Re: [Libvir] [RFC] 3 of 4 Linux Container support
On Wed, Mar 19, 2008 at 11:14:59PM -0700, Dave Leskovec wrote:
This patch adds the lxc_driver source files.
[...]
+static int lxcCheckContainerSupport( void )
+{
+ int rc = 0;
+ int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
+ CLONE_NEWIPC|SIGCHLD;
+ int cpid;
+ char *childStack;
+ char *stack;
+ int childStatus;
+
+ stack = malloc(getpagesize() * 4);
+ if(!stack) {
+ DEBUG0("Unable to allocate stack");
+ rc = -1;
+ goto check_complete;
+ }
+
+ childStack = stack + (getpagesize() * 4);
+
+ cpid = clone(lxcDummyChild, childStack, flags, NULL);
+ if ((0 > cpid) && (EINVAL == errno)) {
+ DEBUG0("clone call returned EINVAL, container support is not
enabled");
+ rc = -1;
haha, I would have expected a checking of /proc or something similar.
That test could still fail, say if the kernel started to disagree on
stack of only 4 pages for example.
+ } else {
+ waitpid(cpid, &childStatus, 0);
+ }
+
+ free(stack);
+
+check_complete:
+ return rc;
+}
[...]
+static virDrvOpenStatus lxcOpen(virConnectPtr conn,
+ xmlURIPtr uri,
+ virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+ int flags ATTRIBUTE_UNUSED)
+{
+ uid_t uid = getuid();
+
+ /* Check that the user is root */
+ if (0 != uid) {
+ goto declineConnection;
+ }
so it's restricted to root, it's probably fine, as we can go though the
daemon for normal users, ssuming they get authenticated.
[...]
+static int lxcListDomains(virConnectPtr conn, int *ids, int nids)
+{
+ lxc_driver_t *driver = (lxc_driver_t *)conn->privateData;
+ lxc_vm_t *vm;
+ int numDoms = 0;
+
+ for (vm = driver->vms; vm && (numDoms < nids); vm = vm->next) {
+ if (lxcIsActiveVM(vm)) {
+ ids[numDoms] = vm->def->id;
+ numDoms++;
+ }
+ }
+
+ return numDoms;
+}
so we can only list domains created by this libvirt instance, right ?
Or I'm missing something, I assume virsh list works but I don't see how.
Except this bit I don't understand this looks fine to me
Index: b/src/lxc_driver.h
Looks fine,
thanks !
Daniel
--
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard | virtualization library http://libvirt.org/
veillard(a)redhat.com | libxml GNOME XML XSLT toolkit http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine http://rpmfind.net/