[libvirt] [PATCH v2 5/8] LXC: Creating devices for container on host side

Fri May 10 10:42:25 UTC 2013

On Fri, May 10, 2013 at 05:58:14PM +0800, Gao feng wrote:
> user namespace doesn't allow to create devices in
> uninit userns. We should create devices on host side.
> 
> Signed-off-by: Gao feng <gaofeng at cn.fujitsu.com>
> ---
>  src/lxc/lxc_container.c  | 47 +++++++----------------------
>  src/lxc/lxc_controller.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++
>  2 files changed, 87 insertions(+), 37 deletions(-)

> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index e9b90bf..2072e9a 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> @@ -1103,6 +1103,73 @@ cleanup:
>  }
>  
>  
> +static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
> +{
> +    size_t i;
> +    int ret = -1;
> +    char *ptmx = NULL;
> +    char *path = NULL;
> +    const struct {
> +        int maj;
> +        int min;
> +        mode_t mode;
> +        const char *path;
> +    } devs[] = {
> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" },
> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" },
> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" },
> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" },
> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
> +    };
> +
> +    /* Populate /dev/ with a few important bits */
> +    for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) {
> +        if (virAsprintf(&path, "/proc/%llu/root/%s",
> +                        (unsigned long long)ctrl->initpid,
> +                        devs[i].path) < 0) {
> +            virReportOOMError();
> +            goto out;
> +        }
> +
> +        dev_t dev = makedev(devs[i].maj, devs[i].min);
> +        if (mknod(path, S_IFCHR, dev) < 0 ||
> +            chmod(path, devs[i].mode)) {
> +            virReportSystemError(errno,
> +                                 _("Failed to make device %s"),
> +                                 devs[i].path);
> +            goto out;
> +        }
> +    }
> +
> +    if (virAsprintf(&ptmx, "/proc/%llu/root/dev/pts/ptmx",
> +                    (unsigned long long)ctrl->initpid) < 0) {
> +        virReportOOMError();

It is really non-obvious that this code is not being run until the
container has started. IMHO rather than playing games with the
/proc/$PID/root/dev  link, you should make the lxc_controller.c
code responsible for mounting the /dev tmpfs somewhere, and populate
it before any of the lxc_container code even runs. Then the
lxc_container code can simply  MS_MOVE the pre-populate /dev to the
right place when it starts.

Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|