On Fri, May 29, 2009 at 02:20:04PM +0200, Daniel Veillard wrote:
> The lxcContainerDropCapabilities() function requires PR_CAPBSET_DROP
> to be defined in order to compile, but it may not be defined in older
> kernels. So I made the compilation of the core of the function
> conditional, raise an error but still return 0 to not make the
> container initialization fail. But I'm unsure, should we just fail and
> return -1 if we can't drop capabilities instead ?
I think that lxcError() call should just be a VIR_WARN message
here, since that mirrors what we do in a few other cases such
as lack of /dev/pts private instances. The patch is good in
general though
Daniel
> Index: src/lxc_container.c
> ===================================================================
> RCS file: /data/cvs/libxen/src/lxc_container.c,v
> retrieving revision 1.30
> diff -u -u -p -r1.30 lxc_container.c
> --- src/lxc_container.c 13 May 2009 11:37:17 -0000 1.30
> +++ src/lxc_container.c 29 May 2009 12:15:16 -0000
> @@ -644,6 +644,7 @@ static int lxcContainerSetupMounts(virDo
>
> static int lxcContainerDropCapabilities(virDomainDefPtr vmDef ATTRIBUTE_UNUSED)
> {
> +#ifdef PR_CAPBSET_DROP
> int i;
> const struct {
> int id;
> @@ -660,7 +661,10 @@ static int lxcContainerDropCapabilities(
> return -1;
> }
> }
> -
> +#else /* ! PR_CAPBSET_DROP */
> + lxcError(NULL, NULL, VIR_ERR_INTERNAL_ERROR,
> + _("failed to drop capabilities PR_CAPBSET_DROP undefined"));
> +#endif
> return 0;
> }
>
> --
> Libvir-list mailing list
> Libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list