On Fri, Jul 27, 2012 at 10:18:48AM +0200, Jiri Denemark wrote:
On Tue, Jul 24, 2012 at 14:22:53 +0100, Daniel P. Berrange wrote:
> +static int
> +virLXCProcessReboot(virLXCDriverPtr driver,
> + virDomainObjPtr vm)
> +{
> + virConnectPtr conn = virLXCProcessAutoDestroyGetConn(driver, vm);
> + int reason = vm->state.reason;
> + bool autodestroy = false;
> + int ret = -1;
> + virDomainDefPtr savedDef;
> +
> + if (conn) {
> + virConnectRef(conn);
> + autodestroy = true;
> + } else {
> + conn = virConnectOpen("lxc:///");
> + /* Ignoring NULL conn which is mostly harmless here */
So why do we even try to connect here?
This is basically the same logic we use in the autostart codepath.
We need the connection available, if the container has any
network interfaces to be configured with type=network.
I think we should probably change autostart in all drivers to
treat this as fatal though. For now I think this is OK until
we do a global cleanup of this pattern.
> @@ -496,19 +571,38 @@ static void
virLXCProcessMonitorEOFNotify(virLXCMonitorPtr mon ATTRIBUTE_UNUSED,
> {
> virLXCDriverPtr driver = lxc_driver;
> virDomainEventPtr event = NULL;
> + virLXCDomainObjPrivatePtr priv;
>
> lxcDriverLock(driver);
> virDomainObjLock(vm);
> lxcDriverUnlock(driver);
>
> - virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN);
> - event = virDomainEventNewFromObj(vm,
> - VIR_DOMAIN_EVENT_STOPPED,
> - VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
> - virDomainAuditStop(vm, "shutdown");
> - if (!vm->persistent) {
> - virDomainRemoveInactive(&driver->domains, vm);
> - vm = NULL;
> + priv = vm->privateData;
> + if (!priv->wantReboot) {
> + virLXCProcessStop(driver, vm, VIR_DOMAIN_SHUTOFF_SHUTDOWN);
> + event = virDomainEventNewFromObj(vm,
> + VIR_DOMAIN_EVENT_STOPPED,
> + VIR_DOMAIN_EVENT_STOPPED_SHUTDOWN);
> + virDomainAuditStop(vm, "shutdown");
> + if (!vm->persistent) {
> + virDomainRemoveInactive(&driver->domains, vm);
> + vm = NULL;
> + }
> + } else {
> + int ret =virLXCProcessReboot(driver, vm);
s/=/= /
> + virDomainAuditStop(vm, "reboot");
Should we audit stopped domain before calling virLXCProcessReboot?
The audit logs describe what has already happened, as opposed
to what is going to happen. If virLXCProcessReboot SEGV'd for
some reason, we'd get a bogus audit entry that the container
had been stopped, when in fact it was still running.
Daniel
--
|:
http://berrange.com -o-
http://www.flickr.com/photos/dberrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|:
http://entangle-photo.org -o-
http://live.gnome.org/gtk-vnc :|