On Fri, May 29, 2009 at 02:20:04PM +0200, Daniel Veillard wrote:
The lxcContainerDropCapabilities() function requires
PR_CAPBSET_DROP
to be defined in order to compile, but it may not be defined in older
kernels. So I made the compilation of the core of the function
conditional, raise an error but still return 0 to not make the
container initialization fail. But I'm unsure, should we just fail and
return -1 if we can't drop capabilities instead ?
I think that lxcError() call should just be a VIR_WARN message
here, since that mirrors what we do in a few other cases such
as lack of /dev/pts private instances. The patch is good in
general though
Daniel
Index: src/lxc_container.c
===================================================================
RCS file: /data/cvs/libxen/src/lxc_container.c,v
retrieving revision 1.30
diff -u -u -p -r1.30 lxc_container.c
--- src/lxc_container.c 13 May 2009 11:37:17 -0000 1.30
+++ src/lxc_container.c 29 May 2009 12:15:16 -0000
@@ -644,6 +644,7 @@ static int lxcContainerSetupMounts(virDo
static int lxcContainerDropCapabilities(virDomainDefPtr vmDef ATTRIBUTE_UNUSED)
{
+#ifdef PR_CAPBSET_DROP
int i;
const struct {
int id;
@@ -660,7 +661,10 @@ static int lxcContainerDropCapabilities(
return -1;
}
}
-
+#else /* ! PR_CAPBSET_DROP */
+ lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
+ _("failed to drop capabilities PR_CAPBSET_DROP undefined"));
+#endif
return 0;
}
--
Libvir-list mailing list
Libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
--
|: Red Hat, Engineering, London -o-
http://people.redhat.com/berrange/ :|
|:
http://libvirt.org -o-
http://virt-manager.org -o-
http://ovirt.org :|
|:
http://autobuild.org -o-
http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|