Re: [libvirt] [PATCH 2/8] Add helper for running code in separate namespaces
On 02/17/2014 09:38 AM, Daniel P. Berrange wrote:
Implement virProcessRunInMountNamespace, which runs callback of type
virProcessNamespaceCallback in a container namespace. This uses a
child process to run the callback, since you can't change the mount
namespace of a thread. This implies that callbacks have to be careful
about what code they run due to async safety rules.
Idea by Dan Berrange, based on an initial report by Reco
<recoverym4n(a)gmail.com> at
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=732394
Signed-off-by: Daniel Berrange <berrange(a)redhat.com>
Signed-off-by: Eric Blake <eblake(a)redhat.com>
---
src/libvirt_private.syms | 1 +
src/util/virprocess.c | 107 +++++++++++++++++++++++++++++++++++++++++++++++
src/util/virprocess.h | 11 +++++
3 files changed, 119 insertions(+)
ACK.
+++ b/src/util/virprocess.c
@@ -50,6 +50,8 @@
#include "virlog.h"
#include "virutil.h"
#include "virstring.h"
+#include "virthread.h"
Do we still need virthread.h, or is that leftover from your experiments?
+
+/* Run cb(opaque) in the mount namespace of pid. Return -1 with error
+ * message raised if we fail to run the child, if the child dies from
+ * a signal, or if the child has status 1; otherwise return the exit
+ * status of the child.
Still not quite accurate - we now require that the child has exit status
0 to succeed. But I'll clean that up when rebasing my virFork cleanups.
--
Eric Blake eblake redhat com +1-919-301-3266
Libvirt virtualization library http://libvirt.org
Attachments:
- signature.asc (application/pgp-signature — 604 bytes)