config/init/common/lxc-net.in | 6 ++-- config/init/systemd/lxc-net.service.in | 1 + config/init/sysvinit/lxc-containers.in | 23 +++++---------- config/init/sysvinit/lxc-net.in | 23 +++++---------- src/lxc/confile.c | 54 ++++++++++++++++++++++------------ 5 files changed, 55 insertions(+), 52 deletions(-) diff --git a/config/init/common/lxc-net.in b/config/init/common/lxc-net.in index efee9b96f..1b0aad13e 100755 --- a/config/init/common/lxc-net.in +++ b/config/init/common/lxc-net.in @@ -25,6 +25,8 @@ LXC_IPV6_MASK="" LXC_IPV6_NETWORK="" LXC_IPV6_NAT="false" +RESTORECON="/sbin/restorecon" + [ ! -f $distrosysconfdir/lxc ] || . $distrosysconfdir/lxc use_nft() { @@ -144,8 +146,8 @@ start() { # can't write its pid into, so we restorecon it (to var_run_t) if [ ! -d "${varrun}" ]; then mkdir -p "${varrun}" - if command -v restorecon >/dev/null 2>&1; then - restorecon "${varrun}" + if [ -x ${RESTORECON} ]; then + ${RESTORECON} "${varrun}" fi fi diff --git a/config/init/systemd/lxc-net.service.in b/config/init/systemd/lxc-net.service.in index a615d8b2d..4158493b9 100644 --- a/config/init/systemd/lxc-net.service.in +++ b/config/init/systemd/lxc-net.service.in @@ -1,6 +1,7 @@ [Unit] Description=LXC network bridge setup After=network-online.target +Wants=network-online.target Before=lxc.service Documentation=man:lxc ConditionVirtualization=!lxc diff --git a/config/init/sysvinit/lxc-containers.in b/config/init/sysvinit/lxc-containers.in index f793d2012..a1dfaa704 100644 --- a/config/init/sysvinit/lxc-containers.in +++ b/config/init/sysvinit/lxc-containers.in @@ -2,7 +2,7 @@ # # lxc Start/Stop LXC autoboot containers # -# chkconfig: 345 99 01 +# chkconfig: - 99 01 # description: Starts/Stops all LXC containers configured for autostart. # ### BEGIN INIT INFO @@ -11,31 +11,22 @@ # Required-Stop: $syslog $remote_fs # Should-Start: cgroupfs-mount # Should-Stop: cgroupfs-mount -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 # Short-Description: Bring up/down LXC autostart containers # Description: Bring up/down LXC autostart containers ### END INIT INFO -# To be replaced by LSB functions, if they can be found -# Defined here for distributions that don't have log_daemon_msg -log_daemon_msg () { - echo $@ -} - -# Try to source LSB init functions to define LSB log_* functions. -test ! -r /lib/lsb/init-functions || - . /lib/lsb/init-functions +WITHOUT_RC_COMPAT=1 +. /etc/init.d/functions start() { # Setup host /dev for autodev containers. - log_daemon_msg "Starting LXC autoboot containers: " - @LIBEXECDIR@/lxc/lxc-containers start + action "Starting LXC autoboot containers:" \ + @LIBEXECDIR@/lxc/lxc-containers start } stop() { - log_daemon_msg "Stopping LXC containers: " - @LIBEXECDIR@/lxc/lxc-containers stop + action "Stopping LXC containers:" \ + @LIBEXECDIR@/lxc/lxc-containers stop } # See how we were called. diff --git a/config/init/sysvinit/lxc-net.in b/config/init/sysvinit/lxc-net.in index 7a1e62a78..9b0101fd6 100644 --- a/config/init/sysvinit/lxc-net.in +++ b/config/init/sysvinit/lxc-net.in @@ -2,7 +2,7 @@ # # lxc-net Start/Stop LXC Networking # -# chkconfig: 345 98 01 +# chkconfig: - 98 01 # description: Starts/Stops LXC Network Bridge # ### BEGIN INIT INFO @@ -11,30 +11,21 @@ # Required-Stop: $syslog $remote_fs # Should-Start: # Should-Stop: -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 # Short-Description: Bring up/down LXC Network Bridge # Description: Bring up/down LXC Network Bridge ### END INIT INFO -# To be replaced by LSB functions, if they can be found -# Defined here for distributions that don't have log_daemon_msg -log_daemon_msg () { - echo $@ -} - -# Try to source LSB init functions to define LSB log_* functions. -test ! -r /lib/lsb/init-functions || - . /lib/lsb/init-functions +WITHOUT_RC_COMPAT=1 +. /etc/init.d/functions start() { - log_daemon_msg "Starting LXC network bridge: " - @LIBEXECDIR@/lxc/lxc-net start + action "Starting LXC network bridge:" \ + @LIBEXECDIR@/lxc/lxc-net start } stop() { - log_daemon_msg "Stopping LXC network bridge: " - @LIBEXECDIR@/lxc/lxc-net stop + action "Stopping LXC network bridge:" \ + @LIBEXECDIR@/lxc/lxc-net stop } # See how we were called. diff --git a/src/lxc/confile.c b/src/lxc/confile.c index 7966d32e8..f4e5fce0a 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -1648,7 +1648,8 @@ static int set_config_apparmor_profile(const char *key, const char *value, #if HAVE_APPARMOR return set_config_string_item(&lxc_conf->lsm_aa_profile, value); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1674,7 +1675,8 @@ static int set_config_apparmor_allow_incomplete(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1698,7 +1700,8 @@ static int set_config_apparmor_allow_nesting(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1728,7 +1731,8 @@ static int set_config_apparmor_raw(const char *key, return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -1738,7 +1742,8 @@ static int set_config_selinux_context(const char *key, const char *value, #if HAVE_SELINUX return set_config_string_item(&lxc_conf->lsm_se_context, value); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -1748,7 +1753,8 @@ static int set_config_selinux_context_keyring(const char *key, const char *value #if HAVE_SELINUX return set_config_string_item(&lxc_conf->lsm_se_keyring_context, value); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -3816,7 +3822,8 @@ static int get_config_apparmor_profile(const char *key, char *retv, int inlen, #if HAVE_APPARMOR return lxc_get_conf_str(retv, inlen, c->lsm_aa_profile); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3827,7 +3834,8 @@ static int get_config_apparmor_allow_incomplete(const char *key, char *retv, #if HAVE_APPARMOR return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_incomplete); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3838,7 +3846,8 @@ static int get_config_apparmor_allow_nesting(const char *key, char *retv, #if HAVE_APPARMOR return lxc_get_conf_int(c, retv, inlen, c->lsm_aa_allow_nesting); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3862,7 +3871,8 @@ static int get_config_apparmor_raw(const char *key, char *retv, return fulllen; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -3872,7 +3882,8 @@ static int get_config_selinux_context(const char *key, char *retv, int inlen, #if HAVE_SELINUX return lxc_get_conf_str(retv, inlen, c->lsm_se_context); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -3882,7 +3893,8 @@ static int get_config_selinux_context_keyring(const char *key, char *retv, int i #if HAVE_SELINUX return lxc_get_conf_str(retv, inlen, c->lsm_se_keyring_context); #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -4858,7 +4870,8 @@ static inline int clr_config_apparmor_profile(const char *key, free_disarm(c->lsm_aa_profile); return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4870,7 +4883,8 @@ static inline int clr_config_apparmor_allow_incomplete(const char *key, c->lsm_aa_allow_incomplete = 0; return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4882,7 +4896,8 @@ static inline int clr_config_apparmor_allow_nesting(const char *key, c->lsm_aa_allow_nesting = 0; return 0; #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4893,7 +4908,8 @@ static inline int clr_config_apparmor_raw(const char *key, #if HAVE_APPARMOR return lxc_clear_apparmor_raw(c); #else - return syserror_set(-EINVAL, "Built without AppArmor support"); + SYSWARN("Built without AppArmor support"); + return 0; #endif } @@ -4904,7 +4920,8 @@ static inline int clr_config_selinux_context(const char *key, free_disarm(c->lsm_se_context); return 0; #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif } @@ -4915,7 +4932,8 @@ static inline int clr_config_selinux_context_keyring(const char *key, free_disarm(c->lsm_se_keyring_context); return 0; #else - return syserror_set(-EINVAL, "Built without SELinux support"); + SYSWARN("Built without SELinux support"); + return 0; #endif }