When installing LXC with the default options, a single non-symlink liblxc.so*
(e.g. liblxc.so.1.7.0) file is created:
```
$ ./autogen.sh && ./configure && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.7.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
However, when automake>=1.16.5, and the `--enable-pam` option is used, two
non-symlink liblxc.so* (e.g. liblxc.so.1.0.0 and liblxc.so.1.7.0) are
erroneously created:
```
$ ./autogen.sh && ./configure --enable-pam && make && \
rm -rf "$HOME/lxci" && make DESTDIR="$HOME/lxci" install && \
stat -c%N "$HOME/lxci/usr/local/lib/liblxc.so"*
[...]
'/home/someone/lxci/usr/local/lib/liblxc.so' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1' -> 'liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.0.0'
'/home/someone/lxci/usr/local/lib/liblxc.so.1.7.0'
```
This is due to infighting between libtool's and LXC's versioning:
libtool creates liblxc.so.1.0.0, then LXC's `install-exec-local` hook in
`Makefile.am` moves it to liblxc.so.1.7.0. However, with `--enable-pam`, the
`install-libLTLIBRARIES` target is re-triggered after `install-pamLTLIBRARIES`,
which will create liblxc.so.1.0.0 again.
The bigger problem here is that the install for the pam_cgfs library is done on
the `data` phase of the automake install process instead of the `exec` phase
(https://www.gnu.org/software/automake/manual/html_node/The-Two-Parts-of-Install.html),
which gives `install-libLTLIBRARIES` a chance to run again after the
`install-exec-local` / `install-exec-hook` targets have already run.
To fix this, we add an "exec_" prefix to the pam_cgfs library to make it run
during the `exec` phase (see link above). We also consolidate the various hooks
in the `install-exec-hook` target, which runs after the whole install, avoiding
needing to manually specify the dependencies like in `install-exec-local`.
Signed-off-by: Joan Bruguera <joanbrugueram@gmail.com>
When porting to the new list type we added an accidental ! when checking
whether the list is empty.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Not only uses this the recommended construct, it also makes the code
more uniform as in many other places the $() construct was already used.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
Since this is a union we might otherwise stomp on io_uring mmap()ed
memory.
Fixes: #4016
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
The 'which' command is deprecated on Debian Sid as it is not POSIX
compliant and it's behavior is therefor not consistent, so replace it
with 'command -v' which is POSIX compliant.
See https://stackoverflow.com/a/677212 for details.
Also replaced a use of backticks (`) as that is deprecated as well.
See https://github.com/koalaman/shellcheck/wiki/SC2006 for details.
Signed-off-by: Diederik de Haas <didi.debian@cknow.org>
On kernel not enabling or not using SMT core scheduling will return with
ENODEV. Handle such kernels.
Link: https://github.com/lxc/lxd/issues/9419
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Distribute traffic over cpu cores of container by configuring more
than 1 tx/rx queue.
Signed-off-by: Cole Dishington <Cole.Dishington@alliedtelesis.co.nz>
We keep running into situations where we want to pre-mount a pure
cgroup2 layout regardless of the layout of the host.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
We did th CRIU and kernel work but for some reason we never did push the
LXC work.
Link: cdb0d42702
commit cdb0d427020f ("net: allow restoring of precreated veth devices")
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
Apparently some users changed their rootfs via their lxc.mount.entry
entries. Let's not allow that as that can cause confusion during
container setup. So lets verify that the rootfs is stable after setup.
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
