[libvirt] [PATCH 4/5] qemu: Use namespaces iff available on the host kernel
So far the namespaces were turned on by default unconditionally.
For all non-Linux platforms we provided stub functions that just
ignored whatever namespaces setting there was in qemu.conf and
returned 0 to indicate success. Moreover, we didn't really check
if namespaces are available on the host kernel.
This is suboptimal as we might have ignored user setting.
Signed-off-by: Michal Privoznik <mprivozn(a)redhat.com>
---
src/qemu/qemu_conf.c | 6 +++++-
src/qemu/qemu_domain.c | 35 ++++++++++-------------------------
2 files changed, 15 insertions(+), 26 deletions(-)
diff --git a/src/qemu/qemu_conf.c b/src/qemu/qemu_conf.c
index 86170fb7a..6613d59bc 100644
--- a/src/qemu/qemu_conf.c
+++ b/src/qemu/qemu_conf.c
@@ -317,8 +317,12 @@ virQEMUDriverConfigPtr virQEMUDriverConfigNew(bool privileged)
if (!(cfg->namespaces = virBitmapNew(QEMU_DOMAIN_NS_LAST)))
goto error;
- if (virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
+#if defined(__linux__)
+ if (privileged &&
+ virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) == 0 &&
+ virBitmapSetBit(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) < 0)
goto error;
+#endif /* defined(__linux__) */
#ifdef DEFAULT_LOADER_NVRAM
if (virFirmwareParseList(DEFAULT_LOADER_NVRAM,
diff --git a/src/qemu/qemu_domain.c b/src/qemu/qemu_domain.c
index 8602f01c7..6e6cb844a 100644
--- a/src/qemu/qemu_domain.c
+++ b/src/qemu/qemu_domain.c
@@ -6879,7 +6879,6 @@ qemuDomainGetHostdevPath(virDomainHostdevDefPtr dev,
}
-#if defined(__linux__)
/**
* qemuDomainGetPreservedMounts:
*
@@ -7432,12 +7431,20 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
virQEMUDriverConfigPtr cfg = virQEMUDriverGetConfig(driver);
int ret = -1;
- if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT) ||
- !virQEMUDriverIsPrivileged(driver)) {
+ if (!virBitmapIsBitSet(cfg->namespaces, QEMU_DOMAIN_NS_MOUNT)) {
ret = 0;
goto cleanup;
}
+ if (!virQEMUDriverIsPrivileged(driver)) {
+ virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
+ _("cannot use namespaces in session mode"));
+ goto cleanup;
+ }
+
+ if (virProcessNamespaceAvailable(VIR_PROCESS_NAMESPACE_MNT) < 0)
+ goto cleanup;
+
if (qemuDomainEnableNamespace(vm, QEMU_DOMAIN_NS_MOUNT) < 0)
goto cleanup;
@@ -7447,28 +7454,6 @@ qemuDomainCreateNamespace(virQEMUDriverPtr driver,
return ret;
}
-#else /* !defined(__linux__) */
-
-int
-qemuDomainBuildNamespace(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
-{
- /* Namespaces are Linux specific. On other platforms just
- * carry on with the old behaviour. */
- return 0;
-}
-
-
-int
-qemuDomainCreateNamespace(virQEMUDriverPtr driver ATTRIBUTE_UNUSED,
- virDomainObjPtr vm ATTRIBUTE_UNUSED)
-{
- /* Namespaces are Linux specific. On other platforms just
- * carry on with the old behaviour. */
- return 0;
-}
-#endif /* !defined(__linux__) */
-
struct qemuDomainAttachDeviceMknodData {
virQEMUDriverPtr driver;
--
2.11.0