Commits
Author | Commit | Message | Commit date | Issues | |
---|---|---|---|---|---|
Kir Kolyshkin | 8f0707a7fc4 | Released vzctl 4.0Changes: see http://wiki.openvz.org/Download/vzctl/4.0/changes Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | d49f0e919f9 | src/lib/cap.c: fix build with older userspaceWhen building on RHEL5, the following error appears: > cap.c: In function 'set_cap_bound': > cap.c:213: error: 'PR_CAPBSET_DROP' undeclared (first use in this function) > cap.c:213: error: (Each undeclared identifier is reported only once > cap.c:213: error: for each function it appears in.) Fix as usual. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Glauber Costa | f84404ff196 | [upstream] vzctl stop: wait for tasks to vanish before considering empty completeWe are currently facing problems because by the time we finish empty_container, some tasks may still be on their way to process the kill signal we just issued. A start / stop sequence can fail to cleanup the container due to that, and the same problem affects restart. Signed-off-by: Glauber Costa <glommer@parallels.com> | |||
Kir Kolyshkin | f985f997405 | arch-del_ip.sh: whitespace cleanupSpaces instead of tabs introduced by commit b9eb9fd Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 9cd97fa728c | arch-del_ip.sh: fix after commit b9eb9fd... which changed CFGFILE= to OLDCFGFILE= but forgot to change its references. Sigh. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 6a1867e53f7 | arch-del_ip.sh: fixFrom the bug reporter: > interface lines in /etc/rc.conf: > > venet0_0="venet0:0 173.245.4.250 netmask 255.255.255.255 broadcast 0.0.0.0" > venet0_1="venet0:1 10.10.10.12 netmask 255.255.255.255 broadcast 0.0.0.0" > > due to 'grep -B 1 -e "\\<${_IP}>\\" ${CFGFILE}' > > 'venet0_0 > venet0_1' > > is used as argument for del_param() and ifdown, first one reports > incorrect syntax in sed expressi... | |||
Kir Kolyshkin | f244c039e2d | vzctl won't work with ploop-1.4But since we don't really want ploop-lib as a dependency (because since vzctl is able to load ploop lib dynamically) we just specify Conflicts with older version. So, if ploop-lib < 1.5 is installed, vzctl installation will complain (and yum will probably try to resolve it), and if ploop-lib is not installed -- nothing will happen. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | da9e910853f | Lifted libcgroup req to 0.37This is the version available on RHEL/CentOS 6. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | d472f8b57d0 | vzmigrate: fix bashismOoops... commit 24a78bb3d9a introduced bashism (using == instead of = when comparing strings in [ ]) and therefore the fix was only working in bash not dash. http://bugzilla.openvz.org/2316 http://bugzilla.openvz.org/2356 Reported-by: Kalin Bogatzevski <kalin@bul.net> | |||
Kir Kolyshkin | 012b1ddb987 | vzctl mount,destroy,snapshot-list: error out for too many argumentsDo not silently ignore extra (unneeded) arguments, print an error and fail. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 5e91165bfda | init.d/vz: deduce /vz from VE_ROOT/VE_PRIVATEThis is an improvement to commit 4733497. Instead of assuming that VE_ROOT and VE_PRIVATE is under /vz, find out their common prefix and use it. In case there's no common prefix (i.e. it is /) we do nothing. http://bugzilla.openvz.org/2361 Reported-by: Paparaciz <helpaz@gmail.com> Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 36f182fccf0 | vzctl mount: implement pivot_root() for upstream CTInstead of just doing chroot(), we do pivot_root() and then umount those mounts that came from the parent mount namespace. pivot_root() is better because, unlike chroot(), there is no way to escape. In addition, this should make our CT checkpointable by crtools (http://criu.org). umount_old() implementation inspired by * lxc tools (src/lxc/conf.c) * libvirt (src/lxc/lxc_container.c) * crtoo... | |||
Kir Kolyshkin | fe16d770cf2 | src/lib/cgroup.c: fix a compiler warningclang gives this: | CC cgroup.lo | cgroup.c:344:11: warning: equality comparison with extraneous parentheses [-Wparentheses-equality] | if ((ret == ECGROUPNOTEXIST)) { | ~~~~^~~~~~~~~~~~~~~~~~ | cgroup.c:344:11: note: remove extraneous parentheses around the comparison to silence this warning | if ((ret == ECGROUPNOTEXIST)) { | ~ ^ ... | |||
Kir Kolyshkin | c92e70a6dc1 | vzctl status: do not show 'suspended' for running containerIt made little sense and was looking strange. Fix man page accordingly. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 978f3225012 | vzctl status: do not show 'mounted' in error caseThe fact that vps_is_mounted() returned an error (-1) doesn't mean we should tell CT is mounted. Check for 1 explicitly. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | b911bab58e1 | setver.sh: add ability to specify -U or -FSo from now on -i, -U and -F has the same meaning as to rpm (install, build, freshen). Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 52cb9844bc6 | Add missing comma to an error messageMessage added by a recent patch which I overlooked. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Glauber Costa | 8e207ef21f6 | cleanup container before startupRight now, we can leak some values from one run to another, if for any reason this container is still represented in the cgroup filesystem. This means that one-time configuration from the previous run can potentially stay, specially if there aren't any saved value for the said property. A robust and conservative approach is to make sure that everything related to our container is always cleane... | |||
Glauber Costa | ee081932f07 | fix error code in empty containerIf the cgroup does not exist, we rightfully refrain from proceeding in this function. But we still return an error. This function should return success in this case. Signed-off-by: Glauber Costa <glommer@parallels.com> | |||
Glauber Costa | a2314a3350a | make sure destroy_container really destroys itBecause libcgroup is heavily cached and operates in its in-memory data structures, cgroup deletion doesn't really work these days. We see no error message, but the hierarchies are still present in the filesystem. For that, we need to make sure that all controllers are in sync with the on-disk version. We do this by issuing cgroup_get_cgroup() before deletion. If that returns an error because t... | |||
Glauber Costa | 791337d2fd2 | fix a leak in task additionWhile reading the code, debugging a different problem, I noticed that we can leak a cgroup structure if container_add_task fails. This patch should fix it. Signed-off-by: Glauber Costa <glommer@parallels.com> | |||
Glauber Costa | c0a411f09a6 | make container_is_running more robustThe current logic we use to test if the container is running is to check if the container exist in the cgroup filesystem. If it does, we check if there are tasks left in any of those controllers. If works well, assuming we are in control all the time. Kir demonstrated that this fails if someone removes one of the controllers from the hierarchy. In that case we'll fail because the controller do... | |||
Kir Kolyshkin | d0f085f523b | postcreate.sh: check if file exists before setting fattrFrom the bug reporter: template does not have /usr/sbin/suexec inside. [root@backup01-va]# vzctl create 6546 ... Creating container private area (fedora-minimal-15-x86) Performing postcreate actions setfattr: /vz/root/6546/usr/sbin/suexec: No such file or directory CT configuration saved to /etc/vz/conf/6546.conf Container private area was created http://bugzilla.openvz.org/2363 Rep... | |||
Glauber Costa | 376cfca9051 | implement setdevpermThis patch implements the still missing setdevperm for upstream Linux containers. We currently live in a situation where devices are unrestricted inside the container. In order to restrict accesses to devices, we'll use the device cgroup. By default, we give the container a restrictive set of enabled devices, mostly comprised by /dev/zero, /dev/null, /dev/console, and pts. With that in place,... | |||
Glauber Costa | 42861fdb05c | change header of cgroup configuration functionWe were deadling with mostly long quantities up to now. When we start dealing with the device cgroup, it is a lot more convenient to pass a string (passing the struct dev directly would also work). So as a first step, change the function signature to accept a void pointer instead. We provide a val = _val void-to-ulong translation to minimize disruption to the rest of the code Signed-off-by: G... | |||
Glauber Costa | a984867a497 | Do not enclose all containers in a vz directoryIt could be interesting to keep the vz/ directory in cgroups filesystem; both for organization and to allow admins to apply restrictions to the whole set of containers. That is why we have been doing it this way so far. There is, however, general upstream acceptance that this should be avoided. Although it seems to the outside as a merely grouping facility, there are costs associated with this... | |||
Kir Kolyshkin | 5e57fd4cf8d | vzctl start: set more caps for upstream kernel | |||
Kir Kolyshkin | 808cb3bf098 | vzctl stop: do not clean up IPs for upstream CTThis hides the error message when stopping CT: # vzctl stop 111 --fast Directory /proc/vz not found, assuming non-OpenVZ kernel >>>> Unable to open /proc/vz/veinfo: No such file or directory Killing container ... Container was stopped Container is unmounted Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 0ca2e28594a | vzctl: hide '/usr/sbin/vzquota not found' messagevzquota can only be used for OpenVZ kernel and simfs layout. In most places we fixed it by disabling quota for upstream case, but here in fsumount we should try to turn off quota regardless of the setting (to be able to turn off quota on a container for which we disabled it after start). Now, with vzctl-core vzctl can be used on upstream containers without vzquota, and vzquota binary is not av... | |||
Kir Kolyshkin | 83df16c4001 | vzctl.spec: move bash-completion script from -core to main pkgbash-completion relies heavily on vzlist, which is not in -core. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 015e362ab7c | vzctl set --diskinodes: warn it's ignored on ploopThe fact that --diskinodes is ignored for ploop CTs is mentioned in vzctl(8), but it's way more effective to tell it right then a user tries to set it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 492bd86aa86 | set(): reorder conditionsCheck for diskquota first to avoid uneeded ve_private_is_ploop() call. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Andrey Vagin | 1e8843ab61f | cap: restrict capabilities by a bounding setA bounding set restricts a file capabilities. P'(permitted) = (P(inheritable) & F(inheritable)) | (F(permitted) & cap_bset). Take into account a follow statement from man capabilities: """ When a process execve(2)s a set-user-ID-root program, it gains all capabilities in its permitted and effective capability sets, except those masked out by the capability bounding ... | |||
Glauber Costa | 8be7335d34e | Change mount to a symlink for /var/run/netns fileAlthough the documentation for ip suggests that the file in /var/run/netns should be a bind mount of the /proc file, it also claims that: 1) Any fd will do 2) This will keep the reference to the namespace open until one umounts. We don't really need to assert 2). After the container is dead, we have no business with its namespace. If the container dies, for instance, without having the chance... | |||
Kir Kolyshkin | 7c47a79536c | read_elf(): eliminate race condition when checking /sbin/initFrom Vasily (http://openvz.org/pipermail/devel/2012-July/028877.html): stat()+open() is not atomic in the code below, so there is a race condition. A container root may change /sbin/init between these calls to e.g. FIFO and then make the vzctl's process hang up on read(). I'd add O_NOCTTY to open's flags and change stat() before open() to fstat() just after open(). Fix according to the... | |||
William Pitcock | 1263c4705dd | dists: add distribution config file for Alpine LinuxAlpine Linux is a lightweight distribution built on top of uClibc and Busybox, with Debian-like network configuration. Signed-off-by: William Pitcock <william.pitcock@enzu.com> | |||
Kir Kolyshkin | 47334979b9b | init.d/vz: Add /vz to PRUNEPATHS in /etc/updatedb.confSo updatedb won't: 1 clog its database with lots of file entries 2 interfere with vzctl umount TODO: same functionality for etc/init.d/vz-gentoo Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 84976997473 | Do call set_personality32() even when compiling for i386It appears some people are using 32-bit vzctl on an x86_64 kernel, and it appears that it actually works. The only problem is since set_personality32() is not used, 'uname -m' inside a container reports x86_64, which screws up yum etc. Fix it by always using set_personality32(). Originally reported by lj user ganagin (http://ganagin.livejournal.com/) at http://ru-linux.livejournal.com/2880581... | |||
Kir Kolyshkin | 973920e34ea | configure.ac: for x86_64, set libdir to lib64If building for x86_64 and libdir is not explicitly set, set it to end up in lib64 as it should be. This should result in usable vzctl when doing manual compile/install. Note that when we build rpms, we explicitly set --libdir when calling configure, but if we try a manual build we might end up installing libraries into wrong place. Reported-by: Glauber Costa <glommer@openvz.org> Signed-off-b... | |||
Kir Kolyshkin | 6fe5fcf1567 | configure.ac: check for $target_cpu not $build_cpuWhat we should care for is $target_cpu. It is not important in the usual not cross-compiling case, but let's be perfect. While at it, (re-)add a comment explaining why we need -m64. This comment was initially introduced by commit 1eb3cfa and was later lost in commit d69917c. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 267c283ac31 | Improved capability setting codeThis patch should make set_cap() more error-prone and correct. (1) Add defines for _LINUX_CAPABILITY_VERSION_* in case of old headers during compilation (2) Do not set version before doing getcap(). This helps to eliminate the following kernel warning: warning: `vzctl' uses 32-bit capabilities (legacy support in use) (3) Check version returned by getcap(); fail with ENOSYS if we do... | |||
Kir Kolyshkin | 52bd83b1a98 | vzctl start/stop: print error for non-applicable optionsparse_startstop_opt() is a bit tricky because it tries to parse both start and stop options. Existing code properly rejects a bad option and returns the proper error code, but it does that silently. That leads to e.g: # vzctl start 101 --skip-umount --force # echo $? 20 Fix it by providing an error message. Now it is: # vzctl start 101 --skip-umount --force Option --skip-umount is not a... | |||
Kir Kolyshkin | d3c8b959c84 | Move scripts and modules to /usr/libexecThe problem with $libdir/vzctl is $libdir is arch-dependent, it is either /usr/lib or /usr/lib64. The stuff under it is NOT arch-dependant so it doesn't make much sense. Therefore, let's move it to /usr/libexec/vzctl and relax. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 349bc2d7043 | Rectify scripts dirWe were using VZLIBDIR and PKGCONFDIR/scripts in different places. This patch simplifies it, now we have SCRIPTDIR defined in paths.am and propagated to all needed places. This makes all this stuff less confusing, more straightforward. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | f85a15c3002 | Rectify modules dir definitionInstead of defining it in a few places, let's define in paths.am and then propagate to all needed places. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 1bf77b2bf49 | configure.ac: provide description to AC_DEFINE definesThis would be needed for autoheader (which we don't currently use) and does not make much difference otherwise. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | bc6814daba7 | vzctl.spec: remove _scriptdirIt was not used since commit cb7ec72. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | 9e61b01e59f | src/lib/Makefile.am: add DL_LIBSAdd DL_LIBS (ie -ldl) to src/lib, because dlopen() is called from src/lib/image.c so vzctl library requires it. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | ffa3e9bf65a | src/Makefile.am: fixed highly parallel buildmake -j99 fails because make sees no dependency between src and lib. Fix by removing prefix from VZCTL_LIBS, it seems to help and not break anything. Signed-off-by: Kir Kolyshkin <kir@openvz.org> | |||
Kir Kolyshkin | cf522464277 | Rename config.h -> vzconfig.hconfig.h is usually used by autotools. Signed-off-by: Kir Kolyshkin <kir@openvz.org> |