This part of code that LXC currently uses will be reused so move
to a generic function.
Signed-off-by: Michal Privoznik <mprivozn@xxxxxxxxxx>
---
configure.ac | 2 +-
src/libvirt_private.syms | 1 +
src/lxc/lxc_controller.c | 18 +-----------------
src/util/virprocess.c | 38 ++++++++++++++++++++++++++++++++++++++
src/util/virprocess.h | 2 ++
5 files changed, 43 insertions(+), 18 deletions(-)
diff --git a/configure.ac b/configure.ac
index fd50ff8..5661752 100644
--- a/configure.ac
+++ b/configure.ac
@@ -291,7 +291,7 @@ dnl and various less common threadsafe functions
AC_CHECK_FUNCS_ONCE([cfmakeraw fallocate geteuid getgid getgrnam_r \
getmntent_r getpwuid_r getrlimit getuid kill mmap newlocale posix_fallocate \
posix_memalign prlimit regexec sched_getaffinity setgroups setns \
- setrlimit symlink sysctlbyname getifaddrs sched_setscheduler])
+ setrlimit symlink sysctlbyname getifaddrs sched_setscheduler unshare])
dnl Availability of pthread functions. Because of $LIB_PTHREAD, we
dnl cannot use AC_CHECK_FUNCS_ONCE. LIB_PTHREAD and LIBMULTITHREAD
diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms
index b7d26fd..316d1e0 100644
--- a/src/libvirt_private.syms
+++ b/src/libvirt_private.syms
@@ -2247,6 +2247,7 @@ virProcessSetMaxMemLock;
virProcessSetMaxProcesses;
virProcessSetNamespaces;
virProcessSetScheduler;
+virProcessSetupPrivateMountNS;
virProcessTranslateStatus;
virProcessWait;
diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index 508bc3e..29f1179 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -2092,8 +2092,6 @@ lxcCreateTty(virLXCControllerPtr ctrl, int *ttymaster,
static int
virLXCControllerSetupPrivateNS(void)
{
- int ret = -1;
-
/*
* If doing a chroot style setup, we need to prepare
* a private /dev/pts for the child now, which they
@@ -2115,21 +2113,7 @@ virLXCControllerSetupPrivateNS(void)
* marked as shared
*/
- if (unshare(CLONE_NEWNS) < 0) {
- virReportSystemError(errno, "%s",
- _("Cannot unshare mount namespace"));
- goto cleanup;
- }
-
- if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
- virReportSystemError(errno, "%s",
- _("Failed to switch root mount into slave mode"));
- goto cleanup;
- }
-
- ret = 0;
- cleanup:
- return ret;
+ return virProcessSetupPrivateMountNS();
}
diff --git a/src/util/virprocess.c b/src/util/virprocess.c
index 3cacc89..d85407a 100644
--- a/src/util/virprocess.c
+++ b/src/util/virprocess.c
@@ -28,6 +28,9 @@
#include <stdlib.h>
#include <sys/wait.h>
#include <unistd.h>
+#if HAVE_SYS_MOUNT_H
+# include <sys/mount.h>
+#endif
#if HAVE_SETRLIMIT
# include <sys/time.h>
# include <sys/resource.h>
@@ -1146,6 +1149,41 @@ virProcessRunInMountNamespace(pid_t pid,
}
+#if defined(HAVE_SYS_MOUNT_H) && defined(HAVE_UNSHARE)
+int
+virProcessSetupPrivateMountNS(void)
+{
+ int ret = -1;
+
+ if (unshare(CLONE_NEWNS) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Cannot unshare mount namespace"));
+ goto cleanup;
+ }
+
+ if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
+ virReportSystemError(errno, "%s",
+ _("Failed to switch root mount into slave mode"));
+ goto cleanup;
+ }
+
+ ret = 0;
+ cleanup:
+ return ret;
+}
+
+#else /* !defined(HAVE_SYS_MOUNT_H) || !defined(HAVE_UNSHARE */
+
+int
+virProcessSetupPrivateMountNS(void)
+{
+ virReportSystemError(ENOSYS, "%s",
+ _("Namespaces are not supported on this platform."));
+ return -1;
+}
+#endif /* !defined(HAVE_SYS_MOUNT_H) || !defined(HAVE_UNSHARE */
+
+
/**
* virProcessExitWithStatus:
* @status: raw status to be reproduced when this process dies
diff --git a/src/util/virprocess.h b/src/util/virprocess.h
index 04e9802..c76a1fb 100644
--- a/src/util/virprocess.h
+++ b/src/util/virprocess.h
@@ -90,6 +90,8 @@ int virProcessRunInMountNamespace(pid_t pid,
virProcessNamespaceCallback cb,
void *opaque);
+int virProcessSetupPrivateMountNS(void);
+
int virProcessSetScheduler(pid_t pid,
virProcessSchedPolicy policy,
int priority);
--
2.8.4
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
