On Mon, May 20, 2013 at 06:12:19PM +0800, Gao feng wrote:
The comments is for virLXCControllerSetupPrivateNS.
Signed-off-by: Gao feng <gaofeng@cn.fujitsu.com> --- src/lxc/lxc_controller.c | 41 +++++++++++++++++++++-------------------- 1 file changed, 21 insertions(+), 20 deletions(-)
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index e311f38..b3fc598 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -1259,6 +1259,27 @@ virLXCControllerSetupPrivateNS(void) { int ret = -1;
+ /* + * If doing a chroot style setup, we need to prepare + * a private /dev/pts for the child now, which they + * will later move into position. + * + * This is complex because 'virsh console' needs to + * use /dev/pts from the host OS, and the guest OS + * needs to use /dev/pts from the guest. + * + * This means that we (libvirt_lxc) need to see and + * use both /dev/pts instances. We're running in the + * host OS context though and don't want to expose + * the guest OS /dev/pts there. + * + * Thus we call unshare(CLONE_NS) so that we can see + * the guest's new /dev/pts, without it becoming + * visible to the host OS. We also put the root FS + * into slave mode, just in case it was currently + * marked as shared + */ + if (unshare(CLONE_NEWNS) < 0) { virReportSystemError(errno, "%s", _("Cannot unshare mount namespace")); @@ -1287,26 +1308,6 @@ virLXCControllerSetupDevPTS(virLXCControllerPtr ctrl)
VIR_DEBUG("Setting up private /dev/pts");
- /* - * If doing a chroot style setup, we need to prepare - * a private /dev/pts for the child now, which they - * will later move into position. - * - * This is complex because 'virsh console' needs to - * use /dev/pts from the host OS, and the guest OS - * needs to use /dev/pts from the guest. - * - * This means that we (libvirt_lxc) need to see and - * use both /dev/pts instances. We're running in the - * host OS context though and don't want to expose - * the guest OS /dev/pts there. - * - * Thus we call unshare(CLONE_NS) so that we can see - * the guest's new /dev/pts, without it becoming - * visible to the host OS. We also put the root FS - * into slave mode, just in case it was currently - * marked as shared - */ mount_options = virSecurityManagerGetMountOptions(ctrl->securityManager, ctrl->def);
ACK Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|