[libvirt] [PATCH v3] lxc: Inherit namespace feature

Imran Khan ik.nitk at gmail.com
Thu Aug 20 10:40:23 UTC 2015 

Thanks to Daniel for making additional changes.  And Thanks Michal for
review it again.
This patch has some functionality breakages. I am working on it. will send
the new patch soon

-imran

On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn at redhat.com>
wrote:

> On 14.08.2015 14:09, Daniel P. Berrange wrote:
> > From: Imran Khan <ik.nitk at gmail.com>
> >
> > This patch adds feature for lxc containers to inherit namespaces.
> > This is very similar to what lxc-tools or docker provides.  Look
> > for "man lxc-start" and you will find that you can pass command
> > args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
> > networking option in which you can give --net=container:NAME_or_ID
> > as an option for sharing +namespace.
> >
> >>From this patch you can add extra libvirt option to share
>
> s/>//
>
> > namespace in following way.
> >
> >   <lxc:namespace>
> >     <lxc:sharenet type='netns' value='red'/>
> >     <lxc:shareipc type='pid' value='12345'/>
> >     <lxc:shareuts type='name' value='container1'/>
> >   </lxc:namespace>
> >
> > The netns option is specific to sharenet. It can be used to
> > inherit from existing network namespace.
> >
> > Signed-off-by: Daniel P. Berrange <berrange at redhat.com>
> > ---
> >  docs/drvlxc.html.in           |  21 ++++++
> >  docs/schemas/domaincommon.rng |  42 ++++++++++++
> >  po/POTFILES.in                |   1 +
> >  src/Makefile.am               |   6 +-
> >  src/lxc/lxc_conf.c            |   2 +-
> >  src/lxc/lxc_container.c       |  71 ++++++++++++++++++--
> >  src/lxc/lxc_container.h       |   2 +
> >  src/lxc/lxc_controller.c      |  45 ++++++++++++-
> >  src/lxc/lxc_domain.c          | 149
> ++++++++++++++++++++++++++++++++++++++++++
> >  src/lxc/lxc_domain.h          |  26 ++++++++
> >  src/lxc/lxc_process.c         | 149
> ++++++++++++++++++++++++++++++++++++++++++
> >  tests/lxcxml2xmltest.c        |   1 +
> >  12 files changed, 506 insertions(+), 9 deletions(-)
> >
>
> > diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
> > index e99b039..9699377 100644
> > --- a/src/lxc/lxc_process.c
> > +++ b/src/lxc/lxc_process.c
> > @@ -359,6 +359,135 @@ char
> *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
> >      return ret;
> >  }
> >
> > +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
> > +    [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
> > +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
> > +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
> > +};
> > +
> > +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int
> ns_type, const char *name)
> > +{
> > +    virLXCDriverPtr driver = conn->privateData;
> > +    int fd = -1;
> > +    virDomainObjPtr vm;
> > +    char *path;
> > +
> > +    vm = virDomainObjListFindByName(driver->domains, name);
> > +    if (!vm) {
> > +        virReportError(VIR_ERR_NO_DOMAIN,
> > +                       _("No domain with matching name '%s'"), name);
> > +        return -1;
> > +    }
> > +
> > +    if (virAsprintf(&path, "/proc/%lld/ns/%s",
> > +                    (long long int)vm->pid,
> > +                    nsInfoLocal[ns_type]) < 0)
> > +        goto cleanup;
> > +
> > +    if ((fd = open(path, O_RDONLY)) < 0) {
> > +        virReportSystemError(errno,
> > +                             _("failed to open ns %s"),
> > +
>  virLXCDomainNamespaceTypeToString(ns_type));
> > +        goto cleanup;
> > +    }
> > +
> > + cleanup:
> > +    VIR_FREE(path);
> > +    virObjectUnlock(vm);
> > +    virObjectUnref(vm);
> > +    return fd;
> > +}
> > +
> > +
> > +static int virLXCProcessSetupNamespacePID(int ns_type, const char *name)
> > +{
> > +    int fd;
> > +    char *path;
> > +
> > +    if (virAsprintf(&path, "/proc/%s/ns/%s",
> > +                    name,
> > +                    nsInfoLocal[ns_type]) < 0)
> > +        return -1;
> > +    fd = open(path, O_RDONLY);
> > +    VIR_FREE(path);
> > +    if (fd < 0) {
> > +        virReportSystemError(errno,
> > +                             _("failed to open ns %s"),
> > +
>  virLXCDomainNamespaceTypeToString(ns_type));
> > +        return -1;
> > +    }
> > +    return fd;
> > +}
> > +
> > +
> > +static int virLXCProcessSetupNamespaceNet(int ns_type, const char *name)
> > +{
> > +    char *path;
> > +    int fd;
> > +    if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
> > +        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"
>
> s/$/,/
>
> > +                       _("'netns' namespace source can only be "
> > +                         "used with sharenet"));
> > +        return -1;
> > +    }
> > +
> > +    if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
> > +        return  -1;
> > +    fd = open(path, O_RDONLY);
> > +    VIR_FREE(path);
> > +    if (fd < 0) {
> > +        virReportSystemError(errno,
> > +                             _("failed to open netns %s"), name);
> > +        return -1;
> > +    }
> > +    return fd;
> > +}
> > +
> > +
>
>
> > diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
> > index 3e00347..8d824b9 100644
> > --- a/tests/lxcxml2xmltest.c
> > +++ b/tests/lxcxml2xmltest.c
> > @@ -133,6 +133,7 @@ mymain(void)
> >      DO_TEST("filesystem-root");
> >      DO_TEST("idmap");
> >      DO_TEST("capabilities");
> > +    DO_TEST("sharenet");
>
> Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
> I like the idea though. I'm tempted to ACK this if you fix all the small
> issues I've raised.
>
> Michal
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150820/1d796164/attachment-0001.htm>

More information about the libvir-list mailing list