lxc: Prevent shutting down the host

When the container has the same '/dev' mount as host (no chroot), calling domainShutdown(WithFlags) shouldn't shutdown the host it is running on.

lxc: Prevent shutting down the host
When the container has the same '/dev' mount as host (no chroot), calling domainShutdown(WithFlags) shouldn't shutdown the host it is running on.
c9c87376 · Martin Kletzander · 8dbe8588 · c9c87376
隐藏空白更改
内联并排

Showing with 28 addition and 17 deletion

src/lxc/lxc_driver.c src/lxc/lxc_driver.c +28 -17

未找到文件。
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
 /*
- * Copyright (C) 2010-2012 Red Hat, Inc.
+ * Copyright (C) 2010-2013 Red Hat, Inc.
 * Copyright IBM Corp. 2008
 *
 * lxc_driver.c: linux container driver functions
@@ -2778,13 +2778,19 @@ lxcDomainShutdownFlags(virDomainPtr dom,
    virLXCDriverPtr driver = dom->conn->privateData;
    virLXCDomainObjPrivatePtr priv;
    virDomainObjPtr vm;
+    virDomainFSDefPtr root;
    char *vroot = NULL;
    int ret = -1;
-    int rc;
+    int rc = 0;
+    bool methodSignal;
+    bool methodInitctl;
    virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL |
                  VIR_DOMAIN_SHUTDOWN_SIGNAL, -1);
+    methodSignal = !!(flags & VIR_DOMAIN_SHUTDOWN_SIGNAL);
+    methodInitctl = !!(flags & VIR_DOMAIN_SHUTDOWN_INITCTL);
    lxcDriverLock(driver);
    vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
    lxcDriverUnlock(driver);
@@ -2798,6 +2804,7 @@ lxcDomainShutdownFlags(virDomainPtr dom,
    }
    priv = vm->privateData;
+    root = virDomainGetRootFilesystem(vm->def);
    if (!virDomainObjIsActive(vm)) {
        virReportError(VIR_ERR_OPERATION_INVALID,
@@ -2817,27 +2824,31 @@ lxcDomainShutdownFlags(virDomainPtr dom,
        goto cleanup;
    }
-    if (flags == 0 ||
+    if (root && root->src) {
-        (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) {
+        if (flags == 0)
-        if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF,
+            methodSignal = methodInitctl = true;
-                                        vroot)) < 0) {
+    } else if (methodInitctl) {
+        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
+                       _("Cannot shutdown container using initctl "
+                         "without separated namespace"));
+        goto cleanup;
+    } else {
+        methodSignal = true;
+    }
+    if (methodInitctl) {
+        rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, vroot);
+        if (rc < 0)
            goto cleanup;
-        }
+        if (rc == 0 && !methodSignal) {
-        if (rc == 0 && flags != 0 &&
-            ((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) {
            virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                           _("Container does not provide an initctl pipe"));
            goto cleanup;
        }
-    } else {
-        rc = 0;
    }
+    if (rc == 0 && methodSignal) {
-    if (rc == 0 &&
+        ret = kill(priv->initpid, SIGTERM);
-        (flags == 0 ||
+        if (ret < 0 && errno != ESRCH) {
-         (flags & VIR_DOMAIN_SHUTDOWN_SIGNAL))) {
-        if (kill(priv->initpid, SIGTERM) < 0 &&
-            errno != ESRCH) {
            virReportSystemError(errno,
                                 _("Unable to send SIGTERM to init pid %llu"),
                                 (unsigned long long)priv->initpid);