don't set a default password for altlinux, gentoo, openmandriva and pld Refs: #1158 Signed-off-by: Evgeni Golov <evgeni@debian.org>

Fix for ALTLinux container creation in all branches Use 'apt-conf' virtual package for ALTLinux default packages set Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>

Added ALTLinux distribution. - Added ALTLinux distribution. - Updated template for ALTLinux Sisyphus Signed-off-by: Denis Pynkin <denis_pynkin@epam.com>

Use consistent /proc, /sys and /sys/fs/cgroup (v2) - Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-altlinux: protect possibly unset variable with quotes for -z check Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-altlinux: fix parsing of option "--clean": it takes no argument Signed-off-by: Michael Adam <obnox@samba.org> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Additional checks in ALTLinux template Added check of services in container before start or stop. Added check of syslog config existence prior changing. Signed-off-by: Denis Pynkin <dans@altlinux.org> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

Updated template for ALTLinux. - Added predefined package list if /etc/lxc/profiles/default is absent. - Fixed syntax mistake in options list. Signed-off-by: Denis Pynkin <dans@altlinux.ru> Acked-by: Stéphne Graber <stgraber@ubuntu.com>

templates: Fix bashisms in common code Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Make sure usual locations are in PATH Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: improve refusing to run unprivileged For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Refuse to run unprivileged Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

handle simple bashisms: - [[ ]] -> [ ] - == -> = - source -> . - redirect of fd 200 is error in mksh, use fd 9 - &> /dev/null -> > /dev/null 2>&1 - useless function keyword - echo -e -> printf still left bash shebang which did not validate with checkbashism, mostly due 'type' being reported as bashism Signed-Off-By: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

altlinux: Use relative paths and fix rootfs variable. Change paths in fstab to be relative to the root and fix a wrong rootfs_path value. Signed-off-by: Serge Logvinov <serge.logvinov@gmail.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

use awk, instead of 'grep | awk' Signed-off-by: Elan Ruusamäe <glen@delfi.ee> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

licensing: Add missing headers and FSF address Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Move container creation fully into the api 1. implement bdev->create: python and lua: send NULL for bdevtype and bdevspecs. They'll want to be updated to pass those in in a way that makes sense, but I can't think about that right now. 2. templates: pass --rootfs If the container is backed by a device which must be mounted (i.e. lvm) then pass the actual rootfs mount destination to the templates. Note that the lxc.rootfs can be a mounted block device. The template should actually be installing the rootfs under the path where the lxc.rootfs is *mounted*. Still, some people like to run templates by hand and assume purely directory backed containers, so continue to support that use case (i.e. if no --rootfs is listed). Make sure the templates don't re-write lxc.rootfs if it is already in the config. (Most were already checking for that) 3. Replace lxc-create script with lxc_create.c program. Changelog: May 24: when creating a container, create $lxcpath/$name/partial, and flock it. When done, close that file and unlink it. In lxc_container_new() and lxcapi_start(), check for this file. If it is locked, create is ongoing. If it exists but is not locked, create() was killed - remove the container. May 24: dont disk-lock during lxcapi_create. The partial lock is sufficient. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

templates: deny writes to host's clock (v2) Don't allow write to /dev/rtc0, and remove sys_time. Thanks, Christoph. v2: drop sys_time, sys_module, mac_admin and mac_override in all templates. Reported-by: Christoph Mitasch <cmitasch@thomas-krenn.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Use "uname -m" instead of "arch" According to "arch"'s manpage, it's identical to "uname -m". Some distros ship uname but don't ship arch, however all distros ship uname, therefore it makes sense to use "uname -m" whenever possible. Signed-off-by: Christian Bühler <christian@cbuehler.de> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Consistent use of locking Move to per-template lock (except for oracle that's per-container). Also ensure that the path used for the lock is relative to LOCALSTATEDIR. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Update for consistent indent This commit updates all scripts using mixed indent to a consistent 4 spaces indent. In the past quite a few of those scripts used tabs to instead of 8 spaces or instead of 4 spaces, sometimes mixing those in the same line and sometimes changing the tab width within the same file. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: Make generated config consistent This updates all the templates and the configuration files to consistently use "key = value" everywhere. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

Use LXCPATH and LOCALSTATEDIR instead of hardcoded /var Signed-off-by: Dwight Engen <dwight.engen@oracle.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: use hardlink detection in rsync I'm not sure whether we want this: is -H ubiquitous? Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Michael H. Warfield <mhw@WittsEnd.com> Acked-by: Dwight Engen <dwight.engen@oracle.com>

lxc-create: Make location of container rootfs configurable Make 'dir' an explicit backing store type, which accepts '--dir rootfs' as an option to specify a custom location for the container rootfs. Also update lxc-destroy to now remove the rootfs separately, as removing @LXCPATH@/$name may not hit it. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Add lxc.aa_profile example to all templates LXC has optional apparmor support, default profile is lxc-container-default. This change adds a commented "lxc.aa_profile = default" line to all templates, uncommenting this will bypass apparmor for the container. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates: don't fail on busy flock Just wait until the lock is available. That is a nicer behavior for concurrent lxc-creates. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>

alt linux template Updates. Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com> --

add lxc-altlinux template Signed-off-by: Daniel Lezcano <dlezcano@fr.ibm.com>