Drop leftover references to lxc_strerror(). lxc_strerror() was dropped long time ago, in 2009 to be exact. Related commit: https://github.com/lxc/lxc/commit/7cee8789514fb42d6a48d50b904e24284f5526e3 Signed-off-by: Jafar Al-Gharaibeh <to.jafar@gmail.com>

use poll instead of select Particularly when using the go-lxc api with lots of threads, it happens that if the open files limit is > 1024, we will try to select on fd > 1024 which breaks on glibc. So use poll instead of select. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

c/r: re-open fds after clone() If we don't re-open these after clone, the init process has a pointer to the parent's /dev/{zero,null}. CRIU seese these and wants to dump the parent's mount namespace, which is unnecessary. Instead, we should just re-open stdin/out/err after we do the clone and pivot root, to ensure that we have pointers to the devcies in init's rootfs instead of the host's. v2: Only close fds if the container was daemonized. This didn't turn out as nicely as described on the list because lxc_start() doesn't actually have the struct lxc_container, so it cant see the flag. Instead, we just pass it down everywhere. Signed-off-by: Tycho Andersen <tycho.andersen@canonical.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

typofixes - https://github.com/vlajos/misspell_fixer Signed-off-by: Veres Lajos <vlajos@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

use same ifndef/define format for all headers Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

split cgroup handling into discrete backends - refactor cgroup into two backends, the classic cgfs driver and the new cgmanager. Instead of lxc_handler knowing about the internals of each, have it just store an opaque pointer to a struct that is private to each backend. - rename a couple of cgroup functions for consistency: those that are considered an API (ie. exported by lxc.h) begin with lxc_ and those that are not are just cgroup_* - made as many backend routines static as possible, only cg*_ops_init is exported - made a nrtasks op which is needed by the utmp code for monitoring container shutdown, currently only implemented for the cgfs backend Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Deprecate lxc-checkpoint, lxc-kill and lxc-restart Checkpoint/restart isn't currently supported, so let's not carry those binaries around until we have proper CRIU support in the API. lxc-kill is redundant with lxc-stop -k and has been known to confuse user. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Initial support for cgmanager This patch splits out most of the cgroupfs-specific code, so that cgroup-manager versions can be plugged in. The case I did not handle is cgroup_enter at lxc_attach. I'm hoping that case can be greatly simplified, but will worry about it after fleshing out the cgroup manager handlers. This also simplify the freezer functions. This seems to not regress my common tests when running without cgmanager, but I'd like to do a bit more testing before pushing. However I was hoping to get some more eyes on this so am sending it out now. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

adjust include statements (v2) Use "#include <somefile.h>" style for external or exported headers only. changes since v1: - adjusted formatting as Stéphane suggested Signed-off-by: S.Çağlar Onur <caglar@10ur.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

cgroup: Major rewrite of cgroup logic This patch rewrites most of the cgroup logic. It creates a set of data structures to store the kernel state of the cgroup hierarchies and their mountpoints. Mainly, everything is now grouped with respect to the hierarchies of the system. Multiple controllers may be mounted together or separately to different hierarchies, the data structures reflect this. Each hierarchy may have multiple mount points (that were created previously using the bind mount method) and each of these mount points may point to a different prefix inside the cgroup tree. The current code does not make any assumptions regarding the mount points, it just parses /proc/self/mountinfo to acquire the relevant information. The only requirement is that the current cgroup of either init (if cgroup.pattern starts with '/' and the tools are executed as root) or the current process (otherwise) are accessible. The root cgroup need not be accessible. The configuration option cgroup.pattern is introduced. For root-executed containers, it specifies which format the cgroups should be in. Example values may include '/lxc/%n', 'lxc/%n', '%n' or '/machine/%n.lxc'. Any occurrence of '%n' is replaced with the name of the container (and if clashes occur in any hierarchy, -1, -2, etc. are appended globally). If the pattern starts with /, new containers' cgroups will be located relative to init's cgroup; if it doesn't, they will be located relative to the current process's cgroup. Some changes to the cgroup.h API have been done to make it more consistent, both with respect to naming and with respect to the parameters. This causes some changes in other parts of the code that are included in the patch. There has been some testing of this functionality, but there are probably still quite a few bugs in there, especially for people with different configurations. Signed-off-by: Christian Seiler <christian@iwakd.de> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

licensing: Add missing headers and FSF address Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Track snapshot dependencies (v2) (Will push in a bit barring any objections) lvm, btrfs, and zfs snapshots each do an ok job of handling deletions for us - a btrfs snapshot does fine after the original is removed, while zfs and lvm will both refuse to allow the original to be deleted while the snapshot exists. Overlayfs doesn't do this for us. So, for overlayfs snapshots, track the dependencies. When c2 is created as an overlayfs snapshot of dir-backed c1, then 1. c2's lxc_rdepends file will contain c1_lxcpath c1_lxcname 2. c1's lxc_snapshots will contain "1" c1 cannot be deleted so long as lxc_snapshots exists and contains a non-zero number. The contents of lxc_snapshots and lxc_rdepends are protected by container_disk_lock() and at lxc_clone by the new container not yet being accessible. (Originally I was going to keep them in the container config, but the problem with using $lxcpath/$name/config is that api users could end up calling c->save_config() with a cached old value of snapshots/rdepends.) Changelog: aug 21: check for fprintf and fclose failures Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Dwight Engen <dwight.engen@oracle.com>

Add missing sys/select.h include for fd_set Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

cgroups: rework to handle nested containers with multiple and partial mounts Currently, if you create a container and use the mountcgruop hook, you get the /lxc/c1/c1.real cgroup mounted to /. If you then try to start containers inside that container, lxc can get confused. This patch addresses that, by accepting that the cgroup as found in /proc/self/cgroup can be partially hidden by bind mounts. In this patch: Add optional 'lxc.cgroup.use' to /etc/lxc/lxc.conf to specify which mounted cgroup filesystems lxc should use. So far only the cgroup creation respects this. Keep separate cgroup information for each cgroup mountpoint. So if the caller is in devices cgroup /a but cpuset cgroup /b that should now be ok. Change how we decide whether to ignore failure to set devices cgroup settings. Actually look to see if our current cgroup already has the settings. If not, add them. Finally, the real reason for this patch: in a nested container, /proc/self/cgroup says nothing about where under /sys/fs/cgroup you might find yourself. Handle this by searching for our pid in tasks files, and keep that info in the cgroup handler. Also remove all strdupa from cgroup.c (not android-friendly). Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

console API improvements Add a higher level console API that opens a tty/console and runs the mainloop as well. Rename existing API to console_getfd(). Use these in the python binding. Allow attaching a console peer after container bootup, including if the container was launched with -d. This is made possible by allocation of a "proxy" pty as the peer when the console is attached to. Improve handling of SIGWINCH, the pty size will be correctly set at the beginning of a session and future changes when using the lxc_console() API will be propagated to it as well. Refactor some common code between lxc_console.c and console.c. The variable wait4q (renamed to saw_escape) was static, making the mainloop callback not safe across threads. This wasn't a problem when the callback was in the non-threaded lxc-console, but now that it is internal to console.c, we have to take care of it. This is now contained in a per-tty state structure. Don't attempt to open /dev/null as the console peer since /dev/null cannot be added to the mainloop (epoll_ctl() fails with EPERM). This isn't needed to get the console setup (and the log to work) since the case of not having a peer at console init time has to be handled to allow for attaching to it later. Move signalfd libc wrapper/replacement to utils.h. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

extend command processor to handle generic data Motivation for this change is to have the ability to get the run-time configuration items from a container, which may differ from its current on disk configuration, or might not be available any other way (for example lxc.network.0.veth.pair). In adding this ability it seemed there was room for refactoring improvements. Genericize the command infrastructure so that both command requests and responses can have arbitrary data. Consolidate all commands into command.c and name them consistently. This allows all the callback routines to be made static, reducing exposure. Return the actual allocated tty for the console command. Don't print the init pid in lxc_info if the container isn't actually running. Command processing was made more thread safe by removing the static buffer from receive_answer(). Refactored command response code to a common routine. Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-monitor multiple paths Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Change author email address Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

API: export lxc_get_version() Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

cgroup: improve support for multiple lxcpaths (v3) Add a monitor command to get the cgroup for a running container. This allows container r1 started from /var/lib/lxc and container r1 started from /home/ubuntu/lxcbase to pick unique cgroup directories (which will be /sys/fs/cgroup/$subsys/lxc/r1 and .../r1-1), and all the lxc-* tools to get that path over the monitor at lxcpath. Rework the cgroup code. Before, if /sys/fs/cgroup/$subsys/lxc/r1 already existed, it would be moved to 'deadXXXXX', and a new r1 created. Instead, if r1 exists, use r1-1, r1-2, etc. I ended up removing both the use of cgroup.clone_children and support for ns cgroup. Presumably we'll want to put support for ns cgroup back in for older kernels. Instead of guessing whether or not we have clone_children support, just always explicitly do the only thing that feature buys us - set cpuset.{cpus,mems} for newly created cgroups. Note that upstream kernel is working toward strict hierarchical limit enforcements, which will be good for us. NOTE - I am changing the lxc_answer struct size. This means that upgrades to this version while containers are running will result in lxc_* commands on pre-running containers will fail. Changelog: (v3) implement cgroup attach fix a subtle bug arising when we lxc_get_cgpath() returned STOPPED rather than -1 (STOPPED is 0, and 0 meant success). Rename some functions and add detailed comments above most. Drop all my lxc_attach changes in favor of those by Christian Seiler (which are mostly the same, but improved). Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc_monitor_open: prepend lxcpath This is needed for lxc_wait and lxc_monitor to handle lxcpath. However, the full path name is limited to 108 bytes. Should we use a md5sum of the lxcpath instead of the path itself? In any case, with this patch, lxc-wait and lxc-monitor work right with respect to multiple lxcpaths. The lxcpath is added to the lxc_handler to make it available most of the places we need it. I also remove function prototypes in monitor.h for two functions which are not defined or used anywhere. TODO: make cgroups tolerate multiple same-named containers. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Introduce --lxcpath cmdline option, and make default_lxc_path() return const char * For the lxc-* C binaries, introduce a -P|--lxcpath command line option to override the system default. With this, I can lxc-create -t ubuntu -n r1 lxc-create -t ubuntu -n r1 -P /home/ubuntu/lxcbase lxc-start -n r1 -d lxc-start -n r1 -d -P /home/ubuntu/lxcbase lxc-console -n r1 -d -P /home/ubuntu/lxcbase lxc-stop -n r1 all working with the right containers (module cgroup stuff). To do: * lxc monitor needs to be made to handle cgroups. This is another very invasive one. I started doing this as a part of this set, but that gets hairy, so I'm sending this separately. Note that lxc-wait and lxc-monitor don't work without this, and there may be niggles in what I said works above - since start.c is doing lxc_monitor_send_state etc to the shared abstract unix domain socket. * Need to handle the cgroup conflicts. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

pass lxcpath to lxc_command The previous lxcpath patches added support for a custom LXCPATH set through a system-wide configuration file. This was also exposed through the C api, so that a custom lxcpath could be set at the container object instanciation time, or set at runtime. However the command sock filename was always located under the global lxcpath, which could be confusing, and would be a problem for users with insufficient perms to the system-wide lxc path (i.e. if setting lxcpath to $HOME/lxcbase). This patch changes that by passing the lxcpath to all callers of lxc_command(). It remains to add an lxcpath command line argument to most of the command line tools (which are not using the C api) - lxc-start, lxc-info, lxc-stop, etc. At this point it becomes tempting to do something like c = lxc.Container("r1", "/var/lib/lxc") c2 = lxc.Container("r1", "$HOME/lxcbase") However, that's problematic - those two will use the same directory names for cgroup directories. What would be the best way to handle this? One way (which I kind of like) is to give up on naming the cgroups after the container. use mkstemp for the cgroup name, let lxc keep track of the cgroup name based on the command socket, and make users use lxc-cgroup to get and change settings. Other ideas? Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc api: fix some config_path oddities 1. When calling c->set_config_path(), update configfile. I.e. if we are setting the config_path to /var/lib/lxc, then the configfile should be changed to /var/lib/lxc/$container/config 2. Add an optional configpath argument to lxc_container_new. If NULL, then the default will be used (as before). If set, then the passed-in path will be used. This way you can do c1 = lxc.Container("r1", "/var/lib/lxc"); c2 = lxc.Container("r2", "/home/user/lxcbase"); (Note I did *not* implement the python or lua binding to pass that argument along) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Make config api items const This makes it easier to write a binding, and presents a cleaner API. Use strdupa in a few places to get mutable strings for tokenizing / parsing. Also change the argv type in lxcapi_start and lxcapi_create to match that of execv(3). Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Fix passing non-const char* in for const char* Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Merge the liblxc API work by Serge Hallyn. This turns liblxc into a public library implementing a container structure. The container structure is meant to cover most LXC commands and can easily be used to write bindings in other programming languages. More information on the new functions can be found in src/lxc/lxccontainer.h Test programs using the API can also be found in src/tests/ Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

lxc: introduce lxc_execute() This patch allows to create application containers with liblxc.so directly. Some code cleanups on the way: - separate ops for lxc_execute() and lxc_start(): the factorisation is wrong here as we may have specific things to do if we're running an application container. It deserves separate ops. - lxc_arguments_dup() is merged in the pre-exec operation: this is a first use for the execute op introduced just above. It's better to build the arguments to execvp() where they're really used. Signed-off-by: Greg Kurz <gkurz@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Cc: Cedric Le Goater <clg@fr.ibm.com>

cgroups: support cgroups mounted in multiple places (v3) (sorry for the extra traffic.) With this patch, lxc works for me both with all cgroups mounted with ns cgroup on /cgroup, and with libcgroup mounting all cgroups separately. To do this, instead of looking for one cgroup called 'lxc' or otherwise taking the first cgroup we find, we actually create a container in every mounted cgroup fs. Right now it's done under the root of each fs. We may want to put that under lxc, or, better yet, make that configurable. Changelog: Michael H. Warfield: Handle the case where subsystem doesn't have '.'. Daniel Lezcano: clean up incorrect reentrant use of mntent helpers v3: use the rest of Daniel's cleanups TODO: add a configurable directory name, 'lxc' by default, under which all lxc cgroups are created (i.e. /sys/fs/cgroup/lxc) Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> Tested-by: Michael H. Warfield <mhw@WittsEnd.com>

restart the container at reboot When the reboot is detected, reboot the container. That needs to set all file descriptor opened by lxc-start to be flagged with the close-on-exec flag, otherwise when re-execing ourself, we inherit our own fd. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc: add --statefile opt to lxc-checkpoint/restart based on patch from: Sukadev Bhattiprolu <sukadev@linux.vnet.ibm.com> but also: * remove the deprecated --directory one. * change liblxc api of checkpoint/restart to use fd and not string. * explicitely report error messages for the checkpoint/restart stub functions. Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

typo in restart and checkpoint Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

pass lxc_conf to the lxc_start function instead of the rcfile The rcfile is parsed in the lxc_start function. This is not the place to do that. Let's the caller to do that. In the meantime, we have the lxc_conf structure filled right before calling the lxc_start function so we can do some sanity check on the configuration to not break the system when we launch the container. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change C/R api Change Checkpoint / Restart API Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

cleanup <lxc/lxc.h> <lxc/lxc.h> should only include what is needed. This patch removes all useless headers from lxc.h and fixed other .c files. Signed-off-by: Cedric Le Goater <clg@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Replace create/destroy by a script The simplification of the container configuration makes pointless to have so much complexity in the container creation. Let's remove that and replace by some scripts. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Allows a container to run without previous creation When a container was created, its configuration is used. When a container was not created, the configuration specified in the command line is used, if not configuration file is used, default values are used. That allows to create 'volatile' container, like tmp files. It is useful for example to spawn different container with the same generic configuration file. That let the user to have its own repository of configuration files. And, more important, that fix temporary created container with lxc-execute to be not deleted when the host crash or the command is killed. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove the usage of a lock file The lock is no longer needed as the mutual exclusion and 'is running' check is done via the af_unix command socket. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

clean up and factor out some code Factor out some code and fix a memory corruption when dupping the arguments. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

remove dead code in monitor.c This code is not used in lxc. Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Fix lxc-cgroup-get Make lxc_cgroup_get returns the number of bytes read and use this value to "printf" it. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

change the checkpoint/restart function api As the checkpoint/restart is expected to be sequential, I pass the file descriptor to checkpoint and restart, so that will be up to the caller to open the file descriptor which can be a pipe, socket, file, etc ... Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

add long options step2 add the long options to lxc-start with a small change in lxc_start proto to avoid compilation warning Signed-off-by: Michel Normand <normand@fr.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Replace netlink by abstract unix socket Instead of messing with the netlink messages, let's use the abstract unix socket and assume we will have a single receiver and multiple sender. With this patch mcr-wait and mcr-monitor are mutually exclusive... for the moment. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

autoassign tty number When no tty number is specified in the command line, let the tty service to provide choose one available tty and provide this one. The documentation is updated wrt this modification and I did a little fix to generate the date of the documentation. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

export-fine-grain-api-for-start Export the fine grain api of lxc to be usable for external component which wants to have more control on the container. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

cleanup state.h Rename lxc_state.h to state.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

cleanup list.h Rename lxc_list.h to list.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

cleanup log.h Rename lxc_log.h to log.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

cleanup conf.h Rename lxc_conf.h to conf.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

cleanup lock.h Rename lxc_lock.h to lock.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

cleanup namespace.h Rename lxc_namespace.h to namespace.h Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr>

liblxc: Fix compiler warning The second const qualifier causes gcc to emit a warning. const char * should be sufficient. Signed-off-by: Matt Helsley <matthltc@us.ibm.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

From: Daniel Lezcano <daniel.lezcano@free.fr> Console support for the system container. Signed-off-by: Daniel Lezcano <daniel.lezcano@free.fr> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

lxc: minimal C/R plugin From: Cedric Le Goater <clg@fr.ibm.com> Plugin for columbia CR. Signed-off-by: Cedric Le Goater <clg@fr.ibm.com>

Handle the lock error and show message to user From: Daniel Lezcano <dlezcano@fr.ibm.com> Handle the lock error and show message to user. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Add error status for the API From: Daniel Lezcano <dlezcano@fr.ibm.com> Added the error codes and the corresponding strings to the liblxc, so the error raised to the user can be more understandable. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Do some cleanup in the lxc.h file From: Daniel Lezcano <dlezcano@fr.ibm.com> Do some cleanup in the lxc.h file, remove dead code and move definition to the right place. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Remove the kill container processes code From: Daniel Lezcano <dlezcano@fr.ibm.com> Remove the kill container processes code because it can be implemented with a very few scripting lines Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Replace lxc_execute by an intermediate lxc_init From: Daniel Lezcano <dlezcano@fr.ibm.com> The main difference between lxc_start and lxc_execute is the latter creates an intermediate process to wait for all the childs. That allows to support daemons or orphan process group for the pid namespace. Having such difference makes the code to be duplicate between the two functions. So instead of doing this, I create an intermediate <init> program which is in charge to launch the specified command. This command is the lxc-init program taking different options: --mount-procfs : mount the proc filesystem before exec'ing the command --mount-sysfs : mount the sys filesystem before exec'ing the command A double dash indicates the end of the options of lxc-init and the beginning of the command to be launched. To summarize: * lxc_execute function is no more. * lxc-execute command uses the lxc_start function and launch the specified command via lxc-init Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

Fixed different compilation scheme by making /var/lxc directory relative to the installation prefix and by adding some extra path to search for the 'setcap' command.

These modifications improve the monitoring support of the container. Now several readers can attend the events from one or several containers. The syntax of the command has been enhanced to interpret regular expressions. If you want to monitor foo, lxc-monitor -n foo is the right command. If you want to monitor foo and bar, you should specify lxc-monitor -n "foo|bar", if you want to monitor all containers with the name beginning with 'foo', you have to specify lxc-monitor -n "foo.*". More complex regexp can be specified in accordance with the POSIX definitions, man regex (7).

Add cgroup support, the configuration file should be specified with the format: lxc.cgroup.xxx = yyy where xxx is a cgroup subsystem (eg. cpu.shares) and the yyy is the value to be set.

add experimental checkpoint and restart commands

Fixed typos

Added the function returning the version and the corresponding cli

Header code cleanup

Joined liblxc and lxc directory