Fix up cgroup initialization order and allow /dev/pts device access in LXC

2024-07-16 22:57:15 +00:00 · 2008-10-21 16:46:47 +00:00 · 2008-10-21 16:46:47 +00:00 · e98d8d7997
commit e98d8d7997
parent 85432b0bd0
5 changed files with 47 additions and 3 deletions
--- a/5
+++ b/5
@ -1,3 +1,8 @@
+Tue Oct 21 09:19:24 PDT 2008 Dan Smith <danms@us.ibm.com>
+	* src/cgroup.c src/cgroup.h: Add function to allow major device range
+	* src/lxc_container.h src/controller.c: Fix cgroup initialization
+	  order and fix /dev/pts cgroup permission
+
 Tue Oct 21 16:25:22 CEST 2008 Daniel Veillard <veillard@redhat.com>

 	* HACKING: update with some rules for commiters
--- a/src/cgroup.c
+++ b/src/cgroup.c
@ -761,6 +761,36 @@ out:
    return rc;
 }

+/**
+ * virCgroupAllowDeviceMajor:
+ *
+ * @group: The cgroup to allow an entire device major type for
+ * @type: The device type (i.e., 'c' or 'b')
+ * @major: The major number of the device type
+ *
+ * Returns: 0 on success
+ */
+int virCgroupAllowDeviceMajor(virCgroupPtr group,
+                              char type,
+                              int major)
+{
+    int rc;
+    char *devstr = NULL;
+
+    if (asprintf(&devstr, "%c %i:* rwm", type, major) == -1) {
+        rc = -ENOMEM;
+        goto out;
+    }
+
+    rc = virCgroupSetValueStr(group,
+                              "devices.allow",
+                              devstr);
+ out:
+    VIR_FREE(devstr);
+
+    return rc;
+}
+
 int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares)
 {
    return virCgroupSetValueU64(group, "cpu.shares", (uint64_t)shares);
--- a/src/cgroup.h
+++ b/src/cgroup.h
@ -35,6 +35,9 @@ int virCgroupAllowDevice(virCgroupPtr group,
                         char type,
                         int major,
                         int minor);
+int virCgroupAllowDeviceMajor(virCgroupPtr group,
+                              char type,
+                              int major);

 int virCgroupSetCpuShares(virCgroupPtr group, unsigned long shares);
 int virCgroupGetCpuShares(virCgroupPtr group, unsigned long *shares);
--- a/src/lxc_container.h
+++ b/src/lxc_container.h
@ -40,6 +40,8 @@ enum {
 #define LXC_DEV_MAJ_TTY     5
 #define LXC_DEV_MIN_CONSOLE 1

+#define LXC_DEV_MAJ_PTY     136
+
 int lxcContainerSendContinue(int control);

 int lxcContainerStart(virDomainDefPtr def,
--- a/src/lxc_controller.c
+++ b/src/lxc_controller.c
@ -103,6 +103,10 @@ static int lxcSetContainerResources(virDomainDefPtr def)
            goto out;
    }

+    rc = virCgroupAllowDeviceMajor(cgroup, 'c', LXC_DEV_MAJ_PTY);
+    if (rc != 0)
+        goto out;
+
    rc = virCgroupAddTask(cgroup, getpid());
 out:
    if (rc != 0) {
@ -449,6 +453,9 @@ lxcControllerRun(virDomainDefPtr def,
        goto cleanup;
    }

+    if (lxcSetContainerResources(def) < 0)
+        goto cleanup;
+
    if ((container = lxcContainerStart(def,
                                       nveths,
                                       veths,
@ -461,9 +468,6 @@ lxcControllerRun(virDomainDefPtr def,
    if (lxcControllerMoveInterfaces(nveths, veths, container) < 0)
        goto cleanup;

-    if (lxcSetContainerResources(def) < 0)
-        goto cleanup;
-
    if (lxcContainerSendContinue(control[0]) < 0)
        goto cleanup;