From nobody Wed May 14 02:26:22 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=none dis=none)  header.from=gmail.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1528629318484114.25479197668267;
 Sun, 10 Jun 2018 04:15:18 -0700 (PDT)
Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.phx2.redhat.com
 [10.5.11.12])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 3D43481DF1;
	Sun, 10 Jun 2018 11:15:17 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id ED3DC7F544;
	Sun, 10 Jun 2018 11:15:16 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id A18694CA83;
	Sun, 10 Jun 2018 11:15:16 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx11.intmail.prod.int.phx2.redhat.com
	[10.5.11.26])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w5ABEn5F008000 for <libvir-list@listman.util.phx.redhat.com>;
	Sun, 10 Jun 2018 07:14:49 -0400
Received: by smtp.corp.redhat.com (Postfix)
	id A3FE63001A70; Sun, 10 Jun 2018 11:14:49 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx16.extmail.prod.ext.phx2.redhat.com
	[10.5.110.45])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9BB573001A47
	for <libvir-list@redhat.com>; Sun, 10 Jun 2018 11:14:49 +0000 (UTC)
Received: from mail-wr0-f181.google.com (mail-wr0-f181.google.com
	[209.85.128.181])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 689F43082A39
	for <libvir-list@redhat.com>; Sun, 10 Jun 2018 11:14:38 +0000 (UTC)
Received: by mail-wr0-f181.google.com with SMTP id x4-v6so9312168wro.11
	for <libvir-list@redhat.com>; Sun, 10 Jun 2018 04:14:38 -0700 (PDT)
Received: from rst.Home ([2a02:c7d:692a:c500:1ebc:73f3:5f60:b131])
	by smtp.gmail.com with ESMTPSA id
	f2-v6sm6869448wre.16.2018.06.10.04.14.35
	(version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256);
	Sun, 10 Jun 2018 04:14:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
	h=from:to:cc:subject:date:message-id:in-reply-to:references;
	bh=fL/hWvIWTqR9uVcbKTosqe6c9gggQmE+aBjQk7LMNXM=;
	b=JwAjs96/yxKDF2DYjGLHaWXXHGg9SuwH3wkgIewHkidsumQ5thqK/UNIfbFdxxa/4g
	je5IFCPNxz1a2gqxLr7H+0dtuTMRGub1dHoWg/PIkigCWLIyIDhuj5IxukwqovAAIje9
	aq4aMdiKljMb8j6/grufAYeiN2F9fV2NKjCaaBtSqxYyRwCoSbS3Lw8pdZ8HRMkVbQKN
	CyRyjlECN53TggFOfvTz0w9Fd+xVtIKWDyY04it7ROLq3U21Wwi876CADXhDtmL0cUsO
	xGFIYAhwEoaTc/qVdgCjqOyvFWaicdmSiBE42f+zmE+gDRnZ4KQUxow3RCsE8i3ssNv7
	0NZQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
	d=1e100.net; s=20161025;
	h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
	:references;
	bh=fL/hWvIWTqR9uVcbKTosqe6c9gggQmE+aBjQk7LMNXM=;
	b=BRlmRejtjgj5zqL1tRS3vjPtS5KGyuv1lIzmO82Dx+XbkveTapPM7TV+D2dO6cF3ZS
	emPzxdnXd9/DBOVwS4qfpHObu/LnKmt7AoDtqex0GB8bwBVhv9QCpWF016820j1oHlb5
	273A2GRX3FRhnRKqz2mrrPlA3MLyyDfn53Ju+Zl4XoIO3OHXkTj/BhhFHN0vVjKQKJd1
	mJ/fwbIxWUry0a+KA0Z5NWDw0dTNToWxehryJs+sot5kgxSWjimyN4rMUcFAybSk9zq+
	oiaKIyCrou+/bY/JgT04KfNm3yHXoZqjx2gmOvsOxUCWRCR4LIKUMpEM6HRGUMIGiGw+
	ms7g==
X-Gm-Message-State: APt69E2Mc7PyBxy1VpJReggRz35HakPa/5ApDGLNJdtdaoUXkaNP1Nko
	UBWB2kbb4gWa/SY/xga8qwAfRxcN
X-Google-Smtp-Source: 
 ADUXVKKO00ZHg2bRwh3gbAVDSfijGDpHHIYG3Xch7JKRS13BLBW9vd4nq5L5ZVEr3uaIdBzFOT+YKQ==
X-Received: by 2002:adf:84c2:: with SMTP id
	60-v6mr10496832wrg.167.1528629276839;
	Sun, 10 Jun 2018 04:14:36 -0700 (PDT)
From: Radostin Stoyanov <rstoyanov1@gmail.com>
To: libvir-list@redhat.com
Date: Sun, 10 Jun 2018 12:14:25 +0100
Message-Id: <20180610111426.5211-4-rstoyanov1@gmail.com>
In-Reply-To: <20180610111426.5211-1-rstoyanov1@gmail.com>
References: <20180610111426.5211-1-rstoyanov1@gmail.com>
X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16
	(mx1.redhat.com [10.5.110.45]);
	Sun, 10 Jun 2018 11:14:38 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.45]);
	Sun, 10 Jun 2018 11:14:38 +0000 (UTC) for IP:'209.85.128.181'
	DOMAIN:'mail-wr0-f181.google.com'
	HELO:'mail-wr0-f181.google.com' FROM:'rstoyanov1@gmail.com' RCPT:''
X-RedHat-Spam-Score: 1.551 * (DKIM_ADSP_CUSTOM_MED, DKIM_SIGNED,
	FREEMAIL_ENVFROM_END_DIGIT, FREEMAIL_FROM, NML_ADSP_CUSTOM_MED,
	RCVD_IN_DNSWL_NONE, SPF_PASS,
	T_DKIM_INVALID) 209.85.128.181 mail-wr0-f181.google.com 209.85.128.181
	mail-wr0-f181.google.com <rstoyanov1@gmail.com>
X-Scanned-By: MIMEDefang 2.84 on 10.5.110.45
X-Scanned-By: MIMEDefang 2.84 on 10.5.11.26
X-loop: libvir-list@redhat.com
Cc: Radostin Stoyanov <rstoyanov1@gmail.com>
Subject: [libvirt] [RFC v2 3/4] lxc: Mount NBD devices before clone
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.12
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.25]);
 Sun, 10 Jun 2018 11:15:17 +0000 (UTC)
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

When user-namespace is enabled we are not allowed
to mount block/NBD devices.

Instead, mount /dev/nbdX to /run/libvirt/lxc/<domain>.root
and set:

	fs->src->path =3D /run/libvirt/lxc/<domain>.root
	fs->type =3D VIR_DOMAIN_FS_TYPE_MOUNT
---
 src/lxc/lxc_controller.c | 62 ++++++++++++++++++++++++++++------------
 1 file changed, 43 insertions(+), 19 deletions(-)

diff --git a/src/lxc/lxc_controller.c b/src/lxc/lxc_controller.c
index c9f416aaab..78b52b7079 100644
--- a/src/lxc/lxc_controller.c
+++ b/src/lxc/lxc_controller.c
@@ -530,33 +530,63 @@ static int virLXCControllerAppendNBDPids(virLXCContro=
llerPtr ctrl,
 }
=20
=20
-static int virLXCControllerSetupNBDDeviceFS(virDomainFSDefPtr fs)
+static int virLXCControllerSetupNBDDeviceFS(virLXCControllerPtr ctrl,
+                                            virDomainFSDefPtr fs)
 {
-    char *dev;
+    char *dev =3D NULL;
+    char *dst =3D NULL;
+    char *tmp =3D NULL;
+    char *sec_mount_options;
+    int ret =3D -1;
+
+    virDomainDefPtr def =3D ctrl->def;
+    virSecurityManagerPtr securityDriver =3D ctrl->securityManager;
=20
     if (fs->format <=3D VIR_STORAGE_FILE_NONE) {
         virReportError(VIR_ERR_CONFIG_UNSUPPORTED, "%s",
                        _("An explicit disk format must be specified"));
-        return -1;
+        goto cleanup;
     }
=20
+    if (virAsprintf(&dst, "%s/%s.root/",
+                    LXC_STATE_DIR, def->name) < 0)
+        goto cleanup;
+
+    if (!(sec_mount_options =3D virSecurityManagerGetMountOptions(security=
Driver, def)))
+        goto cleanup;
+
     if (virFileNBDDeviceAssociate(fs->src->path,
                                   fs->format,
                                   fs->readonly,
                                   &dev) < 0)
-        return -1;
+        goto cleanup;
=20
-    VIR_DEBUG("Changing fs %s to use type=3Dblock for dev %s",
-              fs->src->path, dev);
-    /*
-     * We now change it into a block device type, so that
-     * the rest of container setup 'just works'
-     */
-    fs->type =3D VIR_DOMAIN_FS_TYPE_BLOCK;
     VIR_FREE(fs->src->path);
     fs->src->path =3D dev;
=20
-    return 0;
+    tmp =3D fs->dst;
+    fs->dst =3D dst;
+
+    if (lxcContainerMountFSBlock(fs, "", sec_mount_options) < 0) {
+        fs->dst =3D tmp;
+        goto cleanup;
+    }
+
+    fs->dst =3D tmp;
+    fs->type =3D VIR_DOMAIN_FS_TYPE_MOUNT;
+
+    if (virLXCControllerAppendNBDPids(ctrl, fs->src->path) < 0)
+        return -1;
+
+    VIR_STEAL_PTR(fs->src->path, dst);
+
+    ret =3D 0;
+
+ cleanup:
+    VIR_FREE(dev);
+    VIR_FREE(dst);
+    VIR_FREE(sec_mount_options);
+    return ret;
 }
=20
=20
@@ -637,13 +667,7 @@ static int virLXCControllerSetupLoopDevices(virLXCCont=
rollerPtr ctrl)
             }
             ctrl->loopDevFds[ctrl->nloopDevs - 1] =3D fd;
         } else if (fs->fsdriver =3D=3D VIR_DOMAIN_FS_DRIVER_TYPE_NBD) {
-            if (virLXCControllerSetupNBDDeviceFS(fs) < 0)
-                goto cleanup;
-
-            /* The NBD device will be cleaned up while the cgroup will end.
-             * For this we need to remember the qemu-nbd pid and add it to
-             * the cgroup*/
-            if (virLXCControllerAppendNBDPids(ctrl, fs->src->path) < 0)
+            if (virLXCControllerSetupNBDDeviceFS(ctrl, fs) < 0)
                 goto cleanup;
         } else {
             virReportError(VIR_ERR_CONFIG_UNSUPPORTED,
--=20
2.17.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list