change version to 2.0.8 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Merge `ubuntu` and `debian`case Signed-off-by: 0x0916 <w@laoqinren.net>

Install systemd units for CentOS Signed-off-by: 0x0916 <w@laoqinren.net>

autotools: check for cap_get_file Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

Add HAVE_LIBCAP Currently it is impossible to build lxc with --disable-capabilities if the user has libcap-dev installed on his system as: - calls to cap_xxx functions are not protected by HAVE_LIBCAP defines. The whole file is only protected by HAVE_SYS_CAPABILITY_H. - AC_CHECK_LIB default action-if-found is overriden by [true] so HAVE_LIBCAP is never written to config.h This patch replaces all HAVE_SYS_CAPABILITY_H checks by HAVE_LIBCAP checks (fix #1361) Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>

change version to 2.0.7 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Use AC_HEADER_MAJOR to detect major()/minor()/makedev() Before the change build failed on Gentoo as: bdev/lxclvm.c: In function 'lvm_detect': bdev/lxclvm.c:140:4: error: implicit declaration of function 'major' [-Werror=implicit-function-declaration] major(statbuf.st_rdev), minor(statbuf.st_rdev)); ^~~~~ bdev/lxclvm.c:140:28: error: implicit declaration of function 'minor' [-Werror=implicit-function-declaration] major(statbuf.st_rdev), minor(statbuf.st_rdev)); ^~~~~ glibc plans to remove <sys/sysmacros.h> from glibc's <sys/types.h>: https://sourceware.org/ml/libc-alpha/2015-11/msg00253.html Gentoo already applied glibc patch to experimental glibc-2.24 to start preparingfor the change. Autoconf has AC_HEADER_MAJOR to find out which header defines reqiured macros: https://www.gnu.org/software/autoconf/manual/autoconf-2.69/html_node/Particular-Headers.html This change should also increase portability across other libcs. Bug: https://bugs.gentoo.org/604360 Signed-off-by: Sergei Trofimovich <siarheit@google.com>

Add --enable-gnutls option Previously HAVE_LIBGNUTLS was never set in config.h even if gnutls was detected as AC_CHECK_LIB default action-if-found was overriden by enable_gnutls=yes This patch adds an --enable-gnutls option and will call AC_CHECK_LIB with the default action to write HAVE_LIBGNUTLS in config.h Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>

configure: remove -Werror=vla Because we include a header that uses a vla (/me scoffs at header). Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: check for memfd_create() Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: do not allow variable length arrays There pointless and marked as optional since C11. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

configure: check whether gettid() is declared Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

change version to 2.0.6 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

install bash completion where pkg-config tells us to Signed-off-by: Evgeni Golov <evgeni@debian.org>

Use libtool for liblxc.so This should allow proper filtering of build flags for libraries and make it easier to use PIE/PIC. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.5 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Define LXC_DEVEL to detect development releases This can be used by downstreams to improve their "feature" checks. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

configure: add --disable-werror -Werror may break builds on some scenarios with trivialities (especially during developments). Signed-off-by: Jérôme Pouiller <jezz@sysmic.org>

change version to 2.0.4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tools, tests: reorganize repo - tools: move lxc commands to common subfolder - tests: adapt include search path Signed-off-by: Christian Brauner <cbrauner@suse.de>

change version to 2.0.3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

nicer date format and support for SOURCE_DATE_EPOCH in LXC_GENERATE_DATE Using $(date) for LXC_GENERATE_DATE has various flaws: * formating depends on the locale of the system we execute configure on * the output is not really a date but more a timestamp Let's use $(date --utc '+%Y-%m-%d') instead. While at it, also support SOURCE_DATE_EPOCH [1] to make the build reproducible [1] https://reproducible-builds.org/specs/source-date-epoch/ Signed-off-by: Evgeni Golov <evgeni@debian.org>

change version to 2.0.0 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc15 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc14 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc13 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc12 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc11 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc10 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc9 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc8 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc7 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc6 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Added ALTLinux distribution. - Added ALTLinux distribution. - Updated template for ALTLinux Sisyphus Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>

Execute script lxc-devsetup also with sysvinit and upstart. * This script sets /dev/.lxc which is needed for autodev containers. * Previously was only executed with systemd. Execute it also with the other init systems (sysvinit and upstart) Signed-off-by: Carlos Alberto Lopez Perez <clopez@igalia.com>

change version to 2.0.0.rc5 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-alpine: completely rewrite the template script New template script is more readable and robust, uses cache and external LXC config file as other templates. Signed-off-by: Jakub Jirutka <jakub@jirutka.cz>

change version to 2.0.0.rc3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

configure.ac: add --enable-deprecated flag - lxc-clone and lxc-start-ephemeral are marked deprecated. We add a --enable-deprecated flag to configure.ac allowing us to enable these deprecated executables - update tests to use lxc-copy instead of lxc-clone Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

change version to 2.0.0.rc2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.rc1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Remove legacy versions of lxc-ls lxc-ls nowadays is a C binary so there's no need to keep the python and shell versions around anymore, remove them from the branch and cleanup documentation and Makefiles. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.beta2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add support for Linux for SPARC distribution host and template Linux for SPARC is a free community Linux distribution for SPARC hosted by Oracle. See : https://oss.oracle.com/projects/linux-sparc While the distribution is based on Oracle Linux it does have some differences and since it's not actually Oracle Linux I decided to add a separate template rather than having the Oracle Linux template also support Linux for SPARC. This patch adds the lxc-template for Linux for SPARC and it also adds Linux for SPARC in the configure.ac as a distribution target to build. Signed-off-by: Wim Coekaerts <wim.coekaerts@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 2.0.0.beta1 in configure.ac Note that LXC 2.0 remains backward compatible with 1.0, so the ABI version is 1.2, not 2.0. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add support for new target plamo to configure.ac Add support for new target plamo to specify the linux distribution. Plamo Linux uses sysvinit. Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

doc: Add Japanese manpage for lxc-copy Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

doc: Add Korean manpage for lxc-copy Update for commit 2b47bac Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add getsubopt implementation for Android Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add manpage for lxc-copy (A trivial fix for lxc-copy is included.) Signed-off-by: Christian Brauner <christian.brauner@mailbox.org>

hooks: put binary hooks into $libexecdir/lxc/hooks Signed-off-by: Wolfgang Bumiller <w.bumiller@proxmox.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add a slackware template. Requires pkgtools and slackpkg (from the slackware-current tree). Signed-off-by: Matteo Bernardini <ponce@slackbuilds.org>

Add a nesting.conf which can be included to support nesting containers (v2) Newer kernels have added a new restriction: if /proc or /sys on the host has files or non-empty directories which are over-mounted, and there is no /proc which fully visible, then it assumes there is a "security" reason for this. It prevents anyone in a non-initial user namespace from creating a new proc or sysfs mount. To work around this, this patch adds a new 'nesting.conf' which can be lxc.include'd from a container configuration file. It adds a non-overmounted mount of /proc and /sys under /dev/.lxc, so that the kernel can see that we're not trying to *hide* things like /proc/uptime. and /sys/devices/virtual/net. If the host adds this to the config file for container w1, then container w1 will support unprivileged child containers. The nesting.conf file also sets the apparmor profile to the with-nesting variant, since that is required anyway. This actually means that supporting nesting isn't really more work than it used to be, just different. Instead of adding lxc.aa_profile = lxc-container-default-with-nesting you now just need to lxc.include = /usr/share/lxc/config/nesting.conf (Look, fewer characters :) Finally, in order to maintain the current apparmor protections on proc and sys, we make /dev/.lxc/{proc,sys} non-read/writeable. We don't need to be able to use them, we're just showing the kernel what's what. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add instanced systemd service Signed-off-by: Cameron Norman <camerontnorman@gmail.com>

doc: Add Korean man pages Signed-off-by: Sungbae Yoo <sungbae.yoo@samsung.com>

detect whether cgmanager_list_controllers is available and don't use it if not. This fixes failure to build with older cgmanager. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.1.0 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.1.0.rc4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.1.0.rc3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.1.0.rc2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.1.0.rc1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add common.conf.d Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

change version to 1.1.0.alpha3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

openwrt: add common configuration file This adds OpenWrt common config file. Signed-off-by: Petar Koretic <petar.koretic@sartura.hr> CC: Luka Perkov <luka.perkov@sartura.hr> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

c/r: put lxc-restore-net in /usr/share On restore, we pass criu a script to manage the network interfaces (i.e. the full path to lxc-restore-net), which we previously installed into /var/lib/<tuple>/lxc. However, this is also the directory that is the default for use in mounting the rootfs locally before pivot_root()ing. So, we mounted the rootfs and then happliy called criu, pointing it to this directory which didn't have lxc-restore-net any more, it just had the container's rootfs. Instead, we should put lxc-restore-net somewhere else, so that criu can still see it after the rootfs is mounted. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

change version to 1.1.0.alpha1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Rework init scripts This commit is based on the work of: Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> A generic changelog would be: - Bring support for lxcbr0 to all distributions - Share the container startup and network configuration logic across distributions and init systems. - Have all the init scripts call the helper script. - Support for the various different distro-specific configuration locations to configure lxc-net and container startup. Changes on top of Mike's original version: - Remove sysconfig/lxc-net as it's apparently only there as a workaround for an RPM limitation and is breaking Debian systems by including a useless file which will get registered as a package provided conffile in the dpkg database and will therefore cause conffile prompts on upgrades... - Go with a consistant coding style in the various init scripts. - Split out the common logic from the sysvinit scripts and ship both in their respective location rather than have them be copies. - Fix the upstart jobs so they actually work (there's no such thing as libexec on Debian systems). Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

doc: Translate lxc-checkpoint(1) into Japanese Update for commit 735f2c6 Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add support for checkpoint and restore via CRIU This patch adds support for checkpointing and restoring containers via CRIU. It adds two api calls, ->checkpoint and ->restore, which are wrappers around the CRIU CLI. CRIU has an RPC API, but reasons for preferring exec() are discussed in [1]. To checkpoint, users specify a directory to dump the container metadata (CRIU dump files, plus some additional information about veth pairs and which bridges they are attached to) into this directory. On restore, this information is read out of the directory, a CRIU command line is constructed, and CRIU is exec()d. CRIU uses the lxc-restore-net callback (which in turn inspects the image directory with the NIC data) to properly restore the network. This will only work with the current git master of CRIU; anything as of a152c843 should work. There is a known bug where containers which have been restored cannot be checkpointed [2]. [1]: http://lists.openvz.org/pipermail/criu/2014-July/015117.html [2]: http://lists.openvz.org/pipermail/criu/2014-August/015876.html v2: fixed some problems with the s/int/bool return code form api function v3: added a testcase, fixed up the man page synopsis v4: fix a small typo in lxc-test-checkpoint-restore v5: remove a reference to the old CRIU_PATH, and a bad error about the same Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Update the openvswitch bridge attach code 1. don't determine ovs-vsctl path at configure time, do it at runtime 2. lxc-user-nic: set a sane path to protect from unpriv users Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

statvfs: do nothing if statvfs does not exist (android/bionic) If statvfs does not exist, then don't recalculate mount flags at remount. If someone does need this, they could replace the code (only if !HAVE_STATVFS) with code parsing /proc/self/mountinfo (which exists in the recent git history) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

build: Fix support for split build and source dirs Building LXC in a separate target directory, by running configure from outside the source tree, failed with multiple errors, mostly in the Python and Lua extensions, due to assuming the source dir and build dir are the same in a few places. To fix that: - Pre-process setup.py with the appropriate directories at configure time - Introduce the build dir as an include path in the Lua Makefile - Link the default container configuration file from the alternatives in the configure stage, instead of setting a variable and using it in the Makefile Signed-off-by: Daniel Miranda <danielkza2@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

introduce --with-distro=raspbian Raspberry Pi kernel finally supports all the bits required by LXC [1] This patch makes "./configure --with-distro=raspbian" to install lxcbr0 based config file and upstart jobs. Also src/lxc/lxc.net now checks the existence of the lxc-dnsmasq user (and fallbacks to dnsmasq) RPI users still need to pass "MIRROR=http://archive.raspbian.org/raspbian/" parameter to lxc-create to pick the correct packages MIRROR=http://archive.raspbian.org/raspbian/ lxc-create -t debian -n rpi [Could be applied to stable-1.0 if you cherry-pick 7157a508ba3015b830877a5e4d6ca9debb3fd064] [1] https://github.com/raspberrypi/linux/issues/176 Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Install systemd units for Ubuntu Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add systemd unit for lxc.net This is the equivalent of the upstart lxc-net.conf to set up the LXC bridge. This also drops "lxc.service" from tarballs. It is built source which depends on configure options, so the statically shipped file will not work on most systems. https://launchpad.net/bugs/1312532 Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Get systemd unit dir from pkg-config Don't install systemd unit files into $(prefix), they won't work there. Instead, get them from systemd's pkg-config file. Signed-off-by: Martin Pitt <martin.pitt@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

provide an example SELinux policy for older releases The virtd_lxc_t type provided by the default RHEL/CentOS/Oracle 6.5 policy is an unconfined_domain(), so it doesn't really enforce anything. This change will provide a link in the documentation to an example policy that does confine containers. On more recent distributions with new enough policy, it is recommended not to use this sample policy, but to use the types already available on the system from /etc/selinux/targeted/contexts/lxc_contexts, ie: process = "system_u:system_r:svirt_lxc_net_t:s0" file = "system_u:object_r:svirt_sandbox_file_t:s0" Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Support openvswitch bridges We detect whether ovs-vsctl is available. If so, then we support adding network interfaces to openvswitch bridges with it. Note that with this patch, veths do not appear to be removed from the openvswitch bridge. This seems a bug in openvswitch, as the veths in fact do disappear from the system. If lxc is required to remove the port from the bridge manually, that becomes more complicated for unprivileged containers, as it would require a setuid-root wrapper to be called at shutdown. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

change version to 1.1.0.alpha1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Reduce duplication in new style configs This is a rather massive cleanup of config/templates/* As new templates were added, I've noticed that we pretty much all share the tty/pts configs, some capabilities being dropped and most of the cgroup configuration. All the userns configs were also almost identical. As a result, this change introduces two new files: - common.conf.in - userns.conf.in Each is included by the relevant <template>.<type>.conf.in templates, this means that the individual per-template configs are now overlays on top of the default config. Once we see a specific key becoming popular, we ought to check whether it should also be applied to the other templates and if more than 50% of the templates have it set to the same value, that value ought to be moved to the master config file and then overriden for the templates that do not use it. This change while pretty big and scary, shouldn't be very visible from a user point of view, the actual changes can be summarized as: - Extend clonehostname to work with Debian based distros and use it for all containers. - lxc.pivotdir is now set to lxc_putold for all templates, this means that instead of using /mnt in the container, lxc will create and use /lxc_putold instead. The reason for this is to avoid failures when the user bind-mounts something else on top of /mnt. - Some minor cgroup limit changes, the main one I remember is /dev/console now being writable by all of the redhat based containers. The rest of the set should be identical with additions in the per-distro ones. - Drop binfmtmisc and efivars bind-mounts for non-mountall based unpriivileged containers as I assumed they got those from copy/paste from Ubuntu and not because they actually need those entries. (If I'm wrong, we probably should move those to userns.conf then). Additional investigation and changes to reduce the config delta between distros would be appreciated. In practice, I only expect lxc.cap.drop and lxc.mount.entry to really vary between distros (depending on the init system, the rest should be mostly common. Diff from the RFC: - Add archlinux to the mix - Drop /etc/hostname from the clone hook Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update Arch Linux template and add common configuration files Move common container configuration entries into template config. Remove unnecessary service symlinking and configuration entries, as well as guest configs and other redundant configuration, fix minor script bugs. Clean up template command line, add -d option to allow disabling services. Also enable getty's on all configured ttys to allow logins via lxc-console, set lxc.tty value corresponding to default Arch /etc/securetty configuration. This patch simplifies Arch Linux template a bit, while fixing some longstanding issues. It also provides common configuration based on files provided for Fedora templates. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

don't build init.lxc.static if libcap.a isn't available Note that building init.lxc.static still requires a static libutil.a and libpthread.a, but these are available on most distro's through glibc-static. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

split -lcap and -lselinux out of LIBS Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Updated lxc-opensuse for common configuration changes. Updated the lxc-opensuse template for the changes for the common configuration used by the download template. Changed the default network mode in the container to dhcp. Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-autostart: rework boot and group handling This adds new functionality to lxc-autostart. *) The -g / --groups option is multiple cummulative entry. This may be mixed freely with the previous comma separated group list convention. Groups are processed in the order they first appear in the aggregated group list. *) The NULL group may be specified in the group list using either a leading comma, a trailing comma, or an embedded comma. *) Booting proceeds in order of the groups specified on the command line then ordered by lxc.start.order and name collalating sequence. *) Default host bootup is now specified as "-g onboot," meaning that first the "onboot" group is booted and then any remaining enabled containers in the NULL group are booted. *) Adds documentation to lxc-autostart for -g processing order and combinations. *) Parameterizes bootgroups, options, and shutdown delay in init scripts and services. *) Update the various init scripts to use lxc-autostart in a similar way. Reported-by: CDR <venefax@gmail.com> Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

configure.ac: don't let -lcgmanager end up in LIBS AC_SEARCH_LIBS always places the library being queried into LIBS. We don't want that - we were only checking whether a function is available. Not everything (notably not init.lxc.static) needs to link against -lcgmanager. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

cgmanager: use absolute cgroup path to switch cgroups at attach If an unprivileged user does 'lxc-start -n u1' in one login session, followed by 'lxc-attach -n u1' in another session, the attach will fail if the sessions are in different cgroups. The same is true of lxc-cgroup commands. Address this by using the GetPidCgroupAbs and MovePidAbs which work with the containers' cgroup path relative to the cgproxy. Since GetPidCgroupAbs is new to api version 3 in cgmanager, use the old method if we are on an older cgmanager. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Tested-by: "S.Çağlar Onur" <caglar@10ur.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add yum plugin to repatch rootfs on yum update oracle-template: Split patching rootfs vs one time setup into separate shell functions so the template can be run with --patch. oracle-template: Update to install the yum plugin and itself (as lxc-patch) into a container. The plugin just runs lxc-patch --patch <path> so it is fairly generic, but in this case it is running a copy of the template inside the container. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

move lxc-init to /sbin/init.lxc Using the multiarch dir causes problems when running lxc-execute on amd64 with an i386 container. /sbin/lxc-init is a more confusing name and will show up in 'lxc<tab>'. /sbin/init.lxc should be quite obvious as an init for lxc. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc-ls: Fix support of --nesting for unpriv This reworks the way lxc-ls works in nesting mode. In the past it'd use attach_wait's subprocess function to call itself in the container's namespace, carefully only attaching to the namespaces it needed. This works great for system containers but not so much as soon as you also need to attach to userns. Instead this fix moves all of the container listing code into a get_containers function (hence the massive diff, sorry), this function is then called recursively. For running containers, the function is called through attach_wait inside the container's namespace, for stopped container, the function is simply called recursively with a base path (container's rootfs) in an attempt to find containers that way. Communication between the parent lxc-ls and the child lxc-ls is done through a temporary fd and serialized state using json (similar to what was done using stdout in the previous implementation). As get_global_config_item unfortunately caches the values, there's no easy way to figure out what the lxcpath should be for a root container when running as non-root, so just use @LXCPATH@ for now and have python do the parsing itself. As a result, the following things now work as expected: - listing nested unprivileged containers (root containers inside unpriv) - listing nested containers when they're not running - filtering containers in nesting mode (only the first level is filtered) - copy with invalid config (used to traceback) Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lua: respect configure's --prefix Install lua files under the confiugred --prefix rather than use the pkg-config's variables LUA_INSTALL_[CL]MOD. Users will likely want user --prefix while packagers will use DESTDIR. Set the default to $datadir/lua/$LUA_VERSION for arch independent lua modules and $libdir/lua/$LUA_VERSION for arch dependant .so module. This should work for most distros. If it does not, then packagers can still do: make install lualibdir=$(pkg-config lua --variable=INSTALL_CMOD) ... This fixes #169 Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.rc4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.rc3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

configure.ac: Fix cgmanager detection Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.rc2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.beta4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

seccomp: don't support v2 if seccomp_syscall_resolve_name_arch is not avilable Also don't use arm arch if not defined This *should* fix build so precise, but I didn't fire one off. I did test that builds with libseccomp2 still work as expected. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Fix some configure.ac issues - Run on distro without lsb_release - Don't try and interpret with_runtime_path as a command - Don't print stuff on screen while in the middle of a check Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add --with-runtime-path to configure This allows older distros to override /run with whatever their own path is, mostly useful for old RedHat and possibly Android. Reported-by: Robert Vogelgesang <vogel@users.sourceforge.net> Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

bionic: Define faccessat if missing Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.beta4 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

fix build with cgmanager on Fedora - configure fails to compile the cgmanager test without -lnih -lnih-dbus - fix include path from cgmanger commit f1d9bd1a Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Check for non-posix utmpxname in configure utmpx.h is specified in POSIX but utmpxname is not so we check for utmpxname in configure script. This fixes the following compile error with musl libc: lxcutmp.c: In function 'utmp_get_runlevel': lxcutmp.c:249:2: error: implicit declaration of function 'utmpxname' [-Werror=implicit-function-declaration] if (!access(path, F_OK) && !utmpxname(path)) ^ Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

gentoo: Add basic userns config Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

gentoo: template rework Now splited config 2 settings available * common ** featureful oriented settings * moresecure ** security oriented Signed-off-by: gza <github.guillaume@zitta.fr> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.beta3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

tests: Fix lxc-user-nic path Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

doc: Add Japanese lxc-config(1) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

doc: Add manpage for lxc-config Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

doc: Add Japanese lxc.container.conf(5), lxc.system.conf(5) and update lxc.conf(5) * update for commit 55fc19a1042bca36ae431cb4a51c2abc0ca4d801 * fix typo in English lxc.system.conf(5) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.coM>

doc: Try to clear some confusion about lxc.conf Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Remove lxc-version, lxc-ps and lxc-netstat lxc-ps and lxc-netstat have an unfortunate tendency to break every so often, produce mostly unreadable output and should be replaced by a lxc-attach call in 99% of the cases. In an effort to cleanup the lxc-* namespace, I think those two should go, so this patch gets rid of them as well as any reference to them in our documentation. I also think that lxc-version should disappear as it's only a one line shell script printing the version string, so having a whole command just for that seems to be a bit of a waste. Instead, this patch introduces a new --version common option which all binaries will automatically inherit and that'll print LXC_VERSION on stdout and exit 0. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add bash auto completion This adds a basic bash auto-completion profile. It supports 3 things at this time: - Auto-complete of container name (-n or -o) - Auto-complete of template name (-t) - Auto-complete of state names (-s) It's configured in a way to be as little disruptive as possible, any argument that's not explicitly handled by the profile will fallack to bash's default completion. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update Fedora and CentOS templates for common conf includes. This updates the Fedora and CentOS templates to utilize a common included config. This is largely based on the changes in the Oracle template with some exceptions. Dropping of setpcap (present in the Oracle template) is commented out in the Fedora template. It seems to cause problems, such as large login delays with Fedora 20 containers (but not Fedora 19 - strange). The Fedora template is further modified to disable systemd-journald.service as it is unnecessary in a container and causes serious problems when running in a Fedora 20 container. The Fedora template is also updated to default to Fedora 20 when running on a non-Fedora host. Regards, Mike Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add Japanese lxc-usernsexec(1) and fix typo English lxc-usernsexec(1) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Deprecate lxc-checkpoint, lxc-kill and lxc-restart Checkpoint/restart isn't currently supported, so let's not carry those binaries around until we have proper CRIU support in the API. lxc-kill is redundant with lxc-stop -k and has been known to confuse user. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-usernsexec: add a manpage and fix the help output in the program Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

apparmor: Add profiles Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

init: Add upstart jobs and some more changes (v3) This adds the 3 upstart jobs that we've had in Ubuntu for a while: - lxc.conf: Main upstart job, triggers lxc-net.conf based on config - lxc-instance.conf: Triggered by lxc.conf for each auto-started container - lxc-net.conf: Triggered by lxc.conf, sets up lxcbr0, NAT, mangling, ... In addition, there are two extra config files in /etc/default: - lxc: Allows setting some values like http proxying, disabling autostart, ... - lxc-net: Network configuration for the lxcbr0 bridge This change also disables the sysv script for all distros but Oracle as the current script won't work on either Ubuntu nor Debian and I suspect quite a few more distros, so it's not nearly as distro-agnostic as we thought. For Debian, only install the upstart jobs and systemd unit. For Ubuntu, only install the upstart jobs. This change also moves all the init related stuff to config/init/ Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Initial support for cgmanager This patch splits out most of the cgroupfs-specific code, so that cgroup-manager versions can be plugged in. The case I did not handle is cgroup_enter at lxc_attach. I'm hoping that case can be greatly simplified, but will worry about it after fleshing out the cgroup manager handlers. This also simplify the freezer functions. This seems to not regress my common tests when running without cgmanager, but I'd like to do a bit more testing before pushing. However I was hoping to get some more eyes on this so am sending it out now. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.beta2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

debian: Switch to config includes Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

oracle template: convert to common.conf style Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

gentoo: Initial template Signed-off-by: gza <lxc@zitta.fr> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add minimal userns config for plamo Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

plamo: Update template to use lxc.include and add plamo.common.conf Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

download: Initial template This adds a new template called "download". It's a fairly simple template with a minimal set of dependency which will grab any pre-built image available on https://images.linuxcontainers.org Note that the serverside is still work in progress (missing SSL support). Access is done over https by default with a warning being emitted if fallback to http was required (may be needed for testing, when behind proxy and with private servers). All index files and tarballs are gpg-signed with the default pubkeyid contained in the template itself. The main benefit of this template is to be entirely distribution-agnostic, any template that can be integrated with the server build infrastructure will then work on any LXC machine when using the download template. This template is also compatible with user namespaces and will hopefully help widden the number of distros that may work in unprivileged LXC. This commit also bundles a small change to the template configs to have the ubuntu template (used by the download template) to work with unprivileged LXC. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Move pkg-config init to way earlier Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

configure: find seccomp using pkg-config On suse we have the header in a subdir inside /usr/include, so pkgconfig has to be used to find out proper CFLAGS. Signed-off-by: Jiri Slaby <jslaby@suse.cz> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

allow multiple types of init scripts to be configured Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

configure.ac: add docbook-to-man to dbparsers Debian and Ubuntu uses docbook2x-man, but some other distr like suse uses docbook-to-man. I think all of them should work on LXC. Signed-off-by: Qiang Huang <h.huangqiang@huawei.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

check pthread_atfork and thread-local storage Add pthread_atfork check to configure.ac and uses it when necessary, Introduces tls.m4 macro for checking thread-local storage support, Puts values array into thread-local storage (lxc_global_config_value@src/lxc/utils.c), Removes static_lock/static_unlock from LXC code. Lastly, it introduces a warning for bionic users about multithreaded usage of LXC. (requires 64b1be2903078ef9e9ba3ffcbc30a4dc9bc5cc6c to be reverted first) Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add lxc-autostart support for sysv init systems This change updates the way init scripts get installed so that more than one init system can be supported. Instead of installing the systemd service file from the spec file, it should be installed at make install time, so that someone compiling from source also gets the unit file installed. Update the plamo template to use a lock file not named just /var/lock/subsys/lxc since the presence of that file is used by sysv init rc file to know if it should run the K01lxc script. This also makes it consistent with the other templates which use /var/lock/subsys/lxc-$template-name. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

configure: Disable python3 builds with clang Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

configure: Add GnuTLS to configure overview Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

doc: Add Japanese lxc-autostart(1) and update lxc.conf(5) Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add lxc-autostart This introduces a new lxc-autostart binary (and associated manpage) which will let you start/shutdown/kill/restart any container that's marked as lxc.start.auto=1. It respects the lxc.start.delay value, sorts by lxc.start.order and filters by lxc.group. By default it'll affect all containers that DO NOT have lxc.group set. If -g is specified, ONLY containers in those group will be affected. To have a command applied to all containers, the -a argument can be used. A -L flag is also offered for distributions wishing to start the containers themselves while still using LXC's calculated order and wait delays. Instead of performing the action, it'll print the container name and (if relevant for the action) the wait time. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add Japanese man pages for lxc-user-nic Update for commit df3415e02282317348bbd5f9ce66d03e1c81eeec Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.beta1 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

add manpages for lxc-user-nic Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

configure.ac: Make our configure more consistent This commit does the following changes: - Disable rpath by default - Switch all of our options to --enable-FEATURE in the help - Add auto-detection of libcap availability - Add auto-detection of python3 availability - Always specify the default value in --help - Add a configuration overview at the end Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Move some common Ubuntu config This introduces a new /usr/share/lxc/config directory containing common configuration snippets. The two Ubuntu templates are then simplified to just include the relevant entries avoiding a whole lot of hardcoded cgroup, capabilities and mount points configuration. An extra comment is also added at the top of all generated configuration files telling the user to look at lxc.conf(5) for more information. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add LXC version information to version.h So that applications can get the LXC version number at compile time. This can be used to make applications/bindings that support compiling against multiple versions of LXC. Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Added templates/lxc-centos for CentOS containers. This adds an lxc-centos template for crreating CentOS 5+ templates. It does NOT create CentOS 4 or earlier containers as these are way past end of life and no longer supported. It is based on the work of Fajar A. Nugraha <github@fajar.net> who modified an earlier Fedora template. His work has been brought LARGELY into congruence with the current Fedora template. It still lacks the distro agnostic bootstrap and systemd code from the Fedora template but those should only be relevant with CentOS 7 when that can of worms pops open sometime next year or so. Signed-off-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add '--enable-api-docs' for doxygen-generated public API docs. Signed-off-by: James Hunt <james.hunt@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

remove HAVE_NEWUIDMAP and NEWUIDMAP Always build lxc-usernsexec. Else we require having uidmap installed on the build host for no good reason. And we never actually used the NEWUIDMAP path we detected. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.alpha3 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

valgrind drd tool shows conflicting stores happening at lxc_global_config_value@src/lxc/utils.c (v2) Conflict occurs between following lines [...] 269 if (values[i]) 270 return values[i]; [...] and [...] 309 /* could not find value, use default */ 310 values[i] = (*ptr)[1]; [...] fix it using a specific lock dedicated to that problem as Serge suggested. Also introduce a new autoconf parameter (--enable-mutex-debugging) to convert mutexes to error reporting type and to provide a stacktrace when locking fails. Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

rpm spec: fix version numbering when building alpha, beta, rc We want to ensure smooth upgrades when doing rpm -U throughout the release cycle so this change implements the scheme documented at: http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

change version to 1.0.0.alpha2 in configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Change configure, replacing mandriva by openmandriva The latest Mandriva distro release was in 2011 and nowadays distro named OpenMandriva Lx. Signed-off-by: Alexander Khryukin <alexander@mezon.ru> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add an OpenMandriva distro lxc-openmandriva template Signed-off-by: Alexander Khryukin <alexander@mezon.ru> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

template: Add Plamo Linux template This template allows to create Plamo Linux container on Plamo Linux. Plamo Linux is Japanese distribution, which is originally based on Slackware Linux. Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

doc: Generate Japanese lxc-snapshot(1) man page Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add basic lxc-test-ubuntu (v3) Some features of lxc - networking and LSM configuration for instance - are generally configured by the distro packages. This program tests the Ubuntu configuration. changelog v2: Switch to lxc-info -i to detect ip address as stgraber suggested Don't look for 'expect' as I'm not using it yet. changelog v3: Make sure to only read one ip address from container. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

refactor AppArmor into LSM backend, add SELinux support Currently, a maximum of one LSM within LXC will be initialized and used. If in the future stacked LSMs become a reality, we can support it without changing the configuration syntax and add support for more than a single LSM at a time to the lsm code. Generic LXC code should note that lsm_process_label_set() will take effect "now" for AppArmor, and upon exec() for SELinux. - fix Oracle template mounting of proc and sysfs, needed when using SELinux Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

doc: Japanese man pages is not generated when docbook-utils is used Character encoding of Japanese man pages is UTF-8. But docbook-utils can't treat it (and don't have --encoding option that use in Makefile). So change to Japanese man pages is not generated when docbook-utils is used. Signed-off-by: KATOH Yasufumi <karma@jazz.email.ne.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add some missing comments to configure.ac Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

snapshots: add man page and fix up help info a bit. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add cgroup.pattern global configuration option Signed-off-by: Christian Seiler <christian@iwakd.de> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add Japanese man pages. Japanese man pages is installed under $mandir/ja. At this time, it is based on version 0.9.0.

change version to 1.0.0.alpha1 in configure.ac Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

configure: enable Lua if found and continue without if not Search for Lua if no --enable-lua/--disable-lua specified but continue without if not found. If --enable-lua is specified and Lua is not found then return error. If --disable-lua is specified, then don't search for Lua. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lua: fix logic to enable lua support in configure When there is no --enable-lua or --with-lua-pc, Lua should not be enabled. This fixes a bug introduced with 12e93188 (configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc) that caused configure script to fail if lua headers was missing. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add AS_VAR_COPY for older autoconf versions Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

configure/makefile: Allow specify Lua pkg-config file with --with-lua-pc Enable support for both Lua 5.1 and 5.2 by letting user specify the Lua pkg-config package name. By default it will use 'lua' and try figure out which version it is. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Allow building without confstr We use confstr to grab the default PATH value. If it's not there, just use a standard one with bin and sbin for /, /usr and /usr/local. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Use srand/rand instead of initstate/random initstate/random doesn't work on bionic, srand/rand works on everything, so let's use that. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add a local implementation of ifaddrs.h This adds a local ifaddrs implementation to be used on Bionic or other C libraries that don't come with a getifaddrs implementation. This code was written by Kenneth MacKay and is under a two-clause BSD license (copyright information in the file headers). Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Add subdir-objects option to AM_INIT_AUTOMAKE Fix build with automake 1.14 and newer, since it requires explicit setting now. Signed-off-by: Alexander Vladimirov <alexander.idkfa.vladimirov@gmail.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-user-nic: specify config and db files in autoconf Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

define lxc-usernsexec It uses the newuidmap and newgidmap program to start a shell in a mapped user namespace. While newuidmap and newgidmap are setuid-root, lxc-usernsexec is not. If new{ug}idmap are not available, then this program is not built or installed. Otherwise, it will be used to support creating, starting, destroying, etc containers by unprivileged users using their authorized subuids and subgids. Example: usernsexec -m u:0:100000:1 -- /bin/bash will, if the user is authorized to use subuid 100000, start a bash shell in a user namespace where 100000 on the host is mapped to root in the namespace, and the shell is running as (privileged) root. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc_create: prepend pretty header to config file (v2) Define a sha1sum_file() function in utils.c. Use that in lxcapi_create to write out the sha1sum of the template being used. If libgnutls is not found, then the template sha1sum simply won't be printed into the container config. This patch also trivially fixes some cases where SYSERROR is used after a fclose (masking errno) and missing consts in mkdir_p. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Define LXC_DEFAULT_CONFIG And use it in place of the various ways we were deducing /etc/lxc/default.conf. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

configure/makefile: rename default_conf to distro_conf configure/makefile: rename default_conf to distro_conf, since it is a per-distro default. Then we'll be able to use the symbol LXC_DEFAULT_CONF in the code to refer to the installed file. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Move container creation fully into the api 1. implement bdev->create: python and lua: send NULL for bdevtype and bdevspecs. They'll want to be updated to pass those in in a way that makes sense, but I can't think about that right now. 2. templates: pass --rootfs If the container is backed by a device which must be mounted (i.e. lvm) then pass the actual rootfs mount destination to the templates. Note that the lxc.rootfs can be a mounted block device. The template should actually be installing the rootfs under the path where the lxc.rootfs is *mounted*. Still, some people like to run templates by hand and assume purely directory backed containers, so continue to support that use case (i.e. if no --rootfs is listed). Make sure the templates don't re-write lxc.rootfs if it is already in the config. (Most were already checking for that) 3. Replace lxc-create script with lxc_create.c program. Changelog: May 24: when creating a container, create $lxcpath/$name/partial, and flock it. When done, close that file and unlink it. In lxc_container_new() and lxcapi_start(), check for this file. If it is locked, create is ongoing. If it exists but is not locked, create() was killed - remove the container. May 24: dont disk-lock during lxcapi_create. The partial lock is sufficient. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

destroy: implement in the api This requires implementing bdev->ops->destroy() for each of the backing store types. Then implementing lxcapi_clone(), writing lxc_destroy.c using the api, and removing the lxc-destroy.in script. (this also has a few other cleanups, like marking some functions static) Changelog: fold into destroy: fix zfs destroy destroy: use correct program name in help Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-stop: use api, remove lxc_shutdown, extend lxc-stop functionality implement c->reboot(c) in the api. Also if the container is not running, return -2. Currently lxc-stop will return 0, so you cannot tell the difference between successfull stopping and noop. Per stgraber's email: - Remove lxc-shutdown - Change lxc-stop so that: * Default behaviour is to call shutdown(), wait 15s for STOPPED, if not STOPPED, print a message to the user and call stop() [ NOTE: actually 60 seconds per followup thread] * We have a -r option to reboot the container (with proper check that the container indeed rebooted within the next 15s) * We have a -s option to shutdown the container without the automatic fallback to stop() * Add a -k option allowing a user to just kill a container (equivalent to old lxc-stop, no shutdown() call and no delay). and update manpages. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

add lxc-cirros Add a template to create a cirros container. One great thing about cirros is that the image you download is 3.5M. Thanks smoser! Note by default /etc/inittab doesn't have a /dev/console entry, so you don't get a login on the lxc-start console. Adding console::respawn:/sbin/getty 115200 console makes that work, but ctrl-c still gets forwarded to init which then reboots. So I didn't bother adding console as part of the template (yet). Instead I simply lxc-start -d, then lxc-console. Signed-off-by: Scott Moser <scott.moser@canonical.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

remove lxc-clone-sh Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

implement backend drivers and container clone API (v3) 1. commonize waitpid users to use a single helper. We frequently want to run something in a clean namespace, or fork off a script. This lets us keep the function doing fork:(1)exec(2)waitpid simpler. 2. start a blockdev backend implementation. This will be used for mounting, copying, and snapshotting container filesystems. 3. implement btrfs, lvm, directory, and overlayfs backends. 4. For overlayfs, support a new lxc.rootfs format of 'bdevtype:<extra>'. This means you can now use overlayfs-based containers without using lxc-start-ephemeral, by using lxc.rootfs = overlayfs:/readonly-dir:writeable-dir 5. add a set of simple clone testcases 6. Write a new lxc_clone.c based on api clone. Still to do (there's more, but off top of my head): 1. support zfs, aufs 2. have clone handle other mount entries (right now it only clones the rootfs) 3. python, lua, and go bindings (not me :) 4. lxc-destroy: if lvm backing store, check for snapshots of it. (what about directories which have overlayfs clones?) Changes since v2: Initialize random generator when picking new macaddr (reported by caglar@10ur.org) Fix wrong use of bitmask flags On copy-clone of btrfs, create a subvolume lxc_clone.c: respect the command line usage of the old script lxc-clone(1): update documentation Refuse to try changing backing stores expect to overlayfs, as it is not implemented (yet) anyway. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Conflicts: src/lxc/utils.h

fix building docs Commit 69fe23ff added checking for the older docbook2man back into configure, but this breaks building the docs on at least Oracle Linux and Fedora when docbook2X is not installed as docbook2man will be found but the docs don't actually build with that tool. This change makes it so the docs can be built with either the older docbook2man or the newer 2X tools by using configure to set the dtd string to an appropriate value depending on use of docbook2man or db2x_docbook2man. Also fixed a small error in lxc-destroy.sgml.in that was noticed by the old tools. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

configure: support for the "docbook2man" utility to build the documentation This adds docbook2man as an alternative name for the docbook compiler. As that name was used on Debian based systems for an older version of the tool, this change also adds a check so that docbook2man is never used on Debian based systems. Reported-by: Peter Simons <simons@cryp.to> Reported-by: Christian Bühler christian@cbuehler.de Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-0.9.0 Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

Use $localstatedir/log/lxc for default log path When we install lxc by manual (configure; make; make install), all files are installed under /usr/local/. Configuration files and setting files of containers are stored under /usr/local/ too, however, only log files are stored under /var/log/ not /usr/local/var/log. This patch changes the default log path to $localstatedir/log/lxc (by default $localstatedir is /usr/local/var) where is an ordinary directory, which is probably expected and unsurprising. Signed-off-by: Ryota Ozaki <ozaki.ryota@gmail.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-0.9.0.rc1 Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

lxc-lenny: Remove deprecated template Debian 5.0 Lenny turned out of support on the 6th of February 2012. From now on, the only supported Debian template is lxc-debian. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

python: Don't hardcode LXCPATH in python module Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

python api_test: Drop use of @LXCPATH@ The python api test script was using @LXCPATH@ for one of its checks. Now that the lxcpath is exposed by the lxc python module directly, this can be dropped and api_test.py can now become a simple python file without needing pre-processing by autoconf. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

ensure clock_gettime symbol is found got link error liblxc.so: undefined reference to `clock_gettime' clock_gettime is used by lxclock.c and is in librt, or bionic libc. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add example hooks from Ubuntu package We've been shipping those two hooks for a while in Ubuntu. Yesterday I reworked them to use the new environment variables and avoid hardcoding any path that we have available as a variable. I tested both to work on Ubuntu 13.04 but they should work just as well on any distro shipping with the cgroup hierarchy in /sys/fs/cgroup and with ecryptfs available. Those are intended as example and distros are free to drop them, they should however be working without any change required, at least on Ubuntu. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Fix typos identified by lintian Lintian spotted those two typos. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Use AC_SEARCH_LIBS instead of hardcoded lists Use AC_SEARCH_LIBS to detect what library provides sem_*. This allows us to stop hardcoding the ld arguments in the various MakeFiles. Suggested-by: Natanael Copa <ncopa@alpinelinux.org> Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

configure: replace deprecated AM_CONFIG_HEADER Replace deprecated AM_CONFIG_HEADER with AC_CONFIG_HEADERS. This is needed for automake-1.13. Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

version 0.9.0-alpha2 Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

Add missing manpages This introduces manpages for: - lxc-checkconfig - lxc-device - lxc-info - lxc-netstat - lxc-shutdown (wasn't in Makefile) - lxc-start-ephemeral - lxc-version This commit also sorts configure.ac and Makefile.am. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

add lxc-unshare man page, and make 'lxc-unshare -h' work. Also fix some tabs-as-spaces in lxc_unshare.c itself. lxc-unshare: run usage() on '-h' Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add man page for lxc-clone And doing so pointed out a bug in lxc-clone itself - it claims default fssize is 2G. It's not. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Drop lxc-setcap and lxc-setuid As discussed earlier this week, lxc-setcap and lxc-setuid have been in pretty bad shape lately. Most if not all distros recommend against using them or don't ship them at all. With the ongoing work to get user namespaces working in upstream LXC, we think it's best to drop those two now as we prepare to land proper setuid helpers to deal with user namespaces. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Switch from use of LXCPATH to a configurable default_lxc_path Here is a patch to introduce a configurable system-wide lxcpath. It seems to work with lxc-create, lxc-start, and basic python3 lxc usage through the api. For shell functions, a new /usr/share/lxc/lxc.functions is introduced which sets some of the basic global variables, including evaluating the right place for lxc_path. I have not converted any of the other python code, as I was not sure where we should keep the common functions (i.e. for now just default_lxc_path()). configure.ac: add an option for setting the global config file name. utils: add a default_lxc_path() function Use default_lxc_path in .c files define get_lxc_path() and set_lxc_path() in C api use get_lxc_path() in lua api create sh helper for getting default path from config file fix up scripts to use lxc.functions Changelog: feb6: fix lxc_path in lxc.functions utils.c: as Dwight pointed out, don't close a NULL fin. utils.c: fix the parsing of lxcpath line lxc-start: print which rcfile we are using commands.c: As Dwight alluded to, the sockname handling was just ridiculous. Clean that up. use Dwight's recommendation for lxc.functions path: $datadir/lxc make lxccontainer->get_config_path() return const char * Per Dwight's suggestion, much nicer than returning strdup. feb6 (v2): lxccontainer: set c->config_path before using it. convert legacy lxc-ls Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Rename /etc/lxc/lxc.conf to /etc/lxc/default.conf. This will soon be followed by the introduction of a "real" system wide /etc/lxc/lxc.conf storing global LXC settings. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

add lua binding for the lxc API The lua binding is based closely on the python binding. Also included are a test program for excercising the binding, and an lxc-top utility for showing statistics on running containers. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

use a default per-container logfile Until now, if a lxc-* (i.e. lxc-start) command did not specify a logfile (with -o logfile), the default was effectively 'none'. With this patch, the default becomes a per-container log file. If a container config file specifies 'lxc.logfile', that will override the default. If a '-o logfile' argument is specifed at lxc-start, then that will override both the default and the configuration file entry. Finally, '-o none' can be used to avoid having a logfile at all (in other words, the previous default), and that will override a lxc.logfile entry in the container configuration file. If the user does not have rights to open the default, then 'none' will be used. However, in that case an error will show up on console. (We can work on removing that if it annoys people, but I think it is helpful, at least while we're still ironing this set out) If the user or container configuration file specified a logfile, and the user does not have rights to open the default, then the action will fail. One slight "mis-behavior" which I have not fixed (and may not fix) is that if a lxc.logfile is specified, the default logfile will still get created before we read the configuration file to find out there is a lxc.logfile entry. changelog: Jan 24: add --enable-configpath-log configure option When we log to /var/lib/lxc/$container/$container.log, several things need to be done differently than when we log into /var/log/lxc (for instance). So give it a configure option so we know what to do When the user specifies a logfile, we bail if we can't open it. But when opening the default logfile, the user may not have rights to open it, so in that case ignore it and continue as if using 'none'. When using /var/lib/lxc/$c/$c.log, we use $LOGPATH/$name/$name.log. Otherwise, we use $LOGPATH/$name.log. When using /var/lib/lxc/$c/$c.log, don't try to create the log path /var/lib/lxc/$c. It can only not exist if the container doesn't exist. We don't want to create the directory in that case. When using /var/log/lxc, then we do want to create the path if it does not exist. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Revert "use a default per-container logfile" The logfile changes broke lxc-info and possibly more command line tools. Revert for now until we get those issues addressed. This reverts commit 74476cf144523530022d76cef3a558b0662b592f.

use a default per-container logfile [ Thanks to Stéphane and Dwight for the feedback on the previous patch ] Until now, if a lxc-* (i.e. lxc-start) command did not specify a logfile (with -o logfile), the default was effectively 'none'. With this patch, the default becomes $LOGPATH/<container>/<container>.log. LOGPATH is specified at configure time with '--with-log-path='. If unspecified, it is $LXCPATH, so that logs for container r2 will show up at /var/lib/lxc/r2/r2/log. LOGPATH must exist, while lxc will make sure to create $LOGPATH/<name>. As another example, Ubuntu will likely specify --with-log-path=/var/log/lxc (and place /var/log/lxc into debian/lxc.dirs), placing r2's logs in /var/log/lxc/r2/r2.log. If a container config file specifies 'lxc.logfile', that will override the default. If a '-o logfile' argument is specifed at lxc-start, then that will override both the default and the configuration file entry. Finally, '-o none' can be used to avoid having a logfile at all (in other words, the previous default), and that will override a lxc.logfile entry in the container configuration file. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Fix check for openpty The previous implementation of the openpty check was always returning 'no' as openpty is typically defined in util. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add check for sys/timerfd.h Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

use pkg-config to ensure python3-devel is installed The Python.h header varies in location by distribution, so instead use pkg-config to ensure the python3 devel package is installed. Tested with Ubuntu 12.04 and Fedora 17. Fixes --enable-python on Fedora 17. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add local implementation of mntent.h Bionic (at least) is missing some of the usual mntent functions. This adds code defining those that we need when they're missing from the C library. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Make utmpx.h optional This adds code detecting the presence of utmpx.h and in its absence, turns the utmp related functions into no-ops. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Workaround missing functions in other libc Some libc implementation (bionic) is lacking some of the syscall functions that are present in the glibc. For those, detect at build time the they are missing and implement a minimal syscall() wrapper that will essentially give the same result as the glibc function. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

personality.h: Make the personality code optional Some platforms don't have personality.h in their C library, this change adds buildtime detection for the header and turns off the personality setting code in those cases. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Don't hard depend on capability.h and libcap In the effort to make LXC work with non-standard Linux distros, this change allows for the user to build LXC without capability support through a new --disable-capabilities option to configure. This effectively will cause LXC not to link against libcap and will turn all the _cap_ functions into no-ops. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

tty.h: Ship our own minimal openpty.h bionic is missing an openpty() function, so ship our own and only build it and use it on bionic. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Support both getline and fgetln Some libc implementations don't have the getline function but instead have an equivalent fgetln function. Add code to detect both and use whatever is available. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

configure.ac: Cleanup, comments, indent, ... This commit doesn't do any functional change to configure.ac but does a fair amount of cleaning up. It re-orders the various blocks by type (options, checks, expands, ...). It also consistently uses tabs for indents. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

configure.ac: Add code to detect bionic C library This adds a new IS_BIONIC define that can be used to detect whether we are building with eglibc or with bionic. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: initial support for Alpine Linux Requires apk-tools (http://git.alpinelinux.org/cgit/apk-tools) Signed-off-by: Natanael Copa <ncopa@alpinelinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Version 0.9.0.alpha2

Version 0.9.0.alpha1 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

support new libseccomp api Detect the new api by existence in seccomp.h of the scmp_filter_ctx type in configure.ac. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

python: Remove hardcoded LXCPATH Switch the python scripts to using @LXCPATH@. According to grep, this was the last occurence of a /var/*/lxc path in the code. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-ubuntu: Don't hardcode path to cache Use LOCALSTATEDIR to generate the path to the cache. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Install legacy scripts when built without python. Re-introduce the old lxc-ls script and manpage under a new legacy sub-directory. Those will be installed in place of their python equivalent when LXC is built without --enable-python. Any other script ported to python should be added to those lists. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Rewrite lxc-ls in python This rewrite is mostly compatible with the shell version. --active and -1 still work and behave as they used to. This adds --running, --stopped and --frozen as state filters. A new "fancy" view is also implemented (can be used with --fancy) and will show containers in a column-based interface with the following fields: - name - state - ipv4 - ipv6 - pid of init Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-ubuntu: Rename from lxc-ubuntu.in lxc-ubuntu no longer uses any build time variables, therefore it can now be simply copied to the target without any autoconf magic. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Detect which name to use for docbook2x-man docbook2x-man doesn't have the same name on Debian based systems as on RedHat based systems, add some magic to configure.ac to detect and substitute the proper name in Makefile.am Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Set automake flags and CFLAGS Set automake's flags to -Wall -Werror as well as the general CFLAGS to -Wall and -Werror when building using gcc. This should catch any regression on build warnings now that we are in a pretty clean state. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

build: make sure to expand all variables that are substituted. This fixes lxc-sshd still referring to '${libdir}'. Signed-off-by: Diego Elio Pettenò <flameeyes@flameeyes.eu> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Add distro config file /etc/lxc/lxc.conf This allows a distro to put the distro specific default network configuration (for example bridge device, link type), or other lxc configuration in the case that -f is not passed by the user to lxc-create, in which case lxc-create will use the distro conf file as the basis for the containers config. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

add oracle template (From: Dwight Engen) This is a new template to create containers based on Oracle Linux. A version such as 5.8, 6.3, or 6.latest can be specified with -R in which case a rootfs will be created from rpms downloaded from the Oracle public-yum repo. Alternatively the path to an existing rootfs of Oracle 5 or 6 may be given to the template with the -t option. The architecture of the downloaded rpms installed in the container can be specified with the -a template option. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

fix expansion of LXCPATH,LXCROOTFSMOUNT,LXCTEMPLATEDIR These variables are not expanded correctly in doc/lxc-create.sgml.in and a workaround is in place to ensure ${localstatedir}, and ${datadir} are set in the various shell scripts that use it. There is no workaround to ensure ${datadir} is set in src/lxc/lxc-create.in, nor is ${localstatedir} set in templates/lxc-altlinux.in so I think that these are currently broken. Using AS_AC_EXPAND instead of AC_SUBST fixes these problems and removes the need for the workarounds. In addition the lxc-start-ephemeral.in script can be autoconf'ed instead of sed'ed by the makefile. Signed-off-by: Dwight Engen <dwight.engen@oracle.com>

Fix previous commit, removing hardcoded /var/lib/lxc from lxc-start-ephemeral The previous commit was missing part of the changes, leading to a non-working version of lxc-start-ephemeral. This commit adds the missing parts. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Make building the API tests/examples optional Add a new --enable-tests option to configure which is used to optionally build the tests/examples. Default is off. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Add python-lxc based on the new liblxc API. This adds a basic python binding done in C and a python overlay to extend some features and provide a user-friendlier API. This python API only supports python 3.x and was tested with >= 3.2. It's disabled by default in configure and can be turned on by using --enable-python. A basic example of the API can be found in src/python-lxc/test.py. More documentation and examples will be added soon.

Merge the liblxc API work by Serge Hallyn. This turns liblxc into a public library implementing a container structure. The container structure is meant to cover most LXC commands and can easily be used to write bindings in other programming languages. More information on the new functions can be found in src/lxc/lxccontainer.h Test programs using the API can also be found in src/tests/ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

fix configure.ac for seccomp and apparmor Use --enable-XXX=check when not specified to get reasonable defaults. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Introduce support for seccomp. Hi, This patch is so far just a proof of concept. The libseccomp api will be changing soon so it probably wouldn't be worth pulling this until it is updated for the new API. This patch introduces support for seccomp to lxc. Seccomp lets a program restrict its own (and its children's) future access to system calls. It uses a simple whitelist system call policy file. It would probably be better to switch to something more symbolic (i.e specifying 'open' rather than the syscall #, especially given container arch flexibility). I just wanted to get this out there as a first step. You can also get source for an ubuntu package based on this patch at https://code.launchpad.net/~serge-hallyn/ubuntu/quantal/lxc/lxc-seccomp Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com>

Version 0.8.0 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove lxc-start-ephemeral from configure.ac lxc-start-ephemeral.in ended up in configure.ac as a result of the cherry-pick. This new tool hasn't been pulled in yet. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

fix "make rpm" RPM doesn't like "-" in the version number and gives: "error: line 24: Illegal char '-' in: Version: 0.8.0-rc2" Other packages (bind-utils for example) have used . instead of - as a seperator. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

fix expansion of LXCPATH,LXCROOTFSMOUNT,LXCTEMPLATEDIR These variables are not expanded correctly in doc/lxc-create.sgml.in and a workaround is in place to ensure ${localstatedir}, and ${datadir} are set in the various shell scripts that use it. There is no workaround to ensure ${datadir} is set in src/lxc/lxc-create.in, nor is ${localstatedir} set in templates/lxc-altlinux.in so I think that these are currently broken. Using AS_AC_EXPAND instead of AC_SUBST fixes these problems and removes the need for the workarounds. In addition the lxc-start-ephemeral.in script can be autoconf'ed instead of sed'ed by the makefile. Signed-off-by: Dwight Engen <dwight.engen@oracle.com>

Don't hardcode path to templates configure.ac used to set the template path to /usr/share/lxc/templates. Instead use ${datadir} to make it follow ${prefix}. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Introduce apparmor support This could be done as generic 'lsm_init()' and 'lsm_load()' functions, however that would make it impossible to compile one package supporting more than one lsm. If we explicitly add the selinux, smack, and aa hooks in the source, then one package can be built to support multiple kernels. The smack support should be pretty trivial, and probably very close to the apparmor support. The selinux support may require more, including labeling the passed-in fds (consoles etc) and filesystems. If someone on the list has the inclination and experience to add selinux support, please let me know. Otherwise, I'll do Smack and SELinux. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add lxc-shutdown script It optionally waits (an optional timeout # of seconds) for the container to be STOPPED. If given -r, it reboots the container (and exits immediately). I decided to add the timeout after all because it's harder to finagle into an upstart post-stop script than a full bash script. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Trimming directories to use Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc-setcap/lxc-setuid: add autoconf expansion for $libexecdir Support new default location for LXCINITDIR. Signed-off-by: David Ward <david.ward@ll.mit.edu> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

use syscall numbers from Linux kernel headers __NR_setns is defined in the Linux kernel headers in linux/unistd.h. The full Linux kernel sources are not necessary for compilation. Signed-off-by: David Ward <david.ward@ll.mit.edu> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc-0.8.0-rc2

lxc-0.8.0-rc1 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add ubuntu-cloud template This is a new template to create containers based on the ubuntu cloud images, rather than using debootstrap. Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

fix-automake-1.13 ## 0001-Replace-pkglib_PROGRAMS-with-pkglibexec_PROGRAMS.patch [diff] From 95c566740bba899acc7792c11fcdb3f4d32dcfc9 Mon Sep 17 00:00:00 2001 From: Jon Nordby <jononor@gmail.com> Date: Fri, 10 Feb 2012 11:38:35 +0100 Subject: [PATCH] Replace pkglib_PROGRAMS with pkglibexec_PROGRAMS Without this change, autogen.sh fails with automake 1.11.3 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add man page for lxc-attach Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add lxc-archlinux template Hi, here's the patch which adds Arch linux container template Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

fixes for rpmbuild This patch fixes some makefile/specfile issues when running rpmbuild with the distributed lxc specfile: - fixes usage of installation directories for config files, rootfs, templates and lxc-init so that they're calculated at make time instead of configure time. Thanks to this, all installed items go under $RPM_BUILD_ROOT when running rpmbuild - introduce --disable-rpath option to configure to avoid check-rpaths errors when building non-root. - introduce a lxc-libs package in the default spec file to allow concurrent installation of 32 bit and 64 bit libraries. v2: - fix circular reference in lxc.pc - ship lxc.pc with lxc-devel Signed-off-by: Greg Kurz <gkurz@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add lxc-altlinux template Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Version 0.7.5 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

templates: add openSUSE template. The good news is, starting with next openSUSE release (and next SLES 11 Service Pack), patching /etc/init.d/boot won't be needed anymore for LXC, we integrated detection of LXC (through container variable set to lxc) in /etc/init.d/boot and /dev is no longer mounted automatically by initscript. Signed-off-by: Frederic Crozat <fcrozat@suse.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

consolidate ubuntu templates Consolidate lucid, maverick, natty, and oneiric templates into one 'ubuntu' template. Add support for specifying architecture. Add support for '--trim|-x' option, which removes services like the lucid template used to. This creates smaller, faster-booting containers, but they will not be safe with certain upgrades, like mountall or udev. When -x is not specified for lucid or maverick container, then install lxcguest from the ubuntu-virt ppa, since it does not exist in the official archives, and the container is not safe to boot without lxcguest. Add support for '--bindhome <user>' option, which will cause /home/<user> to be bind-mounted into the container, and create the user with his original password, shell, and group memberships in the container. changelog: june 23: lxc-ubuntu template: set lxc.arch in config install lxcguest when NOT trimming the container lxc-ubuntu: always install lxcguest in postprocess Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add lxc-clone script Create an lxc-clone script to clone containers. It should probably be factored into helpers and then enhanced, in particular to convert between LVM and non-LVM containers, create non-snapshot LVM clones, support loopback devices, and, when stable enough, to use overlayfs, btrfs, etc. But this is a start. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add initial oneiric template

lxc-0.7.4 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc-0.7.4-rc1 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

generate setns syscall number Signed-off-by: Clement Calmels <clement.calmels@fr.ibm.com> Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>

Update ubuntu templates Rename 'ubuntu' template to 'lucid' Add new maverick and natty templates, which do much less tweaking of the environment. These should only be used on a kernel which supports sysfs tagging for /sys/class/net, as udev will be running in the container. The natty template needed to slightly change the installed packages for dhclient to be correclty installed. Signed-off-by: Serge Hallyn <serge.hallyn@canonical.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add missing template in Makefile Missed to add lxc-lenny to the template. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

set version to 0.7.3 Version 0.7.3 Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

version 0.7.2 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

provide a script to set uid bit on cli Some file systems do not support the file posix capabilities. The following script set the setuid bit root on the different cli. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc-0.7.1 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change version number to 0.7.0 Finally, I did it :) Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

move script templates to an adequate place At present the lxc-{template} scripts are installed in the $bindir. This is not the right place as specified by the FHS, so they go to $libdir/lxc/templates. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

ubunutu template Ubuntu [lucid] template script. Allows to create an ubuntu container with the template options. Signed-off-by: Willem Meier <wilhelm.meier@fh-kl.de> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

update lxc-checkpoint / lxc-restart man Add documentation for checkpoint / restart CLI. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

move lxc-init to $libdir/lxc As specified by FHS: /usr/lib includes object files, libraries, and internal binaries that are not intended to be executed directly by users or shell scripts. Applications may use a single subdirectory under /usr/lib. If an application uses a subdirectory, all architecture-dependent data exclusively used by the application must be placed within that subdirectory. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change the rootfs mount location and add the README Previous path was $libdir/lxc, changed to $libdir/lxc/rootfs. Added a README file to be placed in this directory, describing the purpose of this empty directory. Having a file to be installed in this directory makes the Makefile to automatically create the directory at install time. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

drop capabilities in lxc-init (V2) capabilities are reseted just after the filesystem is mounted. lxc_setup_fs() is moved up, before the process is forked. Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add a configure option to set a rootfs mount point Add a configure option to set a mount point path when using a rootfs, that will replace the actual behavior which creates uneeded /tmp/lxc** directories. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

whitespace cleanup in configure.ac Mindless changes by removing whitespace. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc: introduce lxc-kill command (v4) lxc-kill send a signal to the process 1 of the container. If this command is used on an application container ran by lxc-execute, the lxc-init will receive the signal and will forward it to the process 2 which is the command specified in the command line. Signed-off-by: Greg Kurz <gkurz@fr.ibm.com> Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

version 0.6.5 Increment to 0.6.5 version. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Rename doc/examples/lxc-complex-config.in to lxc-complex.conf.in Rename doc/examples/lxc-complex-config.in to lxc-complex.conf.in as all other examples in this directory have a .conf ending as well. Signed-off-by: Michael Holzt <lxc@my.fqdn.org> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add macvlan vepa and bridge mode The future kernel 2.6.33 will incorporate the macvlan bridge mode where all the macvlan will be able to communicate if they are using the same physical interface. This is an interesting feature to have containers to communicate together. If we are outside of the container, we have to setup a macvlan on the same physical interface than the containers and use it to communicate with them. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

busybox template This script builds a busybox rootfs and provides the associated configuration to run the busybox. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add VLAN support in config This adds ability to migrate vlan interfaces into namespaces by specifying them in a config Signed-off-by: Jamal Hadi Salim <hadi@cyberus.ca> Acked-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

version 0.6.4 Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

update the man pages Update the man pages regarding the modifications around the configuration option, volatile containers and new configuration file format. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Choose configuration directory Maybe it will be more logical to keep configs into /etc/lxc/? Or, maybe, just use --with-config-path=/some/path switch into configure, which could be overridden as user wants to? Something like this one (in assumption, that this is up to user to create corresponding directory): Signed-off-by: Andrian Nord <NightNord@gmail.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Q: general lxc architecture Patch moves etc/* contents into doc/examples/ and adds --disable-examples configure switch which may be used not to install examples. Default is to install them into ${docdir}/examples (commonly: /usr/share/doc/lxc/examples) Signed-off-by: Andrian Nord <NightNord@gmail.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Replace create/destroy by a script The simplification of the container configuration makes pointless to have so much complexity in the container creation. Let's remove that and replace by some scripts. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc: lxc version to reflect string in AC_INIT (V2) I changed the code to have lxc version to reflect the string set in AC_INIT of configure.ac rather than to report only the 3 first digits update: use PACKAGE_VERSION in place of VERSION Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

configure.ac - allow user to switch off/on documentation generation Andrian Nord <NightNord@gmail.com>: >> > > As documentation requires docbook2man to be installed, which is not, >> > > otherwise, required for proper LXC work or compilation process, it >> > > might be usefull to be able to switch it off. Michel Normand <normand@fr.ibm.com>: > > For me, it is Ok to add a --enable/disable/-doc, > > but not make configure to fail if no option specified > > and no docbook2man package. > > > > For me it should be optionnal. > > I like the current behaviour where configure is running without option > > and is enabling/disabling by itself the doc building. > > Could you send a new patch with this idea ? Andrian Nord <NightNord@gmail.com>: Of course. You mean, that you what default behaviour to remain auto-detection? That is: --enable-doc: require docbook2man or fail, generate mans --enable-doc=auto, or not specified (default): check for docbook2man, generate mans if found, silently ignore if not found (I suppose diagnostic message is redundant, as information already contains into ./configure --help) --disable-doc: never check for docbook2man and don't gen mans Here comes a patch what do this, as far as I see (I'm sorry for violating post-rules in previous mail, now I'll do all right, I hope. Should I attach patch anyway, as it might be usefull for applying?) Signed-off-by: Andrian Nord <NightNord@gmail.com> Acked-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc: kill libtool This is useless in a Linux only environment. The .so version is the version of the package. Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

use config.h to define the lxcpath and co Instead of passing the LXCPATH definition in the compiler command line, use configure.ac to define the value in the config.h file and include this file where it is needed. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

remove test directory These tests are not relevant now. It would be better to write some real test cases with some script using the lxc cli in order to check non regression. I remove these annoying tests I have to port each time a function prototype is changed. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Include <sys/socket.h> before checking for netlink With some versions of the compiler/headers linux/netlink.h won't compile if sys/socket.h is defined before it. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Signed-off-by: Guido Trotter <ultrotter@quaqua.net>

Distribute manpages in source tarball Ship the manpages in the source tarball made by 'make dist', and clean them up only during the 'make maintainer-clean' step. This allows distributions not to depend on docbook at lxc build time, because the manpages are already there. Also update the configure warning message to sound less scary. Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove unused --with-kernel-release option This was a leftover from the already-removed network-destruction-on-container shutdown code. Signed-off-by: Guido Trotter <ultrotter@quaqua.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

display an explicit warning when netlink headers are missing "netlink headers not found" implicitely means we have to install the kernel headers. Make this explicit. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change version to 0.6.3 Increment to the 0.6.3 version. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Clarify setcap advice/warning messages Probably a mention to libcap-2 is worth keeping, though it might be clearer to point to setcap binary directly. Signed-off-by: Filippo Giunchedi <filippo@esaurito.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Include /sbin in PATH for setcap Rationale: some distributions don't include /sbin in PATH for regular users, thus setcap might not be found during configure Signed-off-by: Filippo Giunchedi <filippo@esaurito.net> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

fix capability.h compilation problem The capability.h header is broken on fedora 11. The workaround is to include <sys/types.h> before <sys/capability.h>. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

rename lxc-config to lxc-version Rename lxc-config to lxc-version in order to avoid the confusion with what looks like a container configuration tool. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

replace lxc-version by lxc-config As we have the correct informations with pkg-config we can write a script which will collect the informations and we get rid of the C program. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add pkg-config for lxc Add the pkg-config information for lxc. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change man pages to use a common file for common options the common options of lxc commands are now described in one file "common_options.sgml.in" Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change man pages to use a seealso file for references the common references to lxc man pages are now placed in one file "see_also.sgml.in" Note that the few man pages that refer to man pages that are not lxc ones have two "See Also" paragraph. Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove old code to destroy the network Removed this unused code. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

autoassign tty number When no tty number is specified in the command line, let the tty service to provide choose one available tty and provide this one. The documentation is updated wrt this modification and I did a little fix to generate the date of the documentation. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

rename configure.in to configure.ac Rename configure.in to configure.ac as it is the correct name for the recent version. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>