On Fri, May 29, 2009 at 02:20:04PM +0200, Daniel Veillard wrote:
The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP to be defined in order to compile, but it may not be defined in older kernels. So I made the compilation of the core of the function conditional, raise an error but still return 0 to not make the container initialization fail. But I'm unsure, should we just fail and return -1 if we can't drop capabilities instead ?
I think that lxcError() call should just be a VIR_WARN message here, since that mirrors what we do in a few other cases such as lack of /dev/pts private instances. The patch is good in general though Daniel
Index: src/lxc_container.c =================================================================== RCS file: /data/cvs/libxen/src/lxc_container.c,v retrieving revision 1.30 diff -u -u -p -r1.30 lxc_container.c --- src/lxc_container.c 13 May 2009 11:37:17 -0000 1.30 +++ src/lxc_container.c 29 May 2009 12:15:16 -0000 @@ -644,6 +644,7 @@ static int lxcContainerSetupMounts(virDo
static int lxcContainerDropCapabilities(virDomainDefPtr vmDef ATTRIBUTE_UNUSED) { +#ifdef PR_CAPBSET_DROP int i; const struct { int id; @@ -660,7 +661,10 @@ static int lxcContainerDropCapabilities( return -1; } } - +#else /* ! PR_CAPBSET_DROP */ + lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR, + _("failed to drop capabilities PR_CAPBSET_DROP undefined")); +#endif return 0; }
-- Libvir-list mailing list Libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|