From nobody Wed May 14 12:39:36 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; dmarc=fail(p=none dis=none) header.from=gmail.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1523827593099988.7859295003175; Sun, 15 Apr 2018 14:26:33 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx06.intmail.prod.int.phx2.redhat.com [10.5.11.16]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 7913381DF2; Sun, 15 Apr 2018 21:26:31 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 40A0C7E4C5; Sun, 15 Apr 2018 21:26:31 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4E7F180596F; Sun, 15 Apr 2018 21:26:30 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w3FLQ3oS029037 for ; Sun, 15 Apr 2018 17:26:03 -0400 Received: by smtp.corp.redhat.com (Postfix) id BD7691B480; Sun, 15 Apr 2018 21:26:03 +0000 (UTC) Received: from mx1.redhat.com (ext-mx06.extmail.prod.ext.phx2.redhat.com [10.5.110.30]) by smtp.corp.redhat.com (Postfix) with ESMTPS id B62FC60926 for ; Sun, 15 Apr 2018 21:26:00 +0000 (UTC) Received: from mail-wr0-f196.google.com (mail-wr0-f196.google.com [209.85.128.196]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id BADA83680B for ; Sun, 15 Apr 2018 21:25:49 +0000 (UTC) Received: by mail-wr0-f196.google.com with SMTP id s18so20707439wrg.9 for ; Sun, 15 Apr 2018 14:25:49 -0700 (PDT) Received: from rst.wireless.abdn.ac.uk (oa-edu-152-42.wireless.abdn.ac.uk. [137.50.152.42]) by smtp.gmail.com with ESMTPSA id c27sm16736853wrg.75.2018.04.15.14.25.47 (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 15 Apr 2018 14:25:47 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZDtAv0HMbsPSJ82G9yPsxCzq1yhdQ/CpYQh+8rYG4Us=; b=iae7MGAeufpMkNtMJcOHT2lbQOTHGoWiBrF0S81Q6muru9wlw9vtTCpsrk8ZVYGpTi CNbafbPxR7N2Tf+0p3pXSrL1xz3flRdrUZI+KSfYzv5llNru/Zg4FGfy3tVkvwLmbM6l 0khidbzJdeSCAmUu4EDb2R3xs8i1uZT1nPTFWgcTxIT412we4+MgRhF3gse43xXkdpiN ZFIeuLFar5tOjK2kPcWfarA0IgKuRob6A45AMNTzASN/DkDy2IfpeUvjfnsgC7SV146c ISSa4iW1g6kY0kw2q1y/fQdR3+LO77urUou/7yU7BJfJGhloXKtEUnc8t5dElMecAWwC qGAg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZDtAv0HMbsPSJ82G9yPsxCzq1yhdQ/CpYQh+8rYG4Us=; b=gsgHoGr2nlbl4kToZhLVmmLjRNpiukjqe6m6vDSjGK2Rm9eig963BXv6TgljGX3oVZ b8xWWbaj4ri3U9WFdjRI/w1nTi1w8dzBhBw2VF4CE/7aR2XYnA9BzAO+hnX90Vb3vQm7 0/nyXGHWNWbyOba3GauLW4zFmhDxcFTpnwffsop9TumkleWvvs+NevsA+Ny1n+gZ9qku RMCAjb+vIqJlCXLatdtqVSmRC7d4t3OqKiu1+5ho00w1BgnflZ7PM0Og+j06ibWyAU4o 0cZ/te3kXJ+dCxhi4xvNtJfBfpeNGxZ5+XoSEPrkKhjbRRxxah7Amix+0ELOyj1xPYMU CMlw== X-Gm-Message-State: ALQs6tCwsDnRf6jaL94o6wgFz8Y+qMRT6hwmVZq6JNDE/OY0IDreYE2k q0OiSWObojAEahnbF1mDCy9cNLHR X-Google-Smtp-Source: AIpwx49kbCbVhX7SBZsHY6I1dvsX3+dow1b6/6Q+sozpno9bd/KPdIYa+A6be1UNth0XJMQsukT5cw== X-Received: by 10.28.217.67 with SMTP id q64mr8793847wmg.12.1523827548115; Sun, 15 Apr 2018 14:25:48 -0700 (PDT) From: Radostin Stoyanov To: libvir-list@redhat.com Date: Sun, 15 Apr 2018 22:25:39 +0100 Message-Id: <20180415212539.19974-4-rstoyanov1@gmail.com> In-Reply-To: <20180415212539.19974-1-rstoyanov1@gmail.com> References: <20180415212539.19974-1-rstoyanov1@gmail.com> X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sun, 15 Apr 2018 21:25:50 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.30]); Sun, 15 Apr 2018 21:25:50 +0000 (UTC) for IP:'209.85.128.196' DOMAIN:'mail-wr0-f196.google.com' HELO:'mail-wr0-f196.google.com' FROM:'rstoyanov1@gmail.com' RCPT:'' X-RedHat-Spam-Score: 1.55 * (DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED, FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, NML_ADSP_CUSTOM_MED, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_PASS, T_DKIM_INVALID) 209.85.128.196 mail-wr0-f196.google.com 209.85.128.196 mail-wr0-f196.google.com X-Scanned-By: MIMEDefang 2.78 on 10.5.110.30 X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-loop: libvir-list@redhat.com Cc: Radostin Stoyanov Subject: [libvirt] [RFC 3/3] lxc: Mount NBD devices before clone X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.16 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]); Sun, 15 Apr 2018 21:26:31 +0000 (UTC) X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When user-namespace is enabled we are not allowed to mount block/NBD devices. Instead, mount /dev/nbdX to /run/libvirt/lxc/.root and set: fs->src->path =3D /run/libvirt/lxc/.root fs->type =3D VIR_DOMAIN_FS_TYPE_MOUNT --- src/lxc/lxc_container.c | 53 --------------------------------------------= ---- src/lxc/lxc_controller.c | 49 +++++++++++++++++++++++++++++--------------- 2 files changed, 33 insertions(+), 69 deletions(-) diff --git a/src/lxc/lxc_container.c b/src/lxc/lxc_container.c index 3b8cb966e..420bb20ab 100644 --- a/src/lxc/lxc_container.c +++ b/src/lxc/lxc_container.c @@ -658,55 +658,6 @@ static int lxcContainerResolveSymlinks(virDomainFSDefP= tr fs, bool gentle) return 0; } =20 -static int lxcContainerPrepareRoot(virDomainDefPtr def, - virDomainFSDefPtr root, - const char *sec_mount_options) -{ - char *dst; - char *tmp; - - VIR_DEBUG("Prepare root %d", root->type); - - if (root->type =3D=3D VIR_DOMAIN_FS_TYPE_MOUNT) - return 0; - - if (root->type =3D=3D VIR_DOMAIN_FS_TYPE_FILE) { - virReportError(VIR_ERR_INTERNAL_ERROR, "%s", - _("Unexpected root filesystem without loop device")= ); - return -1; - } - - if (root->type !=3D VIR_DOMAIN_FS_TYPE_BLOCK) { - virReportError(VIR_ERR_CONFIG_UNSUPPORTED, - _("Unsupported root filesystem type %s"), - virDomainFSTypeToString(root->type)); - return -1; - } - - if (lxcContainerResolveSymlinks(root, false) < 0) - return -1; - - if (virAsprintf(&dst, "%s/%s.root", - LXC_STATE_DIR, def->name) < 0) - return -1; - - tmp =3D root->dst; - root->dst =3D dst; - - if (lxcContainerMountFSBlock(root, "", sec_mount_options) < 0) { - root->dst =3D tmp; - VIR_FREE(dst); - return -1; - } - - root->dst =3D tmp; - root->type =3D VIR_DOMAIN_FS_TYPE_MOUNT; - VIR_FREE(root->src->path); - root->src->path =3D dst; - - return 0; -} - static int lxcContainerPivotRoot(virDomainFSDefPtr root) { int ret; @@ -1755,10 +1706,6 @@ static int lxcContainerSetupPivotRoot(virDomainDefPt= r vmDef, if (virFileResolveAllLinks(LXC_STATE_DIR, &stateDir) < 0) goto cleanup; =20 - /* Ensure the root filesystem is mounted */ - if (lxcContainerPrepareRoot(vmDef, root, sec_mount_options) < 0) - goto cleanup; - /* Gives us a private root, leaving all parent OS mounts on /.oldroot = */ if (lxcContainerPivotRoot(root) < 0) goto cleanup; diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c index 61d9ed07b..d1ae60b1d 100644 --- a/src/lxc/lxc_controller.c +++ b/src/lxc/lxc_controller.c @@ -530,9 +530,12 @@ static int virLXCControllerAppendNBDPids(virLXCControl= lerPtr ctrl, } =20 =20 -static int virLXCControllerSetupNBDDeviceFS(virDomainFSDefPtr fs) +static int virLXCControllerSetupNBDDeviceFS(virLXCControllerPtr ctrl, + virDomainFSDefPtr fs) { - char *dev; + char *dev, *dst, *tmp, *sec_mount_options; + virDomainDefPtr def =3D ctrl->def; + virSecurityManagerPtr securityDriver =3D ctrl->securityManager; =20 if (fs->format <=3D VIR_STORAGE_FILE_NONE) { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s", @@ -540,22 +543,42 @@ static int virLXCControllerSetupNBDDeviceFS(virDomain= FSDefPtr fs) return -1; } =20 + if (virAsprintf(&dst, "%s/%s.root/", + LXC_STATE_DIR, def->name) < 0) + return -1; + + if (!(sec_mount_options =3D virSecurityManagerGetMountOptions(security= Driver, def))) + return -1; + if (virFileNBDDeviceAssociate(fs->src->path, fs->format, fs->readonly, &dev) < 0) return -1; =20 - VIR_DEBUG("Changing fs %s to use type=3Dblock for dev %s", - fs->src->path, dev); - /* - * We now change it into a block device type, so that - * the rest of container setup 'just works' - */ - fs->type =3D VIR_DOMAIN_FS_TYPE_BLOCK; VIR_FREE(fs->src->path); fs->src->path =3D dev; =20 + tmp =3D fs->dst; + fs->dst =3D dst; + + if (lxcContainerMountFSBlock(fs, "", sec_mount_options) < 0) { + fs->dst =3D tmp; + VIR_FREE(dst); + return -1; + } + + fs->dst =3D tmp; + fs->type =3D VIR_DOMAIN_FS_TYPE_MOUNT; + + /* The NBD device will be cleaned up while the cgroup will end. + * For this we need to remember the qemu-nbd pid and add it to + * the cgroup*/ + if (virLXCControllerAppendNBDPids(ctrl, fs->src->path) < 0) + + VIR_FREE(fs->src->path); + fs->src->path =3D dst; + return 0; } =20 @@ -637,13 +660,7 @@ static int virLXCControllerSetupLoopDevices(virLXCCont= rollerPtr ctrl) } ctrl->loopDevFds[ctrl->nloopDevs - 1] =3D fd; } else if (fs->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TYPE_NBD) { - if (virLXCControllerSetupNBDDeviceFS(fs) < 0) - goto cleanup; - - /* The NBD device will be cleaned up while the cgroup will end. - * For this we need to remember the qemu-nbd pid and add it to - * the cgroup*/ - if (virLXCControllerAppendNBDPids(ctrl, fs->src->path) < 0) + if (virLXCControllerSetupNBDDeviceFS(ctrl, fs) < 0) goto cleanup; } else { virReportError(VIR_ERR_CONFIG_UNSUPPORTED, --=20 2.14.3 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list