diff --git a/doc/lxc.container.conf.sgml.in b/doc/lxc.container.conf.sgml.in index dfb7ba05d..506336dee 100644 --- a/doc/lxc.container.conf.sgml.in +++ b/doc/lxc.container.conf.sgml.in @@ -1433,7 +1433,7 @@ dev/null proc/kcore none bind,relative 0 0 - + @@ -1445,22 +1445,22 @@ dev/null proc/kcore none bind,relative 0 0 To inherit the namespace from another process set the - to the PID of - the process, e.g. . + to the PID of + the process, e.g. . To inherit the namespace from another container set the - to the name of - the container, e.g. . + to the name of + the container, e.g. . To inherit the namespace from another container located in a different path than the standard liblxc path set the - to the full + to the full path to the container, e.g. - . + . diff --git a/src/lxc/conf.c b/src/lxc/conf.c index 9b6868940..a890116e3 100644 --- a/src/lxc/conf.c +++ b/src/lxc/conf.c @@ -2583,7 +2583,7 @@ struct lxc_conf *lxc_conf_init(void) new->init_uid = 0; new->init_gid = 0; memset(&new->cgroup_meta, 0, sizeof(struct lxc_cgroup)); - memset(&new->inherit_ns, 0, sizeof(char *) * LXC_NS_MAX); + memset(&new->ns_share, 0, sizeof(char *) * LXC_NS_MAX); return new; } diff --git a/src/lxc/conf.h b/src/lxc/conf.h index 2346b717f..84ad1e5fc 100644 --- a/src/lxc/conf.h +++ b/src/lxc/conf.h @@ -404,7 +404,9 @@ struct lxc_conf { */ struct lxc_cgroup cgroup_meta; - char *inherit_ns[LXC_NS_MAX]; + struct { + char *ns_share[LXC_NS_MAX]; + }; /* init working directory */ char *init_cwd; diff --git a/src/lxc/confile.c b/src/lxc/confile.c index fa4f84da9..f3aae5ab2 100644 --- a/src/lxc/confile.c +++ b/src/lxc/confile.c @@ -107,7 +107,7 @@ lxc_config_define(monitor); lxc_config_define(mount); lxc_config_define(mount_auto); lxc_config_define(mount_fstab); -lxc_config_define(namespace); +lxc_config_define(namespace_share); lxc_config_define(net); lxc_config_define(net_flags); lxc_config_define(net_hwaddr); @@ -191,7 +191,7 @@ static struct lxc_config_t config[] = { { "lxc.mount.auto", false, set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, }, { "lxc.mount.entry", false, set_config_mount, get_config_mount, clr_config_mount, }, { "lxc.mount.fstab", false, set_config_mount_fstab, get_config_mount_fstab, clr_config_mount_fstab, }, - { "lxc.namespace", false, set_config_namespace, get_config_namespace, clr_config_namespace, }, + { "lxc.namespace.share", false, set_config_namespace_share, get_config_namespace_share, clr_config_namespace_share, }, /* [START]: REMOVE IN LXC 3.0 */ { "lxc.network.type", true, set_config_network_legacy_type, get_config_network_legacy_item, clr_config_network_legacy_item, }, @@ -2180,21 +2180,21 @@ static int set_config_uts_name(const char *key, const char *value, return 0; } -static int set_config_namespace(const char *key, const char *value, - struct lxc_conf *lxc_conf, void *data) +static int set_config_namespace_share(const char *key, const char *value, + struct lxc_conf *lxc_conf, void *data) { int ns_idx; const char *namespace; if (lxc_config_value_empty(value)) - return clr_config_namespace(key, lxc_conf, data); + return clr_config_namespace_share(key, lxc_conf, data); - namespace = key + sizeof("lxc.namespace.") - 1; + namespace = key + sizeof("lxc.namespace.share.") - 1; ns_idx = lxc_namespace_2_ns_idx(namespace); if (ns_idx < 0) return ns_idx; - return set_config_string_item(&lxc_conf->inherit_ns[ns_idx], value); + return set_config_string_item(&lxc_conf->ns_share[ns_idx], value); } struct parse_line_conf { @@ -3614,8 +3614,8 @@ static int get_config_noop(const char *key, char *retv, int inlen, return 0; } -static int get_config_namespace(const char *key, char *retv, int inlen, - struct lxc_conf *c, void *data) +static int get_config_namespace_share(const char *key, char *retv, int inlen, + struct lxc_conf *c, void *data) { int len, ns_idx; const char *namespace; @@ -3626,12 +3626,12 @@ static int get_config_namespace(const char *key, char *retv, int inlen, else memset(retv, 0, inlen); - namespace = key + sizeof("lxc.namespace.") - 1; + namespace = key + sizeof("lxc.namespace.share.") - 1; ns_idx = lxc_namespace_2_ns_idx(namespace); if (ns_idx < 0) return ns_idx; - strprint(retv, inlen, "%s", c->inherit_ns[ns_idx]); + strprint(retv, inlen, "%s", c->ns_share[ns_idx]); return fulllen; } @@ -4024,19 +4024,19 @@ static inline int clr_config_noop(const char *key, struct lxc_conf *c, return 0; } -static int clr_config_namespace(const char *key, struct lxc_conf *lxc_conf, - void *data) +static int clr_config_namespace_share(const char *key, + struct lxc_conf *lxc_conf, void *data) { int ns_idx; const char *namespace; - namespace = key + sizeof("lxc.namespace.") - 1; + namespace = key + sizeof("lxc.namespace.share.") - 1; ns_idx = lxc_namespace_2_ns_idx(namespace); if (ns_idx < 0) return ns_idx; - free(lxc_conf->inherit_ns[ns_idx]); - lxc_conf->inherit_ns[ns_idx] = NULL; + free(lxc_conf->ns_share[ns_idx]); + lxc_conf->ns_share[ns_idx] = NULL; return 0; } diff --git a/src/lxc/start.c b/src/lxc/start.c index ab928a91d..fbd4902a9 100644 --- a/src/lxc/start.c +++ b/src/lxc/start.c @@ -1340,41 +1340,41 @@ int resolve_clone_flags(struct lxc_handler *handler) { handler->clone_flags = CLONE_NEWNS; - if (!handler->conf->inherit_ns[LXC_NS_USER]) { + if (!handler->conf->ns_share[LXC_NS_USER]) { if (!lxc_list_empty(&handler->conf->id_map)) handler->clone_flags |= CLONE_NEWUSER; } else { INFO("Inheriting user namespace"); } - if (!handler->conf->inherit_ns[LXC_NS_NET]) { + if (!handler->conf->ns_share[LXC_NS_NET]) { if (!lxc_requests_empty_network(handler)) handler->clone_flags |= CLONE_NEWNET; } else { INFO("Inheriting net namespace"); } - if (!handler->conf->inherit_ns[LXC_NS_IPC]) + if (!handler->conf->ns_share[LXC_NS_IPC]) handler->clone_flags |= CLONE_NEWIPC; else INFO("Inheriting ipc namespace"); - if (!handler->conf->inherit_ns[LXC_NS_UTS]) + if (!handler->conf->ns_share[LXC_NS_UTS]) handler->clone_flags |= CLONE_NEWUTS; else INFO("Inheriting uts namespace"); - if (!handler->conf->inherit_ns[LXC_NS_PID]) + if (!handler->conf->ns_share[LXC_NS_PID]) handler->clone_flags |= CLONE_NEWPID; else INFO("Inheriting pid namespace"); if (cgns_supported()) { - if (!handler->conf->inherit_ns[LXC_NS_CGROUP]) + if (!handler->conf->ns_share[LXC_NS_CGROUP]) handler->clone_flags |= CLONE_NEWCGROUP; else INFO("Inheriting cgroup namespace"); - } else if (handler->conf->inherit_ns[LXC_NS_CGROUP]) { + } else if (handler->conf->ns_share[LXC_NS_CGROUP]) { return -EINVAL; } @@ -1440,10 +1440,10 @@ static int lxc_spawn(struct lxc_handler *handler) wants_to_map_ids = !lxc_list_empty(id_map); for (i = 0; i < LXC_NS_MAX; i++) { - if (!conf->inherit_ns[i]) + if (!conf->ns_share[i]) continue; - handler->nsfd[i] = lxc_inherit_namespace(conf->inherit_ns[i], lxcpath, ns_info[i].proc_name); + handler->nsfd[i] = lxc_inherit_namespace(conf->ns_share[i], lxcpath, ns_info[i].proc_name); if (handler->nsfd[i] < 0) return -1; @@ -1567,7 +1567,7 @@ static int lxc_spawn(struct lxc_handler *handler) * again. */ if (wants_to_map_ids) { - if (!handler->conf->inherit_ns[LXC_NS_USER]) { + if (!handler->conf->ns_share[LXC_NS_USER]) { ret = lxc_map_ids(id_map, handler->pid); if (ret < 0) { ERROR("Failed to set up id mapping."); diff --git a/src/lxc/tools/arguments.c b/src/lxc/tools/arguments.c index 272340b65..ee2cc6c36 100644 --- a/src/lxc/tools/arguments.c +++ b/src/lxc/tools/arguments.c @@ -311,13 +311,13 @@ bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c) continue; if (i == LXC_NS_NET) - key = "lxc.namespace.net"; + key = "lxc.namespace.share.net"; else if (i == LXC_NS_IPC) - key = "lxc.namespace.ipc"; + key = "lxc.namespace.share.ipc"; else if (i == LXC_NS_UTS) - key = "lxc.namespace.uts"; + key = "lxc.namespace.share.uts"; else if (i == LXC_NS_PID) - key = "lxc.namespace.pid"; + key = "lxc.namespace.share.pid"; else continue; diff --git a/src/tests/share_ns.c b/src/tests/share_ns.c index 1b5a6b515..70a755946 100644 --- a/src/tests/share_ns.c +++ b/src/tests/share_ns.c @@ -80,14 +80,14 @@ void *ns_sharing_wrapper(void *data) } /* share ipc namespace by container name */ - if (!c->set_config_item(c, "lxc.namespace.ipc", "owning-ns")) { - lxc_error("Failed to set \"lxc.namespace.ipc=owning-ns\" for container \"%s\"\n", name); + if (!c->set_config_item(c, "lxc.namespace.share.ipc", "owning-ns")) { + lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name); goto out; } /* clear all network configuration */ if (!c->set_config_item(c, "lxc.net", "")) { - lxc_error("Failed to set \"lxc.namespace.ipc=owning-ns\" for container \"%s\"\n", name); + lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name); goto out; } @@ -98,8 +98,8 @@ void *ns_sharing_wrapper(void *data) sprintf(owning_ns_init_pid, "%d", args->init_pid); /* share net namespace by pid */ - if (!c->set_config_item(c, "lxc.namespace.net", owning_ns_init_pid)) { - lxc_error("Failed to set \"lxc.namespace.net=%s\" for container \"%s\"\n", owning_ns_init_pid, name); + if (!c->set_config_item(c, "lxc.namespace.share.net", owning_ns_init_pid)) { + lxc_error("Failed to set \"lxc.namespace.share.net=%s\" for container \"%s\"\n", owning_ns_init_pid, name); goto out; }