Re: [PATCH v2 5/8] LXC: Creating devices for container on host side

Gao feng <gaofeng@xxxxxxxxxxxxxx> · Mon, 13 May 2013 09:56:09 +0800

On 05/10/2013 06:42 PM, Daniel P. Berrange wrote:
> On Fri, May 10, 2013 at 05:58:14PM +0800, Gao feng wrote:
>> user namespace doesn't allow to create devices in
>> uninit userns. We should create devices on host side.
>>
>> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
>> ---
>>  src/lxc/lxc_container.c  | 47 +++++++----------------------
>>  src/lxc/lxc_controller.c | 77 ++++++++++++++++++++++++++++++++++++++++++++++++
>>  2 files changed, 87 insertions(+), 37 deletions(-)
> 
> 
>> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
>> index e9b90bf..2072e9a 100644
>> --- a/src/lxc/lxc_controller.c
>> +++ b/src/lxc/lxc_controller.c
>> @@ -1103,6 +1103,73 @@ cleanup:
>>  }
>>  
>>  
>> +static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
>> +{
>> +    size_t i;
>> +    int ret = -1;
>> +    char *ptmx = NULL;
>> +    char *path = NULL;
>> +    const struct {
>> +        int maj;
>> +        int min;
>> +        mode_t mode;
>> +        const char *path;
>> +    } devs[] = {
>> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/dev/null" },
>> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/dev/zero" },
>> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/dev/full" },
>> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/dev/random" },
>> +        { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/dev/urandom" },
>> +    };
>> +
>> +    /* Populate /dev/ with a few important bits */
>> +    for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) {
>> +        if (virAsprintf(&path, "/proc/%llu/root/%s",
>> +                        (unsigned long long)ctrl->initpid,
>> +                        devs[i].path) < 0) {
>> +            virReportOOMError();
>> +            goto out;
>> +        }
>> +
>> +        dev_t dev = makedev(devs[i].maj, devs[i].min);
>> +        if (mknod(path, S_IFCHR, dev) < 0 ||
>> +            chmod(path, devs[i].mode)) {
>> +            virReportSystemError(errno,
>> +                                 _("Failed to make device %s"),
>> +                                 devs[i].path);
>> +            goto out;
>> +        }
>> +    }
>> +
>> +    if (virAsprintf(&ptmx, "/proc/%llu/root/dev/pts/ptmx",
>> +                    (unsigned long long)ctrl->initpid) < 0) {
>> +        virReportOOMError();
> 
> It is really non-obvious that this code is not being run until the
> container has started. IMHO rather than playing games with the
> /proc/$PID/root/dev  link, you should make the lxc_controller.c
> code responsible for mounting the /dev tmpfs somewhere, and populate
> it before any of the lxc_container code even runs. Then the
> lxc_container code can simply  MS_MOVE the pre-populate /dev to the
> right place when it starts.
> 

Good idea, I will try it this way.
Thanks!
Gao

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list