On Thu, May 23, 2013 at 12:06:49PM +0800, Gao feng wrote:
> user namespace doesn't allow to create devices in
> uninit userns. We should create devices on host side.
>
> We first mount tmpfs on dev directroy under state dir
> of container. then create devices under this dev dir.
>
> Finally in container, mount the dev directroy created
> on host to the /dev/ directroy of container.
>
> Signed-off-by: Gao feng <gaofeng@xxxxxxxxxxxxxx>
> ---
> src/lxc/lxc_container.c | 96 +++++++++++++---------------------
> src/lxc/lxc_controller.c | 130 +++++++++++++++++++++++++++++++++++++++++++++++
> 2 files changed, 166 insertions(+), 60 deletions(-)
>
> @@ -903,15 +884,6 @@ static int lxcContainerPopulateDevices(char **ttyPaths, size_t nttyPaths)
> _("Failed to bind /dev/pts/ptmx on to /dev/ptmx"));
> return -1;
> }
> - } else {
> - /* Legacy devpts, so we need to just use shared one */
> - dev_t dev = makedev(LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX);
> - if (mknod("/dev/ptmx", S_IFCHR, dev) < 0 ||
> - chmod("/dev/ptmx", 0666)) {
> - virReportSystemError(errno, "%s",
> - _("Failed to make device /dev/ptmx"));
> - return -1;
> - }
> }
Opps, that code should have been deleted already. I've just sent a
patch to kill this legacy code....
> diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
> index 0a2e3ac..e9808f3 100644
> --- a/src/lxc/lxc_controller.c
> +++ b/src/lxc/lxc_controller.c
> +static int virLXCControllerPopulateDevices(virLXCControllerPtr ctrl)
> +{
> + size_t i;
> + int ret = -1;
> + char *ptmx = NULL;
> + char *path = NULL;
> + const struct {
> + int maj;
> + int min;
> + mode_t mode;
> + const char *path;
> + } devs[] = {
> + { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_NULL, 0666, "/null" },
> + { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_ZERO, 0666, "/zero" },
> + { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_FULL, 0666, "/full" },
> + { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_RANDOM, 0666, "/random" },
> + { LXC_DEV_MAJ_MEMORY, LXC_DEV_MIN_URANDOM, 0666, "/urandom" },
> + };
> +
> + if (virLXCControllerSetupDev(ctrl) < 0)
> + goto out;
> +
> + /* Populate /dev/ with a few important bits */
> + for (i = 0 ; i < ARRAY_CARDINALITY(devs) ; i++) {
> + if (virAsprintf(&path, "/%s/%s.dev/%s",
> + LXC_STATE_DIR, ctrl->def->name,
> + devs[i].path) < 0) {
> + virReportOOMError();
> + goto out;
> + }
> +
> + dev_t dev = makedev(devs[i].maj, devs[i].min);
> + if (mknod(path, S_IFCHR, dev) < 0 ||
> + chmod(path, devs[i].mode)) {
> + virReportSystemError(errno,
> + _("Failed to make device %s"),
> + devs[i].path);
> + goto out;
> + }
> + VIR_FREE(path);
> + }
> +
> + if (virAsprintf(&ptmx, "/%s/%s.devpts/ptmx",
> + LXC_STATE_DIR, ctrl->def->name) < 0) {
> + virReportOOMError();
> + goto out;
> + }
> +
> + if (access(ptmx, W_OK)) {
> + if (virAsprintf(&path, "/%s/%s.dev/ptmx",
> + LXC_STATE_DIR, ctrl->def->name)) {
> + virReportOOMError();
> + goto out;
> + }
> + /* Legacy devpts, so we need to just use shared one */
> + dev_t dev = makedev(LXC_DEV_MAJ_TTY, LXC_DEV_MIN_PTMX);
> + if (mknod(path, S_IFCHR, dev) < 0 ||
> + chmod(path, 0666)) {
> + virReportSystemError(errno, _("Failed to make device %s"), path);
> + goto out;
> + }
So you can avoid this legacy code here too.
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list