[libvirt] [PATCH 1/2] lxc: Add another barrier

Richard Weinberger richard at nod.at
Sat Feb 8 17:37:42 UTC 2014


Add another barrier to give the controller a chance to
setup additional things after the container setup is done.
This new barrier is needed to chown() the cgroup after
the container has mounted it.

Signed-off-by: Richard Weinberger <richard at nod.at>
---
 src/lxc/lxc_container.c  | 16 +++++++++++++++-
 src/lxc/lxc_container.h  |  1 +
 src/lxc/lxc_controller.c | 17 +++++++++++++++++
 3 files changed, 33 insertions(+), 1 deletion(-)

diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index c6bdc8c..24af73a 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -108,6 +108,7 @@ struct __lxc_child_argv {
     size_t nttyPaths;
     char **ttyPaths;
     int handshakefd;
+    int posthandshakefd;
 };
 
 static int lxcContainerMountFSBlock(virDomainFSDefPtr fs,
@@ -1880,10 +1881,20 @@ static int lxcContainerChild(void *data)
         goto cleanup;
     }
 
+    /* wait for controller to setup final tasks */
+    VIR_DEBUG("Received container continue message");
+    if (lxcContainerWaitForContinue(argv->posthandshakefd) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Failed to read the container continue message"));
+        goto cleanup;
+    }
+    VIR_DEBUG("Received container continue message");
+
     VIR_DEBUG("Setting up security labeling");
     if (virSecurityManagerSetProcessLabel(argv->securityDriver, vmDef) < 0)
         goto cleanup;
 
+    VIR_FORCE_CLOSE(argv->posthandshakefd);
     VIR_FORCE_CLOSE(argv->handshakefd);
     VIR_FORCE_CLOSE(argv->monitor);
     if (lxcContainerSetupFDs(&ttyfd,
@@ -1896,6 +1907,7 @@ cleanup:
     VIR_FORCE_CLOSE(ttyfd);
     VIR_FORCE_CLOSE(argv->monitor);
     VIR_FORCE_CLOSE(argv->handshakefd);
+    VIR_FORCE_CLOSE(argv->posthandshakefd);
 
     if (ret == 0) {
         /* this function will only return if an error occurred */
@@ -1984,6 +1996,7 @@ int lxcContainerStart(virDomainDefPtr def,
                       int *passFDs,
                       int control,
                       int handshakefd,
+                      int posthandshakefd,
                       size_t nttyPaths,
                       char **ttyPaths)
 {
@@ -2001,7 +2014,8 @@ int lxcContainerStart(virDomainDefPtr def,
         .monitor = control,
         .nttyPaths = nttyPaths,
         .ttyPaths = ttyPaths,
-        .handshakefd = handshakefd
+        .handshakefd = handshakefd,
+        .posthandshakefd = posthandshakefd
     };
 
     /* allocate a stack for the container */
diff --git a/src/lxc/lxc_container.h b/src/lxc/lxc_container.h
index e74a7d7..03102f4 100644
--- a/src/lxc/lxc_container.h
+++ b/src/lxc/lxc_container.h
@@ -60,6 +60,7 @@ int lxcContainerStart(virDomainDefPtr def,
                       int *passFDs,
                       int control,
                       int handshakefd,
+                      int posthandshakefd,
                       size_t nttyPaths,
                       char **ttyPaths);
 
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 5ca960f..f7b614b 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2128,6 +2128,7 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
     int rc = -1;
     int control[2] = { -1, -1};
     int containerhandshake[2] = { -1, -1 };
+    int containerposthandshake[2] = { -1, -1 };
     char **containerTTYPaths = NULL;
     size_t i;
 
@@ -2146,6 +2147,12 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
         goto cleanup;
     }
 
+    if (socketpair(PF_UNIX, SOCK_STREAM, 0, containerposthandshake) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("socketpair failed"));
+        goto cleanup;
+    }
+
     if (virLXCControllerSetupPrivateNS() < 0)
         goto cleanup;
 
@@ -2184,11 +2191,13 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
                                            ctrl->passFDs,
                                            control[1],
                                            containerhandshake[1],
+                                           containerposthandshake[1],
                                            ctrl->nconsoles,
                                            containerTTYPaths)) < 0)
         goto cleanup;
     VIR_FORCE_CLOSE(control[1]);
     VIR_FORCE_CLOSE(containerhandshake[1]);
+    VIR_FORCE_CLOSE(containerposthandshake[1]);
 
     for (i = 0; i < ctrl->npassFDs; i++)
         VIR_FORCE_CLOSE(ctrl->passFDs[i]);
@@ -2214,6 +2223,12 @@ virLXCControllerRun(virLXCControllerPtr ctrl)
         goto cleanup;
     }
 
+    if (lxcContainerSendContinue(containerposthandshake[0]) < 0) {
+        virReportSystemError(errno, "%s",
+                             _("Unable to send container continue message"));
+        goto cleanup;
+    }
+
     /* ...and reduce our privileges */
     if (lxcControllerClearCapabilities() < 0)
         goto cleanup;
@@ -2240,6 +2255,8 @@ cleanup:
     VIR_FORCE_CLOSE(control[1]);
     VIR_FORCE_CLOSE(containerhandshake[0]);
     VIR_FORCE_CLOSE(containerhandshake[1]);
+    VIR_FORCE_CLOSE(containerposthandshake[0]);
+    VIR_FORCE_CLOSE(containerposthandshake[1]);
 
     for (i = 0; i < ctrl->nconsoles; i++)
         VIR_FREE(containerTTYPaths[i]);
-- 
1.8.4.5




More information about the libvir-list mailing list