH=`print_cgroups cgroup /proc/self/mounts | head -1`
+KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
+ sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
+if [[ $KVER_MAJOR == 2 ]]; then
+KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
+ sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
+else
+KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
+ sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
+fi
echo -n "Cgroup: " && is_enabled CONFIG_CGROUPS yes
@@ -80,22 +89,18 @@ fi
echo -n "Cgroup device: " && is_enabled CONFIG_CGROUP_DEVICE
echo -n "Cgroup sched: " && is_enabled CONFIG_CGROUP_SCHED
echo -n "Cgroup cpu account: " && is_enabled CONFIG_CGROUP_CPUACCT
-echo -n "Cgroup memory controller: " && is_enabled CONFIG_CGROUP_MEM_RES_CTLR
+echo -n "Cgroup memory controller: "
+if [ $KVER_MAJOR -ge 3 -a $KVER_MINOR -ge 6 ]; then
+ is_enabled CONFIG_MEMCG
+else
+ is_enabled CONFIG_CGROUP_MEM_RES_CTLR
+fi
is_set CONFIG_SMP && echo -n "Cgroup cpuset: " && is_enabled CONFIG_CPUSETS
echo
echo "--- Misc ---"
echo -n "Veth pair device: " && is_enabled CONFIG_VETH
echo -n "Macvlan: " && is_enabled CONFIG_MACVLAN
echo -n "Vlan: " && is_enabled CONFIG_VLAN_8021Q
-KVER_MAJOR=$($GREP '^# Linux' $CONFIG | \
- sed -r 's/.* ([0-9])\.[0-9]{1,2}\.[0-9]{1,3}.*/\1/')
-if [[ $KVER_MAJOR == 2 ]]; then
-KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
- sed -r 's/.* 2.6.([0-9]{2}).*/\1/')
-else
-KVER_MINOR=$($GREP '^# Linux' $CONFIG | \
- sed -r 's/.* [0-9]\.([0-9]{1,3})\.[0-9]{1,3}.*/\1/')
-fi
echo -n "File capabilities: " &&
( [[ ${KVER_MAJOR} == 2 && ${KVER_MINOR} < 33 ]] &&
is_enabled CONFIG_SECURITY_FILE_CAPABILITIES ) ||
--
1.8.2.1
++++++ README.SUSE ++++++
To mount the control group file system on openSUSE 11.3, SLE 11 SP1 and older,
perform the following:
mkdir /cgroup
and add the following line to /etc/fstab:
cgroup /cgroup cgroup nofail 0 0
On openSUSE 11.4, SLE 11 SP2 and newer, you can just run:
/sbin/insserv boot.cgroup
and /sys/fs/cgroup will be mounted for cgroup automatically.
++++++ lxc-autodev.patch ++++++
From c6883f383e587725552f7c71e96ebe1c34ae7c56 Mon Sep 17 00:00:00 2001
From: Serge Hallyn
Date: Thu, 1 Nov 2012 22:27:03 +0100
Subject: [PATCH] Add lxc.autodev
Add a container config option to mount and populate /dev in a container.
We might want to add options to specify a max size for /dev other than
the default 100k, and to specify other devices to create. And maybe
someone can think of a better name than autodev.
Changelog: Don't error out if we couldn't mknod a /dev/ttyN.
Changelog: Describe the option in lxc.conf manpage.
Signed-off-by: Serge Hallyn
---
doc/lxc.conf.sgml.in | 25 ++++++++++++++++
src/lxc/conf.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++++
src/lxc/conf.h | 1 +
src/lxc/confile.c | 12 ++++++++
4 files changed, 115 insertions(+)
Index: lxc-0.8.0/doc/lxc.conf.sgml.in
===================================================================
--- lxc-0.8.0.orig/doc/lxc.conf.sgml.in
+++ lxc-0.8.0/doc/lxc.conf.sgml.in
@@ -482,6 +482,31 @@ Foundation, Inc., 59 Temple Place, Suite
</refsect2>
<refsect2>
+ <title>/dev directory</title>
+ <para>
+ By default, lxc does nothing with the container's
+ <filename>/dev</filename>. This allows the container's
+ <filename>/dev</filename> to be set up as needed in the container
+ rootfs. If lxc.autodev is to 1, then after mounting the container's
+ rootfs LXC will mount a fresh tmpfs under <filename>/dev</filename>
+ (limited to 100k) and fill in a minimal set of initial devices.
+ </para>
+ <variablelist>
+ <varlistentry>
+ <term>
+ <option>lxc.autodev</option>
+ </term>
+ <listitem>
+ <para>
+ Set this to 1 to have LXC mount and populate a minimal
+ <filename>/dev</filename> when starting the container.
+ </para>
+ </listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect2>
+
+ <refsect2>
<title>Mount points</title>
<para>
The mount points section specifies the different places to be
Index: lxc-0.8.0/src/lxc/conf.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/conf.c
+++ lxc-0.8.0/src/lxc/conf.c
@@ -640,6 +640,15 @@ static int setup_tty(const struct lxc_ro
return -1;
}
} else {
+ /* If we populated /dev, then we need to create /dev/ttyN */
+ if (access(path, F_OK)) {
+ ret = creat(path, 0660);
+ if (ret==-1) {
+ SYSERROR("error creating %s\n", path);
+ /* this isn't fatal, continue */
+ } else
+ close(ret);
+ }
if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
WARN("failed to mount '%s'->'%s'",
pty_info->name, path);
@@ -949,6 +958,70 @@ static int chroot_into_slave(struct lxc_
return 0;
}
+struct lxc_devs {
+ char *name;
+ mode_t mode;
+ int maj;
+ int min;
+};
+
+struct lxc_devs lxc_devs[] = {
+ { "null", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 3 },
+ { "zero", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 5 },
+ { "full", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 7 },
+ { "urandom", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 9 },
+ { "random", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 1, 8 },
+ { "tty", S_IFCHR | S_IRWXU | S_IRWXG | S_IRWXO, 5, 0 },
+ { "console", S_IFCHR | S_IRUSR | S_IWUSR, 5, 1 },
+};
+
+/*
+ * Do we want to add options for max size of /dev and a file to
+ * specify which devices to create?
+ */
+static int setup_autodev(char *root)
+{
+ int ret;
+ struct lxc_devs *d;
+ char path[MAXPATHLEN];
+ int i;
+ mode_t cmask;
+
+ INFO("Creating and populating /dev under %s\n", root);
+ ret = snprintf(path, MAXPATHLEN, "%s/dev", root);
+ if (ret < 0 || ret > MAXPATHLEN)
+ return -1;
+ ret = mount("none", path, "tmpfs", 0, "size=100000");
+ if (ret) {
+ SYSERROR("Failed to mount /dev at %s\n", root);
+ return -1;
+ }
+ cmask = umask(S_IXUSR | S_IXGRP | S_IXOTH);
+ for (i = 0; i < sizeof(lxc_devs) / sizeof(lxc_devs[0]); i++) {
+ d = &lxc_devs[i];
+ ret = snprintf(path, MAXPATHLEN, "%s/dev/%s", root, d->name);
+ if (ret < 0 || ret >= MAXPATHLEN)
+ return -1;
+ ret = mknod(path, d->mode, makedev(d->maj, d->min));
+ if (ret) {
+ SYSERROR("Error creating %s\n", d->name);
+ return -1;
+ }
+ }
+ ret = snprintf(path, MAXPATHLEN, "%s/dev/pts", root);
+ if (ret < 0 || ret >= MAXPATHLEN)
+ return -1;
+ ret = mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH);
+ if (ret) {
+ SYSERROR("Failed to create /dev/pts in container");
+ return -1;
+ }
+ umask(cmask);
+
+ INFO("Populated /dev under %s\n", root);
+ return 0;
+}
+
static int setup_rootfs(struct lxc_conf *conf)
{
const struct lxc_rootfs *rootfs = &conf->rootfs;
@@ -2286,6 +2359,13 @@ int lxc_setup(const char *name, struct l
return -1;
}
+ if (lxc_conf->autodev) {
+ if (setup_autodev(lxc_conf->rootfs.mount)) {
+ ERROR("failed to set up /dev in the container");
+ return -1;
+ }
+ }
+
if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab, name)) {
ERROR("failed to setup the mounts for '%s'", name);
return -1;
Index: lxc-0.8.0/src/lxc/conf.h
===================================================================
--- lxc-0.8.0.orig/src/lxc/conf.h
+++ lxc-0.8.0/src/lxc/conf.h
@@ -229,6 +229,7 @@ struct lxc_conf {
#if HAVE_APPARMOR /* || HAVE_SELINUX || HAVE_SMACK */
int lsm_umount_proc;
#endif
+ int autodev; // if 1, mount and fill a /dev at start
};
int run_lxc_hooks(const char *name, char *hook, struct lxc_conf *conf);
Index: lxc-0.8.0/src/lxc/confile.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/confile.c
+++ lxc-0.8.0/src/lxc/confile.c
@@ -75,6 +75,7 @@ static int config_network_ipv6(const cha
static int config_network_ipv6_gateway(const char *, char *, struct lxc_conf *);
static int config_cap_drop(const char *, char *, struct lxc_conf *);
static int config_console(const char *, char *, struct lxc_conf *);
+static int config_autodev(const char *, char *, struct lxc_conf *);
typedef int (*config_cb)(const char *, char *, struct lxc_conf *);
@@ -118,6 +119,7 @@ static struct config config[] = {
{ "lxc.network.ipv6", config_network_ipv6 },
{ "lxc.cap.drop", config_cap_drop },
{ "lxc.console", config_console },
+ { "lxc.autodev", config_autodev },
};
static const size_t config_size = sizeof(config)/sizeof(struct config);
@@ -699,6 +701,16 @@ static int config_aa_profile(const char
}
#endif
+static int config_autodev(const char *key, char *value,
+ struct lxc_conf *lxc_conf)
+{
+ int v = atoi(value);
+
+ lxc_conf->autodev = v;
+
+ return 0;
+}
+
static int config_cgroup(const char *key, char *value, struct lxc_conf *lxc_conf)
{
char *token = "lxc.cgroup.";
++++++ lxc-cgroup-already-running.patch ++++++
From abce2e8ee2cc07c1273dff7786902393a28108de Mon Sep 17 00:00:00 2001
From: Frederic Crozat
Date: Fri, 27 Apr 2012 15:57:02 +0200
Subject: [PATCH] give a hint if old cgroup can't be moved
When cgroup can't be moved, it might be a hint container is already
running.
---
src/lxc/cgroup.c | 3 +++
1 files changed, 3 insertions(+), 0 deletions(-)
Index: lxc-0.8.0/src/lxc/cgroup.c
===================================================================
--- lxc-0.8.0.orig/src/lxc/cgroup.c
+++ lxc-0.8.0/src/lxc/cgroup.c
@@ -434,6 +434,9 @@ static int lxc_one_cgroup_create(const c
if (!access(cgname, F_OK) && rmdir(cgname)) {
if (try_to_move_cgname(cgparent, cgname)) {
SYSERROR("failed to remove previous cgroup '%s'", cgname);
+ ERROR("##");
+ ERROR("# The container might be already running!");
+ ERROR("##");
return -1;
}
}
++++++ lxc-createconfig.in ++++++
#!/bin/bash
#
# lxc: linux Container library
# Authors:
# Mike Friesenegger
# Daniel Lezcano
# This library is free software; you can redistribute it and/or
# modify it under the terms of the GNU Lesser General Public
# License as published by the Free Software Foundation; either
# version 2.1 of the License, or (at your option) any later version.
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# Lesser General Public License for more details.
# You should have received a copy of the GNU Lesser General Public
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
usage() {
echo "usage: lxc-createconfig -n <name> [-i ] [-b <bridge>] [-t /dev/null
if [ $? -ne 0 ]; then
echo "$lxc_bridge not defined"
exit 1
fi
fi
if [ ! -z $lxc_template ]; then
type ${templatedir}/lxc-$lxc_template >/dev/null
if [ $? -ne 0 ]; then
echo "unknown template '$lxc_template'"
exit 1
fi
fi
echo
echo "Container Name = " $lxc_name
echo "IP Address = " $lxc_ipaddr
echo "Bridge = " $lxc_bridge
echo
echo -n "Create container config? (n): "
read ANSWER
if [ "$ANSWER" != "y" -a "$ANSWER" != "Y" ]
then
exit 1
fi
echo
echo "Creating container config $lxc_confpath/$lxc_confname"
# generate a MAC for the IP
lxc_hwaddr="02:00:`(date ; cat /proc/interrupts ) | md5sum | sed -r 's/^(.{8}).*$/\1/;s/([0-9a-f]{2})/\1:/g;s/:$//;'`"
cat >"$lxc_confpath/$lxc_confname" <<%%
lxc.network.type = veth
lxc.network.flags = up
lxc.network.link = $lxc_bridge
lxc.network.hwaddr = $lxc_hwaddr
%%
if [ ! $lxc_ipaddr = "DHCP" ]; then
cat >>"$lxc_confpath/$lxc_confname" <<%%
lxc.network.ipv4 = $lxc_ipaddr
%%
fi
cat >>"$lxc_confpath/$lxc_confname" <<%%
lxc.network.name = eth0
%%
echo
echo "Run 'lxc-create -n $lxc_name -f $lxc_confpath/$lxc_confname -t $lxc_template' to create the lxc system object."
++++++ lxc-opensuse-12.2.patch ++++++
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -25,7 +25,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-DISTRO=12.1
+DISTRO=12.2
configure_opensuse()
{
@@ -34,39 +34,13 @@ configure_opensuse()
# set network as static, but everything is done by LXC outside the container
cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
-STARTMODE='manual'
+STARTMODE='auto'
BOOTPROTO='none'
EOF
- # set default route
- IP=$(/sbin/ip route | awk '/default/ { print $3 }')
- echo "default $IP - -" > $rootfs/etc/sysconfig/network/routes
-
# create empty fstab
touch $rootfs/etc/fstab
- # create minimal /dev
- mknod -m 666 $rootfs/dev/random c 1 8
- mknod -m 666 $rootfs/dev/urandom c 1 9
- mkdir -m 755 $rootfs/dev/pts
- mkdir -m 1777 $rootfs/dev/shm
- mknod -m 666 $rootfs/dev/tty c 5 0
- mknod -m 600 $rootfs/dev/console c 5 1
- mknod -m 666 $rootfs/dev/tty0 c 4 0
- mknod -m 666 $rootfs/dev/tty1 c 4 1
- mknod -m 666 $rootfs/dev/tty2 c 4 2
- mknod -m 666 $rootfs/dev/tty3 c 4 3
- mknod -m 666 $rootfs/dev/tty4 c 4 4
- ln -s null $rootfs/dev/tty10
- mknod -m 666 $rootfs/dev/full c 1 7
- mknod -m 666 $rootfs/dev/ptmx c 5 2
- ln -s /proc/self/fd $rootfs/dev/fd
- ln -s /proc/kcore $rootfs/dev/core
- mkdir -m 755 $rootfs/dev/mapper
- mknod -m 600 $rootfs/dev/mapper/control c 10 60
- mkdir -m 755 $rootfs/dev/net
- mknod -m 666 $rootfs/dev/net/tun c 10 200
-
# set the hostname
cat <<EOF > $rootfs/etc/HOSTNAME
$hostname
@@ -91,23 +65,6 @@ LOADER_TYPE=none
LOADER_LOCATION=none
EOF
- # cut down inittab
- cat <<EOF > $rootfs/etc/inittab
-id:3:initdefault:
-si::bootwait:/etc/init.d/boot
-l0:0:wait:/etc/init.d/rc 0
-l1:1:wait:/etc/init.d/rc 1
-l2:2:wait:/etc/init.d/rc 2
-l3:3:wait:/etc/init.d/rc 3
-l6:6:wait:/etc/init.d/rc 6
-ls:S:wait:/etc/init.d/rc S
-~~:S:respawn:/sbin/sulogin
-p6::ctrlaltdel:/sbin/init 6
-p0::powerfail:/sbin/init 0
-cons:2345:respawn:/sbin/mingetty --noclear console screen
-c1:2345:respawn:/sbin/mingetty --noclear tty1 screen
-EOF
-
# set /dev/console as securetty
cat << EOF >> $rootfs/etc/securetty
console
@@ -121,10 +78,15 @@ EOF
# remove pointless services in a container
- chroot $rootfs /sbin/insserv -r -f boot.udev boot.loadmodules boot.device-mapper boot.clock boot.swap boot.klog kbd
+ ln -s /dev/null $rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount
+ ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service
+ ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service
+ ln -s /lib/systemd/system/getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+
+ touch $rootfs/etc/sysconfig/kernel
echo "Please change root-password !"
- echo "root:root" | chroot $rootfs chpasswd
+ echo "root:root" | chpasswd -R $rootfs
return 0
}
@@ -154,30 +116,45 @@ download_opensuse()
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
- zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base sysvinit-init
+ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
-Preinstall: filesystem fillup glibc grep insserv libacl1 libattr1
-Preinstall: libbz2-1 libgcc46 libxcrypt libncurses5 pam
+Preinstall: filesystem fillup glibc grep insserv
+Preinstall: libbz2-1 libgcc47 libncurses5 pam
Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
-Preinstall: liblzma5 libcap2 libpcre0
+Preinstall: liblzma5 libcap2 libacl1 libattr1
Preinstall: libpopt0 libelf1 liblua5_1
+Preinstall: libpcre1
RunScripts: aaa_base
Support: zypper
Support: patterns-openSUSE-base
Support: lxc
-Prefer: sysvinit-init
+Support: ncurses-utils
+Support: iputils
+Support: udev
+Support: netcfg
+Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh
+Support: pwdutils rpcbind sysconfig rsyslog
-Ignore: patterns-openSUSE-base:patterns-openSUSE-yast2_install_wf
+Ignore: rpm:suse-build-key,build-key
+Ignore: systemd:systemd-presets-branding
EOF
+ if [ "$arch" == "i686" ]; then
+ mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/
+ for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i586/*" ; do
+ ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/
+ done
+ mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686
+ for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/update/i586/*" ; do
+ ln -s $i $cache/partial-$arch-packages/var/cache/zypp/packages/update/i686/
+ done
+ fi
- CLEAN_BUILD=1 BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" /usr/lib/build/init_buildsystem --clean --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch
+ CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch
chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
- chroot $cache/partial-$arch rpm -e patterns-openSUSE-base
- umount $cache/partial-$arch/proc
# really clean the image
rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
rm -fr $cache/partial-$arch/dev
@@ -261,21 +238,45 @@ copy_configuration()
name=$3
# only disable network if no network configuration was passed
-grep -q lxc.network.type $path/config
+sed '/^#/d' $path/config | grep -q lxc.network.type
network_not_configured=$?
if [ $network_not_configured -eq 1 ]; then
cat <<EOF >> $path/config
lxc.network.type = empty
EOF
+else
+ type=$(sed '/^#/d; /lxc.network.type/!d; s/.*=[ \t]*//' $path/config)
+ sed '/^#/d' $path/config | grep -q lxc.network.*.gateway
+ gateway_not_configured=$?
+ sed '/^#/d' $path/config | grep -q lxc.network.ipv4
+ ipv4_not_configured=$?
+ if [ $gateway_not_configured ]; then
+ [ $ipv4_not_configured -eq 0 ] && ipv4=$(sed '/^#/d; /lxc.network.ipv4/!d; /gateway/d; s/.*=[ \t]*//; s/\([[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\.[[:digit:]]\+\).*/\1/' $path/config)
+ if [ "$type" = "veth" -o "$type" = "macvlan" ]; then
+ if [ $ipv4_not_configured -eq 0 -a "$ipv4" != "0.0.0.0" ]; then
+ # set default route
+ IP=$(/sbin/ip route | awk '/default/ { print $3 }')
+ echo "lxc.network.ipv4.gateway = $IP " >> $path/config
+ else
+ # set network as dhcp
+ sed -i -e 's/BOOTPROTO=.*/BOOTPROTO=dhcp/' $rootfs/etc/sysconfig/network/ifcfg-eth0
+ fi
+ fi
+ fi
+ if [ "$type" != "empty" ]; then
+ echo "#remove next line if host DNS configuration should not be available to container" >> $path/config
+ echo "lxc.mount.entry = /etc/resolv.conf etc/resolv.conf none bind,ro 0 0" >> $path/config
+ fi
fi
cat <<EOF >> $path/config
lxc.utsname = $name
-
+lxc.autodev=1
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
lxc.mount = $path/fstab
+lxc.cap.drop = sys_module mac_admin mac_override mknod
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
++++++ lxc-opensuse-12.3.patch ++++++
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -25,7 +25,7 @@
# License along with this library; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
-DISTRO=12.2
+DISTRO=12.3
configure_opensuse()
{
@@ -58,7 +58,6 @@ EOF
127.0.0.1 localhost $hostname
EOF
- # disable various services
# disable yast->bootloader in container
cat <<EOF > $rootfs/etc/sysconfig/bootloader
LOADER_TYPE=none
@@ -81,7 +80,14 @@ EOF
ln -s /dev/null $rootfs/etc/systemd/system/proc-sys-fs-binfmt_misc.automount
ln -s /dev/null $rootfs/etc/systemd/system/console-shell.service
ln -s /dev/null $rootfs/etc/systemd/system/systemd-vconsole-setup.service
- ln -s /lib/systemd/system/getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+ sed -e 's/ConditionPathExists=.*//' /usr/lib/systemd/system/getty@.service > $rootfs/etc/systemd/system/getty@.service
+ ln -s getty@.service $rootfs/etc/systemd/system/getty@tty1.service
+ ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@console.service
+ ln -s -f ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty1.service
+ ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty2.service
+ ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty3.service
+ ln -s ../getty@.service $rootfs/etc/systemd/system/getty.target.wants/getty@tty4.service
+
touch $rootfs/etc/sysconfig/kernel
@@ -113,15 +119,19 @@ download_opensuse()
# download a mini opensuse into a cache
echo "Downloading opensuse minimal ..."
mkdir -p "$cache/partial-$arch-packages"
- zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
- zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+ if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/repo-oss.repo ]]; then
+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
+ fi
+ if [[ ! -f $cache/partial-$arch-packages/etc/zypp/repos.d/update.repo ]]; then
+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+ fi
zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1
- zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar || return 1
+ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar rsyslog || return 1
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
-Preinstall: filesystem fillup glibc grep insserv
-Preinstall: libbz2-1 libgcc47 libncurses5 pam
-Preinstall: permissions libreadline6 rpm sed tar zlib libselinux1
+Preinstall: filesystem fillup glibc grep insserv-compat
+Preinstall: libbz2-1 libgcc_s1 libncurses5 pam
+Preinstall: permissions libreadline6 rpm sed tar libz1 libselinux1
Preinstall: liblzma5 libcap2 libacl1 libattr1
Preinstall: libpopt0 libelf1 liblua5_1
Preinstall: libpcre1
@@ -135,8 +145,8 @@ Support: ncurses-utils
Support: iputils
Support: udev
Support: netcfg
-Support: dhcpcd hwinfo insserv module-init-tools openSUSE-release openssh
-Support: pwdutils rpcbind sysconfig rsyslog
+Support: dhcpcd hwinfo insserv-compat module-init-tools openSUSE-release openssh
+Support: pwdutils rpcbind sysconfig
Ignore: rpm:suse-build-key,build-key
Ignore: systemd:systemd-presets-branding
@@ -208,6 +218,15 @@ install_opensuse()
arch=$(arch)
+ if [[ -f $cache/rootfs-$arch/etc/os-release ]]; then
+ source $cache/rootfs-$arch/etc/os-release
+ if [[ ${DISTRO} != ${VERSION_ID} ]]; then
+ echo "openSUSE version in template don't match with cached system"
+ echo "Cleaning cache ..."
+ rm -rf "$cache/rootfs-$arch"
+ fi
+ fi
+
echo "Checking cache download in $cache/rootfs-$arch ... "
if [ ! -e "$cache/rootfs-$arch" ]; then
download_opensuse $cache $arch
++++++ lxc-opensuse-clonefixes.patch ++++++
From 094f7c36e3ac80be9eb3b1746560965377256467 Mon Sep 17 00:00:00 2001
From: Frederic Crozat
Date: Wed, 18 Apr 2012 17:17:18 +0200
Subject: [PATCH] various fixes for openSUSE template for lxc-clone usage
- create /etc/hostname as symlink to /etc/HOSTNAME
- fix inadequate space in lxc.mount config, preventing lxc-clone to work
---
templates/lxc-opensuse.in | 4 +++-
1 files changed, 3 insertions(+), 1 deletions(-)
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -34,8 +34,8 @@ configure_opensuse()
# set network as static, but everything is done by LXC outside the container
cat <<EOF > $rootfs/etc/sysconfig/network/ifcfg-eth0
-STARTMODE='auto'
-BOOTPROTO='static'
+STARTMODE='manual'
+BOOTPROTO='none'
EOF
# set default route
@@ -71,6 +71,8 @@ EOF
cat <<EOF > $rootfs/etc/HOSTNAME
$hostname
EOF
+ # ensure /etc/hostname is available too
+ ln -s -f HOSTNAME $rootfs/etc/hostname
# do not use hostname from HOSTNAME variable
cat <<EOF >> $rootfs/etc/sysconfig/cron
@@ -257,13 +259,22 @@ copy_configuration()
rootfs=$2
name=$3
+# only disable network if no network configuration was passed
+grep -q lxc.network.type $path/config
+network_not_configured=$?
+if [ $network_not_configured -eq 1 ]; then
+ cat <<EOF >> $path/config
+lxc.network.type = empty
+EOF
+fi
+
cat <<EOF >> $path/config
lxc.utsname = $name
lxc.tty = 4
lxc.pts = 1024
lxc.rootfs = $rootfs
-lxc.mount = $path/fstab
+lxc.mount = $path/fstab
# When using LXC with apparmor, uncomment the next line to run unconfined:
#lxc.aa_profile = unconfined
++++++ lxc-opensuse-extend-base.patch ++++++
From: Jiri Slaby
Subject: lxc-opensuse: extend base
References: bnc#804232
Base no longer provides bash, sed and tar, but we need those. So add them.
---
templates/lxc-opensuse.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -116,7 +116,7 @@ download_opensuse()
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
- zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base iputils
+ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
Preinstall: filesystem fillup glibc grep insserv
++++++ lxc-opensuse-proper-failure.patch ++++++
From: Jiri Slaby
Subject: lxc-opensuse: proper failure
Fail if something goes wrong. We used to continue and show one failure
after another.
---
templates/lxc-opensuse.in | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
--- a/templates/lxc-opensuse.in
+++ b/templates/lxc-opensuse.in
@@ -113,10 +113,10 @@ download_opensuse()
# download a mini opensuse into a cache
echo "Downloading opensuse minimal ..."
mkdir -p "$cache/partial-$arch-packages"
- zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss
- zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
- zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update
- zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar
+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1
+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
+ zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1
+ zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar || return 1
cat > $cache/partial-$arch-packages/opensuse.conf << EOF
Preinstall: aaa_base bash coreutils diffutils
Preinstall: filesystem fillup glibc grep insserv
@@ -152,9 +152,9 @@ EOF
done
fi
- CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch
- chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss
- chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update
+ CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch || return 1
+ chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss || return 1
+ chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1
# really clean the image
rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg}
rm -fr $cache/partial-$arch/dev
++++++ lxc-opensuse-tmpfs.patch ++++++
From d088de50c551f4941ae24b536057fc57915ee7d7 Mon Sep 17 00:00:00 2001
From: Frederic Crozat
Date: Fri, 20 Apr 2012 14:36:53 +0200
Subject: [PATCH] shutdown fixes for openSUSE container
- mount /run on tmpfs outside container
- replace /var/run bind mount on /run by a symlink
---
templates/lxc-opensuse.in | 5 +++++
1 files changed, 5 insertions(+), 0 deletions(-)
Index: lxc-0.8.0/templates/lxc-opensuse.in
===================================================================
--- lxc-0.8.0.orig/templates/lxc-opensuse.in
+++ lxc-0.8.0/templates/lxc-opensuse.in
@@ -188,6 +188,10 @@ EOF
# create mtab symlink
rm -f $cache/partial-$arch/etc/mtab
ln -sf /proc/self/mounts $cache/partial-$arch/etc/mtab
+
+# ensure /var/run and /run are symlinked
+ rm -fr $cache/partial-$arch/var/run
+ ln -s -f ../run $cache/partial-$arch/var/run
if [ $? -ne 0 ]; then
echo "Failed to download the rootfs, aborting."
return 1
@@ -297,6 +301,7 @@ EOF
cat <<EOF > $path/fstab
proc proc proc nodev,noexec,nosuid 0 0
sysfs sys sysfs defaults 0 0
+tmpfs run tmpfs mode=0755,nodev,nosuid 0 0
EOF
if [ $? -ne 0 ]; then
++++++ pivot-root_shared.patch ++++++
From cc28d0b0a66bd956645dc7b8fc85b917711f2472 Mon Sep 17 00:00:00 2001
From: Serge Hallyn
Date: Wed, 19 Dec 2012 23:58:44 -0600
Subject: [PATCH] Support MS_SHARED /
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
(I'll be out until Jan 2, but in the meantime, here is hopefully a
little newyears gift - this seems to allow lxc-start with / being
MS_SHARED on the host)
When / is MS_SHARED (for instance with f18 and modern arch), lxc-start
fails on pivot_root. The kernel enforces that, when doing pivot_root,
the parent of current->fs->root (as well as the new root and the putold
location) not be MS_SHARED.
To work around this, check /proc/self/mountinfo for a 'shared:' in
the '/' line. If it is there, then create a tiny MS_SLAVE tmpfs dir to
serve as parent of /, recursively bind mount / into /root under that dir,
make it rslave, and chroot into it.
Tested with ubuntu raring image after doing 'mount --make-rshared /'.
Signed-off-by: Serge Hallyn
Acked-by: Stéphane Graber
---
src/lxc/conf.c | 117 +++++++++++++++++++++++++++++++++++++++++++++++++++++--
src/lxc/conf.h | 3 ++
src/lxc/start.c | 8 ++++
3 files changed, 125 insertions(+), 3 deletions(-)
Index: lxc-0.7.5/src/lxc/conf.c
===================================================================
--- lxc-0.7.5.orig/src/lxc/conf.c
+++ lxc-0.7.5/src/lxc/conf.c
@@ -716,8 +716,112 @@ static int setup_rootfs_pivot_root(const
return 0;
}
-static int setup_rootfs(const struct lxc_rootfs *rootfs)
+/*
+ * Detect whether / is mounted MS_SHARED. The only way I know of to
+ * check that is through /proc/self/mountinfo.
+ * I'm only checking for /. If the container rootfs or mount location
+ * is MS_SHARED, but not '/', then you're out of luck - figuring that
+ * out would be too much work to be worth it.
+ */
+#define LINELEN 4096
+int detect_shared_rootfs(void)
{
+ char buf[LINELEN], *p;
+ FILE *f;
+ int i;
+ char *p2;
+
+ f = fopen("/proc/self/mountinfo", "r");
+ if (!f)
+ return 0;
+ while ((p = fgets(buf, LINELEN, f))) {
+ INFO("looking at .%s.", p);
+ for (p = buf, i=0; p && i < 4; i++)
+ p = index(p+1, ' ');
+ if (!p)
+ continue;
+ p2 = index(p+1, ' ');
+ if (!p2)
+ continue;
+ *p2 = '\0';
+ INFO("now p is .%s.", p);
+ if (strcmp(p+1, "/") == 0) {
+ // this is '/'. is it shared?
+ p = index(p2+1, ' ');
+ if (strstr(p, "shared:"))
+ return 1;
+ }
+ }
+ fclose(f);
+ return 0;
+}
+
+/*
+ * I'll forgive you for asking whether all of this is needed :) The
+ * answer is yes.
+ * pivot_root will fail if the new root, the put_old dir, or the parent
+ * of current->fs->root are MS_SHARED. (parent of current->fs_root may
+ * or may not be current->fs_root - if we assumed it always was, we could
+ * just mount --make-rslave /). So,
+ * 1. mount a tiny tmpfs to be parent of current->fs->root.
+ * 2. make that MS_SLAVE
+ * 3. make a 'root' directory under that
+ * 4. mount --rbind / under the $tinyroot/root.
+ * 5. make that rslave
+ * 6. chdir and chroot into $tinyroot/root
+ * 7. $tinyroot will be unmounted by our parent in start.c
+ */
+static int chroot_into_slave(struct lxc_conf *conf)
+{
+ char path[MAXPATHLEN];
+ const char *destpath = conf->rootfs.mount;
+ int ret;
+
+ if (mount(destpath, destpath, NULL, MS_BIND, 0)) {
+ SYSERROR("failed to mount %s bind", destpath);
+ return -1;
+ }
+ if (mount("", destpath, NULL, MS_SLAVE, 0)) {
+ SYSERROR("failed to make %s slave", destpath);
+ return -1;
+ }
+ if (mount("none", destpath, "tmpfs", 0, "size=10000")) {
+ SYSERROR("Failed to mount tmpfs / at %s", destpath);
+ return -1;
+ }
+ ret = snprintf(path, MAXPATHLEN, "%s/root", destpath);
+ if (ret < 0 || ret >= MAXPATHLEN) {
+ ERROR("out of memory making root path");
+ return -1;
+ }
+ if (mkdir(path, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH)) {
+ SYSERROR("Failed to create /dev/pts in container");
+ return -1;
+ }
+ if (mount("/", path, NULL, MS_BIND|MS_REC, 0)) {
+ SYSERROR("Failed to rbind mount / to %s", path);
+ return -1;
+ }
+ if (mount("", destpath, NULL, MS_SLAVE|MS_REC, 0)) {
+ SYSERROR("Failed to make tmp-/ at %s rslave", path);
+ return -1;
+ }
+ if (chdir(path)) {
+ SYSERROR("Failed to chdir into tmp-/");
+ return -1;
+ }
+ if (chroot(path)) {
+ SYSERROR("Failed to chroot into tmp-/");
+ return -1;
+ }
+ INFO("Chrooted into tmp-/ at %s\n", path);
+ return 0;
+}
+
+static int setup_rootfs(struct lxc_conf *conf)
+{
+ const struct lxc_rootfs *rootfs = &conf->rootfs;
+
if (!rootfs->path)
return 0;
@@ -727,6 +831,13 @@ static int setup_rootfs(const struct lxc
return -1;
}
+ if (detect_shared_rootfs()) {
+ if (chroot_into_slave(conf)) {
+ ERROR("Failed to chroot into slave /");
+ return -1;
+ }
+ }
+
if (mount_rootfs(rootfs->path, rootfs->mount)) {
ERROR("failed to mount rootfs");
return -1;
@@ -848,7 +959,7 @@ static int setup_console(const struct lx
return 0;
}
-static int setup_cgroup(const char *name, struct lxc_list *cgroups)
+int setup_cgroup(const char *name, struct lxc_list *cgroups)
{
struct lxc_list *iterator;
struct lxc_cgroup *cg;
@@ -1846,7 +1957,7 @@ int lxc_setup(const char *name, struct l
return -1;
}
- if (setup_rootfs(&lxc_conf->rootfs)) {
+ if (setup_rootfs(lxc_conf)) {
ERROR("failed to setup rootfs for '%s'", name);
return -1;
}
Index: lxc-0.7.5/src/lxc/conf.h
===================================================================
--- lxc-0.7.5.orig/src/lxc/conf.h
+++ lxc-0.7.5/src/lxc/conf.h
@@ -227,6 +227,9 @@ extern int lxc_find_gateway_addresses(st
extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
+extern int setup_cgroup(const char *name, struct lxc_list *cgroups);
+extern int detect_shared_rootfs(void);
+
/*
* Configure the container from inside
*/
Index: lxc-0.7.5/src/lxc/start.c
===================================================================
--- lxc-0.7.5.orig/src/lxc/start.c
+++ lxc-0.7.5/src/lxc/start.c
@@ -535,6 +535,14 @@ int lxc_spawn(struct lxc_handler *handle
if (lxc_sync_barrier_child(handler, LXC_SYNC_POST_CONFIGURE))
return -1;
+ if (detect_shared_rootfs())
+ umount2(handler->conf->rootfs.mount, MNT_DETACH);
+
+ if (setup_cgroup(name, &handler->conf->cgroup)) {
+ ERROR("failed to setup the cgroups for '%s'", name);
+ goto out_delete_net;
+ }
+
if (handler->ops->post_start(handler, handler->data))
goto out_abort;
From 859a6da0fac5d214230f8a52777277b5147532fb Mon Sep 17 00:00:00 2001
From: Natanael Copa
Date: Tue, 25 Dec 2012 10:53:50 +0100
Subject: [PATCH] define MS_SHARED if needed
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Fixes build on uClibc.
Signed-off-by: Natanael Copa
Acked-by: Stéphane Graber
---
src/lxc/conf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/src/lxc/conf.c b/src/lxc/conf.c
index 96940b3..c82e759 100644
--- a/src/lxc/conf.c
+++ b/src/lxc/conf.c
@@ -87,6 +87,10 @@ lxc_log_define(lxc_conf, lxc);
#define MNT_DETACH 2
#endif
+#ifndef MS_SLAVE
+#define MS_SLAVE (1<<19)
+#endif
+
#ifndef MS_RELATIME
#define MS_RELATIME (1 << 21)
#endif
--
1.7.10.4
--
To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-commit+help@opensuse.org