External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

Pass virSecurityManagerPtr object further down into LXC setup code

Browse Source 
Currently the lxcContainerSetupMounts method uses the
virSecurityManagerPtr instance to obtain the mount options
string and then only passes the string down into methods
it calls. As functionality in LXC grows though, those
methods need to have direct access to the virSecurityManagerPtr
instance. So push the code down a level.

Signed-off-by: Daniel P. Berrange <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrange 2012-11-22 14:23:49 +00:00
parent 3f6470f753
commit f999e2fdce
1 changed files with 24 additions and 19 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

43
src/lxc/lxc_container.c
View File

@ -1511,17 +1511,21 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
virDomainFSDefPtr root, virDomainFSDefPtr root,
char **ttyPaths, char **ttyPaths,
size_t nttyPaths, size_t nttyPaths,
char *sec_mount_options) virSecurityManagerPtr securityDriver)
{ {
struct lxcContainerCGroup *mounts = NULL; struct lxcContainerCGroup *mounts = NULL;
size_t nmounts = 0; size_t nmounts = 0;
int ret = -1; int ret = -1;
char *cgroupRoot; char *cgroupRoot = NULL;
char *sec_mount_options;
if (!(sec_mount_options = virSecurityManagerGetMountOptions(securityDriver, vmDef)))
return -1;
/* Before pivoting we need to identify any /* Before pivoting we need to identify any
* cgroups controllers that are mounted */ * cgroups controllers that are mounted */
if (lxcContainerIdentifyCGroups(&mounts, &nmounts, &cgroupRoot) < 0) if (lxcContainerIdentifyCGroups(&mounts, &nmounts, &cgroupRoot) < 0)
return -1; goto cleanup;
/* Gives us a private root, leaving all parent OS mounts on /.oldroot */ /* Gives us a private root, leaving all parent OS mounts on /.oldroot */
if (lxcContainerPivotRoot(root) < 0) if (lxcContainerPivotRoot(root) < 0)
@ -1577,6 +1581,7 @@ static int lxcContainerSetupPivotRoot(virDomainDefPtr vmDef,
cleanup: cleanup:
lxcContainerCGroupFree(mounts, nmounts); lxcContainerCGroupFree(mounts, nmounts);
VIR_FREE(cgroupRoot); VIR_FREE(cgroupRoot);
VIR_FREE(sec_mount_options);
return ret; return ret;
} }
@ -1585,14 +1590,19 @@ cleanup:
but with extra stuff mapped in */ but with extra stuff mapped in */
static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef, static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
virDomainFSDefPtr root, virDomainFSDefPtr root,
char *sec_mount_options) virSecurityManagerPtr securityDriver)
{ {
int ret = -1; int ret = -1;
struct lxcContainerCGroup *mounts = NULL; struct lxcContainerCGroup *mounts = NULL;
size_t nmounts = 0; size_t nmounts = 0;
char *cgroupRoot; char *cgroupRoot = NULL;
char *sec_mount_options;
VIR_DEBUG("def=%p", vmDef); VIR_DEBUG("def=%p", vmDef);
if (!(sec_mount_options = virSecurityManagerGetMountOptions(securityDriver, vmDef)))
return -1;
/* /*
* This makes sure that any new filesystems in the * This makes sure that any new filesystems in the
* host OS propagate to the container, but any * host OS propagate to the container, but any
@ -1601,25 +1611,25 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) { if (mount("", "/", NULL, MS_SLAVE|MS_REC, NULL) < 0) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
_("Failed to make / slave")); _("Failed to make / slave"));
return -1; goto cleanup;
} }
if (root && root->readonly) { if (root && root->readonly) {
if (mount("", "/", NULL, MS_BIND|MS_REC|MS_RDONLY|MS_REMOUNT, NULL) < 0) { if (mount("", "/", NULL, MS_BIND|MS_REC|MS_RDONLY|MS_REMOUNT, NULL) < 0) {
virReportSystemError(errno, "%s", virReportSystemError(errno, "%s",
_("Failed to make root readonly")); _("Failed to make root readonly"));
return -1; goto cleanup;
} }
} }
VIR_DEBUG("Mounting config FS"); VIR_DEBUG("Mounting config FS");
if (lxcContainerMountAllFS(vmDef, "", false, sec_mount_options) < 0) if (lxcContainerMountAllFS(vmDef, "", false, sec_mount_options) < 0)
return -1; goto cleanup;
/* Before replacing /sys we need to identify any /* Before replacing /sys we need to identify any
* cgroups controllers that are mounted */ * cgroups controllers that are mounted */
if (lxcContainerIdentifyCGroups(&mounts, &nmounts, &cgroupRoot) < 0) if (lxcContainerIdentifyCGroups(&mounts, &nmounts, &cgroupRoot) < 0)
return -1; goto cleanup;
#if HAVE_SELINUX #if HAVE_SELINUX
/* Some versions of Linux kernel don't let you overmount /* Some versions of Linux kernel don't let you overmount
@ -1653,6 +1663,7 @@ static int lxcContainerSetupExtraMounts(virDomainDefPtr vmDef,
cleanup: cleanup:
lxcContainerCGroupFree(mounts, nmounts); lxcContainerCGroupFree(mounts, nmounts);
VIR_FREE(cgroupRoot); VIR_FREE(cgroupRoot);
VIR_FREE(sec_mount_options);
return ret; return ret;
} }
@ -1684,21 +1695,15 @@ static int lxcContainerSetupMounts(virDomainDefPtr vmDef,
size_t nttyPaths, size_t nttyPaths,
virSecurityManagerPtr securityDriver) virSecurityManagerPtr securityDriver)
{ {
int rc = -1;
char *sec_mount_options = NULL;
if (lxcContainerResolveSymlinks(vmDef) < 0) if (lxcContainerResolveSymlinks(vmDef) < 0)
return -1; return -1;
if (!(sec_mount_options = virSecurityManagerGetMountOptions(securityDriver, vmDef)))
return -1;
if (root && root->src) if (root && root->src)
rc = lxcContainerSetupPivotRoot(vmDef, root, ttyPaths, nttyPaths, sec_mount_options); return lxcContainerSetupPivotRoot(vmDef, root, ttyPaths, nttyPaths,
securityDriver);
else else
rc = lxcContainerSetupExtraMounts(vmDef, root, sec_mount_options); return lxcContainerSetupExtraMounts(vmDef, root,
securityDriver);
VIR_FREE(sec_mount_options);
return rc;
} }