Ubuntu
lxc package

Merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201202110437 into lp:ubuntu/precise/lxc

Proposed by Ubuntu Package Importer on 2012-02-11

Status:	Needs review
Proposed branch:	lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201202110437
Merge into:	lp:ubuntu/precise/lxc
Diff against target:	3940 lines (+3890/-0) (has conflicts) 8 files modified .pc/.quilt_patches (+1/-0) .pc/.quilt_series (+1/-0) .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.c (+1767/-0) .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.h (+230/-0) .pc/0040-consoles-into-devlxc.patch/src/lxc/confile.c (+898/-0) .pc/0041-ubuntu-template-user-and-tty/templates/lxc-ubuntu.in (+595/-0) debian/patches/0040-consoles-into-devlxc.patch (+278/-0) debian/patches/0041-ubuntu-template-user-and-tty (+120/-0) Conflict adding file .pc/0040-consoles-into-devlxc.patch. Moved existing file to .pc/0040-consoles-into-devlxc.patch.moved. Conflict adding file .pc/0041-ubuntu-template-user-and-tty. Moved existing file to .pc/0041-ubuntu-template-user-and-tty.moved. Conflict adding file debian/patches/0040-consoles-into-devlxc.patch. Moved existing file to debian/patches/0040-consoles-into-devlxc.patch.moved. Conflict adding file debian/patches/0041-ubuntu-template-user-and-tty. Moved existing file to debian/patches/0041-ubuntu-template-user-and-tty.moved.
To merge this branch:	bzr merge lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201202110437
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
Ubuntu branches		2012-02-11	Pending
Review via email: mp+92607@code.launchpad.net

Description of the change

The package importer has detected a possible inconsistency between the package history in the archive and the history in bzr. As the archive is authoritative the importer has made lp:ubuntu/precise/lxc reflect what is in the archive and the old bzr branch has been pushed to lp:~ubuntu-branches/ubuntu/precise/lxc/precise-201202110437. This merge proposal was created so that an Ubuntu developer can review the situations and perform a merge/upload if necessary. There are three typical cases where this can happen.
  1. Where someone pushes a change to bzr and someone else uploads the package without that change. This is the reason that this check is done by the importer. If this appears to be the case then a merge/upload should be done if the changes that were in bzr are still desirable.
  2. The importer incorrectly detected the above situation when someone made a change in bzr and then uploaded it.
  3. The importer incorrectly detected the above situation when someone just uploaded a package and didn't touch bzr.

If this case doesn't appear to be the first situation then set the status of the merge proposal to "Rejected" and help avoid the problem in future by filing a bug at https://bugs.launchpad.net/udd linking to this merge proposal.

(this is an automatically generated message)

Unmerged revisions

65. By Stéphane Graber on 2012-02-11: releasing version 0.7.5-3ubuntu24
64. By Stéphane Graber on 2012-02-11: update Ubuntu template to use devttydir, switch to using ubuntu/ubuntu and sudo by default instead of root/root, move information message about default username/password to the end of the template creation.
63. By Stéphane Graber on 2012-02-11: Add patch from Serge to support devttydir as a prefix for /dev/console and /dev/tty[1234].

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk

Subscribers

People subscribed via source and target branches

to all changes:

Ubuntu branches

 === added file '.pc/.dpkg-source-unapply'
 === added file '.pc/.quilt_patches'
 --- .pc/.quilt_patches	1970-01-01 00:00:00 +0000
 +++ .pc/.quilt_patches	2012-02-11 04:43:19 +0000
@@ -0,0 +1,1 @@
++debian/patches
 === added file '.pc/.quilt_series'
 --- .pc/.quilt_series	1970-01-01 00:00:00 +0000
 +++ .pc/.quilt_series	2012-02-11 04:43:19 +0000
@@ -0,0 +1,1 @@
++series
 === added directory '.pc/0040-consoles-into-devlxc.patch'
 === renamed directory '.pc/0040-consoles-into-devlxc.patch' => '.pc/0040-consoles-into-devlxc.patch.moved'
 === added directory '.pc/0040-consoles-into-devlxc.patch/src'
 === added directory '.pc/0040-consoles-into-devlxc.patch/src/lxc'
 === added file '.pc/0040-consoles-into-devlxc.patch/src/lxc/conf.c'
 --- .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.c	1970-01-01 00:00:00 +0000
 +++ .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.c	2012-02-11 04:43:19 +0000
@@ -0,0 +1,1767 @@
++/*
++ * lxc: linux Container library
++ *
++ * (C) Copyright IBM Corp. 2007, 2008
++ *
++ * Authors:
++ * Daniel Lezcano <dlezcano at fr.ibm.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ */
++#define _GNU_SOURCE
++#include <stdio.h>
++#undef _GNU_SOURCE
++#include <stdlib.h>
++#include <stdarg.h>
++#include <errno.h>
++#include <string.h>
++#include <dirent.h>
++#include <mntent.h>
++#include <unistd.h>
++#include <sys/wait.h>
++#include <pty.h>
++
++#include <linux/loop.h>
++
++#include <sys/types.h>
++#include <sys/utsname.h>
++#include <sys/param.h>
++#include <sys/stat.h>
++#include <sys/socket.h>
++#include <sys/mount.h>
++#include <sys/mman.h>
++#include <sys/prctl.h>
++#include <sys/capability.h>
++#include <sys/personality.h>
++
++#include <arpa/inet.h>
++#include <fcntl.h>
++#include <netinet/in.h>
++#include <net/if.h>
++#include <libgen.h>
++
++#include "network.h"
++#include "error.h"
++#include "parse.h"
++#include "config.h"
++#include "utils.h"
++#include "conf.h"
++#include "log.h"
++#include "lxc.h"	/* for lxc_cgroup_set() */
++
++lxc_log_define(lxc_conf, lxc);
++
++#define MAXHWLEN    18
++#define MAXINDEXLEN 20
++#define MAXMTULEN   16
++#define MAXLINELEN  128
++
++#ifndef MS_DIRSYNC
++#define MS_DIRSYNC  128
++#endif
++
++#ifndef MS_REC
++#define MS_REC 16384
++#endif
++
++#ifndef MNT_DETACH
++#define MNT_DETACH 2
++#endif
++
++#ifndef MS_RELATIME
++#define MS_RELATIME (1 << 21)
++#endif
++
++#ifndef MS_STRICTATIME
++#define MS_STRICTATIME (1 << 24)
++#endif
++
++#ifndef CAP_SETFCAP
++#define CAP_SETFCAP 31
++#endif
++
++#ifndef CAP_MAC_OVERRIDE
++#define CAP_MAC_OVERRIDE 32
++#endif
++
++#ifndef CAP_MAC_ADMIN
++#define CAP_MAC_ADMIN 33
++#endif
++
++#ifndef PR_CAPBSET_DROP
++#define PR_CAPBSET_DROP 24
++#endif
++
++extern int pivot_root(const char * new_root, const char * put_old);
++
++typedef int (*instanciate_cb)(struct lxc_handler *, struct lxc_netdev *);
++
++struct mount_opt {
++	char *name;
++	int clear;
++	int flag;
++};
++
++struct caps_opt {
++	char *name;
++	int value;
++};
++
++static int instanciate_veth(struct lxc_handler *, struct lxc_netdev *);
++static int instanciate_macvlan(struct lxc_handler *, struct lxc_netdev *);
++static int instanciate_vlan(struct lxc_handler *, struct lxc_netdev *);
++static int instanciate_phys(struct lxc_handler *, struct lxc_netdev *);
++static int instanciate_empty(struct lxc_handler *, struct lxc_netdev *);
++
++static  instanciate_cb netdev_conf[LXC_NET_MAXCONFTYPE + 1] = {
++	[LXC_NET_VETH]    = instanciate_veth,
++	[LXC_NET_MACVLAN] = instanciate_macvlan,
++	[LXC_NET_VLAN]    = instanciate_vlan,
++	[LXC_NET_PHYS]    = instanciate_phys,
++	[LXC_NET_EMPTY]   = instanciate_empty,
++};
++
++static struct mount_opt mount_opt[] = {
++	{ "defaults",      0, 0              },
++	{ "ro",            0, MS_RDONLY      },
++	{ "rw",            1, MS_RDONLY      },
++	{ "suid",          1, MS_NOSUID      },
++	{ "nosuid",        0, MS_NOSUID      },
++	{ "dev",           1, MS_NODEV       },
++	{ "nodev",         0, MS_NODEV       },
++	{ "exec",          1, MS_NOEXEC      },
++	{ "noexec",        0, MS_NOEXEC      },
++	{ "sync",          0, MS_SYNCHRONOUS },
++	{ "async",         1, MS_SYNCHRONOUS },
++	{ "dirsync",       0, MS_DIRSYNC     },
++	{ "remount",       0, MS_REMOUNT     },
++	{ "mand",          0, MS_MANDLOCK    },
++	{ "nomand",        1, MS_MANDLOCK    },
++	{ "atime",         1, MS_NOATIME     },
++	{ "noatime",       0, MS_NOATIME     },
++	{ "diratime",      1, MS_NODIRATIME  },
++	{ "nodiratime",    0, MS_NODIRATIME  },
++	{ "bind",          0, MS_BIND        },
++	{ "rbind",         0, MS_BIND|MS_REC },
++	{ "relatime",      0, MS_RELATIME    },
++	{ "norelatime",    1, MS_RELATIME    },
++	{ "strictatime",   0, MS_STRICTATIME },
++	{ "nostrictatime", 1, MS_STRICTATIME },
++	{ NULL,            0, 0              },
++};
++
++static struct caps_opt caps_opt[] = {
++	{ "chown",             CAP_CHOWN             },
++	{ "dac_override",      CAP_DAC_OVERRIDE      },
++	{ "dac_read_search",   CAP_DAC_READ_SEARCH   },
++	{ "fowner",            CAP_FOWNER            },
++	{ "fsetid",            CAP_FSETID            },
++	{ "kill",              CAP_KILL              },
++	{ "setgid",            CAP_SETGID            },
++	{ "setuid",            CAP_SETUID            },
++	{ "setpcap",           CAP_SETPCAP           },
++	{ "linux_immutable",   CAP_LINUX_IMMUTABLE   },
++	{ "net_bind_service",  CAP_NET_BIND_SERVICE  },
++	{ "net_broadcast",     CAP_NET_BROADCAST     },
++	{ "net_admin",         CAP_NET_ADMIN         },
++	{ "net_raw",           CAP_NET_RAW           },
++	{ "ipc_lock",          CAP_IPC_LOCK          },
++	{ "ipc_owner",         CAP_IPC_OWNER         },
++	{ "sys_module",        CAP_SYS_MODULE        },
++	{ "sys_rawio",         CAP_SYS_RAWIO         },
++	{ "sys_chroot",        CAP_SYS_CHROOT        },
++	{ "sys_ptrace",        CAP_SYS_PTRACE        },
++	{ "sys_pacct",         CAP_SYS_PACCT         },
++	{ "sys_admin",         CAP_SYS_ADMIN         },
++	{ "sys_boot",          CAP_SYS_BOOT          },
++	{ "sys_nice",          CAP_SYS_NICE          },
++	{ "sys_resource",      CAP_SYS_RESOURCE      },
++	{ "sys_time",          CAP_SYS_TIME          },
++	{ "sys_tty_config",    CAP_SYS_TTY_CONFIG    },
++	{ "mknod",             CAP_MKNOD             },
++	{ "lease",             CAP_LEASE             },
++#ifdef CAP_AUDIT_WRITE
++	{ "audit_write",       CAP_AUDIT_WRITE       },
++#endif
++#ifdef CAP_AUDIT_CONTROL
++	{ "audit_control",     CAP_AUDIT_CONTROL     },
++#endif
++	{ "setfcap",           CAP_SETFCAP           },
++	{ "mac_override",      CAP_MAC_OVERRIDE      },
++	{ "mac_admin",         CAP_MAC_ADMIN         },
++};
++
++static int run_script(const char *name, const char *section,
++		      const char *script, ...)
++{
++	int ret;
++	FILE *f;
++	char *buffer, *p, *output;
++	size_t size = 0;
++	va_list ap;
++
++	INFO("Executing script '%s' for container '%s', config section '%s'",
++	     script, name, section);
++
++	va_start(ap, script);
++	while ((p = va_arg(ap, char *)))
++		size += strlen(p) + 1;
++	va_end(ap);
++
++	size += strlen(script);
++	size += strlen(name);
++	size += strlen(section);
++	size += 3;
++
++	if (size > INT_MAX)
++		return -1;
++
++	buffer = alloca(size);
++	if (!buffer) {
++		ERROR("failed to allocate memory");
++		return -1;
++	}
++
++	ret = sprintf(buffer, "%s %s %s", script, name, section);
++
++	va_start(ap, script);
++	while ((p = va_arg(ap, char *)))
++		ret += sprintf(buffer + ret, " %s", p);
++	va_end(ap);
++
++	f = popen(buffer, "r");
++	if (!f) {
++		SYSERROR("popen failed");
++		return -1;
++	}
++
++	output = malloc(LXC_LOG_BUFFER_SIZE);
++	if (!output) {
++		ERROR("failed to allocate memory for script output");
++		return -1;
++	}
++
++	while(fgets(output, LXC_LOG_BUFFER_SIZE, f))
++		DEBUG("script output: %s", output);
++
++	free(output);
++
++	if (pclose(f)) {
++		ERROR("Script exited on error");
++		return -1;
++	}
++
++	return 0;
++}
++
++static int find_fstype_cb(char* buffer, void *data)
++{
++	struct cbarg {
++		const char *rootfs;
++		const char *target;
++		int mntopt;
++	} *cbarg = data;
++
++	char *fstype;
++
++	/* we don't try 'nodev' entries */
++	if (strstr(buffer, "nodev"))
++		return 0;
++
++	fstype = buffer;
++	fstype += lxc_char_left_gc(fstype, strlen(fstype));
++	fstype[lxc_char_right_gc(fstype, strlen(fstype))] = '\0';
++
++	DEBUG("trying to mount '%s'->'%s' with fstype '%s'",
++	      cbarg->rootfs, cbarg->target, fstype);
++
++	if (mount(cbarg->rootfs, cbarg->target, fstype, cbarg->mntopt, NULL)) {
++		DEBUG("mount failed with error: %s", strerror(errno));
++		return 0;
++	}
++
++	INFO("mounted '%s' on '%s', with fstype '%s'",
++	     cbarg->rootfs, cbarg->target, fstype);
++
++	return 1;
++}
++
++static int mount_unknow_fs(const char *rootfs, const char *target, int mntopt)
++{
++	int i;
++
++	struct cbarg {
++		const char *rootfs;
++		const char *target;
++		int mntopt;
++	} cbarg = {
++		.rootfs = rootfs,
++		.target = target,
++		.mntopt = mntopt,
++	};
++
++	/*
++	 * find the filesystem type with brute force:
++	 * first we check with /etc/filesystems, in case the modules
++	 * are auto-loaded and fall back to the supported kernel fs
++	 */
++	char *fsfile[] = {
++		"/etc/filesystems",
++		"/proc/filesystems",
++	};
++
++	for (i = 0; i < sizeof(fsfile)/sizeof(fsfile[0]); i++) {
++
++		int ret;
++
++		if (access(fsfile[i], F_OK))
++			continue;
++
++		ret = lxc_file_for_each_line(fsfile[i], find_fstype_cb, &cbarg);
++		if (ret < 0) {
++			ERROR("failed to parse '%s'", fsfile[i]);
++			return -1;
++		}
++
++		if (ret)
++			return 0;
++	}
++
++	ERROR("failed to determine fs type for '%s'", rootfs);
++	return -1;
++}
++
++static int mount_rootfs_dir(const char *rootfs, const char *target)
++{
++	return mount(rootfs, target, "none", MS_BIND | MS_REC, NULL);
++}
++
++static int setup_lodev(const char *rootfs, int fd, struct loop_info64 *loinfo)
++{
++	int rfd;
++	int ret = -1;
++
++	rfd = open(rootfs, O_RDWR);
++	if (rfd < 0) {
++		SYSERROR("failed to open '%s'", rootfs);
++		return -1;
++	}
++
++	memset(loinfo, 0, sizeof(*loinfo));
++
++	loinfo->lo_flags = LO_FLAGS_AUTOCLEAR;
++
++	if (ioctl(fd, LOOP_SET_FD, rfd)) {
++		SYSERROR("failed to LOOP_SET_FD");
++		goto out;
++	}
++
++	if (ioctl(fd, LOOP_SET_STATUS64, loinfo)) {
++		SYSERROR("failed to LOOP_SET_STATUS64");
++		goto out;
++	}
++
++	ret = 0;
++out:
++	close(rfd);
++
++	return ret;
++}
++
++static int mount_rootfs_file(const char *rootfs, const char *target)
++{
++	struct dirent dirent, *direntp;
++	struct loop_info64 loinfo;
++	int ret = -1, fd = -1;
++	DIR *dir;
++	char path[MAXPATHLEN];
++
++	dir = opendir("/dev");
++	if (!dir) {
++		SYSERROR("failed to open '/dev'");
++		return -1;
++	}
++
++	while (!readdir_r(dir, &dirent, &direntp)) {
++
++		if (!direntp)
++			break;
++
++		if (!strcmp(direntp->d_name, "."))
++			continue;
++
++		if (!strcmp(direntp->d_name, ".."))
++			continue;
++
++		if (strncmp(direntp->d_name, "loop", 4))
++			continue;
++
++		sprintf(path, "/dev/%s", direntp->d_name);
++		fd = open(path, O_RDWR);
++		if (fd < 0)
++			continue;
++
++		if (ioctl(fd, LOOP_GET_STATUS64, &loinfo) == 0) {
++			close(fd);
++			continue;
++		}
++
++		if (errno != ENXIO) {
++			WARN("unexpected error for ioctl on '%s': %m",
++			     direntp->d_name);
++			continue;
++		}
++
++		DEBUG("found '%s' free lodev", path);
++
++		ret = setup_lodev(rootfs, fd, &loinfo);
++		if (!ret)
++			ret = mount_unknow_fs(path, target, 0);
++		close(fd);
++
++		break;
++	}
++
++	if (closedir(dir))
++		WARN("failed to close directory");
++
++	return ret;
++}
++
++static int mount_rootfs_block(const char *rootfs, const char *target)
++{
++	return mount_unknow_fs(rootfs, target, 0);
++}
++
++static int mount_rootfs(const char *rootfs, const char *target)
++{
++	char absrootfs[MAXPATHLEN];
++	struct stat s;
++	int i;
++
++	typedef int (*rootfs_cb)(const char *, const char *);
++
++	struct rootfs_type {
++		int type;
++		rootfs_cb cb;
++	} rtfs_type[] = {
++		{ S_IFDIR, mount_rootfs_dir },
++		{ S_IFBLK, mount_rootfs_block },
++		{ S_IFREG, mount_rootfs_file },
++	};
++
++	if (!realpath(rootfs, absrootfs)) {
++		SYSERROR("failed to get real path for '%s'", rootfs);
++		return -1;
++	}
++
++	if (access(absrootfs, F_OK)) {
++		SYSERROR("'%s' is not accessible", absrootfs);
++		return -1;
++	}
++
++	if (stat(absrootfs, &s)) {
++		SYSERROR("failed to stat '%s'", absrootfs);
++		return -1;
++	}
++
++	for (i = 0; i < sizeof(rtfs_type)/sizeof(rtfs_type[0]); i++) {
++
++		if (!__S_ISTYPE(s.st_mode, rtfs_type[i].type))
++			continue;
++
++		return rtfs_type[i].cb(absrootfs, target);
++	}
++
++	ERROR("unsupported rootfs type for '%s'", absrootfs);
++	return -1;
++}
++
++static int setup_utsname(struct utsname *utsname)
++{
++	if (!utsname)
++		return 0;
++
++	if (sethostname(utsname->nodename, strlen(utsname->nodename))) {
++		SYSERROR("failed to set the hostname to '%s'", utsname->nodename);
++		return -1;
++	}
++
++	INFO("'%s' hostname has been setup", utsname->nodename);
++
++	return 0;
++}
++
++static int setup_tty(const struct lxc_rootfs *rootfs,
++		     const struct lxc_tty_info *tty_info)
++{
++	char path[MAXPATHLEN];
++	int i;
++
++	if (!rootfs->path)
++		return 0;
++
++	for (i = 0; i < tty_info->nbtty; i++) {
++
++		struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
++
++		snprintf(path, sizeof(path), "%s/dev/tty%d",
++			 rootfs->mount, i + 1);
++
++		/* At this point I can not use the "access" function
++		 * to check the file is present or not because it fails
++		 * with EACCES errno and I don't know why :( */
++
++		if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
++			WARN("failed to mount '%s'->'%s'",
++			     pty_info->name, path);
++			continue;
++		}
++	}
++
++	INFO("%d tty(s) has been setup", tty_info->nbtty);
++
++	return 0;
++}
++
++static int setup_rootfs_pivot_root_cb(char *buffer, void *data)
++{
++	struct lxc_list	*mountlist, *listentry, *iterator;
++	char *pivotdir, *mountpoint, *mountentry;
++	int found;
++	void **cbparm;
++
++	mountentry = buffer;
++	cbparm = (void **)data;
++
++	mountlist = cbparm[0];
++	pivotdir  = cbparm[1];
++
++	/* parse entry, first field is mountname, ignore */
++	mountpoint = strtok(mountentry, " ");
++	if (!mountpoint)
++		return -1;
++
++	/* second field is mountpoint */
++	mountpoint = strtok(NULL, " ");
++	if (!mountpoint)
++		return -1;
++
++	/* only consider mountpoints below old root fs */
++	if (strncmp(mountpoint, pivotdir, strlen(pivotdir)))
++		return 0;
++
++	/* filter duplicate mountpoints */
++	found = 0;
++	lxc_list_for_each(iterator, mountlist) {
++		if (!strcmp(iterator->elem, mountpoint)) {
++			found = 1;
++			break;
++		}
++	}
++	if (found)
++		return 0;
++
++	/* add entry to list */
++	listentry = malloc(sizeof(*listentry));
++	if (!listentry) {
++		SYSERROR("malloc for mountpoint listentry failed");
++		return -1;
++	}
++
++	listentry->elem = strdup(mountpoint);
++	if (!listentry->elem) {
++		SYSERROR("strdup failed");
++		return -1;
++	}
++	lxc_list_add_tail(mountlist, listentry);
++
++	return 0;
++}
++
++static int umount_oldrootfs(const char *oldrootfs)
++{
++	char path[MAXPATHLEN];
++	void *cbparm[2];
++	struct lxc_list mountlist, *iterator;
++	int ok, still_mounted, last_still_mounted;
++
++	/* read and parse /proc/mounts in old root fs */
++	lxc_list_init(&mountlist);
++
++	/* oldrootfs is on the top tree directory now */
++	snprintf(path, sizeof(path), "/%s", oldrootfs);
++	cbparm[0] = &mountlist;
++
++	cbparm[1] = strdup(path);
++	if (!cbparm[1]) {
++		SYSERROR("strdup failed");
++		return -1;
++	}
++
++	snprintf(path, sizeof(path), "%s/proc/mounts", oldrootfs);
++
++	ok = lxc_file_for_each_line(path,
++				    setup_rootfs_pivot_root_cb, &cbparm);
++	if (ok < 0) {
++		SYSERROR("failed to read or parse mount list '%s'", path);
++		return -1;
++	}
++
++	/* umount filesystems until none left or list no longer shrinks */
++	still_mounted = 0;
++	do {
++		last_still_mounted = still_mounted;
++		still_mounted = 0;
++
++		lxc_list_for_each(iterator, &mountlist) {
++
++			/* umount normally */
++			if (!umount(iterator->elem)) {
++				DEBUG("umounted '%s'", (char *)iterator->elem);
++				lxc_list_del(iterator);
++				continue;
++			}
++
++			still_mounted++;
++		}
++
++	} while (still_mounted > 0 && still_mounted != last_still_mounted);
++
++
++	lxc_list_for_each(iterator, &mountlist) {
++
++		/* let's try a lazy umount */
++		if (!umount2(iterator->elem, MNT_DETACH)) {
++			INFO("lazy unmount of '%s'", (char *)iterator->elem);
++			continue;
++		}
++
++		/* be more brutal (nfs) */
++		if (!umount2(iterator->elem, MNT_FORCE)) {
++			INFO("forced unmount of '%s'", (char *)iterator->elem);
++			continue;
++		}
++
++		WARN("failed to unmount '%s'", (char *)iterator->elem);
++	}
++
++	return 0;
++}
++
++static int setup_rootfs_pivot_root(const char *rootfs, const char *pivotdir)
++{
++	char path[MAXPATHLEN];
++	int remove_pivotdir = 0;
++
++	/* change into new root fs */
++	if (chdir(rootfs)) {
++		SYSERROR("can't chdir to new rootfs '%s'", rootfs);
++		return -1;
++	}
++
++	if (!pivotdir)
++		pivotdir = "mnt";
++
++	/* compute the full path to pivotdir under rootfs */
++	snprintf(path, sizeof(path), "%s/%s", rootfs, pivotdir);
++
++	if (access(path, F_OK)) {
++
++		if (mkdir_p(path, 0755)) {
++			SYSERROR("failed to create pivotdir '%s'", path);
++			return -1;
++		}
++
++		remove_pivotdir = 1;
++		DEBUG("created '%s' directory", path);
++	}
++
++	DEBUG("mountpoint for old rootfs is '%s'", path);
++
++	/* pivot_root into our new root fs */
++	if (pivot_root(".", path)) {
++		SYSERROR("pivot_root syscall failed");
++		return -1;
++	}
++
++	if (chdir("/")) {
++		SYSERROR("can't chdir to / after pivot_root");
++		return -1;
++	}
++
++	DEBUG("pivot_root syscall to '%s' successful", rootfs);
++
++	/* we switch from absolute path to relative path */
++	if (umount_oldrootfs(pivotdir))
++		return -1;
++
++	/* remove temporary mount point, we don't consider the removing
++	 * as fatal */
++	if (remove_pivotdir && rmdir(pivotdir))
++		WARN("can't remove mountpoint '%s': %m", pivotdir);
++
++	return 0;
++}
++
++static int setup_rootfs(const struct lxc_rootfs *rootfs)
++{
++	if (!rootfs->path)
++		return 0;
++
++	if (access(rootfs->mount, F_OK)) {
++		SYSERROR("failed to access to '%s', check it is present",
++			 rootfs->mount);
++		return -1;
++	}
++
++	if (mount_rootfs(rootfs->path, rootfs->mount)) {
++		ERROR("failed to mount rootfs");
++		return -1;
++	}
++
++	DEBUG("mounted '%s' on '%s'", rootfs->path, rootfs->mount);
++
++	return 0;
++}
++
++int setup_pivot_root(const struct lxc_rootfs *rootfs)
++{
++	if (!rootfs->path)
++		return 0;
++
++	if (setup_rootfs_pivot_root(rootfs->mount, rootfs->pivot)) {
++		ERROR("failed to setup pivot root");
++		return -1;
++	}
++
++	return 0;
++}
++
++static int setup_pts(int pts)
++{
++	char target[PATH_MAX];
++
++	if (!pts)
++		return 0;
++
++	if (!access("/dev/pts/ptmx", F_OK) && umount("/dev/pts")) {
++		SYSERROR("failed to umount 'dev/pts'");
++		return -1;
++	}
++
++	if (mount("devpts", "/dev/pts", "devpts", MS_MGC_VAL,
++		  "newinstance,ptmxmode=0666")) {
++		SYSERROR("failed to mount a new instance of '/dev/pts'");
++		return -1;
++	}
++
++	if (access("/dev/ptmx", F_OK)) {
++		if (!symlink("/dev/pts/ptmx", "/dev/ptmx"))
++			goto out;
++		SYSERROR("failed to symlink '/dev/pts/ptmx'->'/dev/ptmx'");
++		return -1;
++	}
++
++	if (realpath("/dev/ptmx", target) && !strcmp(target, "/dev/pts/ptmx"))
++		goto out;
++
++	/* fallback here, /dev/pts/ptmx exists just mount bind */
++	if (mount("/dev/pts/ptmx", "/dev/ptmx", "none", MS_BIND, 0)) {
++		SYSERROR("mount failed '/dev/pts/ptmx'->'/dev/ptmx'");
++		return -1;
++	}
++
++	INFO("created new pts instance");
++
++out:
++	return 0;
++}
++
++static int setup_personality(int persona)
++{
++	if (persona == -1)
++		return 0;
++
++	if (personality(persona) < 0) {
++		SYSERROR("failed to set personality to '0x%x'", persona);
++		return -1;
++	}
++
++	INFO("set personality to '0x%x'", persona);
++
++	return 0;
++}
++
++static int setup_console(const struct lxc_rootfs *rootfs,
++			 const struct lxc_console *console)
++{
++	char path[MAXPATHLEN];
++	struct stat s;
++
++	/* We don't have a rootfs, /dev/console will be shared */
++	if (!rootfs->path)
++		return 0;
++
++	snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
++
++	if (access(path, F_OK)) {
++		WARN("rootfs specified but no console found at '%s'", path);
++		return 0;
++	}
++
++	if (console->peer == -1) {
++		INFO("no console output required");
++		return 0;
++	}
++
++	if (stat(path, &s)) {
++		SYSERROR("failed to stat '%s'", path);
++		return -1;
++	}
++
++	if (chmod(console->name, s.st_mode)) {
++		SYSERROR("failed to set mode '0%o' to '%s'",
++			 s.st_mode, console->name);
++		return -1;
++	}
++
++	if (mount(console->name, path, "none", MS_BIND, 0)) {
++		ERROR("failed to mount '%s' on '%s'", console->name, path);
++		return -1;
++	}
++
++	INFO("console has been setup");
++
++	return 0;
++}
++
++static int setup_cgroup(const char *name, struct lxc_list *cgroups)
++{
++	struct lxc_list *iterator;
++	struct lxc_cgroup *cg;
++	int ret = -1;
++
++	if (lxc_list_empty(cgroups))
++		return 0;
++
++	lxc_list_for_each(iterator, cgroups) {
++
++		cg = iterator->elem;
++
++		if (lxc_cgroup_set(name, cg->subsystem, cg->value))
++			goto out;
++
++		DEBUG("cgroup '%s' set to '%s'", cg->subsystem, cg->value);
++	}
++
++	ret = 0;
++	INFO("cgroup has been setup");
++out:
++	return ret;
++}
++
++static void parse_mntopt(char *opt, unsigned long *flags, char **data)
++{
++	struct mount_opt *mo;
++
++	/* If opt is found in mount_opt, set or clear flags.
++	 * Otherwise append it to data. */
++
++	for (mo = &mount_opt[0]; mo->name != NULL; mo++) {
++		if (!strncmp(opt, mo->name, strlen(mo->name))) {
++			if (mo->clear)
++				*flags &= ~mo->flag;
++			else
++				*flags |= mo->flag;
++			return;
++		}
++	}
++
++	if (strlen(*data))
++		strcat(*data, ",");
++	strcat(*data, opt);
++}
++
++static int parse_mntopts(const char *mntopts, unsigned long *mntflags,
++			 char **mntdata)
++{
++	char *s, *data;
++	char *p, *saveptr = NULL;
++
++	*mntdata = NULL;
++	*mntflags = 0L;
++
++	if (!mntopts)
++		return 0;
++
++	s = strdup(mntopts);
++	if (!s) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	data = malloc(strlen(s) + 1);
++	if (!data) {
++		SYSERROR("failed to allocate memory");
++		free(s);
++		return -1;
++	}
++	*data = 0;
++
++	for (p = strtok_r(s, ",", &saveptr); p != NULL;
++	     p = strtok_r(NULL, ",", &saveptr))
++		parse_mntopt(p, mntflags, &data);
++
++	if (*data)
++		*mntdata = data;
++	else
++		free(data);
++	free(s);
++
++	return 0;
++}
++
++static int mount_entry(const char *fsname, const char *target,
++		       const char *fstype, unsigned long mountflags,
++		       const char *data)
++{
++	if (mount(fsname, target, fstype, mountflags & ~MS_REMOUNT, data)) {
++		SYSERROR("failed to mount '%s' on '%s'", fsname, target);
++		return -1;
++	}
++
++	if ((mountflags & MS_REMOUNT) || (mountflags & MS_BIND)) {
++
++		DEBUG("remounting %s on %s to respect bind or remount options",
++		      fsname, target);
++
++		if (mount(fsname, target, fstype,
++			  mountflags | MS_REMOUNT, data)) {
++			SYSERROR("failed to mount '%s' on '%s'",
++				 fsname, target);
++			return -1;
++		}
++	}
++
++	DEBUG("mounted '%s' on '%s', type '%s'", fsname, target, fstype);
++
++	return 0;
++}
++
++static inline int mount_entry_on_systemfs(struct mntent *mntent)
++{
++	unsigned long mntflags;
++	char *mntdata;
++	int ret;
++
++	if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
++		ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
++		return -1;
++	}
++
++	ret = mount_entry(mntent->mnt_fsname, mntent->mnt_dir,
++			  mntent->mnt_type, mntflags, mntdata);
++
++	free(mntdata);
++
++	return ret;
++}
++
++static int mount_entry_on_absolute_rootfs(struct mntent *mntent,
++					  const struct lxc_rootfs *rootfs)
++{
++	char *aux;
++	char path[MAXPATHLEN];
++	unsigned long mntflags;
++	char *mntdata;
++	int ret = 0;
++
++	if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
++		ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
++		return -1;
++	}
++
++	aux = strstr(mntent->mnt_dir, rootfs->path);
++	if (!aux) {
++		WARN("ignoring mount point '%s'", mntent->mnt_dir);
++		goto out;
++	}
++
++	snprintf(path, MAXPATHLEN, "%s/%s", rootfs->mount,
++		 aux + strlen(rootfs->path));
++
++	ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
++			  mntflags, mntdata);
++
++out:
++	free(mntdata);
++	return ret;
++}
++
++static int mount_entry_on_relative_rootfs(struct mntent *mntent,
++					  const char *rootfs)
++{
++	char path[MAXPATHLEN];
++	unsigned long mntflags;
++	char *mntdata;
++	int ret;
++
++	if (parse_mntopts(mntent->mnt_opts, &mntflags, &mntdata) < 0) {
++		ERROR("failed to parse mount option '%s'", mntent->mnt_opts);
++		return -1;
++	}
++
++        /* relative to root mount point */
++	snprintf(path, sizeof(path), "%s/%s", rootfs, mntent->mnt_dir);
++
++	ret = mount_entry(mntent->mnt_fsname, path, mntent->mnt_type,
++			  mntflags, mntdata);
++
++	free(mntdata);
++
++	return ret;
++}
++
++static int mount_file_entries(const struct lxc_rootfs *rootfs, FILE *file)
++{
++	struct mntent *mntent;
++	int ret = -1;
++
++	while ((mntent = getmntent(file))) {
++
++		if (!rootfs->path) {
++			if (mount_entry_on_systemfs(mntent))
++				goto out;
++			continue;
++		}
++
++		/* We have a separate root, mounts are relative to it */
++		if (mntent->mnt_dir[0] != '/') {
++			if (mount_entry_on_relative_rootfs(mntent,
++							   rootfs->mount))
++				goto out;
++			continue;
++		}
++
++		if (mount_entry_on_absolute_rootfs(mntent, rootfs))
++			goto out;
++	}
++
++	ret = 0;
++
++	INFO("mount points have been setup");
++out:
++	return ret;
++}
++
++static int setup_mount(const struct lxc_rootfs *rootfs, const char *fstab)
++{
++	FILE *file;
++	int ret;
++
++	if (!fstab)
++		return 0;
++
++	file = setmntent(fstab, "r");
++	if (!file) {
++		SYSERROR("failed to use '%s'", fstab);
++		return -1;
++	}
++
++	ret = mount_file_entries(rootfs, file);
++
++	endmntent(file);
++	return ret;
++}
++
++static int setup_mount_entries(const struct lxc_rootfs *rootfs, struct lxc_list *mount)
++{
++	FILE *file;
++	struct lxc_list *iterator;
++	char *mount_entry;
++	int ret;
++
++	file = tmpfile();
++	if (!file) {
++		ERROR("tmpfile error: %m");
++		return -1;
++	}
++
++	lxc_list_for_each(iterator, mount) {
++		mount_entry = iterator->elem;
++		fprintf(file, "%s\n", mount_entry);
++	}
++
++	rewind(file);
++
++	ret = mount_file_entries(rootfs, file);
++
++	fclose(file);
++	return ret;
++}
++
++static int setup_caps(struct lxc_list *caps)
++{
++	struct lxc_list *iterator;
++	char *drop_entry;
++	int i, capid;
++
++	lxc_list_for_each(iterator, caps) {
++
++		drop_entry = iterator->elem;
++
++		capid = -1;
++
++		for (i = 0; i < sizeof(caps_opt)/sizeof(caps_opt[0]); i++) {
++
++			if (strcmp(drop_entry, caps_opt[i].name))
++				continue;
++
++			capid = caps_opt[i].value;
++			break;
++		}
++
++	        if (capid < 0) {
++			ERROR("unknown capability %s", drop_entry);
++			return -1;
++		}
++
++		DEBUG("drop capability '%s' (%d)", drop_entry, capid);
++
++		if (prctl(PR_CAPBSET_DROP, capid, 0, 0, 0)) {
++                       SYSERROR("failed to remove %s capability", drop_entry);
++                       return -1;
++                }
++
++	}
++
++	DEBUG("capabilities has been setup");
++
++	return 0;
++}
++
++static int setup_hw_addr(char *hwaddr, const char *ifname)
++{
++	struct sockaddr sockaddr;
++	struct ifreq ifr;
++	int ret, fd;
++
++	ret = lxc_convert_mac(hwaddr, &sockaddr);
++	if (ret) {
++		ERROR("mac address '%s' conversion failed : %s",
++		      hwaddr, strerror(-ret));
++		return -1;
++	}
++
++	memcpy(ifr.ifr_name, ifname, IFNAMSIZ);
++	memcpy((char *) &ifr.ifr_hwaddr, (char *) &sockaddr, sizeof(sockaddr));
++
++	fd = socket(AF_INET, SOCK_DGRAM, 0);
++	if (fd < 0) {
++		ERROR("socket failure : %s", strerror(errno));
++		return -1;
++	}
++
++	ret = ioctl(fd, SIOCSIFHWADDR, &ifr);
++	close(fd);
++	if (ret)
++		ERROR("ioctl failure : %s", strerror(errno));
++
++	DEBUG("mac address '%s' on '%s' has been setup", hwaddr, ifname);
++
++	return ret;
++}
++
++static int setup_ipv4_addr(struct lxc_list *ip, int ifindex)
++{
++	struct lxc_list *iterator;
++	struct lxc_inetdev *inetdev;
++	int err;
++
++	lxc_list_for_each(iterator, ip) {
++
++		inetdev = iterator->elem;
++
++		err = lxc_ipv4_addr_add(ifindex, &inetdev->addr,
++					&inetdev->bcast, inetdev->prefix);
++		if (err) {
++			ERROR("failed to setup_ipv4_addr ifindex %d : %s",
++			      ifindex, strerror(-err));
++			return -1;
++		}
++	}
++
++	return 0;
++}
++
++static int setup_ipv6_addr(struct lxc_list *ip, int ifindex)
++{
++	struct lxc_list *iterator;
++	struct lxc_inet6dev *inet6dev;
++	int err;
++
++	lxc_list_for_each(iterator, ip) {
++
++		inet6dev = iterator->elem;
++
++		err = lxc_ipv6_addr_add(ifindex, &inet6dev->addr,
++					&inet6dev->mcast, &inet6dev->acast,
++					inet6dev->prefix);
++		if (err) {
++			ERROR("failed to setup_ipv6_addr ifindex %d : %s",
++			      ifindex, strerror(-err));
++			return -1;
++		}
++	}
++
++	return 0;
++}
++
++static int setup_netdev(struct lxc_netdev *netdev)
++{
++	char ifname[IFNAMSIZ];
++	char *current_ifname = ifname;
++	int err;
++
++	/* empty network namespace */
++	if (!netdev->ifindex) {
++		if (netdev->flags & IFF_UP) {
++			err = lxc_netdev_up("lo");
++			if (err) {
++				ERROR("failed to set the loopback up : %s",
++				      strerror(-err));
++				return -1;
++			}
++		}
++		return 0;
++	}
++
++	/* retrieve the name of the interface */
++	if (!if_indextoname(netdev->ifindex, current_ifname)) {
++		ERROR("no interface corresponding to index '%d'",
++		      netdev->ifindex);
++		return -1;
++	}
++
++	/* default: let the system to choose one interface name */
++	if (!netdev->name)
++		netdev->name = netdev->type == LXC_NET_PHYS ?
++			netdev->link : "eth%d";
++
++	/* rename the interface name */
++	err = lxc_netdev_rename_by_name(ifname, netdev->name);
++	if (err) {
++		ERROR("failed to rename %s->%s : %s", ifname, netdev->name,
++		      strerror(-err));
++		return -1;
++	}
++
++	/* Re-read the name of the interface because its name has changed
++	 * and would be automatically allocated by the system
++	 */
++	if (!if_indextoname(netdev->ifindex, current_ifname)) {
++		ERROR("no interface corresponding to index '%d'",
++		      netdev->ifindex);
++		return -1;
++	}
++
++	/* set a mac address */
++	if (netdev->hwaddr) {
++		if (setup_hw_addr(netdev->hwaddr, current_ifname)) {
++			ERROR("failed to setup hw address for '%s'",
++			      current_ifname);
++			return -1;
++		}
++	}
++
++	/* setup ipv4 addresses on the interface */
++	if (setup_ipv4_addr(&netdev->ipv4, netdev->ifindex)) {
++		ERROR("failed to setup ip addresses for '%s'",
++			      ifname);
++		return -1;
++	}
++
++	/* setup ipv6 addresses on the interface */
++	if (setup_ipv6_addr(&netdev->ipv6, netdev->ifindex)) {
++		ERROR("failed to setup ipv6 addresses for '%s'",
++			      ifname);
++		return -1;
++	}
++
++	/* set the network device up */
++	if (netdev->flags & IFF_UP) {
++		int err;
++
++		err = lxc_netdev_up(current_ifname);
++		if (err) {
++			ERROR("failed to set '%s' up : %s", current_ifname,
++			      strerror(-err));
++			return -1;
++		}
++
++		/* the network is up, make the loopback up too */
++		err = lxc_netdev_up("lo");
++		if (err) {
++			ERROR("failed to set the loopback up : %s",
++			      strerror(-err));
++			return -1;
++		}
++	}
++
++	DEBUG("'%s' has been setup", current_ifname);
++
++	return 0;
++}
++
++static int setup_network(struct lxc_list *network)
++{
++	struct lxc_list *iterator;
++	struct lxc_netdev *netdev;
++
++	lxc_list_for_each(iterator, network) {
++
++		netdev = iterator->elem;
++
++		if (setup_netdev(netdev)) {
++			ERROR("failed to setup netdev");
++			return -1;
++		}
++	}
++
++	if (!lxc_list_empty(network))
++		INFO("network has been setup");
++
++	return 0;
++}
++
++struct lxc_conf *lxc_conf_init(void)
++{
++	struct lxc_conf *new;
++
++	new = 	malloc(sizeof(*new));
++	if (!new) {
++		ERROR("lxc_conf_init : %m");
++		return NULL;
++	}
++	memset(new, 0, sizeof(*new));
++
++	new->personality = -1;
++	new->console.path = NULL;
++	new->console.peer = -1;
++	new->console.master = -1;
++	new->console.slave = -1;
++	new->console.name[0] = '\0';
++	new->rootfs.mount = LXCROOTFSMOUNT;
++	lxc_list_init(&new->cgroup);
++	lxc_list_init(&new->network);
++	lxc_list_init(&new->mount_list);
++	lxc_list_init(&new->caps);
++
++	return new;
++}
++
++static int instanciate_veth(struct lxc_handler *handler, struct lxc_netdev *netdev)
++{
++	char veth1buf[IFNAMSIZ], *veth1;
++	char veth2buf[IFNAMSIZ], *veth2;
++	int err;
++
++	if (netdev->priv.veth_attr.pair)
++		veth1 = netdev->priv.veth_attr.pair;
++	else {
++		snprintf(veth1buf, sizeof(veth1buf), "vethXXXXXX");
++		veth1 = mktemp(veth1buf);
++	}
++
++	snprintf(veth2buf, sizeof(veth2buf), "vethXXXXXX");
++	veth2 = mktemp(veth2buf);
++
++	if (!strlen(veth1) || !strlen(veth2)) {
++		ERROR("failed to allocate a temporary name");
++		return -1;
++	}
++
++	err = lxc_veth_create(veth1, veth2);
++	if (err) {
++		ERROR("failed to create %s-%s : %s", veth1, veth2,
++		      strerror(-err));
++		return -1;
++	}
++
++	if (netdev->mtu) {
++		err = lxc_netdev_set_mtu(veth1, atoi(netdev->mtu));
++		if (!err)
++			err = lxc_netdev_set_mtu(veth2, atoi(netdev->mtu));
++		if (err) {
++			ERROR("failed to set mtu '%s' for %s-%s : %s",
++			      netdev->mtu, veth1, veth2, strerror(-err));
++			goto out_delete;
++		}
++	}
++
++	if (netdev->link) {
++		err = lxc_bridge_attach(netdev->link, veth1);
++		if (err) {
++			ERROR("failed to attach '%s' to the bridge '%s' : %s",
++				      veth1, netdev->link, strerror(-err));
++			goto out_delete;
++		}
++	}
++
++	netdev->ifindex = if_nametoindex(veth2);
++	if (!netdev->ifindex) {
++		ERROR("failed to retrieve the index for %s", veth2);
++		goto out_delete;
++	}
++
++	err = lxc_netdev_up(veth1);
++	if (err) {
++		ERROR("failed to set %s up : %s", veth1, strerror(-err));
++		goto out_delete;
++	}
++
++	if (netdev->upscript) {
++		err = run_script(handler->name, "net", netdev->upscript, "up",
++				 "veth", veth1, (char*) NULL);
++		if (err)
++			goto out_delete;
++	}
++
++	DEBUG("instanciated veth '%s/%s', index is '%d'",
++	      veth1, veth2, netdev->ifindex);
++
++	return 0;
++
++out_delete:
++	lxc_netdev_delete_by_name(veth1);
++	return -1;
++}
++
++static int instanciate_macvlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
++{
++	char peerbuf[IFNAMSIZ], *peer;
++	int err;
++
++	if (!netdev->link) {
++		ERROR("no link specified for macvlan netdev");
++		return -1;
++	}
++
++	snprintf(peerbuf, sizeof(peerbuf), "mcXXXXXX");
++
++	peer = mktemp(peerbuf);
++	if (!strlen(peer)) {
++		ERROR("failed to make a temporary name");
++		return -1;
++	}
++
++	err = lxc_macvlan_create(netdev->link, peer,
++				 netdev->priv.macvlan_attr.mode);
++	if (err) {
++		ERROR("failed to create macvlan interface '%s' on '%s' : %s",
++		      peer, netdev->link, strerror(-err));
++		return -1;
++	}
++
++	netdev->ifindex = if_nametoindex(peer);
++	if (!netdev->ifindex) {
++		ERROR("failed to retrieve the index for %s", peer);
++		lxc_netdev_delete_by_name(peer);
++		return -1;
++	}
++
++	if (netdev->upscript) {
++		err = run_script(handler->name, "net", netdev->upscript, "up",
++				 "macvlan", netdev->link, (char*) NULL);
++		if (err)
++			return -1;
++	}
++
++	DEBUG("instanciated macvlan '%s', index is '%d' and mode '%d'",
++	      peer, netdev->ifindex, netdev->priv.macvlan_attr.mode);
++
++	return 0;
++}
++
++/* XXX: merge with instanciate_macvlan */
++static int instanciate_vlan(struct lxc_handler *handler, struct lxc_netdev *netdev)
++{
++	char peer[IFNAMSIZ];
++	int err;
++
++	if (!netdev->link) {
++		ERROR("no link specified for vlan netdev");
++		return -1;
++	}
++
++	snprintf(peer, sizeof(peer), "vlan%d", netdev->priv.vlan_attr.vid);
++
++	err = lxc_vlan_create(netdev->link, peer, netdev->priv.vlan_attr.vid);
++	if (err) {
++		ERROR("failed to create vlan interface '%s' on '%s' : %s",
++		      peer, netdev->link, strerror(-err));
++		return -1;
++	}
++
++	netdev->ifindex = if_nametoindex(peer);
++	if (!netdev->ifindex) {
++		ERROR("failed to retrieve the ifindex for %s", peer);
++		lxc_netdev_delete_by_name(peer);
++		return -1;
++	}
++
++	DEBUG("instanciated vlan '%s', ifindex is '%d'", " vlan1000",
++	      netdev->ifindex);
++
++	return 0;
++}
++
++static int instanciate_phys(struct lxc_handler *handler, struct lxc_netdev *netdev)
++{
++	if (!netdev->link) {
++		ERROR("no link specified for the physical interface");
++		return -1;
++	}
++
++	netdev->ifindex = if_nametoindex(netdev->link);
++	if (!netdev->ifindex) {
++		ERROR("failed to retrieve the index for %s", netdev->link);
++		return -1;
++	}
++
++	if (netdev->upscript) {
++		int err;
++		err = run_script(handler->name, "net", netdev->upscript,
++				 "up", "phys", netdev->link, (char*) NULL);
++		if (err)
++			return -1;
++	}
++
++	return 0;
++}
++
++static int instanciate_empty(struct lxc_handler *handler, struct lxc_netdev *netdev)
++{
++	netdev->ifindex = 0;
++	if (netdev->upscript) {
++		int err;
++		err = run_script(handler->name, "net", netdev->upscript,
++				 "up", "empty", (char*) NULL);
++		if (err)
++			return -1;
++	}
++	return 0;
++}
++
++int lxc_create_network(struct lxc_handler *handler)
++{
++	struct lxc_list *network = &handler->conf->network;
++	struct lxc_list *iterator;
++	struct lxc_netdev *netdev;
++
++	lxc_list_for_each(iterator, network) {
++
++		netdev = iterator->elem;
++
++		if (netdev->type < 0 || netdev->type > LXC_NET_MAXCONFTYPE) {
++			ERROR("invalid network configuration type '%d'",
++			      netdev->type);
++			return -1;
++		}
++
++		if (netdev_conf[netdev->type](handler, netdev)) {
++			ERROR("failed to create netdev");
++			return -1;
++		}
++
++	}
++
++	return 0;
++}
++
++void lxc_delete_network(struct lxc_list *network)
++{
++	struct lxc_list *iterator;
++	struct lxc_netdev *netdev;
++
++	lxc_list_for_each(iterator, network) {
++		netdev = iterator->elem;
++		if (netdev->ifindex == 0)
++			continue;
++
++		/* Recent kernels already delete the virtual devices */
++		if (netdev->type != LXC_NET_PHYS)
++			continue;
++
++		if (lxc_netdev_rename_by_index(netdev->ifindex, netdev->link))
++			WARN("failed to rename to the initial name the netdev '%s'",
++			     netdev->link);
++	}
++}
++
++int lxc_assign_network(struct lxc_list *network, pid_t pid)
++{
++	struct lxc_list *iterator;
++	struct lxc_netdev *netdev;
++	int err;
++
++	lxc_list_for_each(iterator, network) {
++
++		netdev = iterator->elem;
++
++		/* empty network namespace, nothing to move */
++		if (!netdev->ifindex)
++			continue;
++
++		err = lxc_netdev_move_by_index(netdev->ifindex, pid);
++		if (err) {
++			ERROR("failed to move '%s' to the container : %s",
++			      netdev->link, strerror(-err));
++			return -1;
++		}
++
++		DEBUG("move '%s' to '%d'", netdev->name, pid);
++	}
++
++	return 0;
++}
++
++int lxc_create_tty(const char *name, struct lxc_conf *conf)
++{
++	struct lxc_tty_info *tty_info = &conf->tty_info;
++	int i;
++
++	/* no tty in the configuration */
++	if (!conf->tty)
++		return 0;
++
++	tty_info->pty_info =
++		malloc(sizeof(*tty_info->pty_info)*conf->tty);
++	if (!tty_info->pty_info) {
++		SYSERROR("failed to allocate pty_info");
++		return -1;
++	}
++
++	for (i = 0; i < conf->tty; i++) {
++
++		struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
++
++		if (openpty(&pty_info->master, &pty_info->slave,
++			    pty_info->name, NULL, NULL)) {
++			SYSERROR("failed to create pty #%d", i);
++			tty_info->nbtty = i;
++			lxc_delete_tty(tty_info);
++			return -1;
++		}
++
++		DEBUG("allocated pty '%s' (%d/%d)",
++		      pty_info->name, pty_info->master, pty_info->slave);
++
++                /* Prevent leaking the file descriptors to the container */
++		fcntl(pty_info->master, F_SETFD, FD_CLOEXEC);
++		fcntl(pty_info->slave, F_SETFD, FD_CLOEXEC);
++
++		pty_info->busy = 0;
++	}
++
++	tty_info->nbtty = conf->tty;
++
++	INFO("tty's configured");
++
++	return 0;
++}
++
++void lxc_delete_tty(struct lxc_tty_info *tty_info)
++{
++	int i;
++
++	for (i = 0; i < tty_info->nbtty; i++) {
++		struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
++
++		close(pty_info->master);
++		close(pty_info->slave);
++	}
++
++	free(tty_info->pty_info);
++	tty_info->nbtty = 0;
++}
++
++int lxc_setup(const char *name, struct lxc_conf *lxc_conf)
++{
++	if (setup_utsname(lxc_conf->utsname)) {
++		ERROR("failed to setup the utsname for '%s'", name);
++		return -1;
++	}
++
++	if (setup_network(&lxc_conf->network)) {
++		ERROR("failed to setup the network for '%s'", name);
++		return -1;
++	}
++
++	if (setup_rootfs(&lxc_conf->rootfs)) {
++		ERROR("failed to setup rootfs for '%s'", name);
++		return -1;
++	}
++
++	if (setup_mount(&lxc_conf->rootfs, lxc_conf->fstab)) {
++		ERROR("failed to setup the mounts for '%s'", name);
++		return -1;
++	}
++
++	if (setup_mount_entries(&lxc_conf->rootfs, &lxc_conf->mount_list)) {
++		ERROR("failed to setup the mount entries for '%s'", name);
++		return -1;
++	}
++
++	if (setup_cgroup(name, &lxc_conf->cgroup)) {
++		ERROR("failed to setup the cgroups for '%s'", name);
++		return -1;
++	}
++
++	if (setup_console(&lxc_conf->rootfs, &lxc_conf->console)) {
++		ERROR("failed to setup the console for '%s'", name);
++		return -1;
++	}
++
++	if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info)) {
++		ERROR("failed to setup the ttys for '%s'", name);
++		return -1;
++	}
++
++	if (setup_pivot_root(&lxc_conf->rootfs)) {
++		ERROR("failed to set rootfs for '%s'", name);
++		return -1;
++	}
++
++	if (setup_pts(lxc_conf->pts)) {
++		ERROR("failed to setup the new pts instance");
++		return -1;
++	}
++
++	if (setup_personality(lxc_conf->personality)) {
++		ERROR("failed to setup personality");
++		return -1;
++	}
++
++	if (setup_caps(&lxc_conf->caps)) {
++		ERROR("failed to drop capabilities");
++		return -1;
++	}
++
++	NOTICE("'%s' is setup.", name);
++
++	return 0;
++}
 === added file '.pc/0040-consoles-into-devlxc.patch/src/lxc/conf.h'
 --- .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.h	1970-01-01 00:00:00 +0000
 +++ .pc/0040-consoles-into-devlxc.patch/src/lxc/conf.h	2012-02-11 04:43:19 +0000
@@ -0,0 +1,230 @@
++/*
++ * lxc: linux Container library
++ *
++ * (C) Copyright IBM Corp. 2007, 2008
++ *
++ * Authors:
++ * Daniel Lezcano <dlezcano at fr.ibm.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ */
++#ifndef _conf_h
++#define _conf_h
++
++#include <netinet/in.h>
++#include <sys/param.h>
++
++#include <lxc/list.h>
++
++#include <lxc/start.h> /* for lxc_handler */
++
++enum {
++	LXC_NET_EMPTY,
++	LXC_NET_VETH,
++	LXC_NET_MACVLAN,
++	LXC_NET_PHYS,
++	LXC_NET_VLAN,
++	LXC_NET_MAXCONFTYPE,
++};
++
++/*
++ * Defines the structure to configure an ipv4 address
++ * @address   : ipv4 address
++ * @broadcast : ipv4 broadcast address
++ * @mask      : network mask
++ */
++struct lxc_inetdev {
++	struct in_addr addr;
++	struct in_addr bcast;
++	int prefix;
++};
++
++struct lxc_route {
++	struct in_addr addr;
++};
++
++/*
++ * Defines the structure to configure an ipv6 address
++ * @flags     : set the address up
++ * @address   : ipv6 address
++ * @broadcast : ipv6 broadcast address
++ * @mask      : network mask
++ */
++struct lxc_inet6dev {
++	struct in6_addr addr;
++	struct in6_addr mcast;
++	struct in6_addr acast;
++	int prefix;
++};
++
++struct lxc_route6 {
++	struct in6_addr addr;
++};
++
++struct ifla_veth {
++	char *pair; /* pair name */
++};
++
++struct ifla_vlan {
++	uint   flags;
++	uint   fmask;
++	ushort   vid;
++	ushort   pad;
++};
++
++struct ifla_macvlan {
++	int mode; /* private, vepa, bridge */
++};
++
++union netdev_p {
++	struct ifla_veth veth_attr;
++	struct ifla_vlan vlan_attr;
++	struct ifla_macvlan macvlan_attr;
++};
++
++/*
++ * Defines a structure to configure a network device
++ * @link       : lxc.network.link, name of bridge or host iface to attach if any
++ * @name       : lxc.network.name, name of iface on the container side
++ * @flags      : flag of the network device (IFF_UP, ... )
++ * @ipv4       : a list of ipv4 addresses to be set on the network device
++ * @ipv6       : a list of ipv6 addresses to be set on the network device
++ * @upscript   : a script filename to be executed during interface configuration
++ */
++struct lxc_netdev {
++	int type;
++	int flags;
++	int ifindex;
++	char *link;
++	char *name;
++	char *hwaddr;
++	char *mtu;
++	union netdev_p priv;
++	struct lxc_list ipv4;
++	struct lxc_list ipv6;
++	char *upscript;
++};
++
++/*
++ * Defines a generic struct to configure the control group.
++ * It is up to the programmer to specify the right subsystem.
++ * @subsystem : the targetted subsystem
++ * @value     : the value to set
++ */
++struct lxc_cgroup {
++	char *subsystem;
++	char *value;
++};
++
++/*
++ * Defines a structure containing a pty information for
++ * virtualizing a tty
++ * @name   : the path name of the slave pty side
++ * @master : the file descriptor of the master
++ * @slave  : the file descriptor of the slave
++ */
++struct lxc_pty_info {
++	char name[MAXPATHLEN];
++	int master;
++	int slave;
++	int busy;
++};
++
++/*
++ * Defines the number of tty configured and contains the
++ * instanciated ptys
++ * @nbtty = number of configured ttys
++ */
++struct lxc_tty_info {
++	int nbtty;
++	struct lxc_pty_info *pty_info;
++};
++
++/*
++ * Defines the structure to store the console information
++ * @peer   : the file descriptor put/get console traffic
++ * @name   : the file name of the slave pty
++ */
++struct lxc_console {
++	int slave;
++	int master;
++	int peer;
++	char *path;
++	char name[MAXPATHLEN];
++	struct termios *tios;
++};
++
++/*
++ * Defines a structure to store the rootfs location, the
++ * optionals pivot_root, rootfs mount paths
++ * @rootfs     : a path to the rootfs
++ * @pivot_root : a path to a pivot_root location to be used
++ */
++struct lxc_rootfs {
++	char *path;
++	char *mount;
++	char *pivot;
++};
++
++/*
++ * Defines the global container configuration
++ * @rootfs     : root directory to run the container
++ * @pivotdir   : pivotdir path, if not set default will be used
++ * @mount      : list of mount points
++ * @tty        : numbers of tty
++ * @pts        : new pts instance
++ * @mount_list : list of mount point (alternative to fstab file)
++ * @network    : network configuration
++ * @utsname    : container utsname
++ * @fstab      : path to a fstab file format
++ * @caps       : list of the capabilities
++ * @tty_info   : tty data
++ * @console    : console data
++ */
++struct lxc_conf {
++	char *fstab;
++	int tty;
++	int pts;
++	int reboot;
++	int need_utmp_watch;
++	int personality;
++	struct utsname *utsname;
++	struct lxc_list cgroup;
++	struct lxc_list network;
++	struct lxc_list mount_list;
++	struct lxc_list caps;
++	struct lxc_tty_info tty_info;
++	struct lxc_console console;
++	struct lxc_rootfs rootfs;
++};
++
++/*
++ * Initialize the lxc configuration structure
++ */
++extern struct lxc_conf *lxc_conf_init(void);
++
++extern int lxc_create_network(struct lxc_handler *handler);
++extern void lxc_delete_network(struct lxc_list *networks);
++extern int lxc_assign_network(struct lxc_list *networks, pid_t pid);
++
++extern int lxc_create_tty(const char *name, struct lxc_conf *conf);
++extern void lxc_delete_tty(struct lxc_tty_info *tty_info);
++
++/*
++ * Configure the container from inside
++ */
++
++extern int lxc_setup(const char *name, struct lxc_conf *lxc_conf);
++#endif
 === added file '.pc/0040-consoles-into-devlxc.patch/src/lxc/confile.c'
 --- .pc/0040-consoles-into-devlxc.patch/src/lxc/confile.c	1970-01-01 00:00:00 +0000
 +++ .pc/0040-consoles-into-devlxc.patch/src/lxc/confile.c	2012-02-11 04:43:19 +0000
@@ -0,0 +1,898 @@
++/*
++ * lxc: linux Container library
++ *
++ * (C) Copyright IBM Corp. 2007, 2008
++ *
++ * Authors:
++ * Daniel Lezcano <dlezcano at fr.ibm.com>
++ *
++ * This library is free software; you can redistribute it and/or
++ * modify it under the terms of the GNU Lesser General Public
++ * License as published by the Free Software Foundation; either
++ * version 2.1 of the License, or (at your option) any later version.
++ *
++ * This library is distributed in the hope that it will be useful,
++ * but WITHOUT ANY WARRANTY; without even the implied warranty of
++ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
++ * Lesser General Public License for more details.
++ *
++ * You should have received a copy of the GNU Lesser General Public
++ * License along with this library; if not, write to the Free Software
++ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
++ */
++#include <stdio.h>
++#include <stdlib.h>
++#include <string.h>
++#include <unistd.h>
++#include <errno.h>
++#include <fcntl.h>
++#include <pty.h>
++#include <sys/stat.h>
++#include <sys/types.h>
++#include <sys/param.h>
++#include <sys/utsname.h>
++#include <sys/personality.h>
++#include <arpa/inet.h>
++#include <netinet/in.h>
++#include <net/if.h>
++
++#include "parse.h"
++#include "utils.h"
++
++#include <lxc/log.h>
++#include <lxc/conf.h>
++
++lxc_log_define(lxc_confile, lxc);
++
++static int config_personality(const char *, char *, struct lxc_conf *);
++static int config_pts(const char *, char *, struct lxc_conf *);
++static int config_tty(const char *, char *, struct lxc_conf *);
++static int config_cgroup(const char *, char *, struct lxc_conf *);
++static int config_mount(const char *, char *, struct lxc_conf *);
++static int config_rootfs(const char *, char *, struct lxc_conf *);
++static int config_rootfs_mount(const char *, char *, struct lxc_conf *);
++static int config_pivotdir(const char *, char *, struct lxc_conf *);
++static int config_utsname(const char *, char *, struct lxc_conf *);
++static int config_network_type(const char *, char *, struct lxc_conf *);
++static int config_network_flags(const char *, char *, struct lxc_conf *);
++static int config_network_link(const char *, char *, struct lxc_conf *);
++static int config_network_name(const char *, char *, struct lxc_conf *);
++static int config_network_veth_pair(const char *, char *, struct lxc_conf *);
++static int config_network_macvlan_mode(const char *, char *, struct lxc_conf *);
++static int config_network_hwaddr(const char *, char *, struct lxc_conf *);
++static int config_network_vlan_id(const char *, char *, struct lxc_conf *);
++static int config_network_mtu(const char *, char *, struct lxc_conf *);
++static int config_network_ipv4(const char *, char *, struct lxc_conf *);
++static int config_network_script(const char *, char *, struct lxc_conf *);
++static int config_network_ipv6(const char *, char *, struct lxc_conf *);
++static int config_cap_drop(const char *, char *, struct lxc_conf *);
++static int config_console(const char *, char *, struct lxc_conf *);
++
++typedef int (*config_cb)(const char *, char *, struct lxc_conf *);
++
++struct config {
++	char *name;
++	config_cb cb;
++};
++
++static struct config config[] = {
++
++	{ "lxc.arch",                 config_personality          },
++	{ "lxc.pts",                  config_pts                  },
++	{ "lxc.tty",                  config_tty                  },
++	{ "lxc.cgroup",               config_cgroup               },
++	{ "lxc.mount",                config_mount                },
++	{ "lxc.rootfs.mount",         config_rootfs_mount         },
++	{ "lxc.rootfs",               config_rootfs               },
++	{ "lxc.pivotdir",             config_pivotdir             },
++	{ "lxc.utsname",              config_utsname              },
++	{ "lxc.network.type",         config_network_type         },
++	{ "lxc.network.flags",        config_network_flags        },
++	{ "lxc.network.link",         config_network_link         },
++	{ "lxc.network.name",         config_network_name         },
++	{ "lxc.network.macvlan.mode", config_network_macvlan_mode },
++	{ "lxc.network.veth.pair",    config_network_veth_pair    },
++	{ "lxc.network.script.up",    config_network_script       },
++	{ "lxc.network.hwaddr",       config_network_hwaddr       },
++	{ "lxc.network.mtu",          config_network_mtu          },
++	{ "lxc.network.vlan.id",      config_network_vlan_id      },
++	{ "lxc.network.ipv4",         config_network_ipv4         },
++	{ "lxc.network.ipv6",         config_network_ipv6         },
++	{ "lxc.cap.drop",             config_cap_drop             },
++	{ "lxc.console",              config_console              },
++};
++
++static const size_t config_size = sizeof(config)/sizeof(struct config);
++
++static struct config *getconfig(const char *key)
++{
++	int i;
++
++	for (i = 0; i < config_size; i++)
++		if (!strncmp(config[i].name, key,
++			     strlen(config[i].name)))
++			return &config[i];
++	return NULL;
++}
++
++static int config_network_type(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_list *network = &lxc_conf->network;
++	struct lxc_netdev *netdev;
++	struct lxc_list *list;
++
++	netdev = malloc(sizeof(*netdev));
++	if (!netdev) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	memset(netdev, 0, sizeof(*netdev));
++	lxc_list_init(&netdev->ipv4);
++	lxc_list_init(&netdev->ipv6);
++
++	list = malloc(sizeof(*list));
++	if (!list) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	lxc_list_init(list);
++	list->elem = netdev;
++
++	lxc_list_add_tail(network, list);
++
++	if (!strcmp(value, "veth"))
++		netdev->type = LXC_NET_VETH;
++	else if (!strcmp(value, "macvlan"))
++		netdev->type = LXC_NET_MACVLAN;
++	else if (!strcmp(value, "vlan"))
++		netdev->type = LXC_NET_VLAN;
++	else if (!strcmp(value, "phys"))
++		netdev->type = LXC_NET_PHYS;
++	else if (!strcmp(value, "empty"))
++		netdev->type = LXC_NET_EMPTY;
++	else {
++		ERROR("invalid network type %s", value);
++		return -1;
++	}
++	return 0;
++}
++
++static int config_ip_prefix(struct in_addr *addr)
++{
++	if (IN_CLASSA(addr->s_addr))
++		return 32 - IN_CLASSA_NSHIFT;
++	if (IN_CLASSB(addr->s_addr))
++		return 32 - IN_CLASSB_NSHIFT;
++	if (IN_CLASSC(addr->s_addr))
++		return 32 - IN_CLASSC_NSHIFT;
++
++	return 0;
++}
++
++static struct lxc_netdev *network_netdev(const char *key, const char *value,
++					 struct lxc_list *network)
++{
++	struct lxc_netdev *netdev;
++
++	if (lxc_list_empty(network)) {
++		ERROR("network is not created for '%s' = '%s' option",
++		      key, value);
++		return NULL;
++	}
++
++	netdev = lxc_list_last_elem(network);
++	if (!netdev) {
++		ERROR("no network device defined for '%s' = '%s' option",
++		      key, value);
++		return NULL;
++	}
++
++	return netdev;
++}
++
++static int network_ifname(char **valuep, char *value)
++{
++	if (strlen(value) >= IFNAMSIZ) {
++		ERROR("invalid interface name: %s", value);
++		return -1;
++	}
++
++	*valuep = strdup(value);
++	if (!*valuep) {
++		ERROR("failed to dup string '%s'", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++#ifndef MACVLAN_MODE_PRIVATE
++#  define MACVLAN_MODE_PRIVATE 1
++#endif
++
++#ifndef MACVLAN_MODE_VEPA
++#  define MACVLAN_MODE_VEPA 2
++#endif
++
++#ifndef MACVLAN_MODE_BRIDGE
++#  define MACVLAN_MODE_BRIDGE 4
++#endif
++
++static int macvlan_mode(int *valuep, char *value)
++{
++	struct mc_mode {
++		char *name;
++		int mode;
++	} m[] = {
++		{ "private", MACVLAN_MODE_PRIVATE },
++		{ "vepa", MACVLAN_MODE_VEPA },
++		{ "bridge", MACVLAN_MODE_BRIDGE },
++	};
++
++	int i;
++
++	for (i = 0; i < sizeof(m)/sizeof(m[0]); i++) {
++		if (strcmp(m[i].name, value))
++			continue;
++
++		*valuep = m[i].mode;
++		return 0;
++	}
++
++	return -1;
++}
++
++static int config_network_flags(const char *key, char *value,
++				struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	netdev->flags |= IFF_UP;
++
++	return 0;
++}
++
++static int config_network_link(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	return network_ifname(&netdev->link, value);
++}
++
++static int config_network_name(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	return network_ifname(&netdev->name, value);
++}
++
++static int config_network_veth_pair(const char *key, char *value,
++				    struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	return network_ifname(&netdev->priv.veth_attr.pair, value);
++}
++
++static int config_network_macvlan_mode(const char *key, char *value,
++				       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	return macvlan_mode(&netdev->priv.macvlan_attr.mode, value);
++}
++
++static int config_network_hwaddr(const char *key, char *value,
++				 struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	netdev->hwaddr = strdup(value);
++	if (!netdev->hwaddr) {
++		SYSERROR("failed to dup string '%s'", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_network_vlan_id(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	if (get_u16(&netdev->priv.vlan_attr.vid, value, 0))
++		return -1;
++
++	return 0;
++}
++
++static int config_network_mtu(const char *key, char *value,
++			      struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	netdev->mtu = strdup(value);
++	if (!netdev->mtu) {
++		SYSERROR("failed to dup string '%s'", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_network_ipv4(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++	struct lxc_inetdev *inetdev;
++	struct lxc_list *list;
++	char *cursor, *slash, *addr = NULL, *bcast = NULL, *prefix = NULL;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	inetdev = malloc(sizeof(*inetdev));
++	if (!inetdev) {
++		SYSERROR("failed to allocate ipv4 address");
++		return -1;
++	}
++	memset(inetdev, 0, sizeof(*inetdev));
++
++	list = malloc(sizeof(*list));
++	if (!list) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	lxc_list_init(list);
++	list->elem = inetdev;
++
++	addr = value;
++
++	cursor = strstr(addr, " ");
++	if (cursor) {
++		*cursor = '\0';
++		bcast = cursor + 1;
++	}
++
++	slash = strstr(addr, "/");
++	if (slash) {
++		*slash = '\0';
++		prefix = slash + 1;
++	}
++
++	if (!addr) {
++		ERROR("no address specified");
++		return -1;
++	}
++
++	if (!inet_pton(AF_INET, addr, &inetdev->addr)) {
++		SYSERROR("invalid ipv4 address: %s", value);
++		return -1;
++	}
++
++	if (bcast && !inet_pton(AF_INET, bcast, &inetdev->bcast)) {
++		SYSERROR("invalid ipv4 broadcast address: %s", value);
++		return -1;
++	}
++
++	/* no prefix specified, determine it from the network class */
++	inetdev->prefix = prefix ? atoi(prefix) :
++		config_ip_prefix(&inetdev->addr);
++
++	/* if no broadcast address, let compute one from the
++	 * prefix and address
++	 */
++	if (!bcast) {
++		inetdev->bcast.s_addr = inetdev->addr.s_addr;
++		inetdev->bcast.s_addr |=
++			htonl(INADDR_BROADCAST >>  inetdev->prefix);
++	}
++
++	lxc_list_add(&netdev->ipv4, list);
++
++	return 0;
++}
++
++static int config_network_ipv6(const char *key, char *value,
++			       struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++	struct lxc_inet6dev *inet6dev;
++	struct lxc_list *list;
++	char *slash;
++	char *netmask;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++		return -1;
++
++	inet6dev = malloc(sizeof(*inet6dev));
++	if (!inet6dev) {
++		SYSERROR("failed to allocate ipv6 address");
++		return -1;
++	}
++	memset(inet6dev, 0, sizeof(*inet6dev));
++
++	list = malloc(sizeof(*list));
++	if (!list) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	lxc_list_init(list);
++	list->elem = inet6dev;
++
++	inet6dev->prefix = 64;
++	slash = strstr(value, "/");
++	if (slash) {
++		*slash = '\0';
++		netmask = slash + 1;
++		inet6dev->prefix = atoi(netmask);
++	}
++
++	if (!inet_pton(AF_INET6, value, &inet6dev->addr)) {
++		SYSERROR("invalid ipv6 address: %s", value);
++		return -1;
++	}
++
++	lxc_list_add(&netdev->ipv6, list);
++
++	return 0;
++}
++
++static int config_network_script(const char *key, char *value,
++				 struct lxc_conf *lxc_conf)
++{
++	struct lxc_netdev *netdev;
++
++	netdev = network_netdev(key, value, &lxc_conf->network);
++	if (!netdev)
++	return -1;
++
++	char *copy = strdup(value);
++	if (!copy) {
++		SYSERROR("failed to dup string '%s'", value);
++		return -1;
++	}
++	if (strcmp(key, "lxc.network.script.up") == 0) {
++		netdev->upscript = copy;
++		return 0;
++	}
++	SYSERROR("Unknown key: %s", key);
++	free(copy);
++	return -1;
++}
++
++static int config_personality(const char *key, char *value,
++			      struct lxc_conf *lxc_conf)
++{
++	struct per_name {
++		char *name;
++		int per;
++	} pername[4] = {
++		{ "x86", PER_LINUX32 },
++		{ "i686", PER_LINUX32 },
++		{ "x86_64", PER_LINUX },
++		{ "amd64", PER_LINUX },
++	};
++	size_t len = sizeof(pername) / sizeof(pername[0]);
++
++	int i;
++
++	for (i = 0; i < len; i++) {
++
++		if (strcmp(pername[i].name, value))
++		    continue;
++
++		lxc_conf->personality = pername[i].per;
++
++		return 0;
++	}
++
++	WARN("unsupported personality '%s'", value);
++
++	return 0;
++}
++
++static int config_pts(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	int maxpts = atoi(value);
++
++	lxc_conf->pts = maxpts;
++
++	return 0;
++}
++
++static int config_tty(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	int nbtty = atoi(value);
++
++	lxc_conf->tty = nbtty;
++
++	return 0;
++}
++
++static int config_cgroup(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	char *token = "lxc.cgroup.";
++	char *subkey;
++	struct lxc_list *cglist = NULL;
++	struct lxc_cgroup *cgelem = NULL;
++
++	subkey = strstr(key, token);
++
++	if (!subkey)
++		return -1;
++
++	if (!strlen(subkey))
++		return -1;
++
++	if (strlen(subkey) == strlen(token))
++		return -1;
++
++	subkey += strlen(token);
++
++	cglist = malloc(sizeof(*cglist));
++	if (!cglist)
++		goto out;
++
++	cgelem = malloc(sizeof(*cgelem));
++	if (!cgelem)
++		goto out;
++	memset(cgelem, 0, sizeof(*cgelem));
++
++	cgelem->subsystem = strdup(subkey);
++	cgelem->value = strdup(value);
++
++	if (!cgelem->subsystem || !cgelem->value)
++		goto out;
++
++	cglist->elem = cgelem;
++
++	lxc_list_add_tail(&lxc_conf->cgroup, cglist);
++
++	return 0;
++
++out:
++	if (cglist)
++		free(cglist);
++
++	if (cgelem) {
++		if (cgelem->subsystem)
++			free(cgelem->subsystem);
++
++		if (cgelem->value)
++			free(cgelem->value);
++
++		free(cgelem);
++	}
++
++	return -1;
++}
++
++static int config_fstab(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	if (strlen(value) >= MAXPATHLEN) {
++		ERROR("%s path is too long", value);
++		return -1;
++	}
++
++	lxc_conf->fstab = strdup(value);
++	if (!lxc_conf->fstab) {
++		SYSERROR("failed to duplicate string %s", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_mount(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	char *fstab_token = "lxc.mount";
++	char *token = "lxc.mount.entry";
++	char *subkey;
++	char *mntelem;
++	struct lxc_list *mntlist;
++
++	subkey = strstr(key, token);
++
++	if (!subkey) {
++		subkey = strstr(key, fstab_token);
++
++		if (!subkey)
++			return -1;
++
++		return config_fstab(key, value, lxc_conf);
++	}
++
++	if (!strlen(subkey))
++		return -1;
++
++	mntlist = malloc(sizeof(*mntlist));
++	if (!mntlist)
++		return -1;
++
++	mntelem = strdup(value);
++	if (!mntelem)
++		return -1;
++	mntlist->elem = mntelem;
++
++	lxc_list_add_tail(&lxc_conf->mount_list, mntlist);
++
++	return 0;
++}
++
++static int config_cap_drop(const char *key, char *value,
++			   struct lxc_conf *lxc_conf)
++{
++	char *dropcaps, *sptr, *token;
++	struct lxc_list *droplist;
++	int ret = -1;
++
++	if (!strlen(value))
++		return -1;
++
++	dropcaps = strdup(value);
++	if (!dropcaps) {
++		SYSERROR("failed to dup '%s'", value);
++		return -1;
++	}
++
++	/* in case several capability drop is specified in a single line
++	 * split these caps in a single element for the list */
++	for (;;) {
++                token = strtok_r(dropcaps, " \t", &sptr);
++                if (!token) {
++			ret = 0;
++                        break;
++		}
++		dropcaps = NULL;
++
++		droplist = malloc(sizeof(*droplist));
++		if (!droplist) {
++			SYSERROR("failed to allocate drop list");
++			break;
++		}
++
++		droplist->elem = strdup(token);
++		if (!droplist->elem) {
++			SYSERROR("failed to dup '%s'", token);
++			free(droplist);
++			break;
++		}
++
++		lxc_list_add_tail(&lxc_conf->caps, droplist);
++        }
++
++	free(dropcaps);
++
++	return ret;
++}
++
++static int config_console(const char *key, char *value,
++			  struct lxc_conf *lxc_conf)
++{
++	char *path;
++
++	path = strdup(value);
++	if (!path) {
++		SYSERROR("failed to strdup '%s': %m", value);
++		return -1;
++	}
++
++	lxc_conf->console.path = path;
++
++	return 0;
++}
++
++static int config_rootfs(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	if (strlen(value) >= MAXPATHLEN) {
++		ERROR("%s path is too long", value);
++		return -1;
++	}
++
++	lxc_conf->rootfs.path = strdup(value);
++	if (!lxc_conf->rootfs.path) {
++		SYSERROR("failed to duplicate string %s", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_rootfs_mount(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	if (strlen(value) >= MAXPATHLEN) {
++		ERROR("%s path is too long", value);
++		return -1;
++	}
++
++	lxc_conf->rootfs.mount = strdup(value);
++	if (!lxc_conf->rootfs.mount) {
++		SYSERROR("failed to duplicate string '%s'", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_pivotdir(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	if (strlen(value) >= MAXPATHLEN) {
++		ERROR("%s path is too long", value);
++		return -1;
++	}
++
++	lxc_conf->rootfs.pivot = strdup(value);
++	if (!lxc_conf->rootfs.pivot) {
++		SYSERROR("failed to duplicate string %s", value);
++		return -1;
++	}
++
++	return 0;
++}
++
++static int config_utsname(const char *key, char *value, struct lxc_conf *lxc_conf)
++{
++	struct utsname *utsname;
++
++	utsname = malloc(sizeof(*utsname));
++	if (!utsname) {
++		SYSERROR("failed to allocate memory");
++		return -1;
++	}
++
++	if (strlen(value) >= sizeof(utsname->nodename)) {
++		ERROR("node name '%s' is too long",
++			      utsname->nodename);
++		return -1;
++	}
++
++	strcpy(utsname->nodename, value);
++	lxc_conf->utsname = utsname;
++
++	return 0;
++}
++
++static int parse_line(char *buffer, void *data)
++{
++	struct config *config;
++	char *line, *linep;
++	char *dot;
++	char *key;
++	char *value;
++	int ret = 0;
++
++	if (lxc_is_line_empty(buffer))
++		return 0;
++
++	/* we have to dup the buffer otherwise, at the re-exec for
++	 * reboot we modified the original string on the stack by
++	 * replacing '=' by '\0' below
++	 */
++	linep = line = strdup(buffer);
++	if (!line) {
++		SYSERROR("failed to allocate memory for '%s'", buffer);
++		return -1;
++	}
++
++	line += lxc_char_left_gc(line, strlen(line));
++
++	/* martian option - ignoring it, the commented lines beginning by '#'
++	 * fall in this case
++	 */
++	if (strncmp(line, "lxc.", 4))
++		goto out;
++
++	ret = -1;
++
++	dot = strstr(line, "=");
++	if (!dot) {
++		ERROR("invalid configuration line: %s", line);
++		goto out;
++	}
++
++	*dot = '\0';
++	value = dot + 1;
++
++	key = line;
++	key[lxc_char_right_gc(key, strlen(key))] = '\0';
++
++	value += lxc_char_left_gc(value, strlen(value));
++	value[lxc_char_right_gc(value, strlen(value))] = '\0';
++
++	config = getconfig(key);
++	if (!config) {
++		ERROR("unknow key %s", key);
++		goto out;
++	}
++
++	ret = config->cb(key, value, data);
++
++out:
++	free(linep);
++	return ret;
++}
++
++int lxc_config_readline(char *buffer, struct lxc_conf *conf)
++{
++	return parse_line(buffer, conf);
++}
++
++int lxc_config_read(const char *file, struct lxc_conf *conf)
++{
++	return lxc_file_for_each_line(file, parse_line, conf);
++}
++
++int lxc_config_define_add(struct lxc_list *defines, char* arg)
++{
++	struct lxc_list *dent;
++
++	dent = malloc(sizeof(struct lxc_list));
++	if (!dent)
++		return -1;
++
++	dent->elem = arg;
++	lxc_list_add_tail(defines, dent);
++	return 0;
++}
++
++int lxc_config_define_load(struct lxc_list *defines, struct lxc_conf *conf)
++{
++	struct lxc_list *it;
++	int ret = 0;
++
++	lxc_list_for_each(it, defines) {
++		ret = lxc_config_readline(it->elem, conf);
++		if (ret)
++			break;
++	}
++
++	lxc_list_for_each(it, defines) {
++		lxc_list_del(it);
++		free(it);
++	}
++
++	return ret;
++}
 === added directory '.pc/0041-ubuntu-template-user-and-tty'
 === renamed directory '.pc/0041-ubuntu-template-user-and-tty' => '.pc/0041-ubuntu-template-user-and-tty.moved'
 === added directory '.pc/0041-ubuntu-template-user-and-tty/templates'
 === added file '.pc/0041-ubuntu-template-user-and-tty/templates/lxc-ubuntu.in'
 --- .pc/0041-ubuntu-template-user-and-tty/templates/lxc-ubuntu.in	1970-01-01 00:00:00 +0000
 +++ .pc/0041-ubuntu-template-user-and-tty/templates/lxc-ubuntu.in	2012-02-11 04:43:19 +0000
@@ -0,0 +1,595 @@
++#!/bin/bash
++
++#
++# template script for generating ubuntu container for LXC
++#
++# This script consolidates and extends the existing lxc ubuntu scripts
++#
++
++# Copyright © 2011 Serge Hallyn <serge.hallyn@canonical.com>
++# Copyright © 2010 Wilhelm Meier
++# Author: Wilhelm Meier <wilhelm.meier@fh-kl.de>
++#
++# This program is free software; you can redistribute it and/or modify
++# it under the terms of the GNU General Public License version 2, as
++# published by the Free Software Foundation.
++
++# This program is distributed in the hope that it will be useful,
++# but WITHOUT ANY WARRANTY; without even the implied warranty of
++# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
++# GNU General Public License for more details.
++
++# You should have received a copy of the GNU General Public License along
++# with this program; if not, write to the Free Software Foundation, Inc.,
++# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
++#
++
++set -e
++
++if [ -r /etc/default/lxc ]; then
++    . /etc/default/lxc
++fi
++
++configure_ubuntu()
++{
++    rootfs=$1
++    hostname=$2
++
++   # configure the network using the dhcp
++    cat <<EOF > $rootfs/etc/network/interfaces
++auto lo
++iface lo inet loopback
++
++auto eth0
++iface eth0 inet dhcp
++EOF
++
++    # so you can 'ssh $hostname.' or 'ssh $hostname.local'
++    if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
++    elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
++        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
++    fi
++
++    # set the hostname
++    cat <<EOF > $rootfs/etc/hostname
++$hostname
++EOF
++    # set minimal hosts
++    cat <<EOF > $rootfs/etc/hosts
++127.0.0.1 localhost $hostname
++EOF
++
++    # suppress log level output for udev
++    sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
++
++    # remove jobs for consoles 5 and 6 since we only create 4 consoles in
++    # this template
++    rm -f $rootfs/etc/init/tty{5,6}.conf
++
++    echo "Please change root-password !"
++    echo "root:root" | chroot $rootfs chpasswd
++
++    return 0
++}
++
++write_sourceslist()
++{
++    # $1 => path to the rootfs
++    # $2 => architecture we want to add
++    # $3 => whether to use the multi-arch syntax or not
++
++    case $2 in
++      amd64|i386)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++      sparc)
++            case $SUITE in
++              gutsy)
++            MIRROR=${MIRROR:-http://archive.ubuntu.com/ubuntu}
++            SECURITY_MIRROR=${SECURITY_MIRRORMIRROR:-http://security.ubuntu.com/ubuntu}
++            ;;
++              *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++            esac
++            ;;
++      *)
++            MIRROR=${MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            SECURITY_MIRROR=${SECURITY_MIRROR:-http://ports.ubuntu.com/ubuntu-ports}
++            ;;
++    esac
++    if [ -n "$3" ]; then
++        cat >> "$1/etc/apt/sources.list" << EOF
++deb [arch=$2] $MIRROR ${release} main restricted universe multiverse
++deb [arch=$2] $MIRROR ${release}-updates main restricted universe multiverse
++deb [arch=$2] $SECURITY_MIRROR ${release}-security main restricted universe multiverse
++EOF
++    else
++        cat >> "$1/etc/apt/sources.list" << EOF
++deb $MIRROR ${release} main restricted universe multiverse
++deb $MIRROR ${release}-updates main restricted universe multiverse
++deb $SECURITY_MIRROR ${release}-security main restricted universe multiverse
++EOF
++    fi
++}
++
++download_ubuntu()
++{
++    cache=$1
++    arch=$2
++    release=$3
++
++    if [ $release = "lucid" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg
++    elif [ $release = "maverick" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,dhcp3-client,ssh,lsb-release,gnupg,netbase
++    elif [ $release = "natty" ]; then
++        packages=dialog,apt,apt-utils,resolvconf,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase
++    else
++        packages=dialog,apt,apt-utils,iproute,inetutils-ping,vim,isc-dhcp-client,isc-dhcp-common,ssh,lsb-release,gnupg,netbase,ubuntu-keyring
++    fi
++    echo "installing packages: $packages"
++
++    # check the mini ubuntu was not already downloaded
++    mkdir -p "$cache/partial-$arch"
++    if [ $? -ne 0 ]; then
++        echo "Failed to create '$cache/partial-$arch' directory"
++        return 1
++    fi
++
++    # download a mini ubuntu into a cache
++    echo "Downloading ubuntu $release minimal ..."
++    if [ -n "$(which qemu-debootstrap)" ]; then
++        qemu-debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    else
++        debootstrap --verbose --components=main,universe --arch=$arch --include=$packages $release $cache/partial-$arch $MIRROR
++    fi
++
++    if [ $? -ne 0 ]; then
++        echo "Failed to download the rootfs, aborting."
++            return 1
++    fi
++
++    # Serge isn't sure whether we should avoid doing this when
++    # $release == `distro-info -d`
++    echo "Installing updates"
++    > $cache/partial-$arch/etc/apt/sources.list
++    write_sourceslist $cache/partial-$arch/ $arch
++
++    chroot "$1/partial-${arch}" apt-get update
++    if [ $? -ne 0 ]; then
++        echo "Failed to update the apt cache"
++        return 1
++    fi
++    cat > "$1/partial-${arch}"/usr/sbin/policy-rc.d << EOF
++#!/bin/sh
++exit 101
++EOF
++    chmod +x "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    lxc-unshare -s MOUNT -- chroot "$1/partial-${arch}" apt-get dist-upgrade -y
++    ret=$?
++    rm -f "$1/partial-${arch}"/usr/sbin/policy-rc.d
++
++    if [ $ret -ne 0 ]; then
++        echo "Failed to upgrade the cache"
++        return 1
++    fi
++
++    mv "$1/partial-$arch" "$1/rootfs-$arch"
++    echo "Download complete"
++    return 0
++}
++
++copy_ubuntu()
++{
++    cache=$1
++    arch=$2
++    rootfs=$3
++
++    # make a local copy of the miniubuntu
++    echo -n "Copying rootfs to $rootfs ..."
++    mkdir -p $rootfs
++    rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
++    return 0
++}
++
++install_ubuntu()
++{
++    rootfs=$1
++    release=$2
++    flushcache=$3
++    cache="/var/cache/lxc/$release"
++    mkdir -p /var/lock/subsys/
++    (
++	flock -n -x 200
++	if [ $? -ne 0 ]; then
++	    echo "Cache repository is busy."
++	    return 1
++	fi
++
++
++    if [ $flushcache -eq 1 ]; then
++        echo "Flushing cache..."
++        rm -rf "$cache/partial-$arch"
++        rm -rf "$cache/rootfs-$arch"
++    fi
++
++	echo "Checking cache download in $cache/rootfs-$arch ... "
++	if [ ! -e "$cache/rootfs-$arch" ]; then
++	    download_ubuntu $cache $arch $release
++	    if [ $? -ne 0 ]; then
++		echo "Failed to download 'ubuntu $release base'"
++		return 1
++	    fi
++	fi
++
++	echo "Copy $cache/rootfs-$arch to $rootfs ... "
++	copy_ubuntu $cache $arch $rootfs
++	if [ $? -ne 0 ]; then
++	    echo "Failed to copy rootfs"
++	    return 1
++	fi
++
++	return 0
++
++	) 200>/var/lock/subsys/lxc
++
++    return $?
++}
++
++copy_configuration()
++{
++    path=$1
++    rootfs=$2
++    name=$3
++    arch=$4
++
++    if [ $arch = "i386" ]; then
++        arch="i686"
++    fi
++
++    cat <<EOF >> $path/config
++lxc.utsname = $name
++
++lxc.tty = 4
++lxc.pts = 1024
++lxc.rootfs = $rootfs
++lxc.mount  = $path/fstab
++lxc.arch = $arch
++lxc.cap.drop = sys_module mac_admin
++
++lxc.cgroup.devices.deny = a
++# Allow any mknod (but not using the node)
++lxc.cgroup.devices.allow = c *:* m
++lxc.cgroup.devices.allow = b *:* m
++# /dev/null and zero
++lxc.cgroup.devices.allow = c 1:3 rwm
++lxc.cgroup.devices.allow = c 1:5 rwm
++# consoles
++lxc.cgroup.devices.allow = c 5:1 rwm
++lxc.cgroup.devices.allow = c 5:0 rwm
++#lxc.cgroup.devices.allow = c 4:0 rwm
++#lxc.cgroup.devices.allow = c 4:1 rwm
++# /dev/{,u}random
++lxc.cgroup.devices.allow = c 1:9 rwm
++lxc.cgroup.devices.allow = c 1:8 rwm
++lxc.cgroup.devices.allow = c 136:* rwm
++lxc.cgroup.devices.allow = c 5:2 rwm
++# rtc
++lxc.cgroup.devices.allow = c 254:0 rwm
++#fuse
++lxc.cgroup.devices.allow = c 10:229 rwm
++#tun
++lxc.cgroup.devices.allow = c 10:200 rwm
++#full
++lxc.cgroup.devices.allow = c 1:7 rwm
++#hpet
++lxc.cgroup.devices.allow = c 10:228 rwm
++#kvm
++lxc.cgroup.devices.allow = c 10:232 rwm
++EOF
++
++    cat <<EOF > $path/fstab
++proc            $rootfs/proc         proc    nodev,noexec,nosuid 0 0
++sysfs           $rootfs/sys          sysfs defaults  0 0
++EOF
++
++    if [ $? -ne 0 ]; then
++	echo "Failed to add configuration"
++	return 1
++    fi
++
++    return 0
++}
++
++trim()
++{
++    rootfs=$1
++    release=$2
++
++    # provide the lxc service
++    cat <<EOF > $rootfs/etc/init/lxc.conf
++# fake some events needed for correct startup other services
++
++description     "Container Upstart"
++
++start on startup
++
++script
++        rm -rf /var/run/*.pid
++        rm -rf /var/run/network/*
++        /sbin/initctl emit stopped JOB=udevtrigger --no-wait
++        /sbin/initctl emit started JOB=udev --no-wait
++end script
++EOF
++
++    # fix buggus runlevel with sshd
++    cat <<EOF > $rootfs/etc/init/ssh.conf
++# ssh - OpenBSD Secure Shell server
++#
++# The OpenSSH server provides secure shell access to the system.
++
++description	"OpenSSH server"
++
++start on filesystem
++stop on runlevel [!2345]
++
++expect fork
++respawn
++respawn limit 10 5
++umask 022
++# replaces SSHD_OOM_ADJUST in /etc/default/ssh
++oom never
++
++pre-start script
++    test -x /usr/sbin/sshd || { stop; exit 0; }
++    test -e /etc/ssh/sshd_not_to_be_run && { stop; exit 0; }
++    test -c /dev/null || { stop; exit 0; }
++
++    mkdir -p -m0755 /var/run/sshd
++end script
++
++# if you used to set SSHD_OPTS in /etc/default/ssh, you can change the
++# 'exec' line here instead
++exec /usr/sbin/sshd
++EOF
++
++    cat <<EOF > $rootfs/etc/init/console.conf
++# console - getty
++#
++# This service maintains a console on tty1 from the point the system is
++# started until it is shut down again.
++
++start on stopped rc RUNLEVEL=[2345]
++stop on runlevel [!2345]
++
++respawn
++exec /sbin/getty -8 38400 /dev/console
++EOF
++
++    cat <<EOF > $rootfs/lib/init/fstab
++# /lib/init/fstab: cleared out for bare-bones lxc
++EOF
++
++    # reconfigure some services
++    if [ -z "$LANG" ]; then
++	chroot $rootfs locale-gen en_US.UTF-8
++	chroot $rootfs update-locale LANG=en_US.UTF-8
++    else
++	chroot $rootfs locale-gen $LANG
++	chroot $rootfs update-locale LANG=$LANG
++    fi
++
++    # remove pointless services in a container
++    chroot $rootfs /usr/sbin/update-rc.d -f ondemand remove
++
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls u*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls tty[2-9].conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls plymouth*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls hwclock*.conf); do mv $f $f.orig; done'
++    chroot $rootfs /bin/bash -c 'cd /etc/init; for f in $(ls module*.conf); do mv $f $f.orig; done'
++
++    # if this isn't lucid, then we need to twiddle the network upstart bits :(
++    if [ $release != "lucid" ]; then
++        sed -i 's/^.*emission handled.*$/echo Emitting lo/' $rootfs/etc/network/if-up.d/upstart
++    fi
++}
++
++post_process()
++{
++    rootfs=$1
++    release=$2
++    trim_container=$3
++
++    if [ $trim_container -eq 1 ]; then
++        trim $rootfs $release
++    elif [ $release = "lucid" -o $release = "maverick" -o $release = "natty" \
++		-o $release = "oneiric" ]; then
++        # for lucid and maverick, if not trimming, then add the ubuntu-virt
++        # ppa and install lxcguest
++        if [ $release = "lucid" -o $release = "maverick" ]; then
++            chroot $rootfs apt-get install --force-yes -y python-software-properties
++            chroot $rootfs add-apt-repository ppa:ubuntu-virt/ppa
++        fi
++	cresolvonf="${rootfs}/etc/resolv.conf"
++	mv $cresolvonf ${cresolvonf}.lxcbak
++        cat /etc/resolv.conf > ${cresolvonf}
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y lxcguest
++	rm -f ${cresolvonf}
++	mv ${cresolvonf}.lxcbak ${cresolvonf}
++    fi
++
++    # If the container isn't running a native architecture, setup multiarch
++    if [ -x "$(ls -1 ${rootfs}/usr/bin/qemu-*-static 2>/dev/null)" ]; then
++        mkdir -p ${rootfs}/etc/dpkg/dpkg.cfg.d
++        echo "foreign-architecture ${hostarch}" > ${rootfs}/etc/dpkg/dpkg.cfg.d/lxc-multiarch
++
++        # Save existing value of MIRROR and SECURITY_MIRROR
++        DEFAULT_MIRROR=$MIRROR
++        DEFAULT_SECURITY_MIRROR=$SECURITY_MIRROR
++
++        # Write a new sources.list containing both native and multiarch entries
++        > ${rootfs}/etc/apt/sources.list
++        write_sourceslist $rootfs $arch "native"
++
++        MIRROR=$DEFAULT_MIRROR
++        SECURITY_MIRROR=$DEFAULT_SECURITY_MIRROR
++        write_sourceslist $rootfs $hostarch "multiarch"
++
++        # Finally update the lists and install upstart using the host architecture
++        chroot $rootfs apt-get update
++        chroot $rootfs apt-get install --force-yes -y --no-install-recommends upstart:${hostarch} mountall:amd64 iproute:amd64 isc-dhcp-client:amd64
++    fi
++}
++
++do_bindhome()
++{
++    rootfs=$1
++    user=$2
++
++    # copy /etc/passwd, /etc/shadow, and /etc/group entries into container
++    pwd=`getent passwd $user`
++    if [ $? -ne 0 ]; then
++        echo 'Warning: failed to copy password entry for $user'
++	return
++    else
++        echo $pwd >> $rootfs/etc/passwd
++    fi
++    shad=`getent shadow $user`
++    echo $shad >> $rootfs/etc/shadow
++
++    # bind-mount the user's path into the container's /home
++    h=`getent passwd $user | cut -d: -f 6`
++    mkdir -p $rootfs/$h
++    echo "$h $rootfs/$h none bind 0 0" >> $path/fstab
++}
++
++usage()
++{
++    cat <<EOF
++$1 -h|--help [-a|--arch] [-b|--bindhome <user>] [--trim]
++   [-F | --flush-cache] [-r|--release <release>]
++release: lucid | maverick | natty | oneiric | precise
++trim: make a minimal (faster, but not upgrade-safe) container
++bindhome: bind <user>'s home into the container
++arch: amd64 or i386: defaults to host arch
++EOF
++    return 0
++}
++
++options=$(getopt -o a:b:hp:r:xn:F -l arch:,bindhome:,help,path:,release:,trim,name:,flush-cache -- "$@")
++if [ $? -ne 0 ]; then
++    usage $(basename $0)
++    exit 1
++fi
++eval set -- "$options"
++
++release=lucid
++if [ -f /etc/lsb-release ]; then
++    . /etc/lsb-release
++    case "$DISTRIB_CODENAME" in
++        lucid|maverick|natty|oneiric|precise)
++            release=$DISTRIB_CODENAME
++        ;;
++    esac
++fi
++
++bindhome=
++arch=$(arch)
++
++# Code taken from debootstrap
++if [ -x /usr/bin/dpkg ] && /usr/bin/dpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/dpkg --print-architecture`
++elif type udpkg >/dev/null 2>&1 && udpkg --print-architecture >/dev/null 2>&1; then
++    arch=`/usr/bin/udpkg --print-architecture`
++else
++    arch=$(arch)
++    if [ "$arch" = "i686" ]; then
++        arch="i386"
++    elif [ "$arch" = "x86_64" ]; then
++        arch="amd64"
++    elif [ "$arch" = "armv7l" ]; then
++        arch="armel"
++    fi
++fi
++
++trim_container=0
++hostarch=$arch
++flushcache=0
++while true
++do
++    case "$1" in
++    -h|--help)      usage $0 && exit 0;;
++    -p|--path)      path=$2; shift 2;;
++    -n|--name)      name=$2; shift 2;;
++    -F|--flush-cache) flushcache=1; shift 1;;
++    -r|--release)   release=$2; shift 2;;
++    -b|--bindhome)  bindhome=$2; shift 2;;
++    -a|--arch)      arch=$2; shift 2;;
++    -x|--trim)      trim_container=1; shift 1;;
++    --)             shift 1; break ;;
++        *)              break ;;
++    esac
++done
++
++pwd=`getent passwd $bindhome`
++if [ $? -ne 0 ]; then
++    echo "Error: no password entry found for $bindhome"
++    exit 1
++fi
++
++
++if [ "$arch" == "i686" ]; then
++    arch=i386
++fi
++
++if [ $hostarch = "i386" -a $arch = "amd64" ]; then
++    echo "can't create amd64 container on i386"
++    exit 1
++fi
++
++type debootstrap
++if [ $? -ne 0 ]; then
++    echo "'debootstrap' command is missing"
++    exit 1
++fi
++
++if [ -z "$path" ]; then
++    echo "'path' parameter is required"
++    exit 1
++fi
++
++if [ "$(id -u)" != "0" ]; then
++    echo "This script should be run as 'root'"
++    exit 1
++fi
++
++rootfs=$path/rootfs
++
++install_ubuntu $rootfs $release $flushcache
++if [ $? -ne 0 ]; then
++    echo "failed to install ubuntu $release"
++    exit 1
++fi
++
++configure_ubuntu $rootfs $name
++if [ $? -ne 0 ]; then
++    echo "failed to configure ubuntu $release for a container"
++    exit 1
++fi
++
++copy_configuration $path $rootfs $name $arch
++if [ $? -ne 0 ]; then
++    echo "failed write configuration file"
++    exit 1
++fi
++
++post_process $rootfs $release $trim_container
++if [ ! -z $bindhome ]; then
++	do_bindhome $rootfs $bindhome
++fi
 === added file 'debian/patches/0040-consoles-into-devlxc.patch'
 --- debian/patches/0040-consoles-into-devlxc.patch	1970-01-01 00:00:00 +0000
 +++ debian/patches/0040-consoles-into-devlxc.patch	2012-02-11 04:43:19 +0000
@@ -0,0 +1,278 @@
++Description: add lxc.devttydir config variable
++ If set, then the console and ttys will be bind-mounted not over
++ /dev/console but /dev/<ttydir>/console, then symlinked from there
++ to /dev/console.
++ This will be forwarded but has not yet been.
++Author: Serge Hallyn <serge.hallyn@ubuntu.com>
++Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/927519
++Forwarded: no
++
++Index: lxc-0.7.5/src/lxc/conf.c
++===================================================================
++--- lxc-0.7.5.orig/src/lxc/conf.c	2011-07-24 22:27:10.000000000 +0000
+++++ lxc-0.7.5/src/lxc/conf.c	2012-02-10 21:34:45.204739567 +0000
++@@ -505,10 +505,10 @@
++ }
++
++ static int setup_tty(const struct lxc_rootfs *rootfs,
++-		     const struct lxc_tty_info *tty_info)
+++		     const struct lxc_tty_info *tty_info, char *ttydir)
++ {
++-	char path[MAXPATHLEN];
++-	int i;
+++	char path[MAXPATHLEN], lxcpath[MAXPATHLEN];
+++	int i, ret;
++
++ 	if (!rootfs->path)
++ 		return 0;
++@@ -517,17 +517,50 @@
++
++ 		struct lxc_pty_info *pty_info = &tty_info->pty_info[i];
++
++-		snprintf(path, sizeof(path), "%s/dev/tty%d",
+++		ret = snprintf(path, sizeof(path), "%s/dev/tty%d",
++ 			 rootfs->mount, i + 1);
+++		if (ret >= sizeof(path)) {
+++			ERROR("pathname too long for ttys");
+++			return -1;
+++		}
+++		if (ttydir) {
+++			/* create dev/lxc/tty%d" */
+++			snprintf(lxcpath, sizeof(lxcpath), "%s/dev/%s/tty%d",
+++				 rootfs->mount, ttydir, i + 1);
+++			if (ret >= sizeof(lxcpath)) {
+++				ERROR("pathname too long for ttys");
+++				return -1;
+++			}
+++			ret = creat(lxcpath, 0660);
+++			if (ret==-1 && errno != EEXIST) {
+++				SYSERROR("error creating %s\n", lxcpath);
+++				return -1;
+++			}
+++			close(ret);
+++			ret = unlink(path);
+++			if (ret && errno != ENOENT) {
+++				SYSERROR("error unlinking %s\n", path);
+++				return -1;
+++			}
++
++-		/* At this point I can not use the "access" function
++-		 * to check the file is present or not because it fails
++-		 * with EACCES errno and I don't know why :( */
++-
++-		if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
++-			WARN("failed to mount '%s'->'%s'",
++-			     pty_info->name, path);
++-			continue;
+++			if (mount(pty_info->name, lxcpath, "none", MS_BIND, 0)) {
+++				WARN("failed to mount '%s'->'%s'",
+++				     pty_info->name, path);
+++				continue;
+++			}
+++
+++			snprintf(lxcpath, sizeof(lxcpath), "%s/tty%d", ttydir, i+1);
+++			ret = symlink(lxcpath, path);
+++			if (ret) {
+++				SYSERROR("failed to create symlink for tty %d\n", i+1);
+++				return -1;
+++			}
+++		} else {
+++			if (mount(pty_info->name, path, "none", MS_BIND, 0)) {
+++				WARN("failed to mount '%s'->'%s'",
+++						pty_info->name, path);
+++				continue;
+++			}
++ 		}
++ 	}
++
++@@ -805,17 +838,18 @@
++ 	return 0;
++ }
++
++-static int setup_console(const struct lxc_rootfs *rootfs,
+++static int setup_dev_console(const struct lxc_rootfs *rootfs,
++ 			 const struct lxc_console *console)
++ {
++ 	char path[MAXPATHLEN];
++ 	struct stat s;
+++	int ret;
++
++-	/* We don't have a rootfs, /dev/console will be shared */
++-	if (!rootfs->path)
++-		return 0;
++-
++-	snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
+++	ret = snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
+++	if (ret >= sizeof(path)) {
+++		ERROR("console path too long\n");
+++		return -1;
+++	}
++
++ 	if (access(path, F_OK)) {
++ 		WARN("rootfs specified but no console found at '%s'", path);
++@@ -844,10 +878,85 @@
++ 	}
++
++ 	INFO("console has been setup");
+++	return 0;
+++}
+++
+++static int setup_ttydir_console(const struct lxc_rootfs *rootfs,
+++			 const struct lxc_console *console,
+++			 char *ttydir)
+++{
+++	char path[MAXPATHLEN], lxcpath[MAXPATHLEN];
+++	int ret;
+++
+++	/* create rootfs/dev/<ttydir> directory */
+++	ret = snprintf(path, sizeof(path), "%s/dev/%s", rootfs->mount,
+++		       ttydir);
+++	if (ret >= sizeof(path))
+++		return -1;
+++	ret = mkdir(path, 0755);
+++	if (ret && errno != EEXIST) {
+++		SYSERROR("failed with errno %d to create %s\n", errno, path);
+++		return -1;
+++	}
+++	INFO("created %s\n", path);
+++
+++	ret = snprintf(lxcpath, sizeof(lxcpath), "%s/dev/%s/console",
+++		       rootfs->mount, ttydir);
+++	if (ret >= sizeof(lxcpath)) {
+++		ERROR("console path too long\n");
+++		return -1;
+++	}
+++
+++	snprintf(path, sizeof(path), "%s/dev/console", rootfs->mount);
+++	ret = unlink(path);
+++	if (ret && errno != ENOENT) {
+++		SYSERROR("error unlinking %s\n", path);
+++		return -1;
+++	}
+++
+++	ret = creat(lxcpath, 0660);
+++	if (ret==-1 && errno != EEXIST) {
+++		SYSERROR("error %d creating %s\n", errno, lxcpath);
+++		return -1;
+++	}
+++	close(ret);
+++
+++	if (console->peer == -1) {
+++		INFO("no console output required");
+++		return 0;
+++	}
+++
+++	if (mount(console->name, lxcpath, "none", MS_BIND, 0)) {
+++		ERROR("failed to mount '%s' on '%s'", console->name, lxcpath);
+++		return -1;
+++	}
+++
+++	/* create symlink from rootfs/dev/console to 'lxc/console' */
+++	snprintf(lxcpath, sizeof(lxcpath), "%s/console", ttydir);
+++	ret = symlink(lxcpath, path);
+++	if (ret) {
+++		SYSERROR("failed to create symlink for console");
+++		return -1;
+++	}
+++
+++	INFO("console has been setup on %s", lxcpath);
++
++ 	return 0;
++ }
++
+++static int setup_console(const struct lxc_rootfs *rootfs,
+++			 const struct lxc_console *console,
+++			 char *ttydir)
+++{
+++	/* We don't have a rootfs, /dev/console will be shared */
+++	if (!rootfs->path)
+++		return 0;
+++	if (!ttydir)
+++		return setup_dev_console(rootfs, console);
+++
+++	return setup_ttydir_console(rootfs, console, ttydir);
+++}
+++
++ static int setup_cgroup(const char *name, struct lxc_list *cgroups)
++ {
++ 	struct lxc_list *iterator;
++@@ -1731,12 +1840,12 @@
++ 		return -1;
++ 	}
++
++-	if (setup_console(&lxc_conf->rootfs, &lxc_conf->console)) {
+++	if (setup_console(&lxc_conf->rootfs, &lxc_conf->console, lxc_conf->ttydir)) {
++ 		ERROR("failed to setup the console for '%s'", name);
++ 		return -1;
++ 	}
++
++-	if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info)) {
+++	if (setup_tty(&lxc_conf->rootfs, &lxc_conf->tty_info, lxc_conf->ttydir)) {
++ 		ERROR("failed to setup the ttys for '%s'", name);
++ 		return -1;
++ 	}
++Index: lxc-0.7.5/src/lxc/conf.h
++===================================================================
++--- lxc-0.7.5.orig/src/lxc/conf.h	2012-02-10 21:11:00.000000000 +0000
+++++ lxc-0.7.5/src/lxc/conf.h	2012-02-10 21:11:32.882527859 +0000
++@@ -192,6 +192,7 @@
++  * @caps       : list of the capabilities
++  * @tty_info   : tty data
++  * @console    : console data
+++ * @ttydir     : directory (under /dev) in which to create console and ttys
++  */
++ struct lxc_conf {
++ 	char *fstab;
++@@ -208,6 +209,7 @@
++ 	struct lxc_tty_info tty_info;
++ 	struct lxc_console console;
++ 	struct lxc_rootfs rootfs;
+++	char *ttydir;
++ };
++
++ /*
++Index: lxc-0.7.5/src/lxc/confile.c
++===================================================================
++--- lxc-0.7.5.orig/src/lxc/confile.c	2012-02-10 21:11:00.000000000 +0000
+++++ lxc-0.7.5/src/lxc/confile.c	2012-02-11 03:22:45.963238636 +0000
++@@ -47,6 +47,7 @@
++ static int config_personality(const char *, char *, struct lxc_conf *);
++ static int config_pts(const char *, char *, struct lxc_conf *);
++ static int config_tty(const char *, char *, struct lxc_conf *);
+++static int config_ttydir(const char *, char *, struct lxc_conf *);
++ static int config_cgroup(const char *, char *, struct lxc_conf *);
++ static int config_mount(const char *, char *, struct lxc_conf *);
++ static int config_rootfs(const char *, char *, struct lxc_conf *);
++@@ -80,6 +81,7 @@
++ 	{ "lxc.arch",                 config_personality          },
++ 	{ "lxc.pts",                  config_pts                  },
++ 	{ "lxc.tty",                  config_tty                  },
+++	{ "lxc.devttydir",            config_ttydir               },
++ 	{ "lxc.cgroup",               config_cgroup               },
++ 	{ "lxc.mount",                config_mount                },
++ 	{ "lxc.rootfs.mount",         config_rootfs_mount         },
++@@ -551,6 +553,24 @@
++
++ 	return 0;
++ }
+++
+++static int config_ttydir(const char *key, char *value,
+++			  struct lxc_conf *lxc_conf)
+++{
+++	char *path;
+++
+++	if (!value || strlen(value) == 0)
+++		return 0;
+++	path = strdup(value);
+++	if (!path) {
+++		SYSERROR("failed to strdup '%s': %m", value);
+++		return -1;
+++	}
+++
+++	lxc_conf->ttydir = path;
+++
+++	return 0;
+++}
++
++ static int config_cgroup(const char *key, char *value, struct lxc_conf *lxc_conf)
++ {
 === renamed file 'debian/patches/0040-consoles-into-devlxc.patch' => 'debian/patches/0040-consoles-into-devlxc.patch.moved'
 === added file 'debian/patches/0041-ubuntu-template-user-and-tty'
 --- debian/patches/0041-ubuntu-template-user-and-tty	1970-01-01 00:00:00 +0000
 +++ debian/patches/0041-ubuntu-template-user-and-tty	2012-02-11 04:43:19 +0000
@@ -0,0 +1,120 @@
++Description: Use ubuntu/ubuntu instead of root/root by default.
++             Also stop removing tty[56].conf in Precise.
++             Stop messing with dhclient.conf (default behavior is identical)
++             Set devttydir on Precise to /dev/lxc to allow for clean upgrades.
++Author: StÃ©phane Graber <stgraber@ubuntu.com>
++
++Index: lxc/templates/lxc-ubuntu.in
++===================================================================
++--- lxc.orig/templates/lxc-ubuntu.in	2012-02-10 22:30:22.188422468 -0500
+++++ lxc/templates/lxc-ubuntu.in	2012-02-10 23:23:23.521324942 -0500
++@@ -34,6 +34,7 @@
++ {
++     rootfs=$1
++     hostname=$2
+++    release=$3
++
++    # configure the network using the dhcp
++     cat <<EOF > $rootfs/etc/network/interfaces
++@@ -44,13 +45,6 @@
++ iface eth0 inet dhcp
++ EOF
++
++-    # so you can 'ssh $hostname.' or 'ssh $hostname.local'
++-    if [ -f $rootfs/etc/dhcp/dhclient.conf ]; then
++-        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp/dhclient.conf
++-    elif [ -f $rootfs/etc/dhcp3/dhclient.conf ]; then
++-        sed -i "s/<hostname>/$hostname/" $rootfs/etc/dhcp3/dhclient.conf
++-    fi
++-
++     # set the hostname
++     cat <<EOF > $rootfs/etc/hostname
++ $hostname
++@@ -60,16 +54,22 @@
++ 127.0.0.1 localhost $hostname
++ EOF
++
++-    # suppress log level output for udev
++-    sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
+++    if [ "$release" = "precise" ]; then
+++        group="sudo"
+++    else
+++        group="admin"
++
++-    # remove jobs for consoles 5 and 6 since we only create 4 consoles in
++-    # this template
++-    rm -f $rootfs/etc/init/tty{5,6}.conf
+++        # suppress log level output for udev
+++        sed -i "s/=\"err\"/=0/" $rootfs/etc/udev/udev.conf
++
++-    echo "Please change root-password !"
++-    echo "root:root" | chroot $rootfs chpasswd
+++        # remove jobs for consoles 5 and 6 since we only create 4 consoles in
+++        # this template
+++        rm -f $rootfs/etc/init/tty{5,6}.conf
+++    fi
++
+++    chroot $rootfs groupadd --system $group >/dev/null 2>&1 || true
+++    chroot $rootfs useradd --create-home -s /bin/bash -G $group ubuntu
+++    echo "ubuntu:ubuntu" | chroot $rootfs chpasswd
++     return 0
++ }
++
++@@ -191,7 +191,7 @@
++     rootfs=$3
++
++     # make a local copy of the miniubuntu
++-    echo -n "Copying rootfs to $rootfs ..."
+++    echo "Copying rootfs to $rootfs ..."
++     mkdir -p $rootfs
++     rsync -a $cache/rootfs-$arch/ $rootfs/ || return 1
++     return 0
++@@ -247,14 +247,21 @@
++     rootfs=$2
++     name=$3
++     arch=$4
+++    release=$5
++
++     if [ $arch = "i386" ]; then
++         arch="i686"
++     fi
++
+++    ttydir=""
+++    if [ $release = "precise" ]; then
+++        ttydir=" lxc"
+++    fi
+++
++     cat <<EOF >> $path/config
++ lxc.utsname = $name
++
+++lxc.devttydir = $ttydir
++ lxc.tty = 4
++ lxc.pts = 1024
++ lxc.rootfs = $rootfs
++@@ -577,13 +584,13 @@
++     exit 1
++ fi
++
++-configure_ubuntu $rootfs $name
+++configure_ubuntu $rootfs $name $release
++ if [ $? -ne 0 ]; then
++     echo "failed to configure ubuntu $release for a container"
++     exit 1
++ fi
++
++-copy_configuration $path $rootfs $name $arch
+++copy_configuration $path $rootfs $name $arch $release
++ if [ $? -ne 0 ]; then
++     echo "failed write configuration file"
++     exit 1
++@@ -593,3 +600,10 @@
++ if [ ! -z $bindhome ]; then
++ 	do_bindhome $rootfs $bindhome
++ fi
+++
+++echo ""
+++echo "##"
+++echo "# The default user is 'ubuntu' with password 'ubuntu'!"
+++echo "# Use the 'sudo' command to run tasks as root in the container."
+++echo "##"
+++echo ""
 === renamed file 'debian/patches/0041-ubuntu-template-user-and-tty' => 'debian/patches/0041-ubuntu-template-user-and-tty.moved'

Ubuntulxc package