2015-07-01 Daniel P. Berrange <berrange@redhat.com> Update release notes for 0.6.0 release 2015-07-01 Cédric Bosdonnat <cbosdonnat@suse.com> Get gvir_sandbox_util_guess_image_format search for the last '.' gvir_sandbox_util_guess_image_format is failing to find the extension in paths like /tmp/tmp.mg0tQ1JLFl/mine.img Cleanup the disks.cfg file The newly introduced disks.cfg file is still remaining in the configuration folder after the sandbox is stopped. Let's remove it like the other things there. 2015-07-01 Daniel P. Berrange <berrange@redhat.com> Ensure libvirt-sandbox-init-common uses correct ld-linux The libc.so library requires certainly functionality to be provided by the ld-linux.so library. The ld-linux.so is loaded by the kernel based on the PT_INTERP ELF section, and as such LD_LIBRARY_PATH has no effect. So, although libvirt-sandbox-init-{qemu,lxc} set LD_LIBRARY_PATH to force use of the libs from the host OS image, the common init program was stil using the ld-linux.so from the guest OS image. Sometimes this works, sometimes it breaks. When trying to run Fedora 19 as the root filesystem from a Fedora 22 host, it would break thus: /etc/libvirt-sandbox/scratch/.libs/libvirt-sandbox-init-common: relocation error: /etc/libvirt-sandbox/scratch/.libs/libc.so.6: symbol _dl_find_dso_for_object, version GLIBC_PRIVATE not defined in file ld-linux-x86-64.so.2 with link time reference To deal with this we must ensure that we always invoke the libvirt-sandbox-init-common program using the ld-linux that was provided by the host OS image. The sandbox builder is tweaked so that it always copies the host ld-linux.so into the libs scratch directory, and gives it a predictable name 'ld.so', since every architecture seems to have a different name. The libvirt-sandbox-init-{lxc,qemu} files are changed so that instead of exec'ing libvirt-sandbox-init-common directly, they will load it via the ld.so file. 2015-06-30 Daniel P. Berrange <berrange@redhat.com> Use passthrough mode for all file systems The QEMU 'mapped' access mode has strange semantics wrt symlinks. It does not use symlinks in the filesystem, instead creating regular files and setting an xattr to say they are a symlink. This makes it impossible to use generic pre-built filesystem trees. 2015-06-30 Cédric Bosdonnat <cbosdonnat@suse.com> container builder: don't expose host rootfs if unneeded If the user defined a mount targeting / don't add the host / as mount to /. Don't add sandbox:root device if we have a mount targetting / There is no need to expose the host file system if the user defined a mount targetting / Add function to check if there is a mount with / target gvir_sandbox_config_has_root_mount is a convenience function to check if there is a mount with target '/' qemu: use mounts targeting / as root So far a mount with / as target doesn't change anything: the host / is still the one mounted as /. libvirt-sandbox-init-qemu now detects the presence of a / target in mounts.cfg and mounts it instead of sandbox:root. init-qemu: extract the mounts.cfg ntry mounting code Create a mount_entry function from the code mounting the entries defined in mounts.cfg in order to be able to reuse that code. This will later be useful to mount a / from mounts.cfg. Remove init-common dependency on libvirt-sandbox.so Removing this dependency avoids getting all libvirt.so dependencies loaded in our container. Copy all needed init programs and all its deps to config subdir In order to be able to mount a custom host-image as / we need to be able to access libvirt-sandbox-init-common and all its needed dependencies. In the container case we also need to copy libvirt-sandbox-init-lxc. They are now copied into SANDBOXCONFIGDIR /.libs. Hard linking is not possible since we may be working on separate partitions, and symlinks wouldn't help to work with apparmor. Copying makes apparmor happy and solves our problem. Make init-lxc all static When running a sandbox with a / different from the host one, we will need to copy all init-lxc dependencies into a mounted folder... but we have no way to tell libvirt to set the LD_LIBRARY_PATH for the init command. Turning init-lxc all-static help us work around that problem, and drops the useless dependencies on glib and libvirt-sandbox. Enable strcmp checks in libvirt-sandbox-init-qemu.c Allow disabling zlib support. Some distributions may not have static zlib package. Allow disabling it at build time. Allow disabling build with lzma. Some linux distributions don't package static lzma library. Allow disabling it. 2015-06-26 Daniel P. Berrange <berrange@redhat.com> Bump version to 0.6.0 for next relase & reset syms file The SONAME value was bumped since the 0.5.1 release, so the .syms version can have its version sections all merged to one single version once again. Pick correct disk prefix based on builder subclass The LXC builder use /dev/sda while the QEMU builder uses /dev/vda for disk prefixes, so allow dymamic choice when writing disks.cfg 2015-06-26 Eren Yagdiran <erenyagdiran@gmail.com> Common-builder: /dev/disk/by-tag/thetag to /dev/vdN Common builder counts the disks devices and populates disks.cfg according to that.Disk devices are always come first than host-based images.In builder-machine, mounts of the host-based images will be mounted later. Common-init: Building symlink from disks.cfg Similar to the existing mounts.cfg, the mapping between the device and the tag is passed by a new disks.cfg file. Common-init reads disks.cfg and maps the tags to corresponding devices 2015-06-26 Cédric Bosdonnat <cbosdonnat@suse.com> qemu: use devtmpfs rather than tmpfs to auto-populate /dev When using devtmpfs we don't need to care about the device nodes creation: it's less risk to forget some. It also eases the creation of the devices in the init-qemu. 2015-06-26 Eren Yagdiran <erenyagdiran@gmail.com> Add disk support to machine builder Use the new disk configuration in the container builder to provide disks in qemu sandboxes. The disks are virtio devices, but those shouldn't be known by the user. 2015-06-26 Cédric Bosdonnat <cbosdonnat@suse.com> Add gvir_sandbox_config_has_disks function Add helper function to check if a config contains disk devices. 2015-06-26 Eren Yagdiran <erenyagdiran@gmail.com> Add disk support to the container builder Use the new disk configuration in the container builder to provide disks in lxc containers sandboxes. Add disk parameter to virt-sandbox Allow users to add disk images to their sandbox. Only disk images are supported so far, but the parameter is intentionally designed for future changes. Add configuration object for disk support Add the config gobject, functions to store and load the new configuration fragments and test. This will allow creating sandboxes with attached disk with a parameter formatted like file:tag=/source/file.qcow2,format=qcow2 Add an utility function for guessing filetype from file extension Consider the file name extension as the image type, except for .img that are usually RAW images. 2015-06-25 Daniel P. Berrange <berrange@redhat.com> Add LIBVIRT_SANDBOX_INIT_DEBUG env variable Allow debugging of the init process separately from debugging of libvirt sandbox infrastructure, by using the new env var LIBVIRT_SANDBOX_INIT_DEBUG=1. Explicitly check for supported URIs when starting guests While the sandbox API is designed to be hypervisor agnostic, the internal implementation needs work for each hypervisor target. To avoid user errors at runtime, do an upfront check to see if the URI they supply is suitable. Since we don't support remote executions, we do a straight string comparison on the URI, instead of just a protocol check Support lzma and gzip compressed kernel modules Modern distros like Fedora have started to compress their kernel module files, so we can't simply read the file contents and load the module. We have to first do a decompression step, as the kernel won't do that itself. While Fedora uses lzma, upstream kernels are also capable of using gzip. This links in the lzma and gzip libraries to handle decompression. NB the static versions of lzma/gzip are required since libvirt-sandbox-init-qemu must be statically linked. 2015-06-19 Michal Privoznik <mprivozn@redhat.com> configure: Require newer libvirt-glib In the commit 68406aff new feature was introduced - users are allowed to select the format of mounted host images. However, this uses some libvirt-glib features that were introduced in the 0.2.1 release, e.g. the symbol GVIR_CONFIG_DOMAIN_FILESYS_DRIVER_LOOP was introduced in dbd063fe. So we must update the minimal required version of libvirt-glib. At the same time, update it in the spec file too. 2015-06-17 Cédric Bosdonnat <cbosdonnat@suse.com> configure: check for static libc Missing static libc doesn't really prevent the build to finish, but it would cause errors when running qemu sandboxes. Checking in configure will save time for new developers. 2015-06-16 Cédric Bosdonnat <cbosdonnat@suse.com> Add host-image format parameter Let the user specify the format of the source disk image in host-image mounts. This will allow us to mount other image types than raw ones. Note: sonum has been incremented due to ABI break. qemu: mount all host-images as ext4 To avoid troubles when mounting ext4 images, hard-code ext4 as mount format instead of ext3. Write /dev/vd* instead of vd* in mounts.cfg Fixes a regression introduced by d74b4350: the init-qemu tool expects /dev/vd* sources to create the block device, while we were just having vd*. Write again /dev/vd* to mounts.cfg. Make sure the sandbox state dir and config can be accessed When running a KVM sandbox as root, the qemu process will run as another user (likely qemu). We need to make sure this user can access the vmlinux and initrd.img, sandbox.cfg and mounts.cfg files. 2015-02-18 Daniel P. Berrange <berrange@redhat.com> Switch over to using zanata for translation Remove obsolete transifex config and add zanata config, re-generating all po files 2014-12-09 Cédric Bosdonnat <cbosdonnat@suse.com> Yet another /lib -> /usr/lib path fix for systemd 2014-11-26 Cédric Bosdonnat <cbosdonnat@suse.com> virt-sandbox-service: mount /var after all other file systems When creating a sandbox with an image file, the /var folder contains the mounted image. If we mount it before other file systems, how could we possibly mount them? The new /var won't contain the mounted image. 2014-11-18 Cédric Bosdonnat <cbosdonnat@suse.com> AppArmor support Implement construction of apparmor security labels. The choice between selinux and apparmor model isn't exposed to the user, but guessed depending on what the host supports. virt-sandbox-service: fix some paths for SUSE Don't fail is /etc/rc.d/init.d/functions doesn't exist: this is deprecated in LSB and /lib/lsb/init-functions should be used instead. Similarily, SUSE distros have /etc/skel/.profile instead of /etc/skel/.bash_profile. Added one more file to check and be more lennient with missing ones virt-sandbox-service: check for security label only if they can be handled virt-sandbox-service assumes libvirt has selinux security model... which is not necessarily the case. If no security model is defined, then don't check for dynamic labels. 2014-11-05 Gene Czarcinski <gczarcinski@ec.rr.com> v1.1 add -v to dhclient parameter arguments This patch improves the ability to understand what is happening with dchlient and is obviously optional. v1.1 for dhclient use g_spawn_sync() This patch addresses problem RHBZ #1133686. For some (unknown to me) reason, g_spawn_async() is not starting dhclient so that a dhcp NIC can be configured. However, simply using g_spawn_sync() works. This was the only use of g_spawn_async(). Note: There is no problem using sync instead of async since dhclient will disconnect and put itself in the background once the network is started. 2014-11-05 Michal Privoznik <mprivozn@redhat.com> libvirt-sandbox-config.c: Fix comment Inline comments in the code should have only one star, two stars are reserved for function documentation from which gtk doc is generated. This commit resolves this warning: GISCAN LibvirtSandbox-1.0.gir libvirt-sandbox-config.c:2142: Error: LibvirtSandbox: Skipping invalid GTK-Doc comment block: /** XXX hack */ ^ m4: sync macros with libvirt The macros under the m4 directory are outdated a bit. When trying to compile with newer gcc I see some errors: make[4]: Entering directory '/home/zippy/work/libvirt/libvirt-sanbox.git/libvirt-sandbox' CC libvirt_sandbox_1_0_la-libvirt-sandbox-main.lo gcc: warning: switch '-Wmudflap' is no longer supported 2014-11-04 Michal Privoznik <mprivozn@redhat.com> Makefile: link SELINUX into libvirt-sandbox-1.0.so The code that uses SELinux is compiled into libvirt-sandbox-1.0.so so it must be linked against -lselinux. Otherwise an error occurs: make[4]: Entering directory '/home/zippy/work/libvirt/libvirt-sanbox.git/libvirt-sandbox' CCLD libvirt-sandbox-init-lxc ./.libs/libvirt-sandbox-1.0.so: undefined reference to `getcon' ./.libs/libvirt-sandbox-1.0.so: undefined reference to `freecon' collect2: error: ld returned 1 exit status virt-selinux.m4: Define SELINUX variables Later in Makefile we are using SELINUX_{CFLAGS,LIBS} variables. But we don't define them anywhere. As the result, if you don't have selinux linked by default, you'll get linkage error. 2014-06-25 Cédric Bosdonnat <cbosdonnat@suse.com> Only set SELinux seclabel if supported by the host. This code depends on new API in libvirt-gconfig to extract the secmodels handled by the host. 2014-06-04 Cedric Bosdonnat <cbosdonnat@suse.com> virt-sandbox-service: fixed /lib/ into /usr/lib for searching unit files /usr is the canonical installation location, so paths for systemd should use /usr/lib not /lib 2014-01-24 Christophe Fergeau <cfergeau@redhat.com> Factor common libvirt-sandbox-builder-{container,machine}.c code Some code added by the network filter support commit can easily be moved to a generic helper in libvirt-sandbox-builder.c 2014-01-24 Ian Main <imain@redhat.com> Add filter support. This patch adds two new classes, filterref and filterref-parameter. Network interfaces can now have an associated filter reference with any number of filterref parameters. Also added filter= option to virt-sandbox tool. 2014-01-17 Daniel P. Berrange <berrange@redhat.com> Switch over to using standard gobject introspection macros Remove hand crafted configure.ac and Makefile.am rules in favour of the standard macros. 2013-11-29 Daniel P. Berrange <berrange@redhat.com> Add support for re-creating sandbox configuration files Extend the upgrade command so that it can be used to re-create the sandbox config file at any time. It will load the main config and re-create the libvirt config to match it. 2013-11-28 Daniel P. Berrange <berrange@redhat.com> Block SIGHUP when running dhclient The dhclient process we create is associated with the controlling terminal of the "init" process. When we systemd in a container one of the first things it does is disassociate itself from any controlling terminal. This causes other apps associated with that session to receive SIGHUP. This unfortunately kills off the dhclient process we spawned. We can't set the signal handler to SIG_IGN since glib2's spawn method will reset that. Instead we just block the SIGHUP signal entirely using a signal mask. 2013-11-27 Daniel P. Berrange <berrange@redhat.com> Prevent use of virt-sandbox-service as non-root The lxc:/// driver is only supported when running as root, since we need elevated privileges to create various files. Explicitly prevent it running as uid == 0. 2013-11-21 Christophe Fergeau <cfergeau@redhat.com> GVirSandboxConfigNetwork: Fix small finalize() leak The content of the 'addrs' and 'routes' lists is freed, but the list themselves were not g_list_free()'ed 2013-11-18 Daniel P. Berrange <berrange@redhat.com> Update for 0.5.1 release 2013-11-15 Dan Walsh <dwalsh@redhat.com> Handle the case of multiple mounts with virt-sandbox-service. Currently if you execute virt-sandbox-service create --mount=... --mount=... Only the last mount gets added via the argparser, since the arg is parsed as a scalar, not a list 2013-11-13 Daniel P. Berrange <berrange@redhat.com> Revert "Always set earlyprintk kernel arg" This reverts commit b14ce17bb357d5b7f99562c91dafb521f6985b40. The commit message was completely wrong. initrd messages go to the primary console as normal without needing earlyprintk. Adding earlyprintk means you get early boot messages spewed to the console Don't require all modules to exist Any of the desired kernel modules may exist as a built-in, so we should not require any of them to exist standalone. This does slightly worsen error diagnostics, but it is better than bogus failures to find modules. Add more kernel modules for KVM boot Fedora 21 kernels have split out some more virtio pieces into modules rather than built-ins. Add virtio, virtio_ring, virtio_pci, and virtio_console modules 2013-10-03 Daniel P. Berrange <berrange@redhat.com> Add requires between libvirt-sandbox & libvirt-sandbox-libs While RPM adds an implicit dep between libvirt-sandbox & libvirt-sandbox-libs based on the ELF library linkage, the RPM package guidelines require a fully specified dep using version + release. 2013-10-02 Daniel P. Berrange <berrange@redhat.com> Rollback state if cloning container fails part way Wrap the entire container clone process in an exception handling block which deletes the (partially created) new container on error. Also sanity check if the target container exists before attempting to clone. Only allow lxc:/// URI usage with virt-sandbox-service While the goal is to allow use of qemu with virt-sandbox-service, this is not currently possible. To prevent users creating trouble for themselves, add a check for lxc:/// URI. Add '-p PATH' arg to virt-sandbox-service clone/delete commands The 'create' command for virt-sandbox-service accepts a '-p PATH' arg to override use of /var/lib/libvirt/filesystems. The 'delete' and 'clone' commands must also support this arg if they are to work. Fix symlink path in multi-user.target.wants Sinc we switched to using a drop-in unit file override in change 775cebb4e2d5cd04d9c4ceb0a48dd36e22a3682c, the symlink from multi-user.target.wants is broken. We must link to the original source unit file via the fully qualified path. Systemd didn't actually mind that the symlink was dangling, but it is safer to ensure it is correct, in case systemd gets more strict in the future. Avoid crash when gateway is missing The gateway parameter is required, but the docs mistakenly said it was optional. Leaving it out lead to a crash in the parser. Mass re-indent of source Re-indent source to match emacs indent rules previously defined. Add emacs indentation comments to all source files. To help prevent mangling of whitespace add magic emacs indentation comments. Add libvirt-sandbox-builder-machine.c to POTFILES.in Remove tabs from indent. 2013-10-01 Daniel P. Berrange <berrange@redhat.com> Copy kernel image to allow it to be relabelled Instead of directly pointing to /boot/vmlinuz-XXXX, copy the kernel to the sandbox statedir. This allows SELinux to do relabelling on it without failure. Revert "virt-sandbox patch to launch containers with proper label" This reverts commit e55ca13a14a47eab274393e15f6a60cce8efedc8 which was mistakenly pushed. Fix cleanup of files on failed start of interactive sandbox Be sure to call both cleanup functions if starting an interactive sandbox fails. This deletes the initrd file and other configs. Also make sure to clean the builder subclass specific files before trying to remove the directories, otherwise the code will try and fail to remove non-empty dirs Force 9p version to version=9p2000.u With 9p version=9p2000.L, we tickle two bugs in QEMU's code. One breaks most calls with ENODEV on FS_IOC_GETVERSION ioctls. The other breaks xattr checks due to inverted errno. In addition with 9p2000.L we see extra permission checks on dirs, which prevents the guest from over-mounting dirs like /root that are restricted on the user running QEMU. Fix inverted strcmp test in mount options for QEMU The QEMU init binary intended to set nosuid & nodev on any tmpfs filesystem. Due to a backwards strcmp test, it set those flaws on everything except tmpfs. Don't overmount '/root' in QEMU sandboxes If the user wants to replace '/root' they can do that explicitly. Don't overmount it ourselves. This fixes an inconsistency between LXC & QEMU setups. 2013-09-30 Daniel P. Berrange <berrange@redhat.com> Always set earlyprintk kernel arg If the initrd fails and prints to stderr, this goes to /dev/null unless earlyprintk is enabled. We always want to see initrd errors, so we should always have earlyprintk set. Allow kernel version/path/kmod path to be set Add --kernver, --kernpath and --kmodpath args to virt-sandbox command. Add check for kernel image existing Rather than rely on QEMU to report errors, check upfront if the request kernel image actually exists. Improve error reporting if kernel does not exist GIO provides a very poor error message when enumerating files for a directory which does not exist. Do an explicit check to detect this scenario 2013-09-30 Dan Walsh <dwalsh@redhat.com> virt-sandbox patch to launch containers with proper label virt-sandbox should be launching containers based off the lxc_context file from selinux-policy. I changed the hard coded paths to match the latest fedora assigned labels. Fedora 20 SELinux Policy and beyond will have proper SELinux labels in its lxc_contexts file. 2013-09-18 Daniel P. Berrange <berrange@redhat.com> Stop using broken shutil.copytree() method The shutil.copytree() method is broken in several ways - Raises exceptions if it sees a socket or fifo - Copies block/char device content into plain files - Calls stat() far too many times Fixing this requires passing a callback to filter the file list, which requires more use of stat() making it even less efficient. Ditch it and write a method that works correctly for our needs, skipping block/char/fifo/socket files entirely. Don't replace stack trace when re-raising an exception In a 'except Foo, e' block it is common to re-raise an exception by doing 'raise e'. This is bad because it creates a copy of the exception with a new stack trace. By simply doing 'raise' the original exception is used with the stack trace intact. Cope with domain being missing when deleting container If container creation failed, the domain may not yet have been defined with libvirt. Thus the 'delete' method should not assume it exists. Log a message if cleanup of broken container fails If creating a container fails, we attempt to clean up. If this cleanup fails, write a message so the user can see it Ensure 'unitfile' attribute is always present In the SystemdContainer class, make sure that the 'unitfile' attribute is always set in the constructor, so later methods can rely on it. 2013-08-15 Daniel P. Berrange <berrange@redhat.com> Fix broken 'default' case in switch statement The 'default' case somehow got placed on the wrong line, leading to unreachable code. Remove bogus check for NULL in cleanup path The 'config' object in libvirt-sandbox-context-service.c methods cannot be NULL, so checking 'if (config)' is pointless code. Fix leak of file handle in libvirt-sandbox-init-qemu The 'FILE *' handle used to read /proc/cmdline was not closed in all codepaths. This caused coverity to identify a resource leak. Fix leak of file handle in libvirt-sandbox-init-common If several error cases of the run_interactive method, the sigpipe or host file descriptors could be leaked. Avoid close of un-opened file descriptor In libvirt-sandbox-init-qemu if open() returned -1 and errno was set to EEXIST then close() would be called on a FD that was -1. This fixes a coverity identified issue. Add pod docs for 'ram' filesystem mount syntax Neither virt-sandbox or virt-sandbox-service man pages documented the 'ram' filesystem mount syntax. Fix that, and also add new line breaks in virt-sandbox-service man page. Fix crash if mount option is not fully specified If the user specified '-m ram:/tmp' instead of '-m ram:/tmp=500M' the code would reference a NULL pointer. Fix it to return an error message instead. This fixes a coverity identified issue. Remove unused 'int fd' variable The 'int fd' variable in gvir_sandbox_builder_machine_mkinitrd was no longer used, causing a coverity warning about dead code. Check return value from mkdir in libvirt-sandbox-init-qemu Most calls to mkdir() in libvirt-sandbox-init-qemu had their return value checked, but one was missed. 2013-08-15 Dan Walsh <dwalsh@redhat.com> virt-sandbox needs to mention LIBVIRT_DEFAULT_URI environment variable. Since lots of people want to try out LXC with virt-sandbox, executing -c lxc:/// is a pain, but users might not know about the varible or the config file. Fix SEE ALSO lines to be multi-line -S is not supported by virt-sandbox -S option has been removed from virt-sandbox, should be removed from man page. Add virt-sandbox -s inherit, to execute the sandbox from the parent. This will allow us to run sandbox as the calling process, If I am running a shell as staff_u:unconfined_r:unconfined_t:s0, and I execute virt-sandbox -c lxc/// -- /bin/sh /bin/sh will run as staff_u:unconfined_r:unconfined_t:s0 2013-08-13 Daniel P. Berrange <berrange@redhat.com> Fix logrotate script to use virsh list The 'virt-sandbox-service list' command was removed, so the logrotate script must use 'virsh list' instead Fix upgrade command wrt to generic containers The generic containers do not include any integration with systemd on the host. So during upgrade we must skip the unit file rewriting 2013-08-12 Daniel P. Berrange <berrange@redhat.com> Add support for '--root' arg to virt-sandbox Wire up the '--root' arg to virt-sandbox so that it does not have to inherit the host's root OS 2013-08-08 Wayne Sun <gsun@redhat.com> Fix delete of running container Delete running container is not supprted and will report an error. Related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=994495 v1: Fix stop function and delete running container. v2: Delete running container is not allowed, spawn virsh to get domain status. v3: Using exist libvirt connection to get dom status. 2013-08-08 Zhe Peng <zpeng@redhat.com> Update man page about virt-sandbox-service Remove obsolete 'list', 'start', 'stop' commands and add new 'upgrade' command. 2013-08-01 Daniel P. Berrange <berrange@redhat.com> Fix path to systemd binary Systemd's preferred path is /lib/systemd/systemd, not /bin/systemd. The latter was a temporary symlink, now removed. Update for 0.5.0 release To reflect major changed functionality, update to 0.5.0 version number. Also bump soname ABI Add support for upgrading sandbox configs To enable migration from earlier versions, add support for upgrading sandbox config files. Add man page note about default URIs in libvirt Misc man page fixes Wrap long lines in the man pages. Make it clearer how to provide args to commands. Fix path of example config file. Use /etc/libvirt-sandbox/services/$NAME/ to store configs The service sandbox currently puts configs in /var/run/libvirt-sandbox duplicating /etc/libvirt-sandbox/services/$NAME.cfg. In addition the /var/run directory is not persistent across host restarts. Move all the persistent configs in /etc/libvirt-sandbox/services/$NAME/ Add ability to load/save config to in-memory data In addition to supporting load/save to a file, also allow for use of in memory data blob. Fix cloning of containers We must ensure the new container has the full config when cloning. Remove stop/start/list commands from virsh-sandbox-service The stop/start/list commands duplicate functionality provided by virsh. Remove them in favour of having users use the latter. Improve error message from 'virt-sandbox-service delete' When the sandbox was already deleted, the virt-sandbox-service returned a "no such file or directory" error message. Change that to explicitly tell the user the sandbox was deleted. Convert virt-sandbox-service to create/delete persistent guests When creating a service sandbox, define a persistent guest config and when deleting it, undefine the guest config. Remove obsolete 'autodestroy' property The 'autodestroy' property was added based on the flawed assumption that all the stop/start logic could be kept in the based sandbox context class. Now that the start and stop methods are overridable in subclasses, the property has no vale. Delete it. Switch service sandboxes to use persistent libvirt configs Move all the start/stop code out of the base sandbox context, into the sub-classes. The current code using transient guests is used for the interactive context, while the service context is changed to use persistent guests. 2013-07-31 Daniel P. Berrange <berrange@redhat.com> Remove use of 'active' flag in sandbox context Instead of using a 'gboolean active' flag to track if the sandbox is active, just rely on 'domain != NULL'. This facilitates overriding start/stop methods in subclasses Don't store a builder object in the sandbox context There's no need to store a builder object in the sandbox context object. It can be re-created whenever needed at time of use. Rename tmpdir to statedir in sandbox builder classes The directory where we store sandbox state files is not really a temporary directory, but rather a state directory, which is cleaned up based on some arbitrary rules. Rename the parameter pass to the sandbox builders from 'tmpdir' to 'statedir' to reflect this. Also stop explicitly passing around 'configdir' since this can be derived from 'statedir' when needed Make sandbox context start/stop/attach/detach methods virtual Make the start/stop/attach/detach methods virtual in the sandbox context class to allow overriding in subclasses. Make domain property in sandbox context writable Allow subclasses to set the 'domain' property in the sandbox context. Add padding to all public structs Remove unimplemented graphical sandbox classes The support for graphical sandboxes has never been properly implemented. Delete all the related classes. They can be re-introduced at a later date, as & when support for graphical sanboxes is actually done for real. Remove obsolete 'prestart' hook in sandbox context class The 'prestart' hook was invented to allow subclasses to extend startup code, but has proved insufficiently flexible to be useful. Remove it. Fix indentation of RPM arch conditional 2013-07-29 Daniel P. Berrange <berrange@redhat.com> Avoid dep on qemu if kvm is available We don't want to depend on libvirt-daemon-qemu by default if KVM available, since the former pulls in every known QEMU emulator 2013-07-18 Dan Walsh <dwalsh@redhat.com> Stop generating UNIT_sandbox.target with virt-sandbox-service. We have decided to require the admin to generate a target for all of his sandboxes, so that he can start them all at once. systemd enable FOOBAR_sandbox.service will now enable in the multi-user target. 2013-07-18 Alex Jia <ajia@redhat.com> Docs: update EXAMPLES section of virt-sandbox man page 2013-07-18 Wayne Sun <gsun@redhat.com> Docs: remove duplicate -u item in create man page This related to bug: https://bugzilla.redhat.com/show_bug.cgi?id=916651#c11 2013-07-10 Daniel P. Berrange <berrange@redhat.com> Remove duplicate typedef of GVirSandboxProtocolHeader 2013-07-09 Daniel P. Berrange <berrange@redhat.com> Add transifex config file Import translations from transifex Post release version bump Remove '-lselinux' from virt-sandbox-service-util linker flags Update for 0.1.8 release Update libvirt-glib dep to 0.1.7 Recently added APIs from libvirt-gconfig are required to configure sandboxes, so update dep to version 0.1.7 Fix removing journal if image creation fails. Cope with 'uuid' being None when removing journal when image creation fails. Don't add link in /var/log/journal for image based containers A container using an image for content does not have a journal which is accessible to the host, so don't create a link in /var/log/journal for it Don't hold open connection when showing console output Refactor virt-sandbox-service-util.c startup code Move creation of sandbox context & libvirt connection opening into individual command helpers. This will allow them to decide exactly when the context/connection should be released/closed. Add missing source files to gtk docs Remove obsolete code for joining a container virt-sandbox-service now uses virsh lxc-namespace-enter, so there is no need for code todo this manually. Delete it all Add API for releasing connection/domain for a console Allow for a console to release the connection/domain object it has internally. This is to allow the libvirt connection to be dropped when using a direct mode console. Don't cache log console in context object Create the log console on demand, as is done with the other types of console, instead of caching it ahead of time. Ignore .gmo files in po/ directory Add ability to directly open console pty device paths Using a libvirt stream object for accessing the console is good for privilege separated environments, or remote connections, but it requires that each sandbox hold open a libvirt connection for its lifetime. This quickly hits the libvirt connection limit of 20. Add an option to directly open the PTY device associated with the console, instead of using the stream object. This will (later) allow the connection to be closed while the sandbox is running. Add support for changing autodestroy behaviour Service containers need to exist across libvirtd restarts, so they should not be set to auto-destroy Include systemd-initctl.socket by default The /dev/initctl device must exist so that 'virsh shutdown' is able to trigger graceful shutdown of containers Refactor way file cleanup is performed Remove the separate GVirSandboxCleaner class and instead introduce some cleanup virtual methods on GVirSandboxBuilder. This avoids needing to maintain state in memory for cleanup. This in turn allows the process doing cleanup to be different from the one that launches the sandbox Use 'os.path.lexists' when removing journal file link The target of the symlink in /var/log/journal may not exist when we come to delete it, so use os.path.lexists, instead of os.path.exists Auto-generate AUTHORS file from GIT logs during make dist Instead of manually keeping the AUTHORS file in sync with GIT, auto-generate it during make dist phase Use config for recording UUID in virt-sandbox-service Record the UUID in the config, avoiding the need to use the /var/lib/libvirt/filesystems/$NAME/etc/machine-id file when deleting the container, which does not exist for image based containers Allow container UUID to be controlled Extend GVirSandboxConfig to record the container UUID, allowing it to be persisted for later use Avoid error about missing machine-id file If creation of a container fails, we must tolerate a missing /etc/machine-id file from the container filesystem Remove 'return' statement from two method calls in virt-sandbox-service Neither the set_security_opts or add_network_opts methods have a return value that virt-sandbox-service cares about. Use 'guest bind' for mount overrides with image based containers When creating a sandboxed service using an image, the bind mounts must be done in guest context, rather than host context. Add support for configuring NIC mac addresses Allow config of NIC mac addresses via a 'mac' parameter on the command line eg virt-sandbox -c qemu:///session -N mac=02:04:05:05:05:06 /bin/sh (and also for virt-sandbox-service) Add missing deps on pygobject3-base & libselinux-python virt-sandbox-service requires pygobject3-base and libselinux-python to be installed on a host. s/Requires/BuildRequires/ for glib-devel 2013-07-09 Wayne Sun <gsun@redhat.com> Fix formatting in virt-sandbox-service when raising ValueError ValueError expects the argument to be a string list, not a plain string. Using a plain string results in bad formatting when printing the error later /usr/bin/virt-sandbox-service: C /usr/bin/virt-sandbox-service: a /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: o /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: l /usr/bin/virt-sandbox-service: y /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: e /usr/bin/virt-sandbox-service: x /usr/bin/virt-sandbox-service: e /usr/bin/virt-sandbox-service: c /usr/bin/virt-sandbox-service: u /usr/bin/virt-sandbox-service: t /usr/bin/virt-sandbox-service: e /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: c /usr/bin/virt-sandbox-service: o /usr/bin/virt-sandbox-service: m /usr/bin/virt-sandbox-service: m /usr/bin/virt-sandbox-service: a /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: d /usr/bin/virt-sandbox-service: s /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: i /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: s /usr/bin/virt-sandbox-service: i /usr/bin/virt-sandbox-service: d /usr/bin/virt-sandbox-service: e /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: o /usr/bin/virt-sandbox-service: f /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: l /usr/bin/virt-sandbox-service: i /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: u /usr/bin/virt-sandbox-service: x /usr/bin/virt-sandbox-service: /usr/bin/virt-sandbox-service: c /usr/bin/virt-sandbox-service: o /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: t /usr/bin/virt-sandbox-service: a /usr/bin/virt-sandbox-service: i /usr/bin/virt-sandbox-service: n /usr/bin/virt-sandbox-service: e /usr/bin/virt-sandbox-service: r /usr/bin/virt-sandbox-service: s /usr/bin/virt-sandbox-service: . 2013-06-07 Dan Walsh <dwalsh@redhat.com> Only create the tmpfs file systems in the systemd containers. Openshift wants /tmp, /dev/shm and /var/tmp mounted from the users homedir. Allow user to specify additional rpm packages to be run within the container. Example would be I want to run cron with sendmail. virt-sandbox-service create -u crond.service -P sendmail mycron 2013-05-10 Dan Walsh <dwalsh@redhat.com> Add support for virt-sandbox-service to add additional mount points. Add similar support to virt-sandbox-service that is in virt-sandbox to add guest-bind, host-bind and host-image mount points on the command line. Openshift needs feature. 2013-05-07 Daniel P. Berrange <berrange@redhat.com> Import initial translations from transifex Bump soname for changes in ABI Update for 0.2.0 release "Nubian Desert" Add release names based on names of deserts 2013-05-07 Michael Scherer <misc@zarb.org> Add support for templated unit in virt-sandbox This permit to create a templated unit inside the sandbox, using the sandbox name as a variable and so running the same unit with a different configuration without too much hassle. For example, someone could have several different configuration of website in /etc/nginx/websites.d/ and have each of them started in a different sandbox, with a sample templated unit using the sandbox name as a option to read the proper configuration file directly. One could take the following file in /etc/systemd/system/nginx_lxc@.service : [Unit] Description=Test of a specific nginx running in lxc After=syslog.target network.target remote-fs.target nss-lookup.target [Service] PIDFile=/run/nginx.%i.pid ExecStartPre=/usr/sbin/nginx -t -c /etc/nginx/nginx.%i.conf ExecStart=/usr/sbin/nginx -c /etc/nginx/nginx.%i.conf Type=forking ExecReload=/bin/kill -s HUP $MAINPID ExecStop=/bin/kill -s QUIT $MAINPID [Install] WantedBy=multi-user.target Then create a container like this: # virt-sandbox-service create -u nginx_lxc@ test.example.org --package nginx And then we will have nginx running in a container, using the specific config file /etc/nginx/nginx.test.example.org.conf Use drop-in configuration file instead of creating a custom file This permit to no longer track the source, to use a custom file in /etc without conflict. This change requires a version of systemd >= 198 2013-05-02 Michael Scherer <misc@zarb.org> Add a --package option to virt-sandbox-service If someone usex a custom unit file for the sandbox, the rpm autodetection fail with a exception. Now, this will show a error message, asking to use --package to specify what RPM to clone 2013-04-22 Dan Walsh <dwalsh@redhat.com> Whitespace cleanup Do not run a shell within a lxc container by default. We want to make sure we use as little overhead as possible. If a user connects to a lxc container, it will be the same as executing a shell within the container. Only create the destination path if it does not exist. OpenShift will be creating the path within its management layer. 2013-04-18 Dan Walsh <dwalsh@redhat.com> Add UID/GID support for use with interactive containers. Openshift Containers will be run with a unique UID and GID 2013-04-12 Daniel P. Berrange <berrange@redhat.com> Remove obsolete / commented out code The start/stop/console methods all use virt-sandbox-service-util so the corresponding obsolete python code can be deleted. Honour uri in start/stop/connect methods The virt-sandbox-service command was not passing through the URI to virt-sandbox-service-util Switch virt-sandbox-service to use new generic service config Replace use of interactive sandbox config with the new generic service config for non-systemd containers Introduce a new service sandbox for running adhoc commands Introduce GVirSandboxServiceGeneric which can be used to run adhoc commands, much like the interactive config can do. Turn GVirSandboxConfigService into an abstract class Remove the hardcoded dep between GVirSandboxConfigService and systemd, by turning it into an abstract class and introduce a systemd specific GVirSandboxConfigServiceSystemd subclass Add an abstract gvir_sandbox_config_get_command method To allow access to the CLI args, regardless of subclass, introduce a gvir_sandbox_config_get_command to replace gvir_sandbox_config_interactive_get_command. Each subclass must implement this method to return their desired command line args 2013-04-11 Daniel P. Berrange <berrange@redhat.com> Connect up the primary console of the interactive containers Both the log + app console must be connected for interactive containers to work Remove broken duplicated code for deleting image files Ensure list of unit files defaults to [] Remove bogus code which prevented deletion of container filesystems The following refactoring commit 9921bb29ed55769c8396a1a30da4c67b3e6624c0 Author: Dan Walsh <dwalsh@redhat.com> Date: Wed Apr 3 18:45:59 2013 -0400 Add support for InteractiveContainer included a semantic which which prevent deletion of container filesystems Fix VPATH install of bash completion file & RPM spec filepath Rewrite RPC console I/O state machine More clearly specify the RPC console I/O state machine and then re-write code to follow the transition rules accurately. This should fix shutdown synchronization avoiding lost data. Use \n\r for log messages Since the terminal is likely in raw mode, we should use \n\r for log messages printing Tweak debug settings Require LIBVIRT_SANDBOX_DEBUG=2 for tracing inside the sandbox, so the default only traces outside the sandbox. 2013-04-09 Daniel P. Berrange <berrange@redhat.com> Read stream I/O in batches to improve performance Instead of only reading a single stream packet at a time, reading as many packets as are available until 1024 bytes of data is available to write to local console. This improves performance when the sandbox app writes data in small chunks Correctly handle EOF from raw console If getting ret==0 from the raw console, we must trigger the 'closed' signal Fix missing error domain when reporting RPC error messages Fix syntax-check s/can not/cannot/ Re-enable support for debug mode in LXC init helper Remove bogus code shutting down console prematurely The console loop should only exit when the host OS signals that it is ok todo so via a "QUIT" command. Add basic support for i18n Add intltool/gettext framework and marked all strings for translation 2013-04-08 Dan Walsh <dwalsh@redhat.com> Change to the more normal for loop, where you count up. White space cleanup. --network short qualifier should be -N to match virt-sandbox option. This was changed mistakenly in virt-sandbox-service Create new /etc/rc.d directory to bind mount over system. We need to prevent SYSVInit scripts from running by default in the ServiceContainer. The so we recreate all of the directories under /etc/rc.d and copy the functions file over. Check for LXC if virt-sandbox-service execute command specified virt-sandbox-service execute is not supported on qemu sandboxes. Use args.uri rather then hard coding lxc:/// Add support for InteractiveContainer First use case will be OpenShift Differentiate on create based on whether one or more unit files specified (ServiceContainer), or a command is specified (Interactive Container). Refactor Container class into Container and ServiceContainer Class. This way we can share common methods between the ServiceContainer and the InteractiveContainer (Patch to be added) Change variable config to config_path to avoid confusion. save_config uses an internal variable to indicate the path to the virt-sandbox configuration file, this path renames this variable to prevent confusion. Add exception handler GlibGerror to virt-sandbox-service GlibGerror can be raised by virt-sandbox-service, this patch will catch the exception and write the error to stderr. Make CONFIG_PATH external to the Container Class This patch moves CONFIG_PATH external from the Container Class. This will eliminate the need to create a container to get this constant. Remove distinction from Internal vs External Functions. This patch removes all __METHOD and _METHOD functions calls. Since it is not intended that virt-sandbox-service will be imported into another python module, there is limited value to using the internal indicators. Internationalize all output strings in virt-sandbox-service Wrap all output strings with _() to make sure we get proper translations. Change virt-sandbox-service-create.pod to use correct command --copy Current the documentation says that you use --clone while the code uses --copy when you are createing a sandbox service container. Add -u UNITFILE option to virt-sandbox-service reload command The command will allow administrators or the systemd service to reload units which are running within a container. If you have one or more units defined for a container, then just those units will get the reloads, as opposed to stopping and restarting the container. Move virt-sandbox-service bash completion script to default directory. bash_completion scripts have added a new way to do completions, where you place you scripts in /usr/share/bash_completion/completions rather then /etc/bash_completions.d. We should follow the new standard, and this patch moves our bash_completion script to the proper location with the proper name. Add support for InteractiveContainers to virt-sandbox-service-util We need to add support for interactive sandbox/containers for OpenShift. This patch will create the correct container type based off the /etc/libvirt-sandbox/service/* virt-sandbox-service-util needs to free allocated memory. Coverity found that we could be leaking memory with virt-sandbox-service-util -e 2013-04-05 Daniel P. Berrange <berrange@redhat.com> Fix tty permissions setup in QEMU init helper The tty permissions should be 0700 not 0777, since the tty devices should only be opened by root. Delay dropping credentials until after console is opened If running an LXC sandbox from a non-root user, we'd drop privileges before the console device was opened. We'd then be unable to open /dev/tty2 which is owned by root. 2013-03-28 Alex Jia <ajia@redhat.com> Sync lxc-enter-namespace options with libvirt Docs: update network options configuration Avoid segfault in gvir_sandbox_config_add_host_include_file RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=924574 Valgrind defects memory error: ==19297== Invalid free() / delete / delete[] / realloc() ==19297== at 0x4A077A6: free (vg_replace_malloc.c:446) ==19297== by 0x350F24D79E: g_free (in /usr/lib64/libglib-2.0.so.0.3400.2) ==19297== by 0x4C2C03F: gvir_sandbox_config_add_host_include_file (libvirt-sandbox-config.c:1319) ==19297== by 0x401FB7: main (virt-sandbox.c:171) ==19297== Address 0x4f2094c is 12 bytes inside a block of size 18 alloc'd ==19297== at 0x4A0883C: malloc (vg_replace_malloc.c:270) ==19297== by 0x350F24D68E: g_malloc (in /usr/lib64/libglib-2.0.so.0.3400.2) ==19297== by 0x350F263F0B: g_strdup (in /usr/lib64/libglib-2.0.so.0.3400.2) ==19297== by 0x4C2BF95: gvir_sandbox_config_add_host_include_file (libvirt-sandbox-config.c:1292) ==19297== by 0x401FB7: main (virt-sandbox.c:171) 2013-03-27 Daniel P. Berrange <berrange@redhat.com> Cope with SELinux label that does not have a category pair set Ensure args to ValueError are a list Correctly cope with args.network being None Fix typo in test suite breaking network config parsing 2013-03-22 Daniel P. Berrange <berrange@redhat.com> Add support for configuring networks with virt-sandbox-service Instead of creating a single NIC by default, don't create any NICs at all to allow for a sandbox completely isolated from any neworks. Add a '-N network-opts' option to configure NICs as required. eg -N dhcp,source=default --network dhcp,source=lan where 'source' is the name of any libvirt virtual network Add support for choosing source network for interfaces Allow sandboxes to be connected to any libvirt virtual network, which opens up choice of nat/bridging/vepa/sriov and more Don't get stuck in waitpid loop If a daemonized process quit, libvirt-sandbox-init-common got stuck in waitpid. Reap & ignore any processes we don't expect, only exiting when our leader quits Send dhclient output to /dev/null dhclient will spew rubbish to stdout/stderr in many cases since we're making areas of /var readonly by default. Send its output to /dev/null to get rid of these messages. Replace yum API usage with RPM python API usage There is no need to use the yum APIs for setting up sandboxes, since all the info required is already provided by RPM. YUM will print random garbage to stdout that we don't want, so using RPM is preferrable. Fix broken scenario in test case Fix virt-sandbox-service args to not be SELinux specific Remove the '-l','-t', '-d' args to virt-sandbox-service and replace them with a generic '-s SECURITY-OPTS' args, which has the same syntax as virt-sandbox. This makes it portable to the AppArmour security model. Remove some bogus text from virt-sandbox manpage Fix parsing of --security option in virt-sandbox The SELinux label may contain a ',', so we cannot blindly split the string on ','. Instead incrementally parse the value 2013-03-20 Daniel P. Berrange <berrange@redhat.com> Ensure the journal location is a directory not a file The /var/lib/libvirt/filesystems/demo2/var/log/journal/bc3823d901134ac1ac91903020e2690e/ location was being created as a plain file, when it should have been a directory Ensure DHCP is disabled by default & report invalid net config Fix leak in error path of parsing network config Sanity check requested network config Make sure static addresses are set, if any routes are requested. Don't allow DHCP to be mixed with static addresses/routes Set <privnet/> feature flag for LXC Block host network interfaces from container by setting the <privnet/> feature flag for LXC Fully rollback if creation of sandbox fails If there is an error part way through creating a sandbox, some directories / files may get left partially created. Catch any exception during creation, and invoke 'delete' to clean up any work we have done so far Don't assume /var/log/journal exists When creating the journal symlink, create /var/log/journal if it does not already exist. Also handle fact that the journal symlink might have been removed, when deleting a sandbox. Cope with a undefined security label in config virt-sandbox-service mistakenly assumes that get_security_label() will always return a non-NULL value. Properly handle a NULL broadcast address The broadcast address parameter for a network was allowed to be NULL, but this was not handled correctly in all codepaths. Fix misc problems in virt-sandbox-service create man page Disable KVM on RHEL entirely. Always enable introspection 2013-03-18 Alex Jia <ajia@redhat.com> Docs: fix a typo in help documents Add missing break statements 2013-03-15 Alex Jia <ajia@redhat.com> Docs: Fix security options wrongs in man page Avoid infinite loop in gvir_sandbox_config_set_security_opts() Docs: fix typos in IPv6 address 2013-03-14 Alex Jia <ajia@redhat.com> Add myself into AUTHORS Fix copy&paste error in autogen.sh docs: correct libvirt sandbox command naming docs: fix some typos in TODO docs: fix some typos in architecture.txt 2013-03-07 Daniel P. Berrange <berrange@redhat.com> Stop hardcoding the default security label Hardcoding a default static security label offers no meaningful security separation. Switch to default to a dynamic label and choose the base label according to the type of virtual machine being created 2013-03-06 Daniel P. Berrange <berrange@redhat.com> Fix termination handling of child If poll on the application FD returned POLLIN|POLLHUP we would shutdown the connection to the host too early. If we have got POLLIN, then we must mask out POLLHUP. We'll get a later POLLHUP on its own which we can handle properly Also adds more debugging to help diagnose this kind of problem in the future 2013-03-05 Daniel P. Berrange <berrange@redhat.com> Update for 1.0.2 release Remove references to virt-sandbox-service-machineid.{pod,1} Require libvirt 1.0.2 The lxc-enter-namespace command to virsh requires libvirt version 1.0.2 minimum Fix typo in virt-sandbox manpage 2013-02-25 Dan Walsh <dwalsh@redhat.com> Remove unneeded function, since we no longer support virt-machine-serice machineid Remove machineid call from tool, better to just virt-sandbox-service execute NAME -- cat /etc/machineid Also main reason for this was to allow journalctl to read journal within the container, easier to just execute. virt-sandbox-service execute NAME -- journalctl 2013-02-22 Daniel P. Berrange <berrange@redhat.com> Don't add bind overrides for files/dirs which don't exist If the sandbox is told to bind directories which don't exist, it will get a failure at startup attempting to create the target dir/file on a read-only filesystem. Check that each target exists before adding it to the config Fix typo s/journam/journal/ Add dep on pod2man 2013-02-20 Daniel P. Berrange <berrange@redhat.com> Remove TAB from shell script Ignore all man pages & virt-sandbox-service-util Avoid kernel info getting into config files by default 2013-02-20 Dan Walsh <dwalsh@redhat.com> White space cleanup Change the default label for sandbox to virtd_lxc_t rather then svirt_t, virtd_lxc_t is an unconfined domain by default so this should work for most users. 2013-02-15 Dan Walsh <dwalsh@redhat.com> Cleanup handling of virt-sandbox-service execute Needs to create the journal file if it does not exist 2013-02-12 Dan Walsh <dwalsh@redhat.com> Create enty /etc/rc.d/init.d directory so that systemd does not start any services, but also copy in /etc/rc.d/init.d/functions, needed if customer plans on using SysVinit script and by dhclient. When executing a command, figure out the path if the user does not specify it. Fix help message 2013-02-08 Dan Walsh <dwalsh@redhat.com> better wording when connecting to a console patch from Michael Scherer. "Escape character is '^]'." is the message show by telnet as well as the one of virt-sandbox-service when connecting to the console of a service. But the keyboard shortcut doesn't do the same thing ( ie, on telnet, you have a prompt ). While telnet is likely to be unheard from newer admins, I think a better message could be : Type 'Ctrl + ]' to detach from the console. 2013-01-29 Daniel P. Berrange <berrange@redhat.com> Fix docs for virt-sandbox mount command 2013-01-29 Michal Privoznik <mprivozn@redhat.com> Don't redefine _FORTIFY_SOURCE macro If the _FORTIFY_SOURCE has been already defined, we unconditionally redefine it, leaving us with warning/error thrown at compilation time. 2013-01-29 Daniel P. Berrange <berrange@redhat.com> Remove bogus 'container.c' file reference from bin/Makefile.am 2013-01-24 Dan Walsh <dwalsh@redhat.com> Whitespace cleanup Add virt-sandbox-service-machineid to display the /etc/machine-id of any container. Fix virt-sandbox-service parsing of the name to be a function call Also fix up building of man pages in Makefile.am Cleanup white space 2013-01-23 Dan Walsh <dwalsh@redhat.com> Cleanup white space Cleanup white space Change the mechanism to execute command within the container. Basically remove -C and put commands at end of command line Create /etc/hostname as opposed to /etc/network/config, which is the new way of assiging namespaces For now we will just execute virsh for entering the container, also added --nolabel qualifier, if you want to execute a command within the container with the current label. Add /var/lib/nfs/rpc_pipefs in case nfs is running on the host Clean up parser to use individual methods for each command One more GLib.GError exception Use exported GLib.GError rather then internal exception name Add missing virt-sandbox-service-start pod file Split the virt-sandbox-service man page into several man pages based on commands 2013-01-17 Daniel P. Berrange <berrange@redhat.com> Don't add libvirt-daemon-qemu dep on RHEL Fix Source0 url in RPM specfile 2012-12-10 Daniel P. Berrange <berrange@redhat.com> Update for 0.1.1 release Tweak docs to avoid < and > characters Fix VPATH build of docs Add python demo program 2012-11-29 Daniel P. Berrange <berrange@redhat.com> Change deps to require specific libvirt daemon RPMs 2012-11-20 Dan Walsh <dwalsh@redhat.com> Whitespace cleanup Precreate multi-user.target.wants directory /var/log/journal/UID needs to point at CONTAINER/var/log/journal/UID opening ns files have to happen before setns() calls or the pid namespace changin could cause the open calls to fail. Setting up the SELinux context needs to happen before joining the namespaces for the same reason. Fixed the handling of selinux being disabled or in permissive mode, as well as used the proper HAVE_LIBSELINUX call. 2012-11-06 Dan Walsh <dwalsh@redhat.com> Rename sandbox.target to multi-user.target within the container. This avoids confusing Admins, and allows an admin within a container to execute systemctl enable foobar.service And it will do the right thing. Whitespace cleanup It is desirable if journald admin commands on the host can view data from the containers' journald instances. For this, the host needs to know wherei to find the journald logs from the containers. Make /var/log/journal/$MACHINE-ID be a symlink to the corresponding /var/lib/libvirt/filesystemsi/$NAME/var/log/journal directory. $MACHINE-ID in this case matches the container's /etc/machine-id file, which in turn matches the libvirt VM UUID We currently do not have a way to set the UUID within the libvirt-sandbox call. Need to add this to complete this task. 2012-11-05 Dan Walsh <dwalsh@redhat.com> White space cleanup Setup container target to be allowed to start in multi-user target, Fix Description Fix handling of targets so we can start and stop all containers with a single command. Fix SECTION heading on libvirt-sandbox.h to be accurate 2012-10-02 rhatdan <dwalsh@redhat.com> Simplify creating a uuid, and make gen_machine_id a method. Finally when we clone, need to replace machine-id file 2012-09-28 rhatdan <dwalsh@redhat.com> Whitespace cleanup Complete clone interface, so it fully copies and modifies an existing sandbox 2012-08-17 rhatdan <dwalsh@redhat.com> whitespace cleanup Fix to handle hire level directories within the container. We should only Mount at the highest level of the container. /etc/httpd /etc/httpd/modules, Should only mount /etc/httpd Switch to using yum to get listing of unitfile rpm contents and the contents of the parent source package if it exists 2012-08-16 rhatdan <dwalsh@redhat.com> Verify unit files entered on the command line, if the unit file does not exist throw and exception. This patch causes virt-sandbox-service to copy files or create empty files that are referenced within the rpm spec file, Currently ignoreing paths beginning with /var/run or /etc/logrotate.d This patch causes virt-sandbox-service to fix the permissions on the container to match the permissions on the system. With this patch I have gotten virt-sandbox-service create -C -u mysqld.service -u httpd.service mysql virt-sandbox-service start mysql To start both services within a container. 2012-08-15 rhatdan <dwalsh@redhat.com> white-space-cleanup, using emacs Make sure directories have the proper ownership and permissions. Mount at /var rather then lower level directories, but create all the lower level directories. 2012-08-13 Daniel P. Berrange <berrange@redhat.com> Update for 0.1.0 release Update soname to reflect changed ABI/API 2012-08-10 Daniel P. Berrange <berrange@redhat.com> Update RPM spec with virt-sandbox-service-util program & more deps Move virt-sandbox-service-util to /usr/libexec The virt-sandbox-service-util command should only be run by the virt-sandbox-service command. Thus it should be hidden away in libexec, rather than exposed to users in bin Note increased min version requires in README Add configure check for libselinux & link virt-sandbox-service-util The virt-sandbox-service-util command uses a few functions from libselinux, and newer LD does not allow for implicit linkage. Thus we must explicitly link to libselinux 2012-08-02 Dan Walsh <dwalsh@redhat.com> Many fixes found by syntax check Add a little doc to test script to explain how to use it Updated latest status of project 2012-08-01 Dan Walsh <dwalsh@redhat.com> Stop mounting over /etc/resolv.conf Need to create unit files based off the specified unit files which disable containers in the unit file. Need to help user out by getting full path to command to be executed in the container. Also need to ask for the pid file for now. Added prompt to remind user about ^] So he knows how to exit the container. Add execute to virt-sandbox-service, needs to be able to connect to the container namespaces. Also needs to run with the same SELinux context as the container. 2012-07-26 Dan Walsh <dwalsh@redhat.com> Move g_main_loop_run into attach and start, since stop does not need it, and stop was hanging forever when I called the loop 2012-07-25 Dan Walsh <dwalsh@redhat.com> Add support for /etc/resolv.conf and switch to using virt-sandbox-service-util in order to not use huge amounts of memory New C Utility Program to handle starting, stopping attaching to containers. 2012-07-17 Dan Walsh <dwalsh@redhat.com> White space cleanup Add wants directories to get systemd to only start necessary services for the container, systemd-tmpfiles, systemd-journald, dbus-daemon Create /etc/sysconfig/network so that the hostname is set to the name of the container Change the interface __gen_dirs to __gen_content, since it is creating more then just directories. Add get_all_running_containers so that we can command complete for start, stop, reload Add get_all_unit_files so that we can command completion on virt-sandbox-service create -u Fix virt-sandbox-service list --running Init script should begin with SERVICE@name.service, if at all possible since this would allow an admin on the host to execute systemctl start httpd@.service And all services beginning with httpd@ will start. Update documentation to match latest description 2012-07-16 Daniel P. Berrange <berrange@redhat.com> Re-add /etc/systemd/system, mistakenly removed. Blacklist /etc/fstab The previous commit accidentally removed /etc/systemd/system from the SYSTEM_DIRS list. We need to blacklist /etc/fstab, otherwise systemd will auto-generated lots of XXX.mount units that don't apply inside the container Make systemd log to console, not syslog by default 2012-07-16 Dan Walsh <dwalsh@redhat.com> Remove --executable from virt-sandbox-service, we will just be using unit files Add /dev/shm as a tmpfs file system, TMPFS_DIRS does not exists, so need to remove it. Change short name of --clone to -C, since I can never remember -n, update the bash_completion script to match the latest virt-sandbox-service changes, and to get a list of unit files automagically. 2012-07-16 Daniel P. Berrange <berrange@redhat.com> Move systemd setup into virt-sandbox-service Switch to have the /etc/systemd/system directory be located under /var/lib/libvirt/filesystems. This will allow the sandbox admin to customize it post-creation. 2012-07-13 Daniel P. Berrange <berrange@redhat.com> Remove need to provide an executable for system services Rely exclusively on the list of unit files to setup a service sandbox. Allow the default host systemd files to appear in the sandbox, only overriding /etc/systemd/system 2012-07-06 Daniel P. Berrange <berrange@redhat.com> Remove rpm_name Can't assume only one RPM 2012-06-29 Daniel P. Berrange <berrange@redhat.com> Add Michal Privoznik to AUTHORS Ensure virt-sandbox-service sets up tmpfs for /run and /tmp Use the new RAM filesystem support in libvirt to config a 10 MB tmpfs on /run, and 100 MB tmpfs on /tmp. Also bind mount /var/run to /run Add support for RAM based filesystems Allow configuration of a tmpfs inside the guest virtual machines. Preserve user-specified ordering when mounting filesystems Since there is now a single API for configuring mounts it is now possible to maintain this order when mounting the filesystems inside the sandbox. Remove the bind mount code from init-common and let libvirt handled LXC and make the init-qemu binary handle QEMU/KVM Maintain only one list of all mount types Currently there are seprate lists maintained for host bind mounts, host image mounts and guest bind mounts. This means that mounts can't be processed in the order the user requested, which means a host bind mount can't be made on top of a host image mount. Switch to only having one single list of mounts in the config API 2012-06-27 Daniel P. Berrange <berrange@redhat.com> Refactor the GVirSandboxConfigMount class The current GVirSandboxConfigMount classs is too inflexible, since it specialized to deal with mounts that have a file source. RAM filesystems do not, nor do various network FS. Split it into two parsts, the base GVirSandboxConfigMount holding the mount target info, and a subclass for the file specific data GVirSandboxConfigMountFile. Further specialize this to provide one subclass per type of mount GVirSandboxConfigMountHostBind, GVirSandboxConfigMountHostImage and GVirSandboxConfigMountGuestBind 2012-06-22 Michal Privoznik <mprivozn@redhat.com> configure: Require higher version of glib Since commit cfd4460b we must require glib-2.32.0 at least because we are using g_value_set_schar which was introduced in that release. 2012-06-20 Radu Caragea <sinaelgl@gmail.com> Add module directory prefix selection feature This is useful when running as a non-privileged user if we want to boot a custom compiled kernel: we might not have rights to install in /lib/modules/<kernel release> so when compiling the kernel we can use "make modules_install INSTALL_MOD_PATH=/path" which installs in /path/lib/modules/<kernel release>. By setting with gvir_sandbox_config_set_kmodpath(cfg, "/path/lib/modules") we can now achieve just that. 2012-06-19 Radu Caragea <sinaelgl@gmail.com> Typo and example fix I fixed a typo in the strace debug feature, if you specified LIBVIRT_SANDBOX_STRACE=poll it would write "strace =poll" in the kernel command line and consequently it wouldn't get picked up because of that extra space. Also, the example virt-sandbox.py was a bit outdated so I updated it. The shell.py doesn't work as it has serial1 hardcoded for qemu. I haven't checked the rest. commit c9258ea3485a20c0b02f261fd9b8de4af32bf201 Author: Radu Caragea <sinaelgl@gmail.com> Date: Tue Jun 19 12:18:02 2012 +0300 Fix python example and typo in strace kernel cmdline 2012-06-18 Daniel P. Berrange <berrange@redhat.com> Fix typo in docs for gvir_sandbox_config_graphical_get_window_size Add configurable key sequence for breaking out of console Add a configurable key sequence for breaking out of console defaulting to Ctrl+] Turn GVirSandboxConsole into an abstract class instead of interface To avoid duplicating alot of code between the Raw & RPC console subclasses, turn the GVirSandboxConsole module into an abstract class instead of an interface Add virt-sandbox-service.logrotate to RPM spec s/Can not/Cannot/ 2012-06-15 Dan Walsh <dwalsh@redhat.com> Whitespace cleanup Turns out this was the wrong way to fix this problem. The proper fix should be in libvirt's MountFSBind Revert "Add in support for mounting blk-files and files within a sandbox. Currently" This reverts commit 21b591615f004e73739c86d04c36874963feebb9. Revert "White space cleanup" This reverts commit a2b57a9adbdd7d7cb608c7b413527f02af713e7d. Add in support for mounting blk-files and files within a sandbox. Currently the code defaults to a directory, if the source is a file or a blk_file, we will override this. Otherwise we will continue to specify a directory mount. White space cleanup White space cleanup Fix documentation to match current command behaviour Fixing for rebase Merge with original master. including the following patches: Major-rewrite-to-use-self.config-for-most-data-stora.patch Add-unit-file-support-fix-formatting.patch Fix-documentation-to-match-current-command-behaviour.patch Add-handling-of-the-etc-machine-id-bind-mount.-This-.patch Fix-bug-where-we-specified-the-unit-file-to-start-us.patch 2012-06-13 Radu Caragea <sinaelgl@gmail.com> console-rpc: fix segfault on null stdin If gvir_sandbox_console_attach is called with NULL as the stdin parameter it results in a segfault in the console-rpc module from libvirt-sandbox. Calling with NULL is of course useful when running something noninteractive and you don't want it to grab the stdin or pass any fd whatsoever. commit f94f23314ab654c13bd1e25bd9094f1687fd681a Author: Radu Caragea <sinaelgl@gmail.com> Date: Tue Jun 12 21:31:09 2012 +0300 Fix crash on null stdin When we don't want to run something interactive and we use NULL as the stdin the app should still work. Signed-off-by: Radu Caragea <sinaelgl@gmail.com> 2012-06-12 Radu Caragea <dmns_serp@yahoo.com> Add config APIs to select specific kernel Added parameters to select a kernel through the release version and path to binary. When setting kernel release version, the module search will be done in /lib/modules/<release>/kernel. Also, by default, after setting the kernel+release version the default kernel image path will be /boot/vmlinuz-<release>. The two default to the running configuration: /lib/modules/`uname -r`/kernel /boot/vmlinuz-`uname -r` kver didn't seem suggestive enough; I used kernrelease and kernpath. Also removed utsname inclusion wherever it wasn't used at all anymore Fix memory allocation when adding VM features Features should be allocated with 2 elements, one to be "acpi" and one to be a NULL pointer indicating string array termination. Caught with valgrind 2012-06-12 Daniel P. Berrange <berrange@redhat.com> Add Radu Caragea to AUTHORS 2012-06-12 Radu Caragea <sinaelgl@gmail.com> Avoid finding kernel modules multiple times Revert the first hunk from commit 05fb94d2c42abe9cfd86c3663d704c268f325503 Author: Daniel P. Berrange <berrange@redhat.com> Date: Wed Apr 4 16:30:49 2012 +0100 Search kernel module dirs & fix mem leaks The change to remove '/kernel' from the module directory was bogus. The real fix was in the Fedora kernel RPM packaging Without the '/kernel' suffix, the same module might be found multiple times. eg When /lib/modules/`uname -r`/ has symlinks to the compiled sources (through /build and /source) it crashed virt-sandbox with the error: "Unable to start sandbox: Error opening file '/tmp/libvirt-sandbox-9ivpRN/9pnet.ko': File exists" Fix typo in Makefile.am s/RUNDIR/rundir/ The compiler flags use -DRUNDIR="$(rundir)", but the variable being set was RUNDIR, which resulted in a bogus relative path being used in the XML for the cachedir location. 2012-06-12 Daniel P. Berrange <berrange@redhat.com> Fix typo s/mount/mounts/ when deleting sandboxes Remove TABs from bash completion script 2012-05-11 Dan Walsh <dwalsh@redhat.com> Clean Whitespace Add TODO file to keep track of all the changes required for libvirt-sandbox Fix/Add names of security options to sym file, to export them from the library. gvir_sandbox_config_get_security_dynamic; gvir_sandbox_config_get_security_label; These options are needed in order to add clone option to virt-sandbox-service. 2012-05-07 Dan Walsh <dwalsh@redhat.com> cleanup whitespace cleanup whitespace Add handling of execute command and list commands, update bash completions script 2012-05-04 Dan Walsh <dwalsh@redhat.com> Fix handling of localstatdir to actually use /var/run (/run). If libvirt-sandbox is run as root, it should use /run/libvirt-sandbox rather then ~/.cache/libvirt-sandbox. This will prevent us from having to have system service sandboxes needing access to the /root directory. Remove debug print statement 2012-05-02 Dan Walsh <dwalsh@redhat.com> Verify the type and level given by a user is valid before updating the sandbox data. Add try block to cleanup error handling on starting a sandbox 2012-05-01 Dan Walsh <dwalsh@redhat.com> Trim excess mounts. If your parent directory was already added as a bind mount point, then dont add yourself 2012-04-16 Dan Walsh <dwalsh@redhat.com> Cleanup error handling on virt-sandbox-service Revert "Installing the libvirt-sandbox should require that libvirt-daemon-lxc be installed" This reverts commit e0803b30b3da9278567ad8b0a92f0f99fde32924. Fix bash completion reference to -n for --clone Installing the libvirt-sandbox should require that libvirt-daemon-lxc be installed 2012-04-16 Daniel P. Berrange <berrange@redhat.com> Fix error message when no CLI args are given Reported-by: Kashyap Chamarthy <kchamart@redhat.com> 2012-04-13 Daniel P. Berrange <berrange@redhat.com> Update to 0.0.3 release Create default sandbox config dirs Update virt-sandbox & virt-sandbox-service man pages Update the man page contents, and convert the virt-sandbox-service man page to POD format Remove pointless reboot code The guest kernel is setup to reboot immediately upon panic. Merely letting the init process exit causes a panic & thus a reboot. Thus there's no need to explicitly call reboot(2). This avoids a nasty privileges problem Move interactive console to a separate console device To avoid mixing the interactive console I/O with the machine boot/error messages, use a dedicated console device for interactive apps. Run a XDR based RPC protocol over the console device to allow proper separation of stdout and stderr, and passing back of command exit status Rename gvir_sandbox_context_get_console to get_log_console Prepare for splitting the interactive console off from the main sandbox console, by renaming the latter to the log console. Make use of strace runtime configurable via LIBVIRT_SANDBOX_STRACE env Allow setting LIBVIRT_SANDBOX_STRACE=1 to turn on strace of the sandbox init processes. Instead of '1', any valid strace filter can also be set Fix object initialization gvir_sandbox_init_check must initialize libvirt-gobject, not libvirt-gconfig. virt-sandbox must initialize libvirt-sandbox Adapt raw console to take account that stdin&stdout might be NULL If stdin & stdout are NULL, then operate the console in log only mode, sending everything to stderr Add helper API for connecting a console to stderr only 2012-04-12 Daniel P. Berrange <berrange@redhat.com> Whitespace tweak Turn GVirSandboxConsole into an interface To allow for different console wire formats, turn the GVirSandboxConsole class into an interface. Add a new GVirSandboxConsoleRaw class to implement a completely raw console wire format. 2012-04-11 Daniel P. Berrange <berrange@redhat.com> Fix setuid/reboot permissions (temporary hack) 2012-04-05 Daniel P. Berrange <berrange@redhat.com> Don't bogus debug output Don't override /run since we must inherit the tmpfs from the host Don't print out command line help when getting a runtime exception 2012-04-04 Daniel P. Berrange <berrange@redhat.com> Fix access mode for 9p filesystems Ensure secondary filesystems are mounted writable. Doh Ensure we exit upon panic & disable SELinux inside QEMU Add noapic flag to QEMU Require libvirt-gobject >= 0.0.7 Factor common init program to support systemd based services Turn on execute permission for virt-sandbox-service Add global -c option to specify libvirt connection Rename existing '-c' (clone) option to '-n' Fix docs typo Temp hack to detect KVM support. Replace with capabilities check later Fix error reporting when finding kmods Get rid of cruft related to launching graphical sandboxes Get rid of initial init process completely Things are generally less confusing if systemd can be made to run as PID 1, so get rid of the original libvirt-sandbox-init-{lxc,qemu} process when spawning libvirt-sandbox-init-common Refactor classes to better support non-interactive services Make the base config/context classes abstract and move stuff related to interactive commands to a new subclass. Facilitate subclasses of context class to override startup Don't shell out to insmod, implement it natively Add helpers to cleaner class for deleting files/dirs Avoid repeated identical cleaner callback impls by providing some helpers for deleting files and directories. Search kernel module dirs & fix mem leaks Add BR on glibc-static 2012-03-22 Daniel P. Berrange <berrange@redhat.com> Fix building RPM Remove tabs & use portable test checks Fix missing NULL terminator in config test case 2012-03-21 Daniel P. Berrange <berrange@redhat.com> Modularize the configure.ac script for easier maintainence s/int/size_t/ for counter Avoid jumping over declarations Add missing configure check for capng Pull in GNULIBs compile warning infrastructure 2012-03-01 Daniel P. Berrange <berrange@redhat.com> Ensure we pull in libvirtd RPMs 2012-02-27 Dan Walsh <dwalsh@redhat.com> Merge branch 'master' of ssh://libvirt.org/git/libvirt-sandbox 2012-02-27 Guido Günther <agx@sigxcpu.org> Debug is '-d' not '-D' main: Don't free error twice It's already being cleared in cleanup. Otherwise we see: Unknown option -D Run 'libvirt-sandbox --help' to see a full list of available command line options *** glibc detected *** /var/scratch/debian/libvirt-sandbox/libvirt-sandbox/bin/.libs/lt-virt-sandbox: double free or corruption (fasttop): 0x08d888b0 *** ======= Backtrace: ========= /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6e221)[0xb7255221] /lib/i386-linux-gnu/i686/cmov/libc.so.6(+0x6fa88)[0xb7256a88] /lib/i386-linux-gnu/i686/cmov/libc.so.6(cfree+0x6d)[0xb7259b3d] /lib/i386-linux-gnu/libglib-2.0.so.0(+0x4c38b)[0xb73c038b] /lib/i386-linux-gnu/i686/cmov/libc.so.6(__libc_start_main+0xe6)[0xb71fde46] Add myself to AUTHORS to not break "make syntax-check" with the following commits. 2012-02-24 Dan Walsh <dwalsh@redhat.com> Add reload interface and cleanup removing spaces at end of lines Modify Makefile to install bash completion script and man page for virt-sandbox-service Add bash-completion script for virt-sandbox-service Add man page for virt-sandbox-service 2012-02-21 Dan Walsh <dwalsh@redhat.com> Merge branch 'master' of git://libvirt.org/libvirt-sandbox 2012-02-21 Daniel P. Berrange <berrange@redhat.com> Add Dan Walsh to AUTHORS 2012-02-10 Dan Walsh <dwalsh@redhat.com> Do a better job of handling images 2012-02-08 Dan Walsh <dwalsh@redhat.com> Start working on argparsing to make image creation sane and actually work. 2012-01-19 Dan Walsh <dwalsh@redhat.com> Merge branch 'master' of git://libvirt.org/libvirt-sandbox Fix white space problems Fix white space problems 2012-01-18 Daniel P. Berrange <berrange@redhat.com> Import script for setting up services inside sandboxes Add support for accessing the shell console directly Add a new libvirt_sandbox_context_get_shell_console() API to access the console for the (optional) admin shell 2012-01-17 Daniel P. Berrange <berrange@redhat.com> Fix compile of test suite Add support for mounting of host image files as guest filesystems Fix memory leaks when building sandboxes Rename "host mount" to "host bind mount" and "bind mount" to "guest bind mount" To prepare for further types of mounts, rename "host mount" to "host bind mount" and "bind mount" to "guest bind mount" Refactor code for writing out filesys.cfg 2012-01-16 Daniel P. Berrange <berrange@redhat.com> Rename QEMU 'mounts.cfg' file to 'filesys.cfg' Renable code to make KVM root & config filesystems as readonly 2012-01-12 Daniel P. Berrange <berrange@redhat.com> Update for 0.0.2 release Fix null termination of test case strings Update to require libvirt-gobject 0.0.4 Remove debug output Add ability to run a privileged sandbox from CLI Add ability to start an administrative debug shell Add ability to setup a second console in the sandbox which is running an adminstrative debug shell, with full privileges. Update for changes API in libvirt-gconfig Switch from using /.config to /etc/libvirt-sandbox/scratch Add API for attaching a context to an existing sandbox 2012-01-11 Daniel P. Berrange <berrange@redhat.com> Temporarily revert 3c496ab2e89e1a21ecde96d2ba7c08b09f0929e4 Revert 3c496ab2e89e1a21ecde96d2ba7c08b09f0929e4 until the updated libvirt-glib release is available. Ensure example programs aren't executable Any executable example programs result in bogus deps being added to the RPMs Fill out README file & NEWS Update COPYING file & FSF address Fix debug in container based guests & remove memballoon Don't overwrite process name in LXC startup Remove trailing blank line Update for changes API in libvirt-gconfig 2012-01-09 Daniel P. Berrange <berrange@redhat.com> Add protection against running init programs in wrong context Attempting to run the lxc or qemu init helper programs in your normal root shell will have seriously bad consequences for the health of your system. Add some sanity checks to startup of those programs to avoid nasty mistakes 2012-01-06 Daniel P. Berrange <berrange@redhat.com> Add basic doc outlining core test scenarios 2012-01-05 Daniel P. Berrange <berrange@redhat.com> Fix mounts in machine based guest The mount target had a mistaken newline appended, and the config file was missing the 'sandbox:' prefix for mount name. 2011-12-19 Daniel P. Berrange <berrange@redhat.com> Mark domains as auto-destroy Fix compile error in test suite Fix parallel make errors Allow bind mounts & networks to be set from CLI Change init programs over to use config file Add APIs for setting networks & bind mounts Run cleaner actions in same order as they are registered Change from using netmask to prefix in IP addresses/routes 2011-12-15 Daniel P. Berrange <berrange@redhat.com> Fix syntax violations & update checks 2011-12-07 Daniel P. Berrange <berrange@redhat.com> Don't hardcode console name & fix error reporting 2011-12-06 Daniel P. Berrange <berrange@redhat.com> Ignore more generated files Add support for loading/saving config to ini files Fix parsing of config string lists Fix construction of console to match the final API in libvirt-gconfig Add network device configuration objects 2011-12-05 Daniel P. Berrange <berrange@redhat.com> Add a few notes about the way the sandbox works 2011-12-01 Daniel P. Berrange <berrange@redhat.com> Enable syntax-check rules Remove more trailing whitespace Replace @PACKAGE@ with $(PACKAGE) Fix typo s/the the/the/ Remove unused dirent.h include Remove trailing whitespace Use exit(EXIT_SUCCESS) instead of exit(0) Replace 'Red Hat' with 'Red Hat, Inc.' in copyright Fill in AUTHORS file Replace tabs with spaces Ensure command argv are encoded with length Switch over to use libvirt-gconfig for XML generation Fix typo in parameter annotation 2011-11-29 Daniel P. Berrange <berrange@redhat.com> Flesh out virt-sandbox binary and add man page Fix default target mapping for includes Fix license header in init programs Add helper for setting security properties Fix parent type for GVirSandboxConfigMount Add helper APIs for adding mounts and includes from string lists/files Avoid crashing in cleanup if sandbox failed to start Remove SELinux-ism in security config Update for change in stream watch API 2011-11-28 Daniel P. Berrange <berrange@redhat.com> Add boilerplate doc headers for all objects Wire up support for gtk-doc 2011-11-25 Daniel P. Berrange <berrange@redhat.com> Split libraries out into separate RPM & add examples & binary Include examples in dist & add support CLI tool Fix off-by-one copying command argv Make console work 2011-11-24 Daniel P. Berrange <berrange@redhat.com> Add HACKING file Wire up text console I/O class Fix encoding of command argv to include length prefix Populate modules file with desired load order for modules 2011-11-22 Daniel P. Berrange <berrange@redhat.com> Fix static linking for initrd init program Update to require libvirt-gobject 0.0.2 2011-11-21 Daniel P. Berrange <berrange@redhat.com> Add new context for graphical applications 2011-11-18 Daniel P. Berrange <berrange@redhat.com> Add in command line argument handling Import init binary helpers from virt-sandbox repo Create the initrd when building the sandbox Add objects for creating initial ramdisks 2011-11-17 Daniel P. Berrange <berrange@redhat.com> Introduce concept of a "cleaner" class Replace copying file with LGPL contents Add example programs Add classes for building & running containers Initial commit of sandbox APIs