nesting: remove the nesting hint from configuration templates we're having it inserted in every config by the lxcapi_create itself. Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Added container-cache option to templates This change adds in the container-cache option within the mainline default lxc templates. The pupose here is to allow a template to pull from a location that may not be `@LOCALSTATEDIR@/cache/lxc` Signed-off-by: Kevin Carter <kevin.carter@rackspace.com>

Use consistent /proc, /sys and /sys/fs/cgroup (v2) - Implements mixed mode for /sys where it's mounted read-only but with /sys/devices/virtual/net/ writable. - Sets lxc.mount.auto to "cgroup:mixed proc:mixed sys:mixed" for all templates. - Drop any template-specific mount for /proc, /sys or /sys/fs/cgroup. - Get rid of the fstab file by default, using lxc.mount.entry instead. - Set sys:mixed as the default for "sys". sys:mixed is slightly more permissive than sys:ro so this shouldn't be a problem. The read-only bind mount of /sys on top of itself is there so that mountall and other init systems don't attempt to remount /sys read-write. v2 changes: - Fix the mount list, don't specify a source for the remount. - Update the documentation. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

lxc-cirros: support creating+running unprivileged Support creation and use of lxc-cirros by unprivileged users. If we detect we are an unprivileged user, then insist that we be in a userns with a id mapping. If we are in a userns, then don't extract /dev when extracting the rootfs. If we are not root, then save the tarball to ~/.cache/lxc/cirros instead of /var/cache/lxc/cirros. If we are not roo, then include entries to auto-mount proc and sys, as well as bind-mount devices. Cc: Scott Moser <smoser@ubuntu.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

remove mountcgroup hook entirely Also fix the comment in lxc-cirros template (which I overlooked last time). Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Fix bashisms in common code Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Make sure usual locations are in PATH Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge E. Hallyn <serge.hallyn@ubuntu.com>

templates: improve refusing to run unprivileged For all templates except lxc-ubuntu-cloud and lxc-download, detect not only --mapped-uid but also --mapped-gid and error out. Detecting will not be done after -- parameter because of non-option parameters. Also, change the mode of lxc-archlinux.in 100755 to 100644. Signed-off-by: TAMUKI Shoichi <tamuki@linet.gr.jp> Acked-by: Stéphane Graber <stgraber@ubuntu.com>

templates: Refuse to run unprivileged Only the download and ubuntu-cloud templates work with unprivileged containers, for all others, detect --mapped-uid and error out as early as possible, recommending the use of the download template. Signed-off-by: Stéphane Graber <stgraber@ubuntu.com> Acked-by: Serge Hallyn <serge.hallyn@ubuntu.com>

Convert all files to utf-8 Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

Remove all trailing whitespaces Signed-off-by: Stéphane Graber <stgraber@ubuntu.com>

teach lxc-cirros about the --rootfs argument Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

lxc-cirros updates fix userdata consumption patch for console issue Signed-off-by: Scott Moser <scott.moser@canonical.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>

add lxc-cirros Add a template to create a cirros container. One great thing about cirros is that the image you download is 3.5M. Thanks smoser! Note by default /etc/inittab doesn't have a /dev/console entry, so you don't get a login on the lxc-start console. Adding console::respawn:/sbin/getty 115200 console makes that work, but ctrl-c still gets forwarded to init which then reboots. So I didn't bother adding console as part of the template (yet). Instead I simply lxc-start -d, then lxc-console. Signed-off-by: Scott Moser <scott.moser@canonical.com> Signed-off-by: Serge Hallyn <serge.hallyn@ubuntu.com>