Now we mount /dev as tmpfs and haven't created directory
/dev/shm,so the glibc api such as shm_open/sem_open will
create files under dir /dev.(since /dev is mounted as tmpfs)
Through these api still useable in container,but this cause
directory /dev looks a little chaos.
We already have filesystem type "ram",if user want to limit
the memory usage of /dev/shm,he should configure the XML,so
we only need to create directroy /dev/shm.If user configure
the filesystem type on /dev/shm, we will mount it on /dev/shm
then.
This patch create directory /dev/shm automatically,the files
created by shm_open/sem_open will stay in this directroy.
This patch also enlarge the size of directroy /dev to the
half of container's memory,64k may be too small to contain
POSIX shared memory and named semphore.
Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
---
src/lxc/lxc_container.c | 32 +++++++++++++++++++++++++-------
1 file changed, 25 insertions(+), 7 deletions(-)
diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c
index 497539c..eba3e68 100644
--- a/src/lxc/lxc_container.c
+++ b/src/lxc/lxc_container.c
@@ -504,7 +504,8 @@ err:
static int lxcContainerMountBasicFS(bool pivotRoot,
- char *sec_mount_options)
+ char *sec_mount_options,
+ virDomainDefPtr vmDef)
{
const struct {
const char *src;
@@ -567,12 +568,22 @@ static int lxcContainerMountBasicFS(bool pivotRoot,
if (pivotRoot) {
/*
- * tmpfs is limited to 64kb, since we only have device nodes in there
- * and don't want to DOS the entire OS RAM usage
+ * tmpfs is limited to half of container's memory,
+ * since we not only have device nodes in there,we
+ * may have POSIX shared memory object and named
+ * semphore in there too.
*/
- ignore_value(virAsprintf(&opts,
- "mode=755,size=65536%s", sec_mount_options));
+ if (vmDef->mem.max_balloon != VIR_DOMAIN_MEMORY_PARAM_UNLIMITED) {
+ unsigned long long size = 0;
+ size = vmDef->mem.max_balloon << 9;
+ ignore_value(virAsprintf(&opts,
+ "mode=755,size=%llu%s", size, sec_mount_options));
+ } else {
+ ignore_value(virAsprintf(&opts,
+ "mode=755,%s", sec_mount_options));
+ }
+
if (!opts) {
virReportOOMError();
goto cleanup;
@@ -586,6 +597,13 @@ static int lxcContainerMountBasicFS(bool pivotRoot,
"devfs", "/dev", "tmpfs", opts);
goto cleanup;
}
+
+ VIR_DEBUG("create directory /dev/shm for POSIX shared memory and named semphore");
+ if (virFileMakePath("/dev/shm") < 0) {
+ virReportSystemError(errno, "%s",
+ _("Failed to mkdir /dev/shm"));
+ goto cleanup;
+ }
}
rc = 0;
@@ -1947,7 +1965,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
goto cleanup;
/* Mounts the core /proc, /sys, etc filesystems */
- if (lxcContainerMountBasicFS(true, sec_mount_options) < 0)
+ if (lxcContainerMountBasicFS(true, sec_mount_options, vmDef) < 0)
goto cleanup;
/* Mounts /proc/meminfo etc sysinfo */
@@ -2055,7 +2073,7 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
goto cleanup;
/* Mounts the core /proc, /sys, etc filesystems */
- if (lxcContainerMountBasicFS(false, sec_mount_options) < 0)
+ if (lxcContainerMountBasicFS(false, sec_mount_options, vmDef) < 0)
goto cleanup;
/* Mounts /proc/meminfo etc sysinfo */
--
1.7.11.7
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list