diff -Nru lxc-1.1.5/aclocal.m4 lxc-2.0.1/aclocal.m4 --- lxc-1.1.5/aclocal.m4 2015-11-09 16:26:01.000000000 +0000 +++ lxc-2.0.1/aclocal.m4 2016-05-16 20:38:43.000000000 +0000 @@ -1,6 +1,6 @@ -# generated automatically by aclocal 1.14.1 -*- Autoconf -*- +# generated automatically by aclocal 1.15 -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -20,32 +20,63 @@ If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) -# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- -# serial 1 (pkg-config-0.24) -# -# Copyright © 2004 Scott James Remnant . -# -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation; either version 2 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program; if not, write to the Free Software -# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. -# -# As a special exception to the GNU General Public License, if you -# distribute this file as part of a program that contains a -# configuration script generated by Autoconf, you may include it under -# the same distribution terms that you use for the rest of that program. - -# PKG_PROG_PKG_CONFIG([MIN-VERSION]) -# ---------------------------------- +dnl pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- +dnl serial 11 (pkg-config-0.29.1) +dnl +dnl Copyright © 2004 Scott James Remnant . +dnl Copyright © 2012-2015 Dan Nicholson +dnl +dnl This program is free software; you can redistribute it and/or modify +dnl it under the terms of the GNU General Public License as published by +dnl the Free Software Foundation; either version 2 of the License, or +dnl (at your option) any later version. +dnl +dnl This program is distributed in the hope that it will be useful, but +dnl WITHOUT ANY WARRANTY; without even the implied warranty of +dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +dnl General Public License for more details. +dnl +dnl You should have received a copy of the GNU General Public License +dnl along with this program; if not, write to the Free Software +dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA +dnl 02111-1307, USA. +dnl +dnl As a special exception to the GNU General Public License, if you +dnl distribute this file as part of a program that contains a +dnl configuration script generated by Autoconf, you may include it under +dnl the same distribution terms that you use for the rest of that +dnl program. + +dnl PKG_PREREQ(MIN-VERSION) +dnl ----------------------- +dnl Since: 0.29 +dnl +dnl Verify that the version of the pkg-config macros are at least +dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's +dnl installed version of pkg-config, this checks the developer's version +dnl of pkg.m4 when generating configure. +dnl +dnl To ensure that this macro is defined, also add: +dnl m4_ifndef([PKG_PREREQ], +dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) +dnl +dnl See the "Since" comment for each macro you use to see what version +dnl of the macros you require. +m4_defun([PKG_PREREQ], +[m4_define([PKG_MACROS_VERSION], [0.29.1]) +m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, + [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) +])dnl PKG_PREREQ + +dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) +dnl ---------------------------------- +dnl Since: 0.16 +dnl +dnl Search for the pkg-config tool and set the PKG_CONFIG variable to +dnl first found in the path. Checks that the version of pkg-config found +dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is +dnl used since that's the first version where most current features of +dnl pkg-config existed. AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) @@ -67,18 +98,19 @@ PKG_CONFIG="" fi fi[]dnl -])# PKG_PROG_PKG_CONFIG +])dnl PKG_PROG_PKG_CONFIG -# PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) -# -# Check to see whether a particular set of modules exists. Similar -# to PKG_CHECK_MODULES(), but does not set variables or print errors. -# -# Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) -# only at the first occurence in configure.ac, so if the first place -# it's called might be skipped (such as if it is within an "if", you -# have to call PKG_CHECK_EXISTS manually -# -------------------------------------------------------------- +dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------------------------------- +dnl Since: 0.18 +dnl +dnl Check to see whether a particular set of modules exists. Similar to +dnl PKG_CHECK_MODULES(), but does not set variables or print errors. +dnl +dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) +dnl only at the first occurence in configure.ac, so if the first place +dnl it's called might be skipped (such as if it is within an "if", you +dnl have to call PKG_CHECK_EXISTS manually AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ @@ -88,8 +120,10 @@ $3])dnl fi]) -# _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) -# --------------------------------------------- +dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) +dnl --------------------------------------------- +dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting +dnl pkg_failed based on the result. m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" @@ -101,10 +135,11 @@ else pkg_failed=untried fi[]dnl -])# _PKG_CONFIG +])dnl _PKG_CONFIG -# _PKG_SHORT_ERRORS_SUPPORTED -# ----------------------------- +dnl _PKG_SHORT_ERRORS_SUPPORTED +dnl --------------------------- +dnl Internal check to see if pkg-config supports short errors. AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then @@ -112,19 +147,17 @@ else _pkg_short_errors_supported=no fi[]dnl -])# _PKG_SHORT_ERRORS_SUPPORTED +])dnl _PKG_SHORT_ERRORS_SUPPORTED -# PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], -# [ACTION-IF-NOT-FOUND]) -# -# -# Note that if there is a possibility the first call to -# PKG_CHECK_MODULES might not happen, you should be sure to include an -# explicit call to PKG_PROG_PKG_CONFIG in your configure.ac -# -# -# -------------------------------------------------------------- +dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl -------------------------------------------------------------- +dnl Since: 0.4.0 +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES might not happen, you should be sure to include an +dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl @@ -178,9 +211,92 @@ AC_MSG_RESULT([yes]) $3 fi[]dnl -])# PKG_CHECK_MODULES +])dnl PKG_CHECK_MODULES + + +dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], +dnl [ACTION-IF-NOT-FOUND]) +dnl --------------------------------------------------------------------- +dnl Since: 0.29 +dnl +dnl Checks for existence of MODULES and gathers its build flags with +dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags +dnl and VARIABLE-PREFIX_LIBS from --libs. +dnl +dnl Note that if there is a possibility the first call to +dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to +dnl include an explicit call to PKG_PROG_PKG_CONFIG in your +dnl configure.ac. +AC_DEFUN([PKG_CHECK_MODULES_STATIC], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +_save_PKG_CONFIG=$PKG_CONFIG +PKG_CONFIG="$PKG_CONFIG --static" +PKG_CHECK_MODULES($@) +PKG_CONFIG=$_save_PKG_CONFIG[]dnl +])dnl PKG_CHECK_MODULES_STATIC + + +dnl PKG_INSTALLDIR([DIRECTORY]) +dnl ------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable pkgconfigdir as the location where a module +dnl should install pkg-config .pc files. By default the directory is +dnl $libdir/pkgconfig, but the default can be changed by passing +dnl DIRECTORY. The user can override through the --with-pkgconfigdir +dnl parameter. +AC_DEFUN([PKG_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([pkgconfigdir], + [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, + [with_pkgconfigdir=]pkg_default) +AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_INSTALLDIR + + +dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) +dnl -------------------------------- +dnl Since: 0.27 +dnl +dnl Substitutes the variable noarch_pkgconfigdir as the location where a +dnl module should install arch-independent pkg-config .pc files. By +dnl default the directory is $datadir/pkgconfig, but the default can be +dnl changed by passing DIRECTORY. The user can override through the +dnl --with-noarch-pkgconfigdir parameter. +AC_DEFUN([PKG_NOARCH_INSTALLDIR], +[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) +m4_pushdef([pkg_description], + [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) +AC_ARG_WITH([noarch-pkgconfigdir], + [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, + [with_noarch_pkgconfigdir=]pkg_default) +AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) +m4_popdef([pkg_default]) +m4_popdef([pkg_description]) +])dnl PKG_NOARCH_INSTALLDIR + + +dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, +dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) +dnl ------------------------------------------- +dnl Since: 0.28 +dnl +dnl Retrieves the value of the pkg-config variable for the given module. +AC_DEFUN([PKG_CHECK_VAR], +[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl +AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl + +_PKG_CONFIG([$1], [variable="][$3]["], [$2]) +AS_VAR_COPY([$1], [pkg_cv_][$1]) -# Copyright (C) 2002-2013 Free Software Foundation, Inc. +AS_VAR_IF([$1], [""], [$5], [$4])dnl +])dnl PKG_CHECK_VAR + +# Copyright (C) 2002-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -192,10 +308,10 @@ # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], -[am__api_version='1.14' +[am__api_version='1.15' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. -m4_if([$1], [1.14.1], [], +m4_if([$1], [1.15], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) @@ -211,14 +327,14 @@ # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], -[AM_AUTOMAKE_VERSION([1.14.1])dnl +[AM_AUTOMAKE_VERSION([1.15])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -263,15 +379,14 @@ # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], -[dnl Rely on autoconf to set up CDPATH properly. -AC_PREREQ([2.50])dnl -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +[AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_COND_IF -*- Autoconf -*- -# Copyright (C) 2008-2013 Free Software Foundation, Inc. +# Copyright (C) 2008-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -308,7 +423,7 @@ # AM_CONDITIONAL -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -339,7 +454,7 @@ Usually this means the macro was only invoked conditionally.]]) fi])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -530,7 +645,7 @@ # Generate code to set up dependency tracking. -*- Autoconf -*- -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -606,7 +721,7 @@ # Do all the work for Automake. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -696,8 +811,8 @@ # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl @@ -770,7 +885,11 @@ END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi -fi]) +fi +dnl The trailing newline in this macro's definition is deliberate, for +dnl backward compatibility and to allow trailing 'dnl'-style comments +dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. +]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further @@ -799,7 +918,7 @@ done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -810,7 +929,7 @@ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -820,7 +939,7 @@ fi AC_SUBST([install_sh])]) -# Copyright (C) 2003-2013 Free Software Foundation, Inc. +# Copyright (C) 2003-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -841,7 +960,7 @@ # Check to see how 'make' treats includes. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -891,7 +1010,7 @@ # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- -# Copyright (C) 1997-2013 Free Software Foundation, Inc. +# Copyright (C) 1997-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -930,7 +1049,7 @@ # Helper functions for option handling. -*- Autoconf -*- -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -959,7 +1078,7 @@ AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1006,7 +1125,7 @@ # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1241,7 +1360,7 @@ sys.exit(sys.hexversion < minverhex)" AS_IF([AM_RUN_LOG([$1 -c "$prog"])], [$3], [$4])]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1260,7 +1379,7 @@ # Check to make sure that the build environment is sane. -*- Autoconf -*- -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1341,7 +1460,7 @@ rm -f conftest.file ]) -# Copyright (C) 2009-2013 Free Software Foundation, Inc. +# Copyright (C) 2009-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1401,7 +1520,7 @@ _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) -# Copyright (C) 2001-2013 Free Software Foundation, Inc. +# Copyright (C) 2001-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1429,7 +1548,7 @@ INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) -# Copyright (C) 2006-2013 Free Software Foundation, Inc. +# Copyright (C) 2006-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -1448,7 +1567,7 @@ # Check how to create a tarball. -*- Autoconf -*- -# Copyright (C) 2004-2013 Free Software Foundation, Inc. +# Copyright (C) 2004-2014 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, diff -Nru lxc-1.1.5/config/apparmor/abstractions/container-base lxc-2.0.1/config/apparmor/abstractions/container-base --- lxc-1.1.5/config/apparmor/abstractions/container-base 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/apparmor/abstractions/container-base 2016-05-16 20:38:39.000000000 +0000 @@ -57,11 +57,19 @@ mount fstype=mqueue, # allow fuse mounts everywhere + mount fstype=fuse, mount fstype=fuse.*, # allow bind mount of /lib/init/fstab for lxcguest mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, + # allow bind mounts of /run/{,lock} to /var/run/{,lock} + mount options=(rw, bind) /run/ -> /var/run/, + mount options=(rw, bind) /run/lock/ -> /var/lock/, + + # deny access under /proc/bus to avoid e.g. messing with pci devices directly + deny @{PROC}/bus/** wklx, + # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, deny @{PROC}/sys/fs/** wklx, @@ -83,9 +91,14 @@ deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, mount fstype=proc -> /proc/, mount fstype=sysfs -> /sys/, + mount options=(rw, nosuid, nodev, noexec, remount) -> /sys/, deny /sys/firmware/efi/efivars/** rwklx, deny /sys/kernel/security/** rwklx, mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, + mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/, + + # deny reads from debugfs + deny /sys/kernel/debug/{,**} rwklx, # generated by: lxc-generate-aa-rules.py container-rules.base deny /proc/sys/[^kn]*{,/**} wklx, diff -Nru lxc-1.1.5/config/apparmor/abstractions/container-base.in lxc-2.0.1/config/apparmor/abstractions/container-base.in --- lxc-1.1.5/config/apparmor/abstractions/container-base.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/apparmor/abstractions/container-base.in 2016-05-16 20:38:39.000000000 +0000 @@ -57,11 +57,19 @@ mount fstype=mqueue, # allow fuse mounts everywhere + mount fstype=fuse, mount fstype=fuse.*, # allow bind mount of /lib/init/fstab for lxcguest mount options=(rw, bind) /lib/init/fstab.lxc/ -> /lib/init/fstab/, + # allow bind mounts of /run/{,lock} to /var/run/{,lock} + mount options=(rw, bind) /run/ -> /var/run/, + mount options=(rw, bind) /run/lock/ -> /var/lock/, + + # deny access under /proc/bus to avoid e.g. messing with pci devices directly + deny @{PROC}/bus/** wklx, + # deny writes in /proc/sys/fs but allow binfmt_misc to be mounted mount fstype=binfmt_misc -> /proc/sys/fs/binfmt_misc/, deny @{PROC}/sys/fs/** wklx, @@ -83,7 +91,12 @@ deny mount fstype=debugfs -> /var/lib/ureadahead/debugfs/, mount fstype=proc -> /proc/, mount fstype=sysfs -> /sys/, + mount options=(rw, nosuid, nodev, noexec, remount) -> /sys/, deny /sys/firmware/efi/efivars/** rwklx, deny /sys/kernel/security/** rwklx, mount options=(move) /sys/fs/cgroup/cgmanager/ -> /sys/fs/cgroup/cgmanager.lower/, + mount options=(ro, nosuid, nodev, noexec, remount, strictatime) -> /sys/fs/cgroup/, + + # deny reads from debugfs + deny /sys/kernel/debug/{,**} rwklx, diff -Nru lxc-1.1.5/config/apparmor/lxc-generate-aa-rules.py lxc-2.0.1/config/apparmor/lxc-generate-aa-rules.py --- lxc-1.1.5/config/apparmor/lxc-generate-aa-rules.py 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/apparmor/lxc-generate-aa-rules.py 2016-05-16 20:38:39.000000000 +0000 @@ -1,4 +1,4 @@ -#!/usr/bin/python3 +#!/usr/bin/env python3 import sys diff -Nru lxc-1.1.5/config/apparmor/Makefile.am lxc-2.0.1/config/apparmor/Makefile.am --- lxc-1.1.5/config/apparmor/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/apparmor/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -7,6 +7,7 @@ lxc-containers \ lxc-generate-aa-rules.py \ profiles/lxc-default \ + profiles/lxc-default-cgns \ profiles/lxc-default-with-mounting \ profiles/lxc-default-with-nesting \ usr.bin.lxc-start @@ -17,19 +18,21 @@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ - $(INSTALL_DATA) abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ - $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ - $(INSTALL_DATA) profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ - $(INSTALL_DATA) profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ - $(INSTALL_DATA) profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ - $(INSTALL_DATA) lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ - $(INSTALL_DATA) usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ + $(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ + $(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ + $(INSTALL_DATA) $(srcdir)/lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ + $(INSTALL_DATA) $(srcdir)/usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ uninstall-apparmor: rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.bin.lxc-start rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc-containers rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-nesting rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-mounting + rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-cgns rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/start-container rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/container-base diff -Nru lxc-1.1.5/config/apparmor/Makefile.in lxc-2.0.1/config/apparmor/Makefile.in --- lxc-1.1.5/config/apparmor/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/apparmor/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,12 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/apparmor -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -108,6 +118,7 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -160,6 +171,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -173,6 +185,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -264,6 +277,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -281,6 +295,7 @@ lxc-containers \ lxc-generate-aa-rules.py \ profiles/lxc-default \ + profiles/lxc-default-cgns \ profiles/lxc-default-with-mounting \ profiles/lxc-default-with-nesting \ usr.bin.lxc-start @@ -300,7 +315,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/apparmor/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/apparmor/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -470,24 +484,28 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local +.PRECIOUS: Makefile + @ENABLE_APPARMOR_TRUE@install-apparmor: @ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/ @ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ @ENABLE_APPARMOR_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ -@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/abstractions/container-base $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/abstractions/start-container $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/profiles/lxc-default $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-cgns $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-mounting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/profiles/lxc-default-with-nesting $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/lxc-containers $(DESTDIR)$(sysconfdir)/apparmor.d/ +@ENABLE_APPARMOR_TRUE@ $(INSTALL_DATA) $(srcdir)/usr.bin.lxc-start $(DESTDIR)$(sysconfdir)/apparmor.d/ @ENABLE_APPARMOR_TRUE@uninstall-apparmor: @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/usr.bin.lxc-start @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc-containers @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-nesting @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-with-mounting +@ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default-cgns @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/lxc/lxc-default @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/start-container @ENABLE_APPARMOR_TRUE@ rm -f $(DESTDIR)$(sysconfdir)/apparmor.d/abstractions/lxc/container-base diff -Nru lxc-1.1.5/config/apparmor/profiles/lxc-default-cgns lxc-2.0.1/config/apparmor/profiles/lxc-default-cgns --- lxc-1.1.5/config/apparmor/profiles/lxc-default-cgns 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/apparmor/profiles/lxc-default-cgns 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,12 @@ +# Do not load this file. Rather, load /etc/apparmor.d/lxc-containers, which +# will source all profiles under /etc/apparmor.d/lxc + +profile lxc-container-default-cgns flags=(attach_disconnected,mediate_deleted) { + #include + + # the container may never be allowed to mount devpts. If it does, it + # will remount the host's devpts. We could allow it to do it with + # the newinstance option (but, right now, we don't). + deny mount fstype=devpts, + mount fstype=cgroup -> /sys/fs/cgroup/**, +} diff -Nru lxc-1.1.5/config/apparmor/profiles/lxc-default-with-nesting lxc-2.0.1/config/apparmor/profiles/lxc-default-with-nesting --- lxc-1.1.5/config/apparmor/profiles/lxc-default-with-nesting 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/apparmor/profiles/lxc-default-with-nesting 2016-05-16 20:38:39.000000000 +0000 @@ -5,12 +5,10 @@ #include #include -# Uncomment the line below if you are not using cgmanager -# mount fstype=cgroup -> /sys/fs/cgroup/**, - deny /dev/.lxc/proc/** rw, deny /dev/.lxc/sys/** rw, mount fstype=proc -> /var/cache/lxc/**, mount fstype=sysfs -> /var/cache/lxc/**, mount options=(rw,bind), + mount fstype=cgroup -> /sys/fs/cgroup/**, } diff -Nru lxc-1.1.5/config/bash/lxc lxc-2.0.1/config/bash/lxc --- lxc-1.1.5/config/bash/lxc 2015-11-09 16:26:20.000000000 +0000 +++ lxc-2.0.1/config/bash/lxc 2016-05-16 20:38:51.000000000 +0000 @@ -1,4 +1,4 @@ -have lxc-start && { +_have lxc-start && { _lxc_names() { COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) ) } @@ -98,6 +98,6 @@ complete -o default -F _lxc_generic_t lxc-create - complete -o default -F _lxc_generic_o lxc-clone + complete -o default -F _lxc_generic_o lxc-copy complete -o default -F _lxc_generic_o lxc-start-ephemeral } diff -Nru lxc-1.1.5/config/bash/lxc.in lxc-2.0.1/config/bash/lxc.in --- lxc-1.1.5/config/bash/lxc.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/bash/lxc.in 2016-05-16 20:38:39.000000000 +0000 @@ -1,4 +1,4 @@ -have lxc-start && { +_have lxc-start && { _lxc_names() { COMPREPLY=( $( compgen -W "$( lxc-ls )" "$cur" ) ) } @@ -98,6 +98,6 @@ complete -o default -F _lxc_generic_t lxc-create - complete -o default -F _lxc_generic_o lxc-clone + complete -o default -F _lxc_generic_o lxc-copy complete -o default -F _lxc_generic_o lxc-start-ephemeral } diff -Nru lxc-1.1.5/config/bash/Makefile.in lxc-2.0.1/config/bash/Makefile.in --- lxc-1.1.5/config/bash/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/bash/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,13 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/bash -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc @@ -109,6 +118,7 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -161,6 +171,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -174,6 +185,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -265,6 +277,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -289,7 +302,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/bash/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/bash/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -380,8 +392,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@ENABLE_BASH_FALSE@uninstall-local: @ENABLE_BASH_FALSE@install-data-local: +@ENABLE_BASH_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic mostlyclean-am @@ -461,6 +473,8 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local +.PRECIOUS: Makefile + @ENABLE_BASH_TRUE@install-bash: @ENABLE_BASH_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/bash_completion.d/ diff -Nru lxc-1.1.5/config/compile lxc-2.0.1/config/compile --- lxc-1.1.5/config/compile 2015-11-09 16:26:02.000000000 +0000 +++ lxc-2.0.1/config/compile 2016-05-16 20:38:44.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2012-10-14.11; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # Written by Tom Tromey . # # This program is free software; you can redistribute it and/or modify diff -Nru lxc-1.1.5/config/config.guess lxc-2.0.1/config/config.guess --- lxc-1.1.5/config/config.guess 2015-11-09 16:26:02.000000000 +0000 +++ lxc-2.0.1/config/config.guess 2016-05-16 20:38:44.000000000 +0000 @@ -1,8 +1,8 @@ #! /bin/sh # Attempt to guess a canonical system name. -# Copyright 1992-2013 Free Software Foundation, Inc. +# Copyright 1992-2015 Free Software Foundation, Inc. -timestamp='2013-06-10' +timestamp='2015-08-20' # This file is free software; you can redistribute it and/or modify it # under the terms of the GNU General Public License as published by @@ -24,12 +24,12 @@ # program. This Exception is an additional permission under section 7 # of the GNU General Public License, version 3 ("GPLv3"). # -# Originally written by Per Bothner. +# Originally written by Per Bothner; maintained since 2000 by Ben Elliston. # # You can get the latest version of this script from: # http://git.savannah.gnu.org/gitweb/?p=config.git;a=blob_plain;f=config.guess;hb=HEAD # -# Please send patches with a ChangeLog entry to config-patches@gnu.org. +# Please send patches to . me=`echo "$0" | sed -e 's,.*/,,'` @@ -50,7 +50,7 @@ GNU config.guess ($timestamp) Originally written by Per Bothner. -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -149,7 +149,7 @@ LIBC=gnu #endif EOF - eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC'` + eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'` ;; esac @@ -168,20 +168,27 @@ # Note: NetBSD doesn't particularly care about the vendor # portion of the name. We always set it to "unknown". sysctl="sysctl -n hw.machine_arch" - UNAME_MACHINE_ARCH=`(/sbin/$sysctl 2>/dev/null || \ - /usr/sbin/$sysctl 2>/dev/null || echo unknown)` + UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \ + /sbin/$sysctl 2>/dev/null || \ + /usr/sbin/$sysctl 2>/dev/null || \ + echo unknown)` case "${UNAME_MACHINE_ARCH}" in armeb) machine=armeb-unknown ;; arm*) machine=arm-unknown ;; sh3el) machine=shl-unknown ;; sh3eb) machine=sh-unknown ;; sh5el) machine=sh5le-unknown ;; + earmv*) + arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'` + endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'` + machine=${arch}${endian}-unknown + ;; *) machine=${UNAME_MACHINE_ARCH}-unknown ;; esac # The Operating System including object format, if it has switched # to ELF recently, or will in the future. case "${UNAME_MACHINE_ARCH}" in - arm*|i386|m68k|ns32k|sh3*|sparc|vax) + arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax) eval $set_cc_for_build if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \ | grep -q __ELF__ @@ -197,6 +204,13 @@ os=netbsd ;; esac + # Determine ABI tags. + case "${UNAME_MACHINE_ARCH}" in + earm*) + expr='s/^earmv[0-9]/-eabi/;s/eb$//' + abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"` + ;; + esac # The OS release # Debian GNU/NetBSD machines have a different userland, and # thus, need a distinct triplet. However, they do not need @@ -207,13 +221,13 @@ release='-gnu' ;; *) - release=`echo ${UNAME_RELEASE}|sed -e 's/[-_].*/\./'` + release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2` ;; esac # Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM: # contains redundant information, the shorter form: # CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used. - echo "${machine}-${os}${release}" + echo "${machine}-${os}${release}${abi}" exit ;; *:Bitrig:*:*) UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'` @@ -235,6 +249,9 @@ *:MirBSD:*:*) echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE} exit ;; + *:Sortix:*:*) + echo ${UNAME_MACHINE}-unknown-sortix + exit ;; alpha:OSF1:*:*) case $UNAME_RELEASE in *4.0) @@ -579,8 +596,9 @@ else IBM_ARCH=powerpc fi - if [ -x /usr/bin/oslevel ] ; then - IBM_REV=`/usr/bin/oslevel` + if [ -x /usr/bin/lslpp ] ; then + IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc | + awk -F: '{ print $3 }' | sed s/[0-9]*$/0/` else IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE} fi @@ -826,7 +844,7 @@ *:MINGW*:*) echo ${UNAME_MACHINE}-pc-mingw32 exit ;; - i*:MSYS*:*) + *:MSYS*:*) echo ${UNAME_MACHINE}-pc-msys exit ;; i*:windows32*:*) @@ -932,6 +950,9 @@ crisv32:Linux:*:*) echo ${UNAME_MACHINE}-axis-linux-${LIBC} exit ;; + e2k:Linux:*:*) + echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + exit ;; frv:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; @@ -969,10 +990,10 @@ eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'` test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; } ;; - or1k:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + openrisc*:Linux:*:*) + echo or1k-unknown-linux-${LIBC} exit ;; - or32:Linux:*:*) + or32:Linux:*:* | or1k*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} exit ;; padre:Linux:*:*) @@ -1020,7 +1041,7 @@ echo ${UNAME_MACHINE}-dec-linux-${LIBC} exit ;; x86_64:Linux:*:*) - echo ${UNAME_MACHINE}-unknown-linux-${LIBC} + echo ${UNAME_MACHINE}-pc-linux-${LIBC} exit ;; xtensa*:Linux:*:*) echo ${UNAME_MACHINE}-unknown-linux-${LIBC} @@ -1260,16 +1281,26 @@ if test "$UNAME_PROCESSOR" = unknown ; then UNAME_PROCESSOR=powerpc fi - if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then - if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ - (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ - grep IS_64BIT_ARCH >/dev/null - then - case $UNAME_PROCESSOR in - i386) UNAME_PROCESSOR=x86_64 ;; - powerpc) UNAME_PROCESSOR=powerpc64 ;; - esac + if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then + if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then + if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \ + (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \ + grep IS_64BIT_ARCH >/dev/null + then + case $UNAME_PROCESSOR in + i386) UNAME_PROCESSOR=x86_64 ;; + powerpc) UNAME_PROCESSOR=powerpc64 ;; + esac + fi fi + elif test "$UNAME_PROCESSOR" = i386 ; then + # Avoid executing cc on OS X 10.9, as it ships with a stub + # that puts up a graphical alert prompting to install + # developer tools. Any system running Mac OS X 10.7 or + # later (Darwin 11 and later) is required to have a 64-bit + # processor. This is not true of the ARM version of Darwin + # that Apple uses in portable devices. + UNAME_PROCESSOR=x86_64 fi echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE} exit ;; @@ -1361,154 +1392,6 @@ exit ;; esac -eval $set_cc_for_build -cat >$dummy.c < -# include -#endif -main () -{ -#if defined (sony) -#if defined (MIPSEB) - /* BFD wants "bsd" instead of "newsos". Perhaps BFD should be changed, - I don't know.... */ - printf ("mips-sony-bsd\n"); exit (0); -#else -#include - printf ("m68k-sony-newsos%s\n", -#ifdef NEWSOS4 - "4" -#else - "" -#endif - ); exit (0); -#endif -#endif - -#if defined (__arm) && defined (__acorn) && defined (__unix) - printf ("arm-acorn-riscix\n"); exit (0); -#endif - -#if defined (hp300) && !defined (hpux) - printf ("m68k-hp-bsd\n"); exit (0); -#endif - -#if defined (NeXT) -#if !defined (__ARCHITECTURE__) -#define __ARCHITECTURE__ "m68k" -#endif - int version; - version=`(hostinfo | sed -n 's/.*NeXT Mach \([0-9]*\).*/\1/p') 2>/dev/null`; - if (version < 4) - printf ("%s-next-nextstep%d\n", __ARCHITECTURE__, version); - else - printf ("%s-next-openstep%d\n", __ARCHITECTURE__, version); - exit (0); -#endif - -#if defined (MULTIMAX) || defined (n16) -#if defined (UMAXV) - printf ("ns32k-encore-sysv\n"); exit (0); -#else -#if defined (CMU) - printf ("ns32k-encore-mach\n"); exit (0); -#else - printf ("ns32k-encore-bsd\n"); exit (0); -#endif -#endif -#endif - -#if defined (__386BSD__) - printf ("i386-pc-bsd\n"); exit (0); -#endif - -#if defined (sequent) -#if defined (i386) - printf ("i386-sequent-dynix\n"); exit (0); -#endif -#if defined (ns32000) - printf ("ns32k-sequent-dynix\n"); exit (0); -#endif -#endif - -#if defined (_SEQUENT_) - struct utsname un; - - uname(&un); - - if (strncmp(un.version, "V2", 2) == 0) { - printf ("i386-sequent-ptx2\n"); exit (0); - } - if (strncmp(un.version, "V1", 2) == 0) { /* XXX is V1 correct? */ - printf ("i386-sequent-ptx1\n"); exit (0); - } - printf ("i386-sequent-ptx\n"); exit (0); - -#endif - -#if defined (vax) -# if !defined (ultrix) -# include -# if defined (BSD) -# if BSD == 43 - printf ("vax-dec-bsd4.3\n"); exit (0); -# else -# if BSD == 199006 - printf ("vax-dec-bsd4.3reno\n"); exit (0); -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# endif -# else - printf ("vax-dec-bsd\n"); exit (0); -# endif -# else - printf ("vax-dec-ultrix\n"); exit (0); -# endif -#endif - -#if defined (alliant) && defined (i860) - printf ("i860-alliant-bsd\n"); exit (0); -#endif - - exit (1); -} -EOF - -$CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null && SYSTEM_NAME=`$dummy` && - { echo "$SYSTEM_NAME"; exit; } - -# Apollos put the system type in the environment. - -test -d /usr/apollo && { echo ${ISP}-apollo-${SYSTYPE}; exit; } - -# Convex versions that predate uname can use getsysinfo(1) - -if [ -x /usr/convex/getsysinfo ] -then - case `getsysinfo -f cpu_type` in - c1*) - echo c1-convex-bsd - exit ;; - c2*) - if getsysinfo -f scalar_acc - then echo c32-convex-bsd - else echo c2-convex-bsd - fi - exit ;; - c34*) - echo c34-convex-bsd - exit ;; - c38*) - echo c38-convex-bsd - exit ;; - c4*) - echo c4-convex-bsd - exit ;; - esac -fi - cat >&2 <. # # Configuration subroutine to validate and canonicalize a configuration type. # Supply the specified configuration type as an argument. @@ -68,7 +68,7 @@ version="\ GNU config.sub ($timestamp) -Copyright 1992-2013 Free Software Foundation, Inc. +Copyright 1992-2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE." @@ -117,7 +117,7 @@ case $maybe_os in nto-qnx* | linux-gnu* | linux-android* | linux-dietlibc | linux-newlib* | \ linux-musl* | linux-uclibc* | uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | \ - knetbsd*-gnu* | netbsd*-gnu* | \ + knetbsd*-gnu* | netbsd*-gnu* | netbsd*-eabi* | \ kopensolaris*-gnu* | \ storm-chaos* | os2-emx* | rtmk-nova*) os=-$maybe_os @@ -255,16 +255,18 @@ | arc | arceb \ | arm | arm[bl]e | arme[lb] | armv[2-8] | armv[3-8][lb] | armv7[arm] \ | avr | avr32 \ + | ba \ | be32 | be64 \ | bfin \ | c4x | c8051 | clipper \ | d10v | d30v | dlx | dsp16xx \ - | epiphany \ - | fido | fr30 | frv \ + | e2k | epiphany \ + | fido | fr30 | frv | ft32 \ | h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \ | hexagon \ | i370 | i860 | i960 | ia64 \ | ip2k | iq2000 \ + | k1om \ | le32 | le64 \ | lm32 \ | m32c | m32r | m32rle | m68000 | m68k | m88k \ @@ -282,8 +284,10 @@ | mips64vr5900 | mips64vr5900el \ | mipsisa32 | mipsisa32el \ | mipsisa32r2 | mipsisa32r2el \ + | mipsisa32r6 | mipsisa32r6el \ | mipsisa64 | mipsisa64el \ | mipsisa64r2 | mipsisa64r2el \ + | mipsisa64r6 | mipsisa64r6el \ | mipsisa64sb1 | mipsisa64sb1el \ | mipsisa64sr71k | mipsisa64sr71kel \ | mipsr5900 | mipsr5900el \ @@ -295,14 +299,14 @@ | nds32 | nds32le | nds32be \ | nios | nios2 | nios2eb | nios2el \ | ns16k | ns32k \ - | open8 \ - | or1k | or32 \ + | open8 | or1k | or1knd | or32 \ | pdp10 | pdp11 | pj | pjl \ | powerpc | powerpc64 | powerpc64le | powerpcle \ | pyramid \ + | riscv32 | riscv64 \ | rl78 | rx \ | score \ - | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ + | sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[234]eb | sheb | shbe | shle | sh[1234]le | sh3ele \ | sh64 | sh64le \ | sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \ | sparcv8 | sparcv9 | sparcv9b | sparcv9v \ @@ -310,6 +314,7 @@ | tahoe | tic4x | tic54x | tic55x | tic6x | tic80 | tron \ | ubicom32 \ | v850 | v850e | v850e1 | v850e2 | v850es | v850e2v3 \ + | visium \ | we32k \ | x86 | xc16x | xstormy16 | xtensa \ | z8k | z80) @@ -324,7 +329,10 @@ c6x) basic_machine=tic6x-unknown ;; - m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | picochip) + leon|leon[3-9]) + basic_machine=sparc-$basic_machine + ;; + m6811 | m68hc11 | m6812 | m68hc12 | m68hcs12x | nvptx | picochip) basic_machine=$basic_machine-unknown os=-none ;; @@ -369,18 +377,20 @@ | alphapca5[67]-* | alpha64pca5[67]-* | arc-* | arceb-* \ | arm-* | armbe-* | armle-* | armeb-* | armv*-* \ | avr-* | avr32-* \ + | ba-* \ | be32-* | be64-* \ | bfin-* | bs2000-* \ | c[123]* | c30-* | [cjt]90-* | c4x-* \ | c8051-* | clipper-* | craynv-* | cydra-* \ | d10v-* | d30v-* | dlx-* \ - | elxsi-* \ + | e2k-* | elxsi-* \ | f30[01]-* | f700-* | fido-* | fr30-* | frv-* | fx80-* \ | h8300-* | h8500-* \ | hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \ | hexagon-* \ | i*86-* | i860-* | i960-* | ia64-* \ | ip2k-* | iq2000-* \ + | k1om-* \ | le32-* | le64-* \ | lm32-* \ | m32c-* | m32r-* | m32rle-* \ @@ -400,8 +410,10 @@ | mips64vr5900-* | mips64vr5900el-* \ | mipsisa32-* | mipsisa32el-* \ | mipsisa32r2-* | mipsisa32r2el-* \ + | mipsisa32r6-* | mipsisa32r6el-* \ | mipsisa64-* | mipsisa64el-* \ | mipsisa64r2-* | mipsisa64r2el-* \ + | mipsisa64r6-* | mipsisa64r6el-* \ | mipsisa64sb1-* | mipsisa64sb1el-* \ | mipsisa64sr71k-* | mipsisa64sr71kel-* \ | mipsr5900-* | mipsr5900el-* \ @@ -413,16 +425,18 @@ | nios-* | nios2-* | nios2eb-* | nios2el-* \ | none-* | np1-* | ns16k-* | ns32k-* \ | open8-* \ + | or1k*-* \ | orion-* \ | pdp10-* | pdp11-* | pj-* | pjl-* | pn-* | power-* \ | powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* \ | pyramid-* \ + | riscv32-* | riscv64-* \ | rl78-* | romp-* | rs6000-* | rx-* \ | sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \ | shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \ | sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \ | sparclite-* \ - | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx?-* \ + | sparcv8-* | sparcv9-* | sparcv9b-* | sparcv9v-* | sv1-* | sx*-* \ | tahoe-* \ | tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \ | tile*-* \ @@ -430,6 +444,7 @@ | ubicom32-* \ | v850-* | v850e-* | v850e1-* | v850es-* | v850e2-* | v850e2v3-* \ | vax-* \ + | visium-* \ | we32k-* \ | x86-* | x86_64-* | xc16x-* | xps100-* \ | xstormy16-* | xtensa*-* \ @@ -506,6 +521,9 @@ basic_machine=i386-pc os=-aros ;; + asmjs) + basic_machine=asmjs-unknown + ;; aux) basic_machine=m68k-apple os=-aux @@ -767,6 +785,9 @@ basic_machine=m68k-isi os=-sysv ;; + leon-*|leon[3-9]-*) + basic_machine=sparc-`echo $basic_machine | sed 's/-.*//'` + ;; m68knommu) basic_machine=m68k-unknown os=-linux @@ -822,6 +843,10 @@ basic_machine=powerpc-unknown os=-morphos ;; + moxiebox) + basic_machine=moxie-unknown + os=-moxiebox + ;; msdos) basic_machine=i386-pc os=-msdos @@ -1354,7 +1379,7 @@ | -hpux* | -unos* | -osf* | -luna* | -dgux* | -auroraux* | -solaris* \ | -sym* | -kopensolaris* | -plan9* \ | -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \ - | -aos* | -aros* \ + | -aos* | -aros* | -cloudabi* | -sortix* \ | -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \ | -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \ | -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \ @@ -1367,14 +1392,14 @@ | -cygwin* | -msys* | -pe* | -psos* | -moss* | -proelf* | -rtems* \ | -mingw32* | -mingw64* | -linux-gnu* | -linux-android* \ | -linux-newlib* | -linux-musl* | -linux-uclibc* \ - | -uxpv* | -beos* | -mpeix* | -udk* \ + | -uxpv* | -beos* | -mpeix* | -udk* | -moxiebox* \ | -interix* | -uwin* | -mks* | -rhapsody* | -darwin* | -opened* \ | -openstep* | -oskit* | -conix* | -pw32* | -nonstopux* \ | -storm-chaos* | -tops10* | -tenex* | -tops20* | -its* \ | -os2* | -vos* | -palmos* | -uclinux* | -nucleus* \ | -morphos* | -superux* | -rtmk* | -rtmk-nova* | -windiss* \ | -powermax* | -dnix* | -nx6 | -nx7 | -sei* | -dragonfly* \ - | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es*) + | -skyos* | -haiku* | -rdos* | -toppers* | -drops* | -es* | -tirtos*) # Remember, each alternative MUST END IN *, to match a version number. ;; -qnx*) @@ -1592,9 +1617,6 @@ mips*-*) os=-elf ;; - or1k-*) - os=-elf - ;; or32-*) os=-coff ;; diff -Nru lxc-1.1.5/config/depcomp lxc-2.0.1/config/depcomp --- lxc-1.1.5/config/depcomp 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/depcomp 2016-05-16 20:38:45.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2013-05-30.07; # UTC -# Copyright (C) 1999-2013 Free Software Foundation, Inc. +# Copyright (C) 1999-2014 Free Software Foundation, Inc. # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by diff -Nru lxc-1.1.5/config/etc/Makefile.in lxc-2.0.1/config/etc/Makefile.in --- lxc-1.1.5/config/etc/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/etc/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,12 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/etc -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = default.conf @@ -138,6 +148,7 @@ am__installdirs = "$(DESTDIR)$(configdir)" DATA = $(config_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -190,6 +201,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -203,6 +215,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -294,6 +307,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -320,7 +334,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/etc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/etc/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -513,6 +526,8 @@ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-configDATA +.PRECIOUS: Makefile + distclean-local: @$(RM) -f default.conf diff -Nru lxc-1.1.5/config/init/common/lxc-devsetup lxc-2.0.1/config/init/common/lxc-devsetup --- lxc-1.1.5/config/init/common/lxc-devsetup 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/init/common/lxc-devsetup 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,25 @@ +#!/bin/sh - + +# lxc.devsetup - Setup host /dev for container /dev subdirectories. + +if [ ! -d /dev/.lxc ] +then + echo "Creating /dev/.lxc" + mkdir /dev/.lxc + chmod 755 /dev/.lxc +fi + +if grep -q "/dev devtmpfs " /proc/self/mounts +then + echo "/dev is devtmpfs" +else + echo "/dev is not devtmpfs - mounting tmpfs on .lxc" + mount -t tmpfs tmpfs /dev/.lxc +fi + +if [ ! -d /dev/.lxc/user ] +then + echo "Creating /dev/.lxc/user" + mkdir /dev/.lxc/user + chmod 1777 /dev/.lxc/user +fi diff -Nru lxc-1.1.5/config/init/common/lxc-net.in lxc-2.0.1/config/init/common/lxc-net.in --- lxc-1.1.5/config/init/common/lxc-net.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/common/lxc-net.in 2016-05-16 20:38:39.000000000 +0000 @@ -124,7 +124,13 @@ fi done - dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override --except-interface=lo --interface=${LXC_BRIDGE} --dhcp-leasefile="${varlib}"/misc/dnsmasq.${LXC_BRIDGE}.leases --dhcp-authoritative $LXC_IPV6_ARG || cleanup + dnsmasq $LXC_DHCP_CONFILE_ARG $LXC_DOMAIN_ARG -u ${DNSMASQ_USER} \ + --strict-order --bind-interfaces --pid-file="${varrun}"/dnsmasq.pid \ + --listen-address ${LXC_ADDR} --dhcp-range ${LXC_DHCP_RANGE} \ + --dhcp-lease-max=${LXC_DHCP_MAX} --dhcp-no-override \ + --except-interface=lo --interface=${LXC_BRIDGE} \ + --dhcp-leasefile="${varlib}"/misc/dnsmasq.${LXC_BRIDGE}.leases \ + --dhcp-authoritative $LXC_IPV6_ARG || cleanup touch "${varrun}"/network_up FAILED=0 diff -Nru lxc-1.1.5/config/init/common/Makefile.am lxc-2.0.1/config/init/common/Makefile.am --- lxc-1.1.5/config/init/common/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/common/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -1,2 +1,2 @@ -EXTRA_DIST = lxc-containers.in lxc-net.in -pkglibexec_SCRIPTS = lxc-containers lxc-net +EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup +pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup diff -Nru lxc-1.1.5/config/init/common/Makefile.in lxc-2.0.1/config/init/common/Makefile.in --- lxc-1.1.5/config/init/common/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/init/common/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,13 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/init/common -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-containers.in $(srcdir)/lxc-net.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-containers lxc-net @@ -139,6 +148,8 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-containers.in \ + $(srcdir)/lxc-net.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -191,6 +202,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -204,6 +216,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -295,6 +308,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -303,8 +317,8 @@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ -EXTRA_DIST = lxc-containers.in lxc-net.in -pkglibexec_SCRIPTS = lxc-containers lxc-net +EXTRA_DIST = lxc-containers.in lxc-net.in lxc-devsetup +pkglibexec_SCRIPTS = lxc-containers lxc-net lxc-devsetup all: all-am .SUFFIXES: @@ -320,7 +334,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/common/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/init/common/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -531,6 +544,8 @@ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am uninstall-pkglibexecSCRIPTS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/init/Makefile.in lxc-2.0.1/config/init/Makefile.in --- lxc-1.1.5/config/init/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/init/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,12 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/init -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -143,6 +153,7 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -220,6 +231,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -233,6 +245,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -324,6 +337,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -348,7 +362,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/init/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -636,6 +649,8 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/init/systemd/lxc-devsetup lxc-2.0.1/config/init/systemd/lxc-devsetup --- lxc-1.1.5/config/init/systemd/lxc-devsetup 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/systemd/lxc-devsetup 1970-01-01 00:00:00.000000000 +0000 @@ -1,25 +0,0 @@ -#!/bin/sh - - -# lxc.devsetup - Setup host /dev for container /dev subdirectories. - -if [ ! -d /dev/.lxc ] -then - echo "Creating /dev/.lxc" - mkdir /dev/.lxc - chmod 755 /dev/.lxc -fi - -if grep -q "/dev devtmpfs " /proc/self/mounts -then - echo "/dev is devtmpfs" -else - echo "/dev is not devtmpfs - mounting tmpfs on .lxc" - mount -t tmpfs tmpfs /dev/.lxc -fi - -if [ ! -d /dev/.lxc/user ] -then - echo "Creating /dev/.lxc/user" - mkdir /dev/.lxc/user - chmod 1777 /dev/.lxc/user -fi diff -Nru lxc-1.1.5/config/init/systemd/lxc.service.in lxc-2.0.1/config/init/systemd/lxc.service.in --- lxc-1.1.5/config/init/systemd/lxc.service.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/systemd/lxc.service.in 2016-05-16 20:38:39.000000000 +0000 @@ -1,6 +1,6 @@ [Unit] Description=LXC Container Initialization and Autoboot Code -After=syslog.target network.target lxc-net.service +After=network.target lxc-net.service Wants=lxc-net.service [Service] diff -Nru lxc-1.1.5/config/init/systemd/lxc@.service.in lxc-2.0.1/config/init/systemd/lxc@.service.in --- lxc-1.1.5/config/init/systemd/lxc@.service.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/init/systemd/lxc@.service.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,20 @@ +[Unit] +Description=LXC Container: %i +# This pulls in apparmor, dev-setup, lxc-net +After=lxc.service +Wants=lxc.service + +[Service] +Type=simple +KillMode=mixed +KillSignal=SIGPWR +TimeoutStopSec=120s +ExecStart=@BINDIR@/lxc-start -n %i +# Environment=BOOTUP=serial +# Environment=CONSOLETYPE=serial +Delegate=yes +StandardOutput=syslog +StandardError=syslog + +[Install] +WantedBy=multi-user.target diff -Nru lxc-1.1.5/config/init/systemd/Makefile.am lxc-2.0.1/config/init/systemd/Makefile.am --- lxc-1.1.5/config/init/systemd/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/systemd/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -1,22 +1,23 @@ EXTRA_DIST = \ - lxc-devsetup \ lxc-apparmor-load \ lxc.service.in \ + lxc@.service.in \ lxc-net.service.in if INIT_SCRIPT_SYSTEMD -BUILT_SOURCES = lxc.service lxc-net.service +BUILT_SOURCES = lxc.service lxc@.service lxc-net.service -install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load +install-systemd: lxc.service lxc@.service lxc-net.service lxc-apparmor-load $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) - $(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ + $(INSTALL_DATA) lxc.service lxc@.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ uninstall-systemd: rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service + rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc@.service rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : -pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load +pkglibexec_SCRIPTS = lxc-apparmor-load install-data-local: install-systemd uninstall-local: uninstall-systemd diff -Nru lxc-1.1.5/config/init/systemd/Makefile.in lxc-2.0.1/config/init/systemd/Makefile.in --- lxc-1.1.5/config/init/systemd/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/init/systemd/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,16 +89,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/init/systemd -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc.service.in $(srcdir)/lxc-net.service.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h -CONFIG_CLEAN_FILES = lxc.service lxc-net.service +CONFIG_CLEAN_FILES = lxc.service lxc@.service lxc-net.service CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -139,6 +148,8 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-net.service.in \ + $(srcdir)/lxc.service.in $(srcdir)/lxc@.service.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -191,6 +202,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -204,6 +216,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -295,6 +308,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -304,13 +318,13 @@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = \ - lxc-devsetup \ lxc-apparmor-load \ lxc.service.in \ + lxc@.service.in \ lxc-net.service.in -@INIT_SCRIPT_SYSTEMD_TRUE@BUILT_SOURCES = lxc.service lxc-net.service -@INIT_SCRIPT_SYSTEMD_TRUE@pkglibexec_SCRIPTS = lxc-devsetup lxc-apparmor-load +@INIT_SCRIPT_SYSTEMD_TRUE@BUILT_SOURCES = lxc.service lxc@.service lxc-net.service +@INIT_SCRIPT_SYSTEMD_TRUE@pkglibexec_SCRIPTS = lxc-apparmor-load all: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) all-am @@ -327,7 +341,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/systemd/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/init/systemd/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -347,6 +360,8 @@ $(am__aclocal_m4_deps): lxc.service: $(top_builddir)/config.status $(srcdir)/lxc.service.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc@.service: $(top_builddir)/config.status $(srcdir)/lxc@.service.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-net.service: $(top_builddir)/config.status $(srcdir)/lxc-net.service.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-pkglibexecSCRIPTS: $(pkglibexec_SCRIPTS) @@ -461,8 +476,8 @@ @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -test -z "$(BUILT_SOURCES)" || rm -f $(BUILT_SOURCES) -@INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: @INIT_SCRIPT_SYSTEMD_FALSE@install-data-local: +@INIT_SCRIPT_SYSTEMD_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic mostlyclean-am @@ -544,13 +559,16 @@ uninstall uninstall-am uninstall-local \ uninstall-pkglibexecSCRIPTS +.PRECIOUS: Makefile + -@INIT_SCRIPT_SYSTEMD_TRUE@install-systemd: lxc.service lxc-net.service lxc-devsetup lxc-apparmor-load +@INIT_SCRIPT_SYSTEMD_TRUE@install-systemd: lxc.service lxc@.service lxc-net.service lxc-apparmor-load @INIT_SCRIPT_SYSTEMD_TRUE@ $(MKDIR_P) $(DESTDIR)$(SYSTEMD_UNIT_DIR) -@INIT_SCRIPT_SYSTEMD_TRUE@ $(INSTALL_DATA) lxc.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ +@INIT_SCRIPT_SYSTEMD_TRUE@ $(INSTALL_DATA) lxc.service lxc@.service lxc-net.service $(DESTDIR)$(SYSTEMD_UNIT_DIR)/ @INIT_SCRIPT_SYSTEMD_TRUE@uninstall-systemd: @INIT_SCRIPT_SYSTEMD_TRUE@ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc.service +@INIT_SCRIPT_SYSTEMD_TRUE@ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc@.service @INIT_SCRIPT_SYSTEMD_TRUE@ rm -f $(DESTDIR)$(SYSTEMD_UNIT_DIR)/lxc-net.service @INIT_SCRIPT_SYSTEMD_TRUE@ rmdir $(DESTDIR)$(SYSTEMD_UNIT_DIR) || : diff -Nru lxc-1.1.5/config/init/sysvinit/lxc-containers.in lxc-2.0.1/config/init/sysvinit/lxc-containers.in --- lxc-1.1.5/config/init/sysvinit/lxc-containers.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/sysvinit/lxc-containers.in 2016-05-16 20:38:39.000000000 +0000 @@ -7,34 +7,36 @@ # ### BEGIN INIT INFO # Provides: lxc +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: +# Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 0 1 6 # Short-Description: Bring up/down LXC autostart containers # Description: Bring up/down LXC autostart containers ### END INIT INFO -sysconfdir="@SYSCONFDIR@" - -# Source function library. -test ! -r "$sysconfdir"/rc.d/init.d/functions || - . "$sysconfdir"/rc.d/init.d/functions +# To be replaced by LSB functions, if they can be found +# Defined here for distributions that don't have log_daemon_msg +log_daemon_msg () { + echo $@ +} -# provide action() fallback -if ! type action >/dev/null 2>&1; then - # Real basic fallback for sysvinit "action" verbage. - action() { - echo -n "$1 " - shift - "$@" && echo "OK" || echo "Failed" - } -fi +# Try to source LSB init functions to define LSB log_* functions. +test ! -r /lib/lsb/init-functions || + . /lib/lsb/init-functions start() { - action $"Starting LXC autoboot containers: " @LIBEXECDIR@/lxc/lxc-containers start + # Setup host /dev for autodev containers. + @LIBEXECDIR@/lxc/lxc-devsetup + log_daemon_msg "Starting LXC autoboot containers: " + @LIBEXECDIR@/lxc/lxc-containers start } stop() { - action $"Stopping LXC containers: " @LIBEXECDIR@/lxc/lxc-containers stop + log_daemon_msg "Stopping LXC containers: " + @LIBEXECDIR@/lxc/lxc-containers stop } # See how we were called. diff -Nru lxc-1.1.5/config/init/sysvinit/lxc-net.in lxc-2.0.1/config/init/sysvinit/lxc-net.in --- lxc-1.1.5/config/init/sysvinit/lxc-net.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/sysvinit/lxc-net.in 2016-05-16 20:38:39.000000000 +0000 @@ -7,34 +7,34 @@ # ### BEGIN INIT INFO # Provides: lxc-net +# Required-Start: $syslog $remote_fs +# Required-Stop: $syslog $remote_fs +# Should-Start: +# Should-Stop: # Default-Start: 2 3 4 5 # Default-Stop: 1 # Short-Description: Bring up/down LXC Network Bridge # Description: Bring up/down LXC Network Bridge ### END INIT INFO -sysconfdir="@SYSCONFDIR@" - -# Source function library. -test ! -r "$sysconfdir"/rc.d/init.d/functions || - . "$sysconfdir"/rc.d/init.d/functions +# To be replaced by LSB functions, if they can be found +# Defined here for distributions that don't have log_daemon_msg +log_daemon_msg () { + echo $@ +} -# provide action() fallback -if ! type action >/dev/null 2>&1; then - # Real basic fallback for sysvinit "action" verbage. - action() { - echo -n "$1 " - shift - "$@" && echo "OK" || echo "Failed" - } -fi +# Try to source LSB init functions to define LSB log_* functions. +test ! -r /lib/lsb/init-functions || + . /lib/lsb/init-functions start() { - action $"Starting LXC network bridge: " @LIBEXECDIR@/lxc/lxc-net start + log_daemon_msg "Starting LXC network bridge: " + @LIBEXECDIR@/lxc/lxc-net start } stop() { - action $"Stopping LXC network bridge: " @LIBEXECDIR@/lxc/lxc-net stop + log_daemon_msg "Stopping LXC network bridge: " + @LIBEXECDIR@/lxc/lxc-net stop } # See how we were called. diff -Nru lxc-1.1.5/config/init/sysvinit/Makefile.in lxc-2.0.1/config/init/sysvinit/Makefile.in --- lxc-1.1.5/config/init/sysvinit/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/init/sysvinit/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,13 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/init/sysvinit -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-containers.in $(srcdir)/lxc-net.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-containers lxc-net @@ -109,6 +118,8 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-containers.in \ + $(srcdir)/lxc-net.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -161,6 +172,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -174,6 +186,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -265,6 +278,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -294,7 +308,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/sysvinit/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/init/sysvinit/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -387,8 +400,8 @@ maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." -@INIT_SCRIPT_SYSV_FALSE@uninstall-local: @INIT_SCRIPT_SYSV_FALSE@install-data-local: +@INIT_SCRIPT_SYSV_FALSE@uninstall-local: clean: clean-am clean-am: clean-generic mostlyclean-am @@ -468,6 +481,8 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local +.PRECIOUS: Makefile + @INIT_SCRIPT_SYSV_TRUE@install-sysvinit: lxc-containers lxc-net @INIT_SCRIPT_SYSV_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/$(initdir) diff -Nru lxc-1.1.5/config/init/upstart/lxc.conf lxc-2.0.1/config/init/upstart/lxc.conf --- lxc-1.1.5/config/init/upstart/lxc.conf 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/upstart/lxc.conf 2016-05-16 20:38:51.000000000 +0000 @@ -45,6 +45,9 @@ fi fi + # Setup host /dev for autodev containers. + /usr/local/libexec/lxc/lxc-devsetup + [ "x$LXC_AUTO" = "xtrue" ] || exit 0 if [ -n "$BOOTGROUPS" ] diff -Nru lxc-1.1.5/config/init/upstart/lxc.conf.in lxc-2.0.1/config/init/upstart/lxc.conf.in --- lxc-1.1.5/config/init/upstart/lxc.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/init/upstart/lxc.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,77 @@ +description "lxc" +author "Serge Hallyn " + +start on runlevel [2345] +stop on starting rc RUNLEVEL=[016] + +env LXC_AUTO="false" + +# These can be overridden in /etc/default/lxc + +# BOOTGROUPS - What groups should start on bootup? +# Comma separated list of groups. +# Leading comma, trailing comma or embedded double +# comma indicates when the NULL group should be run. +# Example (default): boot the onboot group first then the NULL group +env BOOTGROUPS="onboot," + +# SHUTDOWNDELAY - Wait time for a container to shut down. +# Container shutdown can result in lengthy system +# shutdown times. Even 5 seconds per container can be +# too long. +env SHUTDOWNDELAY=5 + +# OPTIONS can be used for anything else. +# If you want to boot everything then +# options can be "-a" or "-a -A". +env OPTIONS= + +# STOPOPTS are stop options. The can be used for anything else to stop. +# If you want to kill containers fast, use -k +env STOPOPTS="-a -A -s" + +pre-start script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + # don't load profiles if mount mediation is not supported + SYSF=/sys/kernel/security/apparmor/features/mount/mask + if [ -f $SYSF ]; then + if [ -x /lib/apparmor/profile-load ]; then + /lib/apparmor/profile-load usr.bin.lxc-start + /lib/apparmor/profile-load lxc-containers + elif [ -x /lib/init/apparmor-profile-load ]; then + /lib/init/apparmor-profile-load usr.bin.lxc-start + /lib/init/apparmor-profile-load lxc-containers + fi + fi + + # Setup host /dev for autodev containers. + @LIBEXECDIR@/lxc/lxc-devsetup + + [ "x$LXC_AUTO" = "xtrue" ] || exit 0 + + if [ -n "$BOOTGROUPS" ] + then + BOOTGROUPS="-g $BOOTGROUPS" + fi + + # Process the "onboot" group first then the NULL group. + lxc-autostart -L $OPTIONS $BOOTGROUPS | while read line; do + set -- $line + (start lxc-instance NAME=$1 && sleep $2) || true + done +end script + +# The stop is serialized and can take excessive time. We need to avoid +# delaying the system shutdown / reboot as much as we can since it's not +# parallelized... Even 5 second timout may be too long. +post-stop script + [ -f /etc/default/lxc ] && . /etc/default/lxc + + if [ -n "$SHUTDOWNDELAY" ] + then + SHUTDOWNDELAY="-t $SHUTDOWNDELAY" + fi + + lxc-autostart $STOPOPTS $SHUTDOWNDELAY || true +end script diff -Nru lxc-1.1.5/config/init/upstart/Makefile.am lxc-2.0.1/config/init/upstart/Makefile.am --- lxc-1.1.5/config/init/upstart/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/init/upstart/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -4,7 +4,7 @@ install-upstart: lxc.conf lxc-instance.conf lxc-net.conf $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ - $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ + $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ uninstall-upstart: diff -Nru lxc-1.1.5/config/init/upstart/Makefile.in lxc-2.0.1/config/init/upstart/Makefile.in --- lxc-1.1.5/config/init/upstart/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/init/upstart/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,16 +88,15 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/init/upstart -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-net.conf.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h -CONFIG_CLEAN_FILES = lxc-net.conf +CONFIG_CLEAN_FILES = lxc.conf lxc-net.conf CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -109,6 +118,8 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-net.conf.in \ + $(srcdir)/lxc.conf.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -161,6 +172,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -174,6 +186,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -265,6 +278,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -289,7 +303,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/init/upstart/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/init/upstart/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -307,6 +320,8 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +lxc.conf: $(top_builddir)/config.status $(srcdir)/lxc.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-net.conf: $(top_builddir)/config.status $(srcdir)/lxc-net.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ tags TAGS: @@ -461,11 +476,13 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags-am uninstall uninstall-am uninstall-local +.PRECIOUS: Makefile + @INIT_SCRIPT_UPSTART_TRUE@install-upstart: lxc.conf lxc-instance.conf lxc-net.conf @INIT_SCRIPT_UPSTART_TRUE@ $(MKDIR_P) $(DESTDIR)$(sysconfdir)/init/ @INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc.conf $(DESTDIR)$(sysconfdir)/init/ -@INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ +@INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) $(srcdir)/lxc-instance.conf $(DESTDIR)$(sysconfdir)/init/ @INIT_SCRIPT_UPSTART_TRUE@ $(INSTALL_DATA) lxc-net.conf $(DESTDIR)$(sysconfdir)/init/ @INIT_SCRIPT_UPSTART_TRUE@uninstall-upstart: diff -Nru lxc-1.1.5/config/install-sh lxc-2.0.1/config/install-sh --- lxc-1.1.5/config/install-sh 2015-11-09 16:26:02.000000000 +0000 +++ lxc-2.0.1/config/install-sh 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ #!/bin/sh # install - install a program, script, or datafile -scriptversion=2011-11-20.07; # UTC +scriptversion=2014-09-12.12; # UTC # This originates from X11R5 (mit/util/scripts/install.sh), which was # later released in X11R6 (xc/config/util/install.sh) with the @@ -41,19 +41,15 @@ # This script is compatible with the BSD install script, but was written # from scratch. +tab=' ' nl=' ' -IFS=" "" $nl" +IFS=" $tab$nl" -# set DOITPROG to echo to test this script +# Set DOITPROG to "echo" to test this script. -# Don't use :- since 4.3BSD and earlier shells don't like it. doit=${DOITPROG-} -if test -z "$doit"; then - doit_exec=exec -else - doit_exec=$doit -fi +doit_exec=${doit:-exec} # Put in absolute file names if you don't have them in your path; # or use environment vars. @@ -68,17 +64,6 @@ rmprog=${RMPROG-rm} stripprog=${STRIPPROG-strip} -posix_glob='?' -initialize_posix_glob=' - test "$posix_glob" != "?" || { - if (set -f) 2>/dev/null; then - posix_glob= - else - posix_glob=: - fi - } -' - posix_mkdir= # Desired mode of installed file. @@ -97,7 +82,7 @@ dst_arg= copy_on_change=false -no_target_directory= +is_target_a_directory=possibly usage="\ Usage: $0 [OPTION]... [-T] SRCFILE DSTFILE @@ -137,46 +122,57 @@ -d) dir_arg=true;; -g) chgrpcmd="$chgrpprog $2" - shift;; + shift;; --help) echo "$usage"; exit $?;; -m) mode=$2 - case $mode in - *' '* | *' '* | *' -'* | *'*'* | *'?'* | *'['*) - echo "$0: invalid mode: $mode" >&2 - exit 1;; - esac - shift;; + case $mode in + *' '* | *"$tab"* | *"$nl"* | *'*'* | *'?'* | *'['*) + echo "$0: invalid mode: $mode" >&2 + exit 1;; + esac + shift;; -o) chowncmd="$chownprog $2" - shift;; + shift;; -s) stripcmd=$stripprog;; - -t) dst_arg=$2 - # Protect names problematic for 'test' and other utilities. - case $dst_arg in - -* | [=\(\)!]) dst_arg=./$dst_arg;; - esac - shift;; + -t) + is_target_a_directory=always + dst_arg=$2 + # Protect names problematic for 'test' and other utilities. + case $dst_arg in + -* | [=\(\)!]) dst_arg=./$dst_arg;; + esac + shift;; - -T) no_target_directory=true;; + -T) is_target_a_directory=never;; --version) echo "$0 $scriptversion"; exit $?;; - --) shift - break;; + --) shift + break;; - -*) echo "$0: invalid option: $1" >&2 - exit 1;; + -*) echo "$0: invalid option: $1" >&2 + exit 1;; *) break;; esac shift done +# We allow the use of options -d and -T together, by making -d +# take the precedence; this is for compatibility with GNU install. + +if test -n "$dir_arg"; then + if test -n "$dst_arg"; then + echo "$0: target directory not allowed when installing a directory." >&2 + exit 1 + fi +fi + if test $# -ne 0 && test -z "$dir_arg$dst_arg"; then # When -d is used, all remaining arguments are directories to create. # When -t is used, the destination is already specified. @@ -208,6 +204,15 @@ fi if test -z "$dir_arg"; then + if test $# -gt 1 || test "$is_target_a_directory" = always; then + if test ! -d "$dst_arg"; then + echo "$0: $dst_arg: Is not a directory." >&2 + exit 1 + fi + fi +fi + +if test -z "$dir_arg"; then do_exit='(exit $ret); exit $ret' trap "ret=129; $do_exit" 1 trap "ret=130; $do_exit" 2 @@ -223,16 +228,16 @@ *[0-7]) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw='% 200' + u_plus_rw='% 200' fi cp_umask=`expr '(' 777 - $mode % 1000 ')' $u_plus_rw`;; *) if test -z "$stripcmd"; then - u_plus_rw= + u_plus_rw= else - u_plus_rw=,u+rw + u_plus_rw=,u+rw fi cp_umask=$mode$u_plus_rw;; esac @@ -269,41 +274,15 @@ # If destination is a directory, append the input filename; won't work # if double slashes aren't ignored. if test -d "$dst"; then - if test -n "$no_target_directory"; then - echo "$0: $dst_arg: Is a directory" >&2 - exit 1 + if test "$is_target_a_directory" = never; then + echo "$0: $dst_arg: Is a directory" >&2 + exit 1 fi dstdir=$dst dst=$dstdir/`basename "$src"` dstdir_status=0 else - # Prefer dirname, but fall back on a substitute if dirname fails. - dstdir=` - (dirname "$dst") 2>/dev/null || - expr X"$dst" : 'X\(.*[^/]\)//*[^/][^/]*/*$' \| \ - X"$dst" : 'X\(//\)[^/]' \| \ - X"$dst" : 'X\(//\)$' \| \ - X"$dst" : 'X\(/\)' \| . 2>/dev/null || - echo X"$dst" | - sed '/^X\(.*[^/]\)\/\/*[^/][^/]*\/*$/{ - s//\1/ - q - } - /^X\(\/\/\)[^/].*/{ - s//\1/ - q - } - /^X\(\/\/\)$/{ - s//\1/ - q - } - /^X\(\/\).*/{ - s//\1/ - q - } - s/.*/./; q' - ` - + dstdir=`dirname "$dst"` test -d "$dstdir" dstdir_status=$? fi @@ -314,74 +293,81 @@ if test $dstdir_status != 0; then case $posix_mkdir in '') - # Create intermediate dirs using mode 755 as modified by the umask. - # This is like FreeBSD 'install' as of 1997-10-28. - umask=`umask` - case $stripcmd.$umask in - # Optimize common cases. - *[2367][2367]) mkdir_umask=$umask;; - .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; - - *[0-7]) - mkdir_umask=`expr $umask + 22 \ - - $umask % 100 % 40 + $umask % 20 \ - - $umask % 10 % 4 + $umask % 2 - `;; - *) mkdir_umask=$umask,go-w;; - esac - - # With -d, create the new directory with the user-specified mode. - # Otherwise, rely on $mkdir_umask. - if test -n "$dir_arg"; then - mkdir_mode=-m$mode - else - mkdir_mode= - fi - - posix_mkdir=false - case $umask in - *[123567][0-7][0-7]) - # POSIX mkdir -p sets u+wx bits regardless of umask, which - # is incompatible with FreeBSD 'install' when (umask & 300) != 0. - ;; - *) - tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ - trap 'ret=$?; rmdir "$tmpdir/d" "$tmpdir" 2>/dev/null; exit $ret' 0 - - if (umask $mkdir_umask && - exec $mkdirprog $mkdir_mode -p -- "$tmpdir/d") >/dev/null 2>&1 - then - if test -z "$dir_arg" || { - # Check for POSIX incompatibilities with -m. - # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or - # other-writable bit of parent directory when it shouldn't. - # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. - ls_ld_tmpdir=`ls -ld "$tmpdir"` - case $ls_ld_tmpdir in - d????-?r-*) different_mode=700;; - d????-?--*) different_mode=755;; - *) false;; - esac && - $mkdirprog -m$different_mode -p -- "$tmpdir" && { - ls_ld_tmpdir_1=`ls -ld "$tmpdir"` - test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" - } - } - then posix_mkdir=: - fi - rmdir "$tmpdir/d" "$tmpdir" - else - # Remove any dirs left behind by ancient mkdir implementations. - rmdir ./$mkdir_mode ./-p ./-- 2>/dev/null - fi - trap '' 0;; - esac;; + # Create intermediate dirs using mode 755 as modified by the umask. + # This is like FreeBSD 'install' as of 1997-10-28. + umask=`umask` + case $stripcmd.$umask in + # Optimize common cases. + *[2367][2367]) mkdir_umask=$umask;; + .*0[02][02] | .[02][02] | .[02]) mkdir_umask=22;; + + *[0-7]) + mkdir_umask=`expr $umask + 22 \ + - $umask % 100 % 40 + $umask % 20 \ + - $umask % 10 % 4 + $umask % 2 + `;; + *) mkdir_umask=$umask,go-w;; + esac + + # With -d, create the new directory with the user-specified mode. + # Otherwise, rely on $mkdir_umask. + if test -n "$dir_arg"; then + mkdir_mode=-m$mode + else + mkdir_mode= + fi + + posix_mkdir=false + case $umask in + *[123567][0-7][0-7]) + # POSIX mkdir -p sets u+wx bits regardless of umask, which + # is incompatible with FreeBSD 'install' when (umask & 300) != 0. + ;; + *) + # $RANDOM is not portable (e.g. dash); use it when possible to + # lower collision chance + tmpdir=${TMPDIR-/tmp}/ins$RANDOM-$$ + trap 'ret=$?; rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" 2>/dev/null; exit $ret' 0 + + # As "mkdir -p" follows symlinks and we work in /tmp possibly; so + # create the $tmpdir first (and fail if unsuccessful) to make sure + # that nobody tries to guess the $tmpdir name. + if (umask $mkdir_umask && + $mkdirprog $mkdir_mode "$tmpdir" && + exec $mkdirprog $mkdir_mode -p -- "$tmpdir/a/b") >/dev/null 2>&1 + then + if test -z "$dir_arg" || { + # Check for POSIX incompatibilities with -m. + # HP-UX 11.23 and IRIX 6.5 mkdir -m -p sets group- or + # other-writable bit of parent directory when it shouldn't. + # FreeBSD 6.1 mkdir -m -p sets mode of existing directory. + test_tmpdir="$tmpdir/a" + ls_ld_tmpdir=`ls -ld "$test_tmpdir"` + case $ls_ld_tmpdir in + d????-?r-*) different_mode=700;; + d????-?--*) different_mode=755;; + *) false;; + esac && + $mkdirprog -m$different_mode -p -- "$test_tmpdir" && { + ls_ld_tmpdir_1=`ls -ld "$test_tmpdir"` + test "$ls_ld_tmpdir" = "$ls_ld_tmpdir_1" + } + } + then posix_mkdir=: + fi + rmdir "$tmpdir/a/b" "$tmpdir/a" "$tmpdir" + else + # Remove any dirs left behind by ancient mkdir implementations. + rmdir ./$mkdir_mode ./-p ./-- "$tmpdir" 2>/dev/null + fi + trap '' 0;; + esac;; esac if $posix_mkdir && ( - umask $mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" + umask $mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir" ) then : else @@ -391,53 +377,51 @@ # directory the slow way, step by step, checking for races as we go. case $dstdir in - /*) prefix='/';; - [-=\(\)!]*) prefix='./';; - *) prefix='';; + /*) prefix='/';; + [-=\(\)!]*) prefix='./';; + *) prefix='';; esac - eval "$initialize_posix_glob" - oIFS=$IFS IFS=/ - $posix_glob set -f + set -f set fnord $dstdir shift - $posix_glob set +f + set +f IFS=$oIFS prefixes= for d do - test X"$d" = X && continue + test X"$d" = X && continue - prefix=$prefix$d - if test -d "$prefix"; then - prefixes= - else - if $posix_mkdir; then - (umask=$mkdir_umask && - $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break - # Don't fail if two instances are running concurrently. - test -d "$prefix" || exit 1 - else - case $prefix in - *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; - *) qprefix=$prefix;; - esac - prefixes="$prefixes '$qprefix'" - fi - fi - prefix=$prefix/ + prefix=$prefix$d + if test -d "$prefix"; then + prefixes= + else + if $posix_mkdir; then + (umask=$mkdir_umask && + $doit_exec $mkdirprog $mkdir_mode -p -- "$dstdir") && break + # Don't fail if two instances are running concurrently. + test -d "$prefix" || exit 1 + else + case $prefix in + *\'*) qprefix=`echo "$prefix" | sed "s/'/'\\\\\\\\''/g"`;; + *) qprefix=$prefix;; + esac + prefixes="$prefixes '$qprefix'" + fi + fi + prefix=$prefix/ done if test -n "$prefixes"; then - # Don't fail if two instances are running concurrently. - (umask $mkdir_umask && - eval "\$doit_exec \$mkdirprog $prefixes") || - test -d "$dstdir" || exit 1 - obsolete_mkdir_used=true + # Don't fail if two instances are running concurrently. + (umask $mkdir_umask && + eval "\$doit_exec \$mkdirprog $prefixes") || + test -d "$dstdir" || exit 1 + obsolete_mkdir_used=true fi fi fi @@ -472,15 +456,12 @@ # If -C, don't bother to copy if it wouldn't change the file. if $copy_on_change && - old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && - new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && - - eval "$initialize_posix_glob" && - $posix_glob set -f && + old=`LC_ALL=C ls -dlL "$dst" 2>/dev/null` && + new=`LC_ALL=C ls -dlL "$dsttmp" 2>/dev/null` && + set -f && set X $old && old=:$2:$4:$5:$6 && set X $new && new=:$2:$4:$5:$6 && - $posix_glob set +f && - + set +f && test "$old" = "$new" && $cmpprog "$dst" "$dsttmp" >/dev/null 2>&1 then @@ -493,24 +474,24 @@ # to itself, or perhaps because mv is so ancient that it does not # support -f. { - # Now remove or move aside any old file at destination location. - # We try this two ways since rm can't unlink itself on some - # systems and the destination file might be busy for other - # reasons. In this case, the final cleanup might fail but the new - # file should still install successfully. - { - test ! -f "$dst" || - $doit $rmcmd -f "$dst" 2>/dev/null || - { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && - { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } - } || - { echo "$0: cannot unlink or rename $dst" >&2 - (exit 1); exit 1 - } - } && + # Now remove or move aside any old file at destination location. + # We try this two ways since rm can't unlink itself on some + # systems and the destination file might be busy for other + # reasons. In this case, the final cleanup might fail but the new + # file should still install successfully. + { + test ! -f "$dst" || + $doit $rmcmd -f "$dst" 2>/dev/null || + { $doit $mvcmd -f "$dst" "$rmtmp" 2>/dev/null && + { $doit $rmcmd -f "$rmtmp" 2>/dev/null; :; } + } || + { echo "$0: cannot unlink or rename $dst" >&2 + (exit 1); exit 1 + } + } && - # Now rename the file to the real destination. - $doit $mvcmd "$dsttmp" "$dst" + # Now rename the file to the real destination. + $doit $mvcmd "$dsttmp" "$dst" } fi || exit 1 diff -Nru lxc-1.1.5/config/Makefile.in lxc-2.0.1/config/Makefile.in --- lxc-1.1.5/config/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,13 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am compile \ - config.guess config.sub install-sh missing ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -144,6 +153,8 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in compile config.guess \ + config.sub install-sh missing DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -221,6 +232,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -234,6 +246,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -325,6 +338,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -349,7 +363,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -637,6 +650,8 @@ maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ pdf-am ps ps-am tags tags-am uninstall uninstall-am +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/missing lxc-2.0.1/config/missing --- lxc-1.1.5/config/missing 2015-11-09 16:26:02.000000000 +0000 +++ lxc-2.0.1/config/missing 2016-05-16 20:38:44.000000000 +0000 @@ -3,7 +3,7 @@ scriptversion=2013-10-28.13; # UTC -# Copyright (C) 1996-2013 Free Software Foundation, Inc. +# Copyright (C) 1996-2014 Free Software Foundation, Inc. # Originally written by Fran,cois Pinard , 1996. # This program is free software; you can redistribute it and/or modify diff -Nru lxc-1.1.5/config/selinux/Makefile.in lxc-2.0.1/config/selinux/Makefile.in --- lxc-1.1.5/config/selinux/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/selinux/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,12 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/selinux -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -138,6 +148,7 @@ am__installdirs = "$(DESTDIR)$(selinuxdir)" DATA = $(selinux_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -190,6 +201,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -203,6 +215,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -294,6 +307,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -325,7 +339,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/selinux/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/selinux/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -518,6 +531,8 @@ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-selinuxDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/sysconfig/Makefile.in lxc-2.0.1/config/sysconfig/Makefile.in --- lxc-1.1.5/config/sysconfig/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/sysconfig/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,13 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/sysconfig -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc @@ -139,6 +148,7 @@ am__installdirs = "$(DESTDIR)$(sysconfigdir)" DATA = $(sysconfig_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -191,6 +201,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -204,6 +215,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -295,6 +307,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -323,7 +336,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/sysconfig/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/sysconfig/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -518,6 +530,8 @@ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-sysconfigDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/templates/alpine.common.conf.in lxc-2.0.1/config/templates/alpine.common.conf.in --- lxc-1.1.5/config/templates/alpine.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/alpine.common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,20 @@ +# This derives from the global common config. +lxc.include = @LXCTEMPLATECONFIG@/common.conf + +# Doesn't support consoles in /dev/lxc/. +lxc.devttydir = + +# Drop another (potentially) harmful capabilities. +lxc.cap.drop = audit_write +lxc.cap.drop = ipc_owner +lxc.cap.drop = mknod +lxc.cap.drop = setfcap +lxc.cap.drop = setpcap +lxc.cap.drop = sys_nice +lxc.cap.drop = sys_pacct +lxc.cap.drop = sys_ptrace +lxc.cap.drop = sys_rawio +lxc.cap.drop = sys_resource +lxc.cap.drop = sys_tty_config +lxc.cap.drop = syslog +lxc.cap.drop = wake_alarm diff -Nru lxc-1.1.5/config/templates/alpine.userns.conf.in lxc-2.0.1/config/templates/alpine.userns.conf.in --- lxc-1.1.5/config/templates/alpine.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/alpine.userns.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,2 @@ +# This derives from the global userns config. +lxc.include = @LXCTEMPLATECONFIG@/userns.conf diff -Nru lxc-1.1.5/config/templates/common.conf.d/Makefile.in lxc-2.0.1/config/templates/common.conf.d/Makefile.in --- lxc-1.1.5/config/templates/common.conf.d/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/templates/common.conf.d/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,12 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/templates/common.conf.d -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am README ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -138,6 +148,7 @@ am__installdirs = "$(DESTDIR)$(templatesconfigdir)" DATA = $(templatesconfig_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -190,6 +201,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -203,6 +215,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -294,6 +307,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -322,7 +336,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/templates/common.conf.d/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/templates/common.conf.d/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -515,6 +528,8 @@ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ uninstall uninstall-am uninstall-templatesconfigDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/templates/common.conf.in lxc-2.0.1/config/templates/common.conf.in --- lxc-1.1.5/config/templates/common.conf.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/templates/common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -10,7 +10,7 @@ lxc.tty = 4 # Drop some harmful capabilities -lxc.cap.drop = mac_admin mac_override sys_time sys_module +lxc.cap.drop = mac_admin mac_override sys_time sys_module sys_rawio # Set the pivot directory lxc.pivotdir = lxc_putold diff -Nru lxc-1.1.5/config/templates/debian.common.conf.in lxc-2.0.1/config/templates/debian.common.conf.in --- lxc-1.1.5/config/templates/debian.common.conf.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/templates/debian.common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -9,10 +9,6 @@ # (uncommented) to the container's configuration file. #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host while retaining most of -# apparmor's added security, use the following line instead. -#lxc.aa_profile = lxc-container-default-with-nesting - # If you wish to allow mounting block filesystems, then use the following # line instead, and make sure to grant access to the block device and/or loop # devices below in lxc.cgroup.devices.allow. diff -Nru lxc-1.1.5/config/templates/gentoo.moresecure.conf.in lxc-2.0.1/config/templates/gentoo.moresecure.conf.in --- lxc-1.1.5/config/templates/gentoo.moresecure.conf.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/templates/gentoo.moresecure.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -29,8 +29,8 @@ # lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) # lxc.cap.drop = audit_write # lxc.cap.drop = setpcap # breaks journald -# lxc.cap.drop = sys_resources # breaks systemd -lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resources sys_tty_config syslog +# lxc.cap.drop = sys_resource # breaks systemd +lxc.cap.drop = audit_control audit_write dac_read_search fsetid ipc_owner linux_immutable mknod setfcap setpcap sys_admin sys_boot sys_nice sys_pacct sys_ptrace sys_rawio sys_resource sys_tty_config syslog # WARNING: the security vulnerability reported for 'cap_net_admin' at # http://mainisusuallyafunction.blogspot.com/2012/11/attacking-hardened-linux-systems-with.html diff -Nru lxc-1.1.5/config/templates/Makefile.am lxc-2.0.1/config/templates/Makefile.am --- lxc-1.1.5/config/templates/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/templates/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -5,6 +5,8 @@ SUBDIRS = common.conf.d templatesconfig_DATA = \ + alpine.common.conf \ + alpine.userns.conf \ archlinux.common.conf \ archlinux.userns.conf \ centos.common.conf \ @@ -25,6 +27,8 @@ oracle.userns.conf \ plamo.common.conf \ plamo.userns.conf \ + slackware.common.conf \ + slackware.userns.conf \ ubuntu-cloud.common.conf \ ubuntu-cloud.lucid.conf \ ubuntu-cloud.userns.conf \ @@ -32,4 +36,6 @@ ubuntu.lucid.conf \ ubuntu.userns.conf \ openwrt.common.conf \ + sparclinux.common.conf \ + sparclinux.userns.conf \ userns.conf diff -Nru lxc-1.1.5/config/templates/Makefile.in lxc-2.0.1/config/templates/Makefile.in --- lxc-1.1.5/config/templates/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/templates/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,46 +89,26 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/templates -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/archlinux.common.conf.in \ - $(srcdir)/archlinux.userns.conf.in \ - $(srcdir)/centos.common.conf.in \ - $(srcdir)/centos.userns.conf.in $(srcdir)/common.conf.in \ - $(srcdir)/debian.common.conf.in \ - $(srcdir)/debian.userns.conf.in \ - $(srcdir)/fedora.common.conf.in \ - $(srcdir)/fedora.userns.conf.in \ - $(srcdir)/gentoo.common.conf.in \ - $(srcdir)/gentoo.moresecure.conf.in \ - $(srcdir)/gentoo.userns.conf.in $(srcdir)/nesting.conf.in \ - $(srcdir)/opensuse.common.conf.in \ - $(srcdir)/opensuse.userns.conf.in \ - $(srcdir)/oracle.common.conf.in \ - $(srcdir)/oracle.userns.conf.in $(srcdir)/plamo.common.conf.in \ - $(srcdir)/plamo.userns.conf.in \ - $(srcdir)/ubuntu-cloud.common.conf.in \ - $(srcdir)/ubuntu-cloud.lucid.conf.in \ - $(srcdir)/ubuntu-cloud.userns.conf.in \ - $(srcdir)/ubuntu.common.conf.in $(srcdir)/ubuntu.lucid.conf.in \ - $(srcdir)/ubuntu.userns.conf.in \ - $(srcdir)/openwrt.common.conf.in $(srcdir)/userns.conf.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h -CONFIG_CLEAN_FILES = archlinux.common.conf archlinux.userns.conf \ - centos.common.conf centos.userns.conf common.conf \ - debian.common.conf debian.userns.conf fedora.common.conf \ - fedora.userns.conf gentoo.common.conf gentoo.moresecure.conf \ - gentoo.userns.conf nesting.conf opensuse.common.conf \ - opensuse.userns.conf oracle.common.conf oracle.userns.conf \ - plamo.common.conf plamo.userns.conf ubuntu-cloud.common.conf \ - ubuntu-cloud.lucid.conf ubuntu-cloud.userns.conf \ - ubuntu.common.conf ubuntu.lucid.conf ubuntu.userns.conf \ - openwrt.common.conf userns.conf +CONFIG_CLEAN_FILES = alpine.common.conf alpine.userns.conf \ + archlinux.common.conf archlinux.userns.conf centos.common.conf \ + centos.userns.conf common.conf debian.common.conf \ + debian.userns.conf fedora.common.conf fedora.userns.conf \ + gentoo.common.conf gentoo.moresecure.conf gentoo.userns.conf \ + nesting.conf opensuse.common.conf opensuse.userns.conf \ + oracle.common.conf oracle.userns.conf plamo.common.conf \ + plamo.userns.conf slackware.common.conf slackware.userns.conf \ + ubuntu-cloud.common.conf ubuntu-cloud.lucid.conf \ + ubuntu-cloud.userns.conf ubuntu.common.conf ubuntu.lucid.conf \ + ubuntu.userns.conf openwrt.common.conf sparclinux.common.conf \ + sparclinux.userns.conf userns.conf CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) @@ -204,6 +194,35 @@ ETAGS = etags CTAGS = ctags DIST_SUBDIRS = $(SUBDIRS) +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(srcdir)/alpine.common.conf.in \ + $(srcdir)/alpine.userns.conf.in \ + $(srcdir)/archlinux.common.conf.in \ + $(srcdir)/archlinux.userns.conf.in \ + $(srcdir)/centos.common.conf.in \ + $(srcdir)/centos.userns.conf.in $(srcdir)/common.conf.in \ + $(srcdir)/debian.common.conf.in \ + $(srcdir)/debian.userns.conf.in \ + $(srcdir)/fedora.common.conf.in \ + $(srcdir)/fedora.userns.conf.in \ + $(srcdir)/gentoo.common.conf.in \ + $(srcdir)/gentoo.moresecure.conf.in \ + $(srcdir)/gentoo.userns.conf.in $(srcdir)/nesting.conf.in \ + $(srcdir)/opensuse.common.conf.in \ + $(srcdir)/opensuse.userns.conf.in \ + $(srcdir)/openwrt.common.conf.in \ + $(srcdir)/oracle.common.conf.in \ + $(srcdir)/oracle.userns.conf.in $(srcdir)/plamo.common.conf.in \ + $(srcdir)/plamo.userns.conf.in \ + $(srcdir)/slackware.common.conf.in \ + $(srcdir)/slackware.userns.conf.in \ + $(srcdir)/sparclinux.common.conf.in \ + $(srcdir)/sparclinux.userns.conf.in \ + $(srcdir)/ubuntu-cloud.common.conf.in \ + $(srcdir)/ubuntu-cloud.lucid.conf.in \ + $(srcdir)/ubuntu-cloud.userns.conf.in \ + $(srcdir)/ubuntu.common.conf.in $(srcdir)/ubuntu.lucid.conf.in \ + $(srcdir)/ubuntu.userns.conf.in $(srcdir)/userns.conf.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -281,6 +300,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -294,6 +314,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -385,6 +406,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -397,6 +419,8 @@ EXTRA_DIST = common.seccomp SUBDIRS = common.conf.d templatesconfig_DATA = \ + alpine.common.conf \ + alpine.userns.conf \ archlinux.common.conf \ archlinux.userns.conf \ centos.common.conf \ @@ -417,6 +441,8 @@ oracle.userns.conf \ plamo.common.conf \ plamo.userns.conf \ + slackware.common.conf \ + slackware.userns.conf \ ubuntu-cloud.common.conf \ ubuntu-cloud.lucid.conf \ ubuntu-cloud.userns.conf \ @@ -424,6 +450,8 @@ ubuntu.lucid.conf \ ubuntu.userns.conf \ openwrt.common.conf \ + sparclinux.common.conf \ + sparclinux.userns.conf \ userns.conf all: all-recursive @@ -441,7 +469,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/templates/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/templates/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -459,6 +486,10 @@ $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): +alpine.common.conf: $(top_builddir)/config.status $(srcdir)/alpine.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +alpine.userns.conf: $(top_builddir)/config.status $(srcdir)/alpine.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ archlinux.common.conf: $(top_builddir)/config.status $(srcdir)/archlinux.common.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ archlinux.userns.conf: $(top_builddir)/config.status $(srcdir)/archlinux.userns.conf.in @@ -497,6 +528,10 @@ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ plamo.userns.conf: $(top_builddir)/config.status $(srcdir)/plamo.userns.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +slackware.common.conf: $(top_builddir)/config.status $(srcdir)/slackware.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +slackware.userns.conf: $(top_builddir)/config.status $(srcdir)/slackware.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ ubuntu-cloud.common.conf: $(top_builddir)/config.status $(srcdir)/ubuntu-cloud.common.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ ubuntu-cloud.lucid.conf: $(top_builddir)/config.status $(srcdir)/ubuntu-cloud.lucid.conf.in @@ -511,6 +546,10 @@ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ openwrt.common.conf: $(top_builddir)/config.status $(srcdir)/openwrt.common.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +sparclinux.common.conf: $(top_builddir)/config.status $(srcdir)/sparclinux.common.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +sparclinux.userns.conf: $(top_builddir)/config.status $(srcdir)/sparclinux.userns.conf.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ userns.conf: $(top_builddir)/config.status $(srcdir)/userns.conf.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-templatesconfigDATA: $(templatesconfig_DATA) @@ -809,6 +848,8 @@ pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-templatesconfigDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/config/templates/slackware.common.conf.in lxc-2.0.1/config/templates/slackware.common.conf.in --- lxc-1.1.5/config/templates/slackware.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/slackware.common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,46 @@ +# This derives from the global common config +lxc.include = @LXCTEMPLATECONFIG@/common.conf + +# Doesn't support consoles in /dev/lxc/ +lxc.devttydir = + +# Extra cgroup device access +## rtc +lxc.cgroup.devices.allow = c 254:0 rm +## tun +lxc.cgroup.devices.allow = c 10:200 rwm +## hpet +lxc.cgroup.devices.allow = c 10:228 rwm +## kvm +lxc.cgroup.devices.allow = c 10:232 rwm +## To use loop devices, copy the following line to the container's +## configuration file (uncommented). +#lxc.cgroup.devices.allow = b 7:* rwm + +# mount /dev/shm as tmpfs +lxc.mount.entry = none dev/shm tmpfs rw,nosuid,nodev,create=dir + +# Capabilities +# Uncomment these if you don't run anything that needs the capability, and +# would like the container to run with less privilege. +# Note that some are already dropped in common.conf. +# +# Dropping sys_admin disables container root from doing a lot of things +# that could be bad like re-mounting lxc fstab entries rw for example, +# but also disables some useful things like being able to nfs mount, and +# things that are already namespaced with ns_capable() kernel checks, like +# hostname(1). +# +# Some of these don't apply in Slackware but are here for future reference. +# +# lxc.cap.drop = sys_admin # breaks systemd +# lxc.cap.drop = net_raw # breaks dhcp/ping +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) +# lxc.cap.drop = setuid # breaks sshd,nfs statd +# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) +# lxc.cap.drop = audit_write +# lxc.cap.drop = setpcap # breaks journald +# lxc.cap.drop = sys_resource # breaks systemd +# +lxc.cap.drop = mknod setfcap setpcap diff -Nru lxc-1.1.5/config/templates/slackware.userns.conf.in lxc-2.0.1/config/templates/slackware.userns.conf.in --- lxc-1.1.5/config/templates/slackware.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/slackware.userns.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,2 @@ +# This derives from the global userns config +lxc.include = @LXCTEMPLATECONFIG@/userns.conf diff -Nru lxc-1.1.5/config/templates/sparclinux.common.conf.in lxc-2.0.1/config/templates/sparclinux.common.conf.in --- lxc-1.1.5/config/templates/sparclinux.common.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/sparclinux.common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,20 @@ +# This derives from the global common config +lxc.include = @LXCTEMPLATECONFIG@/common.conf + +# Capabilities +# Uncomment these if you don't run anything that needs the capability, and +# would like the container to run with less privilege. +# +# Dropping sys_admin disables container root from doing a lot of things +# that could be bad like re-mounting lxc fstab entries rw for example, +# but also disables some useful things like being able to nfs mount, and +# things that are already namespaced with ns_capable() kernel checks, like +# hostname(1). +# lxc.cap.drop = sys_admin +# lxc.cap.drop = net_raw # breaks dhcp/ping +# lxc.cap.drop = setgid # breaks login (initgroups/setgroups) +# lxc.cap.drop = dac_read_search # breaks login (pam unix_chkpwd) +# lxc.cap.drop = setuid # breaks sshd,nfs statd +# lxc.cap.drop = audit_control # breaks sshd (set_loginuid failed) +# lxc.cap.drop = audit_write +lxc.cap.drop = sys_nice sys_pacct sys_rawio diff -Nru lxc-1.1.5/config/templates/sparclinux.userns.conf.in lxc-2.0.1/config/templates/sparclinux.userns.conf.in --- lxc-1.1.5/config/templates/sparclinux.userns.conf.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/config/templates/sparclinux.userns.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,2 @@ +# This derives from the global userns config +lxc.include = @LXCTEMPLATECONFIG@/userns.conf diff -Nru lxc-1.1.5/config/templates/ubuntu.common.conf.in lxc-2.0.1/config/templates/ubuntu.common.conf.in --- lxc-1.1.5/config/templates/ubuntu.common.conf.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/config/templates/ubuntu.common.conf.in 2016-05-16 20:38:39.000000000 +0000 @@ -12,10 +12,6 @@ # (uncommented) to the container's configuration file. #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host while retaining most of -# apparmor's added security, use the following line instead. -#lxc.aa_profile = lxc-container-default-with-nesting - # Uncomment the following line to autodetect squid-deb-proxy configuration on the # host and forward it to the guest at start time. #lxc.hook.pre-start = /usr/share/lxc/hooks/squid-deb-proxy-client diff -Nru lxc-1.1.5/config/yum/Makefile.in lxc-2.0.1/config/yum/Makefile.in --- lxc-1.1.5/config/yum/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/config/yum/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,12 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = config/yum -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -138,6 +148,7 @@ am__installdirs = "$(DESTDIR)$(yumpluginsdir)" DATA = $(yumplugins_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -190,6 +201,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -203,6 +215,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -294,6 +307,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -322,7 +336,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu config/yum/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu config/yum/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -515,6 +528,8 @@ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-yumpluginsDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/configure lxc-2.0.1/configure --- lxc-1.1.5/configure 2015-11-09 16:26:02.000000000 +0000 +++ lxc-2.0.1/configure 2016-05-16 20:38:43.000000000 +0000 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for lxc 1.1.5. +# Generated by GNU Autoconf 2.69 for lxc 2.0.1. # # # Copyright (C) 1992-1996, 1998-2012 Free Software Foundation, Inc. @@ -577,8 +577,8 @@ # Identity of this package. PACKAGE_NAME='lxc' PACKAGE_TARNAME='lxc' -PACKAGE_VERSION='1.1.5' -PACKAGE_STRING='lxc 1.1.5' +PACKAGE_VERSION='2.0.1' +PACKAGE_STRING='lxc 2.0.1' PACKAGE_BUGREPORT='' PACKAGE_URL='' @@ -626,6 +626,8 @@ SED HAVE_FGETLN_FALSE HAVE_FGETLN_TRUE +HAVE_GETSUBOPT_FALSE +HAVE_GETSUBOPT_TRUE HAVE_GETLINE_FALSE HAVE_GETLINE_TRUE IS_BIONIC_FALSE @@ -634,6 +636,7 @@ RUNTIME_PATH LOGPATH LXCINITDIR +LXCBINHOOKDIR LXCHOOKDIR LXCTEMPLATECONFIG LXCTEMPLATEDIR @@ -721,6 +724,8 @@ db2xman ENABLE_RPATH_FALSE ENABLE_RPATH_TRUE +ENABLE_DEPRECATED_FALSE +ENABLE_DEPRECATED_TRUE SYSTEMD_UNIT_DIR INIT_SCRIPT_UPSTART_FALSE INIT_SCRIPT_UPSTART_TRUE @@ -788,6 +793,7 @@ INSTALL_SCRIPT INSTALL_PROGRAM LXC_VERSION +LXC_VERSION_ABI LXC_VERSION_MICRO LXC_VERSION_MINOR LXC_VERSION_MAJOR @@ -815,6 +821,7 @@ docdir oldincludedir includedir +runstatedir localstatedir sharedstatedir sysconfdir @@ -842,6 +849,7 @@ with_distro with_init_script with_systemdsystemunitdir +enable_deprecated enable_rpath enable_doc enable_api_docs @@ -933,6 +941,7 @@ sysconfdir='${prefix}/etc' sharedstatedir='${prefix}/com' localstatedir='${prefix}/var' +runstatedir='${localstatedir}/run' includedir='${prefix}/include' oldincludedir='/usr/include' docdir='${datarootdir}/doc/${PACKAGE_TARNAME}' @@ -1185,6 +1194,15 @@ | -silent | --silent | --silen | --sile | --sil) silent=yes ;; + -runstatedir | --runstatedir | --runstatedi | --runstated \ + | --runstate | --runstat | --runsta | --runst | --runs \ + | --run | --ru | --r) + ac_prev=runstatedir ;; + -runstatedir=* | --runstatedir=* | --runstatedi=* | --runstated=* \ + | --runstate=* | --runstat=* | --runsta=* | --runst=* | --runs=* \ + | --run=* | --ru=* | --r=*) + runstatedir=$ac_optarg ;; + -sbindir | --sbindir | --sbindi | --sbind | --sbin | --sbi | --sb) ac_prev=sbindir ;; -sbindir=* | --sbindir=* | --sbindi=* | --sbind=* | --sbin=* \ @@ -1322,7 +1340,7 @@ for ac_var in exec_prefix prefix bindir sbindir libexecdir datarootdir \ datadir sysconfdir sharedstatedir localstatedir includedir \ oldincludedir docdir infodir htmldir dvidir pdfdir psdir \ - libdir localedir mandir + libdir localedir mandir runstatedir do eval ac_val=\$$ac_var # Remove trailing slashes. @@ -1435,7 +1453,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures lxc 1.1.5 to adapt to many kinds of systems. +\`configure' configures lxc 2.0.1 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1475,6 +1493,7 @@ --sysconfdir=DIR read-only single-machine data [PREFIX/etc] --sharedstatedir=DIR modifiable architecture-independent data [PREFIX/com] --localstatedir=DIR modifiable single-machine data [PREFIX/var] + --runstatedir=DIR modifiable per-process data [LOCALSTATEDIR/run] --libdir=DIR object code libraries [EPREFIX/lib] --includedir=DIR C header files [PREFIX/include] --oldincludedir=DIR C header files for non-gcc [/usr/include] @@ -1505,7 +1524,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of lxc 1.1.5:";; + short | recursive ) echo "Configuration of lxc 2.0.1:";; esac cat <<\_ACEOF @@ -1519,6 +1538,7 @@ do not reject slow dependency extractors --disable-dependency-tracking speeds up one-time build + --enable-deprecated enable deprecated executables [default=no] --enable-rpath set rpath in executables [default=no] --enable-doc make man pages [default=auto] --enable-api-docs make API documentation [default=auto] @@ -1542,8 +1562,8 @@ --without-PACKAGE do not use PACKAGE (same as --with-PACKAGE=no) --with-distro=DISTRO Specify the Linux distribution to target: One of redhat, oracle, centos, fedora, suse, gentoo, - debian, arch, slackware, paldo, openmandriva or - pardus. + debian, arch, slackware, plamo, paldo, openmandriva, + pardus, sparclinux, altlinux. --with-init-script[=TYPE[,TYPE,...]] Type(s) of init script to install: sysvinit, systemd, upstart, distro [default=distro] @@ -1665,7 +1685,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -lxc configure 1.1.5 +lxc configure 2.0.1 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -2130,7 +2150,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by lxc $as_me 1.1.5, which was +It was created by lxc $as_me 2.0.1, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2601,17 +2621,19 @@ fi fi -LXC_VERSION_BASE=1.1.5 +LXC_VERSION_BASE=2.0.1 + +LXC_VERSION_MAJOR=2 -LXC_VERSION_MAJOR=1 +LXC_VERSION_MINOR=0 -LXC_VERSION_MINOR=1 +LXC_VERSION_MICRO=1 -LXC_VERSION_MICRO=5 +LXC_VERSION_ABI=1.2.0 -LXC_VERSION=1.1.5 +LXC_VERSION=2.0.1 @@ -2646,7 +2668,7 @@ ac_config_headers="$ac_config_headers src/config.h" -am__api_version='1.14' +am__api_version='1.15' # Find a good install program. We prefer a C program (faster), # so one script is as good as another. But avoid the broken or @@ -2818,8 +2840,8 @@ ac_script='s/[\\$]/&&/g;s/;s,x,x,$//' program_transform_name=`$as_echo "$program_transform_name" | sed "$ac_script"` -# expand $ac_aux_dir to an absolute path -am_aux_dir=`cd $ac_aux_dir && pwd` +# Expand $ac_aux_dir to an absolute path. +am_aux_dir=`cd "$ac_aux_dir" && pwd` if test x"${MISSING+set}" != xset; then case $am_aux_dir in @@ -2838,7 +2860,7 @@ $as_echo "$as_me: WARNING: 'missing' script is too old or missing" >&2;} fi -if test x"${install_sh}" != xset; then +if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; @@ -3132,7 +3154,7 @@ # Define the identity of the package. PACKAGE='lxc' - VERSION='1.1.5' + VERSION='2.0.1' cat >>confdefs.h <<_ACEOF @@ -3166,8 +3188,8 @@ # mkdir_p='$(MKDIR_P)' -# We need awk for the "check" target. The system "awk" is bad on -# some platforms. +# We need awk for the "check" target (and possibly the TAP driver). The +# system "awk" is bad on some platforms. # Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AMTAR='$${TAR-tar}' @@ -3224,6 +3246,7 @@ as_fn_error $? "Your 'rm' program is bad, sorry." "$LINENO" 5 fi fi + # Make sure we can run config.sub. $SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 || as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5 @@ -4848,6 +4871,25 @@ with_distro="oracle" fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/sparclinux-release" >&5 +$as_echo_n "checking for /etc/sparclinux-release... " >&6; } +if ${ac_cv_file__etc_sparclinux_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/sparclinux-release"; then + ac_cv_file__etc_sparclinux_release=yes +else + ac_cv_file__etc_sparclinux_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_sparclinux_release" >&5 +$as_echo "$ac_cv_file__etc_sparclinux_release" >&6; } +if test "x$ac_cv_file__etc_sparclinux_release" = xyes; then : + with_distro="sparclinux" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/centos-release" >&5 $as_echo_n "checking for /etc/centos-release... " >&6; } if ${ac_cv_file__etc_centos_release+:} false; then : @@ -4981,6 +5023,25 @@ with_distro="slackware" fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/plamo-version" >&5 +$as_echo_n "checking for /etc/plamo-version... " >&6; } +if ${ac_cv_file__etc_plamo_version+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/plamo-version"; then + ac_cv_file__etc_plamo_version=yes +else + ac_cv_file__etc_plamo_version=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_plamo_version" >&5 +$as_echo "$ac_cv_file__etc_plamo_version" >&6; } +if test "x$ac_cv_file__etc_plamo_version" = xyes; then : + with_distro="plamo" +fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/frugalware-release" >&5 $as_echo_n "checking for /etc/frugalware-release... " >&6; } if ${ac_cv_file__etc_frugalware_release+:} false; then : @@ -5057,9 +5118,32 @@ with_distro="pardus" fi + { $as_echo "$as_me:${as_lineno-$LINENO}: checking for /etc/altlinux-release" >&5 +$as_echo_n "checking for /etc/altlinux-release... " >&6; } +if ${ac_cv_file__etc_altlinux_release+:} false; then : + $as_echo_n "(cached) " >&6 +else + test "$cross_compiling" = yes && + as_fn_error $? "cannot check for file existence when cross compiling" "$LINENO" 5 +if test -r "/etc/altlinux-release"; then + ac_cv_file__etc_altlinux_release=yes +else + ac_cv_file__etc_altlinux_release=no +fi +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_file__etc_altlinux_release" >&5 +$as_echo "$ac_cv_file__etc_altlinux_release" >&6; } +if test "x$ac_cv_file__etc_altlinux_release" = xyes; then : + with_distro="altlinux" +fi + fi with_distro=`echo ${with_distro} | tr '[:upper:]' '[:lower:]'` +if test "z$with_distro" = "zforsparc"; then + with_distro="sparclinux" +fi + if test "z$with_distro" = "z"; then with_distro="unknown" fi @@ -5068,7 +5152,7 @@ distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/default" ;; - redhat|centos|fedora|oracle|oracleserver|suse|opensuse*) + redhat|centos|fedora|oracle|oracleserver|sparclinux|altlinux|suse|opensuse*|plamo) distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/sysconfig" ;; @@ -5113,10 +5197,10 @@ case "$with_init_script" in distro) case $with_distro in - fedora|opensuse*) + fedora|altlinux|opensuse*) init_script=systemd ;; - redhat|centos|oracle|oracleserver) + redhat|centos|oracle|oracleserver|sparclinux|plamo) init_script=sysvinit ;; debian|raspbian) @@ -5192,6 +5276,23 @@ fi +# Allow enabling deprecated executables +# Check whether --enable-deprecated was given. +if test "${enable_deprecated+set}" = set; then : + enableval=$enable_deprecated; +else + enable_deprecated=false +fi + + if test "x$enable_deprecated" = "xyes"; then + ENABLE_DEPRECATED_TRUE= + ENABLE_DEPRECATED_FALSE='#' +else + ENABLE_DEPRECATED_TRUE='#' + ENABLE_DEPRECATED_FALSE= +fi + + # Allow disabling rpath # Check whether --enable-rpath was given. if test "${enable_rpath+set}" = set; then : @@ -7140,7 +7241,6 @@ # shell variable SOURCE. -# PKG_CHECK_VAR # Lua module and scripts @@ -7884,7 +7984,8 @@ if test -z "$ENABLE_LUA_TRUE"; then : { $as_echo "$as_me:${as_lineno-$LINENO}: checking Lua version" >&5 $as_echo_n "checking Lua version... " >&6; } - if test -n "$LUA_VERSION"; then + +if test -n "$LUA_VERSION"; then pkg_cv_LUA_VERSION="$LUA_VERSION" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ @@ -7901,9 +8002,11 @@ else pkg_failed=untried fi - LUA_VERSION=$pkg_cv_LUA_VERSION - if test "x$LUA_VERSION" = x""; then : - if test -n "$LUA_VERSION"; then +LUA_VERSION=$pkg_cv_LUA_VERSION + +if test "x$LUA_VERSION" = x""; then : + +if test -n "$LUA_VERSION"; then pkg_cv_LUA_VERSION="$LUA_VERSION" elif test -n "$PKG_CONFIG"; then if test -n "$PKG_CONFIG" && \ @@ -7920,8 +8023,9 @@ else pkg_failed=untried fi - LUA_VERSION=$pkg_cv_LUA_VERSION - if test "x$LUA_VERSION" = x""; then : +LUA_VERSION=$pkg_cv_LUA_VERSION + +if test "x$LUA_VERSION" = x""; then : fi fi @@ -8387,7 +8491,7 @@ EXP_VAR=LXC_GENERATE_DATE - FROM_VAR="$(date)" + FROM_VAR="$(date --utc --date=@${SOURCE_DATE_EPOCH:-$(date +%s)} '+%Y-%m-%d')" prefix_save=$prefix exec_prefix_save=$exec_prefix @@ -8666,6 +8770,34 @@ exec_prefix=$exec_prefix_save + EXP_VAR=LXCBINHOOKDIR + FROM_VAR="$libexecdir/lxc/hooks" + + prefix_save=$prefix + exec_prefix_save=$exec_prefix + + if test "x$prefix" = "xNONE"; then + prefix="$ac_default_prefix" + fi + if test "x$exec_prefix" = "xNONE"; then + exec_prefix=$prefix + fi + + full_var="$FROM_VAR" + while true; do + new_full_var="`eval echo $full_var`" + if test "x$new_full_var" = "x$full_var"; then break; fi + full_var=$new_full_var + done + + full_var=$new_full_var + LXCBINHOOKDIR="$full_var" + + + prefix=$prefix_save + exec_prefix=$exec_prefix_save + + EXP_VAR=LXCINITDIR FROM_VAR="$libexecdir" @@ -9010,6 +9142,36 @@ fi done +for ac_func in getsubopt +do : + ac_fn_c_check_func "$LINENO" "getsubopt" "ac_cv_func_getsubopt" +if test "x$ac_cv_func_getsubopt" = xyes; then : + cat >>confdefs.h <<_ACEOF +#define HAVE_GETSUBOPT 1 +_ACEOF + if true; then + HAVE_GETSUBOPT_TRUE= + HAVE_GETSUBOPT_FALSE='#' +else + HAVE_GETSUBOPT_TRUE='#' + HAVE_GETSUBOPT_FALSE= +fi + + +$as_echo "#define HAVE_GETSUBOPT 1" >>confdefs.h + +else + if false; then + HAVE_GETSUBOPT_TRUE= + HAVE_GETSUBOPT_FALSE='#' +else + HAVE_GETSUBOPT_TRUE='#' + HAVE_GETSUBOPT_FALSE= +fi + +fi +done + for ac_func in fgetln do : ac_fn_c_check_func "$LINENO" "fgetln" "ac_cv_func_fgetln" @@ -9305,7 +9467,7 @@ fi # Files requiring some variable expansion -ac_config_files="$ac_config_files Makefile lxc.pc lxc.spec config/Makefile config/apparmor/Makefile config/selinux/Makefile config/bash/Makefile config/bash/lxc config/init/Makefile config/init/common/Makefile config/init/common/lxc-containers config/init/common/lxc-net config/init/systemd/Makefile config/init/systemd/lxc.service config/init/systemd/lxc-net.service config/init/sysvinit/Makefile config/init/sysvinit/lxc-containers config/init/sysvinit/lxc-net config/init/upstart/lxc-net.conf config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile config/templates/archlinux.common.conf config/templates/archlinux.userns.conf config/templates/centos.common.conf config/templates/centos.userns.conf config/templates/common.conf config/templates/common.conf.d/Makefile config/templates/debian.common.conf config/templates/debian.userns.conf config/templates/fedora.common.conf config/templates/fedora.userns.conf config/templates/gentoo.common.conf config/templates/gentoo.moresecure.conf config/templates/gentoo.userns.conf config/templates/nesting.conf config/templates/opensuse.common.conf config/templates/opensuse.userns.conf config/templates/oracle.common.conf config/templates/oracle.userns.conf config/templates/plamo.common.conf config/templates/plamo.userns.conf config/templates/ubuntu-cloud.common.conf config/templates/ubuntu-cloud.lucid.conf config/templates/ubuntu-cloud.userns.conf config/templates/ubuntu.common.conf config/templates/ubuntu.lucid.conf config/templates/ubuntu.userns.conf config/templates/openwrt.common.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile config/sysconfig/lxc doc/Makefile doc/api/Makefile doc/legacy/lxc-ls.sgml doc/lxc-attach.sgml doc/lxc-autostart.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-checkpoint.sgml doc/lxc-clone.sgml doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-snapshot.sgml doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml doc/lxc-user-nic.sgml doc/lxc-usernsexec.sgml doc/lxc-wait.sgml doc/lxc.conf.sgml doc/lxc.container.conf.sgml doc/lxc.system.conf.sgml doc/lxc-usernet.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml doc/rootfs/Makefile doc/examples/Makefile doc/examples/lxc-macvlan.conf doc/examples/lxc-vlan.conf doc/examples/lxc-no-netns.conf doc/examples/lxc-empty-netns.conf doc/examples/lxc-phys.conf doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf doc/ja/Makefile doc/ja/legacy/lxc-ls.sgml doc/ja/lxc-attach.sgml doc/ja/lxc-autostart.sgml doc/ja/lxc-cgroup.sgml doc/ja/lxc-checkconfig.sgml doc/ja/lxc-checkpoint.sgml doc/ja/lxc-clone.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml doc/ja/lxc-create.sgml doc/ja/lxc-destroy.sgml doc/ja/lxc-device.sgml doc/ja/lxc-execute.sgml doc/ja/lxc-freeze.sgml doc/ja/lxc-info.sgml doc/ja/lxc-ls.sgml doc/ja/lxc-monitor.sgml doc/ja/lxc-snapshot.sgml doc/ja/lxc-start-ephemeral.sgml doc/ja/lxc-start.sgml doc/ja/lxc-stop.sgml doc/ja/lxc-top.sgml doc/ja/lxc-unfreeze.sgml doc/ja/lxc-unshare.sgml doc/ja/lxc-user-nic.sgml doc/ja/lxc-usernsexec.sgml doc/ja/lxc-wait.sgml doc/ja/lxc.conf.sgml doc/ja/lxc.container.conf.sgml doc/ja/lxc.system.conf.sgml doc/ja/lxc-usernet.sgml doc/ja/lxc.sgml doc/ja/common_options.sgml doc/ja/see_also.sgml hooks/Makefile templates/Makefile templates/lxc-alpine templates/lxc-altlinux templates/lxc-archlinux templates/lxc-busybox templates/lxc-centos templates/lxc-cirros templates/lxc-debian templates/lxc-download templates/lxc-fedora templates/lxc-gentoo templates/lxc-openmandriva templates/lxc-opensuse templates/lxc-oracle templates/lxc-plamo templates/lxc-sshd templates/lxc-ubuntu templates/lxc-ubuntu-cloud src/Makefile src/lxc/Makefile src/lxc/lxc-checkconfig src/lxc/lxc-ls src/lxc/lxc-start-ephemeral src/lxc/legacy/lxc-ls src/lxc/lxc.functions src/lxc/version.h src/python-lxc/Makefile src/python-lxc/setup.py src/lua-lxc/Makefile src/tests/Makefile src/tests/lxc-test-usernic" +ac_config_files="$ac_config_files Makefile lxc.pc lxc.spec config/Makefile config/apparmor/Makefile config/selinux/Makefile config/bash/Makefile config/bash/lxc config/init/Makefile config/init/common/Makefile config/init/common/lxc-containers config/init/common/lxc-net config/init/systemd/Makefile config/init/systemd/lxc.service config/init/systemd/lxc@.service config/init/systemd/lxc-net.service config/init/sysvinit/Makefile config/init/sysvinit/lxc-containers config/init/sysvinit/lxc-net config/init/upstart/lxc.conf config/init/upstart/lxc-net.conf config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile config/templates/alpine.common.conf config/templates/alpine.userns.conf config/templates/archlinux.common.conf config/templates/archlinux.userns.conf config/templates/centos.common.conf config/templates/centos.userns.conf config/templates/common.conf config/templates/common.conf.d/Makefile config/templates/debian.common.conf config/templates/debian.userns.conf config/templates/fedora.common.conf config/templates/fedora.userns.conf config/templates/gentoo.common.conf config/templates/gentoo.moresecure.conf config/templates/gentoo.userns.conf config/templates/nesting.conf config/templates/opensuse.common.conf config/templates/opensuse.userns.conf config/templates/oracle.common.conf config/templates/oracle.userns.conf config/templates/plamo.common.conf config/templates/plamo.userns.conf config/templates/slackware.common.conf config/templates/slackware.userns.conf config/templates/ubuntu-cloud.common.conf config/templates/ubuntu-cloud.lucid.conf config/templates/ubuntu-cloud.userns.conf config/templates/ubuntu.common.conf config/templates/ubuntu.lucid.conf config/templates/ubuntu.userns.conf config/templates/openwrt.common.conf config/templates/sparclinux.common.conf config/templates/sparclinux.userns.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile config/sysconfig/lxc doc/Makefile doc/api/Makefile doc/lxc-attach.sgml doc/lxc-autostart.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-checkpoint.sgml doc/lxc-clone.sgml doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-copy.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-snapshot.sgml doc/lxc-start-ephemeral.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml doc/lxc-user-nic.sgml doc/lxc-usernsexec.sgml doc/lxc-wait.sgml doc/lxc.conf.sgml doc/lxc.container.conf.sgml doc/lxc.system.conf.sgml doc/lxc-usernet.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml doc/rootfs/Makefile doc/examples/Makefile doc/examples/lxc-macvlan.conf doc/examples/lxc-vlan.conf doc/examples/lxc-no-netns.conf doc/examples/lxc-empty-netns.conf doc/examples/lxc-phys.conf doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf doc/ja/Makefile doc/ja/lxc-attach.sgml doc/ja/lxc-autostart.sgml doc/ja/lxc-cgroup.sgml doc/ja/lxc-checkconfig.sgml doc/ja/lxc-checkpoint.sgml doc/ja/lxc-clone.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml doc/ja/lxc-copy.sgml doc/ja/lxc-create.sgml doc/ja/lxc-destroy.sgml doc/ja/lxc-device.sgml doc/ja/lxc-execute.sgml doc/ja/lxc-freeze.sgml doc/ja/lxc-info.sgml doc/ja/lxc-ls.sgml doc/ja/lxc-monitor.sgml doc/ja/lxc-snapshot.sgml doc/ja/lxc-start-ephemeral.sgml doc/ja/lxc-start.sgml doc/ja/lxc-stop.sgml doc/ja/lxc-top.sgml doc/ja/lxc-unfreeze.sgml doc/ja/lxc-unshare.sgml doc/ja/lxc-user-nic.sgml doc/ja/lxc-usernsexec.sgml doc/ja/lxc-wait.sgml doc/ja/lxc.conf.sgml doc/ja/lxc.container.conf.sgml doc/ja/lxc.system.conf.sgml doc/ja/lxc-usernet.sgml doc/ja/lxc.sgml doc/ja/common_options.sgml doc/ja/see_also.sgml doc/ko/Makefile doc/ko/lxc-attach.sgml doc/ko/lxc-autostart.sgml doc/ko/lxc-cgroup.sgml doc/ko/lxc-checkconfig.sgml doc/ko/lxc-checkpoint.sgml doc/ko/lxc-clone.sgml doc/ko/lxc-config.sgml doc/ko/lxc-console.sgml doc/ko/lxc-copy.sgml doc/ko/lxc-create.sgml doc/ko/lxc-destroy.sgml doc/ko/lxc-device.sgml doc/ko/lxc-execute.sgml doc/ko/lxc-freeze.sgml doc/ko/lxc-info.sgml doc/ko/lxc-ls.sgml doc/ko/lxc-monitor.sgml doc/ko/lxc-snapshot.sgml doc/ko/lxc-start-ephemeral.sgml doc/ko/lxc-start.sgml doc/ko/lxc-stop.sgml doc/ko/lxc-top.sgml doc/ko/lxc-unfreeze.sgml doc/ko/lxc-unshare.sgml doc/ko/lxc-user-nic.sgml doc/ko/lxc-usernsexec.sgml doc/ko/lxc-wait.sgml doc/ko/lxc.conf.sgml doc/ko/lxc.container.conf.sgml doc/ko/lxc.system.conf.sgml doc/ko/lxc-usernet.sgml doc/ko/lxc.sgml doc/ko/common_options.sgml doc/ko/see_also.sgml hooks/Makefile templates/Makefile templates/lxc-alpine templates/lxc-altlinux templates/lxc-archlinux templates/lxc-busybox templates/lxc-centos templates/lxc-cirros templates/lxc-debian templates/lxc-download templates/lxc-fedora templates/lxc-gentoo templates/lxc-openmandriva templates/lxc-opensuse templates/lxc-oracle templates/lxc-plamo templates/lxc-slackware templates/lxc-sshd templates/lxc-ubuntu templates/lxc-ubuntu-cloud templates/lxc-sparclinux src/Makefile src/lxc/Makefile src/lxc/lxc-checkconfig src/lxc/lxc-start-ephemeral src/lxc/lxc.functions src/lxc/version.h src/python-lxc/Makefile src/python-lxc/setup.py src/lua-lxc/Makefile src/tests/Makefile src/tests/lxc-test-usernic" ac_config_commands="$ac_config_commands default" @@ -9462,6 +9624,10 @@ as_fn_error $? "conditional \"INIT_SCRIPT_UPSTART\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${ENABLE_DEPRECATED_TRUE}" && test -z "${ENABLE_DEPRECATED_FALSE}"; then + as_fn_error $? "conditional \"ENABLE_DEPRECATED\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${ENABLE_RPATH_TRUE}" && test -z "${ENABLE_RPATH_FALSE}"; then as_fn_error $? "conditional \"ENABLE_RPATH\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -9542,6 +9708,14 @@ as_fn_error $? "conditional \"HAVE_GETLINE\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 fi +if test -z "${HAVE_GETSUBOPT_TRUE}" && test -z "${HAVE_GETSUBOPT_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GETSUBOPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi +if test -z "${HAVE_GETSUBOPT_TRUE}" && test -z "${HAVE_GETSUBOPT_FALSE}"; then + as_fn_error $? "conditional \"HAVE_GETSUBOPT\" was never defined. +Usually this means the macro was only invoked conditionally." "$LINENO" 5 +fi if test -z "${HAVE_FGETLN_TRUE}" && test -z "${HAVE_FGETLN_FALSE}"; then as_fn_error $? "conditional \"HAVE_FGETLN\" was never defined. Usually this means the macro was only invoked conditionally." "$LINENO" 5 @@ -9947,7 +10121,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by lxc $as_me 1.1.5, which was +This file was extended by lxc $as_me 2.0.1, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -10017,7 +10191,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -lxc config.status 1.1.5 +lxc config.status 2.0.1 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" @@ -10164,14 +10338,18 @@ "config/init/common/lxc-net") CONFIG_FILES="$CONFIG_FILES config/init/common/lxc-net" ;; "config/init/systemd/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/systemd/Makefile" ;; "config/init/systemd/lxc.service") CONFIG_FILES="$CONFIG_FILES config/init/systemd/lxc.service" ;; + "config/init/systemd/lxc@.service") CONFIG_FILES="$CONFIG_FILES config/init/systemd/lxc@.service" ;; "config/init/systemd/lxc-net.service") CONFIG_FILES="$CONFIG_FILES config/init/systemd/lxc-net.service" ;; "config/init/sysvinit/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/sysvinit/Makefile" ;; "config/init/sysvinit/lxc-containers") CONFIG_FILES="$CONFIG_FILES config/init/sysvinit/lxc-containers" ;; "config/init/sysvinit/lxc-net") CONFIG_FILES="$CONFIG_FILES config/init/sysvinit/lxc-net" ;; + "config/init/upstart/lxc.conf") CONFIG_FILES="$CONFIG_FILES config/init/upstart/lxc.conf" ;; "config/init/upstart/lxc-net.conf") CONFIG_FILES="$CONFIG_FILES config/init/upstart/lxc-net.conf" ;; "config/init/upstart/Makefile") CONFIG_FILES="$CONFIG_FILES config/init/upstart/Makefile" ;; "config/etc/Makefile") CONFIG_FILES="$CONFIG_FILES config/etc/Makefile" ;; "config/templates/Makefile") CONFIG_FILES="$CONFIG_FILES config/templates/Makefile" ;; + "config/templates/alpine.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/alpine.common.conf" ;; + "config/templates/alpine.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/alpine.userns.conf" ;; "config/templates/archlinux.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/archlinux.common.conf" ;; "config/templates/archlinux.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/archlinux.userns.conf" ;; "config/templates/centos.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/centos.common.conf" ;; @@ -10192,6 +10370,8 @@ "config/templates/oracle.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/oracle.userns.conf" ;; "config/templates/plamo.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/plamo.common.conf" ;; "config/templates/plamo.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/plamo.userns.conf" ;; + "config/templates/slackware.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/slackware.common.conf" ;; + "config/templates/slackware.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/slackware.userns.conf" ;; "config/templates/ubuntu-cloud.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.common.conf" ;; "config/templates/ubuntu-cloud.lucid.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.lucid.conf" ;; "config/templates/ubuntu-cloud.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu-cloud.userns.conf" ;; @@ -10199,13 +10379,14 @@ "config/templates/ubuntu.lucid.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu.lucid.conf" ;; "config/templates/ubuntu.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/ubuntu.userns.conf" ;; "config/templates/openwrt.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/openwrt.common.conf" ;; + "config/templates/sparclinux.common.conf") CONFIG_FILES="$CONFIG_FILES config/templates/sparclinux.common.conf" ;; + "config/templates/sparclinux.userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/sparclinux.userns.conf" ;; "config/templates/userns.conf") CONFIG_FILES="$CONFIG_FILES config/templates/userns.conf" ;; "config/yum/Makefile") CONFIG_FILES="$CONFIG_FILES config/yum/Makefile" ;; "config/sysconfig/Makefile") CONFIG_FILES="$CONFIG_FILES config/sysconfig/Makefile" ;; "config/sysconfig/lxc") CONFIG_FILES="$CONFIG_FILES config/sysconfig/lxc" ;; "doc/Makefile") CONFIG_FILES="$CONFIG_FILES doc/Makefile" ;; "doc/api/Makefile") CONFIG_FILES="$CONFIG_FILES doc/api/Makefile" ;; - "doc/legacy/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/legacy/lxc-ls.sgml" ;; "doc/lxc-attach.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-attach.sgml" ;; "doc/lxc-autostart.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-autostart.sgml" ;; "doc/lxc-cgroup.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-cgroup.sgml" ;; @@ -10214,6 +10395,7 @@ "doc/lxc-clone.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-clone.sgml" ;; "doc/lxc-config.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-config.sgml" ;; "doc/lxc-console.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-console.sgml" ;; + "doc/lxc-copy.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-copy.sgml" ;; "doc/lxc-create.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-create.sgml" ;; "doc/lxc-destroy.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-destroy.sgml" ;; "doc/lxc-device.sgml") CONFIG_FILES="$CONFIG_FILES doc/lxc-device.sgml" ;; @@ -10249,7 +10431,6 @@ "doc/examples/lxc-veth.conf") CONFIG_FILES="$CONFIG_FILES doc/examples/lxc-veth.conf" ;; "doc/examples/lxc-complex.conf") CONFIG_FILES="$CONFIG_FILES doc/examples/lxc-complex.conf" ;; "doc/ja/Makefile") CONFIG_FILES="$CONFIG_FILES doc/ja/Makefile" ;; - "doc/ja/legacy/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/legacy/lxc-ls.sgml" ;; "doc/ja/lxc-attach.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-attach.sgml" ;; "doc/ja/lxc-autostart.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-autostart.sgml" ;; "doc/ja/lxc-cgroup.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-cgroup.sgml" ;; @@ -10258,6 +10439,7 @@ "doc/ja/lxc-clone.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-clone.sgml" ;; "doc/ja/lxc-config.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-config.sgml" ;; "doc/ja/lxc-console.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-console.sgml" ;; + "doc/ja/lxc-copy.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-copy.sgml" ;; "doc/ja/lxc-create.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-create.sgml" ;; "doc/ja/lxc-destroy.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-destroy.sgml" ;; "doc/ja/lxc-device.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc-device.sgml" ;; @@ -10283,6 +10465,41 @@ "doc/ja/lxc.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/lxc.sgml" ;; "doc/ja/common_options.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/common_options.sgml" ;; "doc/ja/see_also.sgml") CONFIG_FILES="$CONFIG_FILES doc/ja/see_also.sgml" ;; + "doc/ko/Makefile") CONFIG_FILES="$CONFIG_FILES doc/ko/Makefile" ;; + "doc/ko/lxc-attach.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-attach.sgml" ;; + "doc/ko/lxc-autostart.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-autostart.sgml" ;; + "doc/ko/lxc-cgroup.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-cgroup.sgml" ;; + "doc/ko/lxc-checkconfig.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-checkconfig.sgml" ;; + "doc/ko/lxc-checkpoint.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-checkpoint.sgml" ;; + "doc/ko/lxc-clone.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-clone.sgml" ;; + "doc/ko/lxc-config.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-config.sgml" ;; + "doc/ko/lxc-console.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-console.sgml" ;; + "doc/ko/lxc-copy.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-copy.sgml" ;; + "doc/ko/lxc-create.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-create.sgml" ;; + "doc/ko/lxc-destroy.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-destroy.sgml" ;; + "doc/ko/lxc-device.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-device.sgml" ;; + "doc/ko/lxc-execute.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-execute.sgml" ;; + "doc/ko/lxc-freeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-freeze.sgml" ;; + "doc/ko/lxc-info.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-info.sgml" ;; + "doc/ko/lxc-ls.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-ls.sgml" ;; + "doc/ko/lxc-monitor.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-monitor.sgml" ;; + "doc/ko/lxc-snapshot.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-snapshot.sgml" ;; + "doc/ko/lxc-start-ephemeral.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-start-ephemeral.sgml" ;; + "doc/ko/lxc-start.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-start.sgml" ;; + "doc/ko/lxc-stop.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-stop.sgml" ;; + "doc/ko/lxc-top.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-top.sgml" ;; + "doc/ko/lxc-unfreeze.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-unfreeze.sgml" ;; + "doc/ko/lxc-unshare.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-unshare.sgml" ;; + "doc/ko/lxc-user-nic.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-user-nic.sgml" ;; + "doc/ko/lxc-usernsexec.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-usernsexec.sgml" ;; + "doc/ko/lxc-wait.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-wait.sgml" ;; + "doc/ko/lxc.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc.conf.sgml" ;; + "doc/ko/lxc.container.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc.container.conf.sgml" ;; + "doc/ko/lxc.system.conf.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc.system.conf.sgml" ;; + "doc/ko/lxc-usernet.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc-usernet.sgml" ;; + "doc/ko/lxc.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/lxc.sgml" ;; + "doc/ko/common_options.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/common_options.sgml" ;; + "doc/ko/see_also.sgml") CONFIG_FILES="$CONFIG_FILES doc/ko/see_also.sgml" ;; "hooks/Makefile") CONFIG_FILES="$CONFIG_FILES hooks/Makefile" ;; "templates/Makefile") CONFIG_FILES="$CONFIG_FILES templates/Makefile" ;; "templates/lxc-alpine") CONFIG_FILES="$CONFIG_FILES templates/lxc-alpine" ;; @@ -10299,15 +10516,15 @@ "templates/lxc-opensuse") CONFIG_FILES="$CONFIG_FILES templates/lxc-opensuse" ;; "templates/lxc-oracle") CONFIG_FILES="$CONFIG_FILES templates/lxc-oracle" ;; "templates/lxc-plamo") CONFIG_FILES="$CONFIG_FILES templates/lxc-plamo" ;; + "templates/lxc-slackware") CONFIG_FILES="$CONFIG_FILES templates/lxc-slackware" ;; "templates/lxc-sshd") CONFIG_FILES="$CONFIG_FILES templates/lxc-sshd" ;; "templates/lxc-ubuntu") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu" ;; "templates/lxc-ubuntu-cloud") CONFIG_FILES="$CONFIG_FILES templates/lxc-ubuntu-cloud" ;; + "templates/lxc-sparclinux") CONFIG_FILES="$CONFIG_FILES templates/lxc-sparclinux" ;; "src/Makefile") CONFIG_FILES="$CONFIG_FILES src/Makefile" ;; "src/lxc/Makefile") CONFIG_FILES="$CONFIG_FILES src/lxc/Makefile" ;; "src/lxc/lxc-checkconfig") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-checkconfig" ;; - "src/lxc/lxc-ls") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-ls" ;; "src/lxc/lxc-start-ephemeral") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc-start-ephemeral" ;; - "src/lxc/legacy/lxc-ls") CONFIG_FILES="$CONFIG_FILES src/lxc/legacy/lxc-ls" ;; "src/lxc/lxc.functions") CONFIG_FILES="$CONFIG_FILES src/lxc/lxc.functions" ;; "src/lxc/version.h") CONFIG_FILES="$CONFIG_FILES src/lxc/version.h" ;; "src/python-lxc/Makefile") CONFIG_FILES="$CONFIG_FILES src/python-lxc/Makefile" ;; diff -Nru lxc-1.1.5/configure.ac lxc-2.0.1/configure.ac --- lxc-1.1.5/configure.ac 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/configure.ac 2016-05-16 20:38:39.000000000 +0000 @@ -1,10 +1,11 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -m4_define([lxc_version_major], 1) -m4_define([lxc_version_minor], 1) -m4_define([lxc_version_micro], 5) +m4_define([lxc_version_major], 2) +m4_define([lxc_version_minor], 0) +m4_define([lxc_version_micro], 1) m4_define([lxc_version_beta], []) +m4_define([lxc_version_abi], 1.2.0) m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) m4_define([lxc_version], @@ -21,6 +22,7 @@ AC_SUBST([LXC_VERSION_MAJOR], [lxc_version_major]) AC_SUBST([LXC_VERSION_MINOR], [lxc_version_minor]) AC_SUBST([LXC_VERSION_MICRO], [lxc_version_micro]) +AC_SUBST([LXC_VERSION_ABI], [lxc_version_abi]) AC_SUBST([LXC_VERSION], [lxc_version]) AC_CONFIG_SRCDIR([configure.ac]) @@ -34,13 +36,14 @@ # Detect the distribution. This is used for the default configuration and # for some distro-specific build options. AC_MSG_CHECKING([host distribution]) -AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, paldo, openmandriva or pardus.])) +AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, plamo, paldo, openmandriva, pardus, sparclinux, altlinux.])) if type lsb_release >/dev/null 2>&1 && test "z$with_distro" = "z"; then with_distro=`lsb_release -is` fi if test "z$with_distro" = "z"; then AC_CHECK_FILE(/etc/redhat-release,with_distro="redhat") AC_CHECK_FILE(/etc/oracle-release,with_distro="oracle") + AC_CHECK_FILE(/etc/sparclinux-release,with_distro="sparclinux") AC_CHECK_FILE(/etc/centos-release,with_distro="centos") AC_CHECK_FILE(/etc/fedora-release,with_distro="fedora") AC_CHECK_FILE(/etc/SuSE-release,with_distro="suse") @@ -48,13 +51,19 @@ AC_CHECK_FILE(/etc/debian_version,with_distro="debian") AC_CHECK_FILE(/etc/arch-release,with_distro="arch") AC_CHECK_FILE(/etc/slackware-version,with_distro="slackware") + AC_CHECK_FILE(/etc/plamo-version,with_distro="plamo") AC_CHECK_FILE(/etc/frugalware-release,with_distro="frugalware") AC_CHECK_FILE(/etc/mandrakelinux-release, with_distro="openmandriva") AC_CHECK_FILE(/etc/mandriva-release,with_distro="openmandriva") AC_CHECK_FILE(/etc/pardus-release,with_distro="pardus") + AC_CHECK_FILE(/etc/altlinux-release,with_distro="altlinux") fi with_distro=`echo ${with_distro} | tr '[[:upper:]]' '[[:lower:]]'` +if test "z$with_distro" = "zforsparc"; then + with_distro="sparclinux" +fi + if test "z$with_distro" = "z"; then with_distro="unknown" fi @@ -63,7 +72,7 @@ distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/default" ;; - redhat|centos|fedora|oracle|oracleserver|suse|opensuse*) + redhat|centos|fedora|oracle|oracleserver|sparclinux|altlinux|suse|opensuse*|plamo) distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/sysconfig" ;; @@ -87,10 +96,10 @@ case "$with_init_script" in distro) case $with_distro in - fedora|opensuse*) + fedora|altlinux|opensuse*) init_script=systemd ;; - redhat|centos|oracle|oracleserver) + redhat|centos|oracle|oracleserver|sparclinux|plamo) init_script=sysvinit ;; debian|raspbian) @@ -139,6 +148,13 @@ AC_SUBST([SYSTEMD_UNIT_DIR], [$with_systemdsystemunitdir]) fi +# Allow enabling deprecated executables +AC_ARG_ENABLE([deprecated], + [AC_HELP_STRING([--enable-deprecated], + [enable deprecated executables [default=no]])], + [], [enable_deprecated=false]) +AM_CONDITIONAL([ENABLE_DEPRECATED], [test "x$enable_deprecated" = "xyes"]) + # Allow disabling rpath AC_ARG_ENABLE([rpath], [AC_HELP_STRING([--enable-rpath], [set rpath in executables [default=no]])], @@ -529,7 +545,7 @@ AS_AC_EXPAND(DATADIR, "$datadir") AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir") AS_AC_EXPAND(DOCDIR, "$docdir") -AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date)") +AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date --utc --date=@${SOURCE_DATE_EPOCH:-$(date +%s)} '+%Y-%m-%d')") AS_AC_EXPAND(LXCPATH, "$with_config_path") AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf") AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf") @@ -539,6 +555,7 @@ AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates") AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config") AS_AC_EXPAND(LXCHOOKDIR, "$datadir/lxc/hooks") +AS_AC_EXPAND(LXCBINHOOKDIR, "$libexecdir/lxc/hooks") AS_AC_EXPAND(LXCINITDIR, "$libexecdir") AS_AC_EXPAND(LOGPATH, "$with_log_path") AS_AC_EXPAND(RUNTIME_PATH, "$with_runtime_path") @@ -588,6 +605,10 @@ AM_CONDITIONAL(HAVE_GETLINE, true) AC_DEFINE(HAVE_GETLINE,1,[Have getline]), AM_CONDITIONAL(HAVE_GETLINE, false)) +AC_CHECK_FUNCS([getsubopt], + AM_CONDITIONAL(HAVE_GETSUBOPT, true) + AC_DEFINE(HAVE_GETSUBOPT,1,[Have getsubopt]), + AM_CONDITIONAL(HAVE_GETSUBOPT, false)) AC_CHECK_FUNCS([fgetln], AM_CONDITIONAL(HAVE_FGETLN, true) AC_DEFINE(HAVE_FGETLN,1,[Have fgetln]), @@ -625,14 +646,18 @@ config/init/common/lxc-net config/init/systemd/Makefile config/init/systemd/lxc.service + config/init/systemd/lxc@.service config/init/systemd/lxc-net.service config/init/sysvinit/Makefile config/init/sysvinit/lxc-containers config/init/sysvinit/lxc-net + config/init/upstart/lxc.conf config/init/upstart/lxc-net.conf config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile + config/templates/alpine.common.conf + config/templates/alpine.userns.conf config/templates/archlinux.common.conf config/templates/archlinux.userns.conf config/templates/centos.common.conf @@ -653,6 +678,8 @@ config/templates/oracle.userns.conf config/templates/plamo.common.conf config/templates/plamo.userns.conf + config/templates/slackware.common.conf + config/templates/slackware.userns.conf config/templates/ubuntu-cloud.common.conf config/templates/ubuntu-cloud.lucid.conf config/templates/ubuntu-cloud.userns.conf @@ -660,6 +687,8 @@ config/templates/ubuntu.lucid.conf config/templates/ubuntu.userns.conf config/templates/openwrt.common.conf + config/templates/sparclinux.common.conf + config/templates/sparclinux.userns.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile @@ -667,7 +696,6 @@ doc/Makefile doc/api/Makefile - doc/legacy/lxc-ls.sgml doc/lxc-attach.sgml doc/lxc-autostart.sgml doc/lxc-cgroup.sgml @@ -676,6 +704,7 @@ doc/lxc-clone.sgml doc/lxc-config.sgml doc/lxc-console.sgml + doc/lxc-copy.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml @@ -715,7 +744,6 @@ doc/examples/lxc-complex.conf doc/ja/Makefile - doc/ja/legacy/lxc-ls.sgml doc/ja/lxc-attach.sgml doc/ja/lxc-autostart.sgml doc/ja/lxc-cgroup.sgml @@ -724,6 +752,7 @@ doc/ja/lxc-clone.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml + doc/ja/lxc-copy.sgml doc/ja/lxc-create.sgml doc/ja/lxc-destroy.sgml doc/ja/lxc-device.sgml @@ -751,6 +780,43 @@ doc/ja/common_options.sgml doc/ja/see_also.sgml + doc/ko/Makefile + doc/ko/lxc-attach.sgml + doc/ko/lxc-autostart.sgml + doc/ko/lxc-cgroup.sgml + doc/ko/lxc-checkconfig.sgml + doc/ko/lxc-checkpoint.sgml + doc/ko/lxc-clone.sgml + doc/ko/lxc-config.sgml + doc/ko/lxc-console.sgml + doc/ko/lxc-copy.sgml + doc/ko/lxc-create.sgml + doc/ko/lxc-destroy.sgml + doc/ko/lxc-device.sgml + doc/ko/lxc-execute.sgml + doc/ko/lxc-freeze.sgml + doc/ko/lxc-info.sgml + doc/ko/lxc-ls.sgml + doc/ko/lxc-monitor.sgml + doc/ko/lxc-snapshot.sgml + doc/ko/lxc-start-ephemeral.sgml + doc/ko/lxc-start.sgml + doc/ko/lxc-stop.sgml + doc/ko/lxc-top.sgml + doc/ko/lxc-unfreeze.sgml + doc/ko/lxc-unshare.sgml + doc/ko/lxc-user-nic.sgml + doc/ko/lxc-usernsexec.sgml + doc/ko/lxc-wait.sgml + + doc/ko/lxc.conf.sgml + doc/ko/lxc.container.conf.sgml + doc/ko/lxc.system.conf.sgml + doc/ko/lxc-usernet.sgml + doc/ko/lxc.sgml + doc/ko/common_options.sgml + doc/ko/see_also.sgml + hooks/Makefile templates/Makefile @@ -768,16 +834,16 @@ templates/lxc-opensuse templates/lxc-oracle templates/lxc-plamo + templates/lxc-slackware templates/lxc-sshd templates/lxc-ubuntu templates/lxc-ubuntu-cloud + templates/lxc-sparclinux src/Makefile src/lxc/Makefile src/lxc/lxc-checkconfig - src/lxc/lxc-ls src/lxc/lxc-start-ephemeral - src/lxc/legacy/lxc-ls src/lxc/lxc.functions src/lxc/version.h src/python-lxc/Makefile diff -Nru lxc-1.1.5/debian/changelog lxc-2.0.1/debian/changelog --- lxc-1.1.5/debian/changelog 2015-11-18 18:51:00.000000000 +0000 +++ lxc-2.0.1/debian/changelog 2016-06-07 03:57:13.000000000 +0000 @@ -1,15 +1,359 @@ -lxc (1.1.5-0ubuntu3~ubuntu14.04.1) trusty-backports; urgency=medium +lxc (2.0.1-0ubuntu1~ubuntu14.04.1) trusty-backports; urgency=medium - * Backport to trusty (LP: #1517583) + * Backport to trusty * Add a versioned build-dependency on trusty-backports' libseccomp-dev. - * Add a versioned build-dependency on trusty-backports' libcgmanager-dev. - * Add a versioned recommends for liblxc1 on trusty-backports' cgmanager. - * Add a versioned depends for liblxc1 on trusty-backports' cgmanager. - * Add a versioned depends for lxc on trusty-backports' python3-lxc. - This was suggested by Michael Vogt to get us one step closer to - having apt resolve the installation of the lxd backport properly. - -- Stéphane Graber Wed, 18 Nov 2015 13:50:02 -0500 + -- Stéphane Graber Mon, 06 Jun 2016 23:53:12 -0400 + +lxc (2.0.1-0ubuntu1) yakkety; urgency=medium + + * New upstream bugfix release (2.0.1) + - apparmor: Also allow fstype=fuse for fuse filesystems + - attach: adapt lxc-attach tests & add test for pty logging + - attach: don't fail attach on failure to setup a SIGWINCH handler. + - attach: fix a variety of lxc-attach pts handling issues + - attach: switch console pty to raw mode (fixes ncurses-based programs) + - attach: use raw settings of ssh for pty + - bindings: fixed python-lxc reference to var before assignment in create() + - bindings: set PyErr when Container.init fails + - cgfsng: defer to cgfs if needed subsystems are not available + - cgfsng: don't require that systemd subsystem be mounted + - core: Added missing type to keys in lxc_list_nicconfigs + - core: Allow configuration file values to be quoted + - core: log: remove duplicate definitons and bump buffer size + - core: sync: properly fail on unexpected message sizes + - core: Unshare netns after setting the userns mappings + (fixes ownership of /proc/net) + - core: various fixes as reported by static analysis + - c/r: add an option to use faster inotify support in CRIU + - c/r: rearrange things to pass struct migrate_opts all the way down + - doc: ignore temporary files generated by doxygen + - doc: tweak manpage generation date to be compatible with + reproducible builds + - doc: update MAINTAINERS + - doc: update to translated manpages + - init: add missing lsb headers to sysvinit scripts + - init: don't make sysv init scripts dependant on distribution specifics + - init: drop obsolete syslog.target from lxc.service.in + - lxc-attach: add logging option to manpage + - lxc-checkconfig: better render when stdout isn't a terminal + - lxc-create: fix -B best option + - lxc-destroy: avoid double print + - lxc-ls: use fewer syscalls when doing ipc + - templates: Add apt-transport-https to minbase variant of Ubuntu template + - templates: fix a typo in the capabilities name for Gentoo (sys_resource) + - templates: logic fix in the Centos template for RHEL7+ support + - templates: tweak Alpine DHCP configuration to send its hostname + - templates: tweak to network configuration of the Oracle template + + -- Stéphane Graber Mon, 16 May 2016 17:39:23 -0400 + +lxc (2.0.0-0ubuntu2) xenial; urgency=medium + + * Add a distro-info test dependency as it's needed to get information + about new Ubuntu releases. (LP: #1572188) + + This is needed to fix the current autopkgtest failures. + + -- Stéphane Graber Tue, 19 Apr 2016 16:06:32 +0100 + +lxc (2.0.0-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0 final) + - Upstream announcement: https://linuxcontainers.org/lxc/news + - Change from last rc: + + Allow bypassing bdev auto detection by setting lxc.rootfs.backend + This fixes a longstanding performance issue caused by LXC having + to run through all its backends and forking sub-processes to + perform the detection. + * Make new lintian happy: + - Bump to 3.9.7 standards + - Update git URL to https + - Override systemd Documentation field warning (upstream units) + + -- Stéphane Graber Wed, 06 Apr 2016 14:42:39 -0400 + +lxc (2.0.0~rc15-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc15) + - lxc-debian: Update supported release names + - lxc-ubuntu: Fix building on secondary architectures + - Update .gitignore for *.so.* + - Use smarter error handling for lxc_strmmap() + - Use common lxc ordering for included headers + - Fix possible buffer overflow strncat only returns its first + argument and not the end of the written string. Thus "buf-pos" is always + 0 and consquently no range check is performed. + - Use snprintf instead of strncat + - CRIU: Support using the CRIU page server for faster migrations. + This optimization isn't used by default, it requires a custom liblxc1 + client. + - Fix buffer overflow in do_start() + - Fixed indentation and comments + * Drop previously cherry-picked change, now upstream. + + -- Stéphane Graber Thu, 31 Mar 2016 18:14:44 -0400 + +lxc (2.0.0~rc14-0ubuntu2) xenial; urgency=medium + + * Cherry-pick tentative upstream fix: + - lxc-ubuntu: Fix building on secondary architectures + + -- Stéphane Graber Wed, 30 Mar 2016 01:29:09 -0400 + +lxc (2.0.0~rc14-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc14) + - open_without_symlink: Don't SYSERROR on something else than ELOOP + - lxc-busybox: Touch /etc/fstab in the container rootfs + - lxc.spec.in: fixed hardcoded path to lxc-net config file + - sync: add LXC_SYNC_ERROR to report errors from another process. + - start: use LXC_SYNC_ERROR to report errors. + - lxc-busybox: Remove warning for dynamically linked Busybox + - utils: split null_stdfds() to open_devnull() and set_stdfds() + - start: open /dev/null from "host" /dev + - Fix installation of out-of-tree (VPATH) builds + - Timezone inside the container is not the same as the host + - use httpredir.debian.org as the default Debian mirror + - always provide a default mirror for debootstraping Ubuntu + - only enable Debian's main repository by default + - start: only use host's /dev/null when absolutely necessary + - add funs to mmap() files to \0-terminated strings + - use lxc_mmap() and lxc_munmap() + - better naming for mmap helpers + + -- Stéphane Graber Tue, 29 Mar 2016 21:35:55 -0400 + +lxc (2.0.0~rc13-0ubuntu2) xenial; urgency=medium + + * Fix the bash completion profiles. + Now that it's in /usr/share, we need it to match the command name, + so rename the main profile to lxc1 and add a symlink for each supported + command. + + -- Stéphane Graber Wed, 23 Mar 2016 13:17:02 -0400 + +lxc (2.0.0~rc13-0ubuntu1) xenial; urgency=medium + + * New usptream release (2.0.0~rc13) + - c/r: don't pass --ext-mount-map flag when console=none + - c/r: don't fail if there is no console_fd on restore + - lxc-checkpoint: make things static when they can be + - c/r: rename restore & friends to __criu_restore + + -- Stéphane Graber Tue, 22 Mar 2016 17:24:32 -0400 + +lxc (2.0.0~rc12-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc12) + - c/r: print criu's stdout when it fails + - c/r: log the exact command we exec + + -- Stéphane Graber Mon, 21 Mar 2016 16:48:24 -0400 + +lxc (2.0.0~rc11-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc11) + - download: Bump to compat level 3 + - autodev: don't always create /dev/console + - cgfsng: two fixes for cgroup-full + - use hierarchy base path not just controller cgroup + - cgroups: try to load cgmanager first + - implement lxc.mount.auto = cgroup for cgfsng + - Prevent access to pci devices + - nesting: remove the nesting hint from configuration templates + - nesting: document how to enable nesting in container configurations + - c/r: drop lxc.console=none config requirement + - criu: hide more stuff in criu.c + + -- Stéphane Graber Thu, 17 Mar 2016 23:26:54 -0400 + +lxc (2.0.0~rc10-0ubuntu2) xenial; urgency=medium + + * Re-order the systemd | cgroup-lite dependency to be + cgroup-lite | systemd instead. + + Systems using systemd will already have it installed, satisfying the + condition and systems that don't have it installed want cgroup-lite + pulled in instead of systemd. + + -- Stéphane Graber Fri, 11 Mar 2016 12:07:21 -0500 + +lxc (2.0.0~rc10-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc10) + - Improve the lxc-attach tests + - Make the exec_criu function static + - cgfsng: Fix cgroup_escape for CRIU + - cgfsng: Return the cgroup path, not the full mounted path + - cgfsng: Fix mode of tasks and procs + - cgfsng: Fix cgroup removal on stop + + -- Stéphane Graber Fri, 11 Mar 2016 01:19:24 -0500 + +lxc (2.0.0~rc9-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc9) + - cgfsng: Fix bad readline length. + - cgfsng: Workaround issue with small size reallocs on i386. + - cgfsng: Make sure a cgroup does not already exist. + + -- Stéphane Graber Wed, 09 Mar 2016 03:06:27 -0500 + +lxc (2.0.0~rc8-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc8) + - Prevent writes to /sys/kernel/debug + - Fix debug output from cgfsng + - Set clone_children to 1 in cgfsng (fixes adt) + + -- Stéphane Graber Tue, 08 Mar 2016 17:47:24 -0500 + +lxc (2.0.0~rc7-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc7) + - Fix upstream tarball to include lxc-devsetup + + -- Stéphane Graber Mon, 07 Mar 2016 18:52:29 -0500 + +lxc (2.0.0~rc6-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc6) + - Update documentation and manpages + - Tweak to init scripts + - Fix lxc-attach pts handling for stderr + - Add a test for lxc-attach pts handling + - Implement a new, more reliable cgfs backend + - Fix to the ALTLinux template + - Fix to the AppArmor profile for systemd + + -- Stéphane Graber Mon, 07 Mar 2016 18:23:02 -0500 + +lxc (2.0.0~rc5-0ubuntu1) xenial; urgency=medium + + * New usptream release (2.0.0~rc5) + - Fix a number of cgfs issues (LP: #1549363, LP: #1543697, LP: #1552355) + - Fix attach failing to allocate a tty (LP: #1551960) + - Fix LXC rebooting the container despite post-stop failure + - Fix lxc-copy output (LP: #1551935) + - Documentation, manpagen and manpage translations update + - Update to the plamo template + + -- Stéphane Graber Thu, 03 Mar 2016 11:05:25 -0500 + +lxc (2.0.0~rc4-0ubuntu1) xenial; urgency=medium + + * New usptream release (2.0.0~rc4) + - Various cgfs fixes + - Updated documentation + + -- Stéphane Graber Fri, 26 Feb 2016 22:38:43 -0500 + +lxc (2.0.0~rc3-0ubuntu3) xenial; urgency=medium + + * Tweak the apparmor part of the lxc postinst: + - Allow loading on systems without mount mediation (precise backport) + - Always wipe the apparmor cache before reloading the profiles. + + -- Stéphane Graber Fri, 26 Feb 2016 01:45:48 -0500 + +lxc (2.0.0~rc3-0ubuntu2) xenial; urgency=medium + + * Cherry-pick bugfix from upstream: + - cgfs: make sure we use valid cgroup mountpoints + + -- Stéphane Graber Thu, 25 Feb 2016 14:40:08 -0500 + +lxc (2.0.0~rc3-0ubuntu1) xenial; urgency=medium + + * New upstream release (2.0.0~rc3) + - Make the cgfs backend and cgns work without cgmanager + - Manpage updates + - Mark lxc-clone and lxc-start-ephemeral deprecated (still included) + * Set --enable-deprecated so we still ship lxc-clone and lxc-start-ephemeral + + -- Stéphane Graber Wed, 24 Feb 2016 21:16:50 -0500 + +lxc (2.0.0~rc2-0ubuntu3) xenial; urgency=medium + + * Use versioned dependencies against the various binary packages. + * Update lxc-templates to depend on lxc1 not lxc. (LP: #1549136) + * Move the lxcfs recommends from lxc-templates to liblxc1. + * Drop cgmanager, use the cgfs backend instead. + * Have liblxc1 depend on systemd | cgroup-lite for cgfs backend. + + -- Stéphane Graber Wed, 24 Feb 2016 11:34:25 -0500 + +lxc (2.0.0~rc2-0ubuntu2) xenial; urgency=medium + + * Fix apparmor profile loading order. + + -- Stéphane Graber Mon, 22 Feb 2016 17:24:44 -0500 + +lxc (2.0.0~rc2-0ubuntu1) xenial; urgency=medium + + * New upstream snapshot (2.0.0~rc2) + - Support upstream Linux cgns. (LP: #1548440) + * Move bash completion profile to /usr/share/bash-completion + * Update a bunch of lintian overrides + * Update packaging for the LTS + - Drop lxc-dbg in favor of the dbgsym packages + - Introduce a new lxc1 package for the old command line tools + - Turn the lxc package into a transitional package to lxc1 + - Introduce a new lxc-common package for all the bits needed by liblxc1 + - Move apparmor, selinux and binary helpers from lxc to lxc-common + - Make lxc-dev depend on liblxc1 rather than lxc + - Move the hooks and template configs from lxc to lxc-templates + + All this moving around of files and new packages will not affect the + functionality of any existing system, nor the behavior of "apt-get + install lxc". It will however make it possible for LXD to provide a new + "lxc2" package which will install a LXD-only experience. + + -- Stéphane Graber Fri, 19 Feb 2016 23:16:23 -0500 + +lxc (2.0.0~rc1-0ubuntu1) xenial; urgency=medium + + * New upstream snapshot (2.0.0~rc1) + - Drop all patches except for the fix for LP: #1509414 + * Add logic to fix bash completion on 12.04 backports. + + -- Stéphane Graber Thu, 18 Feb 2016 12:32:36 -0500 + +lxc (2.0.0~beta2-0ubuntu2) xenial; urgency=medium + + * Cherry-pick upstream bugfix for lxc-ls behavior. + This should fix the current juju test regression. + + -- Stéphane Graber Tue, 02 Feb 2016 14:53:40 +0100 + +lxc (2.0.0~beta2-0ubuntu1) xenial; urgency=medium + + * New upstream snapshot (2.0.0~beta2) + - Drop all patches except for the fix for LP: #1509414 + + -- Stéphane Graber Mon, 01 Feb 2016 17:25:03 +0100 + +lxc (1.1.5-0ubuntu6) xenial; urgency=medium + + * Switch recommends from libpam-cgm to libpam-cgfs. + + -- Serge Hallyn Fri, 29 Jan 2016 11:32:16 +0100 + +lxc (1.1.5-0ubuntu5) xenial; urgency=medium + + * No-change rebuild to drop python3.4 support. + + -- Matthias Klose Tue, 19 Jan 2016 13:33:28 +0000 + +lxc (1.1.5-0ubuntu4) xenial; urgency=medium + + * Add libpam-cgm to Recommends + * Cherrypick upstream patches to support starting containers when not all + cgroups are writeable. + * Cherrypick upstream patch to avoid null dereference in failure case. + + -- Serge Hallyn Tue, 12 Jan 2016 18:01:07 -0800 lxc (1.1.5-0ubuntu3) xenial; urgency=medium diff -Nru lxc-1.1.5/debian/control lxc-2.0.1/debian/control --- lxc-1.1.5/debian/control 2015-11-18 18:51:54.000000000 +0000 +++ lxc-2.0.1/debian/control 2016-06-07 03:54:42.000000000 +0000 @@ -11,7 +11,6 @@ hardening-wrapper, libapparmor-dev, libcap-dev, - libcgmanager-dev (>= 0.39-2ubuntu2~), libgnutls-dev, liblua5.2-dev, libseccomp-dev (>= 2.2.3-2ubuntu1~), @@ -19,14 +18,25 @@ linux-libc-dev, pkg-config, python3-all-dev (>= 3.2.3) -Standards-Version: 3.9.6 +Standards-Version: 3.9.7 Homepage: https://linuxcontainers.org -Vcs-Git: git://github.com/lxc/lxc-pkg-ubuntu +Vcs-Git: https://github.com/lxc/lxc-pkg-ubuntu Vcs-Browser: https://github.com/lxc/lxc-pkg-ubuntu X-Python3-Version: >= 3.2 XS-Testsuite: autopkgtest Package: lxc +Architecture: all +Depends: lxc1, ${misc:Depends} +Priority: extra +Section: oldlibs +Description: Transitional package for lxc1 + This is a transitional dummy package. It can safely be removed. + . + The currently recommened LXC experience is available as lxc2 and is + provided by LXD using the LXC backend. + +Package: lxc1 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} Depends: adduser, @@ -36,11 +46,12 @@ liblxc1 (= ${binary:Version}), python3, python3-lxc (= ${binary:Version}), - ${lxc:Depends}, ${misc:Depends}, ${shlibs:Depends} -Recommends: lxc-templates (>= 0.8.0~rc1-4ubuntu43) +Recommends: libpam-cgfs, lxc-templates (>= 0.8.0~rc1-4ubuntu43) Suggests: btrfs-tools, lvm2, lxctl +Replaces: lxc (<< 2.0.0~rc2-0ubuntu1~) +Breaks: lxc (<< 2.0.0~rc2-0ubuntu1~) Description: Linux Containers userspace tools Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -51,25 +62,27 @@ daemon in a container, or to boot an entire "containerized" system, and to manage and debug your containers. -Package: lxc-dbg -Section: debug -Priority: extra +Package: lxc-common Architecture: linux-any -Depends: lxc (= ${binary:Version}), - lxc-dev (= ${binary:Version}), - ${misc:Depends} -Description: Linux Containers userspace tools (debug) +Depends: liblxc1 (= ${binary:Version}), + ${lxc:Depends}, + ${misc:Depends}, + ${shlibs:Depends} +Replaces: lxc (<< 2.0.0~rc2-0ubuntu1~) +Breaks: lxc (<< 2.0.0~rc2-0ubuntu1~) +Description: Linux Containers userspace tools (common tools) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. . - This package contains the debugging symbols. + This package contains a few binaries and security profiles required by + all liblxc1 users. Package: lxc-dev Section: libdevel Architecture: linux-any -Depends: lxc (= ${binary:Version}), ${misc:Depends} +Depends: liblxc1 (= ${binary:Version}), ${misc:Depends} Description: Linux Containers userspace tools (development) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -80,18 +93,17 @@ Package: lxc-templates Architecture: linux-any -Depends: lxc (>= 0.8.0~rc1-4ubuntu43), ${misc:Depends} +Depends: lxc1, ${misc:Depends}, ${shlibs:Depends} Recommends: busybox-static, cloud-image-utils | cloud-utils, debootstrap | cdebootstrap, - lxcfs, openssl, rsync, uuid-runtime, xz-utils Suggests: qemu-user-static -Replaces: lxc (<< 0.8.0~rc1-4ubuntu43) -Breaks: lxc (<< 0.8.0~rc1-4ubuntu43) +Replaces: lxc (<< 2.0.0~rc2-0ubuntu1~) +Breaks: lxc (<< 2.0.0~rc2-0ubuntu1~) Description: Linux Containers userspace tools (templates) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -102,8 +114,11 @@ Package: lxc-tests Architecture: linux-any -Depends: liblxc1 (= ${binary:Version}), ${misc:Depends}, ${shlibs:Depends} -Recommends: lxc, lxc-templates +Depends: liblxc1 (= ${binary:Version}), + lxc-templates (= ${binary:Version}), + lxc1 (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} Description: Linux Containers userspace tools (test binaries) Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be @@ -117,8 +132,12 @@ Package: liblxc1 Architecture: linux-any Pre-Depends: ${misc:Pre-Depends} -Depends: cgmanager (>= 0.39-2ubuntu2~) | cgroup-lite, rsync, ${misc:Depends}, ${shlibs:Depends} -Recommends: cgmanager (>= 0.39-2ubuntu2~), uidmap +Depends: lxc-common (= ${binary:Version}), + rsync, + cgroup-lite | systemd, + ${misc:Depends}, + ${shlibs:Depends} +Recommends: uidmap, lxcfs Replaces: liblxc0, lxc (<< 0.9.0~alpha3-0ubuntu1~) Breaks: lxc (<< 0.9.0~alpha3-0ubuntu1~) Provides: liblxc0 diff -Nru lxc-1.1.5/debian/.git-dpm lxc-2.0.1/debian/.git-dpm --- lxc-1.1.5/debian/.git-dpm 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/.git-dpm 2016-05-16 21:37:24.000000000 +0000 @@ -1,8 +1,8 @@ # see git-dpm(1) from git-dpm package -9d5d9fa5b3f3e89fd50a870224e847d80a2ef162 -9d5d9fa5b3f3e89fd50a870224e847d80a2ef162 -29977d8b7632da9ee4df51287de2f713dfa29e6a -29977d8b7632da9ee4df51287de2f713dfa29e6a -lxc_1.1.5.orig.tar.gz -015c6fed471d5f0d396bc49ab8c23301fe663171 -848513 +7793ea53fa537004548d0f3b1b16e5823c781ddf +7793ea53fa537004548d0f3b1b16e5823c781ddf +c088641b00cc0934d652da66ce006f92e2fa51d0 +c088641b00cc0934d652da66ce006f92e2fa51d0 +lxc_2.0.1.orig.tar.gz +64f1f32228db6537fefc1c76d22e2ccd2a417b41 +1061153 diff -Nru lxc-1.1.5/debian/liblxc1.lintian-overrides lxc-2.0.1/debian/liblxc1.lintian-overrides --- lxc-1.1.5/debian/liblxc1.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/liblxc1.lintian-overrides 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1 @@ +no-symbols-control-file usr/lib/x86_64-linux-gnu/liblxc.so.* diff -Nru lxc-1.1.5/debian/lua-lxc.lintian-overrides lxc-2.0.1/debian/lua-lxc.lintian-overrides --- lxc-1.1.5/debian/lua-lxc.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lua-lxc.lintian-overrides 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1 @@ +postinst-has-useless-call-to-ldconfig diff -Nru lxc-1.1.5/debian/lxc1.apport lxc-2.0.1/debian/lxc1.apport --- lxc-1.1.5/debian/lxc1.apport 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.apport 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,26 @@ +'''apport package hook for lxc + +(c) 2012 Canonical Ltd. +Author: +Serge Hallyn +''' + +from apport.hookutils import * +from os import path +import re + +def add_info(report): + attach_related_packages(report, ['dnsmasq', 'dnsmasq-base', 'libvirt-bin', 'apparmor', 'libapparmor1', 'apparmor-utils', 'auditd', 'libaudit0']) + attach_mac_events(report) + attach_upstart_overrides(report, "lxc") + command_output(['ls', '-ld', '/bin/sh']) + attach_conffiles(report, 'lxc') + report["lxcsyslog"] = recent_syslog(re.compile("lxc")) + # should we attach all lxc apparmor files + #command_output(['ls', '-l', '/etc/apparmor.d/lxc'] + #command_output(['cat', '/etc/apparmor.d/lxc/*'] + attach_file_if_exists(report, '/etc/default/lxc-net', key='lxc-net.default') + attach_file_if_exists(report, '/etc/default/lxc', key='lxc.default') + attach_file_if_exists(report, '/etc/lxc/lxc.conf', key='lxc.conf') + attach_file_if_exists(report, '/etc/lxc/default.conf', key='defaults.conf') + attach_file_if_exists(report, '/etc/lxc/dnsmasq.conf', key='dnsmasq.conf') diff -Nru lxc-1.1.5/debian/lxc1.default lxc-2.0.1/debian/lxc1.default --- lxc-1.1.5/debian/lxc1.default 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.default 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,14 @@ +# MIRROR to be used by ubuntu template at container creation: +# Leaving it undefined is fine +#MIRROR="http://archive.ubuntu.com/ubuntu" +# or +#MIRROR="http://:3142/archive.ubuntu.com/ubuntu" + +# LXC_AUTO - whether or not to start containers symlinked under +# /etc/lxc/auto +LXC_AUTO="true" + +USE_LXC_BRIDGE="false" # overridden in lxc-net +[ -f /etc/default/lxc-net ] && . /etc/default/lxc-net + +LXC_SHUTDOWN_TIMEOUT=120 diff -Nru lxc-1.1.5/debian/lxc1.dirs lxc-2.0.1/debian/lxc1.dirs --- lxc-1.1.5/debian/lxc1.dirs 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.dirs 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1 @@ +var/log/lxc diff -Nru lxc-1.1.5/debian/lxc1.dnsmasq lxc-2.0.1/debian/lxc1.dnsmasq --- lxc-1.1.5/debian/lxc1.dnsmasq 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.dnsmasq 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,5 @@ +# Tell any system-wide dnsmasq instance to make sure to bind to interfaces +# instead of listening on 0.0.0.0 +# WARNING: changes to this file will get lost if lxc is removed. +bind-interfaces +except-interface=lxcbr0 diff -Nru lxc-1.1.5/debian/lxc1.install lxc-2.0.1/debian/lxc1.install --- lxc-1.1.5/debian/lxc1.install 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.install 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,16 @@ +etc/default +etc/dnsmasq.d-available +etc/init +etc/lxc +lib/systemd +usr/bin +usr/lib/*/lxc/lxc-containers +usr/lib/*/lxc/lxc-devsetup +usr/lib/*/lxc/lxc-net +usr/sbin/* +usr/share/apport +usr/share/bash-completion +usr/share/lxc/lxc.functions +usr/share/man +var/cache/lxc +var/lib/lxc diff -Nru lxc-1.1.5/debian/lxc1.lintian-overrides lxc-2.0.1/debian/lxc1.lintian-overrides --- lxc-1.1.5/debian/lxc1.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.lintian-overrides 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,15 @@ +postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc +postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-instance +postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-net +init.d-script-not-marked-as-conffile etc/init.d/lxc-instance +init.d-script-not-marked-as-conffile etc/init.d/lxc-net +init.d-script-not-included-in-package etc/init.d/lxc-instance +init.d-script-not-included-in-package etc/init.d/lxc-net +non-standard-dir-perm var/cache/lxc/ 0700 != 0755 +non-standard-dir-perm var/lib/lxc/ 0700 != 0755 +binary-without-manpage usr/sbin/init.lxc +binary-without-manpage usr/sbin/init.lxc.static +systemd-service-file-refers-to-obsolete-target lib/systemd/system/lxc.service syslog.target +systemd-service-file-missing-documentation-key lib/systemd/system/lxc-net.service +systemd-service-file-missing-documentation-key lib/systemd/system/lxc.service +systemd-service-file-missing-documentation-key lib/systemd/system/lxc@.service diff -Nru lxc-1.1.5/debian/lxc1.maintscript lxc-2.0.1/debian/lxc1.maintscript --- lxc-1.1.5/debian/lxc1.maintscript 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.maintscript 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,4 @@ +mv_conffile /etc/apparmor.d/abstractions/lxc-container-default /etc/apparmor.d/abstractions/lxc/container-base 0.8.0~rc1-4ubuntu18 lxc +mv_conffile /etc/apparmor.d/abstractions/lxc-start-container /etc/apparmor.d/abstractions/lxc/start-container 0.8.0~rc1-4ubuntu18 lxc +mv_conffile /etc/dnsmasq.d/lxc /etc/dnsmasq.d-available/lxc 0.8.0~rc1-4ubuntu48 lxc +mv_conffile /etc/lxc/lxc.conf /etc/lxc/default.conf 0.9.0~alpha2-0ubuntu1+b1~bzr1108-28~ lxc diff -Nru lxc-1.1.5/debian/lxc1.postinst lxc-2.0.1/debian/lxc1.postinst --- lxc-1.1.5/debian/lxc1.postinst 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.postinst 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,107 @@ +#!/bin/sh +# postinst script for lxc +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `configure' +# * `abort-upgrade' +# * `abort-remove' `in-favour' +# +# * `abort-remove' +# * `abort-deconfigure' `in-favour' +# `removing' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + +add_users() +{ + if ! getent group lxc-dnsmasq >/dev/null; then + addgroup --quiet --system lxc-dnsmasq + fi + + if ! getent passwd lxc-dnsmasq >/dev/null; then + adduser --quiet \ + --system \ + --ingroup lxc-dnsmasq \ + --quiet \ + --disabled-login \ + --disabled-password \ + --home /var/lib/lxc \ + --no-create-home \ + -gecos "LXC dnsmasq" \ + lxc-dnsmasq + fi +} + +case "$1" in + configure) + add_users + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +# We need this after the debhelper generated code so that dpkg-maintscript +# can do its renamming first. +if [ "$1" = "configure" ]; then + + # The dnsmasq hook has been introduced through SRU into Ubuntu 12.04 + # and Ubuntu 12.10. + # + # This means that even though we version-guard the maintscripts entry + # it'll fire multiple times for users doing 12.04 => 12.10 => 13.04 + # or even just 12.10 => 13.04. + # + # As there's unfortunately no way to specify per-series base versions + # for maintscripts hooks, we let it fire multiple times and then fix up + # the mess it creates. + # + # This migration code can be removed after Ubuntu 14.04 LTS is released. + if [ -L /etc/dnsmasq.d-available/lxc ] && + [ "$(readlink /etc/dnsmasq.d-available/lxc)" = "/etc/dnsmasq.d-available/lxc" ] && + [ -e /etc/dnsmasq.d-available/lxc.dpkg-new ]; then + echo "The dnsmasq configuration has been migrated twice, fixing it." + mv /etc/dnsmasq.d-available/lxc /etc/dnsmasq.d/lxc + mv /etc/dnsmasq.d-available/lxc.dpkg-new /etc/dnsmasq.d-available/lxc + + # Try to restart a potential system wide dnsmasq + invoke-rc.d dnsmasq restart 2>/dev/null || true + fi + + # Configure dnsmasq + if [ -f /etc/dnsmasq.d-available/lxc ]; then + echo "Setting up lxc dnsmasq configuration." + mkdir -p /etc/dnsmasq.d + if [ ! -e /etc/dnsmasq.d/lxc ]; then + ln -s /etc/dnsmasq.d-available/lxc /etc/dnsmasq.d/lxc + fi + + # Try to restart a potential system wide dnsmasq + invoke-rc.d dnsmasq restart 2>/dev/null || true + fi + + # Up to version 1.0.0~alpha2-0ubuntu4 lxc was installed world + # readable. After that version if users want it that way for + # convenience, then that's fine. But one time go ahead and + # forcibly change the permissions. + if dpkg --compare-versions "$2" lt "1.0.0~alpha2-0ubuntu5"; then + chmod 700 /var/lib/lxc + chmod 700 /var/cache/lxc + fi +fi +exit 0 diff -Nru lxc-1.1.5/debian/lxc1.postrm lxc-2.0.1/debian/lxc1.postrm --- lxc-1.1.5/debian/lxc1.postrm 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.postrm 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,46 @@ +#!/bin/sh +# postrm script for #PACKAGE# +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * `remove' +# * `purge' +# * `upgrade' +# * `failed-upgrade' +# * `abort-install' +# * `abort-install' +# * `abort-upgrade' +# * `disappear' +# +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove) + if [ -L /etc/dnsmasq.d/lxc ]; then + echo "Removing lxc dnsmasq configuration" + rm -f /etc/dnsmasq.d/lxc 2>/dev/null || true + + # Try to restart a potential system wide dnsmasq + invoke-rc.d dnsmasq restart 2>/dev/null || true + fi + ;; + purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +exit 0 diff -Nru lxc-1.1.5/debian/lxc1.preinst lxc-2.0.1/debian/lxc1.preinst --- lxc-1.1.5/debian/lxc1.preinst 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc1.preinst 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,75 @@ +#!/bin/sh + +set -e + +migrate_auto() +{ + echo "Migrating /etc/lxc/auto to lxc.auto.start config flag" + for container in /etc/lxc/auto/*; do + [ "$container" = "/etc/lxc/auto/*" ] && continue + + if [ ! -L "$container" ]; then + echo "$container isn't a symlink, skipping." + fi + + if [ -d "$container" ] && [ -e "$container/config" ]; then + echo " - Marking $container/config as auto-started" + echo "" >> $container/config + echo "# Added by lxc postinst, migration of autostart flag" >> $container/config + echo "lxc.start.auto = 1" >> $container/config + fi + + if [ -f "$container" ]; then + echo " - Marking $container as auto-started" + echo "" >> $container + echo "# Added by lxc postinst, migration of autostart flag" >> $container + echo "lxc.start.auto = 1" >> $container + fi + + rm $container + done + + # Try to remove /etc/lxc/auto (but ignore failure if non-empty) + rmdir /etc/lxc/auto/ >/dev/null 2>&1 || true +} + +case "${1}" in + install|upgrade) + if [ -d /etc/lxc/auto ]; then + migrate_auto + fi + + if [ ! -f /etc/lxc/lxc-usernet ]; then + mkdir -p /etc/lxc/ + echo "# USERNAME TYPE BRIDGE COUNT" > /etc/lxc/lxc-usernet + fi + + # If we have the stock preinstalled /etc/default/lxc-net, then + # remove it so that lxc-net can recreate on startup. + if dpkg --compare-versions "$2" eq "1.1.4-0ubuntu1"; then + if [ -f /etc/default/lxc-net ]; then + sum="$(md5sum /etc/default/lxc-net | awk '{ print $1 }')" + if [ "$sum" = e3f08a54cbdd4ebff86207417f366e6e ]; then + found=0; for f in /sys/class/net/lxcbr0/lower*; do [ -d "$f" ] && found=$(($found+1)); done + if [ $found -eq 0 ]; then + invoke-rc.d lxc-net stop + fi + rm -f /etc/default/lxc-net + fi + else + echo "# written on upgrade from 1.1.4-0ubuntu1." > /etc/default/lxc-net + echo "USE_LXC_BRIDGE=false" >> /etc/default/lxc-net + fi + fi + ;; + abort-upgrade) + ;; + *) + echo "preinst called with unknown argument (${1})" + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff -Nru lxc-1.1.5/debian/lxc.apport lxc-2.0.1/debian/lxc.apport --- lxc-1.1.5/debian/lxc.apport 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.apport 1970-01-01 00:00:00.000000000 +0000 @@ -1,26 +0,0 @@ -'''apport package hook for lxc - -(c) 2012 Canonical Ltd. -Author: -Serge Hallyn -''' - -from apport.hookutils import * -from os import path -import re - -def add_info(report): - attach_related_packages(report, ['dnsmasq', 'dnsmasq-base', 'libvirt-bin', 'apparmor', 'libapparmor1', 'apparmor-utils', 'auditd', 'libaudit0']) - attach_mac_events(report) - attach_upstart_overrides(report, "lxc") - command_output(['ls', '-ld', '/bin/sh']) - attach_conffiles(report, 'lxc') - report["lxcsyslog"] = recent_syslog(re.compile("lxc")) - # should we attach all lxc apparmor files - #command_output(['ls', '-l', '/etc/apparmor.d/lxc'] - #command_output(['cat', '/etc/apparmor.d/lxc/*'] - attach_file_if_exists(report, '/etc/default/lxc-net', key='lxc-net.default') - attach_file_if_exists(report, '/etc/default/lxc', key='lxc.default') - attach_file_if_exists(report, '/etc/lxc/lxc.conf', key='lxc.conf') - attach_file_if_exists(report, '/etc/lxc/default.conf', key='defaults.conf') - attach_file_if_exists(report, '/etc/lxc/dnsmasq.conf', key='dnsmasq.conf') diff -Nru lxc-1.1.5/debian/lxc-common.install lxc-2.0.1/debian/lxc-common.install --- lxc-1.1.5/debian/lxc-common.install 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc-common.install 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,6 @@ +etc/apparmor.d +usr/lib/*/lxc/lxc-apparmor-load +usr/lib/*/lxc/lxc-monitord +usr/lib/*/lxc/lxc-user-nic +usr/share/doc +usr/share/lxc/selinux diff -Nru lxc-1.1.5/debian/lxc-common.lintian-overrides lxc-2.0.1/debian/lxc-common.lintian-overrides --- lxc-1.1.5/debian/lxc-common.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc-common.lintian-overrides 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1 @@ +setuid-binary usr/lib/*/lxc/lxc-user-nic 4755 root/root diff -Nru lxc-1.1.5/debian/lxc-common.postinst lxc-2.0.1/debian/lxc-common.postinst --- lxc-1.1.5/debian/lxc-common.postinst 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/debian/lxc-common.postinst 2016-05-16 21:37:24.000000000 +0000 @@ -0,0 +1,30 @@ +#!/bin/sh +set -e + +case "$1" in + configure) + # There appears to be some cases where apparmor gets confused + # about the freshness of its cache, so lets just wipe it. + rm -f /etc/apparmor.d/cache/lxc-containers + + # lxc-containers must be manually loaded as dh_apparmor doesn't + # know what to do with it + if [ -x /lib/init/apparmor-profile-load ]; then + /lib/init/apparmor-profile-load lxc-containers + elif [ -x /etc/init.d/apparmor ]; then + invoke-rc.d apparmor reload || true + fi + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +#DEBHELPER# + +exit 0 diff -Nru lxc-1.1.5/debian/lxc.default lxc-2.0.1/debian/lxc.default --- lxc-1.1.5/debian/lxc.default 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.default 1970-01-01 00:00:00.000000000 +0000 @@ -1,14 +0,0 @@ -# MIRROR to be used by ubuntu template at container creation: -# Leaving it undefined is fine -#MIRROR="http://archive.ubuntu.com/ubuntu" -# or -#MIRROR="http://:3142/archive.ubuntu.com/ubuntu" - -# LXC_AUTO - whether or not to start containers symlinked under -# /etc/lxc/auto -LXC_AUTO="true" - -USE_LXC_BRIDGE="false" # overridden in lxc-net -[ -f /etc/default/lxc-net ] && . /etc/default/lxc-net - -LXC_SHUTDOWN_TIMEOUT=120 diff -Nru lxc-1.1.5/debian/lxc.dirs lxc-2.0.1/debian/lxc.dirs --- lxc-1.1.5/debian/lxc.dirs 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.dirs 1970-01-01 00:00:00.000000000 +0000 @@ -1 +0,0 @@ -var/log/lxc diff -Nru lxc-1.1.5/debian/lxc.dnsmasq lxc-2.0.1/debian/lxc.dnsmasq --- lxc-1.1.5/debian/lxc.dnsmasq 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.dnsmasq 1970-01-01 00:00:00.000000000 +0000 @@ -1,5 +0,0 @@ -# Tell any system-wide dnsmasq instance to make sure to bind to interfaces -# instead of listening on 0.0.0.0 -# WARNING: changes to this file will get lost if lxc is removed. -bind-interfaces -except-interface=lxcbr0 diff -Nru lxc-1.1.5/debian/lxc.install lxc-2.0.1/debian/lxc.install --- lxc-1.1.5/debian/lxc.install 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.install 1970-01-01 00:00:00.000000000 +0000 @@ -1,13 +0,0 @@ -etc -lib/systemd -usr/bin -usr/lib/*/lxc/lxc-* -usr/sbin/* -usr/share/doc -usr/share/lxc/config -usr/share/lxc/hooks -usr/share/lxc/lxc.functions -usr/share/lxc/selinux -usr/share/man -var/cache/lxc -var/lib/lxc diff -Nru lxc-1.1.5/debian/lxc.lintian-overrides lxc-2.0.1/debian/lxc.lintian-overrides --- lxc-1.1.5/debian/lxc.lintian-overrides 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.lintian-overrides 1970-01-01 00:00:00.000000000 +0000 @@ -1,12 +0,0 @@ -postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc -postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-instance -postrm-does-not-call-updaterc.d-for-init.d-script etc/init.d/lxc-net -init.d-script-not-marked-as-conffile etc/init.d/lxc -init.d-script-not-marked-as-conffile etc/init.d/lxc-instance -init.d-script-not-marked-as-conffile etc/init.d/lxc-net -init.d-script-not-included-in-package etc/init.d/lxc -init.d-script-not-included-in-package etc/init.d/lxc-instance -init.d-script-not-included-in-package etc/init.d/lxc-net -setuid-binary usr/lib/*/lxc/lxc-user-nic 4755 root/root -non-standard-dir-perm var/cache/lxc/ 0700 != 0755 -non-standard-dir-perm var/lib/lxc/ 0700 != 0755 diff -Nru lxc-1.1.5/debian/lxc.maintscript lxc-2.0.1/debian/lxc.maintscript --- lxc-1.1.5/debian/lxc.maintscript 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.maintscript 1970-01-01 00:00:00.000000000 +0000 @@ -1,4 +0,0 @@ -mv_conffile /etc/apparmor.d/abstractions/lxc-container-default /etc/apparmor.d/abstractions/lxc/container-base 0.8.0~rc1-4ubuntu18 lxc -mv_conffile /etc/apparmor.d/abstractions/lxc-start-container /etc/apparmor.d/abstractions/lxc/start-container 0.8.0~rc1-4ubuntu18 lxc -mv_conffile /etc/dnsmasq.d/lxc /etc/dnsmasq.d-available/lxc 0.8.0~rc1-4ubuntu48 lxc -mv_conffile /etc/lxc/lxc.conf /etc/lxc/default.conf 0.9.0~alpha2-0ubuntu1+b1~bzr1108-28~ lxc diff -Nru lxc-1.1.5/debian/lxc.postinst lxc-2.0.1/debian/lxc.postinst --- lxc-1.1.5/debian/lxc.postinst 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.postinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,122 +0,0 @@ -#!/bin/sh -# postinst script for lxc -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `configure' -# * `abort-upgrade' -# * `abort-remove' `in-favour' -# -# * `abort-remove' -# * `abort-deconfigure' `in-favour' -# `removing' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - -add_users() -{ - if ! getent group lxc-dnsmasq >/dev/null; then - addgroup --quiet --system lxc-dnsmasq - fi - - if ! getent passwd lxc-dnsmasq >/dev/null; then - adduser --quiet \ - --system \ - --ingroup lxc-dnsmasq \ - --quiet \ - --disabled-login \ - --disabled-password \ - --home /var/lib/lxc \ - --no-create-home \ - -gecos "LXC dnsmasq" \ - lxc-dnsmasq - fi -} - -apparmor_load() { - # don't load profiles if mount mediation is not supported - SYSF=/sys/kernel/security/apparmor/features/mount/mask - if [ ! -f $SYSF ]; then - return - fi - - if [ -x /lib/init/apparmor-profile-load ]; then - /lib/init/apparmor-profile-load lxc-containers - elif [ -x /etc/init.d/apparmor ]; then - invoke-rc.d apparmor reload || true - fi -} - -case "$1" in - configure) - add_users - apparmor_load - ;; - - abort-upgrade|abort-remove|abort-deconfigure) - ;; - - *) - echo "postinst called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -# We need this after the debhelper generated code so that dpkg-maintscript -# can do its renamming first. -if [ "$1" = "configure" ]; then - - # The dnsmasq hook has been introduced through SRU into Ubuntu 12.04 - # and Ubuntu 12.10. - # - # This means that even though we version-guard the maintscripts entry - # it'll fire multiple times for users doing 12.04 => 12.10 => 13.04 - # or even just 12.10 => 13.04. - # - # As there's unfortunately no way to specify per-series base versions - # for maintscripts hooks, we let it fire multiple times and then fix up - # the mess it creates. - # - # This migration code can be removed after Ubuntu 14.04 LTS is released. - if [ -L /etc/dnsmasq.d-available/lxc ] && - [ "$(readlink /etc/dnsmasq.d-available/lxc)" = "/etc/dnsmasq.d-available/lxc" ] && - [ -e /etc/dnsmasq.d-available/lxc.dpkg-new ]; then - echo "The dnsmasq configuration has been migrated twice, fixing it." - mv /etc/dnsmasq.d-available/lxc /etc/dnsmasq.d/lxc - mv /etc/dnsmasq.d-available/lxc.dpkg-new /etc/dnsmasq.d-available/lxc - - # Try to restart a potential system wide dnsmasq - invoke-rc.d dnsmasq restart 2>/dev/null || true - fi - - # Configure dnsmasq - if [ -f /etc/dnsmasq.d-available/lxc ]; then - echo "Setting up lxc dnsmasq configuration." - mkdir -p /etc/dnsmasq.d - if [ ! -e /etc/dnsmasq.d/lxc ]; then - ln -s /etc/dnsmasq.d-available/lxc /etc/dnsmasq.d/lxc - fi - - # Try to restart a potential system wide dnsmasq - invoke-rc.d dnsmasq restart 2>/dev/null || true - fi - - # Up to version 1.0.0~alpha2-0ubuntu4 lxc was installed world - # readable. After that version if users want it that way for - # convenience, then that's fine. But one time go ahead and - # forcibly change the permissions. - if dpkg --compare-versions "$2" lt "1.0.0~alpha2-0ubuntu5"; then - chmod 700 /var/lib/lxc - chmod 700 /var/cache/lxc - fi -fi -exit 0 diff -Nru lxc-1.1.5/debian/lxc.postrm lxc-2.0.1/debian/lxc.postrm --- lxc-1.1.5/debian/lxc.postrm 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.postrm 1970-01-01 00:00:00.000000000 +0000 @@ -1,46 +0,0 @@ -#!/bin/sh -# postrm script for #PACKAGE# -# -# see: dh_installdeb(1) - -set -e - -# summary of how this script can be called: -# * `remove' -# * `purge' -# * `upgrade' -# * `failed-upgrade' -# * `abort-install' -# * `abort-install' -# * `abort-upgrade' -# * `disappear' -# -# for details, see http://www.debian.org/doc/debian-policy/ or -# the debian-policy package - - -case "$1" in - remove) - if [ -L /etc/dnsmasq.d/lxc ]; then - echo "Removing lxc dnsmasq configuration" - rm -f /etc/dnsmasq.d/lxc 2>/dev/null || true - - # Try to restart a potential system wide dnsmasq - invoke-rc.d dnsmasq restart 2>/dev/null || true - fi - ;; - purge|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear) - ;; - - *) - echo "postrm called with unknown argument \`$1'" >&2 - exit 1 - ;; -esac - -# dh_installdeb will replace this with shell code automatically -# generated by other debhelper scripts. - -#DEBHELPER# - -exit 0 diff -Nru lxc-1.1.5/debian/lxc.preinst lxc-2.0.1/debian/lxc.preinst --- lxc-1.1.5/debian/lxc.preinst 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc.preinst 1970-01-01 00:00:00.000000000 +0000 @@ -1,75 +0,0 @@ -#!/bin/sh - -set -e - -migrate_auto() -{ - echo "Migrating /etc/lxc/auto to lxc.auto.start config flag" - for container in /etc/lxc/auto/*; do - [ "$container" = "/etc/lxc/auto/*" ] && continue - - if [ ! -L "$container" ]; then - echo "$container isn't a symlink, skipping." - fi - - if [ -d "$container" ] && [ -e "$container/config" ]; then - echo " - Marking $container/config as auto-started" - echo "" >> $container/config - echo "# Added by lxc postinst, migration of autostart flag" >> $container/config - echo "lxc.start.auto = 1" >> $container/config - fi - - if [ -f "$container" ]; then - echo " - Marking $container as auto-started" - echo "" >> $container - echo "# Added by lxc postinst, migration of autostart flag" >> $container - echo "lxc.start.auto = 1" >> $container - fi - - rm $container - done - - # Try to remove /etc/lxc/auto (but ignore failure if non-empty) - rmdir /etc/lxc/auto/ >/dev/null 2>&1 || true -} - -case "${1}" in - install|upgrade) - if [ -d /etc/lxc/auto ]; then - migrate_auto - fi - - if [ ! -f /etc/lxc/lxc-usernet ]; then - mkdir -p /etc/lxc/ - echo "# USERNAME TYPE BRIDGE COUNT" > /etc/lxc/lxc-usernet - fi - - # If we have the stock preinstalled /etc/default/lxc-net, then - # remove it so that lxc-net can recreate on startup. - if dpkg --compare-versions "$2" eq "1.1.4-0ubuntu1"; then - if [ -f /etc/default/lxc-net ]; then - sum="$(md5sum /etc/default/lxc-net | awk '{ print $1 }')" - if [ "$sum" = e3f08a54cbdd4ebff86207417f366e6e ]; then - found=0; for f in /sys/class/net/lxcbr0/lower*; do [ -d "$f" ] && found=$(($found+1)); done - if [ $found -eq 0 ]; then - invoke-rc.d lxc-net stop - fi - rm -f /etc/default/lxc-net - fi - else - echo "# written on upgrade from 1.1.4-0ubuntu1." > /etc/default/lxc-net - echo "USE_LXC_BRIDGE=false" >> /etc/default/lxc-net - fi - fi - ;; - abort-upgrade) - ;; - *) - echo "preinst called with unknown argument (${1})" - exit 1 - ;; -esac - -#DEBHELPER# - -exit 0 diff -Nru lxc-1.1.5/debian/lxc-templates.install lxc-2.0.1/debian/lxc-templates.install --- lxc-1.1.5/debian/lxc-templates.install 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/lxc-templates.install 2016-05-16 21:37:24.000000000 +0000 @@ -1,2 +1,5 @@ +usr/lib/*/lxc/hooks +usr/share/lxc/config +usr/share/lxc/hooks usr/share/lxc/lxc-patch.py usr/share/lxc/templates diff -Nru lxc-1.1.5/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch lxc-2.0.1/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch --- lxc-1.1.5/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/patches/0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch 2016-05-16 21:37:24.000000000 +0000 @@ -1,4 +1,4 @@ -From 30708f298d86588b98f99420dfb801a2260a1007 Mon Sep 17 00:00:00 2001 +From 7793ea53fa537004548d0f3b1b16e5823c781ddf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?St=C3=A9phane=20Graber?= Date: Tue, 3 Nov 2015 11:42:58 -0500 Subject: Allocate new lxcbr0 subnet at startup time @@ -8,7 +8,7 @@ 1 file changed, 90 insertions(+), 8 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in -index efe64c1..3e10c8e 100644 +index d457e78..adff477 100644 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -22,6 +22,85 @@ LXC_IPV6_MASK="" diff -Nru lxc-1.1.5/debian/patches/0002-ubuntu-cloud-Various-fixes.patch lxc-2.0.1/debian/patches/0002-ubuntu-cloud-Various-fixes.patch --- lxc-1.1.5/debian/patches/0002-ubuntu-cloud-Various-fixes.patch 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/patches/0002-ubuntu-cloud-Various-fixes.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,65 +0,0 @@ -From f071935b72a63f830e733fb2fec58a527a883eb4 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?St=C3=A9phane=20Graber?= -Date: Thu, 12 Nov 2015 12:44:38 -0500 -Subject: ubuntu-cloud: Various fixes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - - - Update list of supported releases - - Make the fallback release trusty - - Don't specify the compression algorithm (use auto-detection) so that - people passing tarballs to the template don't see regressions. - -Signed-off-by: Stéphane Graber -Acked-by: Serge E. Hallyn ---- - templates/lxc-ubuntu-cloud.in | 12 ++++++------ - 1 file changed, 6 insertions(+), 6 deletions(-) - -diff --git a/templates/lxc-ubuntu-cloud.in b/templates/lxc-ubuntu-cloud.in -index 12fc594..3a4003d 100644 ---- a/templates/lxc-ubuntu-cloud.in -+++ b/templates/lxc-ubuntu-cloud.in -@@ -25,7 +25,7 @@ STATE_DIR="@LOCALSTATEDIR@" - HOOK_DIR="@LXCHOOKDIR@" - CLONE_HOOK_FN="$HOOK_DIR/ubuntu-cloud-prep" - LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" --KNOWN_RELEASES="precise trusty utopic vivid" -+KNOWN_RELEASES="precise trusty vivid wily xenial" - skip_arch_check=${UCTEMPLATE_SKIP_ARCH_CHECK:-0} - - # Make sure the usual locations are in PATH -@@ -155,8 +155,8 @@ eval set -- "$options" - - mapped_uid=-1 - mapped_gid=-1 --# default release is precise, or the systems release if recognized --release=precise -+# default release is trusty, or the systems release if recognized -+release=trusty - if [ -f /etc/lsb-release ]; then - . /etc/lsb-release - rels=$(ubuntu-distro-info --supported 2>/dev/null) || -@@ -179,7 +179,7 @@ else - arch="amd64" - elif [ "$arch" = "armv7l" ]; then - # note: arm images don't exist before oneiric; are called armhf in -- # precise and later; and are not supported by the query, so we don't actually -+ # trusty and later; and are not supported by the query, so we don't actually - # support them yet (see check later on). When Query2 is available, - # we'll use that to enable arm images. - arch="armhf" -@@ -326,10 +326,10 @@ do_extract_rootfs() { - mkdir -p $rootfs - cd $rootfs - if [ $in_userns -eq 1 ]; then -- tar --anchored --exclude="dev/*" --numeric-owner -xpJf "$cache/$filename" -+ tar --anchored --exclude="dev/*" --numeric-owner -xpf "$cache/$filename" - mkdir -p $rootfs/dev/pts/ - else -- tar --numeric-owner -xpJf "$cache/$filename" -+ tar --numeric-owner -xpf "$cache/$filename" - fi - } - diff -Nru lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch lxc-2.0.1/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch --- lxc-1.1.5/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/patches/0003-don-t-truncate-environment-sometimes-in-setproctitle.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,69 +0,0 @@ -From 01a9f86c57d3a7a2428c21d61b2334fdd180bf35 Mon Sep 17 00:00:00 2001 -From: Tycho Andersen -Date: Mon, 16 Nov 2015 15:12:36 -0700 -Subject: don't truncate environment sometimes in setproctitle - -Instead, let's just allocate new space for the proctitle to live and point -the kernel at that. - -v2: take out testing hunk -v3: check return from realloc - -Signed-off-by: Tycho Andersen -Acked-by: Serge E. Hallyn ---- - src/lxc/utils.c | 30 ++++++++++++------------------ - 1 file changed, 12 insertions(+), 18 deletions(-) - -diff --git a/src/lxc/utils.c b/src/lxc/utils.c -index d9e769d..1e36641 100644 ---- a/src/lxc/utils.c -+++ b/src/lxc/utils.c -@@ -1349,6 +1349,7 @@ char *get_template_path(const char *t) - */ - int setproctitle(char *title) - { -+ static char *proctitle = NULL; - char buf[2048], *tmp; - FILE *f; - int i, len, ret = 0; -@@ -1413,28 +1414,21 @@ int setproctitle(char *title) - * want to have room for it. */ - len = strlen(title) + 1; - -- /* We're truncating the environment, so we should use at most the -- * length of the argument + environment for the title. */ -- if (len > env_end - arg_start) { -- arg_end = env_end; -- len = env_end - arg_start; -- title[len-1] = '\0'; -- } else { -- /* Only truncate the environment if we're actually going to -- * overwrite part of it. */ -- if (len >= arg_end - arg_start) { -- env_start = env_end; -- } -- -- arg_end = arg_start + len; -- -- /* check overflow */ -- if (arg_end < len || arg_end < arg_start) { -+ /* If we don't have enough room by just overwriting the old proctitle, -+ * let's allocate a new one. -+ */ -+ if (len > arg_end - arg_start) { -+ void *m; -+ m = realloc(proctitle, len); -+ if (!m) - return -1; -- } -+ proctitle = m; - -+ arg_start = (unsigned long) proctitle; - } - -+ arg_end = arg_start + len; -+ - brk_val = syscall(__NR_brk, 0); - - prctl_map = (struct prctl_mm_map) { diff -Nru lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch lxc-2.0.1/debian/patches/0004-Better-handle-preserve_ns-behavior.patch --- lxc-1.1.5/debian/patches/0004-Better-handle-preserve_ns-behavior.patch 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/patches/0004-Better-handle-preserve_ns-behavior.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,121 +0,0 @@ -From 9d5d9fa5b3f3e89fd50a870224e847d80a2ef162 Mon Sep 17 00:00:00 2001 -From: Serge Hallyn -Date: Tue, 17 Nov 2015 12:59:05 -0600 -Subject: Better handle preserve_ns behavior - -Commit b6b2b194a8 preserves the container's namespaces for -possible later use in stop hook. But some kernels don't have -/proc/pid/ns/ns for all the namespaces we may be interested in. -So warn but continue if this is the case. - -Implement stgraber's suggested semantics. - - - User requests some namespaces be preserved: - - If /proc/self/ns is missing => fail (saying kernel misses setns) - - If /proc/self/ns/ entry is missing => fail (saying kernel misses setns for ) - - User doesn't request some namespaces be preserved: - - If /proc/self/ns is missing => log an INFO message (kernel misses setns) and continue - - If /proc/self/ns/ entry is missing => log an INFO message (kernel misses setns for ) and continue - -Signed-off-by: Serge Hallyn ---- - src/lxc/start.c | 47 ++++++++++++++++++++++++++++++++++------------- - 1 file changed, 34 insertions(+), 13 deletions(-) - -diff --git a/src/lxc/start.c b/src/lxc/start.c -index fa905e2..2308735 100644 ---- a/src/lxc/start.c -+++ b/src/lxc/start.c -@@ -117,8 +117,15 @@ static void close_ns(int ns_fd[LXC_NS_MAX]) { - } - } - --static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { -- int i, saved_errno; -+/* -+ * preserve_ns: open /proc/@pid/ns/@ns for each namespace specified -+ * in clone_flags. -+ * Return true on success, false on failure. On failure, leave an error -+ * message in *errmsg, which caller must free. -+ */ -+static -+bool preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid, char **errmsg) { -+ int i, ret; - char path[MAXPATHLEN]; - - for (i = 0; i < LXC_NS_MAX; i++) -@@ -126,8 +133,9 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { - - snprintf(path, MAXPATHLEN, "/proc/%d/ns", pid); - if (access(path, X_OK)) { -- WARN("Kernel does not support attach; preserve_ns ignored"); -- return 0; -+ if (asprintf(errmsg, "Kernel does not support setns.") == -1) -+ *errmsg = NULL; -+ return false; - } - - for (i = 0; i < LXC_NS_MAX; i++) { -@@ -140,14 +148,20 @@ static int preserve_ns(int ns_fd[LXC_NS_MAX], int clone_flags, pid_t pid) { - goto error; - } - -- return 0; -+ return true; - - error: -- saved_errno = errno; -+ if (errno == ENOENT) { -+ ret = asprintf(errmsg, "Kernel does not support setns for %s", -+ ns_info[i].proc_name); -+ } else { -+ ret = asprintf(errmsg, "Failed to open %s: %s", -+ path, strerror(errno)); -+ } -+ if (ret == -1) -+ *errmsg = NULL; - close_ns(ns_fd); -- errno = saved_errno; -- SYSERROR("failed to open '%s'", path); -- return -1; -+ return false; - } - - static int attach_ns(const int ns_fd[LXC_NS_MAX]) { -@@ -894,6 +908,7 @@ static int lxc_spawn(struct lxc_handler *handler) - { - int failed_before_rename = 0; - const char *name = handler->name; -+ char *errmsg = NULL; - bool cgroups_connected = false; - int saved_ns_fd[LXC_NS_MAX]; - int preserve_mask = 0, i; -@@ -968,8 +983,12 @@ static int lxc_spawn(struct lxc_handler *handler) - INFO("failed to pin the container's rootfs"); - } - -- if (preserve_ns(saved_ns_fd, preserve_mask, getpid()) < 0) -+ if (!preserve_ns(saved_ns_fd, preserve_mask, getpid(), &errmsg)) { -+ SYSERROR("Failed to preserve requested namespaces: %s", -+ errmsg ? errmsg : "(Out of memory)"); -+ free(errmsg); - goto out_delete_net; -+ } - if (attach_ns(handler->conf->inherit_ns_fd) < 0) - goto out_delete_net; - -@@ -989,9 +1008,11 @@ static int lxc_spawn(struct lxc_handler *handler) - goto out_delete_net; - } - -- if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid) < 0) { -- ERROR("failed to store namespace references"); -- goto out_delete_net; -+ if (preserve_ns(handler->nsfd, handler->clone_flags, handler->pid, -+ &errmsg) < 0) { -+ INFO("Failed to store namespace references for stop hook: %s", -+ errmsg ? errmsg : "(Out of memory)"); -+ free(errmsg); - } - - if (attach_ns(saved_ns_fd)) diff -Nru lxc-1.1.5/debian/patches/series lxc-2.0.1/debian/patches/series --- lxc-1.1.5/debian/patches/series 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/patches/series 2016-05-16 21:37:24.000000000 +0000 @@ -1,4 +1 @@ 0001-Allocate-new-lxcbr0-subnet-at-startup-time.patch -0002-ubuntu-cloud-Various-fixes.patch -0003-don-t-truncate-environment-sometimes-in-setproctitle.patch -0004-Better-handle-preserve_ns-behavior.patch diff -Nru lxc-1.1.5/debian/rules lxc-2.0.1/debian/rules --- lxc-1.1.5/debian/rules 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/rules 2016-05-16 21:37:24.000000000 +0000 @@ -18,7 +18,7 @@ --with-rootfs-path=\$${prefix}/lib/$(DEB_HOST_MULTIARCH)/lxc \ --enable-python $(shell dpkg-buildflags --export=configure) \ --enable-doc --disable-rpath --enable-apparmor --enable-selinux \ - --enable-lua --enable-tests --enable-cgmanager --with-distro=ubuntu + --enable-lua --enable-tests --enable-deprecated --with-distro=ubuntu override_dh_auto_build: dh_auto_build @@ -36,6 +36,7 @@ if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" lt "13.10"; then \ sed -i "s/^\( *\)\(dbus.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ sed -i "s/^\( *\)\(dbus.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ + sed -ri "s/^_(have)\>/\\1/" debian/tmp/etc/bash_completion.d/lxc; \ fi if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" lt "14.04"; then \ sed -i "s/^\( *\)\(signal.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/container-base; \ @@ -48,44 +49,52 @@ sed -i "s/^\( *\)\(unix.*,\)/\\1#\\2/g" debian/tmp/etc/apparmor.d/abstractions/lxc/start-container; \ fi if [ -x /usr/bin/dh_apparmor ]; then \ - dh_apparmor -p lxc --profile-name=usr.bin.lxc-start; \ + dh_apparmor -p lxc-common --profile-name=usr.bin.lxc-start; \ fi # copy apport hook - mkdir -p debian/lxc/usr/share/apport/package-hooks - cp debian/lxc.apport debian/lxc/usr/share/apport/package-hooks/source_lxc.py + mkdir -p debian/tmp/usr/share/apport/package-hooks + cp debian/lxc1.apport debian/tmp/usr/share/apport/package-hooks/source_lxc.py # copy dnsmasq configuration - mkdir -p debian/lxc/etc/dnsmasq.d-available - cp debian/lxc.dnsmasq debian/lxc/etc/dnsmasq.d-available/lxc + mkdir -p debian/tmp/etc/dnsmasq.d-available + cp debian/lxc1.dnsmasq debian/tmp/etc/dnsmasq.d-available/lxc + + # move the examples + mv debian/tmp/usr/share/doc/lxc debian/tmp/usr/share/doc/lxc-common + + # move the bash completion profile + mkdir -p debian/tmp/usr/share/bash-completion + mv debian/tmp/etc/bash_completion.d debian/tmp/usr/share/bash-completion/completions + mv debian/tmp/usr/share/bash-completion/completions/lxc debian/tmp/usr/share/bash-completion/completions/lxc1 + grep complete debian/tmp/usr/share/bash-completion/completions/lxc1 | sed "s/.* //g" | while read cmd; do \ + ln -s lxc1 debian/tmp/usr/share/bash-completion/completions/$${cmd}; \ + done dh_install --fail-missing # move the tests mkdir -p debian/lxc-tests/usr/bin - mv debian/lxc/usr/bin/lxc-test-* debian/lxc-tests/usr/bin/ + mv debian/lxc1/usr/bin/lxc-test-* debian/lxc-tests/usr/bin/ override_dh_fixperms: dh_fixperms - chmod u+s debian/lxc/usr/lib/${DEB_HOST_MULTIARCH}/lxc/lxc-user-nic + chmod u+s debian/lxc-common/usr/lib/${DEB_HOST_MULTIARCH}/lxc/lxc-user-nic override_dh_builddeb: # prevent system users from using setuid-root binaries under /var/lib/lxc - chmod 700 debian/lxc/var/lib/lxc - chmod 700 debian/lxc/var/cache/lxc + chmod 700 debian/lxc1/var/lib/lxc + chmod 700 debian/lxc1/var/cache/lxc dh_builddeb override_dh_installinit: - cp debian/lxc/etc/init/lxc.conf debian/lxc.upstart - cp debian/lxc/etc/init/lxc-instance.conf debian/lxc.lxc-instance.upstart - cp debian/lxc/etc/init/lxc-net.conf debian/lxc.lxc-net.upstart + cp debian/lxc1/etc/init/lxc.conf debian/lxc1.upstart + cp debian/lxc1/etc/init/lxc-instance.conf debian/lxc1.lxc-instance.upstart + cp debian/lxc1/etc/init/lxc-net.conf debian/lxc1.lxc-net.upstart dh_installinit --no-restart-on-upgrade --name=lxc dh_installinit --no-restart-on-upgrade --name=lxc-net dh_installinit --no-start --no-restart-on-upgrade --name=lxc-instance -override_dh_strip: - dh_strip --dbg-package=lxc-dbg - override_dh_gencontrol: if dpkg --compare-versions "$(shell grep DISTRIB_RELEASE /etc/lsb-release | cut -d= -f2)" ge "14.10"; then \ dh_gencontrol -- -V'lxc:Depends=apparmor (>= 2.8.96~2652-0ubuntu1)'; \ diff -Nru lxc-1.1.5/debian/tests/control lxc-2.0.1/debian/tests/control --- lxc-1.1.5/debian/tests/control 2015-11-18 18:30:37.000000000 +0000 +++ lxc-2.0.1/debian/tests/control 2016-05-16 21:37:24.000000000 +0000 @@ -2,6 +2,7 @@ Depends: busybox-static, cloud-image-utils, debootstrap, + distro-info, lxcfs, uidmap, xz-utils, diff -Nru lxc-1.1.5/doc/api/Makefile.in lxc-2.0.1/doc/api/Makefile.in --- lxc-1.1.5/doc/api/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/doc/api/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -78,12 +88,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = doc/api -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = @@ -108,6 +118,7 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -160,6 +171,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -173,6 +185,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -264,6 +277,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -288,7 +302,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/api/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/api/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -457,6 +470,8 @@ mostlyclean-generic pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am +.PRECIOUS: Makefile + @ENABLE_API_DOCS_TRUE@html: Doxyfile @ENABLE_API_DOCS_TRUE@ doxygen diff -Nru lxc-1.1.5/doc/examples/Makefile.in lxc-2.0.1/doc/examples/Makefile.in --- lxc-1.1.5/doc/examples/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/doc/examples/Makefile.in 2016-05-16 20:38:44.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,16 +89,12 @@ build_triplet = @build@ host_triplet = @host@ subdir = doc/examples -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-macvlan.conf.in $(srcdir)/lxc-vlan.conf.in \ - $(srcdir)/lxc-no-netns.conf.in \ - $(srcdir)/lxc-empty-netns.conf.in $(srcdir)/lxc-phys.conf.in \ - $(srcdir)/lxc-veth.conf.in $(srcdir)/lxc-complex.conf.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-macvlan.conf lxc-vlan.conf lxc-no-netns.conf \ @@ -144,6 +150,11 @@ am__installdirs = "$(DESTDIR)$(pkgexamplesdir)" DATA = $(noinst_DATA) $(pkgexamples_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-complex.conf.in \ + $(srcdir)/lxc-empty-netns.conf.in \ + $(srcdir)/lxc-macvlan.conf.in $(srcdir)/lxc-no-netns.conf.in \ + $(srcdir)/lxc-phys.conf.in $(srcdir)/lxc-veth.conf.in \ + $(srcdir)/lxc-vlan.conf.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -196,6 +207,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -209,6 +221,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -300,6 +313,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -353,7 +367,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/examples/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/examples/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -560,6 +573,8 @@ pdf-am ps ps-am tags-am uninstall uninstall-am \ uninstall-pkgexamplesDATA +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/doc/ja/legacy/lxc-ls.sgml.in lxc-2.0.1/doc/ja/legacy/lxc-ls.sgml.in --- lxc-1.1.5/doc/ja/legacy/lxc-ls.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/legacy/lxc-ls.sgml.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,176 +0,0 @@ - - - -]> - - - - @LXC_GENERATE_DATE@ - - - lxc-ls - 1 - - - - lxc-ls - - - - システム上に存在するコンテナをリスト表示する。 - - - - - - lxc-ls - --active - ls option - - - - - <!-- Description -->説明 - - - lxc-ls はシステム上に存在するコンテナをリスト表示します。 - - - - - <!-- Options -->オプション - - - - - - - - - - 稼働中のコンテナをリスト表示します。 - - - - - - - - - - - - lxc-ls が受け付けるオプションは、ls コマンドと同じです。 - - - - - - - - - - <!-- Examples -->例 - - - lxc-ls -l - - - - 全てのコンテナとそのパーミッションをリスト表示します。 - - - - - - lxc-ls --active -1 - - - - 稼働中のコンテナを一列にリスト表示します。 - - - - - - - - - See Also - - - - ls - 1 - , - - - - - &seealso; - - - <!-- Author -->作者 - Daniel Lezcano daniel.lezcano@free.fr - - - - - diff -Nru lxc-1.1.5/doc/ja/lxc-attach.sgml.in lxc-2.0.1/doc/ja/lxc-attach.sgml.in --- lxc-1.1.5/doc/ja/lxc-attach.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-attach.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -63,6 +63,7 @@ --keep-env --clear-env -- command + -L file @@ -91,6 +92,26 @@ もし command が指定されていない場合、lxc-attach コマンドを実行したユーザのデフォルトシェルをコンテナ内で調べて実行します。 もしコンテナ内にユーザが存在しない場合や、コンテナで nsswitch 機構が働いていない場合はこの動作は失敗します。 + + + 前のバージョンの lxc-attach は、単に指定したコンテナの名前空間にアタッチし、最初に擬似端末 (pseudo terminal) を割り当てないで、シェルもしくは指定したコマンドを実行しました。 + これは、異なる特権レベルを持つユーザ空間の実行コンテキストを切り替えた後に、TIOCSTI ioctl の呼び出し経由で擬似入力を行うことに対して脆弱となります。 + 新しいバージョンの lxc-attach は、ホスト上の擬似端末のマスター/スレーブのペアを割り当てようとします。そしてシェルやコマンドを実行する前に、擬似端末のスレーブ側に対して、ターミナルを参照する標準ファイルディスクリプタをアタッチします。 + ターミナルを参照する標準ファイルディスクリプタがない場合は、lxc-attach は擬似端末の割り当てを行わないことに注意してください。代わりに、単にコンテナの名前空間にアタッチし、シェルや指定したコマンドを実行します。 + @@ -152,10 +173,13 @@ CGROUP|LSM. Allowed values are CGROUP, CAP and LSM representing cgroup, capabilities and - restriction privileges respectively. + restriction privileges respectively. (The pipe symbol needs to be escaped, + e.g. CGROUP\|LSM or quoted, e.g. + "CGROUP|LSM".) --> 全ての特権の取得したくない場合は、パイプで連結したリストとして、例えば CGROUP|LSM のように、特権を指定することが可能です。 指定できる値は、それぞれ cgroup、ケーパビリティ、特権の制限を表す CGROUPCAPLSM です。 + (パイプ記号を CGROUP\|LSM のようにエスケープするか、"CGROUP|LSM" のように引用符号を付ける必要があります。) アタッチする名前空間をパイプで連結したリストで指定します。 例えば NETWORK|IPC のようにです。 ここで使用可能な値は MOUNT, PID, UTSNAME, IPC, USER , NETWORK です。 これにより指定した名前空間にプロセスのコンテキストを変更できます。 例えばコンテナのネットワーク名前空間に変更する一方で、他の名前空間はホストの名前空間のままにするというような事が可能です。 + (パイプ記号を MOUNT\|PID のようにエスケープするか、"MOUNT|PID" のように引用符号を付ける必要があります。) + lxc-attach の出力を記録するファイルを指定します。 + + + + 重要: 標準ファイルディスクリプタが pty を参照していない場合、それらに対する出力は記録されないでしょう。 + + + + @@ -409,7 +458,7 @@ network/pid namespace context of the attached process. In order not to interfere with the host's actual filesystem, the mount namespace will be unshared (like lxc-unshare - does) before this is done, esentially giving the process a new + does) before this is done, essentially giving the process a new mount namespace, which is identical to the hosts's mount namespace except for the /proc and /sys filesystems. @@ -418,6 +467,21 @@ これにより、アタッチするプロセスのネットワーク/pid 名前空間のコンテキストを反映させることができます。ホストの実際のファイルシステムに影響を与えないために、実行前にはマウント名前空間は unshare されます (lxc-unshare のように)。 これは、/proc/sys ファイルシステム以外はホストのマウント名前空間と同じである、新しいマウント名前空間がプロセスに与えられるということです。 + + + 以前のバージョンの lxc-attach は、いくつかの重要なサブシステムに対して、書き込み可能な cgroup 内に配置することなしに、ユーザがコンテナの名前空間にアタッチできたバグがありました。 + 新しいバージョンの lxc-attach は、このような重要なサブシステムに対して、ユーザが書き込み可能な cgroup 内にいるかどうかをチェックします。 + したがって、ユーザによっては lxc-attach は不意に失敗するかもしれません (例えば、非特権ユーザが、ログイン時に重要であるサブシステムの書き込み可能な cgroup に配置されていないようなシステムで)。しかし、この振る舞いは正しく、よりセキュアです。 + diff -Nru lxc-1.1.5/doc/ja/lxc-checkpoint.sgml.in lxc-2.0.1/doc/ja/lxc-checkpoint.sgml.in --- lxc-1.1.5/doc/ja/lxc-checkpoint.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-checkpoint.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -94,7 +94,7 @@ - + diff -Nru lxc-1.1.5/doc/ja/lxc-clone.sgml.in lxc-2.0.1/doc/ja/lxc-clone.sgml.in --- lxc-1.1.5/doc/ja/lxc-clone.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-clone.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -64,6 +64,7 @@ -L fssize -p lxcpath -P newlxcpath + -R -o orig -n new -- hook arguments @@ -78,6 +79,7 @@ -L fssize -p lxcpath -P newlxcpath + -R orig new -- hook arguments @@ -276,6 +278,21 @@ + + + + + + コンテナの名前を変更します。orignew という名前に変更します。 + + + + + + @@ -331,6 +348,17 @@ + + <!-- Notes -->注意 + + + lxc-clonelxc-copy に置き換えられ、廃止される予定です。 + + + &seealso; diff -Nru lxc-1.1.5/doc/ja/lxc-console.sgml.in lxc-2.0.1/doc/ja/lxc-console.sgml.in --- lxc-1.1.5/doc/ja/lxc-console.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-console.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -120,7 +120,7 @@ - + @@ -138,7 +138,7 @@ - + diff -Nru lxc-1.1.5/doc/ja/lxc.container.conf.sgml.in lxc-2.0.1/doc/ja/lxc.container.conf.sgml.in --- lxc-1.1.5/doc/ja/lxc.container.conf.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc.container.conf.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -91,10 +91,13 @@ 設定ファイルのオプション一つを、key = value の形で一行で表します。 '#' は、その行はコメントであることを示します。 + ケーパビリティや cgroup のオプションのような、リスト形式で指定するオプションでは、value がない形式で指定できます。このように使うと、それ以前に定義した値をすべてクリアします。 @@ -213,32 +216,62 @@ <!-- Halt signal -->クリーンなシャットダウン時のシグナル - lxc-stop がコンテナをクリーンにシャットダウンするためにコンテナの init プロセスに送るシグナル名か番号を指定することができます。 + lxc-stop がコンテナをクリーンにシャットダウンするためにコンテナの init プロセスに送るシグナル名か番号を指定できます。 init システムによって、クリーンなシャットダウンを行うために使うシグナルは異なります。 このオプションではシグナルとして kill(1) で使う形式を指定することができます。 例えば SIGKILL, SIGRTMIN+14, SIGRTMAX-10 のような形式、もしくは数字を指定します。デフォルトのシグナルは SIGPWR です。 - - - - - - - + コンテナをシャットダウンするために使うシグナルを指定します。 + + + + + + + + リブート時のシグナル <!-- Reboot signal --> + + - コンテナをシャットダウンするのに使うシグナルを指定します - - - + lxc-stop がコンテナをリブートするために送るシグナル名か番号を指定できます。 + このオプションではシグナルとして kill(1) で使う形式を指定することができます。 + 例えば SIGKILL, SIGRTMIN+14, SIGRTMAX-10 のような形式、もしくは数字を指定します。デフォルトのシグナルは SIGINT です。 + + + + + + + + + + コンテナをリブートするために使うシグナルを指定します。 + + + @@ -246,29 +279,29 @@ <!-- Stop signal -->強制停止時のシグナル + Allows one to specify signal name or number, sent by lxc-stop to forcibly + shutdown the container. This option allows signal to be specified in + kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number. + The default signal is SIGKILL. + --> lxc-stop がコンテナを強制的にシャットダウンするために送るシグナル名か番号を指定することができます。 このオプションではシグナルとして kill(1) で使う形式を指定することができます。 例えば SIGKILL, SIGRTMIN+14, SIGRTMAX-10 のような形式、もしくは数字を指定します。デフォルトのシグナルは SIGKILL です。 - - - - - - - - コンテナを停止するのに使用するシグナルを指定します。 - - - + + + + + + + + コンテナを停止するのに使用するシグナルを指定します。 + + + @@ -304,6 +337,80 @@ + <!-- Init ID -->Init が使う ID + + + lxc-execute が実行するコンテナの init と、その後に起動するコマンドが使用する UID/GID を設定します。 + + + このオプションは lxc-execute がユーザ名前空間内で起動するときのみ使われます。 + + + デフォルト値は UID(0), GID(0) です。 + + + + + + + + + + ユーザ名前空間内で init が使う UID です。 + + + + + + + + + + + ユーザ名前空間内で init が使う GID です。 + + + + + + + + <!-- Ephemeral -->一時的なコンテナ + + + シャットダウン後にコンテナを削除するかどうかを指定できます。 + + + + + + + + + + 指定できる値は 0 または 1 のみです。この値を 1 に設定すると、シャットダウン後にコンテナを削除します。 + + + + + + + <!-- Network -->ネットワーク + 値を指定せずに使い、それ以前に定義されたすべてのネットワークオプションをクリアできます。 + + + @@ -416,16 +536,18 @@ specifies the mode the macvlan will use to communicate between different macvlan on the same upper device. The accepted - modes are , the device never - communicates with any other device on the same upper_dev (default), - , the new Virtual Ethernet Port + modes are , , + and . + In mode, the device never + communicates with any other device on the same upper_dev (default). + In mode, the new Virtual Ethernet Port Aggregator (VEPA) mode, it assumes that the adjacent bridge returns all frames where both source and destination are local to the macvlan port, i.e. the bridge is set up as a reflective relay. Broadcast frames coming in from the upper_dev get flooded to all macvlan interfaces in VEPA mode, local frames are not - delivered locally, or , it + delivered locally. In mode, it provides the behavior of a simple bridge between different macvlan interfaces on the same port. Frames from one interface to another one get delivered directly @@ -434,20 +556,26 @@ interface, but when they come back from a reflective relay, we don't deliver them again. Since we know all the MAC addresses, the macvlan bridge mode does not - require learning or STP like the bridge module does. + require learning or STP like the bridge module does. In + mode, all frames received by + the physical interface are forwarded to the macvlan + interface. Only one macvlan interface in + mode is possible for one physical interface. --> macvlan インターフェースは により指定されるインターフェースとリンクし、コンテナに割り当てられます。 でモードを指定すると、その macvlan の指定を、同じ上位デバイスで異なる macvlan の間の通信をする時に使います。 - 受け入れられたモードが であれば、デバイスは同じ上位デバイスの他のデバイスとの通信を行いません (デフォルト)。 - 新しい仮想イーサネットポート集約モード (Virtual Ethernet Port Aggregator (VEPA)) である は、隣接したポートが、ソースとデスティネーションの両方が macvlan ポートに対してローカルであるフレームを全て返すと仮定します。 + 指定できるモードは のいずれかです。 + モードの場合、デバイスは同じ上位デバイスの他のデバイスとの通信を行いません (デフォルト)。 + 新しい仮想イーサネットポート集約モード (Virtual Ethernet Port Aggregator (VEPA)) である モードの場合、隣接したポートが、ソースとデスティネーションの両方が macvlan ポートに対してローカルであるフレームを全て返すと仮定します。 すなわち、ブリッジが reflective relay として設定されているということです。 上位デバイスから入ってくるブロードキャストフレームは、VEPA モードである全ての macvlan インターフェースに送りつけられます。 ローカルのフレームはローカルには配送されません。 - の指定は、同じポートの異なる macvlan インターフェースの間のシンプルなブリッジとして動作します。 + モードの場合、同じポートの異なる macvlan インターフェースの間のシンプルなブリッジとして動作します。 あるインターフェースから他のインターフェースへのフレームは、直接配送され、外部には送出されません。 ブロードキャストフレームは、全ての他のブリッジと外部のインターフェースに対して送られます。 しかし、reflective relay からフレームが返ってきたときは、再度それを配送することはしません。 全ての MAC アドレスを知っているので、ブリッジモジュールのように、macvlan ブリッジモードは学習や STP の必要はありません。 + モードの場合、物理インターフェースで受け取った全てのフレームは macvlan インターフェースに転送されます。 モードの場合、ひとつの macvlan インターフェースだけが、ひとつの物理インターフェースに対して設定できます。 @@ -895,7 +1023,7 @@ /dev to be set up as needed in the container rootfs. If lxc.autodev is set to 1, then after mounting the container's rootfs LXC will mount a fresh tmpfs under /dev - (limited to 100k) and fill in a minimal set of initial devices. + (limited to 500k) and fill in a minimal set of initial devices. This is generally required when starting a container containing a "systemd" based "init" but may be optional at other times. Additional devices in the containers /dev directory may be created through the @@ -903,7 +1031,7 @@ --> デフォルトでは、lxc はコンテナの /dev 以下に fd, stdin, stdout, stderr のシンボリックリンクを作成しますが、自動的にはデバイスノードのエントリは作成しません。 これは、コンテナの rootfs で必要な設定を行えるようにするものです。 - lxc.autodev が 1 に設定されている場合、コンテナの rootfs をマウントした後、LXC は新しい tmpfs を /dev 以下にマウントします (100k 制限の)。 + lxc.autodev が 1 に設定されている場合、コンテナの rootfs をマウントした後、LXC は新しい tmpfs を /dev 以下にマウントします (500k 制限の)。 そして初期デバイスの最小限のセットを作成します。 これは、"systemd" ベースの "init" 環境のコンテナを起動する時に通常必要ですが、他の環境の場合はオプショナルなものです。 コンテナの /dev ディレクトリ内の追加デバイスは フックを使用して作成されます。 @@ -965,6 +1093,23 @@ これらのマウントポイントは、コンテナだけに見え、コンテナ外で実行されるプロセスから見えることはありません。 例えば、/etc や /var や /home をマウントするときに役に立つでしょう。 + + + 注意: 通常 LXC は、マウント対象と相対パス指定のバインドマウントを、適切にコンテナルート以下に閉じ込めます。 + これは、ホストのディレクトリやファイルに対して重ね合わせを行うようなマウントによる攻撃を防ぎます。(絶対パス指定のマウントソース中の各パスがシンボリックリンクである場合は無視されます。) + しかし、もしコンテナの設定が最初に、/home/joe のようなコンテナユーザのコントロール配下にあるディレクトリを、コンテナ中のある path にマウントし、その後 path 以下でマウントが行われるような場合、コンテナユーザがタイミングを見計らって自身のホームディレクトリ以下でシンボリックリンクを操作するような TOCTTOU 攻撃が成立する可能性があります。 + @@ -1256,6 +1401,15 @@ + + + cgroup 名前空間が有効の場合、 の自動マウントの指定はどれも無視されます。これは、コンテナが自身でファイルシステムをマウントするため、自動マウントがコンテナの init を混乱させる可能性があるためです。 + ディレクトリ、単純なブロックデバイスのバックエンドを持つコンテナの場合、パス名を使うことができます。 もし rootfs が nbd デバイスの場合、nbd:file:1 という指定は file を nbd デバイスとして使用し、その 1 番目のパーティションが rootfs としてマウントされます。 nbd:file という指定は、nbd デバイス自身をマウントします。 overlayfs:/lower:/upper という指定は、rootfs は /lower という読み込み専用でマウントされるディレクトリの上に、/upper というディレクトリを読み書き可能で重ね合わせてマウントします。 - aufs:/lower:/upper は overlayfs で指定している部分を aufs と指定すれば同じことになります。 + aufs:/lower:/upper は overlayfs で指定している部分を aufs と指定すれば同じことになります。overlayfsaufs は両方とも、複数の /lower ディレクトリを指定できます。 loop:/file/file を loop デバイスとして使用し、loop デバイスをマウントします。 @@ -1392,6 +1548,24 @@ + + + + + + + + 使用するバックエンドのタイプを、例えば 'dir' や 'zfs' のように指定します。 + コンテナ起動時に LXC が推測できますが、時間がかかります。これを指定すると、余分な処理を避けられます。 + + + + @@ -1463,6 +1637,8 @@ capabilities 7 , + If used with no value, lxc will clear any drop capabilities + specified up to this point. --> コンテナ内で削除するケーパビリティ (capability) を指定します。 一行でスペース区切りで複数のケーパビリティを指定することも可能です。 @@ -1473,6 +1649,7 @@ capabilities 7 + この設定を、値を指定しない状態で使った場合、それ以前に指定された削除対象のケーパビリティの指定をすべてクリアします (lxc.cap.drop に何も指定しない状態になります)。 @@ -1504,10 +1681,12 @@ If lxc was compiled and installed with apparmor support, and the host system has apparmor enabled, then the apparmor profile under which the container should be run can be specified in the container - configuration. The default is lxc-container-default. + configuration. The default is lxc-container-default-cgns + if the host kernel is cgroup namespace aware, or + lxc-container-default othewise. --> lxc が apparmor サポートでコンパイルされ、インストールされている場合で、ホストで apparmor が有効な場合、コンテナが従って動くべき apparmor プロファイルは、コンテナの設定で指定することが可能です。 - デフォルトは lxc-container-default です。 + デフォルトは、ホストのカーネルで cgroup 名前空間が使える場合は lxc-container-default-cgnsです。使えない場合は lxc-container-default です。 @@ -1525,6 +1704,14 @@ コンテナが apparmor による制限を受けないように設定するには、以下のように設定します。 lxc.aa_profile = unconfined + + + もし apparmor プロファイルが変更されないままでなくてはならない場合 (ネストしたコンテナである場合や、すでに confined されている場合) は以下のように設定します。 + + lxc.aa_profile = unchanged @@ -1721,9 +1908,12 @@ Container name. Section (always 'lxc'). The hook type (i.e. 'clone' or 'pre-mount'). - Additional arguments In the + Additional arguments. In the case of the clone hook, any extra arguments passed to - lxc-clone will appear as further arguments to the hook. + lxc-clone will appear as further arguments to the hook. + In the case of the stop hook, paths to filedescriptors + for each of the container's namespaces along with their types + are passed. The following environment variables are set: @@ -1739,7 +1929,7 @@ コンテナ名 セクション (常に 'lxc') フックのタイプ ('clone' や 'pre-mount' など) - 追加の引数。clone フックの場合、lxc-clone に渡される追加の引数は、フックへの引数として追加されます。 + 追加の引数。clone フックの場合、lxc-clone に渡される追加の引数は、フックへの引数として追加されます。stop フックの場合は、コンテナの名前空間のそれぞれに対するファイルディスクリプタへのパスが、名前空間名とともに渡されます。 以下の環境変数がセットされます。 @@ -1860,6 +2050,32 @@ + + + + + + + + コンテナのシャットダウン後、コンテナの名前空間への参照とともに、ホストの名前空間で実行されるフックです。 + それぞれの名前空間に対応する追加の引数がフックに渡されます。その引数にはコロンで区切られた名前空間のタイプ名とファイル名が含まれており、ファイル名は名前空間に対するファイルディスクリプタを取得するのに使えます。 + タイプ名は /proc/PID/ns ディレクトリ内のファイル名です。 + 例えば、マウント名前空間に対応する引数は通常は mnt:/proc/PID/fd/12 のようになります。 + + + + + @@ -1895,6 +2111,21 @@ + + + + + + + + + コンテナを破壊する際に実行されるフックです。 + + + + @@ -2015,11 +2246,62 @@ [] --> rootfs.mount へマウントされるコンテナのルートへのホスト上のパスです。 + [] - + + + + + + + + + clone フックの場合のみ使われます。クローン元のコンテナ名が設定されます。 + + + + + + + + + + + + + stop フックの場合のみ使われます。コンテナのシャットダウンの場合は "stop"、リブートの場合は "reboot" が設定されます。 + + + + + + + + + + + + + この変数が設定されていない場合、お使いのバージョンの LXC は cgroup 名前空間を扱えません。設定されている場合、この値は 1 に設定されています。そして、cgroup 名前空間を扱えます。 + この変数はカーネルで cgroup 名前空間が有効であることは保証しません。この変数は lxcfs のマウントフックが使います。 + + + + @@ -2148,6 +2430,22 @@ + + + + + + + + この値が 0 でない場合、コンテナが初期化される前 (pre-start フックが実行される前) にマウント名前空間がホストから unshare されます。この機能を使う場合、スタート時に CAP_SYS_ADMIN ケーパビリティが必要です。デフォルト値は 0 です。 + + + diff -Nru lxc-1.1.5/doc/ja/lxc-copy.sgml.in lxc-2.0.1/doc/ja/lxc-copy.sgml.in --- lxc-1.1.5/doc/ja/lxc-copy.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-copy.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,373 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-copy + 1 + + + + lxc-copy + + + + 既存のコンテナのコピー + + + + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -e, --ephemeral + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -R, --rename + + + + + <!-- Description -->説明 + + + + lxc-copy は、すでに存在するコンテナのコピーを作成します。オプションを指定することで、作成後にそのコピーを起動できます (コピーは一時的なコピーまたは永続的なコピーのどちらも可能です)。 + このコマンドは lxc-clonelxc-start-ephemeral の置き換えのコマンドです。 + + + + lxc-copy は、既存のコンテナのコピーを作成します。 + コピーは元のコンテナの完全なクローンにできます。この場合、単にコンテナのルートファイルシステムのすべてが、新しいコンテナにコピーされます。 + また、スナップショットを取得することも可能です。すなわち、元のコンテナの小さなコピーオンライトのコピーにするということです。この場合、コピーで指定するバッキングストレージがスナップショットをサポートしている必要があります。 + スナップショットをサポートしているバッキングストレージは、現時点では aufs、btrfs、lvm (lvm デバイスはスナップショットのスナップショットはサポートしていません)、overlay、zfs です。 + + + + + コピー先のバッキングストレージは、元のコンテナと同じタイプになるでしょう。ただし、ディレクトリバックエンドのコンテナのスナップショットは aufs と overlayfs で取得できますので例外です。 + + + + + -e オプションを指定した場合は、元のコンテナの一時的なスナップショットを作成し、起動します。一時的なコンテナの場合、設定ファイルに lxc.ephemeral = 1 がセットされ、シャットダウン後に削除されます。 + -e-D を同時に指定すると、元のコンテナの一時的ではないスナップショットを作成し、起動します。 + + + + + -e を指定した場合で、-N でコンテナの名前を指定しない場合は、スナップショットの名前はランダムで命名されます。 + + + + + -e で作成し、起動したコンテナは、コンテナ独自のマウントを行えます。現時点では aufsbindoverlay という 3 つのタイプのマウントがサポートされています。 + マウントタイプは -m オプションのサブオプションとして指定します。この指定はカンマ区切りで複数回指定できます。 + aufsoverlay マウントの場合は、現時点では -m overlay=/src:/dest のように指定します。マウント先の dest を指定しない場合は、destsrc と同じになります。 + 読み込み専用の bind マウントは -m bind=/src:/dest:ro のように指定します。読み書き可能な bind マウントは -m bind=/src:/dest:rw のように指定します。bind マウントのデフォルトは読み書き可能ですので、読み書き可能なマウントを行う場合は省略できます。マウント先の dest を指定しない場合は、destsrc と同じになります。 + 複数のマウントを行う場合の例を示すと、-m bind=/src1:/dest1:ro,bind=/src2:ro,overlay=/src3:/dest3 のようになります。 + + + + + -m オプションで指定するマウント、オプション、指定フォーマットは変更される可能性があります。 + + + + + + <!-- Options -->オプション + + + + + + + コピー先のコンテナの名前。 + + + + + + + コピー先のパス。 + + + + + + + 元のコンテナをリネームします。 + + + + + + + + 元のコンテナのスナップショットを作成します。コピー先のバッキングストレージがスナップショットをサポートしている必要があります。現時点では aufs、btrfs、lvm、overlay、zfs が対象となります。 + + + + + + + + + スナップショットしたコンテナをフォアグラウンドで起動します。スナップショットしたコンテナのコンソールは現在の tty にアタッチされます。(このオプションは -e と同時の場合のみ指定できます。) + + + + + + + + + スナップショットしたコンテナをデーモンで起動します (一時的なコンテナではこのモードがデフォルトです)。 + コンテナは tty を持ちませんので、エラーが発生しても何も表示されません。エラーをチェックするにはログファイルを使います。(このオプションは -e と同時の場合のみ指定できます。) + + + + + + + + + スナップショットするコンテナで行うマウントを指定します。マウントタイプは {aufs, bind, overlay} のどれかで指定します。例えば のようになります。(このオプションは -e と同時の場合のみ指定できます。) + + + + + + + + コピー先コンテナのバッキングストレージのタイプを指定します。ここで 'backingsotrage' は 'aufs'、'btrfs'、'dir'、'lvm'、'loop'、'overlay'、'zfs' のどれかです。 + + + + + + + + 'lvm' ファイルシステムのサイズを指定します。 + + + + + + + + -e オプションと同時にこのオプションを使うと、一時的でないコンテナを作成し、起動します。 + + + + + + + + + このオプションを指定すると、元のコンテナのホスト名をコピー先でもそのまま使います。 + + + + + + + + + このオプションを指定すると、元のコンテナの MAC アドレスをコピー先でもそのまま使います。 + + + + + + + + + + <!-- Copy hook -->コピー時のフック + + + コピーされるコンテナに 1 つ以上の lxc.hook.clone の指定が存在する場合、指定されたフックは新しいコンテナに対して呼ばれます。 + クローンフックに渡される最初の 3 つの引数は、コンテナ名、セクション ('lxc')、フックタイプ ('clone') となります。 + lxc-copy に渡される追加の引数は、フックプログラムに渡される引数の 4 番目以降となります。 + LXC_ROOTFS_MOUNT 環境変数には、コンテナの root ファイルシステムがマウントされるパスが与えられます。 + 設定ファイルのパス名は LXC_CONFIG_FILE に、新しいコンテナ名は LXC_NAME、古いコンテナ名は LXC_SRC_NAME に、rootfs のあるパスまたはデバイスは LXC_ROOTFS_PATH に保存されます。 + + + + &commonoptions; + + &seealso; + + + Author + Christian Brauner christian.brauner@mailbox.org + + + + + diff -Nru lxc-1.1.5/doc/ja/lxc-create.sgml.in lxc-2.0.1/doc/ja/lxc-create.sgml.in --- lxc-1.1.5/doc/ja/lxc-create.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-create.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -112,7 +112,7 @@ - + @@ -127,7 +127,7 @@ - + @@ -151,12 +151,12 @@ - + - 'backingstore' には 'dir' か 'lvm' か 'loop' か 'btrfs' か 'zfs' か 'best' のいずれかを指定します。 + 'backingstore' には 'dir', 'lvm', 'loop', 'btrfs', 'zfs', 'rbd', 'best' のいずれかを指定します。 デフォルトは 'dir' で、コンテナのルートファイルシステムが @LXCPATH@/container/rootfs 以下のディレクトリであることを意味します。 'dir' にはオプションとして --dir ROOTFS を指定することも可能です。 このオプションは、デフォルトの代わりに特定のパス以下にコンテナの rootfs を置くということになります。 @@ -206,6 +206,17 @@ backingstore が 'loop' の場合、'lvm' と同様に --fstype FSTYPE--fssize SIZE が使えます。これらの値のデフォルト値は 'lvm' の場合と同じです。 + + backingstore が 'rbd' の場合、ceph.conf に有効な設定がされており、ceph.client.admin.keyring が定義されている必要があります。 + --rbdname RBDNAME を指定すると、RBDNAME という名前のブロックデバイスを作成します。このオプションを指定しない場合のデフォルトのブロックデバイス名はコンテナ名です。 + --rbdpool POOL を指定すると、POOL という名前のプール内にブロックデバイスを作成します。このオプションを指定しない場合のデフォルトのプール名は 'lxc' です。 + + - コンテナの破壊 + コンテナの削除 @@ -57,6 +57,7 @@ lxc-destroy -n name -f + -s @@ -94,6 +95,19 @@ + + + + + + + 指定したコンテナとそのスナップショットをすべて削除します。 + + + + @@ -115,7 +129,7 @@ destroyed.You can use the lxc-ls command to list the available containers on the system. --> - 削除するために指定したコンテナが見つかりません。 + 削除する対象のコンテナが見つかりません。 おそらくそのコンテナが存在しないのか、既に削除された後なのでしょう。 lxc-ls コマンドを使って、システム上に存在するコンテナのリストを得ることができます。 diff -Nru lxc-1.1.5/doc/ja/lxc-device.sgml.in lxc-2.0.1/doc/ja/lxc-device.sgml.in --- lxc-1.1.5/doc/ja/lxc-device.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-device.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -76,7 +76,7 @@ - + @@ -89,9 +89,7 @@ - - - + コンテナの設定値を表示します。このオプションは複数の key = value のペアを表示したい場合には複数回指定することも可能です。 @@ -95,7 +95,7 @@ - + @@ -109,7 +109,7 @@ - + @@ -123,21 +123,21 @@ - + - コンテナの IP アドレスを表示します。。 + コンテナの IP アドレスを表示します。 - + @@ -174,7 +174,7 @@ - + diff -Nru lxc-1.1.5/doc/ja/lxc-ls.sgml.in lxc-2.0.1/doc/ja/lxc-ls.sgml.in --- lxc-1.1.5/doc/ja/lxc-ls.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-ls.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -28,6 +28,7 @@ ]> @@ -55,7 +56,6 @@ lxc-ls -1 - -P lxcpath --active --frozen --running @@ -63,9 +63,8 @@ -f -F format -g groups - --nesting - filter - --version + --nesting=NUM + --filter=regex @@ -85,7 +84,7 @@ - + @@ -98,22 +97,8 @@ - - - - - - - デフォルトと別のコンテナパスを使用します。デフォルトは @LXCPATH@ です。 - - - - - - + @@ -127,7 +112,7 @@ - + @@ -141,7 +126,7 @@ - + @@ -155,7 +140,7 @@ - + @@ -169,7 +154,7 @@ - + @@ -183,7 +168,7 @@ - + @@ -198,7 +183,7 @@ - + @@ -213,44 +198,32 @@ - + - ネストされたコンテナを表示します。 + ネストしたコンテナを表示します。引数として数字を指定することで、表示するネストのレベルを指定できます。 - + - - コンテナ名に対して適用する lxc-ls に与えるフィルタ。 - フォーマットは正規表現です。 - - - - - - - - - - - - バージョン番号を表示します。 + + lxc-ls に与える、コンテナ名に対して適用する正規表現です。フォーマットは POSIX 拡張正規表現です。 を明示的に使わずに、追加の引数として与えることもできます。 @@ -290,11 +263,24 @@ + &commonoptions; + &seealso; + <!-- History -->履歴 + + 元は Daniel Lezcano と Serge Hallyn によりシェルスクリプトとして書かれていました。のちに、Stéphane Graber が Python で再実装し、拡張しました。その後、Christian Brauner が C で再実装し、拡張しました。 + + + <!-- Author -->作者 - Daniel Lezcano daniel.lezcano@free.fr + Christian Brauner christian.brauner@mailbox.org, + Stéphane Graber stgraber@ubuntu.com diff -Nru lxc-1.1.5/doc/ja/lxc.sgml.in lxc-2.0.1/doc/ja/lxc.sgml.in --- lxc-1.1.5/doc/ja/lxc.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -690,7 +690,7 @@ - スナップショットをリストアする際、最後のオプション引数はリストアされたコンテナの名前として使用されます。 - もし名前が与えられてない場合、元のコンテナが破壊され、リストアされるコンテナに置き換えられます。 - スナップショット元を削除することは、aufs, overlayfs, zfs がバックエンドのスナップショットでは出来ないことに注意が必要です。 - + + + スナップショットをリストアする際、--newname の値として明示的に指定しない場合でも、最後のオプション引数はリストアするコンテナの名前として使用します。 + もし newname が元のコンテナの名前と同じ場合、元のコンテナが削除され、リストアされるコンテナに置き換えられます。 + スナップショット元を削除することは、aufs, overlayfs, zfs がバックエンドのスナップショットではできないことに注意が必要です。 + diff -Nru lxc-1.1.5/doc/ja/lxc-start-ephemeral.sgml.in lxc-2.0.1/doc/ja/lxc-start-ephemeral.sgml.in --- lxc-1.1.5/doc/ja/lxc-start-ephemeral.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-start-ephemeral.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -82,7 +82,7 @@ - + @@ -96,7 +96,7 @@ - + @@ -110,7 +110,7 @@ - + @@ -126,7 +126,7 @@ - + @@ -142,7 +142,7 @@ - + @@ -158,7 +158,7 @@ - + @@ -172,7 +172,7 @@ - + @@ -186,7 +186,7 @@ - + @@ -202,7 +202,7 @@ - + @@ -218,7 +218,7 @@ - + @@ -279,6 +279,17 @@ + + <!-- Notes -->注意 + + + lxc-start-ephemerallxc-copy に置き換えられ、廃止される予定です。 + + + &seealso; diff -Nru lxc-1.1.5/doc/ja/lxc-stop.sgml.in lxc-2.0.1/doc/ja/lxc-stop.sgml.in --- lxc-1.1.5/doc/ja/lxc-stop.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-stop.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -77,11 +77,14 @@ the container's init process, waiting up to 60 seconds for the container to exit, and then returning. If the container fails to cleanly exit in 60 seconds, it will be sent the lxc.stopsignal - (defaults to SIGKILL) to force it to shut down. + (defaults to SIGKILL) to force it to shut down. A request to reboot will + send the lxc.rebootsignal (defaults to SIGINT) to the + container's init process. --> lxc-stop は、リブート、クリーンシャットダウン、コンテナ内の全てのプロセスの kill のどれかを行います。 デフォルトでは、コンテナのクリーンなシャットダウンを lxc.haltsignal (デフォルトでは SIGPWR) をコンテナの init プロセスに送ることでリクエストし、コンテナの終了を 60 秒待ち、return します。 - コンテナが 60 秒の間にクリーンに終了するのに失敗した場合、lxc.stopsignal (デフォルトでは SIGKILL) を送り、強制的にシャットダウンします。 + コンテナが 60 秒の間にクリーンに終了するのに失敗した場合、lxc.stopsignal (デフォルトは SIGKILL です) を送り、強制的にシャットダウンします。 + リブートのリクエストは lxc.rebootsignal に設定されたシグナルをコンテナの init プロセスに送ります (デフォルトは SIGINT です)。 diff -Nru lxc-1.1.5/doc/ja/lxc-top.sgml.in lxc-2.0.1/doc/ja/lxc-top.sgml.in --- lxc-1.1.5/doc/ja/lxc-top.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-top.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -79,7 +79,7 @@ - + @@ -93,7 +93,7 @@ - + @@ -110,7 +110,7 @@ - + diff -Nru lxc-1.1.5/doc/ja/lxc-unshare.sgml.in lxc-2.0.1/doc/ja/lxc-unshare.sgml.in --- lxc-1.1.5/doc/ja/lxc-unshare.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-unshare.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -106,13 +106,17 @@ NETWORK. This allows one to change the context of the process to e.g. the network namespace of the container while retaining the other namespaces as those of the - host. + host. (The pipe symbol needs to be escaped, e.g. + MOUNT\|PID or quoted, e.g. + "MOUNT|PID".) --> アタッチする名前空間を、パイプでつなげたリストで指定します。 例えば NETWORK|IPC のようにです。 指定できる値は MOUNTPIDUTSNAMEIPCUSER NETWORK です。 これにより、プロセスのコンテキストを変更することができます。 例えば、コンテナのネットワーク名前空間だけを変更し、他の名前空間をホストのものと同じものに保ったままにするというようなことです。 + (パイプ記号を MOUNT\|PID のようにエスケー +プするか、"MOUNT|PID" のように引用符号を付ける必要が>あります。) diff -Nru lxc-1.1.5/doc/ja/lxc-usernet.sgml.in lxc-2.0.1/doc/ja/lxc-usernet.sgml.in --- lxc-1.1.5/doc/ja/lxc-usernet.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-usernet.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -75,6 +75,10 @@ user type bridge number + もしくは + + @group type bridge number + + このエントリを適用するグループ名 + + + + + + @@ -136,15 +154,30 @@ - 指定したユーザが、指定したブリッジに接続できる、指定した形式のネットワークインターフェースの数。 + 指定したユーザもしくはグループが、指定したブリッジに接続できる、指定した形式のネットワークインターフェースの数。 例えば 2 のように指定します。 + + + + あるユーザに対する指定が、ユーザ名とひとつ以上のユーザグループの両方で指定される可能性があるので、そのユーザがネットワークインターフェースを作れるようにする設定が複数行にわたる可能性があります。 + このような場合、あるインターフェースの作成は、設定ファイルに現れた順にユーザもしくはグループの割り当てをカウントします。 + もしある行の設定に対する割り当てが一杯の場合、他の割り当て行が現れるかファイルの最後に達するまで、残りの行を読み込んでチェックします。 + diff -Nru lxc-1.1.5/doc/ja/lxc-wait.sgml.in lxc-2.0.1/doc/ja/lxc-wait.sgml.in --- lxc-1.1.5/doc/ja/lxc-wait.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/lxc-wait.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -78,7 +78,7 @@ - + @@ -94,7 +94,7 @@ - + diff -Nru lxc-1.1.5/doc/ja/Makefile.am lxc-2.0.1/doc/ja/Makefile.am --- lxc-1.1.5/doc/ja/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -13,14 +13,16 @@ lxc-cgroup.1 \ lxc-checkconfig.1 \ lxc-checkpoint.1 \ - lxc-clone.1 \ lxc-config.1 \ lxc-console.1 \ + lxc-copy.1 \ lxc-create.1 \ lxc-destroy.1 \ + lxc-device.1 \ lxc-execute.1 \ lxc-freeze.1 \ lxc-info.1 \ + lxc-ls.1 \ lxc-monitor.1 \ lxc-snapshot.1 \ lxc-start.1 \ @@ -39,12 +41,11 @@ \ lxc.7 +if ENABLE_DEPRECATED + man_MANS += lxc-clone.1 if ENABLE_PYTHON - man_MANS += lxc-device.1 - man_MANS += lxc-ls.1 man_MANS += lxc-start-ephemeral.1 -else - man_MANS += legacy/lxc-ls.1 +endif endif %.1 : %.sgml diff -Nru lxc-1.1.5/doc/ja/Makefile.in lxc-2.0.1/doc/ja/Makefile.in --- lxc-1.1.5/doc/ja/Makefile.in 2015-11-09 16:26:03.000000000 +0000 +++ lxc-2.0.1/doc/ja/Makefile.in 2016-05-16 20:38:45.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -14,7 +14,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -77,41 +87,20 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ -@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_TRUE@am__append_1 = lxc-device.1 \ -@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_TRUE@ lxc-ls.1 \ -@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_TRUE@ lxc-start-ephemeral.1 -@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_FALSE@am__append_2 = legacy/lxc-ls.1 +@ENABLE_DEPRECATED_TRUE@@ENABLE_DOCBOOK_TRUE@am__append_1 = lxc-clone.1 +@ENABLE_DEPRECATED_TRUE@@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_TRUE@am__append_2 = lxc-start-ephemeral.1 subdir = doc/ja -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-attach.sgml.in $(srcdir)/lxc-autostart.sgml.in \ - $(srcdir)/lxc-cgroup.sgml.in $(srcdir)/lxc-checkconfig.sgml.in \ - $(srcdir)/lxc-checkpoint.sgml.in $(srcdir)/lxc-clone.sgml.in \ - $(srcdir)/lxc-config.sgml.in $(srcdir)/lxc-console.sgml.in \ - $(srcdir)/lxc-create.sgml.in $(srcdir)/lxc-destroy.sgml.in \ - $(srcdir)/lxc-device.sgml.in $(srcdir)/lxc-execute.sgml.in \ - $(srcdir)/lxc-freeze.sgml.in $(srcdir)/lxc-info.sgml.in \ - $(srcdir)/lxc-ls.sgml.in $(srcdir)/lxc-monitor.sgml.in \ - $(srcdir)/lxc-snapshot.sgml.in \ - $(srcdir)/lxc-start-ephemeral.sgml.in \ - $(srcdir)/lxc-start.sgml.in $(srcdir)/lxc-stop.sgml.in \ - $(srcdir)/lxc-top.sgml.in $(srcdir)/lxc-unfreeze.sgml.in \ - $(srcdir)/lxc-unshare.sgml.in $(srcdir)/lxc-user-nic.sgml.in \ - $(srcdir)/lxc-usernsexec.sgml.in $(srcdir)/lxc-wait.sgml.in \ - $(srcdir)/lxc.conf.sgml.in \ - $(srcdir)/lxc.container.conf.sgml.in \ - $(srcdir)/lxc.system.conf.sgml.in \ - $(srcdir)/lxc-usernet.sgml.in $(srcdir)/lxc.sgml.in \ - $(srcdir)/common_options.sgml.in $(srcdir)/see_also.sgml.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-attach.sgml lxc-autostart.sgml \ lxc-cgroup.sgml lxc-checkconfig.sgml lxc-checkpoint.sgml \ - lxc-clone.sgml lxc-config.sgml lxc-console.sgml \ + lxc-clone.sgml lxc-config.sgml lxc-console.sgml lxc-copy.sgml \ lxc-create.sgml lxc-destroy.sgml lxc-device.sgml \ lxc-execute.sgml lxc-freeze.sgml lxc-info.sgml lxc-ls.sgml \ lxc-monitor.sgml lxc-snapshot.sgml lxc-start-ephemeral.sgml \ @@ -209,6 +198,25 @@ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(srcdir)/common_options.sgml.in $(srcdir)/lxc-attach.sgml.in \ + $(srcdir)/lxc-autostart.sgml.in $(srcdir)/lxc-cgroup.sgml.in \ + $(srcdir)/lxc-checkconfig.sgml.in \ + $(srcdir)/lxc-checkpoint.sgml.in $(srcdir)/lxc-clone.sgml.in \ + $(srcdir)/lxc-config.sgml.in $(srcdir)/lxc-console.sgml.in \ + $(srcdir)/lxc-copy.sgml.in $(srcdir)/lxc-create.sgml.in \ + $(srcdir)/lxc-destroy.sgml.in $(srcdir)/lxc-device.sgml.in \ + $(srcdir)/lxc-execute.sgml.in $(srcdir)/lxc-freeze.sgml.in \ + $(srcdir)/lxc-info.sgml.in $(srcdir)/lxc-ls.sgml.in \ + $(srcdir)/lxc-monitor.sgml.in $(srcdir)/lxc-snapshot.sgml.in \ + $(srcdir)/lxc-start-ephemeral.sgml.in \ + $(srcdir)/lxc-start.sgml.in $(srcdir)/lxc-stop.sgml.in \ + $(srcdir)/lxc-top.sgml.in $(srcdir)/lxc-unfreeze.sgml.in \ + $(srcdir)/lxc-unshare.sgml.in $(srcdir)/lxc-user-nic.sgml.in \ + $(srcdir)/lxc-usernet.sgml.in $(srcdir)/lxc-usernsexec.sgml.in \ + $(srcdir)/lxc-wait.sgml.in $(srcdir)/lxc.conf.sgml.in \ + $(srcdir)/lxc.container.conf.sgml.in $(srcdir)/lxc.sgml.in \ + $(srcdir)/lxc.system.conf.sgml.in $(srcdir)/see_also.sgml.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ @@ -286,6 +294,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -299,6 +308,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -390,6 +400,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -405,9 +416,10 @@ @ENABLE_DOCBOOK_TRUE@man_MANS = lxc-attach.1 lxc-autostart.1 \ @ENABLE_DOCBOOK_TRUE@ lxc-cgroup.1 lxc-checkconfig.1 \ -@ENABLE_DOCBOOK_TRUE@ lxc-checkpoint.1 lxc-clone.1 lxc-config.1 \ -@ENABLE_DOCBOOK_TRUE@ lxc-console.1 lxc-create.1 lxc-destroy.1 \ -@ENABLE_DOCBOOK_TRUE@ lxc-execute.1 lxc-freeze.1 lxc-info.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-checkpoint.1 lxc-config.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-console.1 lxc-copy.1 lxc-create.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-destroy.1 lxc-device.1 lxc-execute.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-freeze.1 lxc-info.1 lxc-ls.1 \ @ENABLE_DOCBOOK_TRUE@ lxc-monitor.1 lxc-snapshot.1 lxc-start.1 \ @ENABLE_DOCBOOK_TRUE@ lxc-stop.1 lxc-top.1 lxc-unfreeze.1 \ @ENABLE_DOCBOOK_TRUE@ lxc-unshare.1 lxc-user-nic.1 \ @@ -430,7 +442,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/ja/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/ja/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -464,6 +475,8 @@ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-console.sgml: $(top_builddir)/config.status $(srcdir)/lxc-console.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-copy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-copy.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-create.sgml: $(top_builddir)/config.status $(srcdir)/lxc-create.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-destroy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-destroy.sgml.in @@ -921,6 +934,8 @@ pdf-am ps ps-am tags tags-am uninstall uninstall-am \ uninstall-man uninstall-man1 uninstall-man5 uninstall-man7 +.PRECIOUS: Makefile + @ENABLE_DOCBOOK_TRUE@%.1 : %.sgml @ENABLE_DOCBOOK_TRUE@ $(db2xman) --encoding=UTF-8 $< diff -Nru lxc-1.1.5/doc/ja/see_also.sgml.in lxc-2.0.1/doc/ja/see_also.sgml.in --- lxc-1.1.5/doc/ja/see_also.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/ja/see_also.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -41,6 +41,11 @@ , + lxc-copy + 1 + , + + lxc-destroy 1 , diff -Nru lxc-1.1.5/doc/ko/common_options.sgml.in lxc-2.0.1/doc/ko/common_options.sgml.in --- lxc-1.1.5/doc/ko/common_options.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/common_options.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,173 @@ + + + + <!-- Common Options -->공통 옵션 + + + + 이 옵션들은 대부분의 lxc 명령어들에서 공통으로 쓰인다. + + + + + + + + + 사용법을 기존 출력하는 것보다 길게 출력한다. + + + + + + + + + 사용법을 표시한다. + + + + + + + + + + 결과를 표시하지 않는다. + + + + + + + + + + 컨테이너 경로를 직접 지정한다. 기본값은 @LXCPATH@이다. + + + + + + + + + + 로그의 경로를 FILE로 지정한다. 기본값은 로그를 출력하지 않는 것이다. + + + + + + + + + + 로그 수준을 LEVEL로 지정한다. 기본값은 ERROR이다. 사용 가능한 값 : + FATAL, CRIT, + WARN, ERROR, + NOTICE, INFO, + DEBUG. + + + + 이 옵션은 로그 파일에만 적용된다는 사실을 주의해야 한다. stderr로 출력되는 ERROR 로그에는 영향을 끼치지 않는다. + + + + + + + + + + 컨테이너 식별자로 NAME을 사용한다. 컨테이너 식별자의 형식은 알파벳-숫자 문자열이다. + + + + + + + + + + 버전 정보를 표시한다. + + + + + + + + diff -Nru lxc-1.1.5/doc/ko/FAQ.txt lxc-2.0.1/doc/ko/FAQ.txt --- lxc-1.1.5/doc/ko/FAQ.txt 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/FAQ.txt 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,67 @@ + +Troubleshooting: +=============== + + +Error: +------ + +error while loading shared libraries reported after sudo make install +and when trying to run lxc-execute. + +"lxc-execute -n foo -f /usr/local/etc/lxc/lxc-macvlan.conf /bin/bash" + +/usr/local/bin/lxc-execute: error while loading shared libraries: + liblxc-0.5.0.so: cannot open shared object file: No such file or + directory + +Answer: +------- +update the ld cache by running ldconfig. + + + +Error: +------ + +error when starting a container. + +"lxc-start Invalid argument" + +"lxc-execute -n foo -f /usr/local/etc/lxc/lxc-macvlan.conf /bin/bash" +"[syserr] lxc_start:96: Invalid argument - failed to fork into a new +namespace" + +Answer: +------- + +read the lxc man page about kernel version prereq :) most probably +your kernel is not configured to support the container options you +want to use. + + +Error: +------ + +On Ubuntu 8.10, if using the cvs source code rather than +the provided tarball. Then make is failing with many errors +similar to the line below: +========== +../../libtool: line 810: X--tag=CC: command not found +========== + +Answer: +------- + +This is related to a compatibility problem between the shipped +config/ltmain.sh and the libtool version installed on your +Ubuntu 8.10 machine. +You have to replace the config/ltmain.sh from cvs head by the one +from your libtool package, make some cleaning and reissue all +the build process: +========== +cd +cp -f /usr/share/libtool/config/ltmain.sh config/ +rm -f libtool +./bootstrap && ./configure && make && sudo make install +========== diff -Nru lxc-1.1.5/doc/ko/lxc-attach.sgml.in lxc-2.0.1/doc/ko/lxc-attach.sgml.in --- lxc-1.1.5/doc/ko/lxc-attach.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-attach.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,507 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-attach + 1 + + + + lxc-attach + + + + 실행 중인 컨테이너 내에 프로세스를 실행 + + + + + + lxc-attach + -n name + -a arch + -e + -s namespaces + -R + --keep-env + --clear-env + -- command + -L file + + + + + <!-- Description -->설명 + + + + lxc-attachname으로 지정한 컨테이너 내에 command를 실행한다. + 해당 컨테이너는 실행중이어야 한다. + + + + 만약 command가 지정되지 않았다면, lxc-attach가 현재 실행 중인 쉘이 컨테이너 안에도 있는지 검사하고 이를 실행한다. + 만약 컨테이너 안에 사용자가 존재하지 않거나, nsswitch가 제대로 동작하지 않는 경우에는 이 명령이 실패하게 된다. + + + + 이전 버전의 lxc-attach는 단순히 컨테이너의 특정 네임스페이스에 붙어, 쉘을 실행하거나 첫 번째 pseudo 터미널 할당 없이 특정 명령어를 실행하였다. + 이는 다른 특권 수준을 갖는 사용자 영역 컨텍스트 간의 전환후 TIOCSTI ioctl를 호출하여 입력을 가로챌 수 있는 취약점이 있다. + 새로운 버전의 lxc-attach는 쉘이나 명령어를 실행하기 전에, pseudo 터미널 마스터/슬레이브 쌍을 호스트에 할당하고 터미널을 가리키고 있던 표준 입출력 파일 디스크립터들은 슬레이브 pseudo 터미널로 붙인다. + 터미널을 가리키고 있던 표준 입출력 파일 디스크립터가 아예 없었다면, lxc-attach는 pseudo 터미널 할당을 시도하지 않음에 주의해야 한다. 단순히 컨테이너 네임스페이스에 붙어 쉘이나 지정한 명령어만 실행할 뿐이다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 명령어를 실행하는 컨테이너의 아키텍처를 지정한다. + 이 옵션은 컨테이너의 설정파일에서 지정한 옵션과 같은 것만 사용할 수 있다. + + lxc.conf + 5 + 를 참조 바란다. 기본값은 실행 중인 컨테이너의 아키텍처이다. + + + + + + + + + + + + 컨테이너 내부에서 command를 실행할 때 privilege를 제거하지 않는다. + 만약 이 옵션이 지정되었다면, 새로운 프로세스는 컨테이너의 cgroup에 추가되지 않는다. 그리고 실행 전 capability도 제거하지 않는다. + + + + 만약 모든 privilege를 얻고 싶지 않을 경우에는 CGROUP|LSM와 같이 파이프(|)로 구분된 리스트를 사용할 수 있다. 허용되는 값은 CGROUPCAPLSM이다. 각각 cgroup, capability, MAC label을 나타낸다. + (파이프 기호는 CGROUP\|LSM처럼 \로 처리를 해주거나, "CGROUP|LSM"처럼 따옴표를 붙여야 한다.) + + + + 경고 : + 만약 명령어가 attach된 메인프로세스가 종료된 후에, 실행 상태로 남아있는 서브프로세스를 시작하려고 한다면, 컨테이너 내부로 privilege 누수가 발생할 수 있다. + 컨테이너 내에서 데몬을 시작(또는 재시작)하는 것은 문제가 될 수 있다. 특히 만약 데몬이 많은 서브프로세스 를 실행하는 경우라면, 예를 들어 cronsshd와 같은 경우는 문제가 될 수 있다. + 충분한 주의를 기울여서 사용하여야 한다. + + + + + + + + + + + + 붙일 네임스페이스를 지정한다. NETWORK|IPC와 같이 파이프(|)로 구분된 리스트를 사용할 수 있다. 허용되는 값은 MOUNT, PID, UTSNAME, IPC, USER , NETWORK이다. 이를 사용하여, 컨테이너의 네트워크 네임스페이스를 사용하면서도 다른 네임스페이스는 호스트의 것을 그대로 사용하는 등의 조작이 가능하다. + (파이프 기호는 MOUNT\|PID처럼 \로 처리를 해주거나, "MOUNT|PID"처럼 따옴표를 붙여야 한다.) + + + + 중요 : 이 옵션은 옵션을 포함하고 있다. + + + + + + + + + + + + 를 사용하여 마운트 네임스페이스를 포함하지 않았을 때, 이 플래그는 lxc-attach/proc/sys를 remount 하게 만든다. + 이는 현재와 다른 네임스페이스 컨텍스트를 반영시키기 위함이다. + + + + 좀더 자세한 설명은 주의섹션을 참고하면 된다. + + + + 만약 마운트 네임스페이스에 attach하려고 한다면, 이 옵션은 무시된다. + + + + + + + + + + + + 현재의 환경변수를 attach될 프로그램에도 그대로 적용한다. 이것은 현재 기본 동작이지만 (버전 0.9에서), 향후에 충분히 바뀔 수도 있다. 왜냐하면, 이것은 컨테이너에게 바람직하지 않은 정보를 넘겨줄 수 있는 위험성이 있기 때문이다. 따라서 이 기능에 의존하고 있다면, 향후에도 이를 보장할 수 있도록 이 옵션을 사용하는 것이 좋다. 또한 현재 환경 변수와 더불어, container=lxc도 설정된다. + + + + + + + + + + + + attach하기 전에 모든 환경변수를 지운다. + 이를 통해 바람직하지 않은 환경변수 누출을 막을 수 있다. container=lxc 만이 attach된 프로그램이 실행되기 전에 설정되는 유일한 환경변수이다. + + + + + + + + + + + + lxc-attach의 출력을 기록할 파일을 지정한다. + + + + 중요: 표준 입출력 파일 디스크립터가 pty를 참조하지 않으면, 기록되지 않는다. + + + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + 존재하는 컨테이너의 내부에 새로운 쉘을 실행한다. + + lxc-attach -n container + + + + + 실행중인 Debian 컨테이너의 cron 서비스를 재시작한다. + + lxc-attach -n container -- /etc/init.d/cron restart + + + + + NET_ADMIN capability없이 실행중인 컨테이너의 네트워크 링크 eth1을 비활성화하였다. 옵션을 사용하여 capability를 높였고, ip 툴이 설치되어있다고 가정하였다. + + lxc-attach -n container -e -- /sbin/ip link delete eth1 + + + + + + <!-- Compatibility -->호환성 + + + (pid와 마운트 네임스페이스를 포함한) attach가 동작하기 위해서는 커널의 버전이 3.8 이상이거나 패치가 적용된 커널이어야 한다. 좀더 자세히 보려면 lxc 웹사이트를 참고하면 된다. lxc-attach는 패치되지 않은 커널 버전 3.7 이하면 실패된다. + + + + 그러나 를 사용하여 NETWORK, IPC, UTSNAME 네임스페이스 들만 지정한다면, 패치되지 않은 커널 3.0 이상에서도 성공적으로 동작한다. + + + + 사용자 네임스페이스에 attach하기 위해서는 커널 버전이 3.8 이상이어야 하고 사용자 네임스페이스가 활성화되어야 한다. + + + + + <!-- Notes -->주의 + + + 리눅스의 /proc/sys 파일시스템은 네임스페이스의해 영향받는 몇가지 정보들을 포함하고 있다. 예를 들어 /proc의 프로세스 id로 된 폴더들이나 /sys/class/net의 네트워크 인터페이스 정보 등이다. +의사파일시스템을 마운트하는 프로세스의 네임스페이스가 여기에 어떤 정보를 표시할지 결정하는 것이지, /proc 또는 /sys에 접근하는 프로세스의 네임스페이스가 결정하는 것은 아니다. + + + + 를 사용하여 컨테이너의 pid 네임스페이스에만 attach 시키고 마운트 네임스페이스(컨테이너의 /proc는 포함하고, 호스트의 것은 포함하지 않는)는 attach 시키지 않는 경우, 의 내용은 컨테이너의 것이 아닌 호스트의 것이 된다. +네트워크 네임스페이스만을 연결하고 /sys/class/net의 내용을 읽을 때도 같은 현상이 있다. + + + + 이러한 문제를 해결하기 위해, 옵션이 제공된다. 해당 옵션은 attach되는 프로세스의 네트워크/pid 네임스페이스를 반영하기 위해 /proc/sys를 다시 마운트한다. +호스트의 실제 파일시스템에 방해가 되지 않기 위해 마운트 네임스페이스는 공유되지 않는다(lxc-unshare의 동작과 비슷). /proc/sys 파일시스템을 제외하고 호스트 마운트 네임스페이스와 동일한 새로운 마운트 네임스페이스가 주어지게 된다. + + + + + 이전 버전의 lxc-attach는 몇몇 중요한 서브시스템에 쓰기가 가능한 cgroup 내에 없더라도, 사용자가 컨테이너의 네임스페이스에 연결할 수 있는 버그가 있었다. + 새로운 버전의 lxc-attach는 현재 사용자가 몇몇 중요한 서브시스템에 쓰기 권한이 있는 cgroup에 속하는지 여부를 검사한다. 그러므로 lxc-attach는 사용자에 따라 실패하는 경우도 있다. (예를 들어, 로그인 시 비특권 사용자가 중요 서브시스템에 쓰기가 가능한 cgroup에 위치하지 않은 경우) 하지만 이러한 동작은 정확한 것이고 더 안전한 것이다. + + + + + <!-- Security -->보안 + + + 옵션을 사용할때는 주의해야 한다. 잘못 사용하게 하면 컨테이너들 간의 고립(isolation)을 깨트릴 수 있다. + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-autostart.sgml.in lxc-2.0.1/doc/ko/lxc-autostart.sgml.in --- lxc-1.1.5/doc/ko/lxc-autostart.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-autostart.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,350 @@ + + + + +]> + + + @LXC_GENERATE_DATE@ + + lxc-autostart + 1 + + + + lxc-autostart + + + + 자동시작하게 설정된 컨테이너의 시작/종료/강제종료 + + + + + + lxc-autostart + -k + -L + -r + -s + -a + -A + -g groups + -t timeout + + + + + <!-- Description -->설명 + + + + lxc-autostart는 lxc.start.auto가 설정되어 있는 컨테이너들을 다룬다. + 사용자가 컨테이너의 시작, 종료, 강제종료, 재시작의 순서와 대기 시간을 정할 수 있게 해준다. + lxc.group으로 필터링하거나 모든 정의된 컨테이너를 실행하는 등의 동작을 지원한다. + 또한 리스트 모드를 통해 외부 툴이 이를 사용할 수 있고, 대상 컨테이너의 리스트와 대기시간 등을 얻어올 수 있다. + + + + + -r, -s, -k 옵션은 어떤 동작을 수행할지 지정해 줄 수 있다. 만약 아무것도 지정하지 않았다면, 컨테이너를 시작한다. + -a, -g는 어떤 컨테이너를 대상으로 할지 지정한다. 기본적으로 lxc.group가 지정되지 않은 컨테이너들이 대상이 된다. + -t TIMEOUT은 컨테이너가 종료나 재부팅을 마칠 때까지 기다릴 최대 시간을 지정한다. + + + + + <!-- Options -->옵션 + + + + + + + + + 컨테이너가 재부팅하도록 요청한다. + + + + + + + + + + + + 깔끔한 종료를 요청한다. 만약 -t timeout가 0보다 크고 컨테이너가 그 기간안에 종료되지 않는다면 -k kill 옵션과 같은 동작을 수행하여 강제종료 한다. + + + + + + + + + + + + 깔끔한 종료를 요청하는 것이 아니라 컨테이너의 모든 태스크들을 명시적으로 강제종료 시킨다. + + + + + + + + + + + + 실제 동작은 수행하지 않고, 단지 컨테이너의 이름과 다음 컨테이너를 시작할 때까지의 대기시간들을 표시한다. + + + + + + + + + + + + 컨테이너가 강제종료되기 전까지 TIMEOUT 초만큼 기다린다. + + + + + + + + + + + + 쉼표(,)로 구분된 선택할 그룹의 리스트. + (기본값은 lxc.group이 없는 것이다 - NULL 그룹) + + 이 옵션은 여러번 지정될 수 있으며, 각 옵션들은 연결될 수 있다. NULL 또는 빈 그룹은 첫번째 쉼표, 맨 뒤의 쉼표, 두개의 쉼표 등으로 지정할 수 있다. 그룹들은 지정한 순서대로 처리된다. 여러번 호출된 -g 옵션과 콤마로 구분된 목록들은 자유롭게 혼용하여 사용 할 수 있다. + + + + + + + + + + + + lxc.group를 무시하고 모든 자동 시작하게 설정된 컨테이너들을 선택한다. + + + + + + + + + + + + lxc.start.auto 옵션을 무시하고 시스템의 모든 컨테이너를 선택한다. + + + + + + + + <!-- Autostart and System Boot -->자동시작과 시스템 부팅 + + + + 부팅과 종료시 호스트의 시스>템에서 실행되도록 활성화 되어있을 때, lxc-autostart 명령어는 LXC 시스템 서비스의 일부로 사용된다. 어떤 컨테이너를 어떤 순서로 얼마만큼 간격을 두어 시작할지 선택하는데 사용된다. + + + + + 각각의 컨테이너는 여러 그룹에 속할수도 있고 아무그룹에도 속하지 않을 수 있다. 두개의 그룹은 특수한데, 하나는 NULL 그룹이고 컨테이너가 아무그룹에도 속하지 않을때 사용된다. 그리고 나머지 하나는 "onboot" 그룹이다. + + + + + LXC 서비스가 활성화된 상태로 시스템이 부팅될 때, 먼저 lxc.start.auto == 1이고 "onboot" 그룹인 컨테이너들을 시작하려고 시도한다. 시작과정은 lxc.start.order의 순서대로 이루어진다. + 만약 lxc.start.delay가 지정 되었다면, 다음 컨테이너를 시작하려고 시도하기 전, 현재 컨테이너의 초기화 및 호스트 시스템의 부하를 줄이기 위해서 지연시간을 준다. + "onboot" 그룹의 멤버들을 시작시킨 후, LXC 시스템은 lxc.start.auto == 1이고 어떤 그룹에도 속하지 않은(NULL 그룹) 컨테이너들을 시작한다. + + + + + <!-- Startup Group Examples -->시작 그룹 예제 + + + + + + + + + 먼저 "onboot" 그룹을 실행하고 NULL 그룹을 실행한다. + + + + 이것은 다음과 같다 : + + + + + + + + + + + 첫번째로 dns 그룹을 실행하고, web 그룹을 두번째로 실행하고, NULL그룹을 실행한 뒤, "onboot" 그룹을 실행한다. + + + + 이것은 다음과 같다 : 또는 + + + + + + + &seealso; + + + <!--Author-->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-cgroup.sgml.in lxc-2.0.1/doc/ko/lxc-cgroup.sgml.in --- lxc-1.1.5/doc/ko/lxc-cgroup.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-cgroup.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,206 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-cgroup + 1 + + + + lxc-cgroup + + + + 컨테이너와 관련된 컨트롤 그룹 관리 + + + + + + lxc-cgroup + -n name + state-object + value + + + + + <!-- Description -->설명 + + + + lxc-cgroup는 지정한 서브시스템(예를 들어 'cpuset')의 컨테이너 cgroup의 state-object (예를들어 'cpuset.cpus')의 값을 얻어오거나 설정한다. + 만약 value가 지정되지 않았다면, state-object의 현재 값을 표시한다. 지정한 경우에는 해당 값으로 설정한다. + + + + + lxc-cgroupstate-object가 실행중인 커널에서 사용가능한지 검사하지 않는 것을 주의해야 한다. 또한 지정한 서브시스템이 마운트된 cgroup에 포함이 되어 있는지도 검사하지 않는다. + + + + + + <!-- Options -->옵션 + + + + + + + + + + cgroup의 state object 이름을 지정한다. + + + + + + + + + + + + cgroup의 state object에 설정할 값을 지정한다. + + + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + lxc-cgroup -n foo devices.list + + + + 허용된 디바이스를 표시한다. + + + + + + lxc-cgroup -n foo cpuset.cpus "0,3" + + + + 프로세서 0과 3을 컨테이너에게 할당한다. + + + + + + + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 컨테이너가 실행중이 아니다. + + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-checkconfig.sgml.in lxc-2.0.1/doc/ko/lxc-checkconfig.sgml.in --- lxc-1.1.5/doc/ko/lxc-checkconfig.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-checkconfig.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,112 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-checkconfig + 1 + + + + lxc-checkconfig + + + + 현재 커널의 lxc 지원 여부 검사 + + + + + + lxc-checkconfig + + + + + <!-- Description -->설명 + + + lxc-checkconfig는 현재 커널이 lxc를 지원하는지 검사한다. + + + + + <!-- Examples -->예제 + + + lxc-checkconfig + + + + 현재 커널을 검사한다. + CONFIG 환경 변수를 이용하여 다른 위치를 설정할 수 있다. + (역주 : 기본값은 /proc/config.gz 이다. Kernel compile option에서 Enable access to .config through /proc/config.gz를 체크하여야 한다) + + + + + + + &seealso; + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-checkpoint.sgml.in lxc-2.0.1/doc/ko/lxc-checkpoint.sgml.in --- lxc-1.1.5/doc/ko/lxc-checkpoint.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-checkpoint.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,230 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-checkpoint + 1 + + + + lxc-checkpoint + + + + 컨테이너의 체크포인트 생성 및 복원 + + + + + + lxc-checkpoint + -n name + -D PATH + -r + -s + -v + -d + -F + + + + + <!-- Description -->설명 + + + lxc-checkpoint 는 컨테이너의 체크포인트를 생성 및 복원을 수행한다. + (역주 : 이 명령어를 사용하기 위해서는 CRIU(Checkpoint/Restore In Userspace)라는 툴이 반드시 필요하다, 컨테이너의 실행상태를 대상으로 한다는 점에서 lxc-snapshot와는 다르다) + + + + + <!-- Options -->옵션 + + + + + + + + + + 컨테이너의 상태를 저장하는 것 대신에 체크포인트로 복원을 수행한다. + 이 옵션은 과 같이 사용될 수 없다. + + + + + + + + + + + + 체크포인트 메타데이터를 저장할 디렉토리를 지정한다. + + + + + + + + + + + + 컨테이너의 상태를 저장한 후 컨테이너를 중지한다. 이 옵션은 과 같이 사용될 수 없다. + + + + + + + + + + + + CRIU 로그 기록을 자세하게 한다. + + + + + + + + + + + + 컨테이너 복원을 백그라운드에서 수행한다. (이것이 기본으로 되어있다) + 옵션이랑만 사용가능하다. + + + + + + + + + + + + 컨테이너 복원을 포그라운드에서 수행한다. 옵션이랑만 사용가능하다. + + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + + lxc-checkpoint -n foo -D /tmp/checkpoint + + + + foo 컨테이너의 체크포인트를 /tmp/checkpoint 디렉토리에 생성한다. + + + + + + lxc-checkpoint -r -n foo -D /tmp/checkpoint + + + + foo 컨테이너를 /tmp/checkpoint 디렉토리에 있는 체크포인트로 복원한다. + + + + + + + + &seealso; + + + <!-- Author -->저자 + Tycho Andersen tycho.andersen@canonical.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-clone.sgml.in lxc-2.0.1/doc/ko/lxc-clone.sgml.in --- lxc-1.1.5/doc/ko/lxc-clone.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-clone.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,377 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-clone + 1 + + + + lxc-clone + + + + 존재하는 컨테이너를 새로운 컨테이너로 복제 + + + + + + lxc-clone + -s + -K + -M + -H + -B backingstore + -L fssize + -p lxcpath + -P newlxcpath + -R + -o orig + -n new + -- hook arguments + + + lxc-clone + -s + -K + -M + -H + -B backingstore + -L fssize + -p lxcpath + -P newlxcpath + -R + orig + new + -- hook arguments + + + + + <!-- Description -->설명 + + + + lxc-clone는 존재하는 컨테이너를 복제하여 새로운 컨테이너를 생성한다. 복사, 스냅샷의 두가지 형태의 복제가 지원된다. + 복사는 원본 컨테이너의 루트 파일시스템을 그대로 새 컨테이너로 복사한다.. + 스냅샷은 저장소의 스냅샷 기능을 이용하여 원본 컨테이너의 copy-on-write 형태로 매우 작은 스냅샷을 생성한다. 스냅샷을 사용하기 위해서는 새 컨테이너의 저장소가 스냅샷 기능을 지원하여야 한다. 현재 스냅샷 기능을 지원하는 것은 aufs, btrfs, lvm, overlayfs, zfs 정도이다. lvm은 스냅샷의 스냅샷은 지원하지 않는다. + + + + + 오버레이 컨테이너들을 제외하면, 새 컨테이너의 저장소는 원본과 같은 종류를 사용한다. + aufs와 overlayfs의 스냅샷은 디렉토리로 구성된 컨테이너로 생성할 수 있다. overlayfs의 경우 -B overlayfs 인수를 통해 이를 지정할 수 있다. + + + + + 원본 컨테이너와 새 컨테이너의 이름은 모든 옵션 뒤에 원본, 새 컨테이너 순으로 지정할 수 있다. 또는 -o-n 옵션을 사용하여 지정할 수 있다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 새로 생성하는 컨테이너의 루트 파일시스템은 원본의 스냅샷으로 한다. 이 옵션은 저장소가 lvm, btrfs, zfs 일때 지정할 수 있다. 또한 aufs나 overlayfs를 이용한 스냅샷을 원할때만 지정해야 한다. + + + + + + + + + + + + (루트 파일시스템에서) 컨테이너의 호스트 이름을 변경하지 않는다. + + + + + + + + + + + + 새로 무작위한 주소를 만들지 않고, 원본과 같은 MAC 주소를 사용한다. + + + + + + + + + + + + 모든 마운트 훅들을 새 컨테이너의 디렉토리로 복사한다. 그리고 lxcpath와 컨테이너 이름을 필요에 따라 갱신한다. + + + + + + + + + + + + 블록장치로 구성된 컨테이너의 경우, 새로운 블록 장치의 크기. + 기본으로 새 디바이스는 원본과 같은 크기로 만들어진다. + + + + + + + + + + + + 원본 컨테이너의 lxcpath. 기본값은 시스템 전역으로 설정되어 잇는 lxcpath를 사용한다. + + + + + + + + + + + + 새로 생성될 컨테이너의 lxcpath. + 기본값은 원본 컨테이너의 lxcpath와 같다. + btrfs의 스냅샷의 경우 lxcpath 변경이 불가능 할 수 있음을 주의해야 한다. 왜냐하면 서브볼륨 스냅샷이 같은 btrfs 파일시스템 내에 있어야 하기 때문이다. + + + + + + + + + + + + 새 컨테이너의 저장소를 선택한다. + 기본 값은 원본 컨테이너가 쓰던 것과 같은 것으로 되어 있다. + 현재 저장소를 다른 것으로 변경하는 것은 디렉토리로 구성된 컨테이너의 aufs와 overlayfs 스냅샷에서만 지원된다. + 가능한 값은 dir(디렉토리), aufs, btrfs, lvm zfs, loop 그리고 ovelayfs 이다. + + + + + + + + + + + + 컨테이너의 이름을 변경한다. orignew로 이름을 바꾼다. + + + + + + + + + + + + + 복제할 원본 컨테이너의 이름. + + + + + + + + + + + + 생성할 새 컨테이너의 이름. + + + + + + + + + + + Clone hook + + + 만약 복제되는 컨테이너가 1개 이상의 lxc.hook.clone을 지정했다면, 지정된 훅은 새 컨테이너가 생성될 때 실행될 것이다. + 먼저 컨테이너 이름, 섹션('lxc'), 훅 종류('clone') 3개의 인수가 복제 훅에 전달 된다. 그리고 4번째 인수 부터는 lxc-clone로 넘겨줄 수 있다. + LXC_ROOTFS_MOUNT 환경변수는 컨테이너의 루트 파일시스템이 마운트되어 있는 경로를 넘겨준다. + 새 컨테이너의 이름은 LXC_NAME 변수에, 이전 컨테이너의 이름은 LXC_SRC_NAME 환경변수에 담겨 있다. 그리고 루트 파일시스템이 위치하고 있는 곳은 LXC_ROOTFS_PATH로 넘겨준다. + + + + + <!-- Notes -->주의 + + + lxc-clonelxc-copy로 대체되었으며, 제거될 예정이다. + + + + &seealso; + + + <!-- Author -->저자 + Serge Hallyn serge.hallyn@ubuntu.com + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-config.sgml.in lxc-2.0.1/doc/ko/lxc-config.sgml.in --- lxc-1.1.5/doc/ko/lxc-config.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-config.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,129 @@ + + + + +]> + + + @LXC_GENERATE_DATE@ + + lxc-config + 1 + + + + lxc-config + + + + LXC 시스템 설정 얻어오기 + + + + + + lxc-config + -l + item + + + + + <!-- Description -->설명 + + + + lxc-config는 lxc 시스템 설정을 보여준다. 가능한 모든 항목의 이름을 나열하기도 하고 각각의 항목들에 설정되어 잇는 값을 보여주기도 한다. + + + + + <!-- Options -->옵션 + + + + + + + + + 지원되는 모든 항목의 이름을 나열한다. + + + + + + + + + + + + 지정한 항목에 설정되어 있는 값을 표시한다. + + + + + + + &seealso; + + + <!--Author-->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc.conf.sgml.in lxc-2.0.1/doc/ko/lxc.conf.sgml.in --- lxc-1.1.5/doc/ko/lxc.conf.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc.conf.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,193 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc.conf + 5 + + + + lxc.conf + + + + LXC 설정파일 + + + + + <!-- Description -->설명 + + + + LXC 설정파일은 컨테이너 설정과 시스템 설정의 2부분으로 나뉜다. + + + + <!-- Container configuration -->컨테이너 설정 + + + 컨테이너 설정은 컨테이너 디렉토리의 config로 설정한다. + + + + + 기본 설정은 컨테이너 생성 시간에 템플릿이 제공해 주는 설정과 default.conf 파일에 있는 추가 설정들로 생성된다. + + + + + default.conf 파일은 @LXC_DEFAULT_CONFIG@에 위치하고 있다. + 비특권 컨테이너의 경우에는 ~/.config/lxc/default.conf에 위치하고 있다. + + + + + 이 파일의 자세한 사용법은 아래를 참고하면 된다. + + lxc.container.conf + 5 + + + + + + <!-- System configuration -->시스템 설정 + + + 시스템 설정은 @LXC_GLOBAL_CONF@에 위치하고 있다. 비특권 컨테이너의 경우는 ~/.config/lxc/lxc.conf에 위치하고 있다. + + + + + 이 설정파일은 LXC 기본 경로 및 저장소 백엔드 설정과 같은 값들을 설정할 때 사용한다. + + + + + 이 파일의 자세한 사용법은 아래를 참고하면 된다. + + lxc.system.conf + 5 + + + + + + + <!-- See Also -->참조 + + + lxc + 1 + , + + lxc.container.conf + 5 + , + + lxc.system.conf + 5 + , + + lxc-usernet + 5 + + + + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-console.sgml.in lxc-2.0.1/doc/ko/lxc-console.sgml.in --- lxc-1.1.5/doc/ko/lxc-console.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-console.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,208 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-console + 1 + + + + lxc-console + + + + 지정한 컨테이너의 콘솔 실행 + + + + + + lxc-console + -n name + -e escape character + -t ttynum + + + + + <!-- Description -->설명 + + + + 만약 파라미터로 지정한 컨테이너의 tty 서비스가 제대로 설정되어 있고 사용가능한 상태라면, 이 명령어는 컨테이너에 로그인 할 수 있는 콘솔을 실행한다. + + + + + 사용가능한 tty는 이 명령어로 얻어올 수 있는 빈 슬롯을 의미한다. + 즉, 만약 컨테이너가 4개의 tty가 사용가능하고 명령어가 4번 실행하여 각각 다른 tty를 얻어왔다면, 다섯번째 명령은 실패할 것이다. 왜냐하면 가능한 콘솔이 없기 때문이다. + + + + + 명령어는 tty에 연결한다. 연결이 끊어지면, 명령어는 다시 실행되어 연결 끊기기 이전 상태에서 tty를 얻어오려고 시도한다. + + + + + ttynum가 0으로 지정되어 있으면, 컨테이너의 /dev/console에 연결한다. 그렇지 않으면 dev/tty<ttynum>에 연결한다. + + + + + tty 접속을 끊고 lxc-console을 나가고 싶다면 키보드 이스케이프 키를 이용하면 된다. 기본키는 <Ctrl+a q>이다. + + + + + + <!-- Options -->옵션 + + + + + + + + + + <Ctrl a> 대신에 사용할 이스케이프 키 prefix를 지정한다. + '^문자' 또는 '문자'로 지정 가능하다. + 예를 들어 <Ctrl+b q>를 사용하고 싶다면, -e '^b'와 같이 지정하면 된다. + + + + + + + + + + + 연결하고자 하는 tty의 번호 또는 콘솔 연결을 위해 0을 지정한다. + 지정하지 않으면, 다음으로 사용가능한 tty 번호를 컨테이너가 자동으로 선택한다. + + + + + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + tty service denied + + + + 사용가능한 tty가 없거나 콘솔을 사용하기에 충분한 privilege가 없다. + 예를 들면, 컨테이너가 "foo" 사용자 소유인데 "bar"가 콘솔을 열려고 하는 경우이다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc.container.conf.sgml.in lxc-2.0.1/doc/ko/lxc.container.conf.sgml.in --- lxc-1.1.5/doc/ko/lxc.container.conf.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc.container.conf.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,2650 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc.container.conf + 5 + + + + lxc.container.conf + + + + LXC 컨테이너 설정파일 + + + + + <!-- Description -->설명 + + + + linux 컨테이너(lxc)는 항상 사용하기 전에 생성된다. + 생성 작업은 가상화할 자원 및 컨테이너 내에서 실행되는 프로세스로부터 고립할 시스템 자원들을 정의하는 것이다. + 기본적으로 pid, sysv ipc, 마운트 포인트가 가상화되고 고립된다. 명시적으로 설정파일에서 정의되기 전까지, 다른 시스템 자원들은 컨테이너 간에 공유된다. 예를 들어, 네트워크 설정이 되어 있지 않다면, 컨테이너 생성한 쪽과 컨테이너 간에 네트워크를 서로 공유할 것이다. 그러나 네트워크가 지정이되었다면, 컨테이너를 위해 새로운 네트워크 스택이 생성된다. 그리고 컨테이너는 더이상 그를 생성한 쪽과 네트워크를 공유하지 않는다. + + + + + 설정파일은 컨테이너에 할당될 시스템 자원들을 정의한다. 현재는 utsname, 네트워크, 마운트포인트, 루트 파일시스템, 사용자 네임스페이스 그리고 컨트롤 그룹이 지원된다. + + + + + 설정파일의 옵션은 key = value의 한 줄로 이루어져 있다. + '#' 문자를 앞에 붙여 주석임을 나타낼 수 있다. capability와 cgroup 옵션과 같은 리스트 옵션들은, 값을 지정하지 않고 사용할 수 있다. 값이 지정되지 않은 경우 이전에 설정했던 모든 값들을 지운다. + + + + <!-- Configuration -->설정 + + + 연관된 컨테이너들을 쉽게 관리하기 위해서, 컨테이너 설정파일은 다른 파일을 불러올 수 있다. 예를 들어서, 네트워크 설정은 여러 컨테이너들을 위해 공통된 하나의 파일로 정의될 수 있다. 그리고 만약 컨테이너들이 다른 호스트로 이동된다면, 해당 파일 하나만 수정하면 된다. + + + + + + + + + + + include할 파일을 지정한다. + include할 파일은 lxc 설정파일의 형식에 부합하여야 한다. + + + + + + + + <!-- Architecture -->아키텍처 + + + 컨테이너에 아키텍처를 지정할 수 있다. 예를 들어, 64비트 호스트에서 32비트 바이너리를 실행하는 컨테이너라면 32비트 아키텍처로 지정할 수 있다. 패키지를 다운로드 받는 등의 작업을 수행하는 아키텍처에 의존적인 컨테이너 스크립트가 잘 동작할 수 있도록 해준다. + + + + + + + + + + + 컨테이너의 아키텍처를 지정한다. + + + + 가능한 옵션은 아래와 같다. + , + , + , + + + + + + + + + + <!-- Hostname -->호스트 이름 + + + utsname 섹션은 컨테이너 내에서 설정할 호스트 이름을 정의한다. 컨테이너는 시스템의 호스트 이름을 변경하지 않고도 자신의 호스트 이름을 변경할 수 있다. 즉, 컨테이너마다 호스트 이름을 설정할 수 있다. + + + + + + + + + + 컨테이너의 호스트 이름을 지정한다. + + + + + + + + <!-- Halt signal -->종료 시그널 + + + lxc-stop이 컨테이너를 깨끗이 종료를 시키기 위해서 보낼 시그널의 이름이나 숫자를 지정할 수 있다. + init 시스템마다 깨끗한 종료를 위해 각기 다른 시그널을 사용할 수 있다. + 이 옵션은 kill(1)에서 사용하는 것 처럼 시그널을 지정할 수 있다. 예를 들어 SIGPWR, SIGRTMIN+14, SIGRTMAX-10 또는 숫자를 지정할 수 있다. 기본 시그널은 SIGPWR이다. + + + + + + + + + + 컨테이너를 종료할 때 사용할 시그널을 지정한다. + + + + + + + + <!-- Reboot signal -->재부팅 시그널 + + + lxc-stop이 컨테이너를 재부팅하기 위해 보낼 시그널의 이름이나 숫자를 지정할 수 있다. + 이 옵션은 kill(1)에서 사용하는 것 처럼 시그널을 지정할 수 있다. 예를 들어 SIGINT, SIGRTMIN+14, SIGRTMAX-10 또는 숫자를 지정할 수 있다. 기본 시그널은 SIGINT이다. + + + + + + + + + + 컨테이너를 재부팅할 때 사용할 시그널을 지정한다. + + + + + + + + <!-- Stop signal -->강제종료 시그널 + + + lxc-stop이 컨테이너를 강제종료하기 위해 보낼 시그널의 이름이나 숫자를 지정할 수 있다. + 이 옵션은 kill(1)에서 사용하는 것 처럼 시그널을 지정할 수 있다. 예를 들>어 SIGKILL, SIGRTMIN+14, SIGRTMAX-10 또는 숫자를 지정할 수 있다. 기본 시그널은 SIGKILL이다. + + + + + + + + + + 컨테이너를 강제종료할 때 사용할 시그널을 지정한다. + + + + + + + + <!-- Init command -->Init 명령어 + + + 컨테이너의 init으로 사용할 명령어를 설정한다. + 이 옵션은 lxc-execute을 사용할 때는 무시된다. + 기본값은 /sbin/init이다. + + + + + + + + + + init으로 사용할 바이저리의 컨테이너 루트 파일시스템에서의 절대 경로. + + + + + + + + <!-- Init ID -->Init이 사용할 ID + + + lxc-execute가 실행하는 컨테이너의 init 및 명령어가 사용할 UID/GID를 지정한다. + + + 이 옵션들은 lxc-execute가 사용자 네임스페이스 안에서 실행될 때만 적용된다. + + + 기본 값: UID(0), GID(0) + + + + + + + + + + init이 사용자 네임스페이스 안에서 사용할 UID. + + + + + + + + + + + init이 사용자 네임스페이스 안에서 사용할 GID. + + + + + + + + <!-- Ephemeral -->임시 컨테이너 + + + 컨테이너가 종료될 때, 해당 컨테이너를 제거할지 여부를 지정할 수 있다. + + + + + + + + + + 지정 가능한 값은 0 또는 1이다. 1로 설정하면, 컨테이너를 종료할 때 해당 컨테이너를 제거한다. + + + + + + + + <!-- Network -->네트워크 + + + 네트워크 섹션은 어떻게 네트워크를 컨테이너 내에서 가상화할지를 정의한다. + 네트워크 가상화는 2개의 계층으로 동작한다. + 네트워크 가상화를 위해서, 컨테이너의 네트워크 인터페이스가 인수로 지정되어야 한다. 시스템이 하나의 물리적인 네트워크 인터페이스를 갖고 있어도, 컨테이너 내에서 여러개의 가상화 인터페이스들을 사용할 수 있다. + + + + + + + + + + 값을 지정하지 않고 사용하여 이전에 설정했던 모든 네트워크 옵션들을 초기화할 수 있다. + + + + + + + + + + + 컨테이너가 어떤 종류의 네트워크 가상화를 사용할지 지정한다. + 필드부터 새로운 네트워크 설정이 시작된다. 이 방법으로 여러개의 네트워크 가상화 형태를 같은 컨테이너에 지정할 수 있다. 그리고 여러개의 네트워크 인터페이스를 하나의 컨테이너에 지정할 수도 있다. + 지정 가능한 형태는 아래와 같다. + + + + + 호스트의 네트워크 네임스페이스를 공유한다. 이렇게 하면 호스트의 네트워크 장치를 컨테이너 내에서 사용가능하다. + 컨테이너와 호스트 둘다 init에서 upstart를 사용하는 경우, (예를 들어) 컨테이너에서 'halt'를 하면, 호스트의 것도 종료된다. + + + + + 는 루프백 인터페이스만 생성한다. + + + + + 한 쪽은 컨테이너로, 다른 한쪽은 옵션으로 지정한 브리지로 붙은 가상 이더넷(veth) 장치 쌍을 생성한다. + 만약 브리지가 지정되지 않았다면, 어떤 브리지에도 붙지 않은 veth 장치 쌍을 만든다. 브리지는 컨테이너 시작전에 시스템에서 생성해야 한다. + lxc는 컨테이너 이외의 설정에 대해서는 다루지 않는다. 기본값으로 lxc는 컨테이너 바깥에 속할 네트워크 디바이스의 이름을 정해준다. 이름을 변경하기 원한다면, lxc가 지정한 이름으로 설정하도록 옵션을 사용하여야 한다. (비특권 컨테이너는 불가능하다. 이 옵션은 보안상의 이유로 무시될 것이다) + + + + + vlan 인터페이스는 로 지정한 인터페이스에 연결되고, 컨테이너로 할당된다. vlan의 식별자는 옵션으로 지정한다. + + + + + macvlan 인터페이스는 로 지정한 인터페이스에 연결되고, 컨테이너로 할당된다. + 은 같은 상위 디바이스에 있는 다른 macvlan과 통신할 때 사용하는 모드를 지정한다. + 지정할 수 있는 모드는 이다. + 모드는 디바이스가 같은 상위디바이스의 어떤 장치와도 통신하지 않는다. (기본값) + 새로운 가상 이더넷 포트 통합모드(Virtual Ethernet Port Aggregator), 즉 모드는 인접한 브리지가 소스와 목적지가 로컬인 모든 프레임들을 macvlan 포트로 반환한다고 가정한다. 즉, 브리지가 reflective relay로 설정되어 있다는 것이다. + 상위장치에서 들어오는 브로드캐스트 프레임들은 모든 macvlan 인터페이스에게 보내져버린다. 로컬 프레임들은 로컬로 보내지지 않는다. + 모드는 같은 포트의 다른 macvlan 인터페이스 사이에 간단한 브리지를 제공한다. + 어떤 인터페이스에서 다른 인터페이스로 프레임은 직접 전달된다. 하지만 외부로는 보내지지 않는다. + 브로드캐스트 프레임들은 모든 다른 브리지 포트들과 외부 인터페이스에 전달된다. + 그러나 reflective relay로 다시 돌아왔을 때는, 그것들을 다시 전송하지 않는다. + 모든 MAC 주소를 알기 때문에, macvlan 브리지모드는 브리지 모듈처럼 학습이나 STP를 요구하지 않는다. + 모드는 물리 인터페이스로 부터 받은 모든 프레임들을 macvlan 인터페이스로 포워딩한다. + 모드만이 하나의 물리 인터페이스를 설정하는게 가능하다. + + + + + 로 지정한 이미 존재하는 인터페이스를 컨테이너로 할당된다. + + + + + + + + + + + + 네트워크에 수행할 작업을 지정한다. + + + + + 인터페이스를 활성화시킨다. + + + + + + + + + + + + 실제 네트워크 트래픽에 사용할 인터페이스를 지정한다. + + + + + + + + + + + + 해당 인터페이스의 최대 전송 단위(MTU)를 지정한다. + + + + + + + + + + + + 인터페이스 이름은 동적으로 할당된다. + 그러나, 컨테이너가 일반적으로 사용하는 이름과 다른 이름이 필요하다면, (예: eth0) 이 옵션은 컨테이너 내에 있는 인터페이스의 이름을 지정한 것으로 변경할 수 있다. + + + + + + + + + + + + 가상 인터페이스의 MAC 주소는 기본적으로 동적 할당된다. 그러나 몇몇가지 이유로 MAC 주소 충돌 문제를 해결하거나, 언제나 같은 링크 로컬 IPv6 주소가 필요하다면, 이 옵션이 필요하다. + 주소의 "x"는 무작위한 값으로 바뀐다. 템플릿에서 하드웨어 주소를 설정하는데 유용하다. + + + + + + + + + + + + 가상 인터페이스에서 사용할 IPv4 주소를 지정한다. + 여러 행으로 여러개의 IPv4 주소를 지정할 수 있다. + 주소의 형식은 x.y.z.t/m으로, 예를 들어 192.168.1.123/24이다. 브로드 캐스트 주소는 같은 행의 주소 바로 오른쪽에 지정하면 된다. + + + + + + + + + + + + 컨테이너 내부에서 게이트웨이로 사용할 IPv4 주소를 지정한다. + 주소 형식은 x.y.z.t로, 예를 들면 192.168.1.123이다. + + 라는 특별한 값을 지정할 수있다. + 이것은 ( 에서 지정된) 브리지 인터페이스의 첫번째 주소를 가져와 게이트 주소로 사용한다. + 는 네트워크 형태가 일 때만 지정 가능하다. + + + + + + + + + + + + + 가상 인터페이스에서 사용할 IPv6 주소를 지정한다. + 여러 행으로 여러개의 IPv6 주소를 지정할 수 있다. + 주소의 형식은 x::y/m으로, 예를 들어 2003:db8:1:0:214:1234:fe0b:3596/64이다. + + + + + + + + + + + + 컨테이너 내부에서 게이트웨이로 사용할 IPv4 주소를 지정한다. + 주소 형식은 x::y로, 예를 들면 2003:db8:1:0::1이다. + + 라는 특별한 값을 지정할 수있다. + 이것은 ( 에서 지정된) 브리지 인터페이스의 첫번째 주소를 가져와 게이트 주소로 사용한다. +는 네트워크 형태가 일 때만 지정 가능하다. + + + + + + + + + + + + 네트워크를 설정하고 생성한 후에 호스트 쪽에서 실행되는 스크립트를 지정한다. + 다음 인수들이 스크립트에 넘겨진다 : 컨테이너 이름, 설정 섹션 이름(net). 그 후 인수는 훅 스크립트을 사용하는 설정 섹션에 달려있다. 다음 인수들은 네트워크 시스템에 의해 사용되어진다 : 실행 컨텍스트(up), 네트워크 형태(empty/veth/macvlan/phys). 네트워크 형태에 따라서 다음 인수들이 넘겨진다 : veth/macvlan/phys의 경우, (호스트 쪽의) 장치 이름. + + + + 스크립트의 표준출력은 debug 수준 로그로 납겨진다. + 표준 에러는 로그로 남겨지지는 않지만, 표준 에러를 표준 출력으로 리다이렉션하여 로그로 남길 수 있다. + + + + + + + + + + + + 네트워크를 제거한 후에 호스트 쪽에서 실행되는 스크립트를 지정한다. + 다음 인수들이 스크립트에 넘겨진다 : 컨테이너 이름, 설정 섹션 이름(net). 그 후 인수는 훅 스크립트을 사용하는 설정 섹션에 달려있다. + 다음 인수들은 네트워크 시스템에 의해 사용되어진다 : 실행 컨텍스트(down), 네트워크 형태(empty/veth/macvlan/phys). 네트워크 형태에 따라서 다음 인수들이 넘겨진다 : veth/macvlan/phys의 경우, (호스트 쪽의) 장치 이름. + + + + 스크립트의 표준출력은 debug 수준 로그로 납겨진다. + 표준 에러는 로그로 남겨지지는 않지만, 표준 에러를 표준 출력으로 리다이렉션하여 로그로 남길 수 있다. + + + + + + + + + <!-- New pseudo tty instance (devpts) -->새로운 pseudo tty 인스턴스(devpts) + + + 강한 고립을 위해 컨테이너는 자기자신만의 pseudo tty를 가질 수 있다. + + + + + + + + + + 만약 지정되었다면, 컨테이너는 새 pseudo tty 인스턴스를 갖는다. 그리고 이것을 자기자신 전용으로 만든다. 지정하는 값은 pseudo tty의 최대 개수를 지정한다. (이 제한은 아직 구현되지 않았다) + + + + + + + + <!-- Container system console -->컨테이너 시스템 콘솔 + + + 컨테이너에 루트 파일시스템이 설정되어 있고 inittab 파일에 콘솔을 사용하는 것이 설정되어 있다면, 콘솔의 출력을 어디로 할지 지정할 수 있다. + + + + + + + + + + 콘솔의 출력을 쓸 파일의 경로를 지정한다. + + + + + + + + + + + 콘솔을 붙일 장치의 경로를 지정한다. + 'none'이라는 값은 단순히 콘솔을 비활성화 시킨다. 만약 응용 프로그램이 쓸 수 있는 콘솔 장치 파일이 루트 파일시스템에 있으면, 메시지가 호스트 쪽에 출력되므로 이 설정은 위험할 수 있다. + + + + + + + + <!-- Console through the ttys -->tty를 통한 콘솔 + + + 컨테이너에 루트 파일시스템이 설정되어 있고 inittab 파일에 tty에서 getty를 실행하는 것이 설정되어 있다면, 이 옵션은 유용하다. + 이 옵션은 컨테이너에서 사용가능한 tty의 개수를 지정한다. + 컨테이너의 inittab 파일에 설정된 getty의 개수는 이 옵션에서 정한 tty의 개수보다 크면 안된다. 그렇지 않으면 초과된 getty 세션은 무한히 죽고 다시 살아나기를 반복하며 콘솔이나 /var/log/messages에 계속 메시지를 띄울 것이다. + + + + + + + + + + 컨테이너가 만들 수 있는 tty의 개수를 지정한다. + + + + + + + + <!-- Console devices location -->콘솔 장치 위치 + + + LXC 콘솔은 호스트에서 생성된 Unix98 PTY와 컨테이너 내에 바인드 마운트될 장치들을 통해 제공된다. 기본적으로 /dev/console/dev/ttyN를 바인드 마운트 한다. 이것은 게스트에서 패키지 업그레이드를 방해하는 요인이 된다. 그래서 /dev 밑에 LXC가 파일을 생성하고 바인드 마운트할 디렉토리의 위치를 따로 지정해 줄 수 있다. + 그리고 만들어진 파일들은 /dev/console/dev/ttyN에 심볼릭 링크된다. + 심볼릭 링크들은 삭제하거나 대체하는 것이 가능하므로 패키지 업그레이드는 성공적으로 이루어질 수 있다. + + + + + + + + + + 컨테이너 콘솔 장치를 생성할 /dev 밑의 디렉토리를 지정한다. + + + + + + + + <!-- /dev directory -->/dev 디렉토리 + + + 기본적으로 lxc는 약간의 심볼릭 링크(fd, stdin, stdout, stderr)를 컨테이너의 /dev 디렉토리에 생성한다. 그러나 자동으로 장치 노드 항목들을 생성해주지 않는다. 컨테이너의 루트 파일시스템에서 필요로하는 /dev를 생성할 수 있게 하는 것이다. lxc.autodev가 1로 지정되었다면, 컨테이너 루트 파일시스템을 마운트 한 후, LXC가 /dev 밑에 새로운 tmpfs(최대 500k)를 마운트 해준다. 그리고 최소한의 장치만을 채워준다. + 이것은 "systemd" 기반의 "init" 환경의 컨테이너를 시작할 때 일반적으로 필요하지만, 다른 환경의 경우는 선택적인 요소이다. + 컨테이너의 부가적인 장치들은 훅 스크립트를 사용하여 /dev 디렉토리에 생성할 수 있다. + + + + + + + + + + 컨테이너 시작시 /dev을 마운트하고 최소한으로 /dev를 구성할지 지정한다. 0이면 해당 동작을 수행하지 않는다. + + + + + + + + <!-- Enable kmsg symlink -->kmsg 심볼릭링크 사용 + + + /dev/console에 대한 심볼릭 링크로 /dev/kmsg를 생성한다. + + + + + + + + + + 이것을 1로 지정하면 /dev/kmsg 심볼릭링크를 사용한다. + + + + + + + + <!-- Mount points -->마운트 포인트 + + + 마운트 포인트 섹션은 마운트가 될 각각의 장소를 지정한다. + 이 마운트 포인트들은 컨테이너에서만 보이고 외부에서 실행하는 프로세스들에겐 보이지 않는다. + 이는 예를 들어 /etc, /var, /home을 마운트할 때 유용하다. + + + + 주의 - 보통 LXC는 마운트 대상과 상대 경로로 된 바인드 마운트 소스들이 컨테이너의 루트 아래에 있도록 보장할 것이다. 이는 호스트 디렉토리와 파일들을 겹쳐서 마운트하는 유형의 공격을 피하기 위한 것이다. (절대 경로로 된 마운트 소스 내에 존재하는 심볼릭 링크들은 무시될 것이다.) + 하지만, 만약 컨테이너 설정에서 컨테이너 사용자가 제어할 수 있는, 예를 들어 /home/joe와 같은 디렉토리를 컨테이너 내의 path에 먼저 마운트 하고 나서, path 내에 또 마운트를 하는 경우가 있다면, + 컨테이너 사용자가 자신의 home 디렉토리에 있는 심볼릭링크를 정확한 시간에 조작하여, TOCTTOU (역주 : Time of check to time of use) 공격이 가능할 것이다. + + + + + + + + + + 마운트 정보를 담은 fstab 형식으로 된 파일의 위치를 지정한다. + 이 마운트 대상 위치들은 대부분 상대경로로 되어 있으며, 이는 마운트된 컨테이너 루트에서의 상대경로를 의미한다. + + +proc proc proc nodev,noexec,nosuid 0 0 + + + + 위의 예는 proc 파일시스템을 컨테이너 루트 파일시스템의 위치와 상관없이 컨테이너의 /proc에 마운트시키는 예제이다. 이는 백엔드 파일시스템 블록 장치뿐만 아니라 컨테이너의 복제에도 유연하게 대처할 수 있다. + + + + 이미지 파일이나 블록 장치에서 마운트된 파일시스템의 경우, 3번째 필드 (fs_vfstype)는 + + mount + 8 + + 와 같이 auto를 지정할수 없으며, 명시적으로 지정해야 한다. + + + + + + + + + + + + fstab의 형식으로, 한 줄당 마운트 포인트 하나를 지정한다. + + + 또한 마운트 옵션에 아래 2가지 옵션을 추가적으로 사용할 수 있다. 이는 LXC 자체적으로 사용하는 옵션이다. + 은 마운트를 못하더라도, 실패로 처리하지 않게 한다. + 는 마운트할 때, 디렉토리(dir) 또는 파일(file)을 생성한다. + + + + + + + + + + + + 일반적인 커널의 파일시스템을 자동으로 마운트할지 지정한다. + 이 옵션을 사용하면 설정을 매우 편하게 할 수 있다. + 사용할 수 있는 파일시스템들은 아래와 같다. + + + + + + (or ): + /proc 을 읽기/쓰기 가능으로 마운트, 그러나 /proc/sys/proc/sysrq-trigger는 읽기 전용으로 다시 마운트 (보안상의 이유 및 컨테이너 고립을 위해) + + + + + + : + /proc 전체를 읽기/쓰기 가능으로 마운트 + + + + + + (or ): + /sys/devices/virtual/net는 쓰기 가능으로, /sys는 읽기 전용으로 마운트. + + + + + + : + /sys를 읽기 전용으로 마운트 (보안상의 이유 및 컨테이너 고립을 위해) + + + + + + : + /sys를 읽기/쓰기 가능으로 마운트 + + + + + + : + /sys/fs/cgroup를 tmpfs로 마운트. + 컨테이너가 추가될 모든 계층의 디렉토리 생성. + cgroup 이름의 하위 디렉토리 생성. + 컨테이너 자신의 cgroup을 해당 디렉토리에 마운트. + 컨테이너는 자신의 cgroup 디렉토리에는 쓰기가 가능하지만 부모의 디렉토리는 읽기전용으로 마운트 하므로 쓰기가 불가능하다. + + + + + + : + 와 유사, 단, 전부 읽기 전용으로 마운트 + + + + + + : + 와 유사, 단, 전부 읽기/쓰기 가능으로 마운트. + 컨테이너 자신의 cgroup에 이르기까지의 경로가 모두 쓰기 가능이 되지만, cgroup 파일시스템이 아닌 /sys/fs/cgroup의 tmpfs의 일부로써 존재하게 되는 것에 주의해야 한다. + + + + + + (별다른 옵션 없이): + 컨테이너가 CAP_SYS_ADMIN capability를 유지하고 있는 경우 을 기본으로 사용한다. 그렇지 않다면 를 사용한다. + + + + + + : + /sys/fs/cgroup을 tmpfs로 마운트. + 컨테이너가 추가될 모든 계층의 디렉토리 생성. + 호스트의 디렉토리들을 컨테이너로 바인드 마운트하고 컨테이너 자신의 cgroup을 제외한 모든 디렉토리는 읽기 전용으로 변경. + 비교하자면, 의 경우에는 컨테이너 자신의 cgroup에 이르기까지 모든 경로는 단순하게 tmpfs 아래에 있는 디렉토리에 불과하다. 하지만, 여기서는 비록 컨테이너 자신의 cgroup 이외에는 모두 읽기 전용이긴 하나 /sys/fs/cgroup/$hierarchy이 호스트의 모든 cgroup 계층구조를 포함하고 있다. + 이는 컨테이너에게 너무 많은 정보를 노출시킬 수 있다. + + + + + + : + 와 유사, 단, 전부 읽기 전용으로 마운트 + + + + + + : + 와 유사, 단, 전부 읽기/쓰기 가능으로 마운트. + 이 경우는 컨테이너가 자기자신의 cgroup을 벗어날 수 있다. (만약 컨테이너가 CAP_SYS_ADMIN을 갖고 있다면, cgroup 파일시스템 자체를 마운트할 수 있음을 주의해야 한다. 이렇게 하면 같은 결과를 가져올 수 있다) + + + + + + (별다른 옵션 없이): + 컨테이너가 CAP_SYS_ADMIN capability를 유지하고 있는 경우 을 기본으로 사용한다. 그렇지 않다면 를 사용한다. + + + + + + cgroup 네임스페이스가 사용 가능한 경우, 마운트 옵션들은 전부 무시될 것이다. 컨테이너가 직접 파일시스템을 마운트하기 때문이며, 컨테이너 초기화시 해당 옵션이 혼란을 줄 수 있기 때문이다. + + + + cgroup 파일시스템이 자동으로 마운트되는게 활성화되어 있다면, /sys/fs/cgroup 밑의 tmpfs는 언제나 읽기/쓰기 가능으로 마운트 된다.(단, 의 경우에는 각각 계층 /sys/fs/cgroup/$hierarchy이 읽기전용이 될 수는 있다) + 아래의 Ubuntu 명령어에 대응하기 위함이다. + + mountall + 8 + + 해당 명령어는 컨테이너 부팅시에 /sys/fs/cgroup가 읽기전용으로 마운트되어 있고, 컨테이너가 CAP_SYS_ADMIN을 갖고 있지 않아 이를 읽기/쓰기 전용으로 다시 마운트 못할 경우, 부팅시에 사용자의 입력을 기다리게 만들기 때문이다. + + + + 예제: + + + lxc.mount.auto = proc sys cgroup + lxc.mount.auto = proc:rw sys:rw cgroup-full:rw + + + + + + + + + <!-- Root file system -->루트 파일시스템 + + + 컨테이너의 루트 파일시스템은 호스트 시스템과 다르게 구성할 수 있다. + + + + + + + + + + 컨테이너의 루트 파일시스템을 지정한다. 이미지 파일 또는 블록 장치의 디렉토리가 될 수도 있다. 만약 지정되지 않으면 컨테이너는 자신의 루트 파일시스템을 호스트와 공유한다. + + + + 디렉토리 또는 간단한 블록 장치로 구성된 컨테이너를 위해서 경로이름이 사용될 수 있다. 만약 루트 파일시스템이 nbd 장치의 경우, nbd:file:1file을 nbd 장치로 사용하고 1번 파티션이 루트 파일시스템으로 마운트되도록 지정한다. + nbd:file는 nbd 장치 자체가 마운트되어야 한다고 지정한다. + overlayfs:/lower:/upper는 루트 파일시스템이 읽기전용으로 마운트된 /lower/upper가 읽기/쓰기 가능으로 오버레이 마운트되도록 지정한다. + aufs:/lower:/upper는 aufs에서 위와같이 지정한다. overlayfsaufs는 여러개의 /lower 디렉토리를 지정할 수 있다. + loop:/file는 lxc가 /file을 loop 장치로 사용하고 loop 장치를 마운트하도록 지정한다. + + + + + + + + + + + + 루트 파일시스템을 변경하기 전에, 을 어디에 재귀적으로 바인드할지 정한다. 이는 + + pivot_root + 8 + + 시스템 콜의 성공을 보장한다. + 어떤 디렉토리도 좋으며, 기본값으로도 보통 동작할 것이다. + + + + + + + + + + + + 루트 파일시스템을 마운트 할때 사용할 부가적인 마운트 옵션. + + + + + + + + + + + + 사용하고자 하는 백엔드 루트파일 시스템의 종류를 지정한다. 'dir' 또는 'zfs'로 지정할 수 있다. 컨테이너 시작시 어떤 종류인지 추정하는 동안, 시간이 소요될 수 있다. 이 값을 지정함으로써 추가적인 처리를 피할 수 있다. + + + + + + + + + <!-- Control group -->컨트롤 그룹 + + + 컨트롤 그룹 섹션은 (lxc와는) 다른 서브시스템의 설정을 포함한다. + lxc는 서브시스템의 이름을 정확히 체크하지 않는다. + 이는 컨테이너를 시작할 때까지는 설정 상의 에러를 잡아내기 힘들게 한다. + 그러나 다른 차후에 들어올 수 있는 서브시스템을 지원할 수 있는 장점도 있다. + + + + + + + + + + 지정한 컨트롤 그룹의 값을 지정한다. + 서브시스템의 이름은 컨트롤 그룹에서의 이름이다. + 사용가능한 이름이나 값의 문법에 대해서는 LXC에서 따로 신경쓰지 않으며, 컨테이너가 시작하는 시점에 리눅스 커널이 해당 기능을 지원하는지에 달려있다. + 예를 들면 이다. + + + + + + + + Capabilities + + + 컨테이너가 root로 실행된다면, 컨테이너 내에서 capability를 제거할 수 있다. + + + + + + + + + + 컨테이너에서 제거할 capability를 지정한다. + 한 줄에 여러개의 capability를 공백(space)으로 구분하여 정의할 수 있다. + 형식은 capability 정의에서 "CAP_" 접두사를 빼고 소문자로 작성하는 것이다. 예를들어 CAP_SYS_MODULE의 경우는 sys_module이다. + 아래를 참조할 수 있다. + + capabilities + 7 + + 값을 공백으로 지정하면, 해당 설정 이전에 지정했던 capability를 모두 취소한다. (lxc.cap.drop에 아무 것도 지정하지 않은 상태가 된다.) + + + + + + + + + + + 컨테이너에서 유지할 capability를 지정한다. + 다른 capability는 모두 제거될 것이다. "none"이라는 값을 지정하면, lxc는 해당 시점에서 갖고 있던 모든 capability를 제거한다. + 모든 capability를 제거하기 위해서는 "none" 하나만 사용하면 된다. + + + + + + + + <!-- Apparmor profile -->Apparmor 프로파일 + + + lxc가 apparmor를 지원하도록 컴파일된 후 설치되었고, 호스트 시스템에서 apparmor가 활성화되었다면, 컨테이너에서 따라야할 apparmor 프로파일을 컨테이너 설정에서 지정할 수 있다. 기본값은 호스트 커널이 cgroup 네임스페이스를 지원하면 lxc-container-default-cgns이고, 그렇지 않다면 lxc-container-default이다. + + + + + + + + + + 컨테이너가 따라야할 apparmor 프로파일을 지정한다. + 컨테이너가 apparmor로 인한 제한을 받지 않도록 하려면, 아래와 같이 지정하면 된다. + + lxc.aa_profile = unconfined + + + apparmor 프로파일이 변경되지 않아야 한다면(중첩 컨테이너 안에 있고, 이미 confined된 경우), 아래와 같이 지정하면 된다. + + lxc.aa_profile = unchanged + + + + + + + + + + apparmor 프로파일은 경로이름 기반이므로, 공격자로부터 효과적으로 파일 제한을 하기위해서는 마운트 제한이 요구된다. + 하지만 이 마운트 제한들은 upstream 커널에서는 구현되어 있지 않다. + 마운트 제한 없이도, apparmor 프로파일은 우연한 손상에 대해서 보호가 가능하다. + + + + 만약 이 플래그가 0(기본값)이라면, 커널에 apparmor의 마운트 기능이 부족했을때 컨테이너가 시작되지 않는다. 커널을 업그레이드한 후에 해당 기능이 빠졌는지 여부를 검사하기 위함이다. 부분적인 apparmor 보호 하에서도 컨테이너를 시작하려면, 플래그를 1로 지정하면 된다. + + + + + + + + <!-- SELinux context -->SELinux 컨텍스트 + + + lxc가 SELinux를 지원하도록 컴파일된 후 설치되었고, 호스트 시스템에서 SELinux 컨텍스트가 활성화되었다면, 컨테이너에서 따라야할 SELinux 컨텍스트를 컨테이너 설정에서 지정할 수 있다. + 기본값은 unconfined_t이다. 이는 lxc는 컨텍스트를 변경하지않음을 의미한다. + 정책 예제와 추가적인 정보를 원한다면 @DATADIR@/lxc/selinux/lxc.te를 참고하면 된다. + + + + + + + + + + 컨테이너가 따라야할 SELinux 컨텍스트를 지정하거나, unconfined_t를 지정할 수 있다. 예를 들어 아래와 같이 지정 가능하다. + + lxc.se_context = system_u:system_r:lxc_t:s0:c22 + + + + + + + <!-- Seccomp configuration -->Seccomp 설정 + + + 컨테이너는 seccomp 프로파일을 로드하여 사용가능한 시스템콜의 수를 줄인 체로 실행할 수 있다. + seccomp 설정파일은 첫번째 행이 버전번호, 두번째 행이 정책 타입, 시작하며 그 이후에 설정 사항들이 포함되어야 한다. + + + + 현재는 버전1과 2만 지원된다. 버전 1에서는 정책은 단순한 화이트리스트이다. 그러므로 두번째 라인은 반드시 "whitelist"여야 한다. 파일의 나머지 내용은 한 줄에 하나의 시스템콜 번호로 채워진다. 화이트리스트에 없는 번호는 컨테이너에서 블랙리스트로 들어간다. + + + + + 버전 2에서는 폴리시는 블랙리스트 또는 화이트리스트가 될 수 있다. 그리고 각 규칙와 각 정책의 기본 동작, 아키텍쳐별 시스템콜 설정, 텍스트로된 이름을 지원한다. + + + + 아래는 블랙리스트 정책 예제이다. 아래 정책에서는 mknod를 제외한 모든 시스템콜이 허용된다. mknod시에는 아무것도 수행하지 않고 0(성공)을 반환한다. + + +2 +blacklist +mknod errno 0 + + + + + + + + + + 컨테이너가 시작되기전에 읽어올 seccomp 설정이 담긴 파일을 지정한다. + + + + + + + + <!-- UID mappings -->UID 매핑 + + + 컨테이너는 사용자와 그룹 ID 매핑을 통해 자신만의 사용자 네임스페이스 내에서 실행될수 있다. + 예를 들어서 컨테이너의 UID 0번을 호스트의 UID 200000으로 매핑할 수 있다. 컨테이너의 루트 사용자는 컨테이너에서는 특권을 가지고 있지만, 호스트에서는 특권을 가지고 있지 않게 된다. + 보통 시스템 컨테이너는 ID들의 범위를 지정하려 할텐데 그 역시도 지정 가능하다. 예를 들어서, 컨테이너의 UID와 GID를 0 ~ 20,000를 호스트의 200,000 ~ 220,000로 설정 가능하다. + + + + + + + + + + 4개의 값이 제공되어야 한다. 첫 번째는 'u', 'g', 'b' 문자로 각각 UID, GID, 또는 UID 및 GID 를 가리킨다. 그 다음은 사용자 네임스페이스내에서의 UID, 그다음은 호스트의 UID, 그리고 마지막으로 매핑할 ID의 범위를 지정한다. + + + + + + + + <!-- Container hooks -->컨테이너 훅 + + + 컨테이너 훅은 컨테이너의 생명주기 내에서 다양한 상황에 실행되는 프로그램 또는 스크립트이다. + + + + 컨테이너 훅이 실행될 때, 정보는 명령어 인수나 환경 변수를 통해 넘겨진다. + 인수 : + + 컨테이너 이름 + 섹션 (보통 'lxc') + 훅 종류 ('clone', 'pre-mount' 등) + 추가 인수. clone 훅일 경우, lxc-clone에게 넘였던 추가 인수들이 넘어온다. stop 훅일 경우, 컨테이너의 네임스페이스 각각에 대한 이름과 파일 디스크립터의 경로가 넘어온다. + + 환경 변수 : + + LXC_NAME: 컨테이너 이름 + LXC_ROOTFS_MOUNT: 마운트될 루트 파일시스템의 경로 + LXC_CONFIG_FILE: 컨테이너 설정파일의 경로 + LXC_SRC_NAME: clone 훅의 경우, 원본 컨테이너의 이름 + LXC_ROOTFS_PATH: 컨테이너의 lxc.rootfs 항목. 이 것은 마운트된 루트 파일시스템을 가리키는 것이 아님에 주의해야한다. 그 목적을 위해서는 LXC_ROOTFS_MOUNT를 사용해야 한다. + + + + + 훅의 표준출력은 debug 수준 로그로 납겨진다. + 표준 에러는 로그로 남겨지지는 않지만, 표준 에러를 표준 출력으로 리 +다이렉션하여 로그로 남길 수 있다. + + + + + + + + + + 컨테이너의 tty, 콘솔의 생성 및 마운트가 되기 전에, 호스트의 네임스페이스에서 실행되는 훅. + + + + + + + + + + + + + 컨테이너의 마운트 네임스페이스 안에서 루트 파일시스템이 세팅되기 전에 실행되는 훅. + 예를 들어 암호화 파일시스템을 마운트 하는 등의 루트 파일시스템을 조작할 수 있게 해준다. 이 훅에서 마운트를 하더라도 호스트에는 반영되지 않는다. (mounts propagation은 제외) 그래서 컨테이너가 종료되면 자동적으로 정리된다. + + + + + + + + + + + + + 마운트가 완료된 후 pivot_root 전에, 컨테이너의 마운트 네임스페이스에서 실행되는 훅. + + + + + + + + + + + + + == 1가 지정되어 있는 경우에 마운트 완료시 마운트 훅도 실행 된 후 pivot_root전에, 컨테이너의 마운트 네임스페이스에서 실행되는 훅. + 이 훅의 목적은 systemd 기반의 컨테이너에서 autodev 옵션을 사용하는 경우 /dev 디렉토리를 구성할 때 도움을 주기위한 것이다. + 훅이 실행될 때, 컨테이너의 /dev 경로는 ${} 환경변수에 대한 경로이다. + + + + + + + + + + + + + 컨테이너의 init이 실행되기 직전에 컨테이너의 네임스페이스에서 실행되는 훅. 컨테이너 내에서 해당 프로그램이 실행될 수 있는 상태여야 한다. + + + + + + + + + + + + + 컨테이너가 종료된 후 컨테이너 네임스페이스에 대한 참조를 넘겨받는 호스트의 네임스페이스에서 실행되는 훅. + 각각의 네임스페이스들은 훅에 추가인수로 넘겨진다. 해당 인수는 네임스페이스의 이름과 네임스페이스의 파일 디스크립터를 얻어올 수 있는 파일이름을 가지고 있으며, 콜론으로 구분된다. + 네임스페이스 이름은 /proc/PID/ns 디렉토리 내의 파일 이름이다. 예를 들어 마운트 네임스페이스에 대응하는 인수는 일반적으로 mnt:/proc/PID/fd/12와 같이 된다. + + + + + + + + + + + + + 컨테이너가 종료된 후 호스트의 네임스페이스에서 실행되는 훅. + + + + + + + + + + + + + 컨테이너가 새로운 컨테이너로 복제되었을 경우 실행되는 훅. 아래를 참조하면 더 자세한 정보를 얻을 수 있다. + lxc-clone + 1 + + + + + + + + + + + + + 컨테이너가 제거될 때 실행되는 훅. + + + + + + + + <!-- Container hooks Environment Variables -->컨테이너 훅 환경 변수 + + + 훅이 시작될때 설정 정보를 제공하고 훅의 기능을 돕기 위해 몇가지 환경 변수가 사용 가능하다. + 모든 컨텍스트에서 모든 변수가 사용 가능하진 않다. 특히, 모든 경로는 호스트 시스템에서의 경로이며, 훅에서는 유효하지 않다. + + + + + + + + + + LXC 컨테이너의 이름. 일반적인 로그 환경에서 로그메시지에 유용하게 사용할 수 있다. [] + + + + + + + + + + + + + 컨테이너 설정파일의 호스트에서의 경로. + 이것은 다른 방법으로는 얻을 수 없는 추가적인 정보룰 찾을 수 있도록, 컨테이너가 참조하는 원래의 최상위 설정파일의 경로를 제공한다. [] + + + + + + + + + + + + + NULL이 아니라면, 컨테이너의 콘솔의 출력이 저장될 경로. + [] [] + + + + + + + + + + + + + NULL이 아니라면, 컨테이너의 콘솔의 로그 출력이 저장될 경로. + [] + + + + + + + + + + + + + 처음에 컨테이너가 마운트 되는 장소. + 이것은 시작되는 컨테이너 인스턴스를 위한 루트 파일시스템의 호스트에서의 경로이다. 해당 인스턴스에 대한 변경이 이루어져야 하는 장소이다. + [] + + + + + + + + + + + + + rootfs.mount에 마운트된 컨테이너 루트의 호스트에서의 경로이다. + [] + + + + + + + + + + + + + clone 훅에서만 사용된다. 원본 컨테이너의 이름을 지정한다. + + + + + + + + + + + + + stop 훅에서만 사용된다. 값이 "stop"이면 컨테이너가 종료되는 것을, "reboot"이면 컨테이너가 재부팅되는 것을 의미한다. + + + + + + + + + + + + + 이 변수가 지정되지 않았다면, 현재 버전의 lxc는 cgroup 네임스페이스를 지원하지 않는다. 만약 지정되었고 값이 1이라면, lxc는 cgroup 네임스페이스를 지원하는 것이다. 단, kernel에서의 cgroup 네임스페이스 지원을 보장하는 것이 아님에 주의해야 한다. lxcfs 마운트 훅에서 사용된다. + + + + + + + + <!-- Logging -->로그 + + + 로그는 각 컨테이너마다 설정할 수 있다. + 기본적으로 lxc 패키지가 어떻게 컴파일되었는지에 달려있지만, 컨테이너 시작시에는 error 수준 로그만 기록된다. 컨테이너 경로나 @LOGPATH@ 밑에 컨테이너의 이름을 따서(뒤에 '.log'를 붙여서) 로그 파일을 생성한다. + + + + 기본 로그 수준과 로그파일은 컨테이너 설정파일로 지정 가능하며, 기본 동작을 덮어버린다. 마찬가지로 설 정파일 항목들은 lxc-start 명령어의 옵션으로 덮어쓸 수 있다. + + + + + + + + + + 기록할 로그 수준. + 로그 수준은 0 ~ 8 사이의 정수이다. + 숫자가 작을수록 더 자세히 로그를 기록한다. + 구체적으로는 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, 8 = fatal이다. + 지정하지 않은 경우, 기본값은 5 (error)로, 에러 이거나 그보다 심각한 상황의 로그를 기록한다. + + + + (훅 스크립트 및 네트워크 인터페이스 up/down 스크립트 같은) 스크립트가 호출이되면, 스크립트의 표준 입출력은 1 번, debug 수준으로 기록된다. + + + + + + + + + + + 로그 정보를 쓸 파일. + + + + + + + + <!-- Autostart -->자동시작 + + + 자동시작 옵션들은 자동시작할 컨테이너 지정 및 순서 설정이 가능하다. + 이 옵션들은 LXC 도구로 직접 사용하거나 배포판들이 제공하는 외부 도구에 의해 사용될 수도 있다. + + + + + + + + + + + 컨테이너가 자동으로 시작될지 여부. + 유효한 값은 0 (off) 또는 1 (on)이다. + + + + + + + + + + + 컨테이너가 시작된 후 다음 컨테이너가 시작되기 전까지 기다릴 시간(초). + + + + + + + + + + + 다수의 컨테이너를 한번에 자동시작할 때, 컨테이너의 부팅 순서를 결정할 때 사용하는 정수를 지정한다. + + + + + + + + + + + 값이 0이 아니라면, 컨테이너가 초기화되기 전 (pre-start 훅이 실행 되기 전) 호스트로부터 마운트 네임스페이스를 unshare 한다. 시작시에 CAP_SYS_ADMIN 캐퍼빌리티가 요구된다. 기본값은 0이다. + + + + + + + + + + + 컨테이너를 추가할 컨테이너 그룹을 지정한다. 여러값을 설정할 수 있으며, 여러번 지정 가능하다. + 설정된 그룹은 연관된 컨테이너들을 시작할 때 사용된다. + + + + + + + + <!-- Autostart and System Boot -->자동시작과 시스템 부팅 + + + 각각의 컨테이너는 여러 그룹에 속할수도 있고 아무그룹에도 속하지 않을 수 있다. 두개의 그룹은 특수한데, 하나는 NULL 그룹이고 컨테이너가 아무그룹에도 속하지 않을때 사용된다. 그리고 나머지 하나는 "onboot" 그룹이다. + + + + + LXC 서비스가 활성화된 상태로 시스템이 부팅될 때, 먼저 lxc.start.auto == 1이고 "onboot" 그룹인 컨테이너들을 시작하려고 시도한다. 시작과정은 lxc.start.order의 순서대로 이루어진다. + 만약 lxc.start.delay가 지정 되었다면, 다음 컨테이너를 시작하려고 시도>하기 전, 현재 컨테이너의 초기화 및 호스트 시스템의 부하를 줄이기 위해서 지연시간을 준다. + "onboot" 그룹의 멤버들을 시작시킨 후, LXC 시스템은 lxc.start.auto == 1이고 어떤 그룹에도 속하지 않은(NULL 그룹) 컨테이너들을 시작한다. + + + + + + <!-- Container Environment -->컨테이너 환경변수 + + + 컨테이너에 환경변수를 념겨주고 싶다면(환경변수를 컨테이너의 init과 그 자손 전체가 사용할 수 있다), lxc.environment를 사용할 수 있다. + 민감한 정보를 넘기지 않도록 주의해야 한다. 왜냐면 컨테이너의 모든 프로세스가 이 환경변수를 획득할 수 있기 때문이다. 환경변수는 항상 /proc/PID/environ를 통해 획득할 수 있다. + + + + + 이 설정항목은 여러번을 지정할 수 있으며, 설정하려는 환경변수마다 한번씩 지정한다. + + + + + + + + + + + 컨테이너로 전달될 환경변수를 지정한다. + 예제: + + + lxc.environment = APP_ENV=production + lxc.environment = SYSLOG_SERVER=192.0.2.42 + + + + + + + + + + <!-- Examples -->예제 + + + 아래에 소개하는 몇가지 예제말고도 다른 예제들이 @DOCDIR@/examples에 위치하고 있다. + + + <!-- Network -->네트워크 + + + 이 설정은 컨테이너가 한 쪽은 (이전에 시스템에 이미 생성된) br0 브리지에 연결되어 있는 veth 장치 쌍을 사용하도록 세팅한다. 가상 네트워크 장치는 컨테이너 내에서 eth0라는 이름을 갖는다. + + + lxc.utsname = myhostname + lxc.network.type = veth + lxc.network.flags = up + lxc.network.link = br0 + lxc.network.name = eth0 + lxc.network.hwaddr = 4a:49:43:49:79:bf + lxc.network.ipv4 = 1.2.3.5/24 1.2.3.255 + lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597 + + + + + <!-- UID/GID mapping -->UID/GID 매핑 + + 이 설정은 UID와 GID 둘다를 컨테이너의 0 ~ 9999를 호스트의 100000 ~ 109999로 매핑한다. + + + lxc.id_map = u 0 100000 10000 + lxc.id_map = g 0 100000 10000 + + + + + <!-- Control group -->컨트롤 그룹 + + + 이 설정은 어플리케이션을 위해 몇가지 컨트롤 그룹을 설정한다. cpuset.cpus는 정의된 cpu만 사용하도록 제한한다. cpus.share은 컨트롤 그룹(cpu) 우선순위를 지정한다. devices.allow는 특정 장치를 사용 가능하게 한다. + + + lxc.cgroup.cpuset.cpus = 0,1 + lxc.cgroup.cpu.shares = 1234 + lxc.cgroup.devices.deny = a + lxc.cgroup.devices.allow = c 1:3 rw + lxc.cgroup.devices.allow = b 8:0 rw + + + + + <!-- Complex configuration -->복잡한 설정 + + + 아래의 예제는 복잡한 네트워크 스택, 컨트롤 그룹 사용, 호스트 이름 설정, 몇몇 장소 마운트, 루트 파일시스템 변경 등의 복잡한 설정을 보여준다. + + + lxc.utsname = complex + lxc.network.type = veth + lxc.network.flags = up + lxc.network.link = br0 + lxc.network.hwaddr = 4a:49:43:49:79:bf + lxc.network.ipv4 = 10.2.3.5/24 10.2.3.255 + lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3597 + lxc.network.ipv6 = 2003:db8:1:0:214:5432:feab:3588 + lxc.network.type = macvlan + lxc.network.flags = up + lxc.network.link = eth0 + lxc.network.hwaddr = 4a:49:43:49:79:bd + lxc.network.ipv4 = 10.2.3.4/24 + lxc.network.ipv4 = 192.168.10.125/24 + lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3596 + lxc.network.type = phys + lxc.network.flags = up + lxc.network.link = dummy0 + lxc.network.hwaddr = 4a:49:43:49:79:ff + lxc.network.ipv4 = 10.2.3.6/24 + lxc.network.ipv6 = 2003:db8:1:0:214:1234:fe0b:3297 + lxc.cgroup.cpuset.cpus = 0,1 + lxc.cgroup.cpu.shares = 1234 + lxc.cgroup.devices.deny = a + lxc.cgroup.devices.allow = c 1:3 rw + lxc.cgroup.devices.allow = b 8:0 rw + lxc.mount = /etc/fstab.complex + lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0 + lxc.rootfs = /mnt/rootfs.complex + lxc.cap.drop = sys_module mknod setuid net_raw + lxc.cap.drop = mac_override + + + + + + + <!-- See Also -->참조 + + + chroot + 1 + , + + + pivot_root + 8 + , + + + fstab + 5 + + + + capabilities + 7 + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-copy.sgml.in lxc-2.0.1/doc/ko/lxc-copy.sgml.in --- lxc-1.1.5/doc/ko/lxc-copy.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-copy.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,392 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-copy + 1 + + + + lxc-copy + + + + 존재하는 컨테이너 복사 + + + + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -e, --ephemeral + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -R, --rename + + + + + <!-- Description -->설명 + + + + lxc-copy는 존재하는 컨테이너의 (임시적 또는 영구적) 복사본을 생성하고, 옵션에 따라 시작하기도 한다. lxc-clonelxc-start-ephemeral를 대체한다. + + + + lxc-copy는 존재하는 컨테이너의 복사본을 생성한다. 복사본은 원본 컨테이너를 말그대로 복사한 것일 수 있다. 이 경우 컨테이너의 전체 루트 파일시스템은 단순히 새로운 컨테이너로 복사된다. + 또는, 원본 컨테이너를 copy-on-write한 것과 같이 스냅샷이 될 수 있다. 이 경우 복사본을 위해 지정한 저장소는 스냅샷을 지원하여야 한다. 이러한 저장소에는 현재 aufs, btrfs, lvm (lvm 장치는 스냅샷의 스냅샷은 지원하지 않음), overlay, zfs가 있다. + + + + + 복사본의 저장소는 원본 컨테이너와 같은 종류가 된다. 단, aufs나 디렉토리로 구성된 컨테이너의 overayfs 스냅샷은 예외이다. + + + + + -e가 지정되면, 원본 컨테이너의 임시 스냅샷이 생성되고 시작된다. 임시 컨테이너는 자신의 설정파일 안에 lxc.ephemeral = 1를 가지게 되며, 종료시에 제거된다. -e와 함께 -D를 같이 지정하면 원본 컨테이너의 영구적인 스냅샷이 생성되고 실행된다. + + + + + -e는 지정하고 -N으로 새이름을 지정하지 않으면, 무작위로 이름을 정한다. + + + + + -e로 생성되고 실행되는 컨테이너들은 자신만의 마운트를 가질 수 있다. 이는 -m으로 지정된다. 현재 지원하는 마운트의 형식은 aufs, bind, overlay의 세 종류이다. 마운트 형식은 -m의 추가 인수로 지정된다. 그리고 쉼표(,)로 구분하여 여러번 지정할 수 있다. aufsoverlay 마운트는 현재 -m overlay=/src:/dest와 같이 지정한다. dest의 대상이 지정되지 않았다면 destsrc와 동일한 값을 가진다. + 읽기 전용 bind 마운트는 -m bind=/src:/dest:ro로 읽기쓰기 가능 bind마운트는 -m bind=/src:/dest:rw로 지정한다. 읽기쓰기 가능 bind 마운트가 기본값이므로, 읽기쓰기 가능을 원한다면 rw은 빼도 무관하다. dest를 생략했다면 마찬가지로 destsrc와 같다. 여러번 마운트는 -m bind=/src1:/dest1:ro,bind=/src2:ro,overlay=/src3:/dest3와 같이 가능하다. + + + + + -m를 통해 지원되는 마운트, 옵션, 형식은 변경될 수 있다. + + + + + + <!-- Options -->옵션 + + + + + + + 복사본의 이름 + + + + + + + 복사본의 경로 + + + + + + + 원본 컨테이너의 이름 변경 + + + + + + + + + 원본 컨테이너의 스냅샷을 생성한다. 복사본의 저장소는 반드시 스냅샷을 지원해야 한다. 현재 aufs, btrfs, lvm, overlay, zfs가 가능하다. + + + + + + + + + + 스냅샷을 포그라운드로 실행한다. 스냅샷 콘솔은 현재 tty에 붙게 된다. (이 옵션은 -e 옵션이랑만 사용 가능하다.) + + + + + + + + + + 데몬으로 스냅샷을 실행한다. (이는 임시 컨테이너의 기본 모드이다.) 오류가 발생하더라도 컨테이너가 tty를 가지지 않기 때문에 오류는 표시되지 않는다. + 대신 로그 파일을 사용해 로그를 확인할 수 있다. 이 옵션은 -e 옵션이랑만 사용 가능하다.) + + + + + + + + + + 스냅샷의 마운트를 지정한다. 마운트 형식을 위한 opts 인자는 aufs, bind, overlay를 사용 가능하다. 예를 들면 이다. 이 옵션은 -e 옵션이랑만 사용 가능하다.) + + + + + + + + + + 복사본이 사용할 저장소의 형식을 지정한다. 'backingstorage'에는 'aufs', 'btrfs', 'dir', 'lvm', 'loop', 'overlay','zfs'이 사용 가능하다. + + + + + + + + + 'lvm' 파일시스템의 크기를 지정한다. + + + + + + + + + + 이 옵션을 -e와 지정하면 영구적인 컨테이너가 생성되고 시작된다. + + + + + + + + + + 이 옵션이 지정되면 원본 컨테이너의 호스트이름이 복사본에서도 그대로 유지된다. + + + + + + + + + + 이 옵션이 지정되면 원본 컨테이너의 MAC 주소가 복사본에서도 그대로 유지된다. + + + + + + + + + + <!-- Copy hook -->복사 훅 + + + 복사되는 컨테이너에 lxc.hook.clone가 하나 이상 지정되어 있다면, 지정한 훅들은 새로운 컨테이너를 위해 실핼될 것이다. + clone 훅에게 넘겨지는 처음 3개 인자들은 컨테이너 이름, 섹션 ('lxc'), 훅의 종류 ('clone')이 될 것이다. + lxc-copy에 넘겨지는 추가 인자들은 훅 프로그램에 4번째 인자부터 넘겨지기 시작한다. + LXC_ROOTFS_MOUNT 환경 변수는 컨테이너의 루트 파일시스템이 마운트되어 있는 경로를 담고 있다. + 설정 파일의 경로 이름은 LXC_CONFIG_FILE에, 새 컨테이너의 이름은 LXC_NAME에, 원본 컨테이너의 이름은 LXC_SRC_NAME에, 그리고 루트 파일시스템이 위치하고 있는 경로나 디바이스는 LXC_ROOTFS_PATH에 각각 담겨 있다. + + + + &commonoptions; + + &seealso; + + + <!-- Author -->저자 + Christian Brauner christian.brauner@mailbox.org + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-create.sgml.in lxc-2.0.1/doc/ko/lxc-create.sgml.in --- lxc-1.1.5/doc/ko/lxc-create.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-create.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,296 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-create + 1 + + + + lxc-create + + + + 컨테이너 생성 + + + + + + lxc-create + -n name + -f config_file + -t template + -B backingstore + -- template-options + + + + + <!-- Description -->설명 + + + + lxc-create는 설정정보와 사용자 정보가 저장되는 시스템 객체를 생성한다. + name은 다른 lxc 명령어들에서 특정 컨테이너를 지정하는데 사용된다. + + + + 객체는 @LXCPATH@에 작성되는 디렉토리이며, 자신의 name으로 구분되어 진다. + + + + + 객체는 응용 프로그램이 사용할 수 있고 볼 수 있는 여러 자원들의 정의이다. + 설정파일이 많은 정보를 담고 있을수록 컨테이너는 더욱더 고립될 수 있고, 응용 프로그램은 더욱더 격리될 수 있다. + + + + + 만약 설정파일 config_file가 지정되지 않았다면, 컨테이너는 프로세스, sysv ipc, 마운트 포인트에 대한 기본적인 고립 상태로 만들어진다. + + + + + <!-- Options -->옵션 + + + + + + + + + + 컨테이너 가상화 및 고립 기능을 설정하는 설정파일을 지정한다. + + + + + + + + + + + + lxc-create 명령어는 'lxc-template' 스크립트를 호출한다. template은 'lxc-template' 스크립트의 짧은 이름으로, busybox, debian, fedora, ubuntu, sshd 등이 있다. 스크립트의 구조에 대해 궁금할 때는 @LXCTEMPLATEDIR@에 있는 예제들을 참고하면 된다. + template 대신 스크립트의 전체 경로를 지정할 수도 있다. + "none"으로 지정하면 루트파일시스템 생성을 강제로 건너뛸 수 있다. + + + + + + + + + + + + 'backingstore'는 'dir', 'lvm', 'loop', 'btrfs', 'zfs', 'rbd', 'best'를 지정할 수 있다. + 기본 값은 'dir'로 컨테이너 루트 파일시스템을 의미하며 @LXCPATH@/container/rootfs이하 디렉토리를 가리킨다. + 'dir'은 옵션으로 컨테이너 루트 파일시스템이 어느 경로에 위치할지 지정할 수 있으며, --dir ROOTFS로 가능하다. + ('none'은 'dir'과 동일하다) + 'btrfs'가 지정되어 있다면, 타겍 파일시스템은 반드시 btrfs여야 한다. 그리고 컨테이너 루트 파일시스템은 새로운 서브볼륨으로 생성된다. 이는 스냅샷된 복제물을 만들지만, rsync --one-filesystem는 분리된 파일시스템으로 취급하게 된다. + 'lvm'으로 지정되있다면, lvm 블록 디바이스가 사용되며, 이때 사용가능한 옵션은 다음과 같다 : --lvname lvname1는 이름이 lvname1인 LV를 만든다(기본값은 컨테이너 이름). +--vgname vgname1는 이름이 vgname1인 볼륨그룹 안에 LV를 만든다(기본값은 lxc). + --thinpool thinpool1thinpool1라는 풀 안에 있는 thin-provisioned 볼륨으로 LV를 만든다(기본값은 lxc). + --fstype FSTYPE는 LV의 파일시스템을 FSTYPE으로 지정한다(기본값은 ext4). + --fssize SIZE는 LV의 크기를 지정한다(기본값은 1G). + + + + 'loop'로 지정되어 있다면, 'lvm'과 비슷하게 --fstype FSTYPE--fssize SIZE를 사용할 수 있다(기본값은 'lvm'과 동일). + + + + 'rbd'로 지정되어 있다면, ceph.conf내 적절하게 설정사항이 있어야 하고 ceph.client.admin.keyring가 정의되어 있어야 한다. + 아래 옵션을 지정할 수 있다 : + --rbdname RBDNAME는 생성하는 블록 장치의 이름을 RBDNAME로 지정한다(기본값은 컨테이너의 이름). + --rbdpool POOL는 블록 장치를 넣을 풀을 POOL로 지정한다(기본값은 'lxc'). + + + + 'best'로 지정되어 있다면, lxc는 btrfs, zfs, lvm, dir의 순서대로 시도해본다. + + + + + + + + + + + + 이것은 template-options를 템플릿에게 인수로 넘긴다. 만약 어떤 인수를 템플릿에서 지원하는지 보고 싶다면, lxc-create -t TEMPLATE -h를 사용하면 된다. + + + + + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container already exists + + + + 메시지에 나와있는 대로, 이미 같은 이름의 컨테이너가 존재하는 경우이다. lxc-ls 명령어를 사용하여 시스템에 이미 존재하는 컨테이너를 확인해볼 수 있다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-destroy.sgml.in lxc-2.0.1/doc/ko/lxc-destroy.sgml.in --- lxc-1.1.5/doc/ko/lxc-destroy.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-destroy.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,165 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-destroy + 1 + + + + lxc-destroy + + + + 컨테이너 제거 + + + + + + lxc-destroy + -n name + -f + -s + + + + + <!--Description-->설명 + + + + lxc-destroylxc-create로 이전에 생성했던 시스템 객체를 제거한다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + 만약 컨테이너가 실행중이라면, 컨테이너를 종료시킨다. + 이 옵션이 지정되지 않았을 때 컨테이너가 실행중이라면, lxc-destroy는 중지될 것이다. + + + + + + + + + + 해당 컨테이너의 모든 스냅샷까지 제거한다. + + + + + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 제거하려는 컨테이너를 찾을 수 없는 경우이다. 아마도 존재하지 않았거나 이미 제거되었을 경우일 것이다. lxc-ls 명령어를 사용하여 시스템에 존재하는 컨테이너를 확인해볼 수 있다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-device.sgml.in lxc-2.0.1/doc/ko/lxc-device.sgml.in --- lxc-1.1.5/doc/ko/lxc-device.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-device.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,203 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-device + 1 + + + + lxc-device + + + + 실행 중인 컨테이너의 디바이스 관리 + + + + + + lxc-device + -h + -n name + add + DEVICE + NAME + + + + + <!-- Description -->설명 + + + lxc-device는 실행중인 컨테이너의 디바이스를 관리한다. + + + + + <!-- Options -->옵션 + + + + + + + + + 명령어의 전체 도움말을 표시한다. + + + + + + + + + + 대상으로 하는 컨테이너의 이름. + + + + + + + + + + + + 수행할 동작. 현재는 'add'만 지원된다. + + + + + + + + + + + + 컨테이너에 추가할 디바이스. + 장치의 경로를 /dev 밑으로 지정하거나 네트워크 인터페이스 이름이 지정 가능하다. + + + + + + + + + + + + 컨테이너 내부에서 쓰일 디바이스의 이름 + + + + + + + + <!-- Examples -->예제 + + + lxc-device -n p1 add /dev/video0 + + + + 컨테이너 p1 내부에 호스트의 것과 같은 /dev/video0 장치를 생성한다. + + + + + + lxc-device -n p1 add eth0 eth1 + + + + 호스트의 eth0를 컨테이너 p1에 eth1의 이름으로 옮긴다. + + + + + + + &seealso; + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-execute.sgml.in lxc-2.0.1/doc/ko/lxc-execute.sgml.in --- lxc-1.1.5/doc/ko/lxc-execute.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-execute.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,238 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-execute + 1 + + + + lxc-execute + + + + 컨테이너 내부로 응용 프로그램 실행 + + + + + + lxc-execute + -n name + -f config_file + -s KEY=VAL + -- command + + + + + <!-- Description -->설명 + + + + lxc-execute는 지정한 commandname라는 이름의 컨테이너 내부에서 실행한다. + + + + 이 명령어는 lxc-create 정의했던 설정을 토대로 또는 인수 +를 통해 넘긴 설정파일을 토대로 컨테이너를 세팅한다. + 만약 정의된 설정이 없다면, 기본 고립 환경을 사용한다. + + + + 이 명령어들은 고립된 환경에서 응용 프로그램을 빠르게 실행해보고 싶을 때, 주로 사용한다. + + + + lxc-execute명령어는 컨테이너 내부에서 lxc-init 프로세스를 통해 지정한 명령어를 실행한다. + lxc-init은 지정한 명령어를 실행한 뒤에, 해당 명령어 및 그 명령어에서 실행된 모든 프로세스들을 기다린다(컨테이너 내에서 데몬을 지원하기 위한 것). + 즉, 컨테이너내에서 lxc-init는 pid는 1이 되고, 그 다음으로 실행되는 응용 프로그램은 pid가 2가 된다. + + + + lxc-init는 시그널들을 받아서 시작한 명령어에게 보내주도록 되어 있다. + + + + + <!-- Options -->옵션 + + + + + + + + + + 컨테이너의 가상화나 고립 기능을 설정할 때 쓰일 설정파일을 지정한다. + + + + 지정한 설정파일이 존재한다면, 이전에 생성된(lxc-create를 통해) 컨테이너에 설정파일이 이미 존재한다고 하더라도 지정한 설정파일을 사용한다. + + + + + + + + + + + VAL 값을 KEY 설정변수에 넣는다. + 이는 config_file에서의 설정을 덮어쓴다. + + + + + + + + + 옵션이 끝임을 지정하고 더이상 옵션에 대한 처리를 하지 않는다. + -- 이후에 오는 모든 인수는 command의 인수로서 처리된다. + + + + 이것은 command에게 옵션을 지정하고, lxc-execute가 그 옵션을 처리하지 않게 하는데 유용하게 사용된다. + + + + + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container is busy + + + + 지정한 컨테이너가 이미 실행중인 경우이다. 컨테이너를 사용하고 싶다면 컨테이너를 중지시켜야 한다. 또는 새로운 컨테이너를 만들 수도 있다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-freeze.sgml.in lxc-2.0.1/doc/ko/lxc-freeze.sgml.in --- lxc-1.1.5/doc/ko/lxc-freeze.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-freeze.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,130 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-freeze + 1 + + + + lxc-freeze + + + + 컨테이너의 모든 프로세스를 동결 + + + + + + lxc-freeze + -n name + + + + + <!-- Description -->설명 + + + + lxc-freeze는 컨테이너 내부에서 실행되는 모든 프로세스를 동결시킨다. + 프로세스는 lxc-unfreeze 명령어를 이용하여 명시적으로 동결 해제시킬 때까지 블로킹 된다. + 이 명령어는 프로세스 그룹들을 스케줄링하여 일괄처리하는 데 유용하다. + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 지정한 컨테이너가 lxc-create로 생성된 적이 없다. + 컨테이너가 존재하지 않는다. + + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-info.sgml.in lxc-2.0.1/doc/ko/lxc-info.sgml.in --- lxc-1.1.5/doc/ko/lxc-info.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-info.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,260 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-info + 1 + + + + lxc-info + + + + 컨테이너의 정보 조회 + + + + + + lxc-info + -n name + -c KEY + -s + -p + -i + -S + -H + + + + + <!-- Description -->설명 + + + lxc-info는 컨테이너에 대한 정보를 조회하고 표시한다. + + + + + <!-- Options --> + + + + + + + + + + 컨테이너의 설정값을 표시한다. 이 옵션은 1개 이상의 key = value 쌍을 표시할 수 있다. + + + + + + + + + + + + 컨테이너의 상태를 표시한다. + + + + + + + + + + + + 컨테이너의 pid를 표시한다. + (역주 : 컨테이너 내의 init 프로세스를 의미한다) + + + + + + + + + + + + 컨테이너의 IP 주소를 표시한다. + + + + + + + + + + + + 컨테이너의 통계정보를 표시한다. + 성능상의 이유로, 커널 메모리 제한이 걸려있지 않다면 커널의 메모리 사용량은 집계되지 않는다. + 만약 제한되어 있지 않다면, lxc-info는 커널 메모리 사용량을 0으로 표시한다. 메모리 제한은 + + lxc.cgroup.memory.kmem.limit_in_bytes = number + + 를 컨테이너 설정파일에 넣음으로써 지정할 수 있다. + + lxc.conf + 5 + 를 참고 바란다. + + + + + + + + + + + + 컨테이너의 통계값을 사람이 읽기 쉬운 형태로 변환하지 않고 그대로 표시한다. + 기본값은 사람이 읽기 쉬운 형태로 변환하는 것이다. + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + lxc-info -n foo + + + + foo 라는 이름의 컨테이너 정보를 표시한다. + + + + + + lxc-info -n 'ubuntu.*' + + + + ubuntu 라는 문자열로 시작하는 이름의 컨테이너들의 정보를 표시한다. + + + + + + lxc-info -n foo -c lxc.network.0.veth.pair + + + + foo 컨테이너의 veth pair 이름을 표시한다. + + + + + + + + &seealso; + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-ls.sgml.in lxc-2.0.1/doc/ko/lxc-ls.sgml.in --- lxc-1.1.5/doc/ko/lxc-ls.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-ls.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,293 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-ls + 1 + + + + lxc-ls + + + + 시스템 내에 존재하는 컨테이너들의 리스트 표시 + + + + + + lxc-ls + -1 + --active + --frozen + --running + --stopped + -f + -F format + -g groups + --nesting=NUM + --filter=regex + + + + + <!-- Description -->설명 + + + lxc-ls는 시스템 내에 존재하는 컨테이너들의 리스트를 표시한다. + + + + + <!-- Options -->옵션 + + + + + + + + + 1개의 항목를 한 줄에 표시한다. (/dev/stdout이 tty가 아닌 경우 기본) + + + + + + + + + + + + 동작 중인 컨테이너들의 리스트를 표시한다. (--frozen --running과 동일) + + + + + + + + + + + + 동결된 컨테이너들의 리스트를 표시한다. + + + + + + + + + + + + 실행 중인 컨테이너들의 리스트를 표시한다. + + + + + + + + + + + + 종료되어 있는 컨테이너들의 리스트를 표시한다. + + + + + + + + + + + + 예쁘게, 컬럼 기반으로 출력해준다. + + + + + + + + + + + + --fancy로 출력할때 어떤 컬럼을 보여줄지 쉼표(,)로 구분된 리스트. + 기본으로 표시되는 항목 및 선택할 수 있는 항목을 확인하려면 --help를 사용하면 된다. + + + + + + + + + + + + 표시하고자하는 컨테이너 그룹의 쉼표로 구분된 리스트. + 이 인수는 여러번 사용될 수 있다. + + + + + + + + + + + + 중첩된(nested) 컨테이너들의 리스트를 표시한다. 몇번 중첩된(nested) 컨테이너를 보여줄지 숫자로 지정할 수 있다. + + + + + + + + + + + + lxc-ls 명령어 사용시 컨테이너 이름에 적용할 정규표현식이다. 형식은 POSIX 확장 정규표현식이다. 명시적으로 을 사용하지 않고도 사용할 수 있다. + + + + + + + + + <!-- Examples -->예제 + + + lxc-ls --fancy + + + + 모든 컨테이너를 표시한다. 1개의 행에 컨테이너의 이름, 상태, ipv4 및 ipv6 주소가 들어있다. + + + + + + lxc-ls --active -1 + + + + 동작 중인 컨테이너들의 리스트를 1열로 표시한다. + + + + + + + + &commonoptions; + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-monitor.sgml.in lxc-2.0.1/doc/ko/lxc-monitor.sgml.in --- lxc-1.1.5/doc/ko/lxc-monitor.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-monitor.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,238 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-monitor + 1 + + + + lxc-monitor + + + + 컨테이너의 상태 모니터링 + + + + + + lxc-monitor + -n name + -Q + + + + + <!-- Description -->설명 + + + + lxc-monitor는 컨테이너의 상태를 주시한다. + name 인수는 어떤 컨테이너를 모니터링할지 지정한다. + 이 인수는 POSIX 호환 정규 표현식으로 지정할 수 있다. 따라서 모든 컨테이너를 또는 그 중 몇몇만 또는 한 개의 컨테이너만 모니터링하는 것이 가능하다. + 만약 인수가 지정되지 않았다면 name는 기본값으로 '.*'가 사용된다. 이 값은 lxcpath에 있는 모든 컨테이너들을 모니터링 할 수 있다. + + + + + =PATH 옵션을 사용하여 컨테이너 경로를 지정할 수 있으며, 1개 이상도 가능하다. + 하지만 각각 다른 경로에 있는 이름이 같은 컨테이너는 출력에서 구분되지 않는다. + + + + + + <!-- Options -->옵션 + + + + + + + + + + 지정한 lxcpath 각각에 대한 lxc-monitord 데몬을 종료하도록 요청한다. + lxc-monitord는 일반적으로 클라이언트가 없으면, 새로운 클라이언트를 를 30초 동안 기다린 후 종료된다. 하지만 이 명령어를 실행한 후에는 클라이언트가 없으면 바로 종료된다. + 이 옵션은 lxcpath의 파일시스템을 바로 unmount할 필요가 있을때, 유용하다. + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + lxc-monitor -n foo + + + + foo 컨테이너의 상태 변화를 모니터링한다. + + + + + + lxc-monitor -n 'foo|bar' + + + + 컨테이너 foo와 bar의 상태 변화를 모니터링 한다. + + + + + + lxc-monitor -n '[f|b].*' + + + + 이름이 'f' 또는 'b'로 시작하는 컨테이너의 상태 변화를 모니터링한다. + + + + + + lxc-monitor -n '.*' + + + + 모든 컨테이너들의 상태 변화를 모니터링한다. + + + + + + + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 지정한 컨테이너가 lxc-create로 생성된 적이 없다. + 컨테이너가 존재하지 않는다. + + + + + + + + + + + <!-- See Also -->참조 + + + + regex + 7 + , + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc.sgml.in lxc-2.0.1/doc/ko/lxc.sgml.in --- lxc-1.1.5/doc/ko/lxc.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,875 @@ + + + +]> + + + + + @LXC_GENERATE_DATE@ + + + + + lxc + 7 + + Version @PACKAGE_VERSION@ + + + + + lxc + + + + Linux 컨테이너 + + + + + <!-- Quick start -->빠른 도움말 + + + man 페이지를 읽고 싶지는 않지만 서둘러서 해보고 싶다면, + 된다고 보장할 수는 없지만, 미리정의된 설정파일로 컨테이너 내에서 쉘을 실행하는 아래 명령어를 소개하고자 한다. + + @BINDIR@/lxc-execute -n foo -f + @DOCDIR@/examples/lxc-macvlan.conf /bin/bash + + + + + <!-- Overview -->개요 + + + 컨테이너 기술은 리눅스 커널의 메인스트림에서 활발하게 개발이 진행되고 있다. 컨트롤 그룹(aka. 프로세스 컨테이너)을 통한 자원 관리와 네임스페이슬 통한 자원의 고립 기능을 제공한다. + + + + + linux 컨테이너 (lxc)는 사용자영역 컨테이너 개체를 제공하는 새로운 기능을 사용하는 것을 목표로 하고 있다. 이 새로운 기능은 응용 프로그램이나 시스템에서 모든 자원의 격리와 제어를 제공한다. + + + + + 이 프로젝트의 첫번째 목적은 컨테이너 프로젝트에 속해있는 커널 개발자들의 작업을 편하게 하며, 특히 새로운 기능인 Checkpoing/Restart에 대해 계속 작업을 진행해 나가는 것이다. + lxc는 작지만, 컨테이너를 간단한 명령어를 통해 쉽게 관리할 수 있고, 다목적으로 사용되기에도 충분하다. + + + + + <!-- Requirements -->요구사항 + + + lxc는 커널이 제공하는 몇가지 기능들에 의존적이며, 해당 기능이 활성화되어 있어야 한다. 부족한 기능에 따라, 제한된 기능만이 동작하거나, 아예 동작을 안 할 수 있다. + + + + + 아래 리스트는 컨테이너의 모든 기능을 사용하기 위해 활성화되어야 하는 커널 기능들이다. + + + * General setup + * Control Group support + -> Namespace cgroup subsystem + -> Freezer cgroup subsystem + -> Cpuset support + -> Simple CPU accounting cgroup subsystem + -> Resource counters + -> Memory resource controllers for Control Groups + * Group CPU scheduler + -> Basis for grouping tasks (Control Groups) + * Namespaces support + -> UTS namespace + -> IPC namespace + -> User namespace + -> Pid namespace + -> Network namespace + * Device Drivers + * Character devices + -> Support multiple instances of devpts + * Network device support + -> MAC-VLAN support + -> Virtual ethernet pair device + * Networking + * Networking options + -> 802.1d Ethernet Bridging + * Security options + -> File POSIX Capabilities + + + + + 배포판들에 포함된 2.6.32 이상의 커널에서는 lxc가 동작한다. 매우 작은 기능만 있지만 충분히 사용할 수 있다. + lxc-checkconfig 스크립트를 사용하면 현재 커널 설정에 대한 정보를 얻을 수 있다. + + + + + 컨트롤 그룹은 어디에든지 마운트될 수 있다. 예를 들어 + mount -t cgroup cgroup /cgroup도 가능하다. + + 그러나 cgmanager, cgroup-lite 또는 systemd를 사용하여, /sys/fs/cgroup에 cgroup 계층구조를 마운트하는 것이 좋다. + + + + + + <!-- Functional specification -->기능 사양 + + + 컨테이너는 응용프로그램이나 시스템을 내부에서 실행시키기 위해, 호스트의 몇몇 자원들을 격리시키는 객체이다. + + + + 어플리케이션/시스템은 처음 생성될때 또는 시작 명령어의 인자로 넘겨주었던 설정을 기반으로 한 컨테이너 안에서 실행된다. + + + + + 어떻게 컨테이너 내부에서 응용 프로그램을 실행하는가? + + + + 어플리케이션을 실행하기에 앞서, 고립시키고 싶은 자원을 먼저 알아야 한다. 기본 설정은 pid와 sysv ipc 그리고 마운트 포인트들을 고립시킨다. + 만약에 간단한 쉘을 컨테이너 내부에서 실행시키기 원한다면, 특히 rootfs를 공유하고 싶다면 매우 기초적인 설정이 요구된다. + sshd 같은 응용 프로그램을 실행시키고 싶다면, 새로운 네트워크 스택과 호스트네임을 제공해 주어야 한다. + 만약 몇몇 파일들, 예를 들어, /var/run/httpd.pid이 충돌나는것을 막고 싶다면, /var/run를 빈 디렉토리로 다시 마운트하는 것이 필요하다. + 모든 경우의 파일 충돌을 피하고 싶다면, 컨테이너를 위한 루트 파일시스템를 따로 지정해 줄 수도 있다. 루트 파일시스템은 미리 원래의 루트 파일시스템을 바인드 마운트한 디렉토리가 될 수도 있다. 이렇게 되면 자신만의 /etc, /home을 사용하면서도 배포판을 그대로 사용할 수 있다. + + + + 아래는 sshd를 사용하기 위한 디렉토리 트리 예제이다. + +[root@lxc sshd]$ tree -d rootfs + +rootfs +|-- bin +|-- dev +| |-- pts +| `-- shm +| `-- network +|-- etc +| `-- ssh +|-- lib +|-- proc +|-- root +|-- sbin +|-- sys +|-- usr +`-- var + |-- empty + | `-- sshd + |-- lib + | `-- empty + | `-- sshd + `-- run + `-- sshd + + + 그리고, 해당 마운트 포인트 파일의 내용은 아래와 같다. + + [root@lxc sshd]$ cat fstab + + /lib /home/root/sshd/rootfs/lib none ro,bind 0 0 + /bin /home/root/sshd/rootfs/bin none ro,bind 0 0 + /usr /home/root/sshd/rootfs/usr none ro,bind 0 0 + /sbin /home/root/sshd/rootfs/sbin none ro,bind 0 0 + + + + + + 어떻게 컨테이너 내에서 시스템을 실행하는가? + + + + + 컨테이너 내에서 시스템을 실행하는 것은 역설적으로 어플리케이션을 실행하는 것보다 쉽다. 왜 그럴까? 왜냐하면, 어떤 자원이 고립되어야 하는지 고려할 필요가 없다. 모든 자원이 고립되면 된다. 자원들은 별다른 설정없이 고립된다고 지정만 해도 된다. 왜냐하면 컨테이너가 그 자원들을 세팅할 것이기 때문이다. 예를 들어 ipv4 주소는 시스템 컨테이너의 init 스크립트들을 통해 세팅된다. 아래는 마운트 포인트 파일의 예제이다. + + + [root@lxc debian]$ cat fstab + + /dev /home/root/debian/rootfs/dev none bind 0 0 + /dev/pts /home/root/debian/rootfs/dev/pts none bind 0 0 + + + 설정을 돕기 위해서 컨테이너에 부가 정보를 추가할 수 있다. 아래와 같이 호스트에 있는 resolv.conf를 컨테이너 안에서 접근할 수 있다. + + + /etc/resolv.conf /home/root/debian/rootfs/etc/resolv.conf none bind 0 0 + + + + + <!-- Container life cycle -->컨테이너의 생명주기 + + + 컨테이너가 생성될때, 컨테이너는 설정정보를 포함하게 된다. + 프로세스가 실행될때, 컨테이너는 시작되고 실행된다. + 컨테이너 내에서 실행되던 마지막 프로세스가 종료되면, 컨테이너는 종료된다. + + + + 컨테이너의 초기화가 실패했을 경우, (아래 그림처럼)중단 상태로 바뀌게 된다. + + + + + + + + + <!-- Configuration -->설정 + + + + 컨테이너는 설정파일에 의해서 설정된다. 설정파일의 형식은 다음을 참조하면 된다. + + lxc.conf + 5 + + + + + <!--Creating / Destroying container + (persistent container) -->컨테이너의 생성/제거 (지속 컨테이너) + + + 지속성 컨테이너 객체는 lxc-create 명령어로 생성된다. 컨테이너이름을 인수로 받으며, 부가적인 설정파일과 템플릿을 지정한다. + 여기서 지정하는 이름은 다른 명령어들을 사용할 때 해당 컨테이너를 참조하기 위해 사용된다. lxc-destroy 명령어는 컨테이너 객체를 제거한다. + + lxc-create -n foo + lxc-destroy -n foo + + + + + + <!-- Volatile container -->휘발성 컨테이너 + + + 컨테이너 시작전에 컨테이너 오브젝트를 생성하는 것이 의무는 아니다. + 컨테이너는 설정파일을 파라미터로 넣어서 바로 시작할 수도 있다. + + + + + <!-- Starting / Stopping container -->컨테이너의 시작과 종료 + + + 컨테이너가 생성하면 응용 프로그램/시스템이 실행될 준비를 마친 것이다. + 실행하는 것이 바로 lxc-executelxc-start 명령어의 목적이다. + 응용프로그램 시작전에 컨테이너가 생성되어 있지 않다면, 컨테이너는 명령어의 인수로 넘겼던 설정파일을 사용한다. 그런 인수마저 없다면, 기본 고립 환경을 사용한다. + 만약 응용프로그램이 종료되면, 컨테이너도 역시 종료된다. 실행중인 응용프로그램을 종료시키고 싶다면 lxc-stop를 사용하면 된다. + + + + + 컨테이너 내부에서 응용프로그램을 실행하는 것은 시스템을 실행하는 것과는 차이가 있다. 이런 이유로 아래의 두가지 명령어가 사용된다. + + lxc-execute -n foo [-f config] /bin/bash + lxc-start -n foo [-f config] [/bin/bash] + + + + + + lxc-execute 명령어는 컨테이너 내부에서 lxc-init 프로세스를 통해 실행할 명령어를 지정할 수 있다. + lxc-init는 지정한 명령어를 실행한 후, 그 명령어로 실행된 모든 프로세스들이 종료되기를 기다린다. (컨테이너 내부에서 데몬을 지원하기 위해서이다) + 다시 말해서, 컨테이너 내부에서 lxc-init는 1번 pid를 갖고, 응용프로그램의 첫번째 프로세스는 2번 pid를 가진다. + + + + + lxc-start 명령어는 지정한 명령어를 컨테이너 내에서 직접 실행한다. 첫 프로세스의 pid는 1번이다. 만약 어떤 명령어도 지정되지 않으면, lxc.init_cmd에 지정된 명령어를 실행한다. 이마저도 지정되있지 않으면, /sbin/init를 실행한다. + + + + + 요약하자면, lxc-execute는 응용 프로그램 실행을 위해서, lxc-start는 시스템 실행을 위해 적합하다. + + + + + 만약 어플리케이션이 더이상 응답하지 않거나, 접근이 불가능하거나, 스스로 종료되지 못할 경우, lxc-stop 명령어는 컨테이너 내의 모든 프로세스들을 가차없이 종료시킬 것이다. + + lxc-stop -n foo + + + + + + <!-- Connect to an available tty -->사용가능한 tty 접속 + + + 컨테이너에 tty가 설정되어 있다면, tty를 통해 컨테이너에 접근할 수 있다. + 아래 명령어를 통해 사용될 가능한 tty를 제공하는 것은 컨테이너에 달려있다. + tty가 종료되었을 때는 다시 로그인하지 않고도 재접속할 수 있다. + + lxc-console -n foo -t 3 + + + + + + <!-- Freeze / Unfreeze container -->컨테이너 동결/동결 해제 + + + 스케줄링 등을 위해 컨테이너에 속해있는 모든 프로세스를 정지 시키는 것은 때로 유용할 수 있다. 아래 명령어들을 사용하면 된다. + + + lxc-freeze -n foo + + 는 모든 프로세스들을 인터럽트 불가능한 상태로 만든다. + + + lxc-unfreeze -n foo + + 는 모든 프로세스를 정지 해제 시킨다. + + + + + 이 기능은 커널에서 cgroup freezer 기능이 활성화 되어 있어야 사용 가능하다. + + + + + <!-- Getting information about container --> + 컨테이너 관련 정보 얻어오기 + + + 컨테이너가 많이 존재하는 경우, 어떤 것이 생성되고 제거됬는지, 어떤 것이 실행 중인지 또는 어떤 프로세스들이 특정 컨테이너 내에서 실행되는지를 따라가기 힘들다. 이를 위해 다음과 같은 명령어들이 유용하게 사용될 수 있다. + + lxc-ls + lxc-info -n foo + + + + + lxc-ls는 시스템의 컨테이너들의 리스트를 표시한다. + + + + + lxc-info는 지정한 컨테이너의 정보를 얻어온다. + + + + + 아래는 명령어들을 조합하여 컨테이너들의 리스트를 얻어오고 상태를 출력하는 예제이다. + + for i in $(lxc-ls -1); do + lxc-info -n $i + done + + + + + + + <!-- Monitoring container -->컨테이너 모니터링 + + + 컨테이너의 상태를 추적하는 것은 때때로 매우 유용하다. + 예를 들어, 상태를 모니터링하거나, 스크립트에서 특정상태를 기다리는 경우이다. + + + + + lxc-monitor 명령어는 하나 또는 여러개의 컨테이너들을 모니터링한다. 이 명령어의 인수로 정규표현식을 넘길 수도 있다. + 예를 들면, + + lxc-monitor -n "foo|bar" + + 는 'foo'와 'bar'라는 이름의 컨테이너의 상태 변화를 모니터링한다. 그리고, + + lxc-monitor -n ".*" + + 는 모든 컨테이너를 모니터링한다. + + + + 'foo' 컨테이너가 시작되고 몇 가지 작업을 수행하고 종료된 경우, + 출력은 다음과 같다. + + 'foo' changed state to [STARTING] + 'foo' changed state to [RUNNING] + 'foo' changed state to [STOPPING] + 'foo' changed state to [STOPPED] + + + + + lxc-wait 명령어는 지정한 상태로 변화되는 것을 기다린다. 이 명령어는 컨테이너의 시작이나 종료와 동기화되는 스크립트를 작성할 때 유용하다. + 인수는 다른 상태들을 OR로 묶어서 지정해 줄 수 있다. 아래 예제는 백그라운드에서 어떻게 컨테이너의 상태 변화를 기다리는지 보여준다. + + + + + + + + <!-- Setting the control group for container --> + 컨테이너 컨트롤 그룹 설정 + + + + 컨테이너는 컨트롤 그룹과 결합되어 있다. + 컨테이너가 시작되면 컨트롤그룹이 만들어지고 해당 컨트롤 그룹과 연결된다. + 컨테이너가 실행중일 때, lxc-cgroup 명령어를 이용해 컨트롤 그룹 속성은 읽거나 수정될 수 있다. + + + + lxc-cgroup 명령어는 컨테이너와 연결된 컨트롤 그룹 서브시스템의 값을 얻어오거나 설정한다. + 서브시스템의 이름은 사용자가 결정하며, 이 명령어는 이름이 적합한지 여부를 검사하지 않는다. + 만약 서브시스템의 이름이 없다면 명령어는 실패할 것이다. + + + + + lxc-cgroup -n foo cpuset.cpus + + 는 해당 서브시스템의 내용을 표시한다. + + lxc-cgroup -n foo cpu.shares 512 + + 는 해당 서브시스템의 값을 설정한다. + + + + + + <!-- Bugs -->버그 + + + lxc는 아직 개발중이다. 그래서 명령어 사용법이나, API가 변경될 수 있다. 버전 1.0.0은 변경되지 않는 고정된 버전이다. + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-snapshot.sgml.in lxc-2.0.1/doc/ko/lxc-snapshot.sgml.in --- lxc-1.1.5/doc/ko/lxc-snapshot.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-snapshot.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,208 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-snapshot + 1 + + + + lxc-snapshot + + + + 존재하는 컨테이너의 스냅샷 생성 및 복원 + + + + + + lxc-snapshot + -n, --name name + -c, --comment file + + + lxc-snapshot + -n, --name name + -d, -destroy snapshot-name + + + lxc-snapshot + -n, --name name + -L, --list + -C, --showcomments + + + lxc-snapshot + -n, --name name + -r, -restore snapshot-name + -N, --newname newname + + + + + <!-- Description -->설명 + + + + lxc-snapshot는 컨테이너의 스냅샷을 생성, 복원 그리고 리스트를 표시한다. + (역주 : 컨테이너 파일시스템을 대상으로 한다는 점에서 lxc-checkpoint와는 다르다) + + + + 스냅샷은 컨테이너 설정 경로 밑에 스냅샷된 컨테이너처럼 저장된다. + 예를 들어, 만약 컨테이너 설정 경로가 /var/lib/lxc이고 컨테이너 이름이 c1라면, 첫번째 스냅샷은 /var/lib/lxc/c1/snaps 밑에 snap0라는 이름의 컨테이너로 저장 된다. + LXC 1.0 때 사용됬던 /var/lib/lxcsnaps가 존재하는 경우라면, 해당 경로가 계속 쓰이게 된다. + + + + + + <!-- Options -->옵션 + + + + + + + + + 새로 생성되는 스냅샷에 comment_file에 있는 주석을 단다. + + + + + + + + + 지정한 스냅샷을 제거한다. 스냅샷의 이름이 ALL인 경우, 모든 스냅샷을 제거한다. + + + + + + + + + 존재하는 스냅샷의 리스트를 표시한다. + + + + + + + + + + 스냅샷의 리스트를 표시할때 스냅샷의 주석도 함께 표시한다. + + + + + + + + + + 지정한 스냅샷을 복원한다, 즉, 스냅샷을 복사하여 완전히 새로운 컨테이너가 생성된다는 것을 의미한다. + + + + + + + + + + 스냅샷을 복원할 때, 복원된 컨테이너의 이름을 --newname로 명시적으로 지정하지 않았다면 마지막 인자를 이름으로 사용한다. 만약 newname이 원래 컨테이너의 이름과 같다면, 원래 컨테이너는 제거되고 복원되는 컨테이너로 교체된다. aufs, overlayfs, zfs의 경우에는 원본 스냅샷의 제거가 불가능하다는 것에 주의해야 한다. + + + + + + + + + &commonoptions; + + &seealso; + + + <!-- Author -->저자 + Serge Hallyn serge.hallyn@ubuntu.com + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-start-ephemeral.sgml.in lxc-2.0.1/doc/ko/lxc-start-ephemeral.sgml.in --- lxc-1.1.5/doc/ko/lxc-start-ephemeral.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-start-ephemeral.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,318 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-start-ephemeral + 1 + + + + lxc-start-ephemeral + + + + 존재하는 컨테이너를 임시 복사본으로 시작 + + + + + + lxc-start-ephemeral + -o + -n + -d + --bdir + --user + --key + --storage-type + --union-type + --keep-data + COMMAND + + + + + <!-- Description -->설명 + + + lxc-start-ephemeral는 존재하는 컨테이너를 임시 복사본으로 시작시킨다. + + + + + <!-- Options -->옵션 + + + + + + + + + 원본 컨테이너 이름 + + + + + + + + + + + + 임시 컨테이너의 이름 (기본값은 무작위한 접미사를 붙이는 것) + + + + + + + + + + + + 컨테이너를 백그라운드로 시작한다. 그리고 이름과 IP를 표시한다. + 옵션으로 명령어를 넘길 경우, 이 옵션은 사용하지 못한다. + + + + + + + + + + + + 컨테이너로 바인드 마운트할 디렉토리. + 여러번 인자로 넘겨줄 수 있다. + + + + + + + + + + + + 컨테이너에 연결할 사용자. + lxc-start-ephemeral로 명령어를 넘길때 사용한다. + + + + + + + + + + + + 컨테이너 안으로 지정한 SSH 공개키를 복사한다. + + + + + + + + + + + + 컨테이너가 사용하는 저장소 형태를 지정한다. 가능한 형태는 tmpfs, dir이다. + + + + + + + + + + + + 지정한 union 파일시스템을 사용한다. + 가능한 파일시스템은 overlayfs, aufs이다. + + + + + + + + + + + + tmpfs 대신 영구적인 백엔드를 사용한다. + 이 옵션을 사용하면, 더이상 임시 컨테이너가 아니기 때문에 lxc-stop이나 lxc-start를 사용할 수 있게 된다. (여전히 오버레이 상태이지만 영구적이다) + + + + + + + + + + + + 지정한 명령어를 컨테이너 안에서 바로 실행한다. + 커널이 attach를 지원하면 attach를 사용하고, 지원하지 않으면 ssh를 사용한다. + 이 옵션은 데몬 모드와 같이 사용할 수 없다. + + + + + + + + <!-- See Also -->참조 + + + + lxc-start + 1 + , + + + + + <!-- Examples -->예제 + + + lxc-start-ephemeral -o p1 + + + + 단순히 임시 복사본 컨테이너를 시작하고, console에 연결한다. + 임시 컨테이너는 컨테이너 p1을 기반으로 한다. + + + + + + lxc-start-ephemeral -o p1 -n p1-ephemeral -d + + + + 컨테이너 p1을 기반으로 임시 컨테이너 p1-ephemeral을 시작한다. + console에 연결하지 않고, 컨테이너의 IP와 이름을 출력한다. + + + + + + + + <!-- Notes -->주의 + + + lxc-start-ephemerallxc-copy로 대체되었으며, 제거될 예정이다. + + + + &seealso; + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-start.sgml.in lxc-2.0.1/doc/ko/lxc-start.sgml.in --- lxc-1.1.5/doc/ko/lxc-start.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-start.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,360 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-start + 1 + + + + lxc-start + + + + 컨테이너 시작(실행) + + + + + + lxc-start + -n name + -f config_file + -c console_device + -L console_logfile + -d + -F + -p pid_file + -s KEY=VAL + -C + --share-[net|ipc|uts] name|pid + command + + + + + <!-- Description -->설명 + + + + lxc-start는 지정된 commandname이라는 이름의 컨테이너 내에서 실행한다. + (역주 : 컨테이너를 시작한다) + + + + 이 명령어는 lxc-create 정의했던 설정을 토대로 또는 인수를 통해 넘긴 설정파일을 토대로 컨테이너를 세팅한다. + 만약 정의된 설정이 없다면, 기본 고립 환경을 사용한다. + + + + 만약 명령어가 지정되지 않았다면, lxc-start는 lxc.init_cmd에 정의된 명령어를 사용한다. 만약 그마저도 없다면 "/sbin/init"명령어를 사용한다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 컨테이너를 데몬으로 실행한다. + 에러가 발생하더라도 컨테이너가 tty를 가지지 않기 때문에 에러는 표시되지 않는다. + 대신 로그 파일을 에러를 확인하는데 사용할 수 있다. + + + + + + + + + + + + 컨테이너를 포그라운드로 실행한다. 이 모드에서는 컨테이너의 콘솔은 현재 tty에 붙는다. 그리고 시그널들은 컨테이너로 직접 보내지게 된다. + + + + + + + + + + + + 프로세스 ID를 넣은 파일을 생성한다. + (역주 : systemd의 PIDFile= 옵션 등에 유용하게 사용가능하다) + + + + + + + + + + + + 컨테이너의 가상화나 고립 기능을 설정할 때 쓰일 설정파일을 지정한다. + + + + 지정한 설정파일이 존재한다면, 이전에 생성된(lxc-create를 통해) 컨테 +이너에 설정파일이 이미 존재한다고 하더라도 지정한 설정파일을 사용한다. + + + + + + + + + + + + 컨테이너의 콘솔로 사용할 디바이스를 지정한다. 예를 들어 /dev/tty8과 같이 지정가능하다. 만약 이 옵션이 지정되지 않았고 가 지정되이 않았다면, 현재 터미널이 사용된다. + + + + + + + + + + + + 컨테이너의 콘솔 출력을 기록할 파일을 지정한다. + + + + + + + + + + + + 지정한 설정 변수 KEYVAL값을 지정한다. + 이 것은 이전에 config_file에서 지정했던 값들을 덮어쓴다. + + + + + + + + + + + + 상속 받는 파일 디스크립터가 있다면, 전부 닫는다. 만약 이 옵션이 지정되지 않았을 경우 lxc-start는 실패와 함께 종료된다. 주의 : --daemon--close-all-fds를 포함하고 있다. + + + + + + + + + + + + name 컨테이너 또는 pid로부터 네트워크 네임스페이스를 상속받는다. 네트워크 네임스페이스는 원래 소유자가 계속 관리하게 된다. 시작하는 컨테이너의 네트워크 설정은 무시되고 up/down 스크립트는 실행되지 않는다. + + + + + + + + + + + + name 컨테이너 또는 pid로부터 IPC 네임스페이스를 상속받는다. + + + + + + + + + + + + name 컨테이너 또는 pid로부터 UTS 네임스페이스를 상속받는다. LXC는 시작할 때 호스트이름을 설정하지 않는다. 다만, 컨테이너 OS가 설정할 수 있다. + + + + + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container is busy + + + + 지정한 컨테이너가 이미 실행중인 경우이다. 컨테이너를 사용하고 싶다면 + 컨테이너를 중지시켜야 한다. 또는 새로운 컨테이너를 만들 수도 있다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-stop.sgml.in lxc-2.0.1/doc/ko/lxc-stop.sgml.in --- lxc-1.1.5/doc/ko/lxc-stop.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-stop.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,292 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-stop + 1 + + + + lxc-stop + + + + 컨테이너 종료 + + + + + + lxc-stop + -n name + -W + -r + -t timeout + -k + --nokill + --nolock + + + + + <!-- Description -->설명 + + + + lxc-stop 는 재뷰탕, 종료, 또는 컨테이너 내의 모든 프로세스를 강제종료 시킨다. 기본 동작은 컨테이너에게 lxc.haltsignal 시그널(기본값은 SIGPWR)을 컨테이너 init 프로세스에게 날려, 컨테이너가 종료되게 요청하는 것이다. 60초 동안 컨테이너가 종료되는 것을 기다리고 리턴된다. +만약 컨테이너가 60초안에 종료되지 않는다면 lxc.stopsignal 시그널(기본값은 SIGKILL)을 날려 강제로 종료시킨다. 재부팅 요청시에는 lxc.rebootsignal 시그널(기본값은 SIGINT)를 컨테이너 init 프로세스에게 날린다. + + + + + -W, -r, -s, -k, --nokill 옵션은 어떤 동작을 수행할지 지정한다. + -Wlxc-stop가 동작 수행후 즉각적으로 종료되게 지정한다. -t TIMEOUT는 동작이 완료되기까지 기다릴 최대 시간을 지정한다. + + + + + + <!-- Options -->옵션 + + + + + + + + + + 컨테이너 재부팅을 요청한다. + + + + + + + + + + + + 컨테이너가 깨끗이 종료되는 것 대신 명시적으로 컨테이너 내의 모든 작업들을 강제종료 시킨다. 이것은 이전 lxc-stop의 동작이다. + + + + + + + + + + + + 깨끗이 종료되도록 요청한다. 만약 종료가 실패하더라도 컨테이너 작업을 강제로 종료시키지 않는다. + + + + + + + + + + + + 이 옵션은 lxc API에서 락킹을 사용하지 않는다. lxc-stop이 잘못된 시스템 상태로 인해, 응답이 없게 되었을 경우에만 사용된다. + + + + + + + + + + + + 동작 수행(재부팅, 종료, 강제종료)을 요청하고 바로 죵료한다. + + + + + + + + + + + + 컨테이너를 강제종료 하기 전에 TIMEOUT 초 만큼 기다린다. + + + + + + + + + <!-- Exit value -->종료 + + + + + 0 + + + + 컨테이너가 성공적으로 종료됬다. + + + + + + 1 + + + + 컨테이너를 종료하던 도중 오류가 발생하였다. + + + + + + 2 + + + + 지정한 컨테이너가 있지만 실행되 있지는 않다. + + + + + + + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 지정한 컨테이너가 lxc-create로 생성된 적이 없다. + 컨테이너가 존재하지 않는다. + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc.system.conf.sgml.in lxc-2.0.1/doc/ko/lxc.system.conf.sgml.in --- lxc-1.1.5/doc/ko/lxc.system.conf.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc.system.conf.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,243 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc.system.conf + 5 + + + + lxc.system.conf + + + + LXC 시스템 설정파일 + + + + + <!-- Description -->설명 + + + + 시스템 설정은 @LXC_GLOBAL_CONF@에 위치하고 있다. 비 +특권 컨테이너의 경우는 ~/.config/lxc/lxc.conf에 위치하고 있 +다. + + + + + 이 설정파일은 LXC 기본 경로 및 저장소 백엔드 설정과 같은 값들을 설정할 때 사용한다. + + + + <!-- Configuration paths -->경로 설정 + + + + + + + + + + 모든 컨테이너들이 저장되는 장소. + + + + + + + + + + + 컨테이너의 기본 설정파일 경로. + + + + + + + + <!-- Control Groups -->컨트롤 그룹 + + + + + + + + + + 사용할 cgroup 컨트롤러의 쉼표(,)로 구분된 목록. + 아무것도 지정하지 않았다면, 사용가능한 컨트롤러 전체를 사용될 것이다. + + + + + + + + + + + 컨테이너용 cgroup을 생성할 때 사용하는 포맷 문자열 (예 : lxc/%n). + + + + + + + + LVM + + + + + + + + + + 기본 LVM 볼륨 그룹 이름 + + + + + + + + + + + 기본 LVM thin pool 이름 + + + + + + + + ZFS + + + + + + + + + + 기본 ZFS root 이름. + + + + + + + + + + + lxc + 1 + , + + lxc.container.conf + 5 + , + + lxc.system.conf + 5 + , + + lxc-usernet + 5 + + + + + &seealso; + + + <!-- Author -->저자 + Stéphane Graber stgraber@ubuntu.com + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-top.sgml.in lxc-2.0.1/doc/ko/lxc-top.sgml.in --- lxc-1.1.5/doc/ko/lxc-top.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-top.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,205 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-top + 1 + + + + lxc-top + + + + 컨테이너의 통계정보 표시 + + + + + + lxc-top + --help + --delay delay + --sort sortby + --reverse + + + + + <!-- Description -->설명 + + + lxc-top는 컨테이너의 통계정보를 표시한다. 출력은 매 delay초마다 갱신된다. + 그리고 sortby로 지정한 항목에 대하여 정렬을 수행한다. lxc-top명령어는 현재 터미널의 크기에 맞게 가능한 많은 컨테이너를 표시한다. 'q'를 누르면 나갈 수 있다. 정렬 항목의 문자를 입력하면 그 항목에 대해 정렬한다. 해당 문자를 두번 입력하면 정렬 순서가 바뀐다. + + + + + <!-- Options -->옵션 + + + + + + + + + + 화면을 갱신하는 시간을 초단위로 지정한다. + 기본값은 3초이다. + + + + + + + + + + + 이름, CPU 사용량, 메모리 사용량에 대해 정렬한다. sortby 인수에는 최소한 한개의 n, c, b, m, k 문자가 있어야 하며, 각각 CPU 사용량, 블록 I/O, 메모리 사용량, 커널 메모리 사용량을 가리킨다. 기본값은 'n'이다. + + + + + + + + + + + 정렬 순서를 바꾼다. 기본 동작은, 이름은 오름차순 알파벳 정렬이고 값은 내림차순 정렬(큰 값이 먼저)이다. + + + + + + + + <!-- Example -->예제 + + + lxc-top --delay 1 --sort m + + + + 컨테이너를 1초마다 갱신하면서, 메모리 사용량으로 정렬해서 표시한다. + + + + + + + + <!-- Notes -->주의 + + + 성능상의 이유로, 커널 메모리 제한이 걸려있지 않다면 커널 메모리 사용량을 집계하지 않는다. + 메모리 제한이 걸려있지 않다면, lxc-top는 커널 메모리 사용량을 0으로 표시한다. 만약 집계되는 컨테이너가 하나도 없다면, KMem 열은 표시되지 않는다. 메모리 제한은 + + lxc.cgroup.memory.kmem.limit_in_bytes = number + + 으로 컨테이너 설정파일에서 지정할 수 있다. + + lxc.conf + 5 + + 를 참고하면 된다. + + + + &seealso; + + + <!-- Author -->저자 + Dwight Engen dwight.engen@oracle.com + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-unfreeze.sgml.in lxc-2.0.1/doc/ko/lxc-unfreeze.sgml.in --- lxc-1.1.5/doc/ko/lxc-unfreeze.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-unfreeze.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,125 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-unfreeze + 1 + + + + lxc-unfreeze + + + + 컨테이너의 모든 프로세스를 동결해제 + + + + + + lxc-unfreeze + -n name + + + + + <!-- Description -->설명 + + + + lxc-unfreeze는 이전에 lxc-freeze로 동결 시켰던 모든 프로세스들을 동결해제한다. + + + + + &commonoptions; + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 지정한 컨테이너가 lxc-create로 생성된 적이 없다. + 컨테이너가 존재하지 않는다. + + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-unshare.sgml.in lxc-2.0.1/doc/ko/lxc-unshare.sgml.in --- lxc-1.1.5/doc/ko/lxc-unshare.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-unshare.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,288 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-unshare + 1 + + + + lxc-unshare + + + + 새로운 네임스페이스 내에서 태스크 실행 + + + + + + lxc-unshare + -s namespaces + -u user + -H hostname + -i ifname + -d + -M + command + + + + + <!-- Description -->설명 + + + + lxc-unshare는 복제된 네임스페이스 내에서 태스크를 실행한다. + 이 명령어는 주로 테스트 목적으로 사용된다. + 이러한 이름에도 불구하고, 새 네임스페이스에 새로운 태스크를 생성하기 위해 unshare 대신 clone을 사용한다. + 테스트 중인 커널 버전이 낮아지지 않는다면, 별 차이는 없다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 붙일 네임스페이스를 지정한다. + NETWORK|IPC와 같이 파이프(|)로 구분된 리스트를 사용할 수 있다. 허용되는 값은 MOUNT, PID, UTSNAME, IPC, USER , NETWORK이다. 이를 사용하여, 컨테이너의 네트워크 네임스페이스를 사용하면서도 다른 네임스페이스는 호스트의 것을 그대로 사용하는 등의 조작이 가능하다. + (파이프 기호는 MOUNT\|PID처럼 \로 처리를 해주거나, "MOUNT|PID"처럼 따옴표를 붙여야 한다.) + + + + + + + + + + + + 새로운 태스크를 실행할 사용자를 지정한다. + + + + + + + + + + + + 새로운 컨테이너의 호스트이름을 지정한다. UTS 네임스페이스가 설정되었을 때만 가능하다. + + + + + + + + + + + + 지정한 이름의 네트워크 인터페이스를 컨테이너 내부로 옮긴다. NETWORK 네임스페이스가 설정되었을 때만 가능하다. 여러개의 인터페이스를 옮기기 위해 여러번 이 인수를 지정하는 것도 가능하다. + + + + + + + + + + + + 데몬화 한다. (컨테이너가 종료되기 전까지 기다리지 않는다) + + + + + + + + + + + + 컨테이너 내부에 (/proc /dev/shm and /dev/mqueue)같은 기본 파일 시스템들을 마운트 한다. MOUNT 네임스페이스가 설정되었을 때만 가능하다. + + + + + + + + + + <!-- Examples -->예제 + + + 자신만의 UTS(hostname) 네임스페이스를 갖는 새로운 쉘을 실행하려면 아래처럼 하면 된다. + + lxc-unshare -s UTSNAME /bin/bash + + 만약, 그 쉘에서 호스트이름이 변경되어도 호스트에는 영향을 끼치지 않는다. + + + + 새로운 네트워크, PID, 마운트 네임스페이스 내에 쉘을 실행하려면, 아래처럼 하면 된다. + + lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash + + 그 결과 생긴 쉘은 1번 pid를 갖는다. 그리고 네트워크 인터페이스는 없다. + 이 쉘에서 아래처럼 /proc을 다시 마운트하고 + + mount -t proc proc /proc + + ps 명령어를 입력하면, 네임스페이스 내에서 다른 프로세스들은 보이지 않을 것이다. + + + + 새로운 네트워크, PID, 마운트 그리고 호스트 이름(UTS) 네임스페이스 내에 쉘을 실행하려면, 아래처럼 하면 된다. + + lxc-unshare -s "NETWORK|PID|MOUNT|UTSNAME" -M -H slave -i veth1 /bin/bash + + + + 그 결과 생긴 쉘은 1번 pid를 갖는다. 그리고 2개의 네트워크 인터페이스(lo와 veth1)를 갖는다. 호스트 이름은 "slave"이고, /proc은 다시 마운트 된다. + ps 명령어를 입력하면, 네임스페이스 내에서 다른 프로세스들은 보이지 않을 것이다. + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-usernet.sgml.in lxc-2.0.1/doc/ko/lxc-usernet.sgml.in --- lxc-1.1.5/doc/ko/lxc-usernet.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-usernet.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,221 @@ + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-usernet + 5 + + + + lxc-usernet + + + + 비특권 사용자의 네트워크 관리용 설정파일 + + + + + <!-- Description -->설명 + + + + @LXC_USERNIC_CONF@로 비특권 사용자가 lxc-user-nic 명령어로 네트워크 인터페이스를 만들 때, 제한을 걸 수 있다. + + + + <!-- Configuration -->설정 + + + 이 파일은 아래와 같은 형식의 한 줄로 이루어진 여러 항목들로 구성되어 있다. + + + + user type bridge number + + 또는 아래의 형식을 사용할 수 있다. + + @group type bridge number + + + + 여기서 각 항목들은 다음과 같은 의미를 가진다. + + + + + + + + + + + + 이 항목이 적용될 사용자 이름을 가리킨다. + + + + + + + + + + + + 이 항목이 적용될 그룹 이름을 가리킨다. + + + + + + + + + + + + 허용되는 네트워크 인터페이스 형태를 가리킨다. veth만 지원된다. + + + + + + + + + + + + 네트워크 인터페이스들을 붙일 수 있는 브리지를 가리킨다. + 예를 들어 lxcbr0로 지정 가능하다. + + + + + + + + + + + + 지정한 사용자 또는 그룹이 지정된 브리지에 붙일 수 있는 지정된 형태의 네트워크 인터페이스 개수를 가리킨다. + 예를 들어 2로 지정 가능하다. + + + + + + + + 사용자는 사용자 이름이나 하나 이상의 사용자 그룹을 통해 지정될 수 있으므로, 여러 줄의 설정을 통해 사용자가 네트워크 인터페이스들을 생성할 수 있도록 하는 것이 가능하다. + 이러한 경우, 인터페이스 생성은 파일 상의 순서대로 사용자 또는 그룹의 사용량에 집계된다. + 만약 해당 줄에서 할당한 개수가 가득차면, 또다른 설정이 발견되거나 파일의 끝에 도달할 때까지 행을 계속 읽어들인다. + + + + + + + <!-- See Also -->참조 + + + lxc + 1 + , + + lxc-user-nic + 1 + + + + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-user-nic.sgml.in lxc-2.0.1/doc/ko/lxc-user-nic.sgml.in --- lxc-1.1.5/doc/ko/lxc-user-nic.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-user-nic.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,208 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-user-nic + 1 + + + + lxc-user-nic + + + + NIC 를 생성하여 다른 네임스페이스에 붙이기 + + + + + + lxc-user-nic + pid + type + bridge + nicname + + + + + <!-- Description -->설명 + + + + lxc-user-nic는 root로 setuid한 프로그램이므로, 특권이 없는 사용자들도 lxc 컨테이너가 사용할 네트워크 인터페이스를 생성할 수 있다. + + + + 이 명령어는 @LXC_USERNIC_CONF@을 읽어, 호출한 사용자가 만들수 있는 인터페이스의 수와 어느 브리지에 붙일지 결정한다. + 각 사용자가 생성한 인터페이스의 수를 @LXC_USERNIC_DB@ 파일에 기록한다. + 그리고 호출한 사용자가 인터페이스를 붙인 네트워크 네임스페이스에 특권을 갖게 한다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 인터페이스가 붙어야하는 네트워크 네임스페이스에 속해있는 프로세스 ID. + + + + + + + + + + + + 붙일 네트워크 인터페이스의 형태. 현재는 veth만 지원가능하다. 이 형태에서는 두개의 인터페이스가 각각 터널의 끝지점으로 생성된다. 하나의 끝지점이 특정 브리지에 붙고, 다른 하나는 컨테이너 내부로 넘겨지게 된다. + + + + + + + + + + + + 네트워크 인터페이스를 붙일 프리지. 예를 들어, lxcbr0 같이 지정 가능하다. + + + + + + + + + + + + 컨테이너내에서 사용할 인터페이스 이름. 지정하지 않는다면 eth0로 된다. + + + + + + + + + + <!-- See Also -->참조 + + + + lxc + 1 + , + + + lxc-start + 1 + , + + + lxc-usernet + 5 + + + + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-usernsexec.sgml.in lxc-2.0.1/doc/ko/lxc-usernsexec.sgml.in --- lxc-1.1.5/doc/ko/lxc-usernsexec.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-usernsexec.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,193 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-usernsexec + 1 + + + + lxc-usernsexec + + + + 새로운 사용자 네임스페이스에서 root로 태스크를 실행 + + + + + + lxc-usernsexec + -m uid-map + -- command + + + + + <!-- Description -->설명 + + + + lxc-usernsexec는 새로운 사용자 네임스페이스에서 루트로 태스크를 실행한다. + + + + + + + <!-- Options -->옵션 + + + + + + + + + + + 사용자 네임스페이스에서 사용될 uid 맵. 각각의 맵은 4개의 콜론(:)으로 구분된 값들로 구성되어 있다. 첫 번째는 'u', 'g', 'b' 문자로 각각 UID, GID, 또는 UID 및 GID 를 가리킨다. 그 다음은 사용자 네임스페이스 내에서의 UID, 그다음은 호스트의 UID, 그리고 마지막으로 매핑할 ID의 수를 지정한다. + + + + 맵은 1개 이상도 지정가능하다. 만약 맵이 지정되지 않았다면, 기본값은 /etc/subuid와 /etc/subgid에서 허용된 모든 범위의 uid, gid가 컨테이너 내에서 0번부터 매핑된다. + + + + lxc-usernsexec는 언제나 0번 setuid와 setgid를 시도한 다는 것에 주의해야 한다. 그러므로 네임스페이스 내에서 uid 0은 매핑이 되어있어야 한다. + + + + + + + + + + + <!-- Examples -->예제 + + + 할당된 모든 subuid를 컨테이너에 매핑해서 쉘을 실행하려면, + + lxc-usernsexec + + 를 사용하면 된다. + /bin/sh대신 다른 쉘을 실행하려면, + + lxc-usernsexec -- /bin/bash + + 를 사용하면 된다. + + + + 만약 현재 UID가 1000이고, 컨테이너의 root가 190000으로 매핑되어 있으며, 현재 사용자가 소유하고 있는 파일을 컨테이너의 root가 소유하도록 하려면, 아래처럼 하면 된다. + + lxc-usernsexec -m b:0:1000:1 -m b:1:190000:1 -- /bin/chown 1:1 $file + + 이것은 현재 UID를 사용자 네임스페이스 내에서 root로 하고, 190000을 uid 1로 매핑한다. + 사용자 네임스페이스의 root는 네임스페이스의 모든 UID에 권한이 있기 때문에, 호스트에서 chown을 사용할 수 없더라도 파일의 소유자를 변경할 수 있다. + + + + &seealso; + + + <!-- Author -->저자 + Serge Hallyn serge.hallyn@ubuntu.com + + + + + diff -Nru lxc-1.1.5/doc/ko/lxc-wait.sgml.in lxc-2.0.1/doc/ko/lxc-wait.sgml.in --- lxc-1.1.5/doc/ko/lxc-wait.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/lxc-wait.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,192 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-wait + 1 + + + + lxc-wait + + + + 지정한 컨테이너 상태로 변할 때까지 대기 + + + + + + lxc-wait + -n name + -s states + + + + + <!-- Description -->설명 + + + lxc-wait는 컨테이너가 지정한 상태로 변할때 까지 대기한다. 이는 스크립트를 위해 유용하다. + + + + + <!-- Options -->옵션 + + + + + + + + + + 기다릴 컨테이너 상태를 지정한다. + 컨테이너 상태들은 OR 기호를 사용하여 여러개를 지정 가능하다. + + + + + + + + + + + + 원하는 상태로 변할 때까지 대기할 최대시간을 timeout 초로 지정한다. + + + + + + + + + &commonoptions; + + + <!-- Examples -->예제 + + + lxc-wait -n foo -s RUNNING + + + + foo 컨테이너의 상태가 'RUNNING'일 때까지 대기한다. + + + + + + lxc-wait -n foo -s 'RUNNING|STOPPED' + + + + foo 컨테이너의 상태가 'RUNNING' 또는 'STOPPED'으로 변할때까지 대기한다. + + + + + + + + + <!-- Diagnostic -->진단 + + + + + The container was not found + + + + 지정한 컨테이너가 lxc-create로 생성된 적이 없다. + 컨테이너가 존재하지 않는다. + + + + + + + + + + &seealso; + + + <!-- Author -->저자 + Daniel Lezcano daniel.lezcano@free.fr + + + + + diff -Nru lxc-1.1.5/doc/ko/Makefile.am lxc-2.0.1/doc/ko/Makefile.am --- lxc-1.1.5/doc/ko/Makefile.am 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,67 @@ +mandir = @mandir@/ko + +SUBDIRS = +DIST_SUBDIRS = + +EXTRA_DIST = \ + FAQ.txt + +if ENABLE_DOCBOOK +man_MANS = \ + lxc-attach.1 \ + lxc-autostart.1 \ + lxc-cgroup.1 \ + lxc-checkconfig.1 \ + lxc-checkpoint.1 \ + lxc-config.1 \ + lxc-console.1 \ + lxc-copy.1 \ + lxc-create.1 \ + lxc-destroy.1 \ + lxc-device.1 \ + lxc-execute.1 \ + lxc-freeze.1 \ + lxc-info.1 \ + lxc-ls.1 \ + lxc-monitor.1 \ + lxc-snapshot.1 \ + lxc-start.1 \ + lxc-stop.1 \ + lxc-top.1 \ + lxc-unfreeze.1 \ + lxc-unshare.1 \ + lxc-user-nic.1 \ + lxc-usernsexec.1 \ + lxc-wait.1 \ + \ + lxc.conf.5 \ + lxc.container.conf.5 \ + lxc.system.conf.5 \ + lxc-usernet.5 \ + \ + lxc.7 + +if ENABLE_DEPRECATED + man_MANS += lxc-clone.1 +if ENABLE_PYTHON + man_MANS += lxc-start-ephemeral.1 +endif +endif + +%.1 : %.sgml + $(db2xman) --encoding=UTF-8 $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +%.5 : %.sgml + $(db2xman) --encoding=UTF-8 $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +%.7 : %.sgml + $(db2xman) --encoding=UTF-8 $< + test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +lxc-%.sgml : common_options.sgml see_also.sgml + +clean-local: + $(RM) manpage.* *.7 *.5 *.1 $(man_MANS) +endif diff -Nru lxc-1.1.5/doc/ko/Makefile.in lxc-2.0.1/doc/ko/Makefile.in --- lxc-1.1.5/doc/ko/Makefile.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/Makefile.in 2016-05-16 20:38:45.000000000 +0000 @@ -0,0 +1,959 @@ +# Makefile.in generated by automake 1.15 from Makefile.am. +# @configure_input@ + +# Copyright (C) 1994-2014 Free Software Foundation, Inc. + +# This Makefile.in is free software; the Free Software Foundation +# gives unlimited permission to copy and/or distribute it, +# with or without modifications, as long as this notice is preserved. + +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY, to the extent permitted by law; without +# even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. + +@SET_MAKE@ +VPATH = @srcdir@ +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} +am__make_running_with_option = \ + case $${target_option-} in \ + ?) ;; \ + *) echo "am__make_running_with_option: internal error: invalid" \ + "target option '$${target_option-}' specified" >&2; \ + exit 1;; \ + esac; \ + has_opt=no; \ + sane_makeflags=$$MAKEFLAGS; \ + if $(am__is_gnu_make); then \ + sane_makeflags=$$MFLAGS; \ + else \ + case $$MAKEFLAGS in \ + *\\[\ \ ]*) \ + bs=\\; \ + sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ + | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ + esac; \ + fi; \ + skip_next=no; \ + strip_trailopt () \ + { \ + flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ + }; \ + for flg in $$sane_makeflags; do \ + test $$skip_next = yes && { skip_next=no; continue; }; \ + case $$flg in \ + *=*|--*) continue;; \ + -*I) strip_trailopt 'I'; skip_next=yes;; \ + -*I?*) strip_trailopt 'I';; \ + -*O) strip_trailopt 'O'; skip_next=yes;; \ + -*O?*) strip_trailopt 'O';; \ + -*l) strip_trailopt 'l'; skip_next=yes;; \ + -*l?*) strip_trailopt 'l';; \ + -[dEDm]) skip_next=yes;; \ + -[JT]) skip_next=yes;; \ + esac; \ + case $$flg in \ + *$$target_option*) has_opt=yes; break;; \ + esac; \ + done; \ + test $$has_opt = yes +am__make_dryrun = (target_option=n; $(am__make_running_with_option)) +am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) +pkgdatadir = $(datadir)/@PACKAGE@ +pkgincludedir = $(includedir)/@PACKAGE@ +pkglibdir = $(libdir)/@PACKAGE@ +pkglibexecdir = $(libexecdir)/@PACKAGE@ +am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd +install_sh_DATA = $(install_sh) -c -m 644 +install_sh_PROGRAM = $(install_sh) -c +install_sh_SCRIPT = $(install_sh) -c +INSTALL_HEADER = $(INSTALL_DATA) +transform = $(program_transform_name) +NORMAL_INSTALL = : +PRE_INSTALL = : +POST_INSTALL = : +NORMAL_UNINSTALL = : +PRE_UNINSTALL = : +POST_UNINSTALL = : +build_triplet = @build@ +host_triplet = @host@ +@ENABLE_DEPRECATED_TRUE@@ENABLE_DOCBOOK_TRUE@am__append_1 = lxc-clone.1 +@ENABLE_DEPRECATED_TRUE@@ENABLE_DOCBOOK_TRUE@@ENABLE_PYTHON_TRUE@am__append_2 = lxc-start-ephemeral.1 +subdir = doc/ko +ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 +am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ + $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac +am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ + $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) +mkinstalldirs = $(install_sh) -d +CONFIG_HEADER = $(top_builddir)/src/config.h +CONFIG_CLEAN_FILES = lxc-attach.sgml lxc-autostart.sgml \ + lxc-cgroup.sgml lxc-checkconfig.sgml lxc-checkpoint.sgml \ + lxc-clone.sgml lxc-config.sgml lxc-console.sgml lxc-copy.sgml \ + lxc-create.sgml lxc-destroy.sgml lxc-device.sgml \ + lxc-execute.sgml lxc-freeze.sgml lxc-info.sgml lxc-ls.sgml \ + lxc-monitor.sgml lxc-snapshot.sgml lxc-start-ephemeral.sgml \ + lxc-start.sgml lxc-stop.sgml lxc-top.sgml lxc-unfreeze.sgml \ + lxc-unshare.sgml lxc-user-nic.sgml lxc-usernsexec.sgml \ + lxc-wait.sgml lxc.conf.sgml lxc.container.conf.sgml \ + lxc.system.conf.sgml lxc-usernet.sgml lxc.sgml \ + common_options.sgml see_also.sgml +CONFIG_CLEAN_VPATH_FILES = +AM_V_P = $(am__v_P_@AM_V@) +am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) +am__v_P_0 = false +am__v_P_1 = : +AM_V_GEN = $(am__v_GEN_@AM_V@) +am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) +am__v_GEN_0 = @echo " GEN " $@; +am__v_GEN_1 = +AM_V_at = $(am__v_at_@AM_V@) +am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) +am__v_at_0 = @ +am__v_at_1 = +SOURCES = +DIST_SOURCES = +RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ + ctags-recursive dvi-recursive html-recursive info-recursive \ + install-data-recursive install-dvi-recursive \ + install-exec-recursive install-html-recursive \ + install-info-recursive install-pdf-recursive \ + install-ps-recursive install-recursive installcheck-recursive \ + installdirs-recursive pdf-recursive ps-recursive \ + tags-recursive uninstall-recursive +am__can_run_installinfo = \ + case $$AM_UPDATE_INFO_DIR in \ + n|no|NO) false;; \ + *) (install-info --version) >/dev/null 2>&1;; \ + esac +am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; +am__vpath_adj = case $$p in \ + $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ + *) f=$$p;; \ + esac; +am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; +am__install_max = 40 +am__nobase_strip_setup = \ + srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` +am__nobase_strip = \ + for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" +am__nobase_list = $(am__nobase_strip_setup); \ + for p in $$list; do echo "$$p $$p"; done | \ + sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ + $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ + if (++n[$$2] == $(am__install_max)) \ + { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ + END { for (dir in files) print dir, files[dir] }' +am__base_list = \ + sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ + sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' +am__uninstall_files_from_dir = { \ + test -z "$$files" \ + || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ + || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ + $(am__cd) "$$dir" && rm -f $$files; }; \ + } +man1dir = $(mandir)/man1 +am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ + "$(DESTDIR)$(man7dir)" +man5dir = $(mandir)/man5 +man7dir = $(mandir)/man7 +NROFF = nroff +MANS = $(man_MANS) +RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ + distclean-recursive maintainer-clean-recursive +am__recursive_targets = \ + $(RECURSIVE_TARGETS) \ + $(RECURSIVE_CLEAN_TARGETS) \ + $(am__extra_recursive_targets) +AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ + distdir +am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +# Read a list of newline-separated strings from the standard input, +# and print each of them once, without duplicates. Input order is +# *not* preserved. +am__uniquify_input = $(AWK) '\ + BEGIN { nonempty = 0; } \ + { items[$$0] = 1; nonempty = 1; } \ + END { if (nonempty) { for (i in items) print i; }; } \ +' +# Make sure the list of sources is unique. This is necessary because, +# e.g., the same source file might be shared among _SOURCES variables +# for different programs/libraries. +am__define_uniq_tagged_files = \ + list='$(am__tagged_files)'; \ + unique=`for i in $$list; do \ + if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ + done | $(am__uniquify_input)` +ETAGS = etags +CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in \ + $(srcdir)/common_options.sgml.in $(srcdir)/lxc-attach.sgml.in \ + $(srcdir)/lxc-autostart.sgml.in $(srcdir)/lxc-cgroup.sgml.in \ + $(srcdir)/lxc-checkconfig.sgml.in \ + $(srcdir)/lxc-checkpoint.sgml.in $(srcdir)/lxc-clone.sgml.in \ + $(srcdir)/lxc-config.sgml.in $(srcdir)/lxc-console.sgml.in \ + $(srcdir)/lxc-copy.sgml.in $(srcdir)/lxc-create.sgml.in \ + $(srcdir)/lxc-destroy.sgml.in $(srcdir)/lxc-device.sgml.in \ + $(srcdir)/lxc-execute.sgml.in $(srcdir)/lxc-freeze.sgml.in \ + $(srcdir)/lxc-info.sgml.in $(srcdir)/lxc-ls.sgml.in \ + $(srcdir)/lxc-monitor.sgml.in $(srcdir)/lxc-snapshot.sgml.in \ + $(srcdir)/lxc-start-ephemeral.sgml.in \ + $(srcdir)/lxc-start.sgml.in $(srcdir)/lxc-stop.sgml.in \ + $(srcdir)/lxc-top.sgml.in $(srcdir)/lxc-unfreeze.sgml.in \ + $(srcdir)/lxc-unshare.sgml.in $(srcdir)/lxc-user-nic.sgml.in \ + $(srcdir)/lxc-usernet.sgml.in $(srcdir)/lxc-usernsexec.sgml.in \ + $(srcdir)/lxc-wait.sgml.in $(srcdir)/lxc.conf.sgml.in \ + $(srcdir)/lxc.container.conf.sgml.in $(srcdir)/lxc.sgml.in \ + $(srcdir)/lxc.system.conf.sgml.in $(srcdir)/see_also.sgml.in +DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) +am__relativize = \ + dir0=`pwd`; \ + sed_first='s,^\([^/]*\)/.*$$,\1,'; \ + sed_rest='s,^[^/]*/*,,'; \ + sed_last='s,^.*/\([^/]*\)$$,\1,'; \ + sed_butlast='s,/*[^/]*$$,,'; \ + while test -n "$$dir1"; do \ + first=`echo "$$dir1" | sed -e "$$sed_first"`; \ + if test "$$first" != "."; then \ + if test "$$first" = ".."; then \ + dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ + dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ + else \ + first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ + if test "$$first2" = "$$first"; then \ + dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ + else \ + dir2="../$$dir2"; \ + fi; \ + dir0="$$dir0"/"$$first"; \ + fi; \ + fi; \ + dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ + done; \ + reldir="$$dir2" +ACLOCAL = @ACLOCAL@ +AMTAR = @AMTAR@ +AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ +APPARMOR_LIBS = @APPARMOR_LIBS@ +AUTOCONF = @AUTOCONF@ +AUTOHEADER = @AUTOHEADER@ +AUTOMAKE = @AUTOMAKE@ +AWK = @AWK@ +BINDIR = @BINDIR@ +CAP_LIBS = @CAP_LIBS@ +CC = @CC@ +CCDEPMODE = @CCDEPMODE@ +CFLAGS = @CFLAGS@ +CGMANAGER_CFLAGS = @CGMANAGER_CFLAGS@ +CGMANAGER_LIBS = @CGMANAGER_LIBS@ +CPP = @CPP@ +CPPFLAGS = @CPPFLAGS@ +CYGPATH_W = @CYGPATH_W@ +DATADIR = @DATADIR@ +DBUS_CFLAGS = @DBUS_CFLAGS@ +DBUS_LIBS = @DBUS_LIBS@ +DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ +DEFS = @DEFS@ +DEPDIR = @DEPDIR@ +DOCDIR = @DOCDIR@ +ECHO_C = @ECHO_C@ +ECHO_N = @ECHO_N@ +ECHO_T = @ECHO_T@ +EGREP = @EGREP@ +EXEEXT = @EXEEXT@ +GREP = @GREP@ +HAVE_DOXYGEN = @HAVE_DOXYGEN@ +INCLUDEDIR = @INCLUDEDIR@ +INSTALL = @INSTALL@ +INSTALL_DATA = @INSTALL_DATA@ +INSTALL_PROGRAM = @INSTALL_PROGRAM@ +INSTALL_SCRIPT = @INSTALL_SCRIPT@ +INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ +LDFLAGS = @LDFLAGS@ +LIBDIR = @LIBDIR@ +LIBEXECDIR = @LIBEXECDIR@ +LIBOBJS = @LIBOBJS@ +LIBS = @LIBS@ +LOCALSTATEDIR = @LOCALSTATEDIR@ +LOGPATH = @LOGPATH@ +LTLIBOBJS = @LTLIBOBJS@ +LUA_CFLAGS = @LUA_CFLAGS@ +LUA_LIBDIR = @LUA_LIBDIR@ +LUA_LIBS = @LUA_LIBS@ +LUA_SHAREDIR = @LUA_SHAREDIR@ +LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ +LXCHOOKDIR = @LXCHOOKDIR@ +LXCINITDIR = @LXCINITDIR@ +LXCPATH = @LXCPATH@ +LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ +LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ +LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ +LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ +LXC_DISTRO_SYSCONF = @LXC_DISTRO_SYSCONF@ +LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ +LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ +LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ +LXC_USERNIC_DB = @LXC_USERNIC_DB@ +LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ +LXC_VERSION_BASE = @LXC_VERSION_BASE@ +LXC_VERSION_BETA = @LXC_VERSION_BETA@ +LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ +LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ +LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ +MAKEINFO = @MAKEINFO@ +MKDIR_P = @MKDIR_P@ +NIH_CFLAGS = @NIH_CFLAGS@ +NIH_DBUS_CFLAGS = @NIH_DBUS_CFLAGS@ +NIH_DBUS_LIBS = @NIH_DBUS_LIBS@ +NIH_LIBS = @NIH_LIBS@ +OBJEXT = @OBJEXT@ +PACKAGE = @PACKAGE@ +PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ +PACKAGE_NAME = @PACKAGE_NAME@ +PACKAGE_STRING = @PACKAGE_STRING@ +PACKAGE_TARNAME = @PACKAGE_TARNAME@ +PACKAGE_URL = @PACKAGE_URL@ +PACKAGE_VERSION = @PACKAGE_VERSION@ +PATH_SEPARATOR = @PATH_SEPARATOR@ +PKG_CONFIG = @PKG_CONFIG@ +PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ +PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ +PREFIX = @PREFIX@ +PYTHON = @PYTHON@ +PYTHONDEV_CFLAGS = @PYTHONDEV_CFLAGS@ +PYTHONDEV_LIBS = @PYTHONDEV_LIBS@ +PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PLATFORM = @PYTHON_PLATFORM@ +PYTHON_PREFIX = @PYTHON_PREFIX@ +PYTHON_VERSION = @PYTHON_VERSION@ +RUNTIME_PATH = @RUNTIME_PATH@ +SBINDIR = @SBINDIR@ +SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ +SECCOMP_LIBS = @SECCOMP_LIBS@ +SED = @SED@ +SELINUX_LIBS = @SELINUX_LIBS@ +SET_MAKE = @SET_MAKE@ +SHELL = @SHELL@ +STRIP = @STRIP@ +SYSCONFDIR = @SYSCONFDIR@ +SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ +VERSION = @VERSION@ +abs_builddir = @abs_builddir@ +abs_srcdir = @abs_srcdir@ +abs_top_builddir = @abs_top_builddir@ +abs_top_srcdir = @abs_top_srcdir@ +ac_ct_CC = @ac_ct_CC@ +am__include = @am__include@ +am__leading_dot = @am__leading_dot@ +am__quote = @am__quote@ +am__tar = @am__tar@ +am__untar = @am__untar@ +bindir = @bindir@ +build = @build@ +build_alias = @build_alias@ +build_cpu = @build_cpu@ +build_os = @build_os@ +build_vendor = @build_vendor@ +builddir = @builddir@ +datadir = @datadir@ +datarootdir = @datarootdir@ +db2xman = @db2xman@ +docdir = @docdir@ +docdtd = @docdtd@ +dvidir = @dvidir@ +exec_prefix = @exec_prefix@ +host = @host@ +host_alias = @host_alias@ +host_cpu = @host_cpu@ +host_os = @host_os@ +host_vendor = @host_vendor@ +htmldir = @htmldir@ +includedir = @includedir@ +infodir = @infodir@ +install_sh = @install_sh@ +libdir = @libdir@ +libexecdir = @libexecdir@ +localedir = @localedir@ +localstatedir = @localstatedir@ +mandir = @mandir@/ko +mkdir_p = @mkdir_p@ +oldincludedir = @oldincludedir@ +pdfdir = @pdfdir@ +pkgpyexecdir = @pkgpyexecdir@ +pkgpythondir = @pkgpythondir@ +prefix = @prefix@ +program_transform_name = @program_transform_name@ +psdir = @psdir@ +pyexecdir = @pyexecdir@ +pythondir = @pythondir@ +runstatedir = @runstatedir@ +sbindir = @sbindir@ +sharedstatedir = @sharedstatedir@ +srcdir = @srcdir@ +sysconfdir = @sysconfdir@ +target_alias = @target_alias@ +top_build_prefix = @top_build_prefix@ +top_builddir = @top_builddir@ +top_srcdir = @top_srcdir@ +SUBDIRS = +DIST_SUBDIRS = +EXTRA_DIST = \ + FAQ.txt + +@ENABLE_DOCBOOK_TRUE@man_MANS = lxc-attach.1 lxc-autostart.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-cgroup.1 lxc-checkconfig.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-checkpoint.1 lxc-config.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-console.1 lxc-copy.1 lxc-create.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-destroy.1 lxc-device.1 lxc-execute.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-freeze.1 lxc-info.1 lxc-ls.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-monitor.1 lxc-snapshot.1 lxc-start.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-stop.1 lxc-top.1 lxc-unfreeze.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-unshare.1 lxc-user-nic.1 \ +@ENABLE_DOCBOOK_TRUE@ lxc-usernsexec.1 lxc-wait.1 lxc.conf.5 \ +@ENABLE_DOCBOOK_TRUE@ lxc.container.conf.5 lxc.system.conf.5 \ +@ENABLE_DOCBOOK_TRUE@ lxc-usernet.5 lxc.7 $(am__append_1) \ +@ENABLE_DOCBOOK_TRUE@ $(am__append_2) +all: all-recursive + +.SUFFIXES: +$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) + @for dep in $?; do \ + case '$(am__configure_deps)' in \ + *$$dep*) \ + ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ + && { if test -f $@; then exit 0; else break; fi; }; \ + exit 1;; \ + esac; \ + done; \ + echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/ko/Makefile'; \ + $(am__cd) $(top_srcdir) && \ + $(AUTOMAKE) --gnu doc/ko/Makefile +Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status + @case '$?' in \ + *config.status*) \ + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ + *) \ + echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \ + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \ + esac; + +$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh + +$(top_srcdir)/configure: $(am__configure_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(ACLOCAL_M4): $(am__aclocal_m4_deps) + cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh +$(am__aclocal_m4_deps): +lxc-attach.sgml: $(top_builddir)/config.status $(srcdir)/lxc-attach.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-autostart.sgml: $(top_builddir)/config.status $(srcdir)/lxc-autostart.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-cgroup.sgml: $(top_builddir)/config.status $(srcdir)/lxc-cgroup.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-checkconfig.sgml: $(top_builddir)/config.status $(srcdir)/lxc-checkconfig.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-checkpoint.sgml: $(top_builddir)/config.status $(srcdir)/lxc-checkpoint.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-clone.sgml: $(top_builddir)/config.status $(srcdir)/lxc-clone.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-config.sgml: $(top_builddir)/config.status $(srcdir)/lxc-config.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-console.sgml: $(top_builddir)/config.status $(srcdir)/lxc-console.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-copy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-copy.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-create.sgml: $(top_builddir)/config.status $(srcdir)/lxc-create.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-destroy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-destroy.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-device.sgml: $(top_builddir)/config.status $(srcdir)/lxc-device.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-execute.sgml: $(top_builddir)/config.status $(srcdir)/lxc-execute.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-freeze.sgml: $(top_builddir)/config.status $(srcdir)/lxc-freeze.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-info.sgml: $(top_builddir)/config.status $(srcdir)/lxc-info.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-ls.sgml: $(top_builddir)/config.status $(srcdir)/lxc-ls.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-monitor.sgml: $(top_builddir)/config.status $(srcdir)/lxc-monitor.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-snapshot.sgml: $(top_builddir)/config.status $(srcdir)/lxc-snapshot.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-start-ephemeral.sgml: $(top_builddir)/config.status $(srcdir)/lxc-start-ephemeral.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-start.sgml: $(top_builddir)/config.status $(srcdir)/lxc-start.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-stop.sgml: $(top_builddir)/config.status $(srcdir)/lxc-stop.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-top.sgml: $(top_builddir)/config.status $(srcdir)/lxc-top.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-unfreeze.sgml: $(top_builddir)/config.status $(srcdir)/lxc-unfreeze.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-unshare.sgml: $(top_builddir)/config.status $(srcdir)/lxc-unshare.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-user-nic.sgml: $(top_builddir)/config.status $(srcdir)/lxc-user-nic.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-usernsexec.sgml: $(top_builddir)/config.status $(srcdir)/lxc-usernsexec.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-wait.sgml: $(top_builddir)/config.status $(srcdir)/lxc-wait.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.conf.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc.container.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.container.conf.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc.system.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.system.conf.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-usernet.sgml: $(top_builddir)/config.status $(srcdir)/lxc-usernet.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc.sgml: $(top_builddir)/config.status $(srcdir)/lxc.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +common_options.sgml: $(top_builddir)/config.status $(srcdir)/common_options.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +see_also.sgml: $(top_builddir)/config.status $(srcdir)/see_also.sgml.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +install-man1: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man1dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.1[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ + done; } + +uninstall-man1: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man1dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.1[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) +install-man5: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man5dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.5[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ + done; } + +uninstall-man5: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man5dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.5[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) +install-man7: $(man_MANS) + @$(NORMAL_INSTALL) + @list1=''; \ + list2='$(man_MANS)'; \ + test -n "$(man7dir)" \ + && test -n "`echo $$list1$$list2`" \ + || exit 0; \ + echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ + $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ + { for i in $$list1; do echo "$$i"; done; \ + if test -n "$$list2"; then \ + for i in $$list2; do echo "$$i"; done \ + | sed -n '/\.7[a-z]*$$/p'; \ + fi; \ + } | while read p; do \ + if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ + echo "$$d$$p"; echo "$$p"; \ + done | \ + sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ + sed 'N;N;s,\n, ,g' | { \ + list=; while read file base inst; do \ + if test "$$base" = "$$inst"; then list="$$list $$file"; else \ + echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ + $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ + fi; \ + done; \ + for i in $$list; do echo "$$i"; done | $(am__base_list) | \ + while read files; do \ + test -z "$$files" || { \ + echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ + $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ + done; } + +uninstall-man7: + @$(NORMAL_UNINSTALL) + @list=''; test -n "$(man7dir)" || exit 0; \ + files=`{ for i in $$list; do echo "$$i"; done; \ + l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ + sed -n '/\.7[a-z]*$$/p'; \ + } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ + -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ + dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) + +# This directory's subdirectories are mostly independent; you can cd +# into them and run 'make' without going through this Makefile. +# To change the values of 'make' variables: instead of editing Makefiles, +# (1) if the variable is set in 'config.status', edit 'config.status' +# (which will cause the Makefiles to be regenerated when you run 'make'); +# (2) otherwise, pass the desired values on the 'make' command line. +$(am__recursive_targets): + @fail=; \ + if $(am__make_keepgoing); then \ + failcom='fail=yes'; \ + else \ + failcom='exit 1'; \ + fi; \ + dot_seen=no; \ + target=`echo $@ | sed s/-recursive//`; \ + case "$@" in \ + distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ + *) list='$(SUBDIRS)' ;; \ + esac; \ + for subdir in $$list; do \ + echo "Making $$target in $$subdir"; \ + if test "$$subdir" = "."; then \ + dot_seen=yes; \ + local_target="$$target-am"; \ + else \ + local_target="$$target"; \ + fi; \ + ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ + || eval $$failcom; \ + done; \ + if test "$$dot_seen" = "no"; then \ + $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ + fi; test -z "$$fail" + +ID: $(am__tagged_files) + $(am__define_uniq_tagged_files); mkid -fID $$unique +tags: tags-recursive +TAGS: tags + +tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + set x; \ + here=`pwd`; \ + if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ + include_option=--etags-include; \ + empty_fix=.; \ + else \ + include_option=--include; \ + empty_fix=; \ + fi; \ + list='$(SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + test ! -f $$subdir/TAGS || \ + set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ + fi; \ + done; \ + $(am__define_uniq_tagged_files); \ + shift; \ + if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ + test -n "$$unique" || unique=$$empty_fix; \ + if test $$# -gt 0; then \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + "$$@" $$unique; \ + else \ + $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ + $$unique; \ + fi; \ + fi +ctags: ctags-recursive + +CTAGS: ctags +ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) + $(am__define_uniq_tagged_files); \ + test -z "$(CTAGS_ARGS)$$unique" \ + || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ + $$unique + +GTAGS: + here=`$(am__cd) $(top_builddir) && pwd` \ + && $(am__cd) $(top_srcdir) \ + && gtags -i $(GTAGS_ARGS) "$$here" +cscopelist: cscopelist-recursive + +cscopelist-am: $(am__tagged_files) + list='$(am__tagged_files)'; \ + case "$(srcdir)" in \ + [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ + *) sdir=$(subdir)/$(srcdir) ;; \ + esac; \ + for i in $$list; do \ + if test -f "$$i"; then \ + echo "$(subdir)/$$i"; \ + else \ + echo "$$sdir/$$i"; \ + fi; \ + done >> $(top_builddir)/cscope.files + +distclean-tags: + -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags + +distdir: $(DISTFILES) + @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ + list='$(DISTFILES)'; \ + dist_files=`for file in $$list; do echo $$file; done | \ + sed -e "s|^$$srcdirstrip/||;t" \ + -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ + case $$dist_files in \ + */*) $(MKDIR_P) `echo "$$dist_files" | \ + sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ + sort -u` ;; \ + esac; \ + for file in $$dist_files; do \ + if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ + if test -d $$d/$$file; then \ + dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ + if test -d "$(distdir)/$$file"; then \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ + cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ + find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ + fi; \ + cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ + else \ + test -f "$(distdir)/$$file" \ + || cp -p $$d/$$file "$(distdir)/$$file" \ + || exit 1; \ + fi; \ + done + @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ + if test "$$subdir" = .; then :; else \ + $(am__make_dryrun) \ + || test -d "$(distdir)/$$subdir" \ + || $(MKDIR_P) "$(distdir)/$$subdir" \ + || exit 1; \ + dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ + $(am__relativize); \ + new_distdir=$$reldir; \ + dir1=$$subdir; dir2="$(top_distdir)"; \ + $(am__relativize); \ + new_top_distdir=$$reldir; \ + echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ + echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ + ($(am__cd) $$subdir && \ + $(MAKE) $(AM_MAKEFLAGS) \ + top_distdir="$$new_top_distdir" \ + distdir="$$new_distdir" \ + am__remove_distdir=: \ + am__skip_length_check=: \ + am__skip_mode_fix=: \ + distdir) \ + || exit 1; \ + fi; \ + done +check-am: all-am +check: check-recursive +all-am: Makefile $(MANS) +installdirs: installdirs-recursive +installdirs-am: + for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)"; do \ + test -z "$$dir" || $(MKDIR_P) "$$dir"; \ + done +install: install-recursive +install-exec: install-exec-recursive +install-data: install-data-recursive +uninstall: uninstall-recursive + +install-am: all-am + @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am + +installcheck: installcheck-recursive +install-strip: + if test -z '$(STRIP)'; then \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + install; \ + else \ + $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ + install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ + "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ + fi +mostlyclean-generic: + +clean-generic: + +distclean-generic: + -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) + -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) + +maintainer-clean-generic: + @echo "This command is intended for maintainers to use" + @echo "it deletes files that may require special tools to rebuild." +@ENABLE_DOCBOOK_FALSE@clean-local: +clean: clean-recursive + +clean-am: clean-generic clean-local mostlyclean-am + +distclean: distclean-recursive + -rm -f Makefile +distclean-am: clean-am distclean-generic distclean-tags + +dvi: dvi-recursive + +dvi-am: + +html: html-recursive + +html-am: + +info: info-recursive + +info-am: + +install-data-am: install-man + +install-dvi: install-dvi-recursive + +install-dvi-am: + +install-exec-am: + +install-html: install-html-recursive + +install-html-am: + +install-info: install-info-recursive + +install-info-am: + +install-man: install-man1 install-man5 install-man7 + +install-pdf: install-pdf-recursive + +install-pdf-am: + +install-ps: install-ps-recursive + +install-ps-am: + +installcheck-am: + +maintainer-clean: maintainer-clean-recursive + -rm -f Makefile +maintainer-clean-am: distclean-am maintainer-clean-generic + +mostlyclean: mostlyclean-recursive + +mostlyclean-am: mostlyclean-generic + +pdf: pdf-recursive + +pdf-am: + +ps: ps-recursive + +ps-am: + +uninstall-am: uninstall-man + +uninstall-man: uninstall-man1 uninstall-man5 uninstall-man7 + +.MAKE: $(am__recursive_targets) install-am install-strip + +.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ + check-am clean clean-generic clean-local cscopelist-am ctags \ + ctags-am distclean distclean-generic distclean-tags distdir \ + dvi dvi-am html html-am info info-am install install-am \ + install-data install-data-am install-dvi install-dvi-am \ + install-exec install-exec-am install-html install-html-am \ + install-info install-info-am install-man install-man1 \ + install-man5 install-man7 install-pdf install-pdf-am \ + install-ps install-ps-am install-strip installcheck \ + installcheck-am installdirs installdirs-am maintainer-clean \ + maintainer-clean-generic mostlyclean mostlyclean-generic pdf \ + pdf-am ps ps-am tags tags-am uninstall uninstall-am \ + uninstall-man uninstall-man1 uninstall-man5 uninstall-man7 + +.PRECIOUS: Makefile + + +@ENABLE_DOCBOOK_TRUE@%.1 : %.sgml +@ENABLE_DOCBOOK_TRUE@ $(db2xman) --encoding=UTF-8 $< +@ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +@ENABLE_DOCBOOK_TRUE@%.5 : %.sgml +@ENABLE_DOCBOOK_TRUE@ $(db2xman) --encoding=UTF-8 $< +@ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +@ENABLE_DOCBOOK_TRUE@%.7 : %.sgml +@ENABLE_DOCBOOK_TRUE@ $(db2xman) --encoding=UTF-8 $< +@ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true + +@ENABLE_DOCBOOK_TRUE@lxc-%.sgml : common_options.sgml see_also.sgml + +@ENABLE_DOCBOOK_TRUE@clean-local: +@ENABLE_DOCBOOK_TRUE@ $(RM) manpage.* *.7 *.5 *.1 $(man_MANS) + +# Tell versions [3.59,3.63) of GNU make to not export all variables. +# Otherwise a system limit (for SysV at least) may be exceeded. +.NOEXPORT: diff -Nru lxc-1.1.5/doc/ko/see_also.sgml.in lxc-2.0.1/doc/ko/see_also.sgml.in --- lxc-1.1.5/doc/ko/see_also.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/ko/see_also.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,121 @@ + + + + <!--See Also-->참조 + + + + lxc + 7 + , + + + lxc-create + 1 + , + + + lxc-copy + 1 + , + + + lxc-destroy + 1 + , + + + lxc-start + 1 + , + + + lxc-stop + 1 + , + + + lxc-execute + 1 + , + + + lxc-console + 1 + , + + + lxc-monitor + 1 + , + + + lxc-wait + 1 + , + + + lxc-cgroup + 1 + , + + + lxc-ls + 1 + , + + + lxc-info + 1 + , + + + lxc-freeze + 1 + , + + + lxc-unfreeze + 1 + , + + + lxc-attach + 1 + , + + + lxc.conf + 5 + + + + + + diff -Nru lxc-1.1.5/doc/legacy/lxc-ls.sgml.in lxc-2.0.1/doc/legacy/lxc-ls.sgml.in --- lxc-1.1.5/doc/legacy/lxc-ls.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/legacy/lxc-ls.sgml.in 1970-01-01 00:00:00.000000000 +0000 @@ -1,156 +0,0 @@ - - - - -]> - - - - @LXC_GENERATE_DATE@ - - - lxc-ls - 1 - - - - lxc-ls - - - list the containers existing on the system - - - - - - lxc-ls - --active - ls options - - - - - Description - - lxc-ls list the containers existing on the - system. - - - - - Options - - - - - - - - - List active containers. - - - - - - - - - - - The option passed to lxc-ls are the - same as the ls command. - - - - - - - - - - Examples - - - lxc-ls -l - - - list all the container and their permissions. - - - - - - lxc-ls --active -1 - - - list active containers and display the list in one column. - - - - - - - - - See Also - - - - ls - 1 - , - - - - - &seealso; - - - Author - Daniel Lezcano daniel.lezcano@free.fr - - - - - diff -Nru lxc-1.1.5/doc/lxc-attach.sgml.in lxc-2.0.1/doc/lxc-attach.sgml.in --- lxc-1.1.5/doc/lxc-attach.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-attach.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -58,6 +58,7 @@ --keep-env --clear-env -- command + -L file @@ -78,6 +79,20 @@ inside the container or the container does not have a working nsswitch mechanism. + + Previous versions of lxc-attach simply attached to the + specified namespaces of a container and ran a shell or the specified command + without first allocating a pseudo terminal. This made them vulnerable to + input faking via a TIOCSTI ioctl call after switching + between userspace execution contexts with different privilege levels. Newer + versions of lxc-attach will try to allocate a pseudo + terminal master/slave pair on the host and attach any standard file + descriptors which refer to a terminal to the slave side of the pseudo + terminal before executing a shell or command. Note, that if none of the + standard file descriptors refer to a terminal lxc-attach + will not try to allocate a pseudo terminal. Instead it will simply attach + to the containers namespaces and run a shell or the specified command. + @@ -126,7 +141,9 @@ CGROUP|LSM. Allowed values are CGROUP, CAP and LSM representing cgroup, capabilities and - restriction privileges respectively. + restriction privileges respectively. (The pipe symbol needs to be escaped, + e.g. CGROUP\|LSM or quoted, e.g. + "CGROUP|LSM".) Warning: This may leak privileges into the @@ -154,7 +171,9 @@ NETWORK. This allows one to change the context of the process to e.g. the network namespace of the container while retaining the other namespaces as those of the - host. + host. (The pipe symbol needs to be escaped, e.g. + MOUNT\|PID or quoted, e.g. + "MOUNT|PID".) Important: This option implies @@ -217,6 +236,22 @@ + + + + + + + Specify a file where the output of lxc-attach will be + logged. + + + Important: When a standard file descriptor + does not refer to a pty ouput produced on it will not be logged. + + + + @@ -306,11 +341,21 @@ network/pid namespace context of the attached process. In order not to interfere with the host's actual filesystem, the mount namespace will be unshared (like lxc-unshare - does) before this is done, esentially giving the process a new + does) before this is done, essentially giving the process a new mount namespace, which is identical to the hosts's mount namespace except for the /proc and /sys filesystems. + + Previous versions of lxc-attach suffered a bug whereby + a user could attach to a containers namespace without being placed in a + writeable cgroup for some critical subsystems. Newer versions of + lxc-attach will check whether a user is in a writeable + cgroup for those critical subsystems. lxc-attach might + thus fail unexpectedly for some users (E.g. on systems where an + unprivileged user is not placed in a writeable cgroup in critical + subsystems on login.). However, this behavior is correct and more secure. + diff -Nru lxc-1.1.5/doc/lxc-checkpoint.sgml.in lxc-2.0.1/doc/lxc-checkpoint.sgml.in --- lxc-1.1.5/doc/lxc-checkpoint.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-checkpoint.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -82,7 +82,7 @@ - + diff -Nru lxc-1.1.5/doc/lxc-clone.sgml.in lxc-2.0.1/doc/lxc-clone.sgml.in --- lxc-1.1.5/doc/lxc-clone.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-clone.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -58,6 +58,7 @@ -L fssize -p lxcpath -P newlxcpath + -R -o orig -n new -- hook arguments @@ -72,6 +73,7 @@ -L fssize -p lxcpath -P newlxcpath + -R orig new -- hook arguments @@ -219,6 +221,18 @@ + + + + + Rename an existing container. + orig is renamed new. + + + + + + @@ -261,6 +275,14 @@ + + Notes + + lxc-clone is deprecated in favor of + lxc-copy. + + + &seealso; diff -Nru lxc-1.1.5/doc/lxc-console.sgml.in lxc-2.0.1/doc/lxc-console.sgml.in --- lxc-1.1.5/doc/lxc-console.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-console.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -96,7 +96,7 @@ - + @@ -109,7 +109,7 @@ - + diff -Nru lxc-1.1.5/doc/lxc.container.conf.sgml.in lxc-2.0.1/doc/lxc.container.conf.sgml.in --- lxc-1.1.5/doc/lxc.container.conf.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc.container.conf.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -72,7 +72,9 @@ Each option in the configuration file has the form key = value fitting in one line. The '#' character means - the line is a comment. + the line is a comment. List options, like capabilities and cgroups + options, can be used with no value to clear any previously + defined values of that option. @@ -158,46 +160,68 @@ Halt signal - Allows one to specify signal name or number, sent by lxc-stop to the - container's init process to cleanly shutdown the container. Different - init systems could use different signals to perform clean shutdown - sequence. This option allows the signal to be specified in kill(1) - fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The - default signal is SIGPWR. + Allows one to specify signal name or number, sent by lxc-stop to the + container's init process to cleanly shutdown the container. Different + init systems could use different signals to perform clean shutdown + sequence. This option allows the signal to be specified in kill(1) + fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The + default signal is SIGPWR. - - - - - - - specify the signal used to halt the container - - - + + + + + + + specify the signal used to halt the container + + + + + + + + Reboot signal + + Allows one to specify signal name or number, sent by lxc-stop to + reboot the container. This option allows signal to be specified in + kill(1) fashion, e.g. SIGTERM, SIGRTMIN+14, SIGRTMAX-10 or plain number. + The default signal is SIGINT. + + + + + + + + + specify the signal used to reboot the container + + + Stop signal - Allows one to specify signal name or number, sent by lxc-stop to forcibly - shutdown the container. This option allows signal to be specified in - kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number. - The default signal is SIGKILL. - - - - - - - - - specify the signal used to stop the container - - - + Allows one to specify signal name or number, sent by lxc-stop to forcibly + shutdown the container. This option allows signal to be specified in + kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number. + The default signal is SIGKILL. + + + + + + + + + specify the signal used to stop the container + + + @@ -211,16 +235,69 @@ Defaults to: /sbin/init - - - - - - - Absolute path from container rootfs to the binary to use as init. - - - + + + + + + + Absolute path from container rootfs to the binary to use as init. + + + + + + + + Init ID + + Sets the UID/GID to use for the init system, and subsequent command, executed by lxc-execute. + + These options are only used when lxc-execute is started in a private user namespace. + + Defaults to: UID(0), GID(0) + + + + + + + + + UID to use within a private user namesapce for init. + + + + + + + + + + GID to use within a private user namesapce for init. + + + + + + + + Ephemeral + + Allows one to specify whether a container will be destroyed on shutdown. + + + + + + + + + The only allowed values are 0 and 1. Set this to 1 to destroy a + container on shutdown. + + + @@ -238,6 +315,16 @@ + + + + + may be used without a value to clear all previous network options. + + + + + @@ -303,16 +390,18 @@ specifies the mode the macvlan will use to communicate between different macvlan on the same upper device. The accepted - modes are , the device never - communicates with any other device on the same upper_dev (default), - , the new Virtual Ethernet Port + modes are , , + and . + In mode, the device never + communicates with any other device on the same upper_dev (default). + In mode, the new Virtual Ethernet Port Aggregator (VEPA) mode, it assumes that the adjacent bridge returns all frames where both source and destination are local to the macvlan port, i.e. the bridge is set up as a reflective relay. Broadcast frames coming in from the upper_dev get flooded to all macvlan interfaces in VEPA mode, local frames are not - delivered locally, or , it + delivered locally. In mode, it provides the behavior of a simple bridge between different macvlan interfaces on the same port. Frames from one interface to another one get delivered directly @@ -321,7 +410,11 @@ interface, but when they come back from a reflective relay, we don't deliver them again. Since we know all the MAC addresses, the macvlan bridge mode does not - require learning or STP like the bridge module does. + require learning or STP like the bridge module does. In + mode, all frames received by + the physical interface are forwarded to the macvlan + interface. Only one macvlan interface in + mode is possible for one physical interface. @@ -650,7 +743,7 @@ /dev to be set up as needed in the container rootfs. If lxc.autodev is set to 1, then after mounting the container's rootfs LXC will mount a fresh tmpfs under /dev - (limited to 100k) and fill in a minimal set of initial devices. + (limited to 500k) and fill in a minimal set of initial devices. This is generally required when starting a container containing a "systemd" based "init" but may be optional at other times. Additional devices in the containers /dev directory may be created through the @@ -819,7 +912,7 @@ the container's own cgroup into that directory. The container will be able to write to its own cgroup directory, but not the parents, since they - will be remounted read-only + will be remounted read-only. @@ -894,6 +987,12 @@ + If cgroup namespaces are enabled, then any + auto-mounting request will be ignored, since the container can + mount the filesystems itself, and automounting can confuse the + container init. + + Note that if automatic mounting of the cgroup filesystem is enabled, the tmpfs under /sys/fs/cgroup will always be @@ -955,7 +1054,9 @@ specifies that the rootfs should be an overlay with /upper being mounted read-write over a read-only mount of /lower. aufs:/lower:/upper does the same using aufs in place - of overlayfs. loop:/file tells lxc to attach + of overlayfs. For both overlayfs and + aufs multiple /lower + directories can be specified. loop:/file tells lxc to attach /file to a loop device and mount the loop device. @@ -990,6 +1091,20 @@ + + + + + + + specify the rootfs backend type to use, for instance 'dir' or + 'zfs'. While this can be guessed by lxc at container startup, + doing so takes time. Specifying it here avoids extra + processing. + + + + @@ -1045,7 +1160,9 @@ capabilities 7 - , + . + If used with no value, lxc will clear any drop capabilities + specified up to this point. @@ -1072,7 +1189,9 @@ If lxc was compiled and installed with apparmor support, and the host system has apparmor enabled, then the apparmor profile under which the container should be run can be specified in the container - configuration. The default is lxc-container-default. + configuration. The default is lxc-container-default-cgns + if the host kernel is cgroup namespace aware, or + lxc-container-default othewise. @@ -1086,6 +1205,11 @@ use lxc.aa_profile = unconfined + + If the apparmor profile should remain unchanged (i.e. if you + are nesting containers and are already confined), then use + + lxc.aa_profile = unchanged @@ -1231,9 +1355,12 @@ Container name. Section (always 'lxc'). The hook type (i.e. 'clone' or 'pre-mount'). - Additional arguments In the + Additional arguments. In the case of the clone hook, any extra arguments passed to - lxc-clone will appear as further arguments to the hook. + lxc-clone will appear as further arguments to the hook. + In the case of the stop hook, paths to filedescriptors + for each of the container's namespaces along with their types + are passed. The following environment variables are set: @@ -1330,6 +1457,26 @@ + + + + + A hook to be run in the host's namespace with references + to the container's namespaces after the container has been shut + down. For each namespace an extra argument is passed to the hook + containing the namespace's type and a filename that can be used to + obtain a file descriptor to the corresponding namespace, separated + by a colon. The type is the name as it would appear in the + /proc/PID/ns directory. + For instance for the mount namespace the argument usually looks + like mnt:/proc/PID/fd/12. + + + + + + + @@ -1354,6 +1501,18 @@ + + + + + + + + A hook to be run when the container is destroyed. + + + + @@ -1450,7 +1609,47 @@ - + + + + + + + + Only for the clone hook. Is set to the original container name. + + + + + + + + + + + + Only for the stop hook. Is set to "stop" for a container + shutdown or "reboot" for a container reboot. + + + + + + + + + + + + If unset, then this version of lxc is not aware of cgroup + namespaces. If set, it will be set to 1, and lxc is aware + of cgroup namespaces. Note this does not guarantee that + cgroup namespaces are enabled in the kernel. This is used + by the lxcfs mount hook. + + + + Logging @@ -1543,6 +1742,19 @@ + + + + + + + If not zero the mount namespace will be unshared from the host + before initializing the container (before running any pre-start + hooks). This requires the CAP_SYS_ADMIN capability at startup. + Default is 0. + + + diff -Nru lxc-1.1.5/doc/lxc-copy.sgml.in lxc-2.0.1/doc/lxc-copy.sgml.in --- lxc-1.1.5/doc/lxc-copy.sgml.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/doc/lxc-copy.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,312 @@ + + + + +]> + + + + @LXC_GENERATE_DATE@ + + + lxc-copy + 1 + + + + lxc-copy + + + copy an existing container. + + + + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -e, --ephemeral + -B, --backingstorage backingstorage + -s, --snapshot + -K, --keepdata + -M, --keepmac + -L, --fssize size [unit] + -- hook arguments + + + lxc-copy + -n, --name name + -P, --lxcpath path + -N, --newname newname + -p, --newpath newpath + -R, --rename + + + + + Description + + + lxc-copy creates and optionally starts (ephemeral or + non-ephemeral) copies of existing containers. It replaces + lxc-clone and lxc-start-ephemeral. + + + lxc-copy creates copies of existing containers. Copies + can be complete clones of the original container. In this case the whole + root filesystem of the container is simply copied to the new container. Or + they can be snapshots, i.e. small copy-on-write copies of the original + container. In this case the specified backing storage for the copy must + support snapshots. This currently includes aufs, btrfs, lvm (lvm devices + do not support snapshots of snapshots.), overlay, and zfs. + + + + The copy's backing storage will be of the same type as the original + container. aufs or overlayfs snapshots of directory backed containers are + exempted from this rule. + + + + When the -e flag is specified an ephemeral + snapshot of the original container is created and started. Ephemeral + containers will have lxc.ephemeral = 1 set in their + config file and will be destroyed on shutdown. When + -e is used in combination with + -D a non-ephemeral snapshot of the original + container is created and started. + + + When -e is specified and no newname is given via + -N a random name for the snapshot will be chosen. + + + + Containers created and started with -e can have + custom mounts. These are specified with the -m + flag. Currently three types of mounts are supported: + aufs, bind, and + overlay. Mount types are specified as suboptions + to the -m flag and can be specified multiple + times separated by commas. aufs and + overlay mounts are currently specified in the + format -m overlay=/src:/dest. When no + destination dest is specified + dest will be identical to + src. Read-only bind + mounts are specified -m bind=/src:/dest:ro and + read-write bind mounts -m + bind=/src:/dest:rw. Read-write bind + mounts are the default and rw can be missing when + a read-write mount is wanted. When dest is + missing dest will be identical to + src. An example for multiple mounts would be + -m + bind=/src1:/dest1:ro,bind=/src2:ro,overlay=/src3:/dest3. + + + + The mounts, their options, and formats supported via the + -m flag are subject to change. + + + + + + Options + + + + + + + The name for the copy. + + + + + + + The path for the copy. + + + + + + + Rename the original container. + + + + + + + Create a snapshot of the original container. The backing + storage for the copy must support snapshots. This currently includes + aufs, btrfs, lvm, overlay, and zfs. + + + + + + + Run the snapshot in the foreground. The snapshots console will + be attached to the current tty. (This option can only be specified + in conjunction with -e.) + + + + + + + + Run the snapshot as a daemon (This is the default mode for + ephemeral containers.). As the container has no more tty, if an + error occurs nothing will be displayed, the log file can + be used to check the error. (This option can only be specified in + conjunction with -e.) + + + + + + + + Specify a mount for a snapshot The + opts argument for the mount type can by + of type {aufs, bind, overlay}. For example (This option can + currently only be specified in conjunction with + -e.). + + + + + + + Specify the backing storage type to be used for the copy + where 'backingstorage' is of type 'aufs', 'btrfs', 'dir', 'lvm', 'loop', + 'overlay', or 'zfs'. + + + + + + + Specify the size for an 'lvm' filesystem. + + + + + + + When this option is specified with + -e a non-ephemeral container is created + and started. + + + + + + When this option is specified the hostname of the original + container will be kept for the copy. + + + + + + When this option is specified the MAC address of the original + container will be kept for the copy. + + + + + + + + Copy hook + + If the container being copied has one or more + lxc.hook.clone specified, then the specified hooks + will be called for the new container. The first 3 arguments passed to the + clone hook will be the container name, a section ('lxc'), and the hook + type ('clone'). Extra arguments passed to lxc-copy will + be passed to the hook program starting at argument 4. The + LXC_ROOTFS_MOUNT environment variable gives + the path under which the container's root filesystem is mounted. The + configuration file pathname is stored in + LXC_CONFIG_FILE, the new container name in + LXC_NAME, the old container name in + LXC_SRC_NAME, and the path or device on which the + rootfs is located is in LXC_ROOTFS_PATH. + + + + &commonoptions; + + &seealso; + + + Author + Christian Brauner christian.brauner@mailbox.org + + + + + diff -Nru lxc-1.1.5/doc/lxc-create.sgml.in lxc-2.0.1/doc/lxc-create.sgml.in --- lxc-1.1.5/doc/lxc-create.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-create.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -92,7 +92,7 @@ - + @@ -104,7 +104,7 @@ - + @@ -122,11 +122,11 @@ - + - 'backingstore' is one of 'dir', 'lvm', 'loop', 'btrfs', 'zfs', or 'best'. The + 'backingstore' is one of 'dir', 'lvm', 'loop', 'btrfs', 'zfs', 'rbd', or 'best'. The default is 'dir', meaning that the container root filesystem will be a directory under @LXCPATH@/container/rootfs. This backing store type allows the optional @@ -158,6 +158,12 @@ If backingstore is 'loop', you can use --fstype FSTYPE and --fssize SIZE as 'lvm'. The default values for these options are the same as 'lvm'. + If backingstore is 'rbd', then you will need to have a valid configuration in ceph.conf and a ceph.client.admin.keyring defined. + You can specify the following options : + --rbdname RBDNAME will create a blockdevice named RBDNAME rather than the default, which is the container name. + --rbdpool POOL will create the blockdevice in the pool named POOL, rather than the default, which is 'lxc'. + + If backingstore is 'best', then lxc will try, in order, btrfs, zfs, lvm, and finally a directory backing store. diff -Nru lxc-1.1.5/doc/lxc-destroy.sgml.in lxc-2.0.1/doc/lxc-destroy.sgml.in --- lxc-1.1.5/doc/lxc-destroy.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-destroy.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -51,6 +51,7 @@ lxc-destroy -n name -f + -s @@ -81,6 +82,14 @@ + + + + + destroy the specified container including all its snapshots. + + + diff -Nru lxc-1.1.5/doc/lxc-device.sgml.in lxc-2.0.1/doc/lxc-device.sgml.in --- lxc-1.1.5/doc/lxc-device.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-device.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -67,7 +67,7 @@ - + @@ -77,9 +77,7 @@ - - - + The name of the target container. diff -Nru lxc-1.1.5/doc/lxc-info.sgml.in lxc-2.0.1/doc/lxc-info.sgml.in --- lxc-1.1.5/doc/lxc-info.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-info.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -71,19 +71,19 @@ - + Print a configuration key from the container. This option - may be given mulitple times to print out multiple key = value pairs. + may be given multiple times to print out multiple key = value pairs. - + @@ -94,7 +94,7 @@ - + @@ -105,7 +105,7 @@ - + @@ -116,7 +116,7 @@ - + @@ -139,7 +139,7 @@ - + diff -Nru lxc-1.1.5/doc/lxc-ls.sgml.in lxc-2.0.1/doc/lxc-ls.sgml.in --- lxc-1.1.5/doc/lxc-ls.sgml.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/doc/lxc-ls.sgml.in 2016-05-16 20:38:39.000000000 +0000 @@ -26,6 +26,7 @@ ]> @@ -50,7 +51,6 @@ lxc-ls -1 - -P lxcpath --active --frozen --running @@ -58,9 +58,8 @@ -f -F format -g groups - --nesting - filter - --version + --nesting=NUM + --filter=regex @@ -77,7 +76,7 @@ - + @@ -88,18 +87,7 @@ - - - - - Use an alternate container path. The default is @LXCPATH@. - - - - - - - + @@ -110,7 +98,7 @@ - + @@ -121,7 +109,7 @@ - + @@ -132,7 +120,7 @@ - + @@ -143,7 +131,7 @@ - + @@ -154,7 +142,7 @@ - + @@ -166,7 +154,7 @@ - + @@ -178,34 +166,26 @@ - + - Show nested containers. + Show nested containers. The number of nesting levels to be shown can + be specified by passing a number as argument. - + - The filter passed to lxc-ls will be - applied to the container name. The format is a regular expression. - - - - - - - - - - - Show the version number. + The regular expression passed to lxc-ls will be + applied to the container name. The format is a POSIX extended + regular expression. It can also be given as additional argument + without explicitly using . @@ -236,12 +216,23 @@ + &commonoptions; + &seealso; + History + Written originally as a shell script by Daniel Lezcano and Serge Hallyn. + Later reimplemented and extended in Python by Stéphane Graber and then + reimplemented and extended in C by Christian Brauner. + + + Author - Stéphane Graber stgraber@ubuntu.com + Christian Brauner christian.brauner@mailbox.org, + Stéphane Graber stgraber@ubuntu.com + attached to pty +# stdout --> attached to pty +# stderr --> attached to pty + +allocate_pty="nopty" + +FAIL() { + echo -n "Failed " >&2 + echo "$*" >&2 + lxc-destroy -n busy -f + exit 1 +} + +# Create a container, start it and wait for it to be in running state. +lxc-create -t busybox -n busy || FAIL "creating busybox container" +lxc-start -n busy -d || FAIL "starting busybox container" +lxc-wait -n busy -s RUNNING || FAIL "waiting for busybox container to run" + +if [ -t 0 ] && [ -t 1 ] && [ -t 2 ]; then + allocate_pty="pty" + echo "All standard file descriptors refer to a pty." + echo "Tests for lxc-attach pty allocation and I/O redirection" + echo "will be performed correctly." +fi + +# stdin --> attached to pty +# stdout --> attached to pty +# stderr --> attached to pty +for i in `seq 1 100`; do + attach=$(lxc-attach -n busy -- hostname || FAIL "to allocate or setup pty") + if [ "$attach" != "busy" ]; then + FAIL "lxc-attach -n busy -- hostname" + fi +done + +# stdin --> /dev/null +# stdout --> attached to pty +# stderr --> attached to pty +attach=$(lxc-attach -n busy -- hostname < /dev/null || FAIL "to allocate or setup pty") +if [ "$attach" != "busy" ]; then + FAIL "lxc-attach -n busy -- hostname < /dev/null" +fi + +# stdin --> attached to pty +# stdout --> /dev/null +# stderr --> attached to pty +attach=$(lxc-attach -n busy -- hostname > /dev/null || FAIL "to allocate or setup pty") +if [ -n "$attach" ]; then + FAIL "lxc-attach -n busy -- hostname > /dev/null" +fi + +# stdin --> attached to pty +# stdout --> attached to pty +# stderr --> /dev/null +attach=$(lxc-attach -n busy -- hostname 2> /dev/null || FAIL "to allocate or setup pty") +if [ "$attach" != "busy" ]; then + FAIL "lxc-attach -n busy -- hostname 2> /dev/null < /dev/null" +fi + +# stdin --> /dev/null +# stdout --> attached to pty +# stderr --> /dev/null +attach=$(lxc-attach -n busy -- hostname 2> /dev/null < /dev/null || FAIL "to allocate or setup pty") +if [ "$attach" != "busy" ]; then + FAIL "lxc-attach -n busy -- hostname 2> /dev/null < /dev/null" +fi + +# Use a synthetic reproducer in container to produce output on stderr. stdout on +# the host gets redirect to /dev/null. We should still be able to receive +# containers output on stderr on the host. (The command is run in a subshell. +# This allows us to redirect stderr to stdout for the subshell and capture the +# output in the attach variable.) +# stdin --> attached to pty +# stdout --> /dev/null +# stderr --> attached to pty +attach=$( ( lxc-attach -n busy -- sh -c 'hostname >&2' > /dev/null ) 2>&1 || FAIL "to allocate or setup pty") +if [ "$attach" != "busy" ]; then + FAIL "lxc-attach -n busy -- sh -c 'hostname >&2' > /dev/null" +fi + +# Use a synthetic reproducer in container to produce output on stderr. stderr on +# the host gets redirect to /dev/null. We should not receive output on stderr on +# the host. (The command is run in a subshell. This allows us to redirect stderr +# to stdout for the subshell and capture the output in the attach variable.) +# stdin --> attached to pty +# stdout --> attach to pty +# stderr --> /dev/null +attach=$( ( lxc-attach -n busy -- sh -c 'hostname >&2' 2> /dev/null ) 2>&1 || FAIL "to allocate or setup pty") +if [ -n "$attach" ]; then + FAIL "lxc-attach -n busy -- sh -c 'hostname >&2' 2> /dev/null" +fi + + +# stdin --> attached to pty +# stdout --> /dev/null +# stderr --> attached to pty +# (As we expect the exit code of the command to be 1 we ignore it.) +attach=$(lxc-attach -n busy -- sh -c 'rm 2>&1' > /dev/null || true) +if [ -n "$attach" ]; then + FAIL "lxc-attach -n busy -- sh -c 'rm 2>&1' > /dev/null" +fi + + +# - stdin --> attached to pty +# - stdout --> attached to pty +# - stderr --> /dev/null +# (As we expect the exit code of the command to be 1 we ignore it.) +attach=$(lxc-attach -n busy -- sh -c 'rm 2>&1' 2> /dev/null || true) +if [ -z "$attach" ]; then + FAIL "lxc-attach -n busy -- sh -c 'rm 2>&1' 2> /dev/null" +fi + +# stdin --> $in +# stdout --> attached to pty +# stderr --> attached to pty +attach=$(echo hostname | lxc-attach -n busy -- || FAIL "to allocate or setup pty") +if [ "$attach" != "busy" ]; then + FAIL "echo hostname | lxc-attach -n busy --" +fi + +# stdin --> attached to pty +# stdout --> $out +# stderr --> $err +out=$(mktemp /tmp/out_XXXX) +err=$(mktemp /tmp/err_XXXX) +trap "rm -f $out $err" EXIT INT QUIT PIPE +lxc-attach -n busy -- sh -c 'echo OUT; echo ERR >&2' > $out 2> $err || FAIL "to allocate or setup pty" +outcontent=$(cat $out) +errcontent=$(cat $err) +if [ "$outcontent" != "OUT" ] || [ "$errcontent" != "ERR" ]; then + FAIL "lxc-attach -n busy -- sh -c 'echo OUT; echo ERR >&2' > $out 2> $err" +fi + +rm -f $out $err + +# stdin --> $in +# stdout --> $out +# stderr --> $err +# (As we expect the exit code of the command to be 1 we ignore it.) +out=$(mktemp /tmp/out_XXXX) +err=$(mktemp /tmp/err_XXXX) +trap "rm -f $out $err" EXIT INT QUIT PIPE +echo "hostname; rm" | lxc-attach -n busy > $out 2> $err || true +outcontent=$(cat $out) +errcontent=$(cat $err) +if [ "$outcontent" != "busy" ] || [ -z "$errcontent" ]; then + FAIL "echo 'hostname; rm' | lxc-attach -n busy > $out 2> $err" +fi + +rm -f $out $err + +if [ $allocate_pty = "pty" ]; then + # Test whether logging pty output to a file works. + trap "rm -f /tmp/ptylog" EXIT INT QUIT PIPE + lxc-attach -n busy -L /tmp/ptylog -- hostname || FAIL "to allocate or setup pty" + if [ ! -s /tmp/ptylog ]; then + FAIL "lxc-attach -n busy -L /tmp/ptylog -- hostname" + fi + + rm -f /tmp/ptylog +fi + +lxc-destroy -n busy -f + +exit 0 diff -Nru lxc-1.1.5/src/tests/lxc-test-snapdeps lxc-2.0.1/src/tests/lxc-test-snapdeps --- lxc-1.1.5/src/tests/lxc-test-snapdeps 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/src/tests/lxc-test-snapdeps 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,84 @@ +#!/bin/bash + +# lxc: linux Container library + +# Authors: +# Serge Hallyn +# +# This is a test for dependency between snapshots +# +# When container c2 is created as an overlayfs clone of c1, then +# we record it as such, because c1 cannot be deleted until c2 is +# deleted. Once c2 is deleted, c1 should be delete-able. + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA + +# This test assumes an Ubuntu host + +set -e + +if ! grep -q overlay /proc/filesystems; then + echo "Not running this test as overlay is not available" + exit 0 +fi + +cleanup() { + for i in `seq 1 20`; do + lxc-destroy -n snapdeptest$i > /dev/null 2>&1 || true + done + lxc-destroy -n snapdeptest > /dev/null 2>&1 || true +} + +verify_deps() { + n=$1 + m=`wc -l /var/lib/lxc/snapdeptest/lxc_snapshots | awk '{ print $1 }'` + [ $((n*2)) -eq $m ] +} + +cleanup + +trap cleanup EXIT SIGHUP SIGINT SIGTERM + +lxc-create -t busybox -n snapdeptest +lxc-copy -s -n snapdeptest -N snapdeptest1 +fail=0 +lxc-destroy -n snapdeptest || fail=1 +if [ $fail -eq 0 ]; then + echo "FAIL: clone did not prevent deletion" + false +fi + +for i in `seq 2 20`; do + lxc-copy -s -n snapdeptest -N snapdeptest$i +done + +verify_deps 20 + +lxc-destroy -n snapdeptest1 + +verify_deps 19 + +lxc-destroy -n snapdeptest20 + +verify_deps 18 + +for i in `seq 2 19`; do + lxc-destroy -n snapdeptest$i +done + +lxc-destroy -n snapdeptest + +echo "Snapshot clone dependency test passed" +exit 0 diff -Nru lxc-1.1.5/src/tests/lxc-test-ubuntu lxc-2.0.1/src/tests/lxc-test-ubuntu --- lxc-1.1.5/src/tests/lxc-test-ubuntu 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/src/tests/lxc-test-ubuntu 2016-05-16 20:38:39.000000000 +0000 @@ -65,7 +65,9 @@ # Check apparmor lxcpid=`lxc-info -n $name -p -H` aa=`cat /proc/$lxcpid/attr/current` - if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a "$aa" != "lxc-container-default (enforce)" ]; then + if [ "$aa" != "lxc-container-default-with-nesting (enforce)" -a \ + "$aa" != "lxc-container-default-cgns (enforce)" -a \ + "$aa" != "lxc-container-default (enforce)" ]; then FAIL " to correctly set apparmor profile (profile is \"$aa\")" fi lxc-stop -n $name -k diff -Nru lxc-1.1.5/src/tests/lxc-test-unpriv lxc-2.0.1/src/tests/lxc-test-unpriv --- lxc-1.1.5/src/tests/lxc-test-unpriv 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/src/tests/lxc-test-unpriv 2016-05-16 20:38:39.000000000 +0000 @@ -112,6 +112,7 @@ done else for d in /sys/fs/cgroup/*; do + [ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children [ ! -d $d/lxctest ] && mkdir $d/lxctest chown -R $TUSER: $d/lxctest echo $$ > $d/lxctest/tasks @@ -125,16 +126,22 @@ chown -R $TUSER: $HDIR/.cache/lxc run_cmd lxc-create -t download -n c1 -- -d ubuntu -r trusty -a $ARCH -run_cmd lxc-start -n c1 -d -p1=$(run_cmd lxc-info -n c1 -p -H) -[ "$p1" != "-1" ] || { echo "Failed to start container c1"; false; } +# Make sure we can start it - twice -run_cmd lxc-info -n c1 -run_cmd lxc-attach -n c1 -- /bin/true +for count in `seq 1 2`; do + run_cmd lxc-start -n c1 -d -run_cmd lxc-stop -n c1 -run_cmd lxc-clone -s -o c1 -n c2 + p1=$(run_cmd lxc-info -n c1 -p -H) + [ "$p1" != "-1" ] || { echo "Failed to start container c1 (run $count)"; false; } + + run_cmd lxc-info -n c1 + run_cmd lxc-attach -n c1 -- /bin/true + + run_cmd lxc-stop -n c1 +done + +run_cmd lxc-copy -s -n c1 -N c2 run_cmd lxc-start -n c2 -d p1=$(run_cmd lxc-info -n c2 -p -H) [ "$p1" != "-1" ] || { echo "Failed to start container c2"; false; } diff -Nru lxc-1.1.5/src/tests/lxc-test-usernic.in lxc-2.0.1/src/tests/lxc-test-usernic.in --- lxc-1.1.5/src/tests/lxc-test-usernic.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/src/tests/lxc-test-usernic.in 2016-05-16 20:38:39.000000000 +0000 @@ -104,6 +104,7 @@ done else for d in /sys/fs/cgroup/*; do + [ -f $d/cgroup.clone_children ] && echo 1 > $d/cgroup.clone_children [ ! -d $d/lxctest ] && mkdir $d/lxctest chown -R usernic-user: $d/lxctest echo $$ > $d/lxctest/tasks @@ -136,8 +137,11 @@ run_cmd "lxc-start -n b1 -d" p1=$(run_cmd "lxc-info -n b1 -p -H") +lxcpath=/home/usernic-user/.local/share/lxc +lxcname=b1 + # Assign one veth, should fail as no allowed entries yet -if run_cmd "$LXC_USER_NIC $p1 veth usernic-br0 xx1"; then +if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx1"; then echo "FAIL: able to create nic with no entries" exit 1 fi @@ -148,24 +152,24 @@ echo "usernic-user veth usernic-br0 2" >> /etc/lxc/lxc-usernet # Assign one veth to second bridge, should fail -if run_cmd "$LXC_USER_NIC $p1 veth usernic-br1 xx1"; then +if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br1 xx1"; then echo "FAIL: able to create nic with no entries" exit 1 fi # Assign two veths, should succeed -if ! run_cmd "$LXC_USER_NIC $p1 veth usernic-br0 xx2"; then +if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx2"; then echo "FAIL: unable to create first nic" exit 1 fi -if ! run_cmd "$LXC_USER_NIC $p1 veth usernic-br0 xx3"; then +if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx3"; then echo "FAIL: unable to create second nic" exit 1 fi # Assign one more veth, should fail. -if run_cmd "$LXC_USER_NIC $p1 veth usernic-br0 xx4"; then +if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx4"; then echo "FAIL: able to create third nic" exit 1 fi @@ -175,7 +179,7 @@ run_cmd "lxc-start -n b1 -d" p1=$(run_cmd "lxc-info -n b1 -p -H") -if ! run_cmd "$LXC_USER_NIC $p1 veth usernic-br0 xx5"; then +if ! run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p1 veth usernic-br0 xx5"; then echo "FAIL: unable to create nic after destroying the old" cleanup 1 fi @@ -188,7 +192,7 @@ p2=$(lxc-info -n usernic-c1 -p -H) # assign veth to it - should fail -if run_cmd "$LXC_USER_NIC $p2 veth usernic-br0 xx6"; then +if run_cmd "$LXC_USER_NIC $lxcpath $lxcname $p2 veth usernic-br0 xx6"; then echo "FAIL: able to attach nic to root-owned container" cleanup 1 fi diff -Nru lxc-1.1.5/src/tests/Makefile.am lxc-2.0.1/src/tests/Makefile.am --- lxc-1.1.5/src/tests/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/src/tests/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -48,12 +48,15 @@ lxc-test-reboot lxc-test-list lxc-test-attach lxc-test-device-add-remove \ lxc-test-apparmor -bin_SCRIPTS = lxc-test-autostart lxc-test-cloneconfig lxc-test-createconfig +bin_SCRIPTS = lxc-test-automount lxc-test-autostart lxc-test-cloneconfig \ + lxc-test-createconfig if DISTRO_UBUNTU bin_SCRIPTS += \ + lxc-test-lxc-attach \ lxc-test-apparmor-mount \ lxc-test-checkpoint-restore \ + lxc-test-snapdeps \ lxc-test-symlink \ lxc-test-ubuntu \ lxc-test-unpriv \ @@ -76,11 +79,14 @@ list.c \ locktests.c \ lxcpath.c \ + lxc-test-lxc-attach \ + lxc-test-automount \ lxc-test-autostart \ lxc-test-apparmor-mount \ lxc-test-checkpoint-restore \ lxc-test-cloneconfig \ lxc-test-createconfig \ + lxc-test-snapdeps \ lxc-test-symlink \ lxc-test-ubuntu \ lxc-test-unpriv \ diff -Nru lxc-1.1.5/src/tests/Makefile.in lxc-2.0.1/src/tests/Makefile.in --- lxc-1.1.5/src/tests/Makefile.in 2015-11-09 16:26:04.000000000 +0000 +++ lxc-2.0.1/src/tests/Makefile.in 2016-05-16 20:38:45.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -16,7 +16,17 @@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -103,21 +113,22 @@ @ENABLE_TESTS_TRUE@ lxc-test-device-add-remove$(EXEEXT) \ @ENABLE_TESTS_TRUE@ lxc-test-apparmor$(EXEEXT) @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@am__append_3 = \ +@DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-lxc-attach \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-apparmor-mount \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-checkpoint-restore \ +@DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-snapdeps \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-symlink \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-ubuntu \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-unpriv \ @DISTRO_UBUNTU_TRUE@@ENABLE_TESTS_TRUE@ lxc-test-usernic subdir = src/tests -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-test-usernic.in $(top_srcdir)/config/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-test-usernic @@ -362,6 +373,8 @@ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-test-usernic.in \ + $(top_srcdir)/config/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -414,6 +427,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -427,6 +441,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -518,6 +533,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -556,7 +572,7 @@ @ENABLE_TESTS_TRUE@ -DLXC_DEFAULT_CONFIG=\"$(LXC_DEFAULT_CONFIG)\" \ @ENABLE_TESTS_TRUE@ -DRUNTIME_PATH=\"$(RUNTIME_PATH)\" \ @ENABLE_TESTS_TRUE@ $(am__append_1) $(am__append_2) -@ENABLE_TESTS_TRUE@bin_SCRIPTS = lxc-test-autostart \ +@ENABLE_TESTS_TRUE@bin_SCRIPTS = lxc-test-automount lxc-test-autostart \ @ENABLE_TESTS_TRUE@ lxc-test-cloneconfig lxc-test-createconfig \ @ENABLE_TESTS_TRUE@ $(am__append_3) EXTRA_DIST = \ @@ -573,11 +589,14 @@ list.c \ locktests.c \ lxcpath.c \ + lxc-test-lxc-attach \ + lxc-test-automount \ lxc-test-autostart \ lxc-test-apparmor-mount \ lxc-test-checkpoint-restore \ lxc-test-cloneconfig \ lxc-test-createconfig \ + lxc-test-snapdeps \ lxc-test-symlink \ lxc-test-ubuntu \ lxc-test-unpriv \ @@ -603,7 +622,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/tests/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/tests/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -1033,6 +1051,8 @@ mostlyclean-generic pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-binPROGRAMS uninstall-binSCRIPTS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff -Nru lxc-1.1.5/templates/lxc-alpine.in lxc-2.0.1/templates/lxc-alpine.in --- lxc-1.1.5/templates/lxc-alpine.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-alpine.in 2016-05-16 20:38:39.000000000 +0000 @@ -1,367 +1,506 @@ #!/bin/sh +# vim: set ts=4: + +# Exit on error and treat unset variables as an error. +set -eu + +# +# LXC template for Alpine Linux 3+ +# + +# Note: Do not replace tabs with spaces, it would break heredocs! + +# Authors: +# Jakub Jirutka + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA -# Detect use under userns (unsupported) -for arg in "$@"; do - [ "$arg" = "--" ] && break - if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then - echo "This template can't be used for unprivileged containers." 1>&2 - echo "You may want to try the \"download\" template instead." 1>&2 - exit 1 - fi -done + +#=========================== Constants ============================# # Make sure the usual locations are in PATH -PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin -export PATH +export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin -key_sha256sums="9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub +readonly LOCAL_STATE_DIR='@LOCALSTATEDIR@' +readonly LXC_TEMPLATE_CONFIG='@LXCTEMPLATECONFIG@' +readonly LXC_CACHE_DIR="${LXC_CACHE_PATH:-"$LOCAL_STATE_DIR/cache/lxc"}/alpine" + +# SHA256 checksums of GPG keys for APK. +readonly APK_KEYS_SHA256="\ +9c102bcc376af1498d549b77bdbfa815ae86faa1d2d82f040e616b18ef2df2d4 alpine-devel@lists.alpinelinux.org-4a6a0840.rsa.pub 2adcf7ce224f476330b5360ca5edb92fd0bf91c92d83292ed028d7c4e26333ab alpine-devel@lists.alpinelinux.org-4d07755e.rsa.pub ebf31683b56410ecc4c00acd9f6e2839e237a3b62b5ae7ef686705c7ba0396a9 alpine-devel@lists.alpinelinux.org-5243ef4b.rsa.pub 1bb2a846c0ea4ca9d0e7862f970863857fc33c32f5506098c636a62a726a847b alpine-devel@lists.alpinelinux.org-524d27bb.rsa.pub 12f899e55a7691225603d6fb3324940fc51cd7f133e7ead788663c2b7eecb00c alpine-devel@lists.alpinelinux.org-5261cecb.rsa.pub" +readonly APK_KEYS_URI='http://alpinelinux.org/keys' +readonly MIRRORS_LIST_URL='http://rsync.alpinelinux.org/alpine/MIRRORS.txt' -get_static_apk () { - wget="wget -q -O -" - pkglist=alpine-keys:apk-tools-static - auto_repo_dir= - - if [ -z "$repository" ]; then - url=http://wiki.alpinelinux.org/cgi-bin/dl.cgi - yaml_path="latest-stable/releases/$apk_arch/latest-releases.yaml" - if [ -z "$release" ]; then - echo -n "Determining the latest release... " - release=$($wget $url/$yaml_path | \ - awk '$1 == "branch:" {print $2; exit 0}') - if [ -z "$release" ]; then - release=$($wget $url/.latest.$apk_arch.txt | \ - cut -d " " -f 3 | cut -d / -f 1 | uniq) - fi - if [ -z "$release" ]; then - echo failed - return 1 - fi - echo $release - fi - auto_repo_dir=$release/main - repository=$url/$auto_repo_dir - pkglist=$pkglist:alpine-mirrors - fi - - rootfs="$1" - echo "Using static apk from $repository/$apk_arch" - wget="$wget $repository/$apk_arch" - - # parse APKINDEX to find the current versions - static_pkgs=$($wget/APKINDEX.tar.gz | \ - tar -Oxz APKINDEX | \ - awk -F: -v pkglist=$pkglist ' - BEGIN { split(pkglist,pkg) } - $0 != "" { f[$1] = $2 } - $0 == "" { for (i in pkg) - if (pkg[i] == f["P"]) - print(f["P"] "-" f["V"] ".apk") }') - [ "$static_pkgs" ] || return 1 - - mkdir -p "$rootfs" || return 1 - for pkg in $static_pkgs; do - echo "Downloading $pkg" - $wget/$pkg | tar -xz -C "$rootfs" - done - - # clean up .apk meta files - rm -f "$rootfs"/.[A-Z]* - - # verify checksum of the key - keyname=$(echo $rootfs/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') - checksum=$(echo "$key_sha256sums" | grep -w "$keyname") - if [ -z "$checksum" ]; then - echo "ERROR: checksum is missing for $keyname" - return 1 - fi - (cd $rootfs/etc/apk/keys && echo "$checksum" | sha256sum -c -) || return 1 - - # verify the static apk binary signature - APK=$rootfs/sbin/apk.static - openssl dgst -sha1 -verify $rootfs/etc/apk/keys/$keyname \ - -signature "$APK.SIGN.RSA.$keyname" "$APK" || return 1 - - if [ "$auto_repo_dir" ]; then - mirror_list=$rootfs/usr/share/alpine-mirrors/MIRRORS.txt - mirror_count=$(wc -l $mirror_list | cut -d " " -f 1) - random=$(hexdump -n 2 -e '/2 "%u"' /dev/urandom) - repository=$(sed $(expr $random % $mirror_count + 1)\!d \ - $mirror_list)$auto_repo_dir - echo "Selecting mirror $repository" - fi -} - -install_alpine() { - rootfs="$1" - shift - mkdir -p "$rootfs"/etc/apk || return 1 - : ${keys_dir:=/etc/apk/keys} - if ! [ -d "$rootfs"/etc/apk/keys ] && [ -d "$keys_dir" ]; then - cp -r "$keys_dir" "$rootfs"/etc/apk/keys - fi - if [ -n "$repository" ]; then - echo "$repository" > "$rootfs"/etc/apk/repositories - else - cp /etc/apk/repositories "$rootfs"/etc/apk/repositories || return 1 - if [ -n "$release" ]; then - sed -E -i "s:/[^/]+/([^/]+)$:/$release/\\1:" \ - "$rootfs"/etc/apk/repositories - fi - fi - opt_arch= - if [ -n "$apk_arch" ]; then - opt_arch="--arch $apk_arch" - fi - $APK add -U --initdb --root $rootfs $opt_arch "$@" alpine-base -} - -configure_alpine() { - rootfs="$1" - echo "Setting up /etc/inittab" - cat >"$rootfs"/etc/inittab< "$rootfs/etc/resolv.conf" - - # configure the network using the dhcp - cat < $rootfs/etc/network/interfaces -auto lo -iface lo inet loopback +: ${APK_KEYS_DIR:=/etc/apk/keys} +if ! ls "$APK_KEYS_DIR"/alpine* >/dev/null 2>&1; then + APK_KEYS_DIR="$LXC_CACHE_DIR/bootstrap/keys" +fi +readonly APK_KEYS_DIR -auto eth0 -iface eth0 inet dhcp -EOF +: ${APK:=$(command -v apk || true)} +if [ ! -x "$APK" ]; then + APK="$LXC_CACHE_DIR/bootstrap/sbin/apk.static" +fi +readonly APK - # set the hostname - echo $hostname > $rootfs/etc/hostname - # missing device nodes - echo "Setting up device nodes" - mkdir -p -m 755 "$rootfs/dev/pts" - mkdir -p -m 1777 "$rootfs/dev/shm" - mknod -m 666 "$rootfs/dev/zero" c 1 5 - mknod -m 666 "$rootfs/dev/full" c 1 7 - mknod -m 666 "$rootfs/dev/random" c 1 8 - mknod -m 666 "$rootfs/dev/urandom" c 1 9 - mknod -m 666 "$rootfs/dev/tty0" c 4 0 - mknod -m 666 "$rootfs/dev/tty1" c 4 1 - mknod -m 666 "$rootfs/dev/tty2" c 4 2 - mknod -m 666 "$rootfs/dev/tty3" c 4 3 - mknod -m 666 "$rootfs/dev/tty4" c 4 4 -# mknod -m 600 "$rootfs/dev/initctl" p - mknod -m 666 "$rootfs/dev/tty" c 5 0 - mknod -m 666 "$rootfs/dev/console" c 5 1 - mknod -m 666 "$rootfs/dev/ptmx" c 5 2 - - # start services - ln -s /etc/init.d/bootmisc "$rootfs"/etc/runlevels/boot/bootmisc - ln -s /etc/init.d/syslog "$rootfs"/etc/runlevels/boot/syslog - - return 0 -} - -copy_configuration() { - path=$1 - rootfs=$2 - hostname=$3 - - grep -q "^lxc.rootfs" $path/config 2>/dev/null \ - || echo "lxc.rootfs = $rootfs" >> $path/config - if [ -n "$lxc_arch" ]; then - echo "lxc.arch = $lxc_arch" >> $path/config - fi - - lxc_network_link_line="# lxc.network.link = br0" - for br in lxcbr0 virbr0 br0; do - if [ -d /sys/class/net/$br/bridge ]; then - lxc_network_link_line="lxc.network.link = $br" - break - fi - done - - if ! grep -q "^lxc.network.type" $path/config 2>/dev/null; then - cat <> $path/config -lxc.network.type = veth -$lxc_network_link_line -lxc.network.flags = up -EOF - fi +#======================== Helper Functions ========================# + +usage() { + cat <<-EOF + Template specific options can be passed to lxc-create after a '--' like this: - # if there is exactly one veth or macvlan network entry, make sure - # it has an associated mac address. - nics=$(awk -F '[ \t]*=[ \t]*' \ - '$1=="lxc.network.type" && ($2=="veth" || $2=="macvlan") {print $2}' \ - $path/config | wc -l) - if [ "$nics" -eq 1 ] && ! grep -q "^lxc.network.hwaddr" $path/config; then - # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303 - hwaddr="fe:$(dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \ - head -n 1 |awk '{print $2}' | cut -c1-10 |\ - sed 's/\(..\)/\1:/g; s/.$//')" - echo "lxc.network.hwaddr = $hwaddr" >> $path/config - fi - - cat <> $path/config - -lxc.tty = 4 -lxc.pts = 1024 -lxc.utsname = $hostname -lxc.cap.drop = sys_module mac_admin mac_override sys_time sys_admin - -# When using LXC with apparmor, uncomment the next line to run unconfined: -#lxc.aa_profile = unconfined - -# devices -lxc.cgroup.devices.deny = a -# /dev/null, zero and full -lxc.cgroup.devices.allow = c 1:3 rwm -lxc.cgroup.devices.allow = c 1:5 rwm -lxc.cgroup.devices.allow = c 1:7 rwm -# consoles -lxc.cgroup.devices.allow = c 5:1 rwm -lxc.cgroup.devices.allow = c 5:0 rwm -lxc.cgroup.devices.allow = c 4:0 rwm -lxc.cgroup.devices.allow = c 4:1 rwm -# /dev/{,u}random -lxc.cgroup.devices.allow = c 1:9 rwm -lxc.cgroup.devices.allow = c 1:8 rwm -lxc.cgroup.devices.allow = c 136:* rwm -lxc.cgroup.devices.allow = c 5:2 rwm -# rtc -lxc.cgroup.devices.allow = c 254:0 rm - -# mounts point -lxc.mount.auto=cgroup:mixed proc:mixed sys:mixed -lxc.mount.entry=run run tmpfs nodev,noexec,nosuid,relatime,size=1m,mode=0755 0 0 -lxc.mount.entry=shm dev/shm tmpfs nodev,nosuid,noexec,mode=1777,create=dir 0 0 + lxc-create --name=NAME [lxc-create-options] -- [template-options] [PKG...] -EOF + PKG Additional APK package(s) to install into the container. - return 0 + Template options: + -a ARCH, --arch=ARCH The container architecture (e.g. x86, x86_64); defaults + to the host arch. + -d, --debug Run this script in a debug mode (set -x and wget w/o -q). + -F, --flush-cache Remove cached files before build. + -m URL --mirror=URL The Alpine mirror to use; defaults to random mirror. + -r VER, --release=VER The Alpine release branch to install; default is the + latest stable. + + Environment variables: + APK The apk-tools binary to use when building rootfs. If not set + or not executable and apk is not on PATH, then the script + will download the latest apk-tools-static. + APK_KEYS_DIR Path to directory with GPG keys for APK. If not set and + /etc/apk/keys does not contain alpine keys, then the script + will download the keys from ${APK_KEYS_URI}. + LXC_CACHE_PATH Path to the cache directory where to store bootstrap files + and APK packages. + EOF } die() { - echo "$@" >&2 - exit 1 + local retval=$1; shift + + printf 'ERROR: %s\n' "$@" 1>&2 + exit $retval } -usage() { - cat >&2 <] - [-R|--release ] [-a|--arch ] - [--rootfs ] -p|--path -n|--name - [PKG...] +einfo() { + printf "\n==> $1\n" +} + +fetch() { + if [ "$DEBUG" = 'yes' ]; then + wget -T 10 -O - $@ + else + wget -T 10 -O - -q $@ + fi +} + +latest_release_branch() { + local arch="$1" + local branch=$(fetch "$MIRROR_URL/latest-stable/releases/$arch/latest-releases.yaml" \ + | sed -En 's/^[ \t]*branch: (.*)$/\1/p' \ + | head -n 1) + [ -n "$branch" ] && echo "$branch" +} + +parse_arch() { + case "$1" in + x86 | i[3-6]86) echo 'x86';; + x86_64 | amd64) echo 'x86_64';; + arm*) echo 'armhf';; + *) return 1;; + esac +} + +random_mirror_url() { + local url=$(fetch "$MIRRORS_LIST_URL" | shuf -n 1) + [ -n "$url" ] && echo "$url" +} + +run_exclusively() { + local lock_name="$1" + local timeout=$2 + shift 2 + + mkdir -p "$LOCAL_STATE_DIR/lock/subsys" + + local retval + { + echo -n "Obtaining an exclusive lock..." + if ! flock -x 9; then + echo ' failed.' + return 1 + fi + echo ' done' + + "$@"; retval=$? + } 9> "$LOCAL_STATE_DIR/lock/subsys/lxc-alpine-$lock_name" + + return $retval +} + + +#============================ Bootstrap ===========================# + +bootstrap() { + if [ "$FLUSH_CACHE" = 'yes' ] && [ -d "$LXC_CACHE_DIR/bootstrap" ]; then + einfo 'Cleaning cached bootstrap files' + rm -Rf "$LXC_CACHE_DIR/bootstrap" + fi + + einfo 'Fetching and/or verifying APK keys' + fetch_apk_keys "$APK_KEYS_DIR" + + if [ ! -x "$APK" ]; then + einfo 'Fetching apk-tools static binary' + + local host_arch=$(parse_arch $(uname -m)) + fetch_apk_static "$LXC_CACHE_DIR/bootstrap" "$host_arch" + fi +} + +fetch_apk_keys() { + local dest="$1" + local line keyname + + mkdir -p "$dest" + cd "$dest" + + echo "$APK_KEYS_SHA256" | while read -r line; do + keyname="${line##* }" + if [ ! -f "$keyname" ]; then + fetch "$APK_KEYS_URI/$keyname" > "$keyname" + fi + echo "$line" | sha256sum -c - + done || exit 2 + + cd - >/dev/null +} + +fetch_apk_static() { + local dest="$1" + local arch="$2" + local pkg_name='apk-tools-static' + + mkdir -p "$dest" + + local pkg_ver=$(fetch "$MIRROR_URL/latest-stable/main/$arch/APKINDEX.tar.gz" \ + | tar -xzO APKINDEX \ + | sed -n "/P:${pkg_name}/,/^$/ s/V:\(.*\)$/\1/p") + + [ -n "$pkg_ver" ] || die 2 "Cannot find a version of $pkg_name in APKINDEX" + + fetch "$MIRROR_URL/latest-stable/main/$arch/${pkg_name}-${pkg_ver}.apk" \ + | tar -xz -C "$dest" sbin/ # --extract --gzip --directory + + [ -f "$dest/sbin/apk.static" ] || die 2 'apk.static not found' + + local keyname=$(echo "$dest"/sbin/apk.static.*.pub | sed 's/.*\.SIGN\.RSA\.//') + openssl dgst -sha1 \ + -verify "$APK_KEYS_DIR/$keyname" \ + -signature "$dest/sbin/apk.static.SIGN.RSA.$keyname" \ + "$dest/sbin/apk.static" \ + || die 2 'Signature verification for apk.static failed' + + # Note: apk doesn't return 0 for --version + local out="$("$dest"/sbin/apk.static --version)" + echo "$out" + + [ "${out%% *}" = 'apk-tools' ] || die 3 'apk.static --version failed' +} + + +#============================ Install ============================# + +install() { + local dest="$1" + local arch="$2" + local branch="$3" + local extra_packages="$4" + local apk_cache="$LXC_CACHE_DIR/apk/$arch" + local repo_url="$MIRROR_URL/$branch/main" + + if [ "$FLUSH_CACHE" = 'yes' ] && [ -d "$apk_cache" ]; then + einfo "Cleaning cached APK packages for $arch" + rm -Rf "$apk_cache" + fi + mkdir -p "$apk_cache" + + einfo "Installing Alpine Linux in $dest" + cd "$dest" + + mkdir -p etc/apk + ln -s "$apk_cache" etc/apk/cache + echo "$repo_url" > etc/apk/repositories + + install_packages "$arch" alpine-base $extra_packages + make_dev_nodes + setup_inittab + setup_hosts + setup_network + setup_services + + chroot . /bin/true \ + || die 3 'Failed to execute /bin/true in chroot, the builded rootfs is broken!' + + rm etc/apk/cache + cd - >/dev/null +} + +install_packages() { + local arch="$1"; shift + local packages="$@" + + $APK --arch="$arch" --root=. --keys-dir="$APK_KEYS_DIR" \ + --update-cache --initdb add $packages +} + +make_dev_nodes() { + mkdir -p -m 755 dev/pts + mkdir -p -m 1777 dev/shm + + mknod -m 666 dev/zero c 1 5 + mknod -m 666 dev/full c 1 7 + mknod -m 666 dev/random c 1 8 + mknod -m 666 dev/urandom c 1 9 + + local i; for i in $(seq 0 4); do + mknod -m 620 dev/tty$i c 4 $i + chown 0:5 dev/tty$i # root:tty + done + + mknod -m 666 dev/tty c 5 0 + chown 0:5 dev/tty # root:tty + mknod -m 620 dev/console c 5 1 + mknod -m 666 dev/ptmx c 5 2 + chown 0:5 dev/ptmx # root:tty +} + +setup_inittab() { + # Remove unwanted ttys. + sed -i '/^tty[5-9]\:\:.*$/d' etc/inittab + + cat <<-EOF >> etc/inittab + # Main LXC console console + ::respawn:/sbin/getty 38400 console + EOF +} + +setup_hosts() { + # This runscript injects localhost entries with the current hostname + # into /etc/hosts. + cat <<'EOF' > etc/init.d/hosts +#!/sbin/openrc-run + +start() { + local start_tag='# begin generated' + local end_tag='# end generated' + + local content=$( + cat <<-EOF + $start_tag by /etc/init.d/hosts + 127.0.0.1 $(hostname).local $(hostname) localhost + ::1 $(hostname).local $(hostname) localhost + $end_tag + EOF + ) + + if grep -q "^${start_tag}" /etc/hosts; then + # escape \n, busybox sed doesn't like them + content=${content//$'\n'/\\$'\n'} + + sed -ni "/^${start_tag}/ { + a\\${content} + # read and discard next line and repeat until $end_tag or EOF + :a; n; /^${end_tag}/!ba; n + }; p" /etc/hosts + else + printf "$content" >> /etc/hosts + fi +} EOF + chmod +x etc/init.d/hosts + + # Wipe it, will be generated by the above runscript. + echo -n > etc/hosts } -usage_err() { - usage - exit 1 +setup_network() { + # Note: loopback is automatically started by LXC. + cat <<-EOF > etc/network/interfaces + auto eth0 + iface eth0 inet dhcp + hostname \$(hostname) + EOF } -default_path=@LXCPATH@ -release= -arch=$(uname -m) +setup_services() { + local svc_name + + # Specify the LXC subsystem. + sed -i 's/^#*rc_sys=.*/rc_sys="lxc"/' etc/rc.conf + + # boot runlevel + for svc_name in bootmisc hosts syslog; do + ln -s /etc/init.d/$svc_name etc/runlevels/boot/$svc_name + done + + # default runlevel + for svc_name in networking cron; do + ln -s /etc/init.d/$svc_name etc/runlevels/default/$svc_name + done +} + + +#=========================== Configure ===========================# + +configure_container() { + local config="$1" + local hostname="$2" + local arch="$3" + + cat <<-EOF >> "$config" + + # Specify container architecture. + lxc.arch = $arch + + # Set hostname. + lxc.utsname = $hostname + + # If something doesn't work, try to comment this out. + # Dropping sys_admin disables container root from doing a lot of things + # that could be bad like re-mounting lxc fstab entries rw for example, + # but also disables some useful things like being able to nfs mount, and + # things that are already namespaced with ns_capable() kernel checks, like + # hostname(1). + lxc.cap.drop = sys_admin + + # Include common configuration. + lxc.include = $LXC_TEMPLATE_CONFIG/alpine.common.conf + EOF +} -# template mknods, requires root -if [ $(id -u) -ne 0 ]; then - echo "$(basename $0): must be run as root" >&2 - exit 1 + +#============================= Main ==============================# + +if [ "$(id -u)" != "0" ]; then + die 1 "This script must be run as 'root'" fi -options=$(getopt -o hn:p:r:R:a: -l help,name:,rootfs:,path:,repository:,release:,arch: -- "$@") -[ $? -eq 0 ] || usage_err +# Parse command options. +options=$(getopt -o a:dFm:n:p:r:h -l arch:,debug,flush-cache,mirror:,name:,\ +path:,release:,rootfs:,help,mapped-uid:,mapped-gid: -- "$@") eval set -- "$options" +# Clean variables and set defaults. +arch="$(uname -m)" +debug='no' +flush_cache='no' +mirror_url= +name= +path= +release= +rootfs= + +# Process command options. while [ $# -gt 0 ]; do - case "$1" in - -h|--help) - usage - exit 0 - ;; - -n|--name) - name=$2 - ;; - --rootfs) - rootfs=$2 - ;; - -p|--path) - path=$2 - ;; - -r|--repository) - repository=$2 - ;; - -R|--release) - release=$2 - ;; - -a|--arch) - arch=$2 - ;; - --) - shift - break;; - esac - shift 2 + case $1 in + -a | --arch) + arch=$2; shift 2 + ;; + -d | --debug) + debug='yes'; shift 1 + ;; + -F | --flush-cache) + flush_cache='yes'; shift 1 + ;; + -m | --mirror) + mirror_url=$2; shift 2 + ;; + -n | --name) + name=$2; shift 2 + ;; + -p | --path) + path=$2; shift 2 + ;; + -r | --release) + release=$2; shift 2 + ;; + --rootfs) + rootfs=$2; shift 2 + ;; + -h | --help) + usage; exit 0 + ;; + --) + shift; break + ;; + --mapped-[ug]id) + die 1 "This template can't be used for unprivileged containers." \ + 'You may want to try the "download" template instead.' + ;; + *) + echo "Unknown option: $1" 1>&2 + usage; exit 1 + ;; + esac done +extra_packages="$@" -[ -z "$name" ] && usage_err +[ "$debug" = 'yes' ] && set -x -if [ -z "${path}" ]; then - path="${default_path}/${name}" -fi +# Set global variables. +readonly DEBUG="$debug" +readonly FLUSH_CACHE="$flush_cache" +readonly MIRROR_URL="${mirror_url:-$(random_mirror_url)}" +# Validate options. +[ -n "$name" ] || die 1 'Missing required option --name' +[ -n "$path" ] || die 1 'Missing required option --path' + +if [ -z "$rootfs" ] && [ -f "$path/config" ]; then + rootfs="$(sed -nE 's/^lxc.rootfs\s*=\s*(.*)$/\1/p' "$path/config")" +fi if [ -z "$rootfs" ]; then - rootfs=`awk -F= '$1 ~ /^lxc.rootfs/ { print $2 }' "$path/config" 2>/dev/null` - if [ -z "$rootfs" ]; then - rootfs="${path}/rootfs" - fi + rootfs="$path/rootfs" fi -lxc_arch=$arch -apk_arch=$arch +arch=$(parse_arch "$arch") \ + || die 1 "Unsupported architecture: $arch" -case "$arch" in - i[3-6]86) - apk_arch=x86 - lxc_arch=x86 - ;; - x86) - lxc_arch=i686 - ;; - x86_64|"") - ;; - arm*) - apk_arch=armhf - ;; - *) - die "unsupported architecture: $arch" - ;; -esac - -: ${APK:=apk} -if ! which $APK >/dev/null; then - get_static_apk "$rootfs" || die "Failed to download a valid static apk" +if [ -z "$release" ]; then + release=$(latest_release_branch "$arch") \ + || die 2 'Failed to resolve Alpine last release branch' fi -install_alpine "$rootfs" "$@" || die "Failed to install rootfs for $name" -configure_alpine "$rootfs" "$name" || die "Failed to configure $name" -copy_configuration "$path" "$rootfs" "$name" +# Here we go! +run_exclusively 'bootstrap' 10 bootstrap +run_exclusively "$arch" 30 install "$rootfs" "$arch" "$release" "$extra_packages" +configure_container "$path/config" "$name" "$arch" + +einfo "Container's rootfs and config have been created" +cat <<-EOF + Edit the config file $path/config to check/enable networking setup. + The installed system is preconfigured for a loopback and single network + interface configured via DHCP. + + To start the container, run "lxc-start -n $name". + The root password is not set; to enter the container run "lxc-attach -n $name". +EOF diff -Nru lxc-1.1.5/templates/lxc-altlinux.in lxc-2.0.1/templates/lxc-altlinux.in --- lxc-1.1.5/templates/lxc-altlinux.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-altlinux.in 2016-05-16 20:38:39.000000000 +0000 @@ -57,33 +57,33 @@ mkdir -p $rootfs_path/selinux echo 0 > $rootfs_path/selinux/enforce - mkdir -p ${rootfs_path}/etc/net/ifaces/veth0 - cat < ${rootfs_path}/etc/net/ifaces/veth0/options + mkdir -p ${rootfs_path}/etc/net/ifaces/eth0 + cat < ${rootfs_path}/etc/net/ifaces/eth0/options BOOTPROTO=${BOOTPROTO} ONBOOT=yes -NM_CONTROLLED=no +NM_CONTROLLED=yes TYPE=eth EOF if [ ${BOOTPROTO} != "dhcp" ]; then # ip address - cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv4address + cat < ${rootfs_path}/etc/net/ifaces/eth0/ipv4address ${ipv4} EOF - cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv4route + cat < ${rootfs_path}/etc/net/ifaces/eth0/ipv4route ${gw} EOF - cat < ${rootfs_path}/etc/net/ifaces/veth0/resolv.conf + cat < ${rootfs_path}/etc/net/ifaces/eth0/resolv.conf nameserver ${dns} EOF - cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv6address + cat < ${rootfs_path}/etc/net/ifaces/eth0/ipv6address ${ipv6} EOF - cat < ${rootfs_path}/etc/net/ifaces/veth0/ipv6route + cat < ${rootfs_path}/etc/net/ifaces/eth0/ipv6route ${gw6} EOF @@ -109,14 +109,17 @@ echo "console" >> ${rootfs_path}/etc/securetty # Enable services - for service in network syslogd random + for service in network syslogd random NetworkManager do chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service on || true + # For systemd + chroot ${rootfs_path} systemctl -q enable $service &>/dev/null|| true done # Disable services for service in rawdevices fbsetfont do chroot ${rootfs_path} chkconfig $service --list &>/dev/null && chroot ${rootfs_path} chkconfig $service off || true + chroot ${rootfs_path} systemctl -q disable $service &>/dev/null || true done subst 's/^\([3-9]\+:[0-9]\+:respawn:\/sbin\/mingetty.*\)/#\1/' ${rootfs_path}/etc/inittab @@ -175,7 +178,7 @@ APT_GET="apt-get -o RPM::RootDir=$INSTALL_ROOT -y" PKG_LIST="$(grep -hs '^[^#]' "$profile_dir/$profile")" # if no configuration file $profile -- fall back to default list of packages - [ -z "$PKG_LIST" ] && PKG_LIST="interactivesystem apt apt-conf-sisyphus etcnet openssh-server systemd systemd-units systemd-sysvinit" + [ -z "$PKG_LIST" ] && PKG_LIST="interactivesystem apt apt-conf-sisyphus etcnet-full openssh-server systemd-sysvinit systemd-units systemd NetworkManager-daemon" mkdir -p $INSTALL_ROOT/var/lib/rpm rpm --root $INSTALL_ROOT --initdb @@ -272,11 +275,11 @@ #lxc.aa_profile = unconfined #networking -lxc.network.type = $lxc_network_type -lxc.network.flags = up -lxc.network.link = $lxc_network_link -lxc.network.name = veth0 -lxc.network.mtu = 1500 +#lxc.network.type = $lxc_network_type +#lxc.network.flags = up +#lxc.network.link = $lxc_network_link +#lxc.network.name = veth0 +#lxc.network.mtu = 1500 EOF if [ ! -z ${ipv4} ]; then cat <> $config_path/config diff -Nru lxc-1.1.5/templates/lxc-archlinux.in lxc-2.0.1/templates/lxc-archlinux.in --- lxc-1.1.5/templates/lxc-archlinux.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-archlinux.in 2016-05-16 20:38:39.000000000 +0000 @@ -198,7 +198,7 @@ -n,--name container name, used to as an identifier for that container from now on Optional args: -p,--path path to where the container rootfs will be created (${default_path}) - --rootfs path for actual container rootfs, (${default_path/rootfs) + --rootfs path for actual container rootfs, (${default_path}/rootfs) -P,--packages preinstall additional packages, comma-separated list -e,--enable_units enable systemd services, comma-separated list -d,--disable_units disable systemd services, comma-separated list diff -Nru lxc-1.1.5/templates/lxc-busybox.in lxc-2.0.1/templates/lxc-busybox.in --- lxc-1.1.5/templates/lxc-busybox.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-busybox.in 2016-05-16 20:38:39.000000000 +0000 @@ -22,6 +22,7 @@ LXC_MAPPED_UID= LXC_MAPPED_GID= +SSH= # Make sure the usual locations are in PATH export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin @@ -37,6 +38,31 @@ in_userns=0 [ $(am_in_userns) = "yes" ] && in_userns=1 +copy_binary() +{ + binary_path=`which $1` + if [ $? -ne 0 ]; then + echo "Unable to find $1 binary on the system" + return 1 + fi + + dir_path="${binary_path%/*}" + echo /{,usr/}{,s}bin | grep $dir_path >/dev/null 2>&1 + if [ $? -ne 0 ]; then + echo "Binary $1 is located at $binary_path and will not be copied" + echo "($dir_path not supported)" + return 1 + fi + + cp $binary_path $rootfs/$binary_path + if [ $? -ne 0 ]; then + echo "Failed to copy $binary_path to rootfs" + return 1 + fi + + return 0 +} + install_busybox() { rootfs=$1 @@ -160,6 +186,113 @@ return $res } +install_dropbear() +{ + # copy dropbear binary + copy_binary dropbear || return 1 + + # make symlinks to various ssh utilities + utils="\ + $rootfs/usr/bin/dbclient \ + $rootfs/usr/bin/scp \ + $rootfs/usr/bin/ssh \ + $rootfs/usr/sbin/dropbearkey \ + $rootfs/usr/sbin/dropbearconvert \ + " + echo $utils | xargs -n1 ln -s /usr/sbin/dropbear + + # add necessary config files + mkdir $rootfs/etc/dropbear + dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1 + dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1 + + echo "'dropbear' ssh utility installed" + + return 0 +} + +install_openssh() +{ + # tools to be installed + server_utils="sshd" + client_utils="\ + ssh \ + scp \ + " + client_optional_utils="\ + sftp \ + ssh-add \ + ssh-agent \ + ssh-keygen \ + ssh-keyscan \ + ssh-argv0 \ + ssh-copy-id \ + " + + # new folders used by ssh + ssh_tree="\ +$rootfs/etc/ssh \ +$rootfs/var/empty/sshd \ +$rootfs/var/lib/empty/sshd \ +$rootfs/var/run/sshd \ +" + + # create folder structure + mkdir -p $ssh_tree + if [ $? -ne 0 ]; then + return 1 + fi + + # copy binaries + for bin in $server_utils $client_utils; do + copy_binary $bin || return 1 + done + + for bin in $client_optional_utils; do + tool_path=`which $bin` && copy_binary $bin + done + + # add user and group + cat <> $rootfs/etc/passwd +sshd:x:74:74:Privilege-separated SSH:/var/empty/sshd:/sbin/nologin +EOF + + cat <> $rootfs/etc/group +sshd:x:74: +EOF + + # generate container keys + ssh-keygen -t rsa -N "" -f $rootfs/etc/ssh/ssh_host_rsa_key >/dev/null 2>&1 + ssh-keygen -t dsa -N "" -f $rootfs/etc/ssh/ssh_host_dsa_key >/dev/null 2>&1 + + # by default setup root password with no password + cat < $rootfs/etc/ssh/sshd_config +Port 22 +Protocol 2 +HostKey /etc/ssh/ssh_host_rsa_key +HostKey /etc/ssh/ssh_host_dsa_key +UsePrivilegeSeparation yes +KeyRegenerationInterval 3600 +ServerKeyBits 768 +SyslogFacility AUTH +LogLevel INFO +LoginGraceTime 120 +PermitRootLogin yes +StrictModes yes +RSAAuthentication yes +PubkeyAuthentication yes +IgnoreRhosts yes +RhostsRSAAuthentication no +HostbasedAuthentication no +PermitEmptyPasswords yes +ChallengeResponseAuthentication no +EOF + + echo "'OpenSSH' utility installed" + + return 0 +} + configure_busybox() { rootfs=$1 @@ -171,13 +304,6 @@ return 1 fi - file -L $(which busybox) | grep -q "statically linked" - if [ $? -ne 0 ]; then - echo "warning : busybox is not statically linked." - echo "warning : The template script may not correctly" - echo "warning : setup the container environment." - fi - # copy busybox in the rootfs cp $(which busybox) $rootfs/bin if [ $? -ne 0 ]; then @@ -197,6 +323,9 @@ # relink /sbin/init ln $rootfs/bin/busybox $rootfs/sbin/init + # /etc/fstab must exist for "mount -a" + touch $rootfs/etc/fstab + # passwd exec must be setuid chmod +s $rootfs/bin/passwd touch $rootfs/etc/shadow @@ -230,34 +359,6 @@ lxc-unshare -s MOUNT -- /bin/sh < $CHPASSWD_FILE rm $CHPASSWD_FILE - # add ssh functionality if dropbear package available on host - which dropbear >/dev/null 2>&1 - if [ $? -eq 0 ]; then - # copy dropbear binary - cp $(which dropbear) $rootfs/usr/sbin - if [ $? -ne 0 ]; then - echo "Failed to copy dropbear in the rootfs" - return 1 - fi - - # make symlinks to various ssh utilities - utils="\ - $rootfs/usr/bin/dbclient \ - $rootfs/usr/bin/scp \ - $rootfs/usr/bin/ssh \ - $rootfs/usr/sbin/dropbearkey \ - $rootfs/usr/sbin/dropbearconvert \ - " - echo $utils | xargs -n1 ln -s /usr/sbin/dropbear - - # add necessary config files - mkdir $rootfs/etc/dropbear - dropbearkey -t rsa -f $rootfs/etc/dropbear/dropbear_rsa_host_key > /dev/null 2>&1 - dropbearkey -t dss -f $rootfs/etc/dropbear/dropbear_dss_host_key > /dev/null 2>&1 - - echo "'dropbear' ssh utility installed" - fi - return 0 } @@ -270,6 +371,7 @@ grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config cat <> $path/config lxc.haltsignal = SIGUSR1 +lxc.rebootsignal = SIGTERM lxc.utsname = $name lxc.tty = 1 lxc.pts = 1 @@ -314,12 +416,12 @@ usage() { cat < +$1 -h|--help -p|--path= -s|--ssh={dropbear,openssh} EOF return 0 } -options=$(getopt -o hp:n: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid: -- "$@") +options=$(getopt -o hp:n:s: -l help,rootfs:,path:,name:,mapped-uid:,mapped-gid:,ssh: -- "$@") if [ $? -ne 0 ]; then usage $(basename $0) exit 1 @@ -335,6 +437,7 @@ -n|--name) name=$2; shift 2;; --mapped-uid) LXC_MAPPED_UID=$2; shift 2;; --mapped-gid) LXC_MAPPED_GID=$2; shift 2;; + -s|--ssh) SSH=$2; shift 2;; --) shift 1; break ;; *) break ;; esac @@ -383,3 +486,28 @@ echo "failed to remap files to user" exit 1 fi + +if [ -n "$SSH" ]; then + case "$SSH" in + "dropbear") + install_dropbear + if [ $? -ne 0 ]; then + echo "Unable to install 'dropbear' ssh utility" + exit 1 + fi ;; + "openssh") + install_openssh + if [ $? -ne 0 ]; then + echo "Unable to install 'OpenSSH' utility" + exit 1 + fi ;; + *) + echo "$SSH: unrecognized ssh utility" + exit 1 + esac +else + which dropbear >/dev/null 2>&1 + if [ $? -eq 0 ]; then + install_dropbear + fi +fi diff -Nru lxc-1.1.5/templates/lxc-centos.in lxc-2.0.1/templates/lxc-centos.in --- lxc-1.1.5/templates/lxc-centos.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-centos.in 2016-05-16 20:38:39.000000000 +0000 @@ -137,8 +137,9 @@ then centos_host_ver=${VERSION_ID} is_centos=true -elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -a "${VERSION_ID}" != "" ] +elif [ "${CPE_NAME}" != "" -a "${ID}" = "redhat" -o "${ID}" = "rhel" -a "${VERSION_ID}" != "" ] then + # RHEL 7+ /etc/os-release ID = 'rhel', which doesn't enter this elif without the added OR statement redhat_host_ver=${VERSION_ID} is_redhat=true elif [ -e /etc/centos-release ] @@ -249,7 +250,7 @@ DEVICE=eth0 BOOTPROTO=dhcp ONBOOT=yes -HOSTNAME=${UTSNAME} +HOSTNAME=${utsname} NM_CONTROLLED=no TYPE=Ethernet MTU=${MTU} @@ -259,7 +260,7 @@ # set the hostname cat < ${rootfs_path}/etc/sysconfig/network NETWORKING=yes -HOSTNAME=${UTSNAME} +HOSTNAME=${utsname} EOF # set minimal hosts @@ -394,7 +395,7 @@ # power-status-changed - shutdown on SIGPWR # start on power-status-changed - + exec /sbin/shutdown -h now "SIGPWR received" EOF fi @@ -763,7 +764,8 @@ fi fi -cache_base=@LOCALSTATEDIR@/cache/lxc/centos/$basearch +# Allow the cache base to be set by environment variable +cache_base=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/centos/$basearch # Let's do something better for the initial root password. # It's not perfect but it will defeat common scanning brute force @@ -915,7 +917,16 @@ else if [ ${root_expire_password} = "yes" ] then - echo " + if ( mountpoint -q -- "${rootfs_path}" ) + then + echo "To reset the root password, you can do: + + lxc-start -n ${name} + lxc-attach -n ${name} -- passwd + lxc-stop -n ${name} +" + else + echo " The root password is set up as "expired" and will require it to be changed at first login, which you should do as soon as possible. If you lose the root password or wish to change it without starting the container, you @@ -924,5 +935,6 @@ chroot ${rootfs_path} passwd " + fi fi fi diff -Nru lxc-1.1.5/templates/lxc-cirros.in lxc-2.0.1/templates/lxc-cirros.in --- lxc-1.1.5/templates/lxc-cirros.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-cirros.in 2016-05-16 20:38:39.000000000 +0000 @@ -58,10 +58,11 @@ in_userns=0 [ $(am_in_userns) = "yes" ] && in_userns=1 +# Allow the cache base to be set by environment variable if [ $(id -u) -eq 0 ]; then - CACHE_D="@LOCALSTATEDIR@/cache/lxc/cirros" + CACHE_D=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc/cirros"} else - CACHE_D="$HOME/.cache/lxc/cirros" + CACHE_D=${LXC_CACHE_PATH:-"$HOME/.cache/lxc/cirros"} fi error() { echo "$@" 1>&2; } @@ -129,8 +130,6 @@ # When using LXC with apparmor, uncomment the next line to run unconfined: #lxc.aa_profile = unconfined -# To support container nesting on an Ubuntu host, uncomment next two lines: -#lxc.aa_profile = lxc-container-default-with-nesting lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed lxc.cgroup.devices.deny = a diff -Nru lxc-1.1.5/templates/lxc-debian.in lxc-2.0.1/templates/lxc-debian.in --- lxc-1.1.5/templates/lxc-debian.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-debian.in 2016-05-16 20:38:39.000000000 +0000 @@ -34,19 +34,22 @@ export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin export GREP_OPTIONS="" -MIRROR=${MIRROR:-http://http.debian.net/debian} +MIRROR=${MIRROR:-http://httpredir.debian.org/debian} SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.debian.org/} LOCALSTATEDIR="@LOCALSTATEDIR@" LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" +# Allows the lxc-cache directory to be set by environment variable +LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"} configure_debian() { rootfs=$1 hostname=$2 + num_tty=$3 # squeeze only has /dev/tty and /dev/tty0 by default, # therefore creating missing device nodes for tty1-4. - for tty in $(seq 1 4); do + for tty in $(seq 1 $num_tty); do if [ ! -e $rootfs/dev/tty$tty ]; then mknod $rootfs/dev/tty$tty c 4 $tty fi @@ -66,10 +69,7 @@ # Normally not reached, but fallthrough in case of emergency. z6:6:respawn:/sbin/sulogin 1:2345:respawn:/sbin/getty 38400 console -c1:12345:respawn:/sbin/getty 38400 tty1 linux -c2:12345:respawn:/sbin/getty 38400 tty2 linux -c3:12345:respawn:/sbin/getty 38400 tty3 linux -c4:12345:respawn:/sbin/getty 38400 tty4 linux +$(for tty in $(seq 1 $num_tty); do echo "c${tty}:12345:respawn:/sbin/getty 38400 tty${tty} linux" ; done;) p6::ctrlaltdel:/sbin/init 6 p0::powerfail:/sbin/init 0 EOF @@ -189,6 +189,8 @@ { path=$1 rootfs=$2 + config=$3 + num_tty=$4 # this only works if we have getty@.service to manipulate if [ -f ${rootfs}/lib/systemd/system/getty\@.service ]; then @@ -204,7 +206,10 @@ # Fix getty-static-service as debootstrap does not install dbus if [ -e $rootfs//lib/systemd/system/getty-static.service ] ; then - sed 's/ getty@tty[5-9].service//g' $rootfs/lib/systemd/system/getty-static.service | sed 's/\(tty2-tty\)[5-9]/\14/g' > $rootfs/etc/systemd/system/getty-static.service + local tty_services=$(for i in $(seq 2 $num_tty); do echo -n "getty@tty${i}.service "; done; ) + sed 's/ getty@tty.*/'" $tty_services "'/g' \ + $rootfs/lib/systemd/system/getty-static.service | \ + sed 's/\(tty2-tty\)[5-9]/\1'"${num_tty}"'/g' > $rootfs/etc/systemd/system/getty-static.service fi # This function has been copied and adapted from lxc-fedora @@ -214,10 +219,16 @@ chroot ${rootfs} ln -s /lib/systemd/system/multi-user.target /etc/systemd/system/default.target # Make systemd honor SIGPWR chroot ${rootfs} ln -s /lib/systemd/system/halt.target /etc/systemd/system/sigpwr.target - # Setup getty service on the 4 ttys we are going to allow in the + # Setup getty service on the ttys we are going to allow in the # default config. Number should match lxc.tty ( cd ${rootfs}/etc/systemd/system/getty.target.wants - for i in 1 2 3 4 ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) + for i in $(seq 1 $num_tty) ; do ln -sf ../getty\@.service getty@tty${i}.service; done ) + + # Since we use static-getty.target; we need to mask container-getty@.service generated by + # container-getty-generator, so we don't get multiple instances of agetty running. + # See https://github.com/lxc/lxc/issues/520 and https://github.com/lxc/lxc/issues/484 + ( cd ${rootfs}/etc/systemd/system/getty.target.wants + for i in $(seq 0 $num_tty); do ln -sf /dev/null container-getty\@${i}.service; done ) return 0 } @@ -246,6 +257,28 @@ release=$3 trap cleanup EXIT SIGHUP SIGINT SIGTERM + + # Create the cache + mkdir -p "$cache" + + # If debian-archive-keyring isn't installed, fetch GPG keys directly + releasekeyring=/usr/share/keyrings/debian-archive-keyring.gpg + if [ ! -f $releasekeyring ]; then + releasekeyring="$cache/archive-key.gpg" + case $release in + "squeeze") + gpgkeyname="archive-key-6.0" + ;; + "wheezy") + gpgkeyname="archive-key-7.0" + ;; + *) + gpgkeyname="archive-key-8" + ;; + esac + wget https://ftp-master.debian.org/keys/${gpgkeyname}.asc -O - --quiet \ + | gpg --import --no-default-keyring --keyring=${releasekeyring} + fi # check the mini debian was not already downloaded mkdir -p "$cache/partial-$release-$arch" if [ $? -ne 0 ]; then @@ -256,7 +289,7 @@ # download a mini debian into a cache echo "Downloading debian minimal ..." debootstrap --verbose --variant=minbase --arch=$arch \ - --include=$packages \ + --include=$packages --keyring=${releasekeyring} \ "$release" "$cache/partial-$release-$arch" $MIRROR if [ $? -ne 0 ]; then echo "Failed to download the rootfs, aborting." @@ -289,10 +322,10 @@ install_debian() { - cache="$LOCALSTATEDIR/cache/lxc/debian" rootfs=$1 release=$2 arch=$3 + cache="$4/debian" mkdir -p $LOCALSTATEDIR/lock/subsys/ ( flock -x 9 @@ -329,6 +362,7 @@ rootfs=$2 hostname=$3 arch=$4 + num_tty=$5 # Generate the configuration file # if there is exactly one veth network entry, make sure it has an @@ -354,6 +388,7 @@ grep -q "^lxc.rootfs" $path/config 2> /dev/null || echo "lxc.rootfs = $rootfs" >> $path/config cat <> $path/config +lxc.tty = $num_tty lxc.utsname = $hostname lxc.arch = $arch EOF @@ -429,7 +464,7 @@ clean() { - cache="$LOCALSTATEDIR/cache/lxc/debian" + cache=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc/debian"} if [ ! -e $cache ]; then exit 0 @@ -467,7 +502,7 @@ -p, --path=PATH directory where config and rootfs of this VM will be kept -a, --arch=ARCH The container architecture. Can be one of: i686, x86_64, amd64, armhf, armel, powerpc. Defaults to host arch. - -r, --release=RELEASE Debian release. Can be one of: squeeze, wheezy, jessie, sid. + -r, --release=RELEASE Debian release. Can be one of: wheezy, jessie, stretch, sid. Defaults to current stable. --mirror=MIRROR Debian mirror to use during installation. Overrides the MIRROR environment variable (see below). @@ -477,7 +512,7 @@ --packages=PACKAGE_NAME1,PACKAGE_NAME2,... List of additional packages to install. Comma separated, without space. -c, --clean only clean up the cache and terminate - --main-only include only Debian's main repository (i.e. no contrib and non-free). + --enable-non-free include also Debian's contrib and non-free repositories. Environment variables: @@ -490,7 +525,7 @@ return 0 } -options=$(getopt -o hp:n:a:r:c -l arch:,clean,help,main-only,mirror:,name:,packages:,path:,release:,rootfs:,security-mirror: -- "$@") +options=$(getopt -o hp:n:a:r:c -l arch:,clean,help,enable-non-free,mirror:,name:,packages:,path:,release:,rootfs:,security-mirror: -- "$@") if [ $? -ne 0 ]; then usage $(basename $0) exit 1 @@ -506,6 +541,7 @@ arch="armhf" fi hostarch=$arch +mainonly=1 while true do @@ -515,7 +551,7 @@ -a|--arch) arch=$2; shift 2;; -c|--clean) clean=1; shift 1;; - --main-only) mainonly=1; shift 1;; + --enable-non-free) mainonly=0; shift 1;; --mirror) MIRROR=$2; shift 2;; -n|--name) name=$2; shift 2;; --packages) packages=$2; shift 2;; @@ -574,7 +610,7 @@ current_release=`wget ${MIRROR}/dists/stable/Release -O - 2> /dev/null | head |awk '/^Codename: (.*)$/ { print $2; }'` release=${release:-${current_release}} -valid_releases=('squeeze' 'wheezy' 'jessie' 'stretch' 'sid') +valid_releases=('wheezy' 'jessie' 'stretch' 'sid') if [[ ! "${valid_releases[*]}" =~ (^|[^[:alpha:]])$release([^[:alpha:]]|$) ]]; then echo "Invalid release ${release}, valid ones are: ${valid_releases[*]}" exit 1 @@ -584,31 +620,38 @@ config="$path/config" if [ -z "$rootfs" ]; then if grep -q '^lxc.rootfs' $config 2> /dev/null ; then - rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config) + rootfs=$(awk -F= '/^lxc.rootfs[ \t]+=/{ print $2 }' $config) else rootfs=$path/rootfs fi fi -install_debian $rootfs $release $arch +# determine the number of ttys - default is 4 +if grep -q '^lxc.tty' $config 2> /dev/null ; then + num_tty=$(awk -F= '/^lxc.tty[ \t]+=/{ print $2 }' $config) +else + num_tty=4 +fi + +install_debian $rootfs $release $arch $LXC_CACHE_PATH if [ $? -ne 0 ]; then echo "failed to install debian" exit 1 fi -configure_debian $rootfs $name +configure_debian $rootfs $name $num_tty if [ $? -ne 0 ]; then echo "failed to configure debian for a container" exit 1 fi -copy_configuration $path $rootfs $name $arch +copy_configuration $path $rootfs $name $arch $num_tty if [ $? -ne 0 ]; then echo "failed write configuration file" exit 1 fi -configure_debian_systemd $path $rootfs +configure_debian_systemd $path $rootfs $config $num_tty post_process ${rootfs} ${release} ${arch} ${hostarch} ${packages} diff -Nru lxc-1.1.5/templates/lxc-download.in lxc-2.0.1/templates/lxc-download.in --- lxc-1.1.5/templates/lxc-download.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-download.in 2016-05-16 20:38:39.000000000 +0000 @@ -28,7 +28,7 @@ # Defaults DOWNLOAD_ARCH= DOWNLOAD_BUILD= -DOWNLOAD_COMPAT_LEVEL=2 +DOWNLOAD_COMPAT_LEVEL=3 DOWNLOAD_DIST= DOWNLOAD_FLUSH_CACHE="false" DOWNLOAD_FORCE_CACHE="false" @@ -380,7 +380,9 @@ LXC_CACHE_BASE="$HOME/.cache/lxc/" fi -LXC_CACHE_PATH="$LXC_CACHE_BASE/download/$DOWNLOAD_DIST" +# Allow the setting of the LXC_CACHE_PATH with the usage of environment variables. +LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LXC_CACHE_BASE"} +LXC_CACHE_PATH=$LXC_CACHE_PATH/download/$DOWNLOAD_DIST LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_RELEASE/$DOWNLOAD_ARCH/" LXC_CACHE_PATH="$LXC_CACHE_PATH/$DOWNLOAD_VARIANT" diff -Nru lxc-1.1.5/templates/lxc-fedora.in lxc-2.0.1/templates/lxc-fedora.in --- lxc-1.1.5/templates/lxc-fedora.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-fedora.in 2016-05-16 20:38:39.000000000 +0000 @@ -570,8 +570,8 @@ # mount image to "squashfs" # mount contained LiveOS to stage0 -# We're going to use the kernel.org mirror for the initial stages... -# 1 - It's generally up to date and comnplete +# We're going to use the archives.fedoraproject.org mirror for the initial stages... +# 1 - It's generally up to date and complete # 2 - It's has high bandwidth access # 3 - It supports rsync and wildcarding (and we need both) # 4 - Not all the mirrors carry the LiveOS images @@ -579,7 +579,7 @@ if [[ ! -f ../LiveOS/squashfs.img ]] then echo " -Downloading stage 0 LiveOS squashfs file system from mirrors.kernel.org... +Downloading stage 0 LiveOS squashfs file system from archives.fedoraproject.org... Have a beer or a cup of coffee. This will take a bit (~300MB). " sleep 3 # let him read it... @@ -1282,7 +1282,8 @@ fi fi -cache_base=@LOCALSTATEDIR@/cache/lxc/fedora/$basearch +# Allow the cache base to be set by environment variable +cache_base=${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/fedora/$basearch # Let's do something better for the initial root password. # It's not perfect but it will defeat common scanning brute force @@ -1467,7 +1468,16 @@ else if [ ${root_expire_password} = "yes" ] then - echo " + if ( mountpoint -q -- "${rootfs_path}" ) + then + echo "To reset the root password, you can do: + + lxc-start -n ${name} + lxc-attach -n ${name} -- passwd + lxc-stop -n ${name} +" + else + echo " The root password is set up as "expired" and will require it to be changed at first login, which you should do as soon as possible. If you lose the root password or wish to change it without starting the container, you @@ -1476,5 +1486,6 @@ chroot ${rootfs_path} passwd " + fi fi fi diff -Nru lxc-1.1.5/templates/lxc-gentoo.in lxc-2.0.1/templates/lxc-gentoo.in --- lxc-1.1.5/templates/lxc-gentoo.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-gentoo.in 2016-05-16 20:38:39.000000000 +0000 @@ -805,6 +805,7 @@ -w|--password) forced_password=1; password=$2; shift 2;; -s|--settings) settings=$2; shift 2;; -m|--mirror) mirror=$2; shift 2;; + --container-cache) containercache=$2; shift 2;; --tty) [[ $2 -lt 6 ]] && tty=$2; shift 2;; --autologin) autologin=1; shift 1;; --) shift 1; break ;; @@ -812,7 +813,8 @@ esac done -cacheroot="@LOCALSTATEDIR@/cache/lxc/gentoo" +# Allow the cache path to be set by environment variable +cacheroot="${LXC_CACHE_PATH:-"@LOCALSTATEDIR@/cache/lxc"}/gentoo" portage_cache="${cacheroot}/portage.tbz" cachefs="${cacheroot}/rootfs-${arch}-${variant}" diff -Nru lxc-1.1.5/templates/lxc-openmandriva.in lxc-2.0.1/templates/lxc-openmandriva.in --- lxc-1.1.5/templates/lxc-openmandriva.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-openmandriva.in 2016-05-16 20:38:39.000000000 +0000 @@ -42,7 +42,8 @@ #Configurations #distro=cooker hostarch=$(uname -m) -cache_base=@LOCALSTATEDIR@/cache/lxc/openmandriva/$arch +# Allow the cache base to be set by environment variable +cache_base="${LXC_CACHE_PATH:-@LOCALSTATEDIR@/cache/lxc/openmandriva/$arch}" default_path=@LXCPATH@ default_profile=default root_password=root diff -Nru lxc-1.1.5/templates/lxc-opensuse.in lxc-2.0.1/templates/lxc-opensuse.in --- lxc-1.1.5/templates/lxc-opensuse.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-opensuse.in 2016-05-16 20:38:39.000000000 +0000 @@ -136,8 +136,13 @@ echo "Downloading opensuse minimal ..." mkdir -p "$cache/partial-$arch-packages" zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss/ repo-oss || return 1 - zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 - zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1 + # Leap update repos were rearranged + if [ $DISTRO == "leap/42.1" ]; then + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/oss/ update || return 1 + else + zypper --quiet --root $cache/partial-$arch-packages --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 + fi + zypper --quiet --root $cache/partial-$arch-packages --non-interactive --gpg-auto-import-keys update || return 1 zypper --root $cache/partial-$arch-packages --non-interactive in --auto-agree-with-licenses --download-only zypper lxc patterns-openSUSE-base bash iputils sed tar rsyslog || return 1 cat > $cache/partial-$arch-packages/opensuse.conf << EOF Preinstall: aaa_base bash coreutils diffutils @@ -157,7 +162,7 @@ Support: iputils Support: udev Support: netcfg -Support: dhcpcd hwinfo insserv-compat module-init-tools openSUSE-release openssh +Support: hwinfo insserv-compat module-init-tools openSUSE-release openssh Support: pwdutils rpcbind sysconfig Ignore: rpm:suse-build-key,build-key @@ -169,6 +174,18 @@ echo "Support: python3-base" >> $cache/partial-$arch-packages/opensuse.conf fi + # dhcpcd is not in the default repos with Leap 42.1 + if [ $DISTRO != "leap/42.1" ] + then + echo "Support: dhcpcd" >> $cache/partial-$arch-packages/opensuse.conf + fi + + # Leap doesn't seem to have iproute2 utils installed + if [ $DISTRO == "leap/42.1" ] + then + echo "Support: net-tools iproute2" >> $cache/partial-$arch-packages/opensuse.conf + fi + if [ "$arch" = "i686" ]; then mkdir -p $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i686/ for i in "$cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/i586/*" ; do @@ -185,7 +202,11 @@ CLEAN_BUILD=1 BUILD_ARCH="$arch" BUILD_ROOT="$cache/partial-$arch" BUILD_DIST="$cache/partial-$arch-packages/opensuse.conf" PATH="$PATH:/usr/lib/build" /usr/lib/build/init_buildsystem --clean --configdir /usr/lib/build/configs --cachedir $cache/partial-$arch-cache --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/repo-oss/suse/noarch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/$arch --repository $cache/partial-$arch-packages/var/cache/zypp/packages/update/noarch || return 1 chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/distribution/$DISTRO/repo/oss repo-oss || return 1 - chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 + if [ $DISTRO == "leap/42.1" ]; then + chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/oss update || return 1 + else + chroot $cache/partial-$arch /usr/bin/zypper --quiet --non-interactive ar http://download.opensuse.org/update/$DISTRO/ update || return 1 + fi # really clean the image rm -fr $cache/partial-$arch/{.build,.guessed_dist,.srcfiles*,installed-pkg} rm -fr $cache/partial-$arch/dev @@ -227,7 +248,8 @@ install_opensuse() { - cache="@LOCALSTATEDIR@/cache/lxc/opensuse/$DISTRO" + # Allow the cache base to be set by environment variable + cache="${LXC_CACHE_PATH:-@LOCALSTATEDIR@/cache/lxc/opensuse/$DISTRO}" rootfs=$1 mkdir -p @LOCALSTATEDIR@/lock/subsys/ ( @@ -350,7 +372,7 @@ clean() { - cache="@LOCALSTATEDIR@/cache/lxc/opensuse" + cache="${LXC_CACHE_PATH:-@LOCALSTATEDIR@/cache/lxc/opensuse}" if [ ! -e $cache ]; then exit 0 @@ -443,6 +465,11 @@ echo "Selected openSUSE 13.2" ;; + 42.1|leap/42.1|leap) + echo "Selected openSUSE Leap 42.1" + DISTRO="leap/42.1" + ;; + *) echo "You have chosen an invalid release, quitting..." exit 1 diff -Nru lxc-1.1.5/templates/lxc-oracle.in lxc-2.0.1/templates/lxc-oracle.in --- lxc-1.1.5/templates/lxc-oracle.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-oracle.in 2016-05-16 20:38:39.000000000 +0000 @@ -40,10 +40,6 @@ # Make sure the usual locations are in PATH export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin -# use virbr0 that is setup by default by libvirtd -lxc_network_type=veth -lxc_network_link=virbr0 - die() { echo "failed: $1" @@ -440,6 +436,31 @@ # start with a clean /var/log/messages rm -f $container_rootfs/var/log/messages + # set initial timezone as on host + if [ -f /etc/sysconfig/clock ]; then + . /etc/sysconfig/clock + if [ $container_release_major = "5" -o $container_release_major = "6" ]; then + echo ZONE=$ZONE > $container_rootfs/etc/sysconfig/clock + chroot $container_rootfs tzdata-update + else + ZONE="${ZONE// /_}" + chroot $container_rootfs ln -sf ../usr/share/zoneinfo/$ZONE /etc/localtime + fi + else + ZONE=`readlink /etc/localtime | sed -s "s/\.\.\/usr\/share\/zoneinfo\///g"` + if [ "$ZONE" ]; then + if [ $container_release_major = "5" -o $container_release_major = "6" ]; then + echo ZONE=$ZONE > $container_rootfs/etc/sysconfig/clock + chroot $container_rootfs tzdata-update + else + # if /etc/localtime is a symlink, this should preserve it. + cp -a /etc/localtime $container_rootfs/etc/localtime + fi + else + echo "Timezone in container is not configured. Adjust it manually." + fi + fi + # add oracle user, set root password chroot $container_rootfs useradd -m -s /bin/bash oracle echo "oracle:oracle" | chroot $container_rootfs chpasswd @@ -459,11 +480,6 @@ echo "lxc.include = @LXCTEMPLATECONFIG@/oracle.common.conf" >> $cfg_dir/config fi - # generate a hwaddr for the container with a high mac address - # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303 - local hwaddr="fe:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \ - head -n 1 |awk '{print $2}' | cut -c1-10 |\ - sed 's/\(..\)/\1:/g; s/.$//'`" cat <> $cfg_dir/config || die "unable to create $cfg_dir/config" # Container configuration for Oracle Linux $container_release_major.$container_release_minor lxc.arch = $arch @@ -481,20 +497,37 @@ fi echo "# Networking" >>$cfg_dir/config - # see if the network settings were already specified + # see if the default network settings were already specified lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` - if [ -z "$lxc_network_type" -a \ - \( $host_distribution = "OracleServer" -o \ - $host_distribution = "Fedora" \) ]; then - echo "lxc.network.type = veth" >>$cfg_dir/config - echo "lxc.network.flags = up" >>$cfg_dir/config - echo "lxc.network.link = virbr0" >>$cfg_dir/config + if [ -z "$lxc_network_type" ]; then + echo "lxc.network.type = veth" >>$cfg_dir/config + lxc_network_type=veth + fi + + lxc_network_link=`grep '^lxc.network.link' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_link" ]; then + echo "lxc.network.link = lxcbr0" >>$cfg_dir/config + lxc_network_link=lxcbr0 + fi + + lxc_network_hwaddr=`grep '^lxc.network.hwaddr' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_hwaddr" ]; then + # generate a hwaddr for the container + # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303 + local hwaddr="00:16:3e:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \ + head -n1 | awk '{print $2}' | cut -c1-6 | \ + sed 's/\(..\)/\1:/g; s/.$//'`" + echo "lxc.network.hwaddr = $hwaddr" >>$cfg_dir/config + fi + + lxc_network_flags=`grep '^lxc.network.flags' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_flags" ]; then + echo "lxc.network.flags = up" >>$cfg_dir/config fi cat <> $cfg_dir/config || die "unable to create $cfg_dir/config" lxc.network.name = eth0 lxc.network.mtu = 1500 -lxc.network.hwaddr = $hwaddr EOF } diff -Nru lxc-1.1.5/templates/lxc-plamo.in lxc-2.0.1/templates/lxc-plamo.in --- lxc-1.1.5/templates/lxc-plamo.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-plamo.in 2016-05-16 20:38:39.000000000 +0000 @@ -44,7 +44,7 @@ [ -r /etc/default/lxc ] && . /etc/default/lxc DLSCHEME=${DLSCHEME:-"http"} -MIRRORSRV=${MIRRORSRV:-"www.ring.gr.jp"} +MIRRORSRV=${MIRRORSRV:-"repository.plamolinux.org"} MIRRORPATH=${MIRRORPATH:-"/pub/linux/Plamo"} CATEGORIES=${CATEGORIES-"00_base 01_minimum"} EXTRACTGRS=${EXTRACTGRS-""} @@ -292,7 +292,7 @@ prog=`basename $0` path="" ; name="" ; rootfs="" clean=0 -release=${release:-5.x} +release=${release:-6.x} arch=`uname -m | sed 's/i.86/x86/'` ; hostarch=$arch bindhome="" sopts=hp:n:cr:a:b: @@ -336,7 +336,7 @@ echo "This script should be run as 'root'." exit 1 fi -cache=@LOCALSTATEDIR@/cache/lxc +cache="${LXC_CACHE_PATH:-@LOCALSTATEDIR@/cache/lxc}" ptcache=$cache/partial-${prog##*-}-$release-$arch dlcache=$cache/cache-${prog##*-}-$release-$arch rtcache=$cache/rootfs-${prog##*-}-$release-$arch diff -Nru lxc-1.1.5/templates/lxc-slackware.in lxc-2.0.1/templates/lxc-slackware.in --- lxc-1.1.5/templates/lxc-slackware.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/templates/lxc-slackware.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,795 @@ +#!/bin/bash + +# +# lxc: linux Container library + +# Authors: +# Daniel Lezcano + +# Template for slackware by Matteo Bernardini +# some parts are taken from the debian one (used as model) + +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. + +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. + +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA + +# Detect use under userns (unsupported) +for arg in "$@"; do + [ "$arg" = "--" ] && break + if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then + echo "This template can't be used for unprivileged containers." 1>&2 + echo "You may want to try the \"download\" template instead." 1>&2 + exit 1 + fi +done + +# Add some directories to PATH in case we create containers with sudo +export PATH=/sbin:/usr/sbin:$PATH + +cache=${cache:-/var/cache/lxc/slackware} + +# Use the primary Slackware site by default, but please consider changing +# this to a closer mirror site. +MIRROR=${MIRROR:-http://ftp.slackware.com/pub/slackware} + +if [ -z "$arch" ]; then +case "$( uname -m )" in + i?86) arch=i486 ;; + arm*) arch=arm ;; + *) arch=$( uname -m ) ;; +esac +fi + +LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" + +configure_slackware() +{ +rootfs=$1 +hostname=$2 + +echo "Configuring..." ; echo + +# The next part contains excerpts taken from SeTconfig (written by +# Patrick Volkerding) from the slackware setup disk. +# But before pasting them just set a variable to use them as they are +T_PX=$rootfs + +( cd $T_PX ; chmod 755 ./ ) +( cd $T_PX ; chmod 755 ./var ) +if [ -d $T_PX/usr/src/linux ]; then + chmod 755 $T_PX/usr/src/linux +fi +if [ ! -d $T_PX/proc ]; then + mkdir $T_PX/proc + chown root.root $T_PX/proc +fi +if [ ! -d $T_PX/sys ]; then + mkdir $T_PX/sys + chown root.root $T_PX/sys +fi +chmod 1777 $T_PX/tmp +if [ ! -d $T_PX/var/spool/mail ]; then + mkdir -p $T_PX/var/spool/mail + chmod 755 $T_PX/var/spool + chown root.mail $T_PX/var/spool/mail + chmod 1777 $T_PX/var/spool/mail +fi + +echo "#!/bin/sh" > $T_PX/etc/rc.d/rc.keymap +echo "# Load the keyboard map. More maps are in /usr/share/kbd/keymaps." \ + >> $T_PX/etc/rc.d/rc.keymap +echo "if [ -x /usr/bin/loadkeys ]; then" >> $T_PX/etc/rc.d/rc.keymap +echo " /usr/bin/loadkeys us" >> $T_PX/etc/rc.d/rc.keymap +echo "fi" >> $T_PX/etc/rc.d/rc.keymap +chmod 755 $T_PX/etc/rc.d/rc.keymap + +# Network configuration is left to the user, that have to edit +# /etc/rc.d/rc.inet1.conf and /etc/resolv.conf of the container +# just set the hostname +cat < $rootfs/etc/HOSTNAME +$hostname.example.net +EOF +cp $rootfs/etc/HOSTNAME $rootfs/etc/hostname + +# make needed devices, from Chris Willing's MAKEDEV.sh +# http://www.vislab.uq.edu.au/howto/lxc/MAKEDEV.sh +DEV=$rootfs/dev +mkdir -p ${DEV} +mknod -m 666 ${DEV}/null c 1 3 +mknod -m 666 ${DEV}/zero c 1 5 +mknod -m 666 ${DEV}/random c 1 8 +mknod -m 666 ${DEV}/urandom c 1 9 +mkdir -m 755 ${DEV}/pts +mkdir -m 1777 ${DEV}/shm +mknod -m 666 ${DEV}/tty c 5 0 +mknod -m 600 ${DEV}/console c 5 1 +mknod -m 666 ${DEV}/tty0 c 4 0 +mknod -m 666 ${DEV}/tty1 c 4 1 +mknod -m 666 ${DEV}/tty2 c 4 2 +mknod -m 666 ${DEV}/tty3 c 4 3 +mknod -m 666 ${DEV}/tty4 c 4 4 +mknod -m 666 ${DEV}/tty5 c 4 5 +mknod -m 666 ${DEV}/full c 1 7 +mknod -m 600 ${DEV}/initctl p +mknod -m 660 ${DEV}/loop0 b 7 0 +mknod -m 660 ${DEV}/loop1 b 7 1 +ln -s pts/ptmx ${DEV}/ptmx +ln -s /proc/self/fd ${DEV}/fd + +echo "Adding an etc/fstab" +cat >$rootfs/etc/fstab <$rootfs/tmp/rcs.patch <<'EOF' +--- ./etc/rc.orig/rc.6 2012-08-15 01:03:12.000000000 +0200 ++++ ./etc/rc.d/rc.6 2013-02-17 10:26:30.888839354 +0100 +@@ -9,6 +9,12 @@ + # Author: Miquel van Smoorenburg + # Modified by: Patrick J. Volkerding, + # ++# minor tweaks for an lxc container ++# by Matteo Bernardini , ++# based also on Chris Willing's modifications ++# http://www.vislab.uq.edu.au/howto/lxc/rc.6 ++# a check for a container variable is made to jump sections ++container="lxc" + + # Set the path. + PATH=/sbin:/etc:/bin:/usr/bin +@@ -37,6 +43,9 @@ + ;; + esac + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Save the system time to the hardware clock using hwclock --systohc. + if [ -x /sbin/hwclock ]; then + # Check for a broken motherboard RTC clock (where ioports for rtc are +@@ -53,6 +62,8 @@ + fi + fi + ++fi # end container check ++ + # Run any local shutdown scripts: + if [ -x /etc/rc.d/rc.local_shutdown ]; then + /etc/rc.d/rc.local_shutdown stop +@@ -148,6 +159,9 @@ + sleep 2 + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Shut down PCMCIA devices: + if [ -x /etc/rc.d/rc.pcmcia ]; then + . /etc/rc.d/rc.pcmcia stop +@@ -155,11 +169,16 @@ + /bin/sleep 5 + fi + ++fi # end container check ++ + # Turn off process accounting: + if [ -x /sbin/accton -a -r /var/log/pacct ]; then + /sbin/accton off + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Terminate acpid before syslog: + if [ -x /etc/rc.d/rc.acpid -a -r /var/run/acpid.pid ]; then # quit + . /etc/rc.d/rc.acpid stop +@@ -170,6 +189,8 @@ + sh /etc/rc.d/rc.udev force-stop + fi + ++fi # end container check ++ + # Kill all remaining processes. + if [ ! "$1" = "fast" ]; then + echo "Sending all processes the SIGTERM signal." +@@ -179,6 +200,9 @@ + /sbin/killall5 -9 + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Try to turn off quota. + if /bin/grep -q quota /etc/fstab ; then + if [ -x /sbin/quotaoff ]; then +@@ -187,6 +211,8 @@ + fi + fi + ++fi # end container check ++ + # Carry a random seed between reboots. + echo "Saving random seed from /dev/urandom in /etc/random-seed." + # Use the pool size from /proc, or 512 bytes: +@@ -205,6 +231,9 @@ + rm -f /var/lock/subsys/* + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Turn off swap: + echo "Turning off swap." + /sbin/swapoff -a +@@ -216,6 +245,8 @@ + echo "Remounting root filesystem read-only." + /bin/mount -v -n -o remount,ro / + ++fi # end container check ++ + # This never hurts: + /bin/sync + +@@ -240,12 +271,17 @@ + done + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Deactivate LVM volume groups: + if [ -r /etc/lvmtab -o -d /etc/lvm/backup ]; then + echo "Deactivating LVM volume groups:" + /sbin/vgchange -an --ignorelockingfailure + fi + ++fi # end container check ++ + # This never hurts again (especially since root-on-LVM always fails + # to deactivate the / logical volume... but at least it was + # remounted as read-only first) +@@ -258,6 +294,9 @@ + # This is to ensure all processes have completed on SMP machines: + wait + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + if [ -x /sbin/genpowerd ]; then + # See if this is a powerfail situation: + if /bin/egrep -q "FAIL|SCRAM" /etc/upsstatus 2> /dev/null ; then +@@ -274,6 +313,13 @@ + fi + fi + ++else ++ ++# confirm successful shutdown of the container ++echo ; echo "* container stopped. *" ; echo ++ ++fi # end container check ++ + # Now halt (poweroff with APM or ACPI enabled kernels) or reboot. + if [ "$command" = "reboot" ]; then + echo "Rebooting." +--- ./etc/rc.orig/rc.S 2012-09-13 21:38:34.000000000 +0200 ++++ ./etc/rc.d/rc.S 2013-02-17 09:39:41.579799641 +0100 +@@ -4,9 +4,18 @@ + # + # Mostly written by: Patrick J. Volkerding, + # ++# minor tweaks for an lxc container ++# by Matteo Bernardini , ++# based also on Chris Willing's modifications ++# http://www.vislab.uq.edu.au/howto/lxc/rc.S ++# a check for a container variable is made to jump sections ++container="lxc" + + PATH=/sbin:/usr/sbin:/bin:/usr/bin + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Try to mount /proc: + /sbin/mount -v proc /proc -n -t proc 2> /dev/null + +@@ -254,10 +263,27 @@ + read junk; + fi # Done checking root filesystem + ++else ++ # We really don't want to start udev in the container ++ if [ -f /etc/rc.d/rc.udev ]; then ++ chmod -x /etc/rc.d/rc.udev ++ fi ++ # Alsa won't work ++ if [ -f /etc/rc.d/rc.alsa ]; then ++ chmod -x /etc/rc.d/rc.alsa ++ fi ++ # This too ++ if [ -f /etc/rc.d/rc.loop ]; then ++ chmod -x /etc/rc.d/rc.loop ++ fi ++fi # end container check + + # Any /etc/mtab that exists here is old, so we start with a new one: + /bin/rm -f /etc/mtab{,~,.tmp} && /bin/touch /etc/mtab + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Add entry for / to /etc/mtab: + /sbin/mount -f -w / + +@@ -337,6 +363,8 @@ + # mounted read-write. + /sbin/swapon -a 2> /dev/null + ++fi # end container check ++ + # Clean up some temporary files: + rm -f /var/run/* /var/run/*/* /var/run/*/*/* /etc/nologin \ + /etc/dhcpc/*.pid /etc/forcefsck /etc/fastboot \ +@@ -364,7 +392,7 @@ + # if the first line of that file begins with the word 'Linux'. + # You are free to modify the rest of the file as you see fit. + if [ -x /bin/sed ]; then +- /bin/sed -i "{1s/^Linux.*/$(/bin/uname -sr)\./}" /etc/motd ++ /bin/sed -i "{1s/^Linux.*/$(/bin/uname -sr) lxc container\./}" /etc/motd + fi + + # If there are SystemV init scripts for this runlevel, run them. +@@ -372,6 +400,9 @@ + . /etc/rc.d/rc.sysvinit + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Run serial port setup script: + # CAREFUL! This can make some systems hang if the rc.serial script isn't + # set up correctly. If this happens, you may have to edit the file from a +@@ -380,6 +411,8 @@ + sh /etc/rc.d/rc.serial start + fi + ++fi # end container check ++ + # Carry an entropy pool between reboots to improve randomness. + if [ -f /etc/random-seed ]; then + echo "Using /etc/random-seed to initialize /dev/urandom." +--- ./etc/rc.orig/rc.M 2012-09-25 19:47:07.000000000 +0200 ++++ ./etc/rc.d/rc.M 2013-02-17 09:39:41.579799641 +0100 +@@ -10,6 +10,10 @@ + # Author: Fred N. van Kempen, + # Heavily modified by Patrick Volkerding + # ++# minor tweaks for an lxc container ++# by Matteo Bernardini : ++# a check for a container variable is made to jump sections ++container="lxc" + + # Tell the viewers what's going to happen. + echo "Going multiuser..." +@@ -20,6 +24,9 @@ + /sbin/ldconfig & + fi + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Screen blanks after 15 minutes idle time, and powers down in one hour + # if the kernel supports APM or ACPI power management: + /bin/setterm -blank 15 -powersave powerdown -powerdown 60 +@@ -33,6 +40,8 @@ + /bin/hostname darkstar + fi + ++fi # end container check ++ + # Set the permissions on /var/log/dmesg according to whether the kernel + # permits non-root users to access kernel dmesg information: + if [ -r /proc/sys/kernel/dmesg_restrict ]; then +@@ -135,6 +144,9 @@ + chmod 755 / 2> /dev/null + chmod 1777 /tmp /var/tmp + ++# lxc container check ++if [ ! $container = "lxc" ]; then ++ + # Start APM or ACPI daemon. + # If APM is enabled in the kernel, start apmd: + if [ -e /proc/apm ]; then +@@ -146,6 +158,8 @@ + . /etc/rc.d/rc.acpid start + fi + ++fi # end container check ++ + # Update any existing icon cache files: + if find /usr/share/icons 2> /dev/null | grep -q icon-theme.cache ; then + for theme_dir in /usr/share/icons/* ; do +--- ./etc/rc.orig/rc.inet1 2012-08-05 19:13:27.000000000 +0200 ++++ ./etc/rc.d/rc.inet1 2013-02-17 09:39:41.579799641 +0100 +@@ -3,6 +3,11 @@ + # This script is used to bring up the various network interfaces. + # + # @(#)/etc/rc.d/rc.inet1 10.2 Sun Jul 24 12:45:56 PDT 2005 (pjv) ++# ++# minor tweaks for an lxc container ++# by Matteo Bernardini : ++# a check for a container variable is made to jump sections ++container="lxc" + + ############################ + # READ NETWORK CONFIG FILE # +@@ -105,6 +110,10 @@ + [ "${IFNAME[$i]}" = "${1}" ] && break + i=$(($i+1)) + done ++ ++ # lxc container check ++ if [ ! $container = "lxc" ]; then ++ + # If the interface is a bridge, then create it first: + [ -n "${BRNICS[$i]}" ] && br_open $i + # If the interface isn't in the kernel yet (but there's an alias for it in +@@ -115,6 +124,9 @@ + /sbin/modprobe ${1} + fi + fi ++ ++ fi # end container check ++ + if grep `echo ${1}: | cut -f 1 -d :`: /proc/net/dev 1> /dev/null ; then # interface exists + if ! /sbin/ifconfig | grep -w "${1}" 1>/dev/null || \ + ! /sbin/ifconfig ${1} | grep -w inet 1> /dev/null ; then # interface not up or not configured +EOF +( cd $rootfs ; patch -p1 < tmp/rcs.patch ; rm tmp/rcs.patch ) + +# restart rc.inet1 to have routing for the loop device +echo "/etc/rc.d/rc.inet1 restart" >> $rootfs/etc/rc.d/rc.local + +# reduce the number of local consoles: two should be enough +sed -i '/^c3\|^c4\|^c5\|^c6/s/^/# /' $rootfs/etc/inittab + +# better not use this in a container +sed -i 's/.*genpowerfail.*//' $rootfs/etc/inittab + +# add a message to rc.local that confirms successful container startup +echo "echo ; echo \"* container $name started. *\" ; echo" >> $rootfs/etc/rc.d/rc.local + +# set a default combination for the luggage +echo "root:root" | chroot $rootfs chpasswd +echo "Root default password is 'root', please change it!" + +# borrow the time configuration from the local machine +cp -a /etc/localtime $rootfs/etc/localtime + +return 0 +} + +copy_slackware() +{ +rootfs=$1 + +# make a local copy of the installed filesystem +echo -n "Copying rootfs to $rootfs..." +mkdir -p $rootfs +cp -a $cache/rootfs-$release-$arch/* $rootfs/ || exit 1 + +# fix fstab with the actual path +sed -i "s|$cache/rootfs-$release-$arch|$rootfs|" $rootfs/etc/fstab + +return 0 +} + +install_slackware() +{ +rootfs=$1 +mkdir -p /var/lock/subsys/ +( +flock -n -x 200 +if [ $? -ne 0 ]; then + echo "Cache repository is busy." + return 1 +fi + +if [ "$arch" == "x86_64" ]; then + PKGMAIN=slackware64 +elif [ "$arch" == "arm" ]; then + PKGMAIN=slackwarearm +else + PKGMAIN=slackware +fi + +export CONF=$cache/slackpkg-conf +export ROOT=$cache/rootfs-$release-$arch + +mkdir -p $cache/cache-$release-$arch $cache/rootfs-$release-$arch \ + $cache/slackpkg-$release-$arch $CONF/templates + +echo "$MIRROR/$PKGMAIN-$release/" > $CONF/mirrors +touch $CONF/blacklist + +cat < $CONF/slackpkg.conf +# v2.8 +ARCH=$arch +TEMP=$cache/cache-$release-$arch +WORKDIR=$cache/slackpkg-$release-$arch +DELALL=off +CHECKMD5=on +CHECKGPG=on +CHECKSIZE=off +PRIORITY=( patches %PKGMAIN extra pasture testing ) +POSTINST=on +ONLY_NEW_DOTNEW=off +ONOFF=on +DOWNLOAD_ALL=on +DIALOG=off +BATCH=on +DEFAULT_ANSWER=y +USE_INCLUDES=on +SPINNING=off +EOF + +# thanks to Vincent Batts for this list of packages +# (that I modified a little :P) +# http://connie.slackware.com/~vbatts/minimal/ +cat < $CONF/templates/minimal-lxc.template +aaa_base +aaa_elflibs +aaa_terminfo +bash +bin +bzip2 +coreutils +dhcpcd +dialog +diffutils +e2fsprogs +elvis +etc +findutils +gawk +glibc-solibs +gnupg +grep +gzip +iputils +logrotate +mpfr +net-tools +network-scripts +ncurses +openssh +openssl-solibs +pkgtools +procps-ng +sed +shadow +sharutils +slackpkg +sysklogd +sysvinit +sysvinit-functions +sysvinit-scripts +tar +udev +util-linux +wget +which +xz +EOF + +TEMPLATE=${TEMPLATE:-minimal-lxc} +if [ ! "$TEMPLATE" = "minimal-lxc" ]; then + if [ -f /etc/slackpkg/templates/$TEMPLATE.template ]; then + cat /etc/slackpkg/templates/$TEMPLATE.template \ + > $CONF/templates/$TEMPLATE.template + else + TEMPLATE="minimal-lxc" + fi +fi + +# clean previous installs +rm -fR $ROOT/* + +slackpkg -default_answer=n update +slackpkg install-template $TEMPLATE + +# add a slackpkg default mirror +echo "$MIRROR/$PKGMAIN-$release/" >> $ROOT/etc/slackpkg/mirrors + +# blacklist the devs package (we have to use our premade devices). +# do the same with the kernel packages (we use the host's one), +# but leave available headers and sources +echo "devs" >> $ROOT/etc/slackpkg/blacklist +sed -i \ + -e "s|^#kernel-|kernel-|" \ + -e "s|^kernel-headers|#kernel-headers|" \ + -e "s|^kernel-source|#kernel-source|" \ + $ROOT/etc/slackpkg/blacklist + +# force klog to use the system call interface to the kernel message +# buffers - needed for unprivileged containers +sed -i 's|3\ \-x|3 -x -s|' $ROOT/etc/rc.d/rc.syslog || true + +return 0 + +) 200>/var/lock/subsys/lxc + +return $? +} + +copy_configuration() +{ +path=$1 +rootfs=$2 +name=$3 + +cat <> $path/config + +lxc.utsname = $name +lxc.arch = $arch + +lxc.mount = $rootfs/etc/fstab + +lxc.include = ${LXC_TEMPLATE_CONFIG}/slackware.common.conf +EOF + +if [ $? -ne 0 ]; then + echo "Failed to add configuration." + return 1 +fi + +return 0 +} + +clean() +{ +if [ ! -e $cache ]; then + exit 0 +fi + +# lock, so we won't purge while someone is creating a repository +( +flock -n -x 200 +if [ $? != 0 ]; then + echo "Cache repository is busy." + exit 1 +fi + +echo -n "Purging the download cache..." +rm --preserve-root --one-file-system -rf $cache && echo "Done." || exit 1 +exit 0 + +) 200>/var/lock/subsys/lxc +} + +usage() +{ +cat < --clean +EOF +return 0 +} + +options=$(getopt -o hp:n:a:r:c -l help,rootfs:,path:,name:,arch:,release:,clean -- "$@") +if [ $? -ne 0 ]; then + usage $(basename $0) + exit 1 +fi +eval set -- "$options" + +while true +do +case "$1" in + -h|--help) usage $0 && exit 0;; + -p|--path) path=$2; shift 2;; + --rootfs) rootfs=$2; shift 2;; + -a|--arch) arch=$2; shift 2;; + -r|--release) release=$2; shift 2;; + -n|--name) name=$2; shift 2;; + -c|--clean) clean=$2; shift 2;; + --) shift 1; break ;; + *) break ;; +esac +done + +if [ ! -z "$clean" -a -z "$path" ]; then + clean || exit 1 + exit 0 +fi + +type installpkg +if [ $? -ne 0 ]; then + echo "'installpkg' command is missing." + exit 1 +fi + +type slackpkg +if [ $? -ne 0 ]; then + echo "'slackpkg' command is missing." + exit 1 +fi + +if [ -z "$path" ]; then + echo "'path' parameter is required." + exit 1 +fi + +if [ "$(id -u)" != "0" ]; then + echo "This script should be run as 'root'." + exit 1 +fi + +# If no release version was specified, use current +release=${release:-current} + +if [ -z "$name" ]; then + # no name given? set a default one + name=slackwarecontainer +fi + +# detect rootfs +config="$path/config" +if [ -z "$rootfs" ]; then + if grep -q '^lxc.rootfs' $config 2>/dev/null ; then + rootfs=$(awk -F= '/^lxc.rootfs =/{ print $2 }' $config) + else + rootfs=$path/rootfs + fi +fi + +echo + +set -e + +install_slackware $rootfs +if [ $? -ne 0 ]; then + echo "Failed to install slackware." + exit 1 +fi + +echo + +configure_slackware $cache/rootfs-$release-$arch $name +if [ $? -ne 0 ]; then + echo "Failed to configure slackware for a container." + exit 1 +fi + +echo + +rootfs=$path/rootfs +copy_slackware $rootfs +if [ $? -ne 0 ]; then + echo "Failed to copy rootfs." + exit 1 +fi + +echo + +copy_configuration $path $rootfs $name +if [ $? -ne 0 ]; then + echo "Failed to write configuration file." + exit 1 +fi + +if [ ! -z $clean ]; then + clean || exit 1 + exit 0 +fi diff -Nru lxc-1.1.5/templates/lxc-sparclinux.in lxc-2.0.1/templates/lxc-sparclinux.in --- lxc-1.1.5/templates/lxc-sparclinux.in 1970-01-01 00:00:00.000000000 +0000 +++ lxc-2.0.1/templates/lxc-sparclinux.in 2016-05-16 20:38:39.000000000 +0000 @@ -0,0 +1,704 @@ +#!/bin/sh +# +# Template script for generating Linux for SPARC for LXC +# based on lxc-fedora, lxc-ubuntu +# +# Copyright © 2011 Wim Coekaerts +# Copyright © 2012 Dwight Engen +# Copyright � 2015 Wim Coekaerts +# +# Modified for Oracle Linux 5 +# Wim Coekaerts +# +# Modified for Oracle Linux 6,7 combined OL4,5,6 into one template script +# Dwight Engen +# +# Modified for Linux for SPARC 1.0 +# Wim Coekaerts +# +# This library is free software; you can redistribute it and/or +# modify it under the terms of the GNU Lesser General Public +# License as published by the Free Software Foundation; either +# version 2.1 of the License, or (at your option) any later version. +# +# This library is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# Lesser General Public License for more details. +# +# You should have received a copy of the GNU Lesser General Public +# License along with this library; if not, write to the Free Software +# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA +# + +# Detect use under userns (unsupported) +for arg in "$@"; do + [ "$arg" = "--" ] && break + if [ "$arg" = "--mapped-uid" -o "$arg" = "--mapped-gid" ]; then + echo "This template can't be used for unprivileged containers." 1>&2 + echo "You may want to try the \"download\" template instead." 1>&2 + exit 1 + fi +done + +# Make sure the usual locations are in PATH +export PATH=$PATH:/usr/sbin:/usr/bin:/sbin:/bin + +die() +{ + echo "failed: $1" + exit 1 +} + +is_btrfs_subvolume() +{ + if which btrfs >/dev/null 2>&1 && \ + btrfs subvolume list "$1" >/dev/null 2>&1; then + return 0 + fi + return 1 +} + +can_chcon() +{ + if which chcon >/dev/null 2>&1; then + selinuxenabled >/dev/null 2>&1 + return $? + fi + return 1 +} + +# fix up the container_rootfs +container_rootfs_patch() +{ + echo "Patching container rootfs $container_rootfs for Linux for SPARC $container_release_major.$container_release_minor" + + # copy ourself into the container to be used to --patch the rootfs when + # yum update on certain packages is done. we do this here instead of in + # container_rootfs_configure() in case the patching done in this function + # is updated in the future, we can inject the updated version of ourself + # into older containers. + if [ $container_rootfs != "/" ]; then + cp -f `readlink -f $0` $container_rootfs/usr/bin/lxc-patch + mkdir -p $container_rootfs/usr/share/yum-plugins + cp @DATADIR@/lxc/lxc-patch.py $container_rootfs/usr/share/yum-plugins + mkdir -p $container_rootfs/etc/yum/pluginconf.d + cat < $container_rootfs/etc/yum/pluginconf.d/lxc-patch.conf +[main] +enabled=1 +packages=dbus,initscripts,iptables,openssh-server,setup,selinux-policy,readahead,udev,util-linux,util-linux-ng +EOF + fi + + # "disable" selinux in the guest. The policy in the container isn't + # likely to match the hosts (unless host == guest exactly) and the + # kernel can only be enforcing one policy. + # + mkdir -p $container_rootfs/selinux + echo 0 > $container_rootfs/selinux/enforce + if [ -e $container_rootfs/etc/selinux/config ]; then + sed -i 's|SELINUX=enforcing|SELINUX=disabled|' $container_rootfs/etc/selinux/config + else + mkdir -p $container_rootfs/etc/selinux + echo "SELINUX=disabled" >$container_rootfs/etc/selinux/config + fi + sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/login + sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/login + sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*close|#session required pam_selinux.so close|' $container_rootfs/etc/pam.d/sshd + sed -i 's|session[ \t]*required[ \t]*pam_selinux.so[ \t]*open|#session required pam_selinux.so open|' $container_rootfs/etc/pam.d/sshd + + # setting /proc/$$/loginuid doesn't work under user namespace, which + # prevents logins from working + sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/sshd + sed -i 's|session[ \t]*required[ \t]*pam_loginuid.so|#session required pam_loginuid.so|' $container_rootfs/etc/pam.d/login + + if [ -f $container_rootfs/usr/sbin/selinuxenabled ]; then + mv $container_rootfs/usr/sbin/selinuxenabled $container_rootfs/usr/sbin/selinuxenabled.lxcorig + ln -s /bin/false $container_rootfs/usr/sbin/selinuxenabled + fi + + # ensure /dev/ptmx refers to the newinstance devpts of the container, or + # pty's will get crossed up with the hosts (https://lkml.org/lkml/2012/1/23/512) + rm -f $container_rootfs/dev/ptmx + ln -s pts/ptmx $container_rootfs/dev/ptmx + + # silence error in checking for selinux + sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.sysinit + sed -i 's|cat /proc/self/attr/current|cat /proc/self/attr/current 2>/dev/null|' $container_rootfs/etc/rc.d/rc.sysinit + + # disable ipv6 + rm -f $container_rootfs/etc/sysconfig/network-scripts/init.ipv6-global + + # remove module stuff for iptables it just shows errors that are not + # relevant in a container + if [ -f "$container_rootfs/etc/sysconfig/iptables-config" ]; then + sed -i 's|IPTABLES_MODULES=".*|IPTABLES_MODULES=""|' $container_rootfs/etc/sysconfig/iptables-config + sed -i 's|IPTABLES_MODULES_UNLOAD=".*|IPTABLES_MODULES_UNLOAD="no"|' $container_rootfs/etc/sysconfig/iptables-config + fi + + # disable readahead in the container + if [ $container_release_major = "1" -a -e $container_rootfs/etc/sysconfig/readahead ]; then + rm -f $container_rootfs/etc/init/readahead-collector.conf + rm -f $container_rootfs/etc/init/readahead-disable-services.conf + sed -i 's|READAHEAD="yes"|READAHEAD="no"|' $container_rootfs/etc/sysconfig/readahead + fi + + + # no need to attempt to mount / + sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.sysinit + sed -i 's|mount -f /$|# LXC mount -f /|' $container_rootfs/etc/rc.d/rc.sysinit + sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.sysinit + sed -i 's|action \$"Remounting root filesystem|/bin/true # LXC action $"Remounting root filesystem|' $container_rootfs/etc/rc.d/rc.sysinit + + # disable udev in the container + sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.sysinit + sed -i 's|.sbin.start_udev||' $container_rootfs/etc/rc.d/rc.sysinit + + sed -i 's|\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/init.d/halt + sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.sysinit + sed -i 's|^\[ -x /sbin/hwclock|\[ 0 -eq 1|' $container_rootfs/etc/rc.d/rc.sysinit + sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.sysinit + sed -i 's|^/sbin/hwclock|# LXC /sbin/nohwclock|' $container_rootfs/etc/rc.d/rc.sysinit + + touch $container_rootfs/.nolvm + + # fix assumptions that plymouth is available + sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.sysinit + sed -i 's|\[ "$PROMPT" != no \] && plymouth|[ "$PROMPT" != no ] \&\& [ -n "$PLYMOUTH" ] \&\& plymouth|' $container_rootfs/etc/rc.d/rc.sysinit + rm -f $container_rootfs/etc/init/plymouth-shutdown.conf + rm -f $container_rootfs/etc/init/quit-plymouth.conf + rm -f $container_rootfs/etc/init/splash-manager.conf + + # dont try to unmount /dev/lxc devices + sed -i 's|&& $1 !~ /^\\/dev\\/ram/|\&\& $2 !~ /^\\/dev\\/lxc/ \&\& $1 !~ /^\\/dev\\/ram/|' $container_rootfs/etc/init.d/halt + + # don't try to unmount swap + sed -i 's|\[ -f /proc/swaps \]|# LXC [ -f /proc/swaps ]|' $container_rootfs/etc/init.d/halt + + sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mkdir -p /dev/shm \&\& mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.sysinit + sed -i 's|mount -n -o remount /dev/shm >/dev/null 2>&1$|mkdir -p /dev/shm \&\& mount -t tmpfs tmpfs /dev/shm # LXC|' $container_rootfs/etc/rc.d/rc.sysinit + + # there might be other services that are useless but the below set is a good start + # some of these might not exist in the image, so we silence chkconfig complaining + # about the service file not being found + for service in \ + acpid apmd auditd autofs cpuspeed dund gpm haldaemon hidd \ + ip6tables irqbalance iscsi iscsid isdn kdump kudzu \ + lm_sensors lvm2-monitor mdmonitor microcode_ctl \ + ntpd pcmcia postfix sendmail udev-post xfs ; + do + chroot $container_rootfs chkconfig 2>/dev/null $service off + done + + for service in rsyslog ; + do + chroot $container_rootfs chkconfig 2>/dev/null $service on + done +} + +container_rootfs_configure() +{ + container_rootfs_patch + echo "Configuring container for Linux for SPARC $container_release_major.$container_release_minor" + + # configure the network to use dhcp. we set DHCP_HOSTNAME so the guest + # will report its name and be resolv'able by the hosts dnsmasq + cat < $container_rootfs/etc/sysconfig/network-scripts/ifcfg-eth0 +DEVICE=eth0 +BOOTPROTO=dhcp +ONBOOT=yes +HOSTNAME=$name +DHCP_HOSTNAME=\`hostname\` +NM_CONTROLLED=no +TYPE=Ethernet +EOF + + cat < $container_rootfs/etc/sysconfig/network +NETWORKING=yes +NETWORKING_IPV6=no +HOSTNAME=$name +EOF + + # set minimal hosts + echo "127.0.0.1 localhost $name" > $container_rootfs/etc/hosts + + # this file has to exist for libvirt/Virtual machine monitor to boot the container + touch $container_rootfs/etc/mtab + + # setup console and tty[1-4] for login. note that /dev/console and + # /dev/tty[1-4] will be symlinks to the ptys /dev/lxc/console and + # /dev/lxc/tty[1-4] so that package updates can overwrite the symlinks. + # lxc will maintain these links and bind mount ptys over /dev/lxc/* + # since lxc.devttydir is specified in the config. + + # allow root login on console, tty[1-4], and pts/0 for libvirt + echo "# LXC (Linux Containers)" >>$container_rootfs/etc/securetty + echo "lxc/console" >>$container_rootfs/etc/securetty + for i in 1 2 3 4; do + echo "lxc/tty$i" >>$container_rootfs/etc/securetty + done + echo "# For libvirt/Virtual Machine Monitor" >>$container_rootfs/etc/securetty + for i in 0 1 2 3 4; do + echo "pts/$i" >>$container_rootfs/etc/securetty + done + + # prevent mingetty from calling vhangup(2) since it fails with userns + if [ -f $container_rootfs/etc/init/tty.conf ]; then + sed -i 's|mingetty|mingetty --nohangup|' $container_rootfs/etc/init/tty.conf + fi + + # create maygetty which only spawns a getty on the console when running + # under lxc, not libvirt-lxc which symlinks /dev/console to the same pty + # as /dev/tty1 + cat <$container_rootfs/sbin/maygetty +#!/bin/sh +if [ "\$container" = "lxc" ]; then + exec /sbin/mingetty \$@ +fi +exec sleep infinity +EOF + chmod 755 $container_rootfs/sbin/maygetty + + cat < $container_rootfs/etc/init/console.conf +# console - getty +# +# This service maintains a getty on the console from the point the system is +# started until it is shut down again. + +start on stopped rc RUNLEVEL=[2345] +stop on runlevel [!2345] +env container + +respawn +exec /sbin/maygetty --nohangup --noclear /dev/console +EOF + + cat < $container_rootfs/etc/init/power-status-changed.conf +# power-status-changed - used to cleanly shut down the container +# +# This task is run whenever init receives SIGPWR +# Used to shut down the machine. + +start on power-status-changed + +exec init 0 +EOF + + # start with a clean /var/log/messages + rm -f $container_rootfs/var/log/messages + + # set initial timezone as on host + if [ -f /etc/sysconfig/clock ]; then + . /etc/sysconfig/clock + echo ZONE=$ZONE > $container_rootfs/etc/sysconfig/clock + chroot $container_rootfs tzdata-update + else + echo "Timezone in container is not configured. Adjust it manually." + fi + + # add oracle user, set root password + chroot $container_rootfs useradd -m -s /bin/bash oracle + echo "oracle:oracle" | chroot $container_rootfs chpasswd + echo "root:root" | chroot $container_rootfs chpasswd + printf "Added container user:\033[1moracle\033[0m password:\033[1moracle\033[0m\n" + printf "Added container user:\033[1mroot\033[0m password:\033[1mroot\033[0m\n" +} + +# create the container's lxc config file +container_config_create() +{ + echo "Create configuration file $cfg_dir/config" + mkdir -p $cfg_dir || die "unable to create config dir $cfg_dir" + + echo "# Common configuration" >> $cfg_dir/config + if [ -e "@LXCTEMPLATECONFIG@/sparclinux.common.conf" ]; then + echo "lxc.include = @LXCTEMPLATECONFIG@/sparclinux.common.conf" >> $cfg_dir/config + fi + + cat <> $cfg_dir/config || die "unable to create $cfg_dir/config" +# Container configuration for Linux for SPARC $container_release_major.$container_release_minor +lxc.arch = $arch +lxc.utsname = $name +EOF + grep -q "^lxc.rootfs" $cfg_dir/config 2>/dev/null || echo "lxc.rootfs = $container_rootfs" >> $cfg_dir/config + + echo "lxc.cap.drop = sys_resource" >>$cfg_dir/config + + echo "lxc.cap.drop = setfcap setpcap" >>$cfg_dir/config + + echo "# Networking" >>$cfg_dir/config + # see if the default network settings were already specified + lxc_network_type=`grep '^lxc.network.type' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_type" ]; then + echo "lxc.network.type = veth" >>$cfg_dir/config + lxc_network_type=veth + fi + + lxc_network_link=`grep '^lxc.network.link' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_link" ]; then + echo "lxc.network.link = lxcbr0" >>$cfg_dir/config + lxc_network_link=lxcbr0 + fi + + lxc_network_hwaddr=`grep '^lxc.network.hwaddr' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_hwaddr" ]; then + # generate a hwaddr for the container + # see http://sourceforge.net/tracker/?func=detail&aid=3411497&group_id=163076&atid=826303 + local hwaddr="00:16:3e:`dd if=/dev/urandom bs=8 count=1 2>/dev/null |od -t x8 | \ + head -n1 | awk '{print $2}' | cut -c1-6 | \ + sed 's/\(..\)/\1:/g; s/.$//'`" + echo "lxc.network.hwaddr = $hwaddr" >>$cfg_dir/config + fi + + lxc_network_flags=`grep '^lxc.network.flags' $cfg_dir/config | awk -F'[= \t]+' '{ print $2 }'` + if [ -z "$lxc_network_flags" ]; then + echo "lxc.network.flags = up" >>$cfg_dir/config + fi + + cat <> $cfg_dir/config || die "unable to create $cfg_dir/config" +lxc.network.name = eth0 +lxc.network.mtu = 1500 +EOF +} + +container_rootfs_clone() +{ + if is_btrfs_subvolume $template_rootfs; then + # lxc-create already made $container_rootfs a btrfs subvolume, but + # in this case we want to snapshot the original subvolume so we we + # have to delete the one that lxc-create made + btrfs subvolume delete $container_rootfs + btrfs subvolume snapshot $template_rootfs $container_rootfs || die "btrfs clone template" + else + echo "Copying rootfs ..." + cp -axT $template_rootfs $container_rootfs || die "copy template" + fi +} + +container_rootfs_repo_create() +{ + echo "# LXC generated .repo file" >$1 + echo "[$2]" >>$1 + echo "name=Linux for SPARC $container_release_major.$container_release_minor ($basearch)" >>$1 + echo "baseurl=$3/" >>$1 + echo "enabled=1" >>$1 + echo "skip_if_unavailable=1" >>$1 + + if [ "$4" != "" ]; then + echo "gpgkey=$yum_url/RPM-GPG-KEY-oracle-ol$container_release_major" >>$1 + echo "gpgcheck=1" >>$1 + else + echo "gpgcheck=0" >>$1 + fi +} + +container_rootfs_dev_create() +{ + # create required devices. note that /dev/console will be created by lxc + # or libvirt itself to be a symlink to the right pty. + # take care to not nuke /dev in case $container_rootfs isn't set + dev_path="$container_rootfs/dev" + if [ $container_rootfs != "/" -a -d $dev_path ]; then + rm -rf $dev_path + fi + mkdir -p $dev_path + if can_chcon; then + # ensure symlinks created in /dev have the right context + chcon -t device_t $dev_path + fi + mknod -m 666 $dev_path/null c 1 3 + mknod -m 666 $dev_path/zero c 1 5 + mknod -m 666 $dev_path/random c 1 8 + mknod -m 666 $dev_path/urandom c 1 9 + mkdir -m 755 $dev_path/pts + mkdir -m 1777 $dev_path/shm + mknod -m 666 $dev_path/tty c 5 0 + mknod -m 666 $dev_path/tty1 c 4 1 + mknod -m 666 $dev_path/tty2 c 4 2 + mknod -m 666 $dev_path/tty3 c 4 3 + mknod -m 666 $dev_path/tty4 c 4 4 + mknod -m 666 $dev_path/full c 1 7 + mknod -m 600 $dev_path/initctl p + + # set selinux labels same as host + if can_chcon; then + for node in null zero random urandom pts shm \ + tty tty0 tty1 tty2 tty3 tty4 full ; + do + chcon --reference /dev/$node $dev_path/$node 2>/dev/null + done + fi +} + +container_rootfs_create() +{ + if can_chcon; then + chcon --reference / $container_rootfs 2>/dev/null + fi + + cmds="rpm wget yum" + for cmd in $cmds; do + which $cmd >/dev/null 2>&1 + if [ $? -ne 0 ]; then + die "The $cmd command is required, please install it" + fi + done + + mkdir -p @LOCALSTATEDIR@/lock/subsys + ( + flock -x 9 + if [ $? -ne 0 ]; then + die "The template is busy." + fi + + echo "Yum installing release $container_release_major.$container_release_minor for $basearch" + + if [ -n "$repourl" ]; then + yum_url=$repourl + else + yum_url=http://yum.oracle.com + fi + + if [ -n "$baseurl" ]; then + # create .repo pointing at baseurl + repo="lxc-install" + mkdir -p $container_rootfs/etc/yum.repos.d + container_rootfs_repo_create \ + $container_rootfs/etc/yum.repos.d/lxc-install.repo $repo $baseurl + else + # get public-yum repo file + if [ $container_release_major = "1" ]; then + repofile=yum-linux-sparc64.repo + else + die "Unsupported release $container_release_major" + fi + + mkdir -p $container_rootfs/etc/yum.repos.d + wget -q $yum_url/$repofile -O $container_rootfs/etc/yum.repos.d/$repofile + if [ $? -ne 0 ]; then + die "Unable to download repo file $yum_url/$repofile, release unavailable" + fi + + # yum will take $basearch from host, so force the arch we want + sed -i "s|\$basearch|$basearch|" $container_rootfs/etc/yum.repos.d/$repofile + + # replace url if they specified one + if [ -n "$repourl" ]; then + sed -i "s|baseurl=http://yum.oracle.com/|baseurl=$repourl/repo|" $container_rootfs/etc/yum.repos.d/$repofile + sed -i "s|gpgkey=http://yum.oracle.com|gpgkey=$repourl|" $container_rootfs/etc/yum.repos.d/$repofile + + fi + + # disable all repos, then enable the repo for the version we are installing. + if [ $container_release_minor = "latest" ]; then + repo="lfs"_$container_release_minor + else + die "Unsupported release $container_release_major.$container_release_minor" + fi + sed -i "s|enabled=1|enabled=0|" $container_rootfs/etc/yum.repos.d/$repofile + sed -i "/\[$repo\]/,/\[/ s/enabled=0/enabled=1/" $container_rootfs/etc/yum.repos.d/$repofile + fi + + container_rootfs_dev_create + + # don't put devpts,proc, nor sysfs in here, it will already be mounted for us by lxc/libvirt + echo "" >$container_rootfs/etc/fstab + + # create rpm db, download and yum install minimal packages + mkdir -p $container_rootfs/var/lib/rpm + rpm --root $container_rootfs --initdb + yum_args="--installroot $container_rootfs --disablerepo=* --enablerepo=$repo -y --nogpgcheck" + min_pkgs="yum initscripts passwd rsyslog vim-minimal openssh-server openssh-clients dhclient chkconfig rootfiles policycoreutils sparclinux-release" + + # we unshare the mount namespace because yum installing the ol4 + # packages causes $rootfs/proc to be mounted on + lxc-unshare -s MOUNT yum -- $yum_args install $min_pkgs $user_pkgs + if [ $? -ne 0 ]; then + die "Failed to download and install the rootfs, aborting." + fi + + # rsyslog and pam depend on coreutils for some common commands in + # their POSTIN scriptlets, but coreutils wasn't installed yet. now + # that coreutils is installed, reinstall the packages so their POSTIN + # runs right. similarly, libutempter depends on libselinux.so.1 when + # it runs /usr/sbin/groupadd, so reinstall it too + redo_pkgs="" + if [ x"$redo_pkgs" != x ]; then + rpm --root $container_rootfs --nodeps -e $redo_pkgs + lxc-unshare -s MOUNT yum -- $yum_args install $redo_pkgs + if [ $? -ne 0 ]; then + die "Unable to reinstall packages" + fi + fi + + # these distributions put the rpm database in a place the guest is + # not expecting it, so move it + if [ $host_distribution = "Ubuntu" -o $host_distribution = "Debian" ]; then + mv $container_rootfs/$HOME/.rpmdb/* $container_rootfs/var/lib/rpm + fi + + # if the native rpm created the db with Hash version 9, we need to + # downgrade it to Hash version 8 for use with OL5.x + db_version=`file $container_rootfs/var/lib/rpm/Packages | \ + grep -o 'version [0-9]*' |awk '{print $2}'` + + # the host rpm may not be the same as the guest, rebuild the db with + # the guest rpm version + echo "Rebuilding rpm database" + rm -f $container_rootfs/var/lib/rpm/__db* + chroot $container_rootfs rpm --rebuilddb >/dev/null 2>&1 + + ) 9>@LOCALSTATEDIR@/lock/subsys/lxc-sparclinux-$name + if [ $? -ne 0 ]; then + exit 1 + fi +} + +container_release_get() +{ + if [ -f $1/etc/sparclinux-release ]; then + container_release_version=`cat $1/etc/sparclinux-release |awk '/^Linux/ {print $5}'` + container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'` + container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'` + else + echo "Unable to determine container release version" + exit 1 + fi +} + +usage() +{ + cat < architecture (sparc64) + -R|--release= release to download for the new container + --rootfs= rootfs path + -r|--rpms= additional rpms to install into container + -u|--url= replace yum repo url (ie. Oracle public-yum mirror) + --baseurl= use package repository (ie. file:///mnt) + arch and release must also be specified + -t|--templatefs= copy/clone rootfs at path instead of downloading + -P|--patch= only patch the rootfs at path for use as a container + -h|--help + +Release is of the format "major.minor", for example "1.0" or "1.latest" +This template supports Linux for SPARC release 1.0 +EOF + return 0 +} + +options=$(getopt -o hp:n:a:R:r:u:t: -l help,rootfs:,path:,name:,arch:,release:,rpms:,url:,templatefs:,patch:,baseurl: -- "$@") +if [ $? -ne 0 ]; then + usage $(basename $0) + exit 1 +fi + +eval set -- "$options" +while true +do + case "$1" in + -h|--help) usage $0 && exit 0;; + -p|--path) cfg_dir=$2; shift 2;; + --rootfs) container_rootfs=$2; shift 2;; + -n|--name) name=$2; shift 2;; + -a|--arch) arch=$2; shift 2;; + -R|--release) container_release_version=$2; shift 2;; + -r|--rpms) user_pkgs=$2; shift 2;; + -u|--url) repourl=$2; shift 2;; + -t|--templatefs) template_rootfs=$2; shift 2;; + --patch) patch_rootfs=$2; shift 2;; + --baseurl) baseurl=$2; shift 2;; + --) shift 1; break ;; + *) break ;; + esac +done + +# make sure mandatory args are given and valid +if [ "$(id -u)" != "0" ]; then + echo "This script should be run as 'root'" + exit 1 +fi + +if [ -n "$baseurl" ]; then + if [ "$arch" = "" -o "$container_release_version" = "" ]; then + echo "The --arch and --release must be specified when using --baseurl" + usage + exit 1 + fi +fi + +if [ "$arch" = "" ]; then + arch=$(uname -m) +fi + +if [ -n "$patch_rootfs" ]; then + container_rootfs="$patch_rootfs" + container_release_get $container_rootfs + container_rootfs_patch + exit 0 +fi + +if [ -z $name ]; then + echo "Container name must be given" + usage + exit 1 +fi + +if [ -z $cfg_dir ]; then + echo "Configuration directory must be given, check lxc-create" + usage + exit 1 +fi + +basearch=$arch + +if [ "$arch" != "sparc64" ]; then + echo "Bad architecture given, check lxc-create" + usage + exit 1 +fi + +if [ -f /etc/sparclinux-release ]; then + host_distribution="SPARCLinux" + host_release_version=`cat /etc/sparclinux-release |awk '{print $5}'` + host_release_major=`echo $host_release_version |awk -F '.' '{print $1}'` + host_release_minor=`echo $host_release_version |awk -F '.' '{print $2}'` +else + echo "Unable to determine host distribution" + exit 1 +fi + +echo "Host is $host_distribution $host_release_version" + +if [ -z "$container_rootfs" ]; then + container_rootfs="$cfg_dir/rootfs" +fi + +if [ -n "$template_rootfs" ]; then + container_release_get $template_rootfs +else + if [ -z "$container_release_version" ]; then + if [ $host_distribution = "SPARCLinux" ]; then + container_release_version=$host_release_version + else + echo "No release specified with -R, defaulting to 1.latest" + container_release_version="1.latest" + fi + fi + container_release_major=`echo $container_release_version |awk -F '.' '{print $1}'` + container_release_minor=`echo $container_release_version |awk -F '.' '{print $2}'` +fi + +container_config_create +if [ -n "$template_rootfs" ]; then + container_rootfs_clone +else + container_rootfs_create +fi + +container_release_get $container_rootfs + +container_rootfs_configure + +echo "Container : $container_rootfs" +echo "Config : $cfg_dir/config" +echo "Network : eth0 ($lxc_network_type) on $lxc_network_link" diff -Nru lxc-1.1.5/templates/lxc-sshd.in lxc-2.0.1/templates/lxc-sshd.in --- lxc-1.1.5/templates/lxc-sshd.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-sshd.in 2016-05-16 20:38:39.000000000 +0000 @@ -125,6 +125,8 @@ rootfs=$2 name=$3 + init_path=$(realpath --relative-to=/ $(readlink -f /sbin/init)) + grep -q "^lxc.rootfs" $path/config 2>/dev/null || echo "lxc.rootfs = $rootfs" >> $path/config cat <> $path/config lxc.utsname = $name @@ -140,7 +142,7 @@ lxc.mount.entry = /usr usr none ro,bind 0 0 lxc.mount.entry = /sbin sbin none ro,bind 0 0 lxc.mount.entry = tmpfs var/run/sshd tmpfs mode=0644 0 0 -lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd sbin/init none ro,bind 0 0 +lxc.mount.entry = @LXCTEMPLATEDIR@/lxc-sshd $init_path none ro,bind 0 0 lxc.mount.entry = /etc/init.d etc/init.d none ro,bind 0 0 lxc.mount.auto = cgroup:mixed proc:mixed sys:mixed diff -Nru lxc-1.1.5/templates/lxc-ubuntu-cloud.in lxc-2.0.1/templates/lxc-ubuntu-cloud.in --- lxc-1.1.5/templates/lxc-ubuntu-cloud.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-ubuntu-cloud.in 2016-05-16 20:38:39.000000000 +0000 @@ -25,7 +25,7 @@ HOOK_DIR="@LXCHOOKDIR@" CLONE_HOOK_FN="$HOOK_DIR/ubuntu-cloud-prep" LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" -KNOWN_RELEASES="precise trusty utopic vivid" +KNOWN_RELEASES="precise trusty vivid wily xenial" skip_arch_check=${UCTEMPLATE_SKIP_ARCH_CHECK:-0} # Make sure the usual locations are in PATH @@ -146,7 +146,7 @@ return 0 } -options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds:u: -l arch:,help,rootfs:,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata:,mapped-uid:,mapped-gid: -- "$@") +options=$(getopt -o a:hp:r:n:Fi:CLS:T:ds:u: -l arch:,help,rootfs:,path:,release:,name:,flush-cache,hostid:,auth-key:,cloud,no_locales,tarball:,debug,stream:,userdata:,vendordata:,mapped-uid:,mapped-gid: -- "$@") if [ $? -ne 0 ]; then usage $(basename $0) exit 1 @@ -155,8 +155,8 @@ mapped_uid=-1 mapped_gid=-1 -# default release is precise, or the systems release if recognized -release=precise +# default release is trusty, or the systems release if recognized +release=trusty if [ -f /etc/lsb-release ]; then . /etc/lsb-release rels=$(ubuntu-distro-info --supported 2>/dev/null) || @@ -179,7 +179,7 @@ arch="amd64" elif [ "$arch" = "armv7l" ]; then # note: arm images don't exist before oneiric; are called armhf in - # precise and later; and are not supported by the query, so we don't actually + # trusty and later; and are not supported by the query, so we don't actually # support them yet (see check later on). When Query2 is available, # we'll use that to enable arm images. arch="armhf" @@ -213,6 +213,7 @@ -L|--no?locales) cloneargs[${#cloneargs[@]}]="--no-locales"; shift 1;; -i|--hostid) cloneargs[${#cloneargs[@]}]="--hostid=$2"; shift 2;; -u|--userdata) cloneargs[${#cloneargs[@]}]="--userdata=$2"; shift 2;; + -V|--vendordata) cloneargs[${#cloneargs[@]}]="--vendordata=$2"; shift 2;; -C|--cloud) cloneargs[${#cloneargs[@]}]="--cloud"; shift 1;; -S|--auth-key) cloneargs[${#cloneargs[@]}]="--auth-key=$2"; shift 2;; --mapped-uid) mapped_uid=$2; shift 2;; @@ -274,10 +275,11 @@ # determine the url, tarball, and directory names # download if needed -cache="$STATE_DIR/cache/lxc/cloud-$release" +# Allow the cache base to be set by environment variable +cache=${LXC_CACHE_PATH:-"$STATE_DIR/cache/lxc"}/cloud-$release if [ $in_userns -eq 1 ]; then - STATE_DIR="$HOME/.cache/lxc/" - cache="$HOME/.cache/lxc/cloud-$release" + STATE_DIR="$HOME/.cache/lxc" + cache=${LXC_CACHE_PATH:-"$STATE_DIR"}/cloud-$release fi mkdir -p $cache @@ -326,10 +328,10 @@ mkdir -p $rootfs cd $rootfs if [ $in_userns -eq 1 ]; then - tar --anchored --exclude="dev/*" --numeric-owner -xpJf "$cache/$filename" + tar --anchored --exclude="dev/*" --numeric-owner -xpf "$cache/$filename" mkdir -p $rootfs/dev/pts/ else - tar --numeric-owner -xpJf "$cache/$filename" + tar --numeric-owner -xpf "$cache/$filename" fi } diff -Nru lxc-1.1.5/templates/lxc-ubuntu.in lxc-2.0.1/templates/lxc-ubuntu.in --- lxc-1.1.5/templates/lxc-ubuntu.in 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/lxc-ubuntu.in 2016-05-16 20:38:39.000000000 +0000 @@ -41,6 +41,8 @@ LOCALSTATEDIR="@LOCALSTATEDIR@" LXC_TEMPLATE_CONFIG="@LXCTEMPLATECONFIG@" +# Allows the lxc-cache directory to be set by environment variable +LXC_CACHE_PATH=${LXC_CACHE_PATH:-"$LOCALSTATEDIR/cache/lxc"} if [ -r /etc/default/lxc ]; then . /etc/default/lxc @@ -329,7 +331,19 @@ arch=$2 release=$3 + case $2 in + amd64|i386) + MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu} + SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu} + ;; + *) + MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports} + SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports} + ;; + esac + packages_template=${packages_template:-"ssh,vim"} + debootstrap_parameters= # Try to guess a list of langpacks to install langpacks="language-pack-en" @@ -341,6 +355,12 @@ fi packages_template="${packages_template},$(echo $langpacks | sed 's/ /,/g')" + if [ -n "$variant" ]; then + debootstrap_parameters="$debootstrap_parameters --variant=$variant" + fi + if [ "$variant" = 'minbase' ]; then + packages_template="${packages_template},sudo,ifupdown,isc-dhcp-client,apt-transport-https" + fi echo "Installing packages in template: ${packages_template}" @@ -356,9 +376,9 @@ # download a mini ubuntu into a cache echo "Downloading ubuntu $release minimal ..." if [ -n "$(which qemu-debootstrap)" ]; then - qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=${packages_template} $release $cache/partial-$arch $MIRROR + qemu-debootstrap --verbose $debootstrap_parameters --components=main,universe --arch=$arch --include=${packages_template} $release $cache/partial-$arch $MIRROR else - debootstrap --verbose --components=main,universe --arch=$arch --include=${packages_template} $release $cache/partial-$arch $MIRROR + debootstrap --verbose $debootstrap_parameters --components=main,universe --arch=$arch --include=${packages_template} $release $cache/partial-$arch $MIRROR fi if [ $? -ne 0 ]; then @@ -423,7 +443,7 @@ rootfs=$1 release=$2 flushcache=$3 - cache="$LOCALSTATEDIR/cache/lxc/$release" + cache="$4/$release" mkdir -p $LOCALSTATEDIR/lock/subsys/ ( @@ -645,10 +665,11 @@ { cat <] [-d|--debug] - [-F | --flush-cache] [-r|--release ] [ -S | --auth-key ] + [-F | --flush-cache] [-r|--release ] [-v|--variant] [ -S | --auth-key ] [--rootfs ] [--packages ] [-u|--user ] [--password ] [--mirror ] [--security-mirror ] release: the ubuntu release (e.g. precise): defaults to host release on ubuntu, otherwise uses latest LTS +variant: debootstrap variant to use (see debootstrap(8)) bindhome: bind 's home into the container The ubuntu user will not be created, and will have sudo access. @@ -660,7 +681,7 @@ return 0 } -options=$(getopt -o a:b:hp:r:n:FS:du: -l arch:,bindhome:,help,path:,release:,name:,flush-cache,auth-key:,debug,rootfs:,packages:,user:,password:,mirror:,security-mirror: -- "$@") +options=$(getopt -o a:b:hp:r:v:n:FS:du: -l arch:,bindhome:,help,path:,release:,variant:,name:,flush-cache,auth-key:,debug,rootfs:,packages:,user:,password:,mirror:,security-mirror: -- "$@") if [ $? -ne 0 ]; then usage $(basename $0) exit 1 @@ -703,6 +724,7 @@ packages="" user="ubuntu" password="ubuntu" + while true do case "$1" in @@ -714,6 +736,7 @@ --password) password=$2; shift 2;; -F|--flush-cache) flushcache=1; shift 1;; -r|--release) release=$2; shift 2;; + -v|--variant) variant=$2; shift 2;; --packages) packages=$2; shift 2;; -b|--bindhome) bindhome=$2; shift 2;; -a|--arch) arch=$2; shift 2;; @@ -787,7 +810,7 @@ fi fi -install_ubuntu $rootfs $release $flushcache +install_ubuntu $rootfs $release $flushcache $LXC_CACHE_PATH if [ $? -ne 0 ]; then echo "failed to install ubuntu $release" exit 1 diff -Nru lxc-1.1.5/templates/Makefile.am lxc-2.0.1/templates/Makefile.am --- lxc-1.1.5/templates/Makefile.am 2015-11-09 16:25:59.000000000 +0000 +++ lxc-2.0.1/templates/Makefile.am 2016-05-16 20:38:39.000000000 +0000 @@ -15,6 +15,8 @@ lxc-opensuse \ lxc-oracle \ lxc-plamo \ + lxc-slackware \ lxc-sshd \ lxc-ubuntu \ - lxc-ubuntu-cloud + lxc-ubuntu-cloud \ + lxc-sparclinux diff -Nru lxc-1.1.5/templates/Makefile.in lxc-2.0.1/templates/Makefile.in --- lxc-1.1.5/templates/Makefile.in 2015-11-09 16:26:04.000000000 +0000 +++ lxc-2.0.1/templates/Makefile.in 2016-05-16 20:38:45.000000000 +0000 @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,27 +89,19 @@ build_triplet = @build@ host_triplet = @host@ subdir = templates -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(srcdir)/lxc-alpine.in $(srcdir)/lxc-altlinux.in \ - $(srcdir)/lxc-archlinux.in $(srcdir)/lxc-busybox.in \ - $(srcdir)/lxc-centos.in $(srcdir)/lxc-cirros.in \ - $(srcdir)/lxc-debian.in $(srcdir)/lxc-download.in \ - $(srcdir)/lxc-fedora.in $(srcdir)/lxc-gentoo.in \ - $(srcdir)/lxc-openmandriva.in $(srcdir)/lxc-opensuse.in \ - $(srcdir)/lxc-oracle.in $(srcdir)/lxc-plamo.in \ - $(srcdir)/lxc-sshd.in $(srcdir)/lxc-ubuntu.in \ - $(srcdir)/lxc-ubuntu-cloud.in ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/tls.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-alpine lxc-altlinux lxc-archlinux lxc-busybox \ lxc-centos lxc-cirros lxc-debian lxc-download lxc-fedora \ lxc-gentoo lxc-openmandriva lxc-opensuse lxc-oracle lxc-plamo \ - lxc-sshd lxc-ubuntu lxc-ubuntu-cloud + lxc-slackware lxc-sshd lxc-ubuntu lxc-ubuntu-cloud \ + lxc-sparclinux CONFIG_CLEAN_VPATH_FILES = am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ @@ -150,6 +152,16 @@ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) +am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/lxc-alpine.in \ + $(srcdir)/lxc-altlinux.in $(srcdir)/lxc-archlinux.in \ + $(srcdir)/lxc-busybox.in $(srcdir)/lxc-centos.in \ + $(srcdir)/lxc-cirros.in $(srcdir)/lxc-debian.in \ + $(srcdir)/lxc-download.in $(srcdir)/lxc-fedora.in \ + $(srcdir)/lxc-gentoo.in $(srcdir)/lxc-openmandriva.in \ + $(srcdir)/lxc-opensuse.in $(srcdir)/lxc-oracle.in \ + $(srcdir)/lxc-plamo.in $(srcdir)/lxc-slackware.in \ + $(srcdir)/lxc-sparclinux.in $(srcdir)/lxc-sshd.in \ + $(srcdir)/lxc-ubuntu-cloud.in $(srcdir)/lxc-ubuntu.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ @@ -202,6 +214,7 @@ LUA_LIBS = @LUA_LIBS@ LUA_SHAREDIR = @LUA_SHAREDIR@ LUA_VERSION = @LUA_VERSION@ +LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ @@ -215,6 +228,7 @@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ +LXC_VERSION_ABI = @LXC_VERSION_ABI@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ @@ -306,6 +320,7 @@ psdir = @psdir@ pyexecdir = @pyexecdir@ pythondir = @pythondir@ +runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ @@ -330,9 +345,11 @@ lxc-opensuse \ lxc-oracle \ lxc-plamo \ + lxc-slackware \ lxc-sshd \ lxc-ubuntu \ - lxc-ubuntu-cloud + lxc-ubuntu-cloud \ + lxc-sparclinux all: all-am @@ -349,7 +366,6 @@ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu templates/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu templates/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -395,12 +411,16 @@ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-plamo: $(top_builddir)/config.status $(srcdir)/lxc-plamo.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-slackware: $(top_builddir)/config.status $(srcdir)/lxc-slackware.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-sshd: $(top_builddir)/config.status $(srcdir)/lxc-sshd.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-ubuntu: $(top_builddir)/config.status $(srcdir)/lxc-ubuntu.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-ubuntu-cloud: $(top_builddir)/config.status $(srcdir)/lxc-ubuntu-cloud.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ +lxc-sparclinux: $(top_builddir)/config.status $(srcdir)/lxc-sparclinux.in + cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ install-templatesSCRIPTS: $(templates_SCRIPTS) @$(NORMAL_INSTALL) @list='$(templates_SCRIPTS)'; test -n "$(templatesdir)" || list=; \ @@ -590,6 +610,8 @@ mostlyclean mostlyclean-generic pdf pdf-am ps ps-am tags-am \ uninstall uninstall-am uninstall-templatesSCRIPTS +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded.