From 64c5b6bc06a127e147290c147a9be00be60de261 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Date: Thu, 23 May 2019 11:34:08 +0100 Subject: [PATCH] lxc: acquire a pidfile in the driver root directory MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit When we allow multiple instances of the driver for the same user account, using a separate root directory, we need to ensure mutual exclusion. Use a pidfile to guarantee this. In privileged libvirtd this ends up locking /var/run/libvirt/lxc/driver.pid In unprivileged libvirtd this ends up locking /run/user/$UID/libvirt/lxc/run/driver.pid NB, the latter can vary depending on $XDG_RUNTIME_DIR Signed-off-by: Daniel P. Berrangé --- src/lxc/lxc_conf.h | 3 +++ src/lxc/lxc_driver.c | 9 +++++++++ 2 files changed, 12 insertions(+) diff --git a/src/lxc/lxc_conf.h b/src/lxc/lxc_conf.h index dc5531ebf9..e26ca22d3c 100644 --- a/src/lxc/lxc_conf.h +++ b/src/lxc/lxc_conf.h @@ -70,6 +70,9 @@ struct _virLXCDriver { * then lockless thereafter */ virLXCDriverConfigPtr config; + /* pid file FD, ensures two copies of the driver can't use the same root */ + int lockFD; + /* Require lock to get a reference on the object, * lockless access thereafter */ virCapsPtr caps; diff --git a/src/lxc/lxc_driver.c b/src/lxc/lxc_driver.c index 9db2a02dee..3982c24f34 100644 --- a/src/lxc/lxc_driver.c +++ b/src/lxc/lxc_driver.c @@ -1559,6 +1559,7 @@ static int lxcStateInitialize(bool privileged, if (VIR_ALLOC(lxc_driver) < 0) return -1; + lxc_driver->lockFD = -1; if (virMutexInit(&lxc_driver->lock) < 0) { VIR_FREE(lxc_driver); return -1; @@ -1605,6 +1606,10 @@ static int lxcStateInitialize(bool privileged, goto cleanup; } + if ((lxc_driver->lockFD = + virPidFileAcquire(cfg->stateDir, "driver", true, getpid())) < 0) + goto cleanup; + /* Get all the running persistent or transient configs first */ if (virDomainObjListLoadAllConfigs(lxc_driver->domains, cfg->stateDir, @@ -1696,6 +1701,10 @@ static int lxcStateCleanup(void) virObjectUnref(lxc_driver->caps); virObjectUnref(lxc_driver->securityManager); virObjectUnref(lxc_driver->xmlopt); + + if (lxc_driver->lockFD != -1) + virPidFileRelease(lxc_driver->config->stateDir, "driver", lxc_driver->lockFD); + virObjectUnref(lxc_driver->config); virMutexDestroy(&lxc_driver->lock); VIR_FREE(lxc_driver);