vagrant-lxc 1.0.0.alpha.2 → 1.0.0.alpha.3

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: f16ecc96c3d6f94a025db26d4fa9acfdbd29f153
-  data.tar.gz: 67475bf75d68f60d9a45f913258fc08e4d3d57c9
+  metadata.gz: bd50ec26aecfabf94b58e9f16ff0a996fc6d7598
+  data.tar.gz: ae1c22bb9caf6b7b233d0acc100437619f3b5728
 SHA512:
-  metadata.gz: 43322e18345da08c92c6beb2a0a8c38cf33dacd4b6b2f05c4222333a23c2e6a39ad25a4fa61d022355d8ab3b6e57de7bbfe0b7d83958a56b5c71d5131038a30c
-  data.tar.gz: ee9ed4e6f30c100a21a07e57bc7eb9ee83f88aa12d8e8d8927e0dff8b26bf5f9bdeb5f05cf72e8c3ffc8f0bc7763531342fd5de660ef38326a61acbcd26aaa40
+  metadata.gz: 1235a0aa274186d0181eadda1f1491ecde4484f96dfc1f50a6b313621da5cd35ce06f75d43dc4a74281c27e55aabc65949187c7abe3f484a9e574f191b8fe536
+  data.tar.gz: 91a879e4104ea0c7e2104c36e91147037ba76f0a3c37e79e7cc9f2e4e3a5ec279b39d6b99f84f12399bae2c24ec38ed8a2dab47957f4dc356b0bb8d36e075f85

data/CHANGELOG.md

@@ -1,3 +1,29 @@
+## [1.0.0.alpha.3](https://github.com/fgrehm/vagrant-lxc/compare/v1.0.0.alpha.2...v1.0.0.alpha.3) (Aug 9, 2014)
+
+IMPROVEMENTS:
+
+  - Remove `lxc-shutdown` usage in favor of Vagrant's built in graceful halt
+  - Add fallback mechanism for platforms without `lxc-attach` support [[GH-294]]
+
+[GH-294]: https://github.com/fgrehm/vagrant-lxc/pull/294
+
+BUG FIXES:
+
+  - Figure out the real executable paths for whitelisted commands on the sudo
+    wrapper script instead of hardcoding Ubuntu paths [[GH-304]] / [[GH-305]]
+  - Attach to containers using the `MOUNT` namespace when attempting to fetch
+    container's IP [[GH-300]]
+  - Escape space characters for synced folders [[GH-291]]
+  - Use Vagrant's ruby on the sudoers file so that it works on systems that don't
+    have a global ruby installation [[GH-289]]
+
+[GH-304]: https://github.com/fgrehm/vagrant-lxc/issues/304
+[GH-305]: https://github.com/fgrehm/vagrant-lxc/issues/305
+[GH-300]: https://github.com/fgrehm/vagrant-lxc/issues/300
+[GH-291]: https://github.com/fgrehm/vagrant-lxc/issues/291
+[GH-289]: https://github.com/fgrehm/vagrant-lxc/issues/289
+
+
 ## [1.0.0.alpha.2](https://github.com/fgrehm/vagrant-lxc/compare/v1.0.0.alpha.1...v1.0.0.alpha.2) (May 13, 2014)
 
 BACKWARDS INCOMPATIBILITIES:

data/Gemfile

@@ -9,7 +9,7 @@ end
 
 group :development, :test do
   gem 'rake'
-  gem 'rspec',        '2.99.0.beta2'
+  gem 'rspec',        '2.99.0'
   gem 'coveralls',    require: (ENV['COVERAGE'] == 'true')
   gem 'vagrant-spec', git: 'https://github.com/mitchellh/vagrant-spec.git'
 end

data/Gemfile.lock

@@ -1,6 +1,6 @@
 GIT
   remote: https://github.com/fgrehm/vagrant-cachier.git
-  revision: 6e160ba4cbfc197f8fff1db385fb9d6b9463eba1
+  revision: 6f275353b82ab57ada04c79f6fb2befce0395c77
   specs:
     vagrant-cachier (0.7.2)
 
@@ -22,9 +22,9 @@ GIT
 
 GIT
   remote: https://github.com/mitchellh/vagrant.git
-  revision: 9475ed9a50650b88db444ac07a7034775d3b814e
+  revision: 0a5f6bb77e6a61b56c96057de94f5f8c6868e27c
   specs:
-    vagrant (1.6.2)
+    vagrant (1.6.4.dev)
       bundler (>= 1.5.2, < 1.7.0)
       childprocess (~> 0.5.0)
       erubis (~> 2.7.0)
@@ -40,7 +40,7 @@ GIT
 PATH
   remote: .
   specs:
-    vagrant-lxc (1.0.0.alpha.2)
+    vagrant-lxc (1.0.0.alpha.3)
 
 GEM
   remote: https://rubygems.org/
@@ -51,9 +51,6 @@ GEM
     builder (3.2.2)
     celluloid (0.15.2)
       timers (~> 1.1.0)
-    celluloid-io (0.15.0)
-      celluloid (>= 0.15.0)
-      nio4r (>= 0.5.0)
     childprocess (0.5.3)
       ffi (~> 1.0, >= 1.0.11)
     coderay (1.1.0)
@@ -67,7 +64,7 @@ GEM
     docile (1.1.3)
     erubis (2.7.0)
     ffi (1.9.3)
-    formatador (0.2.4)
+    formatador (0.2.5)
     gssapi (1.0.3)
       ffi (>= 1.0.1)
     guard (2.6.1)
@@ -81,13 +78,12 @@ GEM
       rspec (>= 2.14, < 4.0)
     gyoku (1.1.1)
       builder (>= 2.1.2)
-    httpclient (2.3.4.1)
+    httpclient (2.4.0)
     httpi (0.9.7)
       rack
     i18n (0.6.9)
-    listen (2.7.4)
+    listen (2.7.7)
       celluloid (>= 0.15.2)
-      celluloid-io (>= 0.15.0)
       rb-fsevent (>= 0.9.3)
       rb-inotify (>= 0.9)
     little-plugger (1.1.3)
@@ -95,39 +91,38 @@ GEM
     logging (1.8.2)
       little-plugger (>= 1.1.3)
       multi_json (>= 1.8.4)
-    lumberjack (1.0.5)
+    lumberjack (1.0.6)
     method_source (0.8.2)
-    mime-types (2.2)
-    mini_portile (0.5.3)
-    multi_json (1.10.0)
+    mime-types (2.3)
+    mini_portile (0.6.0)
+    multi_json (1.10.1)
     net-scp (1.1.2)
       net-ssh (>= 2.6.5)
-    net-ssh (2.9.0)
-    nio4r (1.0.0)
-    nokogiri (1.6.2)
-      mini_portile (~> 0.5.2)
+    net-ssh (2.9.1)
+    nokogiri (1.6.2.1)
+      mini_portile (= 0.6.0)
     nori (1.1.5)
     pry (0.9.12.6)
       coderay (~> 1.0)
       method_source (~> 0.8)
       slop (~> 3.4)
     rack (1.5.2)
-    rake (10.3.1)
+    rake (10.3.2)
     rb-fsevent (0.9.4)
-    rb-inotify (0.9.4)
+    rb-inotify (0.9.5)
       ffi (>= 0.5.0)
-    rb-kqueue (0.2.2)
+    rb-kqueue (0.2.3)
       ffi (>= 0.5.0)
     rest-client (1.6.7)
       mime-types (>= 1.16)
-    rspec (2.99.0.beta2)
-      rspec-core (= 2.99.0.beta2)
-      rspec-expectations (= 2.99.0.beta2)
-      rspec-mocks (= 2.99.0.beta2)
-    rspec-core (2.99.0.beta2)
-    rspec-expectations (2.99.0.beta2)
+    rspec (2.99.0)
+      rspec-core (~> 2.99.0)
+      rspec-expectations (~> 2.99.0)
+      rspec-mocks (~> 2.99.0)
+    rspec-core (2.99.0)
+    rspec-expectations (2.99.0)
       diff-lcs (>= 1.1.3, < 2.0)
-    rspec-mocks (2.99.0.beta2)
+    rspec-mocks (2.99.0)
     rubyntlm (0.1.1)
     savon (0.9.5)
       akami (~> 1.0)
@@ -147,7 +142,7 @@ GEM
       tins (~> 1.0)
     thor (0.18.1)
     timers (1.1.0)
-    tins (1.2.0)
+    tins (1.3.0)
     uuidtools (2.1.4)
     vagrant-omnibus (1.4.1)
     wasabi (1.0.0)
@@ -171,7 +166,7 @@ DEPENDENCIES
   guard-rspec
   rake
   rb-inotify
-  rspec (= 2.99.0.beta2)
+  rspec (= 2.99.0)
   vagrant!
   vagrant-cachier!
   vagrant-lxc!

data/README.md

@@ -1,6 +1,6 @@
 # vagrant-lxc
 
-[![Build Status](https://travis-ci.org/fgrehm/vagrant-lxc.png?branch=master)](https://travis-ci.org/fgrehm/vagrant-lxc) [![Gem Version](https://badge.fury.io/rb/vagrant-lxc.png)](http://badge.fury.io/rb/vagrant-lxc) [![Code Climate](https://codeclimate.com/github/fgrehm/vagrant-lxc.png)](https://codeclimate.com/github/fgrehm/vagrant-lxc) [![Coverage Status](https://coveralls.io/repos/fgrehm/vagrant-lxc/badge.png?branch=master)](https://coveralls.io/r/fgrehm/vagrant-lxc) [![Gittip](http://img.shields.io/gittip/fgrehm.svg)](https://www.gittip.com/fgrehm/)
+[![Build Status](https://travis-ci.org/fgrehm/vagrant-lxc.png?branch=master)](https://travis-ci.org/fgrehm/vagrant-lxc) [![Gem Version](https://badge.fury.io/rb/vagrant-lxc.png)](http://badge.fury.io/rb/vagrant-lxc) [![Code Climate](https://codeclimate.com/github/fgrehm/vagrant-lxc.png)](https://codeclimate.com/github/fgrehm/vagrant-lxc) [![Coverage Status](https://coveralls.io/repos/fgrehm/vagrant-lxc/badge.png?branch=master)](https://coveralls.io/r/fgrehm/vagrant-lxc) [![Gittip](http://img.shields.io/gittip/fgrehm.svg)](https://www.gittip.com/fgrehm/) [![Gitter chat](https://badges.gitter.im/fgrehm/vagrant-lxc.png)](https://gitter.im/fgrehm/vagrant-lxc)
 
 [LXC](http://lxc.sourceforge.net/) provider for [Vagrant](http://www.vagrantup.com/) 1.1+
 
@@ -20,7 +20,7 @@ branch.
 * Port forwarding via [`redir`](http://linux.die.net/man/1/redir)
 
 As of now, it does not support public / private networks, but [private networks](https://github.com/fgrehm/vagrant-lxc/issues/120)
-will be coming along _soon_.
+will be coming along with the final 1.0.0 release.
 
 ## Requirements
 
@@ -49,7 +49,7 @@ disable checksum offloading as described on [this comment](https://github.com/fg
 On Vagrant 1.5+:
 
 ```
-vagrant plugin install vagrant-lxc --plugin-version 1.0.0.alpha.2
+vagrant plugin install vagrant-lxc --plugin-version 1.0.0.alpha.3
 ```
 
 On Vagrant < 1.5:
@@ -165,7 +165,7 @@ are not supported on mainstream kernels. To work around that, you can use the
 whitelisting all commands required by `vagrant-lxc` to run.
 
 If you are interested on what will be generated by that command, please check
-[this code](lib/vagrant-lxc/commands/sudoers.rb).
+[this code](lib/vagrant-lxc/command/sudoers.rb).
 
 _vagrant-lxc < 1.0.0 users, please check this [Wiki page](https://github.com/fgrehm/vagrant-lxc/wiki/Avoiding-%27sudo%27-passwords)_
 

data/lib/vagrant-lxc/action.rb

@@ -197,8 +197,14 @@ module Vagrant
       def self.action_fetch_ip
         Builder.new.tap do |b|
           b.use Builtin::ConfigValidate
-          b.use FetchIpWithLxcAttach
-          b.use FetchIpFromDnsmasqLeases
+          b.use Builtin::Call, Builtin::IsState, :running do |env, b2|
+            if env[:result]
+              b2.use FetchIpWithLxcAttach if env[:machine].provider.driver.supports_attach?
+              b2.use FetchIpFromDnsmasqLeases
+            else
+              b2.use Builtin::Message, I18n.t("vagrant_lxc.messages.not_running")
+            end
+          end
         end
       end
 

data/lib/vagrant-lxc/action/fetch_ip_with_lxc_attach.rb

@@ -32,7 +32,7 @@ module Vagrant
 
         # From: https://github.com/lxc/lxc/blob/staging/src/python-lxc/lxc/__init__.py#L371-L385
         def get_container_ip_from_ip_addr(driver)
-          output = driver.attach '/sbin/ip', '-4', 'addr', 'show', 'scope', 'global', 'eth0', namespaces: 'network'
+          output = driver.attach '/sbin/ip', '-4', 'addr', 'show', 'scope', 'global', 'eth0', namespaces: ['network', 'mount']
           if output =~ /^\s+inet ([0-9.]+)\/[0-9]+\s+/
             return $1.to_s
           end

data/lib/vagrant-lxc/command/sudoers.rb

@@ -40,135 +40,25 @@ module Vagrant
         end
 
         private
-        # REFACTOR: Make use ERB rendering after https://github.com/mitchellh/vagrant/issues/3231
-        #           lands into core
+
+        # This requires vagrant 1.5.2+ https://github.com/mitchellh/vagrant/commit/3371c3716278071680af9b526ba19235c79c64cb
         def create_wrapper!
           wrapper = Tempfile.new('lxc-wrapper').tap do |file|
-            file.puts "#!/usr/bin/env ruby"
-            file.puts "# Automatically created by vagrant-lxc"
-            file.puts <<-EOF
-class Whitelist
-  class << self
-    def add(command, *args)
-      list[command] << args
-    end
-
-    def list
-      @list ||= Hash.new do |key, hsh|
-        key[hsh] = []
-      end
-    end
-
-    def allowed(command)
-      list[command] || []
-    end
-
-    def run!(argv)
-      begin
-        command, args = `which \#{argv.shift}`.chomp, argv || []
-        check!(command, args)
-        puts `\#{command} \#{args.join(" ")}`
-        exit $?.to_i
-      rescue => e
-        STDERR.puts e.message
-        exit 1
-      end
-    end
-
-    private
-    def check!(command, args)
-      allowed(command).each do |checks|
-        return if valid_args?(args, checks)
-      end
-      raise_invalid(command, args)
-    end
-
-    def valid_args?(args, checks)
-      return false unless valid_length?(args, checks)
-      check = nil
-      args.each_with_index do |provided, i|
-        check = checks[i] unless check == '**'
-        return false unless match?(provided, check)
-      end
-      true
-    end
-
-    def valid_length?(args, checks)
-      args.length == checks.length || checks.last == '**'
-    end
-
-    def match?(arg, check)
-      check == '**' || check.is_a?(Regexp) && !!check.match(arg) || arg == check
-    end
-
-    def raise_invalid(command, args)
-      raise "Invalid arguments for command \#{command}, " <<
-        "provided args: \#{args.inspect}"
-    end
-  end
-end
-
-base = "/var/lib/lxc"
-base_path = %r{\\A\#{base}/.*\\z}
-templates_path = %r{\\A/usr/(share|lib|lib64|local/lib)/lxc/templates/.*\\z}
-
-##
-# Commands from provider.rb
-# - Check lxc is installed
-Whitelist.add '/usr/bin/which', /\\Alxc-\\w+\\z/
-
-##
-# Commands from driver.rb
-# - Container config file
-Whitelist.add '/bin/cat', base_path
-# - Shared folders
-Whitelist.add '/bin/mkdir', '-p', base_path
-# - Container config customizations and pruning
-Whitelist.add '/bin/cp', '-f', %r{/tmp/.*}, base_path
-Whitelist.add '/bin/chown', 'root:root', base_path
-# - Template import
-Whitelist.add '/bin/cp', %r{\\A.*\\z}, templates_path
-Whitelist.add '/bin/cp', %r{\\A.*\\z}, templates_path
-Whitelist.add '/bin/cp', %r{\\A.*\\z}, templates_path
-Whitelist.add '/bin/chmod', '+x', templates_path
-# - Template removal
-Whitelist.add '/bin/rm', templates_path
-# - Packaging
-Whitelist.add '/bin/tar', '--numeric-owner', '-cvzf', %r{/tmp/.*/rootfs.tar.gz}, '-C', base_path, './rootfs'
-Whitelist.add '/bin/chown', /\\A\\d+:\\d+\\z/, %r{\\A/tmp/.*/rootfs\.tar\.gz\\z}
-
-##
-# Commands from driver/cli.rb
-Whitelist.add '/usr/bin/lxc-version'
-Whitelist.add '/usr/bin/lxc-ls'
-Whitelist.add '/usr/bin/lxc-info', '--name', /.*/
-Whitelist.add '/usr/bin/lxc-create', '-B', /.*/, '--template', /.*/, '--name', /.*/, '**'
-Whitelist.add '/usr/bin/lxc-destroy',  '--name', /.*/
-Whitelist.add '/usr/bin/lxc-start', '-d', '--name', /.*/, '**'
-Whitelist.add '/usr/bin/lxc-stop', '--name', /.*/
-Whitelist.add '/usr/bin/lxc-shutdown', '--name', /.*/
-Whitelist.add '/usr/bin/lxc-attach', '--name', /.*/, '**'
-Whitelist.add '/usr/bin/lxc-attach', '-h'
-
-##
-# Commands from driver/action/remove_temporary_files.rb
-Whitelist.add '/bin/rm', '-rf', %r{\\A\#{base}/.*/rootfs/tmp/.*}
-
-# Watch out for stones
-Whitelist.run!(ARGV)
-            EOF
+            template = Vagrant::Util::TemplateRenderer.new(
+              'sudoers.rb',
+              :template_root => Vagrant::LXC.source_root.join('templates').to_s,
+              :cmd_paths     => build_cmd_paths_hash
+            )
+            file.puts template.render
           end
           wrapper.close
           wrapper.path
         end
 
-        # REFACTOR: Make use ERB rendering after https://github.com/mitchellh/vagrant/issues/3231
-        #           lands into core
         def create_sudoers!(user, command)
           sudoers = Tempfile.new('vagrant-lxc-sudoers').tap do |file|
             file.puts "# Automatically created by vagrant-lxc"
-            file.puts "Cmnd_Alias LXC = #{command}"
-            file.puts "#{user} ALL=(root) NOPASSWD: LXC"
+            file.puts "#{user} ALL=(root) NOPASSWD: #{command}"
           end
           sudoers.close
           sudoers.path
@@ -185,6 +75,15 @@ Whitelist.run!(ARGV)
           }.flatten
           system "echo \"#{commands.join("; ")}\" | sudo sh"
         end
+
+        def build_cmd_paths_hash
+          {}.tap do |hash|
+            %w( which cat mkdir cp chown chmod rm tar chown ).each do |cmd|
+              hash[cmd] = `which #{cmd}`.strip
+            end
+            hash['lxc_bin'] = Pathname(`which lxc-create`.strip).parent.to_s
+          end
+        end
       end
     end
   end

data/lib/vagrant-lxc/driver.rb

@@ -84,6 +84,8 @@ module Vagrant
         end
 
         mount_options = Array(mount_options || ['bind'])
+        host_path     = host_path.to_s.gsub(' ', '\\\040')
+        guest_path    = guest_path.gsub(' ', '\\\040')
         @customizations << ['mount.entry', "#{host_path} #{guest_path} none #{mount_options.join(',')} 0 0"]
       end
 
@@ -102,10 +104,6 @@ module Vagrant
 
       def forced_halt
         @logger.info('Shutting down container...')
-        # TODO: Remove `lxc-shutdown` usage, graceful halt is enough
-        @cli.transition_to(:stopped) { |c| c.shutdown }
-      # REFACTOR: Do not use exception to control the flow
-      rescue CLI::TargetStateNotReached, CLI::ShutdownNotSupported
         @cli.transition_to(:stopped) { |c| c.stop }
       end
 
@@ -113,6 +111,10 @@ module Vagrant
         @cli.destroy
       end
 
+      def supports_attach?
+        @cli.supports_attach?
+      end
+
       def attach(*command)
         @cli.attach(*command)
       end

data/lib/vagrant-lxc/driver/cli.rb

@@ -10,7 +10,6 @@ module Vagrant
         attr_accessor :name
 
         class TransitionBlockNotProvided < RuntimeError; end
-        class ShutdownNotSupported < RuntimeError; end
         class TargetStateNotReached < RuntimeError
           def initialize(target_state, state)
             msg = "Target state '#{target_state}' not reached, currently on '#{state}'"
@@ -77,19 +76,10 @@ module Vagrant
         end
 
         def stop
-          attach '/sbin/halt'
+          attach '/sbin/halt' if supports_attach?
           run :stop, '--name', @name
         end
 
-        def shutdown
-          if system('which lxc-shutdown > /dev/null')
-            run :shutdown, '--name', @name
-          else
-            # REFACTOR: Do not use exception to control the flow
-            raise ShutdownNotSupported
-          end
-        end
-
         def attach(*cmd)
           cmd = ['--'] + cmd
 
@@ -97,6 +87,11 @@ module Vagrant
             opts       = cmd.pop
             namespaces = Array(opts[:namespaces]).map(&:upcase).join('|')
 
+            # HACK: The wrapper script should be able to handle this
+            if @sudo_wrapper.wrapper_path
+              namespaces = "'#{namespaces}'"
+            end
+
             if namespaces
               if supports_attach_with_namespaces?
                 extra = ['--namespaces', namespaces]
@@ -126,6 +121,19 @@ module Vagrant
           end
         end
 
+        def supports_attach?
+          unless defined?(@supports_attach)
+            begin
+              @supports_attach = true
+              run(:attach, '--name', @name, '--', '/bin/true')
+            rescue LXC::Errors::ExecuteError
+              @supports_attach = false
+            end
+          end
+
+          return @supports_attach
+        end
+
         private
 
         def run(command, *args)

data/lib/vagrant-lxc/sudo_wrapper.rb

@@ -4,6 +4,8 @@ module Vagrant
       # Include this so we can use `Subprocess` more easily.
       include Vagrant::Util::Retryable
 
+      attr_reader :wrapper_path
+
       def initialize(wrapper_path = nil)
         @wrapper_path = wrapper_path
         @logger       = Log4r::Logger.new("vagrant::lxc::sudo_wrapper")

data/lib/vagrant-lxc/version.rb

@@ -1,5 +1,5 @@
 module Vagrant
   module LXC
-    VERSION = "1.0.0.alpha.2"
+    VERSION = "1.0.0.alpha.3"
   end
 end

data/spec/unit/driver/cli_spec.rb

@@ -4,7 +4,7 @@ require 'vagrant-lxc/sudo_wrapper'
 require 'vagrant-lxc/driver/cli'
 
 describe Vagrant::LXC::Driver::CLI do
-  let(:sudo_wrapper) { double(Vagrant::LXC::SudoWrapper, run: true) }
+  let(:sudo_wrapper) { double(Vagrant::LXC::SudoWrapper, run: true, wrapper_path: nil) }
 
   subject { described_class.new(sudo_wrapper) }
 
@@ -110,23 +110,42 @@ describe Vagrant::LXC::Driver::CLI do
     end
   end
 
-  describe 'shutdown' do
+  describe 'stop' do
     let(:name) { 'a-running-container' }
     subject    { described_class.new(sudo_wrapper, name) }
 
     before do
-      subject.stub(system: true)
       allow(subject).to receive(:run)
     end
 
-    it 'issues a lxc-shutdown with provided container name' do
-      subject.shutdown
-      expect(subject).to have_received(:run).with(:shutdown, '--name', name)
+    context 'lxc-attach is supported' do
+      before do
+        subject.stub(attach: true, supports_attach?: true)
+        subject.stop
+      end
+
+      it 'runs a /sbin/halt within the container' do
+        expect(subject).to have_received(:attach).with('/sbin/halt')
+      end
+
+      it 'issues a lxc-stop with provided container name' do
+        expect(subject).to have_received(:run).with(:stop, '--name', name)
+      end
     end
 
-    it 'raises a ShutdownNotSupported in case it is not supported' do
-      allow(subject).to receive(:system).with('which lxc-shutdown > /dev/null').and_return(false)
-      expect { subject.shutdown }.to raise_error(described_class::ShutdownNotSupported)
+    context 'lxc-attach is not supported' do
+      before do
+        subject.stub(attach: false, supports_attach?: false)
+        subject.stop
+      end
+
+      it 'runs a /sbin/halt within the container' do
+        expect(subject).to_not have_received(:attach)
+      end
+
+      it 'issues a lxc-stop with provided container name' do
+        expect(subject).to have_received(:run).with(:stop, '--name', name)
+      end
     end
   end
 
@@ -183,9 +202,6 @@ describe Vagrant::LXC::Driver::CLI do
   end
 
   describe 'transition block' do
-    let(:name) { 'a-running-container' }
-    subject    { described_class.new(name) }
-
     before do
       subject.stub(run: true, sleep: true, state: :stopped)
     end
@@ -204,4 +220,33 @@ describe Vagrant::LXC::Driver::CLI do
 
     skip 'waits for the expected container state'
   end
+
+  describe 'check for whether lxc-attach is supported' do
+    let(:name) { 'a-running-container' }
+    subject    { described_class.new(sudo_wrapper, name) }
+
+    context 'lxc-attach is present on system' do
+      before { subject.stub(run: true) }
+
+      it 'returns true if `lxc-attach --name CNAME -- /bin/true` works' do
+        expect(subject.supports_attach?).to be_truthy
+        expect(subject).to have_received(:run).with(
+          :attach, '--name', name, '--', '/bin/true'
+        )
+      end
+    end
+
+    context 'lxc-attach is not present on system' do
+      before do
+        allow(subject).to receive(:run).and_raise(Vagrant::LXC::Errors::ExecuteError.new('msg'))
+      end
+
+      it 'returns true if `lxc-attach --name CNAME -- /bin/true` works' do
+        expect(subject.supports_attach?).to be_falsy
+        expect(subject).to have_received(:run).with(
+          :attach, '--name', name, '--', '/bin/true'
+        )
+      end
+    end
+  end
 end

data/spec/unit/driver_spec.rb

@@ -75,6 +75,17 @@ describe Vagrant::LXC::Driver do
     end
   end
 
+  describe 'supports_attach?' do
+    let(:cli) { double(Vagrant::LXC::Driver::CLI, supports_attach?: true) }
+
+    subject { described_class.new('name', nil, cli) }
+
+    it 'delegates to cli object' do
+      expect(subject.supports_attach?).to be_truthy
+      expect(cli).to have_received(:supports_attach?)
+    end
+  end
+
   describe 'start' do
     let(:customizations)         { [['a', '1'], ['b', '2']] }
     let(:internal_customization) { ['internal', 'customization'] }
@@ -102,7 +113,7 @@ describe Vagrant::LXC::Driver do
   end
 
   describe 'halt' do
-    let(:cli) { double(Vagrant::LXC::Driver::CLI, shutdown: true) }
+    let(:cli) { double(Vagrant::LXC::Driver::CLI, stop: true) }
 
     subject { described_class.new('name', nil, cli) }
 
@@ -110,8 +121,8 @@ describe Vagrant::LXC::Driver do
       allow(cli).to receive(:transition_to).and_yield(cli)
     end
 
-    it 'delegates to cli shutdown' do
-      expect(cli).to receive(:shutdown)
+    it 'delegates to cli stop' do
+      expect(cli).to receive(:stop)
       subject.forced_halt
     end
 
@@ -122,14 +133,7 @@ describe Vagrant::LXC::Driver do
 
     it 'attempts to force the container to stop in case a shutdown doesnt work' do
       allow(cli).to receive(:shutdown).and_raise(Vagrant::LXC::Driver::CLI::TargetStateNotReached.new :target, :source)
-      expect(cli).to receive(:transition_to).with(:stopped).twice
-      expect(cli).to receive(:stop)
-      subject.forced_halt
-    end
-
-    it 'attempts to force the container to stop in case lxc-shutdown is not supported' do
-      allow(cli).to receive(:shutdown).and_raise(Vagrant::LXC::Driver::CLI::ShutdownNotSupported)
-      expect(cli).to receive(:transition_to).with(:stopped).twice
+      expect(cli).to receive(:transition_to).with(:stopped)
       expect(cli).to receive(:stop)
       subject.forced_halt
     end
@@ -149,7 +153,8 @@ describe Vagrant::LXC::Driver do
   describe 'folder sharing' do
     let(:shared_folder)       { {guestpath: '/vagrant', hostpath: '/path/to/host/dir'} }
     let(:ro_rw_folder)        { {guestpath: '/vagrant/ro_rw', hostpath: '/path/to/host/dir', mount_options: ['ro', 'rw']} }
-    let(:folders)             { [shared_folder, ro_rw_folder] }
+    let(:with_space_folder)   { {guestpath: '/tmp/with space', hostpath: '/path/with space'} }
+    let(:folders)             { [shared_folder, ro_rw_folder, with_space_folder] }
     let(:rootfs_path)         { Pathname('/path/to/rootfs') }
     let(:expected_guest_path) { "vagrant" }
     let(:sudo_wrapper)        { double(Vagrant::LXC::SudoWrapper, run: true) }
@@ -178,5 +183,12 @@ describe Vagrant::LXC::Driver do
         "#{ro_rw_folder[:hostpath]} vagrant/ro_rw none ro,rw 0 0"
       ]
     end
+
+    it 'supports directories with spaces' do
+      expect(subject.customizations).to include [
+        'mount.entry',
+        "/path/with\\040space tmp/with\\040space none bind 0 0"
+      ]
+    end
   end
 end

data/templates/sudoers.rb.erb

@@ -0,0 +1,110 @@
+#!/opt/vagrant/embedded/bin/ruby
+# Automatically created by vagrant-lxc
+
+class Whitelist
+  class << self
+    def add(command, *args)
+      list[command] << args
+    end
+
+    def list
+      @list ||= Hash.new do |key, hsh|
+        key[hsh] = []
+      end
+    end
+
+    def allowed(command)
+      list[command] || []
+    end
+
+    def run!(argv)
+      begin
+        command, args = `which #{argv.shift}`.chomp, argv || []
+        check!(command, args)
+        puts `#{command} #{args.join(" ")}`
+        exit $?.to_i
+      rescue => e
+        STDERR.puts e.message
+        exit 1
+      end
+    end
+
+    private
+    def check!(command, args)
+      allowed(command).each do |checks|
+        return if valid_args?(args, checks)
+      end
+      raise_invalid(command, args)
+    end
+
+    def valid_args?(args, checks)
+      return false unless valid_length?(args, checks)
+      check = nil
+      args.each_with_index do |provided, i|
+        check = checks[i] unless check == '**'
+        return false unless match?(provided, check)
+      end
+      true
+    end
+
+    def valid_length?(args, checks)
+      args.length == checks.length || checks.last == '**'
+    end
+
+    def match?(arg, check)
+      check == '**' || check.is_a?(Regexp) && !!check.match(arg) || arg == check
+    end
+
+    def raise_invalid(command, args)
+      raise "Invalid arguments for command #{command}, " <<
+      "provided args: #{args.inspect}"
+    end
+  end
+end
+
+base = "/var/lib/lxc"
+base_path = %r{\A#{base}/.*\z}
+templates_path = %r{\A/usr/(share|lib|lib64|local/lib)/lxc/templates/.*\z}
+
+##
+# Commands from provider.rb
+# - Check lxc is installed
+Whitelist.add '<%= cmd_paths['which'] %>', /\Alxc-\w+\z/
+
+##
+# Commands from driver.rb
+# - Container config file
+Whitelist.add '<%= cmd_paths['cat'] %>', base_path
+# - Shared folders
+Whitelist.add '<%= cmd_paths['mkdir'] %>', '-p', base_path
+# - Container config customizations and pruning
+Whitelist.add '<%= cmd_paths['cp'] %>', '-f', %r{/tmp/.*}, base_path
+Whitelist.add '<%= cmd_paths['chown'] %>', 'root:root', base_path
+# - Template import
+Whitelist.add '<%= cmd_paths['cp'] %>', %r{\A.*\z}, templates_path
+Whitelist.add '<%= cmd_paths['chmod'] %>', '+x', templates_path
+# - Template removal
+Whitelist.add '<%= cmd_paths['rm'] %>', templates_path
+# - Packaging
+Whitelist.add '<%= cmd_paths['tar'] %>', '--numeric-owner', '-cvzf', %r{/tmp/.*/rootfs.tar.gz}, '-C', base_path, './rootfs'
+Whitelist.add '<%= cmd_paths['chown'] %>', /\A\d+:\d+\z/, %r{\A/tmp/.*/rootfs\.tar\.gz\z}
+
+##
+# Commands from driver/cli.rb
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-version'
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-ls'
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-info', '--name', /.*/
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-create', '-B', /.*/, '--template', /.*/, '--name', /.*/, '**'
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-destroy', '--name', /.*/
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-start', '-d', '--name', /.*/, '**'
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-stop', '--name', /.*/
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-shutdown', '--name', /.*/
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '--name', /.*/, '**'
+Whitelist.add '<%= cmd_paths['lxc_bin'] %>/lxc-attach', '-h'
+
+##
+# Commands from driver/action/remove_temporary_files.rb
+Whitelist.add '<%= cmd_paths['rm'] %>', '-rf', %r{\A#{base}/.*/rootfs/tmp/.*}
+
+# Watch out for stones
+Whitelist.run!(ARGV)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: vagrant-lxc
 version: !ruby/object:Gem::Version
-  version: 1.0.0.alpha.2
+  version: 1.0.0.alpha.3
 platform: ruby
 authors:
 - Fabio Rehm
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2014-05-13 00:00:00.000000000 Z
+date: 2014-08-09 00:00:00.000000000 Z
 dependencies: []
 description: Linux Containers provider for Vagrant
 email:
@@ -85,13 +85,14 @@ files:
 - spec/unit/support/unit_example_group.rb
 - spec/unit_helper.rb
 - tasks/spec.rake
+- templates/sudoers.rb.erb
 - vagrant-lxc.gemspec
 - vagrant-spec.config.rb
 homepage: https://github.com/fgrehm/vagrant-lxc
 licenses:
 - MIT
 metadata: {}
-post_install_message: "\n  Thanks for giving vagrant-lxc 1.0.0.alpha.2 a try!\n  This
+post_install_message: "\n  Thanks for giving vagrant-lxc 1.0.0.alpha.3 a try!\n  This
   version introduces many changes and includes some deprecations,\n  please see the
   project's CHANGELOG:\n    https://github.com/fgrehm/vagrant-lxc/blob/master/CHANGELOG.md\n
   \ "