Re: [PATCH v3] lxc: Inherit namespace feature

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 14.08.2015 14:09, Daniel P. Berrange wrote:
> From: Imran Khan <ik.nitk@xxxxxxxxx>
> 
> This patch adds feature for lxc containers to inherit namespaces.
> This is very similar to what lxc-tools or docker provides.  Look
> for "man lxc-start" and you will find that you can pass command
> args as [ --share-[net|ipc|uts] name|pid ]. Or check out docker
> networking option in which you can give --net=container:NAME_or_ID
> as an option for sharing +namespace.
> 
>>From this patch you can add extra libvirt option to share

s/>//

> namespace in following way.
> 
>   <lxc:namespace>
>     <lxc:sharenet type='netns' value='red'/>
>     <lxc:shareipc type='pid' value='12345'/>
>     <lxc:shareuts type='name' value='container1'/>
>   </lxc:namespace>
> 
> The netns option is specific to sharenet. It can be used to
> inherit from existing network namespace.
> 
> Signed-off-by: Daniel P. Berrange <berrange@xxxxxxxxxx>
> ---
>  docs/drvlxc.html.in           |  21 ++++++
>  docs/schemas/domaincommon.rng |  42 ++++++++++++
>  po/POTFILES.in                |   1 +
>  src/Makefile.am               |   6 +-
>  src/lxc/lxc_conf.c            |   2 +-
>  src/lxc/lxc_container.c       |  71 ++++++++++++++++++--
>  src/lxc/lxc_container.h       |   2 +
>  src/lxc/lxc_controller.c      |  45 ++++++++++++-
>  src/lxc/lxc_domain.c          | 149 ++++++++++++++++++++++++++++++++++++++++++
>  src/lxc/lxc_domain.h          |  26 ++++++++
>  src/lxc/lxc_process.c         | 149 ++++++++++++++++++++++++++++++++++++++++++
>  tests/lxcxml2xmltest.c        |   1 +
>  12 files changed, 506 insertions(+), 9 deletions(-)
> 

> diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
> index e99b039..9699377 100644
> --- a/src/lxc/lxc_process.c
> +++ b/src/lxc/lxc_process.c
> @@ -359,6 +359,135 @@ char *virLXCProcessSetupInterfaceDirect(virConnectPtr conn,
>      return ret;
>  }
>  
> +static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = {
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHARENET] = "net",
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREIPC] = "ipc",
> +    [VIR_LXC_DOMAIN_NAMESPACE_SHAREUTS] = "uts",
> +};
> +
> +static int virLXCProcessSetupNamespaceName(virConnectPtr conn, int ns_type, const char *name)
> +{
> +    virLXCDriverPtr driver = conn->privateData;
> +    int fd = -1;
> +    virDomainObjPtr vm;
> +    char *path;
> +
> +    vm = virDomainObjListFindByName(driver->domains, name);
> +    if (!vm) {
> +        virReportError(VIR_ERR_NO_DOMAIN,
> +                       _("No domain with matching name '%s'"), name);
> +        return -1;
> +    }
> +
> +    if (virAsprintf(&path, "/proc/%lld/ns/%s",
> +                    (long long int)vm->pid,
> +                    nsInfoLocal[ns_type]) < 0)
> +        goto cleanup;
> +
> +    if ((fd = open(path, O_RDONLY)) < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open ns %s"),
> +                             virLXCDomainNamespaceTypeToString(ns_type));
> +        goto cleanup;
> +    }
> +
> + cleanup:
> +    VIR_FREE(path);
> +    virObjectUnlock(vm);
> +    virObjectUnref(vm);
> +    return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespacePID(int ns_type, const char *name)
> +{
> +    int fd;
> +    char *path;
> +
> +    if (virAsprintf(&path, "/proc/%s/ns/%s",
> +                    name,
> +                    nsInfoLocal[ns_type]) < 0)
> +        return -1;
> +    fd = open(path, O_RDONLY);
> +    VIR_FREE(path);
> +    if (fd < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open ns %s"),
> +                             virLXCDomainNamespaceTypeToString(ns_type));
> +        return -1;
> +    }
> +    return fd;
> +}
> +
> +
> +static int virLXCProcessSetupNamespaceNet(int ns_type, const char *name)
> +{
> +    char *path;
> +    int fd;
> +    if (ns_type != VIR_LXC_DOMAIN_NAMESPACE_SHARENET) {
> +        virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s"

s/$/,/

> +                       _("'netns' namespace source can only be "
> +                         "used with sharenet"));
> +        return -1;
> +    }
> +
> +    if (virAsprintf(&path, "/var/run/netns/%s", name) < 0)
> +        return  -1;
> +    fd = open(path, O_RDONLY);
> +    VIR_FREE(path);
> +    if (fd < 0) {
> +        virReportSystemError(errno,
> +                             _("failed to open netns %s"), name);
> +        return -1;
> +    }
> +    return fd;
> +}
> +
> +


> diff --git a/tests/lxcxml2xmltest.c b/tests/lxcxml2xmltest.c
> index 3e00347..8d824b9 100644
> --- a/tests/lxcxml2xmltest.c
> +++ b/tests/lxcxml2xmltest.c
> @@ -133,6 +133,7 @@ mymain(void)
>      DO_TEST("filesystem-root");
>      DO_TEST("idmap");
>      DO_TEST("capabilities");
> +    DO_TEST("sharenet");

Have you forgot to git add tests/lxcxml2xmldata/lxc-sharenet.xml?
I like the idea though. I'm tempted to ACK this if you fix all the small
issues I've raised.

Michal

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]