proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-26 08:44:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

confile: lxc.namespace.* -> lxc.namespace.share.*

Browse Source 
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
This commit is contained in:
Christian Brauner 2018-02-02 11:53:51 +01:00
parent 3fb8253d91
commit b074bbf179
No known key found for this signature in database
GPG Key ID: 8EB056D53EECB12D
7 changed files with 46 additions and 44 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
doc/lxc.container.conf.sgml.in
View File

@ -1433,7 +1433,7 @@ dev/null proc/kcore none bind,relative 0 0
<variablelist> <variablelist>
<varlistentry> <varlistentry>
<term> <term>
<option>lxc.namespace.[namespace identifier]</option> <option>lxc.namespace.share.[namespace identifier]</option>
</term> </term>
<listitem> <listitem>
<para> <para>
@ -1445,22 +1445,22 @@ dev/null proc/kcore none bind,relative 0 0
<para> <para>
To inherit the namespace from another process set the To inherit the namespace from another process set the
<option>lxc.namespace.[namespace identifier]</option> to the PID of <option>lxc.namespace.share.[namespace identifier]</option> to the PID of
the process, e.g. <option>lxc.namespace.net=42</option>. the process, e.g. <option>lxc.namespace.share.net=42</option>.
</para> </para>
<para> <para>
To inherit the namespace from another container set the To inherit the namespace from another container set the
<option>lxc.namespace.[namespace identifier]</option> to the name of <option>lxc.namespace.share.[namespace identifier]</option> to the name of
the container, e.g. <option>lxc.namespace.pid=c3</option>. the container, e.g. <option>lxc.namespace.share.pid=c3</option>.
</para> </para>
<para> <para>
To inherit the namespace from another container located in a To inherit the namespace from another container located in a
different path than the standard liblxc path set the different path than the standard liblxc path set the
<option>lxc.namespace.[namespace identifier]</option> to the full <option>lxc.namespace.share.[namespace identifier]</option> to the full
path to the container, e.g. path to the container, e.g.
<option>lxc.namespace.user=/opt/c3</option>. <option>lxc.namespace.share.user=/opt/c3</option>.
</para> </para>
<para> <para>

2
src/lxc/conf.c
View File

@ -2583,7 +2583,7 @@ struct lxc_conf *lxc_conf_init(void)
new->init_uid = 0; new->init_uid = 0;
new->init_gid = 0; new->init_gid = 0;
memset(&new->cgroup_meta, 0, sizeof(struct lxc_cgroup)); memset(&new->cgroup_meta, 0, sizeof(struct lxc_cgroup));
memset(&new->inherit_ns, 0, sizeof(char *) * LXC_NS_MAX); memset(&new->ns_share, 0, sizeof(char *) * LXC_NS_MAX);
return new; return new;
} }

4
src/lxc/conf.h
View File

@ -404,7 +404,9 @@ struct lxc_conf {
*/ */
struct lxc_cgroup cgroup_meta; struct lxc_cgroup cgroup_meta;
char *inherit_ns[LXC_NS_MAX]; struct {
char *ns_share[LXC_NS_MAX];
};
/* init working directory */ /* init working directory */
char *init_cwd; char *init_cwd;

32
src/lxc/confile.c
View File

@ -107,7 +107,7 @@ lxc_config_define(monitor);
lxc_config_define(mount); lxc_config_define(mount);
lxc_config_define(mount_auto); lxc_config_define(mount_auto);
lxc_config_define(mount_fstab); lxc_config_define(mount_fstab);
lxc_config_define(namespace); lxc_config_define(namespace_share);
lxc_config_define(net); lxc_config_define(net);
lxc_config_define(net_flags); lxc_config_define(net_flags);
lxc_config_define(net_hwaddr); lxc_config_define(net_hwaddr);
@ -191,7 +191,7 @@ static struct lxc_config_t config[] = {
{ "lxc.mount.auto", false, set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, }, { "lxc.mount.auto", false, set_config_mount_auto, get_config_mount_auto, clr_config_mount_auto, },
{ "lxc.mount.entry", false, set_config_mount, get_config_mount, clr_config_mount, }, { "lxc.mount.entry", false, set_config_mount, get_config_mount, clr_config_mount, },
{ "lxc.mount.fstab", false, set_config_mount_fstab, get_config_mount_fstab, clr_config_mount_fstab, }, { "lxc.mount.fstab", false, set_config_mount_fstab, get_config_mount_fstab, clr_config_mount_fstab, },
{ "lxc.namespace", false, set_config_namespace, get_config_namespace, clr_config_namespace, }, { "lxc.namespace.share", false, set_config_namespace_share, get_config_namespace_share, clr_config_namespace_share, },
/* [START]: REMOVE IN LXC 3.0 */ /* [START]: REMOVE IN LXC 3.0 */
{ "lxc.network.type", true, set_config_network_legacy_type, get_config_network_legacy_item, clr_config_network_legacy_item, }, { "lxc.network.type", true, set_config_network_legacy_type, get_config_network_legacy_item, clr_config_network_legacy_item, },
@ -2180,21 +2180,21 @@ static int set_config_uts_name(const char *key, const char *value,
return 0; return 0;
} }
static int set_config_namespace(const char *key, const char *value, static int set_config_namespace_share(const char *key, const char *value,
struct lxc_conf *lxc_conf, void *data) struct lxc_conf *lxc_conf, void *data)
{ {
int ns_idx; int ns_idx;
const char *namespace; const char *namespace;
if (lxc_config_value_empty(value)) if (lxc_config_value_empty(value))
return clr_config_namespace(key, lxc_conf, data); return clr_config_namespace_share(key, lxc_conf, data);
namespace = key + sizeof("lxc.namespace.") - 1; namespace = key + sizeof("lxc.namespace.share.") - 1;
ns_idx = lxc_namespace_2_ns_idx(namespace); ns_idx = lxc_namespace_2_ns_idx(namespace);
if (ns_idx < 0) if (ns_idx < 0)
return ns_idx; return ns_idx;
return set_config_string_item(&lxc_conf->inherit_ns[ns_idx], value); return set_config_string_item(&lxc_conf->ns_share[ns_idx], value);
} }
struct parse_line_conf { struct parse_line_conf {
@ -3614,8 +3614,8 @@ static int get_config_noop(const char *key, char *retv, int inlen,
return 0; return 0;
} }
static int get_config_namespace(const char *key, char *retv, int inlen, static int get_config_namespace_share(const char *key, char *retv, int inlen,
struct lxc_conf *c, void *data) struct lxc_conf *c, void *data)
{ {
int len, ns_idx; int len, ns_idx;
const char *namespace; const char *namespace;
@ -3626,12 +3626,12 @@ static int get_config_namespace(const char *key, char *retv, int inlen,
else else
memset(retv, 0, inlen); memset(retv, 0, inlen);
namespace = key + sizeof("lxc.namespace.") - 1; namespace = key + sizeof("lxc.namespace.share.") - 1;
ns_idx = lxc_namespace_2_ns_idx(namespace); ns_idx = lxc_namespace_2_ns_idx(namespace);
if (ns_idx < 0) if (ns_idx < 0)
return ns_idx; return ns_idx;
strprint(retv, inlen, "%s", c->inherit_ns[ns_idx]); strprint(retv, inlen, "%s", c->ns_share[ns_idx]);
return fulllen; return fulllen;
} }
@ -4024,19 +4024,19 @@ static inline int clr_config_noop(const char *key, struct lxc_conf *c,
return 0; return 0;
} }
static int clr_config_namespace(const char *key, struct lxc_conf *lxc_conf, static int clr_config_namespace_share(const char *key,
void *data) struct lxc_conf *lxc_conf, void *data)
{ {
int ns_idx; int ns_idx;
const char *namespace; const char *namespace;
namespace = key + sizeof("lxc.namespace.") - 1; namespace = key + sizeof("lxc.namespace.share.") - 1;
ns_idx = lxc_namespace_2_ns_idx(namespace); ns_idx = lxc_namespace_2_ns_idx(namespace);
if (ns_idx < 0) if (ns_idx < 0)
return ns_idx; return ns_idx;
free(lxc_conf->inherit_ns[ns_idx]); free(lxc_conf->ns_share[ns_idx]);
lxc_conf->inherit_ns[ns_idx] = NULL; lxc_conf->ns_share[ns_idx] = NULL;
return 0; return 0;
} }

20
src/lxc/start.c
View File

@ -1340,41 +1340,41 @@ int resolve_clone_flags(struct lxc_handler *handler)
{ {
handler->clone_flags = CLONE_NEWNS; handler->clone_flags = CLONE_NEWNS;
if (!handler->conf->inherit_ns[LXC_NS_USER]) { if (!handler->conf->ns_share[LXC_NS_USER]) {
if (!lxc_list_empty(&handler->conf->id_map)) if (!lxc_list_empty(&handler->conf->id_map))
handler->clone_flags |= CLONE_NEWUSER; handler->clone_flags |= CLONE_NEWUSER;
} else { } else {
INFO("Inheriting user namespace"); INFO("Inheriting user namespace");
} }
if (!handler->conf->inherit_ns[LXC_NS_NET]) { if (!handler->conf->ns_share[LXC_NS_NET]) {
if (!lxc_requests_empty_network(handler)) if (!lxc_requests_empty_network(handler))
handler->clone_flags |= CLONE_NEWNET; handler->clone_flags |= CLONE_NEWNET;
} else { } else {
INFO("Inheriting net namespace"); INFO("Inheriting net namespace");
} }
if (!handler->conf->inherit_ns[LXC_NS_IPC]) if (!handler->conf->ns_share[LXC_NS_IPC])
handler->clone_flags |= CLONE_NEWIPC; handler->clone_flags |= CLONE_NEWIPC;
else else
INFO("Inheriting ipc namespace"); INFO("Inheriting ipc namespace");
if (!handler->conf->inherit_ns[LXC_NS_UTS]) if (!handler->conf->ns_share[LXC_NS_UTS])
handler->clone_flags |= CLONE_NEWUTS; handler->clone_flags |= CLONE_NEWUTS;
else else
INFO("Inheriting uts namespace"); INFO("Inheriting uts namespace");
if (!handler->conf->inherit_ns[LXC_NS_PID]) if (!handler->conf->ns_share[LXC_NS_PID])
handler->clone_flags |= CLONE_NEWPID; handler->clone_flags |= CLONE_NEWPID;
else else
INFO("Inheriting pid namespace"); INFO("Inheriting pid namespace");
if (cgns_supported()) { if (cgns_supported()) {
if (!handler->conf->inherit_ns[LXC_NS_CGROUP]) if (!handler->conf->ns_share[LXC_NS_CGROUP])
handler->clone_flags |= CLONE_NEWCGROUP; handler->clone_flags |= CLONE_NEWCGROUP;
else else
INFO("Inheriting cgroup namespace"); INFO("Inheriting cgroup namespace");
} else if (handler->conf->inherit_ns[LXC_NS_CGROUP]) { } else if (handler->conf->ns_share[LXC_NS_CGROUP]) {
return -EINVAL; return -EINVAL;
} }
@ -1440,10 +1440,10 @@ static int lxc_spawn(struct lxc_handler *handler)
wants_to_map_ids = !lxc_list_empty(id_map); wants_to_map_ids = !lxc_list_empty(id_map);
for (i = 0; i < LXC_NS_MAX; i++) { for (i = 0; i < LXC_NS_MAX; i++) {
if (!conf->inherit_ns[i]) if (!conf->ns_share[i])
continue; continue;
handler->nsfd[i] = lxc_inherit_namespace(conf->inherit_ns[i], lxcpath, ns_info[i].proc_name); handler->nsfd[i] = lxc_inherit_namespace(conf->ns_share[i], lxcpath, ns_info[i].proc_name);
if (handler->nsfd[i] < 0) if (handler->nsfd[i] < 0)
return -1; return -1;
@ -1567,7 +1567,7 @@ static int lxc_spawn(struct lxc_handler *handler)
* again. * again.
*/ */
if (wants_to_map_ids) { if (wants_to_map_ids) {
if (!handler->conf->inherit_ns[LXC_NS_USER]) { if (!handler->conf->ns_share[LXC_NS_USER]) {
ret = lxc_map_ids(id_map, handler->pid); ret = lxc_map_ids(id_map, handler->pid);
if (ret < 0) { if (ret < 0) {
ERROR("Failed to set up id mapping."); ERROR("Failed to set up id mapping.");

8
src/lxc/tools/arguments.c
View File

@ -311,13 +311,13 @@ bool lxc_setup_shared_ns(struct lxc_arguments *args, struct lxc_container *c)
continue; continue;
if (i == LXC_NS_NET) if (i == LXC_NS_NET)
key = "lxc.namespace.net"; key = "lxc.namespace.share.net";
else if (i == LXC_NS_IPC) else if (i == LXC_NS_IPC)
key = "lxc.namespace.ipc"; key = "lxc.namespace.share.ipc";
else if (i == LXC_NS_UTS) else if (i == LXC_NS_UTS)
key = "lxc.namespace.uts"; key = "lxc.namespace.share.uts";
else if (i == LXC_NS_PID) else if (i == LXC_NS_PID)
key = "lxc.namespace.pid"; key = "lxc.namespace.share.pid";
else else
continue; continue;

10
src/tests/share_ns.c
View File

@ -80,14 +80,14 @@ void *ns_sharing_wrapper(void *data)
} }
/* share ipc namespace by container name */ /* share ipc namespace by container name */
if (!c->set_config_item(c, "lxc.namespace.ipc", "owning-ns")) { if (!c->set_config_item(c, "lxc.namespace.share.ipc", "owning-ns")) {
lxc_error("Failed to set \"lxc.namespace.ipc=owning-ns\" for container \"%s\"\n", name); lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name);
goto out; goto out;
} }
/* clear all network configuration */ /* clear all network configuration */
if (!c->set_config_item(c, "lxc.net", "")) { if (!c->set_config_item(c, "lxc.net", "")) {
lxc_error("Failed to set \"lxc.namespace.ipc=owning-ns\" for container \"%s\"\n", name); lxc_error("Failed to set \"lxc.namespace.share.ipc=owning-ns\" for container \"%s\"\n", name);
goto out; goto out;
} }
@ -98,8 +98,8 @@ void *ns_sharing_wrapper(void *data)
sprintf(owning_ns_init_pid, "%d", args->init_pid); sprintf(owning_ns_init_pid, "%d", args->init_pid);
/* share net namespace by pid */ /* share net namespace by pid */
if (!c->set_config_item(c, "lxc.namespace.net", owning_ns_init_pid)) { if (!c->set_config_item(c, "lxc.namespace.share.net", owning_ns_init_pid)) {
lxc_error("Failed to set \"lxc.namespace.net=%s\" for container \"%s\"\n", owning_ns_init_pid, name); lxc_error("Failed to set \"lxc.namespace.share.net=%s\" for container \"%s\"\n", owning_ns_init_pid, name);
goto out; goto out;
} }