Rework init scripts This commit is based on the work of: Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> A generic changelog would be: - Bring support for lxcbr0 to all distributions - Share the container startup and network configuration logic across distributions and init systems. - Have all the init scripts call the helper script. - Support for the various different distro-specific configuration locations to configure lxc-net and container startup. Changes on top of Mike's original version: - Remove sysconfig/lxc-net as it's apparently only there as a workaround for an RPM limitation and is breaking Debian systems by including a useless file which will get registered as a package provided conffile in the dpkg database and will therefore cause conffile prompts on upgrades... - Go with a consistant coding style in the various init scripts. - Split out the common logic from the sysvinit scripts and ship both in their respective location rather than have them be copies. - Fix the upstart jobs so they actually work (there's no such thing as libexec on Debian systems). Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

provide an example SELinux policy for older releases The virtd_lxc_t type provided by the default RHEL/CentOS/Oracle 6.5 policy is an unconfined_domain(), so it doesn't really enforce anything. This change will provide a link in the documentation to an example policy that does confine containers. On more recent distributions with new enough policy, it is recommended not to use this sample policy, but to use the types already available on the system from /etc/selinux/targeted/contexts/lxc_contexts, ie: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

add yum plugin to repatch rootfs on yum update oracle-template: Split patching rootfs vs one time setup into separate shell functions so the template can be run with --patch. oracle-template: Update to install the yum plugin and itself (as lxc-patch) into a container. The plugin just runs lxc-patch --patch <path> so it is fairly generic, but in this case it is running a copy of the template inside the container. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add bash auto completion This adds a basic bash auto-completion profile. It supports 3 things at this time: - Auto-complete of container name (-n or -o) - Auto-complete of template name (-t) - Auto-complete of state names (-s) It's configured in a way to be as little disruptive as possible, any argument that's not explicitly handled by the profile will fallack to bash's default completion. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

apparmor: Add profiles Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

init: Add upstart jobs and some more changes (v3) This adds the 3 upstart jobs that we've had in Ubuntu for a while: - lxc.conf: Main upstart job, triggers lxc-net.conf based on config - lxc-instance.conf: Triggered by lxc.conf for each auto-started container - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ... In addition, there are two extra config files in /etc/default: - lxc: Allows setting some values like http proxying, disabling autostart, ... - lxc-net: Network configuration for the lxcbr0 bridge This change also disables the sysv script for all distros but Oracle as the current script won't work on either Ubuntu nor Debian and I suspect quite a few more distros, so it's not nearly as distro-agnostic as we thought. For Debian, only install the upstart jobs and systemd unit. For Ubuntu, only install the upstart jobs. This change also moves all the init related stuff to config/init/ Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Move some common Ubuntu config This introduces a new /usr/share/lxc/config directory containing common configuration snippets. The two Ubuntu templates are then simplified to just include the relevant entries avoiding a whole lot of hardcoded cgroup, capabilities and mount points configuration. An extra comment is also added at the top of all generated configuration files telling the user to look at lxc.conf(5) for more information. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

configure/makefile: rename default_conf to distro_conf configure/makefile: rename default_conf to distro_conf, since it is a per-distro default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to refer to the installed file. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Rename /etc/lxc/lxc.conf to /etc/lxc/default.conf. This will soon be followed by the introduction of a "real" system wide /etc/lxc/lxc.conf storing global LXC settings. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Fix autogen failing because of clean/distclean overrides A previous patch added a clean/distclean target to config/Makefile.am. This conflicts with automake's own target. This change replaces those by a clean-local and distclean-local target. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add distro config file /etc/lxc/lxc.conf [PATCH] Clean the lxc.conf file Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add distro config file /etc/lxc/lxc.conf This allows a distro to put the distro specific default network configuration (for example bridge device, link type), or other lxc configuration in the case that -f is not passed by the user to lxc-create, in which case lxc-create will use the distro conf file as the basis for the containers config. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Remove files provided by libtool and automake From: Daniel Lezcano <dlezcano@fr.ibm.com> Remove the files which are provided by libtool and automake. libtoolize has been added to 'bootstrap' command. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Initial revision