diff -Nru lxc-1.0.0~alpha1/aclocal.m4 lxc-1.0.8/aclocal.m4 --- lxc-1.0.0~alpha1/aclocal.m4 2013-09-10 22:30:06.000000000 +0000 +++ lxc-1.0.8/aclocal.m4 2015-11-09 22:49:18.000000000 +0000 @@ -1,4 +1,4 @@ -# generated automatically by aclocal 1.13.3 -*- Autoconf -*- +# generated automatically by aclocal 1.14.1 -*- Autoconf -*- # Copyright (C) 1996-2013 Free Software Foundation, Inc. @@ -192,10 +192,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.13' +[am__api_version='1.14' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.13.3], [], +m4_if([$1], [1.14.1], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -211,7 +211,7 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.13.3])dnl +[AM_AUTOMAKE_VERSION([1.14.1])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) @@ -615,6 +615,12 @@ # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. +dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. +m4_define([AC_PROG_CC], +m4_defn([AC_PROG_CC]) +[_AM_PROG_CC_C_O +]) + # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- @@ -723,7 +729,48 @@ AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl -]) + +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) + fi +fi]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further @@ -731,7 +778,6 @@ m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) - # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. @@ -843,38 +889,6 @@ rm -f confinc confmf ]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. -# -# This file is free software; the Free Software Foundation -# gives unlimited permission to copy and/or distribute it, -# with or without modifications, as long as this notice is preserved. - -# AM_PROG_CC_C_O -# -------------- -# Like AC_PROG_CC_C_O, but changed for automake. -AC_DEFUN([AM_PROG_CC_C_O], -[AC_REQUIRE([AC_PROG_CC_C_O])dnl -AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -AC_REQUIRE_AUX_FILE([compile])dnl -# FIXME: we rely on the cache variable name because -# there is no other way. -set dummy $CC -am_cc=`echo $[2] | sed ['s/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/']` -eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o -if test "$am_t" != yes; then - # Losing compiler, so override with the script. - # FIXME: It is wrong to rewrite CC. - # But if we don't then we get into trouble of one sort or another. - # A longer-term fix would be to have automake use am__CC in this case, - # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" - CC="$am_aux_dir/compile $CC" -fi -dnl Make sure AC_PROG_CC is never called again, or it will override our -dnl setting of CC. -m4_define([AC_PROG_CC], - [m4_fatal([AC_PROG_CC cannot be called after AM_PROG_CC_C_O])]) -]) - # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2013 Free Software Foundation, Inc. @@ -951,6 +965,53 @@ # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. +# _AM_PROG_CC_C_O +# --------------- +# Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC +# to automatically call this. +AC_DEFUN([_AM_PROG_CC_C_O], +[AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl +AC_REQUIRE_AUX_FILE([compile])dnl +AC_LANG_PUSH([C])dnl +AC_CACHE_CHECK( + [whether $CC understands -c and -o together], + [am_cv_prog_cc_c_o], + [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i]) +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +AC_LANG_POP([C])]) + +# For backward compatibility. +AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) + +# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# +# This file is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + # AM_PATH_PYTHON([MINIMUM-VERSION], [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) # --------------------------------------------------------------------------- @@ -1519,3 +1580,4 @@ ]) # _AM_PROG_TAR m4_include([config/acinclude.m4]) +m4_include([config/tls.m4]) diff -Nru lxc-1.0.0~alpha1/autogen.sh lxc-1.0.8/autogen.sh --- lxc-1.0.0~alpha1/autogen.sh 2013-09-10 22:22:00.000000000 +0000 +++ lxc-1.0.8/autogen.sh 2015-11-09 22:49:15.000000000 +0000 @@ -24,7 +24,7 @@ set -x test -d autom4te.cache && rm -rf autom4te.cache - aclocal -I config || exit 1 +aclocal -I config || exit 1 autoheader || exit 1 autoconf || exit 1 automake --add-missing --copy || exit 1 diff -Nru lxc-1.0.0~alpha1/config/apparmor/abstractions/container-base lxc-1.0.8/config/apparmor/abstractions/container-base --- lxc-1.0.0~alpha1/config/apparmor/abstractions/container-base 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/abstractions/container-base 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,165 @@ + network, + capability, + file, + umount, + + # dbus, signal, ptrace and unix are only supported by recent apparmor + # versions. Comment them if the apparmor parser doesn't recognize them. + + # This also needs additional rules to reach outside of the container via + # DBus, so just let all of DBus within the container. + dbus, + + # Allow us to receive signals from anywhere. Note: if per-container profiles + # are supported, for container isolation this should be changed to something + # like: + # signal (receive) peer=unconfined, + # signal (receive) peer=/usr/bin/lxc-start, + signal (receive), + + # Allow us to send signals to ourselves + signal peer=@{profile_name}, + + # Allow other processes to read our /proc entries, futexes, perf tracing and + # kcmp for now (they will need 'read' in the first place). Administrators can + # override with: + # deny ptrace (readby) ... + ptrace (readby), + + # Allow other processes to trace us by default (they will need 'trace' in + # the first place). Administrators can override with: + # deny ptrace (tracedby) ... + ptrace (tracedby), + + # Allow us to ptrace ourselves + ptrace peer=@{profile_name}, + + # Allow receive via unix sockets from anywhere. Note: if per-container + # profiles are supported, for container isolation this should be changed to + # something like: + # unix (receive) peer=(label=unconfined), + unix (receive), + + # Allow all unix in the container + unix peer=(label=@{profile_name}), + + # ignore DENIED message on / remount + deny mount options=(ro, remount) -> /, + deny mount options=(ro, remount, silent) -> /, + + # allow tmpfs mounts everywhere + mount fstype=tmpfs, + + # allow hugetlbfs mounts everywhere + mount fstype=hugetlbfs, + + # allow mqueue mounts everywhere + mount fstype=mqueue, + + # allow fuse mounts everywhere + mount fstype=fuse.*, + + # allow bind mount of /lib/init/fstab for lxcguest + mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, + + # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted + mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, + deny @{PROC}/sys/fs/** wklx, + + # allow efivars to be mounted, writing to it will be blocked though + mount fstype=efivarfs -> /sys/firmware/efi/efivars/, + + # block some other dangerous paths + deny @{PROC}/kcore rwklx, + deny @{PROC}/kmem rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/sysrq-trigger rwklx, + + # deny writes in /sys except for /sys/fs/cgroup, also allow + # fusectl, securityfs and debugfs to be mounted there (read-only) + mount fstype=fusectl -> /sys/fs/fuse/connections/, + mount fstype=securityfs -> /sys/kernel/security/, + mount fstype=debugfs -> /sys/kernel/debug/, + deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, + mount fstype=proc -> /proc/, + mount fstype=sysfs -> /sys/, + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, + mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, + + # generated by: lxc-generate-aa-rules.py container-rules.base + deny /proc/sys/[^kn]*{,/**} wklx, + deny /proc/sys/k[^e]*{,/**} wklx, + deny /proc/sys/ke[^r]*{,/**} wklx, + deny /proc/sys/ker[^n]*{,/**} wklx, + deny /proc/sys/kern[^e]*{,/**} wklx, + deny /proc/sys/kerne[^l]*{,/**} wklx, + deny /proc/sys/kernel/[^smhd]*{,/**} wklx, + deny /proc/sys/kernel/d[^o]*{,/**} wklx, + deny /proc/sys/kernel/do[^m]*{,/**} wklx, + deny /proc/sys/kernel/dom[^a]*{,/**} wklx, + deny /proc/sys/kernel/doma[^i]*{,/**} wklx, + deny /proc/sys/kernel/domai[^n]*{,/**} wklx, + deny /proc/sys/kernel/domain[^n]*{,/**} wklx, + deny /proc/sys/kernel/domainn[^a]*{,/**} wklx, + deny /proc/sys/kernel/domainna[^m]*{,/**} wklx, + deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/domainname?*{,/**} wklx, + deny /proc/sys/kernel/h[^o]*{,/**} wklx, + deny /proc/sys/kernel/ho[^s]*{,/**} wklx, + deny /proc/sys/kernel/hos[^t]*{,/**} wklx, + deny /proc/sys/kernel/host[^n]*{,/**} wklx, + deny /proc/sys/kernel/hostn[^a]*{,/**} wklx, + deny /proc/sys/kernel/hostna[^m]*{,/**} wklx, + deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/hostname?*{,/**} wklx, + deny /proc/sys/kernel/m[^s]*{,/**} wklx, + deny /proc/sys/kernel/ms[^g]*{,/**} wklx, + deny /proc/sys/kernel/msg*/** wklx, + deny /proc/sys/kernel/s[^he]*{,/**} wklx, + deny /proc/sys/kernel/se[^m]*{,/**} wklx, + deny /proc/sys/kernel/sem*/** wklx, + deny /proc/sys/kernel/sh[^m]*{,/**} wklx, + deny /proc/sys/kernel/shm*/** wklx, + deny /proc/sys/kernel?*{,/**} wklx, + deny /proc/sys/n[^e]*{,/**} wklx, + deny /proc/sys/ne[^t]*{,/**} wklx, + deny /proc/sys/net?*{,/**} wklx, + deny /sys/[^fdc]*{,/**} wklx, + deny /sys/c[^l]*{,/**} wklx, + deny /sys/cl[^a]*{,/**} wklx, + deny /sys/cla[^s]*{,/**} wklx, + deny /sys/clas[^s]*{,/**} wklx, + deny /sys/class/[^n]*{,/**} wklx, + deny /sys/class/n[^e]*{,/**} wklx, + deny /sys/class/ne[^t]*{,/**} wklx, + deny /sys/class/net?*{,/**} wklx, + deny /sys/class?*{,/**} wklx, + deny /sys/d[^e]*{,/**} wklx, + deny /sys/de[^v]*{,/**} wklx, + deny /sys/dev[^i]*{,/**} wklx, + deny /sys/devi[^c]*{,/**} wklx, + deny /sys/devic[^e]*{,/**} wklx, + deny /sys/device[^s]*{,/**} wklx, + deny /sys/devices/[^v]*{,/**} wklx, + deny /sys/devices/v[^i]*{,/**} wklx, + deny /sys/devices/vi[^r]*{,/**} wklx, + deny /sys/devices/vir[^t]*{,/**} wklx, + deny /sys/devices/virt[^u]*{,/**} wklx, + deny /sys/devices/virtu[^a]*{,/**} wklx, + deny /sys/devices/virtua[^l]*{,/**} wklx, + deny /sys/devices/virtual/[^n]*{,/**} wklx, + deny /sys/devices/virtual/n[^e]*{,/**} wklx, + deny /sys/devices/virtual/ne[^t]*{,/**} wklx, + deny /sys/devices/virtual/net?*{,/**} wklx, + deny /sys/devices/virtual?*{,/**} wklx, + deny /sys/devices?*{,/**} wklx, + deny /sys/f[^s]*{,/**} wklx, + deny /sys/fs/[^c]*{,/**} wklx, + deny /sys/fs/c[^g]*{,/**} wklx, + deny /sys/fs/cg[^r]*{,/**} wklx, + deny /sys/fs/cgr[^o]*{,/**} wklx, + deny /sys/fs/cgro[^u]*{,/**} wklx, + deny /sys/fs/cgrou[^p]*{,/**} wklx, + deny /sys/fs/cgroup?*{,/**} wklx, + deny /sys/fs?*{,/**} wklx, diff -Nru lxc-1.0.0~alpha1/config/apparmor/abstractions/container-base.in lxc-1.0.8/config/apparmor/abstractions/container-base.in --- lxc-1.0.0~alpha1/config/apparmor/abstractions/container-base.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/abstractions/container-base.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,89 @@ + network, + capability, + file, + umount, + + # dbus, signal, ptrace and unix are only supported by recent apparmor + # versions. Comment them if the apparmor parser doesn't recognize them. + + # This also needs additional rules to reach outside of the container via + # DBus, so just let all of DBus within the container. + dbus, + + # Allow us to receive signals from anywhere. Note: if per-container profiles + # are supported, for container isolation this should be changed to something + # like: + # signal (receive) peer=unconfined, + # signal (receive) peer=/usr/bin/lxc-start, + signal (receive), + + # Allow us to send signals to ourselves + signal peer=@{profile_name}, + + # Allow other processes to read our /proc entries, futexes, perf tracing and + # kcmp for now (they will need 'read' in the first place). Administrators can + # override with: + # deny ptrace (readby) ... + ptrace (readby), + + # Allow other processes to trace us by default (they will need 'trace' in + # the first place). Administrators can override with: + # deny ptrace (tracedby) ... + ptrace (tracedby), + + # Allow us to ptrace ourselves + ptrace peer=@{profile_name}, + + # Allow receive via unix sockets from anywhere. Note: if per-container + # profiles are supported, for container isolation this should be changed to + # something like: + # unix (receive) peer=(label=unconfined), + unix (receive), + + # Allow all unix in the container + unix peer=(label=@{profile_name}), + + # ignore DENIED message on / remount + deny mount options=(ro, remount) -> /, + deny mount options=(ro, remount, silent) -> /, + + # allow tmpfs mounts everywhere + mount fstype=tmpfs, + + # allow hugetlbfs mounts everywhere + mount fstype=hugetlbfs, + + # allow mqueue mounts everywhere + mount fstype=mqueue, + + # allow fuse mounts everywhere + mount fstype=fuse.*, + + # allow bind mount of /lib/init/fstab for lxcguest + mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, + + # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted + mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, + deny @{PROC}/sys/fs/** wklx, + + # allow efivars to be mounted, writing to it will be blocked though + mount fstype=efivarfs -> /sys/firmware/efi/efivars/, + + # block some other dangerous paths + deny @{PROC}/kcore rwklx, + deny @{PROC}/kmem rwklx, + deny @{PROC}/mem rwklx, + deny @{PROC}/sysrq-trigger rwklx, + + # deny writes in /sys except for /sys/fs/cgroup, also allow + # fusectl, securityfs and debugfs to be mounted there (read-only) + mount fstype=fusectl -> /sys/fs/fuse/connections/, + mount fstype=securityfs -> /sys/kernel/security/, + mount fstype=debugfs -> /sys/kernel/debug/, + deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, + mount fstype=proc -> /proc/, + mount fstype=sysfs -> /sys/, + deny /sys/firmware/efi/efivars/** rwklx, + deny /sys/kernel/security/** rwklx, + mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, + diff -Nru lxc-1.0.0~alpha1/config/apparmor/abstractions/start-container lxc-1.0.8/config/apparmor/abstractions/start-container --- lxc-1.0.0~alpha1/config/apparmor/abstractions/start-container 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/abstractions/start-container 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,42 @@ + network, + capability, + file, + + # The following 3 entries are only supported by recent apparmor versions. + # Comment them if the apparmor parser doesn't recognize them. + dbus, + signal, + ptrace, + + # currently blocked by apparmor bug + mount -> /usr/lib/*/lxc/{**,}, + mount -> /usr/lib/lxc/{**,}, + mount fstype=devpts -> /dev/pts/, + mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, + mount options=bind /dev/pts/** -> /dev/**, + mount options=(rw, make-slave) -> **, + mount fstype=debugfs, + # allow pre-mount hooks to stage mounts under /var/lib/lxc// + mount -> /var/lib/lxc/{**,}, + + # required for some pre-mount hooks (like the new lxc-start-ephemeral) + mount fstype=overlayfs, + mount fstype=aufs, + mount fstype=ecryptfs, + + # all umounts are under the original root's /mnt, but right now we + # can't allow those umounts after pivot_root. So allow all umounts + # right now. They'll be restricted for the container at least. + umount, + #umount /mnt/{**,}, + + # This may look a bit redundant, however it appears we need all of + # them if we want things to work properly on all combinations of kernel + # and userspace parser... + pivot_root /usr/lib/lxc/, + pivot_root /usr/lib/*/lxc/, + pivot_root /usr/lib/lxc/**, + pivot_root /usr/lib/*/lxc/**, + + change_profile -> lxc-*, + change_profile -> unconfined, diff -Nru lxc-1.0.0~alpha1/config/apparmor/container-rules lxc-1.0.8/config/apparmor/container-rules --- lxc-1.0.0~alpha1/config/apparmor/container-rules 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/container-rules 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,76 @@ + # generated by: lxc-generate-aa-rules.py container-rules.base + deny /proc/sys/[^kn]*{,/**} wklx, + deny /proc/sys/k[^e]*{,/**} wklx, + deny /proc/sys/ke[^r]*{,/**} wklx, + deny /proc/sys/ker[^n]*{,/**} wklx, + deny /proc/sys/kern[^e]*{,/**} wklx, + deny /proc/sys/kerne[^l]*{,/**} wklx, + deny /proc/sys/kernel/[^smhd]*{,/**} wklx, + deny /proc/sys/kernel/d[^o]*{,/**} wklx, + deny /proc/sys/kernel/do[^m]*{,/**} wklx, + deny /proc/sys/kernel/dom[^a]*{,/**} wklx, + deny /proc/sys/kernel/doma[^i]*{,/**} wklx, + deny /proc/sys/kernel/domai[^n]*{,/**} wklx, + deny /proc/sys/kernel/domain[^n]*{,/**} wklx, + deny /proc/sys/kernel/domainn[^a]*{,/**} wklx, + deny /proc/sys/kernel/domainna[^m]*{,/**} wklx, + deny /proc/sys/kernel/domainnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/domainname?*{,/**} wklx, + deny /proc/sys/kernel/h[^o]*{,/**} wklx, + deny /proc/sys/kernel/ho[^s]*{,/**} wklx, + deny /proc/sys/kernel/hos[^t]*{,/**} wklx, + deny /proc/sys/kernel/host[^n]*{,/**} wklx, + deny /proc/sys/kernel/hostn[^a]*{,/**} wklx, + deny /proc/sys/kernel/hostna[^m]*{,/**} wklx, + deny /proc/sys/kernel/hostnam[^e]*{,/**} wklx, + deny /proc/sys/kernel/hostname?*{,/**} wklx, + deny /proc/sys/kernel/m[^s]*{,/**} wklx, + deny /proc/sys/kernel/ms[^g]*{,/**} wklx, + deny /proc/sys/kernel/msg*/** wklx, + deny /proc/sys/kernel/s[^he]*{,/**} wklx, + deny /proc/sys/kernel/se[^m]*{,/**} wklx, + deny /proc/sys/kernel/sem*/** wklx, + deny /proc/sys/kernel/sh[^m]*{,/**} wklx, + deny /proc/sys/kernel/shm*/** wklx, + deny /proc/sys/kernel?*{,/**} wklx, + deny /proc/sys/n[^e]*{,/**} wklx, + deny /proc/sys/ne[^t]*{,/**} wklx, + deny /proc/sys/net?*{,/**} wklx, + deny /sys/[^fdc]*{,/**} wklx, + deny /sys/c[^l]*{,/**} wklx, + deny /sys/cl[^a]*{,/**} wklx, + deny /sys/cla[^s]*{,/**} wklx, + deny /sys/clas[^s]*{,/**} wklx, + deny /sys/class/[^n]*{,/**} wklx, + deny /sys/class/n[^e]*{,/**} wklx, + deny /sys/class/ne[^t]*{,/**} wklx, + deny /sys/class/net?*{,/**} wklx, + deny /sys/class?*{,/**} wklx, + deny /sys/d[^e]*{,/**} wklx, + deny /sys/de[^v]*{,/**} wklx, + deny /sys/dev[^i]*{,/**} wklx, + deny /sys/devi[^c]*{,/**} wklx, + deny /sys/devic[^e]*{,/**} wklx, + deny /sys/device[^s]*{,/**} wklx, + deny /sys/devices/[^v]*{,/**} wklx, + deny /sys/devices/v[^i]*{,/**} wklx, + deny /sys/devices/vi[^r]*{,/**} wklx, + deny /sys/devices/vir[^t]*{,/**} wklx, + deny /sys/devices/virt[^u]*{,/**} wklx, + deny /sys/devices/virtu[^a]*{,/**} wklx, + deny /sys/devices/virtua[^l]*{,/**} wklx, + deny /sys/devices/virtual/[^n]*{,/**} wklx, + deny /sys/devices/virtual/n[^e]*{,/**} wklx, + deny /sys/devices/virtual/ne[^t]*{,/**} wklx, + deny /sys/devices/virtual/net?*{,/**} wklx, + deny /sys/devices/virtual?*{,/**} wklx, + deny /sys/devices?*{,/**} wklx, + deny /sys/f[^s]*{,/**} wklx, + deny /sys/fs/[^c]*{,/**} wklx, + deny /sys/fs/c[^g]*{,/**} wklx, + deny /sys/fs/cg[^r]*{,/**} wklx, + deny /sys/fs/cgr[^o]*{,/**} wklx, + deny /sys/fs/cgro[^u]*{,/**} wklx, + deny /sys/fs/cgrou[^p]*{,/**} wklx, + deny /sys/fs/cgroup?*{,/**} wklx, + deny /sys/fs?*{,/**} wklx, diff -Nru lxc-1.0.0~alpha1/config/apparmor/container-rules.base lxc-1.0.8/config/apparmor/container-rules.base --- lxc-1.0.0~alpha1/config/apparmor/container-rules.base 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/container-rules.base 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,15 @@ +# Run lxc-generate-aa-rules.py on this file after any modification, to generate +# the container-rules file which is appended to container-base.in to create the +# final abstractions/container-base. + +block /sys +allow /sys/fs/cgroup/** +allow /sys/devices/virtual/net/** +allow /sys/class/net/** +block /proc/sys +allow /proc/sys/kernel/shm* +allow /proc/sys/kernel/sem* +allow /proc/sys/kernel/msg* +allow /proc/sys/kernel/hostname +allow /proc/sys/kernel/domainname +allow /proc/sys/net/** diff -Nru lxc-1.0.0~alpha1/config/apparmor/lxc-containers lxc-1.0.8/config/apparmor/lxc-containers --- lxc-1.0.0~alpha1/config/apparmor/lxc-containers 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/lxc-containers 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,7 @@ +# This file exists only to ensure that all per-container policies +# listed under /etc/apparmor.d/lxc get loaded at boot. Please do +# not edit this file. + +#include + +#include diff -Nru lxc-1.0.0~alpha1/config/apparmor/lxc-generate-aa-rules.py lxc-1.0.8/config/apparmor/lxc-generate-aa-rules.py --- lxc-1.0.0~alpha1/config/apparmor/lxc-generate-aa-rules.py 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/lxc-generate-aa-rules.py 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,139 @@ +#!/usr/bin/python3 + +import sys + +blocks = [] + +# +# blocks is an array of paths under which we want to block by +# default. +# +# blocks[0] = ['path' = '/sys', 'children' = [A,B] ] +# blocks[1] = ['path' = '/proc/sys', 'children' = [ E ] ] +# A = [ 'path' = 'fs', children = [C] ] +# C = [ 'path' = 'cgroup', children = [F] ] +# B = [ 'path' = 'class', children = [D] ] +# D = [ 'path' = 'net', children = [F] ] +# E = [ 'path' = 'shm*' ] +# F = [ 'path' = '**' ] + + +def add_block(path): + for b in blocks: + if b['path'] == path: + # duplicate + return + blocks.append({'path': path.strip(), 'children': []}) + +# @prev is an array of dicts which containing 'path' and +# 'children'. @path is a string. We are looking for an entry +# in @prev which contains @path, and will return its +# children array. +def child_get(prev, path): + for p in prev: + if p['path'] == path: + return p['children'] + return None + + +def add_allow(path): + # find which block we belong to + found = None + for b in blocks: + l = len(b['path']) + if len(path) <= l: + continue + # TODO - should we find the longest match? + if path[0:l] == b['path']: + found = b + break + if found is None: + print("allow with no previous block at %s" % path) + sys.exit(1) + p = path[l:].strip() + while p[:1] == "/": + p = p[1:] + prev = b['children'] + for s in p.split('/'): + n = {'path': s.strip(), 'children': []} + tmp = child_get(prev, n['path']) + if tmp is not None: + prev = tmp + else: + prev.append(n) + prev = n['children'] + +config = "config" +if len(sys.argv) > 1: + config = sys.argv[1] +with open(config) as f: + for x in f.readlines(): + x.strip() + if x[:1] == '#': + continue + try: + (cmd, path) = x.split(' ') + except: # blank line + continue + if cmd == "block": + add_block(path) + elif cmd == "allow": + add_allow(path) + else: + print("Unknown command: %s" % cmd) + sys.exit(1) + +denies = [] + + +def collect_chars(children, ref, index): + r = "" + for c in children: + if index >= len(c['path']): + continue + if ref[0:index] != c['path'][0:index]: + continue + if c['path'][index] not in r: + r = r + c['path'][index] + return r + + +def append_deny(s): + s = "%s wklx," % s + if s not in denies: + denies.append(s) + + +def gen_denies(pathsofar, children): + for c in children: + for char in range(len(c['path'])): + if char == len(c['path'])-1 and c['path'][char] == '*': + continue + if char == len(c['path'])-2: + if c['path'][char:char+2] == '**': + continue + x = collect_chars(children, c['path'], char) + newdeny = "deny %s/%s[^%s]*{,/**}" % (pathsofar, + c['path'][0:char], x) + append_deny(newdeny) + if c['path'] != '**' and c['path'][len(c['path'])-1] != '*': + newdeny = "deny %s/%s?*{,/**}" % (pathsofar, c['path']) + append_deny(newdeny) + elif c['path'] != '**': + newdeny = "deny %s/%s/**" % (pathsofar, c['path']) + append_deny(newdeny) + if len(c['children']) != 0: + newpath = "%s/%s" % (pathsofar, c['path']) + gen_denies(newpath, c['children']) + +for b in blocks: + gen_denies(b['path'], b['children']) + +denies.sort() + +genby = " # generated by: lxc-generate-aa-rules.py" +for a in sys.argv[1:]: + genby += " %s" % a +print(genby) +for d in denies: + print(" %s" % d) diff -Nru lxc-1.0.0~alpha1/config/apparmor/Makefile.am lxc-1.0.8/config/apparmor/Makefile.am --- lxc-1.0.0~alpha1/config/apparmor/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,42 @@ +EXTRA_DIST = \ + abstractions/container-base \ + abstractions/container-base.in \ + abstractions/start-container \ + container-rules \ + container-rules.base \ + lxc-containers \ + lxc-generate-aa-rules.py \ + profiles/lxc-default \ + profiles/lxc-default-with-mounting \ + profiles/lxc-default-with-nesting \ + usr.bin.lxc-start + + +if ENABLE_APPARMOR +install-apparmor: + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ + $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ + $(INSTALL_DATA) profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(INSTALL_DATA) usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ + +uninstall-apparmor: + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.bin.lxc-start + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc-containers + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-nesting + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-mounting + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/start-container + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/container-base + rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ || : + rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ || : + rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/ || : + +install-data-local: install-apparmor +uninstall-local: uninstall-apparmor +endif diff -Nru lxc-1.0.0~alpha1/config/apparmor/Makefile.in lxc-1.0.8/config/apparmor/Makefile.in --- lxc-1.0.0~alpha1/config/apparmor/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,501 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/apparmor +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = \ + abstractions/container-base \ + abstractions/container-base.in \ + abstractions/start-container \ + container-rules \ + container-rules.base \ + lxc-containers \ + lxc-generate-aa-rules.py \ + profiles/lxc-default \ + profiles/lxc-default-with-mounting \ + profiles/lxc-default-with-nesting \ + usr.bin.lxc-start + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/apparmor/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/apparmor/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@ENABLE_APPARMOR_FALSE@uninstall-local: +@ENABLE_APPARMOR_FALSE@install-data-local: +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local + + +@ENABLE_APPARMOR_TRUE@install-apparmor: +@ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/ +@ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ +@ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ + +@ENABLE_APPARMOR_TRUE@uninstall-apparmor: +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.bin.lxc-start +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc-containers +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-nesting +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-mounting +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/start-container +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/container-base +@ENABLE_APPARMOR_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ || : +@ENABLE_APPARMOR_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ || : +@ENABLE_APPARMOR_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/apparmor.d/ || : + +@ENABLE_APPARMOR_TRUE@install-data-local: install-apparmor +@ENABLE_APPARMOR_TRUE@uninstall-local: uninstall-apparmor + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default lxc-1.0.8/config/apparmor/profiles/lxc-default --- lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/profiles/lxc-default 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,11 @@ +# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which +# will source all profiles under /etc/apparmor.d/lxc + +profile lxc-container-default flags=(attach_disconnected,mediate_deleted) { + #include + + # the container may never be allowed to mount devpts. If it does, it + # will remount the host's devpts. We could allow it to do it with + # the newinstance option (but, right now, we don't). + deny mount fstype=devpts, +} diff -Nru lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default-with-mounting lxc-1.0.8/config/apparmor/profiles/lxc-default-with-mounting --- lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default-with-mounting 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/profiles/lxc-default-with-mounting 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,14 @@ +# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which +# will source all profiles under /etc/apparmor.d/lxc + +profile lxc-container-default-with-mounting flags=(attach_disconnected,mediate_deleted) { + #include + +# allow standard blockdevtypes. +# The concern here is in-kernel superblock parsers bringing down the +# host with bad data. However, we continue to disallow proc, sys, securityfs, +# etc to nonstandard locations. + mount fstype=ext*, + mount fstype=xfs, + mount fstype=btrfs, +} diff -Nru lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default-with-nesting lxc-1.0.8/config/apparmor/profiles/lxc-default-with-nesting --- lxc-1.0.0~alpha1/config/apparmor/profiles/lxc-default-with-nesting 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/profiles/lxc-default-with-nesting 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,16 @@ +# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which +# will source all profiles under /etc/apparmor.d/lxc + +profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) { + #include + #include + +# Uncomment the line below if you are not using cgmanager +# mount fstype=cgroup -> /sys/fs/cgroup/**, + + deny /dev/.lxc/proc/** rw, + deny /dev/.lxc/sys/** rw, + mount fstype=proc -> /var/cache/lxc/**, + mount fstype=sysfs -> /var/cache/lxc/**, + mount options=(rw,bind), +} diff -Nru lxc-1.0.0~alpha1/config/apparmor/README lxc-1.0.8/config/apparmor/README --- lxc-1.0.0~alpha1/config/apparmor/README 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/README 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,12 @@ +The abstractions/container-base file is partially automatically +generated. The two source files are container-rules.base and +abstractions/container-base.in. If these file are updated, +then + +1. Generate a new container-rules file using + +./lxc-generate-aa-rules.py container-rules.base > container-rules + +2. Concatenate container-base.in with container-rules using + +cat abstractions/container-base.in container-rules > abstractions/container-base diff -Nru lxc-1.0.0~alpha1/config/apparmor/usr.bin.lxc-start lxc-1.0.8/config/apparmor/usr.bin.lxc-start --- lxc-1.0.0~alpha1/config/apparmor/usr.bin.lxc-start 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/apparmor/usr.bin.lxc-start 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,5 @@ +#include + +/usr/bin/lxc-start flags=(attach_disconnected) { + #include +} diff -Nru lxc-1.0.0~alpha1/config/bash/lxc lxc-1.0.8/config/bash/lxc --- lxc-1.0.0~alpha1/config/bash/lxc 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/bash/lxc 2015-11-09 22:49:28.000000000 +0000 @@ -0,0 +1,103 @@ +have lxc-start && { + _lxc_names() { + COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) ) + } + + _lxc_states() { + COMPREPLY=( $( compgen -W "STOPPED STARTING RUNNING STOPPING ABORTING FREEZING FROZEN THAWED" "$cur" ) ) + } + + _lxc_templates() { + COMPREPLY=( $( compgen -W "$(ls /usr/local/share/lxc/templates/ | sed -e 's|^lxc-||' )" "$cur" ) ) + } + + _lxc_generic_n() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_ns() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + + -s) + _lxc_states "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_t() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -t) + _lxc_templates "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_o() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -o) + _lxc_names "$cur" + return 0 + ;; + esac + + return 1 + } + + complete -o default -F _lxc_generic_n lxc-attach + complete -o default -F _lxc_generic_n lxc-cgroup + complete -o default -F _lxc_generic_n lxc-console + complete -o default -F _lxc_generic_n lxc-destroy + complete -o default -F _lxc_generic_n lxc-device + complete -o default -F _lxc_generic_n lxc-execute + complete -o default -F _lxc_generic_n lxc-freeze + complete -o default -F _lxc_generic_n lxc-info + complete -o default -F _lxc_generic_n lxc-monitor + complete -o default -F _lxc_generic_n lxc-snapshot + complete -o default -F _lxc_generic_n lxc-start + complete -o default -F _lxc_generic_n lxc-stop + complete -o default -F _lxc_generic_n lxc-unfreeze + + complete -o default -F _lxc_generic_ns lxc-wait + + complete -o default -F _lxc_generic_t lxc-create + + complete -o default -F _lxc_generic_o lxc-clone + complete -o default -F _lxc_generic_o lxc-start-ephemeral +} diff -Nru lxc-1.0.0~alpha1/config/bash/lxc.in lxc-1.0.8/config/bash/lxc.in --- lxc-1.0.0~alpha1/config/bash/lxc.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/bash/lxc.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,103 @@ +have lxc-start && { + _lxc_names() { + COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) ) + } + + _lxc_states() { + COMPREPLY=( $( compgen -W "STOPPED STARTING RUNNING STOPPING ABORTING FREEZING FROZEN THAWED" "$cur" ) ) + } + + _lxc_templates() { + COMPREPLY=( $( compgen -W "$(ls @LXCTEMPLATEDIR@/ | sed -e 's|^lxc-||' )" "$cur" ) ) + } + + _lxc_generic_n() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_ns() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -n) + _lxc_names "$cur" + return 0 + ;; + + -s) + _lxc_states "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_t() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -t) + _lxc_templates "$cur" + return 0 + ;; + esac + + return 1 + } + + _lxc_generic_o() { + local cur prev + + COMPREPLY=() + _get_comp_words_by_ref cur prev + + case $prev in + -o) + _lxc_names "$cur" + return 0 + ;; + esac + + return 1 + } + + complete -o default -F _lxc_generic_n lxc-attach + complete -o default -F _lxc_generic_n lxc-cgroup + complete -o default -F _lxc_generic_n lxc-console + complete -o default -F _lxc_generic_n lxc-destroy + complete -o default -F _lxc_generic_n lxc-device + complete -o default -F _lxc_generic_n lxc-execute + complete -o default -F _lxc_generic_n lxc-freeze + complete -o default -F _lxc_generic_n lxc-info + complete -o default -F _lxc_generic_n lxc-monitor + complete -o default -F _lxc_generic_n lxc-snapshot + complete -o default -F _lxc_generic_n lxc-start + complete -o default -F _lxc_generic_n lxc-stop + complete -o default -F _lxc_generic_n lxc-unfreeze + + complete -o default -F _lxc_generic_ns lxc-wait + + complete -o default -F _lxc_generic_t lxc-create + + complete -o default -F _lxc_generic_o lxc-clone + complete -o default -F _lxc_generic_o lxc-start-ephemeral +} diff -Nru lxc-1.0.0~alpha1/config/bash/Makefile.am lxc-1.0.8/config/bash/Makefile.am --- lxc-1.0.0~alpha1/config/bash/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/bash/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,14 @@ +EXTRA_DIST = lxc + +if ENABLE_BASH +install-bash: + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/ + $(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/ + +uninstall-bash: + rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc + rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || : + +install-data-local: install-bash +uninstall-local: uninstall-bash +endif diff -Nru lxc-1.0.0~alpha1/config/bash/Makefile.in lxc-1.0.8/config/bash/Makefile.in --- lxc-1.0.0~alpha1/config/bash/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/bash/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,476 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/bash +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(srcdir)/lxc.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = lxc +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = lxc +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/bash/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/bash/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +lxc: $(top_builddir)/config.status $(srcdir)/lxc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@ENABLE_BASH_FALSE@install-data-local: +@ENABLE_BASH_FALSE@uninstall-local: +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local + + +@ENABLE_BASH_TRUE@install-bash: +@ENABLE_BASH_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/ +@ENABLE_BASH_TRUE@ $(INSTALL_DATA) lxc $(DESTDIR)$(sysconfdir)/bash_completion.d/ + +@ENABLE_BASH_TRUE@uninstall-bash: +@ENABLE_BASH_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/bash_completion.d/lxc +@ENABLE_BASH_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/bash_completion.d/ || : + +@ENABLE_BASH_TRUE@install-data-local: install-bash +@ENABLE_BASH_TRUE@uninstall-local: uninstall-bash + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/default.conf.libvirt lxc-1.0.8/config/default.conf.libvirt --- lxc-1.0.0~alpha1/config/default.conf.libvirt 2013-07-08 15:50:40.000000000 +0000 +++ lxc-1.0.8/config/default.conf.libvirt 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -lxc.network.type = veth -lxc.network.link = virbr0 -lxc.network.flags = up diff -Nru lxc-1.0.0~alpha1/config/default.conf.ubuntu lxc-1.0.8/config/default.conf.ubuntu --- lxc-1.0.0~alpha1/config/default.conf.ubuntu 2013-07-08 15:50:40.000000000 +0000 +++ lxc-1.0.8/config/default.conf.ubuntu 1970-01-01 00:00:00.000000000 +0000 @@ -1,3 +0,0 @@ -lxc.network.type = veth -lxc.network.link = lxcbr0 -lxc.network.flags = up diff -Nru lxc-1.0.0~alpha1/config/default.conf.unknown lxc-1.0.8/config/default.conf.unknown --- lxc-1.0.0~alpha1/config/default.conf.unknown 2013-07-08 15:50:40.000000000 +0000 +++ lxc-1.0.8/config/default.conf.unknown 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -lxc.network.type = empty diff -Nru lxc-1.0.0~alpha1/config/etc/default.conf.libvirt lxc-1.0.8/config/etc/default.conf.libvirt --- lxc-1.0.0~alpha1/config/etc/default.conf.libvirt 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/etc/default.conf.libvirt 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,3 @@ +lxc.network.type = veth +lxc.network.link = virbr0 +lxc.network.flags = up diff -Nru lxc-1.0.0~alpha1/config/etc/default.conf.ubuntu lxc-1.0.8/config/etc/default.conf.ubuntu --- lxc-1.0.0~alpha1/config/etc/default.conf.ubuntu 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/etc/default.conf.ubuntu 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,4 @@ +lxc.network.type = veth +lxc.network.link = lxcbr0 +lxc.network.flags = up +lxc.network.hwaddr = 00:16:3e:xx:xx:xx diff -Nru lxc-1.0.0~alpha1/config/etc/default.conf.unknown lxc-1.0.8/config/etc/default.conf.unknown --- lxc-1.0.0~alpha1/config/etc/default.conf.unknown 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/etc/default.conf.unknown 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1 @@ +lxc.network.type = empty diff -Nru lxc-1.0.0~alpha1/config/etc/Makefile.am lxc-1.0.8/config/etc/Makefile.am --- lxc-1.0.0~alpha1/config/etc/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/etc/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,8 @@ +configdir = $(sysconfdir)/lxc +config_DATA = default.conf + +EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown + +distclean-local: + @$(RM) -f default.conf + @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile diff -Nru lxc-1.0.0~alpha1/config/etc/Makefile.in lxc-1.0.8/config/etc/Makefile.in --- lxc-1.0.0~alpha1/config/etc/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/etc/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,521 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/etc +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = default.conf +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(configdir)" +DATA = $(config_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +configdir = $(sysconfdir)/lxc +config_DATA = default.conf +EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/etc/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/etc/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-configDATA: $(config_DATA) + @$(NORMAL_INSTALL) + @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(configdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(configdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(configdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(configdir)" || exit $$?; \ + done + +uninstall-configDATA: + @$(NORMAL_UNINSTALL) + @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(configdir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(configdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-local + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-configDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-configDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distclean-local distdir \ + dvi dvi-am html html-am info info-am install install-am \ + install-configDATA install-data install-data-am install-dvi \ + install-dvi-am install-exec install-exec-am install-html \ + install-html-am install-info install-info-am install-man \ + install-pdf install-pdf-am install-ps install-ps-am \ + install-strip installcheck installcheck-am installdirs \ + maintainer-clean maintainer-clean-generic mostlyclean \ + mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ + uninstall-am uninstall-configDATA + + +distclean-local: + @$(RM) -f default.conf + @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/init/Makefile.am lxc-1.0.8/config/init/Makefile.am --- lxc-1.0.0~alpha1/config/init/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1 @@ +SUBDIRS = systemd sysvinit upstart diff -Nru lxc-1.0.0~alpha1/config/init/Makefile.in lxc-1.0.8/config/init/Makefile.in --- lxc-1.0.0~alpha1/config/init/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,640 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/init +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = systemd sysvinit upstart +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/init/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-recursive + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic cscopelist-am ctags ctags-am \ + distclean distclean-generic distclean-tags distdir dvi dvi-am \ + html html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags tags-am uninstall uninstall-am + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/init/systemd/lxc-devsetup lxc-1.0.8/config/init/systemd/lxc-devsetup --- lxc-1.0.0~alpha1/config/init/systemd/lxc-devsetup 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/systemd/lxc-devsetup 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/sh - + +# lxc.devsetup - Setup host /dev for container /dev subdirectories. + +if [ ! -d /dev/.lxc ] +then + echo "Creating /dev/.lxc" + mkdir /dev/.lxc + chmod 755 /dev/.lxc +fi + +if grep -q "/dev devtmpfs " /proc/self/mounts +then + echo "/dev is devtmpfs" +else + echo "/dev is not devtmpfs - mounting tmpfs on .lxc" + mount -t tmpfs tmpfs /dev/.lxc +fi + +if [ ! -d /dev/.lxc/user ] +then + echo "Creating /dev/.lxc/user" + mkdir /dev/.lxc/user + chmod 1777 /dev/.lxc/user +fi diff -Nru lxc-1.0.0~alpha1/config/init/systemd/lxc.service lxc-1.0.8/config/init/systemd/lxc.service --- lxc-1.0.0~alpha1/config/init/systemd/lxc.service 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/systemd/lxc.service 2015-11-09 22:49:28.000000000 +0000 @@ -0,0 +1,17 @@ +[Unit] +Description=LXC Container Initialization and Autoboot Code +After=syslog.target network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=/usr/local/libexec/lxc/lxc-devsetup +ExecStart=/usr/local/libexec/lxc/lxc-autostart-helper start +ExecStop=/usr/local/libexec/lxc/lxc-autostart-helper stop +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +StandardOutput=syslog +StandardError=syslog + +[Install] +WantedBy=multi-user.target diff -Nru lxc-1.0.0~alpha1/config/init/systemd/lxc.service.in lxc-1.0.8/config/init/systemd/lxc.service.in --- lxc-1.0.0~alpha1/config/init/systemd/lxc.service.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/systemd/lxc.service.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,17 @@ +[Unit] +Description=LXC Container Initialization and Autoboot Code +After=syslog.target network.target + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStartPre=@LIBEXECDIR@/lxc/lxc-devsetup +ExecStart=@LIBEXECDIR@/lxc/lxc-autostart-helper start +ExecStop=@LIBEXECDIR@/lxc/lxc-autostart-helper stop +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +StandardOutput=syslog +StandardError=syslog + +[Install] +WantedBy=multi-user.target diff -Nru lxc-1.0.0~alpha1/config/init/systemd/Makefile.am lxc-1.0.8/config/init/systemd/Makefile.am --- lxc-1.0.0~alpha1/config/init/systemd/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/systemd/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,30 @@ +EXTRA_DIST = \ + lxc-devsetup \ + lxc.service + +if INIT_SCRIPT_SYSTEMD +SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system + +lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status + $(AM_V_GEN)sed \ + -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \ + -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \ + -e 's|[@]BINDIR[@]|$(bindir)|g' \ + < $< > $@-t && \ + chmod a+x $@-t && \ + mv $@-t $@ +BUILT_SOURCES = lxc-autostart-helper + +install-systemd: lxc.service lxc-devsetup lxc-autostart-helper + $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) + $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + +uninstall-systemd: + rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service + rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : + +pkglibexec_SCRIPTS = lxc-devsetup lxc-autostart-helper + +install-data-local: install-systemd +uninstall-local: uninstall-systemd +endif diff -Nru lxc-1.0.0~alpha1/config/init/systemd/Makefile.in lxc-1.0.8/config/init/systemd/Makefile.in --- lxc-1.0.0~alpha1/config/init/systemd/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/systemd/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,565 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/init/systemd +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(srcdir)/lxc.service.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = lxc.service +CONFIG_CLEAN_VPATH_FILES = +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(pkglibexecdir)" +SCRIPTS = $(pkglibexec_SCRIPTS) +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = \ + lxc-devsetup \ + lxc.service + +@INIT_SCRIPT_SYSTEMD_TRUE@SYSTEMD_UNIT_DIR = $(prefix)/lib/systemd/system +@INIT_SCRIPT_SYSTEMD_TRUE@BUILT_SOURCES = lxc-autostart-helper +@INIT_SCRIPT_SYSTEMD_TRUE@pkglibexec_SCRIPTS = lxc-devsetup lxc-autostart-helper +all: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/systemd/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/init/systemd/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +lxc.service: $(top_builddir)/config.status $(srcdir)/lxc.service.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-pkglibexecSCRIPTS: $(pkglibexec_SCRIPTS) + @$(NORMAL_INSTALL) + @list='$(pkglibexec_SCRIPTS)'; test -n "$(pkglibexecdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(pkglibexecdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(pkglibexecdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \ + done | \ + sed -e 'p;s,.*/,,;n' \ + -e 'h;s|.*|.|' \ + -e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \ + $(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \ + { d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \ + if ($$2 == $$4) { files[d] = files[d] " " $$1; \ + if (++n[d] == $(am__install_max)) { \ + print "f", d, files[d]; n[d] = 0; files[d] = "" } } \ + else { print "f", d "/" $$4, $$1 } } \ + END { for (d in files) print "f", d, files[d] }' | \ + while read type dir files; do \ + if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \ + test -z "$$files" || { \ + echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(pkglibexecdir)$$dir'"; \ + $(INSTALL_SCRIPT) $$files "$(DESTDIR)$(pkglibexecdir)$$dir" || exit $$?; \ + } \ + ; done + +uninstall-pkglibexecSCRIPTS: + @$(NORMAL_UNINSTALL) + @list='$(pkglibexec_SCRIPTS)'; test -n "$(pkglibexecdir)" || exit 0; \ + files=`for p in $$list; do echo "$$p"; done | \ + sed -e 's,.*/,,;$(transform)'`; \ + dir='$(DESTDIR)$(pkglibexecdir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) check-am +all-am: Makefile $(SCRIPTS) +installdirs: + for dir in "$(DESTDIR)$(pkglibexecdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: $(BUILT_SOURCES) + $(MAKE) $(AM_MAKEFLAGS) install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." + -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) +@INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: +@INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: install-pkglibexecSCRIPTS + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local uninstall-pkglibexecSCRIPTS + +.MAKE: all check install install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-pkglibexecSCRIPTS install-ps \ + install-ps-am install-strip installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ + uninstall uninstall-am uninstall-local \ + uninstall-pkglibexecSCRIPTS + + +@INIT_SCRIPT_SYSTEMD_TRUE@lxc-autostart-helper: ../sysvinit/lxc.in $(top_builddir)/config.status +@INIT_SCRIPT_SYSTEMD_TRUE@ $(AM_V_GEN)sed \ +@INIT_SCRIPT_SYSTEMD_TRUE@ -e 's|[@]SYSCONFDIR[@]|$(sysconfdir)|g' \ +@INIT_SCRIPT_SYSTEMD_TRUE@ -e 's|[@]LOCALSTATEDIR[@]|$(localstatedir)|g' \ +@INIT_SCRIPT_SYSTEMD_TRUE@ -e 's|[@]BINDIR[@]|$(bindir)|g' \ +@INIT_SCRIPT_SYSTEMD_TRUE@ < $< > $@-t && \ +@INIT_SCRIPT_SYSTEMD_TRUE@ chmod a+x $@-t && \ +@INIT_SCRIPT_SYSTEMD_TRUE@ mv $@-t $@ + +@INIT_SCRIPT_SYSTEMD_TRUE@install-systemd: lxc.service lxc-devsetup lxc-autostart-helper +@INIT_SCRIPT_SYSTEMD_TRUE@ $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) +@INIT_SCRIPT_SYSTEMD_TRUE@ $(INSTALL_DATA) lxc.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + +@INIT_SCRIPT_SYSTEMD_TRUE@uninstall-systemd: +@INIT_SCRIPT_SYSTEMD_TRUE@ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service +@INIT_SCRIPT_SYSTEMD_TRUE@ rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : + +@INIT_SCRIPT_SYSTEMD_TRUE@install-data-local: install-systemd +@INIT_SCRIPT_SYSTEMD_TRUE@uninstall-local: uninstall-systemd + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/init/sysvinit/lxc lxc-1.0.8/config/init/sysvinit/lxc --- lxc-1.0.0~alpha1/config/init/sysvinit/lxc 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/sysvinit/lxc 2015-11-09 22:49:28.000000000 +0000 @@ -0,0 +1,124 @@ +#!/bin/sh +# +# lxc Start/Stop LXC autoboot containers +# +# chkconfig: 345 99 01 +# description: Starts/Stops all LXC containers configured for autostart. +# +### BEGIN INIT INFO +# Provides: lxc +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Bring up/down LXC autostart containers +# Description: Bring up/down LXC autostart containers +### END INIT INFO + +sysconfdir="/usr/local/etc" +bindir="/usr/local/bin" +localstatedir="/usr/local/var" + +# These can be overridden in /usr/local/etc/sysconfig/lxc + +# BOOTGROUPS - What groups should start on bootup? +# Comma separated list of groups. +# Leading comma, trailing comma or embedded double +# comma indicates when the NULL group should be run. +# Example (default): boot the onboot group first then the NULL group +BOOTGROUPS="onboot," + +# SHUTDOWNDELAY - Wait time for a container to shut down. +# ner shutdown can result in lengthy system +# shutdown times. Even 5 seconds per container can be +# too long. +SHUTDOWNDELAY=5 + +# OPTIONS can be used for anything else. +# If you want to boot everything then +# options can be "-a" or "-a -A". +OPTIONS= + +# STOPOPTS are stop options. The can be used for anything else to stop. +# If you want to kill containers fast, use -k +STOPOPTS="-a -s" + +# Source function library. +test ! -r "$sysconfdir"/rc.d/init.d/functions || + . "$sysconfdir"/rc.d/init.d/functions + +# Source any configurable options +test ! -r "$sysconfdir"/sysconfig/lxc || + . "$sysconfdir"/sysconfig/lxc + +# Check for needed utility program +[ -x "$bindir"/lxc-autostart ] || exit 1 + +# If libvirtd is providing the bridge, it might not be +# immediately available, so wait a bit for it before starting +# up the containers or else any that use the bridge will fail +# to start +wait_for_bridge() +{ + [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; } + + which ifconfig >/dev/null 2>&1 + if [ $? = 0 ]; then + cmd="ifconfig -a" + else + which ip >/dev/null 2>&1 + if [ $? = 0 ]; then + cmd="ip link list" + fi + fi + [ -n cmd ] || { return 0; } + + BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'` + if [ -z "$BRNAME" ]; then + return 0 + fi + + for try in `seq 1 30`; do + eval $cmd |grep "^$BRNAME" >/dev/null 2>&1 + if [ $? = 0 ]; then + return + fi + sleep 1 + done +} + +# See how we were called. +case "$1" in + start) + [ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; } + + if [ -n "$BOOTGROUPS" ] + then + BOOTGROUPS="-g $BOOTGROUPS" + fi + + # Start containers + wait_for_bridge + # Start autoboot containers first then the NULL group "onboot,". + action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS + touch "$localstatedir"/lock/subsys/lxc + ;; + stop) + if [ -n "$SHUTDOWNDELAY" ] + then + SHUTDOWNDELAY="-t $SHUTDOWNDELAY" + fi + + # The stop is serialized and can take excessive time. We need to avoid + # delaying the system shutdown / reboot as much as we can since it's not + # parallelized... Even 5 second timout may be too long. + action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY + rm -f "$localstatedir"/lock/subsys/lxc + ;; + restart|reload|force-reload) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" + exit 2 +esac +exit $? diff -Nru lxc-1.0.0~alpha1/config/init/sysvinit/lxc.in lxc-1.0.8/config/init/sysvinit/lxc.in --- lxc-1.0.0~alpha1/config/init/sysvinit/lxc.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/sysvinit/lxc.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,124 @@ +#!/bin/sh +# +# lxc Start/Stop LXC autoboot containers +# +# chkconfig: 345 99 01 +# description: Starts/Stops all LXC containers configured for autostart. +# +### BEGIN INIT INFO +# Provides: lxc +# Default-Start: 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: Bring up/down LXC autostart containers +# Description: Bring up/down LXC autostart containers +### END INIT INFO + +sysconfdir="@SYSCONFDIR@" +bindir="@BINDIR@" +localstatedir="@LOCALSTATEDIR@" + +# These can be overridden in @SYSCONFDIR@/sysconfig/lxc + +# BOOTGROUPS - What groups should start on bootup? +# Comma separated list of groups. +# Leading comma, trailing comma or embedded double +# comma indicates when the NULL group should be run. +# Example (default): boot the onboot group first then the NULL group +BOOTGROUPS="onboot," + +# SHUTDOWNDELAY - Wait time for a container to shut down. +# ner shutdown can result in lengthy system +# shutdown times. Even 5 seconds per container can be +# too long. +SHUTDOWNDELAY=5 + +# OPTIONS can be used for anything else. +# If you want to boot everything then +# options can be "-a" or "-a -A". +OPTIONS= + +# STOPOPTS are stop options. The can be used for anything else to stop. +# If you want to kill containers fast, use -k +STOPOPTS="-a -s" + +# Source function library. +test ! -r "$sysconfdir"/rc.d/init.d/functions || + . "$sysconfdir"/rc.d/init.d/functions + +# Source any configurable options +test ! -r "$sysconfdir"/sysconfig/lxc || + . "$sysconfdir"/sysconfig/lxc + +# Check for needed utility program +[ -x "$bindir"/lxc-autostart ] || exit 1 + +# If libvirtd is providing the bridge, it might not be +# immediately available, so wait a bit for it before starting +# up the containers or else any that use the bridge will fail +# to start +wait_for_bridge() +{ + [ -f "$sysconfdir"/lxc/default.conf ] || { return 0; } + + which ifconfig >/dev/null 2>&1 + if [ $? = 0 ]; then + cmd="ifconfig -a" + else + which ip >/dev/null 2>&1 + if [ $? = 0 ]; then + cmd="ip link list" + fi + fi + [ -n cmd ] || { return 0; } + + BRNAME=`grep '^[ ]*lxc.network.link' "$sysconfdir"/lxc/default.conf | sed 's/^.*=[ ]*//'` + if [ -z "$BRNAME" ]; then + return 0 + fi + + for try in `seq 1 30`; do + eval $cmd |grep "^$BRNAME" >/dev/null 2>&1 + if [ $? = 0 ]; then + return + fi + sleep 1 + done +} + +# See how we were called. +case "$1" in + start) + [ ! -f "$localstatedir"/lock/subsys/lxc ] || { exit 0; } + + if [ -n "$BOOTGROUPS" ] + then + BOOTGROUPS="-g $BOOTGROUPS" + fi + + # Start containers + wait_for_bridge + # Start autoboot containers first then the NULL group "onboot,". + action $"Starting LXC autoboot containers: " "$bindir"/lxc-autostart $OPTIONS $BOOTGROUPS + touch "$localstatedir"/lock/subsys/lxc + ;; + stop) + if [ -n "$SHUTDOWNDELAY" ] + then + SHUTDOWNDELAY="-t $SHUTDOWNDELAY" + fi + + # The stop is serialized and can take excessive time. We need to avoid + # delaying the system shutdown / reboot as much as we can since it's not + # parallelized... Even 5 second timout may be too long. + action $"Stopping LXC containers: " "$bindir"/lxc-autostart $STOPOPTS $SHUTDOWNDELAY + rm -f "$localstatedir"/lock/subsys/lxc + ;; + restart|reload|force-reload) + $0 stop + $0 start + ;; + *) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" + exit 2 +esac +exit $? diff -Nru lxc-1.0.0~alpha1/config/init/sysvinit/Makefile.am lxc-1.0.8/config/init/sysvinit/Makefile.am --- lxc-1.0.0~alpha1/config/init/sysvinit/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/sysvinit/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,14 @@ +EXTRA_DIST = lxc + +if INIT_SCRIPT_SYSV +install-sysvinit: lxc + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d + $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc + +uninstall-sysvinit: + rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc + rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : + +install-data-local: install-sysvinit +uninstall-local: uninstall-sysvinit +endif diff -Nru lxc-1.0.0~alpha1/config/init/sysvinit/Makefile.in lxc-1.0.8/config/init/sysvinit/Makefile.in --- lxc-1.0.0~alpha1/config/init/sysvinit/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/sysvinit/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,476 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/init/sysvinit +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(srcdir)/lxc.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = lxc +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = lxc +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/sysvinit/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/init/sysvinit/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +lxc: $(top_builddir)/config.status $(srcdir)/lxc.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@INIT_SCRIPT_SYSV_FALSE@install-data-local: +@INIT_SCRIPT_SYSV_FALSE@uninstall-local: +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local + + +@INIT_SCRIPT_SYSV_TRUE@install-sysvinit: lxc +@INIT_SCRIPT_SYSV_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/rc.d/init.d +@INIT_SCRIPT_SYSV_TRUE@ $(INSTALL_SCRIPT) lxc $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc + +@INIT_SCRIPT_SYSV_TRUE@uninstall-sysvinit: +@INIT_SCRIPT_SYSV_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/rc.d/init.d/lxc +@INIT_SCRIPT_SYSV_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/rc.d/init.d || : + +@INIT_SCRIPT_SYSV_TRUE@install-data-local: install-sysvinit +@INIT_SCRIPT_SYSV_TRUE@uninstall-local: uninstall-sysvinit + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/init/upstart/lxc.conf lxc-1.0.8/config/init/upstart/lxc.conf --- lxc-1.0.0~alpha1/config/init/upstart/lxc.conf 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/upstart/lxc.conf 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,60 @@ +description "lxc" +author "Serge Hallyn " + +start on runlevel [2345] +stop on starting rc RUNLEVEL=[016] + +env LXC_AUTO="false" + +# These can be overridden in /etc/default/lxc + +# BOOTGROUPS - What groups should start on bootup? +# Comma separated list of groups. +# Leading comma, trailing comma or embedded double +# comma indicates when the NULL group should be run. +# Example (default): boot the onboot group first then the NULL group +env BOOTGROUPS="onboot," + +# SHUTDOWNDELAY - Wait time for a container to shut down. +# Container shutdown can result in lengthy system +# shutdown times. Even 5 seconds per container can be +# too long. +env SHUTDOWNDELAY=5 + +# OPTIONS can be used for anything else. +# If you want to boot everything then +# options can be "-a" or "-a -A". +env OPTIONS= + +# STOPOPTS are stop options. The can be used for anything else to stop. +# If you want to kill containers fast, use -k +env STOPOPTS="-a -A -s" + +pre-start script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + # don't load profiles if mount mediation is not supported + SYSF=/sys/kernel/security/apparmor/features/mount/mask + if [ -f $SYSF ]; then + if [ -x /lib/apparmor/profile-load ]; then + /lib/apparmor/profile-load usr.bin.lxc-start + /lib/apparmor/profile-load lxc-containers + elif [ -x /lib/init/apparmor-profile-load ]; then + /lib/init/apparmor-profile-load usr.bin.lxc-start + /lib/init/apparmor-profile-load lxc-containers + fi + fi + + [ "x$LXC_AUTO" = "xtrue" ] || exit 0 + + if [ -n "$BOOTGROUPS" ] + then + BOOTGROUPS="-g $BOOTGROUPS" + fi + + # Process the "onboot" group first then the NULL group. + lxc-autostart -L $OPTIONS $BOOTGROUPS | while read line; do + set -- $line + (start lxc-instance NAME=$1 && sleep $2) || true + done +end script diff -Nru lxc-1.0.0~alpha1/config/init/upstart/lxc-instance.conf lxc-1.0.8/config/init/upstart/lxc-instance.conf --- lxc-1.0.0~alpha1/config/init/upstart/lxc-instance.conf 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/upstart/lxc-instance.conf 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,22 @@ +description "lxc instance" +author "Christian Kampka " + +stop on stopping lxc + +# wait for 120 seconds for container to shutdown before killing it +kill timeout 120 + +# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1)) +kill signal SIGPWR + + +instance $NAME +usage "NAME=name of LXC instance" + +pre-start script + lxc-wait -s RUNNING -n $NAME -t 0 && { stop; exit 0; } || true +end script + +script + exec lxc-start -n $NAME +end script diff -Nru lxc-1.0.0~alpha1/config/init/upstart/lxc-net.conf lxc-1.0.8/config/init/upstart/lxc-net.conf --- lxc-1.0.0~alpha1/config/init/upstart/lxc-net.conf 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/upstart/lxc-net.conf 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,96 @@ +description "lxc network" +author "Serge Hallyn " + +start on starting lxc +stop on stopped lxc + +env USE_LXC_BRIDGE="true" +env LXC_BRIDGE="lxcbr0" +env LXC_ADDR="10.0.3.1" +env LXC_NETMASK="255.255.255.0" +env LXC_NETWORK="10.0.3.0/24" +env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" +env LXC_DHCP_MAX="253" +env LXC_DHCP_CONFILE="" +env varrun="/run/lxc" +env LXC_DOMAIN="" + +pre-start script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; } + + use_iptables_lock="-w" + iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock="" + cleanup() { + set +e + # dnsmasq failed to start, clean up the bridge + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + ifconfig ${LXC_BRIDGE} down || true + brctl delbr ${LXC_BRIDGE} || true + set -e + } + + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then + if [ ! -f ${varrun}/network_up ]; then + # bridge exists, but we didn't start it + stop; + fi + exit 0; + fi + + # set up the lxc network + brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } + echo 1 > /proc/sys/net/ipv4/ip_forward + mkdir -p ${varrun} + ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -I INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -I FORWARD -i ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -I FORWARD -o ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE + iptables $use_iptables_lock -t mangle -A POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + + LXC_DOMAIN_ARG="" + if [ -n "$LXC_DOMAIN" ]; then + LXC_DOMAIN_ARG="-s $LXC_DOMAIN -S /$LXC_DOMAIN/" + fi + dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup + touch ${varrun}/network_up +end script + +post-stop script + [ -f /etc/default/lxc ] && . /etc/default/lxc + [ -f "${varrun}/network_up" ] || exit 0; + # if $LXC_BRIDGE has attached interfaces, don't shut it down + ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0; + + if [ -d /sys/class/net/${LXC_BRIDGE} ]; then + set +e + use_iptables_lock="-w" + iptables -w -L -n > /dev/null 2>&1 || use_iptables_lock="" + ifconfig ${LXC_BRIDGE} down + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 67 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p udp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D INPUT -i ${LXC_BRIDGE} -p tcp --dport 53 -j ACCEPT + iptables $use_iptables_lock -D FORWARD -i ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -D FORWARD -o ${LXC_BRIDGE} -j ACCEPT + iptables $use_iptables_lock -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true + iptables $use_iptables_lock -t mangle -D POSTROUTING -o ${LXC_BRIDGE} -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill + pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true + rm -f ${varrun}/dnsmasq.pid + brctl delbr ${LXC_BRIDGE} + set -e + fi + rm -f ${varrun}/network_up +end script diff -Nru lxc-1.0.0~alpha1/config/init/upstart/Makefile.am lxc-1.0.8/config/init/upstart/Makefile.am --- lxc-1.0.0~alpha1/config/init/upstart/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/upstart/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,18 @@ +EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf + +if INIT_SCRIPT_UPSTART +install-upstart: lxc.conf lxc-instance.conf lxc-net.conf + $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ + +uninstall-upstart: + rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf + rm -f $(DESTDIR)$(sysconfdir)/init/lxc-instance.conf + rm -f $(DESTDIR)$(sysconfdir)/init/lxc-net.conf + rmdir $(DESTDIR)$(sysconfdir)/init || : + +install-data-local: install-upstart +uninstall-local: uninstall-upstart +endif diff -Nru lxc-1.0.0~alpha1/config/init/upstart/Makefile.in lxc-1.0.8/config/init/upstart/Makefile.in --- lxc-1.0.0~alpha1/config/init/upstart/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/init/upstart/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,477 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/init/upstart +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +EXTRA_DIST = lxc.conf lxc-instance.conf lxc-net.conf +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/upstart/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/init/upstart/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile +installdirs: +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@INIT_SCRIPT_UPSTART_FALSE@install-data-local: +@INIT_SCRIPT_UPSTART_FALSE@uninstall-local: +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-data-local + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-local + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-data-local install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-pdf \ + install-pdf-am install-ps install-ps-am install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local + + +@INIT_SCRIPT_UPSTART_TRUE@install-upstart: lxc.conf lxc-instance.conf lxc-net.conf +@INIT_SCRIPT_UPSTART_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ +@INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ +@INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ +@INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ + +@INIT_SCRIPT_UPSTART_TRUE@uninstall-upstart: +@INIT_SCRIPT_UPSTART_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/init/lxc.conf +@INIT_SCRIPT_UPSTART_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/init/lxc-instance.conf +@INIT_SCRIPT_UPSTART_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/init/lxc-net.conf +@INIT_SCRIPT_UPSTART_TRUE@ rmdir $(DESTDIR)$(sysconfdir)/init || : + +@INIT_SCRIPT_UPSTART_TRUE@install-data-local: install-upstart +@INIT_SCRIPT_UPSTART_TRUE@uninstall-local: uninstall-upstart + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/Makefile.am lxc-1.0.8/config/Makefile.am --- lxc-1.0.0~alpha1/config/Makefile.am 2013-09-10 22:22:00.000000000 +0000 +++ lxc-1.0.8/config/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -1,15 +1 @@ -configdir = $(sysconfdir)/lxc -config_DATA = default.conf -distroconf = @LXC_DISTRO_CONF@ - -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown - -default.conf: - cp $(distroconf) $@ - -clean-local: - @$(RM) -f default.conf - -distclean-local: - @$(RM) -f default.conf - @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile +SUBDIRS = apparmor bash etc init selinux templates yum diff -Nru lxc-1.0.0~alpha1/config/Makefile.in lxc-1.0.8/config/Makefile.in --- lxc-1.0.0~alpha1/config/Makefile.in 2013-09-10 22:30:08.000000000 +0000 +++ lxc-1.0.8/config/Makefile.in 2015-11-09 22:49:19.000000000 +0000 @@ -1,4 +1,4 @@ -# Makefile.in generated by automake 1.13.3 from Makefile.am. +# Makefile.in generated by automake 1.14.1 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2013 Free Software Foundation, Inc. @@ -13,7 +13,6 @@ # PARTICULAR PURPOSE. @SET_MAKE@ - VPATH = @srcdir@ am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' am__make_running_with_option = \ @@ -83,7 +82,7 @@ config.guess config.sub install-sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ - $(top_srcdir)/configure.ac + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) mkinstalldirs = $(install_sh) -d @@ -104,42 +103,73 @@ am__v_at_1 = SOURCES = DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac -am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; -am__vpath_adj = case $$p in \ - $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ - *) f=$$p;; \ - esac; -am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; -am__install_max = 40 -am__nobase_strip_setup = \ - srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` -am__nobase_strip = \ - for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" -am__nobase_list = $(am__nobase_strip_setup); \ - for p in $$list; do echo "$$p $$p"; done | \ - sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ - $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ - if (++n[$$2] == $(am__install_max)) \ - { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ - END { for (dir in files) print dir, files[dir] }' -am__base_list = \ - sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ - sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' -am__uninstall_files_from_dir = { \ - test -z "$$files" \ - || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ - || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ - $(am__cd) "$$dir" && rm -f $$files; }; \ - } -am__installdirs = "$(DESTDIR)$(configdir)" -DATA = $(config_DATA) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +DIST_SUBDIRS = $(SUBDIRS) DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ @@ -153,10 +183,15 @@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CYGPATH_W = @CYGPATH_W@ DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DOCDIR = @DOCDIR@ @@ -166,6 +201,7 @@ EGREP = @EGREP@ EXEEXT = @EXEEXT@ GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ INCLUDEDIR = @INCLUDEDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ @@ -181,24 +217,33 @@ LOGPATH = @LOGPATH@ LTLIBOBJS = @LTLIBOBJS@ LUA_CFLAGS = @LUA_CFLAGS@ -LUA_INSTALL_CMOD = @LUA_INSTALL_CMOD@ -LUA_INSTALL_LMOD = @LUA_INSTALL_LMOD@ +LUA_LIBDIR = @LUA_LIBDIR@ LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ -LXC_DISTRO_CONF = @LXC_DISTRO_CONF@ LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ MAKEINFO = @MAKEINFO@ MKDIR_P = @MKDIR_P@ -NEWUIDMAP = @NEWUIDMAP@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ OBJEXT = @OBJEXT@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ @@ -219,8 +264,12 @@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ SECCOMP_LIBS = @SECCOMP_LIBS@ SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ @@ -282,11 +331,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -configdir = $(sysconfdir)/lxc -config_DATA = default.conf -distroconf = @LXC_DISTRO_CONF@ -EXTRA_DIST = default.conf.ubuntu default.conf.libvirt default.conf.unknown -all: all-am +SUBDIRS = apparmor bash etc init selinux templates yum +all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @@ -319,33 +365,105 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): -install-configDATA: $(config_DATA) - @$(NORMAL_INSTALL) - @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ - if test -n "$$list"; then \ - echo " $(MKDIR_P) '$(DESTDIR)$(configdir)'"; \ - $(MKDIR_P) "$(DESTDIR)$(configdir)" || exit 1; \ - fi; \ - for p in $$list; do \ - if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ - echo "$$d$$p"; \ - done | $(am__base_list) | \ - while read files; do \ - echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(configdir)'"; \ - $(INSTALL_DATA) $$files "$(DESTDIR)$(configdir)" || exit $$?; \ - done -uninstall-configDATA: - @$(NORMAL_UNINSTALL) - @list='$(config_DATA)'; test -n "$(configdir)" || list=; \ - files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ - dir='$(DESTDIR)$(configdir)'; $(am__uninstall_files_from_dir) -tags TAGS: - -ctags CTAGS: +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive -cscope cscopelist: +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ @@ -377,22 +495,45 @@ || exit 1; \ fi; \ done -check-am: all-am -check: check-am -all-am: Makefile $(DATA) -installdirs: - for dir in "$(DESTDIR)$(configdir)"; do \ - test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ done -install: install-am -install-exec: install-exec-am -install-data: install-data-am -uninstall: uninstall-am +check-am: all-am +check: check-recursive +all-am: Makefile +installdirs: installdirs-recursive +installdirs-am: +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am -installcheck: installcheck-am +installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ @@ -414,97 +555,86 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -clean: clean-am +clean: clean-recursive -clean-am: clean-generic clean-local mostlyclean-am +clean-am: clean-generic mostlyclean-am -distclean: distclean-am +distclean: distclean-recursive -rm -f Makefile -distclean-am: clean-am distclean-generic distclean-local +distclean-am: clean-am distclean-generic distclean-tags -dvi: dvi-am +dvi: dvi-recursive dvi-am: -html: html-am +html: html-recursive html-am: -info: info-am +info: info-recursive info-am: -install-data-am: install-configDATA +install-data-am: -install-dvi: install-dvi-am +install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: -install-html: install-html-am +install-html: install-html-recursive install-html-am: -install-info: install-info-am +install-info: install-info-recursive install-info-am: install-man: -install-pdf: install-pdf-am +install-pdf: install-pdf-recursive install-pdf-am: -install-ps: install-ps-am +install-ps: install-ps-recursive install-ps-am: installcheck-am: -maintainer-clean: maintainer-clean-am +maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic -mostlyclean: mostlyclean-am +mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic -pdf: pdf-am +pdf: pdf-recursive pdf-am: -ps: ps-am +ps: ps-recursive ps-am: -uninstall-am: uninstall-configDATA +uninstall-am: -.MAKE: install-am install-strip +.MAKE: $(am__recursive_targets) install-am install-strip -.PHONY: all all-am check check-am clean clean-generic clean-local \ - cscopelist-am ctags-am distclean distclean-generic \ - distclean-local distdir dvi dvi-am html html-am info info-am \ - install install-am install-configDATA install-data \ +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic cscopelist-am ctags ctags-am \ + distclean distclean-generic distclean-tags distdir dvi dvi-am \ + html html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ - installcheck-am installdirs maintainer-clean \ + installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ - pdf-am ps ps-am tags-am uninstall uninstall-am \ - uninstall-configDATA - - -default.conf: - cp $(distroconf) $@ - -clean-local: - @$(RM) -f default.conf + pdf-am ps ps-am tags tags-am uninstall uninstall-am -distclean-local: - @$(RM) -f default.conf - @$(RM) -f compile config.guess config.sub depcomp install-sh ltmain.sh missing Makefile.in Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.0.0~alpha1/config/missing lxc-1.0.8/config/missing --- lxc-1.0.0~alpha1/config/missing 2013-09-10 22:30:08.000000000 +0000 +++ lxc-1.0.8/config/missing 2015-11-09 22:49:19.000000000 +0000 @@ -1,7 +1,7 @@ #! /bin/sh # Common wrapper for a few potentially missing GNU programs. -scriptversion=2012-06-26.16; # UTC +scriptversion=2013-10-28.13; # UTC # Copyright (C) 1996-2013 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. @@ -160,7 +160,7 @@ ;; autom4te*) echo "You might have modified some maintainer files that require" - echo "the 'automa4te' program to be rebuilt." + echo "the 'autom4te' program to be rebuilt." program_details 'autom4te' ;; bison*|yacc*) diff -Nru lxc-1.0.0~alpha1/config/selinux/lxc.if lxc-1.0.8/config/selinux/lxc.if --- lxc-1.0.0~alpha1/config/selinux/lxc.if 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/selinux/lxc.if 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1 @@ +## Policy for LXC containers diff -Nru lxc-1.0.0~alpha1/config/selinux/lxc.te lxc-1.0.8/config/selinux/lxc.te --- lxc-1.0.0~alpha1/config/selinux/lxc.te 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/selinux/lxc.te 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,88 @@ +# +# SELinux policy for LXC for RHEL/CentOS/Oracle 6.5. +# It attempts to restrict the container to the same amount of access +# as an unprivileged user. To build and insert this policy module: +# +# make -f /usr/share/selinux/devel/Makefile lxc.pp +# semodule -i lxc.pp +# +# In your container's lxc config: +# lxc.se_context = system_u:system_r:lxc_t:s0:c62,c86,c150,c228 +# +# Ensure your container's rootfs files are labeled: +# chcon -R system_u:object_r:lxc_file_t:s0:c62,c86,c150,c228 /path/to/rootfs +# +# To keep containers separated from each other, you should vary the MCS +# portion of the contexts above to be a unique set of values for each +# container, each MCS compartment can be a number from 0-1023. +# + +policy_module(lxc,0.35) + +userdom_unpriv_user_template(lxc) + +type lxc_file_t; +files_type(lxc_file_t); +role system_r types { lxc_t lxc_file_t }; + +gen_require(` + type devpts_t; + type proc_t; + type ssh_port_t; + type sysctl_kernel_t; + type sysctl_modprobe_t; + type sysctl_net_t; + type tmpfs_t; + type unconfined_t; + class filesystem { relabelfrom unmount }; + class tcp_socket name_bind; + class udp_socket name_bind; +'); + +# So lxc can transition to lxc_t on exec +allow unconfined_t lxc_t:process transition; +can_exec(lxc_t, lxc_file_t) + +# So lxc can dyntransition to lxc_t for attach executing a function +allow unconfined_t lxc_t:process dyntransition; + +# So lxc-start can relabel the pty allocated for the console +allow lxc_file_t devpts_t:filesystem associate; + +# So container can mount /dev/shm and relabel it +allow lxc_t tmpfs_t:filesystem relabelfrom; + +# Allow all access to an lxc_file_t type; devices can be restricted +# with the device cgroup, they are not here +allow lxc_t lxc_file_t:file *; +allow lxc_t lxc_file_t:lnk_file *; +allow lxc_t lxc_file_t:chr_file *; +allow lxc_t lxc_file_t:blk_file *; +allow lxc_t lxc_file_t:sock_file *; +allow lxc_t lxc_file_t:fifo_file *; +allow lxc_t lxc_file_t:socket *; +allow lxc_t lxc_file_t:dir *; +allow lxc_t lxc_file_t:filesystem unmount; + +fs_unmount_all_fs(lxc_t) + +allow lxc_t proc_t:dir mounton; +allow lxc_t proc_t:filesystem mount; + +allow lxc_t tmpfs_t:filesystem mount; +allow lxc_t self:capability { dac_override dac_read_search fsetid ipc_lock net_admin net_bind_service net_broadcast net_raw sys_admin sys_boot sys_tty_config }; + +allow lxc_t sysctl_net_t:file write; +allow lxc_t ssh_port_t:tcp_socket name_bind; + +corenet_tcp_connect_all_ports(lxc_t) +corenet_tcp_bind_all_ports(lxc_t) +corenet_udp_bind_all_ports(lxc_t) + +# Needed for ifup/ip/dhcp +allow lxc_t self:packet_socket create_socket_perms; +allow lxc_t self:rawip_socket create_socket_perms; +allow lxc_t self:netlink_route_socket create_netlink_socket_perms; + +dontaudit lxc_t sysctl_kernel_t:file write; +dontaudit lxc_t sysctl_modprobe_t:file write; diff -Nru lxc-1.0.0~alpha1/config/selinux/Makefile.am lxc-1.0.8/config/selinux/Makefile.am --- lxc-1.0.0~alpha1/config/selinux/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/selinux/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,8 @@ +selinuxdir=@DATADIR@/lxc/selinux + +EXTRA_DIST = \ + lxc.if lxc.te + +selinux_DATA = \ + lxc.if \ + lxc.te diff -Nru lxc-1.0.0~alpha1/config/selinux/Makefile.in lxc-1.0.8/config/selinux/Makefile.in --- lxc-1.0.0~alpha1/config/selinux/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/selinux/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,522 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/selinux +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(selinuxdir)" +DATA = $(selinux_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +selinuxdir = @DATADIR@/lxc/selinux +EXTRA_DIST = \ + lxc.if lxc.te + +selinux_DATA = \ + lxc.if \ + lxc.te + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/selinux/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/selinux/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-selinuxDATA: $(selinux_DATA) + @$(NORMAL_INSTALL) + @list='$(selinux_DATA)'; test -n "$(selinuxdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(selinuxdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(selinuxdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(selinuxdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(selinuxdir)" || exit $$?; \ + done + +uninstall-selinuxDATA: + @$(NORMAL_UNINSTALL) + @list='$(selinux_DATA)'; test -n "$(selinuxdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(selinuxdir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(selinuxdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-selinuxDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-selinuxDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-selinuxDATA install-strip \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am \ + uninstall-selinuxDATA + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/templates/centos.common.conf.in lxc-1.0.8/config/templates/centos.common.conf.in --- lxc-1.0.0~alpha1/config/templates/centos.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/centos.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,60 @@ +# Taken from the oracle.common.conf.in +# Console settings + +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Mount entries +lxc.mount.auto = proc:mixed sys:ro + +# Ensure hostname is changed on clone +lxc.hook.clone = @LXCHOOKDIR@/clonehostname + +# Capabilities +# Uncomment these if you don't run anything that needs the capability, and +# would like the container to run with less privilege. +# +# Dropping sys_admin disables container root from doing a lot of things +# that could be bad like re-mounting lxc fstab entries rw for example, +# but also disables some useful things like being able to nfs mount, and +# things that are already namespaced with ns_capable() kernel checks, like +# hostname(1). +# lxc.cap.drop = sys_admin +# lxc.cap.drop = net_raw # breaks dhcp/ping +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) +# lxc.cap.drop = setuid # breaks sshd,nfs statd +# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) +# lxc.cap.drop = audit_write +# lxc.cap.drop = setpcap # big big login delays in CentOS 7 systemd +# +lxc.cap.drop = mac_admin mac_override setfcap +lxc.cap.drop = sys_module sys_nice sys_pacct +lxc.cap.drop = sys_rawio sys_time + +# Control Group devices: all denied except those whitelisted +lxc.cgroup.devices.deny = a +# Allow any mknod (but not reading/writing the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null +lxc.cgroup.devices.allow = c 1:3 rwm +## /dev/zero +lxc.cgroup.devices.allow = c 1:5 rwm +## /dev/full +lxc.cgroup.devices.allow = c 1:7 rwm +## /dev/tty +lxc.cgroup.devices.allow = c 5:0 rwm +## /dev/random +lxc.cgroup.devices.allow = c 1:8 rwm +## /dev/urandom +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/tty[1-4] ptys and lxc console +lxc.cgroup.devices.allow = c 136:* rwm +## /dev/ptmx pty master +lxc.cgroup.devices.allow = c 5:2 rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/centos.userns.conf.in lxc-1.0.8/config/templates/centos.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/centos.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/centos.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,20 @@ +# Taken from the oracle.userns.conf.in +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/common.seccomp lxc-1.0.8/config/templates/common.seccomp --- lxc-1.0.0~alpha1/config/templates/common.seccomp 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/common.seccomp 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,9 @@ +2 +blacklist +reject_force_umount # comment this to allow umount -f; not recommended +[all] +kexec_load errno 1 +open_by_handle_at errno 1 +init_module errno 1 +finit_module errno 1 +delete_module errno 1 diff -Nru lxc-1.0.0~alpha1/config/templates/debian.common.conf.in lxc-1.0.8/config/templates/debian.common.conf.in --- lxc-1.0.0~alpha1/config/templates/debian.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/debian.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,66 @@ +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 + +# Default console settings +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.hook.mount = /usr/share/lxc/hooks/mountcgroups + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/debian.userns.conf.in lxc-1.0.8/config/templates/debian.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/debian.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/debian.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,12 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/fedora.common.conf.in lxc-1.0.8/config/templates/fedora.common.conf.in --- lxc-1.0.0~alpha1/config/templates/fedora.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/fedora.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,61 @@ +# Taken from the oracle.common.conf.in +# Console settings + +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Mount entries +# lxc.mount.auto = proc:mixed sys:ro + +# Ensure hostname is changed on clone +lxc.hook.clone = @LXCHOOKDIR@/clonehostname + +# Capabilities +# Uncomment these if you don't run anything that needs the capability, and +# would like the container to run with less privilege. +# +# Dropping sys_admin disables container root from doing a lot of things +# that could be bad like re-mounting lxc fstab entries rw for example, +# but also disables some useful things like being able to nfs mount, and +# things that are already namespaced with ns_capable() kernel checks, like +# hostname(1). +# lxc.cap.drop = sys_admin +# lxc.cap.drop = net_raw # breaks dhcp/ping +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) +# lxc.cap.drop = setuid # breaks sshd,nfs statd +# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) +# lxc.cap.drop = audit_write +# lxc.cap.drop = setpcap # big big login delays in Fedora 20 systemd +# +lxc.cap.drop = mac_admin mac_override +lxc.cap.drop = setfcap +lxc.cap.drop = sys_module sys_nice sys_pacct +lxc.cap.drop = sys_rawio sys_time + +# Control Group devices: all denied except those whitelisted +lxc.cgroup.devices.deny = a +# Allow any mknod (but not reading/writing the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null +lxc.cgroup.devices.allow = c 1:3 rwm +## /dev/zero +lxc.cgroup.devices.allow = c 1:5 rwm +## /dev/full +lxc.cgroup.devices.allow = c 1:7 rwm +## /dev/tty +lxc.cgroup.devices.allow = c 5:0 rwm +## /dev/random +lxc.cgroup.devices.allow = c 1:8 rwm +## /dev/urandom +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/tty[1-4] ptys and lxc console +lxc.cgroup.devices.allow = c 136:* rwm +## /dev/ptmx pty master +lxc.cgroup.devices.allow = c 5:2 rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/fedora.userns.conf.in lxc-1.0.8/config/templates/fedora.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/fedora.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/fedora.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,20 @@ +# Taken from the oracle.userns.conf.in +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/gentoo.common.conf.in lxc-1.0.8/config/templates/gentoo.common.conf.in --- lxc-1.0.0~alpha1/config/templates/gentoo.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/gentoo.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,62 @@ +# Gentoo common default configuration +# This is the most feature-full container configuration +# But security is not the goal. +# Looking for more security, see gentoo.moresecure.conf + +# sysfs +lxc.mount.entry=sys sys sysfs defaults 0 0 + +# console access +lxc.pts = 1024 + +# this part is based on 'linux capabilities', see: man 7 capabilities +# eg: you may also wish to drop 'cap_net_raw' (though it breaks ping) + +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# deny access to all devices by default, explicitly grant some permissions +# +# format is [c|b] [major|*]:[minor|*] [r][w][m] +# ^ ^ ^ +# char/block -' \`- device number \`-- read, write, mknod +# +# first deny all... +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp + +# /dev/shm needs to be mounted as tmpfs. It's needed by python (bug #496328) +# and possibly other packages. +lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir diff -Nru lxc-1.0.0~alpha1/config/templates/gentoo.moresecure.conf.in lxc-1.0.8/config/templates/gentoo.moresecure.conf.in --- lxc-1.0.0~alpha1/config/templates/gentoo.moresecure.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/gentoo.moresecure.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,63 @@ +# Gentoo security oriented default configuration +# This is a more security oriented container configuration +# "More" because this is far from fully secure +# Looking for more working features and you trust your +# Container user ? see gentoo.common.conf + +# do not mount sysfs, see http://blog.bofh.it/debian/id_413 +# lxc.mount.entry=sys sys sysfs rw 0 0 +lxc.mount.entry=proc proc proc ro,nodev,noexec,nosuid 0 0 +lxc.mount.entry=mqueue dev/mqueue mqueue rw,nodev,noexec,nosuid,create=dir 0 0 +lxc.mount.entry=shm dev/shm tmpfs rw,nosuid,nodev,noexec,relatime,create=dir 0 0 +lxc.mount.entry=run run tmpfs rw,nosuid,nodev,relatime,mode=755 0 0 + +# console access +lxc.pts = 1024 + +# this part is based on 'linux capabilities', see: man 7 capabilities +# eg: you may also wish to drop 'cap_net_raw' (though it breaks ping) +# +# WARNING: the security vulnerability reported for 'cap_net_admin' at +# http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html +# via JIT spraying (the BPF JIT module disabled on most systems was used +# in the example, but others are suggested vulnerable) meant that users +# with root in a container, that capability and kernel module may escape +# the container. ALWAYS be extremely careful granting any process root +# within a container, use a minimal configuration at all levels - +# including the kernel - and multiple layers of security on any system +# where security is a priority. note that not only LXC but PAX (and +# others?) were vulnerable to this issue. +# +# conservative: lxc.cap.drop = sys_module mknod mac_override sys_boot +# aggressive follows. (leaves open: chown dac_override fowner ipc_lock kill lease net_admin net_bind_service net_broadcast net_raw setgid setuid sys_chroot) + +lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mac_admin mac_override mknod setfcap sys_admin sys_boot sys_module sys_pacct sys_ptrace sys_rawio sys_resource sys_time sys_tty_config syslog + +# deny access to all devices by default, explicitly grant some permissions +# +# format is [c|b] [major|*]:[minor|*] [r][w][m] +# ^ ^ ^ +# char/block -' \`- device number \`-- read, write, mknod +# +# first deny all... +lxc.cgroup.devices.deny = a +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rw +lxc.cgroup.devices.allow = c 1:5 rw +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:9 rw +lxc.cgroup.devices.allow = c 1:8 r +# /dev/pts/* +lxc.cgroup.devices.allow = c 136:* rw +lxc.cgroup.devices.allow = c 5:2 rw +# /dev/tty{0,1} +lxc.cgroup.devices.allow = c 4:1 rwm +lxc.cgroup.devices.allow = c 4:0 rwm +# /dev/tty +lxc.cgroup.devices.allow = c 5:0 rwm +# /dev/console +lxc.cgroup.devices.allow = c 5:1 rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/gentoo.userns.conf.in lxc-1.0.8/config/templates/gentoo.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/gentoo.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/gentoo.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,19 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/Makefile.am lxc-1.0.8/config/templates/Makefile.am --- lxc-1.0.0~alpha1/config/templates/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,26 @@ +templatesconfigdir=@LXCTEMPLATECONFIG@ + +EXTRA_DIST = common.seccomp + +templatesconfig_DATA = \ + centos.common.conf \ + centos.userns.conf \ + common.seccomp \ + debian.common.conf \ + debian.userns.conf \ + fedora.common.conf \ + fedora.userns.conf \ + gentoo.common.conf \ + gentoo.moresecure.conf \ + gentoo.userns.conf \ + nesting.conf \ + oracle.common.conf \ + oracle.userns.conf \ + plamo.common.conf \ + plamo.userns.conf \ + ubuntu-cloud.common.conf \ + ubuntu-cloud.lucid.conf \ + ubuntu-cloud.userns.conf \ + ubuntu.common.conf \ + ubuntu.lucid.conf \ + ubuntu.userns.conf diff -Nru lxc-1.0.0~alpha1/config/templates/Makefile.in lxc-1.0.8/config/templates/Makefile.in --- lxc-1.0.0~alpha1/config/templates/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,603 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/templates +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ + $(srcdir)/centos.common.conf.in \ + $(srcdir)/centos.userns.conf.in \ + $(srcdir)/debian.common.conf.in \ + $(srcdir)/debian.userns.conf.in \ + $(srcdir)/fedora.common.conf.in \ + $(srcdir)/fedora.userns.conf.in \ + $(srcdir)/gentoo.common.conf.in \ + $(srcdir)/gentoo.moresecure.conf.in \ + $(srcdir)/gentoo.userns.conf.in $(srcdir)/nesting.conf.in \ + $(srcdir)/oracle.common.conf.in \ + $(srcdir)/oracle.userns.conf.in $(srcdir)/plamo.common.conf.in \ + $(srcdir)/plamo.userns.conf.in \ + $(srcdir)/ubuntu-cloud.common.conf.in \ + $(srcdir)/ubuntu-cloud.lucid.conf.in \ + $(srcdir)/ubuntu-cloud.userns.conf.in \ + $(srcdir)/ubuntu.common.conf.in $(srcdir)/ubuntu.lucid.conf.in \ + $(srcdir)/ubuntu.userns.conf.in +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = centos.common.conf centos.userns.conf \ + debian.common.conf debian.userns.conf fedora.common.conf \ + fedora.userns.conf gentoo.common.conf gentoo.moresecure.conf \ + gentoo.userns.conf nesting.conf oracle.common.conf \ + oracle.userns.conf plamo.common.conf plamo.userns.conf \ + ubuntu-cloud.common.conf ubuntu-cloud.lucid.conf \ + ubuntu-cloud.userns.conf ubuntu.common.conf ubuntu.lucid.conf \ + ubuntu.userns.conf +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(templatesconfigdir)" +DATA = $(templatesconfig_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +templatesconfigdir = @LXCTEMPLATECONFIG@ +EXTRA_DIST = common.seccomp +templatesconfig_DATA = \ + centos.common.conf \ + centos.userns.conf \ + common.seccomp \ + debian.common.conf \ + debian.userns.conf \ + fedora.common.conf \ + fedora.userns.conf \ + gentoo.common.conf \ + gentoo.moresecure.conf \ + gentoo.userns.conf \ + nesting.conf \ + oracle.common.conf \ + oracle.userns.conf \ + plamo.common.conf \ + plamo.userns.conf \ + ubuntu-cloud.common.conf \ + ubuntu-cloud.lucid.conf \ + ubuntu-cloud.userns.conf \ + ubuntu.common.conf \ + ubuntu.lucid.conf \ + ubuntu.userns.conf + +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/templates/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/templates/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +centos.common.conf: $(top_builddir)/config.status $(srcdir)/centos.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +centos.userns.conf: $(top_builddir)/config.status $(srcdir)/centos.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +debian.common.conf: $(top_builddir)/config.status $(srcdir)/debian.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +debian.userns.conf: $(top_builddir)/config.status $(srcdir)/debian.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +fedora.common.conf: $(top_builddir)/config.status $(srcdir)/fedora.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +fedora.userns.conf: $(top_builddir)/config.status $(srcdir)/fedora.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +gentoo.common.conf: $(top_builddir)/config.status $(srcdir)/gentoo.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +gentoo.moresecure.conf: $(top_builddir)/config.status $(srcdir)/gentoo.moresecure.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +gentoo.userns.conf: $(top_builddir)/config.status $(srcdir)/gentoo.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +nesting.conf: $(top_builddir)/config.status $(srcdir)/nesting.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +oracle.common.conf: $(top_builddir)/config.status $(srcdir)/oracle.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +oracle.userns.conf: $(top_builddir)/config.status $(srcdir)/oracle.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +plamo.common.conf: $(top_builddir)/config.status $(srcdir)/plamo.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +plamo.userns.conf: $(top_builddir)/config.status $(srcdir)/plamo.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu-cloud.common.conf: $(top_builddir)/config.status $(srcdir)/ubuntu-cloud.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu-cloud.lucid.conf: $(top_builddir)/config.status $(srcdir)/ubuntu-cloud.lucid.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu-cloud.userns.conf: $(top_builddir)/config.status $(srcdir)/ubuntu-cloud.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu.common.conf: $(top_builddir)/config.status $(srcdir)/ubuntu.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu.lucid.conf: $(top_builddir)/config.status $(srcdir)/ubuntu.lucid.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +ubuntu.userns.conf: $(top_builddir)/config.status $(srcdir)/ubuntu.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-templatesconfigDATA: $(templatesconfig_DATA) + @$(NORMAL_INSTALL) + @list='$(templatesconfig_DATA)'; test -n "$(templatesconfigdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(templatesconfigdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(templatesconfigdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(templatesconfigdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(templatesconfigdir)" || exit $$?; \ + done + +uninstall-templatesconfigDATA: + @$(NORMAL_UNINSTALL) + @list='$(templatesconfig_DATA)'; test -n "$(templatesconfigdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(templatesconfigdir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(templatesconfigdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-templatesconfigDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-templatesconfigDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip \ + install-templatesconfigDATA installcheck installcheck-am \ + installdirs maintainer-clean maintainer-clean-generic \ + mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ + uninstall uninstall-am uninstall-templatesconfigDATA + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/config/templates/nesting.conf.in lxc-1.0.8/config/templates/nesting.conf.in --- lxc-1.0.0~alpha1/config/templates/nesting.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/nesting.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,8 @@ +# Use a profile which allows nesting +lxc.aa_profile = lxc-container-default-with-nesting + +# Add uncovered mounts of proc and sys, else unprivileged users +# cannot remount those + +lxc.mount.entry = proc dev/.lxc/proc proc create=dir,optional 0 0 +lxc.mount.entry = sys dev/.lxc/sys sysfs create=dir,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/oracle.common.conf.in lxc-1.0.8/config/templates/oracle.common.conf.in --- lxc-1.0.0~alpha1/config/templates/oracle.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/oracle.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,57 @@ +# Console settings +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Mount entries +lxc.mount.auto = proc:mixed sys:ro + +# Ensure hostname is changed on clone +lxc.hook.clone = @LXCHOOKDIR@/clonehostname + +# Capabilities +# Uncomment these if you don't run anything that needs the capability, and +# would like the container to run with less privilege. +# +# Dropping sys_admin disables container root from doing a lot of things +# that could be bad like re-mounting lxc fstab entries rw for example, +# but also disables some useful things like being able to nfs mount, and +# things that are already namespaced with ns_capable() kernel checks, like +# hostname(1). +# lxc.cap.drop = sys_admin +# lxc.cap.drop = net_raw # breaks dhcp/ping +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) +# lxc.cap.drop = setuid # breaks sshd,nfs statd +# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) +# lxc.cap.drop = audit_write +# +lxc.cap.drop = mac_admin mac_override setfcap setpcap +lxc.cap.drop = sys_module sys_nice sys_pacct +lxc.cap.drop = sys_rawio sys_time + +# Control Group devices: all denied except those whitelisted +lxc.cgroup.devices.deny = a +# Allow any mknod (but not reading/writing the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null +lxc.cgroup.devices.allow = c 1:3 rwm +## /dev/zero +lxc.cgroup.devices.allow = c 1:5 rwm +## /dev/full +lxc.cgroup.devices.allow = c 1:7 rwm +## /dev/tty +lxc.cgroup.devices.allow = c 5:0 rwm +## /dev/random +lxc.cgroup.devices.allow = c 1:8 rwm +## /dev/urandom +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/tty[1-4] ptys and lxc console +lxc.cgroup.devices.allow = c 136:* rwm +## /dev/ptmx pty master +lxc.cgroup.devices.allow = c 5:2 rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/oracle.userns.conf.in lxc-1.0.8/config/templates/oracle.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/oracle.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/oracle.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,19 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/plamo.common.conf.in lxc-1.0.8/config/templates/plamo.common.conf.in --- lxc-1.0.0~alpha1/config/templates/plamo.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/plamo.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,31 @@ +# Default console settings +lxc.tty = 4 +lxc.pts = 1024 + +# Default mount +lxc.mount.auto = proc sys cgroup +lxc.mount.entry = none dev/shm tmpfs nosuid,nodev,noexec,mode=1777 0 0 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +lxc.cgroup.devices.deny = a +# /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +# consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +# /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +# rtc +lxc.cgroup.devices.allow = c 254:0 rm +# fuse +lxc.cgroup.devices.allow = c 10:229 rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/plamo.userns.conf.in lxc-1.0.8/config/templates/plamo.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/plamo.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/plamo.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,12 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.common.conf.in lxc-1.0.8/config/templates/ubuntu-cloud.common.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu-cloud.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,4 @@ +# This derives from the main Ubuntu config +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.common.conf + +lxc.hook.clone = @LXCHOOKDIR@/ubuntu-cloud-prep diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.lucid.conf.in lxc-1.0.8/config/templates/ubuntu-cloud.lucid.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.lucid.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu-cloud.lucid.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,2 @@ +# This derives from the main Ubuntu lucid config +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.lucid.conf diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.userns.conf.in lxc-1.0.8/config/templates/ubuntu-cloud.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu-cloud.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu-cloud.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,2 @@ +# This derives from the main Ubuntu userns config +lxc.include = @LXCTEMPLATECONFIG@/ubuntu.userns.conf diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu.common.conf.in lxc-1.0.8/config/templates/ubuntu.common.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu.common.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,74 @@ +# Default pivot location +lxc.pivotdir = lxc_putold + +# Default mount entries +lxc.mount.entry = proc proc proc nodev,noexec,nosuid 0 0 +lxc.mount.entry = sysfs sys sysfs defaults 0 0 +lxc.mount.entry = /sys/fs/fuse/connections sys/fs/fuse/connections none bind,optional 0 0 +lxc.mount.entry = /sys/kernel/debug sys/kernel/debug none bind,optional 0 0 +lxc.mount.entry = /sys/kernel/security sys/kernel/security none bind,optional 0 0 +lxc.mount.entry = /sys/fs/pstore sys/fs/pstore none bind,optional 0 0 + +# Default console settings +lxc.devttydir = lxc +lxc.tty = 4 +lxc.pts = 1024 + +# Default capabilities +lxc.cap.drop = sys_module mac_admin mac_override sys_time + +# When using LXC with apparmor, the container will be confined by default. +# If you wish for it to instead run unconfined, copy the following line +# (uncommented) to the container's configuration file. +#lxc.aa_profile = unconfined + +# To support container nesting on an Ubuntu host while retaining most of +# apparmor's added security, use the following two lines instead. +#lxc.aa_profile = lxc-container-default-with-nesting +#lxc.mount.auto = cgroup:mixed + +# Uncomment the following line to autodetect squid-deb-proxy configuration on the +# host and forward it to the guest at start time. +#lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client + +# If you wish to allow mounting block filesystems, then use the following +# line instead, and make sure to grant access to the block device and/or loop +# devices below in lxc.cgroup.devices.allow. +#lxc.aa_profile = lxc-container-default-with-mounting + +# Default cgroup limits +lxc.cgroup.devices.deny = a +## Allow any mknod (but not using the node) +lxc.cgroup.devices.allow = c *:* m +lxc.cgroup.devices.allow = b *:* m +## /dev/null and zero +lxc.cgroup.devices.allow = c 1:3 rwm +lxc.cgroup.devices.allow = c 1:5 rwm +## consoles +lxc.cgroup.devices.allow = c 5:0 rwm +lxc.cgroup.devices.allow = c 5:1 rwm +## /dev/{,u}random +lxc.cgroup.devices.allow = c 1:8 rwm +lxc.cgroup.devices.allow = c 1:9 rwm +## /dev/pts/* +lxc.cgroup.devices.allow = c 5:2 rwm +lxc.cgroup.devices.allow = c 136:* rwm +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## fuse +lxc.cgroup.devices.allow = c 10:229 rwm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## full +lxc.cgroup.devices.allow = c 1:7 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm + +# Blacklist some syscalls which are not safe in privileged +# containers +lxc.seccomp = @LXCTEMPLATECONFIG@/common.seccomp diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu.lucid.conf.in lxc-1.0.8/config/templates/ubuntu.lucid.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu.lucid.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu.lucid.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,2 @@ +# Ubuntu 10.04 LTS doesn't have /dev/lxc/ +lxc.devttydir = diff -Nru lxc-1.0.0~alpha1/config/templates/ubuntu.userns.conf.in lxc-1.0.8/config/templates/ubuntu.userns.conf.in --- lxc-1.0.0~alpha1/config/templates/ubuntu.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/templates/ubuntu.userns.conf.in 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,19 @@ +# CAP_SYS_ADMIN in init-user-ns is required for cgroup.devices +lxc.cgroup.devices.deny = +lxc.cgroup.devices.allow = + +# We can't move bind-mounts, so don't use /dev/lxc/ +lxc.devttydir = + +# Extra bind-mounts for userns +lxc.mount.entry = /dev/console dev/console none bind,create=file 0 0 +lxc.mount.entry = /dev/full dev/full none bind,create=file 0 0 +lxc.mount.entry = /dev/null dev/null none bind,create=file 0 0 +lxc.mount.entry = /dev/random dev/random none bind,create=file 0 0 +lxc.mount.entry = /dev/tty dev/tty none bind,create=file 0 0 +lxc.mount.entry = /dev/urandom dev/urandom none bind,create=file 0 0 +lxc.mount.entry = /dev/zero dev/zero none bind,create=file 0 0 + +# Extra fstab entries as mountall can't mount those by itself +lxc.mount.entry = /sys/firmware/efi/efivars sys/firmware/efi/efivars none bind,optional 0 0 +lxc.mount.entry = /proc/sys/fs/binfmt_misc proc/sys/fs/binfmt_misc none bind,optional 0 0 diff -Nru lxc-1.0.0~alpha1/config/tls.m4 lxc-1.0.8/config/tls.m4 --- lxc-1.0.0~alpha1/config/tls.m4 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/tls.m4 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,14 @@ +# See if we have working TLS. We only check to see if it compiles, and that +# the resulting program actually runs, not whether the resulting TLS variables +# work properly; that check is done at runtime, since we can run binaries +# compiled with __thread on systems without TLS. +AC_DEFUN([LXC_CHECK_TLS], +[ + AC_MSG_CHECKING(for TLS) + AC_RUN_IFELSE([AC_LANG_SOURCE([[ static __thread int val; int main() { return 0; } ]])],[have_tls=yes],[have_tls=no],[have_tls=no ]) + AC_MSG_RESULT($have_tls) + if test "$have_tls" = "yes"; then + AC_DEFINE([HAVE_TLS],[1],[Define if the compiler supports __thread]) + AC_DEFINE([thread_local],[__thread],[Define to the compiler TLS keyword]) + fi +]) diff -Nru lxc-1.0.0~alpha1/config/yum/lxc-patch.py lxc-1.0.8/config/yum/lxc-patch.py --- lxc-1.0.0~alpha1/config/yum/lxc-patch.py 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/yum/lxc-patch.py 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,57 @@ +# Yum plugin to re-patch container rootfs after a yum update is done +# +# Copyright (C) 2012 Oracle +# +# Authors: +# Dwight Engen +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 +# USA +# + +import os +from fnmatch import fnmatch +from yum.plugins import TYPE_INTERACTIVE +from yum.plugins import PluginYumExit + +requires_api_version = '2.0' +plugin_type = (TYPE_INTERACTIVE,) + +def posttrans_hook(conduit): + pkgs = [] + patch_required = False + + # If we aren't root, we can't have updated anything + if os.geteuid(): + return + + # See what packages have files that were patched + confpkgs = conduit.confString('main', 'packages') + if not confpkgs: + return + + tmp = confpkgs.split(",") + for confpkg in tmp: + pkgs.append(confpkg.strip()) + + conduit.info(2, "lxc-patch: checking if updated pkgs need patching...") + ts = conduit.getTsInfo() + for tsmem in ts.getMembers(): + for pkg in pkgs: + if fnmatch(pkg, tsmem.po.name): + patch_required = True + if patch_required: + conduit.info(2, "lxc-patch: patching container...") + os.spawnlp(os.P_WAIT, "lxc-patch", "lxc-patch", "--patch", "/") diff -Nru lxc-1.0.0~alpha1/config/yum/Makefile.am lxc-1.0.8/config/yum/Makefile.am --- lxc-1.0.0~alpha1/config/yum/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/yum/Makefile.am 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,6 @@ +yumpluginsdir=$(datadir)/lxc + +yumplugins_DATA = \ + lxc-patch.py + +EXTRA_DIST = $(yumplugins_DATA) diff -Nru lxc-1.0.0~alpha1/config/yum/Makefile.in lxc-1.0.8/config/yum/Makefile.in --- lxc-1.0.0~alpha1/config/yum/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/config/yum/Makefile.in 2015-11-09 22:49:20.000000000 +0000 @@ -0,0 +1,519 @@ +# Makefile.in generated by automake 1.14.1 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2013 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ + +VPATH = @srcdir@ +am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +subdir = config/yum +DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +am__installdirs = "$(DESTDIR)$(yumpluginsdir)" +DATA = $(yumplugins_DATA) +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@ +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +yumpluginsdir = $(datadir)/lxc +yumplugins_DATA = \ + lxc-patch.py + +EXTRA_DIST = $(yumplugins_DATA) +all: all-am + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/yum/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu config/yum/Makefile +.PRECIOUS: Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +install-yumpluginsDATA: $(yumplugins_DATA) + @$(NORMAL_INSTALL) + @list='$(yumplugins_DATA)'; test -n "$(yumpluginsdir)" || list=; \ + if test -n "$$list"; then \ + echo " $(MKDIR_P) '$(DESTDIR)$(yumpluginsdir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(yumpluginsdir)" || exit 1; \ + fi; \ + for p in $$list; do \ + if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; \ + done | $(am__base_list) | \ + while read files; do \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(yumpluginsdir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(yumpluginsdir)" || exit $$?; \ + done + +uninstall-yumpluginsDATA: + @$(NORMAL_UNINSTALL) + @list='$(yumplugins_DATA)'; test -n "$(yumpluginsdir)" || list=; \ + files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ + dir='$(DESTDIR)$(yumpluginsdir)'; $(am__uninstall_files_from_dir) +tags TAGS: + +ctags CTAGS: + +cscope cscopelist: + + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-am +all-am: Makefile $(DATA) +installdirs: + for dir in "$(DESTDIR)$(yumpluginsdir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-am +install-exec: install-exec-am +install-data: install-data-am +uninstall: uninstall-am + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-am +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +clean: clean-am + +clean-am: clean-generic mostlyclean-am + +distclean: distclean-am + -rm -f Makefile +distclean-am: clean-am distclean-generic + +dvi: dvi-am + +dvi-am: + +html: html-am + +html-am: + +info: info-am + +info-am: + +install-data-am: install-yumpluginsDATA + +install-dvi: install-dvi-am + +install-dvi-am: + +install-exec-am: + +install-html: install-html-am + +install-html-am: + +install-info: install-info-am + +install-info-am: + +install-man: + +install-pdf: install-pdf-am + +install-pdf-am: + +install-ps: install-ps-am + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-am + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-am + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-am + +pdf-am: + +ps: ps-am + +ps-am: + +uninstall-am: uninstall-yumpluginsDATA + +.MAKE: install-am install-strip + +.PHONY: all all-am check check-am clean clean-generic cscopelist-am \ + ctags-am distclean distclean-generic distdir dvi dvi-am html \ + html-am info info-am install install-am install-data \ + install-data-am install-dvi install-dvi-am install-exec \ + install-exec-am install-html install-html-am install-info \ + install-info-am install-man install-pdf install-pdf-am \ + install-ps install-ps-am install-strip install-yumpluginsDATA \ + installcheck installcheck-am installdirs maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags-am uninstall uninstall-am \ + uninstall-yumpluginsDATA + + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.0.0~alpha1/configure lxc-1.0.8/configure --- lxc-1.0.0~alpha1/configure 2013-09-10 22:30:07.000000000 +0000 +++ lxc-1.0.8/configure 2015-11-09 22:49:19.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc 1.0.0.alpha1. +# Generated by GNU Autoconf 2.69 for lxc 1.0.8. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc' PACKAGE_TARNAME='lxc' -PACKAGE_VERSION='1.0.0.alpha1' -PACKAGE_STRING='lxc 1.0.0.alpha1' +PACKAGE_VERSION='1.0.8' +PACKAGE_STRING='lxc 1.0.8' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -630,10 +630,12 @@ HAVE_GETLINE_TRUE IS_BIONIC_FALSE IS_BIONIC_TRUE -CAP_LIBS +DEFAULT_CGROUP_PATTERN +RUNTIME_PATH LOGPATH LXCINITDIR LXCHOOKDIR +LXCTEMPLATECONFIG LXCTEMPLATEDIR LXCROOTFSMOUNT LXC_USERNIC_DB @@ -641,7 +643,6 @@ LXC_GLOBAL_CONF LXCPATH LXC_GENERATE_DATE -LXC_DISTRO_CONF DOCDIR LOCALSTATEDIR DATADIR @@ -649,6 +650,7 @@ SYSCONFDIR INCLUDEDIR LIBEXECDIR +SBINDIR BINDIR LIBDIR PREFIX @@ -656,18 +658,17 @@ USE_CONFIGPATH_LOGS_TRUE ENABLE_TESTS_FALSE ENABLE_TESTS_TRUE -LUA_INSTALL_LMOD -LUA_INSTALL_CMOD +ENABLE_BASH_FALSE +ENABLE_BASH_TRUE +LUA_SHAREDIR +LUA_LIBDIR LUA_VERSION ENABLE_LUA_FALSE ENABLE_LUA_TRUE LUA_LIBS LUA_CFLAGS -PYTHONDEV_LIBS -PYTHONDEV_CFLAGS -PKG_CONFIG_LIBDIR -PKG_CONFIG_PATH -PKG_CONFIG +MUTEX_DEBUGGING_FALSE +MUTEX_DEBUGGING_TRUE pkgpyexecdir pyexecdir pkgpythondir @@ -679,23 +680,52 @@ PYTHON ENABLE_PYTHON_FALSE ENABLE_PYTHON_TRUE +PYTHONDEV_LIBS +PYTHONDEV_CFLAGS ENABLE_EXAMPLES_FALSE ENABLE_EXAMPLES_TRUE +CAP_LIBS +ENABLE_CAP_FALSE +ENABLE_CAP_TRUE +DBUS_LIBS +DBUS_CFLAGS +NIH_DBUS_LIBS +NIH_DBUS_CFLAGS +NIH_LIBS +NIH_CFLAGS +CGMANAGER_LIBS +CGMANAGER_CFLAGS +ENABLE_CGMANAGER_FALSE +ENABLE_CGMANAGER_TRUE SECCOMP_LIBS +SECCOMP_CFLAGS ENABLE_SECCOMP_FALSE ENABLE_SECCOMP_TRUE +SELINUX_LIBS +ENABLE_SELINUX_FALSE +ENABLE_SELINUX_TRUE APPARMOR_LIBS ENABLE_APPARMOR_FALSE ENABLE_APPARMOR_TRUE +ENABLE_API_DOCS_FALSE +ENABLE_API_DOCS_TRUE +HAVE_DOXYGEN docdtd +USE_DOCBOOK2X_FALSE +USE_DOCBOOK2X_TRUE ENABLE_DOCBOOK_FALSE ENABLE_DOCBOOK_TRUE db2xman ENABLE_RPATH_FALSE ENABLE_RPATH_TRUE -HAVE_NEWUIDMAP_FALSE -HAVE_NEWUIDMAP_TRUE -NEWUIDMAP +INIT_SCRIPT_UPSTART_FALSE +INIT_SCRIPT_UPSTART_TRUE +INIT_SCRIPT_SYSTEMD_FALSE +INIT_SCRIPT_SYSTEMD_TRUE +INIT_SCRIPT_SYSV_FALSE +INIT_SCRIPT_SYSV_TRUE +DISTRO_UBUNTU_FALSE +DISTRO_UBUNTU_TRUE HAVE_DEBIAN_FALSE HAVE_DEBIAN_TRUE EGREP @@ -753,6 +783,15 @@ INSTALL_DATA INSTALL_SCRIPT INSTALL_PROGRAM +LXC_VERSION +LXC_VERSION_MICRO +LXC_VERSION_MINOR +LXC_VERSION_MAJOR +LXC_VERSION_BETA +LXC_VERSION_BASE +PKG_CONFIG_LIBDIR +PKG_CONFIG_PATH +PKG_CONFIG target_alias host_alias build_alias @@ -797,44 +836,60 @@ enable_silent_rules enable_dependency_tracking with_distro +with_init_script enable_rpath enable_doc +enable_api_docs enable_apparmor +enable_selinux enable_seccomp +enable_cgmanager +enable_capabilities enable_examples enable_python +enable_mutex_debugging enable_lua with_lua_pc +enable_bash enable_tests +with_runtime_path with_config_path with_global_conf with_usernic_conf with_usernic_db with_rootfs_path +with_cgroup_pattern enable_configpath_log with_log_path -enable_capabilities ' ac_precious_vars='build_alias host_alias target_alias +PKG_CONFIG +PKG_CONFIG_PATH +PKG_CONFIG_LIBDIR CC CFLAGS LDFLAGS LIBS CPPFLAGS CPP -PYTHON -PKG_CONFIG -PKG_CONFIG_PATH -PKG_CONFIG_LIBDIR +SECCOMP_CFLAGS +SECCOMP_LIBS +CGMANAGER_CFLAGS +CGMANAGER_LIBS +NIH_CFLAGS +NIH_LIBS +NIH_DBUS_CFLAGS +NIH_DBUS_LIBS +DBUS_CFLAGS +DBUS_LIBS PYTHONDEV_CFLAGS PYTHONDEV_LIBS +PYTHON LUA_CFLAGS LUA_LIBS -LUA_VERSION -LUA_INSTALL_CMOD -LUA_INSTALL_LMOD' +LUA_VERSION' # Initialize some variables set by options. @@ -1375,7 +1430,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc 1.0.0.alpha1 to adapt to many kinds of systems. +\`configure' configures lxc 1.0.8 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1445,7 +1500,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc 1.0.0.alpha1:";; + short | recursive ) echo "Configuration of lxc 1.0.8:";; esac cat <<\_ACEOF @@ -1459,33 +1514,51 @@ do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build - --disable-rpath do not set rpath in executables - --enable-doc make mans (requires docbook2man or docbook2x-man to - be installed) [default=auto] - --enable-apparmor enable apparmor - --enable-seccomp enable seccomp - --disable-examples do not install configuration examples - --enable-python enable python binding - --enable-lua enable lua binding - --enable-tests build test/example binaries - --enable-configpath-log use logfiles in config path - --disable-capabilities disable kernel capabilities + --enable-rpath set rpath in executables [default=no] + --enable-doc make man pages [default=auto] + --enable-api-docs make API documentation [default=auto] + --enable-apparmor enable apparmor support [default=auto] + --enable-selinux enable SELinux support [default=auto] + --enable-seccomp enable seccomp support [default=auto] + --enable-cgmanager enable cgmanager support [default=auto] + --enable-capabilities enable kernel capabilities support [default=auto] + --enable-examples install examples [default=yes] + --enable-python enable python binding [default=auto] + --enable-mutex-debugging + Makes mutexes to report error and provide stack + trace [default=no] + --enable-lua enable lua binding [default=auto] + --enable-bash build bash integration [default=yes] + --enable-tests build test/example binaries [default=no] + --enable-configpath-log use logfiles in config path [default=no] Optional Packages: --with-PACKAGE[=ARG] use PACKAGE [ARG=yes] --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-distro=DISTRO Specify the Linux distribution to target: One of - redhat, oracle, fedora, suse, gentoo, debian, arch, - slackware, paldo, mandriva or pardus. + redhat, oracle, centos, fedora, suse, gentoo, + debian, arch, slackware, paldo, openmandriva or + pardus. + --with-init-script[=TYPE[,TYPE,...]] + Type(s) of init script to install: sysvinit, + systemd, upstart, distro [default=distro] --with-lua-pc=PKG Specify pkg-config package name for lua + --with-runtime-path=dir runtime directory (default: /run) --with-config-path=dir lxc configuration repository path --with-global-conf=dir global lxc configuration file --with-usernic-conf user network interface configuration file --with-usernic-db lxc user nic database --with-rootfs-path=dir lxc rootfs mount point + --with-cgroup-pattern=pattern + pattern for container cgroups --with-log-path=dir per container log path Some influential environment variables: + PKG_CONFIG path to pkg-config utility + PKG_CONFIG_PATH + directories to add to pkg-config's search path + PKG_CONFIG_LIBDIR + path overriding pkg-config's built-in search path CC C compiler command CFLAGS C compiler flags LDFLAGS linker flags, e.g. -L if you have libraries in a @@ -1494,23 +1567,30 @@ CPPFLAGS (Objective) C/C++ preprocessor flags, e.g. -I if you have headers in a nonstandard directory CPP C preprocessor - PYTHON the Python interpreter - PKG_CONFIG path to pkg-config utility - PKG_CONFIG_PATH - directories to add to pkg-config's search path - PKG_CONFIG_LIBDIR - path overriding pkg-config's built-in search path + SECCOMP_CFLAGS + C compiler flags for SECCOMP, overriding pkg-config + SECCOMP_LIBS + linker flags for SECCOMP, overriding pkg-config + CGMANAGER_CFLAGS + C compiler flags for CGMANAGER, overriding pkg-config + CGMANAGER_LIBS + linker flags for CGMANAGER, overriding pkg-config + NIH_CFLAGS C compiler flags for NIH, overriding pkg-config + NIH_LIBS linker flags for NIH, overriding pkg-config + NIH_DBUS_CFLAGS + C compiler flags for NIH_DBUS, overriding pkg-config + NIH_DBUS_LIBS + linker flags for NIH_DBUS, overriding pkg-config + DBUS_CFLAGS C compiler flags for DBUS, overriding pkg-config + DBUS_LIBS linker flags for DBUS, overriding pkg-config PYTHONDEV_CFLAGS C compiler flags for PYTHONDEV, overriding pkg-config PYTHONDEV_LIBS linker flags for PYTHONDEV, overriding pkg-config + PYTHON the Python interpreter LUA_CFLAGS C compiler flags for LUA, overriding pkg-config LUA_LIBS linker flags for LUA, overriding pkg-config LUA_VERSION value of V for $LUAPKGCONFIG, overriding pkg-config - LUA_INSTALL_CMOD - value of INSTALL_CMOD for $LUAPKGCONFIG, overriding pkg-config - LUA_INSTALL_LMOD - value of INSTALL_LMOD for $LUAPKGCONFIG, overriding pkg-config Use these variables to override the choices made by `configure' or to help it to find libraries and programs with nonstandard names/locations. @@ -1578,7 +1658,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc configure 1.0.0.alpha1 +lxc configure 1.0.8 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2043,7 +2123,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc $as_me 1.0.0.alpha1, which was +It was created by lxc $as_me 1.0.8, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2392,6 +2472,141 @@ +# We need pkg-config + + + + + + + +if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then + if test -n "$ac_tool_prefix"; then + # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. +set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +PKG_CONFIG=$ac_cv_path_PKG_CONFIG +if test -n "$PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 +$as_echo "$PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + +fi +if test -z "$ac_cv_path_PKG_CONFIG"; then + ac_pt_PKG_CONFIG=$PKG_CONFIG + # Extract the first word of "pkg-config", so it can be a program name with args. +set dummy pkg-config; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : + $as_echo_n "(cached) " >&6 +else + case $ac_pt_PKG_CONFIG in + [\\/]* | ?:[\\/]*) + ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. + ;; + *) + as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + + ;; +esac +fi +ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG +if test -n "$ac_pt_PKG_CONFIG"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 +$as_echo "$ac_pt_PKG_CONFIG" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + if test "x$ac_pt_PKG_CONFIG" = x; then + PKG_CONFIG="" + else + case $cross_compiling:$ac_tool_warned in +yes:) +{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 +$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} +ac_tool_warned=yes ;; +esac + PKG_CONFIG=$ac_pt_PKG_CONFIG + fi +else + PKG_CONFIG="$ac_cv_path_PKG_CONFIG" +fi + +fi +if test -n "$PKG_CONFIG"; then + _pkg_min_version=0.9.0 + { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 +$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } + if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + PKG_CONFIG="" + fi +fi + +LXC_VERSION_BASE=1.0.8 + + + +LXC_VERSION_MAJOR=1 + +LXC_VERSION_MINOR=0 + +LXC_VERSION_MICRO=8 + +LXC_VERSION=1.0.8 + + ac_aux_dir= for ac_dir in config "$srcdir"/config; do @@ -2424,7 +2639,7 @@ ac_config_headers="$ac_config_headers src/config.h" -am__api_version='1.13' +am__api_version='1.14' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2910,7 +3125,7 @@ # Define the identity of the package. PACKAGE='lxc' - VERSION='1.0.0.alpha1' + VERSION='1.0.8' cat >>confdefs.h <<_ACEOF @@ -2961,6 +3176,47 @@ +# POSIX will say in a future version that running "rm -f" with no argument +# is OK; and we want to be able to make that assumption in our Makefile +# recipes. So use an aggressive probe to check that the usage we want is +# actually supported "in the wild" to an acceptable degree. +# See automake bug#10828. +# To make any issue more visible, cause the running configure to be aborted +# by default if the 'rm' program in use doesn't match our expectations; the +# user can still override this though. +if rm -f && rm -fr && rm -rf; then : OK; else + cat >&2 <<'END' +Oops! + +Your 'rm' program seems unable to run without file operands specified +on the command line, even when the '-f' option is present. This is contrary +to the behaviour of most rm programs out there, and not conforming with +the upcoming POSIX standard: + +Please tell bug-automake@gnu.org about your system, including the value +of your $PATH and any error possibly output before this message. This +can help us improve future automake versions. + +END + if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then + echo 'Configuration will proceed anyway, since you have set the' >&2 + echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 + echo >&2 + else + cat >&2 <<'END' +Aborting the configuration process, to ensure you take notice of the issue. + +You can download and install GNU coreutils to get an 'rm' implementation +that behaves properly: . + +If you want to complete the configuration process using your problematic +'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM +to "yes", and re-run configure. + +END + as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 + fi +fi # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 @@ -3884,6 +4140,65 @@ ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' ac_compiler_gnu=$ac_cv_c_compiler_gnu +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC understands -c and -o together" >&5 +$as_echo_n "checking whether $CC understands -c and -o together... " >&6; } +if ${am_cv_prog_cc_c_o+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +int +main () +{ + + ; + return 0; +} +_ACEOF + # Make sure it works both with $CC and with simple cc. + # Following AC_PROG_CC_C_O, we do the test twice because some + # compilers refuse to overwrite an existing .o file with -o, + # though they will create one. + am_cv_prog_cc_c_o=yes + for am_i in 1 2; do + if { echo "$as_me:$LINENO: $CC -c conftest.$ac_ext -o conftest2.$ac_objext" >&5 + ($CC -c conftest.$ac_ext -o conftest2.$ac_objext) >&5 2>&5 + ac_status=$? + echo "$as_me:$LINENO: \$? = $ac_status" >&5 + (exit $ac_status); } \ + && test -f conftest2.$ac_objext; then + : OK + else + am_cv_prog_cc_c_o=no + break + fi + done + rm -f core conftest* + unset am_i +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $am_cv_prog_cc_c_o" >&5 +$as_echo "$am_cv_prog_cc_c_o" >&6; } +if test "$am_cv_prog_cc_c_o" != yes; then + # Losing compiler, so override with the script. + # FIXME: It is wrong to rewrite CC. + # But if we don't then we get into trouble of one sort or another. + # A longer-term fix would be to have automake use am__CC in this case, + # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" + CC="$am_aux_dir/compile $CC" +fi +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu + + depcc="$CC" am_compiler_list= { $as_echo "$as_me:${as_lineno-$LINENO}: checking dependency style of $depcc" >&5 @@ -4012,176 +4327,51 @@ fi -if test "x$CC" != xcc; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC and cc understand -c and -o together" >&5 -$as_echo_n "checking whether $CC and cc understand -c and -o together... " >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: checking whether cc understands -c and -o together" >&5 -$as_echo_n "checking whether cc understands -c and -o together... " >&6; } -fi -set dummy $CC; ac_cc=`$as_echo "$2" | - sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` -if eval \${ac_cv_prog_cc_${ac_cc}_c_o+:} false; then : + + +ac_ext=c +ac_cpp='$CPP $CPPFLAGS' +ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' +ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' +ac_compiler_gnu=$ac_cv_c_compiler_gnu +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 +$as_echo_n "checking how to run the C preprocessor... " >&6; } +# On Suns, sometimes $CPP names a directory. +if test -n "$CPP" && test -d "$CPP"; then + CPP= +fi +if test -z "$CPP"; then + if ${ac_cv_prog_CPP+:} false; then : $as_echo_n "(cached) " >&6 else + # Double quotes because CPP needs to be expanded + for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" + do + ac_preproc_ok=false +for ac_c_preproc_warn_flag in '' yes +do + # Use a header file that comes with gcc, so configuring glibc + # with a fresh cross-compiler works. + # Prefer to if __STDC__ is defined, since + # exists even on freestanding compilers. + # On the NeXT, cc -E runs the code through the compiler's parser, + # not just through cpp. "Syntax error" is here to catch this case. cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ +#ifdef __STDC__ +# include +#else +# include +#endif + Syntax error +_ACEOF +if ac_fn_c_try_cpp "$LINENO"; then : -int -main () -{ - - ; - return 0; -} -_ACEOF -# Make sure it works both with $CC and with simple cc. -# We do the test twice because some compilers refuse to overwrite an -# existing .o file with -o, though they will create one. -ac_try='$CC -c conftest.$ac_ext -o conftest2.$ac_objext >&5' -rm -f conftest2.* -if { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && - test -f conftest2.$ac_objext && { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; -then - eval ac_cv_prog_cc_${ac_cc}_c_o=yes - if test "x$CC" != xcc; then - # Test first that cc exists at all. - if { ac_try='cc -c conftest.$ac_ext >&5' - { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; }; then - ac_try='cc -c conftest.$ac_ext -o conftest2.$ac_objext >&5' - rm -f conftest2.* - if { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; } && - test -f conftest2.$ac_objext && { { case "(($ac_try" in - *\"* | *\`* | *\\*) ac_try_echo=\$ac_try;; - *) ac_try_echo=$ac_try;; -esac -eval ac_try_echo="\"\$as_me:${as_lineno-$LINENO}: $ac_try_echo\"" -$as_echo "$ac_try_echo"; } >&5 - (eval "$ac_try") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; - then - # cc works too. - : - else - # cc exists but doesn't like -o. - eval ac_cv_prog_cc_${ac_cc}_c_o=no - fi - fi - fi -else - eval ac_cv_prog_cc_${ac_cc}_c_o=no -fi -rm -f core conftest* - -fi -if eval test \$ac_cv_prog_cc_${ac_cc}_c_o = yes; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - -$as_echo "#define NO_MINUS_C_MINUS_O 1" >>confdefs.h - -fi - -# FIXME: we rely on the cache variable name because -# there is no other way. -set dummy $CC -am_cc=`echo $2 | sed 's/[^a-zA-Z0-9_]/_/g;s/^[0-9]/_/'` -eval am_t=\$ac_cv_prog_cc_${am_cc}_c_o -if test "$am_t" != yes; then - # Losing compiler, so override with the script. - # FIXME: It is wrong to rewrite CC. - # But if we don't then we get into trouble of one sort or another. - # A longer-term fix would be to have automake use am__CC in this case, - # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" - CC="$am_aux_dir/compile $CC" -fi - - - -ac_ext=c -ac_cpp='$CPP $CPPFLAGS' -ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5' -ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5' -ac_compiler_gnu=$ac_cv_c_compiler_gnu -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking how to run the C preprocessor" >&5 -$as_echo_n "checking how to run the C preprocessor... " >&6; } -# On Suns, sometimes $CPP names a directory. -if test -n "$CPP" && test -d "$CPP"; then - CPP= -fi -if test -z "$CPP"; then - if ${ac_cv_prog_CPP+:} false; then : - $as_echo_n "(cached) " >&6 -else - # Double quotes because CPP needs to be expanded - for CPP in "$CC -E" "$CC -E -traditional-cpp" "/lib/cpp" - do - ac_preproc_ok=false -for ac_c_preproc_warn_flag in '' yes -do - # Use a header file that comes with gcc, so configuring glibc - # with a fresh cross-compiler works. - # Prefer to if __STDC__ is defined, since - # exists even on freestanding compilers. - # On the NeXT, cc -E runs the code through the compiler's parser, - # not just through cpp. "Syntax error" is here to catch this case. - cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ -#ifdef __STDC__ -# include -#else -# include -#endif - Syntax error -_ACEOF -if ac_fn_c_try_cpp "$LINENO"; then : - -else - # Broken: fails on valid input. -continue -fi -rm -f conftest.err conftest.i conftest.$ac_ext +else + # Broken: fails on valid input. +continue +fi +rm -f conftest.err conftest.i conftest.$ac_ext # OK, works on sane cases. Now check whether nonexistent headers # can be detected and how. @@ -4609,7 +4799,7 @@ withval=$with_distro; fi -if test "z$with_distro" = "z"; then +if type lsb_release >/dev/null 2>&1 && test "z$with_distro" = "z"; then with_distro=`lsb_release -is` fi if test "z$with_distro" = "z"; then @@ -4651,6 +4841,25 @@ with_distro="oracle" fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/centos-release" >&5 +$as_echo_n "checking for /etc/centos-release... " >&6; } +if ${ac_cv_file__etc_centos_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/centos-release"; then + ac_cv_file__etc_centos_release=yes +else + ac_cv_file__etc_centos_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_centos_release" >&5 +$as_echo "$ac_cv_file__etc_centos_release" >&6; } +if test "x$ac_cv_file__etc_centos_release" = xyes; then : + with_distro="centos" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/fedora-release" >&5 $as_echo_n "checking for /etc/fedora-release... " >&6; } if ${ac_cv_file__etc_fedora_release+:} false; then : @@ -4800,7 +5009,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_mandrakelinux_release" >&5 $as_echo "$ac_cv_file__etc_mandrakelinux_release" >&6; } if test "x$ac_cv_file__etc_mandrakelinux_release" = xyes; then : - with_distro="mandriva" + with_distro="openmandriva" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/mandriva-release" >&5 @@ -4819,7 +5028,7 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_mandriva_release" >&5 $as_echo "$ac_cv_file__etc_mandriva_release" >&6; } if test "x$ac_cv_file__etc_mandriva_release" = xyes; then : - with_distro="mandriva" + with_distro="openmandriva" fi { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/pardus-release" >&5 @@ -4848,20 +5057,19 @@ with_distro="unknown" fi case $with_distro in - ubuntu) + ubuntu|raspbian) distroconf=default.conf.ubuntu ;; - redhat|fedora|oracle|oracleserver) + redhat|centos|fedora|oracle|oracleserver) distroconf=default.conf.libvirt ;; *) - echo -n "Linux distribution network config unknown, defaulting to lxc.network.type = empty" distroconf=default.conf.unknown ;; esac { $as_echo "$as_me:${as_lineno-$LINENO}: result: $with_distro" >&5 $as_echo "$with_distro" >&6; } - if test x"$with_distro" = "xdebian" -o x"$with_distro" = "xubuntu"; then + if test x"$with_distro" = "xdebian" -o x"$with_distro" = "xubuntu" -o x"$with_distro" = "xraspbian"; then HAVE_DEBIAN_TRUE= HAVE_DEBIAN_FALSE='#' else @@ -4869,59 +5077,100 @@ HAVE_DEBIAN_FALSE= fi + if test "x$with_distro" = "xubuntu"; then + DISTRO_UBUNTU_TRUE= + DISTRO_UBUNTU_FALSE='#' +else + DISTRO_UBUNTU_TRUE='#' + DISTRO_UBUNTU_FALSE= +fi + -# Extract the first word of "newuidmap", so it can be a program name with args. -set dummy newuidmap; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_prog_NEWUIDMAP+:} false; then : - $as_echo_n "(cached) " >&6 -else - if test -n "$NEWUIDMAP"; then - ac_cv_prog_NEWUIDMAP="$NEWUIDMAP" # Let the user override the test. -else -as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH +ac_config_links="$ac_config_links config/etc/default.conf:config/etc/${distroconf}" + + +# Check for init system type +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for init system type" >&5 +$as_echo_n "checking for init system type... " >&6; } + +# Check whether --with-init-script was given. +if test "${with_init_script+set}" = set; then : + withval=$with_init_script; +else + with_init_script=distro +fi + +case "$with_init_script" in + distro) + case $with_distro in + fedora) + init_script=systemd + ;; + redhat|centos|oracle|oracleserver) + init_script=sysvinit + ;; + debian|raspbian) + init_script=upstart,systemd + ;; + ubuntu) + init_script=upstart + ;; + *) + echo -n "Linux distribution init system unknown." + init_script= + ;; + esac + ;; + *) + init_script=$with_init_script + ;; +esac + +# Check valid init systems were given, run in subshell so we don't mess up IFS +(IFS="," ; for init_sys in $init_script; do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_prog_NEWUIDMAP="newuidmap" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS + case "$init_sys" in + none|sysvinit|systemd|upstart) + ;; + *) + exit 1 + ;; + esac +done) || as_fn_error $? "Unknown init system type in $init_script" "$LINENO" 5 -fi -fi -NEWUIDMAP=$ac_cv_prog_NEWUIDMAP -if test -n "$NEWUIDMAP"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $NEWUIDMAP" >&5 -$as_echo "$NEWUIDMAP" >&6; } + if echo "$init_script" |grep -q "sysvinit"; then + INIT_SCRIPT_SYSV_TRUE= + INIT_SCRIPT_SYSV_FALSE='#' else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + INIT_SCRIPT_SYSV_TRUE='#' + INIT_SCRIPT_SYSV_FALSE= fi + if echo "$init_script" |grep -q "systemd"; then + INIT_SCRIPT_SYSTEMD_TRUE= + INIT_SCRIPT_SYSTEMD_FALSE='#' +else + INIT_SCRIPT_SYSTEMD_TRUE='#' + INIT_SCRIPT_SYSTEMD_FALSE= +fi - if test -n "$NEWUIDMAP"; then - HAVE_NEWUIDMAP_TRUE= - HAVE_NEWUIDMAP_FALSE='#' + if echo "$init_script" |grep -q "upstart"; then + INIT_SCRIPT_UPSTART_TRUE= + INIT_SCRIPT_UPSTART_FALSE='#' else - HAVE_NEWUIDMAP_TRUE='#' - HAVE_NEWUIDMAP_FALSE= + INIT_SCRIPT_UPSTART_TRUE='#' + INIT_SCRIPT_UPSTART_FALSE= fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $init_script" >&5 +$as_echo "$init_script" >&6; } # Allow disabling rpath # Check whether --enable-rpath was given. if test "${enable_rpath+set}" = set; then : enableval=$enable_rpath; else - enable_rpath=yes + enable_rpath=no fi if test "x$enable_rpath" = "xyes"; then @@ -4944,7 +5193,7 @@ if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; then db2xman="" - dbparsers="docbook2x-man db2x_docbook2man docbook2man" + dbparsers="docbook2x-man db2x_docbook2man docbook2man docbook-to-man" { $as_echo "$as_me:${as_lineno-$LINENO}: checking for docbook2x-man" >&5 $as_echo_n "checking for docbook2x-man... " >&6; } @@ -4958,12 +5207,14 @@ if test -n "${db2xman}"; then { $as_echo "$as_me:${as_lineno-$LINENO}: result: ${db2xman}" >&5 $as_echo "${db2xman}" >&6; } + enable_doc="yes" else { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } if test "x$enable_doc" = "xyes"; then - as_fn_error $? "docbook2x-man required by man request, but not found" "$LINENO" 5 + as_fn_error $? "docbook2x-man is required, but could not be found" "$LINENO" 5 fi + enable_doc="no" fi @@ -4976,6 +5227,14 @@ ENABLE_DOCBOOK_FALSE= fi + if test "x$db2xman" != "xdocbook2man"; then + USE_DOCBOOK2X_TRUE= + USE_DOCBOOK2X_FALSE='#' +else + USE_DOCBOOK2X_TRUE='#' + USE_DOCBOOK2X_FALSE= +fi + if test "x$db2xman" = "xdocbook2man"; then docdtd="\"-//Davenport//DTD DocBook V3.0//EN\"" @@ -4984,16 +5243,89 @@ fi +# Documentation (API) +# Check whether --enable-api-docs was given. +if test "${enable_api_docs+set}" = set; then : + enableval=$enable_api_docs; +else + enable_api_docs=auto +fi + + +if test "x$enable_api_docs" = "xyes" -o "x$enable_api_docs" = "xauto"; then + for ac_prog in doxygen +do + # Extract the first word of "$ac_prog", so it can be a program name with args. +set dummy $ac_prog; ac_word=$2 +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 +$as_echo_n "checking for $ac_word... " >&6; } +if ${ac_cv_prog_HAVE_DOXYGEN+:} false; then : + $as_echo_n "(cached) " >&6 +else + if test -n "$HAVE_DOXYGEN"; then + ac_cv_prog_HAVE_DOXYGEN="$HAVE_DOXYGEN" # Let the user override the test. +else +as_save_IFS=$IFS; IFS=$PATH_SEPARATOR +for as_dir in $PATH +do + IFS=$as_save_IFS + test -z "$as_dir" && as_dir=. + for ac_exec_ext in '' $ac_executable_extensions; do + if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then + ac_cv_prog_HAVE_DOXYGEN="$ac_prog" + $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 + break 2 + fi +done + done +IFS=$as_save_IFS + +fi +fi +HAVE_DOXYGEN=$ac_cv_prog_HAVE_DOXYGEN +if test -n "$HAVE_DOXYGEN"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $HAVE_DOXYGEN" >&5 +$as_echo "$HAVE_DOXYGEN" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + + + test -n "$HAVE_DOXYGEN" && break +done + + + + if test "x$HAVE_DOXYGEN" != "x"; then + enable_api_docs="yes" + else + if test "x$enable_api_docs" = "xyes"; then + as_fn_error $? "doxygen is required, but could not be found" "$LINENO" 5 + fi + enable_api_docs="no" + fi +fi + + if test "x$HAVE_DOXYGEN" != "x"; then + ENABLE_API_DOCS_TRUE= + ENABLE_API_DOCS_FALSE='#' +else + ENABLE_API_DOCS_TRUE='#' + ENABLE_API_DOCS_FALSE= +fi + + # Apparmor # Check whether --enable-apparmor was given. if test "${enable_apparmor+set}" = set; then : enableval=$enable_apparmor; else - enable_apparmor=check + enable_apparmor=auto fi -if test "$enable_apparmor" = "check" ; then +if test "$enable_apparmor" = "auto" ; then { $as_echo "$as_me:${as_lineno-$LINENO}: checking for aa_change_profile in -lapparmor" >&5 $as_echo_n "checking for aa_change_profile in -lapparmor... " >&6; } if ${ac_cv_lib_apparmor_aa_change_profile+:} false; then : @@ -5083,12 +5415,9 @@ { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_gnutls_gnutls_hash_fast" >&5 $as_echo "$ac_cv_lib_gnutls_gnutls_hash_fast" >&6; } if test "x$ac_cv_lib_gnutls_gnutls_hash_fast" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBGNUTLS 1 -_ACEOF - - LIBS="-lgnutls $LIBS" - + enable_gnutls=yes +else + enable_gnutls=no fi @@ -5152,23 +5481,23 @@ fi -# Seccomp syscall filter -# Check whether --enable-seccomp was given. -if test "${enable_seccomp+set}" = set; then : - enableval=$enable_seccomp; +# SELinux +# Check whether --enable-selinux was given. +if test "${enable_selinux+set}" = set; then : + enableval=$enable_selinux; else - enable_seccomp=check + enable_selinux=auto fi -if test "$enable_seccomp" = "check" ; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5 -$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; } -if ${ac_cv_lib_seccomp_seccomp_init+:} false; then : +if test "x$enable_selinux" = xauto; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon_raw in -lselinux" >&5 +$as_echo_n "checking for setexeccon_raw in -lselinux... " >&6; } +if ${ac_cv_lib_selinux_setexeccon_raw+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lseccomp $LIBS" +LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5178,58 +5507,57 @@ #ifdef __cplusplus extern "C" #endif -char seccomp_init (); +char setexeccon_raw (); int main () { -return seccomp_init (); +return setexeccon_raw (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_seccomp_seccomp_init=yes + ac_cv_lib_selinux_setexeccon_raw=yes else - ac_cv_lib_seccomp_seccomp_init=no + ac_cv_lib_selinux_setexeccon_raw=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5 -$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; } -if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then : - enable_seccomp=yes +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon_raw" >&5 +$as_echo "$ac_cv_lib_selinux_setexeccon_raw" >&6; } +if test "x$ac_cv_lib_selinux_setexeccon_raw" = xyes; then : + enable_selinux=yes else - enable_seccomp=no + enable_selinux=no fi fi - if test "x$enable_seccomp" = "xyes"; then - ENABLE_SECCOMP_TRUE= - ENABLE_SECCOMP_FALSE='#' + if test "x$enable_selinux" = "xyes"; then + ENABLE_SELINUX_TRUE= + ENABLE_SELINUX_FALSE='#' else - ENABLE_SECCOMP_TRUE='#' - ENABLE_SECCOMP_FALSE= + ENABLE_SELINUX_TRUE='#' + ENABLE_SELINUX_FALSE= fi - -if test -z "$ENABLE_SECCOMP_TRUE"; then : - ac_fn_c_check_header_mongrel "$LINENO" "seccomp.h" "ac_cv_header_seccomp_h" "$ac_includes_default" -if test "x$ac_cv_header_seccomp_h" = xyes; then : +if test -z "$ENABLE_SELINUX_TRUE"; then : + ac_fn_c_check_header_mongrel "$LINENO" "selinux/selinux.h" "ac_cv_header_selinux_selinux_h" "$ac_includes_default" +if test "x$ac_cv_header_selinux_selinux_h" = xyes; then : else - as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 + as_fn_error $? "You must install the SELinux development package in order to compile lxc" "$LINENO" 5 fi - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5 -$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; } -if ${ac_cv_lib_seccomp_seccomp_init+:} false; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for setexeccon_raw in -lselinux" >&5 +$as_echo_n "checking for setexeccon_raw in -lselinux... " >&6; } +if ${ac_cv_lib_selinux_setexeccon_raw+:} false; then : $as_echo_n "(cached) " >&6 else ac_check_lib_save_LIBS=$LIBS -LIBS="-lseccomp $LIBS" +LIBS="-lselinux $LIBS" cat confdefs.h - <<_ACEOF >conftest.$ac_ext /* end confdefs.h. */ @@ -5239,42 +5567,977 @@ #ifdef __cplusplus extern "C" #endif -char seccomp_init (); +char setexeccon_raw (); int main () { -return seccomp_init (); +return setexeccon_raw (); ; return 0; } _ACEOF if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_seccomp_seccomp_init=yes + ac_cv_lib_selinux_setexeccon_raw=yes else - ac_cv_lib_seccomp_seccomp_init=no + ac_cv_lib_selinux_setexeccon_raw=no fi rm -f core conftest.err conftest.$ac_objext \ conftest$ac_exeext conftest.$ac_ext LIBS=$ac_check_lib_save_LIBS fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5 -$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; } -if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then : - cat >>confdefs.h <<_ACEOF -#define HAVE_LIBSECCOMP 1 -_ACEOF +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_selinux_setexeccon_raw" >&5 +$as_echo "$ac_cv_lib_selinux_setexeccon_raw" >&6; } +if test "x$ac_cv_lib_selinux_setexeccon_raw" = xyes; then : + true +else + as_fn_error $? "You must install the SELinux development package in order to compile lxc" "$LINENO" 5 +fi - LIBS="-lseccomp $LIBS" + SELINUX_LIBS=-lselinux +fi + +# Seccomp syscall filter +# Check whether --enable-seccomp was given. +if test "${enable_seccomp+set}" = set; then : + enableval=$enable_seccomp; +else + enable_seccomp=auto +fi + + +if test "x$enable_seccomp" = "xauto" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5 +$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; } +if ${ac_cv_lib_seccomp_seccomp_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lseccomp $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char seccomp_init (); +int +main () +{ +return seccomp_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_seccomp_seccomp_init=yes +else + ac_cv_lib_seccomp_seccomp_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5 +$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; } +if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then : + enable_seccomp=yes +else + enable_seccomp=no +fi + +fi + if test "x$enable_seccomp" = "xyes"; then + ENABLE_SECCOMP_TRUE= + ENABLE_SECCOMP_FALSE='#' +else + ENABLE_SECCOMP_TRUE='#' + ENABLE_SECCOMP_FALSE= +fi + + +if test -z "$ENABLE_SECCOMP_TRUE"; then : + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for SECCOMP" >&5 +$as_echo_n "checking for SECCOMP... " >&6; } + +if test -n "$SECCOMP_CFLAGS"; then + pkg_cv_SECCOMP_CFLAGS="$SECCOMP_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libseccomp\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libseccomp") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SECCOMP_CFLAGS=`$PKG_CONFIG --cflags "libseccomp" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$SECCOMP_LIBS"; then + pkg_cv_SECCOMP_LIBS="$SECCOMP_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libseccomp\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libseccomp") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_SECCOMP_LIBS=`$PKG_CONFIG --libs "libseccomp" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + SECCOMP_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libseccomp" 2>&1` + else + SECCOMP_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libseccomp" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$SECCOMP_PKG_ERRORS" >&5 + + + ac_fn_c_check_header_mongrel "$LINENO" "seccomp.h" "ac_cv_header_seccomp_h" "$ac_includes_default" +if test "x$ac_cv_header_seccomp_h" = xyes; then : + +else + as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5 +$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; } +if ${ac_cv_lib_seccomp_seccomp_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lseccomp $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char seccomp_init (); +int +main () +{ +return seccomp_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_seccomp_seccomp_init=yes +else + ac_cv_lib_seccomp_seccomp_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5 +$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; } +if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSECCOMP 1 +_ACEOF + + LIBS="-lseccomp $LIBS" + +else + as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 +fi + + SECCOMP_LIBS=-lseccomp + + +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + + ac_fn_c_check_header_mongrel "$LINENO" "seccomp.h" "ac_cv_header_seccomp_h" "$ac_includes_default" +if test "x$ac_cv_header_seccomp_h" = xyes; then : + +else + as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 +fi + + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for seccomp_init in -lseccomp" >&5 +$as_echo_n "checking for seccomp_init in -lseccomp... " >&6; } +if ${ac_cv_lib_seccomp_seccomp_init+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lseccomp $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char seccomp_init (); +int +main () +{ +return seccomp_init (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_seccomp_seccomp_init=yes +else + ac_cv_lib_seccomp_seccomp_init=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_seccomp_seccomp_init" >&5 +$as_echo "$ac_cv_lib_seccomp_seccomp_init" >&6; } +if test "x$ac_cv_lib_seccomp_seccomp_init" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBSECCOMP 1 +_ACEOF + + LIBS="-lseccomp $LIBS" + +else + as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 +fi + + SECCOMP_LIBS=-lseccomp + + +else + SECCOMP_CFLAGS=$pkg_cv_SECCOMP_CFLAGS + SECCOMP_LIBS=$pkg_cv_SECCOMP_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +fi + +# cgmanager +# Check whether --enable-cgmanager was given. +if test "${enable_cgmanager+set}" = set; then : + enableval=$enable_cgmanager; +else + enable_cgmanager=auto +fi + + +if test "x$enable_cgmanager" = "xauto" ; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cgmanager_create in -lcgmanager" >&5 +$as_echo_n "checking for cgmanager_create in -lcgmanager... " >&6; } +if ${ac_cv_lib_cgmanager_cgmanager_create+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcgmanager -lnih -lnih-dbus -ldbus-1 $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cgmanager_create (); +int +main () +{ +return cgmanager_create (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_cgmanager_cgmanager_create=yes +else + ac_cv_lib_cgmanager_cgmanager_create=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cgmanager_cgmanager_create" >&5 +$as_echo "$ac_cv_lib_cgmanager_cgmanager_create" >&6; } +if test "x$ac_cv_lib_cgmanager_cgmanager_create" = xyes; then : + enable_cgmanager=yes +else + enable_cgmanager=no +fi + +fi + if test "x$enable_cgmanager" = "xyes"; then + ENABLE_CGMANAGER_TRUE= + ENABLE_CGMANAGER_FALSE='#' +else + ENABLE_CGMANAGER_TRUE='#' + ENABLE_CGMANAGER_FALSE= +fi + + +if test -z "$ENABLE_CGMANAGER_TRUE"; then : + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for CGMANAGER" >&5 +$as_echo_n "checking for CGMANAGER... " >&6; } + +if test -n "$CGMANAGER_CFLAGS"; then + pkg_cv_CGMANAGER_CFLAGS="$CGMANAGER_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcgmanager\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcgmanager") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CGMANAGER_CFLAGS=`$PKG_CONFIG --cflags "libcgmanager" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$CGMANAGER_LIBS"; then + pkg_cv_CGMANAGER_LIBS="$CGMANAGER_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libcgmanager\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libcgmanager") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_CGMANAGER_LIBS=`$PKG_CONFIG --libs "libcgmanager" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + CGMANAGER_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libcgmanager" 2>&1` + else + CGMANAGER_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libcgmanager" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$CGMANAGER_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libcgmanager) were not met: + +$CGMANAGER_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables CGMANAGER_CFLAGS +and CGMANAGER_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables CGMANAGER_CFLAGS +and CGMANAGER_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + CGMANAGER_CFLAGS=$pkg_cv_CGMANAGER_CFLAGS + CGMANAGER_LIBS=$pkg_cv_CGMANAGER_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NIH" >&5 +$as_echo_n "checking for NIH... " >&6; } + +if test -n "$NIH_CFLAGS"; then + pkg_cv_NIH_CFLAGS="$NIH_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnih >= 1.0.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnih >= 1.0.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NIH_CFLAGS=`$PKG_CONFIG --cflags "libnih >= 1.0.2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$NIH_LIBS"; then + pkg_cv_NIH_LIBS="$NIH_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnih >= 1.0.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnih >= 1.0.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NIH_LIBS=`$PKG_CONFIG --libs "libnih >= 1.0.2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + NIH_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnih >= 1.0.2" 2>&1` + else + NIH_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnih >= 1.0.2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$NIH_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libnih >= 1.0.2) were not met: + +$NIH_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables NIH_CFLAGS +and NIH_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables NIH_CFLAGS +and NIH_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + NIH_CFLAGS=$pkg_cv_NIH_CFLAGS + NIH_LIBS=$pkg_cv_NIH_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for NIH_DBUS" >&5 +$as_echo_n "checking for NIH_DBUS... " >&6; } + +if test -n "$NIH_DBUS_CFLAGS"; then + pkg_cv_NIH_DBUS_CFLAGS="$NIH_DBUS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnih-dbus >= 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnih-dbus >= 1.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NIH_DBUS_CFLAGS=`$PKG_CONFIG --cflags "libnih-dbus >= 1.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$NIH_DBUS_LIBS"; then + pkg_cv_NIH_DBUS_LIBS="$NIH_DBUS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"libnih-dbus >= 1.0.0\""; } >&5 + ($PKG_CONFIG --exists --print-errors "libnih-dbus >= 1.0.0") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_NIH_DBUS_LIBS=`$PKG_CONFIG --libs "libnih-dbus >= 1.0.0" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + NIH_DBUS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "libnih-dbus >= 1.0.0" 2>&1` + else + NIH_DBUS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "libnih-dbus >= 1.0.0" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$NIH_DBUS_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (libnih-dbus >= 1.0.0) were not met: + +$NIH_DBUS_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables NIH_DBUS_CFLAGS +and NIH_DBUS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables NIH_DBUS_CFLAGS +and NIH_DBUS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + NIH_DBUS_CFLAGS=$pkg_cv_NIH_DBUS_CFLAGS + NIH_DBUS_LIBS=$pkg_cv_NIH_DBUS_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for DBUS" >&5 +$as_echo_n "checking for DBUS... " >&6; } + +if test -n "$DBUS_CFLAGS"; then + pkg_cv_DBUS_CFLAGS="$DBUS_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dbus-1 >= 1.2.16\""; } >&5 + ($PKG_CONFIG --exists --print-errors "dbus-1 >= 1.2.16") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_DBUS_CFLAGS=`$PKG_CONFIG --cflags "dbus-1 >= 1.2.16" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes +else + pkg_failed=yes +fi + else + pkg_failed=untried +fi +if test -n "$DBUS_LIBS"; then + pkg_cv_DBUS_LIBS="$DBUS_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"dbus-1 >= 1.2.16\""; } >&5 + ($PKG_CONFIG --exists --print-errors "dbus-1 >= 1.2.16") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_DBUS_LIBS=`$PKG_CONFIG --libs "dbus-1 >= 1.2.16" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - as_fn_error $? "You must install the seccomp development package in order to compile lxc" "$LINENO" 5 + pkg_failed=yes +fi + else + pkg_failed=untried +fi + + + +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes +else + _pkg_short_errors_supported=no +fi + if test $_pkg_short_errors_supported = yes; then + DBUS_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "dbus-1 >= 1.2.16" 2>&1` + else + DBUS_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "dbus-1 >= 1.2.16" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$DBUS_PKG_ERRORS" >&5 + + as_fn_error $? "Package requirements (dbus-1 >= 1.2.16) were not met: + +$DBUS_PKG_ERRORS + +Consider adjusting the PKG_CONFIG_PATH environment variable if you +installed software in a non-standard prefix. + +Alternatively, you may set the environment variables DBUS_CFLAGS +and DBUS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details." "$LINENO" 5 +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error $? "The pkg-config script could not be found or is too old. Make sure it +is in your PATH or set the PKG_CONFIG environment variable to the full +path to pkg-config. + +Alternatively, you may set the environment variables DBUS_CFLAGS +and DBUS_LIBS to avoid the need to call pkg-config. +See the pkg-config man page for more details. + +To get pkg-config, see . +See \`config.log' for more details" "$LINENO" 5; } +else + DBUS_CFLAGS=$pkg_cv_DBUS_CFLAGS + DBUS_LIBS=$pkg_cv_DBUS_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + +fi + +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for get_pid_cgroup_abs_sync" >&5 +$as_echo_n "checking for get_pid_cgroup_abs_sync... " >&6; } +save_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing cgmanager_get_pid_cgroup_abs_sync" >&5 +$as_echo_n "checking for library containing cgmanager_get_pid_cgroup_abs_sync... " >&6; } +if ${ac_cv_search_cgmanager_get_pid_cgroup_abs_sync+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cgmanager_get_pid_cgroup_abs_sync (); +int +main () +{ +return cgmanager_get_pid_cgroup_abs_sync (); + ; + return 0; +} +_ACEOF +for ac_lib in '' cgmanager; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib -lnih -lnih-dbus -ldbus-1 $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_cgmanager_get_pid_cgroup_abs_sync=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_cgmanager_get_pid_cgroup_abs_sync+:} false; then : + break +fi +done +if ${ac_cv_search_cgmanager_get_pid_cgroup_abs_sync+:} false; then : + +else + ac_cv_search_cgmanager_get_pid_cgroup_abs_sync=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_cgmanager_get_pid_cgroup_abs_sync" >&5 +$as_echo "$ac_cv_search_cgmanager_get_pid_cgroup_abs_sync" >&6; } +ac_res=$ac_cv_search_cgmanager_get_pid_cgroup_abs_sync +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + have_abs_cgroups=yes +else + have_abs_cgroups=no +fi + +LIBS=$save_LIBS +if test "x$have_abs_cgroups" = "xyes"; then + +$as_echo "#define HAVE_CGMANAGER_GET_PID_CGROUP_ABS_SYNC 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for cgmanager_list_controllers" >&5 +$as_echo_n "checking for cgmanager_list_controllers... " >&6; } +save_LIBS=$LIBS +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for library containing cgmanager_list_controllers_sync" >&5 +$as_echo_n "checking for library containing cgmanager_list_controllers_sync... " >&6; } +if ${ac_cv_search_cgmanager_list_controllers_sync+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_func_search_save_LIBS=$LIBS +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cgmanager_list_controllers_sync (); +int +main () +{ +return cgmanager_list_controllers_sync (); + ; + return 0; +} +_ACEOF +for ac_lib in '' cgmanager; do + if test -z "$ac_lib"; then + ac_res="none required" + else + ac_res=-l$ac_lib + LIBS="-l$ac_lib -lnih -lnih-dbus -ldbus-1 $ac_func_search_save_LIBS" + fi + if ac_fn_c_try_link "$LINENO"; then : + ac_cv_search_cgmanager_list_controllers_sync=$ac_res +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext + if ${ac_cv_search_cgmanager_list_controllers_sync+:} false; then : + break +fi +done +if ${ac_cv_search_cgmanager_list_controllers_sync+:} false; then : + +else + ac_cv_search_cgmanager_list_controllers_sync=no +fi +rm conftest.$ac_ext +LIBS=$ac_func_search_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_search_cgmanager_list_controllers_sync" >&5 +$as_echo "$ac_cv_search_cgmanager_list_controllers_sync" >&6; } +ac_res=$ac_cv_search_cgmanager_list_controllers_sync +if test "$ac_res" != no; then : + test "$ac_res" = "none required" || LIBS="$ac_res $LIBS" + have_list_controllers=yes +else + have_list_controllers=no +fi + +LIBS=$save_LIBS +if test "x$have_list_controllers" = "xyes"; then + +$as_echo "#define HAVE_CGMANAGER_LIST_CONTROLLERS 1" >>confdefs.h + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +else + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +fi + +# Linux capabilities +# Check whether --enable-capabilities was given. +if test "${enable_capabilities+set}" = set; then : + enableval=$enable_capabilities; +else + enable_capabilities=auto +fi + + +if test "x$enable_capabilities" = "xauto"; then + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_set_proc in -lcap" >&5 +$as_echo_n "checking for cap_set_proc in -lcap... " >&6; } +if ${ac_cv_lib_cap_cap_set_proc+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcap $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cap_set_proc (); +int +main () +{ +return cap_set_proc (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_cap_cap_set_proc=yes +else + ac_cv_lib_cap_cap_set_proc=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_set_proc" >&5 +$as_echo "$ac_cv_lib_cap_cap_set_proc" >&6; } +if test "x$ac_cv_lib_cap_cap_set_proc" = xyes; then : + enable_capabilities=yes +else + enable_capabilities=no +fi + +fi + if test "x$enable_capabilities" = "xyes"; then + ENABLE_CAP_TRUE= + ENABLE_CAP_FALSE='#' +else + ENABLE_CAP_TRUE='#' + ENABLE_CAP_FALSE= +fi + + +if test -z "$ENABLE_CAP_TRUE"; then : + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_set_proc in -lcap" >&5 +$as_echo_n "checking for cap_set_proc in -lcap... " >&6; } +if ${ac_cv_lib_cap_cap_set_proc+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lcap $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +/* Override any GCC internal prototype to avoid an error. + Use char because int might match the return type of a GCC + builtin and then its argument prototype would still apply. */ +#ifdef __cplusplus +extern "C" +#endif +char cap_set_proc (); +int +main () +{ +return cap_set_proc (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_cap_cap_set_proc=yes +else + ac_cv_lib_cap_cap_set_proc=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_set_proc" >&5 +$as_echo "$ac_cv_lib_cap_cap_set_proc" >&6; } +if test "x$ac_cv_lib_cap_cap_set_proc" = xyes; then : + true +else + as_fn_error $? "You are missing libcap support." "$LINENO" 5 fi - SECCOMP_LIBS=-lseccomp + CAP_LIBS=-lcap fi # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 +OLD_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $SECCOMP_CFLAGS" ac_fn_c_check_type "$LINENO" "scmp_filter_ctx" "ac_cv_type_scmp_filter_ctx" "#include " if test "x$ac_cv_type_scmp_filter_ctx" = xyes; then : @@ -5286,6 +6549,19 @@ fi +ac_fn_c_check_decl "$LINENO" "seccomp_syscall_resolve_name_arch" "ac_cv_have_decl_seccomp_syscall_resolve_name_arch" "#include +" +if test "x$ac_cv_have_decl_seccomp_syscall_resolve_name_arch" = xyes; then : + ac_have_decl=1 +else + ac_have_decl=0 +fi + +cat >>confdefs.h <<_ACEOF +#define HAVE_DECL_SECCOMP_SYSCALL_RESOLVE_NAME_ARCH $ac_have_decl +_ACEOF + +CFLAGS="$OLD_CFLAGS" # Configuration examples # Check whether --enable-examples was given. @@ -5307,140 +6583,102 @@ # Python3 module and scripts # Check whether --enable-python was given. if test "${enable_python+set}" = set; then : - enableval=$enable_python; enable_python=yes -else - enable_python=no -fi - - if test "x$enable_python" = "xyes"; then - ENABLE_PYTHON_TRUE= - ENABLE_PYTHON_FALSE='#' + enableval=$enable_python; else - ENABLE_PYTHON_TRUE='#' - ENABLE_PYTHON_FALSE= + enable_python=auto fi +if test "x$enable_python" = "xauto"; then +pkg_failed=no +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for PYTHONDEV" >&5 +$as_echo_n "checking for PYTHONDEV... " >&6; } - - - - - -if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then - if test -n "$ac_tool_prefix"; then - # Extract the first word of "${ac_tool_prefix}pkg-config", so it can be a program name with args. -set dummy ${ac_tool_prefix}pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 +if test -n "$PYTHONDEV_CFLAGS"; then + pkg_cv_PYTHONDEV_CFLAGS="$PYTHONDEV_CFLAGS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"python3 >= 3.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "python3 >= 3.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PYTHONDEV_CFLAGS=`$PKG_CONFIG --cflags "python3 >= 3.2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - case $PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_PKG_CONFIG="$PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - - ;; -esac + pkg_failed=yes fi -PKG_CONFIG=$ac_cv_path_PKG_CONFIG -if test -n "$PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $PKG_CONFIG" >&5 -$as_echo "$PKG_CONFIG" >&6; } + else + pkg_failed=untried +fi +if test -n "$PYTHONDEV_LIBS"; then + pkg_cv_PYTHONDEV_LIBS="$PYTHONDEV_LIBS" + elif test -n "$PKG_CONFIG"; then + if test -n "$PKG_CONFIG" && \ + { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"python3 >= 3.2\""; } >&5 + ($PKG_CONFIG --exists --print-errors "python3 >= 3.2") 2>&5 + ac_status=$? + $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 + test $ac_status = 0; }; then + pkg_cv_PYTHONDEV_LIBS=`$PKG_CONFIG --libs "python3 >= 3.2" 2>/dev/null` + test "x$?" != "x0" && pkg_failed=yes else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } + pkg_failed=yes +fi + else + pkg_failed=untried fi -fi -if test -z "$ac_cv_path_PKG_CONFIG"; then - ac_pt_PKG_CONFIG=$PKG_CONFIG - # Extract the first word of "pkg-config", so it can be a program name with args. -set dummy pkg-config; ac_word=$2 -{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for $ac_word" >&5 -$as_echo_n "checking for $ac_word... " >&6; } -if ${ac_cv_path_ac_pt_PKG_CONFIG+:} false; then : - $as_echo_n "(cached) " >&6 -else - case $ac_pt_PKG_CONFIG in - [\\/]* | ?:[\\/]*) - ac_cv_path_ac_pt_PKG_CONFIG="$ac_pt_PKG_CONFIG" # Let the user override the test with a path. - ;; - *) - as_save_IFS=$IFS; IFS=$PATH_SEPARATOR -for as_dir in $PATH -do - IFS=$as_save_IFS - test -z "$as_dir" && as_dir=. - for ac_exec_ext in '' $ac_executable_extensions; do - if as_fn_executable_p "$as_dir/$ac_word$ac_exec_ext"; then - ac_cv_path_ac_pt_PKG_CONFIG="$as_dir/$ac_word$ac_exec_ext" - $as_echo "$as_me:${as_lineno-$LINENO}: found $as_dir/$ac_word$ac_exec_ext" >&5 - break 2 - fi -done - done -IFS=$as_save_IFS - ;; -esac -fi -ac_pt_PKG_CONFIG=$ac_cv_path_ac_pt_PKG_CONFIG -if test -n "$ac_pt_PKG_CONFIG"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_pt_PKG_CONFIG" >&5 -$as_echo "$ac_pt_PKG_CONFIG" >&6; } -else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +if test $pkg_failed = yes; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } -fi - if test "x$ac_pt_PKG_CONFIG" = x; then - PKG_CONFIG="" - else - case $cross_compiling:$ac_tool_warned in -yes:) -{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: using cross tools not prefixed with host triplet" >&5 -$as_echo "$as_me: WARNING: using cross tools not prefixed with host triplet" >&2;} -ac_tool_warned=yes ;; -esac - PKG_CONFIG=$ac_pt_PKG_CONFIG - fi +if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then + _pkg_short_errors_supported=yes else - PKG_CONFIG="$ac_cv_path_PKG_CONFIG" + _pkg_short_errors_supported=no fi + if test $_pkg_short_errors_supported = yes; then + PYTHONDEV_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "python3 >= 3.2" 2>&1` + else + PYTHONDEV_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "python3 >= 3.2" 2>&1` + fi + # Put the nasty error message in config.log where it belongs + echo "$PYTHONDEV_PKG_ERRORS" >&5 -fi -if test -n "$PKG_CONFIG"; then - _pkg_min_version=0.9.0 - { $as_echo "$as_me:${as_lineno-$LINENO}: checking pkg-config is at least version $_pkg_min_version" >&5 -$as_echo_n "checking pkg-config is at least version $_pkg_min_version... " >&6; } - if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then - { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 -$as_echo "yes" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 + enable_python=no +elif test $pkg_failed = untried; then + { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 $as_echo "no" >&6; } - PKG_CONFIG="" + enable_python=no +else + PYTHONDEV_CFLAGS=$pkg_cv_PYTHONDEV_CFLAGS + PYTHONDEV_LIBS=$pkg_cv_PYTHONDEV_LIBS + { $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } + enable_python=yes +fi + if test "$CC" = "clang"; then + enable_python=no fi fi + +if test "x$enable_python" = "xyes" && test "$CC" = "clang"; then + as_fn_error $? "Python3 is incompatible with the clang compiler" "$LINENO" 5 +fi + + if test "x$enable_python" = "xyes"; then + ENABLE_PYTHON_TRUE= + ENABLE_PYTHON_FALSE='#' +else + ENABLE_PYTHON_TRUE='#' + ENABLE_PYTHON_FALSE= +fi + + if test -z "$ENABLE_PYTHON_TRUE"; then : @@ -5781,6 +7019,31 @@ fi +# Enable dumping stack traces +# Check whether --enable-mutex-debugging was given. +if test "${enable_mutex_debugging+set}" = set; then : + enableval=$enable_mutex_debugging; +else + enable_mutex_debugging=no +fi + + if test "x$enable_mutex_debugging" = "xyes"; then + MUTEX_DEBUGGING_TRUE= + MUTEX_DEBUGGING_FALSE='#' +else + MUTEX_DEBUGGING_TRUE='#' + MUTEX_DEBUGGING_FALSE= +fi + + +if test -z "$MUTEX_DEBUGGING_TRUE"; then : + +cat >>confdefs.h <<_ACEOF +#define MUTEX_DEBUGGING 1 +_ACEOF + +fi + # Not in older autoconf versions # AS_VAR_COPY(DEST, SOURCE) # ------------------------- @@ -5796,7 +7059,7 @@ if test "${enable_lua+set}" = set; then : enableval=$enable_lua; else - enable_lua=check + enable_lua=auto fi @@ -5904,7 +7167,7 @@ fi fi -if test "x$enable_lua" = "xcheck" -a "x$with_lua_pc" != "xno"; then +if test "x$enable_lua" = "xauto" -a "x$with_lua_pc" != "xno"; then pkg_failed=no { $as_echo "$as_me:${as_lineno-$LINENO}: checking for LUA" >&5 @@ -6575,55 +7838,34 @@ fi { $as_echo "$as_me:${as_lineno-$LINENO}: result: $LUA_VERSION" >&5 $as_echo "$LUA_VERSION" >&6; } - if test -n "$LUA_INSTALL_CMOD"; then - pkg_cv_LUA_INSTALL_CMOD="$LUA_INSTALL_CMOD" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$LUAPKGCONFIG\""; } >&5 - ($PKG_CONFIG --exists --print-errors "$LUAPKGCONFIG") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LUA_INSTALL_CMOD=`$PKG_CONFIG --variable="INSTALL_CMOD" "$LUAPKGCONFIG" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes -else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - LUA_INSTALL_CMOD=$pkg_cv_LUA_INSTALL_CMOD - if test "x$LUA_INSTALL_CMOD" = x""; then : - LUA_INSTALL_CMOD=$libdir/lua/$LUA_VERSION + LUA_LIBDIR=$libdir/lua/$LUA_VERSION + + LUA_SHAREDIR=$datadir/lua/$LUA_VERSION + + fi - if test -n "$LUA_INSTALL_LMOD"; then - pkg_cv_LUA_INSTALL_LMOD="$LUA_INSTALL_LMOD" - elif test -n "$PKG_CONFIG"; then - if test -n "$PKG_CONFIG" && \ - { { $as_echo "$as_me:${as_lineno-$LINENO}: \$PKG_CONFIG --exists --print-errors \"\$LUAPKGCONFIG\""; } >&5 - ($PKG_CONFIG --exists --print-errors "$LUAPKGCONFIG") 2>&5 - ac_status=$? - $as_echo "$as_me:${as_lineno-$LINENO}: \$? = $ac_status" >&5 - test $ac_status = 0; }; then - pkg_cv_LUA_INSTALL_LMOD=`$PKG_CONFIG --variable="INSTALL_LMOD" "$LUAPKGCONFIG" 2>/dev/null` - test "x$?" != "x0" && pkg_failed=yes + +# Optional bash integration +# Check whether --enable-bash was given. +if test "${enable_bash+set}" = set; then : + enableval=$enable_bash; else - pkg_failed=yes -fi - else - pkg_failed=untried -fi - LUA_INSTALL_LMOD=$pkg_cv_LUA_INSTALL_LMOD - if test "x$LUA_INSTALL_LMOD" = x""; then : - LUA_INSTALL_LMOD=$datadir/lua/$LUA_VERSION + enable_bash=yes fi + if test "x$enable_bash" = "xyes"; then + ENABLE_BASH_TRUE= + ENABLE_BASH_FALSE='#' +else + ENABLE_BASH_TRUE='#' + ENABLE_BASH_FALSE= fi + # Optional test binaries # Check whether --enable-tests was given. if test "${enable_tests+set}" = set; then : - enableval=$enable_tests; enable_tests=yes + enableval=$enable_tests; else enable_tests=no fi @@ -6637,6 +7879,16 @@ fi +# Allow overriding the default runtime dir (/run) + +# Check whether --with-runtime-path was given. +if test "${with_runtime_path+set}" = set; then : + withval=$with_runtime_path; +else + with_runtime_path='/run' +fi + + # LXC container path, where the containers are actually stored # This is overridden by an entry in the file called LXCCONF # (i.e. /etc/lxc/lxc.conf) @@ -6659,6 +7911,7 @@ fi +# The path of the userns network configuration file # Check whether --with-usernic-conf was given. if test "${with_usernic_conf+set}" = set; then : @@ -6668,12 +7921,13 @@ fi +# The path of the runtime usernic database # Check whether --with-usernic-db was given. if test "${with_usernic_db+set}" = set; then : withval=$with_usernic_db; else - with_usernic_db='/run/lxc/nics' + with_usernic_db='${with_runtime_path}/lxc/nics' fi @@ -6687,19 +7941,29 @@ fi +# cgroup pattern specification + +# Check whether --with-cgroup-pattern was given. +if test "${with_cgroup_pattern+set}" = set; then : + withval=$with_cgroup_pattern; +else + with_cgroup_pattern='/lxc/%n' +fi + + # Container log path. By default, use $lxcpath. { $as_echo "$as_me:${as_lineno-$LINENO}: checking Whether to place logfiles in container config path" >&5 $as_echo_n "checking Whether to place logfiles in container config path... " >&6; } # Check whether --enable-configpath-log was given. if test "${enable_configpath_log+set}" = set; then : - enableval=$enable_configpath_log; use_configpath_logs=yes + enableval=$enable_configpath_log; else - use_configpath_logs=no + enable_configpath_log=no fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $use_configpath_logs" >&5 -$as_echo "$use_configpath_logs" >&6; } - if test "$use_configpath_logs" = "yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $enable_configpath_log" >&5 +$as_echo "$enable_configpath_log" >&6; } + if test "$enable_configpath_log" = "yes"; then USE_CONFIGPATH_LOGS_TRUE= USE_CONFIGPATH_LOGS_FALSE='#' else @@ -6708,7 +7972,7 @@ fi -if test "$use_configpath_logs" = "yes"; then +if test "$enable_configpath_log" = "yes"; then default_log_path="${with_config_path}" else default_log_path="${localstatedir}/log/lxc" @@ -6723,10 +7987,38 @@ fi -# Expand some useful variables +# Expand some useful variables + + EXP_VAR=PREFIX + FROM_VAR="$prefix" + + prefix_save=$prefix + exec_prefix_save=$exec_prefix + + if test "x$prefix" = "xNONE"; then + prefix="$ac_default_prefix" + fi + if test "x$exec_prefix" = "xNONE"; then + exec_prefix=$prefix + fi + + full_var="$FROM_VAR" + while true; do + new_full_var="`eval echo $full_var`" + if test "x$new_full_var" = "x$full_var"; then break; fi + full_var=$new_full_var + done + + full_var=$new_full_var + PREFIX="$full_var" + - EXP_VAR=PREFIX - FROM_VAR="$prefix" + prefix=$prefix_save + exec_prefix=$exec_prefix_save + + + EXP_VAR=LIBDIR + FROM_VAR="$libdir" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -6746,15 +8038,15 @@ done full_var=$new_full_var - PREFIX="$full_var" + LIBDIR="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LIBDIR - FROM_VAR="$libdir" + EXP_VAR=BINDIR + FROM_VAR="$bindir" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -6774,15 +8066,15 @@ done full_var=$new_full_var - LIBDIR="$full_var" + BINDIR="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=BINDIR - FROM_VAR="$bindir" + EXP_VAR=SBINDIR + FROM_VAR="$sbindir" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -6802,7 +8094,7 @@ done full_var=$new_full_var - BINDIR="$full_var" + SBINDIR="$full_var" prefix=$prefix_save @@ -7005,8 +8297,8 @@ exec_prefix=$exec_prefix_save - EXP_VAR=LXC_DISTRO_CONF - FROM_VAR="$distroconf" + EXP_VAR=LXC_GENERATE_DATE + FROM_VAR="$(date)" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7026,15 +8318,15 @@ done full_var=$new_full_var - LXC_DISTRO_CONF="$full_var" + LXC_GENERATE_DATE="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXC_GENERATE_DATE - FROM_VAR="$(date)" + EXP_VAR=LXCPATH + FROM_VAR="$with_config_path" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7054,15 +8346,15 @@ done full_var=$new_full_var - LXC_GENERATE_DATE="$full_var" + LXCPATH="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXCPATH - FROM_VAR="$with_config_path" + EXP_VAR=LXC_GLOBAL_CONF + FROM_VAR="$with_global_conf" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7082,15 +8374,15 @@ done full_var=$new_full_var - LXCPATH="$full_var" + LXC_GLOBAL_CONF="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXC_GLOBAL_CONF - FROM_VAR="$with_global_conf" + EXP_VAR=LXC_USERNIC_CONF + FROM_VAR="$with_usernic_conf" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7110,15 +8402,15 @@ done full_var=$new_full_var - LXC_GLOBAL_CONF="$full_var" + LXC_USERNIC_CONF="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXC_USERNIC_CONF - FROM_VAR="$with_usernic_conf" + EXP_VAR=LXC_USERNIC_DB + FROM_VAR="$with_usernic_db" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7138,15 +8430,15 @@ done full_var=$new_full_var - LXC_USERNIC_CONF="$full_var" + LXC_USERNIC_DB="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXC_USERNIC_DB - FROM_VAR="$with_usernic_db" + EXP_VAR=LXCROOTFSMOUNT + FROM_VAR="$with_rootfs_path" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7166,15 +8458,15 @@ done full_var=$new_full_var - LXC_USERNIC_DB="$full_var" + LXCROOTFSMOUNT="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXCROOTFSMOUNT - FROM_VAR="$with_rootfs_path" + EXP_VAR=LXCTEMPLATEDIR + FROM_VAR="$datadir/lxc/templates" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7194,15 +8486,15 @@ done full_var=$new_full_var - LXCROOTFSMOUNT="$full_var" + LXCTEMPLATEDIR="$full_var" prefix=$prefix_save exec_prefix=$exec_prefix_save - EXP_VAR=LXCTEMPLATEDIR - FROM_VAR="$datadir/lxc/templates" + EXP_VAR=LXCTEMPLATECONFIG + FROM_VAR="$datadir/lxc/config" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -7222,7 +8514,7 @@ done full_var=$new_full_var - LXCTEMPLATEDIR="$full_var" + LXCTEMPLATECONFIG="$full_var" prefix=$prefix_save @@ -7313,6 +8605,36 @@ exec_prefix=$exec_prefix_save + EXP_VAR=RUNTIME_PATH + FROM_VAR="$with_runtime_path" + + prefix_save=$prefix + exec_prefix_save=$exec_prefix + + if test "x$prefix" = "xNONE"; then + prefix="$ac_default_prefix" + fi + if test "x$exec_prefix" = "xNONE"; then + exec_prefix=$prefix + fi + + full_var="$FROM_VAR" + while true; do + new_full_var="`eval echo $full_var`" + if test "x$new_full_var" = "x$full_var"; then break; fi + full_var=$new_full_var + done + + full_var=$new_full_var + RUNTIME_PATH="$full_var" + + + prefix=$prefix_save + exec_prefix=$exec_prefix_save + +DEFAULT_CGROUP_PATTERN="$with_cgroup_pattern" + + # Check for some standard kernel headers for ac_header in linux/unistd.h linux/netlink.h linux/genetlink.h do : @@ -7331,75 +8653,6 @@ done -# Allow disabling libcap support -# Check whether --enable-capabilities was given. -if test "${enable_capabilities+set}" = set; then : - enableval=$enable_capabilities; -else - enable_capabilities=yes -fi - - -# Check for libcap support -if test "x$enable_capabilities" = "xyes"; then - { $as_echo "$as_me:${as_lineno-$LINENO}: checking for cap_set_proc in -lcap" >&5 -$as_echo_n "checking for cap_set_proc in -lcap... " >&6; } -if ${ac_cv_lib_cap_cap_set_proc+:} false; then : - $as_echo_n "(cached) " >&6 -else - ac_check_lib_save_LIBS=$LIBS -LIBS="-lcap $LIBS" -cat confdefs.h - <<_ACEOF >conftest.$ac_ext -/* end confdefs.h. */ - -/* Override any GCC internal prototype to avoid an error. - Use char because int might match the return type of a GCC - builtin and then its argument prototype would still apply. */ -#ifdef __cplusplus -extern "C" -#endif -char cap_set_proc (); -int -main () -{ -return cap_set_proc (); - ; - return 0; -} -_ACEOF -if ac_fn_c_try_link "$LINENO"; then : - ac_cv_lib_cap_cap_set_proc=yes -else - ac_cv_lib_cap_cap_set_proc=no -fi -rm -f core conftest.err conftest.$ac_objext \ - conftest$ac_exeext conftest.$ac_ext -LIBS=$ac_check_lib_save_LIBS -fi -{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_cap_cap_set_proc" >&5 -$as_echo "$ac_cv_lib_cap_cap_set_proc" >&6; } -if test "x$ac_cv_lib_cap_cap_set_proc" = xyes; then : - caplib=yes -else - caplib=no -fi - - { $as_echo "$as_me:${as_lineno-$LINENO}: checking linux capabilities" >&5 -$as_echo_n "checking linux capabilities... " >&6; } - if test "x$caplib" = "xyes" ; then - CAP_LIBS="-lcap" - { $as_echo "$as_me:${as_lineno-$LINENO}: result: $CAP_LIBS" >&5 -$as_echo "$CAP_LIBS" >&6; } - else - { $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 -$as_echo "no" >&6; } - as_fn_error $? "You are missing libcap support. If you really want to build without kernel capabilities, use --disable-capabilities" "$LINENO" 5 - fi -else - CAP_LIBS="" -fi - - # Check for alternate C libraries { $as_echo "$as_me:${as_lineno-$LINENO}: checking for bionic libc" >&5 $as_echo_n "checking for bionic libc... " >&6; } @@ -7471,7 +8724,7 @@ # Check for some syscalls functions -for ac_func in setns pivot_root sethostname unshare rand_r confstr +for ac_func in setns pivot_root sethostname unshare rand_r confstr faccessat do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -7485,6 +8738,67 @@ # Check for some functions +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for main in -lpthread" >&5 +$as_echo_n "checking for main in -lpthread... " >&6; } +if ${ac_cv_lib_pthread_main+:} false; then : + $as_echo_n "(cached) " >&6 +else + ac_check_lib_save_LIBS=$LIBS +LIBS="-lpthread $LIBS" +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +int +main () +{ +return main (); + ; + return 0; +} +_ACEOF +if ac_fn_c_try_link "$LINENO"; then : + ac_cv_lib_pthread_main=yes +else + ac_cv_lib_pthread_main=no +fi +rm -f core conftest.err conftest.$ac_objext \ + conftest$ac_exeext conftest.$ac_ext +LIBS=$ac_check_lib_save_LIBS +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_lib_pthread_main" >&5 +$as_echo "$ac_cv_lib_pthread_main" >&6; } +if test "x$ac_cv_lib_pthread_main" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_LIBPTHREAD 1 +_ACEOF + + LIBS="-lpthread $LIBS" + +fi + +for ac_func in pthread_atfork +do : + ac_fn_c_check_func "$LINENO" "pthread_atfork" "ac_cv_func_pthread_atfork" +if test "x$ac_cv_func_pthread_atfork" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_PTHREAD_ATFORK 1 +_ACEOF + +fi +done + +for ac_func in statvfs +do : + ac_fn_c_check_func "$LINENO" "statvfs" "ac_cv_func_statvfs" +if test "x$ac_cv_func_statvfs" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_STATVFS 1 +_ACEOF + +fi +done + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for openpty in -lutil" >&5 $as_echo_n "checking for openpty in -lutil... " >&6; } if ${ac_cv_lib_util_openpty+:} false; then : @@ -7530,7 +8844,7 @@ fi -for ac_func in openpty hasmntopt setmntent endmntent +for ac_func in openpty hasmntopt setmntent endmntent utmpxname do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -7830,12 +9144,44 @@ rm -f conftest.sed +# See if we support thread-local storage. + + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for TLS" >&5 +$as_echo_n "checking for TLS... " >&6; } + if test "$cross_compiling" = yes; then : + have_tls=no +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + static __thread int val; int main() { return 0; } +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + have_tls=yes +else + have_tls=no +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: result: $have_tls" >&5 +$as_echo "$have_tls" >&6; } + if test "$have_tls" = "yes"; then + +$as_echo "#define HAVE_TLS 1" >>confdefs.h + + +$as_echo "#define thread_local __thread" >>confdefs.h + + fi + + if test "x$GCC" = "xyes"; then CFLAGS="$CFLAGS -Wall -Werror" fi # Files requiring some variable expansion -ac_config_files="$ac_config_files Makefile lxc.pc lxc.spec config/Makefile doc/Makefile doc/legacy/lxc-ls.sgml doc/lxc-attach.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-checkpoint.sgml doc/lxc-clone.sgml doc/lxc-console.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml doc/lxc-kill.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-netstat.sgml doc/lxc-ps.sgml doc/lxc-restart.sgml doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml doc/lxc-version.sgml doc/lxc-wait.sgml doc/lxc.conf.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml doc/rootfs/Makefile doc/examples/Makefile doc/examples/lxc-macvlan.conf doc/examples/lxc-vlan.conf doc/examples/lxc-no-netns.conf doc/examples/lxc-empty-netns.conf doc/examples/lxc-phys.conf doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf hooks/Makefile templates/Makefile templates/lxc-cirros templates/lxc-debian templates/lxc-ubuntu templates/lxc-ubuntu-cloud templates/lxc-opensuse templates/lxc-busybox templates/lxc-fedora templates/lxc-oracle templates/lxc-altlinux templates/lxc-sshd templates/lxc-archlinux templates/lxc-alpine src/Makefile src/lxc/Makefile src/lxc/lxc-ps src/lxc/lxc-netstat src/lxc/lxc-checkconfig src/lxc/lxc-version src/lxc/lxc-start-ephemeral src/lxc/legacy/lxc-ls src/lxc/lxc.functions src/python-lxc/Makefile src/lua-lxc/Makefile src/tests/Makefile" +ac_config_files="$ac_config_files Makefile lxc.pc lxc.spec config/Makefile config/apparmor/Makefile config/selinux/Makefile config/bash/Makefile config/bash/lxc config/init/Makefile config/init/sysvinit/Makefile config/init/sysvinit/lxc config/init/systemd/Makefile config/init/systemd/lxc.service config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile config/templates/centos.common.conf config/templates/centos.userns.conf config/templates/debian.common.conf config/templates/debian.userns.conf config/templates/fedora.common.conf config/templates/fedora.userns.conf config/templates/gentoo.common.conf config/templates/gentoo.moresecure.conf config/templates/gentoo.userns.conf config/templates/nesting.conf config/templates/oracle.common.conf config/templates/oracle.userns.conf config/templates/plamo.common.conf config/templates/plamo.userns.conf config/templates/ubuntu-cloud.common.conf config/templates/ubuntu-cloud.lucid.conf config/templates/ubuntu-cloud.userns.conf config/templates/ubuntu.common.conf config/templates/ubuntu.lucid.conf config/templates/ubuntu.userns.conf config/yum/Makefile doc/Makefile doc/api/Makefile doc/legacy/lxc-ls.sgml doc/lxc-attach.sgml doc/lxc-autostart.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-clone.sgml doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-snapshot.sgml doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml doc/lxc-user-nic.sgml doc/lxc-usernsexec.sgml doc/lxc-wait.sgml doc/lxc.conf.sgml doc/lxc.container.conf.sgml doc/lxc.system.conf.sgml doc/lxc-usernet.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml doc/rootfs/Makefile doc/examples/Makefile doc/examples/lxc-macvlan.conf doc/examples/lxc-vlan.conf doc/examples/lxc-no-netns.conf doc/examples/lxc-empty-netns.conf doc/examples/lxc-phys.conf doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf doc/ja/Makefile doc/ja/legacy/lxc-ls.sgml doc/ja/lxc-attach.sgml doc/ja/lxc-autostart.sgml doc/ja/lxc-cgroup.sgml doc/ja/lxc-checkconfig.sgml doc/ja/lxc-clone.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml doc/ja/lxc-create.sgml doc/ja/lxc-destroy.sgml doc/ja/lxc-device.sgml doc/ja/lxc-execute.sgml doc/ja/lxc-freeze.sgml doc/ja/lxc-info.sgml doc/ja/lxc-ls.sgml doc/ja/lxc-monitor.sgml doc/ja/lxc-snapshot.sgml doc/ja/lxc-start-ephemeral.sgml doc/ja/lxc-start.sgml doc/ja/lxc-stop.sgml doc/ja/lxc-top.sgml doc/ja/lxc-unfreeze.sgml doc/ja/lxc-unshare.sgml doc/ja/lxc-user-nic.sgml doc/ja/lxc-usernsexec.sgml doc/ja/lxc-wait.sgml doc/ja/lxc.conf.sgml doc/ja/lxc.container.conf.sgml doc/ja/lxc.system.conf.sgml doc/ja/lxc-usernet.sgml doc/ja/lxc.sgml doc/ja/common_options.sgml doc/ja/see_also.sgml hooks/Makefile templates/Makefile templates/lxc-alpine templates/lxc-altlinux templates/lxc-archlinux templates/lxc-busybox templates/lxc-centos templates/lxc-cirros templates/lxc-debian templates/lxc-download templates/lxc-fedora templates/lxc-gentoo templates/lxc-openmandriva templates/lxc-opensuse templates/lxc-oracle templates/lxc-plamo templates/lxc-sshd templates/lxc-ubuntu templates/lxc-ubuntu-cloud src/Makefile src/lxc/Makefile src/lxc/lxc-checkconfig src/lxc/lxc-ls src/lxc/lxc-start-ephemeral src/lxc/legacy/lxc-ls src/lxc/lxc.functions src/lxc/version.h src/python-lxc/Makefile src/python-lxc/setup.py src/lua-lxc/Makefile src/tests/Makefile src/tests/lxc-test-usernic" ac_config_commands="$ac_config_commands default" @@ -7976,8 +9322,20 @@ as_fn_error $? "conditional \"HAVE_DEBIAN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi -if test -z "${HAVE_NEWUIDMAP_TRUE}" && test -z "${HAVE_NEWUIDMAP_FALSE}"; then - as_fn_error $? "conditional \"HAVE_NEWUIDMAP\" was never defined. +if test -z "${DISTRO_UBUNTU_TRUE}" && test -z "${DISTRO_UBUNTU_FALSE}"; then + as_fn_error $? "conditional \"DISTRO_UBUNTU\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SCRIPT_SYSV_TRUE}" && test -z "${INIT_SCRIPT_SYSV_FALSE}"; then + as_fn_error $? "conditional \"INIT_SCRIPT_SYSV\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SCRIPT_SYSTEMD_TRUE}" && test -z "${INIT_SCRIPT_SYSTEMD_FALSE}"; then + as_fn_error $? "conditional \"INIT_SCRIPT_SYSTEMD\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${INIT_SCRIPT_UPSTART_TRUE}" && test -z "${INIT_SCRIPT_UPSTART_FALSE}"; then + as_fn_error $? "conditional \"INIT_SCRIPT_UPSTART\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi if test -z "${ENABLE_RPATH_TRUE}" && test -z "${ENABLE_RPATH_FALSE}"; then @@ -7988,14 +9346,34 @@ as_fn_error $? "conditional \"ENABLE_DOCBOOK\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${USE_DOCBOOK2X_TRUE}" && test -z "${USE_DOCBOOK2X_FALSE}"; then + as_fn_error $? "conditional \"USE_DOCBOOK2X\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_API_DOCS_TRUE}" && test -z "${ENABLE_API_DOCS_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_API_DOCS\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_APPARMOR_TRUE}" && test -z "${ENABLE_APPARMOR_FALSE}"; then as_fn_error $? "conditional \"ENABLE_APPARMOR\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_SELINUX_TRUE}" && test -z "${ENABLE_SELINUX_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_SELINUX\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_SECCOMP_TRUE}" && test -z "${ENABLE_SECCOMP_FALSE}"; then as_fn_error $? "conditional \"ENABLE_SECCOMP\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_CGMANAGER_TRUE}" && test -z "${ENABLE_CGMANAGER_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_CGMANAGER\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${ENABLE_CAP_TRUE}" && test -z "${ENABLE_CAP_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_CAP\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_EXAMPLES_TRUE}" && test -z "${ENABLE_EXAMPLES_FALSE}"; then as_fn_error $? "conditional \"ENABLE_EXAMPLES\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -8004,10 +9382,18 @@ as_fn_error $? "conditional \"ENABLE_PYTHON\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${MUTEX_DEBUGGING_TRUE}" && test -z "${MUTEX_DEBUGGING_FALSE}"; then + as_fn_error $? "conditional \"MUTEX_DEBUGGING\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_LUA_TRUE}" && test -z "${ENABLE_LUA_FALSE}"; then as_fn_error $? "conditional \"ENABLE_LUA\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_BASH_TRUE}" && test -z "${ENABLE_BASH_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_BASH\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_TESTS_TRUE}" && test -z "${ENABLE_TESTS_FALSE}"; then as_fn_error $? "conditional \"ENABLE_TESTS\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -8433,7 +9819,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc $as_me 1.0.0.alpha1, which was +This file was extended by lxc $as_me 1.0.8, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -8460,6 +9846,7 @@ # Files that config.status was made for. config_files="$ac_config_files" config_headers="$ac_config_headers" +config_links="$ac_config_links" config_commands="$ac_config_commands" _ACEOF @@ -8490,6 +9877,9 @@ Configuration headers: $config_headers +Configuration links: +$config_links + Configuration commands: $config_commands @@ -8499,7 +9889,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lxc config.status 1.0.0.alpha1 +lxc config.status 1.0.8 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -8631,17 +10021,53 @@ case $ac_config_target in "src/config.h") CONFIG_HEADERS="$CONFIG_HEADERS src/config.h" ;; "depfiles") CONFIG_COMMANDS="$CONFIG_COMMANDS depfiles" ;; + "config/etc/default.conf") CONFIG_LINKS="$CONFIG_LINKS config/etc/default.conf:config/etc/${distroconf}" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; "lxc.pc") CONFIG_FILES="$CONFIG_FILES lxc.pc" ;; "lxc.spec") CONFIG_FILES="$CONFIG_FILES lxc.spec" ;; "config/Makefile") CONFIG_FILES="$CONFIG_FILES config/Makefile" ;; + "config/apparmor/Makefile") CONFIG_FILES="$CONFIG_FILES config/apparmor/Makefile" ;; + "config/selinux/Makefile") CONFIG_FILES="$CONFIG_FILES config/selinux/Makefile" ;; + "config/bash/Makefile") CONFIG_FILES="$CONFIG_FILES config/bash/Makefile" ;; + "config/bash/lxc") CONFIG_FILES="$CONFIG_FILES config/bash/lxc" ;; + "config/init/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/Makefile" ;; + "config/init/sysvinit/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/sysvinit/Makefile" ;; + "config/init/sysvinit/lxc") CONFIG_FILES="$CONFIG_FILES config/init/sysvinit/lxc" ;; + "config/init/systemd/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/systemd/Makefile" ;; + "config/init/systemd/lxc.service") CONFIG_FILES="$CONFIG_FILES config/init/systemd/lxc.service" ;; + "config/init/upstart/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/upstart/Makefile" ;; + "config/etc/Makefile") CONFIG_FILES="$CONFIG_FILES config/etc/Makefile" ;; + "config/templates/Makefile") CONFIG_FILES="$CONFIG_FILES config/templates/Makefile" ;; + "config/templates/centos.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/centos.common.conf" ;; + "config/templates/centos.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/centos.userns.conf" ;; + "config/templates/debian.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/debian.common.conf" ;; + "config/templates/debian.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/debian.userns.conf" ;; + "config/templates/fedora.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/fedora.common.conf" ;; + "config/templates/fedora.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/fedora.userns.conf" ;; + "config/templates/gentoo.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/gentoo.common.conf" ;; + "config/templates/gentoo.moresecure.conf") CONFIG_FILES="$CONFIG_FILES config/templates/gentoo.moresecure.conf" ;; + "config/templates/gentoo.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/gentoo.userns.conf" ;; + "config/templates/nesting.conf") CONFIG_FILES="$CONFIG_FILES config/templates/nesting.conf" ;; + "config/templates/oracle.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/oracle.common.conf" ;; + "config/templates/oracle.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/oracle.userns.conf" ;; + "config/templates/plamo.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/plamo.common.conf" ;; + "config/templates/plamo.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/plamo.userns.conf" ;; + "config/templates/ubuntu-cloud.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.common.conf" ;; + "config/templates/ubuntu-cloud.lucid.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.lucid.conf" ;; + "config/templates/ubuntu-cloud.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.userns.conf" ;; + "config/templates/ubuntu.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu.common.conf" ;; + "config/templates/ubuntu.lucid.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu.lucid.conf" ;; + "config/templates/ubuntu.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu.userns.conf" ;; + "config/yum/Makefile") CONFIG_FILES="$CONFIG_FILES config/yum/Makefile" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; + "doc/api/Makefile") CONFIG_FILES="$CONFIG_FILES doc/api/Makefile" ;; "doc/legacy/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/legacy/lxc-ls.sgml" ;; "doc/lxc-attach.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-attach.sgml" ;; + "doc/lxc-autostart.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-autostart.sgml" ;; "doc/lxc-cgroup.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-cgroup.sgml" ;; "doc/lxc-checkconfig.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-checkconfig.sgml" ;; - "doc/lxc-checkpoint.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-checkpoint.sgml" ;; "doc/lxc-clone.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-clone.sgml" ;; + "doc/lxc-config.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-config.sgml" ;; "doc/lxc-console.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-console.sgml" ;; "doc/lxc-create.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-create.sgml" ;; "doc/lxc-destroy.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-destroy.sgml" ;; @@ -8649,21 +10075,22 @@ "doc/lxc-execute.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-execute.sgml" ;; "doc/lxc-freeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-freeze.sgml" ;; "doc/lxc-info.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-info.sgml" ;; - "doc/lxc-kill.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-kill.sgml" ;; "doc/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-ls.sgml" ;; "doc/lxc-monitor.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-monitor.sgml" ;; - "doc/lxc-netstat.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-netstat.sgml" ;; - "doc/lxc-ps.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-ps.sgml" ;; - "doc/lxc-restart.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-restart.sgml" ;; + "doc/lxc-snapshot.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-snapshot.sgml" ;; "doc/lxc-start-ephemeral.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-start-ephemeral.sgml" ;; "doc/lxc-start.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-start.sgml" ;; "doc/lxc-stop.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-stop.sgml" ;; "doc/lxc-top.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-top.sgml" ;; "doc/lxc-unfreeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-unfreeze.sgml" ;; "doc/lxc-unshare.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-unshare.sgml" ;; - "doc/lxc-version.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-version.sgml" ;; + "doc/lxc-user-nic.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-user-nic.sgml" ;; + "doc/lxc-usernsexec.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-usernsexec.sgml" ;; "doc/lxc-wait.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-wait.sgml" ;; "doc/lxc.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc.conf.sgml" ;; + "doc/lxc.container.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc.container.conf.sgml" ;; + "doc/lxc.system.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc.system.conf.sgml" ;; + "doc/lxc-usernet.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-usernet.sgml" ;; "doc/lxc.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc.sgml" ;; "doc/common_options.sgml") CONFIG_FILES="$CONFIG_FILES doc/common_options.sgml" ;; "doc/see_also.sgml") CONFIG_FILES="$CONFIG_FILES doc/see_also.sgml" ;; @@ -8676,32 +10103,72 @@ "doc/examples/lxc-phys.conf") CONFIG_FILES="$CONFIG_FILES doc/examples/lxc-phys.conf" ;; "doc/examples/lxc-veth.conf") CONFIG_FILES="$CONFIG_FILES doc/examples/lxc-veth.conf" ;; "doc/examples/lxc-complex.conf") CONFIG_FILES="$CONFIG_FILES doc/examples/lxc-complex.conf" ;; + "doc/ja/Makefile") CONFIG_FILES="$CONFIG_FILES doc/ja/Makefile" ;; + "doc/ja/legacy/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/legacy/lxc-ls.sgml" ;; + "doc/ja/lxc-attach.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-attach.sgml" ;; + "doc/ja/lxc-autostart.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-autostart.sgml" ;; + "doc/ja/lxc-cgroup.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-cgroup.sgml" ;; + "doc/ja/lxc-checkconfig.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-checkconfig.sgml" ;; + "doc/ja/lxc-clone.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-clone.sgml" ;; + "doc/ja/lxc-config.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-config.sgml" ;; + "doc/ja/lxc-console.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-console.sgml" ;; + "doc/ja/lxc-create.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-create.sgml" ;; + "doc/ja/lxc-destroy.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-destroy.sgml" ;; + "doc/ja/lxc-device.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-device.sgml" ;; + "doc/ja/lxc-execute.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-execute.sgml" ;; + "doc/ja/lxc-freeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-freeze.sgml" ;; + "doc/ja/lxc-info.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-info.sgml" ;; + "doc/ja/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-ls.sgml" ;; + "doc/ja/lxc-monitor.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-monitor.sgml" ;; + "doc/ja/lxc-snapshot.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-snapshot.sgml" ;; + "doc/ja/lxc-start-ephemeral.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-start-ephemeral.sgml" ;; + "doc/ja/lxc-start.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-start.sgml" ;; + "doc/ja/lxc-stop.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-stop.sgml" ;; + "doc/ja/lxc-top.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-top.sgml" ;; + "doc/ja/lxc-unfreeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-unfreeze.sgml" ;; + "doc/ja/lxc-unshare.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-unshare.sgml" ;; + "doc/ja/lxc-user-nic.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-user-nic.sgml" ;; + "doc/ja/lxc-usernsexec.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-usernsexec.sgml" ;; + "doc/ja/lxc-wait.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-wait.sgml" ;; + "doc/ja/lxc.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc.conf.sgml" ;; + "doc/ja/lxc.container.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc.container.conf.sgml" ;; + "doc/ja/lxc.system.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc.system.conf.sgml" ;; + "doc/ja/lxc-usernet.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-usernet.sgml" ;; + "doc/ja/lxc.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc.sgml" ;; + "doc/ja/common_options.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/common_options.sgml" ;; + "doc/ja/see_also.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/see_also.sgml" ;; "hooks/Makefile") CONFIG_FILES="$CONFIG_FILES hooks/Makefile" ;; "templates/Makefile") CONFIG_FILES="$CONFIG_FILES templates/Makefile" ;; + "templates/lxc-alpine") CONFIG_FILES="$CONFIG_FILES templates/lxc-alpine" ;; + "templates/lxc-altlinux") CONFIG_FILES="$CONFIG_FILES templates/lxc-altlinux" ;; + "templates/lxc-archlinux") CONFIG_FILES="$CONFIG_FILES templates/lxc-archlinux" ;; + "templates/lxc-busybox") CONFIG_FILES="$CONFIG_FILES templates/lxc-busybox" ;; + "templates/lxc-centos") CONFIG_FILES="$CONFIG_FILES templates/lxc-centos" ;; "templates/lxc-cirros") CONFIG_FILES="$CONFIG_FILES templates/lxc-cirros" ;; "templates/lxc-debian") CONFIG_FILES="$CONFIG_FILES templates/lxc-debian" ;; - "templates/lxc-ubuntu") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu" ;; - "templates/lxc-ubuntu-cloud") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu-cloud" ;; - "templates/lxc-opensuse") CONFIG_FILES="$CONFIG_FILES templates/lxc-opensuse" ;; - "templates/lxc-busybox") CONFIG_FILES="$CONFIG_FILES templates/lxc-busybox" ;; + "templates/lxc-download") CONFIG_FILES="$CONFIG_FILES templates/lxc-download" ;; "templates/lxc-fedora") CONFIG_FILES="$CONFIG_FILES templates/lxc-fedora" ;; + "templates/lxc-gentoo") CONFIG_FILES="$CONFIG_FILES templates/lxc-gentoo" ;; + "templates/lxc-openmandriva") CONFIG_FILES="$CONFIG_FILES templates/lxc-openmandriva" ;; + "templates/lxc-opensuse") CONFIG_FILES="$CONFIG_FILES templates/lxc-opensuse" ;; "templates/lxc-oracle") CONFIG_FILES="$CONFIG_FILES templates/lxc-oracle" ;; - "templates/lxc-altlinux") CONFIG_FILES="$CONFIG_FILES templates/lxc-altlinux" ;; + "templates/lxc-plamo") CONFIG_FILES="$CONFIG_FILES templates/lxc-plamo" ;; "templates/lxc-sshd") CONFIG_FILES="$CONFIG_FILES templates/lxc-sshd" ;; - "templates/lxc-archlinux") CONFIG_FILES="$CONFIG_FILES templates/lxc-archlinux" ;; - "templates/lxc-alpine") CONFIG_FILES="$CONFIG_FILES templates/lxc-alpine" ;; + "templates/lxc-ubuntu") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu" ;; + "templates/lxc-ubuntu-cloud") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu-cloud" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/lxc/Makefile") CONFIG_FILES="$CONFIG_FILES src/lxc/Makefile" ;; - "src/lxc/lxc-ps") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-ps" ;; - "src/lxc/lxc-netstat") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-netstat" ;; "src/lxc/lxc-checkconfig") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-checkconfig" ;; - "src/lxc/lxc-version") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-version" ;; + "src/lxc/lxc-ls") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-ls" ;; "src/lxc/lxc-start-ephemeral") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-start-ephemeral" ;; "src/lxc/legacy/lxc-ls") CONFIG_FILES="$CONFIG_FILES src/lxc/legacy/lxc-ls" ;; "src/lxc/lxc.functions") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc.functions" ;; + "src/lxc/version.h") CONFIG_FILES="$CONFIG_FILES src/lxc/version.h" ;; "src/python-lxc/Makefile") CONFIG_FILES="$CONFIG_FILES src/python-lxc/Makefile" ;; + "src/python-lxc/setup.py") CONFIG_FILES="$CONFIG_FILES src/python-lxc/setup.py" ;; "src/lua-lxc/Makefile") CONFIG_FILES="$CONFIG_FILES src/lua-lxc/Makefile" ;; "src/tests/Makefile") CONFIG_FILES="$CONFIG_FILES src/tests/Makefile" ;; + "src/tests/lxc-test-usernic") CONFIG_FILES="$CONFIG_FILES src/tests/lxc-test-usernic" ;; "default") CONFIG_COMMANDS="$CONFIG_COMMANDS default" ;; *) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;; @@ -8716,6 +10183,7 @@ if $ac_need_defaults; then test "${CONFIG_FILES+set}" = set || CONFIG_FILES=$config_files test "${CONFIG_HEADERS+set}" = set || CONFIG_HEADERS=$config_headers + test "${CONFIG_LINKS+set}" = set || CONFIG_LINKS=$config_links test "${CONFIG_COMMANDS+set}" = set || CONFIG_COMMANDS=$config_commands fi @@ -9013,7 +10481,7 @@ fi # test -n "$CONFIG_HEADERS" -eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :C $CONFIG_COMMANDS" +eval set X " :F $CONFIG_FILES :H $CONFIG_HEADERS :L $CONFIG_LINKS :C $CONFIG_COMMANDS" shift for ac_tag do @@ -9290,7 +10758,38 @@ } s/.*/./; q'`/stamp-h$_am_stamp_count ;; + :L) + # + # CONFIG_LINK + # + + if test "$ac_source" = "$ac_file" && test "$srcdir" = '.'; then + : + else + # Prefer the file from the source tree if names are identical. + if test "$ac_source" = "$ac_file" || test ! -r "$ac_source"; then + ac_source=$srcdir/$ac_source + fi + + { $as_echo "$as_me:${as_lineno-$LINENO}: linking $ac_source to $ac_file" >&5 +$as_echo "$as_me: linking $ac_source to $ac_file" >&6;} + if test ! -r "$ac_source"; then + as_fn_error $? "$ac_source: file not found" "$LINENO" 5 + fi + rm -f "$ac_file" + + # Try a relative symlink, then a hard link, then a copy. + case $ac_source in + [\\/$]* | ?:[\\/]* ) ac_rel_source=$ac_source ;; + *) ac_rel_source=$ac_top_build_prefix$ac_source ;; + esac + ln -s "$ac_rel_source" "$ac_file" 2>/dev/null || + ln "$ac_source" "$ac_file" 2>/dev/null || + cp -p "$ac_source" "$ac_file" || + as_fn_error $? "cannot link or copy $ac_source to $ac_file" "$LINENO" 5 + fi + ;; :C) { $as_echo "$as_me:${as_lineno-$LINENO}: executing $ac_file commands" >&5 $as_echo "$as_me: executing $ac_file commands" >&6;} ;; @@ -9430,3 +10929,49 @@ $as_echo "$as_me: WARNING: unrecognized options: $ac_unrecognized_opts" >&2;} fi + +# Configuration overview +cat << EOF + +---------------------------- +Environment: + - compiler: $CC + - distribution: $with_distro + - init script type(s): $init_script + - rpath: $enable_rpath + - GnuTLS: $enable_gnutls + - Bash integration: $enable_bash + +Security features: + - Apparmor: $enable_apparmor + - Linux capabilities: $enable_capabilities + - seccomp: $enable_seccomp + - SELinux: $enable_selinux + - cgmanager: $enable_cgmanager + +Bindings: + - lua: $enable_lua + - python3: $enable_python + +Documentation: + - examples: $enable_examples + - API documentation: $enable_api_docs + - user documentation: $enable_doc + +Debugging: + - tests: $enable_tests + - mutex debugging: $enable_mutex_debugging + +Paths: + - Logs in configpath: $enable_configpath_log +EOF + +if test "x$ac_cv_func_pthread_atfork" = "xno" ; then +cat << EOF + +WARNING: Threading not supported on your platform + + You are compiling LXC for bionic target which lacks certain threading related functionality used by LXC API (like pthread_atfork). + Please note that, because of the missing functionality, multithreaded usage of LXC API cause some problems. +EOF +fi diff -Nru lxc-1.0.0~alpha1/configure.ac lxc-1.0.8/configure.ac --- lxc-1.0.0~alpha1/configure.ac 2013-09-10 22:22:00.000000000 +0000 +++ lxc-1.0.8/configure.ac 2015-11-09 22:49:15.000000000 +0000 @@ -1,7 +1,27 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([lxc], [1.0.0.alpha1]) +m4_define([lxc_version_major], 1) +m4_define([lxc_version_minor], 0) +m4_define([lxc_version_micro], 8) +m4_define([lxc_version_beta], []) + +m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) +m4_define([lxc_version], + [ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta])]) + +AC_INIT([lxc], [lxc_version]) + +# We need pkg-config +PKG_PROG_PKG_CONFIG + +AC_SUBST(LXC_VERSION_BASE, lxc_version_base) +AC_SUBST(LXC_VERSION_BETA, lxc_version_beta) + +AC_SUBST([LXC_VERSION_MAJOR], [lxc_version_major]) +AC_SUBST([LXC_VERSION_MINOR], [lxc_version_minor]) +AC_SUBST([LXC_VERSION_MICRO], [lxc_version_micro]) +AC_SUBST([LXC_VERSION], [lxc_version]) AC_CONFIG_SRCDIR([configure.ac]) AC_CONFIG_AUX_DIR([config]) @@ -14,13 +34,14 @@ # Detect the distribution. This is used for the default configuration and # for some distro-specific build options. AC_MSG_CHECKING([host distribution]) -AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, oracle, fedora, suse, gentoo, debian, arch, slackware, paldo, mandriva or pardus.])) -if test "z$with_distro" = "z"; then +AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, paldo, openmandriva or pardus.])) +if type lsb_release >/dev/null 2>&1 && test "z$with_distro" = "z"; then with_distro=`lsb_release -is` fi if test "z$with_distro" = "z"; then AC_CHECK_FILE(/etc/redhat-release,with_distro="redhat") AC_CHECK_FILE(/etc/oracle-release,with_distro="oracle") + AC_CHECK_FILE(/etc/centos-release,with_distro="centos") AC_CHECK_FILE(/etc/fedora-release,with_distro="fedora") AC_CHECK_FILE(/etc/SuSE-release,with_distro="suse") AC_CHECK_FILE(/etc/gentoo-release,with_distro="gentoo") @@ -28,8 +49,8 @@ AC_CHECK_FILE(/etc/arch-release,with_distro="arch") AC_CHECK_FILE(/etc/slackware-version,with_distro="slackware") AC_CHECK_FILE(/etc/frugalware-release,with_distro="frugalware") - AC_CHECK_FILE(/etc/mandrakelinux-release, with_distro="mandriva") - AC_CHECK_FILE(/etc/mandriva-release,with_distro="mandriva") + AC_CHECK_FILE(/etc/mandrakelinux-release, with_distro="openmandriva") + AC_CHECK_FILE(/etc/mandriva-release,with_distro="openmandriva") AC_CHECK_FILE(/etc/pardus-release,with_distro="pardus") fi with_distro=`echo ${with_distro} | tr '[[:upper:]]' '[[:lower:]]'` @@ -38,37 +59,85 @@ with_distro="unknown" fi case $with_distro in - ubuntu) + ubuntu|raspbian) distroconf=default.conf.ubuntu ;; - redhat|fedora|oracle|oracleserver) + redhat|centos|fedora|oracle|oracleserver) distroconf=default.conf.libvirt ;; *) - echo -n "Linux distribution network config unknown, defaulting to lxc.network.type = empty" distroconf=default.conf.unknown ;; esac AC_MSG_RESULT([$with_distro]) -AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o x"$with_distro" = "xubuntu"]) +AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o x"$with_distro" = "xubuntu" -o x"$with_distro" = "xraspbian"]) +AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"]) + +AC_CONFIG_LINKS([config/etc/default.conf:config/etc/${distroconf}]) + +# Check for init system type +AC_MSG_CHECKING([for init system type]) +AC_ARG_WITH([init-script], + [AC_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@], + [Type(s) of init script to install: sysvinit, systemd, upstart, + distro @<:@default=distro@:>@])],[],[with_init_script=distro]) +case "$with_init_script" in + distro) + case $with_distro in + fedora) + init_script=systemd + ;; + redhat|centos|oracle|oracleserver) + init_script=sysvinit + ;; + debian|raspbian) + init_script=upstart,systemd + ;; + ubuntu) + init_script=upstart + ;; + *) + echo -n "Linux distribution init system unknown." + init_script= + ;; + esac + ;; + *) + init_script=$with_init_script + ;; +esac -AC_CHECK_PROG([NEWUIDMAP], [newuidmap], [newuidmap]) -AM_CONDITIONAL([HAVE_NEWUIDMAP], [test -n "$NEWUIDMAP"]) +# Check valid init systems were given, run in subshell so we don't mess up IFS +(IFS="," ; for init_sys in $init_script; +do + case "$init_sys" in + none|sysvinit|systemd|upstart) + ;; + *) + exit 1 + ;; + esac +done) || AC_MSG_ERROR([Unknown init system type in $init_script]) + +AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"]) +AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"]) +AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"]) +AC_MSG_RESULT($init_script) # Allow disabling rpath AC_ARG_ENABLE([rpath], - [AC_HELP_STRING([--disable-rpath], [do not set rpath in executables])], - [], [enable_rpath=yes]) + [AC_HELP_STRING([--enable-rpath], [set rpath in executables [default=no]])], + [], [enable_rpath=no]) AM_CONDITIONAL([ENABLE_RPATH], [test "x$enable_rpath" = "xyes"]) # Documentation (manpages) AC_ARG_ENABLE([doc], - [AC_HELP_STRING([--enable-doc], [make mans (requires docbook2man or docbook2x-man to be installed) [default=auto]])], + [AC_HELP_STRING([--enable-doc], [make man pages [default=auto]])], [], [enable_doc=auto]) if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; then db2xman="" - dbparsers="docbook2x-man db2x_docbook2man docbook2man" + dbparsers="docbook2x-man db2x_docbook2man docbook2man docbook-to-man" AC_MSG_CHECKING(for docbook2x-man) for name in ${dbparsers}; do @@ -80,16 +149,19 @@ if test -n "${db2xman}"; then AC_MSG_RESULT([${db2xman}]) + enable_doc="yes" else AC_MSG_RESULT([no]) if test "x$enable_doc" = "xyes"; then - AC_MSG_ERROR([docbook2x-man required by man request, but not found]) + AC_MSG_ERROR([docbook2x-man is required, but could not be found]) fi + enable_doc="no" fi AC_SUBST(db2xman) fi AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) +AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"]) if test "x$db2xman" = "xdocbook2man"; then docdtd="\"-//Davenport//DTD DocBook V3.0//EN\"" @@ -98,51 +170,159 @@ fi AC_SUBST(docdtd) +# Documentation (API) +AC_ARG_ENABLE([api-docs], + [AC_HELP_STRING([--enable-api-docs], + [make API documentation [default=auto]])], + [], [enable_api_docs=auto]) + +if test "x$enable_api_docs" = "xyes" -o "x$enable_api_docs" = "xauto"; then + AC_CHECK_PROGS([HAVE_DOXYGEN],[doxygen]) + AC_SUBST([HAVE_DOXYGEN]) + + if test "x$HAVE_DOXYGEN" != "x"; then + enable_api_docs="yes" + else + if test "x$enable_api_docs" = "xyes"; then + AC_MSG_ERROR([doxygen is required, but could not be found]) + fi + enable_api_docs="no" + fi +fi + +AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) + # Apparmor AC_ARG_ENABLE([apparmor], - [AC_HELP_STRING([--enable-apparmor], [enable apparmor])], - [], [enable_apparmor=check]) + [AC_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], + [], [enable_apparmor=auto]) -if test "$enable_apparmor" = "check" ; then +if test "$enable_apparmor" = "auto" ; then AC_CHECK_LIB([apparmor],[aa_change_profile],[enable_apparmor=yes], [enable_apparmor=no]) fi AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"]) -AC_CHECK_LIB([gnutls], [gnutls_hash_fast]) +AC_CHECK_LIB([gnutls], [gnutls_hash_fast], [enable_gnutls=yes], [enable_gnutls=no]) AM_COND_IF([ENABLE_APPARMOR], [AC_CHECK_HEADER([sys/apparmor.h],[],[AC_MSG_ERROR([You must install the AppArmor development package in order to compile lxc])]) AC_CHECK_LIB([apparmor], [aa_change_profile],[],[AC_MSG_ERROR([You must install the AppArmor development package in order to compile lxc])]) AC_SUBST([APPARMOR_LIBS], [-lapparmor])]) +# SELinux +AC_ARG_ENABLE([selinux], + [AC_HELP_STRING([--enable-selinux], [enable SELinux support [default=auto]])], + [], [enable_selinux=auto]) + +if test "x$enable_selinux" = xauto; then + AC_CHECK_LIB([selinux],[setexeccon_raw],[enable_selinux=yes],[enable_selinux=no]) +fi +AM_CONDITIONAL([ENABLE_SELINUX], [test "x$enable_selinux" = "xyes"]) +AM_COND_IF([ENABLE_SELINUX], + [AC_CHECK_HEADER([selinux/selinux.h],[],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) + AC_CHECK_LIB([selinux], [setexeccon_raw],[true],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) + AC_SUBST([SELINUX_LIBS], [-lselinux])]) + # Seccomp syscall filter AC_ARG_ENABLE([seccomp], - [AC_HELP_STRING([--enable-seccomp], [enable seccomp])], - [], [enable_seccomp=check]) + [AC_HELP_STRING([--enable-seccomp], [enable seccomp support [default=auto]])], + [], [enable_seccomp=auto]) -if test "$enable_seccomp" = "check" ; then +if test "x$enable_seccomp" = "xauto" ; then AC_CHECK_LIB([seccomp],[seccomp_init],[enable_seccomp=yes],[enable_seccomp=no]) fi AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"]) AM_COND_IF([ENABLE_SECCOMP], - [AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) - AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) - AC_SUBST([SECCOMP_LIBS], [-lseccomp])]) + [PKG_CHECK_MODULES([SECCOMP],[libseccomp],[],[ + AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) + AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) + AC_SUBST([SECCOMP_LIBS], [-lseccomp]) + ]) + ]) + +# cgmanager +AC_ARG_ENABLE([cgmanager], + [AC_HELP_STRING([--enable-cgmanager], [enable cgmanager support [default=auto]])], + [], [enable_cgmanager=auto]) + +if test "x$enable_cgmanager" = "xauto" ; then + AC_CHECK_LIB([cgmanager],[cgmanager_create],[enable_cgmanager=yes],[enable_cgmanager=no],[-lnih -lnih-dbus -ldbus-1]) +fi +AM_CONDITIONAL([ENABLE_CGMANAGER], [test "x$enable_cgmanager" = "xyes"]) + +AM_COND_IF([ENABLE_CGMANAGER], + [PKG_CHECK_MODULES([CGMANAGER], [libcgmanager]) + PKG_CHECK_MODULES([NIH], [libnih >= 1.0.2]) + PKG_CHECK_MODULES([NIH_DBUS], [libnih-dbus >= 1.0.0]) + PKG_CHECK_MODULES([DBUS], [dbus-1 >= 1.2.16]) + ]) + +AC_MSG_CHECKING(for get_pid_cgroup_abs_sync) +save_LIBS=$LIBS +AC_SEARCH_LIBS([cgmanager_get_pid_cgroup_abs_sync], [cgmanager], [have_abs_cgroups=yes], [have_abs_cgroups=no], [-lnih -lnih-dbus -ldbus-1]) +LIBS=$save_LIBS +if test "x$have_abs_cgroups" = "xyes"; then + AC_DEFINE([HAVE_CGMANAGER_GET_PID_CGROUP_ABS_SYNC], 1, [Have cgmanager_get_pid_cgroup_abs_sync]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) +fi + +AC_MSG_CHECKING(for cgmanager_list_controllers) +save_LIBS=$LIBS +AC_SEARCH_LIBS([cgmanager_list_controllers_sync], [cgmanager], [have_list_controllers=yes], [have_list_controllers=no], [-lnih -lnih-dbus -ldbus-1]) +LIBS=$save_LIBS +if test "x$have_list_controllers" = "xyes"; then + AC_DEFINE([HAVE_CGMANAGER_LIST_CONTROLLERS], 1, [Have cgmanager_list_controllers]) + AC_MSG_RESULT([yes]) +else + AC_MSG_RESULT([no]) +fi + +# Linux capabilities +AC_ARG_ENABLE([capabilities], + [AC_HELP_STRING([--enable-capabilities], [enable kernel capabilities support [default=auto]])], + [], [enable_capabilities=auto]) + +if test "x$enable_capabilities" = "xauto"; then + AC_CHECK_LIB([cap],[cap_set_proc],[enable_capabilities=yes],[enable_capabilities=no]) +fi +AM_CONDITIONAL([ENABLE_CAP], [test "x$enable_capabilities" = "xyes"]) + +AM_COND_IF([ENABLE_CAP], + [AC_CHECK_LIB(cap,cap_set_proc,[true],[AC_MSG_ERROR([You are missing libcap support.])]) + AC_SUBST([CAP_LIBS], [-lcap])]) # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 -AC_CHECK_TYPES([scmp_filter_ctx], [], [], [#include ]) +OLD_CFLAGS="$CFLAGS" +CFLAGS="$CFLAGS $SECCOMP_CFLAGS" +AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) +AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) +CFLAGS="$OLD_CFLAGS" # Configuration examples AC_ARG_ENABLE([examples], - [AC_HELP_STRING([--disable-examples], [do not install configuration examples])], + [AC_HELP_STRING([--enable-examples], [install examples [default=yes]])], [], [enable_examples=yes]) AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) # Python3 module and scripts AC_ARG_ENABLE([python], - [AC_HELP_STRING([--enable-python], [enable python binding])], - [enable_python=yes], [enable_python=no]) + [AC_HELP_STRING([--enable-python], [enable python binding [default=auto]])], + [], [enable_python=auto]) + +if test "x$enable_python" = "xauto"; then + PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[enable_python=yes],[enable_python=no]) + if test "$CC" = "clang"; then + enable_python=no + fi +fi + +if test "x$enable_python" = "xyes" && test "$CC" = "clang"; then + AC_MSG_ERROR([Python3 is incompatible with the clang compiler]) +fi + AM_CONDITIONAL([ENABLE_PYTHON], [test "x$enable_python" = "xyes"]) AM_COND_IF([ENABLE_PYTHON], @@ -150,6 +330,15 @@ PKG_CHECK_MODULES([PYTHONDEV], [python3 >= 3.2],[],[AC_MSG_ERROR([You must install python3-dev])]) AC_DEFINE_UNQUOTED([ENABLE_PYTHON], 1, [Python3 is available])]) +# Enable dumping stack traces +AC_ARG_ENABLE([mutex-debugging], + [AC_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], + [], [enable_mutex_debugging=no]) +AM_CONDITIONAL([MUTEX_DEBUGGING], [test "x$enable_mutex_debugging" = "xyes"]) + +AM_COND_IF([MUTEX_DEBUGGING], + AC_DEFINE_UNQUOTED([MUTEX_DEBUGGING], 1, [Enabling mutex debugging])) + # Not in older autoconf versions # AS_VAR_COPY(DEST, SOURCE) # ------------------------- @@ -173,8 +362,8 @@ # Lua module and scripts AC_ARG_ENABLE([lua], - [AC_HELP_STRING([--enable-lua], [enable lua binding])], - [], [enable_lua=check]) + [AC_HELP_STRING([--enable-lua], [enable lua binding [default=auto]])], + [], [enable_lua=auto]) AC_ARG_WITH([lua-pc], [AS_HELP_STRING( @@ -187,7 +376,7 @@ PKG_CHECK_MODULES([LUA], [$with_lua_pc], [LUAPKGCONFIG=$with_lua_pc]) fi -if test "x$enable_lua" = "xcheck" -a "x$with_lua_pc" != "xno"; then +if test "x$enable_lua" = "xauto" -a "x$with_lua_pc" != "xno"; then PKG_CHECK_MODULES([LUA], [$with_lua_pc], [LUAPKGCONFIG=$with_lua_pc enable_lua=yes], @@ -214,18 +403,29 @@ PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [V],, [PKG_CHECK_VAR([LUA_VERSION], [$LUAPKGCONFIG], [major_version])]) AC_MSG_RESULT([$LUA_VERSION]) - PKG_CHECK_VAR([LUA_INSTALL_CMOD], [$LUAPKGCONFIG], [INSTALL_CMOD],, - [LUA_INSTALL_CMOD=$libdir/lua/$LUA_VERSION]) - PKG_CHECK_VAR([LUA_INSTALL_LMOD], [$LUAPKGCONFIG], [INSTALL_LMOD],, - [LUA_INSTALL_LMOD=$datadir/lua/$LUA_VERSION]) + AC_SUBST([LUA_LIBDIR], [$libdir/lua/$LUA_VERSION]) + AC_SUBST([LUA_SHAREDIR], [$datadir/lua/$LUA_VERSION]) ]) +# Optional bash integration +AC_ARG_ENABLE([bash], + [AC_HELP_STRING([--enable-bash], [build bash integration [default=yes]])], + [], [enable_bash=yes]) +AM_CONDITIONAL([ENABLE_BASH], [test "x$enable_bash" = "xyes"]) + # Optional test binaries AC_ARG_ENABLE([tests], - [AC_HELP_STRING([--enable-tests], [build test/example binaries])], - [enable_tests=yes], [enable_tests=no]) + [AC_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])], + [], [enable_tests=no]) AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = "xyes"]) +# Allow overriding the default runtime dir (/run) +AC_ARG_WITH([runtime-path], + [AC_HELP_STRING( + [--with-runtime-path=dir], + [runtime directory (default: /run)] + )], [], [with_runtime_path=['/run']]) + # LXC container path, where the containers are actually stored # This is overridden by an entry in the file called LXCCONF # (i.e. /etc/lxc/lxc.conf) @@ -242,17 +442,19 @@ [global lxc configuration file] )], [], [with_global_conf=['${sysconfdir}/lxc/lxc.conf']]) +# The path of the userns network configuration file AC_ARG_WITH([usernic-conf], [AC_HELP_STRING( [--with-usernic-conf], [user network interface configuration file] )], [], [with_usernic_conf=['${sysconfdir}/lxc/lxc-usernet']]) +# The path of the runtime usernic database AC_ARG_WITH([usernic-db], [AC_HELP_STRING( [--with-usernic-db], [lxc user nic database] - )], [], [with_usernic_db=['/run/lxc/nics']]) + )], [], [with_usernic_db=['${with_runtime_path}/lxc/nics']]) # Rootfs path, where the container mount structure is assembled AC_ARG_WITH([rootfs-path], @@ -261,15 +463,22 @@ [lxc rootfs mount point] )], [], [with_rootfs_path=['${libdir}/lxc/rootfs']]) +# cgroup pattern specification +AC_ARG_WITH([cgroup-pattern], + [AC_HELP_STRING( + [--with-cgroup-pattern=pattern], + [pattern for container cgroups] + )], [], [with_cgroup_pattern=['/lxc/%n']]) + # Container log path. By default, use $lxcpath. AC_MSG_CHECKING([Whether to place logfiles in container config path]) AC_ARG_ENABLE([configpath-log], - [AC_HELP_STRING([--enable-configpath-log], [use logfiles in config path])], - [use_configpath_logs=yes], [use_configpath_logs=no]) -AC_MSG_RESULT([$use_configpath_logs]) -AM_CONDITIONAL([USE_CONFIGPATH_LOGS], [test "$use_configpath_logs" = "yes"]) + [AC_HELP_STRING([--enable-configpath-log], [use logfiles in config path [default=no]])], + [], [enable_configpath_log=no]) +AC_MSG_RESULT([$enable_configpath_log]) +AM_CONDITIONAL([USE_CONFIGPATH_LOGS], [test "$enable_configpath_log" = "yes"]) -if test "$use_configpath_logs" = "yes"; then +if test "$enable_configpath_log" = "yes"; then default_log_path="${with_config_path}" else default_log_path="${localstatedir}/log/lxc" @@ -285,6 +494,7 @@ AS_AC_EXPAND(PREFIX, "$prefix") AS_AC_EXPAND(LIBDIR, "$libdir") AS_AC_EXPAND(BINDIR, "$bindir") +AS_AC_EXPAND(SBINDIR, "$sbindir") AS_AC_EXPAND(LIBEXECDIR, "$libexecdir") AS_AC_EXPAND(INCLUDEDIR, "$includedir") AS_AC_EXPAND(SYSCONFDIR, "$sysconfdir") @@ -292,7 +502,6 @@ AS_AC_EXPAND(DATADIR, "$datadir") AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir") AS_AC_EXPAND(DOCDIR, "$docdir") -AS_AC_EXPAND(LXC_DISTRO_CONF, "$distroconf") AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)") AS_AC_EXPAND(LXCPATH, "$with_config_path") AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf") @@ -300,9 +509,12 @@ AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db") AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path") AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates") +AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config") AS_AC_EXPAND(LXCHOOKDIR, "$datadir/lxc/hooks") AS_AC_EXPAND(LXCINITDIR, "$libexecdir") AS_AC_EXPAND(LOGPATH, "$with_log_path") +AS_AC_EXPAND(RUNTIME_PATH, "$with_runtime_path") +AC_SUBST(DEFAULT_CGROUP_PATTERN, ["$with_cgroup_pattern"]) # Check for some standard kernel headers AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h], @@ -310,27 +522,6 @@ AC_MSG_ERROR([Please install the Linux kernel headers.]), [#include ]) -# Allow disabling libcap support -AC_ARG_ENABLE([capabilities], - [AC_HELP_STRING([--disable-capabilities], [disable kernel capabilities])], - [], [enable_capabilities=yes]) - -# Check for libcap support -if test "x$enable_capabilities" = "xyes"; then - AC_CHECK_LIB(cap,cap_set_proc,caplib=yes,caplib=no) - AC_MSG_CHECKING([linux capabilities]) - if test "x$caplib" = "xyes" ; then - CAP_LIBS="-lcap" - AC_MSG_RESULT([$CAP_LIBS]) - else - AC_MSG_RESULT([no]) - AC_MSG_ERROR([You are missing libcap support. If you really want to build without kernel capabilities, use --disable-capabilities]) - fi -else - CAP_LIBS="" -fi -AC_SUBST([CAP_LIBS]) - # Check for alternate C libraries AC_MSG_CHECKING(for bionic libc) AC_COMPILE_IFELSE([AC_LANG_PROGRAM( @@ -354,11 +545,14 @@ AC_CHECK_HEADERS([sys/signalfd.h pty.h ifaddrs.h sys/capability.h sys/personality.h utmpx.h sys/timerfd.h]) # Check for some syscalls functions -AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr]) +AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat]) # Check for some functions +AC_CHECK_LIB(pthread, main) +AC_CHECK_FUNCS(pthread_atfork) +AC_CHECK_FUNCS(statvfs) AC_CHECK_LIB(util, openpty) -AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent]) +AC_CHECK_FUNCS([openpty hasmntopt setmntent endmntent utmpxname]) AC_CHECK_FUNCS([getline], AM_CONDITIONAL(HAVE_GETLINE, true) AC_DEFINE(HAVE_GETLINE,1,[Have getline]), @@ -376,6 +570,9 @@ AC_PROG_GCC_TRADITIONAL AC_PROG_SED +# See if we support thread-local storage. +LXC_CHECK_TLS + if test "x$GCC" = "xyes"; then CFLAGS="$CFLAGS -Wall -Werror" fi @@ -385,15 +582,51 @@ Makefile lxc.pc lxc.spec + config/Makefile + config/apparmor/Makefile + config/selinux/Makefile + config/bash/Makefile + config/bash/lxc + config/init/Makefile + config/init/sysvinit/Makefile + config/init/sysvinit/lxc + config/init/systemd/Makefile + config/init/systemd/lxc.service + config/init/upstart/Makefile + config/etc/Makefile + config/templates/Makefile + config/templates/centos.common.conf + config/templates/centos.userns.conf + config/templates/debian.common.conf + config/templates/debian.userns.conf + config/templates/fedora.common.conf + config/templates/fedora.userns.conf + config/templates/gentoo.common.conf + config/templates/gentoo.moresecure.conf + config/templates/gentoo.userns.conf + config/templates/nesting.conf + config/templates/oracle.common.conf + config/templates/oracle.userns.conf + config/templates/plamo.common.conf + config/templates/plamo.userns.conf + config/templates/ubuntu-cloud.common.conf + config/templates/ubuntu-cloud.lucid.conf + config/templates/ubuntu-cloud.userns.conf + config/templates/ubuntu.common.conf + config/templates/ubuntu.lucid.conf + config/templates/ubuntu.userns.conf + config/yum/Makefile doc/Makefile + doc/api/Makefile doc/legacy/lxc-ls.sgml doc/lxc-attach.sgml + doc/lxc-autostart.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml - doc/lxc-checkpoint.sgml doc/lxc-clone.sgml + doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml @@ -401,22 +634,23 @@ doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml - doc/lxc-kill.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml - doc/lxc-netstat.sgml - doc/lxc-ps.sgml - doc/lxc-restart.sgml + doc/lxc-snapshot.sgml doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml - doc/lxc-version.sgml + doc/lxc-user-nic.sgml + doc/lxc-usernsexec.sgml doc/lxc-wait.sgml doc/lxc.conf.sgml + doc/lxc.container.conf.sgml + doc/lxc.system.conf.sgml + doc/lxc-usernet.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml @@ -432,37 +666,124 @@ doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf + doc/ja/Makefile + doc/ja/legacy/lxc-ls.sgml + doc/ja/lxc-attach.sgml + doc/ja/lxc-autostart.sgml + doc/ja/lxc-cgroup.sgml + doc/ja/lxc-checkconfig.sgml + doc/ja/lxc-clone.sgml + doc/ja/lxc-config.sgml + doc/ja/lxc-console.sgml + doc/ja/lxc-create.sgml + doc/ja/lxc-destroy.sgml + doc/ja/lxc-device.sgml + doc/ja/lxc-execute.sgml + doc/ja/lxc-freeze.sgml + doc/ja/lxc-info.sgml + doc/ja/lxc-ls.sgml + doc/ja/lxc-monitor.sgml + doc/ja/lxc-snapshot.sgml + doc/ja/lxc-start-ephemeral.sgml + doc/ja/lxc-start.sgml + doc/ja/lxc-stop.sgml + doc/ja/lxc-top.sgml + doc/ja/lxc-unfreeze.sgml + doc/ja/lxc-unshare.sgml + doc/ja/lxc-user-nic.sgml + doc/ja/lxc-usernsexec.sgml + doc/ja/lxc-wait.sgml + + doc/ja/lxc.conf.sgml + doc/ja/lxc.container.conf.sgml + doc/ja/lxc.system.conf.sgml + doc/ja/lxc-usernet.sgml + doc/ja/lxc.sgml + doc/ja/common_options.sgml + doc/ja/see_also.sgml + hooks/Makefile templates/Makefile + templates/lxc-alpine + templates/lxc-altlinux + templates/lxc-archlinux + templates/lxc-busybox + templates/lxc-centos templates/lxc-cirros templates/lxc-debian - templates/lxc-ubuntu - templates/lxc-ubuntu-cloud - templates/lxc-opensuse - templates/lxc-busybox + templates/lxc-download templates/lxc-fedora + templates/lxc-gentoo + templates/lxc-openmandriva + templates/lxc-opensuse templates/lxc-oracle - templates/lxc-altlinux + templates/lxc-plamo templates/lxc-sshd - templates/lxc-archlinux - templates/lxc-alpine + templates/lxc-ubuntu + templates/lxc-ubuntu-cloud src/Makefile src/lxc/Makefile - src/lxc/lxc-ps - src/lxc/lxc-netstat src/lxc/lxc-checkconfig - src/lxc/lxc-version + src/lxc/lxc-ls src/lxc/lxc-start-ephemeral src/lxc/legacy/lxc-ls src/lxc/lxc.functions - + src/lxc/version.h src/python-lxc/Makefile + src/python-lxc/setup.py src/lua-lxc/Makefile src/tests/Makefile + src/tests/lxc-test-usernic ]) AC_CONFIG_COMMANDS([default],[[]],[[]]) AC_OUTPUT + +# Configuration overview +cat << EOF + +---------------------------- +Environment: + - compiler: $CC + - distribution: $with_distro + - init script type(s): $init_script + - rpath: $enable_rpath + - GnuTLS: $enable_gnutls + - Bash integration: $enable_bash + +Security features: + - Apparmor: $enable_apparmor + - Linux capabilities: $enable_capabilities + - seccomp: $enable_seccomp + - SELinux: $enable_selinux + - cgmanager: $enable_cgmanager + +Bindings: + - lua: $enable_lua + - python3: $enable_python + +Documentation: + - examples: $enable_examples + - API documentation: $enable_api_docs + - user documentation: $enable_doc + +Debugging: + - tests: $enable_tests + - mutex debugging: $enable_mutex_debugging + +Paths: + - Logs in configpath: $enable_configpath_log +EOF + +if test "x$ac_cv_func_pthread_atfork" = "xno" ; then +cat << EOF + +WARNING: Threading not supported on your platform + + You are compiling LXC for bionic target which lacks certain threading related functionality used by LXC API (like pthread_atfork). + Please note that, because of the missing functionality, multithreaded usage of LXC API cause some problems. +EOF +fi diff -Nru lxc-1.0.0~alpha1/CONTRIBUTING lxc-1.0.8/CONTRIBUTING --- lxc-1.0.0~alpha1/CONTRIBUTING 2013-09-10 22:22:00.000000000 +0000 +++ lxc-1.0.8/CONTRIBUTING 2015-11-09 22:49:15.000000000 +0000 @@ -1,13 +1,12 @@ - - Contributing to this project - ---------------------------- - +Contributing to this project +---------------------------- This project accepts contributions. In order to contribute, you should pay attention to a few things: 1 - your code must follow the coding style rules - 2 - the format of the submission must be email patches + 2 - the format of the submission must be email patches or github + pull requests 3 - your work must be signed @@ -26,18 +25,18 @@ Submitting Modifications: ------------------------- -The contributions should be email patches. The guidelines are the same -as the patch submission for the Linux kernel except for the DCO which -is defined below. The guidelines are defined in the +The contributions should be email patches or github pull requests. +The guidelines are the same as the patch submission for the Linux kernel +except for the DCO which is defined below. The guidelines are defined in the 'SubmittingPatches' file, available in the directory 'Documentation' of the Linux kernel source tree. It can be accessed online too: -http://lxr.linux.no/linux+v2.6.27/Documentation/SubmittingPatches +https://www.kernel.org/doc/Documentation/SubmittingPatches -You can submit your patches to the lxc-devel@lists.sourceforge.net mailing -list. Use https://lists.sourceforge.net/lists/listinfo/lxc-devel to subscribe +You can submit your patches to the lxc-devel@lists.linuxcontainers.org mailing +list. Use http://lists.linuxcontainers.org/listinfo/lxc-devel to subscribe to the list. @@ -107,4 +106,8 @@ Signed-off-by: Random J Developer +You can do it by using option -s or --signoff when you commit + + git commit --signoff ... + using your real name (sorry, no pseudonyms or anonymous contributions.) diff -Nru lxc-1.0.0~alpha1/debian/apparmor/abstractions-lxc-container-base lxc-1.0.8/debian/apparmor/abstractions-lxc-container-base --- lxc-1.0.0~alpha1/debian/apparmor/abstractions-lxc-container-base 2013-10-10 16:57:54.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/abstractions-lxc-container-base 1970-01-01 00:00:00.000000000 +0000 @@ -1,49 +0,0 @@ - network, - capability, - file, - umount, - - # ignore DENIED message on / remount - deny mount options=(ro, remount) -> /, - - # allow tmpfs mounts everywhere - mount fstype=tmpfs, - - # allow mqueue mounts everywhere - mount fstype=mqueue, - - # allow fuse mounts everywhere - mount fstype=fuse.*, - - # allow bind mount of /lib/init/fstab for lxcguest - mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, - - # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted - mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, - deny @{PROC}/sys/fs/** wklx, - - # allow efivars to be mounted, writing to it will be blocked though - mount fstype=efivarfs -> /sys/firmware/efi/efivars/, - - # block some other dangerous paths - deny @{PROC}/sysrq-trigger rwklx, - deny @{PROC}/mem rwklx, - deny @{PROC}/kmem rwklx, - deny @{PROC}/sys/kernel/[^s][^h][^m]* wklx, - deny @{PROC}/sys/kernel/*/** wklx, - - # deny writes in /sys except for /sys/fs/cgroup, also allow - # fusectl, securityfs and debugfs to be mounted there (read-only) - mount fstype=fusectl -> /sys/fs/fuse/connections/, - mount fstype=securityfs -> /sys/kernel/security/, - mount fstype=debugfs -> /sys/kernel/debug/, - deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, - mount fstype=proc -> /proc/, - mount fstype=sysfs -> /sys/, - deny /sys/[^f]*/** wklx, - deny /sys/f[^s]*/** wklx, - deny /sys/fs/[^c]*/** wklx, - deny /sys/fs/c[^g]*/** wklx, - deny /sys/fs/cg[^r]*/** wklx, - deny /sys/firmware/efi/efivars/** rwklx, - deny /sys/kernel/security/** rwklx, diff -Nru lxc-1.0.0~alpha1/debian/apparmor/abstractions-lxc-start-container lxc-1.0.8/debian/apparmor/abstractions-lxc-start-container --- lxc-1.0.0~alpha1/debian/apparmor/abstractions-lxc-start-container 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/abstractions-lxc-start-container 1970-01-01 00:00:00.000000000 +0000 @@ -1,29 +0,0 @@ - network, - capability, - file, - - # currently blocked by apparmor bug - mount -> /usr/lib/*/lxc/{**,}, - mount -> /usr/lib/lxc/{**,}, - mount fstype=devpts -> /dev/pts/, - mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/, - mount fstype=debugfs, - # allow pre-mount hooks to stage mounts under /var/lib/lxc// - mount -> /var/lib/lxc/{**,}, - - # required for some pre-mount hooks (like the new lxc-start-ephemeral) - mount fstype=overlayfs, - mount fstype=aufs, - mount fstype=ecryptfs, - - # all umounts are under the original root's /mnt, but right now we - # can't allow those umounts after pivot_root. So allow all umounts - # right now. They'll be restricted for the container at least. - umount, - #umount /mnt/{**,}, - - pivot_root /usr/lib/*/lxc/, - pivot_root /usr/lib/lxc/root/, - - change_profile -> lxc-*, - change_profile -> unconfined, diff -Nru lxc-1.0.0~alpha1/debian/apparmor/lxc-containers lxc-1.0.8/debian/apparmor/lxc-containers --- lxc-1.0.0~alpha1/debian/apparmor/lxc-containers 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/lxc-containers 1970-01-01 00:00:00.000000000 +0000 @@ -1,7 +0,0 @@ -# This file exists only to ensure that all per-container policies -# listed under /etc/apparmor.d/lxc get loaded at boot. Please do -# not edit this file. - -#include - -#include diff -Nru lxc-1.0.0~alpha1/debian/apparmor/lxc-default lxc-1.0.8/debian/apparmor/lxc-default --- lxc-1.0.0~alpha1/debian/apparmor/lxc-default 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/lxc-default 1970-01-01 00:00:00.000000000 +0000 @@ -1,11 +0,0 @@ -# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which -# will source all profiles under /etc/apparmor.d/lxc - -profile lxc-container-default flags=(attach_disconnected,mediate_deleted) { - #include - - # the container may never be allowed to mount devpts. If it does, it - # will remount the host's devpts. We could allow it to do it with - # the newinstance option (but, right now, we don't). - deny mount fstype=devpts, -} diff -Nru lxc-1.0.0~alpha1/debian/apparmor/lxc-default-with-nesting lxc-1.0.8/debian/apparmor/lxc-default-with-nesting --- lxc-1.0.0~alpha1/debian/apparmor/lxc-default-with-nesting 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/lxc-default-with-nesting 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which -# will source all profiles under /etc/apparmor.d/lxc - -profile lxc-container-default-with-nesting flags=(attach_disconnected,mediate_deleted) { - #include - #include - - mount fstype=cgroup -> /sys/fs/cgroup/**, - - mount fstype=proc -> /var/cache/lxc/**, - mount fstype=sysfs -> /var/cache/lxc/**, - mount options=(rw,bind) /var/cache/lxc/**/dev/shm/ -> /var/cache/lxc/**/run/shm/, -} diff -Nru lxc-1.0.0~alpha1/debian/apparmor/usr.bin.lxc-start lxc-1.0.8/debian/apparmor/usr.bin.lxc-start --- lxc-1.0.0~alpha1/debian/apparmor/usr.bin.lxc-start 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/apparmor/usr.bin.lxc-start 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -#include - -/usr/bin/lxc-start flags=(attach_disconnected) { - #include -} diff -Nru lxc-1.0.0~alpha1/debian/changelog lxc-1.0.8/debian/changelog --- lxc-1.0.0~alpha1/debian/changelog 2013-11-26 17:58:06.000000000 +0000 +++ lxc-1.0.8/debian/changelog 2015-12-22 00:40:10.000000000 +0000 @@ -1,35 +1,472 @@ -lxc (1.0.0~alpha1-0ubuntu14~ubuntu12.04.1) precise-backports; urgency=low +lxc (1.0.8-0ubuntu0.3~ubuntu12.04.1) precise-backports; urgency=medium - * No-change backport to precise (LP: #1254874) + * No-change backport to precise (LP: #1528403) - -- Iain Lane Tue, 26 Nov 2013 17:58:06 +0000 + -- Stéphane Graber Mon, 21 Dec 2015 19:40:10 -0500 -lxc (1.0.0~alpha1-0ubuntu14) saucy-proposed; urgency=low +lxc (1.0.8-0ubuntu0.3) trusty; urgency=medium - * d/p/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch + * Cherry-pick from upstream: + - Fix preserve_ns to work on < 3.8 kernels. (LP: #1516971) + + -- Stéphane Graber Wed, 18 Nov 2015 13:42:07 -0500 + +lxc (1.0.8-0ubuntu0.2) trusty; urgency=medium + + * Cherry-pick from upstream: + - Fix ubuntu-cloud template to detect compression algorithm instead + of hardcoding xz. Also update list of supported releases and use trusty + as the fallback release. (LP: #1515463) + * Update lxc-tests description to make it clear that this package is + meant to be used by developers and by automated testing. + + -- Stéphane Graber Fri, 13 Nov 2015 12:53:17 -0500 + +lxc (1.0.8-0ubuntu0.1) trusty; urgency=medium + + * New upstream bugfix release. (MRE tracking bug: LP: #1514623) + (LP: #1429140) + - Changelog at: https://linuxcontainers.org/lxc/news/ + * Drop proxy detection from the autopkgtest exercise script. + * Add patch: + - 0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch + This is a patch by Serge Hallyn to cope with the trusty 3.13 kernel. + It updates the upstream CVE fix to the version which trusty ended + up with after the few round of fixes. + + -- Stéphane Graber Mon, 09 Nov 2015 18:15:31 -0500 + +lxc (1.0.7-0ubuntu0.10) trusty; urgency=medium + + * Update the /proc/self/mountinfo no-symlink verification to accomodate + recursive mounts. (LP: #1509752) + + -- Serge Hallyn Wed, 28 Oct 2015 12:21:38 -0500 + +lxc (1.0.7-0ubuntu0.9) trusty; urgency=medium + + * Update previous patch to include some extra apparmor rules. + (LP: #1504781) + + -- Stéphane Graber Wed, 14 Oct 2015 13:59:48 -0700 + +lxc (1.0.7-0ubuntu0.8) trusty; urgency=medium + + * Update AppArmor profile from stable-1.0 branch which should fix the + current test failures with the proposed 3.13 kernel. (LP: #1504781) + + -- Stéphane Graber Wed, 14 Oct 2015 09:04:17 -0700 + +lxc (1.0.7-0ubuntu0.7) trusty-security; urgency=medium + + * REGRESSION FIX UPDATE: + - Avoid /./ (LP: #1501491) + + -- Serge Hallyn Wed, 30 Sep 2015 15:41:40 -0500 + +lxc (1.0.7-0ubuntu0.6) trusty-security; urgency=medium + + * Fix breakage of some configurations where // ends up in the mount + target. (LP: #1501310) (LP: #1476662) + + -- Serge Hallyn Wed, 30 Sep 2015 10:38:14 -0500 + +lxc (1.0.7-0ubuntu0.5) trusty-security; urgency=medium + + * SECURITY UPDATE: Arbitrary host file access and AppArmor + confinement breakout via lxc-start following symlinks while + setting up mounts within a malicious container (LP: #1476662). + - debian/patches/0003-CVE-2015-1335.patch: block mounts to paths + containing symlinks and block bind mounts from relative paths + containing symlinks. Patch from upstream. + - CVE-2015-1335 + + -- Steve Beattie Tue, 22 Sep 2015 15:07:00 -0700 + +lxc (1.0.7-0ubuntu0.2) trusty-security; urgency=medium + + * SECURITY UPDATE: Arbitrary file creation via unintentional symlink + following when accessing an LXC lock file (LP: #1470842) + - debian/patches/0001-CVE-2015-1331.patch: Use /run/lxc/lock, rather than + /run/lock/lxc, as /run and /run/lxc is only writable by root. Based on + patch from upstream. + - CVE-2015-1131 + * SECURITY UPDATE: Container AppArmor/SELinux confinement breakout via + lxc-attach using a potentially malicious container proc filesystem to + initialize confinement (LP: #1475050) + - debian/patches/0002-CVE-2015-1334.patch: Use the host's proc filesystem + to set up AppArmor profile and SELinux domain transitions during + lxc-attach. Based on patch from upstream. + - CVE-2015-1334 + + -- Tyler Hicks Fri, 17 Jul 2015 10:58:00 -0500 + +lxc (1.0.7-0ubuntu0.1) trusty; urgency=medium + + * New upstream bugfix release. (MRE tracking bug: LP: #1404039) + - Changelog at: https://linuxcontainers.org/lxc/news/ + * Update debian/rules apparmor handling to match Ubuntu 14.10 + + -- Stéphane Graber Thu, 18 Dec 2014 17:50:38 -0500 + +lxc (1.0.6-0ubuntu0.1) trusty; urgency=medium + + * New upstream bugfix release. (MRE tracking bug: LP: #1373619) + - Changelog at: https://linuxcontainers.org/news/ + + * Include the SELinux examples. + + -- Stéphane Graber Wed, 24 Sep 2014 16:48:10 -0400 + +lxc (1.0.5-0ubuntu0.1) trusty; urgency=medium + + * New upstream bugfix release. (MRE tracking bug: LP: #1341638) + - Changelog at: https://linuxcontainers.org/news/ + + * Sync packaging with utopic: + - Enable ppc64el adt as we now have ppc64el images available for download. + + -- Stéphane Graber Mon, 14 Jul 2014 11:49:20 -0400 + +lxc (1.0.4-0ubuntu0.1) trusty; urgency=medium + + * New upstream bugfix release. (MRE trackaging bug LP: #1329932) + - Drop all existing patches (all applied upstream). + - Fix lxc-attach failing from a different login session. (LP: #1315052) + - Fix wrong cgroup on login to container. (LP: #1315521) + + * Cherry-pick upstream (stable branch) commits to fix testsuite under adt: + - tests: Avoid the download template when possible + - tests: Don't fail when HOME isn't defined + - tests: apparmor: Always end with a newline + + * Sync packaging with utopic: + - Depend on either cgmanager or cgroup-lite and recommend cgmanager. + This should ensure systems get cgmanager by default even if cgroup-lite + is already installed, yet makes it possible for the user to remove + cgmanager if they really want to. + - Remove hardcoded dependency on apparmor, instead generate it from + rules so that the source package can be backported without changes (the + right apparmor version will be picked up based on the release number). + - Do not start lxc-instance in postinst without any instance specified, + as that is an invalid request. + + -- Stéphane Graber Sat, 14 Jun 2014 20:09:57 -0400 + +lxc (1.0.3-0ubuntu3) trusty; urgency=medium + + * Add a dependency on the new apparmor to make sure we have the new + parser around before we attempt to load a profile requiring the new + stanza support. (LP: #1304167) + + -- Stéphane Graber Mon, 14 Apr 2014 10:10:40 -0400 + +lxc (1.0.3-0ubuntu2) trusty; urgency=medium + + * Cherry-pick upstream fix for cgmanager integration. (LP: #1303649) + + -- Stéphane Graber Fri, 11 Apr 2014 12:17:41 -0400 + +lxc (1.0.3-0ubuntu1) trusty; urgency=medium + + * New upstream bugfix release. + * Drop debian/patches/apparmor-signal-ptrace.patch, now upstream. + + -- Stéphane Graber Tue, 08 Apr 2014 19:32:40 -0400 + +lxc (1.0.2-0ubuntu2) trusty; urgency=medium + + * updates for AppArmor signal and ptrace mediation (LP: #1298611) + - debian/patches/apparmor-signal-ptrace.patch: add signal and ptrace rules + to abstractions/container-base and abstractions/start-container + - debian/rules: remove signal and ptrace rules for Ubuntu releases earlier + than 14.04 LTS + + -- Jamie Strandboge Thu, 03 Apr 2014 07:06:56 -0500 + +lxc (1.0.2-0ubuntu1) trusty; urgency=medium + + * New upstream bugfix release. + * Update packaging from daily branch. + - Build-depend on libcgmanager-dev + - Build-depend on libseccomp-dev for armhf too + - Move rsync dependency from lxc to liblxc1 + - Stop recommending cgroup-lite | cgroup-bin (replace by cgmanager) + - Stop recommending libcap2-bin (lxc-setcap was dropped ages ago) + - Stop recommending openssl from lxc (only used by templates) + - Move uidmap recommend from lxc to liblxc1 + - Recommend busybox-static for lxc-templates + - Add cgmanager as a dependency of liblxc1 + - Enable cgmanager support in LXC (LP: #1279048) + - Drop cgroup-lite test suite dependency. + - Update testsuite runner to work inside an unprivileged container. + - Update testsuite runner to work in the LXC CI environment. + + -- Stéphane Graber Thu, 27 Mar 2014 23:18:11 -0400 + +lxc (1.0.1-0ubuntu1) trusty; urgency=medium + + * New upstream bugfix release. (LP: #1246094, LP: #1277466) + Changelog at: https://linuxcontainers.org/news + * Add xz-utils to lxc-templates' dependencies. + + -- Stéphane Graber Fri, 07 Mar 2014 12:18:28 -0500 + +lxc (1.0.0-0ubuntu4) trusty; urgency=medium + + * Tweak autopkgtest proxy detection to hopefully detect the right + proxy on the armhf testers... + + -- Stéphane Graber Sat, 22 Feb 2014 00:28:50 -0500 + +lxc (1.0.0-0ubuntu3) trusty; urgency=medium + + * Add debootstrap to autopkgtest dependencies. + + -- Stéphane Graber Fri, 21 Feb 2014 22:24:03 -0500 + +lxc (1.0.0-0ubuntu2) trusty; urgency=medium + + * Update autopkgtest script to detect: + - ppc64el + - running in a container + - running on an older kernel + + -- Stéphane Graber Fri, 21 Feb 2014 20:16:44 -0500 + +lxc (1.0.0-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0). + * Replace liblxc0 by liblxc1. + + -- Stéphane Graber Thu, 20 Feb 2014 13:53:18 -0500 + +lxc (1.0.0~rc4-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~rc4). + + -- Stéphane Graber Wed, 19 Feb 2014 15:04:25 -0500 + +lxc (1.0.0~rc3-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~rc3). + + -- Stéphane Graber Mon, 17 Feb 2014 22:16:17 -0500 + +lxc (1.0.0~rc1-0ubuntu2) trusty; urgency=medium + + * Re-add adt proxy workaround, it should have been fixed in adt but + apparently it's not, so keep hardcoding the right values for now. + + -- Stéphane Graber Thu, 13 Feb 2014 23:55:59 -0500 + +lxc (1.0.0~rc1-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~rc1). + * Drop dont_crash_log_init.patch: upstreamed + * Drop adt proxy workaround (fixed in adt). + * Make lxc-templates arch:any since unfortunately lxc-sshd hardcodes + some paths... + + -- Stéphane Graber Thu, 13 Feb 2014 18:58:51 -0500 + +lxc (1.0.0~beta4-0ubuntu2) trusty; urgency=medium + + * debian/patches/dont_crash_log_init.patch: don't crash if no name is passed + to lxc_log_init(), such as is the case with lxc-autostart. (LP: #1277450) + + -- Mathieu Trudel-Lapierre Fri, 07 Feb 2014 07:06:50 -0500 + +lxc (1.0.0~beta4-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~beta4). (LP: #1273769) + * Move uidmap from Depends to Recommends. + * Drop duplicate python3 cflags (LP: #1272948) + * Tweak adt to use a proxy server. + + -- Stéphane Graber Thu, 06 Feb 2014 19:32:23 -0500 + +lxc (1.0.0~beta3-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~beta3). + * Drop Build-conflict and instead pass --disable-lua. + * Update autopkgtests to dynamically run all upstream tests. + * Create /etc/lxc/lxc-usernet if missing. + * Apparmor profiles and upstart jobs are now upstream (drop from packaging). + * Bash completetion is now upstream. + * Update lintian overrides. + * DEPRECATED: lxc-aa-custom-profile has been dropped, instead use the + examples in the default configuration file. + * DEPRECATED: lxc-list has been dropped. Use "lxc-ls -f" instead. + * DEPRECATED: lxc-halt has been dropped. Use "lxc-stop" instead. + + -- Stéphane Graber Mon, 27 Jan 2014 14:40:48 +0000 + +lxc (1.0.0~beta2-0ubuntu2) trusty; urgency=medium + + * Build python3 extension for all supported python versions. LP: #127236. + * Build-conflict with lua5.2*, the packaging is not ready for it. + + -- Matthias Klose Sun, 26 Jan 2014 09:57:03 +0100 + +lxc (1.0.0~beta2-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~beta2). + * Removed patches (no remaining): + - 0000-add-autostart.patch + - 0001-fix-lxc-usernsexec-regression.patch + * Update packaging for upstream's implementation of autostart. + * Allow dbus in lxc-start apparmor profile (needed by the avahi hook). + + -- Stéphane Graber Wed, 15 Jan 2014 20:22:45 -0500 + +lxc (1.0.0~beta1-0ubuntu3) trusty; urgency=medium + + * Add lxc-container-with-mounting apparmor profile. + * Add iptables rules to always allow DHCP and DNS from the containers + to the host. + + -- Stéphane Graber Wed, 01 Jan 2014 14:37:49 +0100 + +lxc (1.0.0~beta1-0ubuntu2) trusty; urgency=medium + + * d/p/0001-fix-lxc-usernsexec-regression.patch: fix a regression breaking + lxc-usernsexec and, through that, all unprivileged container use. + + -- Serge Hallyn Thu, 19 Dec 2013 14:04:58 -0600 + +lxc (1.0.0~beta1-0ubuntu1) trusty; urgency=medium + + * New upstream release (1.0.0~beta1). + * Removed patches: + - 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch + - 0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch + + -- Stéphane Graber Tue, 17 Dec 2013 15:52:17 -0500 + +lxc (1.0.0~alpha3-0ubuntu8) trusty; urgency=low + + * Add iptables rule to fix checksum of udp packets for dhcp (LP: #930962) + + -- Serge Hallyn Tue, 10 Dec 2013 11:27:09 -0600 + +lxc (1.0.0~alpha3-0ubuntu7) trusty; urgency=low + + * Add a lxc-default-with-mounting profile which allows the container to + mount block filesystems. (LP: #1257389) + + -- Serge Hallyn Mon, 09 Dec 2013 13:19:31 -0600 + +lxc (1.0.0~alpha3-0ubuntu6) trusty; urgency=low + + * lxc-net: detect whether iptables -w flag is supported, so that backports + won't be broken. + + -- Serge Hallyn Mon, 02 Dec 2013 21:06:47 -0600 + +lxc (1.0.0~alpha3-0ubuntu5) trusty; urgency=low + + * Add -w to iptables calls in lxc-net (LP: #1257117) + + -- Serge Hallyn Mon, 02 Dec 2013 17:49:28 -0600 + +lxc (1.0.0~alpha3-0ubuntu4) trusty; urgency=low + + * Build-depend on libgnutls-dev for template checksuming. + + -- Stéphane Graber Fri, 29 Nov 2013 20:16:56 -0500 + +lxc (1.0.0~alpha3-0ubuntu3) trusty; urgency=low + + * d/p/0002-don-t-fail-lxc-init-if-we-couldn-t-mount-proc.patch: fix + failure to run lxc-init when lxc.cap.drop=sys_admin. (LP: #1253669) + + -- Serge Hallyn Fri, 22 Nov 2013 15:57:59 -0600 + +lxc (1.0.0~alpha3-0ubuntu2) trusty; urgency=low + + * Cherry-pick fix for lxc-clone hook script environment variable. + 0001-lxcapi_clone-set-the-right-environment-variable-for-.patch + (LP: #1253573) + + -- Stéphane Graber Thu, 21 Nov 2013 10:29:45 -0500 + +lxc (1.0.0~alpha3-0ubuntu1) trusty; urgency=low + + * New upstream release (1.0.0~alpha3). + * Removed patches: + - 0001-debian-template-set-hwaddr + - 0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch + - get_rid_of_lxcpath_anon_idea.patch + + -- Stéphane Graber Fri, 15 Nov 2013 16:31:01 -0500 + +lxc (1.0.0~alpha2-0ubuntu6) trusty; urgency=low + + * d/p/0002-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch fix lxc-start -with -f option to not use multiple configuration files (LP: #1251352) - -- Serge Hallyn Mon, 18 Nov 2013 10:08:53 -0600 + -- Serge Hallyn Thu, 14 Nov 2013 14:19:02 -0600 -lxc (1.0.0~alpha1-0ubuntu13) saucy-proposed; urgency=low +lxc (1.0.0~alpha2-0ubuntu5) trusty; urgency=low + [ Serge Hallyn] * debian/rules and debian/lxc.postinst: set /var/lib/lxc and /var/cache/lxc to be perms 700. That prevents unprivileged users from running setuid-root applications. Install that way by default, and for any previous versions, update the permissions. After this version, respect the user's choice. (LP: #1244635) - -- Serge Hallyn Mon, 04 Nov 2013 08:12:35 -0600 + [ Stéphane Graber ] + * Allow lxc.conf to start even if LXC_AUTO=false so that other jobs + can depend on it. Also make sure we always load our apparmor profiles. + (LP: #1227937) + + -- Stéphane Graber Tue, 29 Oct 2013 12:15:21 -0400 + +lxc (1.0.0~alpha2-0ubuntu4) trusty; urgency=low + + * get_rid_of_lxcpath_anon_idea.patch: allow lxc-stop and lxc-attach to + work more easily with containers started with a custom config (-f). + (LP: #1244301) + + -- Serge Hallyn Thu, 24 Oct 2013 11:55:06 -0500 + +lxc (1.0.0~alpha2-0ubuntu3) trusty; urgency=low + + * Fix syntax error in upstart job. + + -- Stéphane Graber Mon, 21 Oct 2013 18:51:36 -0400 + +lxc (1.0.0~alpha2-0ubuntu2) trusty; urgency=low + + * Set lxcpath in lxc-instance, that should make the containers visible + in lxc-ls and other tools again. (LP: #1242074) + + -- Stéphane Graber Mon, 21 Oct 2013 15:27:05 -0400 -lxc (1.0.0~alpha1-0ubuntu12) saucy-proposed; urgency=low +lxc (1.0.0~alpha2-0ubuntu1) trusty; urgency=low - * 0012-ubuntu-Improper-pty-permissions.patch: fix pty permissions - (LP: #1242913) - * 0013-get-rid-of-lxcpath_anon-idea.patch: make containers started with - a custom config easier to manage. (LP: #1244301) + * New upstream release (1.0.0~alpha2). + * Removed patches: + - 0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch + - 0003-move-monitor-fifo-and-monitor-sock-to-run.patch + - 0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch + - 0005-ignore-ability-to-init-lxc-monitord.log.patch + - 0006-add-pstore-to-container-fstab.patch + - 0007-apparmor.c-drop-newline-when-reading-current-profile.patch + - 0008-Fix-crasher-in-get_ips.patch + - 0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch + - 0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch + - 0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch + * Change website to new URL (http://linuxcontainers.org). + * Build with the test binaries and introduce a new lxc-tests package. + * Don't build any of the binary packages on !linux. + * Enable SELinux support. + * Add watch file. - -- Serge Hallyn Fri, 25 Oct 2013 15:42:27 -0500 + -- Stéphane Graber Mon, 21 Oct 2013 09:17:18 -0400 lxc (1.0.0~alpha1-0ubuntu11) saucy; urgency=low diff -Nru lxc-1.0.0~alpha1/debian/control lxc-1.0.8/debian/control --- lxc-1.0.0~alpha1/debian/control 2013-10-07 21:33:27.000000000 +0000 +++ lxc-1.0.8/debian/control 2015-11-18 18:41:56.000000000 +0000 @@ -10,12 +10,15 @@ hardening-wrapper, libapparmor-dev, libcap-dev, - libseccomp-dev [i386 amd64], + libcgmanager-dev, + libgnutls-dev, + libseccomp-dev [i386 amd64 armhf], + libselinux1-dev, linux-libc-dev, pkg-config, - python3-dev (>= 3.2.3) -Standards-Version: 3.9.4 -Homepage: http://lxc.sourceforge.net/ + python3-all-dev (>= 3.2.3) +Standards-Version: 3.9.5 +Homepage: http://linuxcontainers.org X-Python3-Version: >= 3.2 XS-Testsuite: autopkgtest @@ -23,20 +26,16 @@ Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: adduser, - apparmor, bridge-utils, dnsmasq-base, iptables, - liblxc0 (= ${binary:Version}), + liblxc1 (= ${binary:Version}), python3, python3-lxc, - rsync, + ${lxc:Depends}, ${misc:Depends}, ${shlibs:Depends} -Recommends: cgroup-lite | cgroup-bin, - libcap2-bin, - lxc-templates (>= 0.8.0~rc1-4ubuntu43), - openssl +Recommends: lxc-templates (>= 0.8.0~rc1-4ubuntu43) Suggests: btrfs-tools, lvm2, lxctl Description: Linux Containers userspace tools Containers are insulated areas inside a system, which have their own namespace @@ -76,13 +75,15 @@ This package contains the development files. Package: lxc-templates -Architecture: all +Architecture: linux-any Depends: lxc (>= 0.8.0~rc1-4ubuntu43), ${misc:Depends} -Recommends: cloud-image-utils | cloud-utils, +Recommends: busybox-static, + cloud-image-utils | cloud-utils, debootstrap | cdebootstrap, openssl, rsync, - uuid-runtime + uuid-runtime, + xz-utils Suggests: qemu-user-static Replaces: lxc (<< 0.8.0~rc1-4ubuntu43) Breaks: lxc (<< 0.8.0~rc1-4ubuntu43) @@ -94,12 +95,29 @@ . This package contains the templates. -Package: liblxc0 -Architecture: any +Package: lxc-tests +Architecture: linux-any +Depends: liblxc1 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} +Recommends: lxc, lxc-templates +Description: Linux Containers userspace tools (test binaries) + Containers are insulated areas inside a system, which have their own namespace + for filesystem, network, PID, IPC, CPU and memory allocation and which can be + created using the Control Group and Namespace features included in the Linux + kernel. + . + This package contains the test binaries. Those binaries are primarily + used for autopkgtest and by some developers. They are not meant to be + installed on regular user systems. + +Package: liblxc1 +Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} -Depends: ${misc:Depends}, ${shlibs:Depends} -Replaces: lxc (<< 0.9.0~alpha3-0ubuntu1~) +Depends: cgmanager | cgroup-lite, rsync, ${misc:Depends}, ${shlibs:Depends} +Recommends: cgmanager, uidmap +Replaces: liblxc0, lxc (<< 0.9.0~alpha3-0ubuntu1~) Breaks: lxc (<< 0.9.0~alpha3-0ubuntu1~) +Provides: liblxc0 +Conflicts: liblxc0 Description: Linux Containers userspace tools (library) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -109,11 +127,11 @@ This package contains the libraries. Package: python3-lxc -Architecture: any +Architecture: linux-any Section: python -Depends: liblxc0 (=${binary:Version}), - python3, +Depends: liblxc1 (=${binary:Version}), ${misc:Depends}, + ${python3:Depends}, ${shlibs:Depends} Recommends: lxc-templates (>= 0.8.0~rc1-4ubuntu43) Description: Linux Containers userspace tools (Python 3.x bindings) diff -Nru lxc-1.0.0~alpha1/debian/copyright lxc-1.0.8/debian/copyright --- lxc-1.0.0~alpha1/debian/copyright 2013-10-07 21:33:27.000000000 +0000 +++ lxc-1.0.8/debian/copyright 2015-11-18 18:40:14.000000000 +0000 @@ -1,7 +1,7 @@ Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: lxc -Upstream-Contact: lxc-devel@lists.sourceforge.net -Source: http://lxc.sourceforge.net/download/lxc/ +Upstream-Contact: lxc-devel@lists.linuxcontainers.org +Source: http://linuxcontainers.org/downloads/ Files: * Copyright: 2007-2013 various LXC contributors (see headers for details) diff -Nru lxc-1.0.0~alpha1/debian/.git-dpm lxc-1.0.8/debian/.git-dpm --- lxc-1.0.0~alpha1/debian/.git-dpm 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/.git-dpm 2015-11-18 18:41:56.000000000 +0000 @@ -0,0 +1,8 @@ +# see git-dpm(1) from git-dpm package +3d3ff990d7ed8f30ac1fc5508cb7c81b14d5c235 +3d3ff990d7ed8f30ac1fc5508cb7c81b14d5c235 +4d4ae2d76b719cb54dbdeea8f371aedb309b820a +4d4ae2d76b719cb54dbdeea8f371aedb309b820a +lxc_1.0.8.orig.tar.gz +5ceec2289d2f25f8b6a13f8ec8731025294ef4da +807754 diff -Nru lxc-1.0.0~alpha1/debian/liblxc0.install lxc-1.0.8/debian/liblxc0.install --- lxc-1.0.0~alpha1/debian/liblxc0.install 2013-10-07 21:33:27.000000000 +0000 +++ lxc-1.0.8/debian/liblxc0.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,2 +0,0 @@ -usr/lib/*/*.so.* -usr/lib/*/lxc/README diff -Nru lxc-1.0.0~alpha1/debian/liblxc1.install lxc-1.0.8/debian/liblxc1.install --- lxc-1.0.0~alpha1/debian/liblxc1.install 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/liblxc1.install 2015-11-18 18:40:14.000000000 +0000 @@ -0,0 +1,2 @@ +usr/lib/*/*.so.* +usr/lib/*/lxc/README diff -Nru lxc-1.0.0~alpha1/debian/local/lxc-aa-custom-profile lxc-1.0.8/debian/local/lxc-aa-custom-profile --- lxc-1.0.0~alpha1/debian/local/lxc-aa-custom-profile 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/local/lxc-aa-custom-profile 1970-01-01 00:00:00.000000000 +0000 @@ -1,89 +0,0 @@ -#!/bin/sh - -# (C) Copyright Canonical 2011,2012 - -# This library is free software; you can redistribute it and/or -# modify it under the terms of the GNU Lesser General Public -# License as published by the Free Software Foundation; either -# version 2.1 of the License, or (at your option) any later version. - -# This library is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# Lesser General Public License for more details. - -# You should have received a copy of the GNU Lesser General Public -# License along with this library; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -. /usr/share/lxc/lxc.functions - -set -e - -_OPTIONS="$(getopt -o n: -l name: -- "${@}")" - -if [ "${?}" -ne 0 ] -then - echo "Usage: $(basename ${0}) -n|--name CONTAINER" >&2 - echo " creates a custom profile (copied from the default) for CONTAINER" - exit 1 -fi - -eval set -- "${_OPTIONS}" - -while true -do - case "${1}" in - -n|--name) - _CONTAINER="${2}" - shift 2 - ;; - - --) - shift - break - ;; - - *) - echo "E: $(basename ${0}): internal error ${0}" >&2 - exit 1 - ;; - esac -done - -if [ `id -u` -ne 0 ]; then - echo "E: $(basename ${0}): must run with privilege" - exit 1 -fi - -if [ -z "${_CONTAINER}" ] -then - echo "E: $(basename ${0}): missing container name, use --name option" >&2 - exit 1 -fi - -if [ ! -f $lxc_path/${_CONTAINER}/config ]; then - echo "E: $(basename ${0}): $lxc_path/${_CONTAINER}/config - no such file" - exit 1 -fi - -profile="lxc-${_CONTAINER}" -if [ -f /etc/apparmor.d/lxc/${profile} ]; then - echo "E: $(basename ${0}): custom profile already exists" - exit 1 -fi - -if [ ! -f /etc/apparmor.d/lxc/lxc-default ]; then - echo "E: $(basename ${0}): default profile does not exist!" - exit 1 -fi - -cp -f /etc/apparmor.d/lxc/lxc-default /etc/apparmor.d/lxc/${profile} -sed -i "s/profile lxc-container-default/profile ${profile}/" /etc/apparmor.d/lxc/${profile} - -sed -i '/lxc.aa_profile/d' $lxc_path/${_CONTAINER}/config -echo "lxc.aa_profile = ${profile}" >> $lxc_path/${_CONTAINER}/config - -/lib/init/apparmor-profile-load lxc-containers - -echo "Profile for ${_CONTAINER} updated. Edit /etc/apparmor.d/lxc/${profile} to customize." diff -Nru lxc-1.0.0~alpha1/debian/local/lxc.sh lxc-1.0.8/debian/local/lxc.sh --- lxc-1.0.0~alpha1/debian/local/lxc.sh 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/local/lxc.sh 1970-01-01 00:00:00.000000000 +0000 @@ -1,293 +0,0 @@ -#!bash - -# bash completion for lxc -### v1.1 20111211 -# -# CHANGE LOG: -# v1.1: -# added basic completion for 'lxc $command $container' next syntax -# v1.0: -# initial kork - -have lxc-start && { - -_lxc_names() -{ - COMPREPLY=( $( compgen -W "$( /usr/bin/lxc-ls )" "$cur" ) ) -} - -_lxc_status() -{ - COMPREPLY=( $( compgen -W "RUNNING STOPPED" "$cur" ) ) -} - -_lxc_templates() -{ - COMPREPLY=( $( compgen -W "$( /bin/ls /usr/share/lxc/templates/ | sed -e 's|^lxc-||' )" "$cur" ) ) -} - -_lxc-start() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -d -f -c -s -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-start lxc-start - -_lxc-generic() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-generic lxc-stop -complete -F _lxc-generic lxc-halt -complete -F _lxc-generic lxc-shutdown -complete -F _lxc-generic lxc-kill -complete -F _lxc-generic lxc-monitor -complete -F _lxc-generic lxc-cgroup -complete -F _lxc-generic lxc-unfreeze - -_lxc-info() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -s -p -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-info lxc-info - -_lxc-wait() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - - -s) - _lxc_status "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -s -p -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-wait lxc-wait - -_lxc-create() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -t) - _lxc_templates "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -t -f' -- "$cur" ) ) - fi -} -complete -F _lxc-create lxc-create - -_lxc-console() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -t -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-console lxc-console - -_lxc-destroy() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n' -- "$cur" ) ) - fi -} -complete -F _lxc-destroy lxc-destroy - -_lxc-execute() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -f -s -- -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-execute lxc-execute - -_lxc-ps() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -- -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-ps lxc-ps - -_lxc-restart() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -S -d -p -f -s -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-restart lxc-restart - -_lxc-checkpoint() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - -n) - _lxc_names "$cur" - return 0 - ;; - esac - - if [[ "$cur" == -* ]] - then - COMPREPLY=( $( compgen -W '-n -S -d -p -k -q -o -l' -- "$cur" ) ) - fi -} -complete -F _lxc-checkpoint lxc-checkpoint - -# next lxc command usage -_lxc-cmd() -{ - local cur prev - - COMPREPLY=() - _get_comp_words_by_ref cur prev - - case $prev in - lxc) - COMPREPLY=( $( compgen -W 'attach cgroup checkconfig checkpoint clone console create destroy execute freeze halt shutdown info kill ls monitor netstat ps restart setcap setuid start stop unfreeze unshare version wait' -- "$cur" ) ) - return 0 - ;; - - attach|cgroup|checkconfig|checkpoint|clone|console|create|destroy|execute|freeze|halt|shutdown|info|kill|monitor|netstat|ps|restart|start|stop|unfreeze|unshare|wait) - _lxc_names "$cur" - return 0 - ;; - esac -} -complete -F _lxc-cmd lxc - -} diff -Nru lxc-1.0.0~alpha1/debian/lxc.dirs lxc-1.0.8/debian/lxc.dirs --- lxc-1.0.0~alpha1/debian/lxc.dirs 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.dirs 2015-11-18 18:40:14.000000000 +0000 @@ -1,2 +1 @@ -etc/lxc/auto var/log/lxc diff -Nru lxc-1.0.0~alpha1/debian/lxc.install lxc-1.0.8/debian/lxc.install --- lxc-1.0.0~alpha1/debian/lxc.install 2013-10-07 21:33:27.000000000 +0000 +++ lxc-1.0.8/debian/lxc.install 2015-11-18 18:41:56.000000000 +0000 @@ -1,12 +1,12 @@ - -debian/local/lxc-aa-custom-profile /usr/bin -debian/local/lxc.sh /etc/bash_completion.d etc usr/bin usr/lib/*/lxc/lxc-* +usr/sbin/* usr/share/doc +usr/share/lxc/config usr/share/lxc/hooks usr/share/lxc/lxc.functions +usr/share/lxc/selinux usr/share/man var/cache/lxc var/lib/lxc diff -Nru lxc-1.0.0~alpha1/debian/lxc.links lxc-1.0.8/debian/lxc.links --- lxc-1.0.0~alpha1/debian/lxc.links 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.links 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -/usr/bin/lxc-ls /usr/bin/lxc-list -/usr/bin/lxc-shutdown /usr/bin/lxc-halt -/usr/share/man/man1/lxc-list.1.gz /usr/share/man/man1/lxc-ls.1.gz -/usr/share/man/man1/lxc-halt.1.gz /usr/share/man/man1/lxc-shutdown.1.gz diff -Nru lxc-1.0.0~alpha1/debian/lxc.lintian-overrides lxc-1.0.8/debian/lxc.lintian-overrides --- lxc-1.0.0~alpha1/debian/lxc.lintian-overrides 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.lintian-overrides 2015-11-18 18:40:14.000000000 +0000 @@ -1,3 +1,12 @@ postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-instance postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-net +init.d-script-not-marked-as-conffile etc/init.d/lxc +init.d-script-not-marked-as-conffile etc/init.d/lxc-instance +init.d-script-not-marked-as-conffile etc/init.d/lxc-net +init.d-script-not-included-in-package etc/init.d/lxc +init.d-script-not-included-in-package etc/init.d/lxc-instance +init.d-script-not-included-in-package etc/init.d/lxc-net +setuid-binary usr/lib/*/lxc/lxc-user-nic 4755 root/root +non-standard-dir-perm var/cache/lxc/ 0700 != 0755 +non-standard-dir-perm var/lib/lxc/ 0700 != 0755 diff -Nru lxc-1.0.0~alpha1/debian/lxc.lxc-instance.upstart lxc-1.0.8/debian/lxc.lxc-instance.upstart --- lxc-1.0.0~alpha1/debian/lxc.lxc-instance.upstart 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.lxc-instance.upstart 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -description "lxc instance" -author "Christian Kampka " - -stop on stopping lxc - -# wait for 120 seconds for container to shutdown before killing it -kill timeout 120 - -# send SIGPWR to container to trigger a shutdown (see lxc-shutdown(1)) -kill signal SIGPWR - - -instance $NAME -usage "NAME=name of LXC instance, CONFIG=full path to configuration file" - -pre-start script - - lxc-info -n $NAME 2>/dev/null | grep state | grep -q "RUNNING" && {stop; exit 0; } - [ -f $CONFIG ] || {stop; exit 0; } - -end script - -exec lxc-start -n $NAME -f $CONFIG diff -Nru lxc-1.0.0~alpha1/debian/lxc.lxc-net.upstart lxc-1.0.8/debian/lxc.lxc-net.upstart --- lxc-1.0.0~alpha1/debian/lxc.lxc-net.upstart 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.lxc-net.upstart 1970-01-01 00:00:00.000000000 +0000 @@ -1,67 +0,0 @@ -description "lxc network" -author "Serge Hallyn " - -start on starting lxc -stop on stopped lxc - -env USE_LXC_BRIDGE="false" -env LXC_BRIDGE="lxcbr0" -env LXC_ADDR="10.0.3.1" -env LXC_NETMASK="255.255.255.0" -env LXC_NETWORK="10.0.3.0/24" -env LXC_DHCP_RANGE="10.0.3.2,10.0.3.254" -env LXC_DHCP_MAX="253" -env LXC_DHCP_CONFILE="" -env varrun="/var/run/lxc" -env LXC_DOMAIN="" - -pre-start script - [ -f /etc/default/lxc ] && . /etc/default/lxc - - [ "x$USE_LXC_BRIDGE" = "xtrue" ] || { stop; exit 0; } - - cleanup() { - # dnsmasq failed to start, clean up the bridge - iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true - ifconfig ${LXC_BRIDGE} down || true - brctl delbr ${LXC_BRIDGE} || true - } - - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then - if [ ! -f ${varrun}/network_up ]; then - # bridge exists, but we didn't start it - stop; - fi - exit 0; - fi - - # set up the lxc network - brctl addbr ${LXC_BRIDGE} || { echo "Missing bridge support in kernel"; stop; exit 0; } - echo 1 > /proc/sys/net/ipv4/ip_forward - mkdir -p ${varrun} - ifconfig ${LXC_BRIDGE} ${LXC_ADDR} netmask ${LXC_NETMASK} up - iptables -t nat -A POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE - - LXC_DOMAIN_ARG="" - if [ -n "$LXC_DOMAIN" ]; then - LXC_DOMAIN_ARG="-s $LXC_DOMAIN" - fi - dnsmasq $LXC_DOMAIN_ARG -u lxc-dnsmasq --strict-order --bind-interfaces --pid-file=${varrun}/dnsmasq.pid --conf-file=${LXC_DHCP_CONFILE} --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile=/var/lib/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative || cleanup - touch ${varrun}/network_up -end script - -post-stop script - [ -f /etc/default/lxc ] && . /etc/default/lxc - [ -f "${varrun}/network_up" ] || exit 0; - # if $LXC_BRIDGE has attached interfaces, don't shut it down - ls /sys/class/net/${LXC_BRIDGE}/brif/* > /dev/null 2>&1 && exit 0; - - if [ -d /sys/class/net/${LXC_BRIDGE} ]; then - ifconfig ${LXC_BRIDGE} down - iptables -t nat -D POSTROUTING -s ${LXC_NETWORK} ! -d ${LXC_NETWORK} -j MASQUERADE || true - pid=`cat ${varrun}/dnsmasq.pid 2>/dev/null` && kill -9 $pid || true - rm -f ${varrun}/dnsmasq.pid - brctl delbr ${LXC_BRIDGE} - fi - rm -f ${varrun}/network_up -end script diff -Nru lxc-1.0.0~alpha1/debian/lxc.postinst lxc-1.0.8/debian/lxc.postinst --- lxc-1.0.0~alpha1/debian/lxc.postinst 2013-11-04 14:12:24.000000000 +0000 +++ lxc-1.0.8/debian/lxc.postinst 2015-11-18 18:41:56.000000000 +0000 @@ -108,11 +108,11 @@ invoke-rc.d dnsmasq restart 2>/dev/null || true fi - # Up to version 1.0.0~alpha1-0ubuntu12 lxc was installed world + # Up to version 1.0.0~alpha2-0ubuntu4 lxc was installed world # readable. After that version if users want it that way for # convenience, then that's fine. But one time go ahead and # forcibly change the permissions. - if dpkg --compare-versions "$2" lt "1.0.0~alpha1-0ubuntu13"; then + if dpkg --compare-versions "$2" lt "1.0.0~alpha2-0ubuntu5"; then chmod 700 /var/lib/lxc chmod 700 /var/cache/lxc fi diff -Nru lxc-1.0.0~alpha1/debian/lxc.preinst lxc-1.0.8/debian/lxc.preinst --- lxc-1.0.0~alpha1/debian/lxc.preinst 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.preinst 2015-11-18 18:41:56.000000000 +0000 @@ -64,11 +64,51 @@ fi } +migrate_auto() +{ + echo "Migrating /etc/lxc/auto to lxc.auto.start config flag" + for container in /etc/lxc/auto/*; do + [ "$container" = "/etc/lxc/auto/*" ] && continue + + if [ ! -L "$container" ]; then + echo "$container isn't a symlink, skipping." + fi + + if [ -d "$container" ] && [ -e "$container/config" ]; then + echo " - Marking $container/config as auto-started" + echo "" >> $container/config + echo "# Added by lxc postinst, migration of autostart flag" >> $container/config + echo "lxc.start.auto = 1" >> $container/config + fi + + if [ -f "$container" ]; then + echo " - Marking $container as auto-started" + echo "" >> $container + echo "# Added by lxc postinst, migration of autostart flag" >> $container + echo "lxc.start.auto = 1" >> $container + fi + + rm $container + done + + # Try to remove /etc/lxc/auto (but ignore failure if non-empty) + rmdir /etc/lxc/auto/ >/dev/null 2>&1 || true +} + case "${1}" in install|upgrade) if [ ! -f /etc/default/lxc-net ]; then configure_lxcbr0 fi + + if [ -d /etc/lxc/auto ]; then + migrate_auto + fi + + if [ ! -f /etc/lxc/lxc-usernet ]; then + mkdir -p /etc/lxc/ + echo "# USERNAME TYPE BRIDGE COUNT" > /etc/lxc/lxc-usernet + fi ;; abort-upgrade) ;; diff -Nru lxc-1.0.0~alpha1/debian/lxc-templates.install lxc-1.0.8/debian/lxc-templates.install --- lxc-1.0.0~alpha1/debian/lxc-templates.install 2013-10-07 21:33:27.000000000 +0000 +++ lxc-1.0.8/debian/lxc-templates.install 2015-11-18 18:40:14.000000000 +0000 @@ -1 +1,2 @@ +usr/share/lxc/lxc-patch.py usr/share/lxc/templates diff -Nru lxc-1.0.0~alpha1/debian/lxc-tests.lintian-overrides lxc-1.0.8/debian/lxc-tests.lintian-overrides --- lxc-1.0.0~alpha1/debian/lxc-tests.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/lxc-tests.lintian-overrides 2015-11-18 18:40:14.000000000 +0000 @@ -0,0 +1 @@ +lxc-tests: binary-without-manpage usr/bin/lxc-test-* diff -Nru lxc-1.0.0~alpha1/debian/lxc.upstart lxc-1.0.8/debian/lxc.upstart --- lxc-1.0.0~alpha1/debian/lxc.upstart 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/lxc.upstart 1970-01-01 00:00:00.000000000 +0000 @@ -1,28 +0,0 @@ -description "lxc" -author "Serge Hallyn " - -start on runlevel [2345] -stop on starting rc RUNLEVEL=[016] - -env LXC_AUTO="false" - -pre-start script - [ -f /etc/default/lxc ] && . /etc/default/lxc - - [ "x$LXC_AUTO" = "xtrue" ] || { stop; exit 0; } - - # don't load profiles if mount mediation is not supported - SYSF=/sys/kernel/security/apparmor/features/mount/mask - if [ -f $SYSF ]; then - if [ -x /lib/init/apparmor-profile-load ]; then - /lib/init/apparmor-profile-load usr.bin.lxc-start - /lib/init/apparmor-profile-load lxc-containers - fi - fi - - ls /etc/lxc/auto/* > /dev/null 2>&1 || exit 0; - for f in /etc/lxc/auto/*; do - c="$(basename $f .conf)" - start lxc-instance NAME=$c CONFIG=$f - done -end script diff -Nru lxc-1.0.0~alpha1/debian/patches/0000-add-autostart.patch lxc-1.0.8/debian/patches/0000-add-autostart.patch --- lxc-1.0.0~alpha1/debian/patches/0000-add-autostart.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0000-add-autostart.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -Description: Add autostart support to LXC - Autostart isn't currently upstream yet, so we need a patch to lxc-destroy - and lxc-ls to properly managed the flag. -Author: Stéphane Graber -Origin: vendor -Forwarded: no - -Index: saucy-lxc/src/lxc/lxc-ls -=================================================================== ---- saucy-lxc.orig/src/lxc/lxc-ls 2013-09-10 18:40:46.024436751 -0400 -+++ saucy-lxc/src/lxc/lxc-ls 2013-09-10 18:40:46.020436751 -0400 -@@ -132,7 +132,8 @@ - parser.add_argument("--fancy", action="store_true", - help=_("use fancy output")) - --parser.add_argument("--fancy-format", type=str, default="name,state,ipv4,ipv6", -+parser.add_argument("--fancy-format", type=str, default="name,state,ipv4,ipv6" -+ ",autostart", - help=_("comma separated list of fields to show")) - - parser.add_argument("--nesting", dest="nesting", action="store_true", -@@ -207,6 +208,11 @@ - entry['pid'] = "-" - if container.init_pid != -1: - entry['pid'] = str(container.init_pid) -+ if (os.path.exists("/etc/lxc/auto/%s.conf" % container_name) or -+ os.path.exists("/etc/lxc/%s" % container_name)): -+ entry['autostart'] = "YES" -+ else: -+ entry['autostart'] = "NO" - - # Get the IPs - for family, protocol in {'inet': 'ipv4', 'inet6': 'ipv6'}.items(): diff -Nru lxc-1.0.0~alpha1/debian/patches/0001-debian-template-set-hwaddr lxc-1.0.8/debian/patches/0001-debian-template-set-hwaddr --- lxc-1.0.0~alpha1/debian/patches/0001-debian-template-set-hwaddr 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0001-debian-template-set-hwaddr 1970-01-01 00:00:00.000000000 +0000 @@ -1,23 +0,0 @@ -Description: set hwaddr in debian template -Author: Serge Hallyn -Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1080681 -Forwarded: no - -Index: saucy-lxc/templates/lxc-debian.in -=================================================================== ---- saucy-lxc.orig/templates/lxc-debian.in 2013-09-10 18:44:49.608427600 -0400 -+++ saucy-lxc/templates/lxc-debian.in 2013-09-10 18:44:49.604427600 -0400 -@@ -213,6 +213,13 @@ - rootfs=$2 - hostname=$3 - -+ # if there is exactly one veth network entry, make sure it has an -+ # associated hwaddr. -+ nics=`grep -e '^lxc\.network\.type[ \t]*=[ \t]*veth' $path/config | wc -l` -+ if [ $nics -eq 1 ]; then -+ grep -q "^lxc.network.hwaddr" $path/config || sed -i -e "/^lxc\.network\.type[ \t]*=[ \t]*veth/a lxc.network.hwaddr = 00:16:3e:$(openssl rand -hex 3| sed 's/\(..\)/\1:/g; s/.$//')" $path/config -+ fi -+ - grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config - cat <> $path/config - lxc.tty = 4 diff -Nru lxc-1.0.0~alpha1/debian/patches/0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch lxc-1.0.8/debian/patches/0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch --- lxc-1.0.0~alpha1/debian/patches/0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/patches/0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch 2015-11-18 18:41:56.000000000 +0000 @@ -0,0 +1,369 @@ +From 3e3c933900c23edf4e378127b6520c91e9f87546 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Wed, 28 Oct 2015 13:51:07 -0500 +Subject: Trusty: Swap out the CVE-2015-1335 fix with the + trusty-kernel-friendly one + +The upstream fix for CVE-2015-1335 exposes bugs in trusty's kernel's +overlayfs+apparmor behavior, breaking lxc-test-unpriv. In trusty we +use a separate lxc patch for CVE-2015-1335 for this reason. + +This patch against upstream stable-1.0 replaces the upstream fix with +the trusty-compatible one. + +Signed-off-by: Serge Hallyn +--- + src/lxc/utils.c | 286 +++++++++++++++------------------------------ + src/tests/lxc-test-symlink | 4 + + 2 files changed, 100 insertions(+), 190 deletions(-) + +diff --git a/src/lxc/utils.c b/src/lxc/utils.c +index 214c5a8..fb45e1f 100644 +--- a/src/lxc/utils.c ++++ b/src/lxc/utils.c +@@ -1155,234 +1155,140 @@ err: + } + + /* +- * @path: a pathname where / replaced with '\0'. +- * @offsetp: pointer to int showing which path segment was last seen. +- * Updated on return to reflect the next segment. +- * @fulllen: full original path length. +- * Returns a pointer to the next path segment, or NULL if done. ++ * ws points into an array of \0-separate path elements. ++ * ws should be pointing to one of the path elements or ++ * the next \0. It will return the first character of the ++ * next path element. + */ +-static char *get_nextpath(char *path, int *offsetp, int fulllen) +-{ +- int offset = *offsetp; +- +- if (offset >= fulllen) +- return NULL; +- +- while (path[offset] != '\0' && offset < fulllen) +- offset++; +- while (path[offset] == '\0' && offset < fulllen) +- offset++; +- +- *offsetp = offset; +- return (offset < fulllen) ? &path[offset] : NULL; ++static char *next_word(char *ws) { ++ while (*ws && *ws != ' ') ws++; ++ while (*ws && *ws == ' ') ws++; ++ return ws; + } + + /* +- * Check that @subdir is a subdir of @dir. @len is the length of +- * @dir (to avoid having to recalculate it). ++ * copy src to dest, collapsing multiple '/' into one and ++ * collapsing '/./' to '/' + */ +-static bool is_subdir(const char *subdir, const char *dir, size_t len) ++static void copy_cleanedup(char *dest, const char *src) + { +- size_t subdirlen = strlen(subdir); +- +- if (subdirlen < len) +- return false; +- if (strncmp(subdir, dir, len) != 0) +- return false; +- if (dir[len-1] == '/') +- return true; +- if (subdir[len] == '/' || subdirlen == len) +- return true; +- return false; ++ char *orig = dest; ++ while (*src) { ++ if (*src == '/' && *(src+1) == '/') { ++ src++; ++ continue; ++ } ++ if (*src == '/' && *(src+1) == '.' && ++ (*(src+2) == '/' || *(src+2) == '\0')) { ++ src += 2; ++ continue; ++ } ++ *(dest++) = *(src++); ++ } ++ *dest = '\0'; ++ /* remove trailing / */ ++ dest--; ++ while (dest > orig && *dest == '/') ++ *(dest--) = '\0'; + } + +-/* +- * Check if the open fd is a symlink. Return -ELOOP if it is. Return +- * -ENOENT if we couldn't fstat. Return 0 if the fd is ok. +- */ +-static int check_symlink(int fd) ++static size_t count_mountinfo_lines(void) + { +- struct stat sb; +- int ret = fstat(fd, &sb); +- if (ret < 0) +- return -ENOENT; +- if (S_ISLNK(sb.st_mode)) +- return -ELOOP; +- return 0; +-} ++ FILE *f = fopen("/proc/self/mountinfo", "r"); ++ char *line = NULL; ++ size_t len = 0, i = 0; ++ if (!f) ++ return 0; + +-/* +- * Open a file or directory, provided that it contains no symlinks. +- * +- * CAVEAT: This function must not be used for other purposes than container +- * setup before executing the container's init +- */ +-static int open_if_safe(int dirfd, const char *nextpath) +-{ +- int newfd = openat(dirfd, nextpath, O_RDONLY | O_NOFOLLOW); +- if (newfd >= 0) // was not a symlink, all good +- return newfd; +- +- if (errno == ELOOP) +- return newfd; +- +- if (errno == EPERM || errno == EACCES) { +- /* we're not root (cause we got EPERM) so +- try opening with O_PATH */ +- newfd = openat(dirfd, nextpath, O_PATH | O_NOFOLLOW); +- if (newfd >= 0) { +- /* O_PATH will return an fd for symlinks. We know +- * nextpath wasn't a symlink at last openat, so if fd +- * is now a link, then something * fishy is going on +- */ +- int ret = check_symlink(newfd); +- if (ret < 0) { +- close(newfd); +- newfd = ret; +- } +- } +- } ++ while (getline(&line, &len, f) != -1) ++ i++; ++ fclose(f); + +- return newfd; ++ free(line); ++ return i; + } + + /* +- * Open a path intending for mounting, ensuring that the final path +- * is inside the container's rootfs. +- * +- * CAVEAT: This function must not be used for other purposes than container +- * setup before executing the container's init +- * +- * @target: path to be opened +- * @prefix_skip: a part of @target in which to ignore symbolic links. This +- * would be the container's rootfs. +- * +- * Return an open fd for the path, or <0 on error. ++ * This is only used during container startup. So we know we won't race ++ * with anyone else mounting. Check the last line in /proc/self/mountinfo ++ * to make sure the target is under the container root. + */ +-static int open_without_symlink(const char *target, const char *prefix_skip) ++static bool ensure_not_symlink(const char *target, const char *croot, size_t prevlines) + { +- int curlen = 0, dirfd, fulllen, i; +- char *dup = NULL; +- +- fulllen = strlen(target); +- +- /* make sure prefix-skip makes sense */ +- if (prefix_skip) { +- curlen = strlen(prefix_skip); +- if (!is_subdir(target, prefix_skip, curlen)) { +- ERROR("WHOA there - target '%s' didn't start with prefix '%s'", +- target, prefix_skip); +- return -EINVAL; +- } +- /* +- * get_nextpath() expects the curlen argument to be +- * on a (turned into \0) / or before it, so decrement +- * curlen to make sure that happens +- */ +- if (curlen) +- curlen--; +- } else { +- prefix_skip = "/"; +- curlen = 0; ++ FILE *f = fopen("/proc/self/mountinfo", "r"); ++ char *line = NULL, *ws = NULL, *we = NULL, *tgtcopy; ++ size_t len = 0, i = 0; ++ bool ret = false; ++ ++ if (!croot || croot[0] == '\0') ++ return true; ++ ++ if (!f) { ++ ERROR("Cannot open /proc/self/mountinfo"); ++ return false; + } + +- /* Make a copy of target which we can hack up, and tokenize it */ +- if ((dup = strdup(target)) == NULL) { +- SYSERROR("Out of memory checking for symbolic link"); +- return -ENOMEM; ++ while (getline(&line, &len, f) != -1 && i < prevlines) { ++ i++; + } +- for (i = 0; i < fulllen; i++) { +- if (dup[i] == '/') +- dup[i] = '\0'; ++ fclose(f); ++ ++ if (!line) ++ return false; ++ ws = line; ++ for (i = 0; i < 4; i++) ++ ws = next_word(ws); ++ if (!*ws) ++ goto out; ++ we = ws; ++ while (*we && *we != ' ') ++ we++; ++ if (!*we) ++ goto out; ++ *we = '\0'; ++ ++ tgtcopy = alloca(strlen(target) + 1); ++ copy_cleanedup(tgtcopy, target); ++ /* now make sure that ws starts with croot and ends with rest of target */ ++ if (croot && strncmp(ws, croot, strlen(croot)) != 0) { ++ ERROR("Mount onto %s resulted in %s, does not match root %s\n", ++ target, ws, croot); ++ goto out; + } + +- dirfd = open(prefix_skip, O_RDONLY); +- if (dirfd < 0) ++ size_t start = croot ? strlen(croot) : 0; ++ if (strcmp(ws + start, tgtcopy + start) != 0) { ++ ERROR("Mount onto %s resulted in %s, not %s\n", target, ws, tgtcopy); + goto out; +- while (1) { +- int newfd, saved_errno; +- char *nextpath; +- +- if ((nextpath = get_nextpath(dup, &curlen, fulllen)) == NULL) +- goto out; +- newfd = open_if_safe(dirfd, nextpath); +- saved_errno = errno; +- close(dirfd); +- dirfd = newfd; +- if (newfd < 0) { +- errno = saved_errno; +- if (errno == ELOOP) +- SYSERROR("%s in %s was a symbolic link!", nextpath, target); +- else +- SYSERROR("Error examining %s in %s", nextpath, target); +- goto out; +- } + } + ++ ret = true; ++ + out: +- free(dup); +- return dirfd; ++ free(line); ++ return ret; + } +- + /* + * Safely mount a path into a container, ensuring that the mount target + * is under the container's @rootfs. (If @rootfs is NULL, then the container + * uses the host's /) +- * +- * CAVEAT: This function must not be used for other purposes than container +- * setup before executing the container's init + */ + int safe_mount(const char *src, const char *dest, const char *fstype, + unsigned long flags, const void *data, const char *rootfs) + { +- int srcfd = -1, destfd, ret, saved_errno; +- char srcbuf[50], destbuf[50]; // only needs enough for /proc/self/fd/ +- const char *mntsrc = src; +- +- if (!rootfs) +- rootfs = ""; +- +- /* todo - allow symlinks for relative paths if 'allowsymlinks' option is passed */ +- if (flags & MS_BIND && src && src[0] != '/') { +- INFO("this is a relative bind mount"); +- srcfd = open_without_symlink(src, NULL); +- if (srcfd < 0) +- return srcfd; +- ret = snprintf(srcbuf, 50, "/proc/self/fd/%d", srcfd); +- if (ret < 0 || ret > 50) { +- close(srcfd); +- ERROR("Out of memory"); +- return -EINVAL; +- } +- mntsrc = srcbuf; +- } +- +- destfd = open_without_symlink(dest, rootfs); +- if (destfd < 0) { +- if (srcfd != -1) +- close(srcfd); +- return destfd; +- } +- +- ret = snprintf(destbuf, 50, "/proc/self/fd/%d", destfd); +- if (ret < 0 || ret > 50) { +- if (srcfd != -1) +- close(srcfd); +- close(destfd); +- ERROR("Out of memory"); +- return -EINVAL; +- } ++ int ret; ++ size_t nlines = count_mountinfo_lines(); + +- ret = mount(mntsrc, destbuf, fstype, flags, data); +- saved_errno = errno; +- if (srcfd != -1) +- close(srcfd); +- close(destfd); ++ ret = mount(src, dest, fstype, flags, data); + if (ret < 0) { +- errno = saved_errno; +- SYSERROR("Failed to mount %s onto %s", src, dest); ++ SYSERROR("Mount of '%s' onto '%s' failed", src, dest); + return ret; + } + ++ if (!ensure_not_symlink(dest, rootfs, nlines)) { ++ ERROR("Mount of '%s' onto '%s' was onto a symlink!", src, dest); ++ umount(dest); ++ return -1; ++ } + return 0; + } +diff --git a/src/tests/lxc-test-symlink b/src/tests/lxc-test-symlink +index 56b7cf6..1e32d66 100644 +--- a/src/tests/lxc-test-symlink ++++ b/src/tests/lxc-test-symlink +@@ -51,6 +51,10 @@ lxc.mount.entry = $dirname opt/xxx/dir none bind,create=dir + lxc.mount.entry = $fname opt/xxx/file none bind,create=file + lxc.mount.entry = $fname2 opt/xxx/file2 none bind + lxc.mount.entry = $dirname /var/lib/lxc/symtest1/rootfs/opt/xxx/dir2 none bind,create=dir ++lxc.mount.entry = $dirname /var/lib/lxc/symtest1/rootfs/opt/xxx//././//dir2 none bind,create=dir ++lxc.mount.entry = $dirname /var/lib/lxc/symtest1/rootfs/opt/xxx//././//dir3// none bind,create=dir ++lxc.mount.entry = $dirname /var/lib/lxc/symtest1/rootfs/opt/xxx//././//dir4/. none bind,create=dir ++ + EOF + + # Regular - should succeed diff -Nru lxc-1.0.0~alpha1/debian/patches/0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch lxc-1.0.8/debian/patches/0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch --- lxc-1.0.0~alpha1/debian/patches/0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,73 +0,0 @@ -From 00ec333b2e6c7a29e99da196979a496fb05ee923 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Tue, 10 Sep 2013 23:17:46 -0500 -Subject: [PATCH 1/6] pin_rootfs: be quiet and don't fail container start - -It's a legitimate use case to use read-only $lxcpath. If we can't -create the pin file, then we're not worried about marking the fs -readonly on exit. - -Signed-off-by: Serge Hallyn ---- - src/lxc/conf.c | 17 ++++------------- - src/lxc/start.c | 6 ++---- - 2 files changed, 6 insertions(+), 17 deletions(-) - -Index: saucy-lxc/src/lxc/conf.c -=================================================================== ---- saucy-lxc.orig/src/lxc/conf.c 2013-09-11 23:13:23.251925309 -0400 -+++ saucy-lxc/src/lxc/conf.c 2013-09-11 23:13:23.243925310 -0400 -@@ -687,32 +687,23 @@ - if (rootfs == NULL || strlen(rootfs) == 0) - return -2; - -- if (!realpath(rootfs, absrootfs)) { -- INFO("failed to get real path for '%s', not pinning", rootfs); -+ if (!realpath(rootfs, absrootfs)) - return -2; -- } - -- if (access(absrootfs, F_OK)) { -- SYSERROR("'%s' is not accessible", absrootfs); -+ if (access(absrootfs, F_OK)) - return -1; -- } - -- if (stat(absrootfs, &s)) { -- SYSERROR("failed to stat '%s'", absrootfs); -+ if (stat(absrootfs, &s)) - return -1; -- } - - if (!S_ISDIR(s.st_mode)) - return -2; - - ret = snprintf(absrootfspin, MAXPATHLEN, "%s%s", absrootfs, ".hold"); -- if (ret >= MAXPATHLEN) { -- SYSERROR("pathname too long for rootfs hold file"); -+ if (ret >= MAXPATHLEN) - return -1; -- } - - fd = open(absrootfspin, O_CREAT | O_RDWR, S_IWUSR|S_IRUSR); -- INFO("opened %s as fd %d\n", absrootfspin, fd); - return fd; - } - -Index: saucy-lxc/src/lxc/start.c -=================================================================== ---- saucy-lxc.orig/src/lxc/start.c 2013-09-11 23:13:23.251925309 -0400 -+++ saucy-lxc/src/lxc/start.c 2013-09-11 23:13:23.243925310 -0400 -@@ -652,10 +652,8 @@ - */ - - handler->pinfd = pin_rootfs(handler->conf->rootfs.path); -- if (handler->pinfd == -1) { -- ERROR("failed to pin the container's rootfs"); -- goto out_delete_net; -- } -+ if (handler->pinfd == -1) -+ INFO("failed to pin the container's rootfs"); - - /* Create a process in a new set of namespaces */ - handler->pid = lxc_clone(do_start, handler, handler->clone_flags); diff -Nru lxc-1.0.0~alpha1/debian/patches/0002-ubuntu-cloud-Various-fixes.patch lxc-1.0.8/debian/patches/0002-ubuntu-cloud-Various-fixes.patch --- lxc-1.0.0~alpha1/debian/patches/0002-ubuntu-cloud-Various-fixes.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/patches/0002-ubuntu-cloud-Various-fixes.patch 2015-11-18 18:41:56.000000000 +0000 @@ -0,0 +1,65 @@ +From 2452a0458c96ebbf0b14b8f9b71c581036e8fad9 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?St=C3=A9phane=20Graber?= +Date: Thu, 12 Nov 2015 12:44:38 -0500 +Subject: ubuntu-cloud: Various fixes +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + + - Update list of supported releases + - Make the fallback release trusty + - Don't specify the compression algorithm (use auto-detection) so that + people passing tarballs to the template don't see regressions. + +Signed-off-by: Stéphane Graber +Acked-by: Serge E. Hallyn +--- + templates/lxc-ubuntu-cloud.in | 12 ++++++------ + 1 file changed, 6 insertions(+), 6 deletions(-) + +diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in +index 3f30a61..d277fec 100644 +--- a/templates/lxc-ubuntu-cloud.in ++++ b/templates/lxc-ubuntu-cloud.in +@@ -25,7 +25,7 @@ STATE_DIR="@LOCALSTATEDIR@" + HOOK_DIR="@LXCHOOKDIR@" + CLONE_HOOK_FN="$HOOK_DIR/ubuntu-cloud-prep" + LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" +-KNOWN_RELEASES="precise trusty utopic vivid" ++KNOWN_RELEASES="precise trusty vivid wily xenial" + skip_arch_check=${UCTEMPLATE_SKIP_ARCH_CHECK:-0} + + # Make sure the usual locations are in PATH +@@ -159,8 +159,8 @@ eval set -- "$options" + + mapped_uid=-1 + mapped_gid=-1 +-# default release is precise, or the systems release if recognized +-release=precise ++# default release is trusty, or the systems release if recognized ++release=trusty + if [ -f /etc/lsb-release ]; then + . /etc/lsb-release + rels=$(ubuntu-distro-info --supported 2>/dev/null) || +@@ -183,7 +183,7 @@ else + arch="amd64" + elif [ "$arch" = "armv7l" ]; then + # note: arm images don't exist before oneiric; are called armhf in +- # precise and later; and are not supported by the query, so we don't actually ++ # trusty and later; and are not supported by the query, so we don't actually + # support them yet (see check later on). When Query2 is available, + # we'll use that to enable arm images. + arch="armhf" +@@ -330,10 +330,10 @@ do_extract_rootfs() { + mkdir -p $rootfs + cd $rootfs + if [ $in_userns -eq 1 ]; then +- tar --anchored --exclude="dev/*" --numeric-owner -xpJf "$cache/$filename" ++ tar --anchored --exclude="dev/*" --numeric-owner -xpf "$cache/$filename" + mkdir -p $rootfs/dev/pts/ + else +- tar --numeric-owner -xpJf "$cache/$filename" ++ tar --numeric-owner -xpf "$cache/$filename" + fi + } + diff -Nru lxc-1.0.0~alpha1/debian/patches/0003-Better-handle-preserve_ns-behavior.patch lxc-1.0.8/debian/patches/0003-Better-handle-preserve_ns-behavior.patch --- lxc-1.0.0~alpha1/debian/patches/0003-Better-handle-preserve_ns-behavior.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/patches/0003-Better-handle-preserve_ns-behavior.patch 2015-11-18 18:41:56.000000000 +0000 @@ -0,0 +1,121 @@ +From 3d3ff990d7ed8f30ac1fc5508cb7c81b14d5c235 Mon Sep 17 00:00:00 2001 +From: Serge Hallyn +Date: Tue, 17 Nov 2015 12:59:05 -0600 +Subject: Better handle preserve_ns behavior + +Commit b6b2b194a8 preserves the container's namespaces for +possible later use in stop hook. But some kernels don't have +/proc/pid/ns/ns for all the namespaces we may be interested in. +So warn but continue if this is the case. + +Implement stgraber's suggested semantics. + + - User requests some namespaces be preserved: + - If /proc/self/ns is missing => fail (saying kernel misses setns) + - If /proc/self/ns/ entry is missing => fail (saying kernel misses setns for ) + - User doesn't request some namespaces be preserved: + - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue + - If /proc/self/ns/ entry is missing => log an INFO message (kernel misses setns for ) and continue + +Signed-off-by: Serge Hallyn +--- + src/lxc/start.c | 47 ++++++++++++++++++++++++++++++++++------------- + 1 file changed, 34 insertions(+), 13 deletions(-) + +diff --git a/src/lxc/start.c b/src/lxc/start.c +index 3cbb049..c481630 100644 +--- a/src/lxc/start.c ++++ b/src/lxc/start.c +@@ -117,8 +117,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) { + } + } + +-static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { +- int i, saved_errno; ++/* ++ * preserve_ns: open /proc/@pid/ns/@ns for each namespace specified ++ * in clone_flags. ++ * Return true on success, false on failure. On failure, leave an error ++ * message in *errmsg, which caller must free. ++ */ ++static ++bool preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid, char **errmsg) { ++ int i, ret; + char path[MAXPATHLEN]; + + for (i = 0; i < LXC_NS_MAX; i++) +@@ -126,8 +133,9 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { + + snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid); + if (access(path, X_OK)) { +- WARN("Kernel does not support attach; preserve_ns ignored"); +- return 0; ++ if (asprintf(errmsg, "Kernel does not support setns.") == -1) ++ *errmsg = NULL; ++ return false; + } + + for (i = 0; i < LXC_NS_MAX; i++) { +@@ -140,14 +148,20 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { + goto error; + } + +- return 0; ++ return true; + + error: +- saved_errno = errno; ++ if (errno == ENOENT) { ++ ret = asprintf(errmsg, "Kernel does not support setns for %s", ++ ns_info[i].proc_name); ++ } else { ++ ret = asprintf(errmsg, "Failed to open %s: %s", ++ path, strerror(errno)); ++ } ++ if (ret == -1) ++ *errmsg = NULL; + close_ns(ns_fd); +- errno = saved_errno; +- SYSERROR("failed to open '%s'", path); +- return -1; ++ return false; + } + + static int attach_ns(const int ns_fd[LXC_NS_MAX]) { +@@ -798,6 +812,7 @@ static int lxc_spawn(struct lxc_handler *handler) + { + int failed_before_rename = 0; + const char *name = handler->name; ++ char *errmsg = NULL; + bool cgroups_connected = false; + int saved_ns_fd[LXC_NS_MAX]; + int preserve_mask = 0, i; +@@ -889,8 +904,12 @@ static int lxc_spawn(struct lxc_handler *handler) + INFO("failed to pin the container's rootfs"); + } + +- if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0) ++ if (!preserve_ns(saved_ns_fd, preserve_mask, getpid(), &errmsg)) { ++ SYSERROR("Failed to preserve requested namespaces: %s", ++ errmsg ? errmsg : "(Out of memory)"); ++ free(errmsg); + goto out_delete_net; ++ } + if (attach_ns(handler->conf->inherit_ns_fd) < 0) + goto out_delete_net; + +@@ -910,9 +929,11 @@ static int lxc_spawn(struct lxc_handler *handler) + goto out_delete_net; + } + +- if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) { +- ERROR("failed to store namespace references"); +- goto out_delete_net; ++ if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid, ++ &errmsg) < 0) { ++ INFO("Failed to store namespace references for stop hook: %s", ++ errmsg ? errmsg : "(Out of memory)"); ++ free(errmsg); + } + + if (attach_ns(saved_ns_fd)) diff -Nru lxc-1.0.0~alpha1/debian/patches/0003-move-monitor-fifo-and-monitor-sock-to-run.patch lxc-1.0.8/debian/patches/0003-move-monitor-fifo-and-monitor-sock-to-run.patch --- lxc-1.0.0~alpha1/debian/patches/0003-move-monitor-fifo-and-monitor-sock-to-run.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0003-move-monitor-fifo-and-monitor-sock-to-run.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,212 +0,0 @@ -From 9e60f51d0d1d295bdd77f2fa848f3046e04e6804 Mon Sep 17 00:00:00 2001 -From: Dwight Engen -Date: Wed, 11 Sep 2013 11:44:19 -0400 -Subject: [PATCH 5/6] move monitor-fifo and monitor-sock to /run - -Moving these files should allow $lxcpath to be a read-only fs. - -Signed-off-by: Dwight Engen -Signed-off-by: Serge Hallyn ---- - src/lxc/lxc_monitord.c | 17 +++++++-------- - src/lxc/lxclock.c | 5 +---- - src/lxc/monitor.c | 56 ++++++++++++++++++++++++++++++++++++++++++++------ - src/lxc/monitor.h | 2 ++ - src/lxc/utils.c | 10 +++++++++ - src/lxc/utils.h | 2 ++ - 6 files changed, 72 insertions(+), 20 deletions(-) - -Index: saucy-lxc/src/lxc/lxc_monitord.c -=================================================================== ---- saucy-lxc.orig/src/lxc/lxc_monitord.c 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/lxc_monitord.c 2013-09-11 23:13:23.275925308 -0400 -@@ -76,11 +76,9 @@ - char fifo_path[PATH_MAX]; - int ret; - -- ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", mon->lxcpath); -- if (ret < 0 || ret >= sizeof(fifo_path)) { -- ERROR("lxcpath too long to monitor fifo"); -- return -1; -- } -+ ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path), 1); -+ if (ret < 0) -+ return ret; - - ret = mknod(fifo_path, S_IFIFO|S_IRUSR|S_IWUSR, 0); - if (ret < 0) { -@@ -102,11 +100,10 @@ - char fifo_path[PATH_MAX]; - int ret; - -- ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", mon->lxcpath); -- if (ret < 0 || ret >= sizeof(fifo_path)) { -- ERROR("lxcpath too long to monitor fifo"); -- return -1; -- } -+ ret = lxc_monitor_fifo_name(mon->lxcpath, fifo_path, sizeof(fifo_path), 0); -+ if (ret < 0) -+ return ret; -+ - unlink(fifo_path); - return 0; - } -Index: saucy-lxc/src/lxc/lxclock.c -=================================================================== ---- saucy-lxc.orig/src/lxc/lxclock.c 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/lxclock.c 2013-09-11 23:13:23.275925308 -0400 -@@ -56,10 +56,7 @@ - - /* length of "/lock/lxc/" + $lxcpath + "/" + $lxcname + '\0' */ - len = strlen("/lock/lxc/") + strlen(n) + strlen(p) + 2; -- rundir = getenv("XDG_RUNTIME_DIR"); -- if (geteuid() == 0 || rundir == NULL) -- rundir = "/run"; -- -+ rundir = get_rundir(); - len += strlen(rundir); - - if ((dest = malloc(len)) == NULL) -Index: saucy-lxc/src/lxc/monitor.c -=================================================================== ---- saucy-lxc.orig/src/lxc/monitor.c 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/monitor.c 2013-09-11 23:13:23.275925308 -0400 -@@ -40,6 +40,7 @@ - #include "af_unix.h" - - #include -+#include - #include - #include - #include -@@ -47,17 +48,45 @@ - lxc_log_define(lxc_monitor, lxc); - - /* routines used by monitor publishers (containers) */ -+int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, size_t fifo_path_sz, -+ int do_mkdirp) -+{ -+ int ret; -+ const char *rundir; -+ -+ rundir = get_rundir(); -+ if (do_mkdirp) { -+ ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s", rundir, lxcpath); -+ if (ret < 0 || ret >= fifo_path_sz) { -+ ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath); -+ return -1; -+ } -+ process_lock(); -+ ret = mkdir_p(fifo_path, 0755); -+ process_unlock(); -+ if (ret < 0) { -+ ERROR("unable to create monitor fifo dir %s", fifo_path); -+ return ret; -+ } -+ } -+ ret = snprintf(fifo_path, fifo_path_sz, "%s/lxc/%s/monitor-fifo", rundir, lxcpath); -+ if (ret < 0 || ret >= fifo_path_sz) { -+ ERROR("rundir/lxcpath (%s/%s) too long for monitor fifo", rundir, lxcpath); -+ return -1; -+ } -+ return 0; -+} -+ - static void lxc_monitor_fifo_send(struct lxc_msg *msg, const char *lxcpath) - { - int fd,ret; - char fifo_path[PATH_MAX]; - - BUILD_BUG_ON(sizeof(*msg) > PIPE_BUF); /* write not guaranteed atomic */ -- ret = snprintf(fifo_path, sizeof(fifo_path), "%s/monitor-fifo", lxcpath); -- if (ret < 0 || ret >= sizeof(fifo_path)) { -- ERROR("lxcpath too long to open monitor fifo"); -+ -+ ret = lxc_monitor_fifo_name(lxcpath, fifo_path, sizeof(fifo_path), 0); -+ if (ret < 0) - return; -- } - - fd = open(fifo_path, O_WRONLY); - if (fd < 0) { -@@ -98,6 +127,7 @@ - size_t len; - int ret; - char *sockname = &addr->sun_path[0]; // 1 for abstract -+ const char *rundir; - - /* addr.sun_path is only 108 bytes. - * should we take a hash of lxcpath? a subset of it? ftok()? we need -@@ -106,9 +136,23 @@ - memset(addr, 0, sizeof(*addr)); - addr->sun_family = AF_UNIX; - len = sizeof(addr->sun_path) - 1; -- ret = snprintf(sockname, len, "%s/monitor-sock", lxcpath); -+ rundir = get_rundir(); -+ ret = snprintf(sockname, len, "%s/lxc/%s", rundir, lxcpath); -+ if (ret < 0 || ret >= len) { -+ ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath); -+ return -1; -+ } -+ process_lock(); -+ ret = mkdir_p(sockname, 0755); -+ process_unlock(); -+ if (ret < 0) { -+ ERROR("unable to create monitor sock %s", sockname); -+ return ret; -+ } -+ -+ ret = snprintf(sockname, len, "%s/lxc/%s/monitor-sock", rundir, lxcpath); - if (ret < 0 || ret >= len) { -- ERROR("lxcpath too long for unix socket"); -+ ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath); - return -1; - } - return 0; -Index: saucy-lxc/src/lxc/monitor.h -=================================================================== ---- saucy-lxc.orig/src/lxc/monitor.h 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/monitor.h 2013-09-11 23:13:23.275925308 -0400 -@@ -41,6 +41,8 @@ - - extern int lxc_monitor_open(const char *lxcpath); - extern int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr); -+extern int lxc_monitor_fifo_name(const char *lxcpath, char *fifo_path, -+ size_t fifo_path_sz, int do_mkdirp); - extern void lxc_monitor_send_state(const char *name, lxc_state_t state, - const char *lxcpath); - extern int lxc_monitord_spawn(const char *lxcpath); -Index: saucy-lxc/src/lxc/utils.c -=================================================================== ---- saucy-lxc.orig/src/lxc/utils.c 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/utils.c 2013-09-11 23:13:23.275925308 -0400 -@@ -328,6 +328,16 @@ - return default_lxcpath; - } - -+const char *get_rundir() -+{ -+ const char *rundir; -+ -+ rundir = getenv("XDG_RUNTIME_DIR"); -+ if (geteuid() == 0 || rundir == NULL) -+ rundir = "/run"; -+ return rundir; -+} -+ - int wait_for_pid(pid_t pid) - { - int status, ret; -Index: saucy-lxc/src/lxc/utils.h -=================================================================== ---- saucy-lxc.orig/src/lxc/utils.h 2013-09-11 23:13:23.283925308 -0400 -+++ saucy-lxc/src/lxc/utils.h 2013-09-11 23:13:23.279925308 -0400 -@@ -35,6 +35,8 @@ - extern int lxc_setup_fs(void); - extern int get_u16(unsigned short *val, const char *arg, int base); - extern int mkdir_p(const char *dir, mode_t mode); -+extern const char *get_rundir(void); -+ - /* - * Return a newly allocated buffer containing the default container - * path. Caller must free this buffer. diff -Nru lxc-1.0.0~alpha1/debian/patches/0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch lxc-1.0.8/debian/patches/0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch --- lxc-1.0.0~alpha1/debian/patches/0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,107 +0,0 @@ -From b45c701178cdc705d26c95f31035c39bab9edf20 Mon Sep 17 00:00:00 2001 -From: Dwight Engen -Date: Wed, 11 Sep 2013 18:16:15 -0400 -Subject: [PATCH] hash lxcname for use in monitor unix socket sun_path[108] - -- Also convert to unix abstract socket -- A simple FNV hash is used instead of SHA-1 since we may not HAVE_GNUTLS - -Signed-off-by: Dwight Engen -Signed-off-by: Serge Hallyn ---- - src/lxc/monitor.c | 60 ++++++++++++++++++++++++++++++++++++------------------- - 1 file changed, 40 insertions(+), 20 deletions(-) - -diff --git a/src/lxc/monitor.c b/src/lxc/monitor.c -index bdcc581..64e9987 100644 ---- a/src/lxc/monitor.c -+++ b/src/lxc/monitor.c -@@ -28,6 +28,8 @@ - #include - #include - #include -+#include -+#include - #include - #include - #include -@@ -123,38 +125,56 @@ int lxc_monitor_close(int fd) - return close(fd); - } - -+/* Note we don't use SHA-1 here as we don't want to depend on HAVE_GNUTLS. -+ * FNV has good anti collision properties and we're not worried -+ * about pre-image resistance or one-way-ness, we're just trying to make -+ * the name unique in the 108 bytes of space we have. -+ */ -+#define FNV1A_64_INIT ((uint64_t)0xcbf29ce484222325ULL) -+static uint64_t fnv_64a_buf(void *buf, size_t len, uint64_t hval) -+{ -+ unsigned char *bp; -+ -+ for(bp = buf; bp < (unsigned char *)buf + len; bp++) -+ { -+ /* xor the bottom with the current octet */ -+ hval ^= (uint64_t)*bp; -+ -+ /* gcc optimised: -+ * multiply by the 64 bit FNV magic prime mod 2^64 -+ */ -+ hval += (hval << 1) + (hval << 4) + (hval << 5) + -+ (hval << 7) + (hval << 8) + (hval << 40); -+ } -+ -+ return hval; -+} -+ - int lxc_monitor_sock_name(const char *lxcpath, struct sockaddr_un *addr) { - size_t len; - int ret; -- char *sockname = &addr->sun_path[0]; // 1 for abstract -- const char *rundir; -+ char *sockname = &addr->sun_path[1]; -+ char path[PATH_MAX+18]; -+ uint64_t hash; - -- /* addr.sun_path is only 108 bytes. -- * should we take a hash of lxcpath? a subset of it? ftok()? we need -- * to make sure it is unique. -+ /* addr.sun_path is only 108 bytes, so we hash the full name and -+ * then append as much of the name as we can fit. - */ - memset(addr, 0, sizeof(*addr)); - addr->sun_family = AF_UNIX; - len = sizeof(addr->sun_path) - 1; -- rundir = get_rundir(); -- ret = snprintf(sockname, len, "%s/lxc/%s", rundir, lxcpath); -- if (ret < 0 || ret >= len) { -- ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath); -+ ret = snprintf(path, sizeof(path), "lxc/%s/monitor-sock", lxcpath); -+ if (ret < 0 || ret >= sizeof(path)) { -+ ERROR("lxcpath %s too long for monitor unix socket", lxcpath); - return -1; - } -- process_lock(); -- ret = mkdir_p(sockname, 0755); -- process_unlock(); -- if (ret < 0) { -- ERROR("unable to create monitor sock %s", sockname); -- return ret; -- } - -- ret = snprintf(sockname, len, "%s/lxc/%s/monitor-sock", rundir, lxcpath); -- if (ret < 0 || ret >= len) { -- ERROR("rundir/lxcpath (%s/%s) too long for monitor unix socket", rundir, lxcpath); -+ hash = fnv_64a_buf(path, ret, FNV1A_64_INIT); -+ ret = snprintf(sockname, len, "lxc/%016" PRIx64 "/%s", hash, lxcpath); -+ if (ret < 0) - return -1; -- } -+ sockname[sizeof(addr->sun_path)-2] = '\0'; -+ INFO("using monitor sock name %s", sockname); - return 0; - } - --- -1.8.3.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0005-ignore-ability-to-init-lxc-monitord.log.patch lxc-1.0.8/debian/patches/0005-ignore-ability-to-init-lxc-monitord.log.patch --- lxc-1.0.0~alpha1/debian/patches/0005-ignore-ability-to-init-lxc-monitord.log.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0005-ignore-ability-to-init-lxc-monitord.log.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -From b336d7246a324e8973bc449cb35db40b1627be47 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Thu, 12 Sep 2013 11:17:11 -0500 -Subject: [PATCH] ignore ability to init /lxc-monitord.log - -We may long-term want to instead decide on a convention under -/var/log, but for now just ignore it. This will only happen -if lxcpath is read-only. - -Signed-off-by: Serge Hallyn ---- - src/lxc/lxc_monitord.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/lxc/lxc_monitord.c b/src/lxc/lxc_monitord.c -index fda6cf4..4049345 100644 ---- a/src/lxc/lxc_monitord.c -+++ b/src/lxc/lxc_monitord.c -@@ -342,7 +342,7 @@ int main(int argc, char *argv[]) - - ret = lxc_log_init(NULL, logpath, "NOTICE", "lxc-monitord", 0, lxcpath); - if (ret) -- return ret; -+ INFO("Failed to open log file %s, log will be lost", lxcpath); - - pipefd = atoi(argv[2]); - --- -1.8.3.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0006-add-pstore-to-container-fstab.patch lxc-1.0.8/debian/patches/0006-add-pstore-to-container-fstab.patch --- lxc-1.0.0~alpha1/debian/patches/0006-add-pstore-to-container-fstab.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0006-add-pstore-to-container-fstab.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,41 +0,0 @@ -From 84bce17b8bc5c69e8dce03457a5f7859e0b46940 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Fri, 13 Sep 2013 15:43:56 -0500 -Subject: [PATCH] add pstore to container fstab -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Otherwise user-namespace containers will hang on mountall. - -Signed-off-by: Serge Hallyn -Acked-by: Stéphane Graber ---- - templates/lxc-ubuntu-cloud.in | 1 + - templates/lxc-ubuntu.in | 1 + - 2 files changed, 2 insertions(+) - -Index: lxc-1.0.0~alpha1/templates/lxc-ubuntu-cloud.in -=================================================================== ---- lxc-1.0.0~alpha1.orig/templates/lxc-ubuntu-cloud.in 2013-09-10 17:22:00.000000000 -0500 -+++ lxc-1.0.0~alpha1/templates/lxc-ubuntu-cloud.in 2013-09-16 11:49:57.373028184 -0500 -@@ -116,6 +116,7 @@ sysfs sys sysfs defau - /sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0 - /sys/kernel/debug sys/kernel/debug none bind 0 0 - /sys/kernel/security sys/kernel/security none bind 0 0 -+/sys/fs/pstore sys/fs/pstore none bind,optional 0 0 - EOF - - # unprivileged user can't mknod these. One day we may allow -Index: lxc-1.0.0~alpha1/templates/lxc-ubuntu.in -=================================================================== ---- lxc-1.0.0~alpha1.orig/templates/lxc-ubuntu.in 2013-09-10 17:22:00.000000000 -0500 -+++ lxc-1.0.0~alpha1/templates/lxc-ubuntu.in 2013-09-16 11:50:02.525028383 -0500 -@@ -430,6 +430,7 @@ sysfs sys sysfs defau - /sys/fs/fuse/connections sys/fs/fuse/connections none bind 0 0 - /sys/kernel/debug sys/kernel/debug none bind 0 0 - /sys/kernel/security sys/kernel/security none bind 0 0 -+/sys/fs/pstore sys/fs/pstore none bind,optional 0 0 - EOF - - if [ $? -ne 0 ]; then diff -Nru lxc-1.0.0~alpha1/debian/patches/0007-apparmor.c-drop-newline-when-reading-current-profile.patch lxc-1.0.8/debian/patches/0007-apparmor.c-drop-newline-when-reading-current-profile.patch --- lxc-1.0.0~alpha1/debian/patches/0007-apparmor.c-drop-newline-when-reading-current-profile.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0007-apparmor.c-drop-newline-when-reading-current-profile.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,34 +0,0 @@ -From c3cb8580407b6f6b49949e6c58e175eec81db692 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Tue, 10 Sep 2013 17:23:22 -0500 -Subject: [PATCH 1/1] apparmor.c: drop newline when reading current profile - -Otherwise we fail to recognize if we are already unconfined. Then, -if we want to *start* unconfined, and /proc is readonly, start fails -even though it should be able to proceed. - -With this patch, that situation works. - -Signed-off-by: Serge Hallyn -Reported-by: Andre nathan ---- - src/lxc/apparmor.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/lxc/apparmor.c b/src/lxc/apparmor.c -index 3941d3f..4dad801 100644 ---- a/src/lxc/apparmor.c -+++ b/src/lxc/apparmor.c -@@ -77,6 +77,9 @@ again: - free(buf); - return NULL; - } -+ space = index(buf, '\n'); -+ if (space) -+ *space = '\0'; - space = index(buf, ' '); - if (space) - *space = '\0'; --- -1.8.1.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0008-Fix-crasher-in-get_ips.patch lxc-1.0.8/debian/patches/0008-Fix-crasher-in-get_ips.patch --- lxc-1.0.0~alpha1/debian/patches/0008-Fix-crasher-in-get_ips.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/0008-Fix-crasher-in-get_ips.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,33 +0,0 @@ -From fe218ca38358dd69dd51fca6433088ac631d6240 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?St=C3=A9phane=20Graber?= -Date: Sun, 29 Sep 2013 19:41:52 -0400 -Subject: [PATCH] Fix crasher in get_ips -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Check that the interface structure is not NULL before trying to access -its members. - -Signed-off-by: Stéphane Graber ---- - src/lxc/lxccontainer.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c -index 1b3f2f5..3a2ae92 100644 ---- a/src/lxc/lxccontainer.c -+++ b/src/lxc/lxccontainer.c -@@ -1305,6 +1305,9 @@ static char** lxcapi_get_ips(struct lxc_container *c, char* interface, char* fam - - /* Iterate through the interfaces */ - for (tempIfAddr = interfaceArray; tempIfAddr != NULL; tempIfAddr = tempIfAddr->ifa_next) { -+ if (tempIfAddr->ifa_addr == NULL) -+ continue; -+ - if(tempIfAddr->ifa_addr->sa_family == AF_INET) { - if (family && strcmp(family, "inet")) - continue; --- -1.8.3.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch lxc-1.0.8/debian/patches/0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch --- lxc-1.0.0~alpha1/debian/patches/0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch 2013-10-08 14:30:38.000000000 +0000 +++ lxc-1.0.8/debian/patches/0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,50 +0,0 @@ -From 494fd6b390ecae077375e171230ce78d6784dd43 Mon Sep 17 00:00:00 2001 -From: Scott Moser -Date: Mon, 7 Oct 2013 20:41:23 -0400 -Subject: [PATCH] lxc-ubuntu-cloud: pass --numeric-owner and -p to untar -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Just following up here, Serge raised the question of whether or not the -other two invocations of 'tar' in this script need '--numeric-owner'. -They probably should have it, although its of little concern because the -'build_root_tgz' path is only taken if there is no '-root.tar.gz' file for -download, and the only supported ubuntu release without the -root.tar.gz -download is 10.04 at this point. - -Anyway, below is a more complete diff, also including a fix as -'--numeric-uid' is not a valid option to tar. The name is -'--numeric-owner'. - -Signed-off-by: Scott Moser -Acked-by: Stéphane Graber ---- - templates/lxc-ubuntu-cloud.in | 4 ++-- - 1 file changed, 2 insertions(+), 2 deletions(-) - -diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in -index 47a5fca..a2af003 100644 ---- a/templates/lxc-ubuntu-cloud.in -+++ b/templates/lxc-ubuntu-cloud.in -@@ -340,7 +340,7 @@ build_root_tgz() - echo "Creating new cached cloud image rootfs" - tar --wildcards -zxf $tarname $imgname - mount -o loop $imgname $xdir -- (cd $xdir; tar zcf ../$filename .) -+ (cd $xdir; tar --numeric-owner -cpzf ../$filename .) - umount $xdir - rm -f $tarname $imgname - rmdir $xdir -@@ -371,7 +371,7 @@ do_extract_rootfs() { - echo "Extracting container rootfs" - mkdir -p $rootfs - cd $rootfs -- tar -zxf $cache/$filename -+ tar --numeric-owner -xpzf $cache/$filename - } - - if [ -n "$tarball" ]; then --- -1.8.3.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch lxc-1.0.8/debian/patches/0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch --- lxc-1.0.0~alpha1/debian/patches/0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch 2013-10-08 14:52:29.000000000 +0000 +++ lxc-1.0.8/debian/patches/0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,42 +0,0 @@ -From 9c3bc32c5789b76b8c42b75d7625377d61e052c1 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?St=C3=A9phane=20Graber?= -Date: Tue, 8 Oct 2013 10:51:53 -0400 -Subject: [PATCH] lxc-ubuntu-cloud: Cope with spaces in paths -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Reported-by: Scott Moser -Signed-off-by: Stéphane Graber ---- - templates/lxc-ubuntu-cloud.in | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in -index a2af003..82a7f74 100644 ---- a/templates/lxc-ubuntu-cloud.in -+++ b/templates/lxc-ubuntu-cloud.in -@@ -338,9 +338,9 @@ build_root_tgz() - wget $url || { echo "Couldn't find cloud image $url."; exit 1; } - fi - echo "Creating new cached cloud image rootfs" -- tar --wildcards -zxf $tarname $imgname -+ tar --wildcards -zxf "$tarname" "$imgname" - mount -o loop $imgname $xdir -- (cd $xdir; tar --numeric-owner -cpzf ../$filename .) -+ (cd $xdir; tar --numeric-owner -cpzf "../$filename" .) - umount $xdir - rm -f $tarname $imgname - rmdir $xdir -@@ -371,7 +371,7 @@ do_extract_rootfs() { - echo "Extracting container rootfs" - mkdir -p $rootfs - cd $rootfs -- tar --numeric-owner -xpzf $cache/$filename -+ tar --numeric-owner -xpzf "$cache/$filename" - } - - if [ -n "$tarball" ]; then --- -1.8.3.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch lxc-1.0.8/debian/patches/0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch --- lxc-1.0.0~alpha1/debian/patches/0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch 2013-10-09 18:03:11.000000000 +0000 +++ lxc-1.0.8/debian/patches/0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,30 +0,0 @@ -From 1e0f62acaacb4e7639d6203a9f008c66be712026 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Wed, 9 Oct 2013 13:01:18 -0500 -Subject: [PATCH 1/1] ubuntu-cloud-prep hook: fix debug helper to not - inappropriately fail - -Bug found by Vincent Ladeuil -Fix suggested by Scott Moser - -Signed-off-by: Serge Hallyn ---- - hooks/ubuntu-cloud-prep | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/hooks/ubuntu-cloud-prep b/hooks/ubuntu-cloud-prep -index f0b30ea..b3cf232 100755 ---- a/hooks/ubuntu-cloud-prep -+++ b/hooks/ubuntu-cloud-prep -@@ -16,7 +16,7 @@ set -f - VERBOSITY="0" - - error() { echo "$@" 1>&2; } --debug() { [ "$VERBOSITY" -ge "$1" ] || return; shift; error "$@"; } -+debug() { [ "$VERBOSITY" -ge "$1" ] || return 0; shift; error "$@"; } - fail() { [ $# -eq 0 ] || error "$@"; exit 1; } - - prep_usage() { --- -1.8.1.2 - diff -Nru lxc-1.0.0~alpha1/debian/patches/0012-ubuntu-Improper-pty-permissions.patch lxc-1.0.8/debian/patches/0012-ubuntu-Improper-pty-permissions.patch --- lxc-1.0.0~alpha1/debian/patches/0012-ubuntu-Improper-pty-permissions.patch 2013-10-25 20:42:22.000000000 +0000 +++ lxc-1.0.8/debian/patches/0012-ubuntu-Improper-pty-permissions.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,35 +0,0 @@ -commit 67e5a20ad1b5579a571f43f7dd8a1556a8bea7a1 -Author: Stéphane Graber -Date: Tue Oct 15 14:54:41 2013 -0400 - - Improper pty permissions - missing mode=0620, gid=5 - - This fix is coming from Debian bug: - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=720122 - - The reason for the hardcoded gid= and mode= is because of the fix for - CVE-2013-2207 which removes pt_chown from glibc and so requires proper - write access to devpts. - - It looks like the "tty" group is guaranteed to be gid=5 on at least all - RedHat based and Debian based systems. So this hardcode gid shouldn't be - a big problem. If we however support any distro where that's not the - case, we'll need to implement an extra lxc.conf option and matching - template changes. - - Signed-off-by: Stéphane Graber - Signed-off-by: Serge Hallyn - -Index: lxc-1.0.0~alpha1/src/lxc/conf.c -=================================================================== ---- lxc-1.0.0~alpha1.orig/src/lxc/conf.c 2013-10-25 15:42:19.682893000 -0500 -+++ lxc-1.0.0~alpha1/src/lxc/conf.c 2013-10-25 15:42:19.662893000 -0500 -@@ -1297,7 +1297,7 @@ - } - - if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL, -- "newinstance,ptmxmode=0666")) { -+ "newinstance,ptmxmode=0666,mode=0620,gid=5")) { - SYSERROR("failed to mount a new instance of '/dev/pts'"); - return -1; - } diff -Nru lxc-1.0.0~alpha1/debian/patches/0013-get-rid-of-lxcpath_anon-idea.patch lxc-1.0.8/debian/patches/0013-get-rid-of-lxcpath_anon-idea.patch --- lxc-1.0.0~alpha1/debian/patches/0013-get-rid-of-lxcpath_anon-idea.patch 2013-10-25 20:43:56.000000000 +0000 +++ lxc-1.0.8/debian/patches/0013-get-rid-of-lxcpath_anon-idea.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,62 +0,0 @@ -commit 69733b5dd27e6963267ff6473d9b41dfb59a3f0f -Author: Serge Hallyn -Date: Mon Oct 21 18:44:03 2013 -0500 - - get rid of '${lxcpath}_anon' idea - - The idea was simply misguided. - - If you provide a custom configuration file, you still should be - putting the command sock into the real lxcpath, not an 'anon' one. - - Signed-off-by: Serge Hallyn - Acked-by: Stéphane Graber - -diff --git a/src/lxc/lxc_start.c b/src/lxc/lxc_start.c -index a894513..2e3c3b3 100644 ---- a/src/lxc/lxc_start.c -+++ b/src/lxc/lxc_start.c -@@ -153,7 +153,6 @@ int main(int argc, char *argv[]) - }; - FILE *pid_fp = NULL; - struct lxc_container *c; -- char *anonpath; - - lxc_list_init(&defines); - -@@ -172,8 +171,8 @@ int main(int argc, char *argv[]) - my_args.progname, my_args.quiet, my_args.lxcpath[0])) - return err; - -- anonpath = alloca(strlen(LXCPATH) + 6); -- sprintf(anonpath, "%s_anon", LXCPATH); -+ const char *lxcpath = my_args.lxcpath[0]; -+ - /* - * rcfile possibilities: - * 1. rcfile from random path specified in cli option -@@ -183,7 +182,7 @@ int main(int argc, char *argv[]) - /* rcfile is specified in the cli option */ - if (my_args.rcfile) { - rcfile = (char *)my_args.rcfile; -- c = lxc_container_new(my_args.name, anonpath); -+ c = lxc_container_new(my_args.name, lxcpath); - if (!c) { - ERROR("Failed to create lxc_container"); - return err; -@@ -195,7 +194,6 @@ int main(int argc, char *argv[]) - } - } else { - int rc; -- const char *lxcpath = my_args.lxcpath[0]; - - rc = asprintf(&rcfile, "%s/%s/config", lxcpath, my_args.name); - if (rc == -1) { -@@ -208,7 +206,6 @@ int main(int argc, char *argv[]) - if (access(rcfile, F_OK)) { - free(rcfile); - rcfile = NULL; -- lxcpath = anonpath; - } - c = lxc_container_new(my_args.name, lxcpath); - if (!c) { diff -Nru lxc-1.0.0~alpha1/debian/patches/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch lxc-1.0.8/debian/patches/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch --- lxc-1.0.0~alpha1/debian/patches/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch 2013-11-18 16:08:49.000000000 +0000 +++ lxc-1.0.8/debian/patches/0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,86 +0,0 @@ -commit 4df7f012b9994ea54b1ad68176d8d45a57fa02f3 -Author: Serge Hallyn -Date: Thu Nov 14 12:48:41 2013 -0600 - - lxc-start: if we pass in a config file, then don't use any loaded config - - To do this, add a c->clear_config() helper to the api. - - (this fixes the bug https://bugs.launchpad.net/bugs/1251352) - - Signed-off-by: Serge Hallyn - Acked-by: Stéphane Graber - -Index: lxc-1.0.0~alpha1/src/lxc/lxc_start.c -=================================================================== ---- lxc-1.0.0~alpha1.orig/src/lxc/lxc_start.c 2013-11-18 10:08:45.997286000 -0600 -+++ lxc-1.0.0~alpha1/src/lxc/lxc_start.c 2013-11-18 10:08:45.977286000 -0600 -@@ -187,6 +187,7 @@ - ERROR("Failed to create lxc_container"); - return err; - } -+ c->clear_config(c); - if (!c->load_config(c, rcfile)) { - ERROR("Failed to load rcfile"); - lxc_container_put(c); -Index: lxc-1.0.0~alpha1/src/lxc/lxccontainer.c -=================================================================== ---- lxc-1.0.0~alpha1.orig/src/lxc/lxccontainer.c 2013-11-18 10:08:45.997286000 -0600 -+++ lxc-1.0.0~alpha1/src/lxc/lxccontainer.c 2013-11-18 10:08:45.977286000 -0600 -@@ -972,6 +972,14 @@ - return true; - } - -+static void lxcapi_clear_config(struct lxc_container *c) -+{ -+ if (c && c->lxc_conf) { -+ lxc_conf_free(c->lxc_conf); -+ c->lxc_conf = NULL; -+ } -+} -+ - static bool lxcapi_destroy(struct lxc_container *c); - /* - * lxcapi_create: -@@ -1067,9 +1075,7 @@ - - // now clear out the lxc_conf we have, reload from the created - // container -- if (c->lxc_conf) -- lxc_conf_free(c->lxc_conf); -- c->lxc_conf = NULL; -+ lxcapi_clear_config(c); - - if (!prepend_lxc_header(c->configfile, tpath, argv)) { - ERROR("Error prepending header to configuration file"); -@@ -2269,8 +2275,7 @@ - if (ongoing_create(c) == 2) { - ERROR("Error: %s creation was not completed", c->name); - lxcapi_destroy(c); -- lxc_conf_free(c->lxc_conf); -- c->lxc_conf = NULL; -+ lxcapi_clear_config(c); - } - - // assign the member functions -@@ -2297,6 +2302,7 @@ - c->createl = lxcapi_createl; - c->shutdown = lxcapi_shutdown; - c->reboot = lxcapi_reboot; -+ c->clear_config = lxcapi_clear_config; - c->clear_config_item = lxcapi_clear_config_item; - c->get_config_item = lxcapi_get_config_item; - c->get_cgroup_item = lxcapi_get_cgroup_item; -Index: lxc-1.0.0~alpha1/src/lxc/lxccontainer.h -=================================================================== ---- lxc-1.0.0~alpha1.orig/src/lxc/lxccontainer.h 2013-11-18 10:08:45.997286000 -0600 -+++ lxc-1.0.0~alpha1/src/lxc/lxccontainer.h 2013-11-18 10:08:45.987286000 -0600 -@@ -82,6 +82,8 @@ - bool (*reboot)(struct lxc_container *c); - /* send SIGPWR. if timeout is not 0 or -1, do a hard stop after timeout seconds */ - bool (*shutdown)(struct lxc_container *c, int timeout); -+ /* completely clear a configuration */ -+ void (*clear_config)(struct lxc_container *c); - /* clear all network or capability items in the in-memory configuration */ - bool (*clear_config_item)(struct lxc_container *c, const char *key); - /* print a config item to a in-memory string allocated by the caller. Return diff -Nru lxc-1.0.0~alpha1/debian/patches/series lxc-1.0.8/debian/patches/series --- lxc-1.0.0~alpha1/debian/patches/series 2013-11-18 16:08:43.000000000 +0000 +++ lxc-1.0.8/debian/patches/series 2015-11-18 18:41:56.000000000 +0000 @@ -1,16 +1,3 @@ -transition/00-redirect-lxc-list.patch -0000-add-autostart.patch -0001-debian-template-set-hwaddr -0002-pin_rootfs-be-quiet-and-don-t-fail-container-start.patch -0003-move-monitor-fifo-and-monitor-sock-to-run.patch -0004-hash-lxcname-for-use-in-monitor-unix-socket-sun_path.patch -0005-ignore-ability-to-init-lxc-monitord.log.patch -0006-add-pstore-to-container-fstab.patch -0007-apparmor.c-drop-newline-when-reading-current-profile.patch -0008-Fix-crasher-in-get_ips.patch -0009-lxc-ubuntu-cloud-pass-numeric-owner-and-p-to-untar.patch -0010-lxc-ubuntu-cloud-Cope-with-spaces-in-paths.patch -0011-ubuntu-cloud-prep-hook-fix-debug-helper-to-not-inapp.patch -0012-ubuntu-Improper-pty-permissions.patch -0013-get-rid-of-lxcpath_anon-idea.patch -0014-lxc-start-if-we-pass-in-a-config-file-then-don-t-use.patch +0001-Trusty-Swap-out-the-CVE-2015-1335-fix-with-the-trust.patch +0002-ubuntu-cloud-Various-fixes.patch +0003-Better-handle-preserve_ns-behavior.patch diff -Nru lxc-1.0.0~alpha1/debian/patches/transition/00-redirect-lxc-list.patch lxc-1.0.8/debian/patches/transition/00-redirect-lxc-list.patch --- lxc-1.0.0~alpha1/debian/patches/transition/00-redirect-lxc-list.patch 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/patches/transition/00-redirect-lxc-list.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -Description: Redirection for lxc-list - lxc-list will be deprecated in 1.0, this patch adds a warning when - lxc-ls is called as lxc-list (through the temporary symlink) and changes - the default rendering to list similar options. -Author: Stéphane Graber -Origin: vendor -Forwarded: not-needed - -Index: stgraber-lxc-git/src/lxc/lxc-ls -=================================================================== ---- stgraber-lxc-git.orig/src/lxc/lxc-ls 2013-05-27 14:37:35.988415931 -0400 -+++ stgraber-lxc-git/src/lxc/lxc-ls 2013-05-27 14:37:35.984415931 -0400 -@@ -143,6 +143,13 @@ - - args = parser.parse_args() - -+# lxc-list is an alias for --fancy -+if sys.argv[0].endswith("lxc-list"): -+ args.fancy = True -+ print("WARNING: lxc-list is deprecated, please use lxc-ls --fancy.") -+ print(" This symlink will be dropped in LXC 1.0.") -+ print("") -+ - # --active is the same as --running --frozen - if args.active: - if not args.state: diff -Nru lxc-1.0.0~alpha1/debian/rules lxc-1.0.8/debian/rules --- lxc-1.0.0~alpha1/debian/rules 2013-11-04 14:11:04.000000000 +0000 +++ lxc-1.0.8/debian/rules 2015-11-18 18:41:56.000000000 +0000 @@ -7,28 +7,45 @@ DEB_HOST_MULTIARCH ?= $(shell dpkg-architecture -qDEB_HOST_MULTIARCH) +PY3V := $(filter-out $(shell py3versions -vd),$(shell py3versions -vr)) + %: - dh ${@} --with autotools_dev --with autoreconf + dh ${@} --with autotools_dev,autoreconf,python3 override_dh_auto_configure: dh_auto_configure -- --libdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ --libexecdir=\$${prefix}/lib/$(DEB_HOST_MULTIARCH) \ --with-rootfs-path=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)/lxc \ - --enable-python $(shell DEB_CFLAGS_MAINT_APPEND="$$(python3-config --includes)" dpkg-buildflags --export=configure) \ - --enable-doc --disable-rpath --enable-apparmor --with-distro=ubuntu + --enable-python $(shell dpkg-buildflags --export=configure) \ + --enable-doc --disable-rpath --enable-apparmor --enable-selinux \ + --disable-lua --enable-tests --enable-cgmanager --with-distro=ubuntu + +override_dh_auto_build: + dh_auto_build + set -e; cd src/python-lxc && for pv in $(PY3V); do \ + CFLAGS="$$(python$$pv-config --includes) -I ../../src -L../../src/lxc/" python$$pv setup.py build; \ + done + +override_dh_auto_install: + dh_auto_install + set -e; cd src/python-lxc && for pv in $(PY3V); do \ + CFLAGS="$$(python$$pv-config --includes) -I ../../src -L../../src/lxc/" python$$pv setup.py install --root=$(CURDIR)/debian/tmp --install-layout=deb; \ + done override_dh_install: - # copy apparmor profiles - mkdir -p debian/lxc/etc/apparmor.d/lxc - mkdir -p debian/lxc/etc/apparmor.d/abstractions/lxc - cp debian/apparmor/usr.bin.lxc-start debian/lxc/etc/apparmor.d/usr.bin.lxc-start - cp debian/apparmor/lxc-containers debian/lxc/etc/apparmor.d/lxc-containers - cp debian/apparmor/lxc-default debian/lxc/etc/apparmor.d/lxc/lxc-default - cp debian/apparmor/lxc-default-with-nesting debian/lxc/etc/apparmor.d/lxc/lxc-default-with-nesting - cp debian/apparmor/abstractions-lxc-container-base debian/lxc/etc/apparmor.d/abstractions/lxc/container-base - cp debian/apparmor/abstractions-lxc-start-container debian/lxc/etc/apparmor.d/abstractions/lxc/start-container - if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" ge "13.10"; then \ - sed -i "/umount,$$/a\ \ dbus," debian/lxc/etc/apparmor.d/abstractions/lxc/container-base; \ + if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" lt "13.10"; then \ + sed -i "s/^\( *\)\(dbus.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ + sed -i "s/^\( *\)\(dbus.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ + fi + if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" lt "14.04"; then \ + sed -i "s/^\( *\)\(signal.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ + sed -i "s/^\( *\)\(signal.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ + sed -i "s/^\( *\)\(ptrace.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ + sed -i "s/^\( *\)\(ptrace.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ + fi + if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" lt "14.10"; then \ + sed -i "s/^\( *\)\(unix.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ + sed -i "s/^\( *\)\(unix.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ fi if [ -x /usr/bin/dh_apparmor ]; then \ dh_apparmor -p lxc --profile-name=usr.bin.lxc-start; \ @@ -44,18 +61,38 @@ dh_install --fail-missing -override_dh_installinit: - dh_installinit --no-restart-on-upgrade --name=lxc - dh_installinit --no-restart-on-upgrade --name=lxc-net - dh_installinit --no-restart-on-upgrade --name=lxc-instance + # move the tests + mkdir -p debian/lxc-tests/usr/bin + mv debian/lxc/usr/bin/lxc-test-* debian/lxc-tests/usr/bin/ + +override_dh_fixperms: + dh_fixperms + chmod u+s debian/lxc/usr/lib/${DEB_HOST_MULTIARCH}/lxc/lxc-user-nic override_dh_builddeb: # prevent system users from using setuid-root binaries under /var/lib/lxc - mkdir -p debian/lxc/var/lib/lxc chmod 700 debian/lxc/var/lib/lxc - mkdir -p debian/lxc/var/cache/lxc chmod 700 debian/lxc/var/cache/lxc dh_builddeb +override_dh_installinit: + cp debian/lxc/etc/init/lxc.conf debian/lxc.upstart + cp debian/lxc/etc/init/lxc-instance.conf debian/lxc.lxc-instance.upstart + cp debian/lxc/etc/init/lxc-net.conf debian/lxc.lxc-net.upstart + dh_installinit --no-restart-on-upgrade --name=lxc + dh_installinit --no-restart-on-upgrade --name=lxc-net + dh_installinit --no-start --no-restart-on-upgrade --name=lxc-instance + override_dh_strip: dh_strip --dbg-package=lxc-dbg + +override_dh_gencontrol: + if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" ge "14.10"; then \ + dh_gencontrol -- -V'lxc:Depends=apparmor (>= 2.8.96~2652-0ubuntu1)'; \ + elif dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" ge "14.04"; then \ + dh_gencontrol -- -V'lxc:Depends=apparmor (>= 2.8.95~2430-0ubuntu4)'; \ + elif dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" ge "13.10"; then \ + dh_gencontrol -- -V'lxc:Depends=apparmor (>= 2.8.0-0ubuntu25)'; \ + else \ + dh_gencontrol -- -V'lxc:Depends=apparmor'; \ + fi diff -Nru lxc-1.0.0~alpha1/debian/tests/control lxc-1.0.8/debian/tests/control --- lxc-1.0.0~alpha1/debian/tests/control 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/tests/control 2015-11-18 18:41:56.000000000 +0000 @@ -1,3 +1,8 @@ Tests: exercise -Depends: @, cgroup-lite +Depends: busybox-static, + cloud-image-utils, + debootstrap, + uidmap, + xz-utils, + @ Restrictions: needs-root allow-stderr diff -Nru lxc-1.0.0~alpha1/debian/tests/exercise lxc-1.0.8/debian/tests/exercise --- lxc-1.0.0~alpha1/debian/tests/exercise 2013-10-07 21:32:53.000000000 +0000 +++ lxc-1.0.8/debian/tests/exercise 2015-11-18 18:41:56.000000000 +0000 @@ -1,83 +1,115 @@ #!/bin/sh -#--------------------------------------------------------------------- -# Some very basic tests to run in a DEP-8 environment. -#--------------------------------------------------------------------- - -template_dir=/usr/share/lxc/templates - -# Exit with error message. -# -# @msg: message to display. -die() -{ - msg="$*" - echo "ERROR: $msg" >&2 - exit 1 -} - -# seconds to wait for container to be running/stopped -boot_secs=10 -shutdown_secs=10 - -distro=$(lsb_release --id|cut -d: -f2-|awk '{print $1}'|tr '[A-Z]' '[a-z]') -[ -z "$distro" ] && die "failed to determine distro" - -[ ! -d "$template_dir" ] && die "template directory does not exist" - -file=$(ls "${template_dir}/lxc-${distro}" 2>/dev/null) -[ -z "$file" ] && die "template does not exist for distro '$distro'" -template="$distro" +# Environment +set -eu -release=$(lsb_release -c|awk '{print $2}') -[ -z "$release" ] && die "failed to establish release" - -orig_name="${release}-dep8" -new_name="${orig_name}-clone" - -name="$orig_name" - -# adt sets TMPDIR, this confuses debootstrap/apt-get when creating a container unset TMPDIR -# flush cache to ensure we always get the latest bootstrap image -lxc-create -n "$name" -t "$template" -- -r "$release" --flush-cache || \ - die "failed to create container '$name' using template '$template' for release '$release'" - -lxc-ls -1 | grep -q "^${name}$" || \ - die "container not known" - -lxc-start -n "$name" --daemon || die "failed to initiate container start" - -lxc-wait -n "$name" -s RUNNING -t $boot_secs || \ - die "container $name: did not start after $boot_secs seconds" - -lxc-stop -n "$name" || die "container $name: failed to initiate shutdown" - -lxc-wait -n "$name" -s STOPPED -t $shutdown_secs || \ - die "container $name: did not stop within $shutdown_secs seconds" +TEST_PASS=0 +TEST_FAIL=0 +TEST_IGNORED=0 + +IGNORE_LIST="" + +# Helper functions +pass() { + TEST_PASS=$((${TEST_PASS}+1)) + echo "PASS: $1" +} -lxc-clone -o "$orig_name" -n "$new_name" || \ - die "failed to clone container '$orig_name' to '$new_name'" +fail() { + for entry in $IGNORE_LIST; do + if [ "$entry" = "$2" ]; then + ignore $1 + return + fi + done + + TEST_FAIL=$((${TEST_FAIL}+1)) + echo "FAIL: $1" + + if [ -f "$3" ]; then + echo "---" + cat $3 + echo "---" + fi +} -# switch attention to the clone -name="$new_name" +ignore() { + TEST_IGNORED=$((${TEST_IGNORED}+1)) + echo "IGNORED: $*" +} -lxc-start -n "$name" --daemon || die "container $name: failed to initiate start" +summary() { + echo "" + echo "SUMMARY: pass=$TEST_PASS, fail=$TEST_FAIL, ignored=$TEST_IGNORED" +} -lxc-wait -n "$name" -s RUNNING -t $boot_secs || \ - die "container $name: did not start after $boot_secs seconds" +# The actual tests +## Default testsuite +for testbin in /usr/bin/lxc-test-*; do + STRING="lxc-tests: $testbin" + [ ! -x "$testbin" ] && continue + + # Some tests can't be run standalone + [ "$testbin" = "/usr/bin/lxc-test-may-control" ] && continue + + # Skip some tests when running in a container + if [ -f /run/container_type ]; then + [ "$testbin" = "/usr/bin/lxc-test-apparmor" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-device-add-remove" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-reboot" ] && \ + ignore "$STRING" && continue + fi + + # Skip userns tests in unprivileged containers + if [ -f /proc/self/uid_map ] && \ + ! grep -q "4294967295$" /proc/self/uid_map; then + + [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ + ignore "$STRING" && continue + fi + + # Skip some tests on old kernels + if [ ! -f /proc/self/uid_map ] || [ ! -f /etc/subuid ] || \ + [ ! -f /etc/subgid ]; then + [ "$testbin" = "/usr/bin/lxc-test-unpriv" ] && \ + ignore "$STRING" && continue + + [ "$testbin" = "/usr/bin/lxc-test-usernic" ] && \ + ignore "$STRING" && continue + fi + + OUT=$(mktemp) + $testbin >$OUT 2>&1 && pass "$STRING" || fail "$STRING" "$testbin" "$OUT" + rm $OUT +done -lxc-stop -n "$name" || die "container $new_nam: failed to initiate shutdown" +## Python3 testsuite +STRING="python3: API" +if [ ! -f /usr/share/doc/python3-lxc/examples/api_test.py.gz ]; then + ignore "$STRING" +else + OUT=$(mktemp) + + PYTEST=$(mktemp) + cat /usr/share/doc/python3-lxc/examples/api_test.py.gz | gzip -d > $PYTEST + python3 $PYTEST >$OUT 2>&1 && pass "$STRING" || \ + fail "$STRING" "python3" "$OUT" + rm $PYTEST -lxc-wait -n "$name" -s STOPPED -t $shutdown_secs || \ - die "container $name: did not stop within $shutdown_secs seconds" + rm $OUT +fi -# clean up -for name in "$orig_name" "$new_name" -do - lxc-destroy -n "$name" || die "container: $name: cannot delete" -done +# Test summary +summary -echo SUCCESS +[ "$TEST_FAIL" != "0" ] && exit 1 exit 0 diff -Nru lxc-1.0.0~alpha1/debian/watch lxc-1.0.8/debian/watch --- lxc-1.0.0~alpha1/debian/watch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/debian/watch 2015-11-18 18:41:56.000000000 +0000 @@ -0,0 +1,2 @@ +version=3 +http://linuxcontainers.org/downloads lxc-(.*)\.tar\.gz diff -Nru lxc-1.0.0~alpha1/doc/api/Doxyfile lxc-1.0.8/doc/api/Doxyfile --- lxc-1.0.0~alpha1/doc/api/Doxyfile 1970-01-01 00:00:00.000000000 +0000 +++ lxc-1.0.8/doc/api/Doxyfile 2015-11-09 22:49:15.000000000 +0000 @@ -0,0 +1,2283 @@ +# Doxyfile 1.8.5 + +# This file describes the settings to be used by the documentation system +# doxygen (www.doxygen.org) for a project. +# +# All text after a double hash (##) is considered a comment and is placed in +# front of the TAG it is preceding. +# +# All text after a single hash (#) is considered a comment and will be ignored. +# The format is: +# TAG = value [value, ...] +# For lists, items can also be appended using: +# TAG += value [value, ...] +# Values that contain spaces should be placed between quotes (\" \"). + +#--------------------------------------------------------------------------- +# Project related configuration options +#--------------------------------------------------------------------------- + +# This tag specifies the encoding used for all characters in the config file +# that follow. The default is UTF-8 which is also the encoding used for all text +# before the first occurrence of this tag. Doxygen uses libiconv (or the iconv +# built into libc) for the transcoding. See http://www.gnu.org/software/libiconv +# for the list of possible encodings. +# The default value is: UTF-8. + +DOXYFILE_ENCODING = UTF-8 + +# The PROJECT_NAME tag is a single word (or a sequence of words surrounded by +# double-quotes, unless you are using Doxywizard) that should identify the +# project for which the documentation is generated. This name is used in the +# title of most generated pages and in a few other places. +# The default value is: My Project. + +PROJECT_NAME = "LXC" + +# The PROJECT_NUMBER tag can be used to enter a project or revision number. This +# could be handy for archiving the generated documentation or if some version +# control system is used. + +PROJECT_NUMBER = + +# Using the PROJECT_BRIEF tag one can provide an optional one line description +# for a project that appears at the top of each page and should give viewer a +# quick idea about the purpose of the project. Keep the description short. + +PROJECT_BRIEF = + +# With the PROJECT_LOGO tag one can specify an logo or icon that is included in +# the documentation. The maximum height of the logo should not exceed 55 pixels +# and the maximum width should not exceed 200 pixels. Doxygen will copy the logo +# to the output directory. + +PROJECT_LOGO = + +# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path +# into which the generated documentation will be written. If a relative path is +# entered, it will be relative to the location where doxygen was started. If +# left blank the current directory will be used. + +OUTPUT_DIRECTORY = . + +# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 4096 sub- +# directories (in 2 levels) under the output directory of each output format and +# will distribute the generated files over these directories. Enabling this +# option can be useful when feeding doxygen a huge amount of source files, where +# putting all generated files in the same directory would otherwise causes +# performance problems for the file system. +# The default value is: NO. + +CREATE_SUBDIRS = NO + +# The OUTPUT_LANGUAGE tag is used to specify the language in which all +# documentation generated by doxygen is written. Doxygen will use this +# information to generate all constant output in the proper language. +# Possible values are: Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese- +# Traditional, Croatian, Czech, Danish, Dutch, English, Esperanto, Farsi, +# Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en, +# Korean, Korean-en, Latvian, Norwegian, Macedonian, Persian, Polish, +# Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, +# Turkish, Ukrainian and Vietnamese. +# The default value is: English. + +OUTPUT_LANGUAGE = English + +# If the BRIEF_MEMBER_DESC tag is set to YES doxygen will include brief member +# descriptions after the members that are listed in the file and class +# documentation (similar to Javadoc). Set to NO to disable this. +# The default value is: YES. + +BRIEF_MEMBER_DESC = YES + +# If the REPEAT_BRIEF tag is set to YES doxygen will prepend the brief +# description of a member or function before the detailed description +# +# Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the +# brief descriptions will be completely suppressed. +# The default value is: YES. + +REPEAT_BRIEF = YES + +# This tag implements a quasi-intelligent brief description abbreviator that is +# used to form the text in various listings. Each string in this list, if found +# as the leading text of the brief description, will be stripped from the text +# and the result, after processing the whole list, is used as the annotated +# text. Otherwise, the brief description is used as-is. If left blank, the +# following values are used ($name is automatically replaced with the name of +# the entity):The $name class, The $name widget, The $name file, is, provides, +# specifies, contains, represents, a, an and the. + +ABBREVIATE_BRIEF = + +# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then +# doxygen will generate a detailed section even if there is only a brief +# description. +# The default value is: NO. + +ALWAYS_DETAILED_SEC = NO + +# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all +# inherited members of a class in the documentation of that class as if those +# members were ordinary class members. Constructors, destructors and assignment +# operators of the base classes will not be shown. +# The default value is: NO. + +INLINE_INHERITED_MEMB = NO + +# If the FULL_PATH_NAMES tag is set to YES doxygen will prepend the full path +# before files name in the file list and in the header files. If set to NO the +# shortest path that makes the file name unique will be used +# The default value is: YES. + +FULL_PATH_NAMES = YES + +# The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. +# Stripping is only done if one of the specified strings matches the left-hand +# part of the path. The tag can be used to show relative paths in the file list. +# If left blank the directory from which doxygen is run is used as the path to +# strip. +# +# Note that you can specify absolute paths here, but also relative paths, which +# will be relative from the directory where doxygen is started. +# This tag requires that the tag FULL_PATH_NAMES is set to YES. + +STRIP_FROM_PATH = + +# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the +# path mentioned in the documentation of a class, which tells the reader which +# header file to include in order to use a class. If left blank only the name of +# the header file containing the class definition is used. Otherwise one should +# specify the list of include paths that are normally passed to the compiler +# using the -I flag. + +STRIP_FROM_INC_PATH = + +# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but +# less readable) file names. This can be useful is your file systems doesn't +# support long names like on DOS, Mac, or CD-ROM. +# The default value is: NO. + +SHORT_NAMES = NO + +# If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the +# first line (until the first dot) of a Javadoc-style comment as the brief +# description. If set to NO, the Javadoc-style will behave just like regular Qt- +# style comments (thus requiring an explicit @brief command for a brief +# description.) +# The default value is: NO. + +JAVADOC_AUTOBRIEF = NO + +# If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first +# line (until the first dot) of a Qt-style comment as the brief description. If +# set to NO, the Qt-style will behave just like regular Qt-style comments (thus +# requiring an explicit \brief command for a brief description.) +# The default value is: NO. + +QT_AUTOBRIEF = NO + +# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a +# multi-line C++ special comment block (i.e. a block of //! or /// comments) as +# a brief description. This used to be the default behavior. The new default is +# to treat a multi-line C++ comment block as a detailed description. Set this +# tag to YES if you prefer the old behavior instead. +# +# Note that setting this tag to YES also means that rational rose comments are +# not recognized any more. +# The default value is: NO. + +MULTILINE_CPP_IS_BRIEF = NO + +# If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the +# documentation from any documented member that it re-implements. +# The default value is: YES. + +INHERIT_DOCS = YES + +# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce a +# new page for each member. If set to NO, the documentation of a member will be +# part of the file/class/namespace that contains it. +# The default value is: NO. + +SEPARATE_MEMBER_PAGES = NO + +# The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen +# uses this value to replace tabs by spaces in code fragments. +# Minimum value: 1, maximum value: 16, default value: 4. + +TAB_SIZE = 4 + +# This tag can be used to specify a number of aliases that act as commands in +# the documentation. An alias has the form: +# name=value +# For example adding +# "sideeffect=@par Side Effects:\n" +# will allow you to put the command \sideeffect (or @sideeffect) in the +# documentation, which will result in a user-defined paragraph with heading +# "Side Effects:". You can put \n's in the value part of an alias to insert +# newlines. + +ALIASES = + +# This tag can be used to specify a number of word-keyword mappings (TCL only). +# A mapping has the form "name=value". For example adding "class=itcl::class" +# will allow you to use the command class in the itcl::class meaning. + +TCL_SUBST = + +# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources +# only. Doxygen will then generate output that is more tailored for C. For +# instance, some of the names that are used will be different. The list of all +# members will be omitted, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_FOR_C = YES + +# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or +# Python sources only. Doxygen will then generate output that is more tailored +# for that language. For instance, namespaces will be presented as packages, +# qualified scopes will look different, etc. +# The default value is: NO. + +OPTIMIZE_OUTPUT_JAVA = NO + +# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran +# sources. Doxygen will then generate output that is tailored for Fortran. +# The default value is: NO. + +OPTIMIZE_FOR_FORTRAN = NO + +# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL +# sources. Doxygen will then generate output that is tailored for VHDL. +# The default value is: NO. + +OPTIMIZE_OUTPUT_VHDL = NO + +# Doxygen selects the parser to use depending on the extension of the files it +# parses. With this tag you can assign which parser to use for a given +# extension. Doxygen has a built-in mapping, but you can override or extend it +# using this tag. The format is ext=language, where ext is a file extension, and +# language is one of the parsers supported by doxygen: IDL, Java, Javascript, +# C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make +# doxygen treat .inc files as Fortran files (default is PHP), and .f files as C +# (default is Fortran), use: inc=Fortran f=C. +# +# Note For files without extension you can use no_extension as a placeholder. +# +# Note that for custom extensions you also need to set FILE_PATTERNS otherwise +# the files are not read by doxygen. + +EXTENSION_MAPPING = + +# If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments +# according to the Markdown format, which allows for more readable +# documentation. See http://daringfireball.net/projects/markdown/ for details. +# The output of markdown processing is further processed by doxygen, so you can +# mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in +# case of backward compatibilities issues. +# The default value is: YES. + +MARKDOWN_SUPPORT = YES + +# When enabled doxygen tries to link words that correspond to documented +# classes, or namespaces to their corresponding documentation. Such a link can +# be prevented in individual cases by by putting a % sign in front of the word +# or globally by setting AUTOLINK_SUPPORT to NO. +# The default value is: YES. + +AUTOLINK_SUPPORT = YES + +# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want +# to include (a tag file for) the STL sources as input, then you should set this +# tag to YES in order to let doxygen match functions declarations and +# definitions whose arguments contain STL classes (e.g. func(std::string); +# versus func(std::string) {}). This also make the inheritance and collaboration +# diagrams that involve STL classes more complete and accurate. +# The default value is: NO. + +BUILTIN_STL_SUPPORT = NO + +# If you use Microsoft's C++/CLI language, you should set this option to YES to +# enable parsing support. +# The default value is: NO. + +CPP_CLI_SUPPORT = NO + +# Set the SIP_SUPPORT tag to YES if your project consists of sip (see: +# http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen +# will parse them like normal C++ but will assume all classes use public instead +# of private inheritance when no explicit protection keyword is present. +# The default value is: NO. + +SIP_SUPPORT = NO + +# For Microsoft's IDL there are propget and propput attributes to indicate +# getter and setter methods for a property. Setting this option to YES will make +# doxygen to replace the get and set methods by a property in the documentation. +# This will only work if the methods are indeed getting or setting a simple +# type. If this is not the case, or you want to show the methods anyway, you +# should set this option to NO. +# The default value is: YES. + +IDL_PROPERTY_SUPPORT = YES + +# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC +# tag is set to YES, then doxygen will reuse the documentation of the first +# member in the group (if any) for the other members of the group. By default +# all members of a group must be documented explicitly. +# The default value is: NO. + +DISTRIBUTE_GROUP_DOC = YES + +# Set the SUBGROUPING tag to YES to allow class member groups of the same type +# (for instance a group of public functions) to be put as a subgroup of that +# type (e.g. under the Public Functions section). Set it to NO to prevent +# subgrouping. Alternatively, this can be done per class using the +# \nosubgrouping command. +# The default value is: YES. + +SUBGROUPING = YES + +# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions +# are shown inside the group in which they are included (e.g. using \ingroup) +# instead of on a separate page (for HTML and Man pages) or section (for LaTeX +# and RTF). +# +# Note that this feature does not work in combination with +# SEPARATE_MEMBER_PAGES. +# The default value is: NO. + +INLINE_GROUPED_CLASSES = NO + +# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions +# with only public data fields or simple typedef fields will be shown inline in +# the documentation of the scope in which they are defined (i.e. file, +# namespace, or group documentation), provided this scope is documented. If set +# to NO, structs, classes, and unions are shown on a separate page (for HTML and +# Man pages) or section (for LaTeX and RTF). +# The default value is: NO. + +INLINE_SIMPLE_STRUCTS = NO + +# When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or +# enum is documented as struct, union, or enum with the name of the typedef. So +# typedef struct TypeS {} TypeT, will appear in the documentation as a struct +# with name TypeT. When disabled the typedef will appear as a member of a file, +# namespace, or class. And the struct will be named TypeS. This can typically be +# useful for C code in case the coding convention dictates that all compound +# types are typedef'ed and only the typedef is referenced, never the tag name. +# The default value is: NO. + +TYPEDEF_HIDES_STRUCT = NO + +# The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This +# cache is used to resolve symbols given their name and scope. Since this can be +# an expensive process and often the same symbol appears multiple times in the +# code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small +# doxygen will become slower. If the cache is too large, memory is wasted. The +# cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range +# is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 +# symbols. At the end of a run doxygen will report the cache usage and suggest +# the optimal cache size from a speed point of view. +# Minimum value: 0, maximum value: 9, default value: 0. + +LOOKUP_CACHE_SIZE = 0 + +#--------------------------------------------------------------------------- +# Build related configuration options +#--------------------------------------------------------------------------- + +# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in +# documentation are documented, even if no documentation was available. Private +# class members and static file members will be hidden unless the +# EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. +# Note: This will also disable the warnings about undocumented members that are +# normally produced when WARNINGS is set to YES. +# The default value is: NO. + +EXTRACT_ALL = NO + +# If the EXTRACT_PRIVATE tag is set to YES all private members of a class will +# be included in the documentation. +# The default value is: NO. + +EXTRACT_PRIVATE = NO + +# If the EXTRACT_PACKAGE tag is set to YES all members with package or internal +# scope will be included in the documentation. +# The default value is: NO. + +EXTRACT_PACKAGE = NO + +# If the EXTRACT_STATIC tag is set to YES all static members of a file will be +# included in the documentation. +# The default value is: NO. + +EXTRACT_STATIC = NO + +# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) defined +# locally in source files will be included in the documentation. If set to NO +# only classes defined in header files are included. Does not have any effect +# for Java sources. +# The default value is: YES. + +EXTRACT_LOCAL_CLASSES = YES + +# This flag is only useful for Objective-C code. When set to YES local methods, +# which are defined in the implementation section but not in the interface are +# included in the documentation. If set to NO only methods in the interface are +# included. +# The default value is: NO. + +EXTRACT_LOCAL_METHODS = NO + +# If this flag is set to YES, the members of anonymous namespaces will be +# extracted and appear in the documentation as a namespace called +# 'anonymous_namespace{file}', where file will be replaced with the base name of +# the file that contains the anonymous namespace. By default anonymous namespace +# are hidden. +# The default value is: NO. + +EXTRACT_ANON_NSPACES = NO + +# If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all +# undocumented members inside documented classes or files. If set to NO these +# members will be included in the various overviews, but no documentation +# section is generated. This option has no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_MEMBERS = NO + +# If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all +# undocumented classes that are normally visible in the class hierarchy. If set +# to NO these classes will be included in the various overviews. This option has +# no effect if EXTRACT_ALL is enabled. +# The default value is: NO. + +HIDE_UNDOC_CLASSES = NO + +# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend +# (class|struct|union) declarations. If set to NO these declarations will be +# included in the documentation. +# The default value is: NO. + +HIDE_FRIEND_COMPOUNDS = NO + +# If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any +# documentation blocks found inside the body of a function. If set to NO these +# blocks will be appended to the function's detailed documentation block. +# The default value is: NO. + +HIDE_IN_BODY_DOCS = NO + +# The INTERNAL_DOCS tag determines if documentation that is typed after a +# \internal command is included. If the tag is set to NO then the documentation +# will be excluded. Set it to YES to include the internal documentation. +# The default value is: NO. + +INTERNAL_DOCS = NO + +# If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file +# names in lower-case letters. If set to YES upper-case letters are also +# allowed. This is useful if you have classes or files whose names only differ +# in case and if your file system supports case sensitive file names. Windows +# and Mac users are advised to set this option to NO. +# The default value is: system dependent. + +CASE_SENSE_NAMES = YES + +# If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with +# their full class and namespace scopes in the documentation. If set to YES the +# scope will be hidden. +# The default value is: NO. + +HIDE_SCOPE_NAMES = NO + +# If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of +# the files that are included by a file in the documentation of that file. +# The default value is: YES. + +SHOW_INCLUDE_FILES = YES + +# If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include +# files with double quotes in the documentation rather than with sharp brackets. +# The default value is: NO. + +FORCE_LOCAL_INCLUDES = NO + +# If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the +# documentation for inline members. +# The default value is: YES. + +INLINE_INFO = YES + +# If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the +# (detailed) documentation of file and class members alphabetically by member +# name. If set to NO the members will appear in declaration order. +# The default value is: YES. + +SORT_MEMBER_DOCS = YES + +# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief +# descriptions of file, namespace and class members alphabetically by member +# name. If set to NO the members will appear in declaration order. +# The default value is: NO. + +SORT_BRIEF_DOCS = NO + +# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the +# (brief and detailed) documentation of class members so that constructors and +# destructors are listed first. If set to NO the constructors will appear in the +# respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. +# Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief +# member documentation. +# Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting +# detailed member documentation. +# The default value is: NO. + +SORT_MEMBERS_CTORS_1ST = NO + +# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy +# of group names into alphabetical order. If set to NO the group names will +# appear in their defined order. +# The default value is: NO. + +SORT_GROUP_NAMES = NO + +# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by +# fully-qualified names, including namespaces. If set to NO, the class list will +# be sorted only by class name, not including the namespace part. +# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. +# Note: This option applies only to the class list, not to the alphabetical +# list. +# The default value is: NO. + +SORT_BY_SCOPE_NAME = NO + +# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper +# type resolution of all parameters of a function it will reject a match between +# the prototype and the implementation of a member function even if there is +# only one candidate or it is obvious which candidate to choose by doing a +# simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still +# accept a match between prototype and implementation in such cases. +# The default value is: NO. + +STRICT_PROTO_MATCHING = NO + +# The GENERATE_TODOLIST tag can be used to enable ( YES) or disable ( NO) the +# todo list. This list is created by putting \todo commands in the +# documentation. +# The default value is: YES. + +GENERATE_TODOLIST = YES + +# The GENERATE_TESTLIST tag can be used to enable ( YES) or disable ( NO) the +# test list. This list is created by putting \test commands in the +# documentation. +# The default value is: YES. + +GENERATE_TESTLIST = YES + +# The GENERATE_BUGLIST tag can be used to enable ( YES) or disable ( NO) the bug +# list. This list is created by putting \bug commands in the documentation. +# The default value is: YES. + +GENERATE_BUGLIST = YES + +# The GENERATE_DEPRECATEDLIST tag can be used to enable ( YES) or disable ( NO) +# the deprecated list. This list is created by putting \deprecated commands in +# the documentation. +# The default value is: YES. + +GENERATE_DEPRECATEDLIST= YES + +# The ENABLED_SECTIONS tag can be used to enable conditional documentation +# sections, marked by \if ... \endif and \cond +# ... \endcond blocks. + +ENABLED_SECTIONS = + +# The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the +# initial value of a variable or macro / define can have for it to appear in the +# documentation. If the initializer consists of more lines than specified here +# it will be hidden. Use a value of 0 to hide initializers completely. The +# appearance of the value of individual variables and macros / defines can be +# controlled using \showinitializer or \hideinitializer command in the +# documentation regardless of this setting. +# Minimum value: 0, maximum value: 10000, default value: 30. + +MAX_INITIALIZER_LINES = 30 + +# Set the SHOW_USED_FILES tag to NO to disable the list of files generated at +# the bottom of the documentation of classes and structs. If set to YES the list +# will mention the files that were used to generate the documentation. +# The default value is: YES. + +SHOW_USED_FILES = YES + +# Set the SHOW_FILES tag to NO to disable the generation of the Files page. This +# will remove the Files entry from the Quick Index and from the Folder Tree View +# (if specified). +# The default value is: YES. + +SHOW_FILES = YES + +# Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces +# page. This will remove the Namespaces entry from the Quick Index and from the +# Folder Tree View (if specified). +# The default value is: YES. + +SHOW_NAMESPACES = YES + +# The FILE_VERSION_FILTER tag can be used to specify a program or script that +# doxygen should invoke to get the current version for each file (typically from +# the version control system). Doxygen will invoke the program by executing (via +# popen()) the command command input-file, where command is the value of the +# FILE_VERSION_FILTER tag, and input-file is the name of an input file provided +# by doxygen. Whatever the program writes to standard output is used as the file +# version. For an example see the documentation. + +FILE_VERSION_FILTER = + +# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed +# by doxygen. The layout file controls the global structure of the generated +# output files in an output format independent way. To create the layout file +# that represents doxygen's defaults, run doxygen with the -l option. You can +# optionally specify a file name after the option, if omitted DoxygenLayout.xml +# will be used as the name of the layout file. +# +# Note that if you run doxygen from a directory containing a file called +# DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE +# tag is left empty. + +LAYOUT_FILE = + +# The CITE_BIB_FILES tag can be used to specify one or more bib files containing +# the reference definitions. This must be a list of .bib files. The .bib +# extension is automatically appended if omitted. This requires the bibtex tool +# to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. +# For LaTeX the style of the bibliography can be controlled using +# LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the +# search path. Do not use file names with spaces, bibtex cannot handle them. See +# also \cite for info how to create references. + +CITE_BIB_FILES = + +#--------------------------------------------------------------------------- +# Configuration options related to warning and progress messages +#--------------------------------------------------------------------------- + +# The QUIET tag can be used to turn on/off the messages that are generated to +# standard output by doxygen. If QUIET is set to YES this implies that the +# messages are off. +# The default value is: NO. + +QUIET = NO + +# The WARNINGS tag can be used to turn on/off the warning messages that are +# generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES +# this implies that the warnings are on. +# +# Tip: Turn warnings on while writing the documentation. +# The default value is: YES. + +WARNINGS = YES + +# If the WARN_IF_UNDOCUMENTED tag is set to YES, then doxygen will generate +# warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag +# will automatically be disabled. +# The default value is: YES. + +WARN_IF_UNDOCUMENTED = YES + +# If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for +# potential errors in the documentation, such as not documenting some parameters +# in a documented function, or documenting parameters that don't exist or using +# markup commands wrongly. +# The default value is: YES. + +WARN_IF_DOC_ERROR = YES + +# This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that +# are documented, but have no documentation for their parameters or return +# value. If set to NO doxygen will only warn about wrong or incomplete parameter +# documentation, but not about the absence of documentation. +# The default value is: NO. + +WARN_NO_PARAMDOC = YES + +# The WARN_FORMAT tag determines the format of the warning messages that doxygen +# can produce. The string should contain the $file, $line, and $text tags, which +# will be replaced by the file and line number from which the warning originated +# and the warning text. Optionally the format may contain $version, which will +# be replaced by the version of the file (if it could be obtained via +# FILE_VERSION_FILTER) +# The default value is: $file:$line: $text. + +WARN_FORMAT = "$file:$line: $text" + +# The WARN_LOGFILE tag can be used to specify a file to which warning and error +# messages should be written. If left blank the output is written to standard +# error (stderr). + +WARN_LOGFILE = + +#--------------------------------------------------------------------------- +# Configuration options related to the input files +#--------------------------------------------------------------------------- + +# The INPUT tag is used to specify the files and/or directories that contain +# documented source files. You may enter file names like myfile.cpp or +# directories like /usr/src/myproject. Separate the files or directories with +# spaces. +# Note: If this tag is empty the current directory is searched. + +INPUT = \ + ../../src/lxc/lxccontainer.h \ + ../../src/lxc/lxclock.h \ + ../../src/lxc/attach_options.h + +# This tag can be used to specify the character encoding of the source files +# that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses +# libiconv (or the iconv built into libc) for the transcoding. See the libiconv +# documentation (see: http://www.gnu.org/software/libiconv) for the list of +# possible encodings. +# The default value is: UTF-8. + +INPUT_ENCODING = UTF-8 + +# If the value of the INPUT tag contains directories, you can use the +# FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and +# *.h) to filter out the source-files in the directories. If left blank the +# following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, +# *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, +# *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, +# *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, +# *.qsf, *.as and *.js. + +FILE_PATTERNS = *.h + +# The RECURSIVE tag can be used to specify whether or not subdirectories should +# be searched for input files as well. +# The default value is: NO. + +RECURSIVE = NO + +# The EXCLUDE tag can be used to specify files and/or directories that should be +# excluded from the INPUT source files. This way you can easily exclude a +# subdirectory from a directory tree whose root is specified with the INPUT tag. +# +# Note that relative paths are relative to the directory from which doxygen is +# run. + +EXCLUDE = + +# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or +# directories that are symbolic links (a Unix file system feature) are excluded +# from the input. +# The default value is: NO. + +EXCLUDE_SYMLINKS = NO + +# If the value of the INPUT tag contains directories, you can use the +# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude +# certain files from those directories. +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories for example use the pattern */test/* + +EXCLUDE_PATTERNS = + +# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names +# (namespaces, classes, functions, etc.) that should be excluded from the +# output. The symbol name can be a fully qualified name, a word, or if the +# wildcard * is used, a substring. Examples: ANamespace, AClass, +# AClass::ANamespace, ANamespace::*Test +# +# Note that the wildcards are matched against the file with absolute path, so to +# exclude all test directories use the pattern */test/* + +EXCLUDE_SYMBOLS = + +# The EXAMPLE_PATH tag can be used to specify one or more files or directories +# that contain example code fragments that are included (see the \include +# command). + +EXAMPLE_PATH = + +# If the value of the EXAMPLE_PATH tag contains directories, you can use the +# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and +# *.h) to filter out the source-files in the directories. If left blank all +# files are included. + +EXAMPLE_PATTERNS = + +# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be +# searched for input files to be used with the \include or \dontinclude commands +# irrespective of the value of the RECURSIVE tag. +# The default value is: NO. + +EXAMPLE_RECURSIVE = NO + +# The IMAGE_PATH tag can be used to specify one or more files or directories +# that contain images that are to be included in the documentation (see the +# \image command). + +IMAGE_PATH = + +# The INPUT_FILTER tag can be used to specify a program that doxygen should +# invoke to filter for each input file. Doxygen will invoke the filter program +# by executing (via popen()) the command: +# +# +# +# where is the value of the INPUT_FILTER tag, and is the +# name of an input file. Doxygen will then use the output that the filter +# program writes to standard output. If FILTER_PATTERNS is specified, this tag +# will be ignored. +# +# Note that the filter must not add or remove lines; it is applied before the +# code is scanned, but not when the output code is generated. If lines are added +# or removed, the anchors will not be placed correctly. + +INPUT_FILTER = + +# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern +# basis. Doxygen will compare the file name with each pattern and apply the +# filter if there is a match. The filters are a list of the form: pattern=filter +# (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how +# filters are used. If the FILTER_PATTERNS tag is empty or if none of the +# patterns match the file name, INPUT_FILTER is applied. + +FILTER_PATTERNS = + +# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using +# INPUT_FILTER ) will also be used to filter the input files that are used for +# producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). +# The default value is: NO. + +FILTER_SOURCE_FILES = NO + +# The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file +# pattern. A pattern will override the setting for FILTER_PATTERN (if any) and +# it is also possible to disable source filtering for a specific pattern using +# *.ext= (so without naming a filter). +# This tag requires that the tag FILTER_SOURCE_FILES is set to YES. + +FILTER_SOURCE_PATTERNS = + +# If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that +# is part of the input, its contents will be placed on the main page +# (index.html). This can be useful if you have a project on for instance GitHub +# and want to reuse the introduction page also for the doxygen output. + +USE_MDFILE_AS_MAINPAGE = + +#--------------------------------------------------------------------------- +# Configuration options related to source browsing +#--------------------------------------------------------------------------- + +# If the SOURCE_BROWSER tag is set to YES then a list of source files will be +# generated. Documented entities will be cross-referenced with these sources. +# +# Note: To get rid of all source code in the generated output, make sure that +# also VERBATIM_HEADERS is set to NO. +# The default value is: NO. + +SOURCE_BROWSER = NO + +# Setting the INLINE_SOURCES tag to YES will include the body of functions, +# classes and enums directly into the documentation. +# The default value is: NO. + +INLINE_SOURCES = NO + +# Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any +# special comment blocks from generated source code fragments. Normal C, C++ and +# Fortran comments will always remain visible. +# The default value is: YES. + +STRIP_CODE_COMMENTS = YES + +# If the REFERENCED_BY_RELATION tag is set to YES then for each documented +# function all documented functions referencing it will be listed. +# The default value is: NO. + +REFERENCED_BY_RELATION = NO + +# If the REFERENCES_RELATION tag is set to YES then for each documented function +# all documented entities called/used by that function will be listed. +# The default value is: NO. + +REFERENCES_RELATION = NO + +# If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set +# to YES, then the hyperlinks from functions in REFERENCES_RELATION and +# REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will +# link to the documentation. +# The default value is: YES. + +REFERENCES_LINK_SOURCE = YES + +# If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the +# source code will show a tooltip with additional information such as prototype, +# brief description and links to the definition and documentation. Since this +# will make the HTML file larger and loading of large files a bit slower, you +# can opt to disable this feature. +# The default value is: YES. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +SOURCE_TOOLTIPS = YES + +# If the USE_HTAGS tag is set to YES then the references to source code will +# point to the HTML generated by the htags(1) tool instead of doxygen built-in +# source browser. The htags tool is part of GNU's global source tagging system +# (see http://www.gnu.org/software/global/global.html). You will need version +# 4.8.6 or higher. +# +# To use it do the following: +# - Install the latest version of global +# - Enable SOURCE_BROWSER and USE_HTAGS in the config file +# - Make sure the INPUT points to the root of the source tree +# - Run doxygen as normal +# +# Doxygen will invoke htags (and that will in turn invoke gtags), so these +# tools must be available from the command line (i.e. in the search path). +# +# The result: instead of the source browser generated by doxygen, the links to +# source code will now point to the output of htags. +# The default value is: NO. +# This tag requires that the tag SOURCE_BROWSER is set to YES. + +USE_HTAGS = NO + +# If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a +# verbatim copy of the header file for each class for which an include is +# specified. Set to NO to disable this. +# See also: Section \class. +# The default value is: YES. + +VERBATIM_HEADERS = YES + +#--------------------------------------------------------------------------- +# Configuration options related to the alphabetical class index +#--------------------------------------------------------------------------- + +# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all +# compounds will be generated. Enable this if the project contains a lot of +# classes, structs, unions or interfaces. +# The default value is: YES. + +ALPHABETICAL_INDEX = YES + +# The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in +# which the alphabetical index list will be split. +# Minimum value: 1, maximum value: 20, default value: 5. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +COLS_IN_ALPHA_INDEX = 5 + +# In case all classes in a project start with a common prefix, all classes will +# be put under the same header in the alphabetical index. The IGNORE_PREFIX tag +# can be used to specify a prefix (or a list of prefixes) that should be ignored +# while generating the index headers. +# This tag requires that the tag ALPHABETICAL_INDEX is set to YES. + +IGNORE_PREFIX = + +#--------------------------------------------------------------------------- +# Configuration options related to the HTML output +#--------------------------------------------------------------------------- + +# If the GENERATE_HTML tag is set to YES doxygen will generate HTML output +# The default value is: YES. + +GENERATE_HTML = YES + +# The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a +# relative path is entered the value of OUTPUT_DIRECTORY will be put in front of +# it. +# The default directory is: html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_OUTPUT = html + +# The HTML_FILE_EXTENSION tag can be used to specify the file extension for each +# generated HTML page (for example: .htm, .php, .asp). +# The default value is: .html. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FILE_EXTENSION = .html + +# The HTML_HEADER tag can be used to specify a user-defined HTML header file for +# each generated HTML page. If the tag is left blank doxygen will generate a +# standard header. +# +# To get valid HTML the header file that includes any scripts and style sheets +# that doxygen needs, which is dependent on the configuration options used (e.g. +# the setting GENERATE_TREEVIEW). It is highly recommended to start with a +# default header using +# doxygen -w html new_header.html new_footer.html new_stylesheet.css +# YourConfigFile +# and then modify the file new_header.html. See also section "Doxygen usage" +# for information on how to generate the default header that doxygen normally +# uses. +# Note: The header is subject to change so you typically have to regenerate the +# default header when upgrading to a newer version of doxygen. For a description +# of the possible markers and block names see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_HEADER = + +# The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each +# generated HTML page. If the tag is left blank doxygen will generate a standard +# footer. See HTML_HEADER for more information on how to generate a default +# footer and what special commands can be used inside the footer. See also +# section "Doxygen usage" for information on how to generate the default footer +# that doxygen normally uses. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_FOOTER = + +# The HTML_STYLESHEET tag can be used to specify a user-defined cascading style +# sheet that is used by each HTML page. It can be used to fine-tune the look of +# the HTML output. If left blank doxygen will generate a default style sheet. +# See also section "Doxygen usage" for information on how to generate the style +# sheet that doxygen normally uses. +# Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as +# it is more robust and this tag (HTML_STYLESHEET) will in the future become +# obsolete. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_STYLESHEET = + +# The HTML_EXTRA_STYLESHEET tag can be used to specify an additional user- +# defined cascading style sheet that is included after the standard style sheets +# created by doxygen. Using this option one can overrule certain style aspects. +# This is preferred over using HTML_STYLESHEET since it does not replace the +# standard style sheet and is therefor more robust against future updates. +# Doxygen will copy the style sheet file to the output directory. For an example +# see the documentation. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_STYLESHEET = + +# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or +# other source files which should be copied to the HTML output directory. Note +# that these files will be copied to the base HTML output directory. Use the +# $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these +# files. In the HTML_STYLESHEET file, use the file name only. Also note that the +# files will be copied as-is; there are no commands or markers available. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_EXTRA_FILES = + +# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen +# will adjust the colors in the stylesheet and background images according to +# this color. Hue is specified as an angle on a colorwheel, see +# http://en.wikipedia.org/wiki/Hue for more information. For instance the value +# 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 +# purple, and 360 is red again. +# Minimum value: 0, maximum value: 359, default value: 220. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_HUE = 220 + +# The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors +# in the HTML output. For a value of 0 the output will use grayscales only. A +# value of 255 will produce the most vivid colors. +# Minimum value: 0, maximum value: 255, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_SAT = 100 + +# The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the +# luminance component of the colors in the HTML output. Values below 100 +# gradually make the output lighter, whereas values above 100 make the output +# darker. The value divided by 100 is the actual gamma applied, so 80 represents +# a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not +# change the gamma. +# Minimum value: 40, maximum value: 240, default value: 80. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_COLORSTYLE_GAMMA = 80 + +# If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML +# page will contain the date and time when the page was generated. Setting this +# to NO can help when comparing the output of multiple runs. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_TIMESTAMP = YES + +# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML +# documentation will contain sections that can be hidden and shown after the +# page has loaded. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_DYNAMIC_SECTIONS = NO + +# With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries +# shown in the various tree structured indices initially; the user can expand +# and collapse entries dynamically later on. Doxygen will expand the tree to +# such a level that at most the specified number of entries are visible (unless +# a fully collapsed tree already exceeds this amount). So setting the number of +# entries 1 will produce a full collapsed tree by default. 0 is a special value +# representing an infinite number of entries and will result in a full expanded +# tree by default. +# Minimum value: 0, maximum value: 9999, default value: 100. +# This tag requires that the tag GENERATE_HTML is set to YES. + +HTML_INDEX_NUM_ENTRIES = 100 + +# If the GENERATE_DOCSET tag is set to YES, additional index files will be +# generated that can be used as input for Apple's Xcode 3 integrated development +# environment (see: http://developer.apple.com/tools/xcode/), introduced with +# OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a +# Makefile in the HTML output directory. Running make will produce the docset in +# that directory and running make install will install the docset in +# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at +# startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html +# for more information. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_DOCSET = NO + +# This tag determines the name of the docset feed. A documentation feed provides +# an umbrella under which multiple documentation sets from a single provider +# (such as a company or product suite) can be grouped. +# The default value is: Doxygen generated docs. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_FEEDNAME = "Doxygen generated docs" + +# This tag specifies a string that should uniquely identify the documentation +# set bundle. This should be a reverse domain-name style string, e.g. +# com.mycompany.MyDocSet. Doxygen will append .docset to the name. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_BUNDLE_ID = org.doxygen.Project + +# The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify +# the documentation publisher. This should be a reverse domain-name style +# string, e.g. com.mycompany.MyDocSet.documentation. +# The default value is: org.doxygen.Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_ID = org.doxygen.Publisher + +# The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. +# The default value is: Publisher. +# This tag requires that the tag GENERATE_DOCSET is set to YES. + +DOCSET_PUBLISHER_NAME = Publisher + +# If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three +# additional HTML index files: index.hhp, index.hhc, and index.hhk. The +# index.hhp is a project file that can be read by Microsoft's HTML Help Workshop +# (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on +# Windows. +# +# The HTML Help Workshop contains a compiler that can convert all HTML output +# generated by doxygen into a single compiled HTML file (.chm). Compiled HTML +# files are now used as the Windows 98 help format, and will replace the old +# Windows help format (.hlp) on all Windows platforms in the future. Compressed +# HTML files also contain an index, a table of contents, and you can search for +# words in the documentation. The HTML workshop also contains a viewer for +# compressed HTML files. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_HTMLHELP = NO + +# The CHM_FILE tag can be used to specify the file name of the resulting .chm +# file. You can add a path in front of the file if the result should not be +# written to the html output directory. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_FILE = + +# The HHC_LOCATION tag can be used to specify the location (absolute path +# including file name) of the HTML help compiler ( hhc.exe). If non-empty +# doxygen will try to run the HTML help compiler on the generated index.hhp. +# The file has to be specified with full path. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +HHC_LOCATION = + +# The GENERATE_CHI flag controls if a separate .chi index file is generated ( +# YES) or that it should be included in the master .chm file ( NO). +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +GENERATE_CHI = NO + +# The CHM_INDEX_ENCODING is used to encode HtmlHelp index ( hhk), content ( hhc) +# and project file content. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +CHM_INDEX_ENCODING = + +# The BINARY_TOC flag controls whether a binary table of contents is generated ( +# YES) or a normal table of contents ( NO) in the .chm file. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +BINARY_TOC = NO + +# The TOC_EXPAND flag can be set to YES to add extra items for group members to +# the table of contents of the HTML help documentation and to the tree view. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTMLHELP is set to YES. + +TOC_EXPAND = NO + +# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and +# QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that +# can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help +# (.qch) of the generated HTML documentation. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_QHP = NO + +# If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify +# the file name of the resulting .qch file. The path specified is relative to +# the HTML output folder. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QCH_FILE = + +# The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help +# Project output. For more information please see Qt Help Project / Namespace +# (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_NAMESPACE = org.doxygen.Project + +# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt +# Help Project output. For more information please see Qt Help Project / Virtual +# Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- +# folders). +# The default value is: doc. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_VIRTUAL_FOLDER = doc + +# If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom +# filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_NAME = + +# The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the +# custom filter to add. For more information please see Qt Help Project / Custom +# Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- +# filters). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_CUST_FILTER_ATTRS = + +# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this +# project's filter section matches. Qt Help Project / Filter Attributes (see: +# http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHP_SECT_FILTER_ATTRS = + +# The QHG_LOCATION tag can be used to specify the location of Qt's +# qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the +# generated .qhp file. +# This tag requires that the tag GENERATE_QHP is set to YES. + +QHG_LOCATION = + +# If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be +# generated, together with the HTML files, they form an Eclipse help plugin. To +# install this plugin and make it available under the help contents menu in +# Eclipse, the contents of the directory containing the HTML and XML files needs +# to be copied into the plugins directory of eclipse. The name of the directory +# within the plugins directory should be the same as the ECLIPSE_DOC_ID value. +# After copying Eclipse needs to be restarted before the help appears. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_ECLIPSEHELP = NO + +# A unique identifier for the Eclipse help plugin. When installing the plugin +# the directory name containing the HTML and XML files should also have this +# name. Each documentation set should have its own identifier. +# The default value is: org.doxygen.Project. +# This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. + +ECLIPSE_DOC_ID = org.doxygen.Project + +# If you want full control over the layout of the generated HTML pages it might +# be necessary to disable the index and replace it with your own. The +# DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top +# of each HTML page. A value of NO enables the index and the value YES disables +# it. Since the tabs in the index contain the same information as the navigation +# tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +DISABLE_INDEX = NO + +# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index +# structure should be generated to display hierarchical information. If the tag +# value is set to YES, a side panel will be generated containing a tree-like +# index structure (just like the one that is generated for HTML Help). For this +# to work a browser that supports JavaScript, DHTML, CSS and frames is required +# (i.e. any modern browser). Windows users are probably better off using the +# HTML help feature. Via custom stylesheets (see HTML_EXTRA_STYLESHEET) one can +# further fine-tune the look of the index. As an example, the default style +# sheet generated by doxygen has an example that shows how to put an image at +# the root of the tree instead of the PROJECT_NAME. Since the tree basically has +# the same information as the tab index, you could consider setting +# DISABLE_INDEX to YES when enabling this option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +GENERATE_TREEVIEW = NO + +# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that +# doxygen will group on one line in the generated HTML documentation. +# +# Note that a value of 0 will completely suppress the enum values from appearing +# in the overview section. +# Minimum value: 0, maximum value: 20, default value: 4. +# This tag requires that the tag GENERATE_HTML is set to YES. + +ENUM_VALUES_PER_LINE = 4 + +# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used +# to set the initial width (in pixels) of the frame in which the tree is shown. +# Minimum value: 0, maximum value: 1500, default value: 250. +# This tag requires that the tag GENERATE_HTML is set to YES. + +TREEVIEW_WIDTH = 250 + +# When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open links to +# external symbols imported via tag files in a separate window. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +EXT_LINKS_IN_WINDOW = NO + +# Use this tag to change the font size of LaTeX formulas included as images in +# the HTML documentation. When you change the font size after a successful +# doxygen run you need to manually remove any form_*.png images from the HTML +# output directory to force them to be regenerated. +# Minimum value: 8, maximum value: 50, default value: 10. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_FONTSIZE = 10 + +# Use the FORMULA_TRANPARENT tag to determine whether or not the images +# generated for formulas are transparent PNGs. Transparent PNGs are not +# supported properly for IE 6.0, but are supported on all modern browsers. +# +# Note that when changing this option you need to delete any form_*.png files in +# the HTML output directory before the changes have effect. +# The default value is: YES. +# This tag requires that the tag GENERATE_HTML is set to YES. + +FORMULA_TRANSPARENT = YES + +# Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see +# http://www.mathjax.org) which uses client side Javascript for the rendering +# instead of using prerendered bitmaps. Use this if you do not have LaTeX +# installed or if you want to formulas look prettier in the HTML output. When +# enabled you may also need to install MathJax separately and configure the path +# to it using the MATHJAX_RELPATH option. +# The default value is: NO. +# This tag requires that the tag GENERATE_HTML is set to YES. + +USE_MATHJAX = NO + +# When MathJax is enabled you can set the default output format to be used for +# the MathJax output. See the MathJax site (see: +# http://docs.mathjax.org/en/latest/output.html) for more details. +# Possible values are: HTML-CSS (which is slower, but has the best +# compatibility), NativeMML (i.e. MathML) and SVG. +# The default value is: HTML-CSS. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_FORMAT = HTML-CSS + +# When MathJax is enabled you need to specify the location relative to the HTML +# output directory using the MATHJAX_RELPATH option. The destination directory +# should contain the MathJax.js script. For instance, if the mathjax directory +# is located at the same level as the HTML output directory, then +# MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax +# Content Delivery Network so you can quickly see the result without installing +# MathJax. However, it is strongly recommended to install a local copy of +# MathJax from http://www.mathjax.org before deployment. +# The default value is: http://cdn.mathjax.org/mathjax/latest. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest + +# The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax +# extension names that should be enabled during MathJax rendering. For example +# MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_EXTENSIONS = + +# The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces +# of code that will be used on startup of the MathJax code. See the MathJax site +# (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an +# example see the documentation. +# This tag requires that the tag USE_MATHJAX is set to YES. + +MATHJAX_CODEFILE = + +# When the SEARCHENGINE tag is enabled doxygen will generate a search box for +# the HTML output. The underlying search engine uses javascript and DHTML and +# should work on any modern browser. Note that when using HTML help +# (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) +# there is already a search function so this one should typically be disabled. +# For large projects the javascript based search engine can be slow, then +# enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to +# search using the keyboard; to jump to the search box use + S +# (what the is depends on the OS and browser, but it is typically +# , /