Thanks to Daniel for making additional changes. And Thanks Michal for
review it again.
This patch has some functionality breakages. I am working on it. will send
the new patch soon
-imran
On Thu, Aug 20, 2015 at 4:53 AM, Michal Privoznik <mprivozn(a)redhat.com>
wrote:
On 14.08.2015 14:09, Daniel P. Berrange wrote:
> From: Imran Khan <ik.nitk(a)gmail.com>
>
> This patch adds feature for lxc containers to inherit namespaces.
> This is very similar to what lxc-tools or docker provides. Look
> for "man lxc-start" and you will find that you can pass command
> args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
> networking option in which you can give --net=container:NAME_or_ID
> as an option for sharing +namespace.
>
>>From this patch you can add extra libvirt option to share
s/>//
> namespace in following way.
>
> <lxc:namespace>
> <lxc:sharenet type='netns' value='red'/>
> <lxc:shareipc type='pid' value='12345'/>
> <lxc:shareuts type='name' value='container1'/>
> </lxc:namespace>
>
> The netns option is specific to sharenet. It can be used to
> inherit from existing network namespace.
>
> Signed-off-by: Daniel P. Berrange <berrange(a)redhat.com>
> ---
> docs/drvlxc.html.in | 21 ++++++
> docs/schemas/domaincommon.rng | 42 ++++++++++++
> po/POTFILES.in | 1 +
> src/Makefile.am | 6 +-
> src/lxc/lxc_conf.c | 2 +-
> src/lxc/lxc_container.c | 71 ++++++++++++++++++--
> src/lxc/lxc_container.h | 2 +
> src/lxc/lxc_controller.c | 45 ++++++++++++-
> src/lxc/lxc_domain.c | 149
++++++++++++++++++++++++++++++++++++++++++
> src/lxc/lxc_domain.h | 26 ++++++++
> src/lxc/lxc_process.c | 149
++++++++++++++++++++++++++++++++++++++++++
> tests/lxcxml2xmltest.c | 1 +
> 12 files changed, 506 insertions(+), 9 deletions(-)
>
> diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
> index e99b039..9699377 100644
> --- a/src/lxc/lxc_process.c
> +++ b/src/lxc/lxc_process.c
> @@ -359,6 +359,135 @@ char
*virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
> return ret;
> }
>
> +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
> + [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
> + [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
> + [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
> +};
> +
> +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int
ns_type, const char *name)
> +{
> + virLXCDriverPtr driver = conn->privateData;
> + int fd = -1;
> + virDomainObjPtr vm;
> + char *path;
> +
> + vm = virDomainObjListFindByName(driver->domains, name);
> + if (!vm) {
> + virReportError(VIR_ERR_NO_DOMAIN,
> + _("No domain with matching name '%s'"),
name);
> + return -1;
> + }
> +
> + if (virAsprintf(&path, "/proc/%lld/ns/%s",
> + (long long int)vm->pid,
> + nsInfoLocal[ns_type]) < 0)
> + goto cleanup;
> +
> + if ((fd = open(path, O_RDONLY)) < 0) {
> + virReportSystemError(errno,
> + _("failed to open ns %s"),
> +
virLXCDomainNamespaceTypeToString(ns_type));
> + goto cleanup;
> + }
> +
> + cleanup:
> + VIR_FREE(path);
> + virObjectUnlock(vm);
> + virObjectUnref(vm);
> + return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespacePID(int ns_type, const char *name)
> +{
> + int fd;
> + char *path;
> +
> + if (virAsprintf(&path, "/proc/%s/ns/%s",
> + name,
> + nsInfoLocal[ns_type]) < 0)
> + return -1;
> + fd = open(path, O_RDONLY);
> + VIR_FREE(path);
> + if (fd < 0) {
> + virReportSystemError(errno,
> + _("failed to open ns %s"),
> +
virLXCDomainNamespaceTypeToString(ns_type));
> + return -1;
> + }
> + return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespaceNet(int ns_type, const char *name)
> +{
> + char *path;
> + int fd;
> + if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
> + virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"
s/$/,/
> + _("'netns' namespace source can only be "
> + "used with sharenet"));
> + return -1;
> + }
> +
> + if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
> + return -1;
> + fd = open(path, O_RDONLY);
> + VIR_FREE(path);
> + if (fd < 0) {
> + virReportSystemError(errno,
> + _("failed to open netns %s"), name);
> + return -1;
> + }
> + return fd;
> +}
> +
> +
> diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
> index 3e00347..8d824b9 100644
> --- a/tests/lxcxml2xmltest.c
> +++ b/tests/lxcxml2xmltest.c
> @@ -133,6 +133,7 @@ mymain(void)
> DO_TEST("filesystem-root");
> DO_TEST("idmap");
> DO_TEST("capabilities");
> + DO_TEST("sharenet");
Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
I like the idea though. I'm tempted to ACK this if you fix all the small
issues I've raised.
Michal