Quoting Daniel P. Berrange (berrange@xxxxxxxxxx): > On Mon, Feb 27, 2012 at 01:56:48PM -0600, Serge Hallyn wrote: > > The -mm tree has Daniel Lezcano's patch changing the handling of > > sys_reboot in a non-init pidns. That means that, with that > > support, (a) it is safe to grant CAP_SYS_BOOT to a container, and > > (b) it's possible to distinguish between reboot and shutdown. > > > > I've implemented partial support of this for libvirt in the patch > > below. If Daniel's patch is not in the running kernel, then > > CAP_SYS_BOOT will be dropped for the container. Otherwise, it will > > be kept in. When the container exits, if it was determined to > > be a shutdown, the container will terminate. > > > > However, I didn't know how to properly do the reboot part. > > The patch below shows how to detect it (and sets the static bool > > wantreboot to true in that case), but I didn't know quite what to > > do with that. It looks like the code flow between lxcControllerRun > > and lxcControllerMain would need to be changed a bit so that we > > could re-run the lxcContainerStart() without causing the > > monitor.serverFD (or whichever pipe sends monitor events to > > lxc_driver.c to trigger autodestroy) to be closed. > > > > So for now I'm sending this patch, and hoping the sorcerers on this > > list can hook reboot up as well, or show the best way how. > > Thanks for sending this. I've got another outstanding patch that > does quite abit of change to the controller code, so I can > likely wire up the reboot hook as part of that work. Awesome! thanks, Daniel. -serge -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list