[Libvir] [RFC] 3 of 4 Linux Container support

Daniel Veillard veillard at redhat.com
Thu Mar 20 16:11:39 UTC 2008 

On Wed, Mar 19, 2008 at 11:14:59PM -0700, Dave Leskovec wrote:
> This patch adds the lxc_driver source files.
[...]
> +static int lxcCheckContainerSupport( void )
> +{
> +    int rc = 0;
> +    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
> +        CLONE_NEWIPC|SIGCHLD;
> +    int cpid;
> +    char *childStack;
> +    char *stack;
> +    int childStatus;
> +
> +    stack = malloc(getpagesize() * 4);
> +    if(!stack) {
> +        DEBUG0("Unable to allocate stack");
> +        rc = -1;
> +        goto check_complete;
> +    }
> +
> +    childStack = stack + (getpagesize() * 4);
> +
> +    cpid = clone(lxcDummyChild, childStack, flags, NULL);
> +    if ((0 > cpid) && (EINVAL == errno)) {
> +        DEBUG0("clone call returned EINVAL, container support is not enabled");
> +        rc = -1;

  haha, I would have expected a checking of /proc or something similar.
That test could still fail, say if the kernel started to disagree on
stack of only 4 pages for example. 

> +    } else {
> +        waitpid(cpid, &childStatus, 0);
> +    }
> +
> +    free(stack);
> +
> +check_complete:
> +    return rc;
> +}
[...]
> +static virDrvOpenStatus lxcOpen(virConnectPtr conn,
> +                                xmlURIPtr uri,
> +                                virConnectAuthPtr auth ATTRIBUTE_UNUSED,
> +                                int flags ATTRIBUTE_UNUSED)
> +{
> +    uid_t uid = getuid();
> +
> +    /* Check that the user is root */
> +    if (0 != uid) {
> +        goto declineConnection;
> +    }

 so it's restricted to root, it's probably fine, as we can go though the
daemon for normal users, ssuming they get authenticated.

[...]
> +static int lxcListDomains(virConnectPtr conn, int *ids, int nids)
> +{
> +    lxc_driver_t *driver = (lxc_driver_t *)conn->privateData;
> +    lxc_vm_t *vm;
> +    int numDoms = 0;
> +
> +    for (vm = driver->vms; vm && (numDoms < nids); vm = vm->next) {
> +        if (lxcIsActiveVM(vm)) {
> +            ids[numDoms] = vm->def->id;
> +            numDoms++;
> +        }
> +    }
> +
> +    return numDoms;
> +}

  so we can only list domains created by this libvirt instance, right ?
Or I'm missing something, I assume virsh list works but I don't see how.

Except this bit I don't understand this looks fine to me

> Index: b/src/lxc_driver.h

  Looks fine, 

    thanks !

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard at redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/

More information about the libvir-list mailing list