proxmox-mirrors/mirror_lxc
1
0
Fork 0
mirror of https://git.proxmox.com/git/mirror_lxc synced 2025-07-28 09:32:49 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

attach: setns instead of unshare in lxc-attach

Browse Source 
lxc-checkpoint will fail because process createdy by lxc-attach has
incorrect cgroup ns. It needs to use "setns" instead of "unshare"
to set cgroup ns.

Signed-off-by: Chen Haiquan <oc@yunify.com>
This commit is contained in:
oc 2016-07-27 22:43:58 +08:00
parent 813d7f1453
commit dac862c015
1 changed files with 4 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
src/lxc/attach.c
View File

@ -217,10 +217,10 @@ static int lxc_attach_to_ns(pid_t pid, int which)
* the file for user namepsaces in /proc/$pid/ns will be called * the file for user namepsaces in /proc/$pid/ns will be called
* 'user' once the kernel supports it * 'user' once the kernel supports it
*/ */
static char *ns[] = { "user", "mnt", "pid", "uts", "ipc", "net" }; static char *ns[] = { "user", "mnt", "pid", "uts", "ipc", "net", "cgroup" };
static int flags[] = { static int flags[] = {
CLONE_NEWUSER, CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC, CLONE_NEWUSER, CLONE_NEWNS, CLONE_NEWPID, CLONE_NEWUTS, CLONE_NEWIPC,
CLONE_NEWNET CLONE_NEWNET, CLONE_NEWCGROUP
}; };
static const int size = sizeof(ns) / sizeof(char *); static const int size = sizeof(ns) / sizeof(char *);
int fd[size]; int fd[size];
@ -720,7 +720,6 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
int ipc_sockets[2]; int ipc_sockets[2];
int procfd; int procfd;
signed long personality; signed long personality;
bool unshare_cgns = false;
if (!options) if (!options)
options = &attach_static_default_options; options = &attach_static_default_options;
@ -931,8 +930,8 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
rexit(-1); rexit(-1);
} }
if (options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP && cgns_supported()) if ((options->attach_flags & LXC_ATTACH_MOVE_TO_CGROUP) && cgns_supported())
unshare_cgns = true; options->namespaces |= CLONE_NEWCGROUP;
procfd = open("/proc", O_DIRECTORY | O_RDONLY); procfd = open("/proc", O_DIRECTORY | O_RDONLY);
if (procfd < 0) { if (procfd < 0) {
@ -961,14 +960,6 @@ int lxc_attach(const char* name, const char* lxcpath, lxc_attach_exec_t exec_fun
WARN("could not change directory to '%s'", new_cwd); WARN("could not change directory to '%s'", new_cwd);
free(cwd); free(cwd);
if (unshare_cgns) {
if (unshare(CLONE_NEWCGROUP) != 0) {
SYSERROR("cgroupns unshare: permission denied");
rexit(-1);
}
INFO("Unshared cgroup namespace");
}
/* now create the real child process */ /* now create the real child process */
{ {
struct attach_clone_payload payload = { struct attach_clone_payload payload = {