Revert "lxc: Prevent shutting down the host"

This reverts commit c9c87376f2b2197ad774533ad6a6dd2f631ca105. Now that we force all containers to have a root filesystem, there is no way the host's /dev is ever exposed Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
2025-02-22 03:12:22 +00:00 · 2013-04-03 17:00:20 +01:00 · 2013-04-03 17:00:20 +01:00 · edd87fa2ea
commit edd87fa2ea
parent c131525bec
1 changed files with 16 additions and 27 deletions
--- a/src/lxc/lxc_driver.c
+++ b/src/lxc/lxc_driver.c
@ -2778,19 +2778,13 @@ lxcDomainShutdownFlags(virDomainPtr dom,
    virLXCDriverPtr driver = dom->conn->privateData;
    virLXCDomainObjPrivatePtr priv;
    virDomainObjPtr vm;
-    virDomainFSDefPtr root;
    char *vroot = NULL;
    int ret = -1;
-    int rc = 0;
-    bool methodSignal;
-    bool methodInitctl;
+    int rc;

    virCheckFlags(VIR_DOMAIN_SHUTDOWN_INITCTL |
                  VIR_DOMAIN_SHUTDOWN_SIGNAL, -1);

-    methodSignal = !!(flags & VIR_DOMAIN_SHUTDOWN_SIGNAL);
-    methodInitctl = !!(flags & VIR_DOMAIN_SHUTDOWN_INITCTL);
-
    lxcDriverLock(driver);
    vm = virDomainObjListFindByUUID(driver->domains, dom->uuid);
    lxcDriverUnlock(driver);
@ -2804,7 +2798,6 @@ lxcDomainShutdownFlags(virDomainPtr dom,
    }

    priv = vm->privateData;
-    root = virDomainGetRootFilesystem(vm->def);

    if (!virDomainObjIsActive(vm)) {
        virReportError(VIR_ERR_OPERATION_INVALID,
@ -2824,31 +2817,27 @@ lxcDomainShutdownFlags(virDomainPtr dom,
        goto cleanup;
    }

-    if (root && root->src) {
-        if (flags == 0)
-            methodSignal = methodInitctl = true;
-    } else if (methodInitctl) {
-        virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
-                       _("Cannot shutdown container using initctl "
-                         "without separated namespace"));
-        goto cleanup;
-    } else {
-        methodSignal = true;
-    }
-
-    if (methodInitctl) {
-        rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF, vroot);
-        if (rc < 0)
+    if (flags == 0 ||
+        (flags & VIR_DOMAIN_SHUTDOWN_INITCTL)) {
+        if ((rc = virInitctlSetRunLevel(VIR_INITCTL_RUNLEVEL_POWEROFF,
+                                        vroot)) < 0) {
            goto cleanup;
-        if (rc == 0 && !methodSignal) {
+        }
+        if (rc == 0 && flags != 0 &&
+            ((flags & ~VIR_DOMAIN_SHUTDOWN_INITCTL) == 0)) {
            virReportError(VIR_ERR_OPERATION_UNSUPPORTED, "%s",
                           _("Container does not provide an initctl pipe"));
            goto cleanup;
        }
+    } else {
+        rc = 0;
    }
-    if (rc == 0 && methodSignal) {
-        ret = kill(priv->initpid, SIGTERM);
-        if (ret < 0 && errno != ESRCH) {
+
+    if (rc == 0 &&
+        (flags == 0 ||
+         (flags & VIR_DOMAIN_SHUTDOWN_SIGNAL))) {
+        if (kill(priv->initpid, SIGTERM) < 0 &&
+            errno != ESRCH) {
            virReportSystemError(errno,
                                 _("Unable to send SIGTERM to init pid %llu"),
                                 (unsigned long long)priv->initpid);