-
- Contributing to this project
- ----------------------------
-
+Contributing to this project
+----------------------------
This project accepts contributions. In order to contribute, you should
pay attention to a few things:
}
ifdown() {
- which ifconfig >/dev/null 2>&1
- if [ $? = 0 ]; then
- ifconfig $1 down
- return
- fi
which ip >/dev/null 2>&1
if [ $? = 0 ]; then
ip link set dev $1 down
+ return
fi
-}
-
-ifup() {
which ifconfig >/dev/null 2>&1
if [ $? = 0 ]; then
- ifconfig $1 $2 netmask $3 up
+ ifconfig $1 down
return
fi
+}
+
+ifup() {
which ip >/dev/null 2>&1
if [ $? = 0 ]; then
MASK=`_netmask2cidr ${LXC_NETMASK}`
CIDR_ADDR="${LXC_ADDR}/${MASK}"
ip addr add ${CIDR_ADDR} dev $1
ip link set dev $1 up
+ return
+ fi
+ which ifconfig >/dev/null 2>&1
+ if [ $? = 0 ]; then
+ ifconfig $1 $2 netmask $3 up
+ return
fi
}
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-@INIT_SCRIPT_SYSV_FALSE@uninstall-local:
@INIT_SCRIPT_SYSV_FALSE@install-data-local:
+@INIT_SCRIPT_SYSV_FALSE@uninstall-local:
clean: clean-am
clean-am: clean-generic mostlyclean-am
lxc.cgroup.devices.allow = c 1:9 rwm
### /dev/pts/*
lxc.cgroup.devices.allow = c 136:* rwm
+### fuse
+lxc.cgroup.devices.allow = c 10:229 rwm
# Setup the default mounts
lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed
+lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
# Blacklist some syscalls which are not safe in privileged
# containers
# Doesn't support consoles in /dev/lxc/
lxc.devttydir =
-# Default mount entries
-lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
-
# When using LXC with apparmor, the container will be confined by default.
# If you wish for it to instead run unconfined, copy the following line
# (uncommented) to the container's configuration file.
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
-## fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
-## fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
lxc.cgroup.devices.allow = c 136:* rwm
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
-## fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## dev/tty0
# This derives from the global common config
lxc.include = @LXCTEMPLATECONFIG@/common.conf
-# Default mount
-lxc.mount.entry = none dev/shm tmpfs nosuid,nodev,noexec,mode=1777 0 0
-
# Doesn't support consoles in /dev/lxc/
lxc.devttydir =
-# /dev/* is created manually by template
-lxc.autodev = 0
-
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
-## fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
lxc.include = @LXCTEMPLATECONFIG@/common.conf
# Default mount entries
-lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0
lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0
lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0
lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0
# Extra cgroup device access
## rtc
lxc.cgroup.devices.allow = c 254:0 rm
-## fuse
-lxc.cgroup.devices.allow = c 10:229 rwm
## tun
lxc.cgroup.devices.allow = c 10:200 rwm
## hpet
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for lxc 1.1.0.
+# Generated by GNU Autoconf 2.69 for lxc 1.1.1.
#
#
# Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc.
# Identity of this package.
PACKAGE_NAME='lxc'
PACKAGE_TARNAME='lxc'
-PACKAGE_VERSION='1.1.0'
-PACKAGE_STRING='lxc 1.1.0'
+PACKAGE_VERSION='1.1.1'
+PACKAGE_STRING='lxc 1.1.1'
PACKAGE_BUGREPORT=''
PACKAGE_URL=''
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures lxc 1.1.0 to adapt to many kinds of systems.
+\`configure' configures lxc 1.1.1 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of lxc 1.1.0:";;
+ short | recursive ) echo "Configuration of lxc 1.1.1:";;
esac
cat <<\_ACEOF
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-lxc configure 1.1.0
+lxc configure 1.1.1
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by lxc $as_me 1.1.0, which was
+It was created by lxc $as_me 1.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
fi
fi
-LXC_VERSION_BASE=1.1.0
+LXC_VERSION_BASE=1.1.1
LXC_VERSION_MINOR=1
-LXC_VERSION_MICRO=0
+LXC_VERSION_MICRO=1
-LXC_VERSION=1.1.0
+LXC_VERSION=1.1.1
# Define the identity of the package.
PACKAGE='lxc'
- VERSION='1.1.0'
+ VERSION='1.1.1'
cat >>confdefs.h <<_ACEOF
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by lxc $as_me 1.1.0, which was
+This file was extended by lxc $as_me 1.1.1, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-lxc config.status 1.1.0
+lxc config.status 1.1.1
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
m4_define([lxc_version_major], 1)
m4_define([lxc_version_minor], 1)
-m4_define([lxc_version_micro], 0)
+m4_define([lxc_version_micro], 1)
m4_define([lxc_version_beta], [])
m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro])
<listitem>
<para>
<!--
- The new container's rootfs should be a LVM or btrfs snapshot of the original.
- -->
- 新しいコンテナの rootfs は、オリジナルの LVM か btrfs のスナップショットになります。
+ The new container's rootfs will be a snapshot of the original. This option can be specified when the backing store is LVM, btrfs or zfs, and must be specified when you want to snapshot using aufs or overlayfs.
+ -->
+ 新しいコンテナの rootfs はオリジナルのスナップショットとなります。
+ このオプションはバッキングストアが LVM か btrfs か zfs の時に使用できます。
+ また、スナップショットを aufs か overlayfs で取得したい場合は指定する必要があります。
</para>
</listitem>
</varlistentry>
<replaceable>--fssize SIZE</replaceable> はデフォルト値である 1G の代わりに SIZE で指定したサイズで LV を作成します。
</para>
<para>
+ <!--
+ If backingstore is 'loop', you can use <replaceable>--fstype FSTYPE</replaceable> and <replaceable>--fssize SIZE</replaceable> as 'lvm'. The default values for these options are the same as 'lvm'.
+ -->
+ backingstore が 'loop' の場合、'lvm' と同様に <replaceable>--fstype FSTYPE</replaceable> と <replaceable>--fssize SIZE</replaceable> が使えます。これらの値のデフォルト値は 'lvm' の場合と同じです。
+ </para>
+ <para>
<!--
If backingstore is 'best', then lxc will try, in order, btrfs,
zfs, lvm, and finally a directory backing store.
</para>
<para>
<!--
- Snapshots are stored as snapshotted containers under a private configuration path. For instance, if the container's configuration path is <filename>/var/lib/lxc</filename> and the container is <filename>c1</filename>, then the first snapshot will be stored as container <filename>snap0</filename> under configuration path <filename>/var/lib/lxcsnaps/c1</filename>.
- -->
- スナップショットは、専用の設定されたパス以下にスナップショット化されたコンテナとして保存されます。
- 例えば、もしコンテナパスが <filename>/var/lib/lxc</filename> で、コンテナが <filename>c1</filename> である場合、最初に取得するスナップショットは、パス <filename>/var/lib/lxcsnaps/c1</filename> の下の <filename>snap0</filename> として保存されます。
+ Snapshots are stored as snapshotted containers under the container's configuration path. For instance, if the container's configuration path is <filename>/var/lib/lxc</filename> and the container is <filename>c1</filename>, then the first snapshot will be stored as container <filename>snap0</filename> under the path <filename>/var/lib/lxc/c1/snaps</filename>.
+ If <filename>/var/lib/lxcsnaps</filename>, as used by LXC 1.0, already exists, then it will continue to be used.
+ -->
+ スナップショットはコンテナパス以下にスナップショット化されたコンテナとして保存されます。
+ 例えば、もしコンテナパスが <filename>/var/lib/lxc</filename> で、コンテナが <filename>c1</filename> である場合、最初に取得するスナップショットは、パス <filename>/var/lib/lxc/c1/snaps</filename> の下の <filename>snap0</filename> として保存されます。
+ LXC 1.0 で使われていた <filename>/var/lib/lxcsnaps</filename> が存在する場合には、このディレクトリが引き続き使われます。
</para>
</refsect1>
</term>
<listitem>
<para>
- The new container's rootfs should be a LVM or btrfs snapshot of the original.
+ The new container's rootfs will be a snapshot of the original. This option can be specified when the backing store is LVM, btrfs or zfs, and must be specified when you want to snapshot using aufs or overlayfs.
</para>
</listitem>
</varlistentry>
filesystem) of size SIZE rather than the default, which is 1G.
</para>
<para>
+ If backingstore is 'loop', you can use <replaceable>--fstype FSTYPE</replaceable> and <replaceable>--fssize SIZE</replaceable> as 'lvm'. The default values for these options are the same as 'lvm'.
+ </para>
+ <para>
If backingstore is 'best', then lxc will try, in order, btrfs,
zfs, lvm, and finally a directory backing store.
</para>
container snapshots.
</para>
<para>
- Snapshots are stored as snapshotted containers under a private configuration path. For instance, if the container's configuration path is <filename>/var/lib/lxc</filename> and the container is <filename>c1</filename>, then the first snapshot will be stored as container <filename>snap0</filename> under configuration path <filename>/var/lib/lxcsnaps/c1</filename>.
+ Snapshots are stored as snapshotted containers under the container's configuration path. For instance, if the container's configuration path is <filename>/var/lib/lxc</filename> and the container is <filename>c1</filename>, then the first snapshot will be stored as container <filename>snap0</filename> under the path <filename>/var/lib/lxc/c1/snaps</filename>.
+ If <filename>/var/lib/lxcsnaps</filename>, as used by LXC 1.0, already exists, then it will continue to be used.
</para>
</refsect1>
%endif
Name: lxc
-Version: 1.1.0
+Version: 1.1.1
Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist}
URL: http://linuxcontainers.org
Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz
static int attach_child_main(void* data);
/* help the optimizer along if it doesn't know that exit always exits */
-#define rexit(c) do { int __c = (c); exit(__c); return __c; } while(0)
+#define rexit(c) do { int __c = (c); _exit(__c); return __c; } while(0)
/* define default options if no options are supplied by the user */
static lxc_attach_options_t attach_static_default_options = LXC_ATTACH_OPTIONS_DEFAULT;
if (options->gid != (gid_t)-1)
new_gid = options->gid;
+ /* setup the control tty */
+ if (options->stdin_fd) {
+ if (setsid() < 0) {
+ SYSERROR("unable to setsid");
+ shutdown(ipc_socket, SHUT_RDWR);
+ rexit(-1);
+ }
+
+ if (ioctl(options->stdin_fd, TIOCSCTTY, (char *)NULL) < 0) {
+ SYSERROR("unable to TIOCSTTY");
+ shutdown(ipc_socket, SHUT_RDWR);
+ rexit(-1);
+ }
+ }
+
/* try to set the uid/gid combination */
if ((new_gid != 0 || options->namespaces & CLONE_NEWUSER)) {
if (setgid(new_gid) || setgroups(0, NULL)) {
*needs_rdep = 0;
if (bdevtype && strcmp(orig->type, "dir") == 0 &&
(strcmp(bdevtype, "aufs") == 0 ||
- strcmp(bdevtype, "overlayfs") == 0))
+ strcmp(bdevtype, "overlayfs") == 0)) {
*needs_rdep = 1;
+ } else if (snap && strcmp(orig->type, "lvm") == 0 &&
+ !lvm_is_thin_volume(orig->src)) {
+ *needs_rdep = 1;
+ }
new = bdev_get(bdevtype ? bdevtype : orig->type);
if (!new) {
* 2.6.32...
*/
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys/net", "%r/proc/net", NULL, MS_BIND, NULL },
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sys", "%r/proc/sys", NULL, MS_BIND, NULL },
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sys", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
+ { LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/net", "%r/proc/sys/net", NULL, MS_MOVE, NULL },
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, "%r/proc/sysrq-trigger", "%r/proc/sysrq-trigger", NULL, MS_BIND, NULL },
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_MIXED, NULL, "%r/proc/sysrq-trigger", NULL, MS_REMOUNT|MS_BIND|MS_RDONLY, NULL },
{ LXC_AUTO_PROC_MASK, LXC_AUTO_PROC_RW, "proc", "%r/proc", "proc", MS_NODEV|MS_NOEXEC|MS_NOSUID, NULL },
default_mounts[i].flags);
r = mount(source, destination, default_mounts[i].fstype, mflags, default_mounts[i].options);
saved_errno = errno;
- if (r < 0)
+ if (r < 0 && errno == ENOENT) {
+ INFO("Mount source or target for %s on %s doesn't exist. Skipping.", source, destination);
+ r = 0;
+ }
+ else if (r < 0)
SYSERROR("error mounting %s on %s flags %lu", source, destination, mflags);
free(source);
switch (c->auto_mounts & LXC_AUTO_SYS_MASK) {
case LXC_AUTO_SYS_RO: strprint(retv, inlen, "%ssys:ro", sep); sep = " "; break;
case LXC_AUTO_SYS_RW: strprint(retv, inlen, "%ssys:rw", sep); sep = " "; break;
+ case LXC_AUTO_SYS_MIXED: strprint(retv, inlen, "%ssys:mixed", sep); sep = " "; break;
default: break;
}
switch (c->auto_mounts & LXC_AUTO_CGROUP_MASK) {
if [ "$CRTOOLS_SCRIPT_ACTION" = "network-unlock" ]; then
brctl addif $bridge $veth
- ifconfig $veth 0.0.0.0 up
+ ip link set dev $veth up
fi
i=$((i+1))
size_humanize(stats->blkio, blkio_str, sizeof(blkio_str));
size_humanize(stats->mem_used, mem_used_str, sizeof(mem_used_str));
- printf("%-18s %8.2f %8.2f %8.2f %10s %10s",
+ printf("%-18.18s %8.2f %8.2f %8.2f %10s %10s",
name,
(float)stats->cpu_use_nanos / 1000000000,
(float)stats->cpu_use_sys / USER_HZ,
* while container is running...
*/
if (daemonize) {
+ char title[2048];
lxc_monitord_spawn(c->config_path);
pid_t pid = fork();
return wait_on_daemonized_start(c, pid);
}
+ /* We don't really care if this doesn't print all the
+ * characters; all that it means is that the proctitle will be
+ * ugly. Similarly, we also don't care if setproctitle()
+ * fails. */
+ snprintf(title, sizeof(title), "[lxc monitor] %s %s", c->config_path, c->name);
+ INFO("Attempting to set proc title to %s", title);
+ setproctitle(title);
+
/* second fork to be reparented by init */
pid = fork();
if (pid < 0) {
lxc_seccomp_arch_i386,
lxc_seccomp_arch_amd64,
lxc_seccomp_arch_arm,
+ lxc_seccomp_arch_ppc64,
+ lxc_seccomp_arch_ppc64le,
+ lxc_seccomp_arch_ppc,
lxc_seccomp_arch_unknown = 999,
};
return lxc_seccomp_arch_amd64;
else if (strncmp(uts.machine, "armv7", 5) == 0)
return lxc_seccomp_arch_arm;
+ else if (strncmp(uts.machine, "ppc64le", 7) == 0)
+ return lxc_seccomp_arch_ppc64le;
+ else if (strncmp(uts.machine, "ppc64", 5) == 0)
+ return lxc_seccomp_arch_ppc64;
+ else if (strncmp(uts.machine, "ppc", 3) == 0)
+ return lxc_seccomp_arch_ppc;
return lxc_seccomp_arch_unknown;
}
case lxc_seccomp_arch_i386: arch = SCMP_ARCH_X86; break;
case lxc_seccomp_arch_amd64: arch = SCMP_ARCH_X86_64; break;
case lxc_seccomp_arch_arm: arch = SCMP_ARCH_ARM; break;
+#ifdef SCMP_ARCH_PPC64LE
+ case lxc_seccomp_arch_ppc64le: arch = SCMP_ARCH_PPC64LE; break;
+#endif
+#ifdef SCMP_ARCH_PPC64
+ case lxc_seccomp_arch_ppc64: arch = SCMP_ARCH_PPC64; break;
+#endif
+#ifdef SCMP_ARCH_PPC
+ case lxc_seccomp_arch_ppc: arch = SCMP_ARCH_PPC; break;
+#endif
default: return NULL;
}
cur_rule_arch = lxc_seccomp_arch_arm;
}
#endif
+#ifdef SCMP_ARCH_PPC64LE
+ else if (strcmp(line, "[ppc64le]") == 0 ||
+ strcmp(line, "[PPC64LE]") == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc64le) {
+ cur_rule_arch = lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc64le;
+ }
+#endif
+#ifdef SCMP_ARCH_PPC64
+ else if (strcmp(line, "[ppc64]") == 0 ||
+ strcmp(line, "[PPC64]") == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc64) {
+ cur_rule_arch = lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc64;
+ }
+#endif
+#ifdef SCMP_ARCH_PPC
+ else if (strcmp(line, "[ppc]") == 0 ||
+ strcmp(line, "[PPC]") == 0) {
+ if (native_arch != lxc_seccomp_arch_ppc) {
+ cur_rule_arch = lxc_seccomp_arch_unknown;
+ continue;
+ }
+ cur_rule_arch = lxc_seccomp_arch_ppc;
+ }
+#endif
else
goto bad_arch;
#include <sys/types.h>
#include <sys/wait.h>
#include <assert.h>
+#include <sys/prctl.h>
#include "utils.h"
#include "log.h"
#include "lxclock.h"
#include "namespace.h"
+#ifndef PR_SET_MM
+#define PR_SET_MM 35
+#endif
+
+#ifndef PR_SET_MM_ARG_START
+#define PR_SET_MM_ARG_START 8
+#endif
+
+#ifndef PR_SET_MM_ARG_END
+#define PR_SET_MM_ARG_END 9
+#endif
+
+#ifndef PR_SET_MM_ENV_START
+#define PR_SET_MM_ENV_START 10
+#endif
+
+#ifndef PR_SET_MM_ENV_END
+#define PR_SET_MM_ENV_END 11
+#endif
+
lxc_log_define(lxc_utils, lxc);
static int _recursive_rmdir_onedev(char *dirname, dev_t pdev,
return tpath;
}
+
+/*
+ * Sets the process title to the specified title. Note:
+ * 1. this function requires root to succeed
+ * 2. it clears /proc/self/environ
+ * 3. it may not succed (e.g. if title is longer than /proc/self/environ +
+ * the original title)
+ */
+int setproctitle(char *title)
+{
+ char buf[2048], *tmp;
+ FILE *f;
+ int i, len, ret = 0;
+ unsigned long arg_start, arg_end, env_start, env_end;
+
+ f = fopen_cloexec("/proc/self/stat", "r");
+ if (!f) {
+ return -1;
+ }
+
+ tmp = fgets(buf, sizeof(buf), f);
+ fclose(f);
+ if (!tmp) {
+ return -1;
+ }
+
+ /* Skip the first 47 fields, column 48-51 are ARG_START and
+ * ARG_END. */
+ tmp = strchr(buf, ' ');
+ for (i = 0; i < 46; i++) {
+ if (!tmp)
+ return -1;
+ tmp = strchr(tmp+1, ' ');
+ }
+
+ if (!tmp)
+ return -1;
+
+ i = sscanf(tmp, "%lu %lu %lu %lu", &arg_start, &arg_end, &env_start, &env_end);
+ if (i != 4) {
+ return -1;
+ }
+
+ /* Include the null byte here, because in the calculations below we
+ * want to have room for it. */
+ len = strlen(title) + 1;
+
+ /* We're truncating the environment, so we should use at most the
+ * length of the argument + environment for the title. */
+ if (len > env_end - arg_start) {
+ arg_end = env_end;
+ len = env_end - arg_start;
+ } else {
+ /* Only truncate the environment if we're actually going to
+ * overwrite part of it. */
+ if (len >= arg_end - arg_start) {
+ env_start = env_end;
+ }
+ arg_end = arg_start + len;
+ }
+
+ strcpy((char*)arg_start, title);
+
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_START, (long)arg_start, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ARG_END, (long)arg_end, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_START, (long)env_start, 0, 0);
+ ret |= prctl(PR_SET_MM, PR_SET_MM_ENV_END, (long)env_end, 0, 0);
+
+ return ret;
+}
bool switch_to_ns(pid_t pid, const char *ns);
int is_dir(const char *path);
char *get_template_path(const char *t);
+int setproctitle(char *title);
#define LXC_VERSION_MAJOR 1
#define LXC_VERSION_MINOR 1
-#define LXC_VERSION_MICRO 0
-#define LXC_VERSION "1.1.0"
+#define LXC_VERSION_MICRO 1
+#define LXC_VERSION "1.1.1"
#endif
# download a mini centos into a cache
echo "Downloading centos minimal ..."
- YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck --releasever=$release"
+ if [ $release -le 5 ];then
+ YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck"
+ else
+ YUM="yum --installroot $INSTALL_ROOT -y --nogpgcheck --releasever=$release"
+ fi
PKG_LIST="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils"
# use temporary repository definition
sed -i "s#LXC_HOOK_DIR#$LXC_HOOK_DIR#g" $file
done
+# prevent mingetty from calling vhangup(2) since it fails with userns on Centos / Oracle
+if [ -f ${LXC_ROOTFS}/etc/init/tty.conf ]; then
+ sed -i 's|mingetty|mingetty --nohangup|' ${LXC_ROOTFS}/etc/init/tty.conf
+fi
+
if [ -n "$LXC_MAPPED_UID" ] && [ "$LXC_MAPPED_UID" != "-1" ]; then
chown $LXC_MAPPED_UID $LXC_PATH/config $LXC_PATH/fstab >/dev/null 2>&1 || true
fi
printf "Determining path to latest Gentoo %s (%s) stage3 archive...\n" "${arch}" "${variant}"
printf " => downloading and processing %s\n" "${stage3_pointer}"
- local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 ) \
+ local stage3_latest_tarball=$(wget -q -O - "${stage3_pointer}" | tail -n1 | cut -d' ' -f1) \
|| die 6 "Error: unable to fetch\n"
printf " => Got: %s\n" "${stage3_latest_tarball}"
if [[ -r "${auth_key}" ]]; then
printf " deploying auth_key %s for user %s ...\n" "${auth_key}" "${user}"
mkdir -p "${rootfs}/${auth_home}/.ssh"
- cat >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
+ cat "${auth_key}" >> "${rootfs}/${auth_home}/.ssh/authorized_keys"
chroot "${rootfs}" chown "${user}:" "${auth_home}/.ssh/authorized_keys"
printf " => inserted public key in %s/.ssh/authorized_keys\n" "${auth_home}"
[[ -z "${forced_password}" ]] && unset password
- store_user_message "${user} has the ssh key you gived us"
+ store_user_message "${user} has the ssh key you gave us"
fi
if [[ -n "${password}" ]]; then
password="toor"
tty=1
settings="common"
-options=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth_key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
+options=$(getopt -o hp:n:a:FcPv:t:S:u:w:s:m: -l help,rootfs:,path:,name:,arch:,flush-cache,cache-only,private-portage,variant:,portage-dir:,tarball:,auth-key:,user:,autologin,password:,settings:,mirror:,tty: -- "$@")
eval set -- "$options"
}
configure_plamo() {
- # create /dev
- chmod 666 $rootfs/dev/null
- mknod -m 666 $rootfs/dev/zero c 1 5
- chmod 666 $rootfs/dev/random
- mknod -m 666 $rootfs/dev/urandom c 1 9
- mkdir -m 755 $rootfs/dev/pts
- mkdir -m 755 $rootfs/dev/shm
- chmod 666 $rootfs/dev/tty
- chmod 600 $rootfs/dev/console
- mknod -m 666 $rootfs/dev/tty0 c 4 0
- mknod -m 666 $rootfs/dev/tty1 c 4 1
- mknod -m 666 $rootfs/dev/tty2 c 4 2
- mknod -m 666 $rootfs/dev/tty3 c 4 3
- mknod -m 666 $rootfs/dev/tty4 c 4 4
- mknod -m 666 $rootfs/dev/full c 1 7
- mknod -m 600 $rootfs/dev/initctl p
- mknod -m 666 $rootfs/dev/ptmx c 5 2
# suppress log level output for udev
sed -i 's/="err"/=0/' $rootfs/etc/udev/udev.conf
# /etc/fstab
echo "Setting root password to 'root'..."
echo "root:root" | chroot $rootfs chpasswd
echo "Please change root password!"
- # /etc/rc.d/rc.S
ed - $rootfs/etc/rc.d/rc.S <<- "EOF"
- /^mount -w -n -t proc/;/^# ln -s \/bin\/true/-1d
- /^mknod \/dev\/unikey/;/^# Clean \/etc\/mtab/-2d
+ /^mount -w -n -t proc/;/^mkdir \/dev\/shm/-1d
+ /^mknod \/dev\/null/;/^# Clean \/etc\/mtab/-2d
/^# copy the rules/;/^# Set the hostname/-1d
/^# Check the integrity/;/^# Clean up temporary/-1d
w
projects / toolchains / lxc.git / commitdiff