Re: [Libvir] [RFC] 3 of 4 Linux Container support

20 Mar 2008

      On Wed, Mar 19, 2008 at 11:14:59PM -0700, Dave Leskovec wrote:
...
This patch adds the lxc_driver source files.
[...]
+static int lxcCheckContainerSupport( void )
+{
+    int rc = 0;
+    int flags = CLONE_NEWPID|CLONE_NEWNS|CLONE_NEWUTS|CLONE_NEWUSER|
+        CLONE_NEWIPC|SIGCHLD;
+    int cpid;
+    char *childStack;
+    char *stack;
+    int childStatus;
+
+    stack = malloc(getpagesize() * 4);
+    if(!stack) {
+        DEBUG0("Unable to allocate stack");
+        rc = -1;
+        goto check_complete;
+    }
+
+    childStack = stack + (getpagesize() * 4);
+
+    cpid = clone(lxcDummyChild, childStack, flags, NULL);
+    if ((0 > cpid) && (EINVAL == errno)) {
+        DEBUG0("clone call returned EINVAL, container support is not enabled");
+        rc = -1;
haha, I would have expected a checking of /proc or something similar.
That test could still fail, say if the kernel started to disagree on
stack of only 4 pages for example.
...
+    } else {
+        waitpid(cpid, &childStatus, 0);
+    }
+
+    free(stack);
+
+check_complete:
+    return rc;
+}
[...]
+static virDrvOpenStatus lxcOpen(virConnectPtr conn,
+                                xmlURIPtr uri,
+                                virConnectAuthPtr auth ATTRIBUTE_UNUSED,
+                                int flags ATTRIBUTE_UNUSED)
+{
+    uid_t uid = getuid();
+
+    /* Check that the user is root */
+    if (0 != uid) {
+        goto declineConnection;
+    }
so it's restricted to root, it's probably fine, as we can go though the
daemon for normal users, ssuming they get authenticated.

[...]
...
+static int lxcListDomains(virConnectPtr conn, int *ids, int nids)
+{
+    lxc_driver_t *driver = (lxc_driver_t *)conn->privateData;
+    lxc_vm_t *vm;
+    int numDoms = 0;
+
+    for (vm = driver->vms; vm && (numDoms < nids); vm = vm->next) {
+        if (lxcIsActiveVM(vm)) {
+            ids[numDoms] = vm->def->id;
+            numDoms++;
+        }
+    }
+
+    return numDoms;
+}
so we can only list domains created by this libvirt instance, right ?
Or I'm missing something, I assume virsh list works but I don't see how.

Except this bit I don't understand this looks fine to me
...
Index: b/src/lxc_driver.h
Looks fine, 

    thanks !

Daniel

-- 
Red Hat Virtualization group http://redhat.com/virtualization/
Daniel Veillard      | virtualization library  http://libvirt.org/
veillard@redhat.com  | libxml GNOME XML XSLT toolkit  http://xmlsoft.org/
http://veillard.com/ | Rpmfind RPM search engine  http://rpmfind.net/