Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
openeuler
libvirt
提交
06e43a8f
L
libvirt
项目概览
openeuler
/
libvirt
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
L
libvirt
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
06e43a8f
编写于
4月 14, 2009
作者:
D
Dan Smith
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Commit patches by Serge Hallyn from 6-Apr and 7-Apr
上级
4fb341d7
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
105 addition
and
25 deletion
+105
-25
ChangeLog
ChangeLog
+8
-0
src/lxc_container.c
src/lxc_container.c
+94
-23
src/veth.c
src/veth.c
+3
-2
未找到文件。
ChangeLog
浏览文件 @
06e43a8f
Tue Apr 14 10:46:44 PDT 2009 Dan Smith <danms@us.ibm.com>
* src/veth.c: Fix veth off-by-one error
patch by Serge Hallyn
* src/lxc_container.c: Stop rootless containers from messing with
system mounts. Also, make pivot_root code more robust.
patch by Serge Hallyn
Tue Apr 14 14:46:29 CEST 2009 Daniel Veillard <veillard@redhat.com>
Tue Apr 14 14:46:29 CEST 2009 Daniel Veillard <veillard@redhat.com>
* libvirt.spec.in: fix build on RHEL and Centos 5.x
* libvirt.spec.in: fix build on RHEL and Centos 5.x
...
...
src/lxc_container.c
浏览文件 @
06e43a8f
...
@@ -264,50 +264,117 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
...
@@ -264,50 +264,117 @@ static int lxcContainerChildMountSort(const void *a, const void *b)
return
strcmp
(
*
sb
,
*
sa
);
return
strcmp
(
*
sb
,
*
sa
);
}
}
#ifndef MS_REC
#define MS_REC 16384
#endif
#ifndef MNT_DETACH
#define MNT_DETACH 0x00000002
#endif
#ifndef MS_PRIVATE
#define MS_PRIVATE (1<<18)
#endif
#ifndef MS_SLAVE
#define MS_SLAVE (1<<19)
#endif
static
int
lxcContainerPivotRoot
(
virDomainFSDefPtr
root
)
static
int
lxcContainerPivotRoot
(
virDomainFSDefPtr
root
)
{
{
int
rc
;
int
rc
;
char
*
oldroot
;
char
*
oldroot
=
NULL
,
*
newroot
=
NULL
;
/* First step is to ensure the new root itself is
/* root->parent must be private, so make / private. */
a mount point */
if
(
mount
(
""
,
"/"
,
NULL
,
MS_PRIVATE
|
MS_REC
,
NULL
)
<
0
)
{
if
(
mount
(
root
->
src
,
root
->
src
,
NULL
,
MS_BIND
,
NULL
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
virReportSystemError
(
NULL
,
errno
,
_
(
"failed to make root private"
));
_
(
"failed to bind new root %s"
),
goto
err
;
root
->
src
);
return
-
1
;
}
}
if
(
virAsprintf
(
&
oldroot
,
"%s/.oldroot"
,
root
->
src
)
<
0
)
{
if
(
virAsprintf
(
&
oldroot
,
"%s/.oldroot"
,
root
->
src
)
<
0
)
{
virReportOOMError
(
NULL
);
virReportOOMError
(
NULL
);
return
-
1
;
goto
err
;
}
}
if
((
rc
=
virFileMakePath
(
oldroot
))
<
0
)
{
if
((
rc
=
virFileMakePath
(
oldroot
))
<
0
)
{
virReportSystemError
(
NULL
,
rc
,
virReportSystemError
(
NULL
,
rc
,
_
(
"failed to create %s"
),
_
(
"failed to create %s"
),
oldroot
);
oldroot
);
VIR_FREE
(
oldroot
);
goto
err
;
return
-
1
;
}
/* Create a tmpfs root since old and new roots must be
* on separate filesystems */
if
(
mount
(
""
,
oldroot
,
"tmpfs"
,
0
,
NULL
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
_
(
"failed to mount empty tmpfs at %s"
),
oldroot
);
goto
err
;
}
/* Create a directory called 'new' in tmpfs */
if
(
virAsprintf
(
&
newroot
,
"%s/new"
,
oldroot
)
<
0
)
{
virReportOOMError
(
NULL
);
goto
err
;
}
if
((
rc
=
virFileMakePath
(
newroot
))
<
0
)
{
virReportSystemError
(
NULL
,
rc
,
_
(
"failed to create %s"
),
newroot
);
goto
err
;
}
/* ... and mount our root onto it */
if
(
mount
(
root
->
src
,
newroot
,
NULL
,
MS_BIND
|
MS_REC
,
NULL
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
_
(
"failed to bind new root %s into tmpfs"
),
root
->
src
);
goto
err
;
}
/* Now we chroot into the tmpfs, then pivot into the
* root->src bind-mounted onto '/new' */
if
(
chroot
(
oldroot
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to chroot into tmpfs"
));
goto
err
;
}
if
(
chdir
(
"/new"
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to chdir into /new on tmpfs"
));
goto
err
;
}
}
/* The old root directory will live at /.oldroot after
/* The old root directory will live at /.oldroot after
* this and will soon be unmounted completely */
* this and will soon be unmounted completely */
if
(
pivot_root
(
root
->
src
,
oldroot
)
<
0
)
{
if
(
pivot_root
(
"."
,
".oldroot"
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to pivot root %s to %s"
),
_
(
"failed to pivot root"
));
oldroot
,
root
->
src
);
goto
err
;
VIR_FREE
(
oldroot
);
return
-
1
;
}
}
VIR_FREE
(
oldroot
);
/* CWD is undefined after pivot_root, so go to / */
/* CWD is undefined after pivot_root, so go to / */
if
(
chdir
(
"/"
)
<
0
)
{
if
(
chdir
(
"/"
)
<
0
)
return
-
1
;
goto
err
;
if
(
umount2
(
".oldroot"
,
MNT_DETACH
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to lazily unmount old root"
));
goto
err
;
}
}
VIR_FREE
(
oldroot
);
VIR_FREE
(
newroot
);
return
0
;
return
0
;
err:
if
(
oldroot
)
VIR_FREE
(
oldroot
);
if
(
newroot
)
VIR_FREE
(
newroot
);
return
-
1
;
}
}
static
int
lxcContainerPopulateDevices
(
void
)
static
int
lxcContainerPopulateDevices
(
void
)
...
@@ -349,10 +416,9 @@ static int lxcContainerPopulateDevices(void)
...
@@ -349,10 +416,9 @@ static int lxcContainerPopulateDevices(void)
_
(
"cannot create /dev/pts"
));
_
(
"cannot create /dev/pts"
));
return
-
1
;
return
-
1
;
}
}
if
(
mount
(
"/.oldroot/dev/pts"
,
"/dev/pts"
,
NULL
,
if
(
mount
(
"devpts"
,
"/dev/pts"
,
"devpts"
,
0
,
NULL
)
<
0
)
{
MS_MOVE
,
NULL
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to mo
ve /dev/pts into
container"
));
_
(
"failed to mo
unt /dev/pts in
container"
));
return
-
1
;
return
-
1
;
}
}
...
@@ -496,6 +562,11 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef)
...
@@ -496,6 +562,11 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef)
{
{
int
i
;
int
i
;
if
(
mount
(
""
,
"/"
,
NULL
,
MS_SLAVE
|
MS_REC
,
NULL
)
<
0
)
{
virReportSystemError
(
NULL
,
errno
,
"%s"
,
_
(
"failed to make / slave"
));
return
-
1
;
}
for
(
i
=
0
;
i
<
vmDef
->
nfss
;
i
++
)
{
for
(
i
=
0
;
i
<
vmDef
->
nfss
;
i
++
)
{
// XXX fix to support other mount types
// XXX fix to support other mount types
if
(
vmDef
->
fss
[
i
]
->
type
!=
VIR_DOMAIN_FS_TYPE_MOUNT
)
if
(
vmDef
->
fss
[
i
]
->
type
!=
VIR_DOMAIN_FS_TYPE_MOUNT
)
...
...
src/veth.c
浏览文件 @
06e43a8f
...
@@ -35,12 +35,12 @@
...
@@ -35,12 +35,12 @@
static
int
getFreeVethName
(
char
*
veth
,
int
maxLen
,
int
startDev
)
static
int
getFreeVethName
(
char
*
veth
,
int
maxLen
,
int
startDev
)
{
{
int
rc
=
-
1
;
int
rc
=
-
1
;
int
devNum
=
startDev
;
int
devNum
=
startDev
-
1
;
char
path
[
PATH_MAX
];
char
path
[
PATH_MAX
];
do
{
do
{
snprintf
(
path
,
PATH_MAX
,
"/sys/class/net/veth%d/"
,
devNum
);
++
devNum
;
++
devNum
;
snprintf
(
path
,
PATH_MAX
,
"/sys/class/net/veth%d/"
,
devNum
);
}
while
(
virFileExists
(
path
));
}
while
(
virFileExists
(
path
));
snprintf
(
veth
,
maxLen
,
"veth%d"
,
devNum
);
snprintf
(
veth
,
maxLen
,
"veth%d"
,
devNum
);
...
@@ -97,6 +97,7 @@ int vethCreate(char* veth1, int veth1MaxLen,
...
@@ -97,6 +97,7 @@ int vethCreate(char* veth1, int veth1MaxLen,
while
((
1
>
strlen
(
veth2
))
||
STREQ
(
veth1
,
veth2
))
{
while
((
1
>
strlen
(
veth2
))
||
STREQ
(
veth1
,
veth2
))
{
vethDev
=
getFreeVethName
(
veth2
,
veth2MaxLen
,
vethDev
);
vethDev
=
getFreeVethName
(
veth2
,
veth2MaxLen
,
vethDev
);
++
vethDev
;
DEBUG
(
"assigned veth2: %s"
,
veth2
);
DEBUG
(
"assigned veth2: %s"
,
veth2
);
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录
