libxl: acquire a pidfile in the driver root directory

When we allow multiple instances of the driver for the same user account, using a separate root directory, we need to ensure mutual exclusion. Use a pidfile to guarantee this. In privileged libvirtd this ends up locking /var/run/libvirt/libxl/driver.pid In unprivileged libvirtd this ends up locking /run/user/$UID/libvirt/libxl/run/driver.pid NB, the latter can vary depending on $XDG_RUNTIME_DIR Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>

libxl: acquire a pidfile in the driver root directory
When we allow multiple instances of the driver for the same user account, using a separate root directory, we need to ensure mutual exclusion. Use a pidfile to guarantee this. In privileged libvirtd this ends up locking /var/run/libvirt/libxl/driver.pid In unprivileged libvirtd this ends up locking /run/user/$UID/libvirt/libxl/run/driver.pid NB, the latter can vary depending on $XDG_RUNTIME_DIR Signed-off-by: N Daniel P. Berrangé <berrange@redhat.com>
59080d84 · Daniel P. Berrangé · defddd04 · 59080d84 · 59080d84
隐藏空白更改
内联并排

Showing with 13 addition and 1 deletion

src/libxl/libxl_conf.h src/libxl/libxl_conf.h +3 -0

src/libxl/libxl_driver.c src/libxl/libxl_driver.c +10 -1

未找到文件。
--- a/src/libxl/libxl_conf.h
+++ b/src/libxl/libxl_conf.h
@@ -111,6 +111,9 @@ struct _libxlDriverPrivate {
     * then lockless thereafter */
    libxlDriverConfigPtr config;
+    /* pid file FD, ensures two copies of the driver can't use the same root */
+    int lockFD;
    /* Atomic inc/dec only */
    unsigned int nactive;

--- a/src/libxl/libxl_driver.c
+++ b/src/libxl/libxl_driver.c
@@ -53,6 +53,7 @@
 #include "viraccessapicheck.h"
 #include "viratomic.h"
 #include "virhostdev.h"
+#include "virpidfile.h"
 #include "locking/domain_lock.h"
 #include "virnetdevtap.h"
 #include "cpu/cpu.h"
@@ -506,7 +507,6 @@ libxlStateCleanup(void)
        return -1;
    virObjectUnref(libxl_driver->hostdevMgr);
-    virObjectUnref(libxl_driver->config);
    virObjectUnref(libxl_driver->xmlopt);
    virObjectUnref(libxl_driver->domains);
    virPortAllocatorRangeFree(libxl_driver->reservedGraphicsPorts);
@@ -516,6 +516,10 @@ libxlStateCleanup(void)
    virObjectUnref(libxl_driver->domainEventState);
    virSysinfoDefFree(libxl_driver->hostsysinfo);
+    if (libxl_driver->lockFD != -1)
+        virPidFileRelease(libxl_driver->config->stateDir, "driver", libxl_driver->lockFD);
+    virObjectUnref(libxl_driver->config);
    virMutexDestroy(&libxl_driver->lock);
    VIR_FREE(libxl_driver);
@@ -658,6 +662,7 @@ libxlStateInitialize(bool privileged,
    if (VIR_ALLOC(libxl_driver) < 0)
        return -1;
+    libxl_driver->lockFD = -1;
    if (virMutexInit(&libxl_driver->lock) < 0) {
        virReportError(VIR_ERR_INTERNAL_ERROR,
                       "%s", _("cannot initialize mutex"));
@@ -741,6 +746,10 @@ libxlStateInitialize(bool privileged,
        goto error;
    }
+    if ((libxl_driver->lockFD =
+         virPidFileAcquire(cfg->stateDir, "driver", true, getpid())) < 0)
+        goto error;
    if (!(libxl_driver->lockManager =
          virLockManagerPluginNew(cfg->lockManagerName ?
                                  cfg->lockManagerName : "nop",