于 2012年09月26日 02:37, Daniel P. Berrange 写道:
> On Tue, Sep 11, 2012 at 10:54:48AM +0800, Gao feng wrote:
>> this patch addes fuse support for libvirt lxc.
>> we can use fuse filesystem to generate sysinfo dynamically,
>> So we can isolate /proc/meminfo,cpuinfo and so on through
>> fuse filesystem.
>>
>> we mount fuse filesystem for every container.the mount name
>> is Lxc-containename-fuse,mount point is
>> localstatedir/run/libvirt/lxc/containername.
>>
>> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
>
>> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
>> index e5aea11..c5f4951 100644
>> --- a/src/lxc/lxc_controller.c
>> +++ b/src/lxc/lxc_controller.c
>> @@ -1657,6 +1659,14 @@ int main(int argc, char *argv[])
>> }
>> }
>>
>> + rc = virThreadCreate(&thread, true, lxcRegisterFuse,
>> + (void *)ctrl->def);
>> + if (rc < 0) {
>> + virReportSystemError(-rc, "%s",
>> + _("Create Fuse filesystem failed"));
>> + goto cleanup;
>> + }
>> +
>
> This is the wrong place to start FUSE. At this point the LXC
> controller is still sharing its mount namespace with the host
> OS. This causes the FUSE mount for each container to become
> visible in the host, which is not what we want.
sorry for the delay.
I think it's correct,because host can see container's meminfo
through cgroup too.NOW the container's cgroup can be seen and
modified in container too,I don't know why this is necessary?
>
> We must only start FUSE, after, we have done the unshare()
> call while setting up /dev/pts.
>
>
>> +void lxcRegisterFuse(void *DomainDef)
>
> More conventional naming would be 'void *opaque'
>
will fix this.
>> +{
>> + int argc = 4;
>> + char *argv[argc];
>> + char *path = NULL;
>> + char *name = NULL;
>> + virDomainDefPtr def = (virDomainDefPtr) DomainDef;
>> +
>> + if (virAsprintf(&name, "Lxc-%s-fuse", def->name) < 0) {
>> + virReportOOMError();
>> + goto cleanup;
>> + }
>> +
>> + if (virAsprintf(&path, "%s/%s/", LXC_STATE_DIR, def->name) < 0) {
>> + virReportOOMError();
>> + goto cleanup;
>> + }
>> +
>> + if (virFileMakePath(path) < 0) {
>> + virReportSystemError(errno, _("Cannot create %s"), path);
>> + goto cleanup;
>> + }
>> +
>> + argv[0] = name;
>> + argv[1] = path;
>> + argv[2] = (char *)"-odirect_io";
>> + argv[3] = (char *)"-f";
>> +
>> + if (fuse_main(argc, argv, &lxcProcOper, def) < 0)
>> + virReportSystemError(errno, "%s", _("Cannot start fuse"));
>> +
>> +cleanup:
>> + VIR_FREE(name);
>> + VIR_FREE(path);
>> + return;
>> +}
>> +
>> +void lxcUnregisterFuse(virDomainDefPtr def)
>> +{
>> + char *path = NULL;
>> +
>> + if (virAsprintf(&path, "%s/%s/", LXC_STATE_DIR, def->name) < 0) {
>> + virReportOOMError();
>> + return;
>> + }
>> +
>> + if (umount(path) < 0)
>> + virReportSystemError(errno, "%s",
>> + _("umount fuse filesystem failed"));
>> +
>> + VIR_FREE(path);
>> +}
>> +
>> +#else
>> +void lxcRegisterFuse(void *DomainDef ATTRIBUTE_UNUSED)
>> +{
>> +}
>> +
>> +void lxcUnregisterFuse(virDomainDefPtr def ATTRIBUTE_UNUSED)
>> +{
>> +}
>> +#endif
>
>> diff --git a/src/lxc/lxc_process.c b/src/lxc/lxc_process.c
>> index bcd59cb..d5e1822 100644
>> --- a/src/lxc/lxc_process.c
>> +++ b/src/lxc/lxc_process.c
>> @@ -28,6 +28,7 @@
>> #include "lxc_process.h"
>> #include "lxc_domain.h"
>> #include "lxc_container.h"
>> +#include "lxc_fuse.h"
>> #include "datatypes.h"
>> #include "virfile.h"
>> #include "virpidfile.h"
>> @@ -232,7 +233,7 @@ static void virLXCProcessCleanup(virLXCDriverPtr driver,
>> NULL, xml, NULL);
>> VIR_FREE(xml);
>> }
>> -
>> + lxcUnregisterFuse(vm->def);
>> /* Stop autodestroy in case guest is restarted */
>> virLXCProcessAutoDestroyRemove(driver, vm);
>
> If you delayed starting FUSE until after we do unshare(), then the mount
> point will automatically go away when the LXC controller process exits,
> so we won't need any manual unmount in lxcUnregisterFuse()
>
>
> Daniel
>
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list