lxc-5.0.0~git2209-g5a7b9ce67/0000755061062106075000000000000014223133720012210 500000000000000lxc-5.0.0~git2209-g5a7b9ce67/AUTHORS0000644061062106075000000000016714176403775013225 00000000000000The list of authors and contributors can be retrieved from the git commit history and in some cases, the file headers. lxc-5.0.0~git2209-g5a7b9ce67/NEWS0000644061062106075000000000000014176403775012636 00000000000000lxc-5.0.0~git2209-g5a7b9ce67/configure.ac0000644061062106075000000011313614223133703014424 00000000000000AC_PREREQ([2.69]) m4_define([lxc_devel], 1) m4_define([lxc_version_major], 5) m4_define([lxc_version_minor], 0) m4_define([lxc_version_micro], 0) m4_define([lxc_version_beta], []) m4_define([lxc_abi_major], 1) m4_define([lxc_abi_minor], 7) m4_define([lxc_abi_micro], 0) m4_define([lxc_abi], [lxc_abi_major.lxc_abi_minor.lxc_abi_micro]) m4_define([lxc_version_base], [lxc_version_major.lxc_version_minor.lxc_version_micro]) m4_define([lxc_version], [ifelse(lxc_devel, 1, ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta])~git2209-g5a7b9ce67, ifelse(lxc_version_beta, [], [lxc_version_base], [lxc_version_base.lxc_version_beta]))]) AC_INIT([lxc],[lxc_version]) # We need pkg-config PKG_PROG_PKG_CONFIG AC_SUBST(LXC_VERSION_BASE, lxc_version_base) AC_SUBST(LXC_VERSION_BETA, lxc_version_beta) AC_SUBST([LXC_VERSION_MAJOR], [lxc_version_major]) AC_SUBST([LXC_VERSION_MINOR], [lxc_version_minor]) AC_SUBST([LXC_VERSION_MICRO], [lxc_version_micro]) AC_SUBST([LXC_VERSION], [lxc_version]) AC_SUBST([LXC_DEVEL], [lxc_devel]) AC_SUBST([LXC_ABI_MAJOR], [lxc_abi_major]) AC_SUBST([LXC_ABI_MINOR], [lxc_abi_minor]) AC_SUBST([LXC_ABI_MICRO], [lxc_abi_micro]) AC_SUBST([LXC_ABI], [lxc_abi]) AC_CONFIG_SRCDIR([configure.ac]) AC_CONFIG_AUX_DIR([config]) AC_CONFIG_HEADERS([src/config.h]) AM_INIT_AUTOMAKE([-Wall -Werror -Wno-portability subdir-objects]) AC_CANONICAL_HOST AM_PROG_CC_C_O AC_USE_SYSTEM_EXTENSIONS AC_SYS_LARGEFILE AC_GNU_SOURCE # Test if we have a new enough compiler. AC_COMPILE_IFELSE([AC_LANG_PROGRAM([[ #define GCC_VERSION \ (__GNUC__ * 10000 + __GNUC_MINOR__ * 100 + __GNUC_PATCHLEVEL__) #define CLANG_VERSION \ (__clang_major__ * 10000 + __clang_minor__ * 100 + __clang_patchlevel__) #if GCC_VERSION < 40700 && CLANG_VERSION < 10000 #error Sorry, your compiler is too old - please upgrade it #endif ]])], [valid_compiler=yes], [valid_compiler=no]) if test "x$valid_compiler" = "xno"; then AC_MSG_ERROR([Sorry, your compiler is too old - please upgrade it]) fi AC_PROG_GCC_TRADITIONAL AC_PROG_CXX AC_ENABLE_SHARED AC_ENABLE_STATIC # Check binaries AC_PROG_SED case $CC in clang*) AC_CHECK_TOOL([AR], llvm-ar) AC_CHECK_TOOL([NM], llvm-nm) AC_CHECK_TOOL([OBJCOPY], llvm-objcopy) AC_CHECK_TOOL([RANLIB], llvm-ranlib) esac # libtool LT_INIT AC_SUBST([LIBTOOL_DEPS]) # Detect the distribution. This is used for the default configuration and # for some distro-specific build options. AC_MSG_CHECKING([host distribution]) AC_ARG_WITH(distro, AS_HELP_STRING([--with-distro=DISTRO], [Specify the Linux distribution to target: One of redhat, redhatenterpriseserver, oracle, centos, fedora, suse, gentoo, debian, arch, slackware, plamo, paldo, openmandriva, pardus, sparclinux, altlinux.])) if type lsb_release >/dev/null 2>&1 && test "z$with_distro" = "z"; then with_distro=$(lsb_release -is) fi if test "z$with_distro" = "z"; then AC_CHECK_FILE(/etc/redhat-release,with_distro="redhat") AC_CHECK_FILE(/etc/oracle-release,with_distro="oracle") AC_CHECK_FILE(/etc/sparclinux-release,with_distro="sparclinux") AC_CHECK_FILE(/etc/centos-release,with_distro="centos") AC_CHECK_FILE(/etc/fedora-release,with_distro="fedora") AC_CHECK_FILE(/etc/SuSE-release,with_distro="suse") AC_CHECK_FILE(/etc/gentoo-release,with_distro="gentoo") AC_CHECK_FILE(/etc/debian_version,with_distro="debian") AC_CHECK_FILE(/etc/arch-release,with_distro="arch") AC_CHECK_FILE(/etc/slackware-version,with_distro="slackware") AC_CHECK_FILE(/etc/plamo-version,with_distro="plamo") AC_CHECK_FILE(/etc/frugalware-release,with_distro="frugalware") AC_CHECK_FILE(/etc/mandrakelinux-release, with_distro="openmandriva") AC_CHECK_FILE(/etc/mandriva-release,with_distro="openmandriva") AC_CHECK_FILE(/etc/pardus-release,with_distro="pardus") AC_CHECK_FILE(/etc/altlinux-release,with_distro="altlinux") AC_CHECK_FILE(/etc/pld-release,with_distro="pld") fi with_distro=$(echo ${with_distro} | tr '[[:upper:]]' '[[:lower:]]') if test "z$with_distro" = "zforsparc"; then with_distro="sparclinux" fi if test "z$with_distro" = "z"; then with_distro="unknown" fi case $with_distro in ubuntu|raspbian) distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/default" ;; redhat|redhatenterpriseserver|centos|fedora|oracle|oracleserver|sparclinux|altlinux|suse|opensuse*|plamo|pld) distroconf=default.conf.lxcbr distrosysconf="$sysconfdir/sysconfig" ;; *) distroconf=default.conf.unknown distrosysconf="$sysconfdir/default" ;; esac AC_MSG_RESULT([$with_distro]) AM_CONDITIONAL([HAVE_DEBIAN], [test x"$with_distro" = "xdebian" -o x"$with_distro" = "xubuntu" -o x"$with_distro" = "xraspbian"]) AM_CONDITIONAL([DISTRO_UBUNTU], [test "x$with_distro" = "xubuntu"]) AC_CONFIG_LINKS([config/etc/default.conf:config/etc/${distroconf}]) # Check for init system type AC_MSG_CHECKING([for init system type]) AC_ARG_WITH([init-script], [AS_HELP_STRING([--with-init-script@<:@=TYPE@<:@,TYPE,...@:>@@:>@], [Type(s) of init script to install: sysvinit, systemd, upstart, distro @<:@default=distro@:>@])],[],[with_init_script=distro]) case "$with_init_script" in distro) case $with_distro in fedora|altlinux|opensuse*) init_script=systemd ;; redhat|redhatenterpriseserver|oracle|oracleserver|sparclinux|plamo) init_script=sysvinit ;; centos) init_script=sysvinit,systemd ;; debian|raspbian|ubuntu) init_script=upstart,systemd ;; pld) init_script=sysvinit,upstart,systemd ;; *) echo -n "Linux distribution init system unknown." init_script= ;; esac ;; *) init_script=$with_init_script ;; esac # Check valid init systems were given, run in subshell so we don't mess up IFS (IFS="," ; for init_sys in $init_script; do case "$init_sys" in none|sysvinit|systemd|upstart) ;; *) exit 1 ;; esac done) || AC_MSG_ERROR([Unknown init system type in $init_script]) AM_CONDITIONAL([INIT_SCRIPT_SYSV], [echo "$init_script" |grep -q "sysvinit"]) AM_CONDITIONAL([INIT_SCRIPT_SYSTEMD], [echo "$init_script" |grep -q "systemd"]) AM_CONDITIONAL([INIT_SCRIPT_UPSTART], [echo "$init_script" |grep -q "upstart"]) AC_MSG_RESULT($init_script) # systemd unit dir AC_ARG_WITH([systemdsystemunitdir], AS_HELP_STRING([--with-systemdsystemunitdir=DIR], [Directory for systemd service files]), [with_systemdsystemunitdir=$withval], [with_systemdsystemunitdir=$($PKG_CONFIG --variable=systemdsystemunitdir systemd)]) if test -z "$with_systemdsystemunitdir"; then with_systemdsystemunitdir=/lib/systemd/system fi if test "x$with_systemdsystemunitdir" != "xno"; then AC_SUBST([SYSTEMD_UNIT_DIR], [$with_systemdsystemunitdir]) fi AC_ARG_ENABLE([werror], [AS_HELP_STRING([--disable-werror], [do not treat warnings as errors])], [enable_werror=$enableval], [enable_werror=yes]) AC_ARG_ENABLE([no_undefined], [AS_HELP_STRING([--disable-no-undefined], [do not pass -Wl,--no-undefined])], [enable_no_undefined=$enableval], [enable_no_undefined=yes]) AM_CONDITIONAL([ENABLE_NO_UNDEFINED], [test "x$enable_no_undefined" = "xyes"]) AC_ARG_ENABLE([fuzzers], [AS_HELP_STRING([--enable-fuzzers], [compile with fuzzers])], [enable_fuzzers=$enableval], [enable_fuzzers=no]) AM_CONDITIONAL([ENABLE_FUZZERS], [test "x$enable_fuzzers" = "xyes"]) AM_CONDITIONAL([OSS_FUZZ], [test "x$LIB_FUZZING_ENGINE" != x]) # Allow disabling rpath AC_ARG_ENABLE([rpath], [AS_HELP_STRING([--enable-rpath], [set rpath in executables [default=no]])], [enable_rpath=$enableval], [enable_rpath=no]) AM_CONDITIONAL([ENABLE_RPATH], [test "x$enable_rpath" = "xyes"]) # Documentation (manpages) AC_ARG_ENABLE([doc], [AS_HELP_STRING([--enable-doc], [make man pages [default=auto]])], [enable_doc=$enableval], [enable_doc=auto]) if test "x$enable_doc" = "xyes" -o "x$enable_doc" = "xauto"; then db2xman="" dbparsers="docbook2X2man docbook2x-man db2x_docbook2man docbook2man docbook-to-man" AC_MSG_CHECKING(for docbook2x-man) for name in ${dbparsers}; do if "$name" --help >/dev/null 2>&1; then db2xman="$name" break; fi done if test -n "${db2xman}"; then AC_MSG_RESULT([${db2xman}]) enable_doc="yes" else AC_MSG_RESULT([no]) if test "x$enable_doc" = "xyes"; then AC_MSG_ERROR([docbook2x-man is required, but could not be found]) fi enable_doc="no" fi AC_SUBST(db2xman) fi AM_CONDITIONAL([ENABLE_DOCBOOK], [test "x$db2xman" != "x"]) AM_CONDITIONAL([USE_DOCBOOK2X], [test "x$db2xman" != "xdocbook2man"]) if test "x$db2xman" = "xdocbook2man"; then docdtd="\"-//Davenport//DTD DocBook V3.0//EN\"" else docdtd="\"-//OASIS//DTD DocBook XML\" \"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd\"" fi AC_SUBST(docdtd) # Documentation (API) AC_ARG_ENABLE([api-docs], [AS_HELP_STRING([--enable-api-docs], [make API documentation [default=auto]])], [enable_api_docs=$enableval], [enable_api_docs=auto]) if test "x$enable_api_docs" = "xyes" -o "x$enable_api_docs" = "xauto"; then AC_CHECK_PROGS([HAVE_DOXYGEN],[doxygen]) AC_SUBST([HAVE_DOXYGEN]) if test "x$HAVE_DOXYGEN" != "x"; then enable_api_docs="yes" else if test "x$enable_api_docs" = "xyes"; then AC_MSG_ERROR([doxygen is required, but could not be found]) fi enable_api_docs="no" fi fi AM_CONDITIONAL([ENABLE_API_DOCS], [test "x$HAVE_DOXYGEN" != "x"]) AC_CONFIG_MACRO_DIRS([config]) # Apparmor AC_ARG_ENABLE([apparmor], [AS_HELP_STRING([--enable-apparmor], [enable apparmor support [default=auto]])], [enable_apparmor=$enableval], [enable_apparmor=auto]) if test "$enable_apparmor" = "auto" ; then AC_CHECK_LIB([apparmor],[aa_change_profile],[enable_apparmor=yes], [enable_apparmor=no]) fi AM_CONDITIONAL([ENABLE_APPARMOR], [test "x$enable_apparmor" = "xyes"]) # OpenSSL # libssl-dev AC_ARG_ENABLE([openssl], [AS_HELP_STRING([--enable-openssl], [enable OpenSSL support [default=auto]])], [enable_openssl=$enableval], [enable_openssl=auto]) if test "$enable_openssl" = "auto" ; then AC_CHECK_LIB([ssl], [OPENSSL_init_ssl], [enable_openssl=yes], [enable_openssl=no]) fi AM_CONDITIONAL([ENABLE_OPENSSL], [test "x$enable_openssl" = "xyes"]) AC_ARG_ENABLE([static-binaries], [AS_HELP_STRING([--enable-static-binaries], [build all binaries statically [default=no]])], [enable_static_binaries=$enableval], [enable_static_binaries=no]) AM_CONDITIONAL([ENABLE_STATIC_BINARIES], [test "x$enable_static_binaries" = "xyes"]) AM_COND_IF([ENABLE_OPENSSL], [AC_CHECK_HEADER([openssl/engine.h],[],[AC_MSG_ERROR([You must install the OpenSSL development package in order to compile lxc])]) AM_COND_IF([ENABLE_STATIC_BINARIES], [AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto -ldl')], [AC_SUBST([OPENSSL_LIBS], '-lssl -lcrypto')])]) # SELinux AC_ARG_ENABLE([selinux], [AS_HELP_STRING([--enable-selinux], [enable SELinux support [default=auto]])], [enable_selinux=$enableval], [enable_selinux=auto]) if test "x$enable_selinux" = xauto; then AC_CHECK_LIB([selinux],[setexeccon_raw],[enable_selinux=yes],[enable_selinux=no]) fi AM_CONDITIONAL([ENABLE_SELINUX], [test "x$enable_selinux" = "xyes"]) AM_COND_IF([ENABLE_SELINUX], [AC_CHECK_HEADER([selinux/selinux.h],[],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) AC_CHECK_LIB([selinux], [setexeccon_raw],[true],[AC_MSG_ERROR([You must install the SELinux development package in order to compile lxc])]) AC_SUBST([SELINUX_LIBS], [-lselinux])]) # Seccomp syscall filter AC_ARG_ENABLE([seccomp], [AS_HELP_STRING([--enable-seccomp], [enable seccomp support [default=auto]])], [enable_seccomp=$enableval], [enable_seccomp=auto]) if test "x$enable_seccomp" = "xauto" ; then AC_CHECK_LIB([seccomp],[seccomp_init],[enable_seccomp=yes],[enable_seccomp=no]) fi AM_CONDITIONAL([ENABLE_SECCOMP], [test "x$enable_seccomp" = "xyes"]) AM_COND_IF([ENABLE_SECCOMP], [PKG_CHECK_MODULES([SECCOMP],[libseccomp],[],[ AC_CHECK_HEADER([seccomp.h],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) AC_CHECK_LIB([seccomp], [seccomp_init],[],[AC_MSG_ERROR([You must install the seccomp development package in order to compile lxc])]) AC_SUBST([SECCOMP_LIBS], [-lseccomp]) ]) # HAVE_SCMP_FILTER_CTX=1 will tell us we have libseccomp api >= 1.0.0 OLD_CFLAGS="$CFLAGS" CFLAGS="$CFLAGS $SECCOMP_CFLAGS" AC_CHECK_TYPES([scmp_filter_ctx], [], [], [[#include ]]) AC_CHECK_DECLS([seccomp_notify_fd], [], [], [[#include ]]) AC_CHECK_TYPES([struct seccomp_notif_sizes], [], [], [[#include ]]) AC_CHECK_DECLS([seccomp_syscall_resolve_name_arch], [], [], [[#include ]]) CFLAGS="$OLD_CFLAGS" ]) AC_MSG_CHECKING(for static libcap) # Check for static libcap, make sure the function checked for differs from the # the one checked below so the cache doesn't give a wrong answer OLD_CFLAGS="$CFLAGS" OLD_CPPFLAGS="$CPPFLAGS" OLD_LDFLAGS="$LDFLAGS" OLD_LIBS="$LIBS" CFLAGS="" CPPFLAGS="" LDFLAGS="-static" LIBS="-lcap" AC_LINK_IFELSE([ AC_LANG_SOURCE( [[int main() { return 0; }]] )],[have_static_libcap=yes],[have_static_libcap=no]) AM_CONDITIONAL([HAVE_STATIC_LIBCAP], [test "x$have_static_libcap" = "xyes"]) if test "x$have_static_libcap" = "xyes"; then AC_DEFINE([HAVE_STATIC_LIBCAP], 1, [Have static libcap]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi CPPFLAGS="$OLD_CPPFLAGS" CFLAGS="$OLD_CFLAGS" LDFLAGS="$OLD_LDFLAGS" LIBS="$OLD_LIBS" # Linux capabilities AC_ARG_ENABLE([capabilities], [AS_HELP_STRING([--enable-capabilities], [enable kernel capabilities support [default=auto]])], [enable_capabilities=$enableval], [enable_capabilities=auto]) if test "x$enable_capabilities" = "xauto"; then AC_CHECK_LIB([cap],[cap_set_proc],[enable_capabilities=yes],[enable_capabilities=no]) fi AM_CONDITIONAL([ENABLE_CAP], [test "x$enable_capabilities" = "xyes"]) AM_COND_IF([ENABLE_CAP], [AC_CHECK_HEADER([sys/capability.h],[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])]) AC_CHECK_LIB(cap,cap_set_proc,[],[AC_MSG_ERROR([You must install the libcap development package in order to compile lxc])]) # Test whether we support getting file capabilities via cap_get_file(). AC_CHECK_LIB(cap,cap_get_file, AC_DEFINE(LIBCAP_SUPPORTS_FILE_CAPABILITIES,1,[Have cap_get_file]),[],[]) AC_SUBST([CAP_LIBS], [-lcap])]) # Configuration examples AC_ARG_ENABLE([examples], [AS_HELP_STRING([--enable-examples], [install examples [default=yes]])], [enable_examples=$enableval], [enable_examples=yes]) AM_CONDITIONAL([ENABLE_EXAMPLES], [test "x$enable_examples" = "xyes"]) # Enable dumping stack traces AC_ARG_ENABLE([mutex-debugging], [AS_HELP_STRING([--enable-mutex-debugging], [Makes mutexes to report error and provide stack trace [default=no]])], [enable_mutex_debugging=$enableval], [enable_mutex_debugging=no]) AM_CONDITIONAL([MUTEX_DEBUGGING], [test "x$enable_mutex_debugging" = "xyes"]) AM_COND_IF([MUTEX_DEBUGGING], AC_DEFINE_UNQUOTED([MUTEX_DEBUGGING], 1, [Enabling mutex debugging])) # Not in older autoconf versions # AS_VAR_COPY(DEST, SOURCE) # ------------------------- # Set the polymorphic shell variable DEST to the contents of the polymorphic # shell variable SOURCE. m4_ifdef([AS_VAR_COPY], [], [AC_DEFUN([AS_VAR_COPY], [AS_LITERAL_IF([$1[]$2], [$1=$$2], [eval $1=\$$2])]) ]) dnl PKG_CHECK_VAR was introduced with pkg-config 0.28 m4_ifdef([PKG_CHECK_VAR], [], [AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl _PKG_CONFIG([$1], [variable="][$3]["], [$2]) AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])# PKG_CHECK_VAR ]) # Optional bash integration AC_ARG_ENABLE([bash], [AS_HELP_STRING([--enable-bash], [build bash integration [default=yes]])], [enable_bash=$enableval], [enable_bash=yes]) AM_CONDITIONAL([ENABLE_BASH], [test "x$enable_bash" = "xyes"]) AM_COND_IF([ENABLE_BASH], [AC_MSG_CHECKING([bash completion directory]) PKG_CHECK_VAR(bashcompdir, [bash-completion], [completionsdir], , bashcompdir="${sysconfdir}/bash_completion.d") AC_MSG_RESULT([$bashcompdir]) AC_SUBST(bashcompdir) ]) # Build the command line tools AC_ARG_ENABLE([tools], [AS_HELP_STRING([--enable-tools], [build the command line tools [default=yes]])], [enable_tools=$enableval], [enable_tools=yes]) AM_CONDITIONAL([ENABLE_TOOLS], [test "x$enable_tools" = "xyes"]) # Build the liblxc commands AC_ARG_ENABLE([commands], [AS_HELP_STRING([--enable-commands], [build the liblxc commands [default=yes]])], [enable_commands=$enableval], [enable_commands=yes]) AM_CONDITIONAL([ENABLE_COMMANDS], [test "x$enable_commands" = "xyes"]) AC_ARG_ENABLE([static-binaries], [AS_HELP_STRING([--enable-static-binaries], [build all binaries statically [default=no]])], [enable_static_binaries=$enableval], [enable_static_binaries=no]) AM_CONDITIONAL([ENABLE_STATIC_BINARIES], [test "x$enable_static_binaries" = "xyes"]) AC_ARG_ENABLE([sanitizers], [AS_HELP_STRING([--enable-sanitizers], [build with sanitizers enabled [default=no]])], [enable_sanitizers=$enableval], [enable_sanitizers=no]) AM_CONDITIONAL([ENABLE_SANITIZERS], [test "x$enable_sanitizers" = "xyes"]) if test "x$enable_sanitizers" = "xyes"; then AC_DEFINE([ENABLE_SANITIZERS], 1, [build with sanitizers enabled]) CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[ \ -fsanitize=address \ -fsanitize=undefined \ -fno-optimize-sibling-calls \ -fno-omit-frame-pointer]) AC_SUBST(AM_CFLAGS) CC_CHECK_FLAGS_APPEND([AM_LDFLAGS],[LDFLAGS],[ \ -fsanitize=address \ -fsanitize=undefined]) AC_SUBST(AM_LDFLAGS) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi if test "x$enable_fuzzers" = "xyes"; then if test "x$LIB_FUZZING_ENGINE" = x; then CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[ \ -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION \ -DRUN_ON_OSS_FUZZ=0 \ -fsanitize=fuzzer-no-link]) else CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[ \ -DRUN_ON_OSS_FUZZ=1]) fi fi if test "x$enable_fuzzers" = "xno" -a "x$enable_sanitizers" = "xno"; then CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[-flto=thin]) fi AC_SUBST(AM_CFLAGS) # Optional test binaries AC_ARG_ENABLE([tests], [AS_HELP_STRING([--enable-tests], [build test/example binaries [default=no]])], [enable_tests=$enableval], [enable_tests=no]) AM_CONDITIONAL([ENABLE_TESTS], [test "x$enable_tests" = "xyes"]) # Allow overriding the default runtime dir (/run) AC_ARG_WITH([runtime-path], [AS_HELP_STRING([--with-runtime-path=dir], [runtime directory (default: /run)])], [with_runtime_path=$withval], [with_runtime_path=['/run']]) # LXC container path, where the containers are actually stored # This is overridden by an entry in the file called LXCCONF # (i.e. /etc/lxc/lxc.conf) AC_ARG_WITH([config-path], [AS_HELP_STRING([--with-config-path=dir], [lxc configuration repository path])], [with_config_path=$withval], [with_config_path=['${localstatedir}/lib/lxc']]) # The path of the global lxc configuration file. AC_ARG_WITH([global-conf], [AS_HELP_STRING([--with-global-conf=dir], [global lxc configuration file])], [with_global_conf=$withval], [with_global_conf=['${sysconfdir}/lxc/lxc.conf']]) # The path of the userns network configuration file AC_ARG_WITH([usernic-conf], [AS_HELP_STRING([--with-usernic-conf], [user network interface configuration file])], [with_usernic_conf=$withval], [with_usernic_conf=['${sysconfdir}/lxc/lxc-usernet']]) # The path of the runtime usernic database AC_ARG_WITH([usernic-db], [AS_HELP_STRING([--with-usernic-db], [lxc user nic database])], [with_usernic_db=$withval], [with_usernic_db=['${with_runtime_path}/lxc/nics']]) # Rootfs path, where the container mount structure is assembled AC_ARG_WITH([rootfs-path], [AS_HELP_STRING([--with-rootfs-path=dir], [lxc rootfs mount point])], [with_rootfs_path=$withval], [with_rootfs_path=['${libdir}/lxc/rootfs']]) # cgroup pattern specification AC_ARG_WITH([cgroup-pattern], [AS_HELP_STRING([--with-cgroup-pattern=pattern], [pattern for container cgroups])], [with_cgroup_pattern=$withval], [with_cgroup_pattern=['']]) # The path for the apparmor_parser's cache for generated apparmor profiles AC_ARG_WITH([apparmor-cache-dir], [AS_HELP_STRING([--with-apparmor-cache-dir=dir],[path for apparmor_parser cache])], [with_apparmor_cache_dir=$withval], [with_apparmor_cache_dir=['${localstatedir}/cache/lxc/apparmor']]) # Container log path. By default, use $lxcpath. AC_MSG_CHECKING([Whether to place logfiles in container config path]) AC_ARG_ENABLE([configpath-log], [AS_HELP_STRING([--enable-configpath-log], [use logfiles in config path [default=no]])], [enable_configpath_log=$enableval], [enable_configpath_log=no]) AC_MSG_RESULT([$enable_configpath_log]) AM_CONDITIONAL([USE_CONFIGPATH_LOGS], [test "$enable_configpath_log" = "yes"]) if test "$enable_configpath_log" = "yes"; then default_log_path="${with_config_path}" else default_log_path="${localstatedir}/log/lxc" fi AC_ARG_WITH([log-path], [AS_HELP_STRING([--with-log-path=dir],[per container log path])], [with_log_path=$withval], [with_log_path=['${default_log_path}']]) # Expand some useful variables AS_AC_EXPAND(PREFIX, "$prefix") AS_AC_EXPAND(LIBDIR, "$libdir") AS_AC_EXPAND(BINDIR, "$bindir") AS_AC_EXPAND(SBINDIR, "$sbindir") AS_AC_EXPAND(LIBEXECDIR, "$libexecdir") AS_AC_EXPAND(INCLUDEDIR, "$includedir") AS_AC_EXPAND(SYSCONFDIR, "$sysconfdir") AS_AC_EXPAND(LXC_DEFAULT_CONFIG, "$sysconfdir/lxc/default.conf") AS_AC_EXPAND(DATADIR, "$datadir") AS_AC_EXPAND(LOCALSTATEDIR, "$localstatedir") AS_AC_EXPAND(DOCDIR, "$docdir") AS_AC_EXPAND(LXC_GENERATE_DATE, "$(date --utc --date=@${SOURCE_DATE_EPOCH:-$(date +%s)} '+%Y-%m-%d')") AS_AC_EXPAND(LXCPATH, "$with_config_path") AS_AC_EXPAND(LXC_GLOBAL_CONF, "$with_global_conf") AS_AC_EXPAND(LXC_USERNIC_CONF, "$with_usernic_conf") AS_AC_EXPAND(LXC_USERNIC_DB, "$with_usernic_db") AS_AC_EXPAND(LXC_DISTRO_SYSCONF, "$distrosysconf") AS_AC_EXPAND(LXCROOTFSMOUNT, "$with_rootfs_path") AS_AC_EXPAND(LXCTEMPLATEDIR, "$datadir/lxc/templates") AS_AC_EXPAND(LXCTEMPLATECONFIG, "$datadir/lxc/config") AS_AC_EXPAND(LXCHOOKDIR, "$datadir/lxc/hooks") AS_AC_EXPAND(LXCBINHOOKDIR, "$libexecdir/lxc/hooks") AS_AC_EXPAND(LXCINITDIR, "$libexecdir") AS_AC_EXPAND(LOGPATH, "$with_log_path") AS_AC_EXPAND(RUNTIME_PATH, "$with_runtime_path") AS_AC_EXPAND(APPARMOR_CACHE_DIR, "$with_apparmor_cache_dir") AC_SUBST(DEFAULT_CGROUP_PATTERN, ["$with_cgroup_pattern"]) # We need the install path so criu knows where to reference the hook scripts. AC_DEFINE_UNQUOTED([DATADIR], "$DATADIR", ["Prefix for shared files."]) # Check for some standard kernel headers AC_CHECK_HEADERS([linux/unistd.h linux/netlink.h linux/genetlink.h], [], AC_MSG_ERROR([Please install the Linux kernel headers.]), [#include ]) # Check for alternate C libraries AC_MSG_CHECKING(for bionic libc) AC_COMPILE_IFELSE([AC_LANG_PROGRAM( [[#ifndef __ANDROID__ error: Not bionic! #endif]])], [is_bionic=yes], [is_bionic=no]) if test "x$is_bionic" = "xyes"; then AC_DEFINE([IS_BIONIC], 1, [bionic libc]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi AM_CONDITIONAL([IS_BIONIC], [test "x$is_bionic" = "xyes"]) # Configuration examples AC_ARG_ENABLE([pam], [AS_HELP_STRING([--enable-pam], [enable pam module [default=no]])], [enable_pam=$enableval], [enable_pam=no]) AM_CONDITIONAL([ENABLE_PAM], [test "x$enable_pam" = "xyes"]) AM_COND_IF([ENABLE_PAM], [AC_ARG_WITH( [pamdir], [AS_HELP_STRING([--with-pamdir=PATH],[Specify the directory where PAM modules are stored, or "none" if PAM modules are not to be built])], [exec_pamdir=$withval], [ if test "${prefix}" = "/usr"; then exec_pamdir="/lib${libdir##*/lib}/security" else exec_pamdir="\$(libdir)/security" fi ] )]) AM_CONDITIONAL([HAVE_PAM], [test x"$exec_pamdir" != "xnone"]) AM_COND_IF([ENABLE_PAM], [if test "z$exec_pamdir" != "znone"; then AC_ARG_VAR([PAM_CFLAGS], [C compiler flags for pam]) AC_ARG_VAR([PAM_LIBS], [linker flags for pam]) AC_CHECK_LIB( [pam], [pam_authenticate], [PAM_LIBS="-lpam"], [AC_MSG_ERROR([*** libpam not found.]) ]) AC_SUBST(PAM_LIBS) AC_SUBST([exec_pamdir]) fi]) # Some systems lack PR_CAPBSET_DROP definition => HAVE_DECL_PR_CAPBSET_DROP AC_CHECK_DECLS([PR_CAPBSET_DROP], [], [], [#include ]) # Some systems lack PR_{G,S}ET_NO_NEW_PRIVS definition => HAVE_DECL_PR_{G,S}ET_NO_NEW_PRIVS AC_CHECK_DECLS([PR_SET_NO_NEW_PRIVS], [], [], [#include ]) AC_CHECK_DECLS([PR_GET_NO_NEW_PRIVS], [], [], [#include ]) # Check for some headers AC_CHECK_HEADERS([pty.h sys/memfd.h sys/personality.h sys/resource.h sys/signalfd.h sys/timerfd.h utmpx.h]) AC_CHECK_HEADER([ifaddrs.h], AM_CONDITIONAL(HAVE_IFADDRS_H, true) AC_DEFINE(HAVE_IFADDRS_H, 1, [Have ifaddrs.h]), AM_CONDITIONAL(HAVE_IFADDRS_H, false)) AC_ARG_ENABLE([liburing], [AS_HELP_STRING([--enable-liburing], [enable liburing support [default=auto]])], [enable_liburing=$enableval], [enable_liburing=auto]) if test "x$enable_liburing" = "auto"; then AC_CHECK_LIB([uring],[__io_uring_sqring_wait],[enable_liburing=yes],[enable_liburing=no]) fi AM_CONDITIONAL([ENABLE_LIBURING], [test "x$enable_liburing" = "xyes"]) AM_COND_IF([ENABLE_LIBURING], [AC_CHECK_HEADER([liburing.h],[],[AC_MSG_ERROR([You must install the liburing development package in order to compile lxc])]) # We use __io_uring_sqring_wait as an indicator whether liburing is new enough to support poll. AC_CHECK_LIB([uring],[__io_uring_sqring_wait],[],[AC_MSG_ERROR([The liburing development package in order to compile lxc])]) AC_SUBST([LIBURING_LIBS], [-luring])]) # lookup major()/minor()/makedev() AC_HEADER_MAJOR # Check for some syscalls functions AC_CHECK_FUNCS([setns pivot_root sethostname unshare rand_r confstr faccessat gettid memfd_create move_mount open_tree execveat clone3 fsopen fspick fsconfig fsmount openat2 close_range statvfs mount_setattr sigdescr_np]) AC_CHECK_TYPES([__aligned_u64], [], [], [[#include ]]) AC_CHECK_TYPES([struct mount_attr], [], [], [[#include ]]) AC_CHECK_TYPES([struct open_how], [], [], [[#include ]]) AC_CHECK_TYPES([struct clone_args], [], [], [[#include ]]) AC_CHECK_MEMBERS([struct clone_args.set_tid],[],[],[[#include ]]) AC_CHECK_MEMBERS([struct clone_args.cgroup],[],[],[[#include ]]) # Check for strerror_r() support. Defines: # - HAVE_STRERROR_R if available # - HAVE_DECL_STRERROR_R if defined # - STRERROR_R_CHAR_P if it returns char * AC_FUNC_STRERROR_R # Check for some functions AC_CHECK_LIB(pthread, main) AC_CHECK_LIB(util, openpty) AC_CHECK_FUNCS([hasmntopt setmntent endmntent utmpxname]) AC_CHECK_FUNCS([getgrgid_r], AM_CONDITIONAL(HAVE_GETGRGID_R, true) AC_DEFINE(HAVE_GETGRGID_R,1,[Have getgrgid_r]), AM_CONDITIONAL(HAVE_GETGRGID_R, false)) AC_CHECK_FUNCS([getline], AM_CONDITIONAL(HAVE_GETLINE, true) AC_DEFINE(HAVE_GETLINE,1,[Have getline]), AM_CONDITIONAL(HAVE_GETLINE, false)) AC_CHECK_FUNCS([getsubopt], AM_CONDITIONAL(HAVE_GETSUBOPT, true) AC_DEFINE(HAVE_GETSUBOPT,1,[Have getsubopt]), AM_CONDITIONAL(HAVE_GETSUBOPT, false)) AC_CHECK_FUNCS([fgetln], AM_CONDITIONAL(HAVE_FGETLN, true) AC_DEFINE(HAVE_FGETLN,1,[Have fgetln]), AM_CONDITIONAL(HAVE_FGETLN, false)) AC_CHECK_FUNCS([keyctl], AM_CONDITIONAL(HAVE_KEYCTL, true) AC_DEFINE(HAVE_KEYCTL,1,[Have keyctl]), AM_CONDITIONAL(HAVE_KEYCTL, false)) AC_CHECK_FUNCS([openpty], AM_CONDITIONAL(HAVE_OPENPTY, true) AC_DEFINE(HAVE_OPENPTY,1,[Have openpty]), AM_CONDITIONAL(HAVE_OPENPTY, false)) AC_CHECK_FUNCS([prlimit], AM_CONDITIONAL(HAVE_PRLIMIT, true) AC_DEFINE(HAVE_PRLIMIT,1,[Have prlimit]), AM_CONDITIONAL(HAVE_PRLIMIT, false)) AC_CHECK_FUNCS([prlimit64], AM_CONDITIONAL(HAVE_PRLIMIT64, true) AC_DEFINE(HAVE_PRLIMIT64,1,[Have prlimit64]), AM_CONDITIONAL(HAVE_PRLIMIT64, false)) AC_CHECK_FUNCS([pthread_setcancelstate], AM_CONDITIONAL(HAVE_PTHREAD_SETCANCELSTATE, true) AC_DEFINE(HAVE_PTHREAD_SETCANCELSTATE,1,[Have pthread_setcancelstate]), AM_CONDITIONAL(HAVE_PTHREAD_SETCANCELSTATE, false)) AC_CHECK_FUNCS([strlcpy], AM_CONDITIONAL(HAVE_STRLCPY, true) AC_DEFINE(HAVE_STRLCPY,1,[Have strlcpy]), AM_CONDITIONAL(HAVE_STRLCPY, false)) AC_CHECK_FUNCS([strlcat], AM_CONDITIONAL(HAVE_STRLCAT, true) AC_DEFINE(HAVE_STRLCAT,1,[Have strlcat]), AM_CONDITIONAL(HAVE_STRLCAT, false)) AC_CHECK_FUNCS([strchrnul], AM_CONDITIONAL(HAVE_STRCHRNUL, true) AC_DEFINE(HAVE_STRCHRNUL,1,[Have strchnul]), AM_CONDITIONAL(HAVE_STRCHRNUL, false)) AC_CHECK_FUNCS([fmemopen], AM_CONDITIONAL(HAVE_FMEMOPEN, true) AC_DEFINE(HAVE_FMEMOPEN,1,[Have fmemopen]), AM_CONDITIONAL(HAVE_FMEMOPEN, false)) # HAVE_STRUCT_RTNL_LINK_STATS64={0,1} AC_CHECK_TYPES([struct rtnl_link_stats64], [], [], [[#include ]]) # Check for some libraries AX_PTHREAD AC_SEARCH_LIBS(clock_gettime, [rt]) # Hardening flags CC_CHECK_FLAGS_APPEND([AM_CFLAGS],[CFLAGS],[ \ -fPIE \ -Wvla \ -std=gnu11 \ -fms-extensions \ -fdiagnostics-color \ -Wimplicit-fallthrough=5 \ -Wcast-align \ -Wstrict-prototypes \ -fno-strict-aliasing \ -fstack-clash-protection \ -fstack-protector-strong \ --param=ssp-buffer-size=4 \ -g \ --mcet -fcf-protection \ -Werror=implicit-function-declaration \ -Wlogical-op \ -Wmissing-include-dirs \ -Wold-style-definition \ -Winit-self \ -Wunused-but-set-variable \ -Wfloat-equal \ -Wsuggest-attribute=noreturn \ -Werror=return-type \ -Werror=incompatible-pointer-types \ -Wformat=2 \ -Wshadow \ -Wendif-labels \ -Werror=overflow \ -fdiagnostics-show-option \ -Werror=shift-count-overflow \ -Werror=shift-overflow=2 \ -Wdate-time \ -Wnested-externs \ -fasynchronous-unwind-tables \ -pipe \ -fexceptions \ -Warray-bounds \ -Wrestrict \ -Wreturn-local-addr \ -fsanitize=cfi \ -Wstringop-overflow]) AC_SUBST(AM_CFLAGS) CC_CHECK_FLAGS_APPEND([AM_LDFLAGS],[LDFLAGS],[ \ -Wl,--as-needed \ -Wl,--gc-sections \ -Wl,-z,relro \ -Wl,-z,now \ -pie \ -Wl,-fuse-ld=gold]) AM_COND_IF([ENABLE_NO_UNDEFINED], [CC_CHECK_FLAGS_APPEND([AM_LDFLAGS],[LDFLAGS],[-Wl,--no-undefined])]) AC_SUBST(AM_LDFLAGS) CFLAGS="$CFLAGS -Wvla -std=gnu11 -fms-extensions" if test "x$enable_werror" = "xyes"; then CFLAGS="$CFLAGS -Werror" fi AC_ARG_ENABLE([thread-safety], [AS_HELP_STRING([--enable-thread-safety], [enforce thread-safety otherwise fail the build [default=yes]])], [enable_thread_safety=$enableval], [enable_thread_safety=yes]) AM_CONDITIONAL([ENFORCE_THREAD_SAFETY], [test "x$enable_thread_safety" = "xyes"]) if test "x$enable_thread_safety" = "xyes"; then AC_DEFINE([ENFORCE_THREAD_SAFETY], 1, [enforce thread-safety otherwise fail the build]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi AC_ARG_ENABLE([coverity-build], [AS_HELP_STRING([--enable-coverity-build], [build for use with Coverity [default=no]])], [enable_coverity_build=$enableval], [enable_coverity_build=no]) AM_CONDITIONAL([ENABLE_COVERITY_BUILD], [test "x$enable_coverity_build" = "xyes"]) if test "x$enable_coverity_build" = "xyes"; then AC_DEFINE([ENABLE_COVERITY_BUILD], 1, [build for use with Coverity]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi AC_ARG_ENABLE([dlog], [AS_HELP_STRING([--enable-dlog], [enable dlog support [default=no]])], [enable_dlog=$enableval], [enable_dlog=no]) AM_CONDITIONAL([ENABLE_DLOG], [test "x$enable_dlog" = "xyes"]) AM_COND_IF([ENABLE_DLOG], [PKG_CHECK_MODULES([DLOG],[dlog],[],[ AC_CHECK_HEADER([dlog.h],[],[AC_MSG_ERROR([You must install the dlog development package in order to compile lxc])]) AC_CHECK_LIB([dlog], [dlog_print],[],[AC_MSG_ERROR([You must install the dlog development package in order to compile lxc])]) AC_SUBST([DLOG_LIBS], [-ldlog]) ]) ]) AC_ARG_ENABLE([memfd-rexec], [AS_HELP_STRING([--enable-memfd-rexec], [enforce liblxc as a memfd to protect against certain symlink attacks [default=yes]])], [enable_memfd_rexec=$enableval], [enable_memfd_rexec=yes]) AM_CONDITIONAL([ENFORCE_MEMFD_REXEC], [test "x$enable_memfd_rexec" = "xyes"]) if test "x$enable_memfd_rexec" = "xyes"; then AC_DEFINE([ENFORCE_MEMFD_REXEC], 1, [Rexec liblxc as memfd]) AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) fi # Files requiring some variable expansion AC_CONFIG_FILES([ Makefile lxc.pc lxc.spec coccinelle/Makefile config/Makefile config/apparmor/Makefile config/apparmor/abstractions/start-container config/selinux/Makefile config/bash/Makefile config/bash/lxc config/init/Makefile config/init/common/Makefile config/init/common/lxc-containers config/init/common/lxc-net config/init/systemd/Makefile config/init/systemd/lxc.service config/init/systemd/lxc@.service config/init/systemd/lxc-net.service config/init/systemd/lxc-monitord.service config/init/sysvinit/Makefile config/init/sysvinit/lxc-containers config/init/sysvinit/lxc-net config/init/upstart/lxc.conf config/init/upstart/lxc-net.conf config/init/upstart/Makefile config/etc/Makefile config/templates/Makefile config/templates/common.conf config/templates/common.conf.d/Makefile config/templates/nesting.conf config/templates/oci.common.conf config/templates/userns.conf config/yum/Makefile config/sysconfig/Makefile config/sysconfig/lxc doc/Makefile doc/api/Makefile doc/lxc-attach.sgml doc/lxc-autostart.sgml doc/lxc-cgroup.sgml doc/lxc-checkconfig.sgml doc/lxc-checkpoint.sgml doc/lxc-config.sgml doc/lxc-console.sgml doc/lxc-copy.sgml doc/lxc-create.sgml doc/lxc-destroy.sgml doc/lxc-device.sgml doc/lxc-execute.sgml doc/lxc-freeze.sgml doc/lxc-info.sgml doc/lxc-ls.sgml doc/lxc-monitor.sgml doc/lxc-snapshot.sgml doc/lxc-start.sgml doc/lxc-stop.sgml doc/lxc-top.sgml doc/lxc-unfreeze.sgml doc/lxc-unshare.sgml doc/lxc-update-config.sgml doc/lxc-user-nic.sgml doc/lxc-usernsexec.sgml doc/lxc-wait.sgml doc/pam_cgfs.sgml doc/lxc.conf.sgml doc/lxc.container.conf.sgml doc/lxc.system.conf.sgml doc/lxc-usernet.sgml doc/lxc.sgml doc/common_options.sgml doc/see_also.sgml doc/rootfs/Makefile doc/examples/Makefile doc/examples/lxc-macvlan.conf doc/examples/lxc-vlan.conf doc/examples/lxc-no-netns.conf doc/examples/lxc-empty-netns.conf doc/examples/lxc-phys.conf doc/examples/lxc-veth.conf doc/examples/lxc-complex.conf doc/ja/Makefile doc/ja/lxc-attach.sgml doc/ja/lxc-autostart.sgml doc/ja/lxc-cgroup.sgml doc/ja/lxc-checkconfig.sgml doc/ja/lxc-checkpoint.sgml doc/ja/lxc-config.sgml doc/ja/lxc-console.sgml doc/ja/lxc-copy.sgml doc/ja/lxc-create.sgml doc/ja/lxc-destroy.sgml doc/ja/lxc-device.sgml doc/ja/lxc-execute.sgml doc/ja/lxc-freeze.sgml doc/ja/lxc-info.sgml doc/ja/lxc-ls.sgml doc/ja/lxc-monitor.sgml doc/ja/lxc-snapshot.sgml doc/ja/lxc-start.sgml doc/ja/lxc-stop.sgml doc/ja/lxc-top.sgml doc/ja/lxc-unfreeze.sgml doc/ja/lxc-unshare.sgml doc/ja/lxc-update-config.sgml doc/ja/lxc-user-nic.sgml doc/ja/lxc-usernsexec.sgml doc/ja/lxc-wait.sgml doc/ja/pam_cgfs.sgml doc/ja/lxc.conf.sgml doc/ja/lxc.container.conf.sgml doc/ja/lxc.system.conf.sgml doc/ja/lxc-usernet.sgml doc/ja/lxc.sgml doc/ja/common_options.sgml doc/ja/see_also.sgml doc/ko/Makefile doc/ko/lxc-attach.sgml doc/ko/lxc-autostart.sgml doc/ko/lxc-cgroup.sgml doc/ko/lxc-checkconfig.sgml doc/ko/lxc-checkpoint.sgml doc/ko/lxc-config.sgml doc/ko/lxc-console.sgml doc/ko/lxc-copy.sgml doc/ko/lxc-create.sgml doc/ko/lxc-destroy.sgml doc/ko/lxc-device.sgml doc/ko/lxc-execute.sgml doc/ko/lxc-freeze.sgml doc/ko/lxc-info.sgml doc/ko/lxc-ls.sgml doc/ko/lxc-monitor.sgml doc/ko/lxc-snapshot.sgml doc/ko/lxc-start.sgml doc/ko/lxc-stop.sgml doc/ko/lxc-top.sgml doc/ko/lxc-unfreeze.sgml doc/ko/lxc-unshare.sgml doc/ko/lxc-user-nic.sgml doc/ko/lxc-usernsexec.sgml doc/ko/lxc-wait.sgml doc/ko/lxc.conf.sgml doc/ko/lxc.container.conf.sgml doc/ko/lxc.system.conf.sgml doc/ko/lxc-usernet.sgml doc/ko/lxc.sgml doc/ko/common_options.sgml doc/ko/see_also.sgml hooks/Makefile hooks/dhclient templates/Makefile templates/lxc-busybox templates/lxc-download templates/lxc-local templates/lxc-oci src/Makefile src/lxc/Makefile src/lxc/lxc.functions src/lxc/cmd/lxc-checkconfig src/lxc/cmd/lxc-update-config src/lxc/version.h src/tests/Makefile src/tests/lxc-test-usernic ]) AC_CONFIG_COMMANDS([default],[[]],[[]]) AC_OUTPUT # Configuration overview cat << EOF ---------------------------- Binaries - Command Line Tools: - lxc-attach: $enable_tools - lxc-autostart: $enable_tools - lxc-cgroup: $enable_tools - lxc-checkpoint: $enable_tools - lxc-config: $enable_tools - lxc-console: $enable_tools - lxc-copy: $enable_tools - lxc-create: $enable_tools - lxc-destroy: $enable_tools - lxc-device: $enable_tools - lxc-execute: $enable_tools - lxc-freeze: $enable_tools - lxc-info: $enable_tools - lxc-ls: $enable_tools - lxc-monitor: $enable_tools - lxc-snapshot: $enable_tools - lxc-start: $enable_tools - lxc-stop: $enable_tools - lxc-top: $enable_tools - lxc-unfreeze: $enable_tools - lxc-unshare: $enable_tools - lxc-wait: $enable_tools - liblxc Commands: - lxc-checkconfig: $enable_commands - lxc-update-config: $enable_commands - lxc-init: $enable_commands - lxc-monitord: $enable_commands - lxc-user-nic: $enable_commands - lxc-usernsexec: $enable_commands - static binaries: $enable_static_binaries Environment: - compiler: $CC - cflags: ${AM_CFLAGS} ${PTHREAD_CFLAGS} - ldflags: ${AM_LDFLAGS} ${PTHREAD_LIBS} - distribution: $with_distro - init script type(s): $init_script - rpath: $enable_rpath - OpenSSL: $enable_openssl - Bash integration: $enable_bash Security features: - Apparmor: $enable_apparmor - Linux capabilities: $enable_capabilities - seccomp: $enable_seccomp - SELinux: $enable_selinux - memfd rexec: $enable_memfd_rexec PAM: - PAM module: $enable_pam - cgroup PAM module: $exec_pamdir Documentation: - examples: $enable_examples - API documentation: $enable_api_docs - user documentation: $enable_doc Debugging: - Sanitizers: $enable_sanitizers - Coverity: $enable_coverity_build - mutex debugging: $enable_mutex_debugging - tests: $enable_tests - fuzzers: $enable_fuzzers Paths: - Logs in configpath: $enable_configpath_log Thread-safety: - enforce: $enable_thread_safety Dlog: - enable: $enable_dlog EOF lxc-5.0.0~git2209-g5a7b9ce67/CONTRIBUTING0000644061062106075000000000776714176403775014024 00000000000000Contributing to this project ---------------------------- This project accepts contributions. In order to contribute, you should pay attention to a few things: 1 - your code must follow the coding style rules 2 - the format of the submission must be GitHub pull requests 3 - your work must be signed Coding Style: ------------- The LXC project generally follows the Linux kernel coding style. However there are a few differences, these are outlined it CODING_STLYE.md The Linux kernel coding style guide can be found within the kernel tree: Documentation/process/coding-style.rst It can be accessed online too: https://www.kernel.org/doc/html/latest/process/coding-style.html Submitting Modifications: ------------------------- The contributions must be GitHub pull requests. Licensing for new files: ------------------------ LXC is made of files shipped under a few different licenses. Anything that ends up being part of the LXC library needs to be released under LGPLv2.1+ or a license compatible with it (though the latter will only be accepted for cases where the code originated elsewhere and was imported into LXC). Language bindings for the libraries need to be released under LGPLv2.1+. Anything else (non-libraries) needs to be Free Software and needs to be allowed to link with LGPLv2.1+ code (if needed). LXC upstream prefers LGPLv2.1+ or GPLv2 for those. When introducing a new file into the project, please make sure it has a copyright header making clear under which license it's being released and if it doesn't match the criteria described above, please explain your decision on the lxc-devel mailing-list when submitting your patch. Developer Certificate of Origin: -------------------------------- To improve tracking of contributions to this project we will use a process modeled on the modified DCO 1.1 and use a "sign-off" procedure. The sign-off is a simple line at the end of the explanation for the patch, which certifies that you wrote it or otherwise have the right to pass it on as an open-source patch. The rules are pretty simple: if you can certify the below: By making a contribution to this project, I certify that: (a) The contribution was created in whole or in part by me and I have the right to submit it under the open source license indicated in the file; or (b) The contribution is based upon previous work that, to the best of my knowledge, is covered under an appropriate open source License and I have the right under that license to submit that work with modifications, whether created in whole or in part by me, under the same open source license (unless I am permitted to submit under a different license), as indicated in the file; or (c) The contribution was provided directly to me by some other person who certified (a), (b) or (c) and I have not modified it. (d) The contribution is made free of any other party's intellectual property claims or rights. (e) I understand and agree that this project and the contribution are public and that a record of the contribution (including all personal information I submit with it, including my sign-off) is maintained indefinitely and may be redistributed consistent with this project or the open source license(s) involved. then you just add a line saying Signed-off-by: Random J Developer You can do it by using option -s or --signoff when you commit git commit --signoff ... using your real name (sorry, no pseudonyms or anonymous contributions.) In addition we support the following DCOs which maintainers can use to indicate that a patch is acceptable: Acked-by: Random J Developer Reviewed-by: Random J Developer If you are contributing as a group who is implementing a feature together such that it cannot be reasonably attributed to a single developer please use: Co-developed-by: Random J Developer 1 Co-developed-by: Random J Developer 2 lxc-5.0.0~git2209-g5a7b9ce67/COPYING0000644061062106075000000000017514176403775013207 00000000000000All files have SPDX headers that declare what license applies. The applicable licenses are included in the code repository. lxc-5.0.0~git2209-g5a7b9ce67/CODING_STYLE.md0000644061062106075000000006541314176403775014427 00000000000000LXC Coding Style Guide ====================== In general the LXC project follows the Linux kernel coding style. However, there are a few differences. They are outlined in this document. The Linux kernel coding style guide can be found within the kernel tree: Documentation/process/coding-style.rst It can be accessed online too: https://www.kernel.org/doc/html/latest/process/coding-style.html ## 1) General Notes - The coding style guide refers to new code. But legacy code can be cleaned up and we are happy to take those patches. - Just because there is still code in LXC that doesn't adhere to the coding standards outlined here does not license not adhering to the coding style. In other words: please stick to the coding style. - Maintainers are free to ignore rules specified here when merging pull requests. This guideline might seem a little weird but it exits to ease new developers into the code base and to prevent unnecessary bikeshedding. If a maintainer feels hat enforcing a specific rule in a given commit would do more harm than good they should always feel free to ignore the rule. Furthermore, when merging pull requests that do not adhere to our coding style maintainers should feel free to grab the commit, adapt it to our coding style and add their Signed-off-by line to it. This is especially helpful to make it easier for first-time contributors and to prevent having pull requests being stuck in the merge queue because of minor details. - We currently do not provide automatic coding style checks but if a suitable tool is found we are happy to integrate it into our test suite. It is possible and recommended to use the `clang-format` binary to check your code. The following options are an approximation of the coding style used here. Simply create a file called `.clang-format` in your home directory with the following options: ```sh cat << EOF > "${HOME}"/.clang-format AlignEscapedNewlines: Left BreakBeforeBraces: Attach AlwaysBreakBeforeMultilineStrings: false BreakBeforeBinaryOperators: None MaxEmptyLinesToKeep: 1 PenaltyBreakBeforeFirstCallParameter: 1000000 BinPackArguments: true BinPackParameters: true AllowAllParametersOfDeclarationOnNextLine: false AlignAfterOpenBracket: true SpacesInSquareBrackets: false SpacesInCStyleCastParentheses: false SpaceInEmptyParentheses: false SpaceBeforeParens: ControlStatements SpaceAfterCStyleCast: false SortIncludes: true PenaltyReturnTypeOnItsOwnLine: 10000 PenaltyExcessCharacter: 10 Language: Cpp ForEachMacros: ['lxc_list_for_each', 'lxc_list_for_each_safe'] AllowShortLoopsOnASingleLine: false AllowShortIfStatementsOnASingleLine: false AllowShortFunctionsOnASingleLine: None AllowShortCaseLabelsOnASingleLine: false AllowShortBlocksOnASingleLine: false BasedOnStyle: LLVM TabWidth: 8 IndentWidth: 8 UseTab: Always BreakBeforeBraces: Linux AllowShortIfStatementsOnASingleLine: false IndentCaseLabels: false EOF ``` However, it will not handle all cases correctly. For example, most `struct` initializations will not be correct. In such cases please refer to the coding style here. ## 2) Only Use Tabs - LXC uses tabs. ## 3) Only use `/* */` Style Comments - Any comments that are added must use `/* */`. - Single-line comments should start on the same line as the opening `/*`. - Single-line comments should simply be placed between `/* */`. For example: ```C /* Define pivot_root() if missing from the C library */ ``` - Mutli-line comment should start on the next line following the opening `/*`and should end with the closing `*/` on a separate line. For example: ```C /* * At this point the old-root is mounted on top of our new-root * To unmounted it we must not be chdir()ed into it, so escape back * to old-root. */ ``` ## 4) Try To Wrap At 80chars - This is not strictly enforced. It is perfectly valid to sometimes overflow this limit if it helps clarity. Nonetheless, try to stick to it and use common sense to decide when not to. ## 5) Error Messages - Error messages must start with a capital letter and must **not** end with a punctuation sign. - They should be descriptive, without being needlessly long. It is best to just use already existing error messages as examples. - The commit message itself is not subject to rule 4), i.e. it should not be wrapped at 80chars. This is to make it easy to grep for it. - Examples of acceptable error messages are: ```C SYSERROR("Failed to create directory \"%s\"", path); WARN("\"/dev\" directory does not exist. Proceeding without autodev being set up"); ``` ## 6) Set `errno` - Functions that can fail in a non-binary way should return `-1` and set `errno` to a meaningful error code. As a convenience LXC provides the `minus_one_set_errno` macro: ```C static int set_config_net_l2proxy(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { struct lxc_netdev *netdev = data; unsigned int val = 0; int ret; if (lxc_config_value_empty(value)) return clr_config_net_l2proxy(key, lxc_conf, data); if (!netdev) return minus_one_set_errno(EINVAL); ret = lxc_safe_uint(value, &val); if (ret < 0) return minus_one_set_errno(-ret); switch (val) { case 0: netdev->l2proxy = false; return 0; case 1: netdev->l2proxy = true; return 0; } return minus_one_set_errno(EINVAL); } ``` ## 7) All Unexported Functions Must Be Declared `static` - Functions which are only used in the current file and are not exported within the codebase need to be declared with the `static` attribute. ## 8) All Exported Functions Must Be Declared `extern` In A Header File - Functions declared in header files (`*.h`) should use the `extern` keyword. - Functions declared in source files (`*.c`) should not use the `extern` keyword. ## 9) Declaring Variables - variables should be declared at the top of the function or at the beginning of a new scope but **never** in the middle of a scope. They should be ordered in the following way: 1. automatically freed variables - This specifically references variables cleaned up via the `cleanup` attribute as supported by `gcc` and `clang`. 2. initialized variables 3. uninitialized variables General rules are: - put base types before complex types - put standard types defined by libc before types defined by LXC - put multiple declarations of the same type on the same line - Examples of good declarations can be seen in the following function: ```C int lxc_clear_procs(struct lxc_conf *c, const char *key) { struct lxc_list *it, *next; bool all = false; const char *k = NULL; if (strcmp(key, "lxc.proc") == 0) all = true; else if (strncmp(key, "lxc.proc.", sizeof("lxc.proc.") - 1) == 0) k = key + sizeof("lxc.proc.") - 1; else return -1; lxc_list_for_each_safe(it, &c->procs, next) { struct lxc_proc *proc = it->elem; if (!all && strcmp(proc->filename, k) != 0) continue; lxc_list_del(it); free(proc->filename); free(proc->value); free(proc); free(it); } return 0; } ``` ## 10) Functions Not Returning Booleans Must Assign Return Value Before Performing Checks - When checking whether a function not returning booleans was successful or not the returned value must be assigned before it is checked (`str{n}cmp()` functions being one notable exception). For example: ```C /* assign value to "ret" first */ ret = mount(sourcepath, cgpath, "cgroup", remount_flags, NULL); /* check whether function was successful */ if (ret < 0) { SYSERROR("Failed to remount \"%s\" ro", cgpath); free(sourcepath); return -1; } ``` Functions returning booleans can be checked directly. For example: ```C extern bool lxc_string_in_array(const char *needle, const char **haystack); /* check right away */ if (lxc_string_in_array("ns", (const char **)h->subsystems)) continue; ``` ## 11) Non-Boolean Functions That Behave Like Boolean Functions Must Explicitly Check Against A Value - This rule mainly exists for `str{n}cmp()` type functions. In most cases they are used like a boolean function to check whether a string matches or not. But they return an integer. It is perfectly fine to check `str{n}cmp()` functions directly but you must compare explicitly against a value. That is to say, while they are conceptually boolean functions they shouldn't be treated as such since they don't really behave like boolean functions. So `if (!str{n}cmp())` and `if (str{n}cmp())` checks must not be used. Good examples are found in the following functions: ```C static int set_config_hooks(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) char *copy; if (lxc_config_value_empty(value)) return lxc_clear_hooks(lxc_conf, key); if (strcmp(key + 4, "hook") == 0) { ERROR("lxc.hook must not have a value"); return -1; } copy = strdup(value); if (!copy) return -1; if (strcmp(key + 9, "pre-start") == 0) return add_hook(lxc_conf, LXCHOOK_PRESTART, copy); else if (strcmp(key + 9, "start-host") == 0) return add_hook(lxc_conf, LXCHOOK_START_HOST, copy); else if (strcmp(key + 9, "pre-mount") == 0) return add_hook(lxc_conf, LXCHOOK_PREMOUNT, copy); else if (strcmp(key + 9, "autodev") == 0) return add_hook(lxc_conf, LXCHOOK_AUTODEV, copy); else if (strcmp(key + 9, "mount") == 0) return add_hook(lxc_conf, LXCHOOK_MOUNT, copy); else if (strcmp(key + 9, "start") == 0) return add_hook(lxc_conf, LXCHOOK_START, copy); else if (strcmp(key + 9, "stop") == 0) return add_hook(lxc_conf, LXCHOOK_STOP, copy); else if (strcmp(key + 9, "post-stop") == 0) return add_hook(lxc_conf, LXCHOOK_POSTSTOP, copy); else if (strcmp(key + 9, "clone") == 0) return add_hook(lxc_conf, LXCHOOK_CLONE, copy); else if (strcmp(key + 9, "destroy") == 0) return add_hook(lxc_conf, LXCHOOK_DESTROY, copy); free(copy); return -1; } ``` ## 12) Do Not Use C99 Variable Length Arrays (VLA) - They are made optional and there is no guarantee that future C standards will support them. ## 13) Use Standard libc Macros When Exiting - libc provides `EXIT_FAILURE` and `EXIT_SUCCESS`. Use them whenever possible in the child of `fork()`ed process or when exiting from a `main()` function. ## 14) Use `goto`s `goto`s are an essential language construct of C and are perfect to perform cleanup operations or simplify the logic of functions. However, here are the rules to use them: - use descriptive `goto` labels. For example, if you know that this label is only used as an error path you should use something like `on_error` instead of `out` as label name. - **only** jump downwards unless you are handling `EAGAIN` errors and want to avoid `do-while` constructs. - An example of a good usage of `goto` is: ```C static int set_config_idmaps(const char *key, const char *value, struct lxc_conf *lxc_conf, void *data) { unsigned long hostid, nsid, range; char type; int ret; struct lxc_list *idmaplist = NULL; struct id_map *idmap = NULL; if (lxc_config_value_empty(value)) return lxc_clear_idmaps(lxc_conf); idmaplist = malloc(sizeof(*idmaplist)); if (!idmaplist) goto on_error; idmap = malloc(sizeof(*idmap)); if (!idmap) goto on_error; memset(idmap, 0, sizeof(*idmap)); ret = parse_idmaps(value, &type, &nsid, &hostid, &range); if (ret < 0) { ERROR("Failed to parse id mappings"); goto on_error; } INFO("Read uid map: type %c nsid %lu hostid %lu range %lu", type, nsid, hostid, range); if (type == 'u') idmap->idtype = ID_TYPE_UID; else if (type == 'g') idmap->idtype = ID_TYPE_GID; else goto on_error; idmap->hostid = hostid; idmap->nsid = nsid; idmap->range = range; idmaplist->elem = idmap; lxc_list_add_tail(&lxc_conf->id_map, idmaplist); if (!lxc_conf->root_nsuid_map && idmap->idtype == ID_TYPE_UID) if (idmap->nsid == 0) lxc_conf->root_nsuid_map = idmap; if (!lxc_conf->root_nsgid_map && idmap->idtype == ID_TYPE_GID) if (idmap->nsid == 0) lxc_conf->root_nsgid_map = idmap; idmap = NULL; return 0; on_error: free(idmaplist); free(idmap); return -1; } ``` ## 15) Use Booleans instead of integers - When something can be conceptualized in a binary way use a boolean not an integer. ## 16) Cleanup Functions Must Handle The Object's Null Type And Being Passed Already Cleaned Up Objects - If you implement a custom cleanup function to e.g. free a complex type you declared you must ensure that the object's null type is handled and treated as a NOOP. For example: ```C void lxc_free_array(void **array, lxc_free_fn element_free_fn) { void **p; for (p = array; p && *p; p++) element_free_fn(*p); free((void*)array); } ``` - Cleanup functions should also expect to be passed already cleaned up objects. One way to handle this cleanly is to initialize the cleaned up variable to a special value that signals the function that the element has already been freed on the next call. For example, the following function cleans up file descriptors and sets the already closed file descriptors to `-EBADF`. On the next call it can simply check whether the file descriptor is positive and move on if it isn't: ```C static void lxc_put_attach_clone_payload(struct attach_clone_payload *p) { if (p->ipc_socket >= 0) { shutdown(p->ipc_socket, SHUT_RDWR); close(p->ipc_socket); p->ipc_socket = -EBADF; } if (p->pty_fd >= 0) { close(p->pty_fd); p->pty_fd = -EBADF; } if (p->init_ctx) { lxc_proc_put_context_info(p->init_ctx); p->init_ctx = NULL; } } ``` ## 17) Cast to `(void)` When Intentionally Ignoring Return Values - There are cases where you do not care about the return value of a function. Please cast the return value to `(void)` when doing so. - Standard library functions or functions which are known to be ignored by default do not need to be cast to `(void)`. Classical candidates are `close()` and `fclose()`. - A good example is: ```C for (i = 0; hierarchies[i]; i++) { char *fullpath; char *path = hierarchies[i]->fullcgpath; ret = chowmod(path, destuid, nsgid, 0755); if (ret < 0) return -1; /* failures to chown() these are inconvenient but not * detrimental we leave these owned by the container launcher, * so that container root can write to the files to attach. we * chmod() them 664 so that container systemd can write to the * files (which systemd in wily insists on doing). */ if (hierarchies[i]->version == cgroup_super_magic) { fullpath = must_make_path(path, "tasks", null); (void)chowmod(fullpath, destuid, nsgid, 0664); free(fullpath); } fullpath = must_make_path(path, "cgroup.procs", null); (void)chowmod(fullpath, destuid, 0, 0664); free(fullpath); if (hierarchies[i]->version != cgroup2_super_magic) continue; fullpath = must_make_path(path, "cgroup.subtree_control", null); (void)chowmod(fullpath, destuid, nsgid, 0664); free(fullpath); fullpath = must_make_path(path, "cgroup.threads", null); (void)chowmod(fullpath, destuid, nsgid, 0664); free(fullpath); } ``` ## 18) Use `for (;;)` instead of `while (1)` or `while (true)` - Let's be honest, it is really the only sensible way to do this. ## 19) Use The Set Of Supported DCO Statements - Signed-off-by: Random J Developer - You did write this code or have the right to contribute it to LXC. - Acked-by: Random J Developer - You did read the code and think it is correct. This is usually only used by maintainers or developers that have made significant contributions and can vouch for the correctness of someone else's code. - Reviewed-by: Random J Developer - You did review the code and vouch for its correctness, i.e. you'd be prepared to fix bugs it might cause. This is usually only used by maintainers or developers that have made significant contributions and can vouch for the correctness of someone else's code. - Co-developed-by: Random J Developer - The code can not be reasonably attributed to a single developer, i.e. you worked on this together. - Tested-by: Random J Developer - You verified that the code fixes a given bug or is behaving as advertised. - Reported-by: Random J Developer - You found and reported the bug. - Suggested-by: Random J Developer - You wrote the code but someone contributed the idea. This line is usually overlooked but it is a sign of good etiquette and coding ethics: if someone helped you solve a problem or had a clever idea do not silently claim it by slapping your Signed-off-by underneath. Be honest and add a Suggested-by. ## 20) Commit Message Outline - You **must** stick to the 80chars limit especially in the title of the commit message. - Please use English commit messages only. - use meaningful commit messages. - Use correct spelling and grammar. If you are not a native speaker and/or feel yourself struggling with this it is perfectly fine to point this out and there's no need to apologize. Usually developers will be happy to pull your branch and adopt the commit message. - Please always use the affected file (without the file type suffix) or module as a prefix in the commit message. - Examples of good commit messages are: ```Diff commit b87243830e3b5e95fa31a17cf1bfebe55353bf13 Author: Felix Abecassis Date: Fri Feb 2 06:19:13 2018 -0800 hooks: change the semantic of NVIDIA_VISIBLE_DEVICES="" With LXC, you can override the value of an environment variable to null, but you can't unset an existing variable. The NVIDIA hook was previously activated when NVIDIA_VISIBLE_DEVICES was set to null. As a result, it was not possible to disable the hook by overriding the environment variable in the configuration. The hook can now be disabled by setting NVIDIA_VISIBLE_DEVICES to null or to the new special value "void". Signed-off-by: Felix Abecassis commit d6337a5f9dc7311af168aa3d586fdf239f5a10d3 Author: Christian Brauner Date: Wed Jan 31 16:25:11 2018 +0100 cgroups: get controllers on the unified hierarchy Signed-off-by: Christian Brauner ``` ## 21) Use `_exit()` To Terminate `fork()`ed Child Processes - When `fork()`ing off a child process use `_exit()` to terminate it instead of `exit()`. The `exit()` function is not thread-safe and thus not suited for the shared library which must ensure that it is thread-safe. ## 22) Keep Arrays of `struct`s Aligned Horizontally When Initializing - Arrays of `struct`s are: ```C struct foo_struct { int n; int m; int p; }; struct foo_struct new_instance[] = { { 1, 2, 3 }, { 4, 5, 6 }, { 7, 8, 9 }, }; ``` - Leave a single space after the opening `{` and before closing `}` of the largest member of the last column. - Always leave a single space between the largest member of the current column and the member in the next column. - A good example is ```C struct signame { int num; const char *name; }; static const struct signame signames[] = { { SIGHUP, "HUP" }, { SIGINT, "INT" }, { SIGQUIT, "QUIT" }, { SIGILL, "ILL" }, { SIGABRT, "ABRT" }, { SIGFPE, "FPE" }, { SIGKILL, "KILL" }, { SIGSEGV, "SEGV" }, { SIGPIPE, "PIPE" }, { SIGALRM, "ALRM" }, { SIGTERM, "TERM" }, { SIGUSR1, "USR1" }, { SIGUSR2, "USR2" }, { SIGCHLD, "CHLD" }, { SIGCONT, "CONT" }, { SIGSTOP, "STOP" }, { SIGTSTP, "TSTP" }, { SIGTTIN, "TTIN" }, { SIGTTOU, "TTOU" }, #ifdef SIGTRAP { SIGTRAP, "TRAP" }, #endif #ifdef SIGIOT { SIGIOT, "IOT" }, #endif #ifdef SIGEMT { SIGEMT, "EMT" }, #endif #ifdef SIGBUS { SIGBUS, "BUS" }, #endif #ifdef SIGSTKFLT { SIGSTKFLT, "STKFLT" }, #endif #ifdef SIGCLD { SIGCLD, "CLD" }, #endif #ifdef SIGURG { SIGURG, "URG" }, #endif #ifdef SIGXCPU { SIGXCPU, "XCPU" }, #endif #ifdef SIGXFSZ { SIGXFSZ, "XFSZ" }, #endif #ifdef SIGVTALRM { SIGVTALRM, "VTALRM" }, #endif #ifdef SIGPROF { SIGPROF, "PROF" }, #endif #ifdef SIGWINCH { SIGWINCH, "WINCH" }, #endif #ifdef SIGIO { SIGIO, "IO" }, #endif #ifdef SIGPOLL { SIGPOLL, "POLL" }, #endif #ifdef SIGINFO { SIGINFO, "INFO" }, #endif #ifdef SIGLOST { SIGLOST, "LOST" }, #endif #ifdef SIGPWR { SIGPWR, "PWR" }, #endif #ifdef SIGUNUSED { SIGUNUSED, "UNUSED" }, #endif #ifdef SIGSYS { SIGSYS, "SYS" }, #endif }; ``` ## 23) Use `strlcpy()` instead of `strncpy()` When copying strings always use `strlcpy()` instead of `strncpy()`. The advantage of `strlcpy()` is that it will always append a `\0` byte to the string. Unless you have a valid reason to accept truncation you must check whether truncation has occurred, treat it as an error, and handle the error appropriately. ## 24) Use `strlcat()` instead of `strncat()` When concatenating strings always use `strlcat()` instead of `strncat()`. The advantage of `strlcat()` is that it will always append a `\0` byte to the string. Unless you have a valid reason to accept truncation you must check whether truncation has occurred, treat it as an error, and handle the error appropriately. ## 25) Use `__fallthrough__` in switch statements If LXC detects that the compiler is new enough it will tell it to check `switch` statements for non-documented fallthroughs. Please always place a `__fallthrough__` after a `case` which falls through the next one. ```c int lxc_attach_run_command(void *payload) { int ret = -1; lxc_attach_command_t *cmd = payload; ret = execvp(cmd->program, cmd->argv); if (ret < 0) { switch (errno) { case ENOEXEC: ret = 126; break; case ENOENT: ret = 127; break; } } SYSERROR("Failed to exec \"%s\"", cmd->program); return ret; } ``` ## 24) Never use `fgets()` LXC does not allow the use of `fgets()`. Use `getline()` or other methods instead. ## 25) Never allocate memory on the stack This specifically forbids any usage of `alloca()` in the codebase. ## 26) Use cleanup macros supported by `gcc` and `clang` LXC has switched from manually cleaning up resources to using cleanup macros supported by `gcc` and `clang`: ```c __attribute__((__cleanup__())) ``` We do not allow manually cleanups anymore if there are appropriate macros. Currently the following macros are supported: ```c /* close file descriptor */ __do_close_prot_errno /* free allocated memory */ __do_free __attribute__((__cleanup__(__auto_free__))) /* close FILEs */ __do_fclose __attribute__((__cleanup__(__auto_fclose__))) /* close DIRs */ __do_closedir __attribute__((__cleanup__(__auto_closedir__))) ``` For example: ```c void turn_into_dependent_mounts(void) { __do_free char *line = NULL; __do_fclose FILE *f = NULL; __do_close int memfd = -EBADF, mntinfo_fd = -EBADF; int ret; ssize_t copied; size_t len = 0; mntinfo_fd = open("/proc/self/mountinfo", O_RDONLY | O_CLOEXEC); if (mntinfo_fd < 0) { SYSERROR("Failed to open \"/proc/self/mountinfo\""); return; } memfd = memfd_create(".lxc_mountinfo", MFD_CLOEXEC); if (memfd < 0) { char template[] = P_tmpdir "/.lxc_mountinfo_XXXXXX"; if (errno != ENOSYS) { SYSERROR("Failed to create temporary in-memory file"); return; } memfd = lxc_make_tmpfile(template, true); if (memfd < 0) { WARN("Failed to create temporary file"); return; } } again: copied = lxc_sendfile_nointr(memfd, mntinfo_fd, NULL, LXC_SENDFILE_MAX); if (copied < 0) { if (errno == EINTR) goto again; SYSERROR("Failed to copy \"/proc/self/mountinfo\""); return; } ret = lseek(memfd, 0, SEEK_SET); if (ret < 0) { SYSERROR("Failed to reset file descriptor offset"); return; } f = fdopen(memfd, "re"); if (!f) { SYSERROR("Failed to open copy of \"/proc/self/mountinfo\" to mark all shared. Continuing"); return; } /* * After a successful fdopen() memfd will be closed when calling * fclose(f). Calling close(memfd) afterwards is undefined. */ move_fd(memfd); while (getline(&line, &len, f) != -1) { char *opts, *target; target = get_field(line, 4); if (!target) continue; opts = get_field(target, 2); if (!opts) continue; null_endofword(opts); if (!strstr(opts, "shared")) continue; null_endofword(target); ret = mount(NULL, target, NULL, MS_SLAVE, NULL); if (ret < 0) { SYSERROR("Failed to recursively turn old root mount tree into dependent mount. Continuing..."); continue; } TRACE("Recursively turned old root mount tree into dependent mount"); } TRACE("Turned all mount table entries into dependent mount"); } ``` lxc-5.0.0~git2209-g5a7b9ce67/lxc.spec.in0000644061062106075000000002342414222071460014205 00000000000000# # lxc: linux Container library # # (C) Copyright IBM Corp. 2007, 2008 # # Authors: # Daniel Lezcano # # This library is free software; you can redistribute it and/or # modify it under the terms of the GNU Lesser General Public # License as published by the Free Software Foundation; either # version 2.1 of the License, or (at your option) any later version. # # This library is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU # Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public # License along with this library; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA # Set with_systemd on distros that use it, so we can install the service # file, otherwise the sysvinit script will be installed %if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 || 0%{?suse_version} >= 1210 %global with_systemd 1 %define init_script systemd # # BuildRequires systemd-units on fedora and rhel %if 0%{?fedora} >= 14 || 0%{?rhel} >= 7 BuildRequires: systemd-units %endif # # BuildRequires systemd on openSUSE and SUSE %if 0%{?suse_version} >= 1210 BuildRequires: systemd %endif %else %global with_systemd 0 %define init_script sysvinit %endif # Must use /var/run for runtime_path on older releases or dnsmasq in the # lxc-net script will not be able to write its pid in /run (selinux denial) %if 0%{?fedora} < 15 || 0%{?rhel} < 7 %define _with_runtime_path --with-runtime-path=/var/run %endif # RPM needs alpha/beta/rc in Release: not Version: to ensure smooth # package upgrades from alpha->beta->rc->release. For more info see: # http://fedoraproject.org/wiki/Packaging%3aNamingGuidelines#NonNumericRelease %if "x@LXC_VERSION_BETA@" != "x" %global beta_rel @LXC_VERSION_BETA@ %global beta_dot .%{beta_rel} %else %global norm_rel 1 %endif Name: @PACKAGE@ Version: @LXC_VERSION_BASE@ Release: %{?beta_rel:0.1.%{beta_rel}}%{?!beta_rel:%{norm_rel}}%{?dist} URL: http://linuxcontainers.org Source: http://linuxcontainers.org/downloads/%{name}-%{version}%{?beta_dot}.tar.gz Summary: Linux Containers userspace tools Group: Applications/System License: LGPLv2+ BuildRoot: %{_tmppath}/%{name}-%{version}-build Requires: openssl rsync dnsmasq bridge-utils Requires: %{name}-libs = %{version}-%{release} Requires(pre): /usr/sbin/useradd Requires(postun): /usr/sbin/userdel %if 0%{?fedora} < 15 || 0%{?rhel} < 7 Requires: libcgroup %endif # Note for Suse. The "docbook2X" BuildRequires does properly # match docbook2x on Suse in a case insensitive manner BuildRequires: libcap libcap-devel docbook2X graphviz libxslt pkgconfig # # Additional packages for openSUSE and SUSE # %if 0%{?suse_version} >= 1210 PreReq: permissions BuildRequires: libapparmor-devel linux-glibc-devel lsb-release docbook-utils # # libseccomp-devel only needed on i386/i586/i686 and X86_64 # %ifarch %ix86 x86_64 BuildRequires: libseccomp-devel %endif %endif # # Additional package for Tizen # %if %{defined tizen_version} BuildRequires: pkgconfig(dlog) %endif %description Containers are insulated areas inside a system, which have their own namespace for filesystem, network, PID, IPC, CPU and memory allocation and which can be created using the Control Group and Namespace features included in the Linux kernel. This package provides the lxc-* tools, which can be used to start a single daemon in a container, or to boot an entire "containerized" system, and to manage and debug your containers. %package libs Summary: Shared library files for %{name} Group: System Environment/Libraries %description libs The %{name}-libs package contains libraries for running %{name} applications. %package devel Summary: Development library for %{name} Group: Development/Libraries Requires: %{name} = %{version}-%{release}, pkgconfig %description devel The %{name}-devel package contains header files and library needed for development of the Linux containers. %prep %setup -q -n %{name}-%{version}%{?beta_dot} %build #Dont use pkgconfig to get bash completion dir and use backwards compatible location. export bashcompdir=%{_sysconfdir}/bash_completion.d PATH=$PATH:/usr/sbin:/sbin %configure $args \ %if "x%{_unitdir}" != "x" --with-systemdsystemunitdir=%{_unitdir} \ %endif %{?_with_runtime_path} \ --disable-rpath \ --with-init-script=%{init_script} make %{?_smp_mflags} %install rm -rf %{buildroot} make install DESTDIR=%{buildroot} find %{buildroot} -type f -name '*.la' -exec rm -f {} ';' %clean rm -rf %{buildroot} %pre # Ensure that lxc-dnsmasq uid & gid gets correctly allocated if getent passwd lxc-dnsmasq >/dev/null 2>&1 ; then : ; else \ /usr/sbin/useradd -M -r -s /sbin/nologin \ -c "LXC Networking Service" -d %_localstatedir/%name lxc-dnsmasq 2> /dev/null \ || exit 1 fi %post # This test should trigger a network configure on a new install. if [ ! -d @LXC_DISTRO_SYSCONF@ ] then mkdir -p @LXC_DISTRO_SYSCONF@ fi if [ ! -f @LXC_DISTRO_SYSCONF@/lxc-net ] || ! grep -q 'USE_LXC_BRIDGE=' @LXC_DISTRO_SYSCONF@/lxc-net then # Grab a random 10net subnet. Need to add test logic... while [ true ] do SUBNET=10.$(($RANDOM % 256)).$(($RANDOM % 256)) if ! ip -4 route ls | grep -q "^$SUBNET" then break fi done cat > @LXC_DISTRO_SYSCONF@/lxc-net </config) for any containers # already created using the default config to reflect the new bridge # name. # If you have the dnsmasq daemon installed, you'll also have to update # /etc/dnsmasq.d/lxc and restart the system wide dnsmasq daemon. LXC_BRIDGE="lxcbr0" LXC_BRIDGE_MAC="00:16:3e:00:00:00" LXC_ADDR="$SUBNET.1" LXC_NETMASK="255.255.255.0" LXC_NETWORK="$SUBNET.0/24" LXC_DHCP_RANGE="$SUBNET.2,$SUBNET.254" LXC_DHCP_MAX="253" # Uncomment the next line if you'd like to use a conf-file for the lxcbr0 # dnsmasq. For instance, you can use 'dhcp-host=mail1,10.0.3.100' to have # container 'mail1' always get ip address 10.0.3.100. #LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf # Whether to use nftables (if available) to configure required network rules. # Set to any value != "true" to force iptables backend instead. LXC_USE_NFT="true" # Uncomment the next line if you want lxcbr0's dnsmasq to resolve the .lxc # domain. You can then add "server=/lxc/10.0.3.1' (or your actual $LXC_ADDR) # to /etc/dnsmasq.conf, after which 'container1.lxc' will resolve on your # host. #LXC_DOMAIN="lxc" EOF fi %postun /usr/sbin/userdel lxc-dnsmasq > /dev/null 2>&1 || : %post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig %files %defattr(-,root,root) %{_bindir}/* # openSUSE/SUSE %if 0%{?suse_version} >= 1210 %dir %{_sysconfdir}/apparmor.d %dir %{_sysconfdir}/apparmor.d/abstractions %dir %{_sysconfdir}/apparmor.d/abstractions/%{name} %config %{_sysconfdir}/apparmor.d/abstractions/%{name}/container-base %config %{_sysconfdir}/apparmor.d/abstractions/%{name}/start-container %config %{_sysconfdir}/apparmor.d/%{name}-containers %dir %{_sysconfdir}/apparmor.d/%{name} %config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default %config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-mounting %config %{_sysconfdir}/apparmor.d/%{name}/%{name}-default-with-nesting %config %{_sysconfdir}/apparmor.d/usr.bin.%{name}-start %endif %{_mandir}/man1/lxc* %{_mandir}/man5/lxc* %{_mandir}/man7/lxc* # not openSUSE/SUSE %if %{undefined suse_version} %{_mandir}/ja/man1/lxc* %{_mandir}/ja/man5/lxc* %{_mandir}/ja/man7/lxc* %{_mandir}/ko/man1/lxc* %{_mandir}/ko/man5/lxc* %{_mandir}/ko/man7/lxc* %endif %{_datadir}/doc/* %{_datadir}/lxc/* %{_sysconfdir}/bash_completion.d %config(noreplace) %{_sysconfdir}/lxc/* %config(noreplace) %{_sysconfdir}/sysconfig/* %if %{with_systemd} %{_unitdir}/lxc-net.service %{_unitdir}/lxc.service %{_unitdir}/lxc@.service %{_unitdir}/lxc-monitord.service %else %{_sysconfdir}/rc.d/init.d/lxc %{_sysconfdir}/rc.d/init.d/lxc-net %endif %files libs %defattr(-,root,root) %{_sbindir}/* %{_libdir}/*.so.* %{_libdir}/*.a %{_libdir}/%{name} %{_localstatedir}/* %{_libexecdir}/%{name}/hooks/unmount-namespace %{_libexecdir}/%{name}/lxc-apparmor-load %{_libexecdir}/%{name}/lxc-monitord %attr(4111,root,root) %{_libexecdir}/%{name}/lxc-user-nic %if %{with_systemd} %attr(555,root,root) %{_libexecdir}/%{name}/lxc-net %attr(555,root,root) %{_libexecdir}/%{name}/lxc-containers %endif %files devel %defattr(-,root,root) %{_includedir}/%{name}/* %{_libdir}/*.so %{_libdir}/pkgconfig/* %changelog * Tue Oct 22 2013 Dwight Engen - 1.0.0-0.1.alpha2 - fix some rpmlint warnings/errors - split lua bits into separate package * Mon Sep 10 2012 Dwight Engen - 0.8.0 - fix lxc-init moved to libexec - .pc moved to _libdir - package template files /usr/share/lxc/templates * Thu Sep 8 2011 Greg Kurz - 0.7.5.1 - fix installed files for rpmbuild - introduce lxc-libs package * Fri Jul 23 2010 Daniel Lezcano - 0.7.2 - set attribute for installed files - fix libraries installation * Tue Mar 24 2009 Daniel Lezcano - 0.6.1 - Removed capability setting, let the user to do that through "lxc-setcap" * Mon Feb 16 2009 Daniel Lezcano - 0.6.0 - Added more capabilities to the executables * Sun Jan 25 2009 Daniel Lezcano - 0.6.0 - Reduced spec file * Sun Aug 3 2008 Daniel Lezcano - 0.1.0 - Initial RPM release. # Local variables: # mode: shell-script # sh-shell: rpm # end: lxc-5.0.0~git2209-g5a7b9ce67/LICENSE.LGPL2.10000644061062106075000000006364214176403775014147 00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! lxc-5.0.0~git2209-g5a7b9ce67/aclocal.m40000644061062106075000000015115114223133706014000 00000000000000# generated automatically by aclocal 1.16.5 -*- Autoconf -*- # Copyright (C) 1996-2021 Free Software Foundation, Inc. # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])]) m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl m4_if(m4_defn([AC_AUTOCONF_VERSION]), [2.71],, [m4_warning([this file was generated for autoconf 2.71. You have another version of autoconf. It may work, but is not guaranteed to. If you have problems, you may need to regenerate the build system entirely. To do so, use the procedure documented by the package, typically 'autoreconf'.])]) # pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*- # serial 12 (pkg-config-0.29.2) dnl Copyright © 2004 Scott James Remnant . dnl Copyright © 2012-2015 Dan Nicholson dnl dnl This program is free software; you can redistribute it and/or modify dnl it under the terms of the GNU General Public License as published by dnl the Free Software Foundation; either version 2 of the License, or dnl (at your option) any later version. dnl dnl This program is distributed in the hope that it will be useful, but dnl WITHOUT ANY WARRANTY; without even the implied warranty of dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU dnl General Public License for more details. dnl dnl You should have received a copy of the GNU General Public License dnl along with this program; if not, write to the Free Software dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA dnl 02111-1307, USA. dnl dnl As a special exception to the GNU General Public License, if you dnl distribute this file as part of a program that contains a dnl configuration script generated by Autoconf, you may include it under dnl the same distribution terms that you use for the rest of that dnl program. dnl PKG_PREREQ(MIN-VERSION) dnl ----------------------- dnl Since: 0.29 dnl dnl Verify that the version of the pkg-config macros are at least dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's dnl installed version of pkg-config, this checks the developer's version dnl of pkg.m4 when generating configure. dnl dnl To ensure that this macro is defined, also add: dnl m4_ifndef([PKG_PREREQ], dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])]) dnl dnl See the "Since" comment for each macro you use to see what version dnl of the macros you require. m4_defun([PKG_PREREQ], [m4_define([PKG_MACROS_VERSION], [0.29.2]) m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1, [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])]) ])dnl PKG_PREREQ dnl PKG_PROG_PKG_CONFIG([MIN-VERSION]) dnl ---------------------------------- dnl Since: 0.16 dnl dnl Search for the pkg-config tool and set the PKG_CONFIG variable to dnl first found in the path. Checks that the version of pkg-config found dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is dnl used since that's the first version where most current features of dnl pkg-config existed. AC_DEFUN([PKG_PROG_PKG_CONFIG], [m4_pattern_forbid([^_?PKG_[A-Z_]+$]) m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$]) m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$]) AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility]) AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path]) AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path]) if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then AC_PATH_TOOL([PKG_CONFIG], [pkg-config]) fi if test -n "$PKG_CONFIG"; then _pkg_min_version=m4_default([$1], [0.9.0]) AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version]) if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) PKG_CONFIG="" fi fi[]dnl ])dnl PKG_PROG_PKG_CONFIG dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl ------------------------------------------------------------------- dnl Since: 0.18 dnl dnl Check to see whether a particular set of modules exists. Similar to dnl PKG_CHECK_MODULES(), but does not set variables or print errors. dnl dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG]) dnl only at the first occurence in configure.ac, so if the first place dnl it's called might be skipped (such as if it is within an "if", you dnl have to call PKG_CHECK_EXISTS manually AC_DEFUN([PKG_CHECK_EXISTS], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl if test -n "$PKG_CONFIG" && \ AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then m4_default([$2], [:]) m4_ifvaln([$3], [else $3])dnl fi]) dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES]) dnl --------------------------------------------- dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting dnl pkg_failed based on the result. m4_define([_PKG_CONFIG], [if test -n "$$1"; then pkg_cv_[]$1="$$1" elif test -n "$PKG_CONFIG"; then PKG_CHECK_EXISTS([$3], [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null` test "x$?" != "x0" && pkg_failed=yes ], [pkg_failed=yes]) else pkg_failed=untried fi[]dnl ])dnl _PKG_CONFIG dnl _PKG_SHORT_ERRORS_SUPPORTED dnl --------------------------- dnl Internal check to see if pkg-config supports short errors. AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED], [AC_REQUIRE([PKG_PROG_PKG_CONFIG]) if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then _pkg_short_errors_supported=yes else _pkg_short_errors_supported=no fi[]dnl ])dnl _PKG_SHORT_ERRORS_SUPPORTED dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], dnl [ACTION-IF-NOT-FOUND]) dnl -------------------------------------------------------------- dnl Since: 0.4.0 dnl dnl Note that if there is a possibility the first call to dnl PKG_CHECK_MODULES might not happen, you should be sure to include an dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac AC_DEFUN([PKG_CHECK_MODULES], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl pkg_failed=no AC_MSG_CHECKING([for $2]) _PKG_CONFIG([$1][_CFLAGS], [cflags], [$2]) _PKG_CONFIG([$1][_LIBS], [libs], [$2]) m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS and $1[]_LIBS to avoid the need to call pkg-config. See the pkg-config man page for more details.]) if test $pkg_failed = yes; then AC_MSG_RESULT([no]) _PKG_SHORT_ERRORS_SUPPORTED if test $_pkg_short_errors_supported = yes; then $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1` else $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1` fi # Put the nasty error message in config.log where it belongs echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD m4_default([$4], [AC_MSG_ERROR( [Package requirements ($2) were not met: $$1_PKG_ERRORS Consider adjusting the PKG_CONFIG_PATH environment variable if you installed software in a non-standard prefix. _PKG_TEXT])[]dnl ]) elif test $pkg_failed = untried; then AC_MSG_RESULT([no]) m4_default([$4], [AC_MSG_FAILURE( [The pkg-config script could not be found or is too old. Make sure it is in your PATH or set the PKG_CONFIG environment variable to the full path to pkg-config. _PKG_TEXT To get pkg-config, see .])[]dnl ]) else $1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS $1[]_LIBS=$pkg_cv_[]$1[]_LIBS AC_MSG_RESULT([yes]) $3 fi[]dnl ])dnl PKG_CHECK_MODULES dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND], dnl [ACTION-IF-NOT-FOUND]) dnl --------------------------------------------------------------------- dnl Since: 0.29 dnl dnl Checks for existence of MODULES and gathers its build flags with dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags dnl and VARIABLE-PREFIX_LIBS from --libs. dnl dnl Note that if there is a possibility the first call to dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to dnl include an explicit call to PKG_PROG_PKG_CONFIG in your dnl configure.ac. AC_DEFUN([PKG_CHECK_MODULES_STATIC], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl _save_PKG_CONFIG=$PKG_CONFIG PKG_CONFIG="$PKG_CONFIG --static" PKG_CHECK_MODULES($@) PKG_CONFIG=$_save_PKG_CONFIG[]dnl ])dnl PKG_CHECK_MODULES_STATIC dnl PKG_INSTALLDIR([DIRECTORY]) dnl ------------------------- dnl Since: 0.27 dnl dnl Substitutes the variable pkgconfigdir as the location where a module dnl should install pkg-config .pc files. By default the directory is dnl $libdir/pkgconfig, but the default can be changed by passing dnl DIRECTORY. The user can override through the --with-pkgconfigdir dnl parameter. AC_DEFUN([PKG_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([pkgconfigdir], [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],, [with_pkgconfigdir=]pkg_default) AC_SUBST([pkgconfigdir], [$with_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ])dnl PKG_INSTALLDIR dnl PKG_NOARCH_INSTALLDIR([DIRECTORY]) dnl -------------------------------- dnl Since: 0.27 dnl dnl Substitutes the variable noarch_pkgconfigdir as the location where a dnl module should install arch-independent pkg-config .pc files. By dnl default the directory is $datadir/pkgconfig, but the default can be dnl changed by passing DIRECTORY. The user can override through the dnl --with-noarch-pkgconfigdir parameter. AC_DEFUN([PKG_NOARCH_INSTALLDIR], [m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])]) m4_pushdef([pkg_description], [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@]) AC_ARG_WITH([noarch-pkgconfigdir], [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],, [with_noarch_pkgconfigdir=]pkg_default) AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir]) m4_popdef([pkg_default]) m4_popdef([pkg_description]) ])dnl PKG_NOARCH_INSTALLDIR dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE, dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND]) dnl ------------------------------------------- dnl Since: 0.28 dnl dnl Retrieves the value of the pkg-config variable for the given module. AC_DEFUN([PKG_CHECK_VAR], [AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl _PKG_CONFIG([$1], [variable="][$3]["], [$2]) AS_VAR_COPY([$1], [pkg_cv_][$1]) AS_VAR_IF([$1], [""], [$5], [$4])dnl ])dnl PKG_CHECK_VAR # Copyright (C) 2002-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_AUTOMAKE_VERSION(VERSION) # ---------------------------- # Automake X.Y traces this macro to ensure aclocal.m4 has been # generated from the m4 files accompanying Automake X.Y. # (This private macro should not be called outside this file.) AC_DEFUN([AM_AUTOMAKE_VERSION], [am__api_version='1.16' dnl Some users find AM_AUTOMAKE_VERSION and mistake it for a way to dnl require some minimum version. Point them to the right macro. m4_if([$1], [1.16.5], [], [AC_FATAL([Do not call $0, use AM_INIT_AUTOMAKE([$1]).])])dnl ]) # _AM_AUTOCONF_VERSION(VERSION) # ----------------------------- # aclocal traces this macro to find the Autoconf version. # This is a private macro too. Using m4_define simplifies # the logic in aclocal, which can simply ignore this definition. m4_define([_AM_AUTOCONF_VERSION], []) # AM_SET_CURRENT_AUTOMAKE_VERSION # ------------------------------- # Call AM_AUTOMAKE_VERSION and AM_AUTOMAKE_VERSION so they can be traced. # This function is AC_REQUIREd by AM_INIT_AUTOMAKE. AC_DEFUN([AM_SET_CURRENT_AUTOMAKE_VERSION], [AM_AUTOMAKE_VERSION([1.16.5])dnl m4_ifndef([AC_AUTOCONF_VERSION], [m4_copy([m4_PACKAGE_VERSION], [AC_AUTOCONF_VERSION])])dnl _AM_AUTOCONF_VERSION(m4_defn([AC_AUTOCONF_VERSION]))]) # AM_AUX_DIR_EXPAND -*- Autoconf -*- # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # For projects using AC_CONFIG_AUX_DIR([foo]), Autoconf sets # $ac_aux_dir to '$srcdir/foo'. In other projects, it is set to # '$srcdir', '$srcdir/..', or '$srcdir/../..'. # # Of course, Automake must honor this variable whenever it calls a # tool from the auxiliary directory. The problem is that $srcdir (and # therefore $ac_aux_dir as well) can be either absolute or relative, # depending on how configure is run. This is pretty annoying, since # it makes $ac_aux_dir quite unusable in subdirectories: in the top # source directory, any form will work fine, but in subdirectories a # relative path needs to be adjusted first. # # $ac_aux_dir/missing # fails when called from a subdirectory if $ac_aux_dir is relative # $top_srcdir/$ac_aux_dir/missing # fails if $ac_aux_dir is absolute, # fails when called from a subdirectory in a VPATH build with # a relative $ac_aux_dir # # The reason of the latter failure is that $top_srcdir and $ac_aux_dir # are both prefixed by $srcdir. In an in-source build this is usually # harmless because $srcdir is '.', but things will broke when you # start a VPATH build or use an absolute $srcdir. # # So we could use something similar to $top_srcdir/$ac_aux_dir/missing, # iff we strip the leading $srcdir from $ac_aux_dir. That would be: # am_aux_dir='\$(top_srcdir)/'`expr "$ac_aux_dir" : "$srcdir//*\(.*\)"` # and then we would define $MISSING as # MISSING="\${SHELL} $am_aux_dir/missing" # This will work as long as MISSING is not called from configure, because # unfortunately $(top_srcdir) has no meaning in configure. # However there are other variables, like CC, which are often used in # configure, and could therefore not use this "fixed" $ac_aux_dir. # # Another solution, used here, is to always expand $ac_aux_dir to an # absolute PATH. The drawback is that using absolute paths prevent a # configured tree to be moved without reconfiguration. AC_DEFUN([AM_AUX_DIR_EXPAND], [AC_REQUIRE([AC_CONFIG_AUX_DIR_DEFAULT])dnl # Expand $ac_aux_dir to an absolute path. am_aux_dir=`cd "$ac_aux_dir" && pwd` ]) # AM_COND_IF -*- Autoconf -*- # Copyright (C) 2008-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_COND_IF # _AM_COND_ELSE # _AM_COND_ENDIF # -------------- # These macros are only used for tracing. m4_define([_AM_COND_IF]) m4_define([_AM_COND_ELSE]) m4_define([_AM_COND_ENDIF]) # AM_COND_IF(COND, [IF-TRUE], [IF-FALSE]) # --------------------------------------- # If the shell condition COND is true, execute IF-TRUE, otherwise execute # IF-FALSE. Allow automake to learn about conditional instantiating macros # (the AC_CONFIG_FOOS). AC_DEFUN([AM_COND_IF], [m4_ifndef([_AM_COND_VALUE_$1], [m4_fatal([$0: no such condition "$1"])])dnl _AM_COND_IF([$1])dnl if test -z "$$1_TRUE"; then : m4_n([$2])[]dnl m4_ifval([$3], [_AM_COND_ELSE([$1])dnl else $3 ])dnl _AM_COND_ENDIF([$1])dnl fi[]dnl ]) # AM_CONDITIONAL -*- Autoconf -*- # Copyright (C) 1997-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_CONDITIONAL(NAME, SHELL-CONDITION) # ------------------------------------- # Define a conditional. AC_DEFUN([AM_CONDITIONAL], [AC_PREREQ([2.52])dnl m4_if([$1], [TRUE], [AC_FATAL([$0: invalid condition: $1])], [$1], [FALSE], [AC_FATAL([$0: invalid condition: $1])])dnl AC_SUBST([$1_TRUE])dnl AC_SUBST([$1_FALSE])dnl _AM_SUBST_NOTMAKE([$1_TRUE])dnl _AM_SUBST_NOTMAKE([$1_FALSE])dnl m4_define([_AM_COND_VALUE_$1], [$2])dnl if $2; then $1_TRUE= $1_FALSE='#' else $1_TRUE='#' $1_FALSE= fi AC_CONFIG_COMMANDS_PRE( [if test -z "${$1_TRUE}" && test -z "${$1_FALSE}"; then AC_MSG_ERROR([[conditional "$1" was never defined. Usually this means the macro was only invoked conditionally.]]) fi])]) # Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # There are a few dirty hacks below to avoid letting 'AC_PROG_CC' be # written in clear, in which case automake, when reading aclocal.m4, # will think it sees a *use*, and therefore will trigger all it's # C support machinery. Also note that it means that autoscan, seeing # CC etc. in the Makefile, will ask for an AC_PROG_CC use... # _AM_DEPENDENCIES(NAME) # ---------------------- # See how the compiler implements dependency checking. # NAME is "CC", "CXX", "OBJC", "OBJCXX", "UPC", or "GJC". # We try a few techniques and use that to set a single cache variable. # # We don't AC_REQUIRE the corresponding AC_PROG_CC since the latter was # modified to invoke _AM_DEPENDENCIES(CC); we would have a circular # dependency, and given that the user is not expected to run this macro, # just rely on AC_PROG_CC. AC_DEFUN([_AM_DEPENDENCIES], [AC_REQUIRE([AM_SET_DEPDIR])dnl AC_REQUIRE([AM_OUTPUT_DEPENDENCY_COMMANDS])dnl AC_REQUIRE([AM_MAKE_INCLUDE])dnl AC_REQUIRE([AM_DEP_TRACK])dnl m4_if([$1], [CC], [depcc="$CC" am_compiler_list=], [$1], [CXX], [depcc="$CXX" am_compiler_list=], [$1], [OBJC], [depcc="$OBJC" am_compiler_list='gcc3 gcc'], [$1], [OBJCXX], [depcc="$OBJCXX" am_compiler_list='gcc3 gcc'], [$1], [UPC], [depcc="$UPC" am_compiler_list=], [$1], [GCJ], [depcc="$GCJ" am_compiler_list='gcc3 gcc'], [depcc="$$1" am_compiler_list=]) AC_CACHE_CHECK([dependency style of $depcc], [am_cv_$1_dependencies_compiler_type], [if test -z "$AMDEP_TRUE" && test -f "$am_depcomp"; then # We make a subdir and do the tests there. Otherwise we can end up # making bogus files that we don't know about and never remove. For # instance it was reported that on HP-UX the gcc test will end up # making a dummy file named 'D' -- because '-MD' means "put the output # in D". rm -rf conftest.dir mkdir conftest.dir # Copy depcomp to subdir because otherwise we won't find it if we're # using a relative directory. cp "$am_depcomp" conftest.dir cd conftest.dir # We will build objects and dependencies in a subdirectory because # it helps to detect inapplicable dependency modes. For instance # both Tru64's cc and ICC support -MD to output dependencies as a # side effect of compilation, but ICC will put the dependencies in # the current directory while Tru64 will put them in the object # directory. mkdir sub am_cv_$1_dependencies_compiler_type=none if test "$am_compiler_list" = ""; then am_compiler_list=`sed -n ['s/^#*\([a-zA-Z0-9]*\))$/\1/p'] < ./depcomp` fi am__universal=false m4_case([$1], [CC], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac], [CXX], [case " $depcc " in #( *\ -arch\ *\ -arch\ *) am__universal=true ;; esac]) for depmode in $am_compiler_list; do # Setup a source with many dependencies, because some compilers # like to wrap large dependency lists on column 80 (with \), and # we should not choose a depcomp mode which is confused by this. # # We need to recreate these files for each test, as the compiler may # overwrite some of them when testing with obscure command lines. # This happens at least with the AIX C compiler. : > sub/conftest.c for i in 1 2 3 4 5 6; do echo '#include "conftst'$i'.h"' >> sub/conftest.c # Using ": > sub/conftst$i.h" creates only sub/conftst1.h with # Solaris 10 /bin/sh. echo '/* dummy */' > sub/conftst$i.h done echo "${am__include} ${am__quote}sub/conftest.Po${am__quote}" > confmf # We check with '-c' and '-o' for the sake of the "dashmstdout" # mode. It turns out that the SunPro C++ compiler does not properly # handle '-M -o', and we need to detect this. Also, some Intel # versions had trouble with output in subdirs. am__obj=sub/conftest.${OBJEXT-o} am__minus_obj="-o $am__obj" case $depmode in gcc) # This depmode causes a compiler race in universal mode. test "$am__universal" = false || continue ;; nosideeffect) # After this tag, mechanisms are not by side-effect, so they'll # only be used when explicitly requested. if test "x$enable_dependency_tracking" = xyes; then continue else break fi ;; msvc7 | msvc7msys | msvisualcpp | msvcmsys) # This compiler won't grok '-c -o', but also, the minuso test has # not run yet. These depmodes are late enough in the game, and # so weak that their functioning should not be impacted. am__obj=conftest.${OBJEXT-o} am__minus_obj= ;; none) break ;; esac if depmode=$depmode \ source=sub/conftest.c object=$am__obj \ depfile=sub/conftest.Po tmpdepfile=sub/conftest.TPo \ $SHELL ./depcomp $depcc -c $am__minus_obj sub/conftest.c \ >/dev/null 2>conftest.err && grep sub/conftst1.h sub/conftest.Po > /dev/null 2>&1 && grep sub/conftst6.h sub/conftest.Po > /dev/null 2>&1 && grep $am__obj sub/conftest.Po > /dev/null 2>&1 && ${MAKE-make} -s -f confmf > /dev/null 2>&1; then # icc doesn't choke on unknown options, it will just issue warnings # or remarks (even with -Werror). So we grep stderr for any message # that says an option was ignored or not supported. # When given -MP, icc 7.0 and 7.1 complain thusly: # icc: Command line warning: ignoring option '-M'; no argument required # The diagnosis changed in icc 8.0: # icc: Command line remark: option '-MP' not supported if (grep 'ignoring option' conftest.err || grep 'not supported' conftest.err) >/dev/null 2>&1; then :; else am_cv_$1_dependencies_compiler_type=$depmode break fi fi done cd .. rm -rf conftest.dir else am_cv_$1_dependencies_compiler_type=none fi ]) AC_SUBST([$1DEPMODE], [depmode=$am_cv_$1_dependencies_compiler_type]) AM_CONDITIONAL([am__fastdep$1], [ test "x$enable_dependency_tracking" != xno \ && test "$am_cv_$1_dependencies_compiler_type" = gcc3]) ]) # AM_SET_DEPDIR # ------------- # Choose a directory name for dependency files. # This macro is AC_REQUIREd in _AM_DEPENDENCIES. AC_DEFUN([AM_SET_DEPDIR], [AC_REQUIRE([AM_SET_LEADING_DOT])dnl AC_SUBST([DEPDIR], ["${am__leading_dot}deps"])dnl ]) # AM_DEP_TRACK # ------------ AC_DEFUN([AM_DEP_TRACK], [AC_ARG_ENABLE([dependency-tracking], [dnl AS_HELP_STRING( [--enable-dependency-tracking], [do not reject slow dependency extractors]) AS_HELP_STRING( [--disable-dependency-tracking], [speeds up one-time build])]) if test "x$enable_dependency_tracking" != xno; then am_depcomp="$ac_aux_dir/depcomp" AMDEPBACKSLASH='\' am__nodep='_no' fi AM_CONDITIONAL([AMDEP], [test "x$enable_dependency_tracking" != xno]) AC_SUBST([AMDEPBACKSLASH])dnl _AM_SUBST_NOTMAKE([AMDEPBACKSLASH])dnl AC_SUBST([am__nodep])dnl _AM_SUBST_NOTMAKE([am__nodep])dnl ]) # Generate code to set up dependency tracking. -*- Autoconf -*- # Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_OUTPUT_DEPENDENCY_COMMANDS # ------------------------------ AC_DEFUN([_AM_OUTPUT_DEPENDENCY_COMMANDS], [{ # Older Autoconf quotes --file arguments for eval, but not when files # are listed without --file. Let's play safe and only enable the eval # if we detect the quoting. # TODO: see whether this extra hack can be removed once we start # requiring Autoconf 2.70 or later. AS_CASE([$CONFIG_FILES], [*\'*], [eval set x "$CONFIG_FILES"], [*], [set x $CONFIG_FILES]) shift # Used to flag and report bootstrapping failures. am_rc=0 for am_mf do # Strip MF so we end up with the name of the file. am_mf=`AS_ECHO(["$am_mf"]) | sed -e 's/:.*$//'` # Check whether this is an Automake generated Makefile which includes # dependency-tracking related rules and includes. # Grep'ing the whole file directly is not great: AIX grep has a line # limit of 2048, but all sed's we know have understand at least 4000. sed -n 's,^am--depfiles:.*,X,p' "$am_mf" | grep X >/dev/null 2>&1 \ || continue am_dirpart=`AS_DIRNAME(["$am_mf"])` am_filepart=`AS_BASENAME(["$am_mf"])` AM_RUN_LOG([cd "$am_dirpart" \ && sed -e '/# am--include-marker/d' "$am_filepart" \ | $MAKE -f - am--depfiles]) || am_rc=$? done if test $am_rc -ne 0; then AC_MSG_FAILURE([Something went wrong bootstrapping makefile fragments for automatic dependency tracking. If GNU make was not used, consider re-running the configure script with MAKE="gmake" (or whatever is necessary). You can also try re-running configure with the '--disable-dependency-tracking' option to at least be able to build the package (albeit without support for automatic dependency tracking).]) fi AS_UNSET([am_dirpart]) AS_UNSET([am_filepart]) AS_UNSET([am_mf]) AS_UNSET([am_rc]) rm -f conftest-deps.mk } ])# _AM_OUTPUT_DEPENDENCY_COMMANDS # AM_OUTPUT_DEPENDENCY_COMMANDS # ----------------------------- # This macro should only be invoked once -- use via AC_REQUIRE. # # This code is only required when automatic dependency tracking is enabled. # This creates each '.Po' and '.Plo' makefile fragment that we'll need in # order to bootstrap the dependency handling code. AC_DEFUN([AM_OUTPUT_DEPENDENCY_COMMANDS], [AC_CONFIG_COMMANDS([depfiles], [test x"$AMDEP_TRUE" != x"" || _AM_OUTPUT_DEPENDENCY_COMMANDS], [AMDEP_TRUE="$AMDEP_TRUE" MAKE="${MAKE-make}"])]) # Do all the work for Automake. -*- Autoconf -*- # Copyright (C) 1996-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This macro actually does too much. Some checks are only needed if # your package does certain things. But this isn't really a big deal. dnl Redefine AC_PROG_CC to automatically invoke _AM_PROG_CC_C_O. m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC]) [_AM_PROG_CC_C_O ]) # AM_INIT_AUTOMAKE(PACKAGE, VERSION, [NO-DEFINE]) # AM_INIT_AUTOMAKE([OPTIONS]) # ----------------------------------------------- # The call with PACKAGE and VERSION arguments is the old style # call (pre autoconf-2.50), which is being phased out. PACKAGE # and VERSION should now be passed to AC_INIT and removed from # the call to AM_INIT_AUTOMAKE. # We support both call styles for the transition. After # the next Automake release, Autoconf can make the AC_INIT # arguments mandatory, and then we can depend on a new Autoconf # release and drop the old call support. AC_DEFUN([AM_INIT_AUTOMAKE], [AC_PREREQ([2.65])dnl m4_ifdef([_$0_ALREADY_INIT], [m4_fatal([$0 expanded multiple times ]m4_defn([_$0_ALREADY_INIT]))], [m4_define([_$0_ALREADY_INIT], m4_expansion_stack)])dnl dnl Autoconf wants to disallow AM_ names. We explicitly allow dnl the ones we care about. m4_pattern_allow([^AM_[A-Z]+FLAGS$])dnl AC_REQUIRE([AM_SET_CURRENT_AUTOMAKE_VERSION])dnl AC_REQUIRE([AC_PROG_INSTALL])dnl if test "`cd $srcdir && pwd`" != "`pwd`"; then # Use -I$(srcdir) only when $(srcdir) != ., so that make's output # is not polluted with repeated "-I." AC_SUBST([am__isrc], [' -I$(srcdir)'])_AM_SUBST_NOTMAKE([am__isrc])dnl # test to see if srcdir already configured if test -f $srcdir/config.status; then AC_MSG_ERROR([source directory already configured; run "make distclean" there first]) fi fi # test whether we have cygpath if test -z "$CYGPATH_W"; then if (cygpath --version) >/dev/null 2>/dev/null; then CYGPATH_W='cygpath -w' else CYGPATH_W=echo fi fi AC_SUBST([CYGPATH_W]) # Define the identity of the package. dnl Distinguish between old-style and new-style calls. m4_ifval([$2], [AC_DIAGNOSE([obsolete], [$0: two- and three-arguments forms are deprecated.]) m4_ifval([$3], [_AM_SET_OPTION([no-define])])dnl AC_SUBST([PACKAGE], [$1])dnl AC_SUBST([VERSION], [$2])], [_AM_SET_OPTIONS([$1])dnl dnl Diagnose old-style AC_INIT with new-style AM_AUTOMAKE_INIT. m4_if( m4_ifset([AC_PACKAGE_NAME], [ok]):m4_ifset([AC_PACKAGE_VERSION], [ok]), [ok:ok],, [m4_fatal([AC_INIT should be called with package and version arguments])])dnl AC_SUBST([PACKAGE], ['AC_PACKAGE_TARNAME'])dnl AC_SUBST([VERSION], ['AC_PACKAGE_VERSION'])])dnl _AM_IF_OPTION([no-define],, [AC_DEFINE_UNQUOTED([PACKAGE], ["$PACKAGE"], [Name of package]) AC_DEFINE_UNQUOTED([VERSION], ["$VERSION"], [Version number of package])])dnl # Some tools Automake needs. AC_REQUIRE([AM_SANITY_CHECK])dnl AC_REQUIRE([AC_ARG_PROGRAM])dnl AM_MISSING_PROG([ACLOCAL], [aclocal-${am__api_version}]) AM_MISSING_PROG([AUTOCONF], [autoconf]) AM_MISSING_PROG([AUTOMAKE], [automake-${am__api_version}]) AM_MISSING_PROG([AUTOHEADER], [autoheader]) AM_MISSING_PROG([MAKEINFO], [makeinfo]) AC_REQUIRE([AM_PROG_INSTALL_SH])dnl AC_REQUIRE([AM_PROG_INSTALL_STRIP])dnl AC_REQUIRE([AC_PROG_MKDIR_P])dnl # For better backward compatibility. To be removed once Automake 1.9.x # dies out for good. For more background, see: # # AC_SUBST([mkdir_p], ['$(MKDIR_P)']) # We need awk for the "check" target (and possibly the TAP driver). The # system "awk" is bad on some platforms. AC_REQUIRE([AC_PROG_AWK])dnl AC_REQUIRE([AC_PROG_MAKE_SET])dnl AC_REQUIRE([AM_SET_LEADING_DOT])dnl _AM_IF_OPTION([tar-ustar], [_AM_PROG_TAR([ustar])], [_AM_IF_OPTION([tar-pax], [_AM_PROG_TAR([pax])], [_AM_PROG_TAR([v7])])]) _AM_IF_OPTION([no-dependencies],, [AC_PROVIDE_IFELSE([AC_PROG_CC], [_AM_DEPENDENCIES([CC])], [m4_define([AC_PROG_CC], m4_defn([AC_PROG_CC])[_AM_DEPENDENCIES([CC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_CXX], [_AM_DEPENDENCIES([CXX])], [m4_define([AC_PROG_CXX], m4_defn([AC_PROG_CXX])[_AM_DEPENDENCIES([CXX])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJC], [_AM_DEPENDENCIES([OBJC])], [m4_define([AC_PROG_OBJC], m4_defn([AC_PROG_OBJC])[_AM_DEPENDENCIES([OBJC])])])dnl AC_PROVIDE_IFELSE([AC_PROG_OBJCXX], [_AM_DEPENDENCIES([OBJCXX])], [m4_define([AC_PROG_OBJCXX], m4_defn([AC_PROG_OBJCXX])[_AM_DEPENDENCIES([OBJCXX])])])dnl ]) # Variables for tags utilities; see am/tags.am if test -z "$CTAGS"; then CTAGS=ctags fi AC_SUBST([CTAGS]) if test -z "$ETAGS"; then ETAGS=etags fi AC_SUBST([ETAGS]) if test -z "$CSCOPE"; then CSCOPE=cscope fi AC_SUBST([CSCOPE]) AC_REQUIRE([AM_SILENT_RULES])dnl dnl The testsuite driver may need to know about EXEEXT, so add the dnl 'am__EXEEXT' conditional if _AM_COMPILER_EXEEXT was seen. This dnl macro is hooked onto _AC_COMPILER_EXEEXT early, see below. AC_CONFIG_COMMANDS_PRE(dnl [m4_provide_if([_AM_COMPILER_EXEEXT], [AM_CONDITIONAL([am__EXEEXT], [test -n "$EXEEXT"])])])dnl # POSIX will say in a future version that running "rm -f" with no argument # is OK; and we want to be able to make that assumption in our Makefile # recipes. So use an aggressive probe to check that the usage we want is # actually supported "in the wild" to an acceptable degree. # See automake bug#10828. # To make any issue more visible, cause the running configure to be aborted # by default if the 'rm' program in use doesn't match our expectations; the # user can still override this though. if rm -f && rm -fr && rm -rf; then : OK; else cat >&2 <<'END' Oops! Your 'rm' program seems unable to run without file operands specified on the command line, even when the '-f' option is present. This is contrary to the behaviour of most rm programs out there, and not conforming with the upcoming POSIX standard: Please tell bug-automake@gnu.org about your system, including the value of your $PATH and any error possibly output before this message. This can help us improve future automake versions. END if test x"$ACCEPT_INFERIOR_RM_PROGRAM" = x"yes"; then echo 'Configuration will proceed anyway, since you have set the' >&2 echo 'ACCEPT_INFERIOR_RM_PROGRAM variable to "yes"' >&2 echo >&2 else cat >&2 <<'END' Aborting the configuration process, to ensure you take notice of the issue. You can download and install GNU coreutils to get an 'rm' implementation that behaves properly: . If you want to complete the configuration process using your problematic 'rm' anyway, export the environment variable ACCEPT_INFERIOR_RM_PROGRAM to "yes", and re-run configure. END AC_MSG_ERROR([Your 'rm' program is bad, sorry.]) fi fi dnl The trailing newline in this macro's definition is deliberate, for dnl backward compatibility and to allow trailing 'dnl'-style comments dnl after the AM_INIT_AUTOMAKE invocation. See automake bug#16841. ]) dnl Hook into '_AC_COMPILER_EXEEXT' early to learn its expansion. Do not dnl add the conditional right here, as _AC_COMPILER_EXEEXT may be further dnl mangled by Autoconf and run in a shell conditional statement. m4_define([_AC_COMPILER_EXEEXT], m4_defn([_AC_COMPILER_EXEEXT])[m4_provide([_AM_COMPILER_EXEEXT])]) # When config.status generates a header, we must update the stamp-h file. # This file resides in the same directory as the config header # that is generated. The stamp files are numbered to have different names. # Autoconf calls _AC_AM_CONFIG_HEADER_HOOK (when defined) in the # loop where config.status creates the headers, so we can generate # our stamp files there. AC_DEFUN([_AC_AM_CONFIG_HEADER_HOOK], [# Compute $1's index in $config_headers. _am_arg=$1 _am_stamp_count=1 for _am_header in $config_headers :; do case $_am_header in $_am_arg | $_am_arg:* ) break ;; * ) _am_stamp_count=`expr $_am_stamp_count + 1` ;; esac done echo "timestamp for $_am_arg" >`AS_DIRNAME(["$_am_arg"])`/stamp-h[]$_am_stamp_count]) # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_SH # ------------------ # Define $install_sh. AC_DEFUN([AM_PROG_INSTALL_SH], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl if test x"${install_sh+set}" != xset; then case $am_aux_dir in *\ * | *\ *) install_sh="\${SHELL} '$am_aux_dir/install-sh'" ;; *) install_sh="\${SHELL} $am_aux_dir/install-sh" esac fi AC_SUBST([install_sh])]) # Copyright (C) 2003-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # Check whether the underlying file-system supports filenames # with a leading dot. For instance MS-DOS doesn't. AC_DEFUN([AM_SET_LEADING_DOT], [rm -rf .tst 2>/dev/null mkdir .tst 2>/dev/null if test -d .tst; then am__leading_dot=. else am__leading_dot=_ fi rmdir .tst 2>/dev/null AC_SUBST([am__leading_dot])]) # Check to see how 'make' treats includes. -*- Autoconf -*- # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MAKE_INCLUDE() # ----------------- # Check whether make has an 'include' directive that can support all # the idioms we need for our automatic dependency tracking code. AC_DEFUN([AM_MAKE_INCLUDE], [AC_MSG_CHECKING([whether ${MAKE-make} supports the include directive]) cat > confinc.mk << 'END' am__doit: @echo this is the am__doit target >confinc.out .PHONY: am__doit END am__include="#" am__quote= # BSD make does it like this. echo '.include "confinc.mk" # ignored' > confmf.BSD # Other make implementations (GNU, Solaris 10, AIX) do it like this. echo 'include confinc.mk # ignored' > confmf.GNU _am_result=no for s in GNU BSD; do AM_RUN_LOG([${MAKE-make} -f confmf.$s && cat confinc.out]) AS_CASE([$?:`cat confinc.out 2>/dev/null`], ['0:this is the am__doit target'], [AS_CASE([$s], [BSD], [am__include='.include' am__quote='"'], [am__include='include' am__quote=''])]) if test "$am__include" != "#"; then _am_result="yes ($s style)" break fi done rm -f confinc.* confmf.* AC_MSG_RESULT([${_am_result}]) AC_SUBST([am__include])]) AC_SUBST([am__quote])]) # Fake the existence of programs that GNU maintainers use. -*- Autoconf -*- # Copyright (C) 1997-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_MISSING_PROG(NAME, PROGRAM) # ------------------------------ AC_DEFUN([AM_MISSING_PROG], [AC_REQUIRE([AM_MISSING_HAS_RUN]) $1=${$1-"${am_missing_run}$2"} AC_SUBST($1)]) # AM_MISSING_HAS_RUN # ------------------ # Define MISSING if not defined so far and test if it is modern enough. # If it is, set am_missing_run to use it, otherwise, to nothing. AC_DEFUN([AM_MISSING_HAS_RUN], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([missing])dnl if test x"${MISSING+set}" != xset; then MISSING="\${SHELL} '$am_aux_dir/missing'" fi # Use eval to expand $SHELL if eval "$MISSING --is-lightweight"; then am_missing_run="$MISSING " else am_missing_run= AC_MSG_WARN(['missing' script is too old or missing]) fi ]) # Helper functions for option handling. -*- Autoconf -*- # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_MANGLE_OPTION(NAME) # ----------------------- AC_DEFUN([_AM_MANGLE_OPTION], [[_AM_OPTION_]m4_bpatsubst($1, [[^a-zA-Z0-9_]], [_])]) # _AM_SET_OPTION(NAME) # -------------------- # Set option NAME. Presently that only means defining a flag for this option. AC_DEFUN([_AM_SET_OPTION], [m4_define(_AM_MANGLE_OPTION([$1]), [1])]) # _AM_SET_OPTIONS(OPTIONS) # ------------------------ # OPTIONS is a space-separated list of Automake options. AC_DEFUN([_AM_SET_OPTIONS], [m4_foreach_w([_AM_Option], [$1], [_AM_SET_OPTION(_AM_Option)])]) # _AM_IF_OPTION(OPTION, IF-SET, [IF-NOT-SET]) # ------------------------------------------- # Execute IF-SET if OPTION is set, IF-NOT-SET otherwise. AC_DEFUN([_AM_IF_OPTION], [m4_ifset(_AM_MANGLE_OPTION([$1]), [$2], [$3])]) # Copyright (C) 1999-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_CC_C_O # --------------- # Like AC_PROG_CC_C_O, but changed for automake. We rewrite AC_PROG_CC # to automatically call this. AC_DEFUN([_AM_PROG_CC_C_O], [AC_REQUIRE([AM_AUX_DIR_EXPAND])dnl AC_REQUIRE_AUX_FILE([compile])dnl AC_LANG_PUSH([C])dnl AC_CACHE_CHECK( [whether $CC understands -c and -o together], [am_cv_prog_cc_c_o], [AC_LANG_CONFTEST([AC_LANG_PROGRAM([])]) # Make sure it works both with $CC and with simple cc. # Following AC_PROG_CC_C_O, we do the test twice because some # compilers refuse to overwrite an existing .o file with -o, # though they will create one. am_cv_prog_cc_c_o=yes for am_i in 1 2; do if AM_RUN_LOG([$CC -c conftest.$ac_ext -o conftest2.$ac_objext]) \ && test -f conftest2.$ac_objext; then : OK else am_cv_prog_cc_c_o=no break fi done rm -f core conftest* unset am_i]) if test "$am_cv_prog_cc_c_o" != yes; then # Losing compiler, so override with the script. # FIXME: It is wrong to rewrite CC. # But if we don't then we get into trouble of one sort or another. # A longer-term fix would be to have automake use am__CC in this case, # and then we could set am__CC="\$(top_srcdir)/compile \$(CC)" CC="$am_aux_dir/compile $CC" fi AC_LANG_POP([C])]) # For backward compatibility. AC_DEFUN_ONCE([AM_PROG_CC_C_O], [AC_REQUIRE([AC_PROG_CC])]) # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_RUN_LOG(COMMAND) # ------------------- # Run COMMAND, save the exit status in ac_status, and log it. # (This has been adapted from Autoconf's _AC_RUN_LOG macro.) AC_DEFUN([AM_RUN_LOG], [{ echo "$as_me:$LINENO: $1" >&AS_MESSAGE_LOG_FD ($1) >&AS_MESSAGE_LOG_FD 2>&AS_MESSAGE_LOG_FD ac_status=$? echo "$as_me:$LINENO: \$? = $ac_status" >&AS_MESSAGE_LOG_FD (exit $ac_status); }]) # Check to make sure that the build environment is sane. -*- Autoconf -*- # Copyright (C) 1996-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SANITY_CHECK # --------------- AC_DEFUN([AM_SANITY_CHECK], [AC_MSG_CHECKING([whether build environment is sane]) # Reject unsafe characters in $srcdir or the absolute working directory # name. Accept space and tab only in the latter. am_lf=' ' case `pwd` in *[[\\\"\#\$\&\'\`$am_lf]]*) AC_MSG_ERROR([unsafe absolute working directory name]);; esac case $srcdir in *[[\\\"\#\$\&\'\`$am_lf\ \ ]]*) AC_MSG_ERROR([unsafe srcdir value: '$srcdir']);; esac # Do 'set' in a subshell so we don't clobber the current shell's # arguments. Must try -L first in case configure is actually a # symlink; some systems play weird games with the mod time of symlinks # (eg FreeBSD returns the mod time of the symlink's containing # directory). if ( am_has_slept=no for am_try in 1 2; do echo "timestamp, slept: $am_has_slept" > conftest.file set X `ls -Lt "$srcdir/configure" conftest.file 2> /dev/null` if test "$[*]" = "X"; then # -L didn't work. set X `ls -t "$srcdir/configure" conftest.file` fi if test "$[*]" != "X $srcdir/configure conftest.file" \ && test "$[*]" != "X conftest.file $srcdir/configure"; then # If neither matched, then we have a broken ls. This can happen # if, for instance, CONFIG_SHELL is bash and it inherits a # broken ls alias from the environment. This has actually # happened. Such a system could not be considered "sane". AC_MSG_ERROR([ls -t appears to fail. Make sure there is not a broken alias in your environment]) fi if test "$[2]" = conftest.file || test $am_try -eq 2; then break fi # Just in case. sleep 1 am_has_slept=yes done test "$[2]" = conftest.file ) then # Ok. : else AC_MSG_ERROR([newly created file is older than distributed files! Check your system clock]) fi AC_MSG_RESULT([yes]) # If we didn't sleep, we still need to ensure time stamps of config.status and # generated files are strictly newer. am_sleep_pid= if grep 'slept: no' conftest.file >/dev/null 2>&1; then ( sleep 1 ) & am_sleep_pid=$! fi AC_CONFIG_COMMANDS_PRE( [AC_MSG_CHECKING([that generated files are newer than configure]) if test -n "$am_sleep_pid"; then # Hide warnings about reused PIDs. wait $am_sleep_pid 2>/dev/null fi AC_MSG_RESULT([done])]) rm -f conftest.file ]) # Copyright (C) 2009-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_SILENT_RULES([DEFAULT]) # -------------------------- # Enable less verbose build rules; with the default set to DEFAULT # ("yes" being less verbose, "no" or empty being verbose). AC_DEFUN([AM_SILENT_RULES], [AC_ARG_ENABLE([silent-rules], [dnl AS_HELP_STRING( [--enable-silent-rules], [less verbose build output (undo: "make V=1")]) AS_HELP_STRING( [--disable-silent-rules], [verbose build output (undo: "make V=0")])dnl ]) case $enable_silent_rules in @%:@ ((( yes) AM_DEFAULT_VERBOSITY=0;; no) AM_DEFAULT_VERBOSITY=1;; *) AM_DEFAULT_VERBOSITY=m4_if([$1], [yes], [0], [1]);; esac dnl dnl A few 'make' implementations (e.g., NonStop OS and NextStep) dnl do not support nested variable expansions. dnl See automake bug#9928 and bug#10237. am_make=${MAKE-make} AC_CACHE_CHECK([whether $am_make supports nested variables], [am_cv_make_support_nested_variables], [if AS_ECHO([['TRUE=$(BAR$(V)) BAR0=false BAR1=true V=1 am__doit: @$(TRUE) .PHONY: am__doit']]) | $am_make -f - >/dev/null 2>&1; then am_cv_make_support_nested_variables=yes else am_cv_make_support_nested_variables=no fi]) if test $am_cv_make_support_nested_variables = yes; then dnl Using '$V' instead of '$(V)' breaks IRIX make. AM_V='$(V)' AM_DEFAULT_V='$(AM_DEFAULT_VERBOSITY)' else AM_V=$AM_DEFAULT_VERBOSITY AM_DEFAULT_V=$AM_DEFAULT_VERBOSITY fi AC_SUBST([AM_V])dnl AM_SUBST_NOTMAKE([AM_V])dnl AC_SUBST([AM_DEFAULT_V])dnl AM_SUBST_NOTMAKE([AM_DEFAULT_V])dnl AC_SUBST([AM_DEFAULT_VERBOSITY])dnl AM_BACKSLASH='\' AC_SUBST([AM_BACKSLASH])dnl _AM_SUBST_NOTMAKE([AM_BACKSLASH])dnl ]) # Copyright (C) 2001-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # AM_PROG_INSTALL_STRIP # --------------------- # One issue with vendor 'install' (even GNU) is that you can't # specify the program used to strip binaries. This is especially # annoying in cross-compiling environments, where the build's strip # is unlikely to handle the host's binaries. # Fortunately install-sh will honor a STRIPPROG variable, so we # always use install-sh in "make install-strip", and initialize # STRIPPROG with the value of the STRIP variable (set by the user). AC_DEFUN([AM_PROG_INSTALL_STRIP], [AC_REQUIRE([AM_PROG_INSTALL_SH])dnl # Installed binaries are usually stripped using 'strip' when the user # run "make install-strip". However 'strip' might not be the right # tool to use in cross-compilation environments, therefore Automake # will honor the 'STRIP' environment variable to overrule this program. dnl Don't test for $cross_compiling = yes, because it might be 'maybe'. if test "$cross_compiling" != no; then AC_CHECK_TOOL([STRIP], [strip], :) fi INSTALL_STRIP_PROGRAM="\$(install_sh) -c -s" AC_SUBST([INSTALL_STRIP_PROGRAM])]) # Copyright (C) 2006-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_SUBST_NOTMAKE(VARIABLE) # --------------------------- # Prevent Automake from outputting VARIABLE = @VARIABLE@ in Makefile.in. # This macro is traced by Automake. AC_DEFUN([_AM_SUBST_NOTMAKE]) # AM_SUBST_NOTMAKE(VARIABLE) # -------------------------- # Public sister of _AM_SUBST_NOTMAKE. AC_DEFUN([AM_SUBST_NOTMAKE], [_AM_SUBST_NOTMAKE($@)]) # Check how to create a tarball. -*- Autoconf -*- # Copyright (C) 2004-2021 Free Software Foundation, Inc. # # This file is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # _AM_PROG_TAR(FORMAT) # -------------------- # Check how to create a tarball in format FORMAT. # FORMAT should be one of 'v7', 'ustar', or 'pax'. # # Substitute a variable $(am__tar) that is a command # writing to stdout a FORMAT-tarball containing the directory # $tardir. # tardir=directory && $(am__tar) > result.tar # # Substitute a variable $(am__untar) that extract such # a tarball read from stdin. # $(am__untar) < result.tar # AC_DEFUN([_AM_PROG_TAR], [# Always define AMTAR for backward compatibility. Yes, it's still used # in the wild :-( We should find a proper way to deprecate it ... AC_SUBST([AMTAR], ['$${TAR-tar}']) # We'll loop over all known methods to create a tar archive until one works. _am_tools='gnutar m4_if([$1], [ustar], [plaintar]) pax cpio none' m4_if([$1], [v7], [am__tar='$${TAR-tar} chof - "$$tardir"' am__untar='$${TAR-tar} xf -'], [m4_case([$1], [ustar], [# The POSIX 1988 'ustar' format is defined with fixed-size fields. # There is notably a 21 bits limit for the UID and the GID. In fact, # the 'pax' utility can hang on bigger UID/GID (see automake bug#8343 # and bug#13588). am_max_uid=2097151 # 2^21 - 1 am_max_gid=$am_max_uid # The $UID and $GID variables are not portable, so we need to resort # to the POSIX-mandated id(1) utility. Errors in the 'id' calls # below are definitely unexpected, so allow the users to see them # (that is, avoid stderr redirection). am_uid=`id -u || echo unknown` am_gid=`id -g || echo unknown` AC_MSG_CHECKING([whether UID '$am_uid' is supported by ustar format]) if test $am_uid -le $am_max_uid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi AC_MSG_CHECKING([whether GID '$am_gid' is supported by ustar format]) if test $am_gid -le $am_max_gid; then AC_MSG_RESULT([yes]) else AC_MSG_RESULT([no]) _am_tools=none fi], [pax], [], [m4_fatal([Unknown tar format])]) AC_MSG_CHECKING([how to create a $1 tar archive]) # Go ahead even if we have the value already cached. We do so because we # need to set the values for the 'am__tar' and 'am__untar' variables. _am_tools=${am_cv_prog_tar_$1-$_am_tools} for _am_tool in $_am_tools; do case $_am_tool in gnutar) for _am_tar in tar gnutar gtar; do AM_RUN_LOG([$_am_tar --version]) && break done am__tar="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$$tardir"' am__tar_="$_am_tar --format=m4_if([$1], [pax], [posix], [$1]) -chf - "'"$tardir"' am__untar="$_am_tar -xf -" ;; plaintar) # Must skip GNU tar: if it does not support --format= it doesn't create # ustar tarball either. (tar --version) >/dev/null 2>&1 && continue am__tar='tar chf - "$$tardir"' am__tar_='tar chf - "$tardir"' am__untar='tar xf -' ;; pax) am__tar='pax -L -x $1 -w "$$tardir"' am__tar_='pax -L -x $1 -w "$tardir"' am__untar='pax -r' ;; cpio) am__tar='find "$$tardir" -print | cpio -o -H $1 -L' am__tar_='find "$tardir" -print | cpio -o -H $1 -L' am__untar='cpio -i -H $1 -d' ;; none) am__tar=false am__tar_=false am__untar=false ;; esac # If the value was cached, stop now. We just wanted to have am__tar # and am__untar set. test -n "${am_cv_prog_tar_$1}" && break # tar/untar a dummy directory, and stop if the command works. rm -rf conftest.dir mkdir conftest.dir echo GrepMe > conftest.dir/file AM_RUN_LOG([tardir=conftest.dir && eval $am__tar_ >conftest.tar]) rm -rf conftest.dir if test -s conftest.tar; then AM_RUN_LOG([$am__untar /dev/null 2>&1 && break fi done rm -rf conftest.dir AC_CACHE_VAL([am_cv_prog_tar_$1], [am_cv_prog_tar_$1=$_am_tool]) AC_MSG_RESULT([$am_cv_prog_tar_$1])]) AC_SUBST([am__tar]) AC_SUBST([am__untar]) ]) # _AM_PROG_TAR m4_include([config/acinclude.m4]) m4_include([config/attributes.m4]) m4_include([config/ax_pthread.m4]) m4_include([config/libtool.m4]) m4_include([config/ltoptions.m4]) m4_include([config/ltsugar.m4]) m4_include([config/ltversion.m4]) m4_include([config/lt~obsolete.m4]) lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/0000755061062106075000000000000014223133717014316 500000000000000lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/Makefile.am0000644061062106075000000000013214176403775016301 00000000000000# Makefile.am EXTRA_DIST = exit.cocci \ run-coccinelle.sh \ while-true.cocci lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/while-true.cocci0000644061062106075000000000013314176403775017335 00000000000000@@ statement s; @@ - while (true) + for (;;) s @@ statement s; @@ - while (1) + for (;;) s lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/run-coccinelle.sh0000755061062106075000000000133714176403775017516 00000000000000#!/bin/bash -e top="$(git rev-parse --show-toplevel)" files="$(git ls-files ':/*.[ch]')" args= case "$1" in -i) args="$args --in-place" shift ;; esac if ! parallel -h >/dev/null; then echo 'Please install GNU parallel (package "parallel")' exit 1 fi for SCRIPT in ${@-$top/coccinelle/*.cocci} ; do echo "--x-- Processing $SCRIPT --x--" TMPFILE=$(mktemp) echo "+ spatch --sp-file $SCRIPT $args ..." parallel --halt now,fail=1 --keep-order --noswap --max-args=20 \ spatch --sp-file $SCRIPT $args ::: $files \ 2>"$TMPFILE" || cat "$TMPFILE" echo -e "--x-- Processed $SCRIPT --x--\n" done lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/Makefile.in0000644061062106075000000003377314223133707016317 00000000000000# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ # Makefile.am VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = coccinelle ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/attributes.m4 \ $(top_srcdir)/config/ax_pthread.m4 \ $(top_srcdir)/config/libtool.m4 \ $(top_srcdir)/config/ltoptions.m4 \ $(top_srcdir)/config/ltsugar.m4 \ $(top_srcdir)/config/ltversion.m4 \ $(top_srcdir)/config/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_CFLAGS = @AM_CFLAGS@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AM_LDFLAGS = @AM_LDFLAGS@ APPARMOR_CACHE_DIR = @APPARMOR_CACHE_DIR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BINDIR = @BINDIR@ CAP_LIBS = @CAP_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CSCOPE = @CSCOPE@ CTAGS = @CTAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DATADIR = @DATADIR@ DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DLOG_CFLAGS = @DLOG_CFLAGS@ DLOG_LIBS = @DLOG_LIBS@ DOCDIR = @DOCDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ HAVE_DOXYGEN = @HAVE_DOXYGEN@ INCLUDEDIR = @INCLUDEDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBDIR = @LIBDIR@ LIBEXECDIR = @LIBEXECDIR@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIBTOOL_DEPS = @LIBTOOL_DEPS@ LIBURING_LIBS = @LIBURING_LIBS@ LIPO = @LIPO@ LN_S = @LN_S@ LOCALSTATEDIR = @LOCALSTATEDIR@ LOGPATH = @LOGPATH@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ LXC_ABI = @LXC_ABI@ LXC_ABI_MAJOR = @LXC_ABI_MAJOR@ LXC_ABI_MICRO = @LXC_ABI_MICRO@ LXC_ABI_MINOR = @LXC_ABI_MINOR@ LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ LXC_DEVEL = @LXC_DEVEL@ LXC_DISTRO_SYSCONF = @LXC_DISTRO_SYSCONF@ LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJCOPY = @OBJCOPY@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_CFLAGS = @PAM_CFLAGS@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PREFIX = @PREFIX@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ RUNTIME_PATH = @RUNTIME_PATH@ SBINDIR = @SBINDIR@ SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ SECCOMP_LIBS = @SECCOMP_LIBS@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCONFDIR = @SYSCONFDIR@ SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bashcompdir = @bashcompdir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ db2xman = @db2xman@ docdir = @docdir@ docdtd = @docdtd@ dvidir = @dvidir@ exec_pamdir = @exec_pamdir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = exit.cocci \ run-coccinelle.sh \ while-true.cocci all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu coccinelle/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu coccinelle/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-am install-data install-data-am install-dvi \ install-dvi-am install-exec install-exec-am install-html \ install-html-am install-info install-info-am install-man \ install-pdf install-pdf-am install-ps install-ps-am \ install-strip installcheck installcheck-am installdirs \ maintainer-clean maintainer-clean-generic mostlyclean \ mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \ tags-am uninstall uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: lxc-5.0.0~git2209-g5a7b9ce67/coccinelle/exit.cocci0000644061062106075000000000024014176403775016220 00000000000000@@ @@ - exit(0); + exit(EXIT_SUCCESS); @@ @@ - _exit(0); + _exit(EXIT_SUCCESS); @@ @@ - exit(1); + exit(EXIT_FAILURE); @@ @@ - _exit(1); + _exit(EXIT_FAILURE); lxc-5.0.0~git2209-g5a7b9ce67/doc/0000755061062106075000000000000014223133720012755 500000000000000lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-checkconfig.sgml.in0000644061062106075000000000445014176403775017241 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-checkconfig 1 lxc-checkconfig check the current kernel for lxc support lxc-checkconfig Description lxc-checkconfig check the current kernel for lxc support Examples lxc-checkconfig check the current kernel. CONFIG can be set in the environment to an alternate location. &seealso; Author Stéphane Graber stgraber@ubuntu.com lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc.container.conf.sgml.in0000644061062106075000000036666614222071460017711 00000000000000 ]> @LXC_GENERATE_DATE@ lxc.container.conf 5 lxc.container.conf LXC container configuration file Description LXC is the well-known and heavily tested low-level Linux container runtime. It is in active development since 2008 and has proven itself in critical production environments world-wide. Some of its core contributors are the same people that helped to implement various well-known containerization features inside the Linux kernel. LXC's main focus is system containers. That is, containers which offer an environment as close as possible as the one you'd get from a VM but without the overhead that comes with running a separate kernel and simulating all the hardware. This is achieved through a combination of kernel security features such as namespaces, mandatory access control and control groups. LXC has support for unprivileged containers. Unprivileged containers are containers that are run without any privilege. This requires support for user namespaces in the kernel that the container is run on. LXC was the first runtime to support unprivileged containers after user namespaces were merged into the mainline kernel. In essence, user namespaces isolate given sets of UIDs and GIDs. This is achieved by establishing a mapping between a range of UIDs and GIDs on the host to a different (unprivileged) range of UIDs and GIDs in the container. The kernel will translate this mapping in such a way that inside the container all UIDs and GIDs appear as you would expect from the host whereas on the host these UIDs and GIDs are in fact unprivileged. For example, a process running as UID and GID 0 inside the container might appear as UID and GID 100000 on the host. The implementation and working details can be gathered from the corresponding user namespace man page. UID and GID mappings can be defined with the key. Linux containers are defined with a simple configuration file. Each option in the configuration file has the form key = value fitting in one line. The "#" character means the line is a comment. List options, like capabilities and cgroups options, can be used with no value to clear any previously defined values of that option. LXC namespaces configuration keys use single dots. This means complex configuration keys such as expose various subkeys such as , , , and others for even more fine-grained configuration. Configuration In order to ease administration of multiple related containers, it is possible to have a container configuration file cause another file to be loaded. For instance, network configuration can be defined in one common file which is included by multiple containers. Then, if the containers are moved to another host, only one file may need to be updated. Specify the file to be included. The included file must be in the same valid lxc configuration file format. Architecture Allows one to set the architecture for the container. For example, set a 32bits architecture for a container running 32bits binaries on a 64bits host. This fixes the container scripts which rely on the architecture to do some work like downloading the packages. Specify the architecture for the container. Some valid options are , , , Hostname The utsname section defines the hostname to be set for the container. That means the container can set its own hostname without changing the one from the system. That makes the hostname private for the container. specify the hostname for the container Halt signal Allows one to specify signal name or number sent to the container's init process to cleanly shutdown the container. Different init systems could use different signals to perform clean shutdown sequence. This option allows the signal to be specified in kill(1) fashion, e.g. SIGPWR, SIGRTMIN+14, SIGRTMAX-10 or plain number. The default signal is SIGPWR. specify the signal used to halt the container Reboot signal Allows one to specify signal name or number to reboot the container. This option allows signal to be specified in kill(1) fashion, e.g. SIGTERM, SIGRTMIN+14, SIGRTMAX-10 or plain number. The default signal is SIGINT. specify the signal used to reboot the container Stop signal Allows one to specify signal name or number to forcibly shutdown the container. This option allows signal to be specified in kill(1) fashion, e.g. SIGKILL, SIGRTMIN+14, SIGRTMAX-10 or plain number. The default signal is SIGKILL. specify the signal used to stop the container Init command Sets the command to use as the init system for the containers. Absolute path from container rootfs to the binary to run by default. This mostly makes sense for lxc-execute. Absolute path from container rootfs to the binary to use as init. This mostly makes sense for lxc-start. Default is /sbin/init. Init working directory Sets the absolute path inside the container as the working directory for the containers. LXC will switch to this directory before executing init. Absolute path inside the container to use as the working directory. Init ID Sets the UID/GID to use for the init system, and subsequent commands. Note that using a non-root UID when booting a system container will likely not work due to missing privileges. Setting the UID/GID is mostly useful when running application containers. Defaults to: UID(0), GID(0) UID to use for init. GID to use for init. Core Scheduling Core scheduling defines if the container payload is marked as being schedulable on the same core. Doing so will cause the kernel scheduler to ensure that tasks that are not in the same group never run simultaneously on a core. This can serve as an extra security measure to prevent the container payload from using cross hyper thread attacks. The only allowed values are 0 and 1. Set this to 1 to create a core scheduling domain for the container or 0 to not create one. If not set explicitly no core scheduling domain will be created for the container. Proc Configure proc filesystem for the container. Specify the proc file name to be set. The file names available are those listed under /proc/PID/. Example: lxc.proc.oom_score_adj = 10 Ephemeral Allows one to specify whether a container will be destroyed on shutdown. The only allowed values are 0 and 1. Set this to 1 to destroy a container on shutdown. Network The network section defines how the network is virtualized in the container. The network virtualization acts at layer two. In order to use the network virtualization, parameters must be specified to define the network interfaces of the container. Several virtual interfaces can be assigned and used in a container even if the system has only one physical network interface. may be used without a value to clear all previous network options. specify what kind of network virtualization to be used for the container. Must be specified before any other option(s) on the net device. Multiple networks can be specified by using an additional index after all keys. For example, and specify two different networks of the same type. All keys sharing the same index will be treated as belonging to the same network. For example, will belong to . Currently, the different virtualization types can be: will cause the container to share the host's network namespace. This means the host network devices are usable in the container. It also means that if both the container and host have upstart as init, 'halt' in a container (for instance) will shut down the host. Note that unprivileged containers do not work with this setting due to an inability to mount sysfs. An unsafe workaround would be to bind mount the host's sysfs. will create only the loopback interface. a virtual ethernet pair device is created with one side assigned to the container and the other side on the host. specifies the mode the veth parent will use on the host. The accepted modes are and . The mode defaults to bridge if not specified. In mode the host side is attached to a bridge specified by the option. If the bridge link is not specified, then the veth pair device will be created but not attached to any bridge. Otherwise, the bridge has to be created on the system before starting the container. lxc won't handle any configuration outside of the container. In mode static routes are created on the host for the container's IP addresses pointing to the host side veth interface. Additionally Proxy ARP and Proxy NDP entries are added on the host side veth interface for the gateway IPs defined in the container to allow the container to reach the host. By default, lxc chooses a name for the network device belonging to the outside of the container, but if you wish to handle this name yourselves, you can tell lxc to set a specific name with the option (except for unprivileged containers where this option is ignored for security reasons). Static routes can be added on the host pointing to the container using the and options. Several lines specify several routes. The route is in format x.y.z.t/m, eg. 192.168.1.0/24. In mode untagged VLAN membership can be set with the option. It accepts a special value of 'none' indicating that the container port should be removed from the bridge's default untagged VLAN. The option can be specified multiple times to set the container's bridge port membership to one or more tagged VLANs. a vlan interface is linked with the interface specified by the and assigned to the container. The vlan identifier is specified with the option . a macvlan interface is linked with the interface specified by the and assigned to the container. specifies the mode the macvlan will use to communicate between different macvlan on the same upper device. The accepted modes are , , and . In mode, the device never communicates with any other device on the same upper_dev (default). In mode, the new Virtual Ethernet Port Aggregator (VEPA) mode, it assumes that the adjacent bridge returns all frames where both source and destination are local to the macvlan port, i.e. the bridge is set up as a reflective relay. Broadcast frames coming in from the upper_dev get flooded to all macvlan interfaces in VEPA mode, local frames are not delivered locally. In mode, it provides the behavior of a simple bridge between different macvlan interfaces on the same port. Frames from one interface to another one get delivered directly and are not sent out externally. Broadcast frames get flooded to all other bridge ports and to the external interface, but when they come back from a reflective relay, we don't deliver them again. Since we know all the MAC addresses, the macvlan bridge mode does not require learning or STP like the bridge module does. In mode, all frames received by the physical interface are forwarded to the macvlan interface. Only one macvlan interface in mode is possible for one physical interface. an ipvlan interface is linked with the interface specified by the and assigned to the container. specifies the mode the ipvlan will use to communicate between different ipvlan on the same upper device. The accepted modes are , and . It defaults to mode. In mode TX processing up to L3 happens on the stack instance attached to the dependent device and packets are switched to the stack instance of the parent device for the L2 processing and routing from that instance will be used before packets are queued on the outbound device. In this mode the dependent devices will not receive nor can send multicast / broadcast traffic. In mode TX processing is very similar to the L3 mode except that iptables (conn-tracking) works in this mode and hence it is L3-symmetric (L3s). This will have slightly less performance but that shouldn't matter since you are choosing this mode over plain-L3 mode to make conn-tracking work. In mode TX processing happens on the stack instance attached to the dependent device and packets are switched and queued to the parent device to send devices out. In this mode the dependent devices will RX/TX multicast and broadcast (if applicable) as well. specifies the isolation mode. The accepted isolation values are , and . It defaults to . In isolation mode dependent devices can cross-talk among themselves apart from talking through the parent device. In isolation mode the port is set in private mode. i.e. port won't allow cross communication between dependent devices. In isolation mode the port is set in VEPA mode. i.e. port will offload switching functionality to the external entity as described in 802.1Qbg. an already existing interface specified by the is assigned to the container. Specify an action to do for the network. activates the interface. Specify the interface to be used for real network traffic. Controls whether layer 2 IP neighbour proxy entries will be added to the lxc.net.[i].link interface for the IP addresses of the container. Can be set to 0 or 1. Defaults to 0. When used with IPv4 addresses, the following sysctl values need to be set: net.ipv4.conf.[link].forwarding=1 When used with IPv6 addresses, the following sysctl values need to be set: net.ipv6.conf.[link].proxy_ndp=1 net.ipv6.conf.[link].forwarding=1 Specify the maximum transfer unit for this interface. The interface name is dynamically allocated, but if another name is needed because the configuration files being used by the container use a generic name, eg. eth0, this option will rename the interface in the container. The interface mac address is dynamically allocated by default to the virtual interface, but in some cases, this is needed to resolve a mac address conflict or to always have the same link-local ipv6 address. Any "x" in address will be replaced by random value, this allows setting hwaddr templates. Specify the ipv4 address to assign to the virtualized interface. Several lines specify several ipv4 addresses. The address is in format x.y.z.t/m, eg. 192.168.1.123/24. You can optionally specify the broadcast address after the IP address, e.g. 192.168.1.123/24 255.255.255.255. Otherwise it is automatically calculated from the IP address. Specify the ipv4 address to use as the gateway inside the container. The address is in format x.y.z.t, eg. 192.168.1.123. Can also have the special value , which means to take the primary address from the bridge interface (as specified by the option) and use that as the gateway. is only available when using the , and network types. Can also have the special value of , which means to set the default gateway as a device route. This is primarily for use with layer 3 network modes, such as IPVLAN. Specify the ipv6 address to assign to the virtualized interface. Several lines specify several ipv6 addresses. The address is in format x::y/m, eg. 2003:db8:1:0:214:1234:fe0b:3596/64 Specify the ipv6 address to use as the gateway inside the container. The address is in format x::y, eg. 2003:db8:1:0::1 Can also have the special value , which means to take the primary address from the bridge interface (as specified by the option) and use that as the gateway. is only available when using the , and network types. Can also have the special value of , which means to set the default gateway as a device route. This is primarily for use with layer 3 network modes, such as IPVLAN. Add a configuration option to specify a script to be executed after creating and configuring the network used from the host side. In addition to the information available to all hooks. The following information is provided to the script: LXC_HOOK_TYPE: the hook type. This is either 'up' or 'down'. LXC_HOOK_SECTION: the section type 'net'. LXC_NET_TYPE: the network type. This is one of the valid network types listed here (e.g. 'vlan', 'macvlan', 'ipvlan', 'veth'). LXC_NET_PARENT: the parent device on the host. This is only set for network types 'mavclan', 'veth', 'phys'. LXC_NET_PEER: the name of the peer device on the host. This is only set for 'veth' network types. Note that this information is only available when is set to 1. Whether this information is provided in the form of environment variables or as arguments to the script depends on the value of . If set to 1 then information is provided in the form of environment variables. If set to 0 information is provided as arguments to the script. Standard output from the script is logged at debug level. Standard error is not logged, but can be captured by the hook redirecting its standard error to standard output. Add a configuration option to specify a script to be executed before destroying the network used from the host side. In addition to the information available to all hooks. The following information is provided to the script: LXC_HOOK_TYPE: the hook type. This is either 'up' or 'down'. LXC_HOOK_SECTION: the section type 'net'. LXC_NET_TYPE: the network type. This is one of the valid network types listed here (e.g. 'vlan', 'macvlan', 'ipvlan', 'veth'). LXC_NET_PARENT: the parent device on the host. This is only set for network types 'mavclan', 'veth', 'phys'. LXC_NET_PEER: the name of the peer device on the host. This is only set for 'veth' network types. Note that this information is only available when is set to 1. Whether this information is provided in the form of environment variables or as arguments to the script depends on the value of . If set to 1 then information is provided in the form of environment variables. If set to 0 information is provided as arguments to the script. Standard output from the script is logged at debug level. Standard error is not logged, but can be captured by the hook redirecting its standard error to standard output. New pseudo tty instance (devpts) For stricter isolation the container can have its own private instance of the pseudo tty. If set, the container will have a new pseudo tty instance, making this private to it. The value specifies the maximum number of pseudo ttys allowed for a pty instance (this limitation is not implemented yet). Container system console If the container is configured with a root filesystem and the inittab file is setup to use the console, you may want to specify where the output of this console goes. Setting this option instructs liblxc to allocate an in-memory ringbuffer. The container's console output will be written to the ringbuffer. Note that ringbuffer must be at least as big as a standard page size. When passed a value smaller than a single page size liblxc will allocate a ringbuffer of a single page size. A page size is usually 4KB. The keyword 'auto' will cause liblxc to allocate a ringbuffer of 128KB. When manually specifying a size for the ringbuffer the value should be a power of 2 when converted to bytes. Valid size prefixes are 'KB', 'MB', 'GB'. (Note that all conversions are based on multiples of 1024. That means 'KB' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'. Additionally, the case of the suffix is ignored, i.e. 'kB', 'KB' and 'Kb' are treated equally.) Setting this option instructs liblxc to place a limit on the size of the console log file specified in . Note that size of the log file must be at least as big as a standard page size. When passed a value smaller than a single page size liblxc will set the size of log file to a single page size. A page size is usually 4KB. The keyword 'auto' will cause liblxc to place a limit of 128KB on the log file. When manually specifying a size for the log file the value should be a power of 2 when converted to bytes. Valid size prefixes are 'KB', 'MB', 'GB'. (Note that all conversions are based on multiples of 1024. That means 'KB' == 'KiB', 'MB' == 'MiB', 'GB' == 'GiB'. Additionally, the case of the suffix is ignored, i.e. 'kB', 'KB' and 'Kb' are treated equally.) If users want to mirror the console ringbuffer on disk they should set equal to . Specify a path to a file where the console output will be written. Note that in contrast to the on-disk ringbuffer logfile this file will keep growing potentially filling up the users disks if not rotated and deleted. This problem can also be avoided by using the in-memory ringbuffer options and . Whether to rotate the console logfile specified in . Users can send an API request to rotate the logfile. Note that the old logfile will have the same name as the original with the suffix ".1" appended. Users wishing to prevent the console log file from filling the disk should rotate the logfile and delete it if unneeded. This problem can also be avoided by using the in-memory ringbuffer options and . Specify a path to a device to which the console will be attached. The keyword 'none' will simply disable the console. Note, when specifying 'none' and creating a device node for the console in the container at /dev/console or bind-mounting the hosts's /dev/console into the container at /dev/console the container will have direct access to the hosts's /dev/console. This is dangerous when the container has write access to the device and should thus be used with caution. Console through the ttys This option is useful if the container is configured with a root filesystem and the inittab file is setup to launch a getty on the ttys. The option specifies the number of ttys to be available for the container. The number of gettys in the inittab file of the container should not be greater than the number of ttys specified in this option, otherwise the excess getty sessions will die and respawn indefinitely giving annoying messages on the console or in /var/log/messages. Specify the number of tty to make available to the container. Console devices location LXC consoles are provided through Unix98 PTYs created on the host and bind-mounted over the expected devices in the container. By default, they are bind-mounted over /dev/console and /dev/ttyN. This can prevent package upgrades in the guest. Therefore you can specify a directory location (under /dev under which LXC will create the files and bind-mount over them. These will then be symbolically linked to /dev/console and /dev/ttyN. A package upgrade can then succeed as it is able to remove and replace the symbolic links. Specify a directory under /dev under which to create the container console devices. Note that LXC will move any bind-mounts or device nodes for /dev/console into this directory. /dev directory By default, lxc creates a few symbolic links (fd,stdin,stdout,stderr) in the container's /dev directory but does not automatically create device node entries. This allows the container's /dev to be set up as needed in the container rootfs. If lxc.autodev is set to 1, then after mounting the container's rootfs LXC will mount a fresh tmpfs under /dev (limited to 500K by default, unless defined in lxc.autodev.tmpfs.size) and fill in a minimal set of initial devices. This is generally required when starting a container containing a "systemd" based "init" but may be optional at other times. Additional devices in the containers /dev directory may be created through the use of the hook. Set this to 0 to stop LXC from mounting and populating a minimal /dev when starting the container. Set this to define the size of the /dev tmpfs. The default value is 500000 (500K). If the parameter is used but without value, the default value is used. Mount points The mount points section specifies the different places to be mounted. These mount points will be private to the container and won't be visible by the processes running outside of the container. This is useful to mount /etc, /var or /home for examples. NOTE - LXC will generally ensure that mount targets and relative bind-mount sources are properly confined under the container root, to avoid attacks involving over-mounting host directories and files. (Symbolic links in absolute mount sources are ignored) However, if the container configuration first mounts a directory which is under the control of the container user, such as /home/joe, into the container at some path, and then mounts under path, then a TOCTTOU attack would be possible where the container user modifies a symbolic link under their home directory at just the right time. specify a file location in the fstab format, containing the mount information. The mount target location can and in most cases should be a relative path, which will become relative to the mounted container root. For instance, proc proc proc nodev,noexec,nosuid 0 0 Will mount a proc filesystem under the container's /proc, regardless of where the root filesystem comes from. This is resilient to block device backed filesystems as well as container cloning. Note that when mounting a filesystem from an image file or block device the third field (fs_vfstype) cannot be auto as with mount 8 but must be explicitly specified. Specify a mount point corresponding to a line in the fstab format. Moreover lxc supports mount propagation, such as rshared or rprivate, and adds three additional mount options. don't fail if mount does not work. or to create dir (or file) when the point will be mounted. source path is taken to be relative to the mounted container root. For instance, dev/null proc/kcore none bind,relative 0 0 Will expand dev/null to ${}/dev/null, and mount it to proc/kcore inside the container. specify which standard kernel file systems should be automatically mounted. This may dramatically simplify the configuration. The file systems are: (or ): mount /proc as read-write, but remount /proc/sys and /proc/sysrq-trigger read-only for security / container isolation purposes. : mount /proc as read-write (or ): mount /sys as read-only but with /sys/devices/virtual/net writable. : mount /sys as read-only for security / container isolation purposes. : mount /sys as read-write : Mount a tmpfs to /sys/fs/cgroup, create directories for all hierarchies to which the container is added, create subdirectories in those hierarchies with the name of the cgroup, and bind-mount the container's own cgroup into that directory. The container will be able to write to its own cgroup directory, but not the parents, since they will be remounted read-only. : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. : similar to , but everything will be mounted read-only. : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. : similar to , but everything will be mounted read-write. Note that the paths leading up to the container's own cgroup will be writable, but will not be a cgroup filesystem but just part of the tmpfs of /sys/fs/cgroup : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. (without specifier): defaults to if the container retains the CAP_SYS_ADMIN capability, otherwise. : mount a tmpfs to /sys/fs/cgroup, create directories for all hierarchies to which the container is added, bind-mount the hierarchies from the host to the container and make everything read-only except the container's own cgroup. Note that compared to , where all paths leading up to the container's own cgroup are just simple directories in the underlying tmpfs, here /sys/fs/cgroup/$hierarchy will contain the host's full cgroup hierarchy, albeit read-only outside the container's own cgroup. This may leak quite a bit of information into the container. : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. : similar to , but everything will be mounted read-only. : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. : similar to , but everything will be mounted read-write. Note that in this case, the container may escape its own cgroup. (Note also that if the container has CAP_SYS_ADMIN support and can mount the cgroup filesystem itself, it may do so anyway.) : The option will cause LXC to perform the cgroup mounts for the container under all circumstances. Otherwise it is similar to . This is mainly useful when the cgroup namespaces are enabled where LXC will normally leave mounting cgroups to the init binary of the container since it is perfectly safe to do so. (without specifier): defaults to if the container retains the CAP_SYS_ADMIN capability, otherwise. If cgroup namespaces are enabled, then any auto-mounting request will be ignored, since the container can mount the filesystems itself, and automounting can confuse the container init. Note that if automatic mounting of the cgroup filesystem is enabled, the tmpfs under /sys/fs/cgroup will always be mounted read-write (but for the and cases, the individual hierarchies, /sys/fs/cgroup/$hierarchy, will be read-only). This is in order to work around a quirk in Ubuntu's mountall 8 command that will cause containers to wait for user input at boot if /sys/fs/cgroup is mounted read-only and the container can't remount it read-write due to a lack of CAP_SYS_ADMIN. Examples: lxc.mount.auto = proc sys cgroup lxc.mount.auto = proc:rw sys:rw cgroup-full:rw Root file system The root file system of the container can be different than that of the host system. specify the root file system for the container. It can be an image file, a directory or a block device. If not specified, the container shares its root file system with the host. For directory or simple block-device backed containers, a pathname can be used. If the rootfs is backed by a nbd device, then nbd:file:1 specifies that file should be attached to a nbd device, and partition 1 should be mounted as the rootfs. nbd:file specifies that the nbd device itself should be mounted. overlayfs:/lower:/upper specifies that the rootfs should be an overlay with /upper being mounted read-write over a read-only mount of /lower. For overlay multiple /lower directories can be specified. loop:/file tells lxc to attach /file to a loop device and mount the loop device. where to recursively bind before pivoting. This is to ensure success of the pivot_root 8 syscall. Any directory suffices, the default should generally work. Specify extra mount options to use when mounting the rootfs. The format of the mount options corresponds to the format used in fstab. In addition, LXC supports the custom mount option. This option can be used to tell LXC to create an idmapped mount for the container's rootfs. This is useful when the user doesn't want to recursively chown the rootfs of the container to match the idmapping of the user namespace the container is going to use. Instead an idmapped mount can be used to handle this. The argument for can either be a path pointing to a user namespace file that LXC will open and use to idmap the rootfs or the special value "container" which will instruct LXC to use the container's user namespace to idmap the rootfs. Set this to 0 to indicate that LXC is not managing the container storage, then LXC will not modify the container storage. The default is 1. Control groups ("cgroups") The control group section contains the configuration for the different subsystem. lxc does not check the correctness of the subsystem name. This has the disadvantage of not detecting configuration errors until the container is started, but has the advantage of permitting any future subsystem. The kernel implementation of cgroups has changed significantly over the years. With Linux 4.5 support for a new cgroup filesystem was added usually referred to as "cgroup2" or "unified hierarchy". Since then the old cgroup filesystem is usually referred to as "cgroup1" or the "legacy hierarchies". Please see the cgroups manual page for a detailed explanation of the differences between the two versions. LXC distinguishes settings for the legacy and the unified hierarchy by using different configuration key prefixes. To alter settings for controllers in a legacy hierarchy the key prefix must be used and in order to alter the settings for a controller in the unified hierarchy the key must be used. Note that LXC will ignore settings on systems that only use the unified hierarchy. Conversely, it will ignore options on systems that only use legacy hierarchies. At its core a cgroup hierarchy is a way to hierarchically organize processes. Usually a cgroup hierarchy will have one or more "controllers" enabled. A "controller" in a cgroup hierarchy is usually responsible for distributing a specific type of system resource along the hierarchy. Controllers include the "pids" controller, the "cpu" controller, the "memory" controller and others. Some controllers however do not fall into the category of distributing a system resource, instead they are often referred to as "utility" controllers. One utility controller is the device controller. Instead of distributing a system resource it allows one to manage device access. In the legacy hierarchy the device controller was implemented like most other controllers as a set of files that could be written to. These files where named "devices.allow" and "devices.deny". The legacy device controller allowed the implementation of both "allowlists" and "denylists". An allowlist is a device program that by default blocks access to all devices. In order to access specific devices "allow rules" for particular devices or device classes must be specified. In contrast, a denylist is a device program that by default allows access to all devices. In order to restrict access to specific devices "deny rules" for particular devices or device classes must be specified. In the unified cgroup hierarchy the implementation of the device controller has completely changed. Instead of files to read from and write to a eBPF program of can be attached to a cgroup. Even though the kernel implementation has changed completely LXC tries to allow for the same semantics to be followed in the legacy device cgroup and the unified eBPF-based device controller. The following paragraphs explain the semantics for the unified eBPF-based device controller. As mentioned the format for specifying device rules for the unified eBPF-based device controller is the same as for the legacy cgroup device controller; only the configuration key prefix has changed. Specifically, device rules for the legacy cgroup device controller are specified via and whereas for the cgroup2 eBPF-based device controller and must be used. A denylist device rule lxc.cgroup2.devices.deny = a will cause LXC to instruct the kernel to block access to all devices by default. To grant access to devices allow device rules must be added via the key. This is referred to as a "allowlist" device program. An allowlist device rule lxc.cgroup2.devices.allow = a will cause LXC to instruct the kernel to allow access to all devices by default. To deny access to devices deny device rules must be added via key. This is referred to as a "denylist" device program. Specifying any of the aforementioned two rules will cause all previous rules to be cleared, i.e. the device list will be reset. When an allowlist program is requested, i.e. access to all devices is blocked by default, specific deny rules for individual devices or device classes are ignored. When a denylist program is requested, i.e. access to all devices is allowed by default, specific allow rules for individual devices or device classes are ignored. For example the set of rules: lxc.cgroup2.devices.deny = a lxc.cgroup2.devices.allow = c *:* m lxc.cgroup2.devices.allow = b *:* m lxc.cgroup2.devices.allow = c 1:3 rwm implements an allowlist device program, i.e. the kernel will block access to all devices not specifically allowed in this list. This particular program states that all character and block devices may be created but only /dev/null might be read or written. If we instead switch to the following set of rules: lxc.cgroup2.devices.allow = a lxc.cgroup2.devices.deny = c *:* m lxc.cgroup2.devices.deny = b *:* m lxc.cgroup2.devices.deny = c 1:3 rwm then LXC would instruct the kernel to implement a denylist, i.e. the kernel will allow access to all devices not specifically denied in this list. This particular program states that no character devices or block devices might be created and that /dev/null is not allow allowed to be read, written, or created. Now consider the same program but followed by a "global rule" which determines the type of device program (allowlist or denylist) as explained above: lxc.cgroup2.devices.allow = a lxc.cgroup2.devices.deny = c *:* m lxc.cgroup2.devices.deny = b *:* m lxc.cgroup2.devices.deny = c 1:3 rwm lxc.cgroup2.devices.allow = a The last line will cause LXC to reset the device list without changing the type of device program. If we specify: lxc.cgroup2.devices.allow = a lxc.cgroup2.devices.deny = c *:* m lxc.cgroup2.devices.deny = b *:* m lxc.cgroup2.devices.deny = c 1:3 rwm lxc.cgroup2.devices.deny = a instead then the last line will cause LXC to reset the device list and switch from an allowlist program to a denylist program. Specify the control group value to be set on a legacy cgroup hierarchy. The controller name is the literal name of the control group. The permitted names and the syntax of their values is not dictated by LXC, instead it depends on the features of the Linux kernel running at the time the container is started, eg. Specify the control group value to be set on the unified cgroup hierarchy. The controller name is the literal name of the control group. The permitted names and the syntax of their values is not dictated by LXC, instead it depends on the features of the Linux kernel running at the time the container is started, eg. specify a directory or path in which the container's cgroup will be created. For example, setting for a container named "c1" will create the container's cgroup as a sub-cgroup of "my-cgroup". For example, if the user's current cgroup "my-user" is located in the root cgroup of the cpuset controller in a cgroup v1 hierarchy this would create the cgroup "/sys/fs/cgroup/cpuset/my-user/my-cgroup/first/c1" for the container. Any missing cgroups will be created by LXC. This presupposes that the user has write access to its current cgroup. This is similar to , but must be used together with and affects only the container's cgroup path. This option is mutually exclusive with . Note that the final path the container attaches to may be extended further by the option. This is the monitor process counterpart to . On container termination the PID of the monitor process is attached to this cgroup. This path should not be a subpath of any other configured cgroup dir to ensure proper removal of other cgroup paths on container termination. Specify an additional subdirectory where the cgroup namespace will be created. With this option, the cgroup limits will be applied to the outer path specified in , which is not accessible from within the container, making it possible to better enforce limits for privileged containers in a way they cannot override them. This only works in conjunction with the and options and has otherwise no effect. Set this to 1 to instruct LXC to never escape to the root cgroup. This makes it easy for users to adhere to restrictions enforced by cgroup2 and systemd. Specifically, this makes it possible to run LXC containers as systemd services. Capabilities The capabilities can be dropped in the container if this one is run as root. Specify the capability to be dropped in the container. A single line defining several capabilities with a space separation is allowed. The format is the lower case of the capability definition without the "CAP_" prefix, eg. CAP_SYS_MODULE should be specified as sys_module. See capabilities 7 . If used with no value, lxc will clear any drop capabilities specified up to this point. Specify the capability to be kept in the container. All other capabilities will be dropped. When a special value of "none" is encountered, lxc will clear any keep capabilities specified up to this point. A value of "none" alone can be used to drop all capabilities. Namespaces A namespace can be cloned (), kept () or shared (). Specify namespaces which the container is supposed to be created with. The namespaces to create are specified as a space separated list. Each namespace must correspond to one of the standard namespace identifiers as seen in the /proc/PID/ns directory. When is not explicitly set all namespaces supported by the kernel and the current configuration will be used. To create a new mount, net and ipc namespace set . Specify namespaces which the container is supposed to inherit from the process that created it. The namespaces to keep are specified as a space separated list. Each namespace must correspond to one of the standard namespace identifiers as seen in the /proc/PID/ns directory. The is a denylist option, i.e. it is useful when enforcing that containers must keep a specific set of namespaces. To keep the network, user and ipc namespace set . Note that sharing pid namespaces will likely not work with most init systems. Note that if the container requests a new user namespace and the container wants to inherit the network namespace it needs to inherit the user namespace as well. Specify a namespace to inherit from another container or process. The suffix needs to be replaced with one of the namespaces that appear in the /proc/PID/ns directory. To inherit the namespace from another process set the to the PID of the process, e.g. . To inherit the namespace from another container set the to the name of the container, e.g. . To inherit the namespace from another container located in a different path than the standard liblxc path set the to the full path to the container, e.g. . In order to inherit namespaces the caller needs to have sufficient privilege over the process or container. Note that sharing pid namespaces between system containers will likely not work with most init systems. Note that if two processes are in different user namespaces and one process wants to inherit the other's network namespace it usually needs to inherit the user namespace as well. Note that without careful additional configuration of an LSM, sharing user+pid namespaces with a task may allow that task to escalate privileges to that of the task calling liblxc. Specify a positive or negative offset for the boottime clock. The format accepts hours (h), minutes (m), seconds (s), milliseconds (ms), microseconds (us), and nanoseconds (ns). Specify a positive or negative offset for the monotonic clock. The format accepts hours (h), minutes (m), seconds (s), milliseconds (ms), microseconds (us), and nanoseconds (ns). Resource limits The soft and hard resource limits for the container can be changed. Unprivileged containers can only lower them. Resources which are not explicitly specified will be inherited. Specify the resource limit to be set. A limit is specified as two colon separated values which are either numeric or the word 'unlimited'. A single value can be used as a shortcut to set both soft and hard limit to the same value. The permitted names the "RLIMIT_" resource names in lowercase without the "RLIMIT_" prefix, eg. RLIMIT_NOFILE should be specified as "nofile". See setrlimit 2 . If used with no value, lxc will clear the resource limit specified up to this point. A resource with no explicitly configured limitation will be inherited from the process starting up the container. Sysctl Configure kernel parameters for the container. Specify the kernel parameters to be set. The parameters available are those listed under /proc/sys/. Note that not all sysctls are namespaced. Changing Non-namespaced sysctls will cause the system-wide setting to be modified. sysctl 8 . If used with no value, lxc will clear the parameters specified up to this point. Apparmor profile If lxc was compiled and installed with apparmor support, and the host system has apparmor enabled, then the apparmor profile under which the container should be run can be specified in the container configuration. The default is lxc-container-default-cgns if the host kernel is cgroup namespace aware, or lxc-container-default otherwise. Specify the apparmor profile under which the container should be run. To specify that the container should be unconfined, use lxc.apparmor.profile = unconfined If the apparmor profile should remain unchanged (i.e. if you are nesting containers and are already confined), then use lxc.apparmor.profile = unchanged If you instruct LXC to generate the apparmor profile, then use lxc.apparmor.profile = generated Apparmor profiles are pathname based. Therefore many file restrictions require mount restrictions to be effective against a determined attacker. However, these mount restrictions are not yet implemented in the upstream kernel. Without the mount restrictions, the apparmor profiles still protect against accidental damager. If this flag is 0 (default), then the container will not be started if the kernel lacks the apparmor mount features, so that a regression after a kernel upgrade will be detected. To start the container under partial apparmor protection, set this flag to 1. If set this to 1, causes the following changes. When generated apparmor profiles are used, they will contain the necessary changes to allow creating a nested container. In addition to the usual mount points, /dev/.lxc/proc and /dev/.lxc/sys will contain procfs and sysfs mount points without the lxcfs overlays, which, if generated apparmor profiles are being used, will not be read/writable directly. A list of raw AppArmor profile lines to append to the profile. Only valid when using generated profiles. SELinux context If lxc was compiled and installed with SELinux support, and the host system has SELinux enabled, then the SELinux context under which the container should be run can be specified in the container configuration. The default is unconfined_t, which means that lxc will not attempt to change contexts. See @DATADIR@/lxc/selinux/lxc.te for an example policy and more information. Specify the SELinux context under which the container should be run or unconfined_t. For example lxc.selinux.context = system_u:system_r:lxc_t:s0:c22 Specify the SELinux context under which the container's keyring should be created. By default this the same as lxc.selinux.context, or the context lxc is executed under if lxc.selinux.context has not been set. lxc.selinux.context.keyring = system_u:system_r:lxc_t:s0:c22 Kernel Keyring The Linux Keyring facility is primarily a way for various kernel components to retain or cache security data, authentication keys, encryption keys, and other data in the kernel. By default lxc will create a new session keyring for the started application. Disable the creation of new session keyring by lxc. The started application will then inherit the current session keyring. By default, or when passing the value 1, a new keyring will be created. lxc.keyring.session = 0 Seccomp configuration A container can be started with a reduced set of available system calls by loading a seccomp profile at startup. The seccomp configuration file must begin with a version number on the first line, a policy type on the second line, followed by the configuration. Versions 1 and 2 are currently supported. In version 1, the policy is a simple allowlist. The second line therefore must read "allowlist", with the rest of the file containing one (numeric) syscall number per line. Each syscall number is allowlisted, while every unlisted number is denylisted for use in the container In version 2, the policy may be denylist or allowlist, supports per-rule and per-policy default actions, and supports per-architecture system call resolution from textual names. An example denylist policy, in which all system calls are allowed except for mknod, which will simply do nothing and return 0 (success), looks like: 2 denylist mknod errno 0 ioctl notify Specifying "errno" as action will cause LXC to register a seccomp filter that will cause a specific errno to be returned to the caller. The errno value can be specified after the "errno" action word. Specifying "notify" as action will cause LXC to register a seccomp listener and retrieve a listener file descriptor from the kernel. When a syscall is made that is registered as "notify" the kernel will generate a poll event and send a message over the file descriptor. The caller can read this message, inspect the syscalls including its arguments. Based on this information the caller is expected to send back a message informing the kernel which action to take. Until that message is sent the kernel will block the calling process. The format of the messages to read and sent is documented in seccomp itself. Specify a file containing the seccomp configuration to load before the container starts. If this flag is set to 1, then seccomp filters will be stacked regardless of whether a seccomp profile is already loaded. This allows nested containers to load their own seccomp profile. The default setting is 0. Specify a unix socket to which LXC will connect and forward seccomp events to. The path must be in the form unix:/path/to/socket or unix:@socket. The former specifies a path-bound unix domain socket while the latter specifies an abstract unix domain socket. An additional string sent along with proxied seccomp notification requests. PR_SET_NO_NEW_PRIVS With PR_SET_NO_NEW_PRIVS active execve() promises not to grant privileges to do anything that could not have been done without the execve() call (for example, rendering the set-user-ID and set-group-ID mode bits, and file capabilities non-functional). Once set, this bit cannot be unset. The setting of this bit is inherited by children created by fork() and clone(), and preserved across execve(). Note that PR_SET_NO_NEW_PRIVS is applied after the container has changed into its intended AppArmor profile or SElinux context. Specify whether the PR_SET_NO_NEW_PRIVS flag should be set for the container. Set to 1 to activate. UID mappings A container can be started in a private user namespace with user and group id mappings. For instance, you can map userid 0 in the container to userid 200000 on the host. The root user in the container will be privileged in the container, but unprivileged on the host. Normally a system container will want a range of ids, so you would map, for instance, user and group ids 0 through 20,000 in the container to the ids 200,000 through 220,000. Four values must be provided. First a character, either 'u', or 'g', to specify whether user or group ids are being mapped. Next is the first userid as seen in the user namespace of the container. Next is the userid as seen on the host. Finally, a range indicating the number of consecutive ids to map. Container hooks Container hooks are programs or scripts which can be executed at various times in a container's lifetime. When a container hook is executed, additional information is passed along. The argument can be used to determine if the following arguments are passed as command line arguments or through environment variables. The arguments are: Container name. Section (always 'lxc'). The hook type (i.e. 'clone' or 'pre-mount'). Additional arguments. In the case of the clone hook, any extra arguments passed will appear as further arguments to the hook. In the case of the stop hook, paths to filedescriptors for each of the container's namespaces along with their types are passed. The following environment variables are set: LXC_CGNS_AWARE: indicator whether the container is cgroup namespace aware. LXC_CONFIG_FILE: the path to the container configuration file. LXC_HOOK_TYPE: the hook type (e.g. 'clone', 'mount', 'pre-mount'). Note that the existence of this environment variable is conditional on the value of . If it is set to 1 then LXC_HOOK_TYPE will be set. LXC_HOOK_SECTION: the section type (e.g. 'lxc', 'net'). Note that the existence of this environment variable is conditional on the value of . If it is set to 1 then LXC_HOOK_SECTION will be set. LXC_HOOK_VERSION: the version of the hooks. This value is identical to the value of the container's config item. If it is set to 0 then old-style hooks are used. If it is set to 1 then new-style hooks are used. LXC_LOG_LEVEL: the container's log level. LXC_NAME: is the container's name. LXC_[NAMESPACE IDENTIFIER]_NS: path under /proc/PID/fd/ to a file descriptor referring to the container's namespace. For each preserved namespace type there will be a separate environment variable. These environment variables will only be set if is set to 1. LXC_ROOTFS_MOUNT: the path to the mounted root filesystem. LXC_ROOTFS_PATH: this is the lxc.rootfs.path entry for the container. Note this is likely not where the mounted rootfs is to be found, use LXC_ROOTFS_MOUNT for that. LXC_SRC_NAME: in the case of the clone hook, this is the original container's name. Standard output from the hooks is logged at debug level. Standard error is not logged, but can be captured by the hook redirecting its standard error to standard output. To pass the arguments in new style via environment variables set to 1 otherwise set to 0 to pass them as arguments. This setting affects all hooks arguments that were traditionally passed as arguments to the script. Specifically, it affects the container name, section (e.g. 'lxc', 'net') and hook type (e.g. 'clone', 'mount', 'pre-mount') arguments. If new-style hooks are used then the arguments will be available as environment variables. The container name will be set in LXC_NAME. (This is set independently of the value used for this config item.) The section will be set in LXC_HOOK_SECTION and the hook type will be set in LXC_HOOK_TYPE. It also affects how the paths to file descriptors referring to the container's namespaces are passed. If set to 1 then for each namespace a separate environment variable LXC_[NAMESPACE IDENTIFIER]_NS will be set. If set to 0 then the paths will be passed as arguments to the stop hook. A hook to be run in the host's namespace before the container ttys, consoles, or mounts are up. A hook to be run in the container's fs namespace but before the rootfs has been set up. This allows for manipulation of the rootfs, i.e. to mount an encrypted filesystem. Mounts done in this hook will not be reflected on the host (apart from mounts propagation), so they will be automatically cleaned up when the container shuts down. A hook to be run in the container's namespace after mounting has been done, but before the pivot_root. A hook to be run in the container's namespace after mounting has been done and after any mount hooks have run, but before the pivot_root, if == 1. The purpose of this hook is to assist in populating the /dev directory of the container when using the autodev option for systemd based containers. The container's /dev directory is relative to the ${} environment variable available when the hook is run. A hook to be run in the host's namespace after the container has been setup, and immediately before starting the container init. A hook to be run in the container's namespace immediately before executing the container's init. This requires the program to be available in the container. A hook to be run in the host's namespace with references to the container's namespaces after the container has been shut down. For each namespace an extra argument is passed to the hook containing the namespace's type and a filename that can be used to obtain a file descriptor to the corresponding namespace, separated by a colon. The type is the name as it would appear in the /proc/PID/ns directory. For instance for the mount namespace the argument usually looks like mnt:/proc/PID/fd/12. A hook to be run in the host's namespace after the container has been shut down. A hook to be run when the container is cloned to a new one. See lxc-clone 1 for more information. A hook to be run when the container is destroyed. Container hooks Environment Variables A number of environment variables are made available to the startup hooks to provide configuration information and assist in the functioning of the hooks. Not all variables are valid in all contexts. In particular, all paths are relative to the host system and, as such, not valid during the hook. The LXC name of the container. Useful for logging messages in common log environments. [] Host relative path to the container configuration file. This gives the container to reference the original, top level, configuration file for the container in order to locate any additional configuration information not otherwise made available. [] The path to the console output of the container if not NULL. [] [] The path to the console log output of the container if not NULL. [] The mount location to which the container is initially bound. This will be the host relative path to the container rootfs for the container instance being started and is where changes should be made for that instance. [] The host relative path to the container root which has been mounted to the rootfs.mount location. [] Only for the clone hook. Is set to the original container name. Only for the stop hook. Is set to "stop" for a container shutdown or "reboot" for a container reboot. If unset, then this version of lxc is not aware of cgroup namespaces. If set, it will be set to 1, and lxc is aware of cgroup namespaces. Note this does not guarantee that cgroup namespaces are enabled in the kernel. This is used by the lxcfs mount hook. Logging Logging can be configured on a per-container basis. By default, depending upon how the lxc package was compiled, container startup is logged only at the ERROR level, and logged to a file named after the container (with '.log' appended) either under the container path, or under @LOGPATH@. Both the default log level and the log file can be specified in the container configuration file, overriding the default behavior. Note that the configuration file entries can in turn be overridden by the command line options to lxc-start. The level at which to log. The log level is an integer in the range of 0..8 inclusive, where a lower number means more verbose debugging. In particular 0 = trace, 1 = debug, 2 = info, 3 = notice, 4 = warn, 5 = error, 6 = critical, 7 = alert, and 8 = fatal. If unspecified, the level defaults to 5 (error), so that only errors and above are logged. Note that when a script (such as either a hook script or a network interface up or down script) is called, the script's standard output is logged at level 1, debug. The file to which logging info should be written. Send logging info to syslog. It respects the log level defined in lxc.log.level. The argument should be the syslog facility to use, valid ones are: daemon, local0, local1, local2, local3, local4, local5, local5, local6, local7. Autostart The autostart options support marking which containers should be auto-started and in what order. These options may be used by LXC tools directly or by external tooling provided by the distributions. Whether the container should be auto-started. Valid values are 0 (off) and 1 (on). How long to wait (in seconds) after the container is started before starting the next one. An integer used to sort the containers when auto-starting a series of containers at once. A lower value means an earlier start. If not zero the mount namespace will be unshared from the host before initializing the container (before running any pre-start hooks). This requires the CAP_SYS_ADMIN capability at startup. Default is 0. Set the signal to be sent to the container's init when the lxc monitor exits. By default it is set to SIGKILL which will cause all container processes to be killed when the lxc monitor process dies. To ensure that containers stay alive even if lxc monitor dies set this to 0. A multi-value key (can be used multiple times) to put the container in a container group. Those groups can then be used (amongst other things) to start a series of related containers. Autostart and System Boot Each container can be part of any number of groups or no group at all. Two groups are special. One is the NULL group, i.e. the container does not belong to any group. The other group is the "onboot" group. When the system boots with the LXC service enabled, it will first attempt to boot any containers with lxc.start.auto == 1 that is a member of the "onboot" group. The startup will be in order of lxc.start.order. If an lxc.start.delay has been specified, that delay will be honored before attempting to start the next container to give the current container time to begin initialization and reduce overloading the host system. After starting the members of the "onboot" group, the LXC system will proceed to boot containers with lxc.start.auto == 1 which are not members of any group (the NULL group) and proceed as with the onboot group. Container Environment If you want to pass environment variables into the container (that is, environment variables which will be available to init and all of its descendents), you can use lxc.environment parameters to do so. Be careful that you do not pass in anything sensitive; any process in the container which doesn't have its environment scrubbed will have these variables available to it, and environment variables are always available via /proc/PID/environ. This configuration parameter can be specified multiple times; once for each environment variable you wish to configure. Specify an environment variable to pass into the container. Example: lxc.environment = APP_ENV=production lxc.environment = SYSLOG_SERVER=192.0.2.42 It is possible to inherit host environment variables by setting the name of the variable without a "=" sign. For example: lxc.environment = PATH Examples In addition to the few examples given below, you will find some other examples of configuration file in @DOCDIR@/examples Network This configuration sets up a container to use a veth pair device with one side plugged to a bridge br0 (which has been configured before on the system by the administrator). The virtual network device visible in the container is renamed to eth0. lxc.uts.name = myhostname lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = br0 lxc.net.0.name = eth0 lxc.net.0.hwaddr = 4a:49:43:49:79:bf lxc.net.0.ipv4.address = 10.2.3.5/24 10.2.3.255 lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3597 UID/GID mapping This configuration will map both user and group ids in the range 0-9999 in the container to the ids 100000-109999 on the host. lxc.idmap = u 0 100000 10000 lxc.idmap = g 0 100000 10000 Control group This configuration will setup several control groups for the application, cpuset.cpus restricts usage of the defined cpu, cpus.share prioritize the control group, devices.allow makes usable the specified devices. lxc.cgroup.cpuset.cpus = 0,1 lxc.cgroup.cpu.shares = 1234 lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c 1:3 rw lxc.cgroup.devices.allow = b 8:0 rw Complex configuration This example show a complex configuration making a complex network stack, using the control groups, setting a new hostname, mounting some locations and a changing root file system. lxc.uts.name = complex lxc.net.0.type = veth lxc.net.0.flags = up lxc.net.0.link = br0 lxc.net.0.hwaddr = 4a:49:43:49:79:bf lxc.net.0.ipv4.address = 10.2.3.5/24 10.2.3.255 lxc.net.0.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3597 lxc.net.0.ipv6.address = 2003:db8:1:0:214:5432:feab:3588 lxc.net.1.type = macvlan lxc.net.1.flags = up lxc.net.1.link = eth0 lxc.net.1.hwaddr = 4a:49:43:49:79:bd lxc.net.1.ipv4.address = 10.2.3.4/24 lxc.net.1.ipv4.address = 192.168.10.125/24 lxc.net.1.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3596 lxc.net.2.type = phys lxc.net.2.flags = up lxc.net.2.link = random0 lxc.net.2.hwaddr = 4a:49:43:49:79:ff lxc.net.2.ipv4.address = 10.2.3.6/24 lxc.net.2.ipv6.address = 2003:db8:1:0:214:1234:fe0b:3297 lxc.cgroup.cpuset.cpus = 0,1 lxc.cgroup.cpu.shares = 1234 lxc.cgroup.devices.deny = a lxc.cgroup.devices.allow = c 1:3 rw lxc.cgroup.devices.allow = b 8:0 rw lxc.mount.fstab = /etc/fstab.complex lxc.mount.entry = /lib /root/myrootfs/lib none ro,bind 0 0 lxc.rootfs.path = dir:/mnt/rootfs.complex lxc.rootfs.options = idmap=container lxc.cap.drop = sys_module mknod setuid net_raw lxc.cap.drop = mac_override See Also chroot 1 , pivot_root 8 , fstab 5 , capabilities 7 &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-top.sgml.in0000644061062106075000000001145614176403775015604 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-top 1 lxc-top monitor container statistics lxc-top --help --delay delay --sort sortby --reverse Description lxc-top displays container statistics. The output is updated every delay seconds, and is ordered according to the sortby value given. lxc-top will display as many containers as can fit in your terminal. Press 'q' to quit. Press one of the sort key letters to sort by that statistic. Pressing a sort key letter a second time reverses the sort order. Options Amount of time in seconds to delay between screen updates. The default is 3 seconds. Sort the containers by name, cpu use, or memory use. The sortby argument should be one of the letters n,c,b,m,k to sort by name, cpu use, block I/O, memory, or kernel memory use respectively. The default is 'n'. Reverse the default sort order. By default, names sort in ascending alphabetical order and values sort in descending amounts (ie. largest value first). Example lxc-top --delay 1 --sort m Display containers, updating every second, sorted by memory use. Notes For performance reasons the kernel does not account kernel memory use unless a kernel memory limit is set. If a limit is not set, lxc-top will display kernel memory use as 0. If no containers are being accounted, the KMem column will not be displayed. A limit can be set by specifying lxc.cgroup.memory.kmem.limit_in_bytes = number in your container configuration file, see lxc.conf 5 . &seealso; Author Dwight Engen dwight.engen@oracle.com lxc-5.0.0~git2209-g5a7b9ce67/doc/api-extensions.md0000644061062106075000000001577314222071460016203 00000000000000# API extensions The changes below were introduced to the LXC API after the 3.0 API was finalized. They are all backward compatible and can be detected by client tools by called the `lxc_has_api_extension` function. ## lxc\_log This introduces a way to initialize a logging instance from the API for a given container. ## lxc\_config\_item\_is\_supported This introduces the `lxc_config_item_is_supported` function. It allows users to check whether their LXC instance supports a given configuration key. ## console\_log This adds support to container's console log. The console log is implemented as an efficient ringbuffer. ## reboot2 This adds `reboot2()` as a new API extension. This function properly waits until a reboot succeeded. It takes a timeout argument. When set to `> 0` `reboot2()` will block until the timeout is reached, if timeout is set to zero `reboot2()` will not block, if set to -1 `reboot2()` will block indefinitely. ## mount\_injection This adds support for injecting and removing mounts into/from a running containers. Two new API functions `mount()` and `umount()` are added. They mirror the current mount and umount API of the kernel. ## seccomp\_allow\_nesting This adds support for seccomp filters to be stacked regardless of whether a seccomp profile is already loaded. This allows nested containers to load their own seccomp profile. ## seccomp\_notify This adds "notify" as seccomp action that will cause LXC to register a seccomp listener and retrieve a listener file descriptor from the kernel. When a syscall is made that is registered as "notify" the kernel will generate a poll event and send a message over the file descriptor. The caller can read this message, inspect the syscalls including its arguments. Based on this information the caller is expected to send back a message informing the kernel which action to take. Until that message is sent the kernel will block the calling process. The format of the messages to read and sent is documented in seccomp itself. A new API function `seccomp_notify_fd()` has been added which allows callers to retrieve the notifier fd for the container's seccomp filter. ## network\_veth\_routes This introduces the `lxc.net.[i].veth.ipv4.route` and `lxc.net.[i].veth.ipv6.route` properties on `veth` type network interfaces. This allows adding static routes on host to the container's network interface. ## network\_ipvlan This introduces the `ipvlan` network type. Example usage: ``` lxc.net[i].type=ipvlan lxc.net[i].ipvlan.mode=[l3|l3s|l2] (defaults to l3) lxc.net[i].ipvlan.isolation=[bridge|private|vepa] (defaults to bridge) lxc.net[i].link=eth0 lxc.net[i].flags=up ``` ## network\_l2proxy This introduces the `lxc.net.[i].l2proxy` that can be either `0` or `1`. Defaults to `0`. This, when used with `lxc.net.[i].link`, will add IP neighbour proxy entries on the linked device for any IPv4 and IPv6 addresses on the container's network device. For IPv4 addresses it will check the following sysctl values and fail with an error if not set: ``` net.ipv4.conf.[link].forwarding=1 ``` For IPv6 addresses it will check the following sysctl values and fail with an error if not set: ``` net.ipv6.conf.[link].proxy_ndp=1 net.ipv6.conf.[link].forwarding=1 ``` ## network\_gateway\_device\_route This introduces the ability to specify `lxc.net.[i].ipv4.gateway` and/or `lxc.net.[i].ipv6.gateway` with a value of `dev` which will cause the default gateway inside the container to be created as a device route without destination gateway IP needed. This is primarily intended for use with layer 3 networking devices, such as IPVLAN. ## network\_phys\_macvlan\_mtu This introduces the ability to specify a custom MTU for `phys` and `macvlan` devices using the `lxc.net.[i].mtu` property. ## network\_veth\_router This introduces the ability to specify a `lxc.net.[i].veth.mode` setting, which takes a value of "bridge" or "router". This defaults to "bridge". In "router" mode static routes are created on the host for the container's IP addresses pointing to the host side veth interface. In addition to the routes, a static IP neighbour proxy is added to the host side veth interface for the IPv4 and IPv6 gateway IPs. ## cgroup2\_devices This enables `LXC` to make use of the new devices controller in the unified cgroup hierarchy. `LXC` will now create, load, and attach bpf program to the cgroup of the container when the controller is available. ## cgroup2 This enables `LXC` to make complete use of the unified cgroup hierarchy. With this extension it is possible to run `LXC` containers on systems that use a pure unified cgroup layout. ## init\_pidfd This adds a new API function `init_pidfd()` which allows one to retrieve a pidfd for the container's init process allowing process management interactions such as sending signals to be completely reliable and race free. ## pidfd When running on kernels that support pidfds LXC will rely on them for most operations. This makes interacting with containers not just more reliable it also makes it significantly safer and eliminates various races inherent to PID-based kernel APIs. LXC will require that the running kernel at least support `pidfd_send_signal()`, `CLONE_PIDFD`, `P_PIDFD`, and pidfd polling support. Any kernel starting with `Linux 5.4` should have full support for pidfds. ## cgroup\_advanced\_isolation Privileged containers will usually be able to override the cgroup limits given to them. This introduces three new configuration keys `lxc.cgroup.dir.monitor`, `lxc.cgroup.dir.container`, and `lxc.cgroup.dir.container.inner`. The `lxc.cgroup.dir.monitor` and `lxc.cgroup.dir.container` keys can be used to set to place the `monitor` and the `container` into different cgroups. The `lxc.cgroup.dir.container.inner` key can be set to a cgroup that is concatenated with `lxc.cgroup.dir.container`. When `lxc.cgroup.dir.container.inner` is set the container will be placed into the `lxc.cgroup.dir.container.inner` cgroup but the limits will be set in the `lxc.cgroup.dir.container` cgroup. This way privileged containers cannot escape their cgroup limits. ## time\_namespace This adds time namespace support to LXC. ## seccomp\_allow\_deny\_syntax This adds the ability to use "denylist" and "allowlist" in seccomp v2 policies. ## devpts\_fd This adds the ability to allocate a file descriptor for the devpts instance of the container. ## seccomp\_notify\_fd\_active Retrieve the seccomp notifier fd from a running container. ## seccomp\_proxy\_send\_notify\_fd Whether the seccomp notify proxy sends a long a notify fd file descriptor. ## idmapped\_mounts Whether this LXC instance can handle idmapped mounts for the rootfs. ## idmapped\_mounts\_v2 Whether this LXC instance can handle idmapped mounts for lxc.mount.entry entries. ## cgroup2\_auto_mounting This adds the new options `cgroup2`, `cgroup2:ro`, `cgroup2:force`, `cgroup2:ro:force` for the `lxc.mount.auto` configuration key. For example, if a user specifies `cgroup2:force` LXC will pre-mount a pure `cgroup2` layout for the container even if the host is running with a hybrid layout. lxc-5.0.0~git2209-g5a7b9ce67/doc/rootfs/0000755061062106075000000000000014223133720014271 500000000000000lxc-5.0.0~git2209-g5a7b9ce67/doc/rootfs/Makefile.am0000644061062106075000000000005714176403775016270 00000000000000READMEdir=@LXCROOTFSMOUNT@ README_DATA=README lxc-5.0.0~git2209-g5a7b9ce67/doc/rootfs/Makefile.in0000644061062106075000000004021014223133707016260 00000000000000# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/rootfs ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/attributes.m4 \ $(top_srcdir)/config/ax_pthread.m4 \ $(top_srcdir)/config/libtool.m4 \ $(top_srcdir)/config/ltoptions.m4 \ $(top_srcdir)/config/ltsugar.m4 \ $(top_srcdir)/config/ltversion.m4 \ $(top_srcdir)/config/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } am__installdirs = "$(DESTDIR)$(READMEdir)" DATA = $(README_DATA) am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in README DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_CFLAGS = @AM_CFLAGS@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AM_LDFLAGS = @AM_LDFLAGS@ APPARMOR_CACHE_DIR = @APPARMOR_CACHE_DIR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BINDIR = @BINDIR@ CAP_LIBS = @CAP_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CSCOPE = @CSCOPE@ CTAGS = @CTAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DATADIR = @DATADIR@ DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DLOG_CFLAGS = @DLOG_CFLAGS@ DLOG_LIBS = @DLOG_LIBS@ DOCDIR = @DOCDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ HAVE_DOXYGEN = @HAVE_DOXYGEN@ INCLUDEDIR = @INCLUDEDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBDIR = @LIBDIR@ LIBEXECDIR = @LIBEXECDIR@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIBTOOL_DEPS = @LIBTOOL_DEPS@ LIBURING_LIBS = @LIBURING_LIBS@ LIPO = @LIPO@ LN_S = @LN_S@ LOCALSTATEDIR = @LOCALSTATEDIR@ LOGPATH = @LOGPATH@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ LXC_ABI = @LXC_ABI@ LXC_ABI_MAJOR = @LXC_ABI_MAJOR@ LXC_ABI_MICRO = @LXC_ABI_MICRO@ LXC_ABI_MINOR = @LXC_ABI_MINOR@ LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ LXC_DEVEL = @LXC_DEVEL@ LXC_DISTRO_SYSCONF = @LXC_DISTRO_SYSCONF@ LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJCOPY = @OBJCOPY@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_CFLAGS = @PAM_CFLAGS@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PREFIX = @PREFIX@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ RUNTIME_PATH = @RUNTIME_PATH@ SBINDIR = @SBINDIR@ SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ SECCOMP_LIBS = @SECCOMP_LIBS@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCONFDIR = @SYSCONFDIR@ SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bashcompdir = @bashcompdir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ db2xman = @db2xman@ docdir = @docdir@ docdtd = @docdtd@ dvidir = @dvidir@ exec_pamdir = @exec_pamdir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ READMEdir = @LXCROOTFSMOUNT@ README_DATA = README all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/rootfs/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/rootfs/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-READMEDATA: $(README_DATA) @$(NORMAL_INSTALL) @list='$(README_DATA)'; test -n "$(READMEdir)" || list=; \ if test -n "$$list"; then \ echo " $(MKDIR_P) '$(DESTDIR)$(READMEdir)'"; \ $(MKDIR_P) "$(DESTDIR)$(READMEdir)" || exit 1; \ fi; \ for p in $$list; do \ if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; \ done | $(am__base_list) | \ while read files; do \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(READMEdir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(READMEdir)" || exit $$?; \ done uninstall-READMEDATA: @$(NORMAL_UNINSTALL) @list='$(README_DATA)'; test -n "$(READMEdir)" || list=; \ files=`for p in $$list; do echo $$p; done | sed -e 's|^.*/||'`; \ dir='$(DESTDIR)$(READMEdir)'; $(am__uninstall_files_from_dir) tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile $(DATA) installdirs: for dir in "$(DESTDIR)$(READMEdir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: html: html-am html-am: info: info-am info-am: install-data-am: install-READMEDATA install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: uninstall-READMEDATA .MAKE: install-am install-strip .PHONY: all all-am check check-am clean clean-generic clean-libtool \ cscopelist-am ctags-am distclean distclean-generic \ distclean-libtool distdir dvi dvi-am html html-am info info-am \ install install-READMEDATA install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-READMEDATA uninstall-am .PRECIOUS: Makefile # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: lxc-5.0.0~git2209-g5a7b9ce67/doc/rootfs/README0000644061062106075000000000027514176403775015116 00000000000000This directory must exist, even though it may be empty. It is used to temporary mount the rootfs of lxc in a private mount namespace only visible by the processes running in the container. lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-unshare.sgml.in0000644061062106075000000001446714176403775016454 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-unshare 1 lxc-unshare Run a task in a new set of namespaces. lxc-unshare -s, --namespaces namespaces -u, --user user -H, --hostname hostname -i, --ifname ifname -d, --daemon -M, --remount command Description lxc-unshare can be used to run a task in a cloned set of namespaces. This command is mainly provided for testing purposes. Despite its name, it always uses clone rather than unshare to create the new task with fresh namespaces. Apart from testing kernel regressions this should make no difference. Options Specify the namespaces to attach to, as a pipe-separated list, e.g. NETWORK|IPC. Allowed values are MOUNT, PID, UTSNAME, IPC, USER and NETWORK. This allows one to change the context of the process to e.g. the network namespace of the container while retaining the other namespaces as those of the host. (The pipe symbol needs to be escaped, e.g. MOUNT\|PID or quoted, e.g. "MOUNT|PID".) Specify a userid which the new task should become. Set the hostname in the new container. Only allowed if the UTSNAME namespace is set. Move the named interface into the container. Only allowed if the NETWORK namespace is set. You may specify this argument multiple times to move multiple interfaces into container. Daemonize (do not wait for the container to exit before exiting) Mount default filesystems (/proc /dev/shm and /dev/mqueue) in the container. Only allowed if MOUNT namespace is set. Examples To spawn a new shell with its own UTS (hostname) namespace, lxc-unshare -s UTSNAME /bin/bash If the hostname is changed in that shell, the change will not be reflected on the host. To spawn a shell in a new network, pid, and mount namespace, lxc-unshare -s "NETWORK|PID|MOUNT" /bin/bash The resulting shell will have pid 1 and will see no network interfaces. After re-mounting /proc in that shell, mount -t proc proc /proc ps output will show there are no other processes in the namespace. To spawn a shell in a new network, pid, mount, and hostname namespace. lxc-unshare -s "NETWORK|PID|MOUNT|UTSNAME" -M -H myhostname -i veth1 /bin/bash The resulting shell will have pid 1 and will see two network interfaces (lo and veth1). The hostname will be "myhostname" and /proc will have been remounted. ps output will show there are no other processes in the namespace. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/Makefile.in0000644061062106075000000011264614223133707014761 00000000000000# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ @USE_DOCBOOK2X_TRUE@am__append_1 = ja ko @ENABLE_API_DOCS_TRUE@am__append_2 = api @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@am__append_3 = lxc-attach.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-autostart.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-cgroup.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-checkconfig.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-checkpoint.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-config.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-console.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-copy.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-create.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-destroy.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-device.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-execute.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-freeze.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-info.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-ls.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-monitor.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-snapshot.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-start.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-stop.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-top.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-unfreeze.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-unshare.1 \ @ENABLE_DOCBOOK_TRUE@@ENABLE_TOOLS_TRUE@ lxc-wait.1 @ENABLE_DOCBOOK_TRUE@@ENABLE_PAM_TRUE@am__append_4 = pam_cgfs.8 @ENABLE_COMMANDS_TRUE@@ENABLE_DOCBOOK_TRUE@am__append_5 = lxc-update-config.1 \ @ENABLE_COMMANDS_TRUE@@ENABLE_DOCBOOK_TRUE@ lxc-user-nic.1 \ @ENABLE_COMMANDS_TRUE@@ENABLE_DOCBOOK_TRUE@ lxc-usernsexec.1 subdir = doc ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/attributes.m4 \ $(top_srcdir)/config/ax_pthread.m4 \ $(top_srcdir)/config/libtool.m4 \ $(top_srcdir)/config/ltoptions.m4 \ $(top_srcdir)/config/ltsugar.m4 \ $(top_srcdir)/config/ltversion.m4 \ $(top_srcdir)/config/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = lxc-attach.sgml lxc-autostart.sgml \ lxc-cgroup.sgml lxc-checkconfig.sgml lxc-checkpoint.sgml \ lxc-config.sgml lxc-console.sgml lxc-copy.sgml lxc-create.sgml \ lxc-destroy.sgml lxc-device.sgml lxc-execute.sgml \ lxc-freeze.sgml lxc-info.sgml lxc-ls.sgml lxc-monitor.sgml \ lxc-snapshot.sgml lxc-start.sgml lxc-stop.sgml lxc-top.sgml \ lxc-unfreeze.sgml lxc-unshare.sgml lxc-update-config.sgml \ lxc-user-nic.sgml lxc-usernsexec.sgml lxc-wait.sgml \ pam_cgfs.sgml lxc.conf.sgml lxc.container.conf.sgml \ lxc.system.conf.sgml lxc-usernet.sgml lxc.sgml \ common_options.sgml see_also.sgml CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \ ctags-recursive dvi-recursive html-recursive info-recursive \ install-data-recursive install-dvi-recursive \ install-exec-recursive install-html-recursive \ install-info-recursive install-pdf-recursive \ install-ps-recursive install-recursive installcheck-recursive \ installdirs-recursive pdf-recursive ps-recursive \ tags-recursive uninstall-recursive am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`; am__vpath_adj = case $$p in \ $(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \ *) f=$$p;; \ esac; am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`; am__install_max = 40 am__nobase_strip_setup = \ srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'` am__nobase_strip = \ for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||" am__nobase_list = $(am__nobase_strip_setup); \ for p in $$list; do echo "$$p $$p"; done | \ sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \ $(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \ if (++n[$$2] == $(am__install_max)) \ { print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \ END { for (dir in files) print dir, files[dir] }' am__base_list = \ sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \ sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g' am__uninstall_files_from_dir = { \ test -z "$$files" \ || { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \ || { echo " ( cd '$$dir' && rm -f" $$files ")"; \ $(am__cd) "$$dir" && rm -f $$files; }; \ } man1dir = $(mandir)/man1 am__installdirs = "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" \ "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)" man5dir = $(mandir)/man5 man7dir = $(mandir)/man7 man8dir = $(mandir)/man8 NROFF = nroff MANS = $(man_MANS) RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \ distclean-recursive maintainer-clean-recursive am__recursive_targets = \ $(RECURSIVE_TARGETS) \ $(RECURSIVE_CLEAN_TARGETS) \ $(am__extra_recursive_targets) AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \ distdir distdir-am am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) # Read a list of newline-separated strings from the standard input, # and print each of them once, without duplicates. Input order is # *not* preserved. am__uniquify_input = $(AWK) '\ BEGIN { nonempty = 0; } \ { items[$$0] = 1; nonempty = 1; } \ END { if (nonempty) { for (i in items) print i; }; } \ ' # Make sure the list of sources is unique. This is necessary because, # e.g., the same source file might be shared among _SOURCES variables # for different programs/libraries. am__define_uniq_tagged_files = \ list='$(am__tagged_files)'; \ unique=`for i in $$list; do \ if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \ done | $(am__uniquify_input)` am__DIST_COMMON = $(srcdir)/Makefile.in \ $(srcdir)/common_options.sgml.in $(srcdir)/lxc-attach.sgml.in \ $(srcdir)/lxc-autostart.sgml.in $(srcdir)/lxc-cgroup.sgml.in \ $(srcdir)/lxc-checkconfig.sgml.in \ $(srcdir)/lxc-checkpoint.sgml.in $(srcdir)/lxc-config.sgml.in \ $(srcdir)/lxc-console.sgml.in $(srcdir)/lxc-copy.sgml.in \ $(srcdir)/lxc-create.sgml.in $(srcdir)/lxc-destroy.sgml.in \ $(srcdir)/lxc-device.sgml.in $(srcdir)/lxc-execute.sgml.in \ $(srcdir)/lxc-freeze.sgml.in $(srcdir)/lxc-info.sgml.in \ $(srcdir)/lxc-ls.sgml.in $(srcdir)/lxc-monitor.sgml.in \ $(srcdir)/lxc-snapshot.sgml.in $(srcdir)/lxc-start.sgml.in \ $(srcdir)/lxc-stop.sgml.in $(srcdir)/lxc-top.sgml.in \ $(srcdir)/lxc-unfreeze.sgml.in $(srcdir)/lxc-unshare.sgml.in \ $(srcdir)/lxc-update-config.sgml.in \ $(srcdir)/lxc-user-nic.sgml.in $(srcdir)/lxc-usernet.sgml.in \ $(srcdir)/lxc-usernsexec.sgml.in $(srcdir)/lxc-wait.sgml.in \ $(srcdir)/lxc.conf.sgml.in \ $(srcdir)/lxc.container.conf.sgml.in $(srcdir)/lxc.sgml.in \ $(srcdir)/lxc.system.conf.sgml.in $(srcdir)/pam_cgfs.sgml.in \ $(srcdir)/see_also.sgml.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) am__relativize = \ dir0=`pwd`; \ sed_first='s,^\([^/]*\)/.*$$,\1,'; \ sed_rest='s,^[^/]*/*,,'; \ sed_last='s,^.*/\([^/]*\)$$,\1,'; \ sed_butlast='s,/*[^/]*$$,,'; \ while test -n "$$dir1"; do \ first=`echo "$$dir1" | sed -e "$$sed_first"`; \ if test "$$first" != "."; then \ if test "$$first" = ".."; then \ dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \ dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \ else \ first2=`echo "$$dir2" | sed -e "$$sed_first"`; \ if test "$$first2" = "$$first"; then \ dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \ else \ dir2="../$$dir2"; \ fi; \ dir0="$$dir0"/"$$first"; \ fi; \ fi; \ dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \ done; \ reldir="$$dir2" ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_CFLAGS = @AM_CFLAGS@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AM_LDFLAGS = @AM_LDFLAGS@ APPARMOR_CACHE_DIR = @APPARMOR_CACHE_DIR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BINDIR = @BINDIR@ CAP_LIBS = @CAP_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CSCOPE = @CSCOPE@ CTAGS = @CTAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DATADIR = @DATADIR@ DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DLOG_CFLAGS = @DLOG_CFLAGS@ DLOG_LIBS = @DLOG_LIBS@ DOCDIR = @DOCDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ HAVE_DOXYGEN = @HAVE_DOXYGEN@ INCLUDEDIR = @INCLUDEDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBDIR = @LIBDIR@ LIBEXECDIR = @LIBEXECDIR@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIBTOOL_DEPS = @LIBTOOL_DEPS@ LIBURING_LIBS = @LIBURING_LIBS@ LIPO = @LIPO@ LN_S = @LN_S@ LOCALSTATEDIR = @LOCALSTATEDIR@ LOGPATH = @LOGPATH@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ LXC_ABI = @LXC_ABI@ LXC_ABI_MAJOR = @LXC_ABI_MAJOR@ LXC_ABI_MICRO = @LXC_ABI_MICRO@ LXC_ABI_MINOR = @LXC_ABI_MINOR@ LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ LXC_DEVEL = @LXC_DEVEL@ LXC_DISTRO_SYSCONF = @LXC_DISTRO_SYSCONF@ LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJCOPY = @OBJCOPY@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_CFLAGS = @PAM_CFLAGS@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PREFIX = @PREFIX@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ RUNTIME_PATH = @RUNTIME_PATH@ SBINDIR = @SBINDIR@ SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ SECCOMP_LIBS = @SECCOMP_LIBS@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCONFDIR = @SYSCONFDIR@ SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bashcompdir = @bashcompdir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ db2xman = @db2xman@ docdir = @docdir@ docdtd = @docdtd@ dvidir = @dvidir@ exec_pamdir = @exec_pamdir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ SUBDIRS = examples rootfs $(am__append_1) $(am__append_2) DIST_SUBDIRS = examples rootfs ja ko api EXTRA_DIST = api-extensions.md \ lxc.container.conf \ lxc.system.conf \ FAQ.txt @ENABLE_DOCBOOK_TRUE@man_MANS = lxc.conf.5 lxc.container.conf.5 \ @ENABLE_DOCBOOK_TRUE@ lxc.system.conf.5 lxc-usernet.5 lxc.7 \ @ENABLE_DOCBOOK_TRUE@ $(am__append_3) $(am__append_4) \ @ENABLE_DOCBOOK_TRUE@ $(am__append_5) all: all-recursive .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): lxc-attach.sgml: $(top_builddir)/config.status $(srcdir)/lxc-attach.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-autostart.sgml: $(top_builddir)/config.status $(srcdir)/lxc-autostart.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-cgroup.sgml: $(top_builddir)/config.status $(srcdir)/lxc-cgroup.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-checkconfig.sgml: $(top_builddir)/config.status $(srcdir)/lxc-checkconfig.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-checkpoint.sgml: $(top_builddir)/config.status $(srcdir)/lxc-checkpoint.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-config.sgml: $(top_builddir)/config.status $(srcdir)/lxc-config.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-console.sgml: $(top_builddir)/config.status $(srcdir)/lxc-console.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-copy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-copy.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-create.sgml: $(top_builddir)/config.status $(srcdir)/lxc-create.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-destroy.sgml: $(top_builddir)/config.status $(srcdir)/lxc-destroy.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-device.sgml: $(top_builddir)/config.status $(srcdir)/lxc-device.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-execute.sgml: $(top_builddir)/config.status $(srcdir)/lxc-execute.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-freeze.sgml: $(top_builddir)/config.status $(srcdir)/lxc-freeze.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-info.sgml: $(top_builddir)/config.status $(srcdir)/lxc-info.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-ls.sgml: $(top_builddir)/config.status $(srcdir)/lxc-ls.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-monitor.sgml: $(top_builddir)/config.status $(srcdir)/lxc-monitor.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-snapshot.sgml: $(top_builddir)/config.status $(srcdir)/lxc-snapshot.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-start.sgml: $(top_builddir)/config.status $(srcdir)/lxc-start.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-stop.sgml: $(top_builddir)/config.status $(srcdir)/lxc-stop.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-top.sgml: $(top_builddir)/config.status $(srcdir)/lxc-top.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-unfreeze.sgml: $(top_builddir)/config.status $(srcdir)/lxc-unfreeze.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-unshare.sgml: $(top_builddir)/config.status $(srcdir)/lxc-unshare.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-update-config.sgml: $(top_builddir)/config.status $(srcdir)/lxc-update-config.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-user-nic.sgml: $(top_builddir)/config.status $(srcdir)/lxc-user-nic.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-usernsexec.sgml: $(top_builddir)/config.status $(srcdir)/lxc-usernsexec.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-wait.sgml: $(top_builddir)/config.status $(srcdir)/lxc-wait.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ pam_cgfs.sgml: $(top_builddir)/config.status $(srcdir)/pam_cgfs.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.conf.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc.container.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.container.conf.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc.system.conf.sgml: $(top_builddir)/config.status $(srcdir)/lxc.system.conf.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc-usernet.sgml: $(top_builddir)/config.status $(srcdir)/lxc-usernet.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ lxc.sgml: $(top_builddir)/config.status $(srcdir)/lxc.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ common_options.sgml: $(top_builddir)/config.status $(srcdir)/common_options.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ see_also.sgml: $(top_builddir)/config.status $(srcdir)/see_also.sgml.in cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs install-man1: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man1dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man1dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man1dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.1[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man1dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man1dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man1dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man1dir)" || exit $$?; }; \ done; } uninstall-man1: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man1dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.1[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^1][0-9a-z]*$$,1,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man1dir)'; $(am__uninstall_files_from_dir) install-man5: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man5dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.5[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \ done; } uninstall-man5: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man5dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.5[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir) install-man7: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man7dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.7[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \ done; } uninstall-man7: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man7dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.7[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir) install-man8: $(man_MANS) @$(NORMAL_INSTALL) @list1=''; \ list2='$(man_MANS)'; \ test -n "$(man8dir)" \ && test -n "`echo $$list1$$list2`" \ || exit 0; \ echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \ $(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \ { for i in $$list1; do echo "$$i"; done; \ if test -n "$$list2"; then \ for i in $$list2; do echo "$$i"; done \ | sed -n '/\.8[a-z]*$$/p'; \ fi; \ } | while read p; do \ if test -f $$p; then d=; else d="$(srcdir)/"; fi; \ echo "$$d$$p"; echo "$$p"; \ done | \ sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \ sed 'N;N;s,\n, ,g' | { \ list=; while read file base inst; do \ if test "$$base" = "$$inst"; then list="$$list $$file"; else \ echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \ $(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \ fi; \ done; \ for i in $$list; do echo "$$i"; done | $(am__base_list) | \ while read files; do \ test -z "$$files" || { \ echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \ $(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \ done; } uninstall-man8: @$(NORMAL_UNINSTALL) @list=''; test -n "$(man8dir)" || exit 0; \ files=`{ for i in $$list; do echo "$$i"; done; \ l2='$(man_MANS)'; for i in $$l2; do echo "$$i"; done | \ sed -n '/\.8[a-z]*$$/p'; \ } | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \ -e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \ dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir) # This directory's subdirectories are mostly independent; you can cd # into them and run 'make' without going through this Makefile. # To change the values of 'make' variables: instead of editing Makefiles, # (1) if the variable is set in 'config.status', edit 'config.status' # (which will cause the Makefiles to be regenerated when you run 'make'); # (2) otherwise, pass the desired values on the 'make' command line. $(am__recursive_targets): @fail=; \ if $(am__make_keepgoing); then \ failcom='fail=yes'; \ else \ failcom='exit 1'; \ fi; \ dot_seen=no; \ target=`echo $@ | sed s/-recursive//`; \ case "$@" in \ distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \ *) list='$(SUBDIRS)' ;; \ esac; \ for subdir in $$list; do \ echo "Making $$target in $$subdir"; \ if test "$$subdir" = "."; then \ dot_seen=yes; \ local_target="$$target-am"; \ else \ local_target="$$target"; \ fi; \ ($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \ || eval $$failcom; \ done; \ if test "$$dot_seen" = "no"; then \ $(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \ fi; test -z "$$fail" ID: $(am__tagged_files) $(am__define_uniq_tagged_files); mkid -fID $$unique tags: tags-recursive TAGS: tags tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) set x; \ here=`pwd`; \ if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \ include_option=--etags-include; \ empty_fix=.; \ else \ include_option=--include; \ empty_fix=; \ fi; \ list='$(SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ test ! -f $$subdir/TAGS || \ set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \ fi; \ done; \ $(am__define_uniq_tagged_files); \ shift; \ if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \ test -n "$$unique" || unique=$$empty_fix; \ if test $$# -gt 0; then \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ "$$@" $$unique; \ else \ $(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \ $$unique; \ fi; \ fi ctags: ctags-recursive CTAGS: ctags ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files) $(am__define_uniq_tagged_files); \ test -z "$(CTAGS_ARGS)$$unique" \ || $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \ $$unique GTAGS: here=`$(am__cd) $(top_builddir) && pwd` \ && $(am__cd) $(top_srcdir) \ && gtags -i $(GTAGS_ARGS) "$$here" cscopelist: cscopelist-recursive cscopelist-am: $(am__tagged_files) list='$(am__tagged_files)'; \ case "$(srcdir)" in \ [\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \ *) sdir=$(subdir)/$(srcdir) ;; \ esac; \ for i in $$list; do \ if test -f "$$i"; then \ echo "$(subdir)/$$i"; \ else \ echo "$$sdir/$$i"; \ fi; \ done >> $(top_builddir)/cscope.files distclean-tags: -rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done @list='$(DIST_SUBDIRS)'; for subdir in $$list; do \ if test "$$subdir" = .; then :; else \ $(am__make_dryrun) \ || test -d "$(distdir)/$$subdir" \ || $(MKDIR_P) "$(distdir)/$$subdir" \ || exit 1; \ dir1=$$subdir; dir2="$(distdir)/$$subdir"; \ $(am__relativize); \ new_distdir=$$reldir; \ dir1=$$subdir; dir2="$(top_distdir)"; \ $(am__relativize); \ new_top_distdir=$$reldir; \ echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \ echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \ ($(am__cd) $$subdir && \ $(MAKE) $(AM_MAKEFLAGS) \ top_distdir="$$new_top_distdir" \ distdir="$$new_distdir" \ am__remove_distdir=: \ am__skip_length_check=: \ am__skip_mode_fix=: \ distdir) \ || exit 1; \ fi; \ done check-am: all-am check: check-recursive all-am: Makefile $(MANS) installdirs: installdirs-recursive installdirs-am: for dir in "$(DESTDIR)$(man1dir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"; do \ test -z "$$dir" || $(MKDIR_P) "$$dir"; \ done install: install-recursive install-exec: install-exec-recursive install-data: install-data-recursive uninstall: uninstall-recursive install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-recursive install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." @ENABLE_DOCBOOK_FALSE@clean-local: clean: clean-recursive clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-recursive -rm -f Makefile distclean-am: clean-am distclean-generic distclean-tags dvi: dvi-recursive dvi-am: html: html-recursive html-am: info: info-recursive info-am: install-data-am: install-man install-dvi: install-dvi-recursive install-dvi-am: install-exec-am: install-html: install-html-recursive install-html-am: install-info: install-info-recursive install-info-am: install-man: install-man1 install-man5 install-man7 install-man8 install-pdf: install-pdf-recursive install-pdf-am: install-ps: install-ps-recursive install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-recursive -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-recursive mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-recursive pdf-am: ps: ps-recursive ps-am: uninstall-am: uninstall-man uninstall-man: uninstall-man1 uninstall-man5 uninstall-man7 \ uninstall-man8 .MAKE: $(am__recursive_targets) install-am install-strip .PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \ check-am clean clean-generic clean-libtool clean-local \ cscopelist-am ctags ctags-am distclean distclean-generic \ distclean-libtool distclean-tags distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-man1 install-man5 \ install-man7 install-man8 install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs installdirs-am maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-man uninstall-man1 uninstall-man5 \ uninstall-man7 uninstall-man8 .PRECIOUS: Makefile @ENABLE_DOCBOOK_TRUE@%.1 : %.sgml @ENABLE_DOCBOOK_TRUE@ $(db2xman) $< @ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true @ENABLE_DOCBOOK_TRUE@%.5 : %.sgml @ENABLE_DOCBOOK_TRUE@ $(db2xman) $< @ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true @ENABLE_DOCBOOK_TRUE@%.7 : %.sgml @ENABLE_DOCBOOK_TRUE@ $(db2xman) $< @ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true @ENABLE_DOCBOOK_TRUE@%.8 : %.sgml @ENABLE_DOCBOOK_TRUE@ $(db2xman) $< @ENABLE_DOCBOOK_TRUE@ test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true @ENABLE_DOCBOOK_TRUE@lxc-%.sgml : common_options.sgml see_also.sgml @ENABLE_DOCBOOK_TRUE@clean-local: @ENABLE_DOCBOOK_TRUE@ $(RM) manpage.* *.7 *.5 *.1 *.8 $(man_MANS) # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-monitor.sgml.in0000644061062106075000000001141714176403775016466 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-monitor 1 lxc-monitor monitor the container state lxc-monitor -n name -Q name Description lxc-monitor monitors the state of containers. The name argument may be used to specify which containers to monitor. It is a regular expression, conforming with posix2, so it is possible to monitor all the containers, several of them or just one. If not specified, name will default to '.*' which will monitor all containers in lxcpath. The =PATH option may be specified multiple times to monitor more than one container path. Note however that containers with the same name in multiple paths will be indistinguishable in the output. Options Ask the lxc-monitord daemon on each given lxcpath to quit. After receiving this command, lxc-monitord will exit immediately as soon as it has no clients instead of waiting the normal 30 seconds for new clients. This is useful if you need to unmount the filesystem lxcpath is on. &commonoptions; Examples lxc-monitor -n foo will monitor the different states for container foo. lxc-monitor -n 'foo|bar' will monitor the different states for container foo and bar. lxc-monitor -n '[fb].*' will monitor the different states for container with the name beginning with letter 'f' or 'b'. lxc-monitor -n '.*' will monitor the different states for all containers. Diagnostic The container was not found The specified container was not created before with the lxc-create command. See Also regex 7 , &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-start.sgml.in0000644061062106075000000001720314176403775016133 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-start 1 lxc-start run an application inside a container. lxc-start -n name -f config_file -c console_device -L console_logfile -d -F -p pid_file -s KEY=VAL -C --share-[net|ipc|uts] name|pid command Description lxc-start runs the specified command inside the container specified by name. It will setup the container according to the configuration previously defined with the lxc-create command or with the configuration file parameter. If no configuration is defined, the default isolation is used. If no command is specified, lxc-start will use the command defined in lxc.init.cmd or if not set, the default "/sbin/init" command to run a system container. Options Run the container as a daemon. As the container has no more tty, if an error occurs nothing will be displayed, the log file can be used to check the error. (This is the default mode) Run the container in the foreground. In this mode, the container console will be attached to the current tty and signals will be routed directly to the container. Create a file with the process id. Specify the configuration file to configure the virtualization and isolation functionalities for the container. This configuration file if present will be used even if there is already a configuration file present in the previously created container (via lxc-create). Specify a device to use for the container's console, for example /dev/tty8. If this option is not specified the current terminal will be used unless is specified. Specify a file to log the container's console output to. Assign value VAL to configuration variable KEY. This overrides any assignment done in config_file. If any file descriptors are inherited, close them. If this option is not specified, then lxc-start will exit with failure instead. Note: --daemon implies --close-all-fds. Inherit a network namespace from a name container or a pid. The network namespace will continue to be managed by the original owner. The network configuration of the starting container is ignored and the up/down scripts won't be executed. Inherit an IPC namespace from a name container or a pid. Inherit a UTS namespace from a name container or a pid. The starting LXC will not set the hostname, but the container OS may do it anyway. &commonoptions; Diagnostic The container is busy The specified container is already running an application. You should stop it before reuse this container or create a new one. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-device.sgml.in0000644061062106075000000001007414176403775016234 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-device 1 lxc-device manage devices of running containers lxc-device -h -n name add DEVICE NAME Description lxc-device manages devices in running container. Options The full command help message. The name of the target container. What action to perform. Only 'add' is supported at this point. The device to add to the container. It can either be the path to a device under /dev or a network interface name. Name for the device within the container. Examples lxc-device -n p1 add /dev/video0 Creates a /dev/video0 device in container p1 based on the matching device on the host. lxc-device -n p1 add eth0 eth1 Moves eth0 from the host as eth1 in p1. &seealso; Author Stéphane Graber stgraber@ubuntu.com lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc.system.conf.sgml.in0000644061062106075000000001203714176403775017247 00000000000000 ]> @LXC_GENERATE_DATE@ lxc.system.conf 5 lxc.system.conf LXC system configuration file Description The system configuration is located at @LXC_GLOBAL_CONF@ or ~/.config/lxc/lxc.conf for unprivileged containers. This configuration file is used to set values such as default lookup paths and storage backend settings for LXC. Configuration paths The location in which all containers are stored. The path to the default container configuration. Control Groups Comma separated list of cgroup controllers to setup. If none is specified, all available controllers will be used. Format string used to generate the cgroup path (e.g. lxc/%n). LVM Default LVM volume group name. Default LVM thin pool name. ZFS Default ZFS root name. lxc 1 , lxc.container.conf 5 , lxc.system.conf 5 , lxc-usernet 5 &seealso; Author Stéphane Graber stgraber@ubuntu.com lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-create.sgml.in0000644061062106075000000001745414176403775016251 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-create 1 lxc-create creates a container lxc-create -n name -f config_file -t template -B backingstore -- template-options Description lxc-create creates a system object where is stored the configuration information and where can be stored user information. The identifier name is used to specify the container to be used with the different lxc commands. The object is a directory created in @LXCPATH@ and identified by its name. The object is the definition of the different resources an application can use or can see. The more the configuration file contains information, the more the container is isolated and the more the application is jailed. If the configuration file config_file is not specified, the container will be created with the default isolation: processes, sysv ipc and mount points. Options Specify the configuration file to configure the virtualization and isolation functionalities for the container. 'template' is the short name of an existing 'lxc-template' script that is called by lxc-create, eg. busybox, debian, fedora, ubuntu or sshd. Refer to the examples in @LXCTEMPLATEDIR@ for details of the expected script structure. Alternatively, the full path to an executable template script can also be passed as a parameter. "none" can be used to force lxc-create to skip rootfs creation. 'backingstore' is one of 'dir', 'lvm', 'loop', 'btrfs', 'zfs', 'rbd', or 'best'. The default is 'dir', meaning that the container root filesystem will be a directory under @LXCPATH@/container/rootfs. This backing store type allows the optional --dir ROOTFS to be specified, meaning that the container rootfs should be placed under the specified path, rather than the default. (The 'none' backingstore type is an alias for 'dir'.) If 'btrfs' is specified, then the target filesystem must be btrfs, and the container rootfs will be created as a new subvolume. This allows snapshotted clones to be created, but also causes rsync --one-filesystem to treat it as a separate filesystem. If backingstore is 'lvm', then an lvm block device will be used and the following further options are available: --lvname lvname1 will create an LV named lvname1 rather than the default, which is the container name. --vgname vgname1 will create the LV in volume group vgname1 rather than the default, lxc. --thinpool thinpool1 will create the LV as a thin-provisioned volume in the pool named thinpool1 rather than the default, lxc. --fstype FSTYPE will create an FSTYPE filesystem on the LV, rather than the default, which is ext4. --fssize SIZE will create a LV (and filesystem) of size SIZE rather than the default, which is 1G. If backingstore is 'loop', you can use --fstype FSTYPE and --fssize SIZE as 'lvm'. The default values for these options are the same as 'lvm'. If backingstore is 'rbd', then you will need to have a valid configuration in ceph.conf and a ceph.client.admin.keyring defined. You can specify the following options : --rbdname RBDNAME will create a blockdevice named RBDNAME rather than the default, which is the container name. --rbdpool POOL will create the blockdevice in the pool named POOL, rather than the default, which is 'lxc'. If backingstore is 'best', then lxc will try, in order, btrfs, zfs, lvm, and finally a directory backing store. This will pass template-options to the template as arguments. To see the list of options supported by the template, you can run lxc-create -t TEMPLATE -h. &commonoptions; Diagnostic The container already exists As the message mention it, you try to create a container but there is a container with the same name. You can use the lxc-ls command to list the available containers on the system. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-execute.sgml.in0000644061062106075000000001436714176403775016450 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-execute 1 lxc-execute run an application inside a container. lxc-execute -n name -d -f config_file -s KEY=VAL -u, --uid uid -g, --gid gid -- command Description lxc-execute runs the specified command inside the container specified by name. It will setup the container according to the configuration previously defined with the lxc-create command or with the configuration file parameter. If no configuration is defined, the default isolation is used. This command is mainly used when you want to quickly launch an application in an isolated environment. lxc-execute command will run the specified command into the container via an intermediate process, lxc-init. This lxc-init after launching the specified command, will wait for its end and all other reparented processes. (to support daemons in the container). In other words, in the container, lxc-init has the pid 1 and the first process of the application has the pid 2. The above lxc-init is designed to forward received signals to the started command. Options Specify the configuration file to configure the virtualization and isolation functionalities for the container. This configuration file if present will be used even if there is already a configuration file present in the previously created container (via lxc-create). Assign value VAL to configuration variable KEY. This overrides any assignment done in config_file. Run the container as a daemon. As the container has no more tty, if an error occurs nothing will be displayed, the log file can be used to check the error. Executes the command with user ID uid inside the container. Executes the command with group ID gid inside the container. Signal the end of options and disables further option processing. Any arguments after the -- are treated as arguments to command. This option is useful when you want specify options to command and don't want lxc-execute to interpret them. &commonoptions; Diagnostic The container is busy The specified container is already running an application. You should stop it before reuse this container or create a new one. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/Makefile.am0000644061062106075000000000300514176403775014750 00000000000000SUBDIRS = examples rootfs DIST_SUBDIRS = examples rootfs ja ko api if USE_DOCBOOK2X SUBDIRS += ja ko endif if ENABLE_API_DOCS SUBDIRS += api endif EXTRA_DIST = api-extensions.md \ lxc.container.conf \ lxc.system.conf \ FAQ.txt if ENABLE_DOCBOOK man_MANS = lxc.conf.5 \ lxc.container.conf.5 \ lxc.system.conf.5 \ lxc-usernet.5 \ lxc.7 if ENABLE_TOOLS man_MANS += lxc-attach.1 \ lxc-autostart.1 \ lxc-cgroup.1 \ lxc-checkconfig.1 \ lxc-checkpoint.1 \ lxc-config.1 \ lxc-console.1 \ lxc-copy.1 \ lxc-create.1 \ lxc-destroy.1 \ lxc-device.1 \ lxc-execute.1 \ lxc-freeze.1 \ lxc-info.1 \ lxc-ls.1 \ lxc-monitor.1 \ lxc-snapshot.1 \ lxc-start.1 \ lxc-stop.1 \ lxc-top.1 \ lxc-unfreeze.1 \ lxc-unshare.1 \ lxc-wait.1 endif if ENABLE_PAM man_MANS += pam_cgfs.8 endif if ENABLE_COMMANDS man_MANS += lxc-update-config.1 \ lxc-user-nic.1 \ lxc-usernsexec.1 endif %.1 : %.sgml $(db2xman) $< test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true %.5 : %.sgml $(db2xman) $< test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true %.7 : %.sgml $(db2xman) $< test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true %.8 : %.sgml $(db2xman) $< test "$(shell basename $@)" != "$@" && mv $(shell basename $@) $@ || true lxc-%.sgml : common_options.sgml see_also.sgml clean-local: $(RM) manpage.* *.7 *.5 *.1 *.8 $(man_MANS) endif lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-ls.sgml.in0000644061062106075000000001535114176403775015416 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-ls 1 lxc-ls list the containers existing on the system lxc-ls -1 --active --frozen --running --stopped --defined -f -F format -g groups --nesting=NUM --filter=regex Description lxc-ls list the containers existing on the system. Options Show one entry per line. (default when /dev/stdout isn't a tty) List only active containers (same as --frozen --running). List only frozen containers. List only running containers. List only stopped containers. List only defined containers. Use a fancy, column-based output. Comma separated list of columns to show in the fancy output. The list of accepted and default fields is listed in --help. Comma separated list of groups the container must have to be displayed. The parameter may be passed multiple times. Show nested containers. The number of nesting levels to be shown can be specified by passing a number as argument. The regular expression passed to lxc-ls will be applied to the container name. The format is a POSIX extended regular expression. It can also be given as additional argument without explicitly using . Examples lxc-ls --fancy list all the containers, listing one per line along with its name, state, ipv4 and ipv6 addresses. lxc-ls --active -1 list active containers and display the list in one column. &commonoptions; &seealso; History Written originally as a shell script by Daniel Lezcano and Serge Hallyn. Later reimplemented and extended in Python by Stéphane Graber and then reimplemented and extended in C by Christian Brauner. Author Christian Brauner christian.brauner@mailbox.org, Stéphane Graber stgraber@ubuntu.com lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-attach.sgml.in0000644061062106075000000003677614176403775016262 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-attach 1 lxc-attach start a process inside a running container. lxc-attach -n, --name name -f, --rcfile config_file -a, --arch arch -e, --elevated-privileges privileges -s, --namespaces namespaces -R, --remount-sys-proc --keep-env --clear-env -v, --set-var variable --keep-var variable -u, --uid uid -g, --gid gid -- command Description lxc-attach runs the specified command inside the container specified by name. The container has to be running already. If no command is specified, the current default shell of the user running lxc-attach will be looked up inside the container and executed. This will fail if no such user exists inside the container or the container does not have a working nsswitch mechanism. Previous versions of lxc-attach simply attached to the specified namespaces of a container and ran a shell or the specified command without first allocating a pseudo terminal. This made them vulnerable to input faking via a TIOCSTI ioctl call after switching between userspace execution contexts with different privilege levels. Newer versions of lxc-attach will try to allocate a pseudo terminal file descriptor pair on the host and attach any standard file descriptors which refer to a terminal to the container side of the pseudo terminal before executing a shell or command. Note, that if none of the standard file descriptors refer to a terminal lxc-attach will not try to allocate a pseudo terminal. Instead it will simply attach to the containers namespaces and run a shell or the specified command. Options Specify the configuration file to configure the virtualization and isolation functionalities for the container. This configuration file if present will be used even if there is already a configuration file present in the previously created container (via lxc-create). Specify the architecture which the kernel should appear to be running as to the command executed. This option will accept the same settings as the option in container configuration files, see lxc.conf 5 . By default, the current architecture of the running container will be used. Do not drop privileges when running command inside the container. If this option is specified, the new process will not be added to the container's cgroup(s) and it will not drop its capabilities before executing. You may specify privileges, in case you do not want to elevate all of them, as a pipe-separated list, e.g. CGROUP|LSM. Allowed values are CGROUP, CAP and LSM representing cgroup, capabilities and restriction privileges respectively. (The pipe symbol needs to be escaped, e.g. CGROUP\|LSM or quoted, e.g. "CGROUP|LSM".) Warning: This may leak privileges into the container if the command starts subprocesses that remain active after the main process that was attached is terminated. The (re-)starting of daemons inside the container is problematic, especially if the daemon starts a lot of subprocesses such as cron or sshd. Use with great care. Specify the namespaces to attach to, as a pipe-separated list, e.g. NETWORK|IPC. Allowed values are MOUNT, PID, UTSNAME, IPC, USER and NETWORK. This allows one to change the context of the process to e.g. the network namespace of the container while retaining the other namespaces as those of the host. (The pipe symbol needs to be escaped, e.g. MOUNT\|PID or quoted, e.g. "MOUNT|PID".) Important: This option implies . When using and the mount namespace is not included, this flag will cause lxc-attach to remount /proc and /sys to reflect the current other namespace contexts. Please see the Notes section for more details. This option will be ignored if one tries to attach to the mount namespace anyway. Keep the current environment for attached programs. This is the current default behaviour (as of version 0.9), but is is likely to change in the future, since this may leak undesirable information into the container. If you rely on the environment being available for the attached program, please use this option to be future-proof. In addition to current environment variables, container=lxc will be set. Clear the environment before attaching, so no undesired environment variables leak into the container. The variable container=lxc will be the only environment with which the attached program starts. Set an additional environment variable that is seen by the attached program in the container. It is specified in the form of "VAR=VALUE", and can be specified multiple times. Keep a specified environment variable. It can only be specified in conjunction with --clear-env, and can be specified multiple times. Executes the command with user ID uid inside the container. Executes the command with group ID gid inside the container. &commonoptions; Examples To spawn a new shell running inside an existing container, use lxc-attach -n container To restart the cron service of a running Debian container, use lxc-attach -n container -- /etc/init.d/cron restart To deactivate the network link eth1 of a running container that does not have the NET_ADMIN capability, use either the option to use increased capabilities, assuming the ip tool is installed: lxc-attach -n container -e -- /sbin/ip link delete eth1 Or, alternatively, use the to use the tools installed on the host outside the container: lxc-attach -n container -s NETWORK -- /sbin/ip link delete eth1 Compatibility Attaching completely (including the pid and mount namespaces) to a container requires a kernel of version 3.8 or higher, or a patched kernel, please see the lxc website for details. lxc-attach will fail in that case if used with an unpatched kernel of version 3.7 and prior. Nevertheless, it will succeed on an unpatched kernel of version 3.0 or higher if the option is used to restrict the namespaces that the process is to be attached to to one or more of NETWORK, IPC and UTSNAME. Attaching to user namespaces is supported by kernel 3.8 or higher with enabling user namespace. Notes The Linux /proc and /sys filesystems contain information about some quantities that are affected by namespaces, such as the directories named after process ids in /proc or the network interface information in /sys/class/net. The namespace of the process mounting the pseudo-filesystems determines what information is shown, not the namespace of the process accessing /proc or /sys. If one uses the option to only attach to the pid namespace of a container, but not its mount namespace (which will contain the /proc of the container and not the host), the contents of will reflect that of the host and not the container. Analogously, the same issue occurs when reading the contents of /sys/class/net and attaching to just the network namespace. To work around this problem, the flag provides the option to remount /proc and /sys in order for them to reflect the network/pid namespace context of the attached process. In order not to interfere with the host's actual filesystem, the mount namespace will be unshared (like lxc-unshare does) before this is done, essentially giving the process a new mount namespace, which is identical to the hosts's mount namespace except for the /proc and /sys filesystems. Previous versions of lxc-attach suffered a bug whereby a user could attach to a containers namespace without being placed in a writeable cgroup for some critical subsystems. Newer versions of lxc-attach will check whether a user is in a writeable cgroup for those critical subsystems. lxc-attach might thus fail unexpectedly for some users (E.g. on systems where an unprivileged user is not placed in a writeable cgroup in critical subsystems on login.). However, this behavior is correct and more secure. Security The and options should be used with care, as it may break the isolation of the containers if used improperly. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/FAQ.txt0000644061062106075000000000300614176403775014065 00000000000000 Troubleshooting: =============== Error: ------ error while loading shared libraries reported after sudo make install and when trying to run lxc-execute. "lxc-execute -n foo -f /usr/local/etc/lxc/lxc-macvlan.conf /bin/bash" /usr/local/bin/lxc-execute: error while loading shared libraries: liblxc-0.5.0.so: cannot open shared object file: No such file or directory Answer: ------- update the ld cache by running ldconfig. Error: ------ error when starting a container. "lxc-start Invalid argument" "lxc-execute -n foo -f /usr/local/etc/lxc/lxc-macvlan.conf /bin/bash" "[syserr] lxc_start:96: Invalid argument - failed to fork into a new namespace" Answer: ------- read the lxc man page about kernel version prereq :) most probably your kernel is not configured to support the container options you want to use. Error: ------ On Ubuntu 8.10, if using the cvs source code rather than the provided tarball. Then make is failing with many errors similar to the line below: ========== ../../libtool: line 810: X--tag=CC: command not found ========== Answer: ------- This is related to a compatibility problem between the shipped config/ltmain.sh and the libtool version installed on your Ubuntu 8.10 machine. You have to replace the config/ltmain.sh from cvs head by the one from your libtool package, make some cleaning and reissue all the build process: ========== cd cp -f /usr/share/libtool/config/ltmain.sh config/ rm -f libtool ./bootstrap && ./configure && make && sudo make install ========== lxc-5.0.0~git2209-g5a7b9ce67/doc/lxc-console.sgml.in0000644061062106075000000001075014176403775016440 00000000000000 ]> @LXC_GENERATE_DATE@ lxc-console 1 lxc-console Launch a console for the specified container lxc-console -n name -e escape character -t ttynum Description If the tty service has been configured and is available for the container specified as parameter, this command will launch a console allowing to log on the container. The available tty are free slots taken by this command. That means if the container has four ttys available and the command has been launched four times each taking a different tty, the fifth command will fail because no console will be available. The command will connect to a tty. If the connection is lost or broken, the command can be launched again and regain the tty at the state it was before the disconnection. A ttynum of 0 may be given to attach to the container's /dev/console instead of its dev/tty<ttynum>. A keyboard escape sequence may be used to disconnect from the tty and quit lxc-console. The default escape sequence is <Ctrl+a q>. Options Specify the escape sequence prefix to use instead of <Ctrl a>. This may be given as '^letter' or just 'letter'. For example to use <Ctrl+b q> as the escape sequence use -e '^b'. Specify the tty number to connect to or 0 for the console. If not specified the next available tty number will be automatically chosen by the container. &commonoptions; Diagnostic tty service denied No tty is available or there is not enough privilege to use the console. For example, the container belongs to user "foo" and "bar" is trying to open a console to it. &seealso; Author Daniel Lezcano daniel.lezcano@free.fr lxc-5.0.0~git2209-g5a7b9ce67/doc/api/0000755061062106075000000000000014223133720013526 500000000000000lxc-5.0.0~git2209-g5a7b9ce67/doc/api/Makefile.am0000644061062106075000000000021014176403775015514 00000000000000EXTRA_DIST = Doxyfile if ENABLE_API_DOCS html: Doxyfile doxygen $< endif .PHONY: html all-local: html clean-local: $(RM) -rf html lxc-5.0.0~git2209-g5a7b9ce67/doc/api/Makefile.in0000644061062106075000000003417014223133707015525 00000000000000# Makefile.in generated by automake 1.16.5 from Makefile.am. # @configure_input@ # Copyright (C) 1994-2021 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, # with or without modifications, as long as this notice is preserved. # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY, to the extent permitted by law; without # even the implied warranty of MERCHANTABILITY or FITNESS FOR A # PARTICULAR PURPOSE. @SET_MAKE@ VPATH = @srcdir@ am__is_gnu_make = { \ if test -z '$(MAKELEVEL)'; then \ false; \ elif test -n '$(MAKE_HOST)'; then \ true; \ elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ true; \ else \ false; \ fi; \ } am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ *) echo "am__make_running_with_option: internal error: invalid" \ "target option '$${target_option-}' specified" >&2; \ exit 1;; \ esac; \ has_opt=no; \ sane_makeflags=$$MAKEFLAGS; \ if $(am__is_gnu_make); then \ sane_makeflags=$$MFLAGS; \ else \ case $$MAKEFLAGS in \ *\\[\ \ ]*) \ bs=\\; \ sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \ | sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \ esac; \ fi; \ skip_next=no; \ strip_trailopt () \ { \ flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \ }; \ for flg in $$sane_makeflags; do \ test $$skip_next = yes && { skip_next=no; continue; }; \ case $$flg in \ *=*|--*) continue;; \ -*I) strip_trailopt 'I'; skip_next=yes;; \ -*I?*) strip_trailopt 'I';; \ -*O) strip_trailopt 'O'; skip_next=yes;; \ -*O?*) strip_trailopt 'O';; \ -*l) strip_trailopt 'l'; skip_next=yes;; \ -*l?*) strip_trailopt 'l';; \ -[dEDm]) skip_next=yes;; \ -[JT]) skip_next=yes;; \ esac; \ case $$flg in \ *$$target_option*) has_opt=yes; break;; \ esac; \ done; \ test $$has_opt = yes am__make_dryrun = (target_option=n; $(am__make_running_with_option)) am__make_keepgoing = (target_option=k; $(am__make_running_with_option)) pkgdatadir = $(datadir)/@PACKAGE@ pkgincludedir = $(includedir)/@PACKAGE@ pkglibdir = $(libdir)/@PACKAGE@ pkglibexecdir = $(libexecdir)/@PACKAGE@ am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd install_sh_DATA = $(install_sh) -c -m 644 install_sh_PROGRAM = $(install_sh) -c install_sh_SCRIPT = $(install_sh) -c INSTALL_HEADER = $(INSTALL_DATA) transform = $(program_transform_name) NORMAL_INSTALL = : PRE_INSTALL = : POST_INSTALL = : NORMAL_UNINSTALL = : PRE_UNINSTALL = : POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = doc/api ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/config/acinclude.m4 \ $(top_srcdir)/config/attributes.m4 \ $(top_srcdir)/config/ax_pthread.m4 \ $(top_srcdir)/config/libtool.m4 \ $(top_srcdir)/config/ltoptions.m4 \ $(top_srcdir)/config/ltsugar.m4 \ $(top_srcdir)/config/ltversion.m4 \ $(top_srcdir)/config/lt~obsolete.m4 $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/src/config.h CONFIG_CLEAN_FILES = CONFIG_CLEAN_VPATH_FILES = AM_V_P = $(am__v_P_@AM_V@) am__v_P_ = $(am__v_P_@AM_DEFAULT_V@) am__v_P_0 = false am__v_P_1 = : AM_V_GEN = $(am__v_GEN_@AM_V@) am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@) am__v_GEN_0 = @echo " GEN " $@; am__v_GEN_1 = AM_V_at = $(am__v_at_@AM_V@) am__v_at_ = $(am__v_at_@AM_DEFAULT_V@) am__v_at_0 = @ am__v_at_1 = SOURCES = DIST_SOURCES = am__can_run_installinfo = \ case $$AM_UPDATE_INFO_DIR in \ n|no|NO) false;; \ *) (install-info --version) >/dev/null 2>&1;; \ esac am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP) am__DIST_COMMON = $(srcdir)/Makefile.in DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ AMTAR = @AMTAR@ AM_CFLAGS = @AM_CFLAGS@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AM_LDFLAGS = @AM_LDFLAGS@ APPARMOR_CACHE_DIR = @APPARMOR_CACHE_DIR@ AR = @AR@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ AWK = @AWK@ BINDIR = @BINDIR@ CAP_LIBS = @CAP_LIBS@ CC = @CC@ CCDEPMODE = @CCDEPMODE@ CFLAGS = @CFLAGS@ CPP = @CPP@ CPPFLAGS = @CPPFLAGS@ CSCOPE = @CSCOPE@ CTAGS = @CTAGS@ CXX = @CXX@ CXXCPP = @CXXCPP@ CXXDEPMODE = @CXXDEPMODE@ CXXFLAGS = @CXXFLAGS@ CYGPATH_W = @CYGPATH_W@ DATADIR = @DATADIR@ DEFAULT_CGROUP_PATTERN = @DEFAULT_CGROUP_PATTERN@ DEFS = @DEFS@ DEPDIR = @DEPDIR@ DLLTOOL = @DLLTOOL@ DLOG_CFLAGS = @DLOG_CFLAGS@ DLOG_LIBS = @DLOG_LIBS@ DOCDIR = @DOCDIR@ DSYMUTIL = @DSYMUTIL@ DUMPBIN = @DUMPBIN@ ECHO_C = @ECHO_C@ ECHO_N = @ECHO_N@ ECHO_T = @ECHO_T@ EGREP = @EGREP@ ETAGS = @ETAGS@ EXEEXT = @EXEEXT@ FGREP = @FGREP@ GREP = @GREP@ HAVE_DOXYGEN = @HAVE_DOXYGEN@ INCLUDEDIR = @INCLUDEDIR@ INSTALL = @INSTALL@ INSTALL_DATA = @INSTALL_DATA@ INSTALL_PROGRAM = @INSTALL_PROGRAM@ INSTALL_SCRIPT = @INSTALL_SCRIPT@ INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@ LD = @LD@ LDFLAGS = @LDFLAGS@ LIBDIR = @LIBDIR@ LIBEXECDIR = @LIBEXECDIR@ LIBOBJS = @LIBOBJS@ LIBS = @LIBS@ LIBTOOL = @LIBTOOL@ LIBTOOL_DEPS = @LIBTOOL_DEPS@ LIBURING_LIBS = @LIBURING_LIBS@ LIPO = @LIPO@ LN_S = @LN_S@ LOCALSTATEDIR = @LOCALSTATEDIR@ LOGPATH = @LOGPATH@ LTLIBOBJS = @LTLIBOBJS@ LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ LXCBINHOOKDIR = @LXCBINHOOKDIR@ LXCHOOKDIR = @LXCHOOKDIR@ LXCINITDIR = @LXCINITDIR@ LXCPATH = @LXCPATH@ LXCROOTFSMOUNT = @LXCROOTFSMOUNT@ LXCTEMPLATECONFIG = @LXCTEMPLATECONFIG@ LXCTEMPLATEDIR = @LXCTEMPLATEDIR@ LXC_ABI = @LXC_ABI@ LXC_ABI_MAJOR = @LXC_ABI_MAJOR@ LXC_ABI_MICRO = @LXC_ABI_MICRO@ LXC_ABI_MINOR = @LXC_ABI_MINOR@ LXC_DEFAULT_CONFIG = @LXC_DEFAULT_CONFIG@ LXC_DEVEL = @LXC_DEVEL@ LXC_DISTRO_SYSCONF = @LXC_DISTRO_SYSCONF@ LXC_GENERATE_DATE = @LXC_GENERATE_DATE@ LXC_GLOBAL_CONF = @LXC_GLOBAL_CONF@ LXC_USERNIC_CONF = @LXC_USERNIC_CONF@ LXC_USERNIC_DB = @LXC_USERNIC_DB@ LXC_VERSION = @LXC_VERSION@ LXC_VERSION_BASE = @LXC_VERSION_BASE@ LXC_VERSION_BETA = @LXC_VERSION_BETA@ LXC_VERSION_MAJOR = @LXC_VERSION_MAJOR@ LXC_VERSION_MICRO = @LXC_VERSION_MICRO@ LXC_VERSION_MINOR = @LXC_VERSION_MINOR@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ NM = @NM@ NMEDIT = @NMEDIT@ OBJCOPY = @OBJCOPY@ OBJDUMP = @OBJDUMP@ OBJEXT = @OBJEXT@ OPENSSL_LIBS = @OPENSSL_LIBS@ OTOOL = @OTOOL@ OTOOL64 = @OTOOL64@ PACKAGE = @PACKAGE@ PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@ PACKAGE_NAME = @PACKAGE_NAME@ PACKAGE_STRING = @PACKAGE_STRING@ PACKAGE_TARNAME = @PACKAGE_TARNAME@ PACKAGE_URL = @PACKAGE_URL@ PACKAGE_VERSION = @PACKAGE_VERSION@ PAM_CFLAGS = @PAM_CFLAGS@ PAM_LIBS = @PAM_LIBS@ PATH_SEPARATOR = @PATH_SEPARATOR@ PKG_CONFIG = @PKG_CONFIG@ PKG_CONFIG_LIBDIR = @PKG_CONFIG_LIBDIR@ PKG_CONFIG_PATH = @PKG_CONFIG_PATH@ PREFIX = @PREFIX@ PTHREAD_CC = @PTHREAD_CC@ PTHREAD_CFLAGS = @PTHREAD_CFLAGS@ PTHREAD_LIBS = @PTHREAD_LIBS@ RANLIB = @RANLIB@ RUNTIME_PATH = @RUNTIME_PATH@ SBINDIR = @SBINDIR@ SECCOMP_CFLAGS = @SECCOMP_CFLAGS@ SECCOMP_LIBS = @SECCOMP_LIBS@ SED = @SED@ SELINUX_LIBS = @SELINUX_LIBS@ SET_MAKE = @SET_MAKE@ SHELL = @SHELL@ STRIP = @STRIP@ SYSCONFDIR = @SYSCONFDIR@ SYSTEMD_UNIT_DIR = @SYSTEMD_UNIT_DIR@ VERSION = @VERSION@ abs_builddir = @abs_builddir@ abs_srcdir = @abs_srcdir@ abs_top_builddir = @abs_top_builddir@ abs_top_srcdir = @abs_top_srcdir@ ac_ct_AR = @ac_ct_AR@ ac_ct_CC = @ac_ct_CC@ ac_ct_CXX = @ac_ct_CXX@ ac_ct_DUMPBIN = @ac_ct_DUMPBIN@ am__include = @am__include@ am__leading_dot = @am__leading_dot@ am__quote = @am__quote@ am__tar = @am__tar@ am__untar = @am__untar@ ax_pthread_config = @ax_pthread_config@ bashcompdir = @bashcompdir@ bindir = @bindir@ build = @build@ build_alias = @build_alias@ build_cpu = @build_cpu@ build_os = @build_os@ build_vendor = @build_vendor@ builddir = @builddir@ datadir = @datadir@ datarootdir = @datarootdir@ db2xman = @db2xman@ docdir = @docdir@ docdtd = @docdtd@ dvidir = @dvidir@ exec_pamdir = @exec_pamdir@ exec_prefix = @exec_prefix@ host = @host@ host_alias = @host_alias@ host_cpu = @host_cpu@ host_os = @host_os@ host_vendor = @host_vendor@ htmldir = @htmldir@ includedir = @includedir@ infodir = @infodir@ install_sh = @install_sh@ libdir = @libdir@ libexecdir = @libexecdir@ localedir = @localedir@ localstatedir = @localstatedir@ mandir = @mandir@ mkdir_p = @mkdir_p@ oldincludedir = @oldincludedir@ pdfdir = @pdfdir@ prefix = @prefix@ program_transform_name = @program_transform_name@ psdir = @psdir@ runstatedir = @runstatedir@ sbindir = @sbindir@ sharedstatedir = @sharedstatedir@ srcdir = @srcdir@ sysconfdir = @sysconfdir@ target_alias = @target_alias@ top_build_prefix = @top_build_prefix@ top_builddir = @top_builddir@ top_srcdir = @top_srcdir@ EXTRA_DIST = Doxyfile all: all-am .SUFFIXES: $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) @for dep in $?; do \ case '$(am__configure_deps)' in \ *$$dep*) \ ( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \ && { if test -f $@; then exit 0; else break; fi; }; \ exit 1;; \ esac; \ done; \ echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu doc/api/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu doc/api/Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \ *) \ echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles)'; \ cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__maybe_remake_depfiles);; \ esac; $(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(top_srcdir)/configure: $(am__configure_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(ACLOCAL_M4): $(am__aclocal_m4_deps) cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh $(am__aclocal_m4_deps): mostlyclean-libtool: -rm -f *.lo clean-libtool: -rm -rf .libs _libs tags TAGS: ctags CTAGS: cscope cscopelist: distdir: $(BUILT_SOURCES) $(MAKE) $(AM_MAKEFLAGS) distdir-am distdir-am: $(DISTFILES) @srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \ list='$(DISTFILES)'; \ dist_files=`for file in $$list; do echo $$file; done | \ sed -e "s|^$$srcdirstrip/||;t" \ -e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \ case $$dist_files in \ */*) $(MKDIR_P) `echo "$$dist_files" | \ sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \ sort -u` ;; \ esac; \ for file in $$dist_files; do \ if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \ if test -d $$d/$$file; then \ dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \ if test -d "$(distdir)/$$file"; then \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \ cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \ find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \ fi; \ cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \ else \ test -f "$(distdir)/$$file" \ || cp -p $$d/$$file "$(distdir)/$$file" \ || exit 1; \ fi; \ done check-am: all-am check: check-am all-am: Makefile all-local installdirs: install: install-am install-exec: install-exec-am install-data: install-data-am uninstall: uninstall-am install-am: all-am @$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am installcheck: installcheck-am install-strip: if test -z '$(STRIP)'; then \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ install; \ else \ $(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \ install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \ "INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \ fi mostlyclean-generic: clean-generic: distclean-generic: -test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES) -test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES) maintainer-clean-generic: @echo "This command is intended for maintainers to use" @echo "it deletes files that may require special tools to rebuild." clean: clean-am clean-am: clean-generic clean-libtool clean-local mostlyclean-am distclean: distclean-am -rm -f Makefile distclean-am: clean-am distclean-generic dvi: dvi-am dvi-am: @ENABLE_API_DOCS_FALSE@html: html-am html-am: info: info-am info-am: install-data-am: install-dvi: install-dvi-am install-dvi-am: install-exec-am: install-html: install-html-am install-html-am: install-info: install-info-am install-info-am: install-man: install-pdf: install-pdf-am install-pdf-am: install-ps: install-ps-am install-ps-am: installcheck-am: maintainer-clean: maintainer-clean-am -rm -f Makefile maintainer-clean-am: distclean-am maintainer-clean-generic mostlyclean: mostlyclean-am mostlyclean-am: mostlyclean-generic mostlyclean-libtool pdf: pdf-am pdf-am: ps: ps-am ps-am: uninstall-am: .MAKE: install-am install-strip .PHONY: all all-am all-local check check-am clean clean-generic \ clean-libtool clean-local cscopelist-am ctags-am distclean \ distclean-generic distclean-libtool distdir dvi dvi-am html \ html-am info info-am install install-am install-data \ install-data-am install-dvi install-dvi-am install-exec \ install-exec-am install-html install-html-am install-info \ install-info-am install-man install-pdf install-pdf-am \ install-ps install-ps-am install-strip installcheck \ installcheck-am installdirs maintainer-clean \ maintainer-clean-generic mostlyclean mostlyclean-generic \ mostlyclean-libtool pdf pdf-am ps ps-am tags-am uninstall \ uninstall-am .PRECIOUS: Makefile @ENABLE_API_DOCS_TRUE@html: Doxyfile @ENABLE_API_DOCS_TRUE@ doxygen $< .PHONY: html all-local: html clean-local: $(RM) -rf html # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. .NOEXPORT: lxc-5.0.0~git2209-g5a7b9ce67/doc/api/Doxyfile0000644061062106075000000030211214176403775015174 00000000000000# Doxyfile 1.8.5 # This file describes the settings to be used by the documentation system # doxygen (www.doxygen.org) for a project. # # All text after a double hash (##) is considered a comment and is placed in # front of the TAG it is preceding. # # All text after a single hash (#) is considered a comment and will be ignored. # The format is: # TAG = value [value, ...] # For lists, items can also be appended using: # TAG += value [value, ...] # Values that contain spaces should be placed between quotes (\" \"). #--------------------------------------------------------------------------- # Project related configuration options #--------------------------------------------------------------------------- # This tag specifies the encoding used for all characters in the config file # that follow. The default is UTF-8 which is also the encoding used for all text # before the first occurrence of this tag. Doxygen uses libiconv (or the iconv # built into libc) for the transcoding. See http://www.gnu.org/software/libiconv # for the list of possible encodings. # The default value is: UTF-8. DOXYFILE_ENCODING = UTF-8 # The PROJECT_NAME tag is a single word (or a sequence of words surrounded by # double-quotes, unless you are using Doxywizard) that should identify the # project for which the documentation is generated. This name is used in the # title of most generated pages and in a few other places. # The default value is: My Project. PROJECT_NAME = "LXC" # The PROJECT_NUMBER tag can be used to enter a project or revision number. This # could be handy for archiving the generated documentation or if some version # control system is used. PROJECT_NUMBER = # Using the PROJECT_BRIEF tag one can provide an optional one line description # for a project that appears at the top of each page and should give viewer a # quick idea about the purpose of the project. Keep the description short. PROJECT_BRIEF = # With the PROJECT_LOGO tag one can specify an logo or icon that is included in # the documentation. The maximum height of the logo should not exceed 55 pixels # and the maximum width should not exceed 200 pixels. Doxygen will copy the logo # to the output directory. PROJECT_LOGO = # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) path # into which the generated documentation will be written. If a relative path is # entered, it will be relative to the location where doxygen was started. If # left blank the current directory will be used. OUTPUT_DIRECTORY = . # If the CREATE_SUBDIRS tag is set to YES, then doxygen will create 4096 sub- # directories (in 2 levels) under the output directory of each output format and # will distribute the generated files over these directories. Enabling this # option can be useful when feeding doxygen a huge amount of source files, where # putting all generated files in the same directory would otherwise causes # performance problems for the file system. # The default value is: NO. CREATE_SUBDIRS = NO # The OUTPUT_LANGUAGE tag is used to specify the language in which all # documentation generated by doxygen is written. Doxygen will use this # information to generate all constant output in the proper language. # Possible values are: Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese- # Traditional, Croatian, Czech, Danish, Dutch, English, Esperanto, Farsi, # Finnish, French, German, Greek, Hungarian, Italian, Japanese, Japanese-en, # Korean, Korean-en, Latvian, Norwegian, Macedonian, Persian, Polish, # Portuguese, Romanian, Russian, Serbian, Slovak, Slovene, Spanish, Swedish, # Turkish, Ukrainian and Vietnamese. # The default value is: English. OUTPUT_LANGUAGE = English # If the BRIEF_MEMBER_DESC tag is set to YES doxygen will include brief member # descriptions after the members that are listed in the file and class # documentation (similar to Javadoc). Set to NO to disable this. # The default value is: YES. BRIEF_MEMBER_DESC = YES # If the REPEAT_BRIEF tag is set to YES doxygen will prepend the brief # description of a member or function before the detailed description # # Note: If both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the # brief descriptions will be completely suppressed. # The default value is: YES. REPEAT_BRIEF = YES # This tag implements a quasi-intelligent brief description abbreviator that is # used to form the text in various listings. Each string in this list, if found # as the leading text of the brief description, will be stripped from the text # and the result, after processing the whole list, is used as the annotated # text. Otherwise, the brief description is used as-is. If left blank, the # following values are used ($name is automatically replaced with the name of # the entity):The $name class, The $name widget, The $name file, is, provides, # specifies, contains, represents, a, an and the. ABBREVIATE_BRIEF = # If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then # doxygen will generate a detailed section even if there is only a brief # description. # The default value is: NO. ALWAYS_DETAILED_SEC = NO # If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all # inherited members of a class in the documentation of that class as if those # members were ordinary class members. Constructors, destructors and assignment # operators of the base classes will not be shown. # The default value is: NO. INLINE_INHERITED_MEMB = NO # If the FULL_PATH_NAMES tag is set to YES doxygen will prepend the full path # before files name in the file list and in the header files. If set to NO the # shortest path that makes the file name unique will be used # The default value is: YES. FULL_PATH_NAMES = NO # The STRIP_FROM_PATH tag can be used to strip a user-defined part of the path. # Stripping is only done if one of the specified strings matches the left-hand # part of the path. The tag can be used to show relative paths in the file list. # If left blank the directory from which doxygen is run is used as the path to # strip. # # Note that you can specify absolute paths here, but also relative paths, which # will be relative from the directory where doxygen is started. # This tag requires that the tag FULL_PATH_NAMES is set to YES. STRIP_FROM_PATH = # The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of the # path mentioned in the documentation of a class, which tells the reader which # header file to include in order to use a class. If left blank only the name of # the header file containing the class definition is used. Otherwise one should # specify the list of include paths that are normally passed to the compiler # using the -I flag. STRIP_FROM_INC_PATH = # If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter (but # less readable) file names. This can be useful is your file systems doesn't # support long names like on DOS, Mac, or CD-ROM. # The default value is: NO. SHORT_NAMES = NO # If the JAVADOC_AUTOBRIEF tag is set to YES then doxygen will interpret the # first line (until the first dot) of a Javadoc-style comment as the brief # description. If set to NO, the Javadoc-style will behave just like regular Qt- # style comments (thus requiring an explicit @brief command for a brief # description.) # The default value is: NO. JAVADOC_AUTOBRIEF = NO # If the QT_AUTOBRIEF tag is set to YES then doxygen will interpret the first # line (until the first dot) of a Qt-style comment as the brief description. If # set to NO, the Qt-style will behave just like regular Qt-style comments (thus # requiring an explicit \brief command for a brief description.) # The default value is: NO. QT_AUTOBRIEF = NO # The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make doxygen treat a # multi-line C++ special comment block (i.e. a block of //! or /// comments) as # a brief description. This used to be the default behavior. The new default is # to treat a multi-line C++ comment block as a detailed description. Set this # tag to YES if you prefer the old behavior instead. # # Note that setting this tag to YES also means that rational rose comments are # not recognized any more. # The default value is: NO. MULTILINE_CPP_IS_BRIEF = NO # If the INHERIT_DOCS tag is set to YES then an undocumented member inherits the # documentation from any documented member that it re-implements. # The default value is: YES. INHERIT_DOCS = YES # If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce a # new page for each member. If set to NO, the documentation of a member will be # part of the file/class/namespace that contains it. # The default value is: NO. SEPARATE_MEMBER_PAGES = NO # The TAB_SIZE tag can be used to set the number of spaces in a tab. Doxygen # uses this value to replace tabs by spaces in code fragments. # Minimum value: 1, maximum value: 16, default value: 4. TAB_SIZE = 4 # This tag can be used to specify a number of aliases that act as commands in # the documentation. An alias has the form: # name=value # For example adding # "sideeffect=@par Side Effects:\n" # will allow you to put the command \sideeffect (or @sideeffect) in the # documentation, which will result in a user-defined paragraph with heading # "Side Effects:". You can put \n's in the value part of an alias to insert # newlines. ALIASES = # This tag can be used to specify a number of word-keyword mappings (TCL only). # A mapping has the form "name=value". For example adding "class=itcl::class" # will allow you to use the command class in the itcl::class meaning. TCL_SUBST = # Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C sources # only. Doxygen will then generate output that is more tailored for C. For # instance, some of the names that are used will be different. The list of all # members will be omitted, etc. # The default value is: NO. OPTIMIZE_OUTPUT_FOR_C = YES # Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java or # Python sources only. Doxygen will then generate output that is more tailored # for that language. For instance, namespaces will be presented as packages, # qualified scopes will look different, etc. # The default value is: NO. OPTIMIZE_OUTPUT_JAVA = NO # Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran # sources. Doxygen will then generate output that is tailored for Fortran. # The default value is: NO. OPTIMIZE_FOR_FORTRAN = NO # Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL # sources. Doxygen will then generate output that is tailored for VHDL. # The default value is: NO. OPTIMIZE_OUTPUT_VHDL = NO # Doxygen selects the parser to use depending on the extension of the files it # parses. With this tag you can assign which parser to use for a given # extension. Doxygen has a built-in mapping, but you can override or extend it # using this tag. The format is ext=language, where ext is a file extension, and # language is one of the parsers supported by doxygen: IDL, Java, JavaScript, # C#, C, C++, D, PHP, Objective-C, Python, Fortran, VHDL. For instance to make # doxygen treat .inc files as Fortran files (default is PHP), and .f files as C # (default is Fortran), use: inc=Fortran f=C. # # Note For files without extension you can use no_extension as a placeholder. # # Note that for custom extensions you also need to set FILE_PATTERNS otherwise # the files are not read by doxygen. EXTENSION_MAPPING = # If the MARKDOWN_SUPPORT tag is enabled then doxygen pre-processes all comments # according to the Markdown format, which allows for more readable # documentation. See http://daringfireball.net/projects/markdown/ for details. # The output of markdown processing is further processed by doxygen, so you can # mix doxygen, HTML, and XML commands with Markdown formatting. Disable only in # case of backward compatibilities issues. # The default value is: YES. MARKDOWN_SUPPORT = YES # When enabled doxygen tries to link words that correspond to documented # classes, or namespaces to their corresponding documentation. Such a link can # be prevented in individual cases by by putting a % sign in front of the word # or globally by setting AUTOLINK_SUPPORT to NO. # The default value is: YES. AUTOLINK_SUPPORT = YES # If you use STL classes (i.e. std::string, std::vector, etc.) but do not want # to include (a tag file for) the STL sources as input, then you should set this # tag to YES in order to let doxygen match functions declarations and # definitions whose arguments contain STL classes (e.g. func(std::string); # versus func(std::string) {}). This also make the inheritance and collaboration # diagrams that involve STL classes more complete and accurate. # The default value is: NO. BUILTIN_STL_SUPPORT = NO # If you use Microsoft's C++/CLI language, you should set this option to YES to # enable parsing support. # The default value is: NO. CPP_CLI_SUPPORT = NO # Set the SIP_SUPPORT tag to YES if your project consists of sip (see: # http://www.riverbankcomputing.co.uk/software/sip/intro) sources only. Doxygen # will parse them like normal C++ but will assume all classes use public instead # of private inheritance when no explicit protection keyword is present. # The default value is: NO. SIP_SUPPORT = NO # For Microsoft's IDL there are propget and propput attributes to indicate # getter and setter methods for a property. Setting this option to YES will make # doxygen to replace the get and set methods by a property in the documentation. # This will only work if the methods are indeed getting or setting a simple # type. If this is not the case, or you want to show the methods anyway, you # should set this option to NO. # The default value is: YES. IDL_PROPERTY_SUPPORT = YES # If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC # tag is set to YES, then doxygen will reuse the documentation of the first # member in the group (if any) for the other members of the group. By default # all members of a group must be documented explicitly. # The default value is: NO. DISTRIBUTE_GROUP_DOC = YES # Set the SUBGROUPING tag to YES to allow class member groups of the same type # (for instance a group of public functions) to be put as a subgroup of that # type (e.g. under the Public Functions section). Set it to NO to prevent # subgrouping. Alternatively, this can be done per class using the # \nosubgrouping command. # The default value is: YES. SUBGROUPING = YES # When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and unions # are shown inside the group in which they are included (e.g. using \ingroup) # instead of on a separate page (for HTML and Man pages) or section (for LaTeX # and RTF). # # Note that this feature does not work in combination with # SEPARATE_MEMBER_PAGES. # The default value is: NO. INLINE_GROUPED_CLASSES = NO # When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and unions # with only public data fields or simple typedef fields will be shown inline in # the documentation of the scope in which they are defined (i.e. file, # namespace, or group documentation), provided this scope is documented. If set # to NO, structs, classes, and unions are shown on a separate page (for HTML and # Man pages) or section (for LaTeX and RTF). # The default value is: NO. INLINE_SIMPLE_STRUCTS = NO # When TYPEDEF_HIDES_STRUCT tag is enabled, a typedef of a struct, union, or # enum is documented as struct, union, or enum with the name of the typedef. So # typedef struct TypeS {} TypeT, will appear in the documentation as a struct # with name TypeT. When disabled the typedef will appear as a member of a file, # namespace, or class. And the struct will be named TypeS. This can typically be # useful for C code in case the coding convention dictates that all compound # types are typedef'ed and only the typedef is referenced, never the tag name. # The default value is: NO. TYPEDEF_HIDES_STRUCT = NO # The size of the symbol lookup cache can be set using LOOKUP_CACHE_SIZE. This # cache is used to resolve symbols given their name and scope. Since this can be # an expensive process and often the same symbol appears multiple times in the # code, doxygen keeps a cache of pre-resolved symbols. If the cache is too small # doxygen will become slower. If the cache is too large, memory is wasted. The # cache size is given by this formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range # is 0..9, the default is 0, corresponding to a cache size of 2^16=65536 # symbols. At the end of a run doxygen will report the cache usage and suggest # the optimal cache size from a speed point of view. # Minimum value: 0, maximum value: 9, default value: 0. LOOKUP_CACHE_SIZE = 0 #--------------------------------------------------------------------------- # Build related configuration options #--------------------------------------------------------------------------- # If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in # documentation are documented, even if no documentation was available. Private # class members and static file members will be hidden unless the # EXTRACT_PRIVATE respectively EXTRACT_STATIC tags are set to YES. # Note: This will also disable the warnings about undocumented members that are # normally produced when WARNINGS is set to YES. # The default value is: NO. EXTRACT_ALL = NO # If the EXTRACT_PRIVATE tag is set to YES all private members of a class will # be included in the documentation. # The default value is: NO. EXTRACT_PRIVATE = NO # If the EXTRACT_PACKAGE tag is set to YES all members with package or internal # scope will be included in the documentation. # The default value is: NO. EXTRACT_PACKAGE = NO # If the EXTRACT_STATIC tag is set to YES all static members of a file will be # included in the documentation. # The default value is: NO. EXTRACT_STATIC = NO # If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs) defined # locally in source files will be included in the documentation. If set to NO # only classes defined in header files are included. Does not have any effect # for Java sources. # The default value is: YES. EXTRACT_LOCAL_CLASSES = YES # This flag is only useful for Objective-C code. When set to YES local methods, # which are defined in the implementation section but not in the interface are # included in the documentation. If set to NO only methods in the interface are # included. # The default value is: NO. EXTRACT_LOCAL_METHODS = NO # If this flag is set to YES, the members of anonymous namespaces will be # extracted and appear in the documentation as a namespace called # 'anonymous_namespace{file}', where file will be replaced with the base name of # the file that contains the anonymous namespace. By default anonymous namespace # are hidden. # The default value is: NO. EXTRACT_ANON_NSPACES = NO # If the HIDE_UNDOC_MEMBERS tag is set to YES, doxygen will hide all # undocumented members inside documented classes or files. If set to NO these # members will be included in the various overviews, but no documentation # section is generated. This option has no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_MEMBERS = NO # If the HIDE_UNDOC_CLASSES tag is set to YES, doxygen will hide all # undocumented classes that are normally visible in the class hierarchy. If set # to NO these classes will be included in the various overviews. This option has # no effect if EXTRACT_ALL is enabled. # The default value is: NO. HIDE_UNDOC_CLASSES = NO # If the HIDE_FRIEND_COMPOUNDS tag is set to YES, doxygen will hide all friend # (class|struct|union) declarations. If set to NO these declarations will be # included in the documentation. # The default value is: NO. HIDE_FRIEND_COMPOUNDS = NO # If the HIDE_IN_BODY_DOCS tag is set to YES, doxygen will hide any # documentation blocks found inside the body of a function. If set to NO these # blocks will be appended to the function's detailed documentation block. # The default value is: NO. HIDE_IN_BODY_DOCS = NO # The INTERNAL_DOCS tag determines if documentation that is typed after a # \internal command is included. If the tag is set to NO then the documentation # will be excluded. Set it to YES to include the internal documentation. # The default value is: NO. INTERNAL_DOCS = NO # If the CASE_SENSE_NAMES tag is set to NO then doxygen will only generate file # names in lower-case letters. If set to YES upper-case letters are also # allowed. This is useful if you have classes or files whose names only differ # in case and if your file system supports case sensitive file names. Windows # and Mac users are advised to set this option to NO. # The default value is: system dependent. CASE_SENSE_NAMES = YES # If the HIDE_SCOPE_NAMES tag is set to NO then doxygen will show members with # their full class and namespace scopes in the documentation. If set to YES the # scope will be hidden. # The default value is: NO. HIDE_SCOPE_NAMES = NO # If the SHOW_INCLUDE_FILES tag is set to YES then doxygen will put a list of # the files that are included by a file in the documentation of that file. # The default value is: YES. SHOW_INCLUDE_FILES = YES # If the FORCE_LOCAL_INCLUDES tag is set to YES then doxygen will list include # files with double quotes in the documentation rather than with sharp brackets. # The default value is: NO. FORCE_LOCAL_INCLUDES = NO # If the INLINE_INFO tag is set to YES then a tag [inline] is inserted in the # documentation for inline members. # The default value is: YES. INLINE_INFO = YES # If the SORT_MEMBER_DOCS tag is set to YES then doxygen will sort the # (detailed) documentation of file and class members alphabetically by member # name. If set to NO the members will appear in declaration order. # The default value is: YES. SORT_MEMBER_DOCS = YES # If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the brief # descriptions of file, namespace and class members alphabetically by member # name. If set to NO the members will appear in declaration order. # The default value is: NO. SORT_BRIEF_DOCS = NO # If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the # (brief and detailed) documentation of class members so that constructors and # destructors are listed first. If set to NO the constructors will appear in the # respective orders defined by SORT_BRIEF_DOCS and SORT_MEMBER_DOCS. # Note: If SORT_BRIEF_DOCS is set to NO this option is ignored for sorting brief # member documentation. # Note: If SORT_MEMBER_DOCS is set to NO this option is ignored for sorting # detailed member documentation. # The default value is: NO. SORT_MEMBERS_CTORS_1ST = NO # If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the hierarchy # of group names into alphabetical order. If set to NO the group names will # appear in their defined order. # The default value is: NO. SORT_GROUP_NAMES = NO # If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be sorted by # fully-qualified names, including namespaces. If set to NO, the class list will # be sorted only by class name, not including the namespace part. # Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES. # Note: This option applies only to the class list, not to the alphabetical # list. # The default value is: NO. SORT_BY_SCOPE_NAME = NO # If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper # type resolution of all parameters of a function it will reject a match between # the prototype and the implementation of a member function even if there is # only one candidate or it is obvious which candidate to choose by doing a # simple string match. By disabling STRICT_PROTO_MATCHING doxygen will still # accept a match between prototype and implementation in such cases. # The default value is: NO. STRICT_PROTO_MATCHING = NO # The GENERATE_TODOLIST tag can be used to enable ( YES) or disable ( NO) the # todo list. This list is created by putting \todo commands in the # documentation. # The default value is: YES. GENERATE_TODOLIST = YES # The GENERATE_TESTLIST tag can be used to enable ( YES) or disable ( NO) the # test list. This list is created by putting \test commands in the # documentation. # The default value is: YES. GENERATE_TESTLIST = YES # The GENERATE_BUGLIST tag can be used to enable ( YES) or disable ( NO) the bug # list. This list is created by putting \bug commands in the documentation. # The default value is: YES. GENERATE_BUGLIST = YES # The GENERATE_DEPRECATEDLIST tag can be used to enable ( YES) or disable ( NO) # the deprecated list. This list is created by putting \deprecated commands in # the documentation. # The default value is: YES. GENERATE_DEPRECATEDLIST= YES # The ENABLED_SECTIONS tag can be used to enable conditional documentation # sections, marked by \if ... \endif and \cond # ... \endcond blocks. ENABLED_SECTIONS = # The MAX_INITIALIZER_LINES tag determines the maximum number of lines that the # initial value of a variable or macro / define can have for it to appear in the # documentation. If the initializer consists of more lines than specified here # it will be hidden. Use a value of 0 to hide initializers completely. The # appearance of the value of individual variables and macros / defines can be # controlled using \showinitializer or \hideinitializer command in the # documentation regardless of this setting. # Minimum value: 0, maximum value: 10000, default value: 30. MAX_INITIALIZER_LINES = 30 # Set the SHOW_USED_FILES tag to NO to disable the list of files generated at # the bottom of the documentation of classes and structs. If set to YES the list # will mention the files that were used to generate the documentation. # The default value is: YES. SHOW_USED_FILES = YES # Set the SHOW_FILES tag to NO to disable the generation of the Files page. This # will remove the Files entry from the Quick Index and from the Folder Tree View # (if specified). # The default value is: YES. SHOW_FILES = YES # Set the SHOW_NAMESPACES tag to NO to disable the generation of the Namespaces # page. This will remove the Namespaces entry from the Quick Index and from the # Folder Tree View (if specified). # The default value is: YES. SHOW_NAMESPACES = YES # The FILE_VERSION_FILTER tag can be used to specify a program or script that # doxygen should invoke to get the current version for each file (typically from # the version control system). Doxygen will invoke the program by executing (via # popen()) the command command input-file, where command is the value of the # FILE_VERSION_FILTER tag, and input-file is the name of an input file provided # by doxygen. Whatever the program writes to standard output is used as the file # version. For an example see the documentation. FILE_VERSION_FILTER = # The LAYOUT_FILE tag can be used to specify a layout file which will be parsed # by doxygen. The layout file controls the global structure of the generated # output files in an output format independent way. To create the layout file # that represents doxygen's defaults, run doxygen with the -l option. You can # optionally specify a file name after the option, if omitted DoxygenLayout.xml # will be used as the name of the layout file. # # Note that if you run doxygen from a directory containing a file called # DoxygenLayout.xml, doxygen will parse it automatically even if the LAYOUT_FILE # tag is left empty. LAYOUT_FILE = # The CITE_BIB_FILES tag can be used to specify one or more bib files containing # the reference definitions. This must be a list of .bib files. The .bib # extension is automatically appended if omitted. This requires the bibtex tool # to be installed. See also http://en.wikipedia.org/wiki/BibTeX for more info. # For LaTeX the style of the bibliography can be controlled using # LATEX_BIB_STYLE. To use this feature you need bibtex and perl available in the # search path. Do not use file names with spaces, bibtex cannot handle them. See # also \cite for info how to create references. CITE_BIB_FILES = #--------------------------------------------------------------------------- # Configuration options related to warning and progress messages #--------------------------------------------------------------------------- # The QUIET tag can be used to turn on/off the messages that are generated to # standard output by doxygen. If QUIET is set to YES this implies that the # messages are off. # The default value is: NO. QUIET = NO # The WARNINGS tag can be used to turn on/off the warning messages that are # generated to standard error ( stderr) by doxygen. If WARNINGS is set to YES # this implies that the warnings are on. # # Tip: Turn warnings on while writing the documentation. # The default value is: YES. WARNINGS = YES # If the WARN_IF_UNDOCUMENTED tag is set to YES, then doxygen will generate # warnings for undocumented members. If EXTRACT_ALL is set to YES then this flag # will automatically be disabled. # The default value is: YES. WARN_IF_UNDOCUMENTED = YES # If the WARN_IF_DOC_ERROR tag is set to YES, doxygen will generate warnings for # potential errors in the documentation, such as not documenting some parameters # in a documented function, or documenting parameters that don't exist or using # markup commands wrongly. # The default value is: YES. WARN_IF_DOC_ERROR = YES # This WARN_NO_PARAMDOC option can be enabled to get warnings for functions that # are documented, but have no documentation for their parameters or return # value. If set to NO doxygen will only warn about wrong or incomplete parameter # documentation, but not about the absence of documentation. # The default value is: NO. WARN_NO_PARAMDOC = YES # The WARN_FORMAT tag determines the format of the warning messages that doxygen # can produce. The string should contain the $file, $line, and $text tags, which # will be replaced by the file and line number from which the warning originated # and the warning text. Optionally the format may contain $version, which will # be replaced by the version of the file (if it could be obtained via # FILE_VERSION_FILTER) # The default value is: $file:$line: $text. WARN_FORMAT = "$file:$line: $text" # The WARN_LOGFILE tag can be used to specify a file to which warning and error # messages should be written. If left blank the output is written to standard # error (stderr). WARN_LOGFILE = #--------------------------------------------------------------------------- # Configuration options related to the input files #--------------------------------------------------------------------------- # The INPUT tag is used to specify the files and/or directories that contain # documented source files. You may enter file names like myfile.cpp or # directories like /usr/src/myproject. Separate the files or directories with # spaces. # Note: If this tag is empty the current directory is searched. INPUT = \ ../../src/lxc/lxccontainer.h \ ../../src/lxc/lxclock.h \ ../../src/lxc/attach_options.h # This tag can be used to specify the character encoding of the source files # that doxygen parses. Internally doxygen uses the UTF-8 encoding. Doxygen uses # libiconv (or the iconv built into libc) for the transcoding. See the libiconv # documentation (see: http://www.gnu.org/software/libiconv) for the list of # possible encodings. # The default value is: UTF-8. INPUT_ENCODING = UTF-8 # If the value of the INPUT tag contains directories, you can use the # FILE_PATTERNS tag to specify one or more wildcard patterns (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank the # following patterns are tested:*.c, *.cc, *.cxx, *.cpp, *.c++, *.java, *.ii, # *.ixx, *.ipp, *.i++, *.inl, *.idl, *.ddl, *.odl, *.h, *.hh, *.hxx, *.hpp, # *.h++, *.cs, *.d, *.php, *.php4, *.php5, *.phtml, *.inc, *.m, *.markdown, # *.md, *.mm, *.dox, *.py, *.f90, *.f, *.for, *.tcl, *.vhd, *.vhdl, *.ucf, # *.qsf, *.as and *.js. FILE_PATTERNS = *.h # The RECURSIVE tag can be used to specify whether or not subdirectories should # be searched for input files as well. # The default value is: NO. RECURSIVE = NO # The EXCLUDE tag can be used to specify files and/or directories that should be # excluded from the INPUT source files. This way you can easily exclude a # subdirectory from a directory tree whose root is specified with the INPUT tag. # # Note that relative paths are relative to the directory from which doxygen is # run. EXCLUDE = # The EXCLUDE_SYMLINKS tag can be used to select whether or not files or # directories that are symbolic links (a Unix file system feature) are excluded # from the input. # The default value is: NO. EXCLUDE_SYMLINKS = NO # If the value of the INPUT tag contains directories, you can use the # EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude # certain files from those directories. # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories for example use the pattern */test/* EXCLUDE_PATTERNS = # The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names # (namespaces, classes, functions, etc.) that should be excluded from the # output. The symbol name can be a fully qualified name, a word, or if the # wildcard * is used, a substring. Examples: ANamespace, AClass, # AClass::ANamespace, ANamespace::*Test # # Note that the wildcards are matched against the file with absolute path, so to # exclude all test directories use the pattern */test/* EXCLUDE_SYMBOLS = # The EXAMPLE_PATH tag can be used to specify one or more files or directories # that contain example code fragments that are included (see the \include # command). EXAMPLE_PATH = # If the value of the EXAMPLE_PATH tag contains directories, you can use the # EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp and # *.h) to filter out the source-files in the directories. If left blank all # files are included. EXAMPLE_PATTERNS = # If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be # searched for input files to be used with the \include or \dontinclude commands # irrespective of the value of the RECURSIVE tag. # The default value is: NO. EXAMPLE_RECURSIVE = NO # The IMAGE_PATH tag can be used to specify one or more files or directories # that contain images that are to be included in the documentation (see the # \image command). IMAGE_PATH = # The INPUT_FILTER tag can be used to specify a program that doxygen should # invoke to filter for each input file. Doxygen will invoke the filter program # by executing (via popen()) the command: # # # # where is the value of the INPUT_FILTER tag, and is the # name of an input file. Doxygen will then use the output that the filter # program writes to standard output. If FILTER_PATTERNS is specified, this tag # will be ignored. # # Note that the filter must not add or remove lines; it is applied before the # code is scanned, but not when the output code is generated. If lines are added # or removed, the anchors will not be placed correctly. INPUT_FILTER = # The FILTER_PATTERNS tag can be used to specify filters on a per file pattern # basis. Doxygen will compare the file name with each pattern and apply the # filter if there is a match. The filters are a list of the form: pattern=filter # (like *.cpp=my_cpp_filter). See INPUT_FILTER for further information on how # filters are used. If the FILTER_PATTERNS tag is empty or if none of the # patterns match the file name, INPUT_FILTER is applied. FILTER_PATTERNS = # If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using # INPUT_FILTER ) will also be used to filter the input files that are used for # producing the source files to browse (i.e. when SOURCE_BROWSER is set to YES). # The default value is: NO. FILTER_SOURCE_FILES = NO # The FILTER_SOURCE_PATTERNS tag can be used to specify source filters per file # pattern. A pattern will override the setting for FILTER_PATTERN (if any) and # it is also possible to disable source filtering for a specific pattern using # *.ext= (so without naming a filter). # This tag requires that the tag FILTER_SOURCE_FILES is set to YES. FILTER_SOURCE_PATTERNS = # If the USE_MDFILE_AS_MAINPAGE tag refers to the name of a markdown file that # is part of the input, its contents will be placed on the main page # (index.html). This can be useful if you have a project on for instance GitHub # and want to reuse the introduction page also for the doxygen output. USE_MDFILE_AS_MAINPAGE = #--------------------------------------------------------------------------- # Configuration options related to source browsing #--------------------------------------------------------------------------- # If the SOURCE_BROWSER tag is set to YES then a list of source files will be # generated. Documented entities will be cross-referenced with these sources. # # Note: To get rid of all source code in the generated output, make sure that # also VERBATIM_HEADERS is set to NO. # The default value is: NO. SOURCE_BROWSER = NO # Setting the INLINE_SOURCES tag to YES will include the body of functions, # classes and enums directly into the documentation. # The default value is: NO. INLINE_SOURCES = NO # Setting the STRIP_CODE_COMMENTS tag to YES will instruct doxygen to hide any # special comment blocks from generated source code fragments. Normal C, C++ and # Fortran comments will always remain visible. # The default value is: YES. STRIP_CODE_COMMENTS = YES # If the REFERENCED_BY_RELATION tag is set to YES then for each documented # function all documented functions referencing it will be listed. # The default value is: NO. REFERENCED_BY_RELATION = NO # If the REFERENCES_RELATION tag is set to YES then for each documented function # all documented entities called/used by that function will be listed. # The default value is: NO. REFERENCES_RELATION = NO # If the REFERENCES_LINK_SOURCE tag is set to YES and SOURCE_BROWSER tag is set # to YES, then the hyperlinks from functions in REFERENCES_RELATION and # REFERENCED_BY_RELATION lists will link to the source code. Otherwise they will # link to the documentation. # The default value is: YES. REFERENCES_LINK_SOURCE = YES # If SOURCE_TOOLTIPS is enabled (the default) then hovering a hyperlink in the # source code will show a tooltip with additional information such as prototype, # brief description and links to the definition and documentation. Since this # will make the HTML file larger and loading of large files a bit slower, you # can opt to disable this feature. # The default value is: YES. # This tag requires that the tag SOURCE_BROWSER is set to YES. SOURCE_TOOLTIPS = YES # If the USE_HTAGS tag is set to YES then the references to source code will # point to the HTML generated by the htags(1) tool instead of doxygen built-in # source browser. The htags tool is part of GNU's global source tagging system # (see http://www.gnu.org/software/global/global.html). You will need version # 4.8.6 or higher. # # To use it do the following: # - Install the latest version of global # - Enable SOURCE_BROWSER and USE_HTAGS in the config file # - Make sure the INPUT points to the root of the source tree # - Run doxygen as normal # # Doxygen will invoke htags (and that will in turn invoke gtags), so these # tools must be available from the command line (i.e. in the search path). # # The result: instead of the source browser generated by doxygen, the links to # source code will now point to the output of htags. # The default value is: NO. # This tag requires that the tag SOURCE_BROWSER is set to YES. USE_HTAGS = NO # If the VERBATIM_HEADERS tag is set the YES then doxygen will generate a # verbatim copy of the header file for each class for which an include is # specified. Set to NO to disable this. # See also: Section \class. # The default value is: YES. VERBATIM_HEADERS = YES #--------------------------------------------------------------------------- # Configuration options related to the alphabetical class index #--------------------------------------------------------------------------- # If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index of all # compounds will be generated. Enable this if the project contains a lot of # classes, structs, unions or interfaces. # The default value is: YES. ALPHABETICAL_INDEX = YES # The COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns in # which the alphabetical index list will be split. # Minimum value: 1, maximum value: 20, default value: 5. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. COLS_IN_ALPHA_INDEX = 5 # In case all classes in a project start with a common prefix, all classes will # be put under the same header in the alphabetical index. The IGNORE_PREFIX tag # can be used to specify a prefix (or a list of prefixes) that should be ignored # while generating the index headers. # This tag requires that the tag ALPHABETICAL_INDEX is set to YES. IGNORE_PREFIX = #--------------------------------------------------------------------------- # Configuration options related to the HTML output #--------------------------------------------------------------------------- # If the GENERATE_HTML tag is set to YES doxygen will generate HTML output # The default value is: YES. GENERATE_HTML = YES # The HTML_OUTPUT tag is used to specify where the HTML docs will be put. If a # relative path is entered the value of OUTPUT_DIRECTORY will be put in front of # it. # The default directory is: html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_OUTPUT = html # The HTML_FILE_EXTENSION tag can be used to specify the file extension for each # generated HTML page (for example: .htm, .php, .asp). # The default value is: .html. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FILE_EXTENSION = .html # The HTML_HEADER tag can be used to specify a user-defined HTML header file for # each generated HTML page. If the tag is left blank doxygen will generate a # standard header. # # To get valid HTML the header file that includes any scripts and style sheets # that doxygen needs, which is dependent on the configuration options used (e.g. # the setting GENERATE_TREEVIEW). It is highly recommended to start with a # default header using # doxygen -w html new_header.html new_footer.html new_stylesheet.css # YourConfigFile # and then modify the file new_header.html. See also section "Doxygen usage" # for information on how to generate the default header that doxygen normally # uses. # Note: The header is subject to change so you typically have to regenerate the # default header when upgrading to a newer version of doxygen. For a description # of the possible markers and block names see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_HEADER = # The HTML_FOOTER tag can be used to specify a user-defined HTML footer for each # generated HTML page. If the tag is left blank doxygen will generate a standard # footer. See HTML_HEADER for more information on how to generate a default # footer and what special commands can be used inside the footer. See also # section "Doxygen usage" for information on how to generate the default footer # that doxygen normally uses. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_FOOTER = # The HTML_STYLESHEET tag can be used to specify a user-defined cascading style # sheet that is used by each HTML page. It can be used to fine-tune the look of # the HTML output. If left blank doxygen will generate a default style sheet. # See also section "Doxygen usage" for information on how to generate the style # sheet that doxygen normally uses. # Note: It is recommended to use HTML_EXTRA_STYLESHEET instead of this tag, as # it is more robust and this tag (HTML_STYLESHEET) will in the future become # obsolete. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_STYLESHEET = # The HTML_EXTRA_STYLESHEET tag can be used to specify an additional user- # defined cascading style sheet that is included after the standard style sheets # created by doxygen. Using this option one can overrule certain style aspects. # This is preferred over using HTML_STYLESHEET since it does not replace the # standard style sheet and is therefor more robust against future updates. # Doxygen will copy the style sheet file to the output directory. For an example # see the documentation. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_STYLESHEET = # The HTML_EXTRA_FILES tag can be used to specify one or more extra images or # other source files which should be copied to the HTML output directory. Note # that these files will be copied to the base HTML output directory. Use the # $relpath^ marker in the HTML_HEADER and/or HTML_FOOTER files to load these # files. In the HTML_STYLESHEET file, use the file name only. Also note that the # files will be copied as-is; there are no commands or markers available. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_EXTRA_FILES = # The HTML_COLORSTYLE_HUE tag controls the color of the HTML output. Doxygen # will adjust the colors in the stylesheet and background images according to # this color. Hue is specified as an angle on a colorwheel, see # http://en.wikipedia.org/wiki/Hue for more information. For instance the value # 0 represents red, 60 is yellow, 120 is green, 180 is cyan, 240 is blue, 300 # purple, and 360 is red again. # Minimum value: 0, maximum value: 359, default value: 220. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_HUE = 220 # The HTML_COLORSTYLE_SAT tag controls the purity (or saturation) of the colors # in the HTML output. For a value of 0 the output will use grayscales only. A # value of 255 will produce the most vivid colors. # Minimum value: 0, maximum value: 255, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_SAT = 100 # The HTML_COLORSTYLE_GAMMA tag controls the gamma correction applied to the # luminance component of the colors in the HTML output. Values below 100 # gradually make the output lighter, whereas values above 100 make the output # darker. The value divided by 100 is the actual gamma applied, so 80 represents # a gamma of 0.8, The value 220 represents a gamma of 2.2, and 100 does not # change the gamma. # Minimum value: 40, maximum value: 240, default value: 80. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_COLORSTYLE_GAMMA = 80 # If the HTML_TIMESTAMP tag is set to YES then the footer of each generated HTML # page will contain the date and time when the page was generated. Setting this # to NO can help when comparing the output of multiple runs. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_TIMESTAMP = YES # If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML # documentation will contain sections that can be hidden and shown after the # page has loaded. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_DYNAMIC_SECTIONS = NO # With HTML_INDEX_NUM_ENTRIES one can control the preferred number of entries # shown in the various tree structured indices initially; the user can expand # and collapse entries dynamically later on. Doxygen will expand the tree to # such a level that at most the specified number of entries are visible (unless # a fully collapsed tree already exceeds this amount). So setting the number of # entries 1 will produce a full collapsed tree by default. 0 is a special value # representing an infinite number of entries and will result in a full expanded # tree by default. # Minimum value: 0, maximum value: 9999, default value: 100. # This tag requires that the tag GENERATE_HTML is set to YES. HTML_INDEX_NUM_ENTRIES = 100 # If the GENERATE_DOCSET tag is set to YES, additional index files will be # generated that can be used as input for Apple's Xcode 3 integrated development # environment (see: http://developer.apple.com/tools/xcode/), introduced with # OSX 10.5 (Leopard). To create a documentation set, doxygen will generate a # Makefile in the HTML output directory. Running make will produce the docset in # that directory and running make install will install the docset in # ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find it at # startup. See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html # for more information. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_DOCSET = NO # This tag determines the name of the docset feed. A documentation feed provides # an umbrella under which multiple documentation sets from a single provider # (such as a company or product suite) can be grouped. # The default value is: Doxygen generated docs. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_FEEDNAME = "Doxygen generated docs" # This tag specifies a string that should uniquely identify the documentation # set bundle. This should be a reverse domain-name style string, e.g. # com.mycompany.MyDocSet. Doxygen will append .docset to the name. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_BUNDLE_ID = org.doxygen.Project # The DOCSET_PUBLISHER_ID tag specifies a string that should uniquely identify # the documentation publisher. This should be a reverse domain-name style # string, e.g. com.mycompany.MyDocSet.documentation. # The default value is: org.doxygen.Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_ID = org.doxygen.Publisher # The DOCSET_PUBLISHER_NAME tag identifies the documentation publisher. # The default value is: Publisher. # This tag requires that the tag GENERATE_DOCSET is set to YES. DOCSET_PUBLISHER_NAME = Publisher # If the GENERATE_HTMLHELP tag is set to YES then doxygen generates three # additional HTML index files: index.hhp, index.hhc, and index.hhk. The # index.hhp is a project file that can be read by Microsoft's HTML Help Workshop # (see: http://www.microsoft.com/en-us/download/details.aspx?id=21138) on # Windows. # # The HTML Help Workshop contains a compiler that can convert all HTML output # generated by doxygen into a single compiled HTML file (.chm). Compiled HTML # files are now used as the Windows 98 help format, and will replace the old # Windows help format (.hlp) on all Windows platforms in the future. Compressed # HTML files also contain an index, a table of contents, and you can search for # words in the documentation. The HTML workshop also contains a viewer for # compressed HTML files. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_HTMLHELP = NO # The CHM_FILE tag can be used to specify the file name of the resulting .chm # file. You can add a path in front of the file if the result should not be # written to the html output directory. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_FILE = # The HHC_LOCATION tag can be used to specify the location (absolute path # including file name) of the HTML help compiler ( hhc.exe). If non-empty # doxygen will try to run the HTML help compiler on the generated index.hhp. # The file has to be specified with full path. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. HHC_LOCATION = # The GENERATE_CHI flag controls if a separate .chi index file is generated ( # YES) or that it should be included in the master .chm file ( NO). # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. GENERATE_CHI = NO # The CHM_INDEX_ENCODING is used to encode HtmlHelp index ( hhk), content ( hhc) # and project file content. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. CHM_INDEX_ENCODING = # The BINARY_TOC flag controls whether a binary table of contents is generated ( # YES) or a normal table of contents ( NO) in the .chm file. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. BINARY_TOC = NO # The TOC_EXPAND flag can be set to YES to add extra items for group members to # the table of contents of the HTML help documentation and to the tree view. # The default value is: NO. # This tag requires that the tag GENERATE_HTMLHELP is set to YES. TOC_EXPAND = NO # If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and # QHP_VIRTUAL_FOLDER are set, an additional index file will be generated that # can be used as input for Qt's qhelpgenerator to generate a Qt Compressed Help # (.qch) of the generated HTML documentation. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_QHP = NO # If the QHG_LOCATION tag is specified, the QCH_FILE tag can be used to specify # the file name of the resulting .qch file. The path specified is relative to # the HTML output folder. # This tag requires that the tag GENERATE_QHP is set to YES. QCH_FILE = # The QHP_NAMESPACE tag specifies the namespace to use when generating Qt Help # Project output. For more information please see Qt Help Project / Namespace # (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#namespace). # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_NAMESPACE = org.doxygen.Project # The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating Qt # Help Project output. For more information please see Qt Help Project / Virtual # Folders (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#virtual- # folders). # The default value is: doc. # This tag requires that the tag GENERATE_QHP is set to YES. QHP_VIRTUAL_FOLDER = doc # If the QHP_CUST_FILTER_NAME tag is set, it specifies the name of a custom # filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_NAME = # The QHP_CUST_FILTER_ATTRS tag specifies the list of the attributes of the # custom filter to add. For more information please see Qt Help Project / Custom # Filters (see: http://qt-project.org/doc/qt-4.8/qthelpproject.html#custom- # filters). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_CUST_FILTER_ATTRS = # The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this # project's filter section matches. Qt Help Project / Filter Attributes (see: # http://qt-project.org/doc/qt-4.8/qthelpproject.html#filter-attributes). # This tag requires that the tag GENERATE_QHP is set to YES. QHP_SECT_FILTER_ATTRS = # The QHG_LOCATION tag can be used to specify the location of Qt's # qhelpgenerator. If non-empty doxygen will try to run qhelpgenerator on the # generated .qhp file. # This tag requires that the tag GENERATE_QHP is set to YES. QHG_LOCATION = # If the GENERATE_ECLIPSEHELP tag is set to YES, additional index files will be # generated, together with the HTML files, they form an Eclipse help plugin. To # install this plugin and make it available under the help contents menu in # Eclipse, the contents of the directory containing the HTML and XML files needs # to be copied into the plugins directory of eclipse. The name of the directory # within the plugins directory should be the same as the ECLIPSE_DOC_ID value. # After copying Eclipse needs to be restarted before the help appears. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_ECLIPSEHELP = NO # A unique identifier for the Eclipse help plugin. When installing the plugin # the directory name containing the HTML and XML files should also have this # name. Each documentation set should have its own identifier. # The default value is: org.doxygen.Project. # This tag requires that the tag GENERATE_ECLIPSEHELP is set to YES. ECLIPSE_DOC_ID = org.doxygen.Project # If you want full control over the layout of the generated HTML pages it might # be necessary to disable the index and replace it with your own. The # DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs) at top # of each HTML page. A value of NO enables the index and the value YES disables # it. Since the tabs in the index contain the same information as the navigation # tree, you can set this option to YES if you also set GENERATE_TREEVIEW to YES. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. DISABLE_INDEX = NO # The GENERATE_TREEVIEW tag is used to specify whether a tree-like index # structure should be generated to display hierarchical information. If the tag # value is set to YES, a side panel will be generated containing a tree-like # index structure (just like the one that is generated for HTML Help). For this # to work a browser that supports JavaScript, DHTML, CSS and frames is required # (i.e. any modern browser). Windows users are probably better off using the # HTML help feature. Via custom stylesheets (see HTML_EXTRA_STYLESHEET) one can # further fine-tune the look of the index. As an example, the default style # sheet generated by doxygen has an example that shows how to put an image at # the root of the tree instead of the PROJECT_NAME. Since the tree basically has # the same information as the tab index, you could consider setting # DISABLE_INDEX to YES when enabling this option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. GENERATE_TREEVIEW = NO # The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values that # doxygen will group on one line in the generated HTML documentation. # # Note that a value of 0 will completely suppress the enum values from appearing # in the overview section. # Minimum value: 0, maximum value: 20, default value: 4. # This tag requires that the tag GENERATE_HTML is set to YES. ENUM_VALUES_PER_LINE = 4 # If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be used # to set the initial width (in pixels) of the frame in which the tree is shown. # Minimum value: 0, maximum value: 1500, default value: 250. # This tag requires that the tag GENERATE_HTML is set to YES. TREEVIEW_WIDTH = 250 # When the EXT_LINKS_IN_WINDOW option is set to YES doxygen will open links to # external symbols imported via tag files in a separate window. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. EXT_LINKS_IN_WINDOW = NO # Use this tag to change the font size of LaTeX formulas included as images in # the HTML documentation. When you change the font size after a successful # doxygen run you need to manually remove any form_*.png images from the HTML # output directory to force them to be regenerated. # Minimum value: 8, maximum value: 50, default value: 10. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_FONTSIZE = 10 # Use the FORMULA_TRANPARENT tag to determine whether or not the images # generated for formulas are transparent PNGs. Transparent PNGs are not # supported properly for IE 6.0, but are supported on all modern browsers. # # Note that when changing this option you need to delete any form_*.png files in # the HTML output directory before the changes have effect. # The default value is: YES. # This tag requires that the tag GENERATE_HTML is set to YES. FORMULA_TRANSPARENT = YES # Enable the USE_MATHJAX option to render LaTeX formulas using MathJax (see # http://www.mathjax.org) which uses client side JavaScript for the rendering # instead of using prerendered bitmaps. Use this if you do not have LaTeX # installed or if you want to formulas look prettier in the HTML output. When # enabled you may also need to install MathJax separately and configure the path # to it using the MATHJAX_RELPATH option. # The default value is: NO. # This tag requires that the tag GENERATE_HTML is set to YES. USE_MATHJAX = NO # When MathJax is enabled you can set the default output format to be used for # the MathJax output. See the MathJax site (see: # http://docs.mathjax.org/en/latest/output.html) for more details. # Possible values are: HTML-CSS (which is slower, but has the best # compatibility), NativeMML (i.e. MathML) and SVG. # The default value is: HTML-CSS. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_FORMAT = HTML-CSS # When MathJax is enabled you need to specify the location relative to the HTML # output directory using the MATHJAX_RELPATH option. The destination directory # should contain the MathJax.js script. For instance, if the mathjax directory # is located at the same level as the HTML output directory, then # MATHJAX_RELPATH should be ../mathjax. The default value points to the MathJax # Content Delivery Network so you can quickly see the result without installing # MathJax. However, it is strongly recommended to install a local copy of # MathJax from http://www.mathjax.org before deployment. # The default value is: http://cdn.mathjax.org/mathjax/latest. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_RELPATH = http://cdn.mathjax.org/mathjax/latest # The MATHJAX_EXTENSIONS tag can be used to specify one or more MathJax # extension names that should be enabled during MathJax rendering. For example # MATHJAX_EXTENSIONS = TeX/AMSmath TeX/AMSsymbols # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_EXTENSIONS = # The MATHJAX_CODEFILE tag can be used to specify a file with javascript pieces # of code that will be used on startup of the MathJax code. See the MathJax site # (see: http://docs.mathjax.org/en/latest/output.html) for more details. For an # example see the documentation. # This tag requires that the tag USE_MATHJAX is set to YES. MATHJAX_CODEFILE = # When the SEARCHENGINE tag is enabled doxygen will generate a search box for # the HTML output. The underlying search engine uses javascript and DHTML and # should work on any modern browser. Note that when using HTML help # (GENERATE_HTMLHELP), Qt help (GENERATE_QHP), or docsets (GENERATE_DOCSET) # there is already a search function so this one should typically be disabled. # For large projects the javascript based search engine can be slow, then # enabling SERVER_BASED_SEARCH may provide a better solution. It is possible to # search using the keyboard; to jump to the search box use + S # (what the is depends on the OS and browser, but it is typically # , /