[libvirt] [PATCH] lxc: Bind mount container TTYs

Martin Kletzander mkletzan at redhat.com
Fri Jun 26 13:09:49 UTC 2015


On Tue, Jun 23, 2015 at 04:38:57PM +0200, Richard Weinberger wrote:
>Instead of creating symlinks, bind mount the devices to
>/dev/pts/XY.
>Using bind mounts it is no longer needed to add pts devices
>to files like /dev/securetty.
>

I guess you meant /etc/securetty.

This patch makes sense, but if I start a container that I couldn't
login as a root into (because of securetty), it still doesn't help, I
still can't login.  Moreover, if I stop it and start it few times and
restart the daemon (I'm not sure whether that's needed, it's just that
I had to switch between gdb and non-gdb daemons and it happened only
sometimes), I get this:

  error: internal error: guest failed to start: unexpected exit status 125

The error in log is:

  libvirt:  error : failed to setup stdout file handle: Bad file descriptor

I briefly looked at it and *cmd->outfdptr has the value of 247083264
which is nowhere in the output of lsof for that process.  I know that
it doesn't sounds even remotely related, but without this patch that
doesn't happen.  Maybe it just uncovers some error rotting there for a
long time...

>Signed-off-by: Richard Weinberger <richard at nod.at>
>---
> src/lxc/lxc_container.c | 38 +++++++++++++++++++++-----------------
> 1 file changed, 21 insertions(+), 17 deletions(-)
>
>diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
>index 7d531e2..ea76370 100644
>--- a/src/lxc/lxc_container.c
>+++ b/src/lxc/lxc_container.c
>@@ -1141,6 +1141,20 @@ static int lxcContainerMountFSDevPTS(virDomainDefPtr def,
>     return ret;
> }
>
>+static int lxcContainerBindMountDevice(const char *src, const char *dst)
>+{
>+    if (virFileTouch(dst, 0666) < 0)
>+        return -1;
>+
>+    if (mount(src, dst, "none", MS_BIND, NULL) < 0) {
>+        virReportSystemError(errno, _("Failed to bind %s on to %s"), src,
>+                             dst);
>+        return -1;
>+    }
>+
>+    return 0;
>+}
>+
> static int lxcContainerSetupDevices(char **ttyPaths, size_t nttyPaths)
> {
>     size_t i;
>@@ -1164,34 +1178,24 @@ static int lxcContainerSetupDevices(char **ttyPaths, size_t nttyPaths)
>     }
>
>     /* We have private devpts capability, so bind that */
>-    if (virFileTouch("/dev/ptmx", 0666) < 0)
>+    if (lxcContainerBindMountDevice("/dev/pts/ptmx", "/dev/ptmx") < 0)
>         return -1;
>
>-    if (mount("/dev/pts/ptmx", "/dev/ptmx", "ptmx", MS_BIND, NULL) < 0) {
>-        virReportSystemError(errno, "%s",
>-                             _("Failed to bind /dev/pts/ptmx on to /dev/ptmx"));
>-        return -1;
>-    }
>-
>     for (i = 0; i < nttyPaths; i++) {
>         char *tty;
>         if (virAsprintf(&tty, "/dev/tty%zu", i+1) < 0)
>             return -1;
>-        if (symlink(ttyPaths[i], tty) < 0) {
>-            virReportSystemError(errno,
>-                                 _("Failed to symlink %s to %s"),
>-                                 ttyPaths[i], tty);
>-            VIR_FREE(tty);
>+
>+        if (lxcContainerBindMountDevice(ttyPaths[i], tty) < 0) {
>             return -1;
>+            VIR_FREE(tty);
>         }
>+
>         VIR_FREE(tty);
>+
>         if (i == 0 &&
>-            symlink(ttyPaths[i], "/dev/console") < 0) {
>-            virReportSystemError(errno,
>-                                 _("Failed to symlink %s to /dev/console"),
>-                                 ttyPaths[i]);
>+            lxcContainerBindMountDevice(ttyPaths[i], "/dev/console") < 0)
>             return -1;
>-        }
>     }
>     return 0;
> }
>--
>2.4.2
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20150626/6f7596bb/attachment-0001.sig>


More information about the libvir-list mailing list