[libvirt] [PATCH RFC 1/7] virprocess: Introduce virProcessSetupPrivateNS
Daniel P. Berrange
berrange at redhat.com
Mon Nov 14 16:56:26 UTC 2016
On Mon, Nov 14, 2016 at 05:43:25PM +0100, Michal Privoznik wrote:
> This part of code that LXC currently uses will be reused so move
> to a generic function.
>
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
> src/libvirt_private.syms | 1 +
> src/lxc/lxc_controller.c | 18 +-----------------
> src/util/virprocess.c | 24 ++++++++++++++++++++++++
> src/util/virprocess.h | 2 ++
> 4 files changed, 28 insertions(+), 17 deletions(-)
>
> diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
> index ac6a1e1..42650d1 100644
> --- a/src/libvirt_private.syms
> +++ b/src/libvirt_private.syms
> @@ -2246,6 +2246,7 @@ virProcessSetMaxMemLock;
> virProcessSetMaxProcesses;
> virProcessSetNamespaces;
> virProcessSetScheduler;
> +virProcessSetupPrivateNS;
> virProcessTranslateStatus;
> virProcessWait;
>
> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index 508bc3e..1bb868a 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> @@ -2092,8 +2092,6 @@ lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
> static int
> virLXCControllerSetupPrivateNS(void)
> {
> - int ret = -1;
> -
> /*
> * If doing a chroot style setup, we need to prepare
> * a private /dev/pts for the child now, which they
> @@ -2115,21 +2113,7 @@ virLXCControllerSetupPrivateNS(void)
> * marked as shared
> */
>
> - if (unshare(CLONE_NEWNS) < 0) {
> - virReportSystemError(errno, "%s",
> - _("Cannot unshare mount namespace"));
> - goto cleanup;
> - }
> -
> - if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
> - virReportSystemError(errno, "%s",
> - _("Failed to switch root mount into slave mode"));
> - goto cleanup;
> - }
> -
> - ret = 0;
> - cleanup:
> - return ret;
> + return virProcessSetupPrivateNS();
> }
>
>
> diff --git a/src/util/virprocess.c b/src/util/virprocess.c
> index 718c4a2..94eacbd 100644
> --- a/src/util/virprocess.c
> +++ b/src/util/virprocess.c
> @@ -28,6 +28,7 @@
> #include <stdlib.h>
> #include <sys/wait.h>
> #include <unistd.h>
> +#include <sys/mount.h>
> #if HAVE_SETRLIMIT
> # include <sys/time.h>
> # include <sys/resource.h>
> @@ -1146,6 +1147,29 @@ virProcessRunInMountNamespace(pid_t pid,
> }
>
>
> +int
> +virProcessSetupPrivateNS(void)
> +{
> + int ret = -1;
> +
> + if (unshare(CLONE_NEWNS) < 0) {
> + virReportSystemError(errno, "%s",
> + _("Cannot unshare mount namespace"));
> + goto cleanup;
> + }
> +
> + if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
> + virReportSystemError(errno, "%s",
> + _("Failed to switch root mount into slave mode"));
> + goto cleanup;
> + }
> +
> + ret = 0;
> + cleanup:
> + return ret;
> +}
> +
> +
> /**
> * virProcessExitWithStatus:
> * @status: raw status to be reproduced when this process dies
> diff --git a/src/util/virprocess.h b/src/util/virprocess.h
> index 04e9802..74656d9 100644
> --- a/src/util/virprocess.h
> +++ b/src/util/virprocess.h
> @@ -90,6 +90,8 @@ int virProcessRunInMountNamespace(pid_t pid,
> virProcessNamespaceCallback cb,
> void *opaque);
>
> +int virProcessSetupPrivateNS(void);
Nitpick s/NS/MountNS/ since there's lots of namespaces and this is
only privatizing one of them.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
More information about the libvir-list
mailing list